OCP SAFE Testing

Get expert support to meet OCP SAFE requirements and secure your hardware, firmware, and embedded systems across the supply chain.

The Open Compute Project’s Security Appraisal Framework and Enablement (SAFE) standard provides a common framework for evaluating the security of hardware and firmware.

For device vendors, achieving OCP SAFE compliance builds credibility with technology partners and platform providers, reduces the need for redundant audits, and demonstrates a strong commitment to supply chain security.

Certified OCP SAFE Security Assessments

Anvil Secure is an approved OCP Security Review Provider (SRP), trusted to perform in-depth OCP SAFE testing for hardware manufacturers and device vendors.

We work closely with our clients throughout the assessment process, from initial scoping through remediation and documentation, to help achieve or maintain SAFE designation. Our engineers assess your device or component across key OCP SAFE testing criteria, including:

  • Boot Process and Firmware Update Security
  • End-of-Life, De-Provisioning, and Storage (Volatile/Non-Volatile)
  • Cryptographic Security and Certificate Handling (including Root of Trust)
  • Debugging, Auditability, and Logging
  • Secure Management, Identity, and Access Control
  • Supply Chain and Trusted Execution Environment (TEE) Dependencies
  • Secure Development Lifecycle (SDL)
  • Threat Models and Implementation Details
  • Compliance Evidence and Supporting Artifacts
Our OCP SAFE Testing Process

We guide you through the full SAFE review process, tailoring each phase to your device and organization. Our approach is collaborative and efficient, covering:

  1. Scoping & Planning: Defining the project scope and relevant SAFE categories.

  2. Testing & Evaluation: Performing in-depth technical testing and reviewing documentation.

  3. Reporting & Remediation: Providing our findings and assisting with remediation strategies.

  4. Final Documentation: Preparing deliverables for submission to the SAFE repository.

  5. Ongoing Support: Optional follow-up testing and support for maintaining compliance.

The Anvil Difference

Quality

We deliver exceptional work, executed by highly skilled engineers and guided by a commitment to continuous improvement.

People

We are an employee-owned and led firm, driven by a people-first approach in everything we do.​

Contribution

We're active members of the information security community, advancing research, responsible disclosure, and inclusivity.

Start securing now.

Partner with Anvil to meet OCP SAFE requirements and secure your product against real-world threats.

Contact Us