Hsinchu, Taiwan – Nuvoton Technology Corporation, a global leader in Baseboard Management Controller (BMC) solutions, today announced that its latest BMC chip revision, NPCM8mnx, has been officially certified under the Open Compute Project (OCP) Security Appliance Framework Enablement (S.A.F.E.) program. This milestone underscores Nuvoton’s commitment to advancing security, transparency, and collaboration within the server and data center industry.
OCP S.A.F.E. certification affirms that Nuvoton’s NPCM8mnx BMC chip meets the highest standards of hardware and firmware security, openness, and supply chain trust. The certification process includes rigorous evaluation against OCP’s secure boot, firmware integrity, and secure recovery requirements, ensuring readiness for hyperscale deployment.
As part of the certification process, Nuvoton completed a comprehensive security audit conducted by NCC Group, an OCP-approved third-party security review provider. The audit validates the robustness of Nuvoton’s security design and implementation. The resulting Short Form Report (SFR) has been published by NCC Group and is publicly available on the OCP S.A.F.E. GitHub repository: link
The NPCM8mnx chip integrates a dedicated security enclave called the Trusted Integrated Processor (TIP). The TIP firmware implements Platform Root of Trust (pRoT) functionality and provides a secure foundation for both the BMC and the platform. TIP is provisioned during chip manufacturing by Nuvoton to embed the customer’s Secure Boot keys and a Unique Device Secret (UDS), used by the DICE (Device Identifier Composition Engine) software stack. This built-in trust anchor is key to enabling robust and scalable platform security in modern data center environments.
The OCP S.A.F.E. certification applies to the NPCM8mnx A3 revision of the TIP ROM code and Cryptography Library. This version introduces Post-Quantum Cryptography (PQC) support, including LMS (Leighton-Micali Signatures) verification for Secure Boot. The A3 ROM supports a hybrid signature scheme, combining LMS with the legacy ECDSA-384 to enhance resilience against both classical and quantum attacks during firmware authentication.
In addition to the OCP S.A.F.E. certification, the previous NPCM8mnx A2 chip revision has already achieved FIPS 140-3 certification, including:
- CMVP certificate: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4954
- CAVP listing: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=16677
- Entropy Source Validation (ESV): https://csrc.nist.gov/projects/cryptographic-module-validation-program/entropy-validations/certificate/94
Nuvoton is actively working toward FIPS 140-3 certification for the A3 revision as well, continuing its commitment to meeting stringent global security standards.
As a leading provider of BMC solutions, Nuvoton has consistently supported the OCP community through the development of open and secure management platforms. The NPCM8mnx revision delivers enhanced performance, robust security, and a rich set of features with a flexible design that supports a wide range of interfaces. It runs the OpenBMC code stack, enabling seamless integration with open-source management frameworks used across hyperscale and enterprise platforms.
“We’re honored to receive OCP S.A.F.E. certification for our NPCM8mnx BMC chip,” said Uri Trichter, VP of Server Products at Nuvoton. “This validates our long-term commitment to empowering open infrastructure with trustworthy, secure, and high-performance silicon. As the ecosystem advances toward zero-trust architecture, Nuvoton is proud to contribute resilient solutions for hyperscale and enterprise deployments.”
The certified NPCM8mnx chip is already being adopted by leading platform integrators and is available for customer sampling and evaluation.
For more information about Nuvoton’s BMC product portfolio and OCP engagement, visit: https://www.nuvoton.com/products/cloud-computing/ibmc/
