Merge pull request #312129 from karengu0/feb26docs

Feb26docs

Author: v-shils

articles/firmware-analysis/firmware-analysis-faq.md

@@ -1,11 +1,11 @@
 ---
 title: Frequently asked questions about firmware analysis
-description: Find answers to some of the common questions about firmware analysis. This article includes the file systems that are supported by firmware analysis, and links to the Azure CLI and Azure PowerShell commands.
+description: Find answers to some of the common questions about firmware analysis.
 author: karengu0
 ms.author: karenguo
 ms.topic: faq
 ms.custom: devx-track-azurecli, devx-track-azurepowershell
-ms.date: 09/12/2025
+ms.date: 03/05/2026
 ms.service: azure
 ms.subservice: azure-firmware-analysis
 ---
@@ -15,6 +15,7 @@ This article addresses frequent questions about firmware analysis.
 
 [Firmware analysis](./overview-firmware-analysis.md) is a tool that analyzes firmware images and provides an understanding of security vulnerabilities in the firmware images.
 
+
 ## What types of firmware images does firmware analysis support?
 Firmware analysis supports unencrypted images that contain file systems with embedded Linux operating systems. Firmware analysis supports the following file system formats:
 
@@ -48,6 +49,7 @@ Firmware analysis supports unencrypted images that contain file systems with emb
 * ZStandard compressed data
 * Zip archive
 
+
 ## What SBOM components does firmware analysis detect?
 
 **Component** | **Component** | **Component** | **Component**
@@ -86,3 +88,30 @@ gpg			|   mosquitto	|   readline
 You can find the documentation for our Azure CLI commands [here](/cli/azure/firmwareanalysis/firmware) and the documentation for our Azure PowerShell commands [here](/powershell/module/az.firmwareanalysis/?#firmwareanalysis).
 
 You can also find the Quickstart for our Azure CLI [here](./quickstart-upload-firmware-using-azure-command-line-interface.md) and the Quickstart for our Azure PowerShell [here](./quickstart-upload-firmware-using-powershell.md). To run a Python script using the SDK to upload and analyze firmware images, visit [Quickstart: Upload firmware using Python](./quickstart-upload-firmware-using-python.md).
+
+
+## Is UEFI (Unified Extensible Firmware Interface) firmware analysis supported?
+Yes. UEFI firmware analysis is supported with a mix of **Generally Available (GA)** and **Preview** capabilities.
+
+### What is generally available for UEFI firmware analysis?
+
+Firmware analysis provides **GA support** for detecting and analyzing cryptographic material embedded in UEFI firmware, including:
+- Cryptographic certificates
+- Cryptographic keys
+
+These capabilities are considered stable and fully supported for UEFI firmware.
+
+### What UEFI analysis capabilities are in preview?
+
+The following UEFI analysis capabilities are currently provided in **Preview** and might have limited coverage:
+- SBOM and weakness signals (limited OpenSSL detection and CVE association)
+- Binary hardening attributes (detection of NX / DEP are supported)
+- Extractor path enhancements
+
+Preview results should be interpreted as **security signals**, not guarantees of vulnerability or protection.
+
+For detailed explanations of UEFI firmware analysis capabilities, limitations, and how to interpret results, see [Understanding UEFI firmware analysis capabilities and limitations](unified-extensible-firmware-interface-firmware-analysis.md).
+
+
+
+

articles/firmware-analysis/index.yml

@@ -54,4 +54,7 @@ landingContent:
             url: firmware-analysis-rbac.md#understanding-the-representation-of-firmware-images-in-the-azure-resource-hierarchy
           - text: Understand and interpret the extractor path results
             url: interpreting-extractor-paths.md
-
+          - text: Understand and interpret weaknesses data
+            url: understand-weaknesses-data.md
+          - text: UEFI firmware analysis capabilities
+            url: unified-extensible-firmware-interface-firmware-analysis.md

articles/firmware-analysis/interpreting-extractor-paths.md

@@ -3,8 +3,8 @@ title: Interpreting extractor paths from SBOM view in firmware analysis
 description: Learn how to interpret extractor paths from the SBOM view in firmware analysis results.
 author: karengu0
 ms.author: karenguo
-ms.topic: concept-article
-ms.date: 09/12/2025
+ms.topic: conceptual
+ms.date: 03/05/2026
 ms.service: azure
 ms.subservice: azure-firmware-analysis
 ---
@@ -82,3 +82,38 @@ When you hover over the number, you’ll see a pop-up that looks like this:
 :::image type="content" source="media/extractor-paths/pop-up-multiple-paths.png" alt-text="Screenshot of an SBOM's multiple paths." lightbox="media/extractor-paths/pop-up-multiple-paths.png":::
 
 This means that the SBOM can be found at these two executable paths.
+
+## How UEFI analysis capabilities affect extractor paths
+
+UEFI (Unified Extensible Firmware Interface) firmware differs from other firmware types in structure and content. A single UEFI firmware image can contain:
+
+- UEFI-specific modules
+- Other executable formats embedded within the firmware (for example, Linux ELF binaries)
+
+As a result, firmware analysis results—and the extractor paths shown in the SBOM view—may include a mix of executable types within the same analysis.
+
+For UEFI firmware, extractor path enhancements are currently provided as a **Preview** capability. When available, extractor paths may include:
+
+- The UEFI module name
+- GUID-based identifiers used internally by UEFI firmware
+
+These enhancements are intended to improve clarity when correlating SBOM entries with UEFI modules. However, they may not appear for all firmware images or all modules.
+
+> [!NOTE]
+> Because UEFI extractor path enhancements are in Preview, coverage may be incomplete. Missing module names or paths should be interpreted as **unknown**, not as evidence that a component is absent.
+
+
+### Relationship between UEFI analysis coverage and extractor paths
+
+UEFI analysis capabilities vary by feature maturity:
+
+- Detection of cryptographic certificates and keys embedded in UEFI firmware is **Generally Available (GA)**
+- SBOM extraction, weakness detection, binary hardening attributes, and extractor path enhancements for UEFI firmware are currently in **Preview**
+
+Because SBOM and weakness data for UEFI firmware are derived from detected components:
+
+- CVEs may appear only for components whose versions can be confidently identified
+- Some SBOM rows may have missing or partial data
+- Some extractor paths may apply only to non-UEFI executables embedded within the firmware
+
+Missing or empty values in UEFI-related rows should be interpreted as **unknown**, not as confirmation that a security feature is absent or a vulnerability does not exist.