docs: update azure firmware with openhcl (#3473)

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

docs/versioned_docs/version-2.19/overview/clouds.md

@@ -19,7 +19,7 @@ The following table summarizes the state of features for different infrastructur
 | **1. Custom images**              | Yes     | Yes       | Yes     | Yes          | Yes                  |
 | **2. SEV-SNP or TDX**             | Yes     | Yes       | Yes     | No           | Depends on kernel/HV |
 | **3. Raw guest attestation**      | Yes     | Yes       | Yes     | No           | Depends on kernel/HV |
-| **4. Reviewable firmware**        | Yes     | No        | No      | No           | Depends on kernel/HV |
+| **4. Reviewable firmware**        | Yes     | No*       | No      | No           | Depends on kernel/HV |
 | **5. Confidential measured boot** | No      | Yes       | No      | No           | Depends on kernel/HV |
 
 ## Amazon Web Services (AWS)
@@ -40,6 +40,8 @@ This firmware is signed by Azure.
 The signature is reflected in the attestation statements of CVMs.
 Thus, the Azure closed-source firmware becomes part of Constellation's trusted computing base (TCB).
 
+\* Recently, [Azure announced the open source paravisor OpenHCL](https://techcommunity.microsoft.com/blog/windowsosplatform/openhcl-the-new-open-source-paravisor/4273172). It's the foundation for fully open source and verifiable CVM firmware. Once Azure provides their CVM firmware with reproducible builds based on OpenHCL, (4) switches from *No* to *Yes*. Constellation will support OpenHCL based firmware on Azure in the future.
+
 ## Google Cloud Platform (GCP)
 
 The [CVMs Generally Available in GCP](https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview#technologies) are based on AMD SEV-ES or SEV-SNP.