- Newest
- Most votes
- Most comments
Thank you very much for your reply. I ran "describe-instances" on my instance and the result showed that both "TpmSupport" and "uefi" boot mode were enabled. Thanks for the info about EK cert/EK pub access are currently not supported. I wonder if there is a list of currently supported tpm2 commands. I would like to see what other tpm2 commands used in our codebase are not supported. Thanks.
Hello, thank you for your post.
I understand that you are trying to retrieve EK key using tpm2_getekcertificate or tpm2_nvreadpublic and with both commands you are receiving errors.
To verify whether TPM is enabled, you will need to verify that the “BootMode” and “TpmSupport” parameters are present when using the following commands[1]:
$ aws ec2 describe-instances --instance-ids {instance_id}
$ aws ec2 describe-images --image-ids {ami_id}
You should find the parameters with the following values:
BootMode": "uefi",
"TpmSupport": "v2.0",
To provision an instance with TPM support, you would need to make sure all of the prerequisites[2] are met.
As for EK cert / EK pub access, unfortunately this is not supported at this time. With that said, I can confirm that this feature is in development but there is no ETA at this time. I suggest you keep an eye on the AWS news blog[3] for any future announcements regarding this feature.
References:
[1] https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/verify-nitrotpm-support-on-ami.html
[2] https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enable-nitrotpm-prerequisites.html
[3] https://aws.amazon.com/blogs/aws/
Relevant content
- asked a year ago
- asked 2 years ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a month ago