Amazon EC2 支援 NitroTPM 與 UEFI Secure Boot

也是在清 RSS reader 的時候翻到的公告,在兩個禮拜前 AWS 宣佈 Amazon EC2 支援 NitroTPMUEFI Secure Boot:「Amazon EC2 Now Supports NitroTPM and UEFI Secure Boot」。

NitroTPM 相容於 TPM 2.0 的界面,所以有支援 TPM 2.0 的軟體都可以利用 (像是 Windows 11):

Nitro Trusted Platform Module (NitroTPM) is a virtual device that is provided by the AWS Nitro System and conforms to the TPM 2.0 specification.

之前在研究 LUKS 的時候也有看到 TPM 相關的資料:

Linux Unified Key Setup (LUKS) or dm-verity on Linux are examples of OS-level applications that can leverage NitroTPM too.

然後支援的平台有些限制,只有 IntelAMD 的平台有支援,而且還要扣掉 Xen、Mac 以及 bare metal 的機種:

At the moment, we support all Intel and AMD instance types that supports UEFI boot mode. Graviton1, Graviton2, Xen-based, Mac, and bare-metal instances are not supported.

ARM 那邊有自己的一套,不太玩 TPM 大概可以理解,Xen 大概是不想支援 (停止開發新功能之類的原因),Mac 可能是 Apple 的硬體限制,最後的 bare metal 是因為沒辦法虛擬化?


There is no additional cost for using NitroTPM. It is available today in all AWS Regions, including the AWS GovCloud (US) Regions, except in China.