Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

Requirements for using NitroTPM with Amazon EC2 instances

PDF
RSS
Focus mode
Requirements for using NitroTPM with Amazon EC2 instances - Amazon Elastic Compute Cloud
AMIsInstance typesConsiderations

To launch an instance with NitroTPM enabled, you must meet the following requirements.

AMIs

The AMI must have NitroTPM enabled.

Linux AMIs

There are no preconfigured AMIs. You must configure your own AMI. For more information, see Enable a Linux AMI for NitroTPM.

Windows AMIs

The following Windows AMIs are preconfigured to enable NitroTPM and UEFI Secure Boot with Microsoft keys:

  • TPM-Windows_Server-2025-English-Core-Base

  • TPM-Windows_Server-2025-English-Full-Base

  • TPM-Windows_Server-2022-English-Core-Base

  • TPM-Windows_Server-2022-English-Full-Base

  • TPM-Windows_Server-2022-English-Full-SQL_2022_Enterprise

  • TPM-Windows_Server-2022-English-Full-SQL_2022_Standard

  • TPM-Windows_Server-2019-English-Core-Base

  • TPM-Windows_Server-2019-English-Full-Base

  • TPM-Windows_Server-2019-English-Full-SQL_2019_Enterprise

  • TPM-Windows_Server-2019-English-Full-SQL_2019_Standard

  • TPM-Windows_Server-2016-English-Core-Base

  • TPM-Windows_Server-2016-English-Full-Base

Note

Operating system — The AMI must include an operating system with a TPM 2.0 Command Response Buffer (CRB) driver. Most current operating systems include a TPM 2.0 CRB driver.

UEFI boot mode — The AMI must be configured for UEFI boot mode. For more information, see UEFI Secure Boot for Amazon EC2 instances.

Instance types

You must use one of the following virtualized instance types:

  • General purpose: M5, M5a, M5ad, M5d, M5dn, M5n, M5zn, M6a, M6g, M6gd, M6i, M6id, M6idn, M6in, M7a, M7g, M7gd, M7i, M7i-flex, M8g, T3, T3a, T4g

  • Compute optimized: C5, C5a, C5ad, C5d, C5n, C6a, C6g, C6gd, C6gn, C6i, C6id, C6in, C7a, C7g, C7gd, C7gn, C7i, C7i-flex, C8g

  • Memory optimized: R5, R5a, R5ad, R5b, R5d, R5dn, R5n, R6a, R6g, R6gd, R6i, R6idn, R6in, R6id, R7a, R7g, R7gd, R7i, R7iz, R8g, X2idn, X2iedn, X2iezn, X8g, z1d

  • Storage optimized: D3, D3en, I3en, I4i, I7ie, I8g

  • Accelerated computing: F2, G4dn, G5, G6, G6e, Gr6, Inf1, Inf2, P5e, P5en

  • High-performance computing: Hpc6a, Hpc6id

Considerations

The following considerations apply when using NitroTPM:

  • After you launch an instance using an AMI with NitroTPM enabled, if you want to change the instance type, the new instance type that you choose must also support NitroTPM.

  • BitLocker volumes that are encrypted with NitroTPM-based keys can only be used on the original instance.

  • The NitroTPM state is not displayed in the Amazon EC2 console.

  • The NitroTPM state is not included in Amazon EBS snapshots.

  • The NitroTPM state is not included in VM Import/Export images.

  • NitroTPM is not supported on AWS Outposts., Local Zones, or Wavelength Zones.

On this page

Related resources

Amazon EC2 Instance Types Guide
Amazon EBS User Guide
Amazon EC2 Developer Guide

Related resources

Amazon EC2 Instance Types Guide
Amazon EBS User Guide
Amazon EC2 Developer Guide
PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.