Create a Linux AMI for NitroTPM support

You configure your Linux AMI for NitroTPM support when you register the AMI. You can’t configure NitroTPM support later.

For the list of Windows AMIs that are preconfigured for NitroTPM support, see Prerequisites for enabling at launch.

To register a Linux AMI for NitroTPM support

Launch a temporary instance with your required Linux AMI.
After the instance reaches the running state, create a snapshot of the instance's root volume.

Register the new AMI. Use the register-image command. For --tpm-support, specify v2.0. For --boot-mode, specify uefi. And specify a block device mapping for the root volume using the snapshot you created in the previous step.


aws ec2 register-image \
    --name my-image \
    --boot-mode uefi \
    --architecture x86_64 \
    --root-device-name /dev/xvda \
    --block-device-mappings DeviceName=/dev/xvda,Ebs={SnapshotId=snapshot_id} \
    --tpm-support v2.0

Expected output


{
"ImageId": "ami-0123456789example"
}

Terminate the temporary instance you launched in step 1, if it is no longer needed.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Prerequisites

Verify whether an AMI is enabled for NitroTPM