Prerequisites for launching Windows instances
To launch a Windows instance with NitroTPM enabled, the following prerequisites must be in place. For the prerequisites for launching a Linux instance, see Prerequisites for launching Linux instances in the Amazon EC2 User Guide for Linux Instances.
- AMI
-
Requires an AMI with NitroTPM enabled.
The following Windows AMIs are preconfigured to enable NitroTPM and UEFI Secure Boot with Microsoft keys:
-
TPM-Windows_Server-2022-English-Core-Base
-
TPM-Windows_Server-2022-English-Full-Base
-
TPM-Windows_Server-2022-English-Full-SQL_2022_Enterprise
-
TPM-Windows_Server-2022-English-Full-SQL_2022_Standard
-
TPM-Windows_Server-2019-English-Core-Base
-
TPM-Windows_Server-2019-English-Full-Base
-
TPM-Windows_Server-2019-English-Full-SQL_2019_Enterprise
-
TPM-Windows_Server-2019-English-Full-SQL_2019_Standard
-
TPM-Windows_Server-2016-English-Core-Base
-
TPM-Windows_Server-2016-English-Full-Base
Currently, we do not support importing Windows with NitroTPM by using the import-image command.
-
- Operating system
-
The AMI must include an operating system with a TPM 2.0 Command Response Buffer (CRB) driver. Most current operating systems, such as TPM-Windows_Server-2022-English-Full-Base, contain a TPM 2.0 CRB driver.
- Instance type
-
Supported virtualized instance types:
C5,C5a,C5ad,C5d,C5n,C6i,D3,D3en,G4dn,G5,Hpc6a,I3en,I4i,Inf1,M5,M5a,M5ad,M5d,M5dn,M5n,M5zn,M6a,M6i,R5,R5a,R5ad,R5b,R5d,R5dn,R5n,R6i,T3,T3a,U-3tb1,U-6tb1,U-9tb1,U-12tb1,X2idn,X2iedn,X2iezn, andz1d.Support is coming soon on:
C6a,G4ad, andP3dnNot supported: Graviton (all generations), Xen, Mac, and bare metal instances
- UEFI boot mode
-
NitroTPM requires that an instance runs in UEFI boot mode, which requires that the AMI must be configured for UEFI boot mode. For more information, see UEFI Secure Boot.
