Enable or stop using NitroTPM on an instance
When you launch an instance from an AMI that has NitroTPM support enabled, the instance launches with NitroTPM enabled. You can configure the instance to stop using NitroTPM. You can verify whether an instance is enabled for NitroTPM.
Topics
Launch an instance with NitroTPM enabled
When you launch an instance with the prerequisites, NitroTPM is automatically enabled on the instance. You can only enable NitroTPM on an instance at launch. For information about launching an instance, see Launch your instance.
Stop using NitroTPM on an instance
After launching an instance with NitroTPM enabled, you can’t disable NitroTPM for the instance. However, you can configure the operating system to stop using NitroTPM by disabling the TPM 2.0 device driver on the instance by using the following tools:
-
For Windows, use the TPM management console, tpm.msc.
For more information about disabling the device driver, see the documentation for your operating system.
Verify whether NitroTPM is accessible inside the instance
To verify whether an instance is enabled for NitroTPM support using the AWS CLI
Use the describe-instances AWS CLI
command and specify the instance ID. Currently, the Amazon EC2 console does not display the
TpmSupport field.
aws ec2 describe-instances --instance-idsi-0123456789example
If NitroTPM support is enabled on the instance, "TpmSupport": "v2.0" appears
in the output.
"Instances": {
"InstanceId":"0123456789example",
"InstanceType":"c5.large",
...
"BootMode": "uefi",
"TpmSupport": "v2.0"
...
}To verify whether NitroTPM is accessible inside an Amazon EC2 Windows instance
-
On the instance, run the tpm.msc program.
The TPM Management on Local Computer window opens.
-
Check the TPM Manufacturer Information field. It contains the manufacturer's name and the version of the NitroTPM on the instance.
