Create EC2 instance with NitroTPM Enabled
0
Hi, want to create an ec2 instance with nitroTPM 2.0 enabled.
I followed the instructions from this site: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enable-nitrotpm-support-on-ami.html
{
"Images": [
{
"Architecture": "x86_64",
"CreationDate": "2022-11-21T20:07:43.000Z",
"ImageId": "ami-05683f60db56ff1b5",
"ImageLocation": "293786889684/DebianImage",
"ImageType": "machine",
"Public": false,
"OwnerId": "293786889684",
"PlatformDetails": "Linux/UNIX",
"UsageOperation": "RunInstances",
"State": "available",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"DeleteOnTermination": true,
"SnapshotId": "snap-0c493ccaccd018881",
"VolumeSize": 8,
"VolumeType": "gp2",
"Encrypted": false
}
},
{
"DeviceName": "/dev/xvdf",
"Ebs": {
"DeleteOnTermination": true,
"VolumeSize": 10,
"VolumeType": "gp2",
"Encrypted": false
}
}
],
"EnaSupport": true,
"Hypervisor": "xen",
"Name": "DebianImage",
"RootDeviceName": "/dev/xvda",
"RootDeviceType": "ebs",
"SriovNetSupport": "simple",
"VirtualizationType": "hvm",
"BootMode": "uefi",
"TpmSupport": "v2.0"
}
]
}
So far it looks good, but if I try to launch an instance of this AMI, I cannot connect to the machine. If I create an instance from the management console without nitroTPM support I can connect to the machine via my Key. Also, I would like to get some measurements from the TPM, but I don't see any of the hashes in the response. I appreciate any help you can offer.
Heres my ec2 description
{
"Reservations": [
{
"Groups": [],
"Instances": [
{
"AmiLaunchIndex": 0,
"ImageId": "ami-05683f60db56ff1b5",
"InstanceId": "i-03435c99e5a3a83b5",
"InstanceType": "m6a.xlarge",
"KeyName": "OPTI_PLEX_KEY_PAIR",
"LaunchTime": "2022-11-21T20:53:29.000Z",
"Monitoring": {
"State": "disabled"
},
"Placement": {
"AvailabilityZone": "eu-central-1a",
"GroupName": "",
"Tenancy": "default"
},
"PrivateDnsName": "ip-172-31-16-168.eu-central-1.compute.internal",
"PrivateIpAddress": "172.31.16.168",
"ProductCodes": [],
"PublicDnsName": "ec2-18-159-62-7.eu-central-1.compute.amazonaws.com",
"PublicIpAddress": "18.159.62.7",
"State": {
"Code": 16,
"Name": "running"
},
"StateTransitionReason": "",
"SubnetId": "subnet-12bdf778",
"VpcId": "vpc-d90e6cb3",
"Architecture": "x86_64",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"AttachTime": "2022-11-21T20:53:30.000Z",
"DeleteOnTermination": true,
"Status": "attached",
"VolumeId": "vol-05814aff540510c1f"
}
},
{
"DeviceName": "/dev/xvdf",
"Ebs": {
"AttachTime": "2022-11-21T20:53:30.000Z",
"DeleteOnTermination": true,
"Status": "attached",
"VolumeId": "vol-03027ae670649544f"
}
}
],
"ClientToken": "45856522-8833-4e31-985f-f5209b014fa1",
"EbsOptimized": true,
"EnaSupport": true,
"Hypervisor": "xen",
"ElasticGpuAssociations": [],
"ElasticInferenceAcceleratorAssociations": [],
"NetworkInterfaces": [
{
"Association": {
"IpOwnerId": "amazon",
"PublicDnsName": "ec2-18-159-62-7.eu-central-1.compute.amazonaws.com",
"PublicIp": "18.159.62.7"
},
"Attachment": {
"AttachTime": "2022-11-21T20:53:29.000Z",
"AttachmentId": "eni-attach-01e82b7e623e8e9da",
"DeleteOnTermination": true,
"DeviceIndex": 0,
"Status": "attached",
"NetworkCardIndex": 0
},
"Description": "",
"Groups": [
{
"GroupName": "launch-wizard-10",
"GroupId": "sg-05676ad26b7f6ed13"
}
],
"Ipv6Addresses": [],
"MacAddress": "02:b8:28:63:4f:fc",
"NetworkInterfaceId": "eni-095492d80db0313b8",
"OwnerId": "293786889684",
"PrivateDnsName": "ip-172-31-16-168.eu-central-1.compute.internal",
"PrivateIpAddress": "172.31.16.168",
"PrivateIpAddresses": [
{
"Association": {
"IpOwnerId": "amazon",
"PublicDnsName": "ec2-18-159-62-7.eu-central-1.compute.amazonaws.com",
"PublicIp": "18.159.62.7"
},
"Primary": true,
"PrivateDnsName": "ip-172-31-16-168.eu-central-1.compute.internal",
"PrivateIpAddress": "172.31.16.168"
}
],
"SourceDestCheck": true,
"Status": "in-use",
"SubnetId": "subnet-12bdf778",
"VpcId": "vpc-d90e6cb3",
"InterfaceType": "interface",
"Ipv4Prefixes": [],
"Ipv6Prefixes": []
}
],
"RootDeviceName": "/dev/xvda",
"RootDeviceType": "ebs",
"SecurityGroups": [
{
"GroupName": "launch-wizard-10",
"GroupId": "sg-05676ad26b7f6ed13"
}
],
"SourceDestCheck": true,
"Tags": [
{
"Key": "Name",
"Value": "Ubuntu bla"
}
],
"VirtualizationType": "hvm",
"CpuOptions": {
"CoreCount": 2,
"ThreadsPerCore": 2
},
"CapacityReservationSpecification": {
"CapacityReservationPreference": "open"
},
"HibernationOptions": {
"Configured": false
},
"Licenses": [],
"MetadataOptions": {
"State": "applied",
"HttpTokens": "optional",
"HttpPutResponseHopLimit": 1,
"HttpEndpoint": "enabled",
"HttpProtocolIpv6": "disabled",
"InstanceMetadataTags": "enabled"
},
"EnclaveOptions": {
"Enabled": true
},
"BootMode": "uefi",
"PlatformDetails": "Linux/UNIX",
"UsageOperation": "RunInstances",
"UsageOperationUpdateTime": "2022-11-21T20:53:29.000Z",
"PrivateDnsNameOptions": {
"HostnameType": "ip-name",
"EnableResourceNameDnsARecord": true,
"EnableResourceNameDnsAAAARecord": false
},
"TpmSupport": "v2.0",
"MaintenanceOptions": {
"AutoRecovery": "default"
}
}
],
"OwnerId": "293786889684",
"ReservationId": "r-0089af1cf650fc657"
}
]
}
Etiquetas
Idioma
English
preguntada hace un año449 visualizacioneslg...
1 Respuesta
- Más nuevo
- Más votos
- Más comentarios
¿Son útiles estas respuestas? Vote a favor de la respuesta correcta para ayudar a la comunidad a beneficiarse de sus conocimientos.
0
Hi! I've done some testing of my own to investigate the problem. It seems like there may be an issue with the register-image API in the CLI and the NitroTPM. In efforts to replicate, as well as tinker around, the instances created this way fail to pass EC2 Status Checks. When requesting screenshot of the instance (Actions -> Monitor and Troubleshooting -> Get instance screenshot), it is very evident that it did not boot properly. I have forwarded my investigation and this post to the Nitro team.
respondido hace un añolg...
Contenido relevante
OFICIAL DE AWSActualizada hace 3 años- OFICIAL DE AWSActualizada hace un año
- OFICIAL DE AWSActualizada hace 2 años