Create EC2 instance with NitroTPM Enabled
0
Hi, want to create an ec2 instance with nitroTPM 2.0 enabled.
I followed the instructions from this site: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enable-nitrotpm-support-on-ami.html
{
"Images": [
{
"Architecture": "x86_64",
"CreationDate": "2022-11-21T20:07:43.000Z",
"ImageId": "ami-05683f60db56ff1b5",
"ImageLocation": "293786889684/DebianImage",
"ImageType": "machine",
"Public": false,
"OwnerId": "293786889684",
"PlatformDetails": "Linux/UNIX",
"UsageOperation": "RunInstances",
"State": "available",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"DeleteOnTermination": true,
"SnapshotId": "snap-0c493ccaccd018881",
"VolumeSize": 8,
"VolumeType": "gp2",
"Encrypted": false
}
},
{
"DeviceName": "/dev/xvdf",
"Ebs": {
"DeleteOnTermination": true,
"VolumeSize": 10,
"VolumeType": "gp2",
"Encrypted": false
}
}
],
"EnaSupport": true,
"Hypervisor": "xen",
"Name": "DebianImage",
"RootDeviceName": "/dev/xvda",
"RootDeviceType": "ebs",
"SriovNetSupport": "simple",
"VirtualizationType": "hvm",
"BootMode": "uefi",
"TpmSupport": "v2.0"
}
]
}
So far it looks good, but if I try to launch an instance of this AMI, I cannot connect to the machine. If I create an instance from the management console without nitroTPM support I can connect to the machine via my Key. Also, I would like to get some measurements from the TPM, but I don't see any of the hashes in the response. I appreciate any help you can offer.
Heres my ec2 description
{
"Reservations": [
{
"Groups": [],
"Instances": [
{
"AmiLaunchIndex": 0,
"ImageId": "ami-05683f60db56ff1b5",
"InstanceId": "i-03435c99e5a3a83b5",
"InstanceType": "m6a.xlarge",
"KeyName": "OPTI_PLEX_KEY_PAIR",
"LaunchTime": "2022-11-21T20:53:29.000Z",
"Monitoring": {
"State": "disabled"
},
"Placement": {
"AvailabilityZone": "eu-central-1a",
"GroupName": "",
"Tenancy": "default"
},
"PrivateDnsName": "ip-172-31-16-168.eu-central-1.compute.internal",
"PrivateIpAddress": "172.31.16.168",
"ProductCodes": [],
"PublicDnsName": "ec2-18-159-62-7.eu-central-1.compute.amazonaws.com",
"PublicIpAddress": "18.159.62.7",
"State": {
"Code": 16,
"Name": "running"
},
"StateTransitionReason": "",
"SubnetId": "subnet-12bdf778",
"VpcId": "vpc-d90e6cb3",
"Architecture": "x86_64",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"AttachTime": "2022-11-21T20:53:30.000Z",
"DeleteOnTermination": true,
"Status": "attached",
"VolumeId": "vol-05814aff540510c1f"
}
},
{
"DeviceName": "/dev/xvdf",
"Ebs": {
"AttachTime": "2022-11-21T20:53:30.000Z",
"DeleteOnTermination": true,
"Status": "attached",
"VolumeId": "vol-03027ae670649544f"
}
}
],
"ClientToken": "45856522-8833-4e31-985f-f5209b014fa1",
"EbsOptimized": true,
"EnaSupport": true,
"Hypervisor": "xen",
"ElasticGpuAssociations": [],
"ElasticInferenceAcceleratorAssociations": [],
"NetworkInterfaces": [
{
"Association": {
"IpOwnerId": "amazon",
"PublicDnsName": "ec2-18-159-62-7.eu-central-1.compute.amazonaws.com",
"PublicIp": "18.159.62.7"
},
"Attachment": {
"AttachTime": "2022-11-21T20:53:29.000Z",
"AttachmentId": "eni-attach-01e82b7e623e8e9da",
"DeleteOnTermination": true,
"DeviceIndex": 0,
"Status": "attached",
"NetworkCardIndex": 0
},
"Description": "",
"Groups": [
{
"GroupName": "launch-wizard-10",
"GroupId": "sg-05676ad26b7f6ed13"
}
],
"Ipv6Addresses": [],
"MacAddress": "02:b8:28:63:4f:fc",
"NetworkInterfaceId": "eni-095492d80db0313b8",
"OwnerId": "293786889684",
"PrivateDnsName": "ip-172-31-16-168.eu-central-1.compute.internal",
"PrivateIpAddress": "172.31.16.168",
"PrivateIpAddresses": [
{
"Association": {
"IpOwnerId": "amazon",
"PublicDnsName": "ec2-18-159-62-7.eu-central-1.compute.amazonaws.com",
"PublicIp": "18.159.62.7"
},
"Primary": true,
"PrivateDnsName": "ip-172-31-16-168.eu-central-1.compute.internal",
"PrivateIpAddress": "172.31.16.168"
}
],
"SourceDestCheck": true,
"Status": "in-use",
"SubnetId": "subnet-12bdf778",
"VpcId": "vpc-d90e6cb3",
"InterfaceType": "interface",
"Ipv4Prefixes": [],
"Ipv6Prefixes": []
}
],
"RootDeviceName": "/dev/xvda",
"RootDeviceType": "ebs",
"SecurityGroups": [
{
"GroupName": "launch-wizard-10",
"GroupId": "sg-05676ad26b7f6ed13"
}
],
"SourceDestCheck": true,
"Tags": [
{
"Key": "Name",
"Value": "Ubuntu bla"
}
],
"VirtualizationType": "hvm",
"CpuOptions": {
"CoreCount": 2,
"ThreadsPerCore": 2
},
"CapacityReservationSpecification": {
"CapacityReservationPreference": "open"
},
"HibernationOptions": {
"Configured": false
},
"Licenses": [],
"MetadataOptions": {
"State": "applied",
"HttpTokens": "optional",
"HttpPutResponseHopLimit": 1,
"HttpEndpoint": "enabled",
"HttpProtocolIpv6": "disabled",
"InstanceMetadataTags": "enabled"
},
"EnclaveOptions": {
"Enabled": true
},
"BootMode": "uefi",
"PlatformDetails": "Linux/UNIX",
"UsageOperation": "RunInstances",
"UsageOperationUpdateTime": "2022-11-21T20:53:29.000Z",
"PrivateDnsNameOptions": {
"HostnameType": "ip-name",
"EnableResourceNameDnsARecord": true,
"EnableResourceNameDnsAAAARecord": false
},
"TpmSupport": "v2.0",
"MaintenanceOptions": {
"AutoRecovery": "default"
}
}
],
"OwnerId": "293786889684",
"ReservationId": "r-0089af1cf650fc657"
}
]
}
1回答
- 新しい順
- 投票が多い順
- コメントが多い順
これらの回答は役に立ちましたか?コミュニティがあなたの知識を活用できるように、正解に賛成票を投じてください。
0
Hi! I've done some testing of my own to investigate the problem. It seems like there may be an issue with the register-image API in the CLI and the NitroTPM. In efforts to replicate, as well as tinker around, the instances created this way fail to pass EC2 Status Checks. When requesting screenshot of the instance (Actions -> Monitor and Troubleshooting -> Get instance screenshot), it is very evident that it did not boot properly. I have forwarded my investigation and this post to the Nitro team.
回答済み 1年前lg...
関連するコンテンツ
- 質問済み 1ヶ月前lg...
- 質問済み 1年前lg...
- 質問済み 3年前lg...
- 承認された回答質問済み 10ヶ月前lg...
