Create EC2 instance with NitroTPM Enabled
0
Hi, want to create an ec2 instance with nitroTPM 2.0 enabled.
I followed the instructions from this site: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enable-nitrotpm-support-on-ami.html
{
"Images": [
{
"Architecture": "x86_64",
"CreationDate": "2022-11-21T20:07:43.000Z",
"ImageId": "ami-05683f60db56ff1b5",
"ImageLocation": "293786889684/DebianImage",
"ImageType": "machine",
"Public": false,
"OwnerId": "293786889684",
"PlatformDetails": "Linux/UNIX",
"UsageOperation": "RunInstances",
"State": "available",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"DeleteOnTermination": true,
"SnapshotId": "snap-0c493ccaccd018881",
"VolumeSize": 8,
"VolumeType": "gp2",
"Encrypted": false
}
},
{
"DeviceName": "/dev/xvdf",
"Ebs": {
"DeleteOnTermination": true,
"VolumeSize": 10,
"VolumeType": "gp2",
"Encrypted": false
}
}
],
"EnaSupport": true,
"Hypervisor": "xen",
"Name": "DebianImage",
"RootDeviceName": "/dev/xvda",
"RootDeviceType": "ebs",
"SriovNetSupport": "simple",
"VirtualizationType": "hvm",
"BootMode": "uefi",
"TpmSupport": "v2.0"
}
]
}
So far it looks good, but if I try to launch an instance of this AMI, I cannot connect to the machine. If I create an instance from the management console without nitroTPM support I can connect to the machine via my Key. Also, I would like to get some measurements from the TPM, but I don't see any of the hashes in the response. I appreciate any help you can offer.
Heres my ec2 description
{
"Reservations": [
{
"Groups": [],
"Instances": [
{
"AmiLaunchIndex": 0,
"ImageId": "ami-05683f60db56ff1b5",
"InstanceId": "i-03435c99e5a3a83b5",
"InstanceType": "m6a.xlarge",
"KeyName": "OPTI_PLEX_KEY_PAIR",
"LaunchTime": "2022-11-21T20:53:29.000Z",
"Monitoring": {
"State": "disabled"
},
"Placement": {
"AvailabilityZone": "eu-central-1a",
"GroupName": "",
"Tenancy": "default"
},
"PrivateDnsName": "ip-172-31-16-168.eu-central-1.compute.internal",
"PrivateIpAddress": "172.31.16.168",
"ProductCodes": [],
"PublicDnsName": "ec2-18-159-62-7.eu-central-1.compute.amazonaws.com",
"PublicIpAddress": "18.159.62.7",
"State": {
"Code": 16,
"Name": "running"
},
"StateTransitionReason": "",
"SubnetId": "subnet-12bdf778",
"VpcId": "vpc-d90e6cb3",
"Architecture": "x86_64",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"AttachTime": "2022-11-21T20:53:30.000Z",
"DeleteOnTermination": true,
"Status": "attached",
"VolumeId": "vol-05814aff540510c1f"
}
},
{
"DeviceName": "/dev/xvdf",
"Ebs": {
"AttachTime": "2022-11-21T20:53:30.000Z",
"DeleteOnTermination": true,
"Status": "attached",
"VolumeId": "vol-03027ae670649544f"
}
}
],
"ClientToken": "45856522-8833-4e31-985f-f5209b014fa1",
"EbsOptimized": true,
"EnaSupport": true,
"Hypervisor": "xen",
"ElasticGpuAssociations": [],
"ElasticInferenceAcceleratorAssociations": [],
"NetworkInterfaces": [
{
"Association": {
"IpOwnerId": "amazon",
"PublicDnsName": "ec2-18-159-62-7.eu-central-1.compute.amazonaws.com",
"PublicIp": "18.159.62.7"
},
"Attachment": {
"AttachTime": "2022-11-21T20:53:29.000Z",
"AttachmentId": "eni-attach-01e82b7e623e8e9da",
"DeleteOnTermination": true,
"DeviceIndex": 0,
"Status": "attached",
"NetworkCardIndex": 0
},
"Description": "",
"Groups": [
{
"GroupName": "launch-wizard-10",
"GroupId": "sg-05676ad26b7f6ed13"
}
],
"Ipv6Addresses": [],
"MacAddress": "02:b8:28:63:4f:fc",
"NetworkInterfaceId": "eni-095492d80db0313b8",
"OwnerId": "293786889684",
"PrivateDnsName": "ip-172-31-16-168.eu-central-1.compute.internal",
"PrivateIpAddress": "172.31.16.168",
"PrivateIpAddresses": [
{
"Association": {
"IpOwnerId": "amazon",
"PublicDnsName": "ec2-18-159-62-7.eu-central-1.compute.amazonaws.com",
"PublicIp": "18.159.62.7"
},
"Primary": true,
"PrivateDnsName": "ip-172-31-16-168.eu-central-1.compute.internal",
"PrivateIpAddress": "172.31.16.168"
}
],
"SourceDestCheck": true,
"Status": "in-use",
"SubnetId": "subnet-12bdf778",
"VpcId": "vpc-d90e6cb3",
"InterfaceType": "interface",
"Ipv4Prefixes": [],
"Ipv6Prefixes": []
}
],
"RootDeviceName": "/dev/xvda",
"RootDeviceType": "ebs",
"SecurityGroups": [
{
"GroupName": "launch-wizard-10",
"GroupId": "sg-05676ad26b7f6ed13"
}
],
"SourceDestCheck": true,
"Tags": [
{
"Key": "Name",
"Value": "Ubuntu bla"
}
],
"VirtualizationType": "hvm",
"CpuOptions": {
"CoreCount": 2,
"ThreadsPerCore": 2
},
"CapacityReservationSpecification": {
"CapacityReservationPreference": "open"
},
"HibernationOptions": {
"Configured": false
},
"Licenses": [],
"MetadataOptions": {
"State": "applied",
"HttpTokens": "optional",
"HttpPutResponseHopLimit": 1,
"HttpEndpoint": "enabled",
"HttpProtocolIpv6": "disabled",
"InstanceMetadataTags": "enabled"
},
"EnclaveOptions": {
"Enabled": true
},
"BootMode": "uefi",
"PlatformDetails": "Linux/UNIX",
"UsageOperation": "RunInstances",
"UsageOperationUpdateTime": "2022-11-21T20:53:29.000Z",
"PrivateDnsNameOptions": {
"HostnameType": "ip-name",
"EnableResourceNameDnsARecord": true,
"EnableResourceNameDnsAAAARecord": false
},
"TpmSupport": "v2.0",
"MaintenanceOptions": {
"AutoRecovery": "default"
}
}
],
"OwnerId": "293786889684",
"ReservationId": "r-0089af1cf650fc657"
}
]
}
언어
English
질문됨 일 년 전454회 조회lg...
1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
이 답변이 도움이 되었나요?커뮤니티가 여러분의 지식을 활용할 수 있도록 정답을 찬성하세요.
0
Hi! I've done some testing of my own to investigate the problem. It seems like there may be an issue with the register-image API in the CLI and the NitroTPM. In efforts to replicate, as well as tinker around, the instances created this way fail to pass EC2 Status Checks. When requesting screenshot of the instance (Actions -> Monitor and Troubleshooting -> Get instance screenshot), it is very evident that it did not boot properly. I have forwarded my investigation and this post to the Nitro team.
답변함 일 년 전lg...
관련 콘텐츠
- 질문됨 6달 전lg...
- 질문됨 23일 전lg...
- 질문됨 8달 전lg...
- 질문됨 5달 전lg...
