Posted On: May 11, 2022

Today, Amazon Web Services (AWS) announced the general availability of two new security and compatibility features, NitroTPM, a Trusted Platform Module (TPM) 2.0 and Unified Extensible Firmware Interface (UEFI) Secure Boot in Amazon EC2. These features make it possible for customers to use TPM-dependent applications in their EC2 instances.

NitroTPM conforms to the TPM 2.0 specification, making it easier to migrate existing on-premises workloads that use TPM functionalities to EC2. A TPM is a security device that allows you to gather and attest system state, store and generate cryptographic data, and prove platform identity. Using the AWS Nitro System, the NitroTPM allows EC2 instances to generate, store, and use keys without having access to them. NitroTPM can also attest to the integrity of customers' instances by providing cryptographic proof via attestation mechanisms.

UEFI Secure Boot builds on EC2's existing secure boot process and provides additional defense-in-depth that helps customers secure software from threats that persist across reboots. It helps ensure that your EC2 instances run authentic software by verifying the digital signature of all boot components, and halts the boot process if signature verification fails.

NitroTPM and UEFI Secure Boot implement industry standard specifications, supported by many operating systems, for features such as key protection, boot-process validation, and digital rights management.

There is no additional cost other than the cost for the using EC2 instances. NitroTPM and UEFI Secure Boot are available today in AWS GovCloud (US) and all public AWS Regions, with the exception of Amazon Web Services China (Beijing) Region, operated by Sinnet, Amazon Web Services China (Ningxia) Region, operated by NWCD.

To learn more about NitroTPM and how to get started, visit the NitroTPM user guide. To learn more about UEFI Secure Boot and how to get started, visit the UEFI Secure Boot user guide.