![]() ![]() ![]() NitroTPM only unseals keys when the instance and the OS are in a known good state. This process is referred to as “sealing the key to the TPM.” Decrypting the key is called unsealing. NitroTPM unwraps the key only when those platform measurements have the same value as they had at the moment the key was created. NitroTPM can create and store keys that are wrapped and tied to certain platform measurements (known as Platform Configuration Registers – PCR). The availability of NitroTPM unlocks a couple of use cases to strengthen the security posture of your EC2 instances, such as secured key storage and access for OS-level volume encryption or platform attestation for measured boot or identity access. NitroTPM follows the ISO TPM 2.0 specification, allowing you to migrate existing on-premises workloads that leverage TPMs to EC2. It provides the same functions as a physical or discrete TPM. ![]() NitroTPM leverages the isolation and security properties of the Nitro System to ensure only the instance can access these secrets. You can use NitroTPM to store secrets, such as disk encryption keys or SSH keys, outside of the EC2 instance memory, protecting them from applications running on the instance. I am happy to announce you can start to use both NitroTPM and Secure Boot today in all AWS Regions outside of China, including the AWS GovCloud (US) Regions. We also announced Unified Extensible Firmware Interface (UEFI) Secure Boot availability for EC2. And third, it may help to ensure platform integrity by taking and storing security measurements.ĭuring re:Invent 2021, we announced the future availability of NitroTPM, a virtual TPM 2.0-compliant TPM module for your Amazon Elastic Compute Cloud (Amazon EC2) instances, based on AWS Nitro System. Second, you can use a TPM module to perform platform device authentication by using the TPM’s unique RSA key, which is burned into it. First, you can generate, store, and control access to encryption keys outside of the operating system. There are three key advantages of using TPM technology. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. In computing, Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |