About Trusted Platform Module (TPM)

A Trusted Platform Module (TPM) is a security standard that ensures the secure storage and management of element useful or necessary for virtual machines (VMs) authentication. It is implemented as a dedicated physical chip embedded in devices, acting as a secure enclave enhancing the security of your VMs.

TPM helps ensure that your operating system and firmware are authenticated and trusted. To provide this level of security on all your VMs, OUTSCALE provides a virtual TPM (vTPM) which is the emulation of a physical TPM.

A vTPM is a virtual device stored as a file that can be associated with a VM. It stores elements such as:

encryption keys,
identifiers, passwords, fingerprints,
certificates, signatures, hashing.

Association Rules for Virtual TPMs

When creating an OUTSCALE Machine Image (OMI), you specify whether VMs created from this OMI must have a vTPM or not. For more information, see Creating an OMI.

When the VM is created, a vTPM is associated with it. The vTPM remains associated with the VM until it is terminated. A vTPM is uniquely associated to its VM and cannot be shared or transferred to another VM.

Compatibility and Limitations

vTPMs are compatible with VMs created from OMI that exclusively uses UEFI as boot mode. For more information, see About Boot Modes.

In the OMI used to create a VM, if a vTPM is required but the boot mode is not set to UEFI, VM creation will fail.

Accessing the content of a vTPM is limited to the VM it is attached to. You cannot interact with the vTPM outside the VM, and no external APIs or tools are provided to read its contents.

Once a vTPM is associated with a VM, you cannot disable it. To request deactivation, contact our Technical Support.

Related Pages