diff options
Diffstat (limited to '')
| -rw-r--r-- | sys/boot/default.nix | 1 | ||||
| -rw-r--r-- | sys/boot/tpm.nix | 27 |
2 files changed, 28 insertions, 0 deletions
diff --git a/sys/boot/default.nix b/sys/boot/default.nix index 73fe5d6..4580cba 100644 --- a/sys/boot/default.nix +++ b/sys/boot/default.nix @@ -9,5 +9,6 @@ ./namespaced.nix ./secure-boot.nix ./stack + ./tpm.nix ]; } diff --git a/sys/boot/tpm.nix b/sys/boot/tpm.nix new file mode 100644 index 0000000..4932b7c --- /dev/null +++ b/sys/boot/tpm.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, ... }: +with lib; let + cfg = config.local.boot.tpm; +in +{ + options.local.boot.tpm = { + enable = mkEnableOption "Trusted Platform Module 2.0"; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = config.local.boot.efi.enable; + message = "TPM2 requires EFI"; + } + ]; + + security.tpm2 = { + enable = true; + + pkcs11.enable = true; + tctiEnvironment.enable = true; + }; + + environment.systemPackages = [ pkgs.tpm2-tools ]; + }; +} |