sys/boot/tpm.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

{ config, lib, pkgs, ... }:
with lib; let
  cfg = config.local.boot.tpm;
in
{
  options.local.boot.tpm = {
    enable = mkEnableOption "Trusted Platform Module 2.0";
  };

  config = mkIf cfg.enable {
    assertions = [
      {
        assertion = config.local.boot.efi.enable;
        message = "TPM2 requires EFI";
      }
    ];

    security.tpm2 = {
      enable = true;

      pkcs11.enable = true;
      tctiEnvironment.enable = true;
    };

    environment.systemPackages = [ pkgs.tpm2-tools ];
  };
}