nixdots/system/shared/hardware/tpm.nix

{
  config,
  lib,
  pkgs,
  ...
}: let
  inherit (lib) mkIf mkDefault;

  enabled = config.myOptions.device.hasTPM;
in {
  config = mkIf enabled {
    security.tpm2 = {
      # enable Trusted Platform Module 2 support
      enable = true;

      # enable Trusted Platform 2 userspace resource manager daemon
      abrmd.enable = mkDefault false;

      # The TCTI is the "Transmission Interface" that is used to communicate with a
      # TPM. this option sets TCTI environment variables to the specified values if enabled
      #  - TPM2TOOLS_TCTI
      #  - TPM2_PKCS11_TCTI
      tctiEnvironment.enable = mkDefault true;

      # enable TPM2 PKCS#11 tool and shared library in system path
      pkcs11.enable = mkDefault false;
    };

    environment.systemPackages = with pkgs; [tpm2-tss tpm2-tools];
  };
}
Run alejandra 2024-07-26 23:07:07 +00:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}: let`
Fix typos 2024-04-12 21:29:29 +00:00			`inherit (lib) mkIf mkDefault;`
Enable TPM 2024-04-12 19:38:05 +00:00
Fix typos 2024-04-12 21:29:29 +00:00			`enabled = config.myOptions.device.hasTPM;`
Enable TPM 2024-04-12 19:38:05 +00:00			`in {`
			`config = mkIf enabled {`
			`security.tpm2 = {`
			`# enable Trusted Platform Module 2 support`
			`enable = true;`

			`# enable Trusted Platform 2 userspace resource manager daemon`
			`abrmd.enable = mkDefault false;`

			`# The TCTI is the "Transmission Interface" that is used to communicate with a`
			`# TPM. this option sets TCTI environment variables to the specified values if enabled`
			`# - TPM2TOOLS_TCTI`
			`# - TPM2_PKCS11_TCTI`
			`tctiEnvironment.enable = mkDefault true;`

			`# enable TPM2 PKCS#11 tool and shared library in system path`
			`pkcs11.enable = mkDefault false;`
			`};`

Run alejandra 2024-07-26 23:07:07 +00:00			`environment.systemPackages = with pkgs; [tpm2-tss tpm2-tools];`
Enable TPM 2024-04-12 19:38:05 +00:00			`};`
			`}`