ItsDrike/nixdots
1
0
Fork 0
mirror of https://github.com/ItsDrike/nixdots synced 2024-11-10 02:19:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Enable TPM

Browse source
This commit is contained in:
ItsDrike 2024-04-12 21:38:05 +02:00
parent 74603055b8
commit de2248452a
Signed by: ItsDrike
GPG key ID: FA2745890B7048C0
4 changed files with 34 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
hosts/herugrim/default.nix
View file

@ -53,6 +53,7 @@
device = { device = {
virtual-machine = false; virtual-machine = false;
cpu.type = "intel"; cpu.type = "intel";
hasTPM = true;
}; };
home-manager = { home-manager = {

6
options/device/hardware.nix
View file

@ -19,5 +19,11 @@ in
default = false; default = false;
description = "Is this system a virtual machine?"; description = "Is this system a virtual machine?";
}; };
hasTPM = mkOption {
type = lib.types.bool;
default = false;
description = "Does this device have a TPM (Trusted Platform Module)?"
}
}; };
} }

1
system/hardware/default.nix
View file

@ -1,5 +1,6 @@
_: { _: {
imports = [ imports = [
./cpu ./cpu
./tpm.nix
]; ];
} }

26
system/hardware/tpm.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, lib, pkgs, ... }: let
inherit (lib) mkIf;
enabled = config.device.hasTPM;
in {
config = mkIf enabled {
security.tpm2 = {
# enable Trusted Platform Module 2 support
enable = true;
# enable Trusted Platform 2 userspace resource manager daemon
abrmd.enable = mkDefault false;
# The TCTI is the "Transmission Interface" that is used to communicate with a
# TPM. this option sets TCTI environment variables to the specified values if enabled
# - TPM2TOOLS_TCTI
# - TPM2_PKCS11_TCTI
tctiEnvironment.enable = mkDefault true;
# enable TPM2 PKCS#11 tool and shared library in system path
pkcs11.enable = mkDefault false;
};
environment.systemPackages = with pkgs; [ tpm2-tss tpm2-tools ];
};
}