Settings needed according to https://nixos.wiki/wiki/TPM

2024-02-22 15:31:14 +01:00 · 2024-02-22 15:31:14 +01:00 · b1e4af16d8
commit b1e4af16d8
parent 5b296e8157
1 changed files with 5 additions and 0 deletions
--- a/nixos/desktop/default.nix
+++ b/nixos/desktop/default.nix
@ -170,6 +170,11 @@
    dockerCompat = true;
  };

+  security.tpm2.enable = true;
+  security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
+  security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
+  users.users.lillian.extraGroups = ["tss"]; # tss group has access to TPM devices
+
  boot.bootspec.enable = true;
  boot.kernelPackages = pkgs.linuxPackages_latest;
  boot.supportedFilesystems = ["bcachefs"];