pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / system / boot / systemd / tpm2.nix
at master 1.8 kB view raw
1{ 2 lib, 3 config, 4 pkgs, 5 ... 6}: 7{ 8 meta.maintainers = [ lib.maintainers.elvishjerricco ]; 9 10 imports = [ 11 (lib.mkRenamedOptionModule 12 [ 13 "boot" 14 "initrd" 15 "systemd" 16 "enableTpm2" 17 ] 18 [ 19 "boot" 20 "initrd" 21 "systemd" 22 "tpm2" 23 "enable" 24 ] 25 ) 26 ]; 27 28 options = { 29 systemd.tpm2.enable = lib.mkEnableOption "systemd TPM2 support" // { 30 default = config.systemd.package.withTpm2Units; 31 defaultText = "systemd.package.withTpm2Units"; 32 }; 33 34 boot.initrd.systemd.tpm2.enable = lib.mkEnableOption "systemd initrd TPM2 support" // { 35 default = config.boot.initrd.systemd.package.withTpm2Units; 36 defaultText = "boot.initrd.systemd.package.withTpm2Units"; 37 }; 38 }; 39 40 # TODO: pcrphase, pcrextend, pcrfs, pcrmachine 41 config = lib.mkMerge [ 42 # Stage 2 43 ( 44 let 45 cfg = config.systemd; 46 in 47 lib.mkIf cfg.tpm2.enable { 48 systemd.additionalUpstreamSystemUnits = [ 49 "tpm2.target" 50 "systemd-tpm2-setup-early.service" 51 "systemd-tpm2-setup.service" 52 ]; 53 } 54 ) 55 56 # Stage 1 57 ( 58 let 59 cfg = config.boot.initrd.systemd; 60 in 61 lib.mkIf (cfg.enable && cfg.tpm2.enable) { 62 boot.initrd.systemd.additionalUpstreamUnits = [ 63 "tpm2.target" 64 "systemd-tpm2-setup-early.service" 65 ]; 66 67 boot.initrd.availableKernelModules = [ 68 "tpm-tis" 69 ] 70 ++ lib.optional ( 71 !(pkgs.stdenv.hostPlatform.isRiscV64 || pkgs.stdenv.hostPlatform.isArmv7) 72 ) "tpm-crb"; 73 boot.initrd.systemd.storePaths = [ 74 pkgs.tpm2-tss 75 "${cfg.package}/lib/systemd/systemd-tpm2-setup" 76 "${cfg.package}/lib/systemd/system-generators/systemd-tpm2-generator" 77 ]; 78 } 79 ) 80 ]; 81}