···
201
+
${lib.optionalString cfg.tpm.enable ''
202
+
NIX_SWTPM_DIR=$(readlink -f "''${NIX_SWTPM_DIR:-${config.system.name}-swtpm}")
203
+
mkdir -p "$NIX_SWTPM_DIR"
204
+
${lib.getExe cfg.tpm.package} \
206
+
--tpmstate dir="$NIX_SWTPM_DIR" \
207
+
--ctrl type=unixio,path="$NIX_SWTPM_DIR"/socket \
208
+
"--tpm2" 1>"$NIX_SWTPM_DIR"/stdout 2>"$NIX_SWTPM_DIR"/stderr &
${lib.optionalString (cfg.emptyDiskImages != []) "idx=0"}
···
875
+
virtualisation.tpm = {
876
+
enable = mkEnableOption "a TPM device in the virtual machine with a driver, using swtpm.";
878
+
package = mkPackageOptionMD cfg.host.pkgs "swtpm" { };
880
+
deviceModel = mkOption {
883
+
"i686-linux" = "tpm-tis";
884
+
"x86_64-linux" = "tpm-tis";
885
+
"ppc64-linux" = "tpm-spapr";
886
+
"armv7-linux" = "tpm-tis-device";
887
+
"aarch64-linux" = "tpm-tis-device";
888
+
}.${pkgs.hostPlatform.system} or (throw "Unsupported system for TPM2 emulation in QEMU"));
890
+
Based on the guest platform Linux system:
892
+
- `tpm-tis` for (i686, x86_64)
893
+
- `tpm-spapr` for ppc64
894
+
- `tpm-tis-device` for (armv7, aarch64)
896
+
example = "tpm-tis-device";
897
+
description = lib.mdDoc "QEMU device model for the TPM, uses the appropriate default based on th guest platform system and the package passed.";
virtualisation.useDefaultFilesystems =
···
boot.initrd.availableKernelModules =
optional cfg.writableStore "overlay"
1030
-
++ optional (cfg.qemu.diskInterface == "scsi") "sym53c8xx";
1066
+
++ optional (cfg.qemu.diskInterface == "scsi") "sym53c8xx"
1067
+
++ optional (cfg.tpm.enable) "tpm_tis";
virtualisation.additionalPaths = [ config.system.build.toplevel ];
···
1138
+
(mkIf (cfg.tpm.enable) [
1139
+
"-chardev socket,id=chrtpm,path=\"$NIX_SWTPM_DIR\"/socket"
1140
+
"-tpmdev emulator,id=tpm_dev_0,chardev=chrtpm"
1141
+
"-device ${cfg.tpm.deviceModel},tpmdev=tpm_dev_0"
pyrox.dev