pyrox.dev / nixpkgs
lol
fork atom

systemd/initrd: Add TPM modules into initrd

This improves the out-of-box experience of TPM2 unlocking at a
small (50K) overhead.

Zhaofeng Li b9b45482 21bbef95

options
unified split
Changed files
+4 -1
nixos
modules
system
boot
systemd
initrd.nix
+4 -1
nixos/modules/system/boot/systemd/initrd.nix 
···

       
332

       
332

       
 

       
  config = mkIf (config.boot.initrd.enable && cfg.enable) {


     

       
333

       
333

       
 

       
    system.build = { inherit initialRamdisk; };


     

       
334

       
334

       
 

       



     

       
335

       

       
-

       
    boot.initrd.availableKernelModules = [ "autofs4" ]; # systemd needs this for some features


     

       

       
335

       
+

       
    boot.initrd.availableKernelModules = [


     

       

       
336

       
+

       
      "autofs4"           # systemd needs this for some features


     

       

       
337

       
+

       
      "tpm-tis" "tpm-crb" # systemd-cryptenroll


     

       

       
338

       
+

       
    ];


     

       
336

       
339

       
 

       



     

       
337

       
340

       
 

       
    boot.initrd.systemd = {


     

       
338

       
341

       
 

       
      initrdBin = [pkgs.bash pkgs.coreutils cfg.package.kmod cfg.package] ++ config.system.fsPackages;