| blob | 6b6c9fb23f2469c36097c19f31180c1a50be2c7f |
1 {
2 lib,
3 config,
4 pkgs,
5 ...
6 }:
7 {
8 meta.maintainers = [ lib.maintainers.elvishjerricco ];
10 imports = [
11 (lib.mkRenamedOptionModule
12 [
13 "boot"
14 "initrd"
15 "systemd"
16 "enableTpm2"
17 ]
18 [
19 "boot"
20 "initrd"
21 "systemd"
22 "tpm2"
23 "enable"
24 ]
25 )
26 ];
28 options = {
29 systemd.tpm2.enable = lib.mkEnableOption "systemd TPM2 support" // {
30 default = config.systemd.package.withTpm2Tss;
31 defaultText = "systemd.package.withTpm2Tss";
32 };
34 boot.initrd.systemd.tpm2.enable = lib.mkEnableOption "systemd initrd TPM2 support" // {
35 default = config.boot.initrd.systemd.package.withTpm2Tss;
36 defaultText = "boot.initrd.systemd.package.withTpm2Tss";
37 };
38 };
40 # TODO: pcrphase, pcrextend, pcrfs, pcrmachine
41 config = lib.mkMerge [
42 # Stage 2
43 (
44 let
45 cfg = config.systemd;
46 in
47 lib.mkIf cfg.tpm2.enable {
48 systemd.additionalUpstreamSystemUnits = [
49 "tpm2.target"
50 "systemd-tpm2-setup-early.service"
51 "systemd-tpm2-setup.service"
52 ];
53 }
54 )
56 # Stage 1
57 (
58 let
59 cfg = config.boot.initrd.systemd;
60 in
61 lib.mkIf (cfg.enable && cfg.tpm2.enable) {
62 boot.initrd.systemd.additionalUpstreamUnits = [
63 "tpm2.target"
64 "systemd-tpm2-setup-early.service"
65 ];
67 boot.initrd.availableKernelModules =
68 [ "tpm-tis" ]
69 ++ lib.optional (
70 !(pkgs.stdenv.hostPlatform.isRiscV64 || pkgs.stdenv.hostPlatform.isArmv7)
71 ) "tpm-crb";
72 boot.initrd.systemd.storePaths = [
73 pkgs.tpm2-tss
74 "${cfg.package}/lib/systemd/systemd-tpm2-setup"
75 "${cfg.package}/lib/systemd/system-generators/systemd-tpm2-generator"
76 ];
77 }
78 )
79 ];
80 }