Enable the tpm module on boot

2022-04-20 16:15:59 +01:00 · 2022-04-20 16:15:59 +01:00 · 56f093183f
commit 56f093183f
parent 9a9c67a3c7
1 changed files with 2 additions and 0 deletions
--- a/modules/systemd-cryptsetup.nix
+++ b/modules/systemd-cryptsetup.nix
@ -284,6 +284,8 @@ in
      message = "boot.initrd.luks.devices.<name>.bypassWorkqueues is not supported for kernels older than 5.9";
    }];

+    boot.initrd.kernelModules = [ "tpm" ];
+
    # actually, sbp2 driver is the one enabling the DMA attack, but this needs to be tested
    boot.blacklistedKernelModules = optionals luks.mitigateDMAAttacks
      [ "firewire_ohci" "firewire_core" "firewire_sbp2" ];