From 3ace3540892b8b67f660d60af902b9140184e3b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= <motiejus@jakstys.lt>
Date: Tue, 16 Jul 2024 05:25:09 +0300
Subject: [PATCH] mtworx: trying tpm2

---
 hosts/mtworx/configuration.nix | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/hosts/mtworx/configuration.nix b/hosts/mtworx/configuration.nix
index ac38da0..b7ba786 100644
--- a/hosts/mtworx/configuration.nix
+++ b/hosts/mtworx/configuration.nix
@@ -17,12 +17,16 @@ in {
     kernelModules = ["kvm-intel"];
     loader.systemd-boot.enable = true;
     initrd = {
-      availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usbhid"];
-      systemd.enableTpm2 = true;
+      availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usbhid" "tpm_tis"];
+      systemd = {
+        enableTpm2 = true;
+        emergencyAccess = true;
+      };
       luks.devices = {
         luksroot = {
           device = "${nvme}-part3";
           allowDiscards = true;
+          crypttabExtraOpts = ["tpm2-device=auto"];
         };
       };
     };