fwminex: enable tpm2 unlock
This commit is contained in:
parent
5dd533cf34
commit
7594f32c7a
@ -40,6 +40,7 @@ in
|
|||||||
kernelModules = [ "kvm-intel" ];
|
kernelModules = [ "kvm-intel" ];
|
||||||
loader.systemd-boot.enable = true;
|
loader.systemd-boot.enable = true;
|
||||||
initrd = {
|
initrd = {
|
||||||
|
systemd.enable = true;
|
||||||
kernelModules = [ "usb_storage" ];
|
kernelModules = [ "usb_storage" ];
|
||||||
availableKernelModules = [
|
availableKernelModules = [
|
||||||
"xhci_pci"
|
"xhci_pci"
|
||||||
@ -48,22 +49,15 @@ in
|
|||||||
"usbhid"
|
"usbhid"
|
||||||
"tpm_tis"
|
"tpm_tis"
|
||||||
];
|
];
|
||||||
systemd.enableTpm2 = true;
|
|
||||||
luks.devices = {
|
luks.devices = {
|
||||||
luksroot = {
|
luksroot = {
|
||||||
device = "${nvme}-part3";
|
device = "${nvme}-part3";
|
||||||
allowDiscards = true;
|
allowDiscards = true;
|
||||||
#crypttabExtraOpts = ["tpm2-device=auto"];
|
|
||||||
keyFileOffset = 9728;
|
|
||||||
keyFileSize = 512;
|
|
||||||
keyFile = "/dev/sda";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
security.tpm2.enable = true;
|
|
||||||
|
|
||||||
swapDevices = [
|
swapDevices = [
|
||||||
{
|
{
|
||||||
device = "${nvme}-part2";
|
device = "${nvme}-part2";
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user