fwminex: enable tpm2 unlock

This commit is contained in:
Motiejus Jakštys 2024-08-28 08:09:36 +03:00
parent 5dd533cf34
commit 7594f32c7a

View File

@ -40,6 +40,7 @@ in
kernelModules = [ "kvm-intel" ];
loader.systemd-boot.enable = true;
initrd = {
systemd.enable = true;
kernelModules = [ "usb_storage" ];
availableKernelModules = [
"xhci_pci"
@ -48,22 +49,15 @@ in
"usbhid"
"tpm_tis"
];
systemd.enableTpm2 = true;
luks.devices = {
luksroot = {
device = "${nvme}-part3";
allowDiscards = true;
#crypttabExtraOpts = ["tpm2-device=auto"];
keyFileOffset = 9728;
keyFileSize = 512;
keyFile = "/dev/sda";
};
};
};
};
security.tpm2.enable = true;
swapDevices = [
{
device = "${nvme}-part2";