Skip to content

Tpm2

security.tpm2.abrmd.enable

Whether to enable Trusted Platform 2 userspace resource manager daemon . Type: boolean

Default

false

Example

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/tpm2.nix

security.tpm2.abrmd.package

tpm2-abrmd package to use Type: package

Default

pkgs.tpm2-abrmd

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/tpm2.nix

security.tpm2.applyUdevRules

Whether to make the /dev/tpm[0-9] devices accessible by the tssUser, or the /dev/tpmrm[0-9] by tssGroup respectively

Type: boolean

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/tpm2.nix

security.tpm2.enable

Whether to enable Trusted Platform Module 2 support. Type: boolean

Default

false

Example

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/tpm2.nix

security.tpm2.pkcs11.enable

Whether to enable TPM2 PKCS#11 tool and shared library in system path (/run/current-system/sw/lib/libtpm2_pkcs11.so) . Type: boolean

Default

false

Example

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/tpm2.nix

security.tpm2.pkcs11.package

tpm2-pkcs11 package to use Type: package

Default

pkgs.tpm2-pkcs11

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/tpm2.nix

security.tpm2.tctiEnvironment.deviceConf

Configuration part of the device TCTI, e.g. the path to the TPM device. Applies if interface is set to "device". The format is specified in the tpm2-tools repository.

Type: string

Default

"/dev/tpmrm0"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/tpm2.nix

security.tpm2.tctiEnvironment.enable

Set common TCTI environment variables to the specified value. The variables are - TPM2TOOLS_TCTI - TPM2_PKCS11_TCTI

Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/tpm2.nix

security.tpm2.tctiEnvironment.interface

The name of the TPM command transmission interface (TCTI) library to use.

Type: one of "tabrmd", "device"

Default

"device"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/tpm2.nix

security.tpm2.tctiEnvironment.tabrmdConf

Configuration part of the tabrmd TCTI, like the D-Bus bus name. Applies if interface is set to "tabrmd". The format is specified in the tpm2-tools repository.

Type: string

Default

"bus_name=com.intel.tss2.Tabrmd"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/tpm2.nix

security.tpm2.tssGroup

Group of the tpm kernel resource manager (tpmrm) device-group, set if applyUdevRules is set.

Type: null or string

Default

"tss"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/tpm2.nix

security.tpm2.tssUser

Name of the tpm device-owner and service user, set if applyUdevRules is set.

Type: null or string

Default

if config.security.tpm2.abrmd.enable then "tss" else "root"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/tpm2.nix