dadada/nix-config
dadada/nix-config
1
0
Fork 0
Code Issues 2 Pull requests 5 Projects Releases Packages Wiki Activity Actions

feat(stolas): enable TPM2 LUKS keyslot

Browse source
This commit is contained in:
Tim Schubert 2025-07-26 13:43:39 +02:00
parent 215f4313bd
commit 77cdf773c0
No known key found for this signature in database
2 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
nixos/stolas/default.nix
View file

@ -32,6 +32,8 @@
"usb_storage" "usb_storage"
"sd_mod" "sd_mod"
]; ];
# Ensure that TPM module is loaded
kernelModules = [ "tpm" ];
}; };
}; };

6
nixos/stolas/disks.nix
View file

@ -30,10 +30,12 @@
content = { content = {
type = "luks"; type = "luks";
name = "crypted"; name = "crypted";
#passwordFile = "/tmp/secret.key"; # Interactive
settings = { settings = {
allowDiscards = true; allowDiscards = true;
#keyFile = "/tmp/secret.key"; crypttabExtraOpts = [
"tpm2-device=auto"
"tpm2-pin=true"
];
}; };
#additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; #additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = { content = {