Merge pull request #253498 from elohmeier/tpmfix

pyrox.dev / nixpkgs

fork atom

lol

fork atom

boot.initrd.systemd: make TPM2 modules optional

authored by

Florian Klink and committed by

GitHub 2 years ago 0a49365d b9543754

+12 -4

1 changed file

expand all

nixos

modules

system

boot

systemd

initrd.nix

+12 -4

nixos/modules/system/boot/systemd/initrd.nix

··· 333 333 visible = "shallow"; 334 334 description = lib.mdDoc "Definition of slice configurations."; 335 335 }; 336 + 337 + enableTpm2 = mkOption { 338 + default = true; 339 + type = types.bool; 340 + description = lib.mdDoc '' 341 + Whether to enable TPM2 support in the initrd. 342 + ''; 343 + }; 336 344 }; 337 345 338 346 config = mkIf (config.boot.initrd.enable && cfg.enable) { ··· 342 350 # systemd needs this for some features 343 351 "autofs4" 344 352 # systemd-cryptenroll 345 - "tpm-tis" 346 - ] ++ lib.optional (pkgs.stdenv.hostPlatform.system != "riscv64-linux") "tpm-crb"; 353 + ] ++ lib.optional cfg.enableTpm2 "tpm-tis" 354 + ++ lib.optional (cfg.enableTpm2 && pkgs.stdenv.hostPlatform.system != "riscv64-linux") "tpm-crb"; 347 355 348 356 boot.initrd.systemd = { 349 357 initrdBin = [pkgs.bash pkgs.coreutils cfg.package.kmod cfg.package] ++ config.system.fsPackages; ··· 421 429 422 430 # so NSS can look up usernames 423 431 "${pkgs.glibc}/lib/libnss_files.so.2" 424 - ] ++ optionals cfg.package.withCryptsetup [ 432 + ] ++ optionals (cfg.package.withCryptsetup && cfg.enableTpm2) [ 425 433 # tpm2 support 426 434 "${cfg.package}/lib/cryptsetup/libcryptsetup-token-systemd-tpm2.so" 427 435 pkgs.tpm2-tss 428 - 436 + ] ++ optionals cfg.package.withCryptsetup [ 429 437 # fido2 support 430 438 "${cfg.package}/lib/cryptsetup/libcryptsetup-token-systemd-fido2.so" 431 439 "${pkgs.libfido2}/lib/libfido2.so.1"