Hardware: PC: Add TPM disk unlock

author: Baitinq <[email protected]> 2025-03-12 20:00:38 +0100
committer: Baitinq <[email protected]> 2025-03-12 20:00:38 +0100
commit: e7e13bb2510db354d15ac4073e649632a4ab003b (patch)
tree: 490071bfe1f796c77407d4438f5279c04b3bd336 /hardware
parent: Home: Packages: Add llm (diff)
download: nixos-config-e7e13bb2510db354d15ac4073e649632a4ab003b.tar.gz
nixos-config-e7e13bb2510db354d15ac4073e649632a4ab003b.tar.bz2
nixos-config-e7e13bb2510db354d15ac4073e649632a4ab003b.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/hardware/pc/disks.nix b/hardware/pc/disks.nix
index 825a9f0..5e9487b 100644
--- a/hardware/pc/disks.nix
+++ b/hardware/pc/disks.nix
@@ -22,6 +22,7 @@
     mkfs.vfat "${HDD}"-part1
     mkfs.ext4 "${HDD}"-part2
     cryptsetup -q luksFormat "${HDD}"-part3  --type luks2
+    systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0 "${HDD}"-part3
     cryptsetup open --type luks "${HDD}"-part3 encrypted_root
     pvcreate /dev/mapper/encrypted_root
     vgcreate encrypted_root_pool /dev/mapper/encrypted_root
author	Baitinq <[email protected]>	2025-03-12 20:00:38 +0100
committer	Baitinq <[email protected]>	2025-03-12 20:00:38 +0100
commit	e7e13bb2510db354d15ac4073e649632a4ab003b (patch)
tree	490071bfe1f796c77407d4438f5279c04b3bd336 /hardware
parent	Home: Packages: Add llm (diff)
download	nixos-config-e7e13bb2510db354d15ac4073e649632a4ab003b.tar.gz nixos-config-e7e13bb2510db354d15ac4073e649632a4ab003b.tar.bz2 nixos-config-e7e13bb2510db354d15ac4073e649632a4ab003b.zip