From e7e13bb2510db354d15ac4073e649632a4ab003b Mon Sep 17 00:00:00 2001
From: Baitinq <manuelpalenzuelamerino@gmail.com>
Date: Wed, 12 Mar 2025 20:00:38 +0100
Subject: Hardware: PC: Add TPM disk unlock

---
 hardware/pc/disks.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'hardware/pc/disks.nix')

diff --git a/hardware/pc/disks.nix b/hardware/pc/disks.nix
index 825a9f0..5e9487b 100644
--- a/hardware/pc/disks.nix
+++ b/hardware/pc/disks.nix
@@ -22,6 +22,7 @@
     mkfs.vfat "${HDD}"-part1
     mkfs.ext4 "${HDD}"-part2
     cryptsetup -q luksFormat "${HDD}"-part3  --type luks2
+    systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0 "${HDD}"-part3
     cryptsetup open --type luks "${HDD}"-part3 encrypted_root
     pvcreate /dev/mapper/encrypted_root
     vgcreate encrypted_root_pool /dev/mapper/encrypted_root
-- 
cgit 1.4.1