538312709e
- Actually run tcsd as tss/tss
- Install a udev rule to set /dev/tpm* permissions
- Remove systemd-udev-settle dependency, use dev-tpm0.device instead
- Use systemd-tmpfiles to set up the state directory
- Add documentation URI to tcsd.service
This module cannot be easily tested with a NixOS test due to the TPM
dependency. Technically, one could be emulated using swtpm[1], but this
is not packaged in Nixpkgs. If you computer has a real TPM you can do a
passthrough in Qemu, but this requires running the VM as root and of
course it's not determinstic:
$ nix build -f nixos vm --arg configuration '
{
virtualisation.qemu.options = [
"-tpmdev passthrough,id=tpm0,path=/dev/tpm0,cancel-path=/sys/class/tpm/tpm0/cancel"
"-device tpm-tis,tpmdev=tpm0"
];
users.users.root.hashedPassword = "";
services.tcsd.enable = true;
}'
After starting the VM, log in as root, you can check the service has
started with `systemctl status tcsd`.
[1]: https://github.com/stefanberger/swtpm
|
||
|---|---|---|
| .. | ||
| sane_extra_backends | ||
| acpid.nix | ||
| actkbd.nix | ||
| auto-cpufreq.nix | ||
| bluetooth.nix | ||
| bolt.nix | ||
| brltty.nix | ||
| fancontrol.nix | ||
| freefall.nix | ||
| fwupd.nix | ||
| illum.nix | ||
| interception-tools.nix | ||
| irqbalance.nix | ||
| lcd.nix | ||
| lirc.nix | ||
| nvidia-optimus.nix | ||
| pcscd.nix | ||
| pommed.nix | ||
| power-profiles-daemon.nix | ||
| ratbagd.nix | ||
| sane.nix | ||
| spacenavd.nix | ||
| tcsd.nix | ||
| thermald.nix | ||
| thinkfan.nix | ||
| throttled.nix | ||
| tlp.nix | ||
| trezord.nix | ||
| trezord.xml | ||
| triggerhappy.nix | ||
| udev.nix | ||
| udisks2.nix | ||
| undervolt.nix | ||
| upower.nix | ||
| usbmuxd.nix | ||
| vdr.nix | ||
| xow.nix | ||