From 43f72bf1ad6278c314877bf90e32cd48d079e666 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Fri, 14 Nov 2025 07:44:38 +0100
Subject: [PATCH] feat(security): disable TPM2 support in nixtee1

- Disabled `security.tpm2.enable` and `security.tpm2.abrmd.enable` options.
- Ensures TPM2-related services are not active on the system for this configuration.
---
 systems/x86_64-linux/nixtee1/default.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/systems/x86_64-linux/nixtee1/default.nix b/systems/x86_64-linux/nixtee1/default.nix
index e376b36..2d419d9 100644
--- a/systems/x86_64-linux/nixtee1/default.nix
+++ b/systems/x86_64-linux/nixtee1/default.nix
@@ -13,6 +13,9 @@
   boot.loader.grub.device = "/dev/vda";
   boot.loader.grub.useOSProber = true;
 
+  security.tpm2.enable = false;
+  security.tpm2.abrmd.enable = false;
+
   metacfg = {
     base.enable = true;
     nix-ld.enable = true;