From d5287f242ed8e9c0b03fbec3a309543202697448 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Wed, 10 Apr 2024 22:10:34 +0200
Subject: [PATCH] Enable TPM2 security in x86_64-linux SGX hardware
 configuration

The commit turns on the TPM2 security feature and its associated Access Broker and Resource Manager daemon (abrmd) in the hardware configuration for the x86_64-linux SGX system. This action, represented by changing the respective entries from false to true, enhances the security of this system configuration.
---
 systems/x86_64-linux/sgx/hardware-configuration.nix | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/systems/x86_64-linux/sgx/hardware-configuration.nix b/systems/x86_64-linux/sgx/hardware-configuration.nix
index b6ddc43..7ae35a6 100644
--- a/systems/x86_64-linux/sgx/hardware-configuration.nix
+++ b/systems/x86_64-linux/sgx/hardware-configuration.nix
@@ -4,10 +4,9 @@
 { pkgs, config, lib, modulesPath, ... }:
 
 {
-  imports =
-    [
-      (modulesPath + "/installer/scan/not-detected.nix")
-    ];
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
 
   boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "uas" "sd_mod" ];
   boot.initrd.kernelModules = [ ];
@@ -80,7 +79,7 @@
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 
-  security.tpm2.enable = false;
-  security.tpm2.abrmd.enable = false;
+  security.tpm2.enable = true;
+  security.tpm2.abrmd.enable = true;
   powerManagement.cpuFreqGovernor = "ondemand";
 }