harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Enable TPM2 security in x86_64-linux SGX hardware configuration

Browse source 
The commit turns on the TPM2 security feature and its associated Access Broker and Resource Manager daemon (abrmd) in the hardware configuration for the x86_64-linux SGX system. This action, represented by changing the respective entries from false to true, enhances the security of this system configuration.
This commit is contained in:
Harald Hoyer 2024-04-10 22:10:34 +02:00
parent 4066b0cd80
commit d5287f242e
1 changed files with 5 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

11
systems/x86_64-linux/sgx/hardware-configuration.nix
View file

@ -4,10 +4,9 @@
{ pkgs, config, lib, modulesPath, ... }: { pkgs, config, lib, modulesPath, ... }:
{ {
imports = imports = [
[ (modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/installer/scan/not-detected.nix") ];
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "uas" "sd_mod" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "uas" "sd_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
@ -80,7 +79,7 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
security.tpm2.enable = false; security.tpm2.enable = true;
security.tpm2.abrmd.enable = false; security.tpm2.abrmd.enable = true;
powerManagement.cpuFreqGovernor = "ondemand"; powerManagement.cpuFreqGovernor = "ondemand";
} }