Only disable TPM access by rngd when tcsd is enabled.

1 files changed, 2 insertions, 1 deletions

diff --git a/nixos/modules/security/rngd.nix b/nixos/modules/security/rngd.nix
index c47c1b2a67e6..4d8fabc7696e 100644
--- a/nixos/modules/security/rngd.nix
+++ b/nixos/modules/security/rngd.nix
@@ -30,7 +30,8 @@ with lib;
 
       description = "Hardware RNG Entropy Gatherer Daemon";
 
-      serviceConfig.ExecStart = "${pkgs.rng_tools}/sbin/rngd -f -v --no-tpm=1";
+      serviceConfig.ExecStart = "${pkgs.rng_tools}/sbin/rngd -f -v" +
+        (if config.services.tcsd.enable then " --no-tpm=1" else "");
 
       restartTriggers = [ pkgs.rng_tools ];
     };