diff options
| author | Arseniy Seroka <jagajaga@users.noreply.github.com> | 2015-08-02 03:47:06 +0300 |
|---|---|---|
| committer | Arseniy Seroka <jagajaga@users.noreply.github.com> | 2015-08-02 03:47:06 +0300 |
| commit | b563775994a72811822e51c978832ed1a649168e (patch) | |
| tree | 59e8276942f619b8a9fc3a20d2cb93169e6ab0ae /nixos/modules | |
| parent | 479a43cf74bc37267dbb7e57931e7e745b2aa061 (diff) | |
| parent | aa63d4299ff3236f8a47d7b20434be7785902d40 (diff) | |
| download | nixlib-b563775994a72811822e51c978832ed1a649168e.tar nixlib-b563775994a72811822e51c978832ed1a649168e.tar.gz nixlib-b563775994a72811822e51c978832ed1a649168e.tar.bz2 nixlib-b563775994a72811822e51c978832ed1a649168e.tar.lz nixlib-b563775994a72811822e51c978832ed1a649168e.tar.xz nixlib-b563775994a72811822e51c978832ed1a649168e.tar.zst nixlib-b563775994a72811822e51c978832ed1a649168e.zip | |
Merge pull request #9077 from ts468/upstream.tcsd
tcsd module: expose firmwarePCRs and kernelPCRs
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/services/hardware/tcsd.nix | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/nixos/modules/services/hardware/tcsd.nix b/nixos/modules/services/hardware/tcsd.nix index 220b154bd97a..ced2d49c1e15 100644 --- a/nixos/modules/services/hardware/tcsd.nix +++ b/nixos/modules/services/hardware/tcsd.nix @@ -17,8 +17,8 @@ let # what is available directly from the PCR registers. firmware_log_file = /sys/kernel/security/tpm0/binary_bios_measurements kernel_log_file = /sys/kernel/security/ima/binary_runtime_measurements - #firmware_pcrs = 0,1,2,3,4,5,6,7 - #kernel_pcrs = 10,11 + firmware_pcrs = ${cfg.firmwarePCRs} + kernel_pcrs = ${cfg.kernelPCRs} platform_cred = ${cfg.platformCred} conformance_cred = ${cfg.conformanceCred} endorsement_cred = ${cfg.endorsementCred} @@ -60,20 +60,32 @@ in }; stateDir = mkOption { - default = "/var/lib/tpm"; + default = "/var/lib/tpm"; type = types.path; - description = '' + description = '' The location of the system persistent storage file. The system persistent storage file holds keys and data across restarts of the TCSD and system reboots. - ''; + ''; + }; + + firmwarePCRs = mkOption { + default = "0,1,2,3,4,5,6,7"; + type = types.string; + description = "PCR indices used in the TPM for firmware measurements."; + }; + + kernelPCRs = mkOption { + default = "10,11"; + type = types.string; + description = "PCR indices used in the TPM for kernel measurements."; }; platformCred = mkOption { default = "${cfg.stateDir}/platform.cert"; type = types.path; description = '' - Path to the platform credential for your TPM. Your TPM + Path to the platform credential for your TPM. Your TPM manufacturer may have provided you with a set of credentials (certificates) that should be used when creating identities using your TPM. When a user of your TPM makes an identity, |