security.tpm2.fapi.ekCertLess

A switch to disable Endorsement Key (EK) certificate verification.

A value of null indicates that the generated fapi config file does not contain a ek_cert_less key. The effect of not having that key at all is the same as setting its value to false.

A value of false means that the tss2 cli will not work if there is no EK Cert installed, or if the installed EK Cert can't be validated.

A value of true means that the tss2 cli will work even if there's no EK cert installed.

Type

null or boolean

Default

null

Declared

<nixpkgs/nixos/modules/security/tpm2.nix>