virtualisation.tpm.provisioning

Script to provision the TPM before control is handed off to the VM.

TPM2TOOLS_TCTI will be provided to configure tpm2-tools to use the swtpm instance transparently. TCTI is also provided as a generic value, consumer is expected to re-export it however it may need (TPM2OPENSSL_TCTI, TPM2_PKCS11_TCTI, ...).

Type

null or string

Default

null

Example

tpm2_nvdefine 0xcafecafe \
  -C o \
  -a "ownerread|policyread|policywrite|ownerwrite|authread|authwrite"
echo "foobar" | tpm2_nvwrite 0xcafecafe -C o

Declared

<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>