Unverified Commit ab0032ae authored by Peder Bergebakken Sundt's avatar Peder Bergebakken Sundt Committed by GitHub
Browse files

nixos/tpm2: default pkcs#11 module based on abrmd config (#409326)

parents c5c920bf f86ebd9a

doc/release-notes/rl-2505.section.md

+2 −0
Original line number Diff line number Diff line
@@ -232,6 +232,8 @@ 


- `dwarf-fortress-packages` now only contains one minor version for each major version since version 0.44. Saves should still be compatible, but you may have to change which minor version you were using if it was one other than the newest.



- `tpm2-pkcs11` now is compiled without abrmd (Access Broker and Resource Manager Daemon) support by default, preferring the kernel resource manager. Use `tpm2-pkcs11.abrmd` if you would like a version with abrmd support. Note that the NixOS module picks the correct one automatically based on `security.tpm2.abrmd`.



- `zig_0_9` and `zig_0_10` have been removed, you should upgrade to `zig_0_13` (also available as just `zig`), `zig_0_12` or `zig_0_11` instead.



- `webpack-cli` was updated to major version 6, which has breaking changes from the previous version 5.1.4. See the [upstream release notes](https://github.com/webpack/webpack-cli/releases/tag/webpack-cli%406.0.0) for details on these changes.

nixos/modules/security/tpm2.nix

+2 −2
Original line number Diff line number Diff line
@@ -75,8 +75,8 @@ in 
      package = lib.mkOption {

        description = "tpm2-pkcs11 package to use";

        type = lib.types.package;

        default = pkgs.tpm2-pkcs11;

        defaultText = lib.literalExpression "pkgs.tpm2-pkcs11";

        default = if cfg.abrmd.enable then pkgs.tpm2-pkcs11.abrmd else pkgs.tpm2-pkcs11;

        defaultText = lib.literalExpression "if config.security.tpm2.abrmd.enable then pkgs.tpm2-pkcs11.abrmd else pkgs.tpm2-pkcs11";

      };

    };

pkgs/by-name/tp/tpm2-pkcs11/package.nix

+19 −11
Original line number Diff line number Diff line
@@ -222,18 +222,26 @@ chosenStdenv.mkDerivation (finalAttrs: { 
        $out/lib/libtpm2_pkcs11.so.0.0.0

    '';



  passthru = {

    tests = {

      inherit tpm2-pkcs11-esapi tpm2-pkcs11-fapi;

      tpm2-pkcs11-abrmd = tpm2-pkcs11.override {

  passthru = rec {

    esapi = tpm2-pkcs11-esapi;

    fapi = tpm2-pkcs11-fapi;

    abrmd = tpm2-pkcs11.override {

      abrmdSupport = true;

    };

      tpm2-pkcs11-esapi-abrmd = tpm2-pkcs11-esapi.override {

    esapi-abrmd = tpm2-pkcs11-esapi.override {

      abrmdSupport = true;

    };

      tpm2-pkcs11-fapi-abrmd = tpm2-pkcs11-fapi.override {

    fapi-abrmd = tpm2-pkcs11-fapi.override {

      abrmdSupport = true;

    };

    tests = {

      inherit

        esapi

        fapi

        abrmd

        esapi-abrmd

        fapi-abrmd

        ;

    };

  };