diff --git a/security/default.nix b/security/default.nix
index ce5606c..0f7843b 100644
--- a/security/default.nix
+++ b/security/default.nix
@@ -2,6 +2,7 @@
 {
   imports = [
     ./hardening.nix
+    ./tpm.nix
     ./encryption.nix
   ];
 }
diff --git a/security/tpm.nix b/security/tpm.nix
new file mode 100644
index 0000000..5cabf34
--- /dev/null
+++ b/security/tpm.nix
@@ -0,0 +1,25 @@
+{config, pkgs, lib, ...}:
+with lib;
+let
+  cfg = config.aviallon.security.tpm;
+in {
+  options.aviallon.security.tpm = {
+    enable = (mkEnableOption "TPM") // { default = true; };
+    tpm1_2.enable = mkEnableOption "TPM 1.2 support";
+  };
+  config = mkIf cfg.enable {
+    security.tpm2 = {
+      enable = true;
+      tctiEnvironment.enable = true;
+      pkcs11.enable = true;
+    };    
+
+    environment.systemPackages = [
+      pkgs.tpm2-tools
+    ] ++ optional cfg.tpm1_2.enable pkgs.tpm-tools;
+
+    services.tcsd = mkIf cfg.tpm1_2.enable {
+      enable = true;
+    };
+  };
+}