diff --git a/flake.nix b/flake.nix
index da479d0..803e683 100644
--- a/flake.nix
+++ b/flake.nix
@@ -69,6 +69,7 @@
             ./nixos/sudo.nix
             ./nixos/symlinks.nix
             ./nixos/tailscale.nix
+            ./nixos/tpm.nix
 
             {
               # enable bluetooth
@@ -97,6 +98,7 @@
                 users.${user} = {
                   imports = [
                     ./home-manager/plasma.nix
+                    ./home-manager/tpm.nix
                     ./home-manager/user.nix
                     ./home-manager/vscode.nix
                     {
diff --git a/home-manager/tpm.nix b/home-manager/tpm.nix
new file mode 100644
index 0000000..2b0ecdf
--- /dev/null
+++ b/home-manager/tpm.nix
@@ -0,0 +1,5 @@
+{
+  programs.ssh.extraConfig = ''
+    PKCS11Provider = /run/current-system/sw/lib/libtpm2_pkcs11.so
+  '';
+}
diff --git a/nixos/tpm.nix b/nixos/tpm.nix
new file mode 100644
index 0000000..b367068
--- /dev/null
+++ b/nixos/tpm.nix
@@ -0,0 +1,9 @@
+{ user, ... }:
+{
+  security.tpm2 = {
+    enable = true;
+    pkcs11.enable = true;
+    tctiEnvironment.enable = true;
+  };
+  users.users.${user}.extraGroups = [ "tss" ];
+}