diff --git a/ascanius/hardware-configuration.nix b/ascanius/hardware-configuration.nix
index aebe3d0..ae6500d 100644
--- a/ascanius/hardware-configuration.nix
+++ b/ascanius/hardware-configuration.nix
@@ -13,6 +13,10 @@
     loader.grub = {
       enable = true;
       device = "/dev/sda";
+      trustedBoot = {
+        enable = true;
+        systemHasTPM = "YES_TPM_is_activated";
+      };
     };
     kernelPackages = pkgs.linuxPackages_latest;
     kernelModules = ["nvidiabl" "kvm-intel"];
@@ -63,4 +67,5 @@
   nix.maxJobs = 8;
 
   services.tcsd.enable = true; # it has a TPM. maybe use this?
+  environment.systemPackages = with pkgs; [tpm-tools];
 }