diff --git a/common/tpm.nix b/common/tpm.nix
new file mode 100644
index 0000000..f13c9d4
--- /dev/null
+++ b/common/tpm.nix
@@ -0,0 +1,6 @@
+{ ... }: {
+  security.tpm2.enable = true;
+  security.tpm2.pkcs11.enable = true;
+  security.tpm2.tctiEnvironment.enable = true;
+  users.users.ash.extraGroups = [ "tss" ];
+}
diff --git a/hosts/alex/configuration.nix b/hosts/alex/configuration.nix
index d6db335..e65c5be 100644
--- a/hosts/alex/configuration.nix
+++ b/hosts/alex/configuration.nix
@@ -3,6 +3,7 @@
     ../../common/generic.nix
     ../../common/generic-desktop.nix
     ../../common/generic-uefi.nix
+    ../../common/tpm.nix
     ./hardware-config.nix
   ];