orin: enable ftpm/vtpm mux path and fix forwarder build

Wire TPM endorsement defaults for aarch64, enable host TPM mux for Orin system VMs, and turn on DM_CRYPT plus fTPM/vTPM kernel options for Jetson Orin.

Set explicit Go target env in vtpm-abrmd-forwarder packaging so host-architecture builds stay deterministic on supported platforms.

Signed-off-by: vadik likholetov <vadikas@gmail.com>

Author: vadika

modules/hardware/flake-module.nix

@@ -24,6 +24,7 @@
     hardware-aarch64-generic.imports = [
       ./definition.nix
       ./aarch64/systemd-boot-dtb.nix
+      ./common/tpm-endorsement.nix
       ./passthrough
     ];
   };

modules/profiles/orin.nix

@@ -169,6 +169,14 @@ in
           sharedVmDirectory = {
             enable = false;
           };
+          tpmMux = {
+            enable = true;
+            # Keep explicit list to avoid evaluation-order misses in auto-discovery.
+            vms = [
+              "admin-vm"
+              "net-vm"
+            ];
+          };
         };
 
         microvm = {

modules/reference/hardware/jetpack/nvidia-jetson-orin/jetson-orin.nix

@@ -85,6 +85,16 @@ in
             VIRTIO_VSOCKETS_COMMON = yes;
           };
         }
+        {
+          name = "vtpm-proxy-config";
+          patch = null;
+          structuredExtraConfig = with lib.kernel; {
+            EXPERT = yes;
+            DM_CRYPT = module;
+            TCG_FTPM_TEE = module;
+            TCG_VTPM_PROXY = module;
+          };
+        }
       ];
     };
 

packages/pkgs-by-name/vtpm-abrmd-forwarder/package.nix

@@ -30,6 +30,15 @@ stdenv.mkDerivation {
     export GOCACHE="$TMPDIR/go-cache"
     export GO111MODULE=on
     export CGO_ENABLED=1
+    export GOOS=linux
+    export GOARCH=${
+      if stdenv.hostPlatform.isAarch64 then
+        "arm64"
+      else if stdenv.hostPlatform.isx86_64 then
+        "amd64"
+      else
+        throw "unsupported platform for vtpm-abrmd-forwarder"
+    }
     go build -trimpath -o vtpm-abrmd-forwarder \
       ./main.go \
       ./backend_helper.go \