diff --git a/pkgs/tools/security/tpm-luks/default.nix b/pkgs/tools/security/tpm-luks/default.nix
new file mode 100644
index 000000000000..eda86a4a97ff
--- /dev/null
+++ b/pkgs/tools/security/tpm-luks/default.nix
@@ -0,0 +1,29 @@
+{ stdenv, fetchgit, autoreconfHook, gawk, trousers, cryptsetup, openssl }:
+
+stdenv.mkDerivation rec {
+  name = "tpm-luks-${version}";
+  version = "0.9pre";
+
+  src = fetchgit {
+    url = "https://github.com/shpedoikal/tpm-luks/";
+    rev = "3fa3ea4bbd34b5b02e9271e775a338fa49dc834f";
+    sha256 = "37a56f05ad492d3128b07b3cb9dbf85ba8a0dd791329323fb398eb1026dfc89c";
+  };
+
+  buildInputs = [ autoreconfHook gawk trousers cryptsetup openssl ];
+
+  installPhase = ''
+    mkdir -p $out
+    make install DESTDIR=$out
+    mv $out/$out/sbin $out/bin
+    rm -r $out/nix
+    '';
+
+  meta = with stdenv.lib; {
+    description = "LUKS key storage in TPM NVRAM";
+    homepage    = https://github.com/shpedoikal/tpm-luks/;
+    maintainers = [ maintainers.tstrobel ];
+    platforms   = platforms.linux;
+  };
+}
+
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index e90ff4984b85..44e5f6cdb745 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -3103,6 +3103,8 @@ let
 
   tpm-tools = callPackage ../tools/security/tpm-tools { };
 
+  tpm-luks = callPackage ../tools/security/tpm-luks { };
+
   chaps = callPackage ../tools/security/chaps { };
 
   trace-cmd = callPackage ../os-specific/linux/trace-cmd { };