diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix
index e0a4128b0cdc..81e6818b3ccc 100644
--- a/pkgs/os-specific/linux/systemd/default.nix
+++ b/pkgs/os-specific/linux/systemd/default.nix
@@ -251,6 +251,7 @@ stdenv.mkDerivation {
           { name = "libtss2-esys.so.0"; pkg = opt withTpm2Tss tpm2-tss; }
           { name = "libtss2-rc.so.0"; pkg = opt withTpm2Tss tpm2-tss; }
           { name = "libtss2-mu.so.0"; pkg = opt withTpm2Tss tpm2-tss; }
+          { name = "libtss2-tcti-"; pkg = opt withTpm2Tss tpm2-tss; }
           { name = "libfido2.so.1"; pkg = opt withFido2 libfido2; }
         ];
 
@@ -267,8 +268,12 @@ stdenv.mkDerivation {
         '' else ''
           # ensure that the library we provide actually exists
           if ! [ -e ${library} ]; then
-            echo 'The shared library `${library}` does not exist but was given as subtitute for `${dl.name}`'
-            exit 1
+            # exceptional case, details:
+            # https://github.com/systemd/systemd-stable/blob/v249-stable/src/shared/tpm2-util.c#L157
+            if ! [[ "${library}" =~ .*libtss2-tcti-$ ]]; then
+              echo 'The shared library `${library}` does not exist but was given as subtitute for `${dl.name}`'
+              exit 1
+            fi
           fi
           # make the path to the dependency explicit
           for file in $(grep -lr '"${dl.name}"' src); do
@@ -353,6 +358,7 @@ stdenv.mkDerivation {
     ++ lib.optionals withHomed [ p11-kit ]
     ++ lib.optionals (withHomed || withCryptsetup) [ libfido2 ]
     ++ lib.optionals withLibBPF [ libbpf ]
+    ++ lib.optional withTpm2Tss tpm2-tss
   ;
 
   #dontAddPrefix = true;
@@ -452,7 +458,7 @@ stdenv.mkDerivation {
     "-Dnss-systemd=false"
   ] ++ lib.optionals withLibBPF [
     "-Dbpf-framework=true"
-  ];
+  ] ++ lib.optional withTpm2Tss "-Dtpm2=true";
 
   preConfigure = ''
     mesonFlagsArray+=(-Dntp-servers="0.nixos.pool.ntp.org 1.nixos.pool.ntp.org 2.nixos.pool.ntp.org 3.nixos.pool.ntp.org")