diff --git a/platform/debian/systemd/kanidm-unixd.service b/platform/debian/systemd/kanidm-unixd.service
index 19d3d469f..3572553eb 100644
--- a/platform/debian/systemd/kanidm-unixd.service
+++ b/platform/debian/systemd/kanidm-unixd.service
@@ -35,6 +35,8 @@ NoNewPrivileges=true
 PrivateTmp=true
 # We have to disable this to allow tpmrm0 access for tpm binding.
 PrivateDevices=false
+# Older versions of systemd require this to be explicitly allowed.
+DeviceAllow=/dev/tpmrm0 rw
 ProtectHostname=true
 ProtectClock=true
 ProtectKernelTunables=true
diff --git a/platform/opensuse/kanidm-unixd.service b/platform/opensuse/kanidm-unixd.service
index 32c2fbd7a..317a26255 100644
--- a/platform/opensuse/kanidm-unixd.service
+++ b/platform/opensuse/kanidm-unixd.service
@@ -35,6 +35,9 @@ NoNewPrivileges=true
 PrivateTmp=true
 # We have to disable this to allow tpmrm0 access for tpm binding.
 PrivateDevices=false
+# Older versions of systemd require this to be explicitly allowed.
+DeviceAllow=/dev/tpmrm0 rw
+
 ProtectHostname=true
 ProtectClock=true
 ProtectKernelTunables=true