diff --git a/platform/debian/systemd/kanidm-unixd.service b/platform/debian/systemd/kanidm-unixd.service
index 0004e0015..1005778c3 100644
--- a/platform/debian/systemd/kanidm-unixd.service
+++ b/platform/debian/systemd/kanidm-unixd.service
@@ -32,6 +32,8 @@ NoNewPrivileges=true
 PrivateTmp=true
 # We have to disable this to allow tpmrm0 access for tpm binding.
 PrivateDevices=false
+# Older versions of systemd require this to be explicitly allowed.
+DeviceAllow=/dev/tpmrm0 rw
 ProtectHostname=true
 ProtectClock=true
 ProtectKernelTunables=true
diff --git a/platform/opensuse/kanidm-unixd.service b/platform/opensuse/kanidm-unixd.service
index de3aa7f17..d316b5ec4 100644
--- a/platform/opensuse/kanidm-unixd.service
+++ b/platform/opensuse/kanidm-unixd.service
@@ -32,6 +32,9 @@ NoNewPrivileges=true
 PrivateTmp=true
 # We have to disable this to allow tpmrm0 access for tpm binding.
 PrivateDevices=false
+# Older versions of systemd require this to be explicitly allowed.
+DeviceAllow=/dev/tpmrm0 rw
+
 ProtectHostname=true
 ProtectClock=true
 ProtectKernelTunables=true
diff --git a/unix_integration/src/unix_config.rs b/unix_integration/src/unix_config.rs
index f3dbb1499..00fd9c369 100644
--- a/unix_integration/src/unix_config.rs
+++ b/unix_integration/src/unix_config.rs
@@ -78,9 +78,8 @@ impl Display for UidAttr {
 
 #[derive(Debug, Clone, Default)]
 pub enum HsmType {
-    #[cfg_attr(not(feature = "tpm"), default)]
+    #[default]
     Soft,
-    #[cfg_attr(feature = "tpm", default)]
     Tpm,
 }