diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 5e0c3c369d7..8ce29e52fb2 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -102,6 +102,7 @@
   ./programs/qt5ct.nix
   ./programs/rootston.nix
   ./programs/screen.nix
+  ./programs/sedutil.nix
   ./programs/slock.nix
   ./programs/shadow.nix
   ./programs/shell.nix
diff --git a/nixos/modules/programs/sedutil.nix b/nixos/modules/programs/sedutil.nix
new file mode 100644
index 00000000000..7efc80f4abb
--- /dev/null
+++ b/nixos/modules/programs/sedutil.nix
@@ -0,0 +1,18 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.programs.sedutil;
+
+in {
+  options.programs.sedutil.enable = mkEnableOption "sedutil";
+
+  config = mkIf cfg.enable {
+    boot.kernelParams = [
+      "libata.allow_tpm=1"
+    ];
+
+    environment.systemPackages = with pkgs; [ sedutil ];
+  };
+}
diff --git a/pkgs/tools/security/sedutil/default.nix b/pkgs/tools/security/sedutil/default.nix
new file mode 100644
index 00000000000..343992a6322
--- /dev/null
+++ b/pkgs/tools/security/sedutil/default.nix
@@ -0,0 +1,28 @@
+{ stdenv, fetchFromGitHub, autoreconfHook }:
+
+stdenv.mkDerivation rec {
+  name = "sedutil-${version}";
+  version = "1.15.1";
+
+  src = fetchFromGitHub {
+    owner  = "Drive-Trust-Alliance";
+    repo   = "sedutil";
+    rev    = version;
+    sha256 = "0zg5v27vbrzzl2vqzks91zj48z30qgcshkqkm1g8ycnhi145l0mf";
+  };
+
+  postPatch = ''
+    patchShebangs .
+  '';
+
+  nativeBuildInputs = [ autoreconfHook ];
+
+  enableParallelBuilding = true;
+
+  meta = with stdenv.lib; {
+    description = "DTA sedutil Self encrypting drive software";
+    homepage    = https://www.drivetrust.com;
+    license     = licenses.gpl3;
+    platforms   = platforms.linux;
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 1129a984d27..c4c9f146ca0 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -629,6 +629,8 @@ with pkgs;
 
   ecdsautils = callPackage ../tools/security/ecdsautils { };
 
+  sedutil = callPackage ../tools/security/sedutil { };
+
   elvish = callPackage ../shells/elvish { };
 
   encryptr = callPackage ../tools/security/encryptr {