diff --git a/pkgs/tools/security/tpm2-abrmd/default.nix b/pkgs/tools/security/tpm2-abrmd/default.nix
index fbebde2e7bf..76e511662ba 100644
--- a/pkgs/tools/security/tpm2-abrmd/default.nix
+++ b/pkgs/tools/security/tpm2-abrmd/default.nix
@@ -1,16 +1,16 @@
 { stdenv, fetchurl, lib
-, tpm2-tss, pkgconfig, glib, which, dbus, cmocka }:
+, makeWrapper, tpm2-tss, pkgconfig, glib, which, dbus, cmocka }:
 
 stdenv.mkDerivation rec {
   pname = "tpm2-abrmd";
-  version = "2.2.0";
+  version = "2.3.2";
 
   src = fetchurl {
     url = "https://github.com/tpm2-software/${pname}/releases/download/${version}/${pname}-${version}.tar.gz";
-    sha256 = "1lbfhyyh9k54r8s1h8ca2czxv4hg0yq984kdh3vqh3990aca0x9a";
+    sha256 = "040d01pdzkj0nc1c0vsf6gfqf28cgil03ix8dasijvhiha4c20nz";
   };
 
-  nativeBuildInputs = [ pkgconfig ];
+  nativeBuildInputs = [ pkgconfig makeWrapper ];
   buildInputs = [
     tpm2-tss glib which dbus cmocka
   ];
@@ -19,6 +19,14 @@ stdenv.mkDerivation rec {
   #configureFlags = [ "--enable-unit" ];
   doCheck = false;
 
+  # Even though tpm2-tss is in the RUNPATH, starting from 2.3.0 abrmd
+  # seems to require the path to the device TCTI (used for accessing
+  # /dev/tpm0) in it's LD_LIBRARY_PATH
+  postFixup = ''
+    wrapProgram $out/bin/tpm2-abrmd \
+      --suffix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ tpm2-tss ]}"
+  '';
+
   meta = with lib; {
     description = "TPM2 resource manager, accessible via D-Bus";
     homepage = "https://github.com/tpm2-software/tpm2-tools";