diff --git a/nixos/modules/services/desktop-managers/lomiri.nix b/nixos/modules/services/desktop-managers/lomiri.nix
index 0b871aa38183..fba7177307e9 100644
--- a/nixos/modules/services/desktop-managers/lomiri.nix
+++ b/nixos/modules/services/desktop-managers/lomiri.nix
@@ -23,6 +23,7 @@ in {
         lomiri
         lomiri-download-manager
         lomiri-filemanager-app
+        lomiri-polkit-agent
         lomiri-schemas # exposes some required dbus interfaces
         lomiri-session # wrappers to properly launch the session
         lomiri-sounds
@@ -145,6 +146,18 @@ in {
           ExecStart = "${pkgs.lomiri.lomiri-url-dispatcher}/libexec/lomiri-url-dispatcher/lomiri-update-directory /run/current-system/sw/share/lomiri-url-dispatcher/urls/";
         };
       };
+
+      "lomiri-polkit-agent" = rec {
+        description = "Lomiri Polkit agent";
+        wantedBy = [ "lomiri.service" "lomiri-full-greeter.service" "lomiri-full-shell.service" "lomiri-greeter.service" "lomiri-shell.service" ];
+        after = [ "graphical-session.target" ];
+        partOf = wantedBy;
+        serviceConfig = {
+          Type = "simple";
+          Restart = "always";
+          ExecStart = "${pkgs.lomiri.lomiri-polkit-agent}/libexec/lomiri-polkit-agent/policykit-agent";
+        };
+      };
     };
 
     systemd.services = {
diff --git a/nixos/tests/lomiri.nix b/nixos/tests/lomiri.nix
index 35e8dcf52b72..912f4564ef7b 100644
--- a/nixos/tests/lomiri.nix
+++ b/nixos/tests/lomiri.nix
@@ -74,6 +74,24 @@ in {
 
           inherit (alacritty) meta;
         })
+
+        # Polkit requests eventually time out.
+        # Keep triggering them until we signal detection success
+        (writeShellApplication {
+          name = "lpa-check";
+          text = ''
+            while [ ! -f /tmp/lpa-checked ]; do
+              pkexec echo a
+            done
+          '';
+        })
+        # Signal detection success
+        (writeShellApplication {
+          name = "lpa-signal";
+          text = ''
+            touch /tmp/lpa-checked
+          '';
+        })
       ];
     };
 
@@ -201,7 +219,15 @@ in {
         machine.wait_for_text(r"(/build/source|hub.cpp|handler.cpp|void|virtual|const)") # awaiting log messages from content-hub
         machine.send_key("ctrl-c")
 
-        machine.send_key("alt-f4")
+        # Doing this here, since we need an in-session shell & separately starting a terminal again wastes time
+        with subtest("polkit agent works"):
+            machine.send_chars("exec lpa-check\n")
+            machine.wait_for_text(r"(Elevated permissions|Login)")
+            machine.screenshot("polkit_agent")
+            machine.execute("lpa-signal")
+
+        # polkit test will quit terminal when agent request times out after OCR success
+        machine.wait_until_fails("pgrep -u ${user} -f lomiri-terminal-app")
 
     # We want the ability to launch applications
     with subtest("starter menu works"):
diff --git a/pkgs/desktops/lomiri/default.nix b/pkgs/desktops/lomiri/default.nix
index 03d8e9451bbb..a802e931f469 100644
--- a/pkgs/desktops/lomiri/default.nix
+++ b/pkgs/desktops/lomiri/default.nix
@@ -51,6 +51,7 @@ let
     history-service = callPackage ./services/history-service { };
     lomiri-download-manager = callPackage ./services/lomiri-download-manager { };
     lomiri-indicator-network = callPackage ./services/lomiri-indicator-network { };
+    lomiri-polkit-agent = callPackage ./services/lomiri-polkit-agent { };
     lomiri-thumbnailer = callPackage ./services/lomiri-thumbnailer { };
     lomiri-url-dispatcher = callPackage ./services/lomiri-url-dispatcher { };
     mediascanner2 = callPackage ./services/mediascanner2 { };
diff --git a/pkgs/desktops/lomiri/services/lomiri-polkit-agent/default.nix b/pkgs/desktops/lomiri/services/lomiri-polkit-agent/default.nix
new file mode 100644
index 000000000000..710792e3a813
--- /dev/null
+++ b/pkgs/desktops/lomiri/services/lomiri-polkit-agent/default.nix
@@ -0,0 +1,104 @@
+{
+  stdenv,
+  lib,
+  fetchFromGitLab,
+  fetchpatch,
+  gitUpdater,
+  cmake,
+  cmake-extras,
+  dbus,
+  dbus-test-runner,
+  gtest,
+  libnotify,
+  pkg-config,
+  polkit,
+  properties-cpp,
+  python3,
+}:
+
+stdenv.mkDerivation (finalAttrs: {
+  pname = "lomiri-polkit-agent";
+  version = "0.1";
+
+  src = fetchFromGitLab {
+    owner = "ubports";
+    repo = "development/core/lomiri-polkit-agent";
+    rev = finalAttrs.version;
+    hash = "sha256-nA2jkyNQC1YIMpJkfJt2F97txGUT4UO7+aSgzr7IUU0=";
+  };
+
+  patches = [
+    # Remove when https://gitlab.com/ubports/development/core/lomiri-polkit-agent/-/merge_requests/2 merged & in release
+    (fetchpatch {
+      name = "0001-lomiri-polkit-agent-Fix-authentication-test-with-libnotify-gteq-0.8.patch";
+      url = "https://gitlab.com/ubports/development/core/lomiri-polkit-agent/-/commit/415d897735b9005426ec29348a882b9080fcd808.patch";
+      hash = "sha256-fAJJ5Bz4P76arhSmiWVa/8S+mb/NqPr65Nm3MkwKtjA=";
+    })
+
+    # Remove when https://gitlab.com/ubports/development/core/lomiri-polkit-agent/-/merge_requests/9 merged & in release
+    (fetchpatch {
+      name = "0002-lomiri-polkit-agent-Make-tests-optional-and-use-BUILD_TESTING.patch";
+      url = "https://gitlab.com/ubports/development/core/lomiri-polkit-agent/-/commit/908177fa24b79b06161116c3c274357122984d36.patch";
+      hash = "sha256-duHx4iNqgAlS649BO1s6D5E2SX9MPRCKb+mit+2cybM=";
+    })
+
+    # Remove when https://gitlab.com/ubports/development/core/lomiri-polkit-agent/-/merge_requests/10 merged & in release
+    (fetchpatch {
+      name = "0003-lomiri-polkit-agent-Explicitly-look-for-properties-cpp.patch";
+      url = "https://gitlab.com/ubports/development/core/lomiri-polkit-agent/-/commit/08bf36e50025aeefc5ba388d6d0f84d760add9cb.patch";
+      hash = "sha256-OFzj/FFXm1fX6+1GY97CON7Nne9wVPmQAxVFpP9rIpU=";
+    })
+  ];
+
+  postPatch = ''
+    # Partial application of still-under-discussion https://gitlab.com/ubports/development/core/lomiri-polkit-agent/-/merge_requests/8
+    substituteInPlace data/lomiri-polkit-agent.service.in \
+      --replace-fail 'After=lomiri-full-greeter.service lomiri-full-shell.service lomiri-greeter.service lomiri-shell.service' 'After=graphical-session.target' \
+      --replace-fail 'PartOf=' 'PartOf=lomiri.service ' \
+      --replace-fail 'WantedBy=' 'WantedBy=lomiri.service '
+
+    # Workaround to avoid coredump on logout
+    # https://gitlab.com/ubports/development/core/lomiri-polkit-agent/-/issues/1
+    substituteInPlace service/main.cpp \
+      --replace-fail 'retval.set_value(0);' 'try { retval.set_value(0); } catch (const std::future_error& ex) {}'
+  '';
+
+  strictDeps = true;
+
+  nativeBuildInputs = [
+    cmake
+    pkg-config
+  ];
+
+  buildInputs = [
+    cmake-extras
+    libnotify
+    polkit
+    properties-cpp
+  ];
+
+  nativeCheckInputs = [
+    dbus
+    (python3.withPackages (ps: with ps; [ python-dbusmock ]))
+  ];
+
+  checkInputs = [
+    dbus-test-runner
+    gtest
+  ];
+
+  doCheck = stdenv.buildPlatform.canExecute stdenv.hostPlatform;
+
+  # Parallelism breaks dbus during tests
+  enableParallelChecking = false;
+
+  passthru.updateScript = gitUpdater { };
+
+  meta = {
+    description = "Policy kit agent for the Lomiri desktop";
+    homepage = "https://gitlab.com/ubports/development/core/lomiri-polkit-agent";
+    license = lib.licenses.gpl3Only;
+    maintainers = lib.teams.lomiri.members;
+    platforms = lib.platforms.linux;
+  };
+})