In our case of a "clean TPM", we won't need any reboots and the only interaction is entering two sets of passwords (can be identical). Before this, we need to use the Terminal and start the Amit Singh's tcsd daemon and load the TPM kernel extension:

As mentioned earlier, the support directory of the TPM Setup contains all the needed scripts, kernel extension and the daemon. Let's start the daemon with the tpmInit script:



The script needs administrative privilleges so the appropriate password needs to be entered. As you can see from the screenshot, kernel extension is successfully loaded and the daemon is started. Do leave this terminal window open and if you want to kill the daemon hit the Ctrl+C key combination.

Now when the daemon is started, we can open the TPM Setup application and take the ownership of the TPM chip. If because of some reason you didn't start the daemon or the start was unsuccessful, the following window will say that you should start the process again. In our case, everything is just fine:



Time to enter the user and SRK passwords:




Final phase: TPM is operational, activated, enabled and owned:



For stopping the daemon just kill the process and for removing the extension and tmp files use the tmpCleanup script:



Conclusion

The whole procedure covered throughout this article is not at all "mainstream", so TPM will currently be of use to an extremely limited number of users. Soon Comet Way will release the mentioned file encryption utility and there is always a need for enhancing the state of security on your Mac.

References

• TPM Setup homepage
• Trusted Computing for Mac OS X
• Trusted Computing Group
• TPM Work Group