Instructions for using TPM Setup

You'll be running an application called TPM Setup.app. Using this software requires that you first run a TPM driver and a daemon (OSXBookTPM.kext and tcsd, both provided by Amit Singh, see: Trusted Computing for Mac OS X).

Many users have never touched their TPM and their TPM will be Enabled and Activated: these users will only need to enter a master password for the TPM itself and a password for the Storage Root Key (SRK).

TPM Setup can also reset a TPM by clearing it, enabling and activating it, and allowing the user to take ownership of the TPM by setting passwords for the TPM and the (SRK). In this case two reboots will be required, once after clearing the TPM, and once again after enabling and activating it.

Instructions

Once you've downloaded the disk image, save it to your Mac drive, then open it.

On the desktop you'll now have a new volume called 'TPMSetup'. This directory also exists on your filesystem at this path: '/Volumes/TPMSetup'. This volume has three items: the app TPM Setup.app, a README.txt file, and a directory called support containing a kernel extension OSXBookTPM.kext and scripts for loading the kernel extension and running the tcsd daemon.

Open Terminal.app (using the Finder, it should be here: 'Applications -> Utilities -> Terminal.app').

Type these commands in the terminal. After running the command tpmInit you'll get a password prompt, type in your login password (you must be an administrator on your system):

$ cd /Volumes/TPMSetup/support $ ./tpmInit Password: xxxxxxx kextload: extension /Users/joe/tpmTest/OSXBookTPM.kext appears to be valid kextload: loading extension /Users/joe/tpmTest/OSXBookTPM.kext kextload: /Users/joe/tpmTest/OSXBookTPM.kext loaded successfully kextload: loading personalities named: kextload: Infineon SLB 9635 TT 1.2 kextload: sending 1 personality to the kernel kextload: matching started for /Users/joe/tpmTest/OSXBookTPM.kext TCSD tcsd_conf.c:547 Config file /usr/local/etc/tcsd.conf not found. TCSD tcsd_conf.c:548 Using default configuration settings. TCSD tcsd_conf.c:649 resetting mode of /usr/local/var/lib/tpm to: 01777 trousers 0.2.8 (with TPM 1.2 DUAL patch by IAIK) Mac OS X support by http://osxbook.com *** ATTENTION *** Experimental software (allows physical presence assertion in all runlevels!) TCSD up and running

(tpmInit will create a directory: ~/tpmTest. This can be removed at any time, and will be removed when using the tpmCleanup script: see below)

Go back to the TPMSetup volume. You'll find an app called TPM Setup.app. Double-click to open the app, and follow the instructions presented there.

TPM Setup will determine the state of your TPM and continue at the appropriate stage in the setup sequence. For most users, this will mean simply entering two passwords.

Should you choose to do a full clear and reset of the TPM this will require two reboots. After each reboot, you'll need to open the TPMSetup disk image, run tpmInit as above, and then launch TPM Setup.app.

Once you're finished using TPM Setup you may want to go back to your Terminal window and Ctrl-C to kill tpmInit and then use tpmCleanup to unload the kernel extension and remove the tpmTest directory:

TCSD up and running ^CTCSD svrside.c:61 Caught SIGINT. Cleaning up and exiting. $ tpmCleanup Password: xxxxxxx kextunload: unload kext /Users/joe/tpmTest/OSXBookTPM.kext succeeded $

Note: if you run tpmInit twice without running tpmCleanup between, tpmInit will throw a few error message, as below. These can be safely ignored.

$ cd /Volumes/TPMSetup/support $ ./tpmInit mkdir: /Users/joe/tpmTest: File exists cp: /Users/joe/tpmTest/OSXBookTPM.kext/Contents/MacOS/OSXBookTPM: Permission denied cp: /Users/joe/tpmTest/OSXBookTPM.kext/Contents/Resources/English.lproj/InfoPlist.strings: Permission denied cp: /Users/joe/tpmTest/OSXBookTPM.kext/Contents/Info.plist: Permission denied Password: xxxxxxx kextload: extension /Users/joe/tpmTest/OSXBookTPM.kext appears to be valid kextload: loading extension /Users/joe/tpmTest/OSXBookTPM.kext kextload: /Users/joe/tpmTest/OSXBookTPM.kext loaded successfully kextload: loading personalities named: kextload: Infineon SLB 9635 TT 1.2 kextload: sending 1 personality to the kernel kextload: matching started for /Users/joe/tpmTest/OSXBookTPM.kext TCSD tcsd_conf.c:547 Config file /usr/local/etc/tcsd.conf not found. TCSD tcsd_conf.c:548 Using default configuration settings. TCSD tcsd_conf.c:649 resetting mode of /usr/local/var/lib/tpm to: 01777 trousers 0.2.8 (with TPM 1.2 DUAL patch by IAIK) Mac OS X support by http://osxbook.com *** ATTENTION *** Experimental software (allows physical presence assertion in all runlevels!) TCSD up and running