Last Update: 7/29/06
:== Purpose ==:
This is a "distro" of Ubuntu that will run on a MacBook Pro (and probably any Intel-based Mac) with TPM support. This distro also has the TPM drivers trousers and libtpm installed so you can easily access the TPM.
It should be noted that this is not a distro in the real sense of the word. It is based on the Ubuntu live CD from Mactel-Linux.org with a custom built kernel, fully updated packages, and the TPM stuff applied. However, I have yet to be able to make a successful live CD that boots on the Intel Macs, so right now this is basically a tar'd up filesystem that can be dropped direclty onto an external USB drive. I wanted to get something released by Blackhat 2006 so this is what you get. :)
:== Files ==:
The current distro is TSG-tpm-distro-v0.1.tar.bz2 (681MB).
The tarball is approximately 1.7GB once you put it in place (much of that is /usr/src/linux-2.6.16.1 already expanded). You'll also need Linux-efi.tar.gz to boot properly from your existing OS X partition without having to muck up your disk setup.
:== Install and Usage ==:
So this is pretty low tech. First, you need to get yourself a partition to put this on. Frankly, the thought of backing up all my data, repartitioning the drive inside my MacBook, and farting around with dual booting off that disk gives me the heebie jeebies. So, do yourself a favor, go to CompUSA and buy yourself an external USB drive. I'm using a Seagate 40GB (after failure of two cheaper vendor's drives) and it's slick.
Next, you need to partition the drive. If you have a linux box handy, I recommend using parted because it is crazy easy. If not, find your local partition editor of choice and see if you can follow along. The biggest problem is you'll need to be able to make a GPT-labled disk. Honestly, even the default fdisk doesn't understand GPT, so you're going to pretty much be stuck with parted. If you don't have a Linux box handy, download the Ubuntu live CD from mactel-linux.org, burn and boot it and run parted from there.
In parted, do a "mklabel" and make the type "gpt" (obviously, ignore my quotes here). Then set up a linux-swap and ext2 filesystem ("mkpart" and "mkpartfs" respectively). Once that's done, mount the ext2 filesystem on your system and copy the TSG-tpm-distro tarbll to it. Expand the tarball in the root of that filesystem. *poof* you've got a distro on an external drive.
Two bits of housekeeping next... you need to "mkswap <dev>" for whatever filesystem you designated as a linux swap filesystem. Also, you need to edit <mount point>/etc/fstab to reflect your mount points. Now, shutdown linux and get yourself into OS X on your MacBook
Last step. Download rEFIt, a boot menu for EFI-based systems like the new Intel Macs. Install it per the instructions that come with rEFIt. Then move the Linux-efi.tar.gz file to /efi and untar it. This creates a directory with the boot configuration information and the kernel for booting. Edit /efi/Linux/elilo.conf to match the partition you installed the distro into. You should be good to go. Now, reboot, select the little penguin, and you're off and running.
To use the TPM in your MBP, you can use either libtpm or tcsd. tcsd basically grabs the TPM by the face and only allow communication through itself from userland tools. A few things you _may_ have to do to make things work properly. First, do a "modprobe tpm_infineon" to get the kernel module loaded if it's not loaded automatically. Next, make sure /dev/tpm exists. If it does not, do a "ln -s /dev/tpm0 /dev/tpm". Next, if all the tools fail (ie: if you do a "tcsd -f" and it exits), then your TPM is not started.
When a TPM is brought online, two things must happen. First there is a TPM_init() which is platform specific and performed by the driver when it comes online. The thing that the TPM LKM doesn't seem to do is the next step, TPM_Startup. I wrote a little program that will start the TPM, and it's located in /root/libtpm-2.0c/utils/tpmstartup. Run that, and then the rest of your TPM programs should work just fine.
:== Contact ==:
If you have any questions, problems, or gripes, feel free to contact me at gdead@shmoo.com