Edison 2. Howto Initialize TPM on Intel Edison with Arduino Breakout Board - SecurityPlatformCoKr/meta-sp GitHub Wiki

TPM Initialization follows next steps:

  1. set Edison boot target as runlevel1
  2. clear TPM & reboot
  3. set TPM active & reboot
  4. take ownership of TPM & set boot target back to multi-user

These operations must be handled via USB connection.

set Edison boot target as runlevel1

# fw_setenv bootargs_target runlevel1
# reboot

clear TPM & reboot

Welcome to rescue mode! Type "systemctl default" or ^D to enter default mode.
Type "journalctl -xb" to view system logs. Type "systemctl reboot" to reboot.
System Maintenance Mode
# systemctl start ii2c
# systemctl start eni2ctpm
# systemctl start trousers
# tpm_clear -f
TPM Successfuly Cleared.  You need to reboot to complete this operation. After 
reboot the TPM will be in the default state: unowned, disabled and inactive.
# reboot

set TPM active & reboot

systemctl start ii2c and systemctl start eni2ctpm are just getting ready for trousers service. ii2c sets GPIO of Edison as i2c-ready. eni2ctpm makes TPM recognized at the given address. After the services done, the Edison system gets ready for TrouSerS service.

Welcome to rescue mode! Type "systemctl default" or ^D to enter default mode.
Type "journalctl -xb" to view system logs. Type "systemctl reboot" to reboot.
System Maintenance Mode
# systemctl start ii2c
# systemctl start eni2ctpm
# systemctl start trousers
# tpm_setpresence -a
# tpm_setenable -ef
# tpm_setactive -a
Action requires a reboot to take effect
# reboot

take ownership of TPM & set boot target back to multi-user

Welcome to rescue mode! Type "systemctl default" or ^D to enter default mode.
Type "journalctl -xb" to view system logs. Type "systemctl reboot" to reboot.
System Maintenance Mode
# systemctl start ii2c
# systemctl start eni2ctpm
# systemctl start trousers
# tpm_takeownership -yz
# fw_setenv bootargs_target multi-user
# reboot

Now, you can use the TPM and it is initialized with well-known password(20 bytes of blank characters). You can change the passwor for TPM with tpm_changeownerauth command.