diff --git a/security/tpm2-abrmd/Makefile b/security/tpm2-abrmd/Makefile
--- a/security/tpm2-abrmd/Makefile
+++ b/security/tpm2-abrmd/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	tpm2-abrmd
 DISTVERSION=	2.4.1
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security
 MASTER_SITES=	https://github.com/tpm2-software/tpm2-abrmd/releases/download/${DISTVERSION}/
 
diff --git a/security/tpm2-abrmd/files/tpm2-abrmd-devd.conf b/security/tpm2-abrmd/files/tpm2-abrmd-devd.conf
--- a/security/tpm2-abrmd/files/tpm2-abrmd-devd.conf
+++ b/security/tpm2-abrmd/files/tpm2-abrmd-devd.conf
@@ -1,6 +1,9 @@
 # Allow members of _tss group to access tpm device
 
 notify 100 {
-	device-name	"tpm0";
-	action		"chgrp _tss /dev/$cdev; chmod g+rw /dev/$cdev";
+ match "system" "DEVFS";
+ match "subsystem" "CDEV";
+ match "type" "CREATE";
+ match "cdev" "tpm0";
+ action "/usr/sbin/chown root:_tss /dev/$cdev; /bin/chmod 660 /dev/$cdev";
 };
diff --git a/security/tpm2-abrmd/files/tpm2-abrmd.in b/security/tpm2-abrmd/files/tpm2-abrmd.in
--- a/security/tpm2-abrmd/files/tpm2-abrmd.in
+++ b/security/tpm2-abrmd/files/tpm2-abrmd.in
@@ -41,6 +41,11 @@
     touch $logfile
     chmod 640 $logfile
     chown -R ${tpm2_abrmd_user}:${tpm2_abrmd_group} ${logfile}
+    
+    if ! kldstat -d -q -n tpm.ko; then
+        kldload tpm
+    fi
+    
     /usr/sbin/daemon -P ${pidfile} -u ${tpm2_abrmd_user} ${command} >>${logfile} 2>&1
 
     if is_process_running; then