TBF it doesn't. From the 10,000 metre perspective the TPM chip provides a set of one-way alterable registers. The BIOS sets these registers to one value on boot and the Ring 0 kernel sets them once more. The 'setting operation' is a hash with the previous values done in such a way so as to ensure that a particular value must have come from a particular BIOS/kernel combination. The kernel can, of course, refuse to run if it was launched from the wrong BIOS and applications can refuse to run if they are on the wrong kernel.
Getting OS X's kernel to boot would be fairly straight-forward. Either a) modify the BIOS so it sets the registers correctly or b) modify the kernel. Option b) is probably easiest in this case because the OS X kernel can
be replaced with your own compiled Darwin kernel.
What would be a problem is if, for example, the Window Server refused to run on anything other than the OS X kernel. This would be somewhat troublesome since each OS X update that updated the kernel would also now have to update this server. All in all I find it unlikely that Apple would go down that route.
Finally we come to applications like iTunes. What Apple could
do is ensure that the audio driver is the OS X supplied one and not one that could, for example, allow one to rip the audio stream directly. This is a bit pointless however as there are solutions to avoid music copying less tied into the hardware.
In reality what is likely to happen is that Apple will build into, e.g. iTunes the ability to provided DRM'd music which can only
be unlocked on your particular machine (although I home there would be a mechanism to deal with upgrades).
In conclusion adding TPM support to an OS still makes it non-trivial to cryptographically restrict which machines it can run on unless you want to lock down all kernel code so it never changes (something which could be possible on Windows machines since the kernel there is rarely modified).
 Along with some crypto, signing, and protected memory areas.
 On the x86 architecture there are several 'rings' which give progressively more access to the bare metal. Kernels usually run in ring 0 which give them complete access to memory, etc. User-space apps (like web-browsers) run in higher rings which implement memory protection, etc so your browser can't scribble all over your word-processors memory.