caption: Configure <ph name="TPM_FIRMWARE_UPDATE_TPM">TPM</ph> firmware update behavior
desc: |-
Setting the policy configures availability and behavior of <ph name="TPM_FIRMWARE_UPDATE_TPM">TPM</ph> firmware updates.
Specify individual settings in JSON properties:
* <ph name="TPM_FIRMWARE_UPDATE_SETTINGS_ALLOW_USER_INITIATED_POWERWASH">allow-user-initiated-powerwash</ph>: If set to <ph name="TPM_FIRMWARE_UPDATE_SETTINGS_ALLOW_USER_INITIATED_POWERWASH_TRUE">true</ph>, users can trigger the powerwash flow to install a <ph name="TPM_FIRMWARE_UPDATE_TPM">TPM</ph> firmware update.
* <ph name="TPM_FIRMWARE_UPDATE_SETTINGS_ALLOW_USER_INITIATED_PRESERVE_DEVICE_STATE">allow-user-initiated-preserve-device-state</ph> (available starting in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> version 68): If set to <ph name="TPM_FIRMWARE_UPDATE_SETTINGS_ALLOW_USER_INITIATED_PRESERVE_DEVICE_STATE_TRUE">true</ph>, users can invoke the <ph name="TPM_FIRMWARE_UPDATE_TPM">TPM</ph> firmware update flow that preserves device-wide state, including enterprise enrollment, but loses user data.
* <ph name="TPM_FIRMWARE_UPDATE_SETTINGS_AUTO_UPDATE_MODE">auto-update-mode</ph> (available starting in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> version 75): Controls how automatic <ph name="TPM_FIRMWARE_UPDATE_TPM">TPM</ph> firmware updates are enforced for vulnerable <ph name="TPM_FIRMWARE_UPDATE_TPM">TPM</ph> firmware. All flows preserve local device state. If set to:
* 1 or left not set, <ph name="TPM_FIRMWARE_UPDATE_TPM">TPM</ph> firmware updates are not enforced.
* 2, <ph name="TPM_FIRMWARE_UPDATE_TPM">TPM</ph> firmware updates at the next reboot after user acknowledges the update.
* 3, <ph name="TPM_FIRMWARE_UPDATE_TPM">TPM</ph> firmware updates at the next reboot.
* 4, <ph name="TPM_FIRMWARE_UPDATE_TPM">TPM</ph> firmware updates after enrollment, before user sign-in.
Leaving the policy unset renders <ph name="TPM_FIRMWARE_UPDATE_TPM">TPM</ph> firmware update unavailable.
device_only: true
example_value:
allow-user-initiated-powerwash: true
allow-user-initiated-preserve-device-state: true
auto-update-mode: 1
features:
dynamic_refresh: true
per_profile: false
owners:
- file://components/policy/OWNERS
schema:
properties:
allow-user-initiated-powerwash:
type: boolean
allow-user-initiated-preserve-device-state:
type: boolean
auto-update-mode:
enum:
- 1
- 2
- 3
- 4
type: integer
type: object
supported_on:
- chrome_os:63-
tags: []
type: dict
generate_device_proto: False
Codebase Browser
chromium