Setting the policy configures availability and behavior of TPM firmware updates.
Specify individual settings in JSON properties:
* allow-user-initiated-powerwash: If set to true, users can trigger the powerwash flow to install a TPM firmware update.
* allow-user-initiated-preserve-device-state (available starting in Google Chrome version 68): If set to true, users can invoke the TPM firmware update flow that preserves device-wide state, including enterprise enrollment, but loses user data.
* auto-update-mode (available starting in Google Chrome version 75): Controls how automatic TPM firmware updates are enforced for vulnerable TPM firmware. All flows preserve local device state. If set to:
* 1 or left not set, TPM firmware updates are not enforced.
* 2, TPM firmware updates at the next reboot after user acknowledges the update.
* 3, TPM firmware updates at the next reboot.
* 4, TPM firmware updates after enrollment, before user sign-in.
Leaving the policy unset renders TPM firmware update unavailable.
See https://cloud.google.com/docs/chrome-enterprise/policies/?policy=TPMFirmwareUpdateSettings for more information about schema and formatting.
Example value:
{
"allow-user-initiated-powerwash": true,
"allow-user-initiated-preserve-device-state": true,
"auto-update-mode": 1
}
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Google\ChromeOS |
Value Name | TPMFirmwareUpdateSettings |
Value Type | REG_SZ |
Default Value |
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Google\ChromeOS |
Value Name | TPMFirmwareUpdateSettings |
Value Type | REG_MULTI_SZ |
Default Value |