Configures availability and behavior of TPM firmware update functionality.
Individual settings can be specified in JSON properties:
allow-user-initiated-powerwash: If set to true, users will be able to trigger the powerwash flow to install a TPM firmware update.
allow-user-initiated-preserve-device-state: If set to true, users will be able to invoke the TPM firmware update flow that preserves device-wide state (including enterprise enrollment), but loses user data. This update flow is available starting from version 68.
auto-update-mode: Controls how automatic TPM firmware updates are enforced for vulnerable TPM firmware. All flows preserve local device state.
If set to 1 or left not set, TPM firmware updates are not enforced.
If set to 2, TPM firmware will be updated at the next reboot after user acknowledges the update.
If set to 3, TPM firmware will be updated at the next reboot.
If set to 4, TPM firmware will be updated after enrollment, before user sign-in.
This option is available starting from version 75.
If the policy is not set, TPM firmware update functionality will not be available.
See https://cloud.google.com/docs/chrome-enterprise/policies/?policy=TPMFirmwareUpdateSettings for more information about schema and formatting.
Example value:
{
"allow-user-initiated-powerwash": true,
"auto-update-mode": 1,
"allow-user-initiated-preserve-device-state": true
}
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Google\ChromeOS |
Value Name | TPMFirmwareUpdateSettings |
Value Type | REG_SZ |
Default Value |
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Google\ChromeOS |
Value Name | TPMFirmwareUpdateSettings |
Value Type | REG_MULTI_SZ |
Default Value |