New issue
Advanced search Search tips

Issue 792023 link

Starred by 1 user
Status: Fixed
Owner:
mnissler@chromium.org
Closed: Jan 2018
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug



Sign in to add a comment

TPM firmware update flow via chrome://chrome doesn't work for enrolled devices

Project Member Reported by mnissler@chromium.org, Dec 5 2017 
Repro steps:

1. enroll device, enable the allow_user_initiated_powerwash setting in device policy
2. sign in, go to chrome://chrome on non-updated device (or fake via putting /run/tpm_firmware_update_available in place)
3. Click the line item, confirm restart

Observe that nothing happens.

The reason is that BrowserLifetimeHandler::HandleFactoryReset is missing a check for the case when TPM firmware updating is allowed per policy. I swear I had added this code at some point, but it somehow got lost...

I'll send a fix.
Project Member

Comment 1 by bugdroid1@chromium.org, Dec 8 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ac57fe328ab67b3dd8e1e17fdacace0a4b5ba628

commit ac57fe328ab67b3dd8e1e17fdacace0a4b5ba628
Author: Mattias Nissler <mnissler@chromium.org>
Date: Fri Dec 08 11:20:17 2017

Handle TPM firmware update request in HandleFactoryReset()

Adjust the logic to decide whether a factory reset is allowed when
requesting a TPM firmware update via chrome://chrome. Factory resets
are not allowed on enrolled devices in general, but we should allow
them if a TPM firmware update is requested and the administrative
policy to allow users to update TPM firmware via factory reset is
present.

BUG= chromium:792023 
TEST=Trigger TPM firmware update via chrome://chrome on enrolled device.

Change-Id: Ifcb854195637284b1f9eed247382daa5ffa3ac0b
Reviewed-on: https://chromium-review.googlesource.com/812225
Reviewed-by: Steven Bennetts <stevenjb@chromium.org>
Commit-Queue: Mattias Nissler <mnissler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#522760}
[modify] https://crrev.com/ac57fe328ab67b3dd8e1e17fdacace0a4b5ba628/chrome/browser/ui/webui/settings/browser_lifetime_handler.cc

Comment 2 by mnissler@chromium.org, Jan 31 2018

Status: Fixed (was: Started)

Comment 3 by dnschn...@chromium.org, Feb 26 2018 

Can this be merged?  I'm unable to get a new cert because I need to update TPM firmware first.  I can't update my TPM firmware because I'm on 63 and the powerwash flow doesn't work.

Sign in to add a comment