Issue 907455 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 889893
Owner:	rsorokin@chromium.org
Closed:	Nov 23
Cc:	ljusten@chromium.org sinhak@chromium.org emaxx@chromium.org
Components:	Enterprise>Enrollment
EstimatedDays:	----
NextAction:	----
OS:	Chrome
Pri:	3
Type:	Bug

Enrolling into Active Directory disables dev mode at the firmware level

Project Member Reported by sinhak@chromium.org, Nov 21

Issue description

Chrome Version: >=71 (tried on test images only)
OS: Chrome OS

What steps will reproduce the problem?
(1) Enable dev mode on a fresh device
(2) Enroll it into an Active Directory domain
(3) Reboot

What is the expected result?
Device should reboot.

What happens instead?
Device is taken to the TONORM screen and has to be reset. Context: https://www.chromium.org/chromium-os/fwmp

Initial investigation:
The FWMP_DEV_DISABLE_BOOT flag is forcibly set, even when disallowed by AD policy (i.e. dev mode is allowed by AD policy).

Comment 1 by emaxx@chromium.org, Nov 21

Besides looking through the code, it may help to add debug logging into GetBlockdevmodeFromPolicy() (in enrollment_handler_chromeos.cc) to see what value of the "block_devmode" policy it sees.

Comment 2 by rsorokin@chromium.org, Nov 22

Cc: -rsorokin@chromium.org sinhak@chromium.org
Owner: rsorokin@chromium.org

Comment 3 by rsorokin@chromium.org, Nov 23

Mergedinto: 889893
Status: Duplicate (was: Started)

►

Issue 907455 link

Issue metadata

Enrolling into Active Directory disables dev mode at the firmware level

Issue description

Comment 1 by emaxx@chromium.org, Nov 21

Comment 1 Deleted

Comment 2 by rsorokin@chromium.org, Nov 22

Comment 2 Deleted

Comment 3 by rsorokin@chromium.org, Nov 23

Comment 3 Deleted

Sign in to add a comment