A powerwash on a Chromebook is intended to restore a device to original factory settings. User accounts, device configuration, locally stored user and enterprise owned content on Chromebook devices are encrypted at rest with a two-tier encryption scheme where the primary never leaves the Titan™ C security chip. Powerwash performs a cryptographic erase of data by clearing all the cryptographic keys, a data purge mechanism commonly used in government and large enterprise environments.
However, it's important to note that a powerwash does not necessarily erase all traces of user data.
Data that survives powerwash
While a powerwash removes local user and enterprise data, certain types of information will persist a powerwash, and may still be accessible once a powerwash is complete, such as:
- A pristine copy of ChromeOS operating system
- Some temporary encrypted files that can no longer be decrypted and will be overwritten or removed as part of normal device operation
- Critical device health and diagnostics related information stored on the device
- Knowledge of whether and which enterprise domain this device belongs to in case of forced re-enrollment
- User and enterprise data that is stored off-device, synced to the cloud
Note: Powerwash only initializes user data on the device; data stored in the cloud must be deleted separately - User and enterprise data that is stored off-device, synced to the cloud
- Any other management related user or device metadata that is stored off-device in Google Admin console