Out Of Box Experience, or OOBE, is a flow that goes through several sequential steps to set up new, unowned device. A device is owned when it's
In the former case, the device is owned by the enrollment domain, and device settings are controlled by the device policy specified by the domain administrator.
If the device is not enterprise enrolled, the first user to be added to the device becomes the device owner. The owner user cannot be removed unless the device is power-washed.
During device OOBE setup the user goes through the following steps:
The initial OOBE step that welcomes the user to their new device, and provides options to change settings with impact on general usability:
Note that Chromevox, a screen reader bundled with Chrome, can be activated at any time by pressing Ctrl + Alt + Z key combination.
On devices in system dev-mode, the Welcome screen UI shows a link to enable Chrome OS system debugging features. Enabling the debugging features will install debugging tools on the Chrome OS device that are commonly present on Chrome OS test images only.
Screen asking the user to select and connect to a network. The screen will block the rest of the OOBE setup until a network is connected because the screens that follow may require network connectivity. The exception is offline Demo Mode setup, which is expected to work fully offline - for more information on demo mode see demo mode.
The screen that shows the End-User Licence Agreement (EULA) to the user, and waits until the user accepts them. The setup will not continue until the user accepts the terms. The screen has an option to return back to the network setup screen. Accepting EULA terms will also initialize:
This screen is shown on official Chrome builds only.
Update check screen will perform online Chrome OS update availability check (using system update engine dbus service). If a critical update to a newer Chrome OS version exists, the update screen will wait for the update engine to download and install the update, and then request Chrome OS reboot. The screen will give the user feedback about the update progress.
An update is considered critical if Omaha, the service that serves Chrome OS updates, specifies a deadline for applying the update.
Non-critical updates are ignored during OOBE - the update engine will download them and install in the background after OOBE finishes.
If the update engine detects that the device is currently using a metered connection (e.g. cellular network), the update screen will ask for user confirmation before proceeding with the update. If the user declines, OOBE will go back to the network selection screen.
Note that update screen requires network connectivity - it will check whether the current network is online, and show a network error screen if that is not the case. The network error screen is similar to network screen shown earlier in OOBE in the sense that it provides UI to select and connect to a network, but
A transient screen shown while Chrome checks the devices re-enrollment state, and whether the device has been disabled remotely. Depending on the result of the checks OOBE might:
Re-enrollment check screen depends on network connectivity, and will display network error screen if the device is not online.
For more information on enrollment scenarios, including re-enrollment see enrollment documentation.
If re-enrollment was not requested, OOBE will be marked as completed at this point. Otherwise, OOBE will be marked as completed once enrollment screen shown after auto-enrollment screen reports enrollment is done. Note that enrollment screen finishing does not imply the device is actually enrolled, unless the re-enrollment is forced.
The first screen shown after OOBE completion. The screen shows GAIA authentication UI hosted inside a Chrome webview. User authentication is completely handled by GAIA. Once the user is authenticated with GAIA, the screen reports authenticated credentials to Chrome. The credentials are used to create user cryptohome, and add the user to the device. Additionally, data required to authenticate the user with Google services is read from the cookies in the webview used for GAIA authentication. This data (auth code) will be used to generate a refresh token, which will be stored locally, and used to generate user's access tokens as needed. This allows the user to use Google services without having to manually reauthenticate.
In addition to initial user login, GAIA screen can be shown for users that already exist on the device:
On enterprise enrolled devices, GAIA screen supports user authentication using SAML and Active Directory flows - for more information, see documentation in docs/enterprise.
Screen that hosts enrollment UI inside a webview - for more information on enrollment flows, see enrollment documentation
Ctrl + Alt + Z - toggle Chromevox, a screen reader bundled with Chrome.
Ctrl + Alt + E - start enrollment flow, if the device is still unowned.
Ctrl + Alt + D - start Demo mode setup - supported on Welcome screen only
Ctrl + Alt + R - initialize powerwash - this can be used throughout OOBE, and on the login screen, but might be disabled on enterprise enrolled devices.
Ctrl + Alt + Shift + X - enable debugging features - available during OOBE only.
