Device Management service is mainly responsible for storage, retrieval and removal of various device management related attributes such as firmware management parameters, installation time attributes etc. In future, similar kinds of attributes are expected to be held by this service.
Firmware Management Parameters (FWMP) control the rewritable (RW) firmware boot process. They can be used to disable developer mode on enterprise devices. If developer mode is enabled, they can limit which kernel key can be used to sign developer images, and/or enable developer features such as booting from USB or legacy OS. The FWMP is stored in a TPM NVRAM space.
Install Attributes essentially provides a name-value storage interface. The first time a device is used, a set of installation attributes is stored on the device and remains tamper-evident for the remainder of the install (i.e., until the device mode changes). If a device has been enterprise enrolled, as evidenced by a ribbon with text like “This device is owned by yourcompany.com,” then the installation attributes correspond to this enrollment. The datastore is made tamper-evident by serializing it to a bytestream and persisting it to the filesystem via the Lockbox class. This is done when InstallAttributes::Finalize() is called. After finalization, the data becomes read-only.
This is the list of the currently supported components by device_managementd