Make sure the device recovers from policy loss in the consumer case.

chrome/browser/chromeos/login/user_manager.cc

Index: chrome/browser/chromeos/login/user_manager.cc
diff --git a/chrome/browser/chromeos/login/user_manager.cc b/chrome/browser/chromeos/login/user_manager.cc
index ab85e770fb941ca72aea63b4e181795fc88f6578..ab17d205875ce952142cd36c75b922ce1ecac380 100644
--- a/chrome/browser/chromeos/login/user_manager.cc
+++ b/chrome/browser/chromeos/login/user_manager.cc
@@ -784,6 +784,19 @@ void UserManager::NotifyOnLogin() {
   WmIpc::instance()->SetLoggedInProperty(true);
 #endif
 
+  LoadKeyStore();
+
+  // Schedules current user ownership check on file thread.
+  BrowserThread::PostTask(BrowserThread::FILE, FROM_HERE,
+                          base::Bind(&UserManager::CheckOwnership,
+                                     base::Unretained(this)));
+}
+
+void UserManager::LoadKeyStore() {
+  CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+  if (key_store_loaded_)
+    return;
+
   // Ensure we've opened the real user's key/certificate database.
   crypto::OpenPersistentNSSDB();
 
@@ -798,11 +811,7 @@ void UserManager::NotifyOnLogin() {
     // Note: this calls crypto::EnsureTPMTokenReady()
     cert_library->RequestCertificates();
   }
-
-  // Schedules current user ownership check on file thread.
-  BrowserThread::PostTask(BrowserThread::FILE, FROM_HERE,
-                          base::Bind(&UserManager::CheckOwnership,
-                                     base::Unretained(this)));
+  key_store_loaded_ = true;
 }
 
 void UserManager::SetInitialUserImage(const std::string& username) {