Index: firmware/lib/vboot_kernel.c |
diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c |
index 4b2a030be39c0467bb4a8e8270a8d4cbe847992c..2402a090eae25c1b724db43b0c4b7e3bb24e609d 100644 |
--- a/firmware/lib/vboot_kernel.c |
+++ b/firmware/lib/vboot_kernel.c |
@@ -168,10 +168,6 @@ int LoadKernel(LoadKernelParams* params) { |
return (status == TPM_E_MUST_REBOOT ? |
LOAD_KERNEL_REBOOT : LOAD_KERNEL_RECOVERY); |
} |
- } else if (is_dev && !is_rec) { |
- /* In developer mode, we ignore the kernel subkey, and just use |
- * the SHA-512 hash to verify the key block. */ |
- kernel_subkey = NULL; |
} |
do { |
@@ -215,9 +211,11 @@ int LoadKernel(LoadKernelParams* params) { |
if (0 != BootDeviceReadLBA(part_start, kbuf_sectors, kbuf)) |
continue; |
- /* Verify the key block */ |
+ /* Verify the key block. In developer mode, we ignore the key |
+ * and use only the SHA-512 hash to verify the key block. */ |
key_block = (VbKeyBlockHeader*)kbuf; |
- if ((0 != KeyBlockVerify(key_block, KBUF_SIZE, kernel_subkey))) { |
+ if ((0 != KeyBlockVerify(key_block, KBUF_SIZE, kernel_subkey, |
+ is_dev && !is_rec))) { |
VBDEBUG(("Verifying key block failed.\n")); |
continue; |
} |