Changes to allow user-signed kernels to be generated.

firmware/lib/vboot_common.c

 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
  * Common functions between firmware and kernel verified boot.
  * (Firmware portion)
  */
 
 
 #include "vboot_common.h"
@@ skipping 163 matching lines @@
   }
   if (block->header_version_major != KEY_BLOCK_HEADER_VERSION_MAJOR) {
     VBDEBUG(("Incompatible key block header version.\n"));
     return VBOOT_KEY_BLOCK_INVALID;
   }
   if (size < block->key_block_size) {
     VBDEBUG(("Not enough data for key block.\n"));
     return VBOOT_KEY_BLOCK_INVALID;
   }
 
-  /* Check signature or hash, depending on whether we have a key. */
+  /* Check signature or hash, depending on whether we provide a key. Note that
+   * we don't require a key even if the keyblock has a signature, because the
+   * caller may not care if the keyblock itself is signed (for example, booting
+   * a Google-signed kernel in developer mode).
+   */
   if (key) {
     /* Check signature */
     RSAPublicKey* rsa;
     int rv;
 
     sig = &block->key_block_signature;
 
     if (VerifySignatureInside(block, block->key_block_size, sig)) {
       VBDEBUG(("Key block signature off end of block\n"));
       return VBOOT_KEY_BLOCK_INVALID;
     }
 
     rsa = PublicKeyToRSA(key);
     if (!rsa) {
       VBDEBUG(("Invalid public key\n"));
       return VBOOT_PUBLIC_KEY_INVALID;
     }
 
     /* Make sure advertised signature data sizes are sane. */
     if (block->key_block_size < sig->data_size) {
       VBDEBUG(("Signature calculated past end of the block\n"));
       return VBOOT_KEY_BLOCK_INVALID;
     }
+    VBDEBUG(("Checking key block signature...\n"));
     rv = VerifyData((const uint8_t*)block, size, sig, rsa);
     RSAPublicKeyFree(rsa);
-    if (rv)
+    if (rv) {
+      VBDEBUG(("Invalid key block signature.\n"));
       return VBOOT_KEY_BLOCK_SIGNATURE;
+    }
   } else {
     /* Check hash */
     uint8_t* header_checksum = NULL;
     int rv;
 
     sig = &block->key_block_checksum;
 
     if (VerifySignatureInside(block, block->key_block_size, sig)) {
       VBDEBUG(("Key block hash off end of block\n"));
       return VBOOT_KEY_BLOCK_INVALID;
     }
     if (sig->sig_size != SHA512_DIGEST_SIZE) {
       VBDEBUG(("Wrong hash size for key block.\n"));
       return VBOOT_KEY_BLOCK_INVALID;
     }
 
+    VBDEBUG(("Checking key block hash only...\n"));
     header_checksum = DigestBuf((const uint8_t*)block, sig->data_size,
                                 SHA512_DIGEST_ALGORITHM);
     rv = SafeMemcmp(header_checksum, GetSignatureDataC(sig),
                     SHA512_DIGEST_SIZE);
     Free(header_checksum);
     if (rv) {
       VBDEBUG(("Invalid key block hash.\n"));
       return VBOOT_KEY_BLOCK_HASH;
     }
   }
@@ skipping 111 matching lines @@
   /* Verify body signature is inside the block */
   if (VerifySignatureInside(preamble, preamble->preamble_size,
                             &preamble->body_signature)) {
     VBDEBUG(("Kernel body signature off end of preamble\n"));
     return VBOOT_PREAMBLE_INVALID;
   }
 
   /* Success */
   return VBOOT_SUCCESS;
 }