From eee1b3d227b92c916640f4f79a3f090b620d0be8 Mon Sep 17 00:00:00 2001
From: Chirantan Ekbote <chirantan@chromium.org>
Date: Wed, 18 Mar 2015 14:45:45 -0700
Subject: Add sanity check for dev_boot_signed_only

Removing rootfs verification or resigning kernels can lead to an
unusable system if the dev_boot_signed_only flag is set.  Add a sanity
check to print out an error when this happens.

BRANCH=none
BUG=none
TEST=manual
Run /usr/share/vboot/bin/make_dev_ssd.sh with the dev_boot_signed_only
flag set to 1 and observe that an error message is printed.

Change-Id: If116538152ee3122e3b742918bf1676982754fdd
Reviewed-on: https://chromium-review.googlesource.com/260970
Trybot-Ready: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
---
 scripts/image_signing/make_dev_ssd.sh | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/scripts/image_signing/make_dev_ssd.sh b/scripts/image_signing/make_dev_ssd.sh
index bfd4e4a6..df8ad469 100755
--- a/scripts/image_signing/make_dev_ssd.sh
+++ b/scripts/image_signing/make_dev_ssd.sh
@@ -293,6 +293,32 @@ resign_ssd_kernel() {
   return $resigned_kernels
 }
 
+sanity_check_crossystem_flags() {
+  debug_msg "crossystem sanity check"
+  if [ -n "${FLAGS_save_config}" ]; then
+    debug_msg "not resigning kernel."
+    return
+  fi
+
+  if [ "$(crossystem dev_boot_signed_only)" = "0" ]; then
+    debug_msg "dev_boot_signed_only not set - safe."
+    return
+  fi
+
+  echo "
+  ERROR: YOUR FIRMWARE WILL ONLY BOOT SIGNED IMAGES.
+
+  Modifying the kernel or root filesystem will result in an unusable system.  If
+  you really want to make this change, allow the firmware to boot self-signed
+  images by running:
+
+    sudo crossystem dev_boot_signed_only=0
+
+  before re-executing this command.
+  "
+  return $FLAGS_FALSE
+}
+
 sanity_check_live_partitions() {
   debug_msg "Partition sanity check"
   if [ "$FLAGS_partitions" = "$ROOTDEV_KERNEL" ]; then
@@ -418,7 +444,8 @@ main() {
       done
       echo ""
     elif ! sanity_check_live_firmware ||
-         ! sanity_check_live_partitions; then
+         ! sanity_check_live_partitions ||
+         ! sanity_check_crossystem_flags; then
       err_die "IMAGE $FLAGS_image IS NOT MODIFIED."
     fi
   fi
-- 
cgit v1.2.1