I am trying to use the stock recovery to install superuser.zip but it give me an error:
E: signature verification failed
So I cannot root it by the superuser.zip
I Googled and someone said solution is to install CWM. However, when I try to install CWM, it require superuser privilege?!
Now I get into the loop CWM need superuser -> install superuser need CWM -> ...
Android has a chain of signature verification that (by default) protects your device from being hacked or having an unofficial image installed. Recovery images, updates, and OS images all have to be signed. The bootloader verifies that the recovery is signed by the manufacturer's key, and the recovery in turn verifies that the OS image (and any updates you try to install) are signed by the same key.
That's why you need CWM or TWRP to flash an update that roots the device. You don't need to root to install CWM or TWRP, but you do need to unlock the bootloader. This wipes all user data on the device. It's a security mechanism, to protect your data: if someone steals the device while it's locked, and wants to flash a different OS to bypass the lock and steal your data, they first have to unlock the bootloader.
So, there's no loop at all. Unlock your bootloader and flash a recovery using fastboot, then use that recovery to install the "update". The exact details of how vary from device to device, so find yours on our rooting index.
