-
Notifications
You must be signed in to change notification settings - Fork 73
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
generic: test retrieving verity signature
Add a test which tests dumping the built-in signature of a verity file using the new FS_IOC_READ_VERITY_METADATA ioctl. Signed-off-by: Eric Biggers <[email protected]>
- Loading branch information
Showing
3 changed files
with
74 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,66 @@ | ||
| #! /bin/bash | ||
| # SPDX-License-Identifier: GPL-2.0-only | ||
| # Copyright 2021 Google LLC | ||
| # | ||
| # FS QA Test No. 625 | ||
| # | ||
| # Test retrieving the built-in signature of a verity file using | ||
| # FS_IOC_READ_VERITY_METADATA. | ||
| # | ||
| # This is separate from the other tests for FS_IOC_READ_VERITY_METADATA because | ||
| # the fs-verity built-in signature support is optional. | ||
| # | ||
| seq=`basename $0` | ||
| seqres=$RESULT_DIR/$seq | ||
| echo "QA output created by $seq" | ||
|
|
||
| here=`pwd` | ||
| tmp=/tmp/$$ | ||
| status=1 # failure is the default! | ||
| trap "_cleanup; exit \$status" 0 1 2 3 15 | ||
|
|
||
| _cleanup() | ||
| { | ||
| cd / | ||
| rm -f $tmp.* | ||
| } | ||
|
|
||
| . ./common/rc | ||
| . ./common/filter | ||
| . ./common/verity | ||
|
|
||
| rm -f $seqres.full | ||
|
|
||
| _supported_fs generic | ||
| _require_scratch_verity | ||
| _require_fsverity_builtin_signatures | ||
|
|
||
| _scratch_mkfs_verity &>> $seqres.full | ||
| _scratch_mount | ||
|
|
||
| echo -e "\n# Setting up signed verity file" | ||
| _fsv_generate_cert $tmp.key $tmp.cert $tmp.cert.der | ||
| _fsv_clear_keyring | ||
| _fsv_load_cert $tmp.cert.der | ||
| fsv_file=$SCRATCH_MNT/file | ||
| echo foo > $fsv_file | ||
| _fsv_sign $fsv_file $tmp.sig --key=$tmp.key --cert=$tmp.cert >> $seqres.full | ||
| _fsv_enable $fsv_file --signature=$tmp.sig | ||
| _require_fsverity_dump_metadata $fsv_file | ||
|
|
||
| echo -e "\n# Dumping and comparing signature" | ||
| _fsv_dump_signature $fsv_file > $tmp.sig2 | ||
| # The signature returned by FS_IOC_READ_VERITY_METADATA should exactly match the | ||
| # one we passed to FS_IOC_ENABLE_VERITY earlier. | ||
| cmp $tmp.sig $tmp.sig2 | ||
|
|
||
| echo -e "\n# Dumping and comparing signature (in chunks)" | ||
| sig_size=$(stat -c %s $tmp.sig) | ||
| for (( i = 0; i < sig_size; i += 13 )); do | ||
| _fsv_dump_signature $fsv_file --offset=$i --length=13 | ||
| done > $tmp.sig2 | ||
| cmp $tmp.sig $tmp.sig2 | ||
|
|
||
| # success, all done | ||
| status=0 | ||
| exit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| QA output created by 625 | ||
|
|
||
| # Setting up signed verity file | ||
|
|
||
| # Dumping and comparing signature | ||
|
|
||
| # Dumping and comparing signature (in chunks) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -627,3 +627,4 @@ | |
| 622 auto shutdown metadata atime | ||
| 623 auto quick shutdown | ||
| 624 auto quick verity | ||
| 625 auto quick verity | ||