| #! /bin/bash |
| # SPDX-License-Identifier: GPL-2.0-only |
| # Copyright 2021 Google LLC |
| # |
| # FS QA Test No. 625 |
| # |
| # Test retrieving the built-in signature of a verity file using |
| # FS_IOC_READ_VERITY_METADATA. |
| # |
| # This is separate from the other tests for FS_IOC_READ_VERITY_METADATA because |
| # the fs-verity built-in signature support is optional. |
| # |
| seq=`basename $0` |
| seqres=$RESULT_DIR/$seq |
| echo "QA output created by $seq" |
| |
| here=`pwd` |
| tmp=/tmp/$$ |
| status=1 # failure is the default! |
| trap "_cleanup; exit \$status" 0 1 2 3 15 |
| |
| _cleanup() |
| { |
| cd / |
| rm -f $tmp.* |
| } |
| |
| . ./common/rc |
| . ./common/filter |
| . ./common/verity |
| |
| rm -f $seqres.full |
| |
| _supported_fs generic |
| _require_scratch_verity |
| _require_fsverity_builtin_signatures |
| |
| _scratch_mkfs_verity &>> $seqres.full |
| _scratch_mount |
| |
| echo -e "\n# Setting up signed verity file" |
| _fsv_generate_cert $tmp.key $tmp.cert $tmp.cert.der |
| _fsv_clear_keyring |
| _fsv_load_cert $tmp.cert.der |
| fsv_file=$SCRATCH_MNT/file |
| echo foo > $fsv_file |
| _fsv_sign $fsv_file $tmp.sig --key=$tmp.key --cert=$tmp.cert >> $seqres.full |
| _fsv_enable $fsv_file --signature=$tmp.sig |
| _require_fsverity_dump_metadata $fsv_file |
| |
| echo -e "\n# Dumping and comparing signature" |
| _fsv_dump_signature $fsv_file > $tmp.sig2 |
| # The signature returned by FS_IOC_READ_VERITY_METADATA should exactly match the |
| # one we passed to FS_IOC_ENABLE_VERITY earlier. |
| cmp $tmp.sig $tmp.sig2 |
| |
| echo -e "\n# Dumping and comparing signature (in chunks)" |
| sig_size=$(stat -c %s $tmp.sig) |
| for (( i = 0; i < sig_size; i += 13 )); do |
| _fsv_dump_signature $fsv_file --offset=$i --length=13 |
| done > $tmp.sig2 |
| cmp $tmp.sig $tmp.sig2 |
| |
| # success, all done |
| status=0 |
| exit |