2 # SPDX-License-Identifier: GPL-2.0
3 # Copyright 2018 Google LLC
5 # FS QA Test generic/576
7 # Test using fs-verity and fscrypt simultaneously. This primarily verifies
8 # correct ordering of the hooks for each feature: fscrypt needs to be first.
11 seqres=$RESULT_DIR/$seq
12 echo "QA output created by $seq"
16 status=1 # failure is the default!
17 trap "_cleanup; exit \$status" 0 1 2 3 15
22 _restore_fsverity_signatures
26 # get standard environment, filters and checks
32 # remove previous $seqres.full before test
35 # real QA test starts here
37 _require_scratch_verity
38 _require_scratch_encryption
39 _require_command "$KEYCTL_PROG" keyctl
40 _disable_fsverity_signatures
42 _scratch_mkfs_encrypted_verity &>> $seqres.full
45 fsv_orig_file=$tmp.file
46 edir=$SCRATCH_MNT/edir
47 fsv_file=$edir/file.fsv
49 # Set up an encrypted directory.
51 keydesc=$(_generate_session_encryption_key)
53 _set_encpolicy $edir $keydesc
55 # Create a file within the encrypted directory and enable verity on it.
56 # Then check that it has an encryption policy as well.
57 head -c 100000 /dev/zero > $fsv_orig_file
58 cp $fsv_orig_file $fsv_file
61 $XFS_IO_PROG -r -c "get_encpolicy" $fsv_file | _filter_scratch \
62 | sed 's/Master key descriptor:.*/Master key descriptor: 0000000000000000/'
65 # Verify that the file contents are as expected. This should be going through
66 # both the decryption and verity I/O paths.
67 cmp $fsv_orig_file $fsv_file && echo "Files matched"
69 # Just in case, try again after a mount cycle to empty the page cache.
71 cmp $fsv_orig_file $fsv_file && echo "Files matched"
73 # Corrupt some bytes as a sanity check that fs-verity is really working.
74 # This also verifies that the data on-disk is really encrypted, since otherwise
75 # the data being written here would be identical to the old data.
76 head -c 1000 /dev/zero | _fsv_scratch_corrupt_bytes $fsv_file 50000
77 md5sum $fsv_file |& _filter_scratch