2 # SPDX-License-Identifier: GPL-2.0
3 # Copyright 2018 Google LLC
5 # FS QA Test generic/576
7 # Test using fs-verity and fscrypt simultaneously. This primarily verifies
8 # correct ordering of the hooks for each feature: fscrypt needs to be first.
11 seqres=$RESULT_DIR/$seq
12 echo "QA output created by $seq"
16 status=1 # failure is the default!
17 trap "_cleanup; exit \$status" 0 1 2 3 15
22 _restore_fsverity_signatures
26 # get standard environment, filters and checks
32 # remove previous $seqres.full before test
35 # real QA test starts here
38 _require_scratch_verity
39 _require_scratch_encryption
40 _require_command "$KEYCTL_PROG" keyctl
41 _disable_fsverity_signatures
43 _scratch_mkfs_encrypted_verity &>> $seqres.full
46 fsv_orig_file=$tmp.file
47 edir=$SCRATCH_MNT/edir
48 fsv_file=$edir/file.fsv
50 # Set up an encrypted directory.
52 keydesc=$(_generate_session_encryption_key)
54 _set_encpolicy $edir $keydesc
56 # Create a file within the encrypted directory and enable verity on it.
57 # Then check that it has an encryption policy as well.
58 head -c 100000 /dev/zero > $fsv_orig_file
59 cp $fsv_orig_file $fsv_file
62 $XFS_IO_PROG -r -c "get_encpolicy" $fsv_file | _filter_scratch \
63 | sed 's/Master key descriptor:.*/Master key descriptor: 0000000000000000/'
66 # Verify that the file contents are as expected. This should be going through
67 # both the decryption and verity I/O paths.
68 cmp $fsv_orig_file $fsv_file && echo "Files matched"
70 # Just in case, try again after a mount cycle to empty the page cache.
72 cmp $fsv_orig_file $fsv_file && echo "Files matched"
74 # Corrupt some bytes as a sanity check that fs-verity is really working.
75 # This also verifies that the data on-disk is really encrypted, since otherwise
76 # the data being written here would be identical to the old data.
77 head -c 1000 /dev/zero | _fsv_scratch_corrupt_bytes $fsv_file 50000
78 md5sum $fsv_file |& _filter_scratch