2 # SPDX-License-Identifier: GPL-2.0-only
3 # Copyright 2021 Google LLC
7 # Test retrieving the Merkle tree and fs-verity descriptor of a verity file
8 # using FS_IOC_READ_VERITY_METADATA.
11 _begin_fstest auto quick verity
17 _require_scratch_verity
18 _disable_fsverity_signatures
19 # For the output of this test to always be the same, it has to use a specific
20 # Merkle tree block size.
21 if [ $FSV_BLOCK_SIZE != 4096 ]; then
22 _notrun "4096-byte verity block size not supported on this platform"
25 _scratch_mkfs_verity &>> $seqres.full
28 echo -e "\n# Creating a verity file"
29 fsv_file=$SCRATCH_MNT/file
30 # Always use the same file contents, so that the output of the test is always
31 # the same. Also use a file that is large enough to have multiple Merkle tree
32 # levels, so that the test verifies that the blocks are returned in the expected
33 # order. A 1 MB file with SHA-256 and a Merkle tree block size of 4096 will
34 # have 3 Merkle tree blocks (3*4096 bytes): two at level 0 and one at level 1.
35 head -c 1000000 /dev/zero > $fsv_file
36 merkle_tree_size=$((3 * FSV_BLOCK_SIZE))
37 fsverity_descriptor_size=256
38 _fsv_enable $fsv_file --salt=abcd
39 _require_fsverity_dump_metadata $fsv_file
40 _fsv_measure $fsv_file
42 echo -e "\n# Dumping Merkle tree"
43 _fsv_dump_merkle_tree $fsv_file | sha256sum
45 echo -e "\n# Dumping Merkle tree (in chunks)"
46 # The above test may get the whole tree in one read, so also try reading it in
48 for (( i = 0; i < merkle_tree_size; i += 997 )); do
49 _fsv_dump_merkle_tree $fsv_file --offset=$i --length=997
52 echo -e "\n# Dumping descriptor"
53 # Note that the hash that is printed here should be the same hash that was
54 # printed by _fsv_measure above.
55 _fsv_dump_descriptor $fsv_file | sha256sum
57 echo -e "\n# Dumping descriptor (in chunks)"
58 for (( i = 0; i < fsverity_descriptor_size; i += 13 )); do
59 _fsv_dump_descriptor $fsv_file --offset=$i --length=13