2 # SPDX-License-Identifier: GPL-2.0-only
3 # Copyright 2021 Google LLC
7 # Test retrieving the built-in signature of a verity file using
8 # FS_IOC_READ_VERITY_METADATA.
10 # This is separate from the other tests for FS_IOC_READ_VERITY_METADATA because
11 # the fs-verity built-in signature support is optional.
14 seqres=$RESULT_DIR/$seq
15 echo "QA output created by $seq"
19 status=1 # failure is the default!
20 trap "_cleanup; exit \$status" 0 1 2 3 15
35 _require_scratch_verity
36 _require_fsverity_builtin_signatures
38 _scratch_mkfs_verity &>> $seqres.full
41 echo -e "\n# Setting up signed verity file"
42 _fsv_generate_cert $tmp.key $tmp.cert $tmp.cert.der
44 _fsv_load_cert $tmp.cert.der
45 fsv_file=$SCRATCH_MNT/file
47 _fsv_sign $fsv_file $tmp.sig --key=$tmp.key --cert=$tmp.cert >> $seqres.full
48 _fsv_enable $fsv_file --signature=$tmp.sig
49 _require_fsverity_dump_metadata $fsv_file
51 echo -e "\n# Dumping and comparing signature"
52 _fsv_dump_signature $fsv_file > $tmp.sig2
53 # The signature returned by FS_IOC_READ_VERITY_METADATA should exactly match the
54 # one we passed to FS_IOC_ENABLE_VERITY earlier.
55 cmp $tmp.sig $tmp.sig2
57 echo -e "\n# Dumping and comparing signature (in chunks)"
58 sig_size=$(stat -c %s $tmp.sig)
59 for (( i = 0; i < sig_size; i += 13 )); do
60 _fsv_dump_signature $fsv_file --offset=$i --length=13
62 cmp $tmp.sig $tmp.sig2