2 # SPDX-License-Identifier: GPL-2.0-only
3 # Copyright 2021 Google LLC
7 # Test retrieving the built-in signature of a verity file using
8 # FS_IOC_READ_VERITY_METADATA.
10 # This is separate from the other tests for FS_IOC_READ_VERITY_METADATA because
11 # the fs-verity built-in signature support is optional.
14 _begin_fstest auto quick verity
20 _require_scratch_verity
21 _require_fsverity_builtin_signatures
23 _scratch_mkfs_verity &>> $seqres.full
26 echo -e "\n# Setting up signed verity file"
27 _fsv_generate_cert $tmp.key $tmp.cert $tmp.cert.der
29 _fsv_load_cert $tmp.cert.der
30 fsv_file=$SCRATCH_MNT/file
32 _fsv_sign $fsv_file $tmp.sig --key=$tmp.key --cert=$tmp.cert >> $seqres.full
33 _fsv_enable $fsv_file --signature=$tmp.sig
34 _require_fsverity_dump_metadata $fsv_file
36 echo -e "\n# Dumping and comparing signature"
37 _fsv_dump_signature $fsv_file > $tmp.sig2
38 # The signature returned by FS_IOC_READ_VERITY_METADATA should exactly match the
39 # one we passed to FS_IOC_ENABLE_VERITY earlier.
40 cmp $tmp.sig $tmp.sig2
42 echo -e "\n# Dumping and comparing signature (in chunks)"
43 sig_size=$(stat -c %s $tmp.sig)
44 for (( i = 0; i < sig_size; i += 13 )); do
45 _fsv_dump_signature $fsv_file --offset=$i --length=13
47 cmp $tmp.sig $tmp.sig2