QA output created by 593 # ========================== # Test with policy version 1 # ========================== # Adding key to filesystem Added encryption key with descriptor 0000111122223333 # Creating encrypted file # Removing key from filesystem Removed encryption key with descriptor 0000111122223333 cat: SCRATCH_MNT/dir/file: No such file or directory # Adding fscrypt-provisioning key # Adding key to filesystem via fscrypt-provisioning key Added encryption key with descriptor 0000111122223333 # Reading encrypted file contents # Cleaning up # ========================== # Test with policy version 2 # ========================== # Adding key to filesystem Added encryption key with identifier 69b2f6edeee720cce0577937eb8a6751 # Creating encrypted file # Removing key from filesystem Removed encryption key with identifier 69b2f6edeee720cce0577937eb8a6751 cat: SCRATCH_MNT/dir/file: No such file or directory # Adding fscrypt-provisioning key # Adding key to filesystem via fscrypt-provisioning key Added encryption key with identifier 69b2f6edeee720cce0577937eb8a6751 # Reading encrypted file contents # Cleaning up # ================ # Validation tests # ================ # Adding an invalid fscrypt-provisioning key fails # ... bad type add_key: Invalid argument # ... bad type add_key: Invalid argument # ... raw key too small add_key: Invalid argument # ... raw key too large add_key: Invalid argument # keyctl_read() doesn't work on fscrypt-provisioning keys keyctl_read_alloc: Operation not supported # Only keys with the correct fscrypt_provisioning_key_payload::type field can be added # ... keyring key is v1, filesystem wants v2 key Error adding encryption key: Key was rejected by service # ... keyring key is v2, filesystem wants v1 key Error adding encryption key: Key was rejected by service # Only keys of type fscrypt-provisioning can be added Error adding encryption key: Key was rejected by service