#! /bin/bash # SPDX-License-Identifier: GPL-2.0-only # Copyright 2021 Google LLC # # FS QA Test No. 624 # # Test retrieving the Merkle tree and fs-verity descriptor of a verity file # using FS_IOC_READ_VERITY_METADATA. # seq=`basename $0` seqres=$RESULT_DIR/$seq echo "QA output created by $seq" here=`pwd` tmp=/tmp/$$ status=1 # failure is the default! trap "_cleanup; exit \$status" 0 1 2 3 15 _cleanup() { cd / rm -f $tmp.* } . ./common/rc . ./common/filter . ./common/verity rm -f $seqres.full _supported_fs generic _require_scratch_verity _disable_fsverity_signatures # For the output of this test to always be the same, it has to use a specific # Merkle tree block size. if [ $FSV_BLOCK_SIZE != 4096 ]; then _notrun "4096-byte verity block size not supported on this platform" fi _scratch_mkfs_verity &>> $seqres.full _scratch_mount echo -e "\n# Creating a verity file" fsv_file=$SCRATCH_MNT/file # Always use the same file contents, so that the output of the test is always # the same. Also use a file that is large enough to have multiple Merkle tree # levels, so that the test verifies that the blocks are returned in the expected # order. A 1 MB file with SHA-256 and a Merkle tree block size of 4096 will # have 3 Merkle tree blocks (3*4096 bytes): two at level 0 and one at level 1. head -c 1000000 /dev/zero > $fsv_file merkle_tree_size=$((3 * FSV_BLOCK_SIZE)) fsverity_descriptor_size=256 _fsv_enable $fsv_file --salt=abcd _require_fsverity_dump_metadata $fsv_file _fsv_measure $fsv_file echo -e "\n# Dumping Merkle tree" _fsv_dump_merkle_tree $fsv_file | sha256sum echo -e "\n# Dumping Merkle tree (in chunks)" # The above test may get the whole tree in one read, so also try reading it in # chunks. for (( i = 0; i < merkle_tree_size; i += 997 )); do _fsv_dump_merkle_tree $fsv_file --offset=$i --length=997 done | sha256sum echo -e "\n# Dumping descriptor" # Note that the hash that is printed here should be the same hash that was # printed by _fsv_measure above. _fsv_dump_descriptor $fsv_file | sha256sum echo -e "\n# Dumping descriptor (in chunks)" for (( i = 0; i < fsverity_descriptor_size; i += 13 )); do _fsv_dump_descriptor $fsv_file --offset=$i --length=13 done | sha256sum # success, all done status=0 exit