blob: 4babbbf4e5cee563e08364f0a6ed4e86a80d315f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
#!/bin/bash
#
# Copyright (C) 2021 Vojtech Eichler <veichler@redhat.com>
#
# This file is part of util-linux.
#
# This file is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This file is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
TS_TOPDIR="${0%/*}/../.."
TS_DESC="dm-verity support"
. $TS_TOPDIR/functions.sh
ts_init "$*"
VERITY_OUTPUT="$TS_OUTPUT.log"
HASH_DEVICE="$TS_OUTDIR/dm-verity.hash"
SQUASHFS="$TS_OUTDIR/dm-verity.img"
VERITY_DEVICE="test_dm_verity"
VERITY_DEVICE_ABS="/dev/mapper/$VERITY_DEVICE"
ROOT_HASH_FILE="$TS_OUTDIR/root_hash_file.hash"
ts_check_test_command "$TS_CMD_MOUNT"
ts_check_test_command "$TS_CMD_UMOUNT"
ts_skip_nonroot
ts_check_prog "mksquashfs"
ts_check_prog "veritysetup"
grep -q '#define HAVE_CRYPTSETUP' ${top_builddir}/config.h || ts_skip "no dm-verity support"
# Make a squashfs and prepare verity device out of it
mksquashfs $TS_SELF $SQUASHFS &>/dev/null || ts_skip "error: mksquashfs on $TS_SELF"
veritysetup format $SQUASHFS $HASH_DEVICE > $VERITY_OUTPUT || ts_skip "cannot format $SQUASHFS"
# Extract root hash out of veritysetup output
HASH=$(cat $VERITY_OUTPUT | awk '/Root hash:/ { print $3 }') || ts_die "error: extract hash"
echo $HASH > $ROOT_HASH_FILE
# Activate verity data device
veritysetup create $VERITY_DEVICE $SQUASHFS $HASH_DEVICE $HASH || ts_skip "cannot activate verity device"
ts_init_subtest "roothash"
[ -d "$TS_MOUNTPOINT" ] || mkdir -p $TS_MOUNTPOINT
$TS_CMD_MOUNT -o verity.hashdevice=$HASH_DEVICE,verity.roothash=$HASH,verity.hashoffset=0 \
$VERITY_DEVICE_ABS \
$TS_MOUNTPOINT >> $TS_OUTPUT 2>> $TS_ERRLOG
$TS_CMD_UMOUNT -l $TS_MOUNTPOINT >> $TS_OUTPUT 2>> $TS_ERRLOG
ts_finalize_subtest
ts_init_subtest "roothashfile"
[ -d "$TS_MOUNTPOINT" ] || mkdir -p $TS_MOUNTPOINT
$TS_CMD_MOUNT -o verity.hashdevice=$HASH_DEVICE,verity.roothashfile=$ROOT_HASH_FILE \
$VERITY_DEVICE_ABS \
$TS_MOUNTPOINT >> $TS_OUTPUT 2>> $TS_ERRLOG
$TS_CMD_UMOUNT -l $TS_MOUNTPOINT >> $TS_OUTPUT 2>> $TS_ERRLOG
ts_finalize_subtest
# Cleanup
dmsetup remove -f $VERITY_DEVICE
ts_finalize
|
