blob: e6767e5136730ecb462da6dd8af72191092b7845 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
QA output created by 577
# Generating certificates and private keys
# Clearing fs-verity keyring
# Loading first certificate into fs-verity keyring
# Enabling fs.verity.require_signatures
fs.verity.require_signatures = 1
# Generating file and signing it for fs-verity
Signed file 'SCRATCH_MNT/file' (sha256:ecabbfca4efd69a721be824965da10d27900b109549f96687b35a4d91d810dac)
Signed file 'SCRATCH_MNT/file' (sha256:ecabbfca4efd69a721be824965da10d27900b109549f96687b35a4d91d810dac)
# Signing a different file for fs-verity
Signed file 'SCRATCH_MNT/otherfile' (sha256:b2a419c5a8c767a78c6275d6729794bf51e52ddf8713e31d12a93d61d961f49f)
# Enabling verity with valid signature (should succeed)
# Enabling verity without signature (should fail)
ERROR: FS_IOC_ENABLE_VERITY failed on 'SCRATCH_MNT/file.fsv': Operation not permitted
# Opening verity file without signature (should fail)
md5sum: SCRATCH_MNT/file.fsv: Operation not permitted
# Enabling verity with untrusted signature (should fail)
ERROR: FS_IOC_ENABLE_VERITY failed on 'SCRATCH_MNT/file.fsv': Required key not available
# Enabling verity with wrong file's signature (should fail)
ERROR: FS_IOC_ENABLE_VERITY failed on 'SCRATCH_MNT/file.fsv': Key was rejected by service
# Enabling verity with malformed signature (should fail)
ERROR: FS_IOC_ENABLE_VERITY failed on 'SCRATCH_MNT/file.fsv': Bad message
# Testing salt
Signed file 'SCRATCH_MNT/file' (sha256:1cb173bcd199133eb80e9ea4f0f741001b9e73227aa8812685156f2bc8ff45f5)
# Testing non-default hash algorithm
# Testing empty file
Signed file 'SCRATCH_MNT/file.fsv' (sha256:3d248ca542a24fc62d1c43b916eae5016878e2533c88238480b26128a1f1af95)
|