Commit 16e51300 authored by Helen Koike's avatar Helen Koike

wip: verity

parent 395f11ce
......@@ -9,6 +9,72 @@ if [ "$#" -ne 1 ]; then
fi
KERNEL=$1
fill_rootfs()
{
MSG=${1-""}
# Add busybox and init script
if [ ! -f busybox ]; then
wget https://busybox.net/downloads/binaries/1.21.1/busybox-x86_64 -O busybox
chmod +x busybox
fi
sudo mkdir dm-mount/bin
sudo cp busybox dm-mount/bin/busybox
sudo bash -c 'cat > dm-mount/bin/init.sh' <<- EOF
#!/bin/busybox sh
busybox echo "System Booted $MSG"
busybox poweroff -f
EOF
sudo chmod +x dm-mount/bin/init.sh
}
# Create a simple rootfs - target verity
create_verity()
{
# Create disk
DISK=$1
PREFIX=$2
if [ -f $DISK -a -f ${DISK}.info ]; then
echo "$DISK already exist, not creating it"
return
else
echo "creating $DISK"
fi
dd if=/dev/zero of=$DISK bs=512M count=3
# Partition 1
sudo sgdisk -n 1:0:+800M -t 1:7f01 "$DISK"
# Partition 2
sudo sgdisk -n 2:0:+500M -t 2:7f01 "$DISK"
# Format and mount partition 1
LOOP_DEV=$(sudo losetup -fP --show $DISK)
sudo mkfs.ext4 -L ROOT-VERITY ${LOOP_DEV}p1
mkdir -p dm-mount
sudo mount ${LOOP_DEV}p1 dm-mount
fill_rootfs "verity disk $DISK"
# Umount partition
sudo umount dm-mount
rm -r dm-mount
# Format verity
sudo veritysetup format ${LOOP_DEV}p1 ${LOOP_DEV}p2 > ${DISK}.info
sed -i -e '1d' ${DISK}.info
sed -i -e 's/./\L&/g' ${DISK}.info
sed -i -e 's/[[:space:]]\+/_/g' ${DISK}.info
sed -i -e "s/:_/=/g" ${DISK}.info
sectors=$(sudo blockdev --getsz "${LOOP_DEV}"p1)
echo "sectors=${sectors}" >> ${DISK}.info
# Add prefix to variables in file
sed -i -e "s/^/$PREFIX/" ${DISK}.info
# Umount loopback
sudo losetup -d $LOOP_DEV
}
# Create a simple rootfs - target linear from 4 joined partitions
create_linear()
{
......@@ -69,20 +135,7 @@ create_linear()
mkdir -p dm-mount
sudo mount /dev/mapper/$DM_DEV dm-mount
# Add busybox and init script
if [ ! -f busybox ]; then
wget https://busybox.net/downloads/binaries/1.21.1/busybox-x86_64 -O busybox
chmod +x busybox
fi
sudo mkdir dm-mount/bin
sudo cp busybox dm-mount/bin/busybox
sudo bash -c 'cat > dm-mount/bin/init.sh' <<- EOF
#!/bin/busybox sh
busybox echo "System Booted"
busybox poweroff -f
EOF
sudo chmod +x dm-mount/bin/init.sh
fill_rootfs "linear disk $DISK"
# Umount disk/dm/loopback
sudo umount dm-mount
......@@ -135,6 +188,17 @@ create_linear $DL2 DL2_
# Load disk info
source ${DL2}.info
DV1=disk-verity-1.img
create_verity $DV1 DV1_
# Load disk info
source ${DV1}.info
# -----------------------
# Linear and parser tests
# -----------------------
linear_parser_tests()
{
launch_test \
"linear: should fail (test the test)" \
"-hda ${DL1}" \
......@@ -269,3 +333,25 @@ launch_test \
/dev/dm-4 \
"$name,,4,rw,$DL1_P1_START $DL1_P1_SIZE linear 8:1 0,$DL1_P2_START $DL1_P2_SIZE linear 8:2 0,$DL1_P3_START $DL1_P3_SIZE linear 8:3 0,$DL1_P4_START $DL1_P4_SIZE linear 8:4 0" \
124
}
linear_parser_tests
# --------------
# Verity
# --------------
verity_tests()
{
launch_test \
"verity: with minor" \
"-hda ${DV1}" \
/dev/dm-4 \
"dm-verity,,4,ro,0 $DV1_sectors verity $DV1_hash_type 8:1 8:2 $DV1_data_block_size $DV1_hash_block_size $DV1_data_blocks 1 $DV1_hash_algorithm $DV1_root_hash $DV1_salt"
UUID=CRYPT-VERITY-543c115f6fb048e2bd7ecbb5960aae4d-verity-test
launch_test \
"verity: with uuid" \
"-hda ${DV1}" \
"UUID=$UUID" \
"dm-verity,${UUID},4,ro,0 $DV1_sectors verity $DV1_hash_type 8:1 8:2 $DV1_data_block_size $DV1_hash_block_size $DV1_data_blocks 1 $DV1_hash_algorithm $DV1_root_hash $DV1_salt"
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment