From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: Tobias Waldekranz <tobias@waldekranz.com>, barebox@lists.infradead.org
Subject: Re: [PATCH 09/11] test: pytest: add basic dm-verity test
Date: Mon, 22 Sep 2025 17:44:33 +0200 [thread overview]
Message-ID: <09562aab-2548-4d07-b742-853b2f6f7cb4@pengutronix.de> (raw)
In-Reply-To: <20250918074455.891780-10-tobias@waldekranz.com>
On 18.09.25 09:43, Tobias Waldekranz wrote:
> From a consistent dm-verity device (good):
>
> - Ensure that we can read from the underlying filesystem.
>
> From a dm-verity device where the data device does not match the hash
> tree (bad):
>
> - Ensure that unmodified parts are readable
> - Ensure that reading from a modified block results in an I/O error
>
> Signed-off-by: Tobias Waldekranz <tobias@waldekranz.com>
Reviewed-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Thanks for including a test!
Ahmad
> ---
> test/py/test_dm.py | 38 ++++++++++++++++++++++++++++++++++++++
> 1 file changed, 38 insertions(+)
> create mode 100644 test/py/test_dm.py
>
> diff --git a/test/py/test_dm.py b/test/py/test_dm.py
> new file mode 100644
> index 0000000000..a9debd85b5
> --- /dev/null
> +++ b/test/py/test_dm.py
> @@ -0,0 +1,38 @@
> +# SPDX-License-Identifier: GPL-2.0-or-later
> +
> +import re
> +import pytest
> +from .helper import of_get_property
> +
> +
> +
> +def test_dm_verity(barebox):
> + _, _, returncode = barebox.run("ls /mnt/9p/testfs")
> + if returncode != 0:
> + pytest.xfail("skipping test due to missing --fs testfs=")
> +
> + barebox.run_check("cd /mnt/9p/testfs")
> +
> + # Since commands run in a subshell, export the root hash in a
> + # global, so that we can access it from subsequent commands
> + barebox.run_check("readf good.hash roothash && global roothash=$roothash")
> +
> + barebox.run_check("veritysetup open good.fat good good.verity $global.roothash")
> + barebox.run_check("veritysetup open bad.fat bad good.verity $global.roothash")
> +
> + barebox.run_check("md5sum /mnt/good/latin /mnt/good/english")
> +
> + # 'latin' has not been modified, so it should read fine even from
> + # 'bad'
> + barebox.run_check("md5sum /mnt/bad/latin")
> +
> + # 'english' however, does not match the data in the hash tree and
> + # MUST thus fail
> + _, _, returncode = barebox.run("md5sum /mnt/bad/english")
> + assert returncode != 0, "'english' should not be readable from 'bad'"
> +
> + barebox.run_check("umount /dev/good")
> + barebox.run_check("veritysetup close good")
> +
> + barebox.run_check("umount /dev/bad")
> + barebox.run_check("veritysetup close bad")
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
next prev parent reply other threads:[~2025-09-22 15:45 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-18 7:43 [PATCH 00/11] dm: verity: Add transparent integrity checking target Tobias Waldekranz
2025-09-18 7:43 ` [PATCH 01/11] dm: Add helper to manage a lower device Tobias Waldekranz
2025-09-18 7:43 ` [PATCH 02/11] dm: linear: Refactor to make use of the generalized cdev management Tobias Waldekranz
2025-09-18 7:43 ` [PATCH 03/11] dm: verity: Add transparent integrity checking target Tobias Waldekranz
2025-09-18 13:06 ` Sascha Hauer
2025-09-18 7:43 ` [PATCH 04/11] dm: verity: Add helper to parse superblock information Tobias Waldekranz
2025-09-18 7:43 ` [PATCH 05/11] commands: veritysetup: Create dm-verity devices Tobias Waldekranz
2025-09-18 7:43 ` [PATCH 06/11] ci: pytest: Open up testfs to more consumers than the FIT test Tobias Waldekranz
2025-09-22 15:38 ` Ahmad Fatoum
2025-09-18 7:43 ` [PATCH 07/11] ci: pytest: Enable testfs feature on malta boards Tobias Waldekranz
2025-09-22 15:40 ` Ahmad Fatoum
2025-09-18 7:43 ` [PATCH 08/11] ci: pytest: Generate test data for dm-verity Tobias Waldekranz
2025-09-22 15:41 ` Ahmad Fatoum
2025-09-18 7:43 ` [PATCH 09/11] test: pytest: add basic dm-verity test Tobias Waldekranz
2025-09-22 15:44 ` Ahmad Fatoum [this message]
2025-09-18 7:43 ` [PATCH 10/11] ci: pytest: Centralize feature discovery to a separate step Tobias Waldekranz
2025-09-22 15:45 ` Ahmad Fatoum
2025-09-18 7:43 ` [PATCH 11/11] ci: pytest: Enable device-mapper labgrid tests Tobias Waldekranz
2025-09-22 15:46 ` Ahmad Fatoum
2025-09-18 14:08 ` [PATCH 00/11] dm: verity: Add transparent integrity checking target Sascha Hauer
2025-09-18 15:38 ` Tobias Waldekranz
2025-09-23 6:30 ` Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=09562aab-2548-4d07-b742-853b2f6f7cb4@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=tobias@waldekranz.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox