From: Eric Biggers <ebiggers@kernel.org>
To: fstests@vger.kernel.org
Cc: Jaegeuk Kim <jaegeuk@kernel.org>,
linux-fscrypt@vger.kernel.org, linux-ext4@vger.kernel.org,
"Theodore Y . Ts'o" <tytso@mit.edu>,
linux-f2fs-devel@lists.sourceforge.net
Subject: [PATCH v4 0/8] xfstests: add fs-verity tests
Date: Mon, 30 Sep 2019 14:15:45 -0700 [thread overview]
Message-ID: <20190930211553.64208-1-ebiggers@kernel.org> (raw)
Add tests for fs-verity. fs-verity is an ext4 and f2fs filesystem
feature which provides Merkle tree based hashing (similar to dm-verity)
for individual read-only files, mainly for the purpose of efficient
authenticity verification. Other filesystems may add fs-verity support
later, using the same API.
Running these tests requires:
- Kernel v5.4-rc1 or later configured with CONFIG_FS_VERITY=y,
and optionally CONFIG_FS_ENCRYPTION=y (for generic/904),
CONFIG_FS_VERITY_BUILTIN_SIGNATURES=y (for generic/905), and
CONFIG_CRYPTO_SHA512=y (for generic/903 to cover SHA-512).
- The 'fsverity' utility program from
https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/fsverity-utils.git
- e2fsprogs v1.45.2 or later for ext4 tests, or f2fs-tools v1.11.0 or
later for f2fs tests
- generic/905 also requires the 'openssl' program.
Example with kvm-xfstests:
$ kvm-xfstests -c ext4,f2fs -g verity
For more information about fs-verity, see
https://www.kernel.org/doc/html/latest/filesystems/fsverity.html
This patchset can also be retrieved from tag "fsverity_2019-09-30" of
https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/xfstests-dev.git
Note: my other pending xfstests patchset
"xfstests: add tests for fscrypt key management improvements"
renames the function _generate_encryption_key(), which is used by
generic/904 in this patchset. This will need to be fixed up when the
second of these two patchsets is merged.
Changed since v3:
- Update generic/900 to also test executing FS_IOC_ENABLE_VERITY while
another process is already executing it on the same file.
Changed since v2:
- Updated the signature verification test (generic/905) to match the
latest kernel and fsverity-utils changes.
- Added _fsv_sign() utility function.
- Correctly skip the fs-verity tests on ext3-style filesystems.
Changed since v1:
- Updated all tests to use the new fs-verity kernel API.
- Many cleanups, additional checks in the tests, and other improvements.
- Addressed review comments from Eryu Guan.
- Added a test for the built-in signature verification feature.
- Removed the fs-verity descriptor validation test, since the on-disk
format of this part was greatly simplified and made fs-specific.
Eric Biggers (8):
common/filter: add _filter_xfs_io_fiemap()
common/verity: add common functions for testing fs-verity
generic: test general behavior of verity files
generic: test access controls on the fs-verity ioctls
generic: test corrupting verity files
generic: test that fs-verity is using the correct measurement values
generic: test using fs-verity and fscrypt simultaneously
generic: test the fs-verity built-in signature verification support
common/config | 2 +
common/filter | 24 +++++
common/verity | 215 ++++++++++++++++++++++++++++++++++++++++++
tests/generic/900 | 199 ++++++++++++++++++++++++++++++++++++++
tests/generic/900.out | 74 +++++++++++++++
tests/generic/901 | 73 ++++++++++++++
tests/generic/901.out | 14 +++
tests/generic/902 | 154 ++++++++++++++++++++++++++++++
tests/generic/902.out | 91 ++++++++++++++++++
tests/generic/903 | 112 ++++++++++++++++++++++
tests/generic/903.out | 5 +
tests/generic/904 | 80 ++++++++++++++++
tests/generic/904.out | 12 +++
tests/generic/905 | 150 +++++++++++++++++++++++++++++
tests/generic/905.out | 42 +++++++++
tests/generic/group | 6 ++
16 files changed, 1253 insertions(+)
create mode 100644 common/verity
create mode 100755 tests/generic/900
create mode 100644 tests/generic/900.out
create mode 100755 tests/generic/901
create mode 100644 tests/generic/901.out
create mode 100755 tests/generic/902
create mode 100644 tests/generic/902.out
create mode 100755 tests/generic/903
create mode 100644 tests/generic/903.out
create mode 100755 tests/generic/904
create mode 100644 tests/generic/904.out
create mode 100755 tests/generic/905
create mode 100644 tests/generic/905.out
--
2.23.0.444.g18eeb5a265-goog
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org>
To: fstests@vger.kernel.org
Cc: linux-fscrypt@vger.kernel.org, linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
Jaegeuk Kim <jaegeuk@kernel.org>,
"Theodore Y . Ts'o" <tytso@mit.edu>
Subject: [PATCH v4 0/8] xfstests: add fs-verity tests
Date: Mon, 30 Sep 2019 14:15:45 -0700 [thread overview]
Message-ID: <20190930211553.64208-1-ebiggers@kernel.org> (raw)
Message-ID: <20190930211545.uL9emo26hJXX00CmSguUcYs2E4wpFzKyU5KHiqjHab0@z> (raw)
Add tests for fs-verity. fs-verity is an ext4 and f2fs filesystem
feature which provides Merkle tree based hashing (similar to dm-verity)
for individual read-only files, mainly for the purpose of efficient
authenticity verification. Other filesystems may add fs-verity support
later, using the same API.
Running these tests requires:
- Kernel v5.4-rc1 or later configured with CONFIG_FS_VERITY=y,
and optionally CONFIG_FS_ENCRYPTION=y (for generic/904),
CONFIG_FS_VERITY_BUILTIN_SIGNATURES=y (for generic/905), and
CONFIG_CRYPTO_SHA512=y (for generic/903 to cover SHA-512).
- The 'fsverity' utility program from
https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/fsverity-utils.git
- e2fsprogs v1.45.2 or later for ext4 tests, or f2fs-tools v1.11.0 or
later for f2fs tests
- generic/905 also requires the 'openssl' program.
Example with kvm-xfstests:
$ kvm-xfstests -c ext4,f2fs -g verity
For more information about fs-verity, see
https://www.kernel.org/doc/html/latest/filesystems/fsverity.html
This patchset can also be retrieved from tag "fsverity_2019-09-30" of
https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/xfstests-dev.git
Note: my other pending xfstests patchset
"xfstests: add tests for fscrypt key management improvements"
renames the function _generate_encryption_key(), which is used by
generic/904 in this patchset. This will need to be fixed up when the
second of these two patchsets is merged.
Changed since v3:
- Update generic/900 to also test executing FS_IOC_ENABLE_VERITY while
another process is already executing it on the same file.
Changed since v2:
- Updated the signature verification test (generic/905) to match the
latest kernel and fsverity-utils changes.
- Added _fsv_sign() utility function.
- Correctly skip the fs-verity tests on ext3-style filesystems.
Changed since v1:
- Updated all tests to use the new fs-verity kernel API.
- Many cleanups, additional checks in the tests, and other improvements.
- Addressed review comments from Eryu Guan.
- Added a test for the built-in signature verification feature.
- Removed the fs-verity descriptor validation test, since the on-disk
format of this part was greatly simplified and made fs-specific.
Eric Biggers (8):
common/filter: add _filter_xfs_io_fiemap()
common/verity: add common functions for testing fs-verity
generic: test general behavior of verity files
generic: test access controls on the fs-verity ioctls
generic: test corrupting verity files
generic: test that fs-verity is using the correct measurement values
generic: test using fs-verity and fscrypt simultaneously
generic: test the fs-verity built-in signature verification support
common/config | 2 +
common/filter | 24 +++++
common/verity | 215 ++++++++++++++++++++++++++++++++++++++++++
tests/generic/900 | 199 ++++++++++++++++++++++++++++++++++++++
tests/generic/900.out | 74 +++++++++++++++
tests/generic/901 | 73 ++++++++++++++
tests/generic/901.out | 14 +++
tests/generic/902 | 154 ++++++++++++++++++++++++++++++
tests/generic/902.out | 91 ++++++++++++++++++
tests/generic/903 | 112 ++++++++++++++++++++++
tests/generic/903.out | 5 +
tests/generic/904 | 80 ++++++++++++++++
tests/generic/904.out | 12 +++
tests/generic/905 | 150 +++++++++++++++++++++++++++++
tests/generic/905.out | 42 +++++++++
tests/generic/group | 6 ++
16 files changed, 1253 insertions(+)
create mode 100644 common/verity
create mode 100755 tests/generic/900
create mode 100644 tests/generic/900.out
create mode 100755 tests/generic/901
create mode 100644 tests/generic/901.out
create mode 100755 tests/generic/902
create mode 100644 tests/generic/902.out
create mode 100755 tests/generic/903
create mode 100644 tests/generic/903.out
create mode 100755 tests/generic/904
create mode 100644 tests/generic/904.out
create mode 100755 tests/generic/905
create mode 100644 tests/generic/905.out
--
2.23.0.444.g18eeb5a265-goog
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org>
To: fstests@vger.kernel.org
Cc: Jaegeuk Kim <jaegeuk@kernel.org>,
linux-fscrypt@vger.kernel.org, linux-ext4@vger.kernel.org,
"Theodore Y . Ts'o" <tytso@mit.edu>,
linux-f2fs-devel@lists.sourceforge.net
Subject: [f2fs-dev] [PATCH v4 0/8] xfstests: add fs-verity tests
Date: Mon, 30 Sep 2019 14:15:45 -0700 [thread overview]
Message-ID: <20190930211553.64208-1-ebiggers@kernel.org> (raw)
Add tests for fs-verity. fs-verity is an ext4 and f2fs filesystem
feature which provides Merkle tree based hashing (similar to dm-verity)
for individual read-only files, mainly for the purpose of efficient
authenticity verification. Other filesystems may add fs-verity support
later, using the same API.
Running these tests requires:
- Kernel v5.4-rc1 or later configured with CONFIG_FS_VERITY=y,
and optionally CONFIG_FS_ENCRYPTION=y (for generic/904),
CONFIG_FS_VERITY_BUILTIN_SIGNATURES=y (for generic/905), and
CONFIG_CRYPTO_SHA512=y (for generic/903 to cover SHA-512).
- The 'fsverity' utility program from
https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/fsverity-utils.git
- e2fsprogs v1.45.2 or later for ext4 tests, or f2fs-tools v1.11.0 or
later for f2fs tests
- generic/905 also requires the 'openssl' program.
Example with kvm-xfstests:
$ kvm-xfstests -c ext4,f2fs -g verity
For more information about fs-verity, see
https://www.kernel.org/doc/html/latest/filesystems/fsverity.html
This patchset can also be retrieved from tag "fsverity_2019-09-30" of
https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/xfstests-dev.git
Note: my other pending xfstests patchset
"xfstests: add tests for fscrypt key management improvements"
renames the function _generate_encryption_key(), which is used by
generic/904 in this patchset. This will need to be fixed up when the
second of these two patchsets is merged.
Changed since v3:
- Update generic/900 to also test executing FS_IOC_ENABLE_VERITY while
another process is already executing it on the same file.
Changed since v2:
- Updated the signature verification test (generic/905) to match the
latest kernel and fsverity-utils changes.
- Added _fsv_sign() utility function.
- Correctly skip the fs-verity tests on ext3-style filesystems.
Changed since v1:
- Updated all tests to use the new fs-verity kernel API.
- Many cleanups, additional checks in the tests, and other improvements.
- Addressed review comments from Eryu Guan.
- Added a test for the built-in signature verification feature.
- Removed the fs-verity descriptor validation test, since the on-disk
format of this part was greatly simplified and made fs-specific.
Eric Biggers (8):
common/filter: add _filter_xfs_io_fiemap()
common/verity: add common functions for testing fs-verity
generic: test general behavior of verity files
generic: test access controls on the fs-verity ioctls
generic: test corrupting verity files
generic: test that fs-verity is using the correct measurement values
generic: test using fs-verity and fscrypt simultaneously
generic: test the fs-verity built-in signature verification support
common/config | 2 +
common/filter | 24 +++++
common/verity | 215 ++++++++++++++++++++++++++++++++++++++++++
tests/generic/900 | 199 ++++++++++++++++++++++++++++++++++++++
tests/generic/900.out | 74 +++++++++++++++
tests/generic/901 | 73 ++++++++++++++
tests/generic/901.out | 14 +++
tests/generic/902 | 154 ++++++++++++++++++++++++++++++
tests/generic/902.out | 91 ++++++++++++++++++
tests/generic/903 | 112 ++++++++++++++++++++++
tests/generic/903.out | 5 +
tests/generic/904 | 80 ++++++++++++++++
tests/generic/904.out | 12 +++
tests/generic/905 | 150 +++++++++++++++++++++++++++++
tests/generic/905.out | 42 +++++++++
tests/generic/group | 6 ++
16 files changed, 1253 insertions(+)
create mode 100644 common/verity
create mode 100755 tests/generic/900
create mode 100644 tests/generic/900.out
create mode 100755 tests/generic/901
create mode 100644 tests/generic/901.out
create mode 100755 tests/generic/902
create mode 100644 tests/generic/902.out
create mode 100755 tests/generic/903
create mode 100644 tests/generic/903.out
create mode 100755 tests/generic/904
create mode 100644 tests/generic/904.out
create mode 100755 tests/generic/905
create mode 100644 tests/generic/905.out
--
2.23.0.444.g18eeb5a265-goog
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next reply other threads:[~2019-09-30 21:15 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-30 21:15 Eric Biggers [this message]
2019-09-30 21:15 ` [f2fs-dev] [PATCH v4 0/8] xfstests: add fs-verity tests Eric Biggers
2019-09-30 21:15 ` Eric Biggers
2019-09-30 21:15 ` [PATCH v4 1/8] common/filter: add _filter_xfs_io_fiemap() Eric Biggers
2019-09-30 21:15 ` [f2fs-dev] " Eric Biggers
2019-09-30 21:15 ` Eric Biggers
2019-09-30 21:15 ` [PATCH v4 2/8] common/verity: add common functions for testing fs-verity Eric Biggers
2019-09-30 21:15 ` [f2fs-dev] " Eric Biggers
2019-09-30 21:15 ` Eric Biggers
2019-09-30 21:15 ` [PATCH v4 3/8] generic: test general behavior of verity files Eric Biggers
2019-09-30 21:15 ` [f2fs-dev] " Eric Biggers
2019-09-30 21:15 ` Eric Biggers
2019-09-30 21:15 ` [PATCH v4 4/8] generic: test access controls on the fs-verity ioctls Eric Biggers
2019-09-30 21:15 ` [f2fs-dev] " Eric Biggers
2019-09-30 21:15 ` Eric Biggers
2019-09-30 21:15 ` [PATCH v4 5/8] generic: test corrupting verity files Eric Biggers
2019-09-30 21:15 ` [f2fs-dev] " Eric Biggers
2019-09-30 21:15 ` Eric Biggers
2019-09-30 21:15 ` [PATCH v4 6/8] generic: test that fs-verity is using the correct measurement values Eric Biggers
2019-09-30 21:15 ` [f2fs-dev] " Eric Biggers
2019-09-30 21:15 ` Eric Biggers
2019-09-30 21:15 ` [PATCH v4 7/8] generic: test using fs-verity and fscrypt simultaneously Eric Biggers
2019-09-30 21:15 ` [f2fs-dev] " Eric Biggers
2019-09-30 21:15 ` Eric Biggers
2019-09-30 21:15 ` [PATCH v4 8/8] generic: test the fs-verity built-in signature verification support Eric Biggers
2019-09-30 21:15 ` [f2fs-dev] " Eric Biggers
2019-09-30 21:15 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190930211553.64208-1-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=fstests@vger.kernel.org \
--cc=jaegeuk@kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.