From: Petr Vorel <pvorel@suse.cz>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH v2 2/2] IMA: Add a test to verify importing a certificate into keyring
Date: Tue, 16 Jun 2020 12:26:18 +0200 [thread overview]
Message-ID: <20200616102618.GA4513@dell5510> (raw)
In-Reply-To: <20200612143842.3993-3-t-josne@linux.microsoft.com>
Hi Lachlan,
few details (all can be fixed by me before merge, no need to repost).
Reviewed-by: Petr Vorel <pvorel@suse.cz>
...
> +++ b/testcases/kernel/security/integrity/ima/tests/ima_keys.sh
> @@ -5,10 +5,12 @@
> # Verify that keys are measured correctly based on policy.
> -TST_NEEDS_CMDS="awk cut xxd"
> -TST_CNT=1
> +TST_NEEDS_CMDS="awk cut xxd keyctl evmctl openssl cmp"
TST_NEEDS_CMDS="awk cmp cut evmctl keyctl openssl sed xxd"
(I ignore tail, if there is cut, sed and openssl it should be there,
the same rule as for grep).
> +TST_CNT=2
> TST_NEEDS_DEVICE=1
> +CERT_FILE="${CERT_FILE:-}/etc/keys/x509_ima.der"
I'm sorry, I was wrong, this must be:
CERT_FILE="${CERT_FILE:-/etc/keys/x509_ima.der}"
> +
> . ima_setup.sh
> # Based on https://lkml.org/lkml/2019/12/13/564.
> @@ -62,4 +64,43 @@ test1()
> tst_res TPASS "specified keyrings were measured correctly"
> }
> +
> +# Test that a cert can be imported into the ".ima" keyring correctly.
> +test2() {
> + local keyring_id key_id test_file="$PWD/test.txt"
nit: Can test_file use relative path?
local test_file="test.txt"
Kind regards,
Petr
next prev parent reply other threads:[~2020-06-16 10:26 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-12 14:38 [LTP] [PATCH v2 0/2] IMA: Key Measurement + Certificate Measurement Tests Lachlan Sneff
2020-06-12 14:38 ` [LTP] [PATCH v2 1/2] IMA: Add a test to verify measurment of keys Lachlan Sneff
2020-06-16 15:31 ` Petr Vorel
2020-06-19 8:56 ` Petr Vorel
2020-06-12 14:38 ` [LTP] [PATCH v2 2/2] IMA: Add a test to verify importing a certificate into keyring Lachlan Sneff
2020-06-16 10:26 ` Petr Vorel [this message]
2020-06-16 15:55 ` Petr Vorel
2020-06-16 21:18 ` Lachlan Sneff
2020-06-19 9:17 ` Petr Vorel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200616102618.GA4513@dell5510 \
--to=pvorel@suse.cz \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.