Re: [PATCH 09/11] test: pytest: add basic dm-verity test

Mon, 22 Sep 2025 08:45:13 -0700 

On 18.09.25 09:43, Tobias Waldekranz wrote:
> From a consistent dm-verity device (good):
> 
> - Ensure that we can read from the underlying filesystem.
> 
> From a dm-verity device where the data device does not match the hash
> tree (bad):
> 
> - Ensure that unmodified parts are readable
> - Ensure that reading from a modified block results in an I/O error
> 
> Signed-off-by: Tobias Waldekranz <tob...@waldekranz.com>

Reviewed-by: Ahmad Fatoum <a.fat...@pengutronix.de>

Thanks for including a test!
Ahmad

> ---
>  test/py/test_dm.py | 38 ++++++++++++++++++++++++++++++++++++++
>  1 file changed, 38 insertions(+)
>  create mode 100644 test/py/test_dm.py
> 
> diff --git a/test/py/test_dm.py b/test/py/test_dm.py
> new file mode 100644
> index 0000000000..a9debd85b5
> --- /dev/null
> +++ b/test/py/test_dm.py
> @@ -0,0 +1,38 @@
> +# SPDX-License-Identifier: GPL-2.0-or-later
> +
> +import re
> +import pytest
> +from .helper import of_get_property
> +
> +
> +
> +def test_dm_verity(barebox):
> +    _, _, returncode = barebox.run("ls /mnt/9p/testfs")
> +    if returncode != 0:
> +        pytest.xfail("skipping test due to missing --fs testfs=")
> +
> +    barebox.run_check("cd /mnt/9p/testfs")
> +
> +    # Since commands run in a subshell, export the root hash in a
> +    # global, so that we can access it from subsequent commands
> +    barebox.run_check("readf good.hash roothash && global 
> roothash=$roothash")
> +
> +    barebox.run_check("veritysetup open good.fat good good.verity 
> $global.roothash")
> +    barebox.run_check("veritysetup open bad.fat  bad  good.verity 
> $global.roothash")
> +
> +    barebox.run_check("md5sum /mnt/good/latin /mnt/good/english")
> +
> +    # 'latin' has not been modified, so it should read fine even from
> +    # 'bad'
> +    barebox.run_check("md5sum /mnt/bad/latin")
> +
> +    # 'english' however, does not match the data in the hash tree and
> +    # MUST thus fail
> +    _, _, returncode = barebox.run("md5sum /mnt/bad/english")
> +    assert returncode != 0, "'english' should not be readable from 'bad'"
> +
> +    barebox.run_check("umount /dev/good")
> +    barebox.run_check("veritysetup close good")
> +
> +    barebox.run_check("umount /dev/bad")
> +    barebox.run_check("veritysetup close bad")


-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

Reply via email to