Add: Qualcomm User Data Encryption test script & Document #141
Conversation
xbharani
commented
Aug 11, 2025
xbharani
commented
- Checks for fscryptctl binary presence
- Creates a random sw encryption key
- Applies and verifies encryption policy
- Confirms functionality with a test file
|
|
||
| log_info "Checking if dependency binary is available" | ||
| check_dependencies fscryptctl | ||
|
|
There was a problem hiding this comment.
Kernel/filesystem precheck: Add check_kernel_config CONFIG_FS_ENCRYPTION (and optional CONFIG_FS_VERITY if you care) to SKIP gracefully on kernels without fscrypt. Also verify that the mount backing $MOUNT_DIR is ext4/f2fs with encryption support (or at least that add_key succeeds on that mountpoint).
There was a problem hiding this comment.
check for add_key success exists,
key_id=$("$FSCRYPTCTL" add_key "$FS_PATH" < "$KEY_FILE" 2>/dev/null)
if [ -z "$key_id" ]; then
log_fail "$TESTNAME : Failed to add encryption key"
Runner/suites/Kernel/Baseport/UserDataEncryption/README_UserDataEncryption.md
Outdated
Show resolved
Hide resolved
|
This pull request has been marked as stale due to 30 days of inactivity. To prevent automatic closure in 7 days, remove the stale label or add a comment. You can reopen a closed pull request at any time. |
|
@xbharani Any update on the requested changes? |
|
This pull request has been marked as stale due to 30 days of inactivity. To prevent automatic closure in 7 days, remove the stale label or add a comment. You can reopen a closed pull request at any time. |
| TESTNAME="UserDataEncryption" | ||
| test_path=$(find_test_case_by_name "$TESTNAME") | ||
| cd "$test_path" || exit 1 | ||
| res_file="./$TESTNAME.res" |
There was a problem hiding this comment.
Result file isn’t written for some early exits (e.g., not root / init_env missing).
If your CI expects a .res, write it before exiting anywhere you can. Minimal way: define res_file early and use it in early failures:
There was a problem hiding this comment.
only early exits where res_file is not created is script root & init_env, we cannot create res_file for these as the res_file path is created post init_env.
No code change for fixing this.
- Checks for fscryptctl binary presence - Creates a random sw encryption key - Applies and verifies encryption policy - Confirms functionality with a test file - Added yaml config Signed-off-by: Bharani Bhuvanagiri <[email protected]>
| # Ensure script runs as root | ||
| if [ "$(id -u)" -ne 0 ]; then | ||
| echo "[ERROR] This script must be run as root." >&2 | ||
| exit 1 |
There was a problem hiding this comment.
Use exit 0 as in Lava. If the script uses exit 1, it will not proceed to the remaining tests.
| check_dependencies "$FSCRYPTCTL" | ||
|
|
||
| if ! command -v "$FSCRYPTCTL" >/dev/null 2>&1; then | ||
| log_fail "$FSCRYPTCTL binary was not found. Skipping $TESTNAME." |
| log_fail "Path not found for $TESTNAME test. Falling back to SCRIPT_DIR: $SCRIPT_DIR" | ||
| test_path="$SCRIPT_DIR" | ||
|
|
||
| echo "$TESTNAME FAIL" > "$SCRIPT_DIR/$TESTNAME.res" |
There was a problem hiding this comment.
It's nicer if every test always write the .res in test_path, not in SCRIPT_DIR
|
|
||
| # Globals that cleanup will use | ||
| key_id="" | ||
| KEY_FILE="" |
There was a problem hiding this comment.
It's slightly safer to inititalize globals before trap so they're always defined.
MOUNT_DIR=""
FS_PATH=""
| fi | ||
|
|
||
| if [ -d "$MOUNT_DIR" ]; then | ||
| rmdir "$MOUNT_DIR" 2>/dev/null || true |
There was a problem hiding this comment.
you always log "Removed mount directory" even if it failed. Better add precise logs, check the return code.
| if ! echo "$status" | grep -q "^Present"; then | ||
| log_fail "$TESTNAME : Key is not usable (status: $status)" | ||
| echo "$TESTNAME FAIL" > "$res_file" | ||
| exit 1 |
| if ! "$FSCRYPTCTL" set_policy "$key_id" "$MOUNT_DIR"; then | ||
| log_fail "$TESTNAME : Failed to set encryption policy" | ||
| echo "$TESTNAME FAIL" > "$res_file" | ||
| exit 1 |
| else | ||
| log_fail "$TESTNAME : Failed to create temporary key file" | ||
| echo "[ERROR] Failed to create temporary key file" >&2 | ||
| exit 1 |
| if ! head -c 64 /dev/urandom > "$KEY_FILE"; then | ||
| log_fail "$TESTNAME : Failed to generate encryption key" | ||
| echo "$TESTNAME FAIL" > "$res_file" | ||
| exit 1 |
| else | ||
| log_fail "$TESTNAME : Test Failed" | ||
| echo "$TESTNAME FAIL" > "$res_file" | ||
| exit 1 |
3 participants
