Add: Qualcomm User Data Encryption test script & Document #141
Conversation
xbharani
commented
Aug 11, 2025
xbharani
commented
- Checks for fscryptctl binary presence
- Creates a random sw encryption key
- Applies and verifies encryption policy
- Confirms functionality with a test file
Runner/suites/Kernel/Baseport/UserDataEncryption/README_UserDataEncryption.md
Outdated
Show resolved
Hide resolved
|
This pull request has been marked as stale due to 30 days of inactivity. To prevent automatic closure in 7 days, remove the stale label or add a comment. You can reopen a closed pull request at any time. |
|
@xbharani Any update on the requested changes? |
|
This pull request has been marked as stale due to 30 days of inactivity. To prevent automatic closure in 7 days, remove the stale label or add a comment. You can reopen a closed pull request at any time. |
xbharani
force-pushed
the
main
branch
2 times, most recently
from
bd6eccf to
56d715d
Compare
xbharani
force-pushed
the
main
branch
2 times, most recently
from
686cf9f to
8f29437
Compare
smuppand
left a comment
smuppand
left a comment
There was a problem hiding this comment.
the script is close, but a few things will bite in CI / reliability, plus a couple of correctness/safety issues.
smuppand
left a comment
smuppand
left a comment
There was a problem hiding this comment.
A few additional minor changes are required. Other than that, everything appears to be fine.
Runner/suites/Kernel/Baseport/UserDataEncryption/README_UserDataEncryption.md
Outdated
Show resolved
Hide resolved
Runner/suites/Kernel/Baseport/UserDataEncryption/README_UserDataEncryption.md
Outdated
Show resolved
Hide resolved
smuppand
left a comment
smuppand
left a comment
There was a problem hiding this comment.
Few nice to have changes
smuppand
left a comment
smuppand
left a comment
There was a problem hiding this comment.
Still few must fix items.
| log_info "Created unique mount directory: $MOUNT_DIR" | ||
|
|
||
|
|
||
| FS_PATH=$(df --output=target "$MOUNT_DIR" | tail -n 1) |
There was a problem hiding this comment.
if there's any chance of a busybox/ non-GNU environment, just be aware --output=target may not exist. Given the meta-qcom target, it's probably fine. If we want to be ultra-portable in future, this part might be abstracted into hlper, but for now it's acceptable.
Still it is not addressed. This is ok most of the time. But it can include leading spaces depending on the df output formatting.
safer
FS_PATH="$(df --output=target "$MOUNT_DIR" 2>/dev/null | awk 'NR==2{print $1}')"
- Checks for fscryptctl binary presence - Creates a random sw encryption key - Applies and verifies encryption policy - Confirms functionality with a test file - Added yaml config Signed-off-by: Bharani Bhuvanagiri <bbharani@qti.qualcomm.com>
| if ! "$FSCRYPTCTL" remove_key "$key_id" "$FS_PATH" >/dev/null 2>&1; then | ||
| log_warn "Failed to remove key $key_id from $FS_PATH" | ||
| else | ||
| log_warn "removed key $key_id from $FS_PATH" |
|
|
||
| add_key_output=$("$FSCRYPTCTL" add_key "$FS_PATH" < "$KEY_FILE" 2>&1) | ||
| rc=$? | ||
| key_id=$(printf '%s\n' "$add_key_output" | head -n1) |
There was a problem hiding this comment.
Make key_id parsing robust.
key_id=$(printf '%s\n' "$add_key_output" | awk 'match($0,/^[0-9a-fA-F]{32}$/){print $0; exit}')
| FS_PATH=$(df --output=target -- "$MOUNT_DIR" 2>/dev/null | awk 'NR==2{print $1}') | ||
|
|
||
| if [ -z "${FS_PATH:-}" ]; then | ||
| FS_PATH=$(df -- "$MOUNT_DIR" 2>/dev/null | awk 'NR==2{print $NF}') |
There was a problem hiding this comment.
use posix-ish df fallback
FS_PATH=$(df -P "$MOUNT_DIR" 2>/dev/null | awk 'NR==2{print $6}')
3 participants
