[PATCH 09/11] test: pytest: add basic dm-verity test

Tobias Waldekranz tobias at waldekranz.com
Thu Sep 18 00:43:19 PDT 2025 

>From a consistent dm-verity device (good):

- Ensure that we can read from the underlying filesystem.

>From a dm-verity device where the data device does not match the hash
tree (bad):

- Ensure that unmodified parts are readable
- Ensure that reading from a modified block results in an I/O error

Signed-off-by: Tobias Waldekranz <tobias at waldekranz.com>
---
 test/py/test_dm.py | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 test/py/test_dm.py

diff --git a/test/py/test_dm.py b/test/py/test_dm.py
new file mode 100644
index 0000000000..a9debd85b5
--- /dev/null
+++ b/test/py/test_dm.py
@@ -0,0 +1,38 @@
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+import re
+import pytest
+from .helper import of_get_property
+
+
+
+def test_dm_verity(barebox):
+    _, _, returncode = barebox.run("ls /mnt/9p/testfs")
+    if returncode != 0:
+        pytest.xfail("skipping test due to missing --fs testfs=")
+
+    barebox.run_check("cd /mnt/9p/testfs")
+
+    # Since commands run in a subshell, export the root hash in a
+    # global, so that we can access it from subsequent commands
+    barebox.run_check("readf good.hash roothash && global roothash=$roothash")
+
+    barebox.run_check("veritysetup open good.fat good good.verity $global.roothash")
+    barebox.run_check("veritysetup open bad.fat  bad  good.verity $global.roothash")
+
+    barebox.run_check("md5sum /mnt/good/latin /mnt/good/english")
+
+    # 'latin' has not been modified, so it should read fine even from
+    # 'bad'
+    barebox.run_check("md5sum /mnt/bad/latin")
+
+    # 'english' however, does not match the data in the hash tree and
+    # MUST thus fail
+    _, _, returncode = barebox.run("md5sum /mnt/bad/english")
+    assert returncode != 0, "'english' should not be readable from 'bad'"
+
+    barebox.run_check("umount /dev/good")
+    barebox.run_check("veritysetup close good")
+
+    barebox.run_check("umount /dev/bad")
+    barebox.run_check("veritysetup close bad")
-- 
2.43.0

More information about the barebox mailing list