backup-restore-luks2 2.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384
  1. #!/bin/bash -ex
  2. # vim: set ts=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
  3. #
  4. # Copyright (c) 2020 Red Hat, Inc.
  5. # Author: Sergio Correia <scorreia@redhat.com>
  6. #
  7. # This program is free software: you can redistribute it and/or modify
  8. # it under the terms of the GNU General Public License as published by
  9. # the Free Software Foundation, either version 3 of the License, or
  10. # (at your option) any later version.
  11. #
  12. # This program is distributed in the hope that it will be useful,
  13. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. # GNU General Public License for more details.
  16. #
  17. # You should have received a copy of the GNU General Public License
  18. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  19. #
  20. TEST=$(basename "${0}")
  21. . tests-common-functions
  22. . clevis-luks-common-functions
  23. on_exit() {
  24. [ -d "${TMP}" ] && rm -rf "${TMP}"
  25. }
  26. trap 'on_exit' EXIT
  27. TMP="$(mktemp -d)"
  28. ADV="${TMP}/adv.jws"
  29. create_tang_adv "${ADV}"
  30. CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
  31. # LUKS1.
  32. DEV="${TMP}/luks2-device"
  33. new_device "luks2" "${DEV}"
  34. for slt in 6 2 3; do
  35. if ! clevis luks bind -f -d "${DEV}" -s "${slt}" tang "${CFG}" <<< "${DEFAULT_PASS}"; then
  36. error "${TEST}: [slot: $slt] Binding is expected to succeed when given a correct (${DEFAULT_PASS}) password." >&2
  37. fi
  38. done
  39. # Backup device.
  40. if ! clevis_luks_backup_dev "${DEV}" "${TMP}"; then
  41. error "${TEST}: problem performing device backup"
  42. fi
  43. # Save the original device for conference later.
  44. BKPDEV="${TMP}"/device-for-conference
  45. cp "${DEV}" "${BKPDEV}"
  46. # Recreate device
  47. new_device "luks2" "${DEV}"
  48. used_slots=$(clevis_luks_used_slots "${DEV}")
  49. if [ "${used_slots}" -ne 0 ]; then
  50. error "${TEST}: only used slot shold be 0 ($used_slots)"
  51. fi
  52. if compare_luks_header "${DEV}" "${BKPDEV}" "${TMP}"; then
  53. error "${TEST}: LUKS headers should not match"
  54. fi
  55. if compare_luks2_metadata "${DEV}" "${BKPDEV}"; then
  56. error "${TEST}: LUKS metadata should not match"
  57. fi
  58. # Restore from backup.
  59. if ! clevis_luks_restore_dev "${TMP}"; then
  60. error "${TEST}: problem performing device restore"
  61. fi
  62. if ! compare_luks_header "${DEV}" "${BKPDEV}" "${TMP}"; then
  63. error "${TEST}: LUKS headers should match"
  64. fi
  65. if ! compare_luks2_metadata "${DEV}" "${BKPDEV}"; then
  66. error "${TEST}: metadata should match"
  67. fi