Skip to content

Add: Qualcomm User Data Encryption test script & Document #141

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
xbharani wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add: Qualcomm User Data Encryption test script & Document #141

xbharani wants to merge 1 commit into from
+397 −0

Conversation

@xbharani
Copy link

@xbharani xbharani commented Aug 11, 2025

  • Checks for fscryptctl binary presence
  • Creates a random sw encryption key
  • Applies and verifies encryption policy
  • Confirms functionality with a test file

smuppand
smuppand reviewed Aug 12, 2025
View reviewed changes
@github-actions
Copy link

github-actions bot commented Sep 12, 2025

This pull request has been marked as stale due to 30 days of inactivity. To prevent automatic closure in 7 days, remove the stale label or add a comment. You can reopen a closed pull request at any time.

@github-actions github-actions bot added the Stale label Sep 12, 2025
@smuppand
Copy link
Contributor

smuppand commented Sep 12, 2025

@xbharani Any update on the requested changes?

@github-actions github-actions bot removed the Stale label Sep 13, 2025
@github-actions
Copy link

github-actions bot commented Oct 16, 2025

This pull request has been marked as stale due to 30 days of inactivity. To prevent automatic closure in 7 days, remove the stale label or add a comment. You can reopen a closed pull request at any time.

@github-actions github-actions bot added the Stale label Oct 16, 2025
@github-actions github-actions bot closed this Oct 23, 2025
@vnarapar vnarapar reopened this Oct 24, 2025
@github-actions github-actions bot removed the Stale label Oct 25, 2025
smuppand
smuppand requested changes Oct 28, 2025
View reviewed changes
@xbharani xbharani force-pushed the main branch 2 times, most recently from bd6eccf to 56d715d Compare November 20, 2025 09:52
smuppand
smuppand requested changes Nov 25, 2025
View reviewed changes
@xbharani xbharani force-pushed the main branch 2 times, most recently from 686cf9f to 8f29437 Compare December 8, 2025 05:26
smuppand
smuppand requested changes Dec 8, 2025
View reviewed changes
smuppand
smuppand requested changes Dec 19, 2025
View reviewed changes
Copy link
Contributor

@smuppand smuppand left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the script is close, but a few things will bite in CI / reliability, plus a couple of correctness/safety issues.

@xbharani
Add: Qualcomm User Data Encryption test script & Document
70e1cd2 
- Checks for fscryptctl binary presence
- Creates a random sw encryption key
- Applies and verifies encryption policy
- Confirms functionality with a test file
- Added yaml config

Signed-off-by: Bharani Bhuvanagiri <bbharani@qti.qualcomm.com>
smuppand
smuppand requested changes Dec 23, 2025
View reviewed changes
Copy link
Contributor

@smuppand smuppand left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few additional minor changes are required. Other than that, everything appears to be fine.

Runner/suites/Kernel/Baseport/UserDataEncryption/run.sh

if [ -z "${__INIT_ENV_LOADED:-}" ]; then
# shellcheck disable=SC1090
. "$INIT_ENV"
Copy link
Contributor

@smuppand smuppand Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

init_evn sourcing isn't idempotent missing __INIT_ENV_LOADED=1

Runner/suites/Kernel/Baseport/UserDataEncryption/README_UserDataEncryption.md

## Notes

- The script uses /data/UserDataEncryption for all operations.
Copy link
Contributor

@smuppand smuppand Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The script is set to use /mnt as the base directory (with /UDE as a fallback), but it still seems to reference /data here.

Runner/suites/Kernel/Baseport/UserDataEncryption/README_UserDataEncryption.md

Ensure the following components are present on the target device:

- `fscryptctl` binary available in `/data/`
Copy link
Contributor

@smuppand smuppand Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please update here, as the data will not be available.

Runner/suites/Kernel/Baseport/UserDataEncryption/run.sh


## kernel config check
if [ -r /proc/config.gz ]; then
Copy link
Contributor

@smuppand smuppand Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

use https://github.com/qualcomm-linux/qcom-linux-testkit/blob/main/Runner/utils/functestlib.sh#L184

Runner/suites/Kernel/Baseport/UserDataEncryption/run.sh
# Step 6: Verify policy
log_info "Verifying encryption policy"

if ! policy_output=$("$FSCRYPTCTL" get_policy "$MOUNT_DIR" 2>/dev/null); then
Copy link
Contributor

@smuppand smuppand Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Many commands redirect to /dev/null (eg add_key, key_status, get_policy) When something fails, logs won't explain why. Please capture stderr into a variable and log it on failure

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@smuppand smuppand smuppand requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@xbharani @smuppand @vnarapar