When the fs.verity.require_signatures is set to 1 the file with fsverity enabled need to be signed. The generic/577 needs require_signatures enabled as it test signing. The _fsv_have_hash_algorithm tries to enable verity on a file without signing it. Temporarily disable require_signatures for the check and restore it to previous state afterwards. Signed-off-by: Andrey Albershteyn <aalbersh@xxxxxxxxxx> --- common/verity | 3 +++ 1 file changed, 3 insertions(+) diff --git a/common/verity b/common/verity index 897a7f0b..aad6728f 100644 --- a/common/verity +++ b/common/verity @@ -254,10 +254,13 @@ _fsv_have_hash_algorithm() rm -f $test_file head -c 4096 /dev/zero > $test_file + _disable_fsverity_signatures if ! _fsv_enable --hash-alg=$hash_alg $test_file &>> $seqres.full; then + _restore_fsverity_signatures # no kernel support return 1 fi + _restore_fsverity_signatures rm -f $test_file return 0 } -- 2.31.1
