Skip to content

Instantly share code, notes, and snippets.

@aszlig
Created August 11, 2018 01:46
Show Gist options
  • Save aszlig/461fea6de1d50f53561859314024aacf to your computer and use it in GitHub Desktop.
Save aszlig/461fea6de1d50f53561859314024aacf to your computer and use it in GitHub Desktop.
import <nixpkgs/nixos/tests/make-test.nix> {
name = "luks-passwd-leak";
nodes.machine = { pkgs, ... }: {
environment.systemPackages = [ pkgs.cryptsetup ];
virtualisation.emptyDiskImages = [ 512 ];
};
nodes.newmachine = { pkgs, lib, ... }: {
virtualisation.emptyDiskImages = [ 512 ];
virtualisation.qemu.consoles = [ "tty0" ];
boot.initrd.luks.devices = lib.mkOverride 0 {
test.device = "/dev/vdb";
};
};
enableOCR = true;
testScript = ''
my $secret = 'sweymabelquigopojkunfofilcovloquittyigoHacajOnecAchomfibs9';
$machine->waitForUnit('multi-user.target');
$machine->succeed("echo -n $secret | cryptsetup luksFormat -q /dev/vdb -");
$machine->shutdown;
$newmachine->{stateDir} = $machine->{stateDir};
$newmachine->start;
$newmachine->waitForText(qr/passphrase/i);
$newmachine->sendChars("$secret\n");
$newmachine->waitForUnit('multi-user.target');
$newmachine->sendMonitorCommand('dump-guest-memory -p memory.dump');
system('grep', '-F', $secret, 'vm-state-machine/memory.dump') != 0
or die 'Secret has been found in VM memory!';
'';
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment