* [PATCH] EmulatorPkg/library: RedfishPlatformCredentialLib
@ 2020-12-16 3:35 Abner Chang
0 siblings, 0 replies; only message in thread
From: Abner Chang @ 2020-12-16 3:35 UTC (permalink / raw)
To: devel; +Cc: Jordan Justen, Andrew Fish, Ray Ni, Nickle Wang,
Peter O'Hanley
Platform specific implementation of acquiring credential
to access to Redfish service. This is the platform library
which incorporates with Redfish Credential DXE driver under
Redfish package.
Signed-off-by: Abner Chang <abner.chang@hpe.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Andrew Fish <afish@apple.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Nickle Wang <nickle.wang@hpe.com>
Cc: Peter O'Hanley <peter.ohanley@hpe.com>
---
EmulatorPkg/EmulatorPkg.dec | 13 +-
EmulatorPkg/EmulatorPkg.dsc | 1 +
.../RedfishPlatformCredentialLib.c | 237 ++++++++++++++++++
.../RedfishPlatformCredentialLib.inf | 49 ++++
4 files changed, 299 insertions(+), 1 deletion(-)
create mode 100644 EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.c
create mode 100644 EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.inf
diff --git a/EmulatorPkg/EmulatorPkg.dec b/EmulatorPkg/EmulatorPkg.dec
index 5d7fe6473e..b9c70b63b3 100644
--- a/EmulatorPkg/EmulatorPkg.dec
+++ b/EmulatorPkg/EmulatorPkg.dec
@@ -74,7 +74,18 @@
## Size of the packet filter
gEmulatorPkgTokenSpaceGuid.PcdNetworkPacketFilterSize|524288|UINT32|0x0000101c
-
+ ## Platform level Redfish Service control PCD
+ # These PCDs are used to stop the Redfish sevice when secure boot is disabled
+ # or exit boot service.
+ gEmulatorPkgTokenSpaceGuid.PcdRedfishServieStopIfSecureBootDisabled|TRUE|BOOLEAN|0x00001020
+ gEmulatorPkgTokenSpaceGuid.PcdRedfishServieStopIfExitbootService|TRUE|BOOLEAN|0x00001021
+ ##
+ # edk2 Redfish implementation on Emulator package is designed to access
+ # to Redfish simulator.
+ # https://github.com/DMTF/Redfish-Profile-Simulator
+ # The user ID and password are fixed as below.
+ gEmulatorPkgTokenSpaceGuid.PcdRedfishServieUserId|"admin"|VOID*|0x00001022
+ gEmulatorPkgTokenSpaceGuid.PcdRedfishServiePassword|"pwd123456"|VOID*|0x00001023
[PcdsFixedAtBuild, PcdsPatchableInModule]
gEmulatorPkgTokenSpaceGuid.PcdEmuBootMode|1|UINT32|0x00001006
diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
index de8144844c..6bd8ed8386 100644
--- a/EmulatorPkg/EmulatorPkg.dsc
+++ b/EmulatorPkg/EmulatorPkg.dsc
@@ -104,6 +104,7 @@
KeyMapLib|EmulatorPkg/Library/KeyMapLibNull/KeyMapLibNull.inf
!if $(REDFISH_ENABLE) == TRUE
RedfishPlatformHostInterfaceLib|EmulatorPkg/Library/RedfishPlatformHostInterfaceLib/RedfishPlatformHostInterfaceLib.inf
+ RedfishPlatformCredentialLib|EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.inf
!endif
#
# Misc
diff --git a/EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.c b/EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.c
new file mode 100644
index 0000000000..5428aa324e
--- /dev/null
+++ b/EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.c
@@ -0,0 +1,237 @@
+/** @file
+ EmulaotPkg RedfishPlatformCredentialLib instance
+
+ (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+#include <Uefi.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/UefiLib.h>
+
+#include <Protocol/EdkIIRedfishCredential.h>
+
+#include <Guid/GlobalVariable.h>
+#include <Guid/ImageAuthentication.h>
+
+BOOLEAN mSecureBootDisabled = FALSE;
+BOOLEAN mStopRedfishService = FALSE;
+
+EFI_STATUS
+EFIAPI
+LibStopRedfishService (
+ IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
+ IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType
+);
+
+/**
+ Return the credential for accessing to Redfish servcice.
+
+ @param[out] AuthMethod The authentication method.
+ @param[out] UserId User ID.
+ @param[out] Password USer password.
+
+ @retval EFI_SUCCESS Get the authentication information successfully.
+ @retval EFI_OUT_OF_RESOURCES There are not enough memory resources.
+
+**/
+EFI_STATUS
+GetRedfishCredential (
+ OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
+ OUT CHAR8 **UserId,
+ OUT CHAR8 **Password
+)
+{
+ UINTN UserIdSize;
+ UINTN PasswordSize;
+
+ //
+ // AuthMethod set to HTTP Basic authentication.
+ //
+ *AuthMethod = AuthMethodHttpBasic;
+
+ //
+ // User ID and Password.
+ //
+ UserIdSize = AsciiStrSize ((CHAR8 *)PcdGetPtr (PcdRedfishServieUserId));
+ PasswordSize = AsciiStrSize ((CHAR8 *)PcdGetPtr (PcdRedfishServiePassword));
+ if (UserIdSize == 0 || PasswordSize == 0) {
+ DEBUG ((DEBUG_ERROR, "Incorrect string of UserID or Password for REdfish service.\n"));
+ return EFI_INVALID_PARAMETER;
+ }
+ *UserId = AllocateZeroPool (UserIdSize);
+ if (*UserId == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+ CopyMem (*UserId, (CHAR8 *)PcdGetPtr (PcdRedfishServieUserId), UserIdSize);
+
+ *Password = AllocateZeroPool (PasswordSize);
+ if (*Password == NULL) {
+ FreePool (*UserId);
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ CopyMem (*Password, (CHAR8 *)PcdGetPtr (PcdRedfishServiePassword), PasswordSize);
+ return EFI_SUCCESS;
+}
+
+/**
+ Retrieve platform's Redfish authentication information.
+
+ This functions returns the Redfish authentication method together with the user Id and
+ password.
+ - For AuthMethodNone, the UserId and Password could be used for HTTP header authentication
+ as defined by RFC7235.
+ - For AuthMethodRedfishSession, the UserId and Password could be used for Redfish
+ session login as defined by Redfish API specification (DSP0266).
+
+ Callers are responsible for and freeing the returned string storage.
+
+ @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
+ @param[out] AuthMethod Type of Redfish authentication method.
+ @param[out] UserId The pointer to store the returned UserId string.
+ @param[out] Password The pointer to store the returned Password string.
+
+ @retval EFI_SUCCESS Get the authentication information successfully.
+ @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe.
+ @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or Password is NULL.
+ @retval EFI_OUT_OF_RESOURCES There are not enough memory resources.
+ @retval EFI_UNSUPPORTED Unsupported authentication method is found.
+
+**/
+EFI_STATUS
+EFIAPI
+LibCredentialGetAuthInfo (
+ IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
+ OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
+ OUT CHAR8 **UserId,
+ OUT CHAR8 **Password
+)
+{
+ EFI_STATUS Status;
+
+ if (This == NULL || AuthMethod == NULL || UserId == NULL || Password == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (mStopRedfishService) {
+ return EFI_ACCESS_DENIED;
+ }
+
+ if (mSecureBootDisabled) {
+ Status = LibStopRedfishService (This, ServiceStopTypeSecureBootDisabled);
+ if (EFI_ERROR (Status) && Status != EFI_UNSUPPORTED) {
+ DEBUG ((DEBUG_ERROR, "SecureBoot has been disabled, but failed to stop RedfishService - %r\n", Status));
+ return Status;
+ }
+ }
+
+ Status = GetRedfishCredential (
+ AuthMethod,
+ UserId,
+ Password
+ );
+
+ return Status;
+}
+
+/**
+ Notify the Redfish service to stop provide configuration service to this platform.
+
+ This function should be called when the platfrom is about to leave the safe environment.
+ It will notify the Redfish service provider to abort all logined session, and prohibit
+ further login with original auth info. GetAuthInfo() will return EFI_UNSUPPORTED once this
+ function is returned.
+
+ @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
+ @param[in] ServiceStopType Reason of stopping Redfish service.
+
+ @retval EFI_SUCCESS Service has been stoped successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL or given the worng ServiceStopType.
+ @retval EFI_UNSUPPORTED Not support to stop Redfish service.
+ @retval Others Some error happened.
+
+**/
+EFI_STATUS
+EFIAPI
+LibStopRedfishService (
+ IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
+ IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType
+)
+{
+ if (ServiceStopType >= ServiceStopTypeMax) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (ServiceStopType == ServiceStopTypeSecureBootDisabled) {
+ //
+ // Check platform PCD to determine the action for stopping
+ // Redfish service due to secure boot is disabled.
+ //
+ if (!PcdGetBool (PcdRedfishServieStopIfSecureBootDisabled)) {
+ return EFI_UNSUPPORTED;
+ } else {
+ mStopRedfishService = TRUE;
+ DEBUG ((DEBUG_INFO, "EFI Redfish service is stopped due to SecureBoot is disabled!!\n"));
+ }
+ } else if (ServiceStopType == ServiceStopTypeExitBootService) {
+ //
+ // Check platform PCD to determine the action for stopping
+ // Redfish service due to exit boot service.
+ //
+ if (PcdGetBool (PcdRedfishServieStopIfExitbootService)) {
+ return EFI_UNSUPPORTED;
+ } else {
+ mStopRedfishService = TRUE;
+ DEBUG ((DEBUG_INFO, "EFI Redfish service is stopped due to Exit Boot Service!!\n"));
+ }
+ } else {
+ mStopRedfishService = TRUE;
+ DEBUG ((DEBUG_INFO, "EFI Redfish service is stopped without Redfish service stop type!!\n"));
+ }
+ return EFI_SUCCESS;
+}
+/**
+ Notification of Exit Boot Service.
+
+ @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
+**/
+VOID
+EFIAPI
+LibCredentialExitBootServicesNotify (
+ IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
+)
+{
+ LibStopRedfishService (This, ServiceStopTypeExitBootService);
+}
+
+/**
+ Notification of End of DXE.
+
+ @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
+**/
+VOID
+EFIAPI
+LibCredentialEndOfDxeNotify (
+ IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
+)
+{
+ EFI_STATUS Status;
+ UINT8 *SecureBootVar;
+
+ //
+ // Check Secure Boot status and lock Redfish service if Secure Boot is disabled.
+ //
+ Status = GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SecureBootVar, NULL);
+ if (EFI_ERROR (Status) || (*SecureBootVar != SECURE_BOOT_MODE_ENABLE)) {
+ //
+ // Secure Boot is disabled
+ //
+ mSecureBootDisabled = TRUE;
+ LibStopRedfishService (This, ServiceStopTypeSecureBootDisabled);
+ }
+}
diff --git a/EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.inf b/EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.inf
new file mode 100644
index 0000000000..41c389c4a2
--- /dev/null
+++ b/EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.inf
@@ -0,0 +1,49 @@
+## @file
+# NT32 instance of RedfishPlatformCredentialLib
+#
+# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x0001000b
+ BASE_NAME = RedfishPlatformCredentialLib
+ FILE_GUID = 00CF32A8-495C-3ED8-7C68-E9BB86810EE0
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = RedfishPlatformCredentialLib
+
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ RedfishPlatformCredentialLib.c
+
+[Packages]
+ EmulatorPkg/EmulatorPkg.dec
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ RedfishPkg/RedfishPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ DebugLib
+ PcdLib
+ UefiBootServicesTableLib
+ UefiLib
+
+[Pcd]
+ gEmulatorPkgTokenSpaceGuid.PcdRedfishServieStopIfSecureBootDisabled ## CONSUMES
+ gEmulatorPkgTokenSpaceGuid.PcdRedfishServieStopIfExitbootService ## CONSUMES
+ gEmulatorPkgTokenSpaceGuid.PcdRedfishServieUserId ## CONSUMES
+ gEmulatorPkgTokenSpaceGuid.PcdRedfishServiePassword ## CONSUMES
+
+[Guids]
+ gEfiGlobalVariableGuid
+
+[Depex]
+ gEfiVariableArchProtocolGuid
+
--
2.17.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2020-12-16 15:51 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-12-16 3:35 [PATCH] EmulatorPkg/library: RedfishPlatformCredentialLib Abner Chang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox