Hi Nickle,
please find my comments below
> On 14. 3. 2024., at 17:53, Nickle Wang via groups.io > wrote:
>
> Introduce SecureBoot driver to support
> /redfish/v1/Systems/SYS/SecureBoot resource.
>
> Signed-off-by: Nickle Wang >
> Cc: Abner Chang >
> Cc: Igor Kulchytskyy >
> Cc: Nick Ramirez >
> ---
> .../RedfishClientComponents.dsc.inc | 2 +
> RedfishClientPkg/RedfishClientLibs.dsc.inc | 4 +
> .../SecureBoot/v1_1_0/Dxe/SecureBootDxe.inf | 60 ++
> .../v1_1_0/Common/SecureBootCommon.h | 40 +
> .../v1_1_0/Common/SecureBootCommon.c | 756 ++++++++++++++++
> .../SecureBoot/v1_1_0/Dxe/SecureBootDxe.c | 808 ++++++++++++++++++
> RedfishClientPkg/RedfishClient.fdf.inc | 1 +
> 7 files changed, 1671 insertions(+)
> create mode 100644 RedfishClientPkg/Features/SecureBoot/v1_1_0/Dxe/SecureBootDxe.inf
> create mode 100644 RedfishClientPkg/Features/SecureBoot/v1_1_0/Common/SecureBootCommon.h
> create mode 100644 RedfishClientPkg/Features/SecureBoot/v1_1_0/Common/SecureBootCommon.c
> create mode 100644 RedfishClientPkg/Features/SecureBoot/v1_1_0/Dxe/SecureBootDxe.c
>
> diff --git a/RedfishClientPkg/RedfishClientComponents.dsc.inc b/RedfishClientPkg/RedfishClientComponents.dsc.inc
> index ae2a4b025..42fc0c299 100644
> --- a/RedfishClientPkg/RedfishClientComponents.dsc.inc
> +++ b/RedfishClientPkg/RedfishClientComponents.dsc.inc
> @@ -34,6 +34,7 @@
> RedfishClientPkg/Features/Bios/v1_0_9/Dxe/BiosDxe.inf
> RedfishClientPkg/Features/BootOptionCollection/BootOptionCollectionDxe.inf
> RedfishClientPkg/Features/BootOption/v1_0_4/Dxe/BootOptionDxe.inf
> + RedfishClientPkg/Features/SecureBoot/v1_1_0/Dxe/SecureBootDxe.inf
>
> !include RedfishClientPkg/RedfishJsonStructureDxe.dsc.inc
>
> @@ -47,3 +48,4 @@
> RedfishClientPkg/Converter/Bios/v1_0_9/RedfishBios_V1_0_9_Dxe.inf
> RedfishClientPkg/Converter/BootOptionCollection/RedfishBootOptionCollection_Dxe.inf
> RedfishClientPkg/Converter/BootOption/v1_0_4/RedfishBootOption_V1_0_4_Dxe.inf
> + RedfishClientPkg/Converter/SecureBoot/v1_1_0/RedfishSecureBoot_V1_1_0_Dxe.inf
> diff --git a/RedfishClientPkg/RedfishClientLibs.dsc.inc b/RedfishClientPkg/RedfishClientLibs.dsc.inc
> index 6599926ab..9126465df 100644
> --- a/RedfishClientPkg/RedfishClientLibs.dsc.inc
> +++ b/RedfishClientPkg/RedfishClientLibs.dsc.inc
> @@ -25,6 +25,8 @@
> BiosV1_0_9Lib|RedfishClientPkg/ConverterLib/edk2library/Bios/v1_0_9/Lib.inf
> BootOptionCollectionLib|RedfishClientPkg/ConverterLib/edk2library/BootOptionCollection/Lib.inf
> BootOptionV1_0_4Lib|RedfishClientPkg/ConverterLib/edk2library/BootOption/v1_0_4/Lib.inf
> + SecureBootV1_1_0Lib|RedfishClientPkg/ConverterLib/edk2library/SecureBoot/v1_1_0/Lib.inf
> +
> #
> # Above modules should be pulled in by build tool.
> #
> @@ -42,3 +44,5 @@
> RedfishAddendumLib|RedfishClientPkg/Library/RedfishAddendumLib/RedfishAddendumLib.inf
> RedfishDebugLib|RedfishPkg/Library/RedfishDebugLib/RedfishDebugLib.inf
> RedfishHttpLib|RedfishPkg/Library/RedfishHttpLib/RedfishHttpLib.inf
> + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
> + PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf
> diff --git a/RedfishClientPkg/Features/SecureBoot/v1_1_0/Dxe/SecureBootDxe.inf b/RedfishClientPkg/Features/SecureBoot/v1_1_0/Dxe/SecureBootDxe.inf
> new file mode 100644
> index 000000000..1ad8c623f
> --- /dev/null
> +++ b/RedfishClientPkg/Features/SecureBoot/v1_1_0/Dxe/SecureBootDxe.inf
> @@ -0,0 +1,60 @@
> +## @file
> +#
> +# (C) Copyright 2020-2022 Hewlett Packard Enterprise Development LP
> +# Copyright (c) 2022-2024, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
> +#
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +
> +[Defines]
> + INF_VERSION = 0x00010005
> + BASE_NAME = SecureBootDxe
> + FILE_GUID = 5E4025F8-DA42-468A-853E-6A1091D35052
> + MODULE_TYPE = DXE_DRIVER
> + VERSION_STRING = 1.0
> + ENTRY_POINT = RedfishResourceEntryPoint
> + UNLOAD_IMAGE = RedfishResourceUnload
> +
> +[Packages]
> + MdePkg/MdePkg.dec
> + MdeModulePkg/MdeModulePkg.dec
> + SecurityPkg/SecurityPkg.dec
> + RedfishPkg/RedfishPkg.dec
> + RedfishClientPkg/RedfishClientPkg.dec
> +
> +[Sources]
> + ../Common/SecureBootCommon.h
> + ../Common/SecureBootCommon.c
> + SecureBootDxe.c
> +
> +[LibraryClasses]
> + BaseMemoryLib
> + DebugLib
> + EdkIIRedfishResourceConfigLib
> + RedfishFeatureUtilityLib
> + RedfishVersionLib
> + RedfishResourceIdentifyLib
> + SecureBootVariableLib
> + UefiLib
> + UefiDriverEntryPoint
> + RedfishAddendumLib
> + UefiRuntimeServicesTableLib
> +
> +[Protocols]
> + gEdkIIRedfishConfigHandlerProtocolGuid ## PRODUCED
> + gEfiRestJsonStructureProtocolGuid ## CONSUMED
> + gEdkIIRedfishResourceConfigProtocolGuid ## PRODUCED
> + gEdkIIRedfishFeatureProtocolGuid ## CONSUMED
> +
> +[Guids]
> + gEfiSecureBootEnableDisableGuid ## CONSUMED
> +
> +[Pcd]
> + gEfiRedfishClientPkgTokenSpaceGuid.PcdMaxRedfishSchemaStringSize
> + gEfiRedfishClientPkgTokenSpaceGuid.PcdMaxRedfishSchemaVersionSize
> + gEfiRedfishClientPkgTokenSpaceGuid.PcdRedfishSystemRebootRequired
> +
> +[Depex]
> + TRUE
> diff --git a/RedfishClientPkg/Features/SecureBoot/v1_1_0/Common/SecureBootCommon.h b/RedfishClientPkg/Features/SecureBoot/v1_1_0/Common/SecureBootCommon.h
> new file mode 100644
> index 000000000..0d1824160
> --- /dev/null
> +++ b/RedfishClientPkg/Features/SecureBoot/v1_1_0/Common/SecureBootCommon.h
> @@ -0,0 +1,40 @@
> +/** @file
> +
> + Redfish feature driver implementation - internal header file
> + (C) Copyright 2020-2022 Hewlett Packard Enterprise Development LP
> + Copyright (c) 2022-2024, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef EFI_REDFISH_SECUREBOOT_COMMON_H_
> +#define EFI_REDFISH_SECUREBOOT_COMMON_H_
> +
> +#include
> +#include
> +#include
> +#include
> +#include
> +#include
> +#include
> +#include
> +
> +//
> +// Schema information.
> +//
> +#define REDFISH_MANAGED_URI L"Systems/{}/SecureBoot"
> +#define REDFISH_DUMMY_CONFIG_LANG L"Systems/{1}/SecureBoot"
> +#define MAX_URI_LENGTH 256
> +#define RESOURCE_SCHEMA "SecureBoot"
> +#define RESOURCE_SCHEMA_MAJOR "1"
> +#define RESOURCE_SCHEMA_MINOR "1"
> +#define RESOURCE_SCHEMA_ERRATA "0"
> +#define RESOURCE_SCHEMA_VERSION "v1_1_0"
> +#define SECURE_BOOT_SETUP_MODE "SetupMode"
> +#define SECURE_BOOT_USER_MODE "UserMode"
> +#define SECURE_BOOT_ENABLED "Enabled"
> +#define SECURE_BOOT_DISABLED "Disabled"
> +#define SECURE_BOOT_MODE_STR_LEN 16
> +
> +#endif
> diff --git a/RedfishClientPkg/Features/SecureBoot/v1_1_0/Common/SecureBootCommon.c b/RedfishClientPkg/Features/SecureBoot/v1_1_0/Common/SecureBootCommon.c
> new file mode 100644
> index 000000000..56a45ee72
> --- /dev/null
> +++ b/RedfishClientPkg/Features/SecureBoot/v1_1_0/Common/SecureBootCommon.c
> @@ -0,0 +1,756 @@
> +/** @file
> + Redfish feature driver implementation - common functions
> +
> + (C) Copyright 2020-2022 Hewlett Packard Enterprise Development LP
> + Copyright (c) 2023-2024, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include "SecureBootCommon.h"
> +
> +CHAR8 SecureBootEmptyJson[] = "{\"@odata.id \": \"\", \"@odata.type\": \"#SecureBoot.v1_1_0.SecureBoot\", \"Id\": \"\", \"Name\": \"\", \"Attributes\":{}}";
> +
> +REDFISH_RESOURCE_COMMON_PRIVATE *mRedfishResourcePrivate = NULL;
> +EFI_HANDLE mRedfishResourceConfigProtocolHandle = NULL;
> +CHAR16 *mSecureBootSupportedAttributes[SECURE_BOOT_MODE_STR_LEN] = {
> + L"SecureBootCurrentBoot",
> + L"SecureBootEnable",
> + L"SecureBootMode"
> +};
> +
> +/**
> + Read EFI_SECURE_BOOT_ENABLE_NAME variable and return its value to caller.
> +
> + @retval BOOLEAN TRUE when EFI_SECURE_BOOT_ENABLE_NAME value is SECURE_BOOT_ENABLE
> + FALSE when EFI_SECURE_BOOT_ENABLE_NAME value is SECURE_BOOT_DISABLE
> +**/
> +BOOLEAN
> +RedfishReadSecureBootEnable (
> + VOID
> + )
> +{
> + UINT8 *Buffer;
> + BOOLEAN SecureBootEnableValue;
> +
> + Buffer = NULL;
> + SecureBootEnableValue = FALSE;
> +
> + GetVariable2 (
> + EFI_SECURE_BOOT_ENABLE_NAME,
> + &gEfiSecureBootEnableDisableGuid,
> + (VOID **)&Buffer,
> + NULL
> + );
> +
> + if (Buffer != NULL) {
> + if (*Buffer == SECURE_BOOT_ENABLE) {
> + SecureBootEnableValue = TRUE;
> + }
> +
> + FreePool (Buffer);
> + }
> +
> + return SecureBootEnableValue;
> +}
> +
> +/**
> + Write EFI_SECURE_BOOT_ENABLE_NAME variable with given value.
> +
> + @param[in] SecureBootEnableValue Value to write. TRUE is SECURE_BOOT_ENABLE.
> + FALSE is SECURE_BOOT_DISABLE.
> +
> + @retval EFI_SUCCESS Write value successfully.
> + @retval Others Some error happened.
> +**/
> +EFI_STATUS
> +RedfishWriteSecureBootEnable (
> + BOOLEAN SecureBootEnableValue
> + )
> +{
> + EFI_STATUS Status;
> + UINT8 VarValue;
> +
> + VarValue = (SecureBootEnableValue ? SECURE_BOOT_ENABLE : SECURE_BOOT_DISABLE);
> + Status = gRT->SetVariable (
> + EFI_SECURE_BOOT_ENABLE_NAME,
> + &gEfiSecureBootEnableDisableGuid,
> + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
> + sizeof (VarValue),
> + &VarValue
> + );
> +
> + return Status;
> +}
> +
> +/**
> + Consume Redfish resource in given Json data.
> +
> + @param[in] This Pointer to REDFISH_RESOURCE_COMMON_PRIVATE instance.
> + @param[in] Json The JSON to consume.
> + @param[in] HeaderEtag The Etag string returned in HTTP header.
> +
> + @retval EFI_SUCCESS Consume Redfish attribute successfully.
> + @retval Others Some error happened.
> +
> +**/
> +EFI_STATUS
> +RedfishConsumeResourceCommon (
> + IN REDFISH_RESOURCE_COMMON_PRIVATE *Private,
> + IN CHAR8 *Json,
> + IN CHAR8 *HeaderEtag OPTIONAL
> + )
> +{
> + EFI_STATUS Status;
> + EFI_REDFISH_SECUREBOOT_V1_1_0 *SecureBoot;
> + EFI_REDFISH_SECUREBOOT_V1_1_0_CS *SecureBootCs;
> + BOOLEAN SecureBootEnableDisable;
> +
> + if ((Private == NULL) || IS_EMPTY_STRING (Json)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + SecureBoot = NULL;
> + SecureBootCs = NULL;
> + SecureBootEnableDisable = RedfishReadSecureBootEnable ();
> +
> + Status = Private->JsonStructProtocol->ToStructure (
> + Private->JsonStructProtocol,
> + NULL,
> + Json,
> + (EFI_REST_JSON_STRUCTURE_HEADER **)&SecureBoot
> + );
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: ToStructure() failed: %r\n", __func__, Status));
> + return Status;
> + }
> +
> + SecureBootCs = SecureBoot->SecureBoot;
> +
> + //
> + // Check ETAG to see if we need to consume it
> + //
> + if (CheckEtag (Private->Uri, HeaderEtag, SecureBootCs->odata_etag)) {
> + //
> + // No change
> + //
> + DEBUG ((REDFISH_DEBUG_TRACE, "%a: ETAG: %s has no change, ignore consume action\n", __func__, Private->Uri));
> + Status = EFI_ALREADY_STARTED;
> + goto ON_RELEASE;
> + }
> +
> + //
> + // Secure boot enable
> + //
> + if (SecureBootCs->SecureBootEnable != NULL) {
> + if (SecureBootEnableDisable != *SecureBootCs->SecureBootEnable) {
> + //
> + // Write value to "SecureBootEnable" variable. AuthVariableLib will enable or disable secure boot
> + // based on "SecureBootEnable" value.
> + //
> + Status = RedfishWriteSecureBootEnable (*SecureBootCs->SecureBootEnable);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: write secure boot enable disable failed: %r\n", __func__, Status));
> + } else {
> + REDFISH_ENABLE_SYSTEM_REBOOT ();
> + }
> + } else {
> + DEBUG ((REDFISH_DEBUG_TRACE, "%a: secure boot mode is not changed\n", __func__));
> + }
> + }
> +
> +ON_RELEASE:
> +
> + //
> + // Release resource.
> + //
> + Private->JsonStructProtocol->DestoryStructure (
> + Private->JsonStructProtocol,
> + (EFI_REST_JSON_STRUCTURE_HEADER *)SecureBoot
> + );
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Provision Redfish resource. This function reads secure boot variable and convert it
> + to Redfish attribute.
> +
> + @param[in] JsonStructProtocol Pointer to Json structure protocol.
> + @param[in] InputJson Jason data on input.
> + @param[in] ResourceId Resource ID. This is optional.
> + @param[in] ConfigureLang Configure language for this Redfish resource.
> + @param[in] ProvisionMode TRUE when this is to provision Redfish attribute to
> + Redfish service. FALSE is to update Redfish attribute
> + to Redfish service.
> + @param[out] ResultJson Json data on output.
> +
> + @retval EFI_SUCCESS Provision Redfish attribute successfully.
> + @retval Others Some error happened.
> +
> +**/
> +EFI_STATUS
> +ProvisioningSecureBootProperties (
> + IN EFI_REST_JSON_STRUCTURE_PROTOCOL *JsonStructProtocol,
> + IN CHAR8 *InputJson,
> + IN CHAR8 *ResourceId OPTIONAL,
> + IN EFI_STRING ConfigureLang,
> + IN BOOLEAN ProvisionMode,
> + OUT CHAR8 **ResultJson
> + )
> +{
> + EFI_REDFISH_SECUREBOOT_V1_1_0 *SecureBoot;
> + EFI_REDFISH_SECUREBOOT_V1_1_0_CS *SecureBootCs;
> + EFI_STATUS Status;
> + BOOLEAN PropertyChanged;
> + CHAR8 *AsciiStringValue;
> + INT32 *IntegerValue;
> + UINT8 SetupMode;
> + BOOLEAN SecureBootEnabled;
> + BOOLEAN SecureBootEnableDisable;
> +
> + if ((JsonStructProtocol == NULL) || (ResultJson == NULL) || IS_EMPTY_STRING (InputJson) || IS_EMPTY_STRING (ConfigureLang)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + DEBUG ((REDFISH_DEBUG_TRACE, "%a provision for %s with: %s\n", __func__, ConfigureLang, (ProvisionMode ? L"Provision resource" : L"Update resource")));
> +
> + *ResultJson = NULL;
> + PropertyChanged = FALSE;
> + AsciiStringValue = NULL;
> + SecureBootEnableDisable = RedfishReadSecureBootEnable ();
> + SecureBootEnabled = IsSecureBootEnabled ();
> +
> + SecureBoot = NULL;
> + Status = JsonStructProtocol->ToStructure (
> + JsonStructProtocol,
> + NULL,
> + InputJson,
> + (EFI_REST_JSON_STRUCTURE_HEADER **)&SecureBoot
> + );
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: ToStructure failure: %r\n", __func__, Status));
> + return Status;
> + }
> +
> + SecureBootCs = SecureBoot->SecureBoot;
> +
> + //
> + // ID
> + //
> + if (SecureBootCs->Id != NULL) {
> + SecureBootCs->Id = NULL;
> + }
> +
> + //
> + // Name
> + //
> + if (SecureBootCs->Name != NULL) {
> + SecureBootCs->Name = NULL;
> + }
> +
> + //
> + // Secure boot variables that we will handle here
> + //
> + // EFI_SETUP_MODE_NAME (gEfiGlobalVariableGuid)
> + // EFI_SECURE_BOOT_MODE_NAME (gEfiGlobalVariableGuid)
> + // EFI_SECURE_BOOT_ENABLE_NAME (gEfiSecureBootEnableDisableGuid)
> + //
> +
> + //
> + // Current Boot
> + //
> + if (PropertyChecker (SecureBootCs->SecureBootCurrentBoot, ProvisionMode)) {
> + AsciiStringValue = AllocateZeroPool (SECURE_BOOT_MODE_STR_LEN * sizeof (CHAR8));
> + if (AsciiStringValue != NULL) {
> + AsciiSPrint (AsciiStringValue, SECURE_BOOT_MODE_STR_LEN, "%a", (SecureBootEnabled ? SECURE_BOOT_ENABLED : SECURE_BOOT_DISABLED));
> + if (ProvisionMode || (AsciiStrCmp (SecureBootCs->SecureBootCurrentBoot, AsciiStringValue) != 0)) {
> + SecureBootCs->SecureBootCurrentBoot = AsciiStringValue;
> + PropertyChanged = TRUE;
> + }
> + } else {
> + DEBUG ((DEBUG_ERROR, "%a: out of resource\n", __func__));
> + }
> + }
> +
> + //
> + // Secure boot enable
> + //
> + if (PropertyChecker (SecureBootCs->SecureBootEnable, ProvisionMode)) {
> + if (ProvisionMode || (*SecureBootCs->SecureBootEnable != SecureBootEnableDisable)) {
> + IntegerValue = AllocatePool (sizeof (*IntegerValue));
> + if (IntegerValue != NULL) {
> + *IntegerValue = (SecureBootEnableDisable ? 0x01 : 0x00);
> + SecureBootCs->SecureBootEnable = IntegerValue;
> + PropertyChanged = TRUE;
> + } else {
> + DEBUG ((DEBUG_ERROR, "%a: out of resource\n", __func__));
> + }
> + }
> + }
> +
> + //
> + // Secure boot mode
> + //
> + if (PropertyChecker (SecureBootCs->SecureBootMode, ProvisionMode)) {
> + Status = GetSetupMode (&SetupMode);
> + if (!EFI_ERROR (Status)) {
> + AsciiStringValue = AllocateZeroPool (SECURE_BOOT_MODE_STR_LEN *sizeof (CHAR8));
> + if (AsciiStringValue != NULL) {
> + AsciiSPrint (AsciiStringValue, SECURE_BOOT_MODE_STR_LEN *sizeof (CHAR8), "%a", (SetupMode == USER_MODE ? SECURE_BOOT_USER_MODE : SECURE_BOOT_SETUP_MODE));
> + if (ProvisionMode || (AsciiStrCmp (SecureBootCs->SecureBootMode, AsciiStringValue) != 0)) {
> + SecureBootCs->SecureBootMode = AsciiStringValue;
> + PropertyChanged = TRUE;
> + }
> + }
> + } else {
> + DEBUG ((DEBUG_ERROR, "%a: cannot read setup mode: %r\n", __func__, Status));
> + }
> + }
> +
> + //
> + // Convert C structure back to JSON text.
> + //
> + Status = JsonStructProtocol->ToJson (
> + JsonStructProtocol,
> + (EFI_REST_JSON_STRUCTURE_HEADER *)SecureBoot,
> + ResultJson
> + );
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: ToJson() failed: %r\n", __func__, Status));
> + return Status;
SecureBoot structure leak. It is released below.
> + }
> +
> + //
> + // Release resource.
> + //
> + JsonStructProtocol->DestoryStructure (
> + JsonStructProtocol,
> + (EFI_REST_JSON_STRUCTURE_HEADER *)SecureBoot
> + );
> +
> + return (PropertyChanged ? EFI_SUCCESS : EFI_NOT_FOUND);
> +}
> +
> +/**
> + Provision Redfish resource and upload data to Redfish service. This function
> + checks OEM data and platform addendum data before sending data to Redfish service.
> +
> + @param[in] Private Pointer to private data.
> +
> + @retval EFI_SUCCESS Provision Redfish resource successfully.
> + @retval Others Some error happened.
> +
> +**/
> +EFI_STATUS
> +ProvisioningSecureBootResource (
> + IN REDFISH_RESOURCE_COMMON_PRIVATE *Private
> + )
> +{
> + EFI_STATUS Status;
> + CHAR8 *Json;
> + CHAR8 *JsonWithAddendum;
> + REDFISH_RESPONSE Response;
> +
> + if (Private == NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + ZeroMem (&Response, sizeof (REDFISH_RESPONSE));
> + Json = NULL;
> +
> + Status = ProvisioningSecureBootProperties (
> + Private->JsonStructProtocol,
> + SecureBootEmptyJson,
> + NULL,
> + REDFISH_DUMMY_CONFIG_LANG,
> + TRUE,
> + &Json
> + );
> + if (EFI_ERROR (Status)) {
> + if (Status == EFI_NOT_FOUND) {
> + DEBUG ((REDFISH_DEBUG_TRACE, "%a: provisioning existing resource for %s ignored. Nothing changed\n", __func__, REDFISH_DUMMY_CONFIG_LANG));
> + Status = EFI_SUCCESS;
> + } else {
> + DEBUG ((DEBUG_ERROR, "%a: provisioning existing resource for %s failed: %r\n", __func__, REDFISH_DUMMY_CONFIG_LANG, Status));
> + }
> +
> + goto ON_RELEASE;
> + }
> +
> + //
> + // Check and see if platform has OEM data or not
> + //
> + Status = RedfishGetOemData (
> + Private->Uri,
> + RESOURCE_SCHEMA,
> + RESOURCE_SCHEMA_VERSION,
> + Json,
> + &JsonWithAddendum
> + );
> + if (!EFI_ERROR (Status) && (JsonWithAddendum != NULL)) {
> + FreePool (Json);
> + Json = JsonWithAddendum;
> + JsonWithAddendum = NULL;
> + }
> +
> + //
> + // Check and see if platform has addendum data or not
> + //
> + Status = RedfishGetAddendumData (
> + Private->Uri,
> + RESOURCE_SCHEMA,
> + RESOURCE_SCHEMA_VERSION,
> + Json,
> + &JsonWithAddendum
> + );
> + if (!EFI_ERROR (Status) && (JsonWithAddendum != NULL)) {
> + FreePool (Json);
> + Json = JsonWithAddendum;
> + JsonWithAddendum = NULL;
> + }
> +
> + DEBUG ((REDFISH_DEBUG_TRACE, "%a: provisioning existing resource for %s\n", __func__, REDFISH_DUMMY_CONFIG_LANG));
> +
> + //
> + // PATCH back to instance
> + //
> + Status = RedfishHttpPatchResource (Private->RedfishService, Private->Uri, Json, &Response);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: patch resource for %s failed: %r\n", __func__, REDFISH_DUMMY_CONFIG_LANG, Status));
> + }
> +
> +ON_RELEASE:
> +
> + if (Json != NULL) {
> + FreePool (Json);
> + }
> +
> + RedfishHttpFreeResponse (&Response);
> +
> + return Status;
> +}
> +
> +/**
> + Provisioning redfish resource to Redfish service.
> +
> + @param[in] Private Pointer to private data.
> + @param[in] ResourceExist TRUE if resource exists, PUT method will be used.
> + FALSE if resource does not exist POST method is used.
Actually ProvisioningSecureBootResource uses PATCH only.
> +
> + @retval EFI_SUCCESS Provision resource successfully.
> + @retval Others Some error happened.
> +
> +**/
> +EFI_STATUS
> +RedfishProvisioningResourceCommon (
> + IN REDFISH_RESOURCE_COMMON_PRIVATE *Private,
> + IN BOOLEAN ResourceExist
> + )
> +{
> + if (Private == NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + return ProvisioningSecureBootResource (Private);
> +}
> +
> +/**
> + Check resource from given Json data.
> +
> + @param[in] This Pointer to REDFISH_RESOURCE_COMMON_PRIVATE instance.
> + @param[in] Json The JSON data to check.
> + @param[in] HeaderEtag The Etag string returned in HTTP header.
> +
> + @retval EFI_SUCCESS Check resource successfully.
> + @retval Others Some error happened.
> +
> +**/
> +EFI_STATUS
> +RedfishCheckResourceCommon (
> + IN REDFISH_RESOURCE_COMMON_PRIVATE *Private,
> + IN CHAR8 *Json,
> + IN CHAR8 *HeaderEtag OPTIONAL
> + )
> +{
> + UINTN Index;
> + EFI_STATUS Status;
> + UINTN Count;
> + EFI_STRING Property;
> +
> + if ((Private == NULL) || IS_EMPTY_STRING (Json)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + //
> + // Check ETAG to see if we need to check it
> + //
> + if (CheckEtag (Private->Uri, HeaderEtag, NULL)) {
> + //
> + // No change
> + //
> + DEBUG ((REDFISH_DEBUG_TRACE, "%a: ETAG: %s has no change, ignore check action\n", __func__, Private->Uri));
> + return EFI_SUCCESS;
> + }
> +
> + Count = sizeof (mSecureBootSupportedAttributes) / sizeof (mSecureBootSupportedAttributes[0]);
> + if (Count == 0) {
> + return EFI_UNSUPPORTED;
> + }
> +
> + Status = EFI_SUCCESS;
> + for (Index = 0; Index < Count; Index++) {
> + Property = mSecureBootSupportedAttributes[Index];
> + if (Property == NULL) {
> + continue;
> + }
> +
> + DEBUG ((REDFISH_DEBUG_TRACE, "%a: [%d] check attribute for: %s\n", __func__, Index, Property));
> + if (!MatchPropertyWithJsonContext (Property, Json)) {
> + DEBUG ((REDFISH_DEBUG_TRACE, "%a: property is missing: %s\n", __func__, Property));
> + Status = EFI_NOT_FOUND;
> + }
> + }
> +
> + return Status;
> +}
> +
> +/**
> + Update resource to Redfish service.
> +
> + @param[in] Private Pointer to REDFISH_RESOURCE_COMMON_PRIVATE instance.
> + @param[in] Json The JSON data to be updated.
> +
> + @retval EFI_SUCCESS Update resource successfully.
> + @retval Others Some error happened.
> +
> +**/
> +EFI_STATUS
> +RedfishUpdateResourceCommon (
> + IN REDFISH_RESOURCE_COMMON_PRIVATE *Private,
> + IN CHAR8 *InputJson
> + )
> +{
> + EFI_STATUS Status;
> + CHAR8 *Json;
> + CHAR8 *JsonWithAddendum;
> + REDFISH_RESPONSE Response;
> +
> + if ((Private == NULL) || IS_EMPTY_STRING (InputJson)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + ZeroMem (&Response, sizeof (REDFISH_RESPONSE));
> + Json = NULL;
> +
> + Status = ProvisioningSecureBootProperties (
> + Private->JsonStructProtocol,
> + SecureBootEmptyJson,
> + NULL,
> + REDFISH_DUMMY_CONFIG_LANG,
> + TRUE,
> + &Json
> + );
> + if (EFI_ERROR (Status)) {
> + if (Status == EFI_NOT_FOUND) {
> + DEBUG ((REDFISH_DEBUG_TRACE, "%a: update resource for %s ignored. Nothing changed\n", __func__, REDFISH_DUMMY_CONFIG_LANG));
> + Status = EFI_SUCCESS;
> + } else {
> + DEBUG ((DEBUG_ERROR, "%a: update resource for %s failed: %r\n", __func__, REDFISH_DUMMY_CONFIG_LANG, Status));
> + }
> +
> + goto ON_RELEASE;
> + }
> +
> + //
> + // Check and see if platform has OEM data or not
> + //
> + Status = RedfishGetOemData (
> + Private->Uri,
> + RESOURCE_SCHEMA,
> + RESOURCE_SCHEMA_VERSION,
> + Json,
> + &JsonWithAddendum
> + );
> + if (!EFI_ERROR (Status) && (JsonWithAddendum != NULL)) {
> + FreePool (Json);
> + Json = JsonWithAddendum;
> + JsonWithAddendum = NULL;
> + }
> +
> + //
> + // Check and see if platform has addendum data or not
> + //
> + Status = RedfishGetAddendumData (
> + Private->Uri,
> + RESOURCE_SCHEMA,
> + RESOURCE_SCHEMA_VERSION,
> + Json,
> + &JsonWithAddendum
> + );
> + if (!EFI_ERROR (Status) && (JsonWithAddendum != NULL)) {
> + FreePool (Json);
> + Json = JsonWithAddendum;
> + JsonWithAddendum = NULL;
> + }
> +
> + DEBUG ((REDFISH_DEBUG_TRACE, "%a: update resource for %s\n", __func__, REDFISH_DUMMY_CONFIG_LANG));
> +
> + //
> + // PATCH back to instance
> + //
> + Status = RedfishHttpPatchResource (Private->RedfishService, Private->Uri, Json, &Response);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: patch resource for %s failed: %r\n", __func__, REDFISH_DUMMY_CONFIG_LANG, Status));
> + }
> +
> +ON_RELEASE:
> +
> + if (Json != NULL) {
> + FreePool (Json);
> + }
> +
> + RedfishHttpFreeResponse (&Response);
> +
> + return Status;
> +}
> +
> +/**
> + Identify resource in given Json data.
> +
> + @param[in] Private Pointer to REDFISH_RESOURCE_COMMON_PRIVATE instance.
> + @param[in] Json The JSON to be identified.
> +
> + @retval EFI_SUCCESS Identify resource successfully.
> + @retval Others Some error happened.
> +
> +**/
> +EFI_STATUS
> +RedfishIdentifyResourceCommon (
> + IN REDFISH_RESOURCE_COMMON_PRIVATE *Private,
> + IN CHAR8 *Json
> + )
> +{
> + BOOLEAN Supported;
> +
> + Supported = RedfishIdentifyResource (Private->Uri, Private->Json);
> + if (Supported) {
> + //
> + // Keep URI and ConfigLang mapping
> + //
> + RedfishSetRedfishUri (REDFISH_DUMMY_CONFIG_LANG, Private->Uri);
> + }
> +
> + return (Supported ? EFI_SUCCESS : EFI_UNSUPPORTED);
> +}
> +
> +/**
> + Handle Redfish resource in Uri.
> +
> + @param[in] Private Pointer to REDFISH_RESOURCE_COMMON_PRIVATE instance.
> + @param[in] Uri URI to Redfish resource that we like to process.
> +
> + @retval EFI_SUCCESS Handle resource successfully.
> + @retval Others Some error happened.
> +
> +**/
> +EFI_STATUS
> +HandleResource (
> + IN REDFISH_RESOURCE_COMMON_PRIVATE *Private,
> + IN EFI_STRING Uri
> + )
> +{
> + EFI_STATUS Status;
> + REDFISH_SCHEMA_INFO SchemaInfo;
> + EFI_STRING ConfigLang;
> +
> + if ((Private == NULL) || IS_EMPTY_STRING (Uri)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + //
> + // Resource match
> + //
> +
> + DEBUG ((REDFISH_DEBUG_TRACE, "%a: process resource for: %s\n", __func__, Uri));
> +
> + Status = GetRedfishSchemaInfo (Private->RedfishService, Private->JsonStructProtocol, Uri, NULL, &SchemaInfo);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: failed to get schema information from: %s %r\n", __func__, Uri, Status));
> + return Status;
> + }
> +
> + //
> + // Check and see if this is target resource that we want to handle.
> + // Some resource is handled by other provider so we have to make sure this first.
> + //
> + DEBUG ((REDFISH_DEBUG_TRACE, "%a: Identify for %s\n", __func__, Uri));
> + ConfigLang = RedfishGetConfigLanguage (Uri);
> + if (ConfigLang == NULL) {
> + Status = EdkIIRedfishResourceConfigIdentify (&SchemaInfo, Uri, NULL, Private->InformationExchange);
> + if (EFI_ERROR (Status)) {
> + if (Status == EFI_UNSUPPORTED) {
> + DEBUG ((REDFISH_DEBUG_TRACE, "%a: \"%s\" is not handled by us\n", __func__, Uri));
> + return EFI_SUCCESS;
> + } else if (Status == EFI_NOT_FOUND) {
> + DEBUG ((REDFISH_DEBUG_TRACE, "%a: \"%s\" has nothing to handle\n", __func__, Uri));
> + return EFI_SUCCESS;
> + }
> +
> + DEBUG ((DEBUG_ERROR, "%a: fail to identify resource: \"%s\": %r\n", __func__, Uri, Status));
> + return Status;
> + }
> + } else {
> + DEBUG ((REDFISH_DEBUG_TRACE, "%a: history record found: %s\n", __func__, ConfigLang));
> + FreePool (ConfigLang);
> + }
> +
> + //
> + // Check and see if target property exist or not even when collection member exists.
> + // If not, we sill do provision.
%s/sill/still
> + //
> + DEBUG ((REDFISH_DEBUG_TRACE, "%a Check for %s\n", __func__, Uri));
> + Status = EdkIIRedfishResourceConfigCheck (&SchemaInfo, Uri, NULL);
> + if (EFI_ERROR (Status)) {
> + if (Status == EFI_UNSUPPORTED) {
> + DEBUG ((REDFISH_DEBUG_TRACE, "%a: \"%s\" is not handled by us\n", __func__, Uri));
> + return EFI_SUCCESS;
> + }
> +
> + //
> + // The target property does not exist, do the provision to create property.
> + //
> + DEBUG ((REDFISH_DEBUG_TRACE, "%a provision for %s\n", __func__, Uri));
> + Status = EdkIIRedfishResourceConfigProvisioning (&SchemaInfo, Uri, NULL, Private->InformationExchange, FALSE);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: failed to provision with GET mode: %r\n", __func__, Status));
> + }
> +
> + DEBUG ((REDFISH_DEBUG_TRACE, "%a: process resource for: %s finished\n", __func__, Uri));
> +
> + return Status;
> + }
> +
> + //
> + // Consume first.
> + //
> + DEBUG ((REDFISH_DEBUG_TRACE, "%a consume for %s\n", __func__, Uri));
> + Status = EdkIIRedfishResourceConfigConsume (&SchemaInfo, Uri, NULL);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: failed to consume resource for: %s: %r\n", __func__, Uri, Status));
> + }
> +
> + //
> + // Patch.
> + //
> + DEBUG ((REDFISH_DEBUG_TRACE, "%a update for %s\n", __func__, Uri));
> + Status = EdkIIRedfishResourceConfigUpdate (&SchemaInfo, Uri, NULL);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: failed to update resource for: %s: %r\n", __func__, Uri, Status));
> + }
> +
> + DEBUG ((REDFISH_DEBUG_TRACE, "%a: process resource for: %s finished\n", __func__, Uri));
> +
> + return Status;
> +}
> diff --git a/RedfishClientPkg/Features/SecureBoot/v1_1_0/Dxe/SecureBootDxe.c b/RedfishClientPkg/Features/SecureBoot/v1_1_0/Dxe/SecureBootDxe.c
> new file mode 100644
> index 000000000..a0f4f3d14
> --- /dev/null
> +++ b/RedfishClientPkg/Features/SecureBoot/v1_1_0/Dxe/SecureBootDxe.c
> @@ -0,0 +1,808 @@
> +/** @file
> + Redfish feature driver implementation - SecureBoot
> +
> + (C) Copyright 2020-2022 Hewlett Packard Enterprise Development LP
> + Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include "../Common/SecureBootCommon.h"
> +
> +extern REDFISH_RESOURCE_COMMON_PRIVATE *mRedfishResourcePrivate;
> +extern EFI_HANDLE mRedfishResourceConfigProtocolHandle;
> +
> +EFI_STATUS
> +HandleResource (
> + IN REDFISH_RESOURCE_COMMON_PRIVATE *Private,
> + IN EFI_STRING Uri
> + );
> +
> +/**
> + Provisioning redfish resource by given URI.
> +
> + @param[in] This Pointer to EFI_HP_REDFISH_HII_PROTOCOL instance.
> + @param[in] Uri Target URI to create resource.
> + @param[in] PostMode TRUE if the resource does not exist, post method is used.
> + FALSE if the resource exist but property is missing, put method is used.
> +
> + @retval EFI_SUCCESS Value is returned successfully.
> + @retval Others Some error happened.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishResourceProvisioningResource (
> + IN EDKII_REDFISH_RESOURCE_CONFIG_PROTOCOL *This,
> + IN EFI_STRING Uri,
> + IN BOOLEAN PostMode
> + )
> +{
> + REDFISH_RESOURCE_COMMON_PRIVATE *Private;
> + EFI_STATUS Status;
> + REDFISH_RESPONSE Response;
> +
> + if ((This == NULL) || IS_EMPTY_STRING (Uri)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + DEBUG ((REDFISH_DEBUG_TRACE, "%a: provisioning in %s mode\n", __func__, (PostMode ? L"POST" : L"PATCH")));
This message conflicts with PostMode parameter description.
> +
> + ZeroMem (&Response, sizeof (REDFISH_RESPONSE));
> + Private = REDFISH_RESOURCE_COMMON_PRIVATE_DATA_FROM_RESOURCE_PROTOCOL (This);
> +
> + if (Private->RedfishService == NULL) {
> + return EFI_NOT_READY;
> + }
> +
> + Status = RedfishHttpGetResource (Private->RedfishService, Uri, NULL, &Response, TRUE);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: get resource from: %s failed\n", __func__, Uri));
> + return Status;
> + }
> +
> + Private->Uri = Uri;
> + Private->Payload = Response.Payload;
> + ASSERT (Private->Payload != NULL);
> +
> + Status = RedfishProvisioningResourceCommon (Private, !PostMode);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: failed to provision resource to: %s: %r\n", __func__, Uri, Status));
> + } else {
> + //
> + // Get latest ETag on URI and keep it in variable.
> + //
> + SetEtagFromUri (Private->RedfishService, Private->Uri, TRUE);
> + }
> +
> + //
> + // Release resource
> + //
> + RedfishHttpFreeResponse (&Response);
> + Private->Payload = NULL;
> +
> + return Status;
> +}
> +
> +/**
> + Consume resource from given URI.
> +
> + @param[in] This Pointer to EFI_HP_REDFISH_HII_PROTOCOL instance.
> + @param[in] Uri The target URI to consume.
> +
> + @retval EFI_SUCCESS Value is returned successfully.
> + @retval Others Some error happened.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishResourceConsumeResource (
> + IN EDKII_REDFISH_RESOURCE_CONFIG_PROTOCOL *This,
> + IN EFI_STRING Uri
> + )
> +{
> + REDFISH_RESOURCE_COMMON_PRIVATE *Private;
> + EFI_STATUS Status;
> + REDFISH_RESPONSE Response;
> + EFI_STRING PendingSettingUri;
> + REDFISH_RESPONSE PendingSettingResponse;
> + REDFISH_RESPONSE *ExpectedResponse;
> + CHAR8 *Etag;
> +
> + if ((This == NULL) || IS_EMPTY_STRING (Uri)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + ZeroMem (&Response, sizeof (REDFISH_RESPONSE));
> + ZeroMem (&PendingSettingResponse, sizeof (REDFISH_RESPONSE));
> + Private = REDFISH_RESOURCE_COMMON_PRIVATE_DATA_FROM_RESOURCE_PROTOCOL (This);
> +
> + if (Private->RedfishService == NULL) {
> + return EFI_NOT_READY;
> + }
> +
> + Status = RedfishHttpGetResource (Private->RedfishService, Uri, NULL, &Response, TRUE);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: get resource from: %s failed\n", __func__, Uri));
> + return Status;
> + }
> +
> + //
> + // Check and see if "@Redfish.Settings" exist or not.
> + //
> + PendingSettingUri = NULL;
> + Status = GetPendingSettings (
> + Private->RedfishService,
> + Response.Payload,
> + &PendingSettingResponse,
> + &PendingSettingUri
> + );
> + if (!EFI_ERROR (Status)) {
> + DEBUG ((REDFISH_DEBUG_TRACE, "%a: @Redfish.Settings found: %s\n", __func__, PendingSettingUri));
> + Private->Uri = PendingSettingUri;
> + ExpectedResponse = &PendingSettingResponse;
> + } else {
> + Private->Uri = Uri;
> + ExpectedResponse = &Response;
> + }
> +
> + Private->Payload = ExpectedResponse->Payload;
> + ASSERT (Private->Payload != NULL);
> +
> + Private->Json = JsonDumpString (RedfishJsonInPayload (Private->Payload), EDKII_JSON_COMPACT);
> + ASSERT (Private->Json != NULL);
> +
> + //
> + // Searching for etag in HTTP response header
> + //
> + Etag = NULL;
> + Status = GetHttpResponseEtag (ExpectedResponse, &Etag);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: failed to get ETag from HTTP header\n", __func__));
> + }
> +
> + Status = RedfishConsumeResourceCommon (Private, Private->Json, Etag);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: failed to consume resource from: %s: %r\n", __func__, Private->Uri, Status));
> + }
> +
> + //
> + // Release resource
> + //
> + RedfishHttpFreeResponse (&Response);
> + RedfishHttpFreeResponse (&PendingSettingResponse);
> + Private->Payload = NULL;
> +
> + if (Private->Json != NULL) {
> + FreePool (Private->Json);
> + Private->Json = NULL;
> + }
> +
> + if (Etag != NULL) {
> + FreePool (Etag);
> + }
> +
> + if (PendingSettingUri != NULL) {
> + FreePool (PendingSettingUri);
> + }
> +
> + return Status;
> +}
> +
> +/**
> + Get information about this protocol.
> +
> + @param[in] This Pointer to EFI_HP_REDFISH_HII_PROTOCOL instance.
> + @param[out] Schema Supported schema.
> + @param[out] Major Supported major number.
> + @param[out] Minor Supported minor number.
> + @param[out] Errata Supported errata number.
> +
> + @retval EFI_SUCCESS Value is returned successfully.
> + @retval Others Some error happened.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishResourceGetInfo (
> + IN EDKII_REDFISH_RESOURCE_CONFIG_PROTOCOL *This,
> + OUT REDFISH_SCHEMA_INFO *Info
> + )
> +{
> + if ((This == NULL) || (Info == NULL)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + AsciiStrCpyS (Info->Schema, REDFISH_SCHEMA_STRING_SIZE, RESOURCE_SCHEMA);
> + AsciiStrCpyS (Info->Major, REDFISH_SCHEMA_VERSION_SIZE, RESOURCE_SCHEMA_MAJOR);
> + AsciiStrCpyS (Info->Minor, REDFISH_SCHEMA_VERSION_SIZE, RESOURCE_SCHEMA_MINOR);
> + AsciiStrCpyS (Info->Errata, REDFISH_SCHEMA_VERSION_SIZE, RESOURCE_SCHEMA_ERRATA);
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Update resource to given URI.
> +
> + @param[in] This Pointer to EFI_HP_REDFISH_HII_PROTOCOL instance.
> + @param[in] Uri The target URI to consume.
> +
> + @retval EFI_SUCCESS Value is returned successfully.
> + @retval Others Some error happened.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishResourceUpdate (
> + IN EDKII_REDFISH_RESOURCE_CONFIG_PROTOCOL *This,
> + IN EFI_STRING Uri
> + )
> +{
> + REDFISH_RESOURCE_COMMON_PRIVATE *Private;
> + EFI_STATUS Status;
> + REDFISH_RESPONSE Response;
> +
> + if ((This == NULL) || IS_EMPTY_STRING (Uri)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + ZeroMem (&Response, sizeof (REDFISH_RESPONSE));
> + Private = REDFISH_RESOURCE_COMMON_PRIVATE_DATA_FROM_RESOURCE_PROTOCOL (This);
> +
> + if (Private->RedfishService == NULL) {
> + return EFI_NOT_READY;
> + }
> +
> + Status = RedfishHttpGetResource (Private->RedfishService, Uri, NULL, &Response, TRUE);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: get resource from: %s failed\n", __func__, Uri));
> + return Status;
> + }
> +
> + Private->Uri = Uri;
> + Private->Payload = Response.Payload;
> + ASSERT (Private->Payload != NULL);
> +
> + Private->Json = JsonDumpString (RedfishJsonInPayload (Private->Payload), EDKII_JSON_COMPACT);
> + ASSERT (Private->Json != NULL);
> +
> + Status = RedfishUpdateResourceCommon (Private, Private->Json);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: failed to update resource to: %s: %r\n", __func__, Uri, Status));
> + } else {
> + //
> + // Get latest ETag on URI and keep it in variable.
> + //
> + SetEtagFromUri (Private->RedfishService, Private->Uri, TRUE);
> + }
> +
> + //
> + // Release resource
> + //
> + RedfishHttpFreeResponse (&Response);
> + Private->Payload = NULL;
> +
> + if (Private->Json != NULL) {
> + FreePool (Private->Json);
> + Private->Json = NULL;
> + }
> +
> + return Status;
> +}
> +
> +/**
> + Check resource on given URI.
> +
> + @param[in] This Pointer to EFI_HP_REDFISH_HII_PROTOCOL instance.
> + @param[in] Uri The target URI to consume.
> +
> + @retval EFI_SUCCESS Value is returned successfully.
> + @retval Others Some error happened.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishResourceCheck (
> + IN EDKII_REDFISH_RESOURCE_CONFIG_PROTOCOL *This,
> + IN EFI_STRING Uri
> + )
> +{
> + REDFISH_RESOURCE_COMMON_PRIVATE *Private;
> + EFI_STATUS Status;
> + REDFISH_RESPONSE Response;
> + CHAR8 *Etag;
> +
> + if ((This == NULL) || IS_EMPTY_STRING (Uri)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + ZeroMem (&Response, sizeof (REDFISH_RESPONSE));
> + Private = REDFISH_RESOURCE_COMMON_PRIVATE_DATA_FROM_RESOURCE_PROTOCOL (This);
> +
> + if (Private->RedfishService == NULL) {
> + return EFI_NOT_READY;
> + }
> +
> + Status = RedfishHttpGetResource (Private->RedfishService, Uri, NULL, &Response, TRUE);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: get resource from: %s failed\n", __func__, Uri));
> + return Status;
> + }
> +
> + Private->Uri = Uri;
> + Private->Payload = Response.Payload;
> + ASSERT (Private->Payload != NULL);
> +
> + Private->Json = JsonDumpString (RedfishJsonInPayload (Private->Payload), EDKII_JSON_COMPACT);
> + ASSERT (Private->Json != NULL);
> +
> + //
> + // Find etag in HTTP response header
> + //
> + Etag = NULL;
> + Status = GetHttpResponseEtag (&Response, &Etag);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: failed to get ETag from HTTP header\n", __func__));
> + }
> +
> + Status = RedfishCheckResourceCommon (Private, Private->Json, Etag);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: failed to check resource from: %s: %r\n", __func__, Uri, Status));
> + }
> +
> + //
> + // Release resource
> + //
> + if (Etag != NULL) {
> + FreePool (Etag);
> + }
> +
> + RedfishHttpFreeResponse (&Response);
> + Private->Payload = NULL;
> +
> + if (Private->Json != NULL) {
> + FreePool (Private->Json);
> + Private->Json = NULL;
> + }
> +
> + return Status;
> +}
> +
> +/**
> + Identify resource on given URI.
> +
> + @param[in] This Pointer to EDKII_REDFISH_RESOURCE_CONFIG_PROTOCOL instance.
> + @param[in] Uri The target URI to consume.
> +
> + @retval EFI_SUCCESS This is target resource which we want to handle.
> + @retval EFI_UNSUPPORTED This is not the target resource.
> + @retval Others Some error happened.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishResourceIdentify (
> + IN EDKII_REDFISH_RESOURCE_CONFIG_PROTOCOL *This,
> + IN EFI_STRING Uri
> + )
> +{
> + REDFISH_RESOURCE_COMMON_PRIVATE *Private;
> + EFI_STATUS Status;
> + REDFISH_RESPONSE Response;
> +
> + if ((This == NULL) || IS_EMPTY_STRING (Uri)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + ZeroMem (&Response, sizeof (REDFISH_RESPONSE));
> + Private = REDFISH_RESOURCE_COMMON_PRIVATE_DATA_FROM_RESOURCE_PROTOCOL (This);
> +
> + if (Private->RedfishService == NULL) {
> + return EFI_NOT_READY;
> + }
> +
> + Status = RedfishHttpGetResource (Private->RedfishService, Uri, NULL, &Response, TRUE);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: get resource from: %s failed\n", __func__, Uri));
> + return Status;
> + }
> +
> + Private->Uri = Uri;
> + Private->Payload = Response.Payload;
> + ASSERT (Private->Payload != NULL);
> +
> + Private->Json = JsonDumpString (RedfishJsonInPayload (Private->Payload), EDKII_JSON_COMPACT);
> + ASSERT (Private->Json != NULL);
> +
> + Status = RedfishIdentifyResourceCommon (Private, Private->Json);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: identify %s failed: %r\n", __func__, Uri, Status));
> + }
> +
> + //
> + // Release resource
> + //
> + RedfishHttpFreeResponse (&Response);
> + Private->Payload = NULL;
> +
> + if (Private->Json != NULL) {
> + FreePool (Private->Json);
> + Private->Json = NULL;
> + }
> +
> + return Status;
> +}
> +
> +EDKII_REDFISH_RESOURCE_CONFIG_PROTOCOL mRedfishResourceConfig = {
> + RedfishResourceProvisioningResource,
> + RedfishResourceConsumeResource,
> + RedfishResourceUpdate,
> + RedfishResourceCheck,
> + RedfishResourceIdentify,
> + RedfishResourceGetInfo
> +};
> +
> +/**
> + Initialize a Redfish configure handler.
> +
> + This function will be called by the Redfish config driver to initialize each Redfish configure
> + handler.
> +
> + @param[in] This Pointer to EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
> + @param[in] RedfishConfigServiceInfo Redfish service information.
> +
> + @retval EFI_SUCCESS The handler has been initialized successfully.
> + @retval EFI_DEVICE_ERROR Failed to create or configure the REST EX protocol instance.
> + @retval EFI_ALREADY_STARTED This handler has already been initialized.
> + @retval Other Error happens during the initialization.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishResourceInit (
> + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This,
> + IN REDFISH_CONFIG_SERVICE_INFORMATION *RedfishConfigServiceInfo
> + )
> +{
> + REDFISH_RESOURCE_COMMON_PRIVATE *Private;
> +
> + Private = REDFISH_RESOURCE_COMMON_PRIVATE_DATA_FROM_CONFIG_PROTOCOL (This);
> +
> + Private->RedfishService = RedfishCreateService (RedfishConfigServiceInfo);
> + if (Private->RedfishService == NULL) {
> + return EFI_DEVICE_ERROR;
> + }
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Stop a Redfish configure handler.
> +
> + @param[in] This Pointer to EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
> +
> + @retval EFI_SUCCESS This handler has been stoped successfully.
> + @retval Others Some error happened.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishResourceStop (
> + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This
> + )
> +{
> + REDFISH_RESOURCE_COMMON_PRIVATE *Private;
> +
> + Private = REDFISH_RESOURCE_COMMON_PRIVATE_DATA_FROM_CONFIG_PROTOCOL (This);
> +
> + if (Private->Event != NULL) {
> + gBS->CloseEvent (Private->Event);
> + Private->Event = NULL;
> + }
> +
> + if (Private->RedfishService != NULL) {
> + RedfishCleanupService (Private->RedfishService);
> + Private->RedfishService = NULL;
> + }
> +
> + return EFI_SUCCESS;
> +}
> +
> +EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL mRedfishConfigHandler = {
> + RedfishResourceInit,
> + RedfishResourceStop
> +};
> +
> +/**
> + Callback function when gEfiRestJsonStructureProtocolGuid is installed.
> +
> + @param[in] Event Event whose notification function is being invoked.
> + @param[in] Context Pointer to the notification function's context.
> +**/
> +VOID
> +EFIAPI
> +EfiRestJsonStructureProtocolIsReady (
> + IN EFI_EVENT Event,
> + IN VOID *Context
> + )
> +{
> + EFI_STATUS Status;
> +
> + if (mRedfishResourcePrivate == NULL) {
> + return;
> + }
> +
> + if (mRedfishResourcePrivate->JsonStructProtocol != NULL) {
> + return;
> + }
> +
> + Status = gBS->LocateProtocol (
> + &gEfiRestJsonStructureProtocolGuid,
> + NULL,
> + (VOID **)&mRedfishResourcePrivate->JsonStructProtocol
> + );
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: failed to locate gEfiRestJsonStructureProtocolGuid: %r\n", __func__, Status));
> + }
> +
> + gBS->CloseEvent (Event);
> +}
> +
> +/**
> + Unloads an image.
> +
> + @param ImageHandle Handle that identifies the image to be unloaded.
> +
> + @retval EFI_SUCCESS The image has been unloaded.
> + @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishResourceUnload (
> + IN EFI_HANDLE ImageHandle
> + )
> +{
> + EFI_STATUS Status;
> + EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *ConfigHandler;
> +
> + if (mRedfishResourcePrivate == NULL) {
> + return EFI_NOT_READY;
> + }
> +
> + ConfigHandler = NULL;
> +
> + //
> + // Firstly, find ConfigHandler Protocol interface in this ImageHandle.
> + //
> + Status = gBS->OpenProtocol (
> + ImageHandle,
> + &gEdkIIRedfishConfigHandlerProtocolGuid,
> + (VOID **)&ConfigHandler,
> + NULL,
> + NULL,
> + EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL
> + );
> + if (EFI_ERROR (Status) || (ConfigHandler == NULL)) {
> + return Status;
> + }
> +
> + ConfigHandler->Stop (ConfigHandler);
> +
> + //
> + // Last, uninstall ConfigHandler Protocol and resource protocol.
> + //
> + Status = gBS->UninstallMultipleProtocolInterfaces (
> + ImageHandle,
> + &gEdkIIRedfishConfigHandlerProtocolGuid,
> + ConfigHandler,
> + &gEdkIIRedfishResourceConfigProtocolGuid,
> + &mRedfishResourcePrivate->RedfishResourceConfig,
> + NULL
> + );
> +
> + FreePool (mRedfishResourcePrivate);
> + mRedfishResourcePrivate = NULL;
> +
> + return Status;
> +}
> +
> +/**
> + The callback function provided by Redfish Feature driver.
> +
> + @param[in] This Pointer to EDKII_REDFISH_FEATURE_PROTOCOL instance.
> + @param[in] FeatureAction The action Redfish feature driver should take.
> + @param[in] Uri The collection URI.
> + @param[in] Context The context of Redfish feature driver.
> + @param[in,out] InformationExchange The pointer to RESOURCE_INFORMATION_EXCHANGE
> +
> + @retval EFI_SUCCESS Redfish feature driver callback is executed successfully.
> + @retval Others Some errors happened.
> +
> + @retval EFI_SUCCESS Redfish feature driver callback is executed successfully.
> + @retval Others Some errors happened.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishExternalResourceResourceFeatureCallback (
> + IN EDKII_REDFISH_FEATURE_PROTOCOL *This,
> + IN FEATURE_CALLBACK_ACTION FeatureAction,
> + IN VOID *Context,
> + IN OUT RESOURCE_INFORMATION_EXCHANGE *InformationExchange
> + )
> +{
> + EFI_STATUS Status;
> + REDFISH_SERVICE RedfishService;
> + REDFISH_RESOURCE_COMMON_PRIVATE *Private;
> + EFI_STRING ResourceUri;
> + EFI_STRING SecureBootUri;
> +
> + if (FeatureAction != CallbackActionStartOperation) {
> + return EFI_UNSUPPORTED;
> + }
> +
> + Private = (REDFISH_RESOURCE_COMMON_PRIVATE *)Context;
> +
> + RedfishService = Private->RedfishService;
> + if (RedfishService == NULL) {
> + DEBUG ((DEBUG_ERROR, "%a: no Redfish service configured\n", __func__));
> + return EFI_NOT_READY;
> + }
> +
> + //
> + // Save in private structure.
> + //
> + Private->InformationExchange = InformationExchange;
> +
> + //
> + // Find Redfish version on Redfish ser
> + //
> + Private->RedfishVersion = RedfishGetVersion (RedfishService);
> +
> + //
> + // Create the full URI from Redfish service root.
> + //
> + ResourceUri = (EFI_STRING)AllocateZeroPool (MAX_URI_LENGTH * sizeof (CHAR16));
> + if (ResourceUri == NULL) {
> + DEBUG ((DEBUG_ERROR, "%a: Fail to allocate memory for full URI.\n", __func__));
> + return EFI_OUT_OF_RESOURCES;
> + }
> +
> + StrCatS (ResourceUri, MAX_URI_LENGTH, Private->RedfishVersion);
> + StrCatS (ResourceUri, MAX_URI_LENGTH, InformationExchange->SendInformation.FullUri);
> +
> + //
> + // Initialize collection path
> + //
> + SecureBootUri = RedfishGetUri (ResourceUri);
> + if (SecureBootUri == NULL) {
> + ASSERT (FALSE);
> + FreePool (ResourceUri);
> + return EFI_OUT_OF_RESOURCES;
> + }
> +
> + Status = HandleResource (Private, SecureBootUri);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: process external resource: %s failed: %r\n", __func__, SecureBootUri, Status));
> + }
> +
> + FreePool (SecureBootUri);
> + FreePool (ResourceUri);
> + return Status;
> +}
> +
> +/**
> + Callback function when gEdkIIRedfishFeatureProtocolGuid is installed.
> +
> + @param[in] Event Event whose notification function is being invoked.
> + @param[in] Context Pointer to the notification function's context.
> +**/
> +VOID
> +EFIAPI
> +EdkIIRedfishFeatureProtocolIsReady (
> + IN EFI_EVENT Event,
> + IN VOID *Context
> + )
> +{
> + EFI_STATUS Status;
> + EDKII_REDFISH_FEATURE_PROTOCOL *FeatureProtocol;
> +
> + if (mRedfishResourcePrivate == NULL) {
> + return;
> + }
> +
> + if (mRedfishResourcePrivate->FeatureProtocol != NULL) {
> + return;
> + }
> +
> + Status = gBS->LocateProtocol (
> + &gEdkIIRedfishFeatureProtocolGuid,
> + NULL,
> + (VOID **)&FeatureProtocol
> + );
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: failed to locate gEdkIIRedfishFeatureProtocolGuid: %r\n", __func__, Status));
> + gBS->CloseEvent (Event);
> + return;
> + }
> +
> + Status = FeatureProtocol->Register (
> + FeatureProtocol,
> + REDFISH_MANAGED_URI,
> + RedfishExternalResourceResourceFeatureCallback,
> + (VOID *)mRedfishResourcePrivate
> + );
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: failed to register %s: %r\n", __func__, REDFISH_MANAGED_URI, Status));
> + }
> +
> + mRedfishResourcePrivate->FeatureProtocol = FeatureProtocol;
> +
> + gBS->CloseEvent (Event);
> +}
> +
> +/**
> + This is the declaration of an EFI image entry point. This entry point is
> + the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including
> + both device drivers and bus drivers. It initialize the global variables and
> + publish the driver binding protocol.
> +
> + @param[in] ImageHandle The firmware allocated handle for the UEFI image.
> + @param[in] SystemTable A pointer to the EFI System Table.
> +
> + @retval EFI_SUCCESS The operation completed successfully.
> + @retval EFI_ACCESS_DENIED EFI_ISCSI_INITIATOR_NAME_PROTOCOL was installed unexpectedly.
> + @retval Others Other errors as indicated.
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishResourceEntryPoint (
> + IN EFI_HANDLE ImageHandle,
> + IN EFI_SYSTEM_TABLE *SystemTable
> + )
> +{
> + EFI_STATUS Status;
> + VOID *Registration;
> +
> + if (mRedfishResourcePrivate != NULL) {
> + return EFI_ALREADY_STARTED;
> + }
> +
> + mRedfishResourceConfigProtocolHandle = ImageHandle;
> +
> + mRedfishResourcePrivate = AllocateZeroPool (sizeof (REDFISH_RESOURCE_COMMON_PRIVATE));
> + CopyMem (&mRedfishResourcePrivate->ConfigHandler, &mRedfishConfigHandler, sizeof (EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL));
> + CopyMem (&mRedfishResourcePrivate->RedfishResourceConfig, &mRedfishResourceConfig, sizeof (EDKII_REDFISH_RESOURCE_CONFIG_PROTOCOL));
> +
> + //
> + // Publish config handler protocol and resource protocol.
> + //
> + Status = gBS->InstallMultipleProtocolInterfaces (
> + &ImageHandle,
> + &gEdkIIRedfishConfigHandlerProtocolGuid,
> + &mRedfishResourcePrivate->ConfigHandler,
> + &gEdkIIRedfishResourceConfigProtocolGuid,
> + &mRedfishResourcePrivate->RedfishResourceConfig,
> + NULL
> + );
> +
> + EfiCreateProtocolNotifyEvent (
> + &gEfiRestJsonStructureProtocolGuid,
> + TPL_CALLBACK,
> + EfiRestJsonStructureProtocolIsReady,
> + NULL,
> + &Registration
> + );
> +
> + EfiCreateProtocolNotifyEvent (
> + &gEdkIIRedfishFeatureProtocolGuid,
> + TPL_CALLBACK,
> + EdkIIRedfishFeatureProtocolIsReady,
> + (VOID *)mRedfishResourcePrivate,
> + &Registration
> + );
> +
> + return Status;
> +}
> diff --git a/RedfishClientPkg/RedfishClient.fdf.inc b/RedfishClientPkg/RedfishClient.fdf.inc
> index 59b8acba1..154f641b2 100644
> --- a/RedfishClientPkg/RedfishClient.fdf.inc
> +++ b/RedfishClientPkg/RedfishClient.fdf.inc
> @@ -25,6 +25,7 @@
> INF RedfishClientPkg/HiiToRedfishBiosDxe/HiiToRedfishBiosDxe.inf
> INF RedfishClientPkg/Features/BootOptionCollection/BootOptionCollectionDxe.inf
> INF RedfishClientPkg/Features/BootOption/v1_0_4/Dxe/BootOptionDxe.inf
> + INF RedfishClientPkg/Features/SecureBoot/v1_1_0/Dxe/SecureBootDxe.inf
>
> !include RedfishClientPkg/RedfishJsonStructureDxe.fdf.inc
> #
> --
> 2.34.1
>
Regards,
Mike
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116774): https://edk2.groups.io/g/devel/message/116774
Mute This Topic: https://groups.io/mt/104927848/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-