* [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg: introduce RedfishBootstrapAccountDxe
@ 2024-04-18 12:27 Nickle Wang via groups.io
2024-04-22 2:24 ` Chang, Abner via groups.io
0 siblings, 1 reply; 13+ messages in thread
From: Nickle Wang via groups.io @ 2024-04-18 12:27 UTC (permalink / raw)
To: devel; +Cc: Abner Chang, Igor Kulchytskyy, Nick Ramirez
-Introduce RedfishBootstrapAccountDxe to delete bootstrap
account from /redfish/v1/AccountService/Accounts after BIOS
finished all Redfish jobs. The bootstrap account won't be
available to other application. So deleting bootstrap account
helps to release resource at BMC.
- After bootstrap account is deleted at BMC, the Redfish service
instance is no longer usable. Close Redfish service instance to
release the HTTP connection between BIOS and BMC.
Signed-off-by: Nickle Wang <nicklew@nvidia.com>
Cc: Abner Chang <abner.chang@amd.com>
Cc: Igor Kulchytskyy <igork@ami.com>
Cc: Nick Ramirez <nramirez@nvidia.com>
---
.../RedfishClientComponents.dsc.inc | 1 +
.../RedfishBootstrapAccountDxe.inf | 53 +++
.../RedfishBootstrapAccountDxe.h | 58 ++++
.../RedfishBootstrapAccountDxe.c | 328 ++++++++++++++++++
RedfishClientPkg/RedfishClient.fdf.inc | 1 +
5 files changed, 441 insertions(+)
create mode 100644 RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.inf
create mode 100644 RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.h
create mode 100644 RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.c
diff --git a/RedfishClientPkg/RedfishClientComponents.dsc.inc b/RedfishClientPkg/RedfishClientComponents.dsc.inc
index 42fc0c299..fe5248b62 100644
--- a/RedfishClientPkg/RedfishClientComponents.dsc.inc
+++ b/RedfishClientPkg/RedfishClientComponents.dsc.inc
@@ -20,6 +20,7 @@
RedfishClientPkg/HiiToRedfishMemoryDxe/HiiToRedfishMemoryDxe.inf
RedfishClientPkg/HiiToRedfishBootDxe/HiiToRedfishBootDxe.inf
RedfishClientPkg/HiiToRedfishBiosDxe/HiiToRedfishBiosDxe.inf
+ RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.inf
!endif
#
# Below two modules should be pulled in by build tool.
diff --git a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.inf b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.inf
new file mode 100644
index 000000000..4073e95f4
--- /dev/null
+++ b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.inf
@@ -0,0 +1,53 @@
+## @file
+# This driver deletes bootstrap account in BMC after BIOS Redfish finished
+# all jobs
+#
+# (C) Copyright 2021 Hewlett Packard Enterprise Development LP<BR>
+# Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x0001000b
+ BASE_NAME = RedfishBootstrapAccountDxe
+ FILE_GUID = 87555253-2F7E-45FC-B469-FD35B2E51210
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ ENTRY_POINT = RedfishBootstrapAccountEntryPoint
+ UNLOAD_IMAGE = RedfishBootstrapAccountUnload
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ RedfishPkg/RedfishPkg.dec
+ RedfishClientPkg/RedfishClientPkg.dec
+
+[Sources]
+ RedfishBootstrapAccountDxe.h
+ RedfishBootstrapAccountDxe.c
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+ MemoryAllocationLib
+ PrintLib
+ RedfishEventLib
+ RedfishFeatureUtilityLib
+ RedfishDebugLib
+ RedfishVersionLib
+ RedfishHttpLib
+ UefiLib
+ UefiBootServicesTableLib
+ UefiRuntimeServicesTableLib
+ UefiDriverEntryPoint
+
+[Protocols]
+ gEdkIIRedfishConfigHandlerProtocolGuid ## CONSUMES ##
+ gEdkIIRedfishCredentialProtocolGuid ## CONSUMES ##
+ gEfiRestExProtocolGuid ## CONSUMES ##
+
+[Depex]
+ gEdkIIRedfishCredentialProtocolGuid
diff --git a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.h b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.h
new file mode 100644
index 000000000..5262f1e6b
--- /dev/null
+++ b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.h
@@ -0,0 +1,58 @@
+/** @file
+ Common header file for RedfishBootstrapAccountDxe driver.
+
+ (C) Copyright 2021-2022 Hewlett Packard Enterprise Development LP<BR>
+ Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_
+#define REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_
+
+#include <Uefi.h>
+#include <RedfishBase.h>
+
+//
+// Libraries
+//
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+
+#include <Library/MemoryAllocationLib.h>
+#include <Library/PrintLib.h>
+#include <Library/RedfishEventLib.h>
+#include <Library/RedfishFeatureUtilityLib.h>
+#include <Library/RedfishDebugLib.h>
+#include <Library/RedfishVersionLib.h>
+#include <Library/RedfishHttpLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiDriverEntryPoint.h>
+#include <Library/UefiLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+
+#include <Protocol/EdkIIRedfishConfigHandler.h>
+#include <Protocol/EdkIIRedfishCredential.h>
+#include <Protocol/RestEx.h>
+
+#define REDFISH_BOOTSTRAP_ACCOUNT_DEBUG DEBUG_VERBOSE
+#define REDFISH_MANAGER_ACCOUNT_COLLECTION_URI L"AccountService/Accounts"
+#define REDFISH_URI_LENGTH 128
+
+//
+// Definitions of REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE
+//
+typedef struct {
+ EFI_HANDLE ImageHandle;
+ EFI_HANDLE RestExHandle;
+ REDFISH_SERVICE RedfishService;
+ EFI_EVENT RedfishEvent;
+ EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL Protocol;
+} REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE;
+
+#define REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL(This) \
+ BASE_CR ((This), REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE, Protocol)
+
+#endif
diff --git a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.c b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.c
new file mode 100644
index 000000000..6fe4856f8
--- /dev/null
+++ b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.c
@@ -0,0 +1,328 @@
+/** @file
+ This driver deletes bootstrap account in BMC after BIOS Redfish finished
+ all jobs.
+
+ (C) Copyright 2021-2022 Hewlett Packard Enterprise Development LP<BR>
+ Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "RedfishBootstrapAccountDxe.h"
+
+REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *mBootstrapPrivate = NULL;
+
+/**
+ Close Redfish service instance by calling RestEx protocol to release instance.
+
+ @param[in] RestExHandle Handle of RestEx protocol.
+
+ @retval EFI_SUCCESS The Redfish service is closed successfully.
+ @retval EFI_INVALID_PARAMETER RestExHandle is NULL.
+ @retval Others Error occurs.
+
+**/
+EFI_STATUS
+CloseRedfishService (
+ IN EFI_HANDLE RestExHandle
+ )
+{
+ EFI_REST_EX_PROTOCOL *RestEx;
+ EFI_STATUS Status;
+
+ if (RestExHandle == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Status = gBS->HandleProtocol (
+ RestExHandle,
+ &gEfiRestExProtocolGuid,
+ (VOID **)&RestEx
+ );
+ if (!EFI_ERROR (Status)) {
+ Status = RestEx->Configure (RestEx, NULL);
+ DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: release RestEx instance: %r\n", __func__, Status));
+ }
+
+ return Status;
+}
+
+/**
+ Callback function executed when the AfterProvisioning event group is signaled.
+
+ @param[in] Event Event whose notification function is being invoked.
+ @param[out] Context Pointer to the Context buffer
+
+**/
+VOID
+EFIAPI
+RedfishBootstrapAccountOnRedfishAfterProvisioning (
+ IN EFI_EVENT Event,
+ OUT VOID *Context
+ )
+{
+ EFI_STATUS Status;
+ REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
+ EDKII_REDFISH_CREDENTIAL_PROTOCOL *credentialProtocol;
+ EDKII_REDFISH_AUTH_METHOD AuthMethod;
+ CHAR8 *AccountName;
+ CHAR8 *AccountCredential;
+ CHAR16 TargetUri[REDFISH_URI_LENGTH];
+ CHAR16 *RedfishVersion;
+ REDFISH_RESPONSE RedfishResponse;
+
+ RedfishVersion = NULL;
+
+ Private = (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *)Context;
+ if ((Private == NULL) || (Private->RedfishService == NULL)) {
+ DEBUG ((DEBUG_ERROR, "%a: Redfish service is not available\n", __func__));
+ return;
+ }
+
+ //
+ // Locate Redfish Credential Protocol to get credential for
+ // accessing to Redfish service.
+ //
+ Status = gBS->LocateProtocol (
+ &gEdkIIRedfishCredentialProtocolGuid,
+ NULL,
+ (VOID **)&credentialProtocol
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: No Redfish Credential Protocol is installed on system.", __func__));
+ return;
+ }
+
+ Status = credentialProtocol->GetAuthInfo (
+ credentialProtocol,
+ &AuthMethod,
+ &AccountName,
+ &AccountCredential
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a: can not get bootstrap account information: %r\n", __func__, Status));
+ return;
+ }
+
+ //
+ // Carving the URI
+ //
+ RedfishVersion = RedfishGetVersion (Private->RedfishService);
+ if (RedfishVersion == NULL) {
+ DEBUG ((DEBUG_ERROR, "%a: can not get Redfish version\n", __func__));
+ return;
+ }
+
+ UnicodeSPrint (TargetUri, (sizeof (CHAR16) * REDFISH_URI_LENGTH), L"%s%s/%a", RedfishVersion, REDFISH_MANAGER_ACCOUNT_COLLECTION_URI, AccountName);
+
+ DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap account: %a\n", __func__, AccountName));
+ DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap credential: %a\n", __func__, AccountCredential));
+ DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap URI: %s\n", __func__, TargetUri));
+
+ //
+ // Remove bootstrap account at /redfish/v1/AccountService/Account
+ //
+ ZeroMem (&RedfishResponse, sizeof (REDFISH_RESPONSE));
+ Status = RedfishHttpDeleteResource (
+ Private->RedfishService,
+ TargetUri,
+ &RedfishResponse
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a: can not remove bootstrap account at BMC: %r", __func__, Status));
+ DumpRedfishResponse (__func__, DEBUG_ERROR, &RedfishResponse);
+ } else {
+ DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap account: %a is removed from: %s\n", __func__, AccountName, REDFISH_MANAGER_ACCOUNT_COLLECTION_URI));
+ }
+
+ //
+ // Clean credential
+ //
+ ZeroMem (AccountName, AsciiStrSize (AccountName));
+ ZeroMem (AccountCredential, AsciiStrSize (AccountCredential));
+
+ //
+ // Since the bootstrap account is deleted at BMC, the Redfish service instance is no longer usable.
+ // Close Redfish service instance to release the HTTP connection between BIOS and BMC.
+ //
+ Status = CloseRedfishService (Private->RestExHandle);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a: cannot close Redfish service instance: %r\n", __func__, Status));
+ }
+
+ RedfishHttpFreeResponse (&RedfishResponse);
+
+ return;
+}
+
+/**
+ Initialize a Redfish configure handler.
+
+ This function will be called by the Redfish config driver to initialize each Redfish configure
+ handler.
+
+ @param[in] This Pointer to EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
+ @param[in] RedfishConfigServiceInfo Redfish service informaiton.
+
+ @retval EFI_SUCCESS The handler has been initialized successfully.
+ @retval EFI_DEVICE_ERROR Failed to create or configure the REST EX protocol instance.
+ @retval EFI_ALREADY_STARTED This handler has already been initialized.
+ @retval Other Error happens during the initialization.
+
+**/
+EFI_STATUS
+EFIAPI
+RedfishBootstrapAccountInit (
+ IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This,
+ IN REDFISH_CONFIG_SERVICE_INFORMATION *RedfishConfigServiceInfo
+ )
+{
+ REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
+
+ Private = REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL (This);
+
+ Private->RedfishService = RedfishCreateService (RedfishConfigServiceInfo);
+ if (Private->RedfishService == NULL) {
+ return EFI_DEVICE_ERROR;
+ }
+
+ Private->RestExHandle = RedfishConfigServiceInfo->RedfishServiceRestExHandle;
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Stop a Redfish configure handler.
+
+ @param[in] This Pointer to EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
+
+ @retval EFI_SUCCESS This handler has been stoped successfully.
+ @retval Others Some error happened.
+
+**/
+EFI_STATUS
+EFIAPI
+RedfishBootstrapAccountStop (
+ IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This
+ )
+{
+ REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
+
+ Private = REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL (This);
+
+ if (Private->RedfishService != NULL) {
+ RedfishCleanupService (Private->RedfishService);
+ Private->RedfishService = NULL;
+ }
+
+ return EFI_SUCCESS;
+}
+
+EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL mRedfishConfigHandler = {
+ RedfishBootstrapAccountInit,
+ RedfishBootstrapAccountStop
+};
+
+/**
+ Unloads an image.
+
+ @param[in] ImageHandle Handle that identifies the image to be unloaded.
+
+ @retval EFI_SUCCESS The image has been unloaded.
+ @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle.
+
+**/
+EFI_STATUS
+EFIAPI
+RedfishBootstrapAccountUnload (
+ IN EFI_HANDLE ImageHandle
+ )
+{
+ EFI_STATUS Status;
+
+ if (mBootstrapPrivate == NULL) {
+ return EFI_SUCCESS;
+ }
+
+ if (mBootstrapPrivate->RedfishEvent != NULL) {
+ gBS->CloseEvent (mBootstrapPrivate->RedfishEvent);
+ }
+
+ Status = gBS->UninstallProtocolInterface (
+ mBootstrapPrivate->ImageHandle,
+ &gEdkIIRedfishConfigHandlerProtocolGuid,
+ (VOID *)&mBootstrapPrivate->Protocol
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a: can not uninstall Redfish config handler protocol: %r\n", __func__, Status));
+ }
+
+ FreePool (mBootstrapPrivate);
+ mBootstrapPrivate = NULL;
+
+ return EFI_SUCCESS;
+}
+
+/**
+ This is the declaration of an EFI image entry point. This entry point is
+ the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including
+ both device drivers and bus drivers.
+
+ @param[in] ImageHandle The firmware allocated handle for the UEFI image.
+ @param[in] SystemTable A pointer to the EFI System Table.
+
+ @retval EFI_SUCCESS The operation completed successfully.
+ @retval Others An unexpected error occurred.
+**/
+EFI_STATUS
+EFIAPI
+RedfishBootstrapAccountEntryPoint (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ EFI_STATUS Status;
+
+ if (mBootstrapPrivate != NULL) {
+ return EFI_ALREADY_STARTED;
+ }
+
+ mBootstrapPrivate = AllocateZeroPool (sizeof (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE));
+ if (mBootstrapPrivate == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ CopyMem (&mBootstrapPrivate->Protocol, &mRedfishConfigHandler, sizeof (EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL));
+ Status = gBS->InstallProtocolInterface (
+ &ImageHandle,
+ &gEdkIIRedfishConfigHandlerProtocolGuid,
+ EFI_NATIVE_INTERFACE,
+ &mBootstrapPrivate->Protocol
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a: can not install Redfish config handler protocol: %r\n", __func__, Status));
+ goto ON_ERROR;
+ }
+
+ //
+ // Register after provisioning event to remove bootstrap account.
+ //
+ Status = CreateAfterProvisioningEvent (
+ RedfishBootstrapAccountOnRedfishAfterProvisioning,
+ (VOID *)mBootstrapPrivate,
+ &mBootstrapPrivate->RedfishEvent
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a: failed to register after-provisioning event: %r\n", __func__, Status));
+ goto ON_ERROR;
+ }
+
+ return EFI_SUCCESS;
+
+ON_ERROR:
+
+ RedfishBootstrapAccountUnload (ImageHandle);
+
+ return Status;
+}
diff --git a/RedfishClientPkg/RedfishClient.fdf.inc b/RedfishClientPkg/RedfishClient.fdf.inc
index 154f641b2..47e5093f2 100644
--- a/RedfishClientPkg/RedfishClient.fdf.inc
+++ b/RedfishClientPkg/RedfishClient.fdf.inc
@@ -15,6 +15,7 @@
INF RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.inf
INF RedfishClientPkg/RedfishETagDxe/RedfishETagDxe.inf
INF RedfishClientPkg/RedfishConfigLangMapDxe/RedfishConfigLangMapDxe.inf
+ INF RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.inf
INF RedfishClientPkg/Features/Memory/V1_7_1/Dxe/MemoryDxe.inf
INF RedfishClientPkg/Features/MemoryCollectionDxe/MemoryCollectionDxe.inf
INF RedfishClientPkg/Features/ComputerSystem/v1_5_0/Dxe/ComputerSystemDxe.inf
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117986): https://edk2.groups.io/g/devel/message/117986
Mute This Topic: https://groups.io/mt/105596648/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg: introduce RedfishBootstrapAccountDxe
2024-04-18 12:27 [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg: introduce RedfishBootstrapAccountDxe Nickle Wang via groups.io
@ 2024-04-22 2:24 ` Chang, Abner via groups.io
2024-04-22 15:02 ` Igor Kulchytskyy via groups.io
0 siblings, 1 reply; 13+ messages in thread
From: Chang, Abner via groups.io @ 2024-04-22 2:24 UTC (permalink / raw)
To: Nickle Wang, devel@edk2.groups.io; +Cc: Igor Kulchytskyy, Nick Ramirez
[AMD Official Use Only - General]
Hi Nickle,
One comment and few questions,
> -----Original Message-----
> From: Nickle Wang <nicklew@nvidia.com>
> Sent: Thursday, April 18, 2024 8:28 PM
> To: devel@edk2.groups.io
> Cc: Chang, Abner <Abner.Chang@amd.com>; Igor Kulchytskyy
> <igork@ami.com>; Nick Ramirez <nramirez@nvidia.com>
> Subject: [edk2-redfish-client][PATCH] RedfishClientPkg: introduce
> RedfishBootstrapAccountDxe
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> -Introduce RedfishBootstrapAccountDxe to delete bootstrap
> account from /redfish/v1/AccountService/Accounts after BIOS
> finished all Redfish jobs. The bootstrap account won't be
> available to other application. So deleting bootstrap account
> helps to release resource at BMC.
> - After bootstrap account is deleted at BMC, the Redfish service
> instance is no longer usable. Close Redfish service instance to
> release the HTTP connection between BIOS and BMC.
>
> Signed-off-by: Nickle Wang <nicklew@nvidia.com>
> Cc: Abner Chang <abner.chang@amd.com>
> Cc: Igor Kulchytskyy <igork@ami.com>
> Cc: Nick Ramirez <nramirez@nvidia.com>
> ---
> .../RedfishClientComponents.dsc.inc | 1 +
> .../RedfishBootstrapAccountDxe.inf | 53 +++
> .../RedfishBootstrapAccountDxe.h | 58 ++++
> .../RedfishBootstrapAccountDxe.c | 328 ++++++++++++++++++
> RedfishClientPkg/RedfishClient.fdf.inc | 1 +
> 5 files changed, 441 insertions(+)
> create mode 100644
> RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.inf
> create mode 100644
> RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.h
> create mode 100644
> RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.c
>
> diff --git a/RedfishClientPkg/RedfishClientComponents.dsc.inc
> b/RedfishClientPkg/RedfishClientComponents.dsc.inc
> index 42fc0c299..fe5248b62 100644
> --- a/RedfishClientPkg/RedfishClientComponents.dsc.inc
> +++ b/RedfishClientPkg/RedfishClientComponents.dsc.inc
> @@ -20,6 +20,7 @@
> RedfishClientPkg/HiiToRedfishMemoryDxe/HiiToRedfishMemoryDxe.inf
> RedfishClientPkg/HiiToRedfishBootDxe/HiiToRedfishBootDxe.inf
> RedfishClientPkg/HiiToRedfishBiosDxe/HiiToRedfishBiosDxe.inf
> +
> RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.inf
> !endif
> #
> # Below two modules should be pulled in by build tool.
> diff --git
> a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.in
> f
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.in
> f
> new file mode 100644
> index 000000000..4073e95f4
> --- /dev/null
> +++
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.in
> f
> @@ -0,0 +1,53 @@
> +## @file
> +# This driver deletes bootstrap account in BMC after BIOS Redfish finished
> +# all jobs
> +#
> +# (C) Copyright 2021 Hewlett Packard Enterprise Development LP<BR>
> +# Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
Not sure if you want to update the copyright to 2024.
> +#
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +[Defines]
> + INF_VERSION = 0x0001000b
> + BASE_NAME = RedfishBootstrapAccountDxe
> + FILE_GUID = 87555253-2F7E-45FC-B469-FD35B2E51210
> + MODULE_TYPE = DXE_DRIVER
> + VERSION_STRING = 1.0
> + ENTRY_POINT = RedfishBootstrapAccountEntryPoint
> + UNLOAD_IMAGE = RedfishBootstrapAccountUnload
> +
> +[Packages]
> + MdePkg/MdePkg.dec
> + MdeModulePkg/MdeModulePkg.dec
> + RedfishPkg/RedfishPkg.dec
> + RedfishClientPkg/RedfishClientPkg.dec
> +
> +[Sources]
> + RedfishBootstrapAccountDxe.h
> + RedfishBootstrapAccountDxe.c
> +
> +[LibraryClasses]
> + BaseLib
> + BaseMemoryLib
> + DebugLib
> + MemoryAllocationLib
> + PrintLib
> + RedfishEventLib
> + RedfishFeatureUtilityLib
> + RedfishDebugLib
> + RedfishVersionLib
> + RedfishHttpLib
> + UefiLib
> + UefiBootServicesTableLib
> + UefiRuntimeServicesTableLib
> + UefiDriverEntryPoint
> +
> +[Protocols]
> + gEdkIIRedfishConfigHandlerProtocolGuid ## CONSUMES ##
> + gEdkIIRedfishCredentialProtocolGuid ## CONSUMES ##
> + gEfiRestExProtocolGuid ## CONSUMES ##
> +
> +[Depex]
> + gEdkIIRedfishCredentialProtocolGuid
> diff --git
> a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.h
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.h
> new file mode 100644
> index 000000000..5262f1e6b
> --- /dev/null
> +++
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.h
> @@ -0,0 +1,58 @@
> +/** @file
> + Common header file for RedfishBootstrapAccountDxe driver.
> +
> + (C) Copyright 2021-2022 Hewlett Packard Enterprise Development LP<BR>
> + Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_
> +#define REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_
> +
> +#include <Uefi.h>
> +#include <RedfishBase.h>
> +
> +//
> +// Libraries
> +//
> +#include <Library/BaseLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/DebugLib.h>
> +
> +#include <Library/MemoryAllocationLib.h>
> +#include <Library/PrintLib.h>
> +#include <Library/RedfishEventLib.h>
> +#include <Library/RedfishFeatureUtilityLib.h>
> +#include <Library/RedfishDebugLib.h>
> +#include <Library/RedfishVersionLib.h>
> +#include <Library/RedfishHttpLib.h>
> +#include <Library/UefiBootServicesTableLib.h>
> +#include <Library/UefiDriverEntryPoint.h>
> +#include <Library/UefiLib.h>
> +#include <Library/UefiRuntimeServicesTableLib.h>
> +
> +#include <Protocol/EdkIIRedfishConfigHandler.h>
> +#include <Protocol/EdkIIRedfishCredential.h>
> +#include <Protocol/RestEx.h>
> +
> +#define REDFISH_BOOTSTRAP_ACCOUNT_DEBUG DEBUG_VERBOSE
> +#define REDFISH_MANAGER_ACCOUNT_COLLECTION_URI
> L"AccountService/Accounts"
> +#define REDFISH_URI_LENGTH 128
> +
> +//
> +// Definitions of REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE
> +//
> +typedef struct {
> + EFI_HANDLE ImageHandle;
> + EFI_HANDLE RestExHandle;
> + REDFISH_SERVICE RedfishService;
> + EFI_EVENT RedfishEvent;
> + EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL Protocol;
> +} REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE;
> +
> +#define REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL(This) \
> + BASE_CR ((This), REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE, Protocol)
> +
> +#endif
> diff --git
> a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.c
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.c
> new file mode 100644
> index 000000000..6fe4856f8
> --- /dev/null
> +++
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.c
> @@ -0,0 +1,328 @@
> +/** @file
> + This driver deletes bootstrap account in BMC after BIOS Redfish finished
> + all jobs.
> +
> + (C) Copyright 2021-2022 Hewlett Packard Enterprise Development LP<BR>
> + Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include "RedfishBootstrapAccountDxe.h"
> +
> +REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *mBootstrapPrivate = NULL;
> +
> +/**
> + Close Redfish service instance by calling RestEx protocol to release instance.
> +
> + @param[in] RestExHandle Handle of RestEx protocol.
> +
> + @retval EFI_SUCCESS The Redfish service is closed successfully.
> + @retval EFI_INVALID_PARAMETER RestExHandle is NULL.
> + @retval Others Error occurs.
> +
> +**/
> +EFI_STATUS
> +CloseRedfishService (
> + IN EFI_HANDLE RestExHandle
> + )
> +{
> + EFI_REST_EX_PROTOCOL *RestEx;
> + EFI_STATUS Status;
> +
> + if (RestExHandle == NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + Status = gBS->HandleProtocol (
> + RestExHandle,
> + &gEfiRestExProtocolGuid,
> + (VOID **)&RestEx
> + );
> + if (!EFI_ERROR (Status)) {
> + Status = RestEx->Configure (RestEx, NULL);
> + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: release RestEx
> instance: %r\n", __func__, Status));
> + }
> +
> + return Status;
> +}
> +
> +/**
> + Callback function executed when the AfterProvisioning event group is
> signaled.
> +
> + @param[in] Event Event whose notification function is being invoked.
> + @param[out] Context Pointer to the Context buffer
> +
> +**/
> +VOID
> +EFIAPI
> +RedfishBootstrapAccountOnRedfishAfterProvisioning (
> + IN EFI_EVENT Event,
> + OUT VOID *Context
> + )
> +{
> + EFI_STATUS Status;
> + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> + EDKII_REDFISH_CREDENTIAL_PROTOCOL *credentialProtocol;
> + EDKII_REDFISH_AUTH_METHOD AuthMethod;
> + CHAR8 *AccountName;
> + CHAR8 *AccountCredential;
> + CHAR16 TargetUri[REDFISH_URI_LENGTH];
> + CHAR16 *RedfishVersion;
> + REDFISH_RESPONSE RedfishResponse;
> +
> + RedfishVersion = NULL;
> +
> + Private = (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *)Context;
> + if ((Private == NULL) || (Private->RedfishService == NULL)) {
> + DEBUG ((DEBUG_ERROR, "%a: Redfish service is not available\n",
> __func__));
> + return;
> + }
> +
> + //
> + // Locate Redfish Credential Protocol to get credential for
> + // accessing to Redfish service.
> + //
> + Status = gBS->LocateProtocol (
> + &gEdkIIRedfishCredentialProtocolGuid,
> + NULL,
> + (VOID **)&credentialProtocol
> + );
> + if (EFI_ERROR (Status)) {
> + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: No Redfish
> Credential Protocol is installed on system.", __func__));
> + return;
> + }
> +
> + Status = credentialProtocol->GetAuthInfo (
> + credentialProtocol,
> + &AuthMethod,
> + &AccountName,
> + &AccountCredential
> + );
HI Nickle, I am not quite understand why do we acquire a credential here but delete it from the Redfish account service here after provision.
1. We suppose acquire the credential before we start to communicate with Redfish. Will Redfish credential driver create another bootstrap account here after provisioning?
2. And why do we delete the credential after provisioning? How about the later Redfish property updating process?
Or do I misunderstand the code logic?
Regards,
Abner
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: can not get bootstrap account information:
> %r\n", __func__, Status));
> + return;
> + }
> +
> + //
> + // Carving the URI
> + //
> + RedfishVersion = RedfishGetVersion (Private->RedfishService);
> + if (RedfishVersion == NULL) {
> + DEBUG ((DEBUG_ERROR, "%a: can not get Redfish version\n", __func__));
> + return;
> + }
> +
> + UnicodeSPrint (TargetUri, (sizeof (CHAR16) * REDFISH_URI_LENGTH),
> L"%s%s/%a", RedfishVersion, REDFISH_MANAGER_ACCOUNT_COLLECTION_URI,
> AccountName);
> +
> + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap account:
> %a\n", __func__, AccountName));
> + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap
> credential: %a\n", __func__, AccountCredential));
> + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap URI:
> %s\n", __func__, TargetUri));
> +
> + //
> + // Remove bootstrap account at /redfish/v1/AccountService/Account
> + //
> + ZeroMem (&RedfishResponse, sizeof (REDFISH_RESPONSE));
> + Status = RedfishHttpDeleteResource (
> + Private->RedfishService,
> + TargetUri,
> + &RedfishResponse
> + );
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: can not remove bootstrap account at BMC:
> %r", __func__, Status));
> + DumpRedfishResponse (__func__, DEBUG_ERROR, &RedfishResponse);
> + } else {
> + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap account:
> %a is removed from: %s\n", __func__, AccountName,
> REDFISH_MANAGER_ACCOUNT_COLLECTION_URI));
> + }
> +
> + //
> + // Clean credential
> + //
> + ZeroMem (AccountName, AsciiStrSize (AccountName));
> + ZeroMem (AccountCredential, AsciiStrSize (AccountCredential));
> +
> + //
> + // Since the bootstrap account is deleted at BMC, the Redfish service instance
> is no longer usable.
> + // Close Redfish service instance to release the HTTP connection between
> BIOS and BMC.
> + //
> + Status = CloseRedfishService (Private->RestExHandle);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: cannot close Redfish service instance: %r\n",
> __func__, Status));
> + }
> +
> + RedfishHttpFreeResponse (&RedfishResponse);
> +
> + return;
> +}
> +
> +/**
> + Initialize a Redfish configure handler.
> +
> + This function will be called by the Redfish config driver to initialize each
> Redfish configure
> + handler.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
> + @param[in] RedfishConfigServiceInfo Redfish service informaiton.
> +
> + @retval EFI_SUCCESS The handler has been initialized successfully.
> + @retval EFI_DEVICE_ERROR Failed to create or configure the REST EX
> protocol instance.
> + @retval EFI_ALREADY_STARTED This handler has already been
> initialized.
> + @retval Other Error happens during the initialization.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishBootstrapAccountInit (
> + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This,
> + IN REDFISH_CONFIG_SERVICE_INFORMATION *RedfishConfigServiceInfo
> + )
> +{
> + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> +
> + Private = REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL
> (This);
> +
> + Private->RedfishService = RedfishCreateService (RedfishConfigServiceInfo);
> + if (Private->RedfishService == NULL) {
> + return EFI_DEVICE_ERROR;
> + }
> +
> + Private->RestExHandle = RedfishConfigServiceInfo-
> >RedfishServiceRestExHandle;
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Stop a Redfish configure handler.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
> +
> + @retval EFI_SUCCESS This handler has been stoped successfully.
> + @retval Others Some error happened.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishBootstrapAccountStop (
> + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This
> + )
> +{
> + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> +
> + Private = REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL
> (This);
> +
> + if (Private->RedfishService != NULL) {
> + RedfishCleanupService (Private->RedfishService);
> + Private->RedfishService = NULL;
> + }
> +
> + return EFI_SUCCESS;
> +}
> +
> +EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL mRedfishConfigHandler = {
> + RedfishBootstrapAccountInit,
> + RedfishBootstrapAccountStop
> +};
> +
> +/**
> + Unloads an image.
> +
> + @param[in] ImageHandle Handle that identifies the image to be
> unloaded.
> +
> + @retval EFI_SUCCESS The image has been unloaded.
> + @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishBootstrapAccountUnload (
> + IN EFI_HANDLE ImageHandle
> + )
> +{
> + EFI_STATUS Status;
> +
> + if (mBootstrapPrivate == NULL) {
> + return EFI_SUCCESS;
> + }
> +
> + if (mBootstrapPrivate->RedfishEvent != NULL) {
> + gBS->CloseEvent (mBootstrapPrivate->RedfishEvent);
> + }
> +
> + Status = gBS->UninstallProtocolInterface (
> + mBootstrapPrivate->ImageHandle,
> + &gEdkIIRedfishConfigHandlerProtocolGuid,
> + (VOID *)&mBootstrapPrivate->Protocol
> + );
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: can not uninstall Redfish config handler
> protocol: %r\n", __func__, Status));
> + }
> +
> + FreePool (mBootstrapPrivate);
> + mBootstrapPrivate = NULL;
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + This is the declaration of an EFI image entry point. This entry point is
> + the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including
> + both device drivers and bus drivers.
> +
> + @param[in] ImageHandle The firmware allocated handle for the UEFI
> image.
> + @param[in] SystemTable A pointer to the EFI System Table.
> +
> + @retval EFI_SUCCESS The operation completed successfully.
> + @retval Others An unexpected error occurred.
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishBootstrapAccountEntryPoint (
> + IN EFI_HANDLE ImageHandle,
> + IN EFI_SYSTEM_TABLE *SystemTable
> + )
> +{
> + EFI_STATUS Status;
> +
> + if (mBootstrapPrivate != NULL) {
> + return EFI_ALREADY_STARTED;
> + }
> +
> + mBootstrapPrivate = AllocateZeroPool (sizeof
> (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE));
> + if (mBootstrapPrivate == NULL) {
> + return EFI_OUT_OF_RESOURCES;
> + }
> +
> + CopyMem (&mBootstrapPrivate->Protocol, &mRedfishConfigHandler, sizeof
> (EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL));
> + Status = gBS->InstallProtocolInterface (
> + &ImageHandle,
> + &gEdkIIRedfishConfigHandlerProtocolGuid,
> + EFI_NATIVE_INTERFACE,
> + &mBootstrapPrivate->Protocol
> + );
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: can not install Redfish config handler
> protocol: %r\n", __func__, Status));
> + goto ON_ERROR;
> + }
> +
> + //
> + // Register after provisioning event to remove bootstrap account.
> + //
> + Status = CreateAfterProvisioningEvent (
> + RedfishBootstrapAccountOnRedfishAfterProvisioning,
> + (VOID *)mBootstrapPrivate,
> + &mBootstrapPrivate->RedfishEvent
> + );
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: failed to register after-provisioning event:
> %r\n", __func__, Status));
> + goto ON_ERROR;
> + }
> +
> + return EFI_SUCCESS;
> +
> +ON_ERROR:
> +
> + RedfishBootstrapAccountUnload (ImageHandle);
> +
> + return Status;
> +}
> diff --git a/RedfishClientPkg/RedfishClient.fdf.inc
> b/RedfishClientPkg/RedfishClient.fdf.inc
> index 154f641b2..47e5093f2 100644
> --- a/RedfishClientPkg/RedfishClient.fdf.inc
> +++ b/RedfishClientPkg/RedfishClient.fdf.inc
> @@ -15,6 +15,7 @@
> INF RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.inf
> INF RedfishClientPkg/RedfishETagDxe/RedfishETagDxe.inf
> INF
> RedfishClientPkg/RedfishConfigLangMapDxe/RedfishConfigLangMapDxe.inf
> + INF
> RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.inf
> INF RedfishClientPkg/Features/Memory/V1_7_1/Dxe/MemoryDxe.inf
> INF
> RedfishClientPkg/Features/MemoryCollectionDxe/MemoryCollectionDxe.inf
> INF
> RedfishClientPkg/Features/ComputerSystem/v1_5_0/Dxe/ComputerSystemDxe.i
> nf
> --
> 2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118065): https://edk2.groups.io/g/devel/message/118065
Mute This Topic: https://groups.io/mt/105596648/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg: introduce RedfishBootstrapAccountDxe
2024-04-22 2:24 ` Chang, Abner via groups.io
@ 2024-04-22 15:02 ` Igor Kulchytskyy via groups.io
2024-04-23 7:09 ` Nickle Wang via groups.io
0 siblings, 1 reply; 13+ messages in thread
From: Igor Kulchytskyy via groups.io @ 2024-04-22 15:02 UTC (permalink / raw)
To: Chang, Abner, Nickle Wang, devel@edk2.groups.io; +Cc: Nick Ramirez
Hi Nickle and Abner,
I also have the same question as Abner.
Why do we need to delete those credentials?
According to spec BMC should delete the bootstrap credentials automatically on host or service reset.
Thank you,
Igor
-----Original Message-----
From: Chang, Abner <Abner.Chang@amd.com>
Sent: Sunday, April 21, 2024 10:25 PM
To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io
Cc: Igor Kulchytskyy <igork@ami.com>; Nick Ramirez <nramirez@nvidia.com>
Subject: [EXTERNAL] RE: [edk2-redfish-client][PATCH] RedfishClientPkg: introduce RedfishBootstrapAccountDxe
**CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.**
[AMD Official Use Only - General]
Hi Nickle,
One comment and few questions,
> -----Original Message-----
> From: Nickle Wang <nicklew@nvidia.com>
> Sent: Thursday, April 18, 2024 8:28 PM
> To: devel@edk2.groups.io
> Cc: Chang, Abner <Abner.Chang@amd.com>; Igor Kulchytskyy
> <igork@ami.com>; Nick Ramirez <nramirez@nvidia.com>
> Subject: [edk2-redfish-client][PATCH] RedfishClientPkg: introduce
> RedfishBootstrapAccountDxe
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> -Introduce RedfishBootstrapAccountDxe to delete bootstrap
> account from /redfish/v1/AccountService/Accounts after BIOS
> finished all Redfish jobs. The bootstrap account won't be
> available to other application. So deleting bootstrap account
> helps to release resource at BMC.
> - After bootstrap account is deleted at BMC, the Redfish service
> instance is no longer usable. Close Redfish service instance to
> release the HTTP connection between BIOS and BMC.
>
> Signed-off-by: Nickle Wang <nicklew@nvidia.com>
> Cc: Abner Chang <abner.chang@amd.com>
> Cc: Igor Kulchytskyy <igork@ami.com>
> Cc: Nick Ramirez <nramirez@nvidia.com>
> ---
> .../RedfishClientComponents.dsc.inc | 1 +
> .../RedfishBootstrapAccountDxe.inf | 53 +++
> .../RedfishBootstrapAccountDxe.h | 58 ++++
> .../RedfishBootstrapAccountDxe.c | 328 ++++++++++++++++++
> RedfishClientPkg/RedfishClient.fdf.inc | 1 +
> 5 files changed, 441 insertions(+)
> create mode 100644
> RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.inf
> create mode 100644
> RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.h
> create mode 100644
> RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.c
>
> diff --git a/RedfishClientPkg/RedfishClientComponents.dsc.inc
> b/RedfishClientPkg/RedfishClientComponents.dsc.inc
> index 42fc0c299..fe5248b62 100644
> --- a/RedfishClientPkg/RedfishClientComponents.dsc.inc
> +++ b/RedfishClientPkg/RedfishClientComponents.dsc.inc
> @@ -20,6 +20,7 @@
> RedfishClientPkg/HiiToRedfishMemoryDxe/HiiToRedfishMemoryDxe.inf
> RedfishClientPkg/HiiToRedfishBootDxe/HiiToRedfishBootDxe.inf
> RedfishClientPkg/HiiToRedfishBiosDxe/HiiToRedfishBiosDxe.inf
> +
> RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.inf
> !endif
> #
> # Below two modules should be pulled in by build tool.
> diff --git
> a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.in
> f
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.in
> f
> new file mode 100644
> index 000000000..4073e95f4
> --- /dev/null
> +++
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.in
> f
> @@ -0,0 +1,53 @@
> +## @file
> +# This driver deletes bootstrap account in BMC after BIOS Redfish finished
> +# all jobs
> +#
> +# (C) Copyright 2021 Hewlett Packard Enterprise Development LP<BR>
> +# Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
Not sure if you want to update the copyright to 2024.
> +#
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +[Defines]
> + INF_VERSION = 0x0001000b
> + BASE_NAME = RedfishBootstrapAccountDxe
> + FILE_GUID = 87555253-2F7E-45FC-B469-FD35B2E51210
> + MODULE_TYPE = DXE_DRIVER
> + VERSION_STRING = 1.0
> + ENTRY_POINT = RedfishBootstrapAccountEntryPoint
> + UNLOAD_IMAGE = RedfishBootstrapAccountUnload
> +
> +[Packages]
> + MdePkg/MdePkg.dec
> + MdeModulePkg/MdeModulePkg.dec
> + RedfishPkg/RedfishPkg.dec
> + RedfishClientPkg/RedfishClientPkg.dec
> +
> +[Sources]
> + RedfishBootstrapAccountDxe.h
> + RedfishBootstrapAccountDxe.c
> +
> +[LibraryClasses]
> + BaseLib
> + BaseMemoryLib
> + DebugLib
> + MemoryAllocationLib
> + PrintLib
> + RedfishEventLib
> + RedfishFeatureUtilityLib
> + RedfishDebugLib
> + RedfishVersionLib
> + RedfishHttpLib
> + UefiLib
> + UefiBootServicesTableLib
> + UefiRuntimeServicesTableLib
> + UefiDriverEntryPoint
> +
> +[Protocols]
> + gEdkIIRedfishConfigHandlerProtocolGuid ## CONSUMES ##
> + gEdkIIRedfishCredentialProtocolGuid ## CONSUMES ##
> + gEfiRestExProtocolGuid ## CONSUMES ##
> +
> +[Depex]
> + gEdkIIRedfishCredentialProtocolGuid
> diff --git
> a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.h
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.h
> new file mode 100644
> index 000000000..5262f1e6b
> --- /dev/null
> +++
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.h
> @@ -0,0 +1,58 @@
> +/** @file
> + Common header file for RedfishBootstrapAccountDxe driver.
> +
> + (C) Copyright 2021-2022 Hewlett Packard Enterprise Development LP<BR>
> + Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_
> +#define REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_
> +
> +#include <Uefi.h>
> +#include <RedfishBase.h>
> +
> +//
> +// Libraries
> +//
> +#include <Library/BaseLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/DebugLib.h>
> +
> +#include <Library/MemoryAllocationLib.h>
> +#include <Library/PrintLib.h>
> +#include <Library/RedfishEventLib.h>
> +#include <Library/RedfishFeatureUtilityLib.h>
> +#include <Library/RedfishDebugLib.h>
> +#include <Library/RedfishVersionLib.h>
> +#include <Library/RedfishHttpLib.h>
> +#include <Library/UefiBootServicesTableLib.h>
> +#include <Library/UefiDriverEntryPoint.h>
> +#include <Library/UefiLib.h>
> +#include <Library/UefiRuntimeServicesTableLib.h>
> +
> +#include <Protocol/EdkIIRedfishConfigHandler.h>
> +#include <Protocol/EdkIIRedfishCredential.h>
> +#include <Protocol/RestEx.h>
> +
> +#define REDFISH_BOOTSTRAP_ACCOUNT_DEBUG DEBUG_VERBOSE
> +#define REDFISH_MANAGER_ACCOUNT_COLLECTION_URI
> L"AccountService/Accounts"
> +#define REDFISH_URI_LENGTH 128
> +
> +//
> +// Definitions of REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE
> +//
> +typedef struct {
> + EFI_HANDLE ImageHandle;
> + EFI_HANDLE RestExHandle;
> + REDFISH_SERVICE RedfishService;
> + EFI_EVENT RedfishEvent;
> + EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL Protocol;
> +} REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE;
> +
> +#define REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL(This) \
> + BASE_CR ((This), REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE, Protocol)
> +
> +#endif
> diff --git
> a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.c
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.c
> new file mode 100644
> index 000000000..6fe4856f8
> --- /dev/null
> +++
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.c
> @@ -0,0 +1,328 @@
> +/** @file
> + This driver deletes bootstrap account in BMC after BIOS Redfish finished
> + all jobs.
> +
> + (C) Copyright 2021-2022 Hewlett Packard Enterprise Development LP<BR>
> + Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include "RedfishBootstrapAccountDxe.h"
> +
> +REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *mBootstrapPrivate = NULL;
> +
> +/**
> + Close Redfish service instance by calling RestEx protocol to release instance.
> +
> + @param[in] RestExHandle Handle of RestEx protocol.
> +
> + @retval EFI_SUCCESS The Redfish service is closed successfully.
> + @retval EFI_INVALID_PARAMETER RestExHandle is NULL.
> + @retval Others Error occurs.
> +
> +**/
> +EFI_STATUS
> +CloseRedfishService (
> + IN EFI_HANDLE RestExHandle
> + )
> +{
> + EFI_REST_EX_PROTOCOL *RestEx;
> + EFI_STATUS Status;
> +
> + if (RestExHandle == NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + Status = gBS->HandleProtocol (
> + RestExHandle,
> + &gEfiRestExProtocolGuid,
> + (VOID **)&RestEx
> + );
> + if (!EFI_ERROR (Status)) {
> + Status = RestEx->Configure (RestEx, NULL);
> + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: release RestEx
> instance: %r\n", __func__, Status));
> + }
> +
> + return Status;
> +}
> +
> +/**
> + Callback function executed when the AfterProvisioning event group is
> signaled.
> +
> + @param[in] Event Event whose notification function is being invoked.
> + @param[out] Context Pointer to the Context buffer
> +
> +**/
> +VOID
> +EFIAPI
> +RedfishBootstrapAccountOnRedfishAfterProvisioning (
> + IN EFI_EVENT Event,
> + OUT VOID *Context
> + )
> +{
> + EFI_STATUS Status;
> + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> + EDKII_REDFISH_CREDENTIAL_PROTOCOL *credentialProtocol;
> + EDKII_REDFISH_AUTH_METHOD AuthMethod;
> + CHAR8 *AccountName;
> + CHAR8 *AccountCredential;
> + CHAR16 TargetUri[REDFISH_URI_LENGTH];
> + CHAR16 *RedfishVersion;
> + REDFISH_RESPONSE RedfishResponse;
> +
> + RedfishVersion = NULL;
> +
> + Private = (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *)Context;
> + if ((Private == NULL) || (Private->RedfishService == NULL)) {
> + DEBUG ((DEBUG_ERROR, "%a: Redfish service is not available\n",
> __func__));
> + return;
> + }
> +
> + //
> + // Locate Redfish Credential Protocol to get credential for
> + // accessing to Redfish service.
> + //
> + Status = gBS->LocateProtocol (
> + &gEdkIIRedfishCredentialProtocolGuid,
> + NULL,
> + (VOID **)&credentialProtocol
> + );
> + if (EFI_ERROR (Status)) {
> + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: No Redfish
> Credential Protocol is installed on system.", __func__));
> + return;
> + }
> +
> + Status = credentialProtocol->GetAuthInfo (
> + credentialProtocol,
> + &AuthMethod,
> + &AccountName,
> + &AccountCredential
> + );
HI Nickle, I am not quite understand why do we acquire a credential here but delete it from the Redfish account service here after provision.
1. We suppose acquire the credential before we start to communicate with Redfish. Will Redfish credential driver create another bootstrap account here after provisioning?
2. And why do we delete the credential after provisioning? How about the later Redfish property updating process?
Or do I misunderstand the code logic?
Regards,
Abner
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: can not get bootstrap account information:
> %r\n", __func__, Status));
> + return;
> + }
> +
> + //
> + // Carving the URI
> + //
> + RedfishVersion = RedfishGetVersion (Private->RedfishService);
> + if (RedfishVersion == NULL) {
> + DEBUG ((DEBUG_ERROR, "%a: can not get Redfish version\n", __func__));
> + return;
> + }
> +
> + UnicodeSPrint (TargetUri, (sizeof (CHAR16) * REDFISH_URI_LENGTH),
> L"%s%s/%a", RedfishVersion, REDFISH_MANAGER_ACCOUNT_COLLECTION_URI,
> AccountName);
> +
> + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap account:
> %a\n", __func__, AccountName));
> + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap
> credential: %a\n", __func__, AccountCredential));
> + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap URI:
> %s\n", __func__, TargetUri));
> +
> + //
> + // Remove bootstrap account at /redfish/v1/AccountService/Account
> + //
> + ZeroMem (&RedfishResponse, sizeof (REDFISH_RESPONSE));
> + Status = RedfishHttpDeleteResource (
> + Private->RedfishService,
> + TargetUri,
> + &RedfishResponse
> + );
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: can not remove bootstrap account at BMC:
> %r", __func__, Status));
> + DumpRedfishResponse (__func__, DEBUG_ERROR, &RedfishResponse);
> + } else {
> + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap account:
> %a is removed from: %s\n", __func__, AccountName,
> REDFISH_MANAGER_ACCOUNT_COLLECTION_URI));
> + }
> +
> + //
> + // Clean credential
> + //
> + ZeroMem (AccountName, AsciiStrSize (AccountName));
> + ZeroMem (AccountCredential, AsciiStrSize (AccountCredential));
> +
> + //
> + // Since the bootstrap account is deleted at BMC, the Redfish service instance
> is no longer usable.
> + // Close Redfish service instance to release the HTTP connection between
> BIOS and BMC.
> + //
> + Status = CloseRedfishService (Private->RestExHandle);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: cannot close Redfish service instance: %r\n",
> __func__, Status));
> + }
> +
> + RedfishHttpFreeResponse (&RedfishResponse);
> +
> + return;
> +}
> +
> +/**
> + Initialize a Redfish configure handler.
> +
> + This function will be called by the Redfish config driver to initialize each
> Redfish configure
> + handler.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
> + @param[in] RedfishConfigServiceInfo Redfish service informaiton.
> +
> + @retval EFI_SUCCESS The handler has been initialized successfully.
> + @retval EFI_DEVICE_ERROR Failed to create or configure the REST EX
> protocol instance.
> + @retval EFI_ALREADY_STARTED This handler has already been
> initialized.
> + @retval Other Error happens during the initialization.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishBootstrapAccountInit (
> + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This,
> + IN REDFISH_CONFIG_SERVICE_INFORMATION *RedfishConfigServiceInfo
> + )
> +{
> + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> +
> + Private = REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL
> (This);
> +
> + Private->RedfishService = RedfishCreateService (RedfishConfigServiceInfo);
> + if (Private->RedfishService == NULL) {
> + return EFI_DEVICE_ERROR;
> + }
> +
> + Private->RestExHandle = RedfishConfigServiceInfo-
> >RedfishServiceRestExHandle;
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Stop a Redfish configure handler.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
> +
> + @retval EFI_SUCCESS This handler has been stoped successfully.
> + @retval Others Some error happened.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishBootstrapAccountStop (
> + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This
> + )
> +{
> + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> +
> + Private = REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL
> (This);
> +
> + if (Private->RedfishService != NULL) {
> + RedfishCleanupService (Private->RedfishService);
> + Private->RedfishService = NULL;
> + }
> +
> + return EFI_SUCCESS;
> +}
> +
> +EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL mRedfishConfigHandler = {
> + RedfishBootstrapAccountInit,
> + RedfishBootstrapAccountStop
> +};
> +
> +/**
> + Unloads an image.
> +
> + @param[in] ImageHandle Handle that identifies the image to be
> unloaded.
> +
> + @retval EFI_SUCCESS The image has been unloaded.
> + @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishBootstrapAccountUnload (
> + IN EFI_HANDLE ImageHandle
> + )
> +{
> + EFI_STATUS Status;
> +
> + if (mBootstrapPrivate == NULL) {
> + return EFI_SUCCESS;
> + }
> +
> + if (mBootstrapPrivate->RedfishEvent != NULL) {
> + gBS->CloseEvent (mBootstrapPrivate->RedfishEvent);
> + }
> +
> + Status = gBS->UninstallProtocolInterface (
> + mBootstrapPrivate->ImageHandle,
> + &gEdkIIRedfishConfigHandlerProtocolGuid,
> + (VOID *)&mBootstrapPrivate->Protocol
> + );
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: can not uninstall Redfish config handler
> protocol: %r\n", __func__, Status));
> + }
> +
> + FreePool (mBootstrapPrivate);
> + mBootstrapPrivate = NULL;
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + This is the declaration of an EFI image entry point. This entry point is
> + the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including
> + both device drivers and bus drivers.
> +
> + @param[in] ImageHandle The firmware allocated handle for the UEFI
> image.
> + @param[in] SystemTable A pointer to the EFI System Table.
> +
> + @retval EFI_SUCCESS The operation completed successfully.
> + @retval Others An unexpected error occurred.
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishBootstrapAccountEntryPoint (
> + IN EFI_HANDLE ImageHandle,
> + IN EFI_SYSTEM_TABLE *SystemTable
> + )
> +{
> + EFI_STATUS Status;
> +
> + if (mBootstrapPrivate != NULL) {
> + return EFI_ALREADY_STARTED;
> + }
> +
> + mBootstrapPrivate = AllocateZeroPool (sizeof
> (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE));
> + if (mBootstrapPrivate == NULL) {
> + return EFI_OUT_OF_RESOURCES;
> + }
> +
> + CopyMem (&mBootstrapPrivate->Protocol, &mRedfishConfigHandler, sizeof
> (EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL));
> + Status = gBS->InstallProtocolInterface (
> + &ImageHandle,
> + &gEdkIIRedfishConfigHandlerProtocolGuid,
> + EFI_NATIVE_INTERFACE,
> + &mBootstrapPrivate->Protocol
> + );
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: can not install Redfish config handler
> protocol: %r\n", __func__, Status));
> + goto ON_ERROR;
> + }
> +
> + //
> + // Register after provisioning event to remove bootstrap account.
> + //
> + Status = CreateAfterProvisioningEvent (
> + RedfishBootstrapAccountOnRedfishAfterProvisioning,
> + (VOID *)mBootstrapPrivate,
> + &mBootstrapPrivate->RedfishEvent
> + );
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a: failed to register after-provisioning event:
> %r\n", __func__, Status));
> + goto ON_ERROR;
> + }
> +
> + return EFI_SUCCESS;
> +
> +ON_ERROR:
> +
> + RedfishBootstrapAccountUnload (ImageHandle);
> +
> + return Status;
> +}
> diff --git a/RedfishClientPkg/RedfishClient.fdf.inc
> b/RedfishClientPkg/RedfishClient.fdf.inc
> index 154f641b2..47e5093f2 100644
> --- a/RedfishClientPkg/RedfishClient.fdf.inc
> +++ b/RedfishClientPkg/RedfishClient.fdf.inc
> @@ -15,6 +15,7 @@
> INF RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.inf
> INF RedfishClientPkg/RedfishETagDxe/RedfishETagDxe.inf
> INF
> RedfishClientPkg/RedfishConfigLangMapDxe/RedfishConfigLangMapDxe.inf
> + INF
> RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.inf
> INF RedfishClientPkg/Features/Memory/V1_7_1/Dxe/MemoryDxe.inf
> INF
> RedfishClientPkg/Features/MemoryCollectionDxe/MemoryCollectionDxe.inf
> INF
> RedfishClientPkg/Features/ComputerSystem/v1_5_0/Dxe/ComputerSystemDxe.i
> nf
> --
> 2.34.1
-The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118098): https://edk2.groups.io/g/devel/message/118098
Mute This Topic: https://groups.io/mt/105596648/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg: introduce RedfishBootstrapAccountDxe
2024-04-22 15:02 ` Igor Kulchytskyy via groups.io
@ 2024-04-23 7:09 ` Nickle Wang via groups.io
2024-04-23 7:42 ` Chang, Abner via groups.io
0 siblings, 1 reply; 13+ messages in thread
From: Nickle Wang via groups.io @ 2024-04-23 7:09 UTC (permalink / raw)
To: Igor Kulchytskyy, Chang, Abner, devel@edk2.groups.io; +Cc: Nick Ramirez
Hi Igor, Abner,
Thanks for your review. Please allow me to answer your questions together.
> 1. We suppose acquire the credential before we start to communicate with Redfish. Will Redfish credential driver create another bootstrap account here after provisioning?
No, according to the RedfishPlatformCredentialIpmiLib implementation, Redfish credential driver requests credential from BMC and will keep it for later use. So only one credential is requested for BIOS Redfish feature drivers during POST time.
> 2. And why do we delete the credential after provisioning? How about the later Redfish property updating process?
In this driver, we listen to "AfterProvisioning" event. And this is the event triggered after Redfish feature driver finish all jobs. There is no feature driver which gets executed after this event. And since we finished all Redfish operations, we remove this account on BMC.
> Why do we need to delete those credentials? According to spec BMC should delete the bootstrap credentials automatically on host or service reset.
Yes, bootstrap credentials get deleted on host reset. In practice, server in datacenter usually takes long time running under OS before it gets rebooted. The bootstrap credentials are exposed to end user at "/redfish/v1/AccountService/Accounts". I got report that there is concern for end user to see this unused account.
So, I create this driver to allows us to remove bootstrap account at BMC after we finish Redfish jobs. And this also release the BMC account resource since this account won't be used for a long period of time.
Regards,
Nickle
> -----Original Message-----
> From: Igor Kulchytskyy <igork@ami.com>
> Sent: Monday, April 22, 2024 11:03 PM
> To: Chang, Abner <Abner.Chang@amd.com>; Nickle Wang
> <nicklew@nvidia.com>; devel@edk2.groups.io
> Cc: Nick Ramirez <nramirez@nvidia.com>
> Subject: RE: [EXTERNAL] RE: [edk2-redfish-client][PATCH] RedfishClientPkg:
> introduce RedfishBootstrapAccountDxe
>
> External email: Use caution opening links or attachments
>
>
> Hi Nickle and Abner,
> I also have the same question as Abner.
> Why do we need to delete those credentials?
> According to spec BMC should delete the bootstrap credentials automatically on
> host or service reset.
> Thank you,
> Igor
>
> -----Original Message-----
> From: Chang, Abner <Abner.Chang@amd.com>
> Sent: Sunday, April 21, 2024 10:25 PM
> To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io
> Cc: Igor Kulchytskyy <igork@ami.com>; Nick Ramirez <nramirez@nvidia.com>
> Subject: [EXTERNAL] RE: [edk2-redfish-client][PATCH] RedfishClientPkg:
> introduce RedfishBootstrapAccountDxe
>
>
> **CAUTION: The e-mail below is from an external source. Please exercise
> caution before opening attachments, clicking links, or following guidance.**
>
> [AMD Official Use Only - General]
>
> Hi Nickle,
> One comment and few questions,
>
> > -----Original Message-----
> > From: Nickle Wang <nicklew@nvidia.com>
> > Sent: Thursday, April 18, 2024 8:28 PM
> > To: devel@edk2.groups.io
> > Cc: Chang, Abner <Abner.Chang@amd.com>; Igor Kulchytskyy
> > <igork@ami.com>; Nick Ramirez <nramirez@nvidia.com>
> > Subject: [edk2-redfish-client][PATCH] RedfishClientPkg: introduce
> > RedfishBootstrapAccountDxe
> >
> > Caution: This message originated from an External Source. Use proper
> > caution when opening attachments, clicking links, or responding.
> >
> >
> > -Introduce RedfishBootstrapAccountDxe to delete bootstrap account from
> > /redfish/v1/AccountService/Accounts after BIOS finished all Redfish
> > jobs. The bootstrap account won't be available to other application.
> > So deleting bootstrap account helps to release resource at BMC.
> > - After bootstrap account is deleted at BMC, the Redfish service
> > instance is no longer usable. Close Redfish service instance to
> > release the HTTP connection between BIOS and BMC.
> >
> > Signed-off-by: Nickle Wang <nicklew@nvidia.com>
> > Cc: Abner Chang <abner.chang@amd.com>
> > Cc: Igor Kulchytskyy <igork@ami.com>
> > Cc: Nick Ramirez <nramirez@nvidia.com>
> > ---
> > .../RedfishClientComponents.dsc.inc | 1 +
> > .../RedfishBootstrapAccountDxe.inf | 53 +++
> > .../RedfishBootstrapAccountDxe.h | 58 ++++
> > .../RedfishBootstrapAccountDxe.c | 328 ++++++++++++++++++
> > RedfishClientPkg/RedfishClient.fdf.inc | 1 +
> > 5 files changed, 441 insertions(+)
> > create mode 100644
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > .inf
> > create mode 100644
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > .h
> > create mode 100644
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > .c
> >
> > diff --git a/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > b/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > index 42fc0c299..fe5248b62 100644
> > --- a/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > +++ b/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > @@ -20,6 +20,7 @@
> > RedfishClientPkg/HiiToRedfishMemoryDxe/HiiToRedfishMemoryDxe.inf
> > RedfishClientPkg/HiiToRedfishBootDxe/HiiToRedfishBootDxe.inf
> > RedfishClientPkg/HiiToRedfishBiosDxe/HiiToRedfishBiosDxe.inf
> > +
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > .inf
> > !endif
> > #
> > # Below two modules should be pulled in by build tool.
> > diff --git
> > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > xe.in
> > f
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > xe.in
> > f
> > new file mode 100644
> > index 000000000..4073e95f4
> > --- /dev/null
> > +++
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > xe.in
> > f
> > @@ -0,0 +1,53 @@
> > +## @file
> > +# This driver deletes bootstrap account in BMC after BIOS Redfish
> > +finished # all jobs # # (C) Copyright 2021 Hewlett Packard
> > +Enterprise Development LP<BR> # Copyright (c) 2023, NVIDIA
> > +CORPORATION & AFFILIATES. All rights reserved.
>
>
> Not sure if you want to update the copyright to 2024.
>
>
> > +#
> > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ##
> > +
> > +[Defines]
> > + INF_VERSION = 0x0001000b
> > + BASE_NAME = RedfishBootstrapAccountDxe
> > + FILE_GUID = 87555253-2F7E-45FC-B469-FD35B2E51210
> > + MODULE_TYPE = DXE_DRIVER
> > + VERSION_STRING = 1.0
> > + ENTRY_POINT = RedfishBootstrapAccountEntryPoint
> > + UNLOAD_IMAGE = RedfishBootstrapAccountUnload
> > +
> > +[Packages]
> > + MdePkg/MdePkg.dec
> > + MdeModulePkg/MdeModulePkg.dec
> > + RedfishPkg/RedfishPkg.dec
> > + RedfishClientPkg/RedfishClientPkg.dec
> > +
> > +[Sources]
> > + RedfishBootstrapAccountDxe.h
> > + RedfishBootstrapAccountDxe.c
> > +
> > +[LibraryClasses]
> > + BaseLib
> > + BaseMemoryLib
> > + DebugLib
> > + MemoryAllocationLib
> > + PrintLib
> > + RedfishEventLib
> > + RedfishFeatureUtilityLib
> > + RedfishDebugLib
> > + RedfishVersionLib
> > + RedfishHttpLib
> > + UefiLib
> > + UefiBootServicesTableLib
> > + UefiRuntimeServicesTableLib
> > + UefiDriverEntryPoint
> > +
> > +[Protocols]
> > + gEdkIIRedfishConfigHandlerProtocolGuid ## CONSUMES ##
> > + gEdkIIRedfishCredentialProtocolGuid ## CONSUMES ##
> > + gEfiRestExProtocolGuid ## CONSUMES ##
> > +
> > +[Depex]
> > + gEdkIIRedfishCredentialProtocolGuid
> > diff --git
> > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > xe.h
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > xe.h
> > new file mode 100644
> > index 000000000..5262f1e6b
> > --- /dev/null
> > +++
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > xe.h
> > @@ -0,0 +1,58 @@
> > +/** @file
> > + Common header file for RedfishBootstrapAccountDxe driver.
> > +
> > + (C) Copyright 2021-2022 Hewlett Packard Enterprise Development
> > + LP<BR> Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights
> reserved.
> > +
> > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +
> > +#ifndef REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_ #define
> > +REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_
> > +
> > +#include <Uefi.h>
> > +#include <RedfishBase.h>
> > +
> > +//
> > +// Libraries
> > +//
> > +#include <Library/BaseLib.h>
> > +#include <Library/BaseMemoryLib.h>
> > +#include <Library/DebugLib.h>
> > +
> > +#include <Library/MemoryAllocationLib.h> #include
> > +<Library/PrintLib.h> #include <Library/RedfishEventLib.h> #include
> > +<Library/RedfishFeatureUtilityLib.h>
> > +#include <Library/RedfishDebugLib.h>
> > +#include <Library/RedfishVersionLib.h> #include
> > +<Library/RedfishHttpLib.h> #include
> > +<Library/UefiBootServicesTableLib.h>
> > +#include <Library/UefiDriverEntryPoint.h> #include
> > +<Library/UefiLib.h> #include <Library/UefiRuntimeServicesTableLib.h>
> > +
> > +#include <Protocol/EdkIIRedfishConfigHandler.h>
> > +#include <Protocol/EdkIIRedfishCredential.h>
> > +#include <Protocol/RestEx.h>
> > +
> > +#define REDFISH_BOOTSTRAP_ACCOUNT_DEBUG DEBUG_VERBOSE
> > +#define REDFISH_MANAGER_ACCOUNT_COLLECTION_URI
> > L"AccountService/Accounts"
> > +#define REDFISH_URI_LENGTH 128
> > +
> > +//
> > +// Definitions of REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE // typedef struct
> > +{
> > + EFI_HANDLE ImageHandle;
> > + EFI_HANDLE RestExHandle;
> > + REDFISH_SERVICE RedfishService;
> > + EFI_EVENT RedfishEvent;
> > + EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL Protocol;
> > +} REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE;
> > +
> > +#define REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL(This) \
> > + BASE_CR ((This), REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE,
> > +Protocol)
> > +
> > +#endif
> > diff --git
> > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > xe.c
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > xe.c
> > new file mode 100644
> > index 000000000..6fe4856f8
> > --- /dev/null
> > +++
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > xe.c
> > @@ -0,0 +1,328 @@
> > +/** @file
> > + This driver deletes bootstrap account in BMC after BIOS Redfish
> > +finished
> > + all jobs.
> > +
> > + (C) Copyright 2021-2022 Hewlett Packard Enterprise Development
> > + LP<BR> Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights
> reserved.
> > +
> > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +
> > +#include "RedfishBootstrapAccountDxe.h"
> > +
> > +REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *mBootstrapPrivate = NULL;
> > +
> > +/**
> > + Close Redfish service instance by calling RestEx protocol to release instance.
> > +
> > + @param[in] RestExHandle Handle of RestEx protocol.
> > +
> > + @retval EFI_SUCCESS The Redfish service is closed successfully.
> > + @retval EFI_INVALID_PARAMETER RestExHandle is NULL.
> > + @retval Others Error occurs.
> > +
> > +**/
> > +EFI_STATUS
> > +CloseRedfishService (
> > + IN EFI_HANDLE RestExHandle
> > + )
> > +{
> > + EFI_REST_EX_PROTOCOL *RestEx;
> > + EFI_STATUS Status;
> > +
> > + if (RestExHandle == NULL) {
> > + return EFI_INVALID_PARAMETER;
> > + }
> > +
> > + Status = gBS->HandleProtocol (
> > + RestExHandle,
> > + &gEfiRestExProtocolGuid,
> > + (VOID **)&RestEx
> > + );
> > + if (!EFI_ERROR (Status)) {
> > + Status = RestEx->Configure (RestEx, NULL);
> > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: release RestEx
> > instance: %r\n", __func__, Status));
> > + }
> > +
> > + return Status;
> > +}
> > +
> > +/**
> > + Callback function executed when the AfterProvisioning event group
> > +is
> > signaled.
> > +
> > + @param[in] Event Event whose notification function is being invoked.
> > + @param[out] Context Pointer to the Context buffer
> > +
> > +**/
> > +VOID
> > +EFIAPI
> > +RedfishBootstrapAccountOnRedfishAfterProvisioning (
> > + IN EFI_EVENT Event,
> > + OUT VOID *Context
> > + )
> > +{
> > + EFI_STATUS Status;
> > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > + EDKII_REDFISH_CREDENTIAL_PROTOCOL *credentialProtocol;
> > + EDKII_REDFISH_AUTH_METHOD AuthMethod;
> > + CHAR8 *AccountName;
> > + CHAR8 *AccountCredential;
> > + CHAR16 TargetUri[REDFISH_URI_LENGTH];
> > + CHAR16 *RedfishVersion;
> > + REDFISH_RESPONSE RedfishResponse;
> > +
> > + RedfishVersion = NULL;
> > +
> > + Private = (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *)Context; if
> > + ((Private == NULL) || (Private->RedfishService == NULL)) {
> > + DEBUG ((DEBUG_ERROR, "%a: Redfish service is not available\n",
> > __func__));
> > + return;
> > + }
> > +
> > + //
> > + // Locate Redfish Credential Protocol to get credential for //
> > + accessing to Redfish service.
> > + //
> > + Status = gBS->LocateProtocol (
> > + &gEdkIIRedfishCredentialProtocolGuid,
> > + NULL,
> > + (VOID **)&credentialProtocol
> > + );
> > + if (EFI_ERROR (Status)) {
> > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: No Redfish
> > Credential Protocol is installed on system.", __func__));
> > + return;
> > + }
> > +
> > + Status = credentialProtocol->GetAuthInfo (
> > + credentialProtocol,
> > + &AuthMethod,
> > + &AccountName,
> > + &AccountCredential
> > + );
>
> HI Nickle, I am not quite understand why do we acquire a credential here but
> delete it from the Redfish account service here after provision.
> 1. We suppose acquire the credential before we start to communicate with
> Redfish. Will Redfish credential driver create another bootstrap account here
> after provisioning?
> 2. And why do we delete the credential after provisioning? How about the later
> Redfish property updating process?
> Or do I misunderstand the code logic?
>
> Regards,
> Abner
>
> > + if (EFI_ERROR (Status)) {
> > + DEBUG ((DEBUG_ERROR, "%a: can not get bootstrap account information:
> > %r\n", __func__, Status));
> > + return;
> > + }
> > +
> > + //
> > + // Carving the URI
> > + //
> > + RedfishVersion = RedfishGetVersion (Private->RedfishService); if
> > + (RedfishVersion == NULL) {
> > + DEBUG ((DEBUG_ERROR, "%a: can not get Redfish version\n", __func__));
> > + return;
> > + }
> > +
> > + UnicodeSPrint (TargetUri, (sizeof (CHAR16) * REDFISH_URI_LENGTH),
> > L"%s%s/%a", RedfishVersion,
> REDFISH_MANAGER_ACCOUNT_COLLECTION_URI,
> > AccountName);
> > +
> > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap account:
> > %a\n", __func__, AccountName));
> > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap
> > credential: %a\n", __func__, AccountCredential));
> > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap URI:
> > %s\n", __func__, TargetUri));
> > +
> > + //
> > + // Remove bootstrap account at /redfish/v1/AccountService/Account
> > + //
> > + ZeroMem (&RedfishResponse, sizeof (REDFISH_RESPONSE)); Status =
> > + RedfishHttpDeleteResource (
> > + Private->RedfishService,
> > + TargetUri,
> > + &RedfishResponse
> > + );
> > + if (EFI_ERROR (Status)) {
> > + DEBUG ((DEBUG_ERROR, "%a: can not remove bootstrap account at BMC:
> > %r", __func__, Status));
> > + DumpRedfishResponse (__func__, DEBUG_ERROR, &RedfishResponse); }
> > + else {
> > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap
> account:
> > %a is removed from: %s\n", __func__, AccountName,
> > REDFISH_MANAGER_ACCOUNT_COLLECTION_URI));
> > + }
> > +
> > + //
> > + // Clean credential
> > + //
> > + ZeroMem (AccountName, AsciiStrSize (AccountName)); ZeroMem
> > + (AccountCredential, AsciiStrSize (AccountCredential));
> > +
> > + //
> > + // Since the bootstrap account is deleted at BMC, the Redfish
> > + service instance
> > is no longer usable.
> > + // Close Redfish service instance to release the HTTP connection
> > + between
> > BIOS and BMC.
> > + //
> > + Status = CloseRedfishService (Private->RestExHandle); if
> > + (EFI_ERROR (Status)) {
> > + DEBUG ((DEBUG_ERROR, "%a: cannot close Redfish service instance:
> > + %r\n",
> > __func__, Status));
> > + }
> > +
> > + RedfishHttpFreeResponse (&RedfishResponse);
> > +
> > + return;
> > +}
> > +
> > +/**
> > + Initialize a Redfish configure handler.
> > +
> > + This function will be called by the Redfish config driver to
> > + initialize each
> > Redfish configure
> > + handler.
> > +
> > + @param[in] This Pointer to
> > EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
> > + @param[in] RedfishConfigServiceInfo Redfish service informaiton.
> > +
> > + @retval EFI_SUCCESS The handler has been initialized successfully.
> > + @retval EFI_DEVICE_ERROR Failed to create or configure the REST EX
> > protocol instance.
> > + @retval EFI_ALREADY_STARTED This handler has already been
> > initialized.
> > + @retval Other Error happens during the initialization.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +RedfishBootstrapAccountInit (
> > + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This,
> > + IN REDFISH_CONFIG_SERVICE_INFORMATION *RedfishConfigServiceInfo
> > + )
> > +{
> > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > +
> > + Private = REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL
> > (This);
> > +
> > + Private->RedfishService = RedfishCreateService
> > + (RedfishConfigServiceInfo); if (Private->RedfishService == NULL) {
> > + return EFI_DEVICE_ERROR;
> > + }
> > +
> > + Private->RestExHandle = RedfishConfigServiceInfo-
> > >RedfishServiceRestExHandle;
> > +
> > + return EFI_SUCCESS;
> > +}
> > +
> > +/**
> > + Stop a Redfish configure handler.
> > +
> > + @param[in] This Pointer to
> > EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
> > +
> > + @retval EFI_SUCCESS This handler has been stoped successfully.
> > + @retval Others Some error happened.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +RedfishBootstrapAccountStop (
> > + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This
> > + )
> > +{
> > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > +
> > + Private = REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL
> > (This);
> > +
> > + if (Private->RedfishService != NULL) {
> > + RedfishCleanupService (Private->RedfishService);
> > + Private->RedfishService = NULL;
> > + }
> > +
> > + return EFI_SUCCESS;
> > +}
> > +
> > +EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL mRedfishConfigHandler = {
> > + RedfishBootstrapAccountInit,
> > + RedfishBootstrapAccountStop
> > +};
> > +
> > +/**
> > + Unloads an image.
> > +
> > + @param[in] ImageHandle Handle that identifies the image to be
> > unloaded.
> > +
> > + @retval EFI_SUCCESS The image has been unloaded.
> > + @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +RedfishBootstrapAccountUnload (
> > + IN EFI_HANDLE ImageHandle
> > + )
> > +{
> > + EFI_STATUS Status;
> > +
> > + if (mBootstrapPrivate == NULL) {
> > + return EFI_SUCCESS;
> > + }
> > +
> > + if (mBootstrapPrivate->RedfishEvent != NULL) {
> > + gBS->CloseEvent (mBootstrapPrivate->RedfishEvent);
> > + }
> > +
> > + Status = gBS->UninstallProtocolInterface (
> > + mBootstrapPrivate->ImageHandle,
> > + &gEdkIIRedfishConfigHandlerProtocolGuid,
> > + (VOID *)&mBootstrapPrivate->Protocol
> > + );
> > + if (EFI_ERROR (Status)) {
> > + DEBUG ((DEBUG_ERROR, "%a: can not uninstall Redfish config
> > + handler
> > protocol: %r\n", __func__, Status));
> > + }
> > +
> > + FreePool (mBootstrapPrivate);
> > + mBootstrapPrivate = NULL;
> > +
> > + return EFI_SUCCESS;
> > +}
> > +
> > +/**
> > + This is the declaration of an EFI image entry point. This entry
> > +point is
> > + the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers
> > +including
> > + both device drivers and bus drivers.
> > +
> > + @param[in] ImageHandle The firmware allocated handle for the UEFI
> > image.
> > + @param[in] SystemTable A pointer to the EFI System Table.
> > +
> > + @retval EFI_SUCCESS The operation completed successfully.
> > + @retval Others An unexpected error occurred.
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +RedfishBootstrapAccountEntryPoint (
> > + IN EFI_HANDLE ImageHandle,
> > + IN EFI_SYSTEM_TABLE *SystemTable
> > + )
> > +{
> > + EFI_STATUS Status;
> > +
> > + if (mBootstrapPrivate != NULL) {
> > + return EFI_ALREADY_STARTED;
> > + }
> > +
> > + mBootstrapPrivate = AllocateZeroPool (sizeof
> > (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE));
> > + if (mBootstrapPrivate == NULL) {
> > + return EFI_OUT_OF_RESOURCES;
> > + }
> > +
> > + CopyMem (&mBootstrapPrivate->Protocol, &mRedfishConfigHandler,
> > + sizeof
> > (EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL));
> > + Status = gBS->InstallProtocolInterface (
> > + &ImageHandle,
> > + &gEdkIIRedfishConfigHandlerProtocolGuid,
> > + EFI_NATIVE_INTERFACE,
> > + &mBootstrapPrivate->Protocol
> > + );
> > + if (EFI_ERROR (Status)) {
> > + DEBUG ((DEBUG_ERROR, "%a: can not install Redfish config handler
> > protocol: %r\n", __func__, Status));
> > + goto ON_ERROR;
> > + }
> > +
> > + //
> > + // Register after provisioning event to remove bootstrap account.
> > + //
> > + Status = CreateAfterProvisioningEvent (
> > + RedfishBootstrapAccountOnRedfishAfterProvisioning,
> > + (VOID *)mBootstrapPrivate,
> > + &mBootstrapPrivate->RedfishEvent
> > + );
> > + if (EFI_ERROR (Status)) {
> > + DEBUG ((DEBUG_ERROR, "%a: failed to register after-provisioning event:
> > %r\n", __func__, Status));
> > + goto ON_ERROR;
> > + }
> > +
> > + return EFI_SUCCESS;
> > +
> > +ON_ERROR:
> > +
> > + RedfishBootstrapAccountUnload (ImageHandle);
> > +
> > + return Status;
> > +}
> > diff --git a/RedfishClientPkg/RedfishClient.fdf.inc
> > b/RedfishClientPkg/RedfishClient.fdf.inc
> > index 154f641b2..47e5093f2 100644
> > --- a/RedfishClientPkg/RedfishClient.fdf.inc
> > +++ b/RedfishClientPkg/RedfishClient.fdf.inc
> > @@ -15,6 +15,7 @@
> > INF RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.inf
> > INF RedfishClientPkg/RedfishETagDxe/RedfishETagDxe.inf
> > INF
> > RedfishClientPkg/RedfishConfigLangMapDxe/RedfishConfigLangMapDxe.inf
> > + INF
> >
> RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.inf
> > INF RedfishClientPkg/Features/Memory/V1_7_1/Dxe/MemoryDxe.inf
> > INF
> > RedfishClientPkg/Features/MemoryCollectionDxe/MemoryCollectionDxe.inf
> > INF
> >
> RedfishClientPkg/Features/ComputerSystem/v1_5_0/Dxe/ComputerSystemDxe.
> > i
> > nf
> > --
> > 2.34.1
>
> -The information contained in this message may be confidential and proprietary
> to American Megatrends (AMI). This communication is intended to be read only by
> the individual or entity to whom it is addressed or by their designee. If the reader
> of this message is not the intended recipient, you are on notice that any
> distribution of this message, in any form, is strictly prohibited. Please promptly
> notify the sender by reply e-mail or by telephone at 770-246-8600, and then
> delete or destroy all copies of the transmission.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118127): https://edk2.groups.io/g/devel/message/118127
Mute This Topic: https://groups.io/mt/105596648/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg: introduce RedfishBootstrapAccountDxe
2024-04-23 7:09 ` Nickle Wang via groups.io
@ 2024-04-23 7:42 ` Chang, Abner via groups.io
2024-05-14 12:40 ` Nickle Wang via groups.io
0 siblings, 1 reply; 13+ messages in thread
From: Chang, Abner via groups.io @ 2024-04-23 7:42 UTC (permalink / raw)
To: Nickle Wang, Igor Kulchytskyy, devel@edk2.groups.io; +Cc: Nick Ramirez
[AMD Official Use Only - General]
> -----Original Message-----
> From: Nickle Wang <nicklew@nvidia.com>
> Sent: Tuesday, April 23, 2024 3:09 PM
> To: Igor Kulchytskyy <igork@ami.com>; Chang, Abner
> <Abner.Chang@amd.com>; devel@edk2.groups.io
> Cc: Nick Ramirez <nramirez@nvidia.com>
> Subject: RE: [EXTERNAL] RE: [edk2-redfish-client][PATCH] RedfishClientPkg:
> introduce RedfishBootstrapAccountDxe
>
> [AMD Official Use Only - General]
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> Hi Igor, Abner,
>
> Thanks for your review. Please allow me to answer your questions together.
>
> > 1. We suppose acquire the credential before we start to communicate with
> Redfish. Will Redfish credential driver create another bootstrap account here
> after provisioning?
> No, according to the RedfishPlatformCredentialIpmiLib implementation,
> Redfish credential driver requests credential from BMC and will keep it for later
> use. So only one credential is requested for BIOS Redfish feature drivers during
> POST time.
Ok, then I don't have the problem with invoking GetAuthInfo again. However, I will suggest to add more description in GetAuthInfo function header, mention that we will keep the auth info in EFI variable until exist boot service.
Also, give some more descriptions on the code you invoke to GetAuthInfo.
>
> > 2. And why do we delete the credential after provisioning? How about the
> later Redfish property updating process?
> In this driver, we listen to "AfterProvisioning" event. And this is the event
> triggered after Redfish feature driver finish all jobs. There is no feature driver
> which gets executed after this event. And since we finished all Redfish
> operations, we remove this account on BMC.
Then this makes sense to me now.
>
> > Why do we need to delete those credentials? According to spec BMC should
> delete the bootstrap credentials automatically on host or service reset.
> Yes, bootstrap credentials get deleted on host reset. In practice, server in
> datacenter usually takes long time running under OS before it gets rebooted.
> The bootstrap credentials are exposed to end user at
> "/redfish/v1/AccountService/Accounts". I got report that there is concern for
> end user to see this unused account.
This sounds to me reasonable as we will give bootstrap credential a high privilege to update Redfish resource. Leave this information in Account service seems not a good idea.
Thanks
Abner
>
> So, I create this driver to allows us to remove bootstrap account at BMC after
> we finish Redfish jobs. And this also release the BMC account resource since
> this account won't be used for a long period of time.
>
> Regards,
> Nickle
>
> > -----Original Message-----
> > From: Igor Kulchytskyy <igork@ami.com>
> > Sent: Monday, April 22, 2024 11:03 PM
> > To: Chang, Abner <Abner.Chang@amd.com>; Nickle Wang
> > <nicklew@nvidia.com>; devel@edk2.groups.io
> > Cc: Nick Ramirez <nramirez@nvidia.com>
> > Subject: RE: [EXTERNAL] RE: [edk2-redfish-client][PATCH] RedfishClientPkg:
> > introduce RedfishBootstrapAccountDxe
> >
> > External email: Use caution opening links or attachments
> >
> >
> > Hi Nickle and Abner,
> > I also have the same question as Abner.
> > Why do we need to delete those credentials?
> > According to spec BMC should delete the bootstrap credentials automatically
> on
> > host or service reset.
> > Thank you,
> > Igor
> >
> > -----Original Message-----
> > From: Chang, Abner <Abner.Chang@amd.com>
> > Sent: Sunday, April 21, 2024 10:25 PM
> > To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io
> > Cc: Igor Kulchytskyy <igork@ami.com>; Nick Ramirez
> <nramirez@nvidia.com>
> > Subject: [EXTERNAL] RE: [edk2-redfish-client][PATCH] RedfishClientPkg:
> > introduce RedfishBootstrapAccountDxe
> >
> >
> > **CAUTION: The e-mail below is from an external source. Please exercise
> > caution before opening attachments, clicking links, or following guidance.**
> >
> > [AMD Official Use Only - General]
> >
> > Hi Nickle,
> > One comment and few questions,
> >
> > > -----Original Message-----
> > > From: Nickle Wang <nicklew@nvidia.com>
> > > Sent: Thursday, April 18, 2024 8:28 PM
> > > To: devel@edk2.groups.io
> > > Cc: Chang, Abner <Abner.Chang@amd.com>; Igor Kulchytskyy
> > > <igork@ami.com>; Nick Ramirez <nramirez@nvidia.com>
> > > Subject: [edk2-redfish-client][PATCH] RedfishClientPkg: introduce
> > > RedfishBootstrapAccountDxe
> > >
> > > Caution: This message originated from an External Source. Use proper
> > > caution when opening attachments, clicking links, or responding.
> > >
> > >
> > > -Introduce RedfishBootstrapAccountDxe to delete bootstrap account from
> > > /redfish/v1/AccountService/Accounts after BIOS finished all Redfish
> > > jobs. The bootstrap account won't be available to other application.
> > > So deleting bootstrap account helps to release resource at BMC.
> > > - After bootstrap account is deleted at BMC, the Redfish service
> > > instance is no longer usable. Close Redfish service instance to
> > > release the HTTP connection between BIOS and BMC.
> > >
> > > Signed-off-by: Nickle Wang <nicklew@nvidia.com>
> > > Cc: Abner Chang <abner.chang@amd.com>
> > > Cc: Igor Kulchytskyy <igork@ami.com>
> > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > ---
> > > .../RedfishClientComponents.dsc.inc | 1 +
> > > .../RedfishBootstrapAccountDxe.inf | 53 +++
> > > .../RedfishBootstrapAccountDxe.h | 58 ++++
> > > .../RedfishBootstrapAccountDxe.c | 328 ++++++++++++++++++
> > > RedfishClientPkg/RedfishClient.fdf.inc | 1 +
> > > 5 files changed, 441 insertions(+)
> > > create mode 100644
> > >
> RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > .inf
> > > create mode 100644
> > >
> RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > .h
> > > create mode 100644
> > >
> RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > .c
> > >
> > > diff --git a/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > b/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > index 42fc0c299..fe5248b62 100644
> > > --- a/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > +++ b/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > @@ -20,6 +20,7 @@
> > > RedfishClientPkg/HiiToRedfishMemoryDxe/HiiToRedfishMemoryDxe.inf
> > > RedfishClientPkg/HiiToRedfishBootDxe/HiiToRedfishBootDxe.inf
> > > RedfishClientPkg/HiiToRedfishBiosDxe/HiiToRedfishBiosDxe.inf
> > > +
> > >
> RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > .inf
> > > !endif
> > > #
> > > # Below two modules should be pulled in by build tool.
> > > diff --git
> > >
> a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > xe.in
> > > f
> > >
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > xe.in
> > > f
> > > new file mode 100644
> > > index 000000000..4073e95f4
> > > --- /dev/null
> > > +++
> > >
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > xe.in
> > > f
> > > @@ -0,0 +1,53 @@
> > > +## @file
> > > +# This driver deletes bootstrap account in BMC after BIOS Redfish
> > > +finished # all jobs # # (C) Copyright 2021 Hewlett Packard
> > > +Enterprise Development LP<BR> # Copyright (c) 2023, NVIDIA
> > > +CORPORATION & AFFILIATES. All rights reserved.
> >
> >
> > Not sure if you want to update the copyright to 2024.
> >
> >
> > > +#
> > > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ##
> > > +
> > > +[Defines]
> > > + INF_VERSION = 0x0001000b
> > > + BASE_NAME = RedfishBootstrapAccountDxe
> > > + FILE_GUID = 87555253-2F7E-45FC-B469-FD35B2E51210
> > > + MODULE_TYPE = DXE_DRIVER
> > > + VERSION_STRING = 1.0
> > > + ENTRY_POINT = RedfishBootstrapAccountEntryPoint
> > > + UNLOAD_IMAGE = RedfishBootstrapAccountUnload
> > > +
> > > +[Packages]
> > > + MdePkg/MdePkg.dec
> > > + MdeModulePkg/MdeModulePkg.dec
> > > + RedfishPkg/RedfishPkg.dec
> > > + RedfishClientPkg/RedfishClientPkg.dec
> > > +
> > > +[Sources]
> > > + RedfishBootstrapAccountDxe.h
> > > + RedfishBootstrapAccountDxe.c
> > > +
> > > +[LibraryClasses]
> > > + BaseLib
> > > + BaseMemoryLib
> > > + DebugLib
> > > + MemoryAllocationLib
> > > + PrintLib
> > > + RedfishEventLib
> > > + RedfishFeatureUtilityLib
> > > + RedfishDebugLib
> > > + RedfishVersionLib
> > > + RedfishHttpLib
> > > + UefiLib
> > > + UefiBootServicesTableLib
> > > + UefiRuntimeServicesTableLib
> > > + UefiDriverEntryPoint
> > > +
> > > +[Protocols]
> > > + gEdkIIRedfishConfigHandlerProtocolGuid ## CONSUMES ##
> > > + gEdkIIRedfishCredentialProtocolGuid ## CONSUMES ##
> > > + gEfiRestExProtocolGuid ## CONSUMES ##
> > > +
> > > +[Depex]
> > > + gEdkIIRedfishCredentialProtocolGuid
> > > diff --git
> > >
> a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > xe.h
> > >
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > xe.h
> > > new file mode 100644
> > > index 000000000..5262f1e6b
> > > --- /dev/null
> > > +++
> > >
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > xe.h
> > > @@ -0,0 +1,58 @@
> > > +/** @file
> > > + Common header file for RedfishBootstrapAccountDxe driver.
> > > +
> > > + (C) Copyright 2021-2022 Hewlett Packard Enterprise Development
> > > + LP<BR> Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All
> rights
> > reserved.
> > > +
> > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > +
> > > +**/
> > > +
> > > +#ifndef REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_ #define
> > > +REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_
> > > +
> > > +#include <Uefi.h>
> > > +#include <RedfishBase.h>
> > > +
> > > +//
> > > +// Libraries
> > > +//
> > > +#include <Library/BaseLib.h>
> > > +#include <Library/BaseMemoryLib.h>
> > > +#include <Library/DebugLib.h>
> > > +
> > > +#include <Library/MemoryAllocationLib.h> #include
> > > +<Library/PrintLib.h> #include <Library/RedfishEventLib.h> #include
> > > +<Library/RedfishFeatureUtilityLib.h>
> > > +#include <Library/RedfishDebugLib.h>
> > > +#include <Library/RedfishVersionLib.h> #include
> > > +<Library/RedfishHttpLib.h> #include
> > > +<Library/UefiBootServicesTableLib.h>
> > > +#include <Library/UefiDriverEntryPoint.h> #include
> > > +<Library/UefiLib.h> #include <Library/UefiRuntimeServicesTableLib.h>
> > > +
> > > +#include <Protocol/EdkIIRedfishConfigHandler.h>
> > > +#include <Protocol/EdkIIRedfishCredential.h>
> > > +#include <Protocol/RestEx.h>
> > > +
> > > +#define REDFISH_BOOTSTRAP_ACCOUNT_DEBUG DEBUG_VERBOSE
> > > +#define REDFISH_MANAGER_ACCOUNT_COLLECTION_URI
> > > L"AccountService/Accounts"
> > > +#define REDFISH_URI_LENGTH 128
> > > +
> > > +//
> > > +// Definitions of REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE // typedef
> struct
> > > +{
> > > + EFI_HANDLE ImageHandle;
> > > + EFI_HANDLE RestExHandle;
> > > + REDFISH_SERVICE RedfishService;
> > > + EFI_EVENT RedfishEvent;
> > > + EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL Protocol;
> > > +} REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE;
> > > +
> > > +#define
> REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL(This) \
> > > + BASE_CR ((This), REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE,
> > > +Protocol)
> > > +
> > > +#endif
> > > diff --git
> > >
> a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > xe.c
> > >
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > xe.c
> > > new file mode 100644
> > > index 000000000..6fe4856f8
> > > --- /dev/null
> > > +++
> > >
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > xe.c
> > > @@ -0,0 +1,328 @@
> > > +/** @file
> > > + This driver deletes bootstrap account in BMC after BIOS Redfish
> > > +finished
> > > + all jobs.
> > > +
> > > + (C) Copyright 2021-2022 Hewlett Packard Enterprise Development
> > > + LP<BR> Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All
> rights
> > reserved.
> > > +
> > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > +
> > > +**/
> > > +
> > > +#include "RedfishBootstrapAccountDxe.h"
> > > +
> > > +REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *mBootstrapPrivate = NULL;
> > > +
> > > +/**
> > > + Close Redfish service instance by calling RestEx protocol to release
> instance.
> > > +
> > > + @param[in] RestExHandle Handle of RestEx protocol.
> > > +
> > > + @retval EFI_SUCCESS The Redfish service is closed successfully.
> > > + @retval EFI_INVALID_PARAMETER RestExHandle is NULL.
> > > + @retval Others Error occurs.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +CloseRedfishService (
> > > + IN EFI_HANDLE RestExHandle
> > > + )
> > > +{
> > > + EFI_REST_EX_PROTOCOL *RestEx;
> > > + EFI_STATUS Status;
> > > +
> > > + if (RestExHandle == NULL) {
> > > + return EFI_INVALID_PARAMETER;
> > > + }
> > > +
> > > + Status = gBS->HandleProtocol (
> > > + RestExHandle,
> > > + &gEfiRestExProtocolGuid,
> > > + (VOID **)&RestEx
> > > + );
> > > + if (!EFI_ERROR (Status)) {
> > > + Status = RestEx->Configure (RestEx, NULL);
> > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: release RestEx
> > > instance: %r\n", __func__, Status));
> > > + }
> > > +
> > > + return Status;
> > > +}
> > > +
> > > +/**
> > > + Callback function executed when the AfterProvisioning event group
> > > +is
> > > signaled.
> > > +
> > > + @param[in] Event Event whose notification function is being invoked.
> > > + @param[out] Context Pointer to the Context buffer
> > > +
> > > +**/
> > > +VOID
> > > +EFIAPI
> > > +RedfishBootstrapAccountOnRedfishAfterProvisioning (
> > > + IN EFI_EVENT Event,
> > > + OUT VOID *Context
> > > + )
> > > +{
> > > + EFI_STATUS Status;
> > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > > + EDKII_REDFISH_CREDENTIAL_PROTOCOL *credentialProtocol;
> > > + EDKII_REDFISH_AUTH_METHOD AuthMethod;
> > > + CHAR8 *AccountName;
> > > + CHAR8 *AccountCredential;
> > > + CHAR16 TargetUri[REDFISH_URI_LENGTH];
> > > + CHAR16 *RedfishVersion;
> > > + REDFISH_RESPONSE RedfishResponse;
> > > +
> > > + RedfishVersion = NULL;
> > > +
> > > + Private = (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *)Context; if
> > > + ((Private == NULL) || (Private->RedfishService == NULL)) {
> > > + DEBUG ((DEBUG_ERROR, "%a: Redfish service is not available\n",
> > > __func__));
> > > + return;
> > > + }
> > > +
> > > + //
> > > + // Locate Redfish Credential Protocol to get credential for //
> > > + accessing to Redfish service.
> > > + //
> > > + Status = gBS->LocateProtocol (
> > > + &gEdkIIRedfishCredentialProtocolGuid,
> > > + NULL,
> > > + (VOID **)&credentialProtocol
> > > + );
> > > + if (EFI_ERROR (Status)) {
> > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: No Redfish
> > > Credential Protocol is installed on system.", __func__));
> > > + return;
> > > + }
> > > +
> > > + Status = credentialProtocol->GetAuthInfo (
> > > + credentialProtocol,
> > > + &AuthMethod,
> > > + &AccountName,
> > > + &AccountCredential
> > > + );
> >
> > HI Nickle, I am not quite understand why do we acquire a credential here but
> > delete it from the Redfish account service here after provision.
> > 1. We suppose acquire the credential before we start to communicate with
> > Redfish. Will Redfish credential driver create another bootstrap account here
> > after provisioning?
> > 2. And why do we delete the credential after provisioning? How about the
> later
> > Redfish property updating process?
> > Or do I misunderstand the code logic?
> >
> > Regards,
> > Abner
> >
> > > + if (EFI_ERROR (Status)) {
> > > + DEBUG ((DEBUG_ERROR, "%a: can not get bootstrap account
> information:
> > > %r\n", __func__, Status));
> > > + return;
> > > + }
> > > +
> > > + //
> > > + // Carving the URI
> > > + //
> > > + RedfishVersion = RedfishGetVersion (Private->RedfishService); if
> > > + (RedfishVersion == NULL) {
> > > + DEBUG ((DEBUG_ERROR, "%a: can not get Redfish version\n",
> __func__));
> > > + return;
> > > + }
> > > +
> > > + UnicodeSPrint (TargetUri, (sizeof (CHAR16) * REDFISH_URI_LENGTH),
> > > L"%s%s/%a", RedfishVersion,
> > REDFISH_MANAGER_ACCOUNT_COLLECTION_URI,
> > > AccountName);
> > > +
> > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap
> account:
> > > %a\n", __func__, AccountName));
> > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap
> > > credential: %a\n", __func__, AccountCredential));
> > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap URI:
> > > %s\n", __func__, TargetUri));
> > > +
> > > + //
> > > + // Remove bootstrap account at /redfish/v1/AccountService/Account
> > > + //
> > > + ZeroMem (&RedfishResponse, sizeof (REDFISH_RESPONSE)); Status =
> > > + RedfishHttpDeleteResource (
> > > + Private->RedfishService,
> > > + TargetUri,
> > > + &RedfishResponse
> > > + );
> > > + if (EFI_ERROR (Status)) {
> > > + DEBUG ((DEBUG_ERROR, "%a: can not remove bootstrap account at
> BMC:
> > > %r", __func__, Status));
> > > + DumpRedfishResponse (__func__, DEBUG_ERROR,
> &RedfishResponse); }
> > > + else {
> > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap
> > account:
> > > %a is removed from: %s\n", __func__, AccountName,
> > > REDFISH_MANAGER_ACCOUNT_COLLECTION_URI));
> > > + }
> > > +
> > > + //
> > > + // Clean credential
> > > + //
> > > + ZeroMem (AccountName, AsciiStrSize (AccountName)); ZeroMem
> > > + (AccountCredential, AsciiStrSize (AccountCredential));
> > > +
> > > + //
> > > + // Since the bootstrap account is deleted at BMC, the Redfish
> > > + service instance
> > > is no longer usable.
> > > + // Close Redfish service instance to release the HTTP connection
> > > + between
> > > BIOS and BMC.
> > > + //
> > > + Status = CloseRedfishService (Private->RestExHandle); if
> > > + (EFI_ERROR (Status)) {
> > > + DEBUG ((DEBUG_ERROR, "%a: cannot close Redfish service instance:
> > > + %r\n",
> > > __func__, Status));
> > > + }
> > > +
> > > + RedfishHttpFreeResponse (&RedfishResponse);
> > > +
> > > + return;
> > > +}
> > > +
> > > +/**
> > > + Initialize a Redfish configure handler.
> > > +
> > > + This function will be called by the Redfish config driver to
> > > + initialize each
> > > Redfish configure
> > > + handler.
> > > +
> > > + @param[in] This Pointer to
> > > EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
> > > + @param[in] RedfishConfigServiceInfo Redfish service informaiton.
> > > +
> > > + @retval EFI_SUCCESS The handler has been initialized
> successfully.
> > > + @retval EFI_DEVICE_ERROR Failed to create or configure the REST
> EX
> > > protocol instance.
> > > + @retval EFI_ALREADY_STARTED This handler has already been
> > > initialized.
> > > + @retval Other Error happens during the initialization.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +RedfishBootstrapAccountInit (
> > > + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This,
> > > + IN REDFISH_CONFIG_SERVICE_INFORMATION
> *RedfishConfigServiceInfo
> > > + )
> > > +{
> > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > > +
> > > + Private = REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL
> > > (This);
> > > +
> > > + Private->RedfishService = RedfishCreateService
> > > + (RedfishConfigServiceInfo); if (Private->RedfishService == NULL) {
> > > + return EFI_DEVICE_ERROR;
> > > + }
> > > +
> > > + Private->RestExHandle = RedfishConfigServiceInfo-
> > > >RedfishServiceRestExHandle;
> > > +
> > > + return EFI_SUCCESS;
> > > +}
> > > +
> > > +/**
> > > + Stop a Redfish configure handler.
> > > +
> > > + @param[in] This Pointer to
> > > EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
> > > +
> > > + @retval EFI_SUCCESS This handler has been stoped successfully.
> > > + @retval Others Some error happened.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +RedfishBootstrapAccountStop (
> > > + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This
> > > + )
> > > +{
> > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > > +
> > > + Private = REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL
> > > (This);
> > > +
> > > + if (Private->RedfishService != NULL) {
> > > + RedfishCleanupService (Private->RedfishService);
> > > + Private->RedfishService = NULL;
> > > + }
> > > +
> > > + return EFI_SUCCESS;
> > > +}
> > > +
> > > +EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL mRedfishConfigHandler =
> {
> > > + RedfishBootstrapAccountInit,
> > > + RedfishBootstrapAccountStop
> > > +};
> > > +
> > > +/**
> > > + Unloads an image.
> > > +
> > > + @param[in] ImageHandle Handle that identifies the image to be
> > > unloaded.
> > > +
> > > + @retval EFI_SUCCESS The image has been unloaded.
> > > + @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image
> handle.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +RedfishBootstrapAccountUnload (
> > > + IN EFI_HANDLE ImageHandle
> > > + )
> > > +{
> > > + EFI_STATUS Status;
> > > +
> > > + if (mBootstrapPrivate == NULL) {
> > > + return EFI_SUCCESS;
> > > + }
> > > +
> > > + if (mBootstrapPrivate->RedfishEvent != NULL) {
> > > + gBS->CloseEvent (mBootstrapPrivate->RedfishEvent);
> > > + }
> > > +
> > > + Status = gBS->UninstallProtocolInterface (
> > > + mBootstrapPrivate->ImageHandle,
> > > + &gEdkIIRedfishConfigHandlerProtocolGuid,
> > > + (VOID *)&mBootstrapPrivate->Protocol
> > > + );
> > > + if (EFI_ERROR (Status)) {
> > > + DEBUG ((DEBUG_ERROR, "%a: can not uninstall Redfish config
> > > + handler
> > > protocol: %r\n", __func__, Status));
> > > + }
> > > +
> > > + FreePool (mBootstrapPrivate);
> > > + mBootstrapPrivate = NULL;
> > > +
> > > + return EFI_SUCCESS;
> > > +}
> > > +
> > > +/**
> > > + This is the declaration of an EFI image entry point. This entry
> > > +point is
> > > + the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers
> > > +including
> > > + both device drivers and bus drivers.
> > > +
> > > + @param[in] ImageHandle The firmware allocated handle for the UEFI
> > > image.
> > > + @param[in] SystemTable A pointer to the EFI System Table.
> > > +
> > > + @retval EFI_SUCCESS The operation completed successfully.
> > > + @retval Others An unexpected error occurred.
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +RedfishBootstrapAccountEntryPoint (
> > > + IN EFI_HANDLE ImageHandle,
> > > + IN EFI_SYSTEM_TABLE *SystemTable
> > > + )
> > > +{
> > > + EFI_STATUS Status;
> > > +
> > > + if (mBootstrapPrivate != NULL) {
> > > + return EFI_ALREADY_STARTED;
> > > + }
> > > +
> > > + mBootstrapPrivate = AllocateZeroPool (sizeof
> > > (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE));
> > > + if (mBootstrapPrivate == NULL) {
> > > + return EFI_OUT_OF_RESOURCES;
> > > + }
> > > +
> > > + CopyMem (&mBootstrapPrivate->Protocol, &mRedfishConfigHandler,
> > > + sizeof
> > > (EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL));
> > > + Status = gBS->InstallProtocolInterface (
> > > + &ImageHandle,
> > > + &gEdkIIRedfishConfigHandlerProtocolGuid,
> > > + EFI_NATIVE_INTERFACE,
> > > + &mBootstrapPrivate->Protocol
> > > + );
> > > + if (EFI_ERROR (Status)) {
> > > + DEBUG ((DEBUG_ERROR, "%a: can not install Redfish config handler
> > > protocol: %r\n", __func__, Status));
> > > + goto ON_ERROR;
> > > + }
> > > +
> > > + //
> > > + // Register after provisioning event to remove bootstrap account.
> > > + //
> > > + Status = CreateAfterProvisioningEvent (
> > > + RedfishBootstrapAccountOnRedfishAfterProvisioning,
> > > + (VOID *)mBootstrapPrivate,
> > > + &mBootstrapPrivate->RedfishEvent
> > > + );
> > > + if (EFI_ERROR (Status)) {
> > > + DEBUG ((DEBUG_ERROR, "%a: failed to register after-provisioning
> event:
> > > %r\n", __func__, Status));
> > > + goto ON_ERROR;
> > > + }
> > > +
> > > + return EFI_SUCCESS;
> > > +
> > > +ON_ERROR:
> > > +
> > > + RedfishBootstrapAccountUnload (ImageHandle);
> > > +
> > > + return Status;
> > > +}
> > > diff --git a/RedfishClientPkg/RedfishClient.fdf.inc
> > > b/RedfishClientPkg/RedfishClient.fdf.inc
> > > index 154f641b2..47e5093f2 100644
> > > --- a/RedfishClientPkg/RedfishClient.fdf.inc
> > > +++ b/RedfishClientPkg/RedfishClient.fdf.inc
> > > @@ -15,6 +15,7 @@
> > > INF RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.inf
> > > INF RedfishClientPkg/RedfishETagDxe/RedfishETagDxe.inf
> > > INF
> > >
> RedfishClientPkg/RedfishConfigLangMapDxe/RedfishConfigLangMapDxe.inf
> > > + INF
> > >
> >
> RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> .inf
> > > INF RedfishClientPkg/Features/Memory/V1_7_1/Dxe/MemoryDxe.inf
> > > INF
> > >
> RedfishClientPkg/Features/MemoryCollectionDxe/MemoryCollectionDxe.inf
> > > INF
> > >
> >
> RedfishClientPkg/Features/ComputerSystem/v1_5_0/Dxe/ComputerSystemD
> xe.
> > > i
> > > nf
> > > --
> > > 2.34.1
> >
> > -The information contained in this message may be confidential and
> proprietary
> > to American Megatrends (AMI). This communication is intended to be read
> only by
> > the individual or entity to whom it is addressed or by their designee. If the
> reader
> > of this message is not the intended recipient, you are on notice that any
> > distribution of this message, in any form, is strictly prohibited. Please
> promptly
> > notify the sender by reply e-mail or by telephone at 770-246-8600, and
> then
> > delete or destroy all copies of the transmission.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118129): https://edk2.groups.io/g/devel/message/118129
Mute This Topic: https://groups.io/mt/105596648/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg: introduce RedfishBootstrapAccountDxe
2024-04-23 7:42 ` Chang, Abner via groups.io
@ 2024-05-14 12:40 ` Nickle Wang via groups.io
2024-05-15 15:01 ` Igor Kulchytskyy via groups.io
0 siblings, 1 reply; 13+ messages in thread
From: Nickle Wang via groups.io @ 2024-05-14 12:40 UTC (permalink / raw)
To: devel@edk2.groups.io, abner.chang@amd.com, Igor Kulchytskyy; +Cc: Nick Ramirez
Hi Abner,
> Ok, then I don't have the problem with invoking GetAuthInfo again. However, I
> will suggest to add more description in GetAuthInfo function header, mention that
> we will keep the auth info in EFI variable until exist boot service.
> Also, give some more descriptions on the code you invoke to GetAuthInfo.
Thanks for your comment. I add descriptions to explain above before calling GetAuthInfo(). Version 2 path is here: https://edk2.groups.io/g/devel/message/118889
Regards,
Nickle
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Chang, Abner
> via groups.io
> Sent: Tuesday, April 23, 2024 3:42 PM
> To: Nickle Wang <nicklew@nvidia.com>; Igor Kulchytskyy <igork@ami.com>;
> devel@edk2.groups.io
> Cc: Nick Ramirez <nramirez@nvidia.com>
> Subject: Re: [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg:
> introduce RedfishBootstrapAccountDxe
>
> External email: Use caution opening links or attachments
>
>
> [AMD Official Use Only - General]
>
> > -----Original Message-----
> > From: Nickle Wang <nicklew@nvidia.com>
> > Sent: Tuesday, April 23, 2024 3:09 PM
> > To: Igor Kulchytskyy <igork@ami.com>; Chang, Abner
> > <Abner.Chang@amd.com>; devel@edk2.groups.io
> > Cc: Nick Ramirez <nramirez@nvidia.com>
> > Subject: RE: [EXTERNAL] RE: [edk2-redfish-client][PATCH] RedfishClientPkg:
> > introduce RedfishBootstrapAccountDxe
> >
> > [AMD Official Use Only - General]
> >
> > Caution: This message originated from an External Source. Use proper
> > caution when opening attachments, clicking links, or responding.
> >
> >
> > Hi Igor, Abner,
> >
> > Thanks for your review. Please allow me to answer your questions together.
> >
> > > 1. We suppose acquire the credential before we start to communicate
> > > with
> > Redfish. Will Redfish credential driver create another bootstrap
> > account here after provisioning?
> > No, according to the RedfishPlatformCredentialIpmiLib implementation,
> > Redfish credential driver requests credential from BMC and will keep
> > it for later use. So only one credential is requested for BIOS Redfish
> > feature drivers during POST time.
> Ok, then I don't have the problem with invoking GetAuthInfo again. However, I
> will suggest to add more description in GetAuthInfo function header, mention that
> we will keep the auth info in EFI variable until exist boot service.
> Also, give some more descriptions on the code you invoke to GetAuthInfo.
>
> >
> > > 2. And why do we delete the credential after provisioning? How about
> > > the
> > later Redfish property updating process?
> > In this driver, we listen to "AfterProvisioning" event. And this is
> > the event triggered after Redfish feature driver finish all jobs.
> > There is no feature driver which gets executed after this event. And
> > since we finished all Redfish operations, we remove this account on BMC.
> Then this makes sense to me now.
>
> >
> > > Why do we need to delete those credentials? According to spec BMC
> > > should
> > delete the bootstrap credentials automatically on host or service reset.
> > Yes, bootstrap credentials get deleted on host reset. In practice,
> > server in datacenter usually takes long time running under OS before it gets
> rebooted.
> > The bootstrap credentials are exposed to end user at
> > "/redfish/v1/AccountService/Accounts". I got report that there is
> > concern for end user to see this unused account.
> This sounds to me reasonable as we will give bootstrap credential a high privilege
> to update Redfish resource. Leave this information in Account service seems not a
> good idea.
>
> Thanks
> Abner
>
> >
> > So, I create this driver to allows us to remove bootstrap account at
> > BMC after we finish Redfish jobs. And this also release the BMC
> > account resource since this account won't be used for a long period of time.
> >
> > Regards,
> > Nickle
> >
> > > -----Original Message-----
> > > From: Igor Kulchytskyy <igork@ami.com>
> > > Sent: Monday, April 22, 2024 11:03 PM
> > > To: Chang, Abner <Abner.Chang@amd.com>; Nickle Wang
> > > <nicklew@nvidia.com>; devel@edk2.groups.io
> > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > Subject: RE: [EXTERNAL] RE: [edk2-redfish-client][PATCH] RedfishClientPkg:
> > > introduce RedfishBootstrapAccountDxe
> > >
> > > External email: Use caution opening links or attachments
> > >
> > >
> > > Hi Nickle and Abner,
> > > I also have the same question as Abner.
> > > Why do we need to delete those credentials?
> > > According to spec BMC should delete the bootstrap credentials
> > > automatically
> > on
> > > host or service reset.
> > > Thank you,
> > > Igor
> > >
> > > -----Original Message-----
> > > From: Chang, Abner <Abner.Chang@amd.com>
> > > Sent: Sunday, April 21, 2024 10:25 PM
> > > To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io
> > > Cc: Igor Kulchytskyy <igork@ami.com>; Nick Ramirez
> > <nramirez@nvidia.com>
> > > Subject: [EXTERNAL] RE: [edk2-redfish-client][PATCH] RedfishClientPkg:
> > > introduce RedfishBootstrapAccountDxe
> > >
> > >
> > > **CAUTION: The e-mail below is from an external source. Please
> > > exercise caution before opening attachments, clicking links, or
> > > following guidance.**
> > >
> > > [AMD Official Use Only - General]
> > >
> > > Hi Nickle,
> > > One comment and few questions,
> > >
> > > > -----Original Message-----
> > > > From: Nickle Wang <nicklew@nvidia.com>
> > > > Sent: Thursday, April 18, 2024 8:28 PM
> > > > To: devel@edk2.groups.io
> > > > Cc: Chang, Abner <Abner.Chang@amd.com>; Igor Kulchytskyy
> > > > <igork@ami.com>; Nick Ramirez <nramirez@nvidia.com>
> > > > Subject: [edk2-redfish-client][PATCH] RedfishClientPkg: introduce
> > > > RedfishBootstrapAccountDxe
> > > >
> > > > Caution: This message originated from an External Source. Use
> > > > proper caution when opening attachments, clicking links, or responding.
> > > >
> > > >
> > > > -Introduce RedfishBootstrapAccountDxe to delete bootstrap account
> > > > from /redfish/v1/AccountService/Accounts after BIOS finished all
> > > > Redfish jobs. The bootstrap account won't be available to other application.
> > > > So deleting bootstrap account helps to release resource at BMC.
> > > > - After bootstrap account is deleted at BMC, the Redfish service
> > > > instance is no longer usable. Close Redfish service instance to
> > > > release the HTTP connection between BIOS and BMC.
> > > >
> > > > Signed-off-by: Nickle Wang <nicklew@nvidia.com>
> > > > Cc: Abner Chang <abner.chang@amd.com>
> > > > Cc: Igor Kulchytskyy <igork@ami.com>
> > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > ---
> > > > .../RedfishClientComponents.dsc.inc | 1 +
> > > > .../RedfishBootstrapAccountDxe.inf | 53 +++
> > > > .../RedfishBootstrapAccountDxe.h | 58 ++++
> > > > .../RedfishBootstrapAccountDxe.c | 328 ++++++++++++++++++
> > > > RedfishClientPkg/RedfishClient.fdf.inc | 1 +
> > > > 5 files changed, 441 insertions(+) create mode 100644
> > > >
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > .inf
> > > > create mode 100644
> > > >
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > .h
> > > > create mode 100644
> > > >
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > .c
> > > >
> > > > diff --git a/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > b/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > index 42fc0c299..fe5248b62 100644
> > > > --- a/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > +++ b/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > @@ -20,6 +20,7 @@
> > > > RedfishClientPkg/HiiToRedfishMemoryDxe/HiiToRedfishMemoryDxe.inf
> > > > RedfishClientPkg/HiiToRedfishBootDxe/HiiToRedfishBootDxe.inf
> > > > RedfishClientPkg/HiiToRedfishBiosDxe/HiiToRedfishBiosDxe.inf
> > > > +
> > > >
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > .inf
> > > > !endif
> > > > #
> > > > # Below two modules should be pulled in by build tool.
> > > > diff --git
> > > >
> > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > xe.in
> > > > f
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > xe.in
> > > > f
> > > > new file mode 100644
> > > > index 000000000..4073e95f4
> > > > --- /dev/null
> > > > +++
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > xe.in
> > > > f
> > > > @@ -0,0 +1,53 @@
> > > > +## @file
> > > > +# This driver deletes bootstrap account in BMC after BIOS
> > > > +Redfish finished # all jobs # # (C) Copyright 2021 Hewlett
> > > > +Packard Enterprise Development LP<BR> # Copyright (c) 2023,
> > > > +NVIDIA CORPORATION & AFFILIATES. All rights reserved.
> > >
> > >
> > > Not sure if you want to update the copyright to 2024.
> > >
> > >
> > > > +#
> > > > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ##
> > > > +
> > > > +[Defines]
> > > > + INF_VERSION = 0x0001000b
> > > > + BASE_NAME = RedfishBootstrapAccountDxe
> > > > + FILE_GUID = 87555253-2F7E-45FC-B469-FD35B2E51210
> > > > + MODULE_TYPE = DXE_DRIVER
> > > > + VERSION_STRING = 1.0
> > > > + ENTRY_POINT = RedfishBootstrapAccountEntryPoint
> > > > + UNLOAD_IMAGE = RedfishBootstrapAccountUnload
> > > > +
> > > > +[Packages]
> > > > + MdePkg/MdePkg.dec
> > > > + MdeModulePkg/MdeModulePkg.dec
> > > > + RedfishPkg/RedfishPkg.dec
> > > > + RedfishClientPkg/RedfishClientPkg.dec
> > > > +
> > > > +[Sources]
> > > > + RedfishBootstrapAccountDxe.h
> > > > + RedfishBootstrapAccountDxe.c
> > > > +
> > > > +[LibraryClasses]
> > > > + BaseLib
> > > > + BaseMemoryLib
> > > > + DebugLib
> > > > + MemoryAllocationLib
> > > > + PrintLib
> > > > + RedfishEventLib
> > > > + RedfishFeatureUtilityLib
> > > > + RedfishDebugLib
> > > > + RedfishVersionLib
> > > > + RedfishHttpLib
> > > > + UefiLib
> > > > + UefiBootServicesTableLib
> > > > + UefiRuntimeServicesTableLib
> > > > + UefiDriverEntryPoint
> > > > +
> > > > +[Protocols]
> > > > + gEdkIIRedfishConfigHandlerProtocolGuid ## CONSUMES ##
> > > > + gEdkIIRedfishCredentialProtocolGuid ## CONSUMES ##
> > > > + gEfiRestExProtocolGuid ## CONSUMES ##
> > > > +
> > > > +[Depex]
> > > > + gEdkIIRedfishCredentialProtocolGuid
> > > > diff --git
> > > >
> > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > xe.h
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > xe.h
> > > > new file mode 100644
> > > > index 000000000..5262f1e6b
> > > > --- /dev/null
> > > > +++
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > xe.h
> > > > @@ -0,0 +1,58 @@
> > > > +/** @file
> > > > + Common header file for RedfishBootstrapAccountDxe driver.
> > > > +
> > > > + (C) Copyright 2021-2022 Hewlett Packard Enterprise Development
> > > > + LP<BR> Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All
> > rights
> > > reserved.
> > > > +
> > > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > +
> > > > +**/
> > > > +
> > > > +#ifndef REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_ #define
> > > > +REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_
> > > > +
> > > > +#include <Uefi.h>
> > > > +#include <RedfishBase.h>
> > > > +
> > > > +//
> > > > +// Libraries
> > > > +//
> > > > +#include <Library/BaseLib.h>
> > > > +#include <Library/BaseMemoryLib.h> #include <Library/DebugLib.h>
> > > > +
> > > > +#include <Library/MemoryAllocationLib.h> #include
> > > > +<Library/PrintLib.h> #include <Library/RedfishEventLib.h>
> > > > +#include <Library/RedfishFeatureUtilityLib.h>
> > > > +#include <Library/RedfishDebugLib.h> #include
> > > > +<Library/RedfishVersionLib.h> #include <Library/RedfishHttpLib.h>
> > > > +#include <Library/UefiBootServicesTableLib.h>
> > > > +#include <Library/UefiDriverEntryPoint.h> #include
> > > > +<Library/UefiLib.h> #include
> > > > +<Library/UefiRuntimeServicesTableLib.h>
> > > > +
> > > > +#include <Protocol/EdkIIRedfishConfigHandler.h>
> > > > +#include <Protocol/EdkIIRedfishCredential.h>
> > > > +#include <Protocol/RestEx.h>
> > > > +
> > > > +#define REDFISH_BOOTSTRAP_ACCOUNT_DEBUG DEBUG_VERBOSE
> > > > +#define REDFISH_MANAGER_ACCOUNT_COLLECTION_URI
> > > > L"AccountService/Accounts"
> > > > +#define REDFISH_URI_LENGTH 128
> > > > +
> > > > +//
> > > > +// Definitions of REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE // typedef
> > struct
> > > > +{
> > > > + EFI_HANDLE ImageHandle;
> > > > + EFI_HANDLE RestExHandle;
> > > > + REDFISH_SERVICE RedfishService;
> > > > + EFI_EVENT RedfishEvent;
> > > > + EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL Protocol;
> > > > +} REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE;
> > > > +
> > > > +#define
> > REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL(This) \
> > > > + BASE_CR ((This), REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE,
> > > > +Protocol)
> > > > +
> > > > +#endif
> > > > diff --git
> > > >
> > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > xe.c
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > xe.c
> > > > new file mode 100644
> > > > index 000000000..6fe4856f8
> > > > --- /dev/null
> > > > +++
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > xe.c
> > > > @@ -0,0 +1,328 @@
> > > > +/** @file
> > > > + This driver deletes bootstrap account in BMC after BIOS Redfish
> > > > +finished
> > > > + all jobs.
> > > > +
> > > > + (C) Copyright 2021-2022 Hewlett Packard Enterprise Development
> > > > + LP<BR> Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All
> > rights
> > > reserved.
> > > > +
> > > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > +
> > > > +**/
> > > > +
> > > > +#include "RedfishBootstrapAccountDxe.h"
> > > > +
> > > > +REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *mBootstrapPrivate = NULL;
> > > > +
> > > > +/**
> > > > + Close Redfish service instance by calling RestEx protocol to
> > > > +release
> > instance.
> > > > +
> > > > + @param[in] RestExHandle Handle of RestEx protocol.
> > > > +
> > > > + @retval EFI_SUCCESS The Redfish service is closed successfully.
> > > > + @retval EFI_INVALID_PARAMETER RestExHandle is NULL.
> > > > + @retval Others Error occurs.
> > > > +
> > > > +**/
> > > > +EFI_STATUS
> > > > +CloseRedfishService (
> > > > + IN EFI_HANDLE RestExHandle
> > > > + )
> > > > +{
> > > > + EFI_REST_EX_PROTOCOL *RestEx;
> > > > + EFI_STATUS Status;
> > > > +
> > > > + if (RestExHandle == NULL) {
> > > > + return EFI_INVALID_PARAMETER; }
> > > > +
> > > > + Status = gBS->HandleProtocol (
> > > > + RestExHandle,
> > > > + &gEfiRestExProtocolGuid,
> > > > + (VOID **)&RestEx
> > > > + );
> > > > + if (!EFI_ERROR (Status)) {
> > > > + Status = RestEx->Configure (RestEx, NULL);
> > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: release RestEx
> > > > instance: %r\n", __func__, Status));
> > > > + }
> > > > +
> > > > + return Status;
> > > > +}
> > > > +
> > > > +/**
> > > > + Callback function executed when the AfterProvisioning event
> > > > +group is
> > > > signaled.
> > > > +
> > > > + @param[in] Event Event whose notification function is being invoked.
> > > > + @param[out] Context Pointer to the Context buffer
> > > > +
> > > > +**/
> > > > +VOID
> > > > +EFIAPI
> > > > +RedfishBootstrapAccountOnRedfishAfterProvisioning (
> > > > + IN EFI_EVENT Event,
> > > > + OUT VOID *Context
> > > > + )
> > > > +{
> > > > + EFI_STATUS Status;
> > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > > > + EDKII_REDFISH_CREDENTIAL_PROTOCOL *credentialProtocol;
> > > > + EDKII_REDFISH_AUTH_METHOD AuthMethod;
> > > > + CHAR8 *AccountName;
> > > > + CHAR8 *AccountCredential;
> > > > + CHAR16 TargetUri[REDFISH_URI_LENGTH];
> > > > + CHAR16 *RedfishVersion;
> > > > + REDFISH_RESPONSE RedfishResponse;
> > > > +
> > > > + RedfishVersion = NULL;
> > > > +
> > > > + Private = (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *)Context; if
> > > > + ((Private == NULL) || (Private->RedfishService == NULL)) {
> > > > + DEBUG ((DEBUG_ERROR, "%a: Redfish service is not
> > > > + available\n",
> > > > __func__));
> > > > + return;
> > > > + }
> > > > +
> > > > + //
> > > > + // Locate Redfish Credential Protocol to get credential for //
> > > > + accessing to Redfish service.
> > > > + //
> > > > + Status = gBS->LocateProtocol (
> > > > + &gEdkIIRedfishCredentialProtocolGuid,
> > > > + NULL,
> > > > + (VOID **)&credentialProtocol
> > > > + );
> > > > + if (EFI_ERROR (Status)) {
> > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: No Redfish
> > > > Credential Protocol is installed on system.", __func__));
> > > > + return;
> > > > + }
> > > > +
> > > > + Status = credentialProtocol->GetAuthInfo (
> > > > + credentialProtocol,
> > > > + &AuthMethod,
> > > > + &AccountName,
> > > > + &AccountCredential
> > > > + );
> > >
> > > HI Nickle, I am not quite understand why do we acquire a credential
> > > here but delete it from the Redfish account service here after provision.
> > > 1. We suppose acquire the credential before we start to communicate
> > > with Redfish. Will Redfish credential driver create another
> > > bootstrap account here after provisioning?
> > > 2. And why do we delete the credential after provisioning? How about
> > > the
> > later
> > > Redfish property updating process?
> > > Or do I misunderstand the code logic?
> > >
> > > Regards,
> > > Abner
> > >
> > > > + if (EFI_ERROR (Status)) {
> > > > + DEBUG ((DEBUG_ERROR, "%a: can not get bootstrap account
> > information:
> > > > %r\n", __func__, Status));
> > > > + return;
> > > > + }
> > > > +
> > > > + //
> > > > + // Carving the URI
> > > > + //
> > > > + RedfishVersion = RedfishGetVersion (Private->RedfishService);
> > > > + if (RedfishVersion == NULL) {
> > > > + DEBUG ((DEBUG_ERROR, "%a: can not get Redfish version\n",
> > __func__));
> > > > + return;
> > > > + }
> > > > +
> > > > + UnicodeSPrint (TargetUri, (sizeof (CHAR16) *
> > > > + REDFISH_URI_LENGTH),
> > > > L"%s%s/%a", RedfishVersion,
> > > REDFISH_MANAGER_ACCOUNT_COLLECTION_URI,
> > > > AccountName);
> > > > +
> > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap
> > account:
> > > > %a\n", __func__, AccountName));
> > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap
> > > > credential: %a\n", __func__, AccountCredential));
> > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap URI:
> > > > %s\n", __func__, TargetUri));
> > > > +
> > > > + //
> > > > + // Remove bootstrap account at
> > > > + /redfish/v1/AccountService/Account
> > > > + //
> > > > + ZeroMem (&RedfishResponse, sizeof (REDFISH_RESPONSE)); Status
> > > > + = RedfishHttpDeleteResource (
> > > > + Private->RedfishService,
> > > > + TargetUri,
> > > > + &RedfishResponse
> > > > + );
> > > > + if (EFI_ERROR (Status)) {
> > > > + DEBUG ((DEBUG_ERROR, "%a: can not remove bootstrap account at
> > BMC:
> > > > %r", __func__, Status));
> > > > + DumpRedfishResponse (__func__, DEBUG_ERROR,
> > &RedfishResponse); }
> > > > + else {
> > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap
> > > account:
> > > > %a is removed from: %s\n", __func__, AccountName,
> > > > REDFISH_MANAGER_ACCOUNT_COLLECTION_URI));
> > > > + }
> > > > +
> > > > + //
> > > > + // Clean credential
> > > > + //
> > > > + ZeroMem (AccountName, AsciiStrSize (AccountName)); ZeroMem
> > > > + (AccountCredential, AsciiStrSize (AccountCredential));
> > > > +
> > > > + //
> > > > + // Since the bootstrap account is deleted at BMC, the Redfish
> > > > + service instance
> > > > is no longer usable.
> > > > + // Close Redfish service instance to release the HTTP
> > > > + connection between
> > > > BIOS and BMC.
> > > > + //
> > > > + Status = CloseRedfishService (Private->RestExHandle); if
> > > > + (EFI_ERROR (Status)) {
> > > > + DEBUG ((DEBUG_ERROR, "%a: cannot close Redfish service instance:
> > > > + %r\n",
> > > > __func__, Status));
> > > > + }
> > > > +
> > > > + RedfishHttpFreeResponse (&RedfishResponse);
> > > > +
> > > > + return;
> > > > +}
> > > > +
> > > > +/**
> > > > + Initialize a Redfish configure handler.
> > > > +
> > > > + This function will be called by the Redfish config driver to
> > > > + initialize each
> > > > Redfish configure
> > > > + handler.
> > > > +
> > > > + @param[in] This Pointer to
> > > > EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
> > > > + @param[in] RedfishConfigServiceInfo Redfish service informaiton.
> > > > +
> > > > + @retval EFI_SUCCESS The handler has been initialized
> > successfully.
> > > > + @retval EFI_DEVICE_ERROR Failed to create or configure the REST
> > EX
> > > > protocol instance.
> > > > + @retval EFI_ALREADY_STARTED This handler has already been
> > > > initialized.
> > > > + @retval Other Error happens during the initialization.
> > > > +
> > > > +**/
> > > > +EFI_STATUS
> > > > +EFIAPI
> > > > +RedfishBootstrapAccountInit (
> > > > + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This,
> > > > + IN REDFISH_CONFIG_SERVICE_INFORMATION
> > *RedfishConfigServiceInfo
> > > > + )
> > > > +{
> > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > > > +
> > > > + Private = REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL
> > > > (This);
> > > > +
> > > > + Private->RedfishService = RedfishCreateService
> > > > + (RedfishConfigServiceInfo); if (Private->RedfishService == NULL) {
> > > > + return EFI_DEVICE_ERROR;
> > > > + }
> > > > +
> > > > + Private->RestExHandle = RedfishConfigServiceInfo-
> > > > >RedfishServiceRestExHandle;
> > > > +
> > > > + return EFI_SUCCESS;
> > > > +}
> > > > +
> > > > +/**
> > > > + Stop a Redfish configure handler.
> > > > +
> > > > + @param[in] This Pointer to
> > > > EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
> > > > +
> > > > + @retval EFI_SUCCESS This handler has been stoped successfully.
> > > > + @retval Others Some error happened.
> > > > +
> > > > +**/
> > > > +EFI_STATUS
> > > > +EFIAPI
> > > > +RedfishBootstrapAccountStop (
> > > > + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This
> > > > + )
> > > > +{
> > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > > > +
> > > > + Private = REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL
> > > > (This);
> > > > +
> > > > + if (Private->RedfishService != NULL) {
> > > > + RedfishCleanupService (Private->RedfishService);
> > > > + Private->RedfishService = NULL; }
> > > > +
> > > > + return EFI_SUCCESS;
> > > > +}
> > > > +
> > > > +EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL mRedfishConfigHandler =
> > {
> > > > + RedfishBootstrapAccountInit,
> > > > + RedfishBootstrapAccountStop
> > > > +};
> > > > +
> > > > +/**
> > > > + Unloads an image.
> > > > +
> > > > + @param[in] ImageHandle Handle that identifies the image to be
> > > > unloaded.
> > > > +
> > > > + @retval EFI_SUCCESS The image has been unloaded.
> > > > + @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image
> > handle.
> > > > +
> > > > +**/
> > > > +EFI_STATUS
> > > > +EFIAPI
> > > > +RedfishBootstrapAccountUnload (
> > > > + IN EFI_HANDLE ImageHandle
> > > > + )
> > > > +{
> > > > + EFI_STATUS Status;
> > > > +
> > > > + if (mBootstrapPrivate == NULL) {
> > > > + return EFI_SUCCESS;
> > > > + }
> > > > +
> > > > + if (mBootstrapPrivate->RedfishEvent != NULL) {
> > > > + gBS->CloseEvent (mBootstrapPrivate->RedfishEvent);
> > > > + }
> > > > +
> > > > + Status = gBS->UninstallProtocolInterface (
> > > > + mBootstrapPrivate->ImageHandle,
> > > > + &gEdkIIRedfishConfigHandlerProtocolGuid,
> > > > + (VOID *)&mBootstrapPrivate->Protocol
> > > > + );
> > > > + if (EFI_ERROR (Status)) {
> > > > + DEBUG ((DEBUG_ERROR, "%a: can not uninstall Redfish config
> > > > + handler
> > > > protocol: %r\n", __func__, Status));
> > > > + }
> > > > +
> > > > + FreePool (mBootstrapPrivate);
> > > > + mBootstrapPrivate = NULL;
> > > > +
> > > > + return EFI_SUCCESS;
> > > > +}
> > > > +
> > > > +/**
> > > > + This is the declaration of an EFI image entry point. This entry
> > > > +point is
> > > > + the same for UEFI Applications, UEFI OS Loaders, and UEFI
> > > > +Drivers including
> > > > + both device drivers and bus drivers.
> > > > +
> > > > + @param[in] ImageHandle The firmware allocated handle for the UEFI
> > > > image.
> > > > + @param[in] SystemTable A pointer to the EFI System Table.
> > > > +
> > > > + @retval EFI_SUCCESS The operation completed successfully.
> > > > + @retval Others An unexpected error occurred.
> > > > +**/
> > > > +EFI_STATUS
> > > > +EFIAPI
> > > > +RedfishBootstrapAccountEntryPoint (
> > > > + IN EFI_HANDLE ImageHandle,
> > > > + IN EFI_SYSTEM_TABLE *SystemTable
> > > > + )
> > > > +{
> > > > + EFI_STATUS Status;
> > > > +
> > > > + if (mBootstrapPrivate != NULL) {
> > > > + return EFI_ALREADY_STARTED;
> > > > + }
> > > > +
> > > > + mBootstrapPrivate = AllocateZeroPool (sizeof
> > > > (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE));
> > > > + if (mBootstrapPrivate == NULL) {
> > > > + return EFI_OUT_OF_RESOURCES;
> > > > + }
> > > > +
> > > > + CopyMem (&mBootstrapPrivate->Protocol, &mRedfishConfigHandler,
> > > > + sizeof
> > > > (EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL));
> > > > + Status = gBS->InstallProtocolInterface (
> > > > + &ImageHandle,
> > > > + &gEdkIIRedfishConfigHandlerProtocolGuid,
> > > > + EFI_NATIVE_INTERFACE,
> > > > + &mBootstrapPrivate->Protocol
> > > > + );
> > > > + if (EFI_ERROR (Status)) {
> > > > + DEBUG ((DEBUG_ERROR, "%a: can not install Redfish config
> > > > + handler
> > > > protocol: %r\n", __func__, Status));
> > > > + goto ON_ERROR;
> > > > + }
> > > > +
> > > > + //
> > > > + // Register after provisioning event to remove bootstrap account.
> > > > + //
> > > > + Status = CreateAfterProvisioningEvent (
> > > > + RedfishBootstrapAccountOnRedfishAfterProvisioning,
> > > > + (VOID *)mBootstrapPrivate,
> > > > + &mBootstrapPrivate->RedfishEvent
> > > > + );
> > > > + if (EFI_ERROR (Status)) {
> > > > + DEBUG ((DEBUG_ERROR, "%a: failed to register
> > > > + after-provisioning
> > event:
> > > > %r\n", __func__, Status));
> > > > + goto ON_ERROR;
> > > > + }
> > > > +
> > > > + return EFI_SUCCESS;
> > > > +
> > > > +ON_ERROR:
> > > > +
> > > > + RedfishBootstrapAccountUnload (ImageHandle);
> > > > +
> > > > + return Status;
> > > > +}
> > > > diff --git a/RedfishClientPkg/RedfishClient.fdf.inc
> > > > b/RedfishClientPkg/RedfishClient.fdf.inc
> > > > index 154f641b2..47e5093f2 100644
> > > > --- a/RedfishClientPkg/RedfishClient.fdf.inc
> > > > +++ b/RedfishClientPkg/RedfishClient.fdf.inc
> > > > @@ -15,6 +15,7 @@
> > > > INF RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.inf
> > > > INF RedfishClientPkg/RedfishETagDxe/RedfishETagDxe.inf
> > > > INF
> > > >
> > RedfishClientPkg/RedfishConfigLangMapDxe/RedfishConfigLangMapDxe.inf
> > > > + INF
> > > >
> > >
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > .inf
> > > > INF RedfishClientPkg/Features/Memory/V1_7_1/Dxe/MemoryDxe.inf
> > > > INF
> > > >
> > RedfishClientPkg/Features/MemoryCollectionDxe/MemoryCollectionDxe.inf
> > > > INF
> > > >
> > >
> > RedfishClientPkg/Features/ComputerSystem/v1_5_0/Dxe/ComputerSystemD
> > xe.
> > > > i
> > > > nf
> > > > --
> > > > 2.34.1
> > >
> > > -The information contained in this message may be confidential and
> > proprietary
> > > to American Megatrends (AMI). This communication is intended to be
> > > read
> > only by
> > > the individual or entity to whom it is addressed or by their
> > > designee. If the
> > reader
> > > of this message is not the intended recipient, you are on notice
> > > that any distribution of this message, in any form, is strictly
> > > prohibited. Please
> > promptly
> > > notify the sender by reply e-mail or by telephone at 770-246-8600,
> > > and
> > then
> > > delete or destroy all copies of the transmission.
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118890): https://edk2.groups.io/g/devel/message/118890
Mute This Topic: https://groups.io/mt/105596648/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg: introduce RedfishBootstrapAccountDxe
2024-05-14 12:40 ` Nickle Wang via groups.io
@ 2024-05-15 15:01 ` Igor Kulchytskyy via groups.io
2024-05-16 1:05 ` Chang, Abner via groups.io
0 siblings, 1 reply; 13+ messages in thread
From: Igor Kulchytskyy via groups.io @ 2024-05-15 15:01 UTC (permalink / raw)
To: Nickle Wang, devel@edk2.groups.io, abner.chang@amd.com; +Cc: Nick Ramirez
Hi Nickle,
I have one more question to discuss regarding this driver.
We have a bootstrap account and creation of this account controlled by RedfishCredentialDxe driver in RedfishPkg.
But deletion of that bootstrap account is moved to RedfishClientPkg.
What if we have another Redfish Client or some customer service which uses RedfishPkg for the communication.
Architecturally it is allowed.
But then RedfishBootstrapAccountDxe module would delete account just based on the RedfishClientPkg needs.
Maybe we should consider moving RedfishBootstrapAccountDxe driver to RedfishPkg and have some register mechanism which will be used by interested drivers to notify that they finished their job and after that RedfishBootstrapAccountDxe driver would delete an account.
What do you think?
Thank you,
Igor
-----Original Message-----
From: Nickle Wang <nicklew@nvidia.com>
Sent: Tuesday, May 14, 2024 8:40 AM
To: devel@edk2.groups.io; abner.chang@amd.com; Igor Kulchytskyy <igork@ami.com>
Cc: Nick Ramirez <nramirez@nvidia.com>
Subject: [EXTERNAL] RE: [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg: introduce RedfishBootstrapAccountDxe
**CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.**
Hi Abner,
> Ok, then I don't have the problem with invoking GetAuthInfo again. However, I
> will suggest to add more description in GetAuthInfo function header, mention that
> we will keep the auth info in EFI variable until exist boot service.
> Also, give some more descriptions on the code you invoke to GetAuthInfo.
Thanks for your comment. I add descriptions to explain above before calling GetAuthInfo(). Version 2 path is here: https://edk2.groups.io/g/devel/message/118889
Regards,
Nickle
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Chang, Abner
> via groups.io
> Sent: Tuesday, April 23, 2024 3:42 PM
> To: Nickle Wang <nicklew@nvidia.com>; Igor Kulchytskyy <igork@ami.com>;
> devel@edk2.groups.io
> Cc: Nick Ramirez <nramirez@nvidia.com>
> Subject: Re: [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg:
> introduce RedfishBootstrapAccountDxe
>
> External email: Use caution opening links or attachments
>
>
> [AMD Official Use Only - General]
>
> > -----Original Message-----
> > From: Nickle Wang <nicklew@nvidia.com>
> > Sent: Tuesday, April 23, 2024 3:09 PM
> > To: Igor Kulchytskyy <igork@ami.com>; Chang, Abner
> > <Abner.Chang@amd.com>; devel@edk2.groups.io
> > Cc: Nick Ramirez <nramirez@nvidia.com>
> > Subject: RE: [EXTERNAL] RE: [edk2-redfish-client][PATCH] RedfishClientPkg:
> > introduce RedfishBootstrapAccountDxe
> >
> > [AMD Official Use Only - General]
> >
> > Caution: This message originated from an External Source. Use proper
> > caution when opening attachments, clicking links, or responding.
> >
> >
> > Hi Igor, Abner,
> >
> > Thanks for your review. Please allow me to answer your questions together.
> >
> > > 1. We suppose acquire the credential before we start to communicate
> > > with
> > Redfish. Will Redfish credential driver create another bootstrap
> > account here after provisioning?
> > No, according to the RedfishPlatformCredentialIpmiLib implementation,
> > Redfish credential driver requests credential from BMC and will keep
> > it for later use. So only one credential is requested for BIOS Redfish
> > feature drivers during POST time.
> Ok, then I don't have the problem with invoking GetAuthInfo again. However, I
> will suggest to add more description in GetAuthInfo function header, mention that
> we will keep the auth info in EFI variable until exist boot service.
> Also, give some more descriptions on the code you invoke to GetAuthInfo.
>
> >
> > > 2. And why do we delete the credential after provisioning? How about
> > > the
> > later Redfish property updating process?
> > In this driver, we listen to "AfterProvisioning" event. And this is
> > the event triggered after Redfish feature driver finish all jobs.
> > There is no feature driver which gets executed after this event. And
> > since we finished all Redfish operations, we remove this account on BMC.
> Then this makes sense to me now.
>
> >
> > > Why do we need to delete those credentials? According to spec BMC
> > > should
> > delete the bootstrap credentials automatically on host or service reset.
> > Yes, bootstrap credentials get deleted on host reset. In practice,
> > server in datacenter usually takes long time running under OS before it gets
> rebooted.
> > The bootstrap credentials are exposed to end user at
> > "/redfish/v1/AccountService/Accounts". I got report that there is
> > concern for end user to see this unused account.
> This sounds to me reasonable as we will give bootstrap credential a high privilege
> to update Redfish resource. Leave this information in Account service seems not a
> good idea.
>
> Thanks
> Abner
>
> >
> > So, I create this driver to allows us to remove bootstrap account at
> > BMC after we finish Redfish jobs. And this also release the BMC
> > account resource since this account won't be used for a long period of time.
> >
> > Regards,
> > Nickle
> >
> > > -----Original Message-----
> > > From: Igor Kulchytskyy <igork@ami.com>
> > > Sent: Monday, April 22, 2024 11:03 PM
> > > To: Chang, Abner <Abner.Chang@amd.com>; Nickle Wang
> > > <nicklew@nvidia.com>; devel@edk2.groups.io
> > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > Subject: RE: [EXTERNAL] RE: [edk2-redfish-client][PATCH] RedfishClientPkg:
> > > introduce RedfishBootstrapAccountDxe
> > >
> > > External email: Use caution opening links or attachments
> > >
> > >
> > > Hi Nickle and Abner,
> > > I also have the same question as Abner.
> > > Why do we need to delete those credentials?
> > > According to spec BMC should delete the bootstrap credentials
> > > automatically
> > on
> > > host or service reset.
> > > Thank you,
> > > Igor
> > >
> > > -----Original Message-----
> > > From: Chang, Abner <Abner.Chang@amd.com>
> > > Sent: Sunday, April 21, 2024 10:25 PM
> > > To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io
> > > Cc: Igor Kulchytskyy <igork@ami.com>; Nick Ramirez
> > <nramirez@nvidia.com>
> > > Subject: [EXTERNAL] RE: [edk2-redfish-client][PATCH] RedfishClientPkg:
> > > introduce RedfishBootstrapAccountDxe
> > >
> > >
> > > **CAUTION: The e-mail below is from an external source. Please
> > > exercise caution before opening attachments, clicking links, or
> > > following guidance.**
> > >
> > > [AMD Official Use Only - General]
> > >
> > > Hi Nickle,
> > > One comment and few questions,
> > >
> > > > -----Original Message-----
> > > > From: Nickle Wang <nicklew@nvidia.com>
> > > > Sent: Thursday, April 18, 2024 8:28 PM
> > > > To: devel@edk2.groups.io
> > > > Cc: Chang, Abner <Abner.Chang@amd.com>; Igor Kulchytskyy
> > > > <igork@ami.com>; Nick Ramirez <nramirez@nvidia.com>
> > > > Subject: [edk2-redfish-client][PATCH] RedfishClientPkg: introduce
> > > > RedfishBootstrapAccountDxe
> > > >
> > > > Caution: This message originated from an External Source. Use
> > > > proper caution when opening attachments, clicking links, or responding.
> > > >
> > > >
> > > > -Introduce RedfishBootstrapAccountDxe to delete bootstrap account
> > > > from /redfish/v1/AccountService/Accounts after BIOS finished all
> > > > Redfish jobs. The bootstrap account won't be available to other application.
> > > > So deleting bootstrap account helps to release resource at BMC.
> > > > - After bootstrap account is deleted at BMC, the Redfish service
> > > > instance is no longer usable. Close Redfish service instance to
> > > > release the HTTP connection between BIOS and BMC.
> > > >
> > > > Signed-off-by: Nickle Wang <nicklew@nvidia.com>
> > > > Cc: Abner Chang <abner.chang@amd.com>
> > > > Cc: Igor Kulchytskyy <igork@ami.com>
> > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > ---
> > > > .../RedfishClientComponents.dsc.inc | 1 +
> > > > .../RedfishBootstrapAccountDxe.inf | 53 +++
> > > > .../RedfishBootstrapAccountDxe.h | 58 ++++
> > > > .../RedfishBootstrapAccountDxe.c | 328 ++++++++++++++++++
> > > > RedfishClientPkg/RedfishClient.fdf.inc | 1 +
> > > > 5 files changed, 441 insertions(+) create mode 100644
> > > >
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > .inf
> > > > create mode 100644
> > > >
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > .h
> > > > create mode 100644
> > > >
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > .c
> > > >
> > > > diff --git a/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > b/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > index 42fc0c299..fe5248b62 100644
> > > > --- a/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > +++ b/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > @@ -20,6 +20,7 @@
> > > > RedfishClientPkg/HiiToRedfishMemoryDxe/HiiToRedfishMemoryDxe.inf
> > > > RedfishClientPkg/HiiToRedfishBootDxe/HiiToRedfishBootDxe.inf
> > > > RedfishClientPkg/HiiToRedfishBiosDxe/HiiToRedfishBiosDxe.inf
> > > > +
> > > >
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > .inf
> > > > !endif
> > > > #
> > > > # Below two modules should be pulled in by build tool.
> > > > diff --git
> > > >
> > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > xe.in
> > > > f
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > xe.in
> > > > f
> > > > new file mode 100644
> > > > index 000000000..4073e95f4
> > > > --- /dev/null
> > > > +++
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > xe.in
> > > > f
> > > > @@ -0,0 +1,53 @@
> > > > +## @file
> > > > +# This driver deletes bootstrap account in BMC after BIOS
> > > > +Redfish finished # all jobs # # (C) Copyright 2021 Hewlett
> > > > +Packard Enterprise Development LP<BR> # Copyright (c) 2023,
> > > > +NVIDIA CORPORATION & AFFILIATES. All rights reserved.
> > >
> > >
> > > Not sure if you want to update the copyright to 2024.
> > >
> > >
> > > > +#
> > > > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ##
> > > > +
> > > > +[Defines]
> > > > + INF_VERSION = 0x0001000b
> > > > + BASE_NAME = RedfishBootstrapAccountDxe
> > > > + FILE_GUID = 87555253-2F7E-45FC-B469-FD35B2E51210
> > > > + MODULE_TYPE = DXE_DRIVER
> > > > + VERSION_STRING = 1.0
> > > > + ENTRY_POINT = RedfishBootstrapAccountEntryPoint
> > > > + UNLOAD_IMAGE = RedfishBootstrapAccountUnload
> > > > +
> > > > +[Packages]
> > > > + MdePkg/MdePkg.dec
> > > > + MdeModulePkg/MdeModulePkg.dec
> > > > + RedfishPkg/RedfishPkg.dec
> > > > + RedfishClientPkg/RedfishClientPkg.dec
> > > > +
> > > > +[Sources]
> > > > + RedfishBootstrapAccountDxe.h
> > > > + RedfishBootstrapAccountDxe.c
> > > > +
> > > > +[LibraryClasses]
> > > > + BaseLib
> > > > + BaseMemoryLib
> > > > + DebugLib
> > > > + MemoryAllocationLib
> > > > + PrintLib
> > > > + RedfishEventLib
> > > > + RedfishFeatureUtilityLib
> > > > + RedfishDebugLib
> > > > + RedfishVersionLib
> > > > + RedfishHttpLib
> > > > + UefiLib
> > > > + UefiBootServicesTableLib
> > > > + UefiRuntimeServicesTableLib
> > > > + UefiDriverEntryPoint
> > > > +
> > > > +[Protocols]
> > > > + gEdkIIRedfishConfigHandlerProtocolGuid ## CONSUMES ##
> > > > + gEdkIIRedfishCredentialProtocolGuid ## CONSUMES ##
> > > > + gEfiRestExProtocolGuid ## CONSUMES ##
> > > > +
> > > > +[Depex]
> > > > + gEdkIIRedfishCredentialProtocolGuid
> > > > diff --git
> > > >
> > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > xe.h
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > xe.h
> > > > new file mode 100644
> > > > index 000000000..5262f1e6b
> > > > --- /dev/null
> > > > +++
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > xe.h
> > > > @@ -0,0 +1,58 @@
> > > > +/** @file
> > > > + Common header file for RedfishBootstrapAccountDxe driver.
> > > > +
> > > > + (C) Copyright 2021-2022 Hewlett Packard Enterprise Development
> > > > + LP<BR> Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All
> > rights
> > > reserved.
> > > > +
> > > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > +
> > > > +**/
> > > > +
> > > > +#ifndef REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_ #define
> > > > +REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_
> > > > +
> > > > +#include <Uefi.h>
> > > > +#include <RedfishBase.h>
> > > > +
> > > > +//
> > > > +// Libraries
> > > > +//
> > > > +#include <Library/BaseLib.h>
> > > > +#include <Library/BaseMemoryLib.h> #include <Library/DebugLib.h>
> > > > +
> > > > +#include <Library/MemoryAllocationLib.h> #include
> > > > +<Library/PrintLib.h> #include <Library/RedfishEventLib.h>
> > > > +#include <Library/RedfishFeatureUtilityLib.h>
> > > > +#include <Library/RedfishDebugLib.h> #include
> > > > +<Library/RedfishVersionLib.h> #include <Library/RedfishHttpLib.h>
> > > > +#include <Library/UefiBootServicesTableLib.h>
> > > > +#include <Library/UefiDriverEntryPoint.h> #include
> > > > +<Library/UefiLib.h> #include
> > > > +<Library/UefiRuntimeServicesTableLib.h>
> > > > +
> > > > +#include <Protocol/EdkIIRedfishConfigHandler.h>
> > > > +#include <Protocol/EdkIIRedfishCredential.h>
> > > > +#include <Protocol/RestEx.h>
> > > > +
> > > > +#define REDFISH_BOOTSTRAP_ACCOUNT_DEBUG DEBUG_VERBOSE
> > > > +#define REDFISH_MANAGER_ACCOUNT_COLLECTION_URI
> > > > L"AccountService/Accounts"
> > > > +#define REDFISH_URI_LENGTH 128
> > > > +
> > > > +//
> > > > +// Definitions of REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE // typedef
> > struct
> > > > +{
> > > > + EFI_HANDLE ImageHandle;
> > > > + EFI_HANDLE RestExHandle;
> > > > + REDFISH_SERVICE RedfishService;
> > > > + EFI_EVENT RedfishEvent;
> > > > + EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL Protocol;
> > > > +} REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE;
> > > > +
> > > > +#define
> > REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL(This) \
> > > > + BASE_CR ((This), REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE,
> > > > +Protocol)
> > > > +
> > > > +#endif
> > > > diff --git
> > > >
> > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > xe.c
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > xe.c
> > > > new file mode 100644
> > > > index 000000000..6fe4856f8
> > > > --- /dev/null
> > > > +++
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > xe.c
> > > > @@ -0,0 +1,328 @@
> > > > +/** @file
> > > > + This driver deletes bootstrap account in BMC after BIOS Redfish
> > > > +finished
> > > > + all jobs.
> > > > +
> > > > + (C) Copyright 2021-2022 Hewlett Packard Enterprise Development
> > > > + LP<BR> Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All
> > rights
> > > reserved.
> > > > +
> > > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > +
> > > > +**/
> > > > +
> > > > +#include "RedfishBootstrapAccountDxe.h"
> > > > +
> > > > +REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *mBootstrapPrivate = NULL;
> > > > +
> > > > +/**
> > > > + Close Redfish service instance by calling RestEx protocol to
> > > > +release
> > instance.
> > > > +
> > > > + @param[in] RestExHandle Handle of RestEx protocol.
> > > > +
> > > > + @retval EFI_SUCCESS The Redfish service is closed successfully.
> > > > + @retval EFI_INVALID_PARAMETER RestExHandle is NULL.
> > > > + @retval Others Error occurs.
> > > > +
> > > > +**/
> > > > +EFI_STATUS
> > > > +CloseRedfishService (
> > > > + IN EFI_HANDLE RestExHandle
> > > > + )
> > > > +{
> > > > + EFI_REST_EX_PROTOCOL *RestEx;
> > > > + EFI_STATUS Status;
> > > > +
> > > > + if (RestExHandle == NULL) {
> > > > + return EFI_INVALID_PARAMETER; }
> > > > +
> > > > + Status = gBS->HandleProtocol (
> > > > + RestExHandle,
> > > > + &gEfiRestExProtocolGuid,
> > > > + (VOID **)&RestEx
> > > > + );
> > > > + if (!EFI_ERROR (Status)) {
> > > > + Status = RestEx->Configure (RestEx, NULL);
> > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: release RestEx
> > > > instance: %r\n", __func__, Status));
> > > > + }
> > > > +
> > > > + return Status;
> > > > +}
> > > > +
> > > > +/**
> > > > + Callback function executed when the AfterProvisioning event
> > > > +group is
> > > > signaled.
> > > > +
> > > > + @param[in] Event Event whose notification function is being invoked.
> > > > + @param[out] Context Pointer to the Context buffer
> > > > +
> > > > +**/
> > > > +VOID
> > > > +EFIAPI
> > > > +RedfishBootstrapAccountOnRedfishAfterProvisioning (
> > > > + IN EFI_EVENT Event,
> > > > + OUT VOID *Context
> > > > + )
> > > > +{
> > > > + EFI_STATUS Status;
> > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > > > + EDKII_REDFISH_CREDENTIAL_PROTOCOL *credentialProtocol;
> > > > + EDKII_REDFISH_AUTH_METHOD AuthMethod;
> > > > + CHAR8 *AccountName;
> > > > + CHAR8 *AccountCredential;
> > > > + CHAR16 TargetUri[REDFISH_URI_LENGTH];
> > > > + CHAR16 *RedfishVersion;
> > > > + REDFISH_RESPONSE RedfishResponse;
> > > > +
> > > > + RedfishVersion = NULL;
> > > > +
> > > > + Private = (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *)Context; if
> > > > + ((Private == NULL) || (Private->RedfishService == NULL)) {
> > > > + DEBUG ((DEBUG_ERROR, "%a: Redfish service is not
> > > > + available\n",
> > > > __func__));
> > > > + return;
> > > > + }
> > > > +
> > > > + //
> > > > + // Locate Redfish Credential Protocol to get credential for //
> > > > + accessing to Redfish service.
> > > > + //
> > > > + Status = gBS->LocateProtocol (
> > > > + &gEdkIIRedfishCredentialProtocolGuid,
> > > > + NULL,
> > > > + (VOID **)&credentialProtocol
> > > > + );
> > > > + if (EFI_ERROR (Status)) {
> > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: No Redfish
> > > > Credential Protocol is installed on system.", __func__));
> > > > + return;
> > > > + }
> > > > +
> > > > + Status = credentialProtocol->GetAuthInfo (
> > > > + credentialProtocol,
> > > > + &AuthMethod,
> > > > + &AccountName,
> > > > + &AccountCredential
> > > > + );
> > >
> > > HI Nickle, I am not quite understand why do we acquire a credential
> > > here but delete it from the Redfish account service here after provision.
> > > 1. We suppose acquire the credential before we start to communicate
> > > with Redfish. Will Redfish credential driver create another
> > > bootstrap account here after provisioning?
> > > 2. And why do we delete the credential after provisioning? How about
> > > the
> > later
> > > Redfish property updating process?
> > > Or do I misunderstand the code logic?
> > >
> > > Regards,
> > > Abner
> > >
> > > > + if (EFI_ERROR (Status)) {
> > > > + DEBUG ((DEBUG_ERROR, "%a: can not get bootstrap account
> > information:
> > > > %r\n", __func__, Status));
> > > > + return;
> > > > + }
> > > > +
> > > > + //
> > > > + // Carving the URI
> > > > + //
> > > > + RedfishVersion = RedfishGetVersion (Private->RedfishService);
> > > > + if (RedfishVersion == NULL) {
> > > > + DEBUG ((DEBUG_ERROR, "%a: can not get Redfish version\n",
> > __func__));
> > > > + return;
> > > > + }
> > > > +
> > > > + UnicodeSPrint (TargetUri, (sizeof (CHAR16) *
> > > > + REDFISH_URI_LENGTH),
> > > > L"%s%s/%a", RedfishVersion,
> > > REDFISH_MANAGER_ACCOUNT_COLLECTION_URI,
> > > > AccountName);
> > > > +
> > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap
> > account:
> > > > %a\n", __func__, AccountName));
> > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap
> > > > credential: %a\n", __func__, AccountCredential));
> > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap URI:
> > > > %s\n", __func__, TargetUri));
> > > > +
> > > > + //
> > > > + // Remove bootstrap account at
> > > > + /redfish/v1/AccountService/Account
> > > > + //
> > > > + ZeroMem (&RedfishResponse, sizeof (REDFISH_RESPONSE)); Status
> > > > + = RedfishHttpDeleteResource (
> > > > + Private->RedfishService,
> > > > + TargetUri,
> > > > + &RedfishResponse
> > > > + );
> > > > + if (EFI_ERROR (Status)) {
> > > > + DEBUG ((DEBUG_ERROR, "%a: can not remove bootstrap account at
> > BMC:
> > > > %r", __func__, Status));
> > > > + DumpRedfishResponse (__func__, DEBUG_ERROR,
> > &RedfishResponse); }
> > > > + else {
> > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap
> > > account:
> > > > %a is removed from: %s\n", __func__, AccountName,
> > > > REDFISH_MANAGER_ACCOUNT_COLLECTION_URI));
> > > > + }
> > > > +
> > > > + //
> > > > + // Clean credential
> > > > + //
> > > > + ZeroMem (AccountName, AsciiStrSize (AccountName)); ZeroMem
> > > > + (AccountCredential, AsciiStrSize (AccountCredential));
> > > > +
> > > > + //
> > > > + // Since the bootstrap account is deleted at BMC, the Redfish
> > > > + service instance
> > > > is no longer usable.
> > > > + // Close Redfish service instance to release the HTTP
> > > > + connection between
> > > > BIOS and BMC.
> > > > + //
> > > > + Status = CloseRedfishService (Private->RestExHandle); if
> > > > + (EFI_ERROR (Status)) {
> > > > + DEBUG ((DEBUG_ERROR, "%a: cannot close Redfish service instance:
> > > > + %r\n",
> > > > __func__, Status));
> > > > + }
> > > > +
> > > > + RedfishHttpFreeResponse (&RedfishResponse);
> > > > +
> > > > + return;
> > > > +}
> > > > +
> > > > +/**
> > > > + Initialize a Redfish configure handler.
> > > > +
> > > > + This function will be called by the Redfish config driver to
> > > > + initialize each
> > > > Redfish configure
> > > > + handler.
> > > > +
> > > > + @param[in] This Pointer to
> > > > EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
> > > > + @param[in] RedfishConfigServiceInfo Redfish service informaiton.
> > > > +
> > > > + @retval EFI_SUCCESS The handler has been initialized
> > successfully.
> > > > + @retval EFI_DEVICE_ERROR Failed to create or configure the REST
> > EX
> > > > protocol instance.
> > > > + @retval EFI_ALREADY_STARTED This handler has already been
> > > > initialized.
> > > > + @retval Other Error happens during the initialization.
> > > > +
> > > > +**/
> > > > +EFI_STATUS
> > > > +EFIAPI
> > > > +RedfishBootstrapAccountInit (
> > > > + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This,
> > > > + IN REDFISH_CONFIG_SERVICE_INFORMATION
> > *RedfishConfigServiceInfo
> > > > + )
> > > > +{
> > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > > > +
> > > > + Private = REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL
> > > > (This);
> > > > +
> > > > + Private->RedfishService = RedfishCreateService
> > > > + (RedfishConfigServiceInfo); if (Private->RedfishService == NULL) {
> > > > + return EFI_DEVICE_ERROR;
> > > > + }
> > > > +
> > > > + Private->RestExHandle = RedfishConfigServiceInfo-
> > > > >RedfishServiceRestExHandle;
> > > > +
> > > > + return EFI_SUCCESS;
> > > > +}
> > > > +
> > > > +/**
> > > > + Stop a Redfish configure handler.
> > > > +
> > > > + @param[in] This Pointer to
> > > > EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
> > > > +
> > > > + @retval EFI_SUCCESS This handler has been stoped successfully.
> > > > + @retval Others Some error happened.
> > > > +
> > > > +**/
> > > > +EFI_STATUS
> > > > +EFIAPI
> > > > +RedfishBootstrapAccountStop (
> > > > + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This
> > > > + )
> > > > +{
> > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > > > +
> > > > + Private = REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL
> > > > (This);
> > > > +
> > > > + if (Private->RedfishService != NULL) {
> > > > + RedfishCleanupService (Private->RedfishService);
> > > > + Private->RedfishService = NULL; }
> > > > +
> > > > + return EFI_SUCCESS;
> > > > +}
> > > > +
> > > > +EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL mRedfishConfigHandler =
> > {
> > > > + RedfishBootstrapAccountInit,
> > > > + RedfishBootstrapAccountStop
> > > > +};
> > > > +
> > > > +/**
> > > > + Unloads an image.
> > > > +
> > > > + @param[in] ImageHandle Handle that identifies the image to be
> > > > unloaded.
> > > > +
> > > > + @retval EFI_SUCCESS The image has been unloaded.
> > > > + @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image
> > handle.
> > > > +
> > > > +**/
> > > > +EFI_STATUS
> > > > +EFIAPI
> > > > +RedfishBootstrapAccountUnload (
> > > > + IN EFI_HANDLE ImageHandle
> > > > + )
> > > > +{
> > > > + EFI_STATUS Status;
> > > > +
> > > > + if (mBootstrapPrivate == NULL) {
> > > > + return EFI_SUCCESS;
> > > > + }
> > > > +
> > > > + if (mBootstrapPrivate->RedfishEvent != NULL) {
> > > > + gBS->CloseEvent (mBootstrapPrivate->RedfishEvent);
> > > > + }
> > > > +
> > > > + Status = gBS->UninstallProtocolInterface (
> > > > + mBootstrapPrivate->ImageHandle,
> > > > + &gEdkIIRedfishConfigHandlerProtocolGuid,
> > > > + (VOID *)&mBootstrapPrivate->Protocol
> > > > + );
> > > > + if (EFI_ERROR (Status)) {
> > > > + DEBUG ((DEBUG_ERROR, "%a: can not uninstall Redfish config
> > > > + handler
> > > > protocol: %r\n", __func__, Status));
> > > > + }
> > > > +
> > > > + FreePool (mBootstrapPrivate);
> > > > + mBootstrapPrivate = NULL;
> > > > +
> > > > + return EFI_SUCCESS;
> > > > +}
> > > > +
> > > > +/**
> > > > + This is the declaration of an EFI image entry point. This entry
> > > > +point is
> > > > + the same for UEFI Applications, UEFI OS Loaders, and UEFI
> > > > +Drivers including
> > > > + both device drivers and bus drivers.
> > > > +
> > > > + @param[in] ImageHandle The firmware allocated handle for the UEFI
> > > > image.
> > > > + @param[in] SystemTable A pointer to the EFI System Table.
> > > > +
> > > > + @retval EFI_SUCCESS The operation completed successfully.
> > > > + @retval Others An unexpected error occurred.
> > > > +**/
> > > > +EFI_STATUS
> > > > +EFIAPI
> > > > +RedfishBootstrapAccountEntryPoint (
> > > > + IN EFI_HANDLE ImageHandle,
> > > > + IN EFI_SYSTEM_TABLE *SystemTable
> > > > + )
> > > > +{
> > > > + EFI_STATUS Status;
> > > > +
> > > > + if (mBootstrapPrivate != NULL) {
> > > > + return EFI_ALREADY_STARTED;
> > > > + }
> > > > +
> > > > + mBootstrapPrivate = AllocateZeroPool (sizeof
> > > > (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE));
> > > > + if (mBootstrapPrivate == NULL) {
> > > > + return EFI_OUT_OF_RESOURCES;
> > > > + }
> > > > +
> > > > + CopyMem (&mBootstrapPrivate->Protocol, &mRedfishConfigHandler,
> > > > + sizeof
> > > > (EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL));
> > > > + Status = gBS->InstallProtocolInterface (
> > > > + &ImageHandle,
> > > > + &gEdkIIRedfishConfigHandlerProtocolGuid,
> > > > + EFI_NATIVE_INTERFACE,
> > > > + &mBootstrapPrivate->Protocol
> > > > + );
> > > > + if (EFI_ERROR (Status)) {
> > > > + DEBUG ((DEBUG_ERROR, "%a: can not install Redfish config
> > > > + handler
> > > > protocol: %r\n", __func__, Status));
> > > > + goto ON_ERROR;
> > > > + }
> > > > +
> > > > + //
> > > > + // Register after provisioning event to remove bootstrap account.
> > > > + //
> > > > + Status = CreateAfterProvisioningEvent (
> > > > + RedfishBootstrapAccountOnRedfishAfterProvisioning,
> > > > + (VOID *)mBootstrapPrivate,
> > > > + &mBootstrapPrivate->RedfishEvent
> > > > + );
> > > > + if (EFI_ERROR (Status)) {
> > > > + DEBUG ((DEBUG_ERROR, "%a: failed to register
> > > > + after-provisioning
> > event:
> > > > %r\n", __func__, Status));
> > > > + goto ON_ERROR;
> > > > + }
> > > > +
> > > > + return EFI_SUCCESS;
> > > > +
> > > > +ON_ERROR:
> > > > +
> > > > + RedfishBootstrapAccountUnload (ImageHandle);
> > > > +
> > > > + return Status;
> > > > +}
> > > > diff --git a/RedfishClientPkg/RedfishClient.fdf.inc
> > > > b/RedfishClientPkg/RedfishClient.fdf.inc
> > > > index 154f641b2..47e5093f2 100644
> > > > --- a/RedfishClientPkg/RedfishClient.fdf.inc
> > > > +++ b/RedfishClientPkg/RedfishClient.fdf.inc
> > > > @@ -15,6 +15,7 @@
> > > > INF RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.inf
> > > > INF RedfishClientPkg/RedfishETagDxe/RedfishETagDxe.inf
> > > > INF
> > > >
> > RedfishClientPkg/RedfishConfigLangMapDxe/RedfishConfigLangMapDxe.inf
> > > > + INF
> > > >
> > >
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > .inf
> > > > INF RedfishClientPkg/Features/Memory/V1_7_1/Dxe/MemoryDxe.inf
> > > > INF
> > > >
> > RedfishClientPkg/Features/MemoryCollectionDxe/MemoryCollectionDxe.inf
> > > > INF
> > > >
> > >
> > RedfishClientPkg/Features/ComputerSystem/v1_5_0/Dxe/ComputerSystemD
> > xe.
> > > > i
> > > > nf
> > > > --
> > > > 2.34.1
> > >
> > > -The information contained in this message may be confidential and
> > proprietary
> > > to American Megatrends (AMI). This communication is intended to be
> > > read
> > only by
> > > the individual or entity to whom it is addressed or by their
> > > designee. If the
> > reader
> > > of this message is not the intended recipient, you are on notice
> > > that any distribution of this message, in any form, is strictly
> > > prohibited. Please
> > promptly
> > > notify the sender by reply e-mail or by telephone at 770-246-8600,
> > > and
> > then
> > > delete or destroy all copies of the transmission.
>
>
>
>
-The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118920): https://edk2.groups.io/g/devel/message/118920
Mute This Topic: https://groups.io/mt/105596648/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg: introduce RedfishBootstrapAccountDxe
2024-05-15 15:01 ` Igor Kulchytskyy via groups.io
@ 2024-05-16 1:05 ` Chang, Abner via groups.io
2024-05-16 1:37 ` Nickle Wang via groups.io
0 siblings, 1 reply; 13+ messages in thread
From: Chang, Abner via groups.io @ 2024-05-16 1:05 UTC (permalink / raw)
To: Igor Kulchytskyy, Nickle Wang, devel@edk2.groups.io; +Cc: Nick Ramirez
[AMD Official Use Only - General]
HI Igor,
This sounds to me reasonable to me. As you mentioned, RedfishPkg was designed to support multiple Redfish applications and RedfishClientPkg is just one of them. I think we can review the implementation of acquiring/deleting credential.
Thanks
Abner
> -----Original Message-----
> From: Igor Kulchytskyy <igork@ami.com>
> Sent: Wednesday, May 15, 2024 11:02 PM
> To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io; Chang, Abner
> <Abner.Chang@amd.com>
> Cc: Nick Ramirez <nramirez@nvidia.com>
> Subject: RE: [EXTERNAL] RE: [edk2-devel] [edk2-redfish-client][PATCH]
> RedfishClientPkg: introduce RedfishBootstrapAccountDxe
>
> [AMD Official Use Only - General]
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> Hi Nickle,
> I have one more question to discuss regarding this driver.
> We have a bootstrap account and creation of this account controlled by
> RedfishCredentialDxe driver in RedfishPkg.
> But deletion of that bootstrap account is moved to RedfishClientPkg.
> What if we have another Redfish Client or some customer service which uses
> RedfishPkg for the communication.
> Architecturally it is allowed.
> But then RedfishBootstrapAccountDxe module would delete account just
> based on the RedfishClientPkg needs.
> Maybe we should consider moving RedfishBootstrapAccountDxe driver to
> RedfishPkg and have some register mechanism which will be used by
> interested drivers to notify that they finished their job and after that
> RedfishBootstrapAccountDxe driver would delete an account.
> What do you think?
> Thank you,
> Igor
>
> -----Original Message-----
> From: Nickle Wang <nicklew@nvidia.com>
> Sent: Tuesday, May 14, 2024 8:40 AM
> To: devel@edk2.groups.io; abner.chang@amd.com; Igor Kulchytskyy
> <igork@ami.com>
> Cc: Nick Ramirez <nramirez@nvidia.com>
> Subject: [EXTERNAL] RE: [edk2-devel] [edk2-redfish-client][PATCH]
> RedfishClientPkg: introduce RedfishBootstrapAccountDxe
>
>
> **CAUTION: The e-mail below is from an external source. Please exercise
> caution before opening attachments, clicking links, or following guidance.**
>
> Hi Abner,
>
> > Ok, then I don't have the problem with invoking GetAuthInfo again.
> However, I
> > will suggest to add more description in GetAuthInfo function header,
> mention that
> > we will keep the auth info in EFI variable until exist boot service.
> > Also, give some more descriptions on the code you invoke to GetAuthInfo.
>
> Thanks for your comment. I add descriptions to explain above before calling
> GetAuthInfo(). Version 2 path is here:
> https://edk2.groups.io/g/devel/message/118889
>
> Regards,
> Nickle
>
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Chang,
> Abner
> > via groups.io
> > Sent: Tuesday, April 23, 2024 3:42 PM
> > To: Nickle Wang <nicklew@nvidia.com>; Igor Kulchytskyy <igork@ami.com>;
> > devel@edk2.groups.io
> > Cc: Nick Ramirez <nramirez@nvidia.com>
> > Subject: Re: [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg:
> > introduce RedfishBootstrapAccountDxe
> >
> > External email: Use caution opening links or attachments
> >
> >
> > [AMD Official Use Only - General]
> >
> > > -----Original Message-----
> > > From: Nickle Wang <nicklew@nvidia.com>
> > > Sent: Tuesday, April 23, 2024 3:09 PM
> > > To: Igor Kulchytskyy <igork@ami.com>; Chang, Abner
> > > <Abner.Chang@amd.com>; devel@edk2.groups.io
> > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > Subject: RE: [EXTERNAL] RE: [edk2-redfish-client][PATCH]
> RedfishClientPkg:
> > > introduce RedfishBootstrapAccountDxe
> > >
> > > [AMD Official Use Only - General]
> > >
> > > Caution: This message originated from an External Source. Use proper
> > > caution when opening attachments, clicking links, or responding.
> > >
> > >
> > > Hi Igor, Abner,
> > >
> > > Thanks for your review. Please allow me to answer your questions
> together.
> > >
> > > > 1. We suppose acquire the credential before we start to communicate
> > > > with
> > > Redfish. Will Redfish credential driver create another bootstrap
> > > account here after provisioning?
> > > No, according to the RedfishPlatformCredentialIpmiLib implementation,
> > > Redfish credential driver requests credential from BMC and will keep
> > > it for later use. So only one credential is requested for BIOS Redfish
> > > feature drivers during POST time.
> > Ok, then I don't have the problem with invoking GetAuthInfo again.
> However, I
> > will suggest to add more description in GetAuthInfo function header,
> mention that
> > we will keep the auth info in EFI variable until exist boot service.
> > Also, give some more descriptions on the code you invoke to GetAuthInfo.
> >
> > >
> > > > 2. And why do we delete the credential after provisioning? How about
> > > > the
> > > later Redfish property updating process?
> > > In this driver, we listen to "AfterProvisioning" event. And this is
> > > the event triggered after Redfish feature driver finish all jobs.
> > > There is no feature driver which gets executed after this event. And
> > > since we finished all Redfish operations, we remove this account on BMC.
> > Then this makes sense to me now.
> >
> > >
> > > > Why do we need to delete those credentials? According to spec BMC
> > > > should
> > > delete the bootstrap credentials automatically on host or service reset.
> > > Yes, bootstrap credentials get deleted on host reset. In practice,
> > > server in datacenter usually takes long time running under OS before it gets
> > rebooted.
> > > The bootstrap credentials are exposed to end user at
> > > "/redfish/v1/AccountService/Accounts". I got report that there is
> > > concern for end user to see this unused account.
> > This sounds to me reasonable as we will give bootstrap credential a high
> privilege
> > to update Redfish resource. Leave this information in Account service seems
> not a
> > good idea.
> >
> > Thanks
> > Abner
> >
> > >
> > > So, I create this driver to allows us to remove bootstrap account at
> > > BMC after we finish Redfish jobs. And this also release the BMC
> > > account resource since this account won't be used for a long period of
> time.
> > >
> > > Regards,
> > > Nickle
> > >
> > > > -----Original Message-----
> > > > From: Igor Kulchytskyy <igork@ami.com>
> > > > Sent: Monday, April 22, 2024 11:03 PM
> > > > To: Chang, Abner <Abner.Chang@amd.com>; Nickle Wang
> > > > <nicklew@nvidia.com>; devel@edk2.groups.io
> > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > Subject: RE: [EXTERNAL] RE: [edk2-redfish-client][PATCH]
> RedfishClientPkg:
> > > > introduce RedfishBootstrapAccountDxe
> > > >
> > > > External email: Use caution opening links or attachments
> > > >
> > > >
> > > > Hi Nickle and Abner,
> > > > I also have the same question as Abner.
> > > > Why do we need to delete those credentials?
> > > > According to spec BMC should delete the bootstrap credentials
> > > > automatically
> > > on
> > > > host or service reset.
> > > > Thank you,
> > > > Igor
> > > >
> > > > -----Original Message-----
> > > > From: Chang, Abner <Abner.Chang@amd.com>
> > > > Sent: Sunday, April 21, 2024 10:25 PM
> > > > To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io
> > > > Cc: Igor Kulchytskyy <igork@ami.com>; Nick Ramirez
> > > <nramirez@nvidia.com>
> > > > Subject: [EXTERNAL] RE: [edk2-redfish-client][PATCH] RedfishClientPkg:
> > > > introduce RedfishBootstrapAccountDxe
> > > >
> > > >
> > > > **CAUTION: The e-mail below is from an external source. Please
> > > > exercise caution before opening attachments, clicking links, or
> > > > following guidance.**
> > > >
> > > > [AMD Official Use Only - General]
> > > >
> > > > Hi Nickle,
> > > > One comment and few questions,
> > > >
> > > > > -----Original Message-----
> > > > > From: Nickle Wang <nicklew@nvidia.com>
> > > > > Sent: Thursday, April 18, 2024 8:28 PM
> > > > > To: devel@edk2.groups.io
> > > > > Cc: Chang, Abner <Abner.Chang@amd.com>; Igor Kulchytskyy
> > > > > <igork@ami.com>; Nick Ramirez <nramirez@nvidia.com>
> > > > > Subject: [edk2-redfish-client][PATCH] RedfishClientPkg: introduce
> > > > > RedfishBootstrapAccountDxe
> > > > >
> > > > > Caution: This message originated from an External Source. Use
> > > > > proper caution when opening attachments, clicking links, or
> responding.
> > > > >
> > > > >
> > > > > -Introduce RedfishBootstrapAccountDxe to delete bootstrap account
> > > > > from /redfish/v1/AccountService/Accounts after BIOS finished all
> > > > > Redfish jobs. The bootstrap account won't be available to other
> application.
> > > > > So deleting bootstrap account helps to release resource at BMC.
> > > > > - After bootstrap account is deleted at BMC, the Redfish service
> > > > > instance is no longer usable. Close Redfish service instance to
> > > > > release the HTTP connection between BIOS and BMC.
> > > > >
> > > > > Signed-off-by: Nickle Wang <nicklew@nvidia.com>
> > > > > Cc: Abner Chang <abner.chang@amd.com>
> > > > > Cc: Igor Kulchytskyy <igork@ami.com>
> > > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > > ---
> > > > > .../RedfishClientComponents.dsc.inc | 1 +
> > > > > .../RedfishBootstrapAccountDxe.inf | 53 +++
> > > > > .../RedfishBootstrapAccountDxe.h | 58 ++++
> > > > > .../RedfishBootstrapAccountDxe.c | 328 ++++++++++++++++++
> > > > > RedfishClientPkg/RedfishClient.fdf.inc | 1 +
> > > > > 5 files changed, 441 insertions(+) create mode 100644
> > > > >
> > >
> RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > > .inf
> > > > > create mode 100644
> > > > >
> > >
> RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > > .h
> > > > > create mode 100644
> > > > >
> > >
> RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > > .c
> > > > >
> > > > > diff --git a/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > > b/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > > index 42fc0c299..fe5248b62 100644
> > > > > --- a/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > > +++ b/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > > @@ -20,6 +20,7 @@
> > > > >
> RedfishClientPkg/HiiToRedfishMemoryDxe/HiiToRedfishMemoryDxe.inf
> > > > > RedfishClientPkg/HiiToRedfishBootDxe/HiiToRedfishBootDxe.inf
> > > > > RedfishClientPkg/HiiToRedfishBiosDxe/HiiToRedfishBiosDxe.inf
> > > > > +
> > > > >
> > >
> RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > > .inf
> > > > > !endif
> > > > > #
> > > > > # Below two modules should be pulled in by build tool.
> > > > > diff --git
> > > > >
> > >
> a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > xe.in
> > > > > f
> > > > >
> > >
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > xe.in
> > > > > f
> > > > > new file mode 100644
> > > > > index 000000000..4073e95f4
> > > > > --- /dev/null
> > > > > +++
> > > > >
> > >
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > xe.in
> > > > > f
> > > > > @@ -0,0 +1,53 @@
> > > > > +## @file
> > > > > +# This driver deletes bootstrap account in BMC after BIOS
> > > > > +Redfish finished # all jobs # # (C) Copyright 2021 Hewlett
> > > > > +Packard Enterprise Development LP<BR> # Copyright (c) 2023,
> > > > > +NVIDIA CORPORATION & AFFILIATES. All rights reserved.
> > > >
> > > >
> > > > Not sure if you want to update the copyright to 2024.
> > > >
> > > >
> > > > > +#
> > > > > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ##
> > > > > +
> > > > > +[Defines]
> > > > > + INF_VERSION = 0x0001000b
> > > > > + BASE_NAME = RedfishBootstrapAccountDxe
> > > > > + FILE_GUID = 87555253-2F7E-45FC-B469-FD35B2E51210
> > > > > + MODULE_TYPE = DXE_DRIVER
> > > > > + VERSION_STRING = 1.0
> > > > > + ENTRY_POINT = RedfishBootstrapAccountEntryPoint
> > > > > + UNLOAD_IMAGE = RedfishBootstrapAccountUnload
> > > > > +
> > > > > +[Packages]
> > > > > + MdePkg/MdePkg.dec
> > > > > + MdeModulePkg/MdeModulePkg.dec
> > > > > + RedfishPkg/RedfishPkg.dec
> > > > > + RedfishClientPkg/RedfishClientPkg.dec
> > > > > +
> > > > > +[Sources]
> > > > > + RedfishBootstrapAccountDxe.h
> > > > > + RedfishBootstrapAccountDxe.c
> > > > > +
> > > > > +[LibraryClasses]
> > > > > + BaseLib
> > > > > + BaseMemoryLib
> > > > > + DebugLib
> > > > > + MemoryAllocationLib
> > > > > + PrintLib
> > > > > + RedfishEventLib
> > > > > + RedfishFeatureUtilityLib
> > > > > + RedfishDebugLib
> > > > > + RedfishVersionLib
> > > > > + RedfishHttpLib
> > > > > + UefiLib
> > > > > + UefiBootServicesTableLib
> > > > > + UefiRuntimeServicesTableLib
> > > > > + UefiDriverEntryPoint
> > > > > +
> > > > > +[Protocols]
> > > > > + gEdkIIRedfishConfigHandlerProtocolGuid ## CONSUMES ##
> > > > > + gEdkIIRedfishCredentialProtocolGuid ## CONSUMES ##
> > > > > + gEfiRestExProtocolGuid ## CONSUMES ##
> > > > > +
> > > > > +[Depex]
> > > > > + gEdkIIRedfishCredentialProtocolGuid
> > > > > diff --git
> > > > >
> > >
> a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > xe.h
> > > > >
> > >
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > xe.h
> > > > > new file mode 100644
> > > > > index 000000000..5262f1e6b
> > > > > --- /dev/null
> > > > > +++
> > > > >
> > >
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > xe.h
> > > > > @@ -0,0 +1,58 @@
> > > > > +/** @file
> > > > > + Common header file for RedfishBootstrapAccountDxe driver.
> > > > > +
> > > > > + (C) Copyright 2021-2022 Hewlett Packard Enterprise Development
> > > > > + LP<BR> Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All
> > > rights
> > > > reserved.
> > > > > +
> > > > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > > +
> > > > > +**/
> > > > > +
> > > > > +#ifndef REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_ #define
> > > > > +REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_
> > > > > +
> > > > > +#include <Uefi.h>
> > > > > +#include <RedfishBase.h>
> > > > > +
> > > > > +//
> > > > > +// Libraries
> > > > > +//
> > > > > +#include <Library/BaseLib.h>
> > > > > +#include <Library/BaseMemoryLib.h> #include <Library/DebugLib.h>
> > > > > +
> > > > > +#include <Library/MemoryAllocationLib.h> #include
> > > > > +<Library/PrintLib.h> #include <Library/RedfishEventLib.h>
> > > > > +#include <Library/RedfishFeatureUtilityLib.h>
> > > > > +#include <Library/RedfishDebugLib.h> #include
> > > > > +<Library/RedfishVersionLib.h> #include <Library/RedfishHttpLib.h>
> > > > > +#include <Library/UefiBootServicesTableLib.h>
> > > > > +#include <Library/UefiDriverEntryPoint.h> #include
> > > > > +<Library/UefiLib.h> #include
> > > > > +<Library/UefiRuntimeServicesTableLib.h>
> > > > > +
> > > > > +#include <Protocol/EdkIIRedfishConfigHandler.h>
> > > > > +#include <Protocol/EdkIIRedfishCredential.h>
> > > > > +#include <Protocol/RestEx.h>
> > > > > +
> > > > > +#define REDFISH_BOOTSTRAP_ACCOUNT_DEBUG
> DEBUG_VERBOSE
> > > > > +#define REDFISH_MANAGER_ACCOUNT_COLLECTION_URI
> > > > > L"AccountService/Accounts"
> > > > > +#define REDFISH_URI_LENGTH 128
> > > > > +
> > > > > +//
> > > > > +// Definitions of REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE // typedef
> > > struct
> > > > > +{
> > > > > + EFI_HANDLE ImageHandle;
> > > > > + EFI_HANDLE RestExHandle;
> > > > > + REDFISH_SERVICE RedfishService;
> > > > > + EFI_EVENT RedfishEvent;
> > > > > + EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL Protocol;
> > > > > +} REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE;
> > > > > +
> > > > > +#define
> > > REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL(This) \
> > > > > + BASE_CR ((This), REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE,
> > > > > +Protocol)
> > > > > +
> > > > > +#endif
> > > > > diff --git
> > > > >
> > >
> a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > xe.c
> > > > >
> > >
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > xe.c
> > > > > new file mode 100644
> > > > > index 000000000..6fe4856f8
> > > > > --- /dev/null
> > > > > +++
> > > > >
> > >
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > xe.c
> > > > > @@ -0,0 +1,328 @@
> > > > > +/** @file
> > > > > + This driver deletes bootstrap account in BMC after BIOS Redfish
> > > > > +finished
> > > > > + all jobs.
> > > > > +
> > > > > + (C) Copyright 2021-2022 Hewlett Packard Enterprise Development
> > > > > + LP<BR> Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All
> > > rights
> > > > reserved.
> > > > > +
> > > > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > > +
> > > > > +**/
> > > > > +
> > > > > +#include "RedfishBootstrapAccountDxe.h"
> > > > > +
> > > > > +REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *mBootstrapPrivate =
> NULL;
> > > > > +
> > > > > +/**
> > > > > + Close Redfish service instance by calling RestEx protocol to
> > > > > +release
> > > instance.
> > > > > +
> > > > > + @param[in] RestExHandle Handle of RestEx protocol.
> > > > > +
> > > > > + @retval EFI_SUCCESS The Redfish service is closed successfully.
> > > > > + @retval EFI_INVALID_PARAMETER RestExHandle is NULL.
> > > > > + @retval Others Error occurs.
> > > > > +
> > > > > +**/
> > > > > +EFI_STATUS
> > > > > +CloseRedfishService (
> > > > > + IN EFI_HANDLE RestExHandle
> > > > > + )
> > > > > +{
> > > > > + EFI_REST_EX_PROTOCOL *RestEx;
> > > > > + EFI_STATUS Status;
> > > > > +
> > > > > + if (RestExHandle == NULL) {
> > > > > + return EFI_INVALID_PARAMETER; }
> > > > > +
> > > > > + Status = gBS->HandleProtocol (
> > > > > + RestExHandle,
> > > > > + &gEfiRestExProtocolGuid,
> > > > > + (VOID **)&RestEx
> > > > > + );
> > > > > + if (!EFI_ERROR (Status)) {
> > > > > + Status = RestEx->Configure (RestEx, NULL);
> > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: release
> RestEx
> > > > > instance: %r\n", __func__, Status));
> > > > > + }
> > > > > +
> > > > > + return Status;
> > > > > +}
> > > > > +
> > > > > +/**
> > > > > + Callback function executed when the AfterProvisioning event
> > > > > +group is
> > > > > signaled.
> > > > > +
> > > > > + @param[in] Event Event whose notification function is being
> invoked.
> > > > > + @param[out] Context Pointer to the Context buffer
> > > > > +
> > > > > +**/
> > > > > +VOID
> > > > > +EFIAPI
> > > > > +RedfishBootstrapAccountOnRedfishAfterProvisioning (
> > > > > + IN EFI_EVENT Event,
> > > > > + OUT VOID *Context
> > > > > + )
> > > > > +{
> > > > > + EFI_STATUS Status;
> > > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > > > > + EDKII_REDFISH_CREDENTIAL_PROTOCOL *credentialProtocol;
> > > > > + EDKII_REDFISH_AUTH_METHOD AuthMethod;
> > > > > + CHAR8 *AccountName;
> > > > > + CHAR8 *AccountCredential;
> > > > > + CHAR16 TargetUri[REDFISH_URI_LENGTH];
> > > > > + CHAR16 *RedfishVersion;
> > > > > + REDFISH_RESPONSE RedfishResponse;
> > > > > +
> > > > > + RedfishVersion = NULL;
> > > > > +
> > > > > + Private = (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *)Context; if
> > > > > + ((Private == NULL) || (Private->RedfishService == NULL)) {
> > > > > + DEBUG ((DEBUG_ERROR, "%a: Redfish service is not
> > > > > + available\n",
> > > > > __func__));
> > > > > + return;
> > > > > + }
> > > > > +
> > > > > + //
> > > > > + // Locate Redfish Credential Protocol to get credential for //
> > > > > + accessing to Redfish service.
> > > > > + //
> > > > > + Status = gBS->LocateProtocol (
> > > > > + &gEdkIIRedfishCredentialProtocolGuid,
> > > > > + NULL,
> > > > > + (VOID **)&credentialProtocol
> > > > > + );
> > > > > + if (EFI_ERROR (Status)) {
> > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: No Redfish
> > > > > Credential Protocol is installed on system.", __func__));
> > > > > + return;
> > > > > + }
> > > > > +
> > > > > + Status = credentialProtocol->GetAuthInfo (
> > > > > + credentialProtocol,
> > > > > + &AuthMethod,
> > > > > + &AccountName,
> > > > > + &AccountCredential
> > > > > + );
> > > >
> > > > HI Nickle, I am not quite understand why do we acquire a credential
> > > > here but delete it from the Redfish account service here after provision.
> > > > 1. We suppose acquire the credential before we start to communicate
> > > > with Redfish. Will Redfish credential driver create another
> > > > bootstrap account here after provisioning?
> > > > 2. And why do we delete the credential after provisioning? How about
> > > > the
> > > later
> > > > Redfish property updating process?
> > > > Or do I misunderstand the code logic?
> > > >
> > > > Regards,
> > > > Abner
> > > >
> > > > > + if (EFI_ERROR (Status)) {
> > > > > + DEBUG ((DEBUG_ERROR, "%a: can not get bootstrap account
> > > information:
> > > > > %r\n", __func__, Status));
> > > > > + return;
> > > > > + }
> > > > > +
> > > > > + //
> > > > > + // Carving the URI
> > > > > + //
> > > > > + RedfishVersion = RedfishGetVersion (Private->RedfishService);
> > > > > + if (RedfishVersion == NULL) {
> > > > > + DEBUG ((DEBUG_ERROR, "%a: can not get Redfish version\n",
> > > __func__));
> > > > > + return;
> > > > > + }
> > > > > +
> > > > > + UnicodeSPrint (TargetUri, (sizeof (CHAR16) *
> > > > > + REDFISH_URI_LENGTH),
> > > > > L"%s%s/%a", RedfishVersion,
> > > > REDFISH_MANAGER_ACCOUNT_COLLECTION_URI,
> > > > > AccountName);
> > > > > +
> > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap
> > > account:
> > > > > %a\n", __func__, AccountName));
> > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap
> > > > > credential: %a\n", __func__, AccountCredential));
> > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap
> URI:
> > > > > %s\n", __func__, TargetUri));
> > > > > +
> > > > > + //
> > > > > + // Remove bootstrap account at
> > > > > + /redfish/v1/AccountService/Account
> > > > > + //
> > > > > + ZeroMem (&RedfishResponse, sizeof (REDFISH_RESPONSE)); Status
> > > > > + = RedfishHttpDeleteResource (
> > > > > + Private->RedfishService,
> > > > > + TargetUri,
> > > > > + &RedfishResponse
> > > > > + );
> > > > > + if (EFI_ERROR (Status)) {
> > > > > + DEBUG ((DEBUG_ERROR, "%a: can not remove bootstrap account at
> > > BMC:
> > > > > %r", __func__, Status));
> > > > > + DumpRedfishResponse (__func__, DEBUG_ERROR,
> > > &RedfishResponse); }
> > > > > + else {
> > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap
> > > > account:
> > > > > %a is removed from: %s\n", __func__, AccountName,
> > > > > REDFISH_MANAGER_ACCOUNT_COLLECTION_URI));
> > > > > + }
> > > > > +
> > > > > + //
> > > > > + // Clean credential
> > > > > + //
> > > > > + ZeroMem (AccountName, AsciiStrSize (AccountName)); ZeroMem
> > > > > + (AccountCredential, AsciiStrSize (AccountCredential));
> > > > > +
> > > > > + //
> > > > > + // Since the bootstrap account is deleted at BMC, the Redfish
> > > > > + service instance
> > > > > is no longer usable.
> > > > > + // Close Redfish service instance to release the HTTP
> > > > > + connection between
> > > > > BIOS and BMC.
> > > > > + //
> > > > > + Status = CloseRedfishService (Private->RestExHandle); if
> > > > > + (EFI_ERROR (Status)) {
> > > > > + DEBUG ((DEBUG_ERROR, "%a: cannot close Redfish service instance:
> > > > > + %r\n",
> > > > > __func__, Status));
> > > > > + }
> > > > > +
> > > > > + RedfishHttpFreeResponse (&RedfishResponse);
> > > > > +
> > > > > + return;
> > > > > +}
> > > > > +
> > > > > +/**
> > > > > + Initialize a Redfish configure handler.
> > > > > +
> > > > > + This function will be called by the Redfish config driver to
> > > > > + initialize each
> > > > > Redfish configure
> > > > > + handler.
> > > > > +
> > > > > + @param[in] This Pointer to
> > > > > EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
> > > > > + @param[in] RedfishConfigServiceInfo Redfish service informaiton.
> > > > > +
> > > > > + @retval EFI_SUCCESS The handler has been initialized
> > > successfully.
> > > > > + @retval EFI_DEVICE_ERROR Failed to create or configure the
> REST
> > > EX
> > > > > protocol instance.
> > > > > + @retval EFI_ALREADY_STARTED This handler has already been
> > > > > initialized.
> > > > > + @retval Other Error happens during the initialization.
> > > > > +
> > > > > +**/
> > > > > +EFI_STATUS
> > > > > +EFIAPI
> > > > > +RedfishBootstrapAccountInit (
> > > > > + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This,
> > > > > + IN REDFISH_CONFIG_SERVICE_INFORMATION
> > > *RedfishConfigServiceInfo
> > > > > + )
> > > > > +{
> > > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > > > > +
> > > > > + Private =
> REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL
> > > > > (This);
> > > > > +
> > > > > + Private->RedfishService = RedfishCreateService
> > > > > + (RedfishConfigServiceInfo); if (Private->RedfishService == NULL) {
> > > > > + return EFI_DEVICE_ERROR;
> > > > > + }
> > > > > +
> > > > > + Private->RestExHandle = RedfishConfigServiceInfo-
> > > > > >RedfishServiceRestExHandle;
> > > > > +
> > > > > + return EFI_SUCCESS;
> > > > > +}
> > > > > +
> > > > > +/**
> > > > > + Stop a Redfish configure handler.
> > > > > +
> > > > > + @param[in] This Pointer to
> > > > > EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
> > > > > +
> > > > > + @retval EFI_SUCCESS This handler has been stoped
> successfully.
> > > > > + @retval Others Some error happened.
> > > > > +
> > > > > +**/
> > > > > +EFI_STATUS
> > > > > +EFIAPI
> > > > > +RedfishBootstrapAccountStop (
> > > > > + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This
> > > > > + )
> > > > > +{
> > > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > > > > +
> > > > > + Private =
> REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL
> > > > > (This);
> > > > > +
> > > > > + if (Private->RedfishService != NULL) {
> > > > > + RedfishCleanupService (Private->RedfishService);
> > > > > + Private->RedfishService = NULL; }
> > > > > +
> > > > > + return EFI_SUCCESS;
> > > > > +}
> > > > > +
> > > > > +EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL
> mRedfishConfigHandler =
> > > {
> > > > > + RedfishBootstrapAccountInit,
> > > > > + RedfishBootstrapAccountStop
> > > > > +};
> > > > > +
> > > > > +/**
> > > > > + Unloads an image.
> > > > > +
> > > > > + @param[in] ImageHandle Handle that identifies the image to be
> > > > > unloaded.
> > > > > +
> > > > > + @retval EFI_SUCCESS The image has been unloaded.
> > > > > + @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image
> > > handle.
> > > > > +
> > > > > +**/
> > > > > +EFI_STATUS
> > > > > +EFIAPI
> > > > > +RedfishBootstrapAccountUnload (
> > > > > + IN EFI_HANDLE ImageHandle
> > > > > + )
> > > > > +{
> > > > > + EFI_STATUS Status;
> > > > > +
> > > > > + if (mBootstrapPrivate == NULL) {
> > > > > + return EFI_SUCCESS;
> > > > > + }
> > > > > +
> > > > > + if (mBootstrapPrivate->RedfishEvent != NULL) {
> > > > > + gBS->CloseEvent (mBootstrapPrivate->RedfishEvent);
> > > > > + }
> > > > > +
> > > > > + Status = gBS->UninstallProtocolInterface (
> > > > > + mBootstrapPrivate->ImageHandle,
> > > > > + &gEdkIIRedfishConfigHandlerProtocolGuid,
> > > > > + (VOID *)&mBootstrapPrivate->Protocol
> > > > > + );
> > > > > + if (EFI_ERROR (Status)) {
> > > > > + DEBUG ((DEBUG_ERROR, "%a: can not uninstall Redfish config
> > > > > + handler
> > > > > protocol: %r\n", __func__, Status));
> > > > > + }
> > > > > +
> > > > > + FreePool (mBootstrapPrivate);
> > > > > + mBootstrapPrivate = NULL;
> > > > > +
> > > > > + return EFI_SUCCESS;
> > > > > +}
> > > > > +
> > > > > +/**
> > > > > + This is the declaration of an EFI image entry point. This entry
> > > > > +point is
> > > > > + the same for UEFI Applications, UEFI OS Loaders, and UEFI
> > > > > +Drivers including
> > > > > + both device drivers and bus drivers.
> > > > > +
> > > > > + @param[in] ImageHandle The firmware allocated handle for the
> UEFI
> > > > > image.
> > > > > + @param[in] SystemTable A pointer to the EFI System Table.
> > > > > +
> > > > > + @retval EFI_SUCCESS The operation completed successfully.
> > > > > + @retval Others An unexpected error occurred.
> > > > > +**/
> > > > > +EFI_STATUS
> > > > > +EFIAPI
> > > > > +RedfishBootstrapAccountEntryPoint (
> > > > > + IN EFI_HANDLE ImageHandle,
> > > > > + IN EFI_SYSTEM_TABLE *SystemTable
> > > > > + )
> > > > > +{
> > > > > + EFI_STATUS Status;
> > > > > +
> > > > > + if (mBootstrapPrivate != NULL) {
> > > > > + return EFI_ALREADY_STARTED;
> > > > > + }
> > > > > +
> > > > > + mBootstrapPrivate = AllocateZeroPool (sizeof
> > > > > (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE));
> > > > > + if (mBootstrapPrivate == NULL) {
> > > > > + return EFI_OUT_OF_RESOURCES;
> > > > > + }
> > > > > +
> > > > > + CopyMem (&mBootstrapPrivate->Protocol,
> &mRedfishConfigHandler,
> > > > > + sizeof
> > > > > (EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL));
> > > > > + Status = gBS->InstallProtocolInterface (
> > > > > + &ImageHandle,
> > > > > + &gEdkIIRedfishConfigHandlerProtocolGuid,
> > > > > + EFI_NATIVE_INTERFACE,
> > > > > + &mBootstrapPrivate->Protocol
> > > > > + );
> > > > > + if (EFI_ERROR (Status)) {
> > > > > + DEBUG ((DEBUG_ERROR, "%a: can not install Redfish config
> > > > > + handler
> > > > > protocol: %r\n", __func__, Status));
> > > > > + goto ON_ERROR;
> > > > > + }
> > > > > +
> > > > > + //
> > > > > + // Register after provisioning event to remove bootstrap account.
> > > > > + //
> > > > > + Status = CreateAfterProvisioningEvent (
> > > > > + RedfishBootstrapAccountOnRedfishAfterProvisioning,
> > > > > + (VOID *)mBootstrapPrivate,
> > > > > + &mBootstrapPrivate->RedfishEvent
> > > > > + );
> > > > > + if (EFI_ERROR (Status)) {
> > > > > + DEBUG ((DEBUG_ERROR, "%a: failed to register
> > > > > + after-provisioning
> > > event:
> > > > > %r\n", __func__, Status));
> > > > > + goto ON_ERROR;
> > > > > + }
> > > > > +
> > > > > + return EFI_SUCCESS;
> > > > > +
> > > > > +ON_ERROR:
> > > > > +
> > > > > + RedfishBootstrapAccountUnload (ImageHandle);
> > > > > +
> > > > > + return Status;
> > > > > +}
> > > > > diff --git a/RedfishClientPkg/RedfishClient.fdf.inc
> > > > > b/RedfishClientPkg/RedfishClient.fdf.inc
> > > > > index 154f641b2..47e5093f2 100644
> > > > > --- a/RedfishClientPkg/RedfishClient.fdf.inc
> > > > > +++ b/RedfishClientPkg/RedfishClient.fdf.inc
> > > > > @@ -15,6 +15,7 @@
> > > > > INF
> RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.inf
> > > > > INF RedfishClientPkg/RedfishETagDxe/RedfishETagDxe.inf
> > > > > INF
> > > > >
> > >
> RedfishClientPkg/RedfishConfigLangMapDxe/RedfishConfigLangMapDxe.inf
> > > > > + INF
> > > > >
> > > >
> > >
> RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > .inf
> > > > > INF
> RedfishClientPkg/Features/Memory/V1_7_1/Dxe/MemoryDxe.inf
> > > > > INF
> > > > >
> > >
> RedfishClientPkg/Features/MemoryCollectionDxe/MemoryCollectionDxe.inf
> > > > > INF
> > > > >
> > > >
> > >
> RedfishClientPkg/Features/ComputerSystem/v1_5_0/Dxe/ComputerSystemD
> > > xe.
> > > > > i
> > > > > nf
> > > > > --
> > > > > 2.34.1
> > > >
> > > > -The information contained in this message may be confidential and
> > > proprietary
> > > > to American Megatrends (AMI). This communication is intended to be
> > > > read
> > > only by
> > > > the individual or entity to whom it is addressed or by their
> > > > designee. If the
> > > reader
> > > > of this message is not the intended recipient, you are on notice
> > > > that any distribution of this message, in any form, is strictly
> > > > prohibited. Please
> > > promptly
> > > > notify the sender by reply e-mail or by telephone at 770-246-8600,
> > > > and
> > > then
> > > > delete or destroy all copies of the transmission.
> >
> >
> >
> >
>
> -The information contained in this message may be confidential and
> proprietary to American Megatrends (AMI). This communication is intended
> to be read only by the individual or entity to whom it is addressed or by their
> designee. If the reader of this message is not the intended recipient, you are
> on notice that any distribution of this message, in any form, is strictly
> prohibited. Please promptly notify the sender by reply e-mail or by telephone
> at 770-246-8600, and then delete or destroy all copies of the transmission.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118936): https://edk2.groups.io/g/devel/message/118936
Mute This Topic: https://groups.io/mt/105596648/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg: introduce RedfishBootstrapAccountDxe
2024-05-16 1:05 ` Chang, Abner via groups.io
@ 2024-05-16 1:37 ` Nickle Wang via groups.io
2024-05-16 2:41 ` Chang, Abner via groups.io
0 siblings, 1 reply; 13+ messages in thread
From: Nickle Wang via groups.io @ 2024-05-16 1:37 UTC (permalink / raw)
To: Chang, Abner, Igor Kulchytskyy, devel@edk2.groups.io; +Cc: Nick Ramirez
Hi Igor, Abner,
> Maybe we should consider moving RedfishBootstrapAccountDxe driver to RedfishPkg and have some register mechanism which will be used by interested drivers to notify that they finished their job and after that RedfishBootstrapAccountDxe driver would delete an account.
You are saying the mechanism in runtime, right? In current design, RedfishFeatureCore driver will send "after provisioning" signal to notify this driver to delete bootstrapping account. This makes sure that all feature drivers are done with their jobs, so this driver is safe to delete bootstrapping account at BMC.
If we move it to RedfishPkg, there is no such centralized Redfish driver managing Redfish stuff. How does a particular driver know that there is no other driver running Redfish stuff after it? The way I can think of now is to rely on EDK2 ready-to-boot event as the signal to do the notification, since there is not supposed to have Redfish driver running jobs after this event...
Regards,
Nickle
> -----Original Message-----
> From: Chang, Abner <Abner.Chang@amd.com>
> Sent: Thursday, May 16, 2024 9:06 AM
> To: Igor Kulchytskyy <igork@ami.com>; Nickle Wang <nicklew@nvidia.com>;
> devel@edk2.groups.io
> Cc: Nick Ramirez <nramirez@nvidia.com>
> Subject: RE: [EXTERNAL] RE: [edk2-devel] [edk2-redfish-client][PATCH]
> RedfishClientPkg: introduce RedfishBootstrapAccountDxe
>
> External email: Use caution opening links or attachments
>
>
> [AMD Official Use Only - General]
>
> HI Igor,
> This sounds to me reasonable to me. As you mentioned, RedfishPkg was designed
> to support multiple Redfish applications and RedfishClientPkg is just one of them. I
> think we can review the implementation of acquiring/deleting credential.
>
> Thanks
> Abner
>
>
> > -----Original Message-----
> > From: Igor Kulchytskyy <igork@ami.com>
> > Sent: Wednesday, May 15, 2024 11:02 PM
> > To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io; Chang,
> > Abner <Abner.Chang@amd.com>
> > Cc: Nick Ramirez <nramirez@nvidia.com>
> > Subject: RE: [EXTERNAL] RE: [edk2-devel] [edk2-redfish-client][PATCH]
> > RedfishClientPkg: introduce RedfishBootstrapAccountDxe
> >
> > [AMD Official Use Only - General]
> >
> > Caution: This message originated from an External Source. Use proper
> > caution when opening attachments, clicking links, or responding.
> >
> >
> > Hi Nickle,
> > I have one more question to discuss regarding this driver.
> > We have a bootstrap account and creation of this account controlled by
> > RedfishCredentialDxe driver in RedfishPkg.
> > But deletion of that bootstrap account is moved to RedfishClientPkg.
> > What if we have another Redfish Client or some customer service which
> > uses RedfishPkg for the communication.
> > Architecturally it is allowed.
> > But then RedfishBootstrapAccountDxe module would delete account just
> > based on the RedfishClientPkg needs.
> > Maybe we should consider moving RedfishBootstrapAccountDxe driver to
> > RedfishPkg and have some register mechanism which will be used by
> > interested drivers to notify that they finished their job and after
> > that RedfishBootstrapAccountDxe driver would delete an account.
> > What do you think?
> > Thank you,
> > Igor
> >
> > -----Original Message-----
> > From: Nickle Wang <nicklew@nvidia.com>
> > Sent: Tuesday, May 14, 2024 8:40 AM
> > To: devel@edk2.groups.io; abner.chang@amd.com; Igor Kulchytskyy
> > <igork@ami.com>
> > Cc: Nick Ramirez <nramirez@nvidia.com>
> > Subject: [EXTERNAL] RE: [edk2-devel] [edk2-redfish-client][PATCH]
> > RedfishClientPkg: introduce RedfishBootstrapAccountDxe
> >
> >
> > **CAUTION: The e-mail below is from an external source. Please
> > exercise caution before opening attachments, clicking links, or
> > following guidance.**
> >
> > Hi Abner,
> >
> > > Ok, then I don't have the problem with invoking GetAuthInfo again.
> > However, I
> > > will suggest to add more description in GetAuthInfo function header,
> > mention that
> > > we will keep the auth info in EFI variable until exist boot service.
> > > Also, give some more descriptions on the code you invoke to GetAuthInfo.
> >
> > Thanks for your comment. I add descriptions to explain above before
> > calling GetAuthInfo(). Version 2 path is here:
> > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2
> > .groups.io%2Fg%2Fdevel%2Fmessage%2F118889&data=05%7C02%7Cnicklew
> %40nvi
> >
> dia.com%7C10ec4812a68a434b806008dc75445994%7C43083d15727340c1b7db
> 39efd
> >
> 9ccc17a%7C0%7C0%7C638514183674607956%7CUnknown%7CTWFpbGZsb3d8
> eyJWIjoiM
> >
> C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7
> C%7C
> >
> &sdata=GNlisCnBmVQRhCLTxICGDsArv%2B64lC%2BkktUMi8Yg%2BJM%3D&rese
> rved=0
> >
> > Regards,
> > Nickle
> >
> > > -----Original Message-----
> > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> > > Chang,
> > Abner
> > > via groups.io
> > > Sent: Tuesday, April 23, 2024 3:42 PM
> > > To: Nickle Wang <nicklew@nvidia.com>; Igor Kulchytskyy
> > > <igork@ami.com>; devel@edk2.groups.io
> > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > Subject: Re: [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg:
> > > introduce RedfishBootstrapAccountDxe
> > >
> > > External email: Use caution opening links or attachments
> > >
> > >
> > > [AMD Official Use Only - General]
> > >
> > > > -----Original Message-----
> > > > From: Nickle Wang <nicklew@nvidia.com>
> > > > Sent: Tuesday, April 23, 2024 3:09 PM
> > > > To: Igor Kulchytskyy <igork@ami.com>; Chang, Abner
> > > > <Abner.Chang@amd.com>; devel@edk2.groups.io
> > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > Subject: RE: [EXTERNAL] RE: [edk2-redfish-client][PATCH]
> > RedfishClientPkg:
> > > > introduce RedfishBootstrapAccountDxe
> > > >
> > > > [AMD Official Use Only - General]
> > > >
> > > > Caution: This message originated from an External Source. Use
> > > > proper caution when opening attachments, clicking links, or responding.
> > > >
> > > >
> > > > Hi Igor, Abner,
> > > >
> > > > Thanks for your review. Please allow me to answer your questions
> > together.
> > > >
> > > > > 1. We suppose acquire the credential before we start to
> > > > > communicate with
> > > > Redfish. Will Redfish credential driver create another bootstrap
> > > > account here after provisioning?
> > > > No, according to the RedfishPlatformCredentialIpmiLib
> > > > implementation, Redfish credential driver requests credential from
> > > > BMC and will keep it for later use. So only one credential is
> > > > requested for BIOS Redfish feature drivers during POST time.
> > > Ok, then I don't have the problem with invoking GetAuthInfo again.
> > However, I
> > > will suggest to add more description in GetAuthInfo function header,
> > mention that
> > > we will keep the auth info in EFI variable until exist boot service.
> > > Also, give some more descriptions on the code you invoke to GetAuthInfo.
> > >
> > > >
> > > > > 2. And why do we delete the credential after provisioning? How
> > > > > about the
> > > > later Redfish property updating process?
> > > > In this driver, we listen to "AfterProvisioning" event. And this
> > > > is the event triggered after Redfish feature driver finish all jobs.
> > > > There is no feature driver which gets executed after this event.
> > > > And since we finished all Redfish operations, we remove this account on
> BMC.
> > > Then this makes sense to me now.
> > >
> > > >
> > > > > Why do we need to delete those credentials? According to spec
> > > > > BMC should
> > > > delete the bootstrap credentials automatically on host or service reset.
> > > > Yes, bootstrap credentials get deleted on host reset. In practice,
> > > > server in datacenter usually takes long time running under OS
> > > > before it gets
> > > rebooted.
> > > > The bootstrap credentials are exposed to end user at
> > > > "/redfish/v1/AccountService/Accounts". I got report that there is
> > > > concern for end user to see this unused account.
> > > This sounds to me reasonable as we will give bootstrap credential a
> > > high
> > privilege
> > > to update Redfish resource. Leave this information in Account
> > > service seems
> > not a
> > > good idea.
> > >
> > > Thanks
> > > Abner
> > >
> > > >
> > > > So, I create this driver to allows us to remove bootstrap account
> > > > at BMC after we finish Redfish jobs. And this also release the BMC
> > > > account resource since this account won't be used for a long
> > > > period of
> > time.
> > > >
> > > > Regards,
> > > > Nickle
> > > >
> > > > > -----Original Message-----
> > > > > From: Igor Kulchytskyy <igork@ami.com>
> > > > > Sent: Monday, April 22, 2024 11:03 PM
> > > > > To: Chang, Abner <Abner.Chang@amd.com>; Nickle Wang
> > > > > <nicklew@nvidia.com>; devel@edk2.groups.io
> > > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > > Subject: RE: [EXTERNAL] RE: [edk2-redfish-client][PATCH]
> > RedfishClientPkg:
> > > > > introduce RedfishBootstrapAccountDxe
> > > > >
> > > > > External email: Use caution opening links or attachments
> > > > >
> > > > >
> > > > > Hi Nickle and Abner,
> > > > > I also have the same question as Abner.
> > > > > Why do we need to delete those credentials?
> > > > > According to spec BMC should delete the bootstrap credentials
> > > > > automatically
> > > > on
> > > > > host or service reset.
> > > > > Thank you,
> > > > > Igor
> > > > >
> > > > > -----Original Message-----
> > > > > From: Chang, Abner <Abner.Chang@amd.com>
> > > > > Sent: Sunday, April 21, 2024 10:25 PM
> > > > > To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io
> > > > > Cc: Igor Kulchytskyy <igork@ami.com>; Nick Ramirez
> > > > <nramirez@nvidia.com>
> > > > > Subject: [EXTERNAL] RE: [edk2-redfish-client][PATCH] RedfishClientPkg:
> > > > > introduce RedfishBootstrapAccountDxe
> > > > >
> > > > >
> > > > > **CAUTION: The e-mail below is from an external source. Please
> > > > > exercise caution before opening attachments, clicking links, or
> > > > > following guidance.**
> > > > >
> > > > > [AMD Official Use Only - General]
> > > > >
> > > > > Hi Nickle,
> > > > > One comment and few questions,
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Nickle Wang <nicklew@nvidia.com>
> > > > > > Sent: Thursday, April 18, 2024 8:28 PM
> > > > > > To: devel@edk2.groups.io
> > > > > > Cc: Chang, Abner <Abner.Chang@amd.com>; Igor Kulchytskyy
> > > > > > <igork@ami.com>; Nick Ramirez <nramirez@nvidia.com>
> > > > > > Subject: [edk2-redfish-client][PATCH] RedfishClientPkg:
> > > > > > introduce RedfishBootstrapAccountDxe
> > > > > >
> > > > > > Caution: This message originated from an External Source. Use
> > > > > > proper caution when opening attachments, clicking links, or
> > responding.
> > > > > >
> > > > > >
> > > > > > -Introduce RedfishBootstrapAccountDxe to delete bootstrap
> > > > > > account from /redfish/v1/AccountService/Accounts after BIOS
> > > > > > finished all Redfish jobs. The bootstrap account won't be
> > > > > > available to other
> > application.
> > > > > > So deleting bootstrap account helps to release resource at BMC.
> > > > > > - After bootstrap account is deleted at BMC, the Redfish
> > > > > > service instance is no longer usable. Close Redfish service
> > > > > > instance to release the HTTP connection between BIOS and BMC.
> > > > > >
> > > > > > Signed-off-by: Nickle Wang <nicklew@nvidia.com>
> > > > > > Cc: Abner Chang <abner.chang@amd.com>
> > > > > > Cc: Igor Kulchytskyy <igork@ami.com>
> > > > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > > > ---
> > > > > > .../RedfishClientComponents.dsc.inc | 1 +
> > > > > > .../RedfishBootstrapAccountDxe.inf | 53 +++
> > > > > > .../RedfishBootstrapAccountDxe.h | 58 ++++
> > > > > > .../RedfishBootstrapAccountDxe.c | 328 ++++++++++++++++++
> > > > > > RedfishClientPkg/RedfishClient.fdf.inc | 1 +
> > > > > > 5 files changed, 441 insertions(+) create mode 100644
> > > > > >
> > > >
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > > > .inf
> > > > > > create mode 100644
> > > > > >
> > > >
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > > > .h
> > > > > > create mode 100644
> > > > > >
> > > >
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > > > .c
> > > > > >
> > > > > > diff --git a/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > > > b/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > > > index 42fc0c299..fe5248b62 100644
> > > > > > --- a/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > > > +++ b/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > > > @@ -20,6 +20,7 @@
> > > > > >
> > RedfishClientPkg/HiiToRedfishMemoryDxe/HiiToRedfishMemoryDxe.inf
> > > > > > RedfishClientPkg/HiiToRedfishBootDxe/HiiToRedfishBootDxe.inf
> > > > > >
> > > > > > RedfishClientPkg/HiiToRedfishBiosDxe/HiiToRedfishBiosDxe.inf
> > > > > > +
> > > > > >
> > > >
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > > > .inf
> > > > > > !endif
> > > > > > #
> > > > > > # Below two modules should be pulled in by build tool.
> > > > > > diff --git
> > > > > >
> > > >
> > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > xe.in
> > > > > > f
> > > > > >
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > xe.in
> > > > > > f
> > > > > > new file mode 100644
> > > > > > index 000000000..4073e95f4
> > > > > > --- /dev/null
> > > > > > +++
> > > > > >
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > xe.in
> > > > > > f
> > > > > > @@ -0,0 +1,53 @@
> > > > > > +## @file
> > > > > > +# This driver deletes bootstrap account in BMC after BIOS
> > > > > > +Redfish finished # all jobs # # (C) Copyright 2021 Hewlett
> > > > > > +Packard Enterprise Development LP<BR> # Copyright (c) 2023,
> > > > > > +NVIDIA CORPORATION & AFFILIATES. All rights reserved.
> > > > >
> > > > >
> > > > > Not sure if you want to update the copyright to 2024.
> > > > >
> > > > >
> > > > > > +#
> > > > > > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ##
> > > > > > +
> > > > > > +[Defines]
> > > > > > + INF_VERSION = 0x0001000b
> > > > > > + BASE_NAME = RedfishBootstrapAccountDxe
> > > > > > + FILE_GUID = 87555253-2F7E-45FC-B469-FD35B2E51210
> > > > > > + MODULE_TYPE = DXE_DRIVER
> > > > > > + VERSION_STRING = 1.0
> > > > > > + ENTRY_POINT = RedfishBootstrapAccountEntryPoint
> > > > > > + UNLOAD_IMAGE = RedfishBootstrapAccountUnload
> > > > > > +
> > > > > > +[Packages]
> > > > > > + MdePkg/MdePkg.dec
> > > > > > + MdeModulePkg/MdeModulePkg.dec
> > > > > > + RedfishPkg/RedfishPkg.dec
> > > > > > + RedfishClientPkg/RedfishClientPkg.dec
> > > > > > +
> > > > > > +[Sources]
> > > > > > + RedfishBootstrapAccountDxe.h
> > > > > > + RedfishBootstrapAccountDxe.c
> > > > > > +
> > > > > > +[LibraryClasses]
> > > > > > + BaseLib
> > > > > > + BaseMemoryLib
> > > > > > + DebugLib
> > > > > > + MemoryAllocationLib
> > > > > > + PrintLib
> > > > > > + RedfishEventLib
> > > > > > + RedfishFeatureUtilityLib
> > > > > > + RedfishDebugLib
> > > > > > + RedfishVersionLib
> > > > > > + RedfishHttpLib
> > > > > > + UefiLib
> > > > > > + UefiBootServicesTableLib
> > > > > > + UefiRuntimeServicesTableLib
> > > > > > + UefiDriverEntryPoint
> > > > > > +
> > > > > > +[Protocols]
> > > > > > + gEdkIIRedfishConfigHandlerProtocolGuid ## CONSUMES ##
> > > > > > + gEdkIIRedfishCredentialProtocolGuid ## CONSUMES ##
> > > > > > + gEfiRestExProtocolGuid ## CONSUMES ##
> > > > > > +
> > > > > > +[Depex]
> > > > > > + gEdkIIRedfishCredentialProtocolGuid
> > > > > > diff --git
> > > > > >
> > > >
> > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > xe.h
> > > > > >
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > xe.h
> > > > > > new file mode 100644
> > > > > > index 000000000..5262f1e6b
> > > > > > --- /dev/null
> > > > > > +++
> > > > > >
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > xe.h
> > > > > > @@ -0,0 +1,58 @@
> > > > > > +/** @file
> > > > > > + Common header file for RedfishBootstrapAccountDxe driver.
> > > > > > +
> > > > > > + (C) Copyright 2021-2022 Hewlett Packard Enterprise
> > > > > > + Development LP<BR> Copyright (c) 2023, NVIDIA CORPORATION &
> > > > > > + AFFILIATES. All
> > > > rights
> > > > > reserved.
> > > > > > +
> > > > > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > > > +
> > > > > > +**/
> > > > > > +
> > > > > > +#ifndef REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_ #define
> > > > > > +REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_
> > > > > > +
> > > > > > +#include <Uefi.h>
> > > > > > +#include <RedfishBase.h>
> > > > > > +
> > > > > > +//
> > > > > > +// Libraries
> > > > > > +//
> > > > > > +#include <Library/BaseLib.h>
> > > > > > +#include <Library/BaseMemoryLib.h> #include
> > > > > > +<Library/DebugLib.h>
> > > > > > +
> > > > > > +#include <Library/MemoryAllocationLib.h> #include
> > > > > > +<Library/PrintLib.h> #include <Library/RedfishEventLib.h>
> > > > > > +#include <Library/RedfishFeatureUtilityLib.h>
> > > > > > +#include <Library/RedfishDebugLib.h> #include
> > > > > > +<Library/RedfishVersionLib.h> #include
> > > > > > +<Library/RedfishHttpLib.h> #include
> > > > > > +<Library/UefiBootServicesTableLib.h>
> > > > > > +#include <Library/UefiDriverEntryPoint.h> #include
> > > > > > +<Library/UefiLib.h> #include
> > > > > > +<Library/UefiRuntimeServicesTableLib.h>
> > > > > > +
> > > > > > +#include <Protocol/EdkIIRedfishConfigHandler.h>
> > > > > > +#include <Protocol/EdkIIRedfishCredential.h>
> > > > > > +#include <Protocol/RestEx.h>
> > > > > > +
> > > > > > +#define REDFISH_BOOTSTRAP_ACCOUNT_DEBUG
> > DEBUG_VERBOSE
> > > > > > +#define REDFISH_MANAGER_ACCOUNT_COLLECTION_URI
> > > > > > L"AccountService/Accounts"
> > > > > > +#define REDFISH_URI_LENGTH 128
> > > > > > +
> > > > > > +//
> > > > > > +// Definitions of REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE //
> > > > > > +typedef
> > > > struct
> > > > > > +{
> > > > > > + EFI_HANDLE ImageHandle;
> > > > > > + EFI_HANDLE RestExHandle;
> > > > > > + REDFISH_SERVICE RedfishService;
> > > > > > + EFI_EVENT RedfishEvent;
> > > > > > + EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL Protocol;
> > > > > > +} REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE;
> > > > > > +
> > > > > > +#define
> > > > REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL(This) \
> > > > > > + BASE_CR ((This), REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE,
> > > > > > +Protocol)
> > > > > > +
> > > > > > +#endif
> > > > > > diff --git
> > > > > >
> > > >
> > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > xe.c
> > > > > >
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > xe.c
> > > > > > new file mode 100644
> > > > > > index 000000000..6fe4856f8
> > > > > > --- /dev/null
> > > > > > +++
> > > > > >
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > xe.c
> > > > > > @@ -0,0 +1,328 @@
> > > > > > +/** @file
> > > > > > + This driver deletes bootstrap account in BMC after BIOS
> > > > > > +Redfish finished
> > > > > > + all jobs.
> > > > > > +
> > > > > > + (C) Copyright 2021-2022 Hewlett Packard Enterprise
> > > > > > + Development LP<BR> Copyright (c) 2023, NVIDIA CORPORATION &
> > > > > > + AFFILIATES. All
> > > > rights
> > > > > reserved.
> > > > > > +
> > > > > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > > > +
> > > > > > +**/
> > > > > > +
> > > > > > +#include "RedfishBootstrapAccountDxe.h"
> > > > > > +
> > > > > > +REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *mBootstrapPrivate =
> > NULL;
> > > > > > +
> > > > > > +/**
> > > > > > + Close Redfish service instance by calling RestEx protocol
> > > > > > +to release
> > > > instance.
> > > > > > +
> > > > > > + @param[in] RestExHandle Handle of RestEx protocol.
> > > > > > +
> > > > > > + @retval EFI_SUCCESS The Redfish service is closed successfully.
> > > > > > + @retval EFI_INVALID_PARAMETER RestExHandle is NULL.
> > > > > > + @retval Others Error occurs.
> > > > > > +
> > > > > > +**/
> > > > > > +EFI_STATUS
> > > > > > +CloseRedfishService (
> > > > > > + IN EFI_HANDLE RestExHandle
> > > > > > + )
> > > > > > +{
> > > > > > + EFI_REST_EX_PROTOCOL *RestEx;
> > > > > > + EFI_STATUS Status;
> > > > > > +
> > > > > > + if (RestExHandle == NULL) {
> > > > > > + return EFI_INVALID_PARAMETER; }
> > > > > > +
> > > > > > + Status = gBS->HandleProtocol (
> > > > > > + RestExHandle,
> > > > > > + &gEfiRestExProtocolGuid,
> > > > > > + (VOID **)&RestEx
> > > > > > + );
> > > > > > + if (!EFI_ERROR (Status)) {
> > > > > > + Status = RestEx->Configure (RestEx, NULL);
> > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: release
> > RestEx
> > > > > > instance: %r\n", __func__, Status));
> > > > > > + }
> > > > > > +
> > > > > > + return Status;
> > > > > > +}
> > > > > > +
> > > > > > +/**
> > > > > > + Callback function executed when the AfterProvisioning event
> > > > > > +group is
> > > > > > signaled.
> > > > > > +
> > > > > > + @param[in] Event Event whose notification function is being
> > invoked.
> > > > > > + @param[out] Context Pointer to the Context buffer
> > > > > > +
> > > > > > +**/
> > > > > > +VOID
> > > > > > +EFIAPI
> > > > > > +RedfishBootstrapAccountOnRedfishAfterProvisioning (
> > > > > > + IN EFI_EVENT Event,
> > > > > > + OUT VOID *Context
> > > > > > + )
> > > > > > +{
> > > > > > + EFI_STATUS Status;
> > > > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > > > > > + EDKII_REDFISH_CREDENTIAL_PROTOCOL *credentialProtocol;
> > > > > > + EDKII_REDFISH_AUTH_METHOD AuthMethod;
> > > > > > + CHAR8 *AccountName;
> > > > > > + CHAR8 *AccountCredential;
> > > > > > + CHAR16 TargetUri[REDFISH_URI_LENGTH];
> > > > > > + CHAR16 *RedfishVersion;
> > > > > > + REDFISH_RESPONSE RedfishResponse;
> > > > > > +
> > > > > > + RedfishVersion = NULL;
> > > > > > +
> > > > > > + Private = (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *)Context; if
> > > > > > + ((Private == NULL) || (Private->RedfishService == NULL)) {
> > > > > > + DEBUG ((DEBUG_ERROR, "%a: Redfish service is not
> > > > > > + available\n",
> > > > > > __func__));
> > > > > > + return;
> > > > > > + }
> > > > > > +
> > > > > > + //
> > > > > > + // Locate Redfish Credential Protocol to get credential for
> > > > > > + // accessing to Redfish service.
> > > > > > + //
> > > > > > + Status = gBS->LocateProtocol (
> > > > > > + &gEdkIIRedfishCredentialProtocolGuid,
> > > > > > + NULL,
> > > > > > + (VOID **)&credentialProtocol
> > > > > > + );
> > > > > > + if (EFI_ERROR (Status)) {
> > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: No Redfish
> > > > > > Credential Protocol is installed on system.", __func__));
> > > > > > + return;
> > > > > > + }
> > > > > > +
> > > > > > + Status = credentialProtocol->GetAuthInfo (
> > > > > > + credentialProtocol,
> > > > > > + &AuthMethod,
> > > > > > + &AccountName,
> > > > > > + &AccountCredential
> > > > > > + );
> > > > >
> > > > > HI Nickle, I am not quite understand why do we acquire a
> > > > > credential here but delete it from the Redfish account service here after
> provision.
> > > > > 1. We suppose acquire the credential before we start to
> > > > > communicate with Redfish. Will Redfish credential driver create
> > > > > another bootstrap account here after provisioning?
> > > > > 2. And why do we delete the credential after provisioning? How
> > > > > about the
> > > > later
> > > > > Redfish property updating process?
> > > > > Or do I misunderstand the code logic?
> > > > >
> > > > > Regards,
> > > > > Abner
> > > > >
> > > > > > + if (EFI_ERROR (Status)) {
> > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not get bootstrap account
> > > > information:
> > > > > > %r\n", __func__, Status));
> > > > > > + return;
> > > > > > + }
> > > > > > +
> > > > > > + //
> > > > > > + // Carving the URI
> > > > > > + //
> > > > > > + RedfishVersion = RedfishGetVersion
> > > > > > + (Private->RedfishService); if (RedfishVersion == NULL) {
> > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not get Redfish version\n",
> > > > __func__));
> > > > > > + return;
> > > > > > + }
> > > > > > +
> > > > > > + UnicodeSPrint (TargetUri, (sizeof (CHAR16) *
> > > > > > + REDFISH_URI_LENGTH),
> > > > > > L"%s%s/%a", RedfishVersion,
> > > > > REDFISH_MANAGER_ACCOUNT_COLLECTION_URI,
> > > > > > AccountName);
> > > > > > +
> > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap
> > > > account:
> > > > > > %a\n", __func__, AccountName));
> > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap
> > > > > > credential: %a\n", __func__, AccountCredential));
> > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap
> > URI:
> > > > > > %s\n", __func__, TargetUri));
> > > > > > +
> > > > > > + //
> > > > > > + // Remove bootstrap account at
> > > > > > + /redfish/v1/AccountService/Account
> > > > > > + //
> > > > > > + ZeroMem (&RedfishResponse, sizeof (REDFISH_RESPONSE));
> > > > > > + Status = RedfishHttpDeleteResource (
> > > > > > + Private->RedfishService,
> > > > > > + TargetUri,
> > > > > > + &RedfishResponse
> > > > > > + );
> > > > > > + if (EFI_ERROR (Status)) {
> > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not remove bootstrap
> > > > > > + account at
> > > > BMC:
> > > > > > %r", __func__, Status));
> > > > > > + DumpRedfishResponse (__func__, DEBUG_ERROR,
> > > > &RedfishResponse); }
> > > > > > + else {
> > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap
> > > > > account:
> > > > > > %a is removed from: %s\n", __func__, AccountName,
> > > > > > REDFISH_MANAGER_ACCOUNT_COLLECTION_URI));
> > > > > > + }
> > > > > > +
> > > > > > + //
> > > > > > + // Clean credential
> > > > > > + //
> > > > > > + ZeroMem (AccountName, AsciiStrSize (AccountName)); ZeroMem
> > > > > > + (AccountCredential, AsciiStrSize (AccountCredential));
> > > > > > +
> > > > > > + //
> > > > > > + // Since the bootstrap account is deleted at BMC, the
> > > > > > + Redfish service instance
> > > > > > is no longer usable.
> > > > > > + // Close Redfish service instance to release the HTTP
> > > > > > + connection between
> > > > > > BIOS and BMC.
> > > > > > + //
> > > > > > + Status = CloseRedfishService (Private->RestExHandle); if
> > > > > > + (EFI_ERROR (Status)) {
> > > > > > + DEBUG ((DEBUG_ERROR, "%a: cannot close Redfish service instance:
> > > > > > + %r\n",
> > > > > > __func__, Status));
> > > > > > + }
> > > > > > +
> > > > > > + RedfishHttpFreeResponse (&RedfishResponse);
> > > > > > +
> > > > > > + return;
> > > > > > +}
> > > > > > +
> > > > > > +/**
> > > > > > + Initialize a Redfish configure handler.
> > > > > > +
> > > > > > + This function will be called by the Redfish config driver
> > > > > > + to initialize each
> > > > > > Redfish configure
> > > > > > + handler.
> > > > > > +
> > > > > > + @param[in] This Pointer to
> > > > > > EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
> > > > > > + @param[in] RedfishConfigServiceInfo Redfish service informaiton.
> > > > > > +
> > > > > > + @retval EFI_SUCCESS The handler has been initialized
> > > > successfully.
> > > > > > + @retval EFI_DEVICE_ERROR Failed to create or configure the
> > REST
> > > > EX
> > > > > > protocol instance.
> > > > > > + @retval EFI_ALREADY_STARTED This handler has already been
> > > > > > initialized.
> > > > > > + @retval Other Error happens during the initialization.
> > > > > > +
> > > > > > +**/
> > > > > > +EFI_STATUS
> > > > > > +EFIAPI
> > > > > > +RedfishBootstrapAccountInit (
> > > > > > + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This,
> > > > > > + IN REDFISH_CONFIG_SERVICE_INFORMATION
> > > > *RedfishConfigServiceInfo
> > > > > > + )
> > > > > > +{
> > > > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > > > > > +
> > > > > > + Private =
> > REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL
> > > > > > (This);
> > > > > > +
> > > > > > + Private->RedfishService = RedfishCreateService
> > > > > > + (RedfishConfigServiceInfo); if (Private->RedfishService == NULL) {
> > > > > > + return EFI_DEVICE_ERROR;
> > > > > > + }
> > > > > > +
> > > > > > + Private->RestExHandle = RedfishConfigServiceInfo-
> > > > > > >RedfishServiceRestExHandle;
> > > > > > +
> > > > > > + return EFI_SUCCESS;
> > > > > > +}
> > > > > > +
> > > > > > +/**
> > > > > > + Stop a Redfish configure handler.
> > > > > > +
> > > > > > + @param[in] This Pointer to
> > > > > > EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
> > > > > > +
> > > > > > + @retval EFI_SUCCESS This handler has been stoped
> > successfully.
> > > > > > + @retval Others Some error happened.
> > > > > > +
> > > > > > +**/
> > > > > > +EFI_STATUS
> > > > > > +EFIAPI
> > > > > > +RedfishBootstrapAccountStop (
> > > > > > + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This
> > > > > > + )
> > > > > > +{
> > > > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > > > > > +
> > > > > > + Private =
> > REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL
> > > > > > (This);
> > > > > > +
> > > > > > + if (Private->RedfishService != NULL) {
> > > > > > + RedfishCleanupService (Private->RedfishService);
> > > > > > + Private->RedfishService = NULL; }
> > > > > > +
> > > > > > + return EFI_SUCCESS;
> > > > > > +}
> > > > > > +
> > > > > > +EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL
> > mRedfishConfigHandler =
> > > > {
> > > > > > + RedfishBootstrapAccountInit,
> > > > > > + RedfishBootstrapAccountStop };
> > > > > > +
> > > > > > +/**
> > > > > > + Unloads an image.
> > > > > > +
> > > > > > + @param[in] ImageHandle Handle that identifies the image to
> be
> > > > > > unloaded.
> > > > > > +
> > > > > > + @retval EFI_SUCCESS The image has been unloaded.
> > > > > > + @retval EFI_INVALID_PARAMETER ImageHandle is not a valid
> > > > > > + image
> > > > handle.
> > > > > > +
> > > > > > +**/
> > > > > > +EFI_STATUS
> > > > > > +EFIAPI
> > > > > > +RedfishBootstrapAccountUnload (
> > > > > > + IN EFI_HANDLE ImageHandle
> > > > > > + )
> > > > > > +{
> > > > > > + EFI_STATUS Status;
> > > > > > +
> > > > > > + if (mBootstrapPrivate == NULL) {
> > > > > > + return EFI_SUCCESS;
> > > > > > + }
> > > > > > +
> > > > > > + if (mBootstrapPrivate->RedfishEvent != NULL) {
> > > > > > + gBS->CloseEvent (mBootstrapPrivate->RedfishEvent);
> > > > > > + }
> > > > > > +
> > > > > > + Status = gBS->UninstallProtocolInterface (
> > > > > > + mBootstrapPrivate->ImageHandle,
> > > > > > + &gEdkIIRedfishConfigHandlerProtocolGuid,
> > > > > > + (VOID *)&mBootstrapPrivate->Protocol
> > > > > > + );
> > > > > > + if (EFI_ERROR (Status)) {
> > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not uninstall Redfish
> > > > > > + config handler
> > > > > > protocol: %r\n", __func__, Status));
> > > > > > + }
> > > > > > +
> > > > > > + FreePool (mBootstrapPrivate); mBootstrapPrivate = NULL;
> > > > > > +
> > > > > > + return EFI_SUCCESS;
> > > > > > +}
> > > > > > +
> > > > > > +/**
> > > > > > + This is the declaration of an EFI image entry point. This
> > > > > > +entry point is
> > > > > > + the same for UEFI Applications, UEFI OS Loaders, and UEFI
> > > > > > +Drivers including
> > > > > > + both device drivers and bus drivers.
> > > > > > +
> > > > > > + @param[in] ImageHandle The firmware allocated handle for the
> > UEFI
> > > > > > image.
> > > > > > + @param[in] SystemTable A pointer to the EFI System Table.
> > > > > > +
> > > > > > + @retval EFI_SUCCESS The operation completed successfully.
> > > > > > + @retval Others An unexpected error occurred.
> > > > > > +**/
> > > > > > +EFI_STATUS
> > > > > > +EFIAPI
> > > > > > +RedfishBootstrapAccountEntryPoint (
> > > > > > + IN EFI_HANDLE ImageHandle,
> > > > > > + IN EFI_SYSTEM_TABLE *SystemTable
> > > > > > + )
> > > > > > +{
> > > > > > + EFI_STATUS Status;
> > > > > > +
> > > > > > + if (mBootstrapPrivate != NULL) {
> > > > > > + return EFI_ALREADY_STARTED; }
> > > > > > +
> > > > > > + mBootstrapPrivate = AllocateZeroPool (sizeof
> > > > > > (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE));
> > > > > > + if (mBootstrapPrivate == NULL) {
> > > > > > + return EFI_OUT_OF_RESOURCES; }
> > > > > > +
> > > > > > + CopyMem (&mBootstrapPrivate->Protocol,
> > &mRedfishConfigHandler,
> > > > > > + sizeof
> > > > > > (EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL));
> > > > > > + Status = gBS->InstallProtocolInterface (
> > > > > > + &ImageHandle,
> > > > > > + &gEdkIIRedfishConfigHandlerProtocolGuid,
> > > > > > + EFI_NATIVE_INTERFACE,
> > > > > > + &mBootstrapPrivate->Protocol
> > > > > > + );
> > > > > > + if (EFI_ERROR (Status)) {
> > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not install Redfish config
> > > > > > + handler
> > > > > > protocol: %r\n", __func__, Status));
> > > > > > + goto ON_ERROR;
> > > > > > + }
> > > > > > +
> > > > > > + //
> > > > > > + // Register after provisioning event to remove bootstrap account.
> > > > > > + //
> > > > > > + Status = CreateAfterProvisioningEvent (
> > > > > > + RedfishBootstrapAccountOnRedfishAfterProvisioning,
> > > > > > + (VOID *)mBootstrapPrivate,
> > > > > > + &mBootstrapPrivate->RedfishEvent
> > > > > > + );
> > > > > > + if (EFI_ERROR (Status)) {
> > > > > > + DEBUG ((DEBUG_ERROR, "%a: failed to register
> > > > > > + after-provisioning
> > > > event:
> > > > > > %r\n", __func__, Status));
> > > > > > + goto ON_ERROR;
> > > > > > + }
> > > > > > +
> > > > > > + return EFI_SUCCESS;
> > > > > > +
> > > > > > +ON_ERROR:
> > > > > > +
> > > > > > + RedfishBootstrapAccountUnload (ImageHandle);
> > > > > > +
> > > > > > + return Status;
> > > > > > +}
> > > > > > diff --git a/RedfishClientPkg/RedfishClient.fdf.inc
> > > > > > b/RedfishClientPkg/RedfishClient.fdf.inc
> > > > > > index 154f641b2..47e5093f2 100644
> > > > > > --- a/RedfishClientPkg/RedfishClient.fdf.inc
> > > > > > +++ b/RedfishClientPkg/RedfishClient.fdf.inc
> > > > > > @@ -15,6 +15,7 @@
> > > > > > INF
> > RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.inf
> > > > > > INF RedfishClientPkg/RedfishETagDxe/RedfishETagDxe.inf
> > > > > > INF
> > > > > >
> > > >
> > RedfishClientPkg/RedfishConfigLangMapDxe/RedfishConfigLangMapDxe.inf
> > > > > > + INF
> > > > > >
> > > > >
> > > >
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > .inf
> > > > > > INF
> > RedfishClientPkg/Features/Memory/V1_7_1/Dxe/MemoryDxe.inf
> > > > > > INF
> > > > > >
> > > >
> > RedfishClientPkg/Features/MemoryCollectionDxe/MemoryCollectionDxe.inf
> > > > > > INF
> > > > > >
> > > > >
> > > >
> > RedfishClientPkg/Features/ComputerSystem/v1_5_0/Dxe/ComputerSystemD
> > > > xe.
> > > > > > i
> > > > > > nf
> > > > > > --
> > > > > > 2.34.1
> > > > >
> > > > > -The information contained in this message may be confidential
> > > > > and
> > > > proprietary
> > > > > to American Megatrends (AMI). This communication is intended to
> > > > > be read
> > > > only by
> > > > > the individual or entity to whom it is addressed or by their
> > > > > designee. If the
> > > > reader
> > > > > of this message is not the intended recipient, you are on notice
> > > > > that any distribution of this message, in any form, is strictly
> > > > > prohibited. Please
> > > > promptly
> > > > > notify the sender by reply e-mail or by telephone at
> > > > > 770-246-8600, and
> > > > then
> > > > > delete or destroy all copies of the transmission.
> > >
> > >
> > >
> > >
> >
> > -The information contained in this message may be confidential and
> > proprietary to American Megatrends (AMI). This communication is
> > intended to be read only by the individual or entity to whom it is
> > addressed or by their designee. If the reader of this message is not
> > the intended recipient, you are on notice that any distribution of
> > this message, in any form, is strictly prohibited. Please promptly
> > notify the sender by reply e-mail or by telephone at 770-246-8600, and then
> delete or destroy all copies of the transmission.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118940): https://edk2.groups.io/g/devel/message/118940
Mute This Topic: https://groups.io/mt/105596648/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg: introduce RedfishBootstrapAccountDxe
2024-05-16 1:37 ` Nickle Wang via groups.io
@ 2024-05-16 2:41 ` Chang, Abner via groups.io
2024-05-16 3:09 ` Nickle Wang via groups.io
0 siblings, 1 reply; 13+ messages in thread
From: Chang, Abner via groups.io @ 2024-05-16 2:41 UTC (permalink / raw)
To: Nickle Wang, Igor Kulchytskyy, devel@edk2.groups.io; +Cc: Nick Ramirez
[AMD Official Use Only - General]
I think we probably overlook some use cases. Multiple edk2 Redfish applications running simultaneously is allowed from the design perspective. However, we centralized GetAuthInfo in RedfishPlatformCredentialLib for all of edk2 Redfish client entities to leverage the same credential stored in EFI variable. This way we can limit the process of acquiring credential to only one time Redfish IPMI bootstrap command sent to BMC.
RedfishFeatureCore could be one of the Redfish clients, delete the credential from Redfish account service in RedfishFeatureCore lifecycle may impact other Redfish clients that still need the communication with Redfish service, right?
Thanks
Abner
> -----Original Message-----
> From: Nickle Wang <nicklew@nvidia.com>
> Sent: Thursday, May 16, 2024 9:38 AM
> To: Chang, Abner <Abner.Chang@amd.com>; Igor Kulchytskyy
> <igork@ami.com>; devel@edk2.groups.io
> Cc: Nick Ramirez <nramirez@nvidia.com>
> Subject: RE: [EXTERNAL] RE: [edk2-devel] [edk2-redfish-client][PATCH]
> RedfishClientPkg: introduce RedfishBootstrapAccountDxe
>
> [AMD Official Use Only - General]
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> Hi Igor, Abner,
>
> > Maybe we should consider moving RedfishBootstrapAccountDxe driver to
> RedfishPkg and have some register mechanism which will be used by
> interested drivers to notify that they finished their job and after that
> RedfishBootstrapAccountDxe driver would delete an account.
>
> You are saying the mechanism in runtime, right? In current design,
> RedfishFeatureCore driver will send "after provisioning" signal to notify this
> driver to delete bootstrapping account. This makes sure that all feature drivers
> are done with their jobs, so this driver is safe to delete bootstrapping account
> at BMC.
>
> If we move it to RedfishPkg, there is no such centralized Redfish driver
> managing Redfish stuff. How does a particular driver know that there is no
> other driver running Redfish stuff after it? The way I can think of now is to rely
> on EDK2 ready-to-boot event as the signal to do the notification, since there is
> not supposed to have Redfish driver running jobs after this event...
>
> Regards,
> Nickle
>
> > -----Original Message-----
> > From: Chang, Abner <Abner.Chang@amd.com>
> > Sent: Thursday, May 16, 2024 9:06 AM
> > To: Igor Kulchytskyy <igork@ami.com>; Nickle Wang <nicklew@nvidia.com>;
> > devel@edk2.groups.io
> > Cc: Nick Ramirez <nramirez@nvidia.com>
> > Subject: RE: [EXTERNAL] RE: [edk2-devel] [edk2-redfish-client][PATCH]
> > RedfishClientPkg: introduce RedfishBootstrapAccountDxe
> >
> > External email: Use caution opening links or attachments
> >
> >
> > [AMD Official Use Only - General]
> >
> > HI Igor,
> > This sounds to me reasonable to me. As you mentioned, RedfishPkg was
> designed
> > to support multiple Redfish applications and RedfishClientPkg is just one of
> them. I
> > think we can review the implementation of acquiring/deleting credential.
> >
> > Thanks
> > Abner
> >
> >
> > > -----Original Message-----
> > > From: Igor Kulchytskyy <igork@ami.com>
> > > Sent: Wednesday, May 15, 2024 11:02 PM
> > > To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io; Chang,
> > > Abner <Abner.Chang@amd.com>
> > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > Subject: RE: [EXTERNAL] RE: [edk2-devel] [edk2-redfish-client][PATCH]
> > > RedfishClientPkg: introduce RedfishBootstrapAccountDxe
> > >
> > > [AMD Official Use Only - General]
> > >
> > > Caution: This message originated from an External Source. Use proper
> > > caution when opening attachments, clicking links, or responding.
> > >
> > >
> > > Hi Nickle,
> > > I have one more question to discuss regarding this driver.
> > > We have a bootstrap account and creation of this account controlled by
> > > RedfishCredentialDxe driver in RedfishPkg.
> > > But deletion of that bootstrap account is moved to RedfishClientPkg.
> > > What if we have another Redfish Client or some customer service which
> > > uses RedfishPkg for the communication.
> > > Architecturally it is allowed.
> > > But then RedfishBootstrapAccountDxe module would delete account just
> > > based on the RedfishClientPkg needs.
> > > Maybe we should consider moving RedfishBootstrapAccountDxe driver to
> > > RedfishPkg and have some register mechanism which will be used by
> > > interested drivers to notify that they finished their job and after
> > > that RedfishBootstrapAccountDxe driver would delete an account.
> > > What do you think?
> > > Thank you,
> > > Igor
> > >
> > > -----Original Message-----
> > > From: Nickle Wang <nicklew@nvidia.com>
> > > Sent: Tuesday, May 14, 2024 8:40 AM
> > > To: devel@edk2.groups.io; abner.chang@amd.com; Igor Kulchytskyy
> > > <igork@ami.com>
> > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > Subject: [EXTERNAL] RE: [edk2-devel] [edk2-redfish-client][PATCH]
> > > RedfishClientPkg: introduce RedfishBootstrapAccountDxe
> > >
> > >
> > > **CAUTION: The e-mail below is from an external source. Please
> > > exercise caution before opening attachments, clicking links, or
> > > following guidance.**
> > >
> > > Hi Abner,
> > >
> > > > Ok, then I don't have the problem with invoking GetAuthInfo again.
> > > However, I
> > > > will suggest to add more description in GetAuthInfo function header,
> > > mention that
> > > > we will keep the auth info in EFI variable until exist boot service.
> > > > Also, give some more descriptions on the code you invoke to
> GetAuthInfo.
> > >
> > > Thanks for your comment. I add descriptions to explain above before
> > > calling GetAuthInfo(). Version 2 path is here:
> > >
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk
> 2
> >
> > .groups.io%2Fg%2Fdevel%2Fmessage%2F118889&data=05%7C02%7Cnick
> lew
> > %40nvi
> > >
> >
> dia.com%7C10ec4812a68a434b806008dc75445994%7C43083d15727340c
> 1b7db
> > 39efd
> > >
> >
> 9ccc17a%7C0%7C0%7C638514183674607956%7CUnknown%7CTWFpbGZs
> b3d8
> > eyJWIjoiM
> > >
> >
> C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7
> C%7
> > C%7C
> > >
> >
> &sdata=GNlisCnBmVQRhCLTxICGDsArv%2B64lC%2BkktUMi8Yg%2BJM%3D&r
> ese
> > rved=0
> > >
> > > Regards,
> > > Nickle
> > >
> > > > -----Original Message-----
> > > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> > > > Chang,
> > > Abner
> > > > via groups.io
> > > > Sent: Tuesday, April 23, 2024 3:42 PM
> > > > To: Nickle Wang <nicklew@nvidia.com>; Igor Kulchytskyy
> > > > <igork@ami.com>; devel@edk2.groups.io
> > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > Subject: Re: [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg:
> > > > introduce RedfishBootstrapAccountDxe
> > > >
> > > > External email: Use caution opening links or attachments
> > > >
> > > >
> > > > [AMD Official Use Only - General]
> > > >
> > > > > -----Original Message-----
> > > > > From: Nickle Wang <nicklew@nvidia.com>
> > > > > Sent: Tuesday, April 23, 2024 3:09 PM
> > > > > To: Igor Kulchytskyy <igork@ami.com>; Chang, Abner
> > > > > <Abner.Chang@amd.com>; devel@edk2.groups.io
> > > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > > Subject: RE: [EXTERNAL] RE: [edk2-redfish-client][PATCH]
> > > RedfishClientPkg:
> > > > > introduce RedfishBootstrapAccountDxe
> > > > >
> > > > > [AMD Official Use Only - General]
> > > > >
> > > > > Caution: This message originated from an External Source. Use
> > > > > proper caution when opening attachments, clicking links, or
> responding.
> > > > >
> > > > >
> > > > > Hi Igor, Abner,
> > > > >
> > > > > Thanks for your review. Please allow me to answer your questions
> > > together.
> > > > >
> > > > > > 1. We suppose acquire the credential before we start to
> > > > > > communicate with
> > > > > Redfish. Will Redfish credential driver create another bootstrap
> > > > > account here after provisioning?
> > > > > No, according to the RedfishPlatformCredentialIpmiLib
> > > > > implementation, Redfish credential driver requests credential from
> > > > > BMC and will keep it for later use. So only one credential is
> > > > > requested for BIOS Redfish feature drivers during POST time.
> > > > Ok, then I don't have the problem with invoking GetAuthInfo again.
> > > However, I
> > > > will suggest to add more description in GetAuthInfo function header,
> > > mention that
> > > > we will keep the auth info in EFI variable until exist boot service.
> > > > Also, give some more descriptions on the code you invoke to
> GetAuthInfo.
> > > >
> > > > >
> > > > > > 2. And why do we delete the credential after provisioning? How
> > > > > > about the
> > > > > later Redfish property updating process?
> > > > > In this driver, we listen to "AfterProvisioning" event. And this
> > > > > is the event triggered after Redfish feature driver finish all jobs.
> > > > > There is no feature driver which gets executed after this event.
> > > > > And since we finished all Redfish operations, we remove this account
> on
> > BMC.
> > > > Then this makes sense to me now.
> > > >
> > > > >
> > > > > > Why do we need to delete those credentials? According to spec
> > > > > > BMC should
> > > > > delete the bootstrap credentials automatically on host or service reset.
> > > > > Yes, bootstrap credentials get deleted on host reset. In practice,
> > > > > server in datacenter usually takes long time running under OS
> > > > > before it gets
> > > > rebooted.
> > > > > The bootstrap credentials are exposed to end user at
> > > > > "/redfish/v1/AccountService/Accounts". I got report that there is
> > > > > concern for end user to see this unused account.
> > > > This sounds to me reasonable as we will give bootstrap credential a
> > > > high
> > > privilege
> > > > to update Redfish resource. Leave this information in Account
> > > > service seems
> > > not a
> > > > good idea.
> > > >
> > > > Thanks
> > > > Abner
> > > >
> > > > >
> > > > > So, I create this driver to allows us to remove bootstrap account
> > > > > at BMC after we finish Redfish jobs. And this also release the BMC
> > > > > account resource since this account won't be used for a long
> > > > > period of
> > > time.
> > > > >
> > > > > Regards,
> > > > > Nickle
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Igor Kulchytskyy <igork@ami.com>
> > > > > > Sent: Monday, April 22, 2024 11:03 PM
> > > > > > To: Chang, Abner <Abner.Chang@amd.com>; Nickle Wang
> > > > > > <nicklew@nvidia.com>; devel@edk2.groups.io
> > > > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > > > Subject: RE: [EXTERNAL] RE: [edk2-redfish-client][PATCH]
> > > RedfishClientPkg:
> > > > > > introduce RedfishBootstrapAccountDxe
> > > > > >
> > > > > > External email: Use caution opening links or attachments
> > > > > >
> > > > > >
> > > > > > Hi Nickle and Abner,
> > > > > > I also have the same question as Abner.
> > > > > > Why do we need to delete those credentials?
> > > > > > According to spec BMC should delete the bootstrap credentials
> > > > > > automatically
> > > > > on
> > > > > > host or service reset.
> > > > > > Thank you,
> > > > > > Igor
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: Chang, Abner <Abner.Chang@amd.com>
> > > > > > Sent: Sunday, April 21, 2024 10:25 PM
> > > > > > To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io
> > > > > > Cc: Igor Kulchytskyy <igork@ami.com>; Nick Ramirez
> > > > > <nramirez@nvidia.com>
> > > > > > Subject: [EXTERNAL] RE: [edk2-redfish-client][PATCH]
> RedfishClientPkg:
> > > > > > introduce RedfishBootstrapAccountDxe
> > > > > >
> > > > > >
> > > > > > **CAUTION: The e-mail below is from an external source. Please
> > > > > > exercise caution before opening attachments, clicking links, or
> > > > > > following guidance.**
> > > > > >
> > > > > > [AMD Official Use Only - General]
> > > > > >
> > > > > > Hi Nickle,
> > > > > > One comment and few questions,
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Nickle Wang <nicklew@nvidia.com>
> > > > > > > Sent: Thursday, April 18, 2024 8:28 PM
> > > > > > > To: devel@edk2.groups.io
> > > > > > > Cc: Chang, Abner <Abner.Chang@amd.com>; Igor Kulchytskyy
> > > > > > > <igork@ami.com>; Nick Ramirez <nramirez@nvidia.com>
> > > > > > > Subject: [edk2-redfish-client][PATCH] RedfishClientPkg:
> > > > > > > introduce RedfishBootstrapAccountDxe
> > > > > > >
> > > > > > > Caution: This message originated from an External Source. Use
> > > > > > > proper caution when opening attachments, clicking links, or
> > > responding.
> > > > > > >
> > > > > > >
> > > > > > > -Introduce RedfishBootstrapAccountDxe to delete bootstrap
> > > > > > > account from /redfish/v1/AccountService/Accounts after BIOS
> > > > > > > finished all Redfish jobs. The bootstrap account won't be
> > > > > > > available to other
> > > application.
> > > > > > > So deleting bootstrap account helps to release resource at BMC.
> > > > > > > - After bootstrap account is deleted at BMC, the Redfish
> > > > > > > service instance is no longer usable. Close Redfish service
> > > > > > > instance to release the HTTP connection between BIOS and BMC.
> > > > > > >
> > > > > > > Signed-off-by: Nickle Wang <nicklew@nvidia.com>
> > > > > > > Cc: Abner Chang <abner.chang@amd.com>
> > > > > > > Cc: Igor Kulchytskyy <igork@ami.com>
> > > > > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > > > > ---
> > > > > > > .../RedfishClientComponents.dsc.inc | 1 +
> > > > > > > .../RedfishBootstrapAccountDxe.inf | 53 +++
> > > > > > > .../RedfishBootstrapAccountDxe.h | 58 ++++
> > > > > > > .../RedfishBootstrapAccountDxe.c | 328
> ++++++++++++++++++
> > > > > > > RedfishClientPkg/RedfishClient.fdf.inc | 1 +
> > > > > > > 5 files changed, 441 insertions(+) create mode 100644
> > > > > > >
> > > > >
> > >
> RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > > > > .inf
> > > > > > > create mode 100644
> > > > > > >
> > > > >
> > >
> RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > > > > .h
> > > > > > > create mode 100644
> > > > > > >
> > > > >
> > >
> RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > > > > .c
> > > > > > >
> > > > > > > diff --git a/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > > > > b/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > > > > index 42fc0c299..fe5248b62 100644
> > > > > > > --- a/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > > > > +++ b/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > > > > @@ -20,6 +20,7 @@
> > > > > > >
> > > RedfishClientPkg/HiiToRedfishMemoryDxe/HiiToRedfishMemoryDxe.inf
> > > > > > > RedfishClientPkg/HiiToRedfishBootDxe/HiiToRedfishBootDxe.inf
> > > > > > >
> > > > > > > RedfishClientPkg/HiiToRedfishBiosDxe/HiiToRedfishBiosDxe.inf
> > > > > > > +
> > > > > > >
> > > > >
> > >
> RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > > > > .inf
> > > > > > > !endif
> > > > > > > #
> > > > > > > # Below two modules should be pulled in by build tool.
> > > > > > > diff --git
> > > > > > >
> > > > >
> > >
> a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > > xe.in
> > > > > > > f
> > > > > > >
> > > > >
> > >
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > > xe.in
> > > > > > > f
> > > > > > > new file mode 100644
> > > > > > > index 000000000..4073e95f4
> > > > > > > --- /dev/null
> > > > > > > +++
> > > > > > >
> > > > >
> > >
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > > xe.in
> > > > > > > f
> > > > > > > @@ -0,0 +1,53 @@
> > > > > > > +## @file
> > > > > > > +# This driver deletes bootstrap account in BMC after BIOS
> > > > > > > +Redfish finished # all jobs # # (C) Copyright 2021 Hewlett
> > > > > > > +Packard Enterprise Development LP<BR> # Copyright (c) 2023,
> > > > > > > +NVIDIA CORPORATION & AFFILIATES. All rights reserved.
> > > > > >
> > > > > >
> > > > > > Not sure if you want to update the copyright to 2024.
> > > > > >
> > > > > >
> > > > > > > +#
> > > > > > > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ##
> > > > > > > +
> > > > > > > +[Defines]
> > > > > > > + INF_VERSION = 0x0001000b
> > > > > > > + BASE_NAME = RedfishBootstrapAccountDxe
> > > > > > > + FILE_GUID = 87555253-2F7E-45FC-B469-FD35B2E51210
> > > > > > > + MODULE_TYPE = DXE_DRIVER
> > > > > > > + VERSION_STRING = 1.0
> > > > > > > + ENTRY_POINT = RedfishBootstrapAccountEntryPoint
> > > > > > > + UNLOAD_IMAGE = RedfishBootstrapAccountUnload
> > > > > > > +
> > > > > > > +[Packages]
> > > > > > > + MdePkg/MdePkg.dec
> > > > > > > + MdeModulePkg/MdeModulePkg.dec
> > > > > > > + RedfishPkg/RedfishPkg.dec
> > > > > > > + RedfishClientPkg/RedfishClientPkg.dec
> > > > > > > +
> > > > > > > +[Sources]
> > > > > > > + RedfishBootstrapAccountDxe.h
> > > > > > > + RedfishBootstrapAccountDxe.c
> > > > > > > +
> > > > > > > +[LibraryClasses]
> > > > > > > + BaseLib
> > > > > > > + BaseMemoryLib
> > > > > > > + DebugLib
> > > > > > > + MemoryAllocationLib
> > > > > > > + PrintLib
> > > > > > > + RedfishEventLib
> > > > > > > + RedfishFeatureUtilityLib
> > > > > > > + RedfishDebugLib
> > > > > > > + RedfishVersionLib
> > > > > > > + RedfishHttpLib
> > > > > > > + UefiLib
> > > > > > > + UefiBootServicesTableLib
> > > > > > > + UefiRuntimeServicesTableLib
> > > > > > > + UefiDriverEntryPoint
> > > > > > > +
> > > > > > > +[Protocols]
> > > > > > > + gEdkIIRedfishConfigHandlerProtocolGuid ## CONSUMES ##
> > > > > > > + gEdkIIRedfishCredentialProtocolGuid ## CONSUMES ##
> > > > > > > + gEfiRestExProtocolGuid ## CONSUMES ##
> > > > > > > +
> > > > > > > +[Depex]
> > > > > > > + gEdkIIRedfishCredentialProtocolGuid
> > > > > > > diff --git
> > > > > > >
> > > > >
> > >
> a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > > xe.h
> > > > > > >
> > > > >
> > >
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > > xe.h
> > > > > > > new file mode 100644
> > > > > > > index 000000000..5262f1e6b
> > > > > > > --- /dev/null
> > > > > > > +++
> > > > > > >
> > > > >
> > >
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > > xe.h
> > > > > > > @@ -0,0 +1,58 @@
> > > > > > > +/** @file
> > > > > > > + Common header file for RedfishBootstrapAccountDxe driver.
> > > > > > > +
> > > > > > > + (C) Copyright 2021-2022 Hewlett Packard Enterprise
> > > > > > > + Development LP<BR> Copyright (c) 2023, NVIDIA CORPORATION
> &
> > > > > > > + AFFILIATES. All
> > > > > rights
> > > > > > reserved.
> > > > > > > +
> > > > > > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > > > > +
> > > > > > > +**/
> > > > > > > +
> > > > > > > +#ifndef REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_ #define
> > > > > > > +REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_
> > > > > > > +
> > > > > > > +#include <Uefi.h>
> > > > > > > +#include <RedfishBase.h>
> > > > > > > +
> > > > > > > +//
> > > > > > > +// Libraries
> > > > > > > +//
> > > > > > > +#include <Library/BaseLib.h>
> > > > > > > +#include <Library/BaseMemoryLib.h> #include
> > > > > > > +<Library/DebugLib.h>
> > > > > > > +
> > > > > > > +#include <Library/MemoryAllocationLib.h> #include
> > > > > > > +<Library/PrintLib.h> #include <Library/RedfishEventLib.h>
> > > > > > > +#include <Library/RedfishFeatureUtilityLib.h>
> > > > > > > +#include <Library/RedfishDebugLib.h> #include
> > > > > > > +<Library/RedfishVersionLib.h> #include
> > > > > > > +<Library/RedfishHttpLib.h> #include
> > > > > > > +<Library/UefiBootServicesTableLib.h>
> > > > > > > +#include <Library/UefiDriverEntryPoint.h> #include
> > > > > > > +<Library/UefiLib.h> #include
> > > > > > > +<Library/UefiRuntimeServicesTableLib.h>
> > > > > > > +
> > > > > > > +#include <Protocol/EdkIIRedfishConfigHandler.h>
> > > > > > > +#include <Protocol/EdkIIRedfishCredential.h>
> > > > > > > +#include <Protocol/RestEx.h>
> > > > > > > +
> > > > > > > +#define REDFISH_BOOTSTRAP_ACCOUNT_DEBUG
> > > DEBUG_VERBOSE
> > > > > > > +#define REDFISH_MANAGER_ACCOUNT_COLLECTION_URI
> > > > > > > L"AccountService/Accounts"
> > > > > > > +#define REDFISH_URI_LENGTH 128
> > > > > > > +
> > > > > > > +//
> > > > > > > +// Definitions of REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE //
> > > > > > > +typedef
> > > > > struct
> > > > > > > +{
> > > > > > > + EFI_HANDLE ImageHandle;
> > > > > > > + EFI_HANDLE RestExHandle;
> > > > > > > + REDFISH_SERVICE RedfishService;
> > > > > > > + EFI_EVENT RedfishEvent;
> > > > > > > + EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL Protocol;
> > > > > > > +} REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE;
> > > > > > > +
> > > > > > > +#define
> > > > > REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL(This) \
> > > > > > > + BASE_CR ((This), REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE,
> > > > > > > +Protocol)
> > > > > > > +
> > > > > > > +#endif
> > > > > > > diff --git
> > > > > > >
> > > > >
> > >
> a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > > xe.c
> > > > > > >
> > > > >
> > >
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > > xe.c
> > > > > > > new file mode 100644
> > > > > > > index 000000000..6fe4856f8
> > > > > > > --- /dev/null
> > > > > > > +++
> > > > > > >
> > > > >
> > >
> b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > > xe.c
> > > > > > > @@ -0,0 +1,328 @@
> > > > > > > +/** @file
> > > > > > > + This driver deletes bootstrap account in BMC after BIOS
> > > > > > > +Redfish finished
> > > > > > > + all jobs.
> > > > > > > +
> > > > > > > + (C) Copyright 2021-2022 Hewlett Packard Enterprise
> > > > > > > + Development LP<BR> Copyright (c) 2023, NVIDIA CORPORATION
> &
> > > > > > > + AFFILIATES. All
> > > > > rights
> > > > > > reserved.
> > > > > > > +
> > > > > > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > > > > +
> > > > > > > +**/
> > > > > > > +
> > > > > > > +#include "RedfishBootstrapAccountDxe.h"
> > > > > > > +
> > > > > > > +REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *mBootstrapPrivate =
> > > NULL;
> > > > > > > +
> > > > > > > +/**
> > > > > > > + Close Redfish service instance by calling RestEx protocol
> > > > > > > +to release
> > > > > instance.
> > > > > > > +
> > > > > > > + @param[in] RestExHandle Handle of RestEx protocol.
> > > > > > > +
> > > > > > > + @retval EFI_SUCCESS The Redfish service is closed
> successfully.
> > > > > > > + @retval EFI_INVALID_PARAMETER RestExHandle is NULL.
> > > > > > > + @retval Others Error occurs.
> > > > > > > +
> > > > > > > +**/
> > > > > > > +EFI_STATUS
> > > > > > > +CloseRedfishService (
> > > > > > > + IN EFI_HANDLE RestExHandle
> > > > > > > + )
> > > > > > > +{
> > > > > > > + EFI_REST_EX_PROTOCOL *RestEx;
> > > > > > > + EFI_STATUS Status;
> > > > > > > +
> > > > > > > + if (RestExHandle == NULL) {
> > > > > > > + return EFI_INVALID_PARAMETER; }
> > > > > > > +
> > > > > > > + Status = gBS->HandleProtocol (
> > > > > > > + RestExHandle,
> > > > > > > + &gEfiRestExProtocolGuid,
> > > > > > > + (VOID **)&RestEx
> > > > > > > + );
> > > > > > > + if (!EFI_ERROR (Status)) {
> > > > > > > + Status = RestEx->Configure (RestEx, NULL);
> > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: release
> > > RestEx
> > > > > > > instance: %r\n", __func__, Status));
> > > > > > > + }
> > > > > > > +
> > > > > > > + return Status;
> > > > > > > +}
> > > > > > > +
> > > > > > > +/**
> > > > > > > + Callback function executed when the AfterProvisioning event
> > > > > > > +group is
> > > > > > > signaled.
> > > > > > > +
> > > > > > > + @param[in] Event Event whose notification function is being
> > > invoked.
> > > > > > > + @param[out] Context Pointer to the Context buffer
> > > > > > > +
> > > > > > > +**/
> > > > > > > +VOID
> > > > > > > +EFIAPI
> > > > > > > +RedfishBootstrapAccountOnRedfishAfterProvisioning (
> > > > > > > + IN EFI_EVENT Event,
> > > > > > > + OUT VOID *Context
> > > > > > > + )
> > > > > > > +{
> > > > > > > + EFI_STATUS Status;
> > > > > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > > > > > > + EDKII_REDFISH_CREDENTIAL_PROTOCOL *credentialProtocol;
> > > > > > > + EDKII_REDFISH_AUTH_METHOD AuthMethod;
> > > > > > > + CHAR8 *AccountName;
> > > > > > > + CHAR8 *AccountCredential;
> > > > > > > + CHAR16 TargetUri[REDFISH_URI_LENGTH];
> > > > > > > + CHAR16 *RedfishVersion;
> > > > > > > + REDFISH_RESPONSE RedfishResponse;
> > > > > > > +
> > > > > > > + RedfishVersion = NULL;
> > > > > > > +
> > > > > > > + Private = (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *)Context;
> if
> > > > > > > + ((Private == NULL) || (Private->RedfishService == NULL)) {
> > > > > > > + DEBUG ((DEBUG_ERROR, "%a: Redfish service is not
> > > > > > > + available\n",
> > > > > > > __func__));
> > > > > > > + return;
> > > > > > > + }
> > > > > > > +
> > > > > > > + //
> > > > > > > + // Locate Redfish Credential Protocol to get credential for
> > > > > > > + // accessing to Redfish service.
> > > > > > > + //
> > > > > > > + Status = gBS->LocateProtocol (
> > > > > > > + &gEdkIIRedfishCredentialProtocolGuid,
> > > > > > > + NULL,
> > > > > > > + (VOID **)&credentialProtocol
> > > > > > > + );
> > > > > > > + if (EFI_ERROR (Status)) {
> > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: No
> Redfish
> > > > > > > Credential Protocol is installed on system.", __func__));
> > > > > > > + return;
> > > > > > > + }
> > > > > > > +
> > > > > > > + Status = credentialProtocol->GetAuthInfo (
> > > > > > > + credentialProtocol,
> > > > > > > + &AuthMethod,
> > > > > > > + &AccountName,
> > > > > > > + &AccountCredential
> > > > > > > + );
> > > > > >
> > > > > > HI Nickle, I am not quite understand why do we acquire a
> > > > > > credential here but delete it from the Redfish account service here
> after
> > provision.
> > > > > > 1. We suppose acquire the credential before we start to
> > > > > > communicate with Redfish. Will Redfish credential driver create
> > > > > > another bootstrap account here after provisioning?
> > > > > > 2. And why do we delete the credential after provisioning? How
> > > > > > about the
> > > > > later
> > > > > > Redfish property updating process?
> > > > > > Or do I misunderstand the code logic?
> > > > > >
> > > > > > Regards,
> > > > > > Abner
> > > > > >
> > > > > > > + if (EFI_ERROR (Status)) {
> > > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not get bootstrap account
> > > > > information:
> > > > > > > %r\n", __func__, Status));
> > > > > > > + return;
> > > > > > > + }
> > > > > > > +
> > > > > > > + //
> > > > > > > + // Carving the URI
> > > > > > > + //
> > > > > > > + RedfishVersion = RedfishGetVersion
> > > > > > > + (Private->RedfishService); if (RedfishVersion == NULL) {
> > > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not get Redfish version\n",
> > > > > __func__));
> > > > > > > + return;
> > > > > > > + }
> > > > > > > +
> > > > > > > + UnicodeSPrint (TargetUri, (sizeof (CHAR16) *
> > > > > > > + REDFISH_URI_LENGTH),
> > > > > > > L"%s%s/%a", RedfishVersion,
> > > > > > REDFISH_MANAGER_ACCOUNT_COLLECTION_URI,
> > > > > > > AccountName);
> > > > > > > +
> > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a:
> bootstrap
> > > > > account:
> > > > > > > %a\n", __func__, AccountName));
> > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a:
> bootstrap
> > > > > > > credential: %a\n", __func__, AccountCredential));
> > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a:
> bootstrap
> > > URI:
> > > > > > > %s\n", __func__, TargetUri));
> > > > > > > +
> > > > > > > + //
> > > > > > > + // Remove bootstrap account at
> > > > > > > + /redfish/v1/AccountService/Account
> > > > > > > + //
> > > > > > > + ZeroMem (&RedfishResponse, sizeof (REDFISH_RESPONSE));
> > > > > > > + Status = RedfishHttpDeleteResource (
> > > > > > > + Private->RedfishService,
> > > > > > > + TargetUri,
> > > > > > > + &RedfishResponse
> > > > > > > + );
> > > > > > > + if (EFI_ERROR (Status)) {
> > > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not remove bootstrap
> > > > > > > + account at
> > > > > BMC:
> > > > > > > %r", __func__, Status));
> > > > > > > + DumpRedfishResponse (__func__, DEBUG_ERROR,
> > > > > &RedfishResponse); }
> > > > > > > + else {
> > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a:
> bootstrap
> > > > > > account:
> > > > > > > %a is removed from: %s\n", __func__, AccountName,
> > > > > > > REDFISH_MANAGER_ACCOUNT_COLLECTION_URI));
> > > > > > > + }
> > > > > > > +
> > > > > > > + //
> > > > > > > + // Clean credential
> > > > > > > + //
> > > > > > > + ZeroMem (AccountName, AsciiStrSize (AccountName));
> ZeroMem
> > > > > > > + (AccountCredential, AsciiStrSize (AccountCredential));
> > > > > > > +
> > > > > > > + //
> > > > > > > + // Since the bootstrap account is deleted at BMC, the
> > > > > > > + Redfish service instance
> > > > > > > is no longer usable.
> > > > > > > + // Close Redfish service instance to release the HTTP
> > > > > > > + connection between
> > > > > > > BIOS and BMC.
> > > > > > > + //
> > > > > > > + Status = CloseRedfishService (Private->RestExHandle); if
> > > > > > > + (EFI_ERROR (Status)) {
> > > > > > > + DEBUG ((DEBUG_ERROR, "%a: cannot close Redfish service
> instance:
> > > > > > > + %r\n",
> > > > > > > __func__, Status));
> > > > > > > + }
> > > > > > > +
> > > > > > > + RedfishHttpFreeResponse (&RedfishResponse);
> > > > > > > +
> > > > > > > + return;
> > > > > > > +}
> > > > > > > +
> > > > > > > +/**
> > > > > > > + Initialize a Redfish configure handler.
> > > > > > > +
> > > > > > > + This function will be called by the Redfish config driver
> > > > > > > + to initialize each
> > > > > > > Redfish configure
> > > > > > > + handler.
> > > > > > > +
> > > > > > > + @param[in] This Pointer to
> > > > > > > EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
> > > > > > > + @param[in] RedfishConfigServiceInfo Redfish service
> informaiton.
> > > > > > > +
> > > > > > > + @retval EFI_SUCCESS The handler has been initialized
> > > > > successfully.
> > > > > > > + @retval EFI_DEVICE_ERROR Failed to create or configure the
> > > REST
> > > > > EX
> > > > > > > protocol instance.
> > > > > > > + @retval EFI_ALREADY_STARTED This handler has already been
> > > > > > > initialized.
> > > > > > > + @retval Other Error happens during the initialization.
> > > > > > > +
> > > > > > > +**/
> > > > > > > +EFI_STATUS
> > > > > > > +EFIAPI
> > > > > > > +RedfishBootstrapAccountInit (
> > > > > > > + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This,
> > > > > > > + IN REDFISH_CONFIG_SERVICE_INFORMATION
> > > > > *RedfishConfigServiceInfo
> > > > > > > + )
> > > > > > > +{
> > > > > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > > > > > > +
> > > > > > > + Private =
> > > REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL
> > > > > > > (This);
> > > > > > > +
> > > > > > > + Private->RedfishService = RedfishCreateService
> > > > > > > + (RedfishConfigServiceInfo); if (Private->RedfishService == NULL) {
> > > > > > > + return EFI_DEVICE_ERROR;
> > > > > > > + }
> > > > > > > +
> > > > > > > + Private->RestExHandle = RedfishConfigServiceInfo-
> > > > > > > >RedfishServiceRestExHandle;
> > > > > > > +
> > > > > > > + return EFI_SUCCESS;
> > > > > > > +}
> > > > > > > +
> > > > > > > +/**
> > > > > > > + Stop a Redfish configure handler.
> > > > > > > +
> > > > > > > + @param[in] This Pointer to
> > > > > > > EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
> > > > > > > +
> > > > > > > + @retval EFI_SUCCESS This handler has been stoped
> > > successfully.
> > > > > > > + @retval Others Some error happened.
> > > > > > > +
> > > > > > > +**/
> > > > > > > +EFI_STATUS
> > > > > > > +EFIAPI
> > > > > > > +RedfishBootstrapAccountStop (
> > > > > > > + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This
> > > > > > > + )
> > > > > > > +{
> > > > > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > > > > > > +
> > > > > > > + Private =
> > > REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL
> > > > > > > (This);
> > > > > > > +
> > > > > > > + if (Private->RedfishService != NULL) {
> > > > > > > + RedfishCleanupService (Private->RedfishService);
> > > > > > > + Private->RedfishService = NULL; }
> > > > > > > +
> > > > > > > + return EFI_SUCCESS;
> > > > > > > +}
> > > > > > > +
> > > > > > > +EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL
> > > mRedfishConfigHandler =
> > > > > {
> > > > > > > + RedfishBootstrapAccountInit,
> > > > > > > + RedfishBootstrapAccountStop };
> > > > > > > +
> > > > > > > +/**
> > > > > > > + Unloads an image.
> > > > > > > +
> > > > > > > + @param[in] ImageHandle Handle that identifies the image to
> > be
> > > > > > > unloaded.
> > > > > > > +
> > > > > > > + @retval EFI_SUCCESS The image has been unloaded.
> > > > > > > + @retval EFI_INVALID_PARAMETER ImageHandle is not a valid
> > > > > > > + image
> > > > > handle.
> > > > > > > +
> > > > > > > +**/
> > > > > > > +EFI_STATUS
> > > > > > > +EFIAPI
> > > > > > > +RedfishBootstrapAccountUnload (
> > > > > > > + IN EFI_HANDLE ImageHandle
> > > > > > > + )
> > > > > > > +{
> > > > > > > + EFI_STATUS Status;
> > > > > > > +
> > > > > > > + if (mBootstrapPrivate == NULL) {
> > > > > > > + return EFI_SUCCESS;
> > > > > > > + }
> > > > > > > +
> > > > > > > + if (mBootstrapPrivate->RedfishEvent != NULL) {
> > > > > > > + gBS->CloseEvent (mBootstrapPrivate->RedfishEvent);
> > > > > > > + }
> > > > > > > +
> > > > > > > + Status = gBS->UninstallProtocolInterface (
> > > > > > > + mBootstrapPrivate->ImageHandle,
> > > > > > > + &gEdkIIRedfishConfigHandlerProtocolGuid,
> > > > > > > + (VOID *)&mBootstrapPrivate->Protocol
> > > > > > > + );
> > > > > > > + if (EFI_ERROR (Status)) {
> > > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not uninstall Redfish
> > > > > > > + config handler
> > > > > > > protocol: %r\n", __func__, Status));
> > > > > > > + }
> > > > > > > +
> > > > > > > + FreePool (mBootstrapPrivate); mBootstrapPrivate = NULL;
> > > > > > > +
> > > > > > > + return EFI_SUCCESS;
> > > > > > > +}
> > > > > > > +
> > > > > > > +/**
> > > > > > > + This is the declaration of an EFI image entry point. This
> > > > > > > +entry point is
> > > > > > > + the same for UEFI Applications, UEFI OS Loaders, and UEFI
> > > > > > > +Drivers including
> > > > > > > + both device drivers and bus drivers.
> > > > > > > +
> > > > > > > + @param[in] ImageHandle The firmware allocated handle for
> the
> > > UEFI
> > > > > > > image.
> > > > > > > + @param[in] SystemTable A pointer to the EFI System Table.
> > > > > > > +
> > > > > > > + @retval EFI_SUCCESS The operation completed successfully.
> > > > > > > + @retval Others An unexpected error occurred.
> > > > > > > +**/
> > > > > > > +EFI_STATUS
> > > > > > > +EFIAPI
> > > > > > > +RedfishBootstrapAccountEntryPoint (
> > > > > > > + IN EFI_HANDLE ImageHandle,
> > > > > > > + IN EFI_SYSTEM_TABLE *SystemTable
> > > > > > > + )
> > > > > > > +{
> > > > > > > + EFI_STATUS Status;
> > > > > > > +
> > > > > > > + if (mBootstrapPrivate != NULL) {
> > > > > > > + return EFI_ALREADY_STARTED; }
> > > > > > > +
> > > > > > > + mBootstrapPrivate = AllocateZeroPool (sizeof
> > > > > > > (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE));
> > > > > > > + if (mBootstrapPrivate == NULL) {
> > > > > > > + return EFI_OUT_OF_RESOURCES; }
> > > > > > > +
> > > > > > > + CopyMem (&mBootstrapPrivate->Protocol,
> > > &mRedfishConfigHandler,
> > > > > > > + sizeof
> > > > > > > (EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL));
> > > > > > > + Status = gBS->InstallProtocolInterface (
> > > > > > > + &ImageHandle,
> > > > > > > + &gEdkIIRedfishConfigHandlerProtocolGuid,
> > > > > > > + EFI_NATIVE_INTERFACE,
> > > > > > > + &mBootstrapPrivate->Protocol
> > > > > > > + );
> > > > > > > + if (EFI_ERROR (Status)) {
> > > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not install Redfish config
> > > > > > > + handler
> > > > > > > protocol: %r\n", __func__, Status));
> > > > > > > + goto ON_ERROR;
> > > > > > > + }
> > > > > > > +
> > > > > > > + //
> > > > > > > + // Register after provisioning event to remove bootstrap account.
> > > > > > > + //
> > > > > > > + Status = CreateAfterProvisioningEvent (
> > > > > > > + RedfishBootstrapAccountOnRedfishAfterProvisioning,
> > > > > > > + (VOID *)mBootstrapPrivate,
> > > > > > > + &mBootstrapPrivate->RedfishEvent
> > > > > > > + );
> > > > > > > + if (EFI_ERROR (Status)) {
> > > > > > > + DEBUG ((DEBUG_ERROR, "%a: failed to register
> > > > > > > + after-provisioning
> > > > > event:
> > > > > > > %r\n", __func__, Status));
> > > > > > > + goto ON_ERROR;
> > > > > > > + }
> > > > > > > +
> > > > > > > + return EFI_SUCCESS;
> > > > > > > +
> > > > > > > +ON_ERROR:
> > > > > > > +
> > > > > > > + RedfishBootstrapAccountUnload (ImageHandle);
> > > > > > > +
> > > > > > > + return Status;
> > > > > > > +}
> > > > > > > diff --git a/RedfishClientPkg/RedfishClient.fdf.inc
> > > > > > > b/RedfishClientPkg/RedfishClient.fdf.inc
> > > > > > > index 154f641b2..47e5093f2 100644
> > > > > > > --- a/RedfishClientPkg/RedfishClient.fdf.inc
> > > > > > > +++ b/RedfishClientPkg/RedfishClient.fdf.inc
> > > > > > > @@ -15,6 +15,7 @@
> > > > > > > INF
> > > RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.inf
> > > > > > > INF RedfishClientPkg/RedfishETagDxe/RedfishETagDxe.inf
> > > > > > > INF
> > > > > > >
> > > > >
> > >
> RedfishClientPkg/RedfishConfigLangMapDxe/RedfishConfigLangMapDxe.inf
> > > > > > > + INF
> > > > > > >
> > > > > >
> > > > >
> > >
> RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > > .inf
> > > > > > > INF
> > > RedfishClientPkg/Features/Memory/V1_7_1/Dxe/MemoryDxe.inf
> > > > > > > INF
> > > > > > >
> > > > >
> > >
> RedfishClientPkg/Features/MemoryCollectionDxe/MemoryCollectionDxe.inf
> > > > > > > INF
> > > > > > >
> > > > > >
> > > > >
> > >
> RedfishClientPkg/Features/ComputerSystem/v1_5_0/Dxe/ComputerSystemD
> > > > > xe.
> > > > > > > i
> > > > > > > nf
> > > > > > > --
> > > > > > > 2.34.1
> > > > > >
> > > > > > -The information contained in this message may be confidential
> > > > > > and
> > > > > proprietary
> > > > > > to American Megatrends (AMI). This communication is intended to
> > > > > > be read
> > > > > only by
> > > > > > the individual or entity to whom it is addressed or by their
> > > > > > designee. If the
> > > > > reader
> > > > > > of this message is not the intended recipient, you are on notice
> > > > > > that any distribution of this message, in any form, is strictly
> > > > > > prohibited. Please
> > > > > promptly
> > > > > > notify the sender by reply e-mail or by telephone at
> > > > > > 770-246-8600, and
> > > > > then
> > > > > > delete or destroy all copies of the transmission.
> > > >
> > > >
> > > >
> > > >
> > >
> > > -The information contained in this message may be confidential and
> > > proprietary to American Megatrends (AMI). This communication is
> > > intended to be read only by the individual or entity to whom it is
> > > addressed or by their designee. If the reader of this message is not
> > > the intended recipient, you are on notice that any distribution of
> > > this message, in any form, is strictly prohibited. Please promptly
> > > notify the sender by reply e-mail or by telephone at 770-246-8600, and
> then
> > delete or destroy all copies of the transmission.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118943): https://edk2.groups.io/g/devel/message/118943
Mute This Topic: https://groups.io/mt/105596648/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg: introduce RedfishBootstrapAccountDxe
2024-05-16 2:41 ` Chang, Abner via groups.io
@ 2024-05-16 3:09 ` Nickle Wang via groups.io
2024-05-16 11:33 ` Igor Kulchytskyy via groups.io
0 siblings, 1 reply; 13+ messages in thread
From: Nickle Wang via groups.io @ 2024-05-16 3:09 UTC (permalink / raw)
To: Chang, Abner, Igor Kulchytskyy, devel@edk2.groups.io; +Cc: Nick Ramirez
> RedfishFeatureCore could be one of the Redfish clients, delete the credential from
> Redfish account service in RedfishFeatureCore lifecycle may impact other Redfish
> clients that still need the communication with Redfish service, right?
When all Redfish clients are managed by RedfishFeatureCore, I think we don't have such case. And this may be a good reason to keep it in RedfishClientPkg. This driver offers a way for BIOS to delete bootstrapping account at BMC after everything is done. Platform owner can decide to include this driver or not depending on the Redfish design in system.
Regards,
Nickle
> -----Original Message-----
> From: Chang, Abner <Abner.Chang@amd.com>
> Sent: Thursday, May 16, 2024 10:41 AM
> To: Nickle Wang <nicklew@nvidia.com>; Igor Kulchytskyy <igork@ami.com>;
> devel@edk2.groups.io
> Cc: Nick Ramirez <nramirez@nvidia.com>
> Subject: RE: [EXTERNAL] RE: [edk2-devel] [edk2-redfish-client][PATCH]
> RedfishClientPkg: introduce RedfishBootstrapAccountDxe
>
> External email: Use caution opening links or attachments
>
>
> [AMD Official Use Only - General]
>
> I think we probably overlook some use cases. Multiple edk2 Redfish applications
> running simultaneously is allowed from the design perspective. However, we
> centralized GetAuthInfo in RedfishPlatformCredentialLib for all of edk2 Redfish
> client entities to leverage the same credential stored in EFI variable. This way we
> can limit the process of acquiring credential to only one time Redfish IPMI
> bootstrap command sent to BMC.
> RedfishFeatureCore could be one of the Redfish clients, delete the credential from
> Redfish account service in RedfishFeatureCore lifecycle may impact other Redfish
> clients that still need the communication with Redfish service, right?
>
> Thanks
> Abner
>
> > -----Original Message-----
> > From: Nickle Wang <nicklew@nvidia.com>
> > Sent: Thursday, May 16, 2024 9:38 AM
> > To: Chang, Abner <Abner.Chang@amd.com>; Igor Kulchytskyy
> > <igork@ami.com>; devel@edk2.groups.io
> > Cc: Nick Ramirez <nramirez@nvidia.com>
> > Subject: RE: [EXTERNAL] RE: [edk2-devel] [edk2-redfish-client][PATCH]
> > RedfishClientPkg: introduce RedfishBootstrapAccountDxe
> >
> > [AMD Official Use Only - General]
> >
> > Caution: This message originated from an External Source. Use proper
> > caution when opening attachments, clicking links, or responding.
> >
> >
> > Hi Igor, Abner,
> >
> > > Maybe we should consider moving RedfishBootstrapAccountDxe driver to
> > RedfishPkg and have some register mechanism which will be used by
> > interested drivers to notify that they finished their job and after
> > that RedfishBootstrapAccountDxe driver would delete an account.
> >
> > You are saying the mechanism in runtime, right? In current design,
> > RedfishFeatureCore driver will send "after provisioning" signal to
> > notify this driver to delete bootstrapping account. This makes sure
> > that all feature drivers are done with their jobs, so this driver is
> > safe to delete bootstrapping account at BMC.
> >
> > If we move it to RedfishPkg, there is no such centralized Redfish
> > driver managing Redfish stuff. How does a particular driver know that
> > there is no other driver running Redfish stuff after it? The way I can
> > think of now is to rely on EDK2 ready-to-boot event as the signal to
> > do the notification, since there is not supposed to have Redfish driver running
> jobs after this event...
> >
> > Regards,
> > Nickle
> >
> > > -----Original Message-----
> > > From: Chang, Abner <Abner.Chang@amd.com>
> > > Sent: Thursday, May 16, 2024 9:06 AM
> > > To: Igor Kulchytskyy <igork@ami.com>; Nickle Wang
> > > <nicklew@nvidia.com>; devel@edk2.groups.io
> > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > Subject: RE: [EXTERNAL] RE: [edk2-devel]
> > > [edk2-redfish-client][PATCH]
> > > RedfishClientPkg: introduce RedfishBootstrapAccountDxe
> > >
> > > External email: Use caution opening links or attachments
> > >
> > >
> > > [AMD Official Use Only - General]
> > >
> > > HI Igor,
> > > This sounds to me reasonable to me. As you mentioned, RedfishPkg was
> > designed
> > > to support multiple Redfish applications and RedfishClientPkg is
> > > just one of
> > them. I
> > > think we can review the implementation of acquiring/deleting credential.
> > >
> > > Thanks
> > > Abner
> > >
> > >
> > > > -----Original Message-----
> > > > From: Igor Kulchytskyy <igork@ami.com>
> > > > Sent: Wednesday, May 15, 2024 11:02 PM
> > > > To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io; Chang,
> > > > Abner <Abner.Chang@amd.com>
> > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > Subject: RE: [EXTERNAL] RE: [edk2-devel]
> > > > [edk2-redfish-client][PATCH]
> > > > RedfishClientPkg: introduce RedfishBootstrapAccountDxe
> > > >
> > > > [AMD Official Use Only - General]
> > > >
> > > > Caution: This message originated from an External Source. Use
> > > > proper caution when opening attachments, clicking links, or responding.
> > > >
> > > >
> > > > Hi Nickle,
> > > > I have one more question to discuss regarding this driver.
> > > > We have a bootstrap account and creation of this account
> > > > controlled by RedfishCredentialDxe driver in RedfishPkg.
> > > > But deletion of that bootstrap account is moved to RedfishClientPkg.
> > > > What if we have another Redfish Client or some customer service
> > > > which uses RedfishPkg for the communication.
> > > > Architecturally it is allowed.
> > > > But then RedfishBootstrapAccountDxe module would delete account
> > > > just based on the RedfishClientPkg needs.
> > > > Maybe we should consider moving RedfishBootstrapAccountDxe driver
> > > > to RedfishPkg and have some register mechanism which will be used
> > > > by interested drivers to notify that they finished their job and
> > > > after that RedfishBootstrapAccountDxe driver would delete an account.
> > > > What do you think?
> > > > Thank you,
> > > > Igor
> > > >
> > > > -----Original Message-----
> > > > From: Nickle Wang <nicklew@nvidia.com>
> > > > Sent: Tuesday, May 14, 2024 8:40 AM
> > > > To: devel@edk2.groups.io; abner.chang@amd.com; Igor Kulchytskyy
> > > > <igork@ami.com>
> > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > Subject: [EXTERNAL] RE: [edk2-devel] [edk2-redfish-client][PATCH]
> > > > RedfishClientPkg: introduce RedfishBootstrapAccountDxe
> > > >
> > > >
> > > > **CAUTION: The e-mail below is from an external source. Please
> > > > exercise caution before opening attachments, clicking links, or
> > > > following guidance.**
> > > >
> > > > Hi Abner,
> > > >
> > > > > Ok, then I don't have the problem with invoking GetAuthInfo again.
> > > > However, I
> > > > > will suggest to add more description in GetAuthInfo function
> > > > > header,
> > > > mention that
> > > > > we will keep the auth info in EFI variable until exist boot service.
> > > > > Also, give some more descriptions on the code you invoke to
> > GetAuthInfo.
> > > >
> > > > Thanks for your comment. I add descriptions to explain above
> > > > before calling GetAuthInfo(). Version 2 path is here:
> > > >
> > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk%
> >
> 2F&data=05%7C02%7Cnicklew%40nvidia.com%7C77f28b71f7a9495ddbb308dc7
> 551a
> >
> 632%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638514240788650
> 508%7C
> >
> Unknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6I
> k1h
> >
> aWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=zGjzjMdGhyaOdjd56WA34xO
> 3vKD%2FMa
> > fSZNq0db9fo7k%3D&reserved=0
> > 2
> > >
> > > .groups.io%2Fg%2Fdevel%2Fmessage%2F118889&data=05%7C02%7Cnick
> > lew
> > > %40nvi
> > > >
> > >
> > dia.com%7C10ec4812a68a434b806008dc75445994%7C43083d15727340c
> > 1b7db
> > > 39efd
> > > >
> > >
> > 9ccc17a%7C0%7C0%7C638514183674607956%7CUnknown%7CTWFpbGZs
> > b3d8
> > > eyJWIjoiM
> > > >
> > >
> > C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7
> > C%7
> > > C%7C
> > > >
> > >
> > &sdata=GNlisCnBmVQRhCLTxICGDsArv%2B64lC%2BkktUMi8Yg%2BJM%3D&r
> > ese
> > > rved=0
> > > >
> > > > Regards,
> > > > Nickle
> > > >
> > > > > -----Original Message-----
> > > > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> > > > > Chang,
> > > > Abner
> > > > > via groups.io
> > > > > Sent: Tuesday, April 23, 2024 3:42 PM
> > > > > To: Nickle Wang <nicklew@nvidia.com>; Igor Kulchytskyy
> > > > > <igork@ami.com>; devel@edk2.groups.io
> > > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > > Subject: Re: [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg:
> > > > > introduce RedfishBootstrapAccountDxe
> > > > >
> > > > > External email: Use caution opening links or attachments
> > > > >
> > > > >
> > > > > [AMD Official Use Only - General]
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Nickle Wang <nicklew@nvidia.com>
> > > > > > Sent: Tuesday, April 23, 2024 3:09 PM
> > > > > > To: Igor Kulchytskyy <igork@ami.com>; Chang, Abner
> > > > > > <Abner.Chang@amd.com>; devel@edk2.groups.io
> > > > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > > > Subject: RE: [EXTERNAL] RE: [edk2-redfish-client][PATCH]
> > > > RedfishClientPkg:
> > > > > > introduce RedfishBootstrapAccountDxe
> > > > > >
> > > > > > [AMD Official Use Only - General]
> > > > > >
> > > > > > Caution: This message originated from an External Source. Use
> > > > > > proper caution when opening attachments, clicking links, or
> > responding.
> > > > > >
> > > > > >
> > > > > > Hi Igor, Abner,
> > > > > >
> > > > > > Thanks for your review. Please allow me to answer your
> > > > > > questions
> > > > together.
> > > > > >
> > > > > > > 1. We suppose acquire the credential before we start to
> > > > > > > communicate with
> > > > > > Redfish. Will Redfish credential driver create another
> > > > > > bootstrap account here after provisioning?
> > > > > > No, according to the RedfishPlatformCredentialIpmiLib
> > > > > > implementation, Redfish credential driver requests credential
> > > > > > from BMC and will keep it for later use. So only one
> > > > > > credential is requested for BIOS Redfish feature drivers during POST
> time.
> > > > > Ok, then I don't have the problem with invoking GetAuthInfo again.
> > > > However, I
> > > > > will suggest to add more description in GetAuthInfo function
> > > > > header,
> > > > mention that
> > > > > we will keep the auth info in EFI variable until exist boot service.
> > > > > Also, give some more descriptions on the code you invoke to
> > GetAuthInfo.
> > > > >
> > > > > >
> > > > > > > 2. And why do we delete the credential after provisioning?
> > > > > > > How about the
> > > > > > later Redfish property updating process?
> > > > > > In this driver, we listen to "AfterProvisioning" event. And
> > > > > > this is the event triggered after Redfish feature driver finish all jobs.
> > > > > > There is no feature driver which gets executed after this event.
> > > > > > And since we finished all Redfish operations, we remove this
> > > > > > account
> > on
> > > BMC.
> > > > > Then this makes sense to me now.
> > > > >
> > > > > >
> > > > > > > Why do we need to delete those credentials? According to
> > > > > > > spec BMC should
> > > > > > delete the bootstrap credentials automatically on host or service reset.
> > > > > > Yes, bootstrap credentials get deleted on host reset. In
> > > > > > practice, server in datacenter usually takes long time running
> > > > > > under OS before it gets
> > > > > rebooted.
> > > > > > The bootstrap credentials are exposed to end user at
> > > > > > "/redfish/v1/AccountService/Accounts". I got report that there
> > > > > > is concern for end user to see this unused account.
> > > > > This sounds to me reasonable as we will give bootstrap
> > > > > credential a high
> > > > privilege
> > > > > to update Redfish resource. Leave this information in Account
> > > > > service seems
> > > > not a
> > > > > good idea.
> > > > >
> > > > > Thanks
> > > > > Abner
> > > > >
> > > > > >
> > > > > > So, I create this driver to allows us to remove bootstrap
> > > > > > account at BMC after we finish Redfish jobs. And this also
> > > > > > release the BMC account resource since this account won't be
> > > > > > used for a long period of
> > > > time.
> > > > > >
> > > > > > Regards,
> > > > > > Nickle
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Igor Kulchytskyy <igork@ami.com>
> > > > > > > Sent: Monday, April 22, 2024 11:03 PM
> > > > > > > To: Chang, Abner <Abner.Chang@amd.com>; Nickle Wang
> > > > > > > <nicklew@nvidia.com>; devel@edk2.groups.io
> > > > > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > > > > Subject: RE: [EXTERNAL] RE: [edk2-redfish-client][PATCH]
> > > > RedfishClientPkg:
> > > > > > > introduce RedfishBootstrapAccountDxe
> > > > > > >
> > > > > > > External email: Use caution opening links or attachments
> > > > > > >
> > > > > > >
> > > > > > > Hi Nickle and Abner,
> > > > > > > I also have the same question as Abner.
> > > > > > > Why do we need to delete those credentials?
> > > > > > > According to spec BMC should delete the bootstrap
> > > > > > > credentials automatically
> > > > > > on
> > > > > > > host or service reset.
> > > > > > > Thank you,
> > > > > > > Igor
> > > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Chang, Abner <Abner.Chang@amd.com>
> > > > > > > Sent: Sunday, April 21, 2024 10:25 PM
> > > > > > > To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io
> > > > > > > Cc: Igor Kulchytskyy <igork@ami.com>; Nick Ramirez
> > > > > > <nramirez@nvidia.com>
> > > > > > > Subject: [EXTERNAL] RE: [edk2-redfish-client][PATCH]
> > RedfishClientPkg:
> > > > > > > introduce RedfishBootstrapAccountDxe
> > > > > > >
> > > > > > >
> > > > > > > **CAUTION: The e-mail below is from an external source.
> > > > > > > Please exercise caution before opening attachments, clicking
> > > > > > > links, or following guidance.**
> > > > > > >
> > > > > > > [AMD Official Use Only - General]
> > > > > > >
> > > > > > > Hi Nickle,
> > > > > > > One comment and few questions,
> > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: Nickle Wang <nicklew@nvidia.com>
> > > > > > > > Sent: Thursday, April 18, 2024 8:28 PM
> > > > > > > > To: devel@edk2.groups.io
> > > > > > > > Cc: Chang, Abner <Abner.Chang@amd.com>; Igor Kulchytskyy
> > > > > > > > <igork@ami.com>; Nick Ramirez <nramirez@nvidia.com>
> > > > > > > > Subject: [edk2-redfish-client][PATCH] RedfishClientPkg:
> > > > > > > > introduce RedfishBootstrapAccountDxe
> > > > > > > >
> > > > > > > > Caution: This message originated from an External Source.
> > > > > > > > Use proper caution when opening attachments, clicking
> > > > > > > > links, or
> > > > responding.
> > > > > > > >
> > > > > > > >
> > > > > > > > -Introduce RedfishBootstrapAccountDxe to delete bootstrap
> > > > > > > > account from /redfish/v1/AccountService/Accounts after
> > > > > > > > BIOS finished all Redfish jobs. The bootstrap account
> > > > > > > > won't be available to other
> > > > application.
> > > > > > > > So deleting bootstrap account helps to release resource at BMC.
> > > > > > > > - After bootstrap account is deleted at BMC, the Redfish
> > > > > > > > service instance is no longer usable. Close Redfish
> > > > > > > > service instance to release the HTTP connection between BIOS and
> BMC.
> > > > > > > >
> > > > > > > > Signed-off-by: Nickle Wang <nicklew@nvidia.com>
> > > > > > > > Cc: Abner Chang <abner.chang@amd.com>
> > > > > > > > Cc: Igor Kulchytskyy <igork@ami.com>
> > > > > > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > > > > > ---
> > > > > > > > .../RedfishClientComponents.dsc.inc | 1 +
> > > > > > > > .../RedfishBootstrapAccountDxe.inf | 53 +++
> > > > > > > > .../RedfishBootstrapAccountDxe.h | 58 ++++
> > > > > > > > .../RedfishBootstrapAccountDxe.c | 328
> > ++++++++++++++++++
> > > > > > > > RedfishClientPkg/RedfishClient.fdf.inc | 1 +
> > > > > > > > 5 files changed, 441 insertions(+) create mode 100644
> > > > > > > >
> > > > > >
> > > >
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > > > > > .inf
> > > > > > > > create mode 100644
> > > > > > > >
> > > > > >
> > > >
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > > > > > .h
> > > > > > > > create mode 100644
> > > > > > > >
> > > > > >
> > > >
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > > > > > .c
> > > > > > > >
> > > > > > > > diff --git
> > > > > > > > a/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > > > > > b/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > > > > > index 42fc0c299..fe5248b62 100644
> > > > > > > > --- a/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > > > > > +++ b/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > > > > > @@ -20,6 +20,7 @@
> > > > > > > >
> > > > RedfishClientPkg/HiiToRedfishMemoryDxe/HiiToRedfishMemoryDxe.inf
> > > > > > > >
> > > > > > > > RedfishClientPkg/HiiToRedfishBootDxe/HiiToRedfishBootDxe.i
> > > > > > > > nf
> > > > > > > >
> > > > > > > > RedfishClientPkg/HiiToRedfishBiosDxe/HiiToRedfishBiosDxe.i
> > > > > > > > nf
> > > > > > > > +
> > > > > > > >
> > > > > >
> > > >
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > > > > > .inf
> > > > > > > > !endif
> > > > > > > > #
> > > > > > > > # Below two modules should be pulled in by build tool.
> > > > > > > > diff --git
> > > > > > > >
> > > > > >
> > > >
> > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > > > xe.in
> > > > > > > > f
> > > > > > > >
> > > > > >
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > > > xe.in
> > > > > > > > f
> > > > > > > > new file mode 100644
> > > > > > > > index 000000000..4073e95f4
> > > > > > > > --- /dev/null
> > > > > > > > +++
> > > > > > > >
> > > > > >
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > > > xe.in
> > > > > > > > f
> > > > > > > > @@ -0,0 +1,53 @@
> > > > > > > > +## @file
> > > > > > > > +# This driver deletes bootstrap account in BMC after
> > > > > > > > +BIOS Redfish finished # all jobs # # (C) Copyright 2021
> > > > > > > > +Hewlett Packard Enterprise Development LP<BR> #
> > > > > > > > +Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights
> reserved.
> > > > > > >
> > > > > > >
> > > > > > > Not sure if you want to update the copyright to 2024.
> > > > > > >
> > > > > > >
> > > > > > > > +#
> > > > > > > > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ##
> > > > > > > > +
> > > > > > > > +[Defines]
> > > > > > > > + INF_VERSION = 0x0001000b
> > > > > > > > + BASE_NAME = RedfishBootstrapAccountDxe
> > > > > > > > + FILE_GUID = 87555253-2F7E-45FC-B469-FD35B2E51210
> > > > > > > > + MODULE_TYPE = DXE_DRIVER
> > > > > > > > + VERSION_STRING = 1.0
> > > > > > > > + ENTRY_POINT = RedfishBootstrapAccountEntryPoint
> > > > > > > > + UNLOAD_IMAGE = RedfishBootstrapAccountUnload
> > > > > > > > +
> > > > > > > > +[Packages]
> > > > > > > > + MdePkg/MdePkg.dec
> > > > > > > > + MdeModulePkg/MdeModulePkg.dec
> > > > > > > > + RedfishPkg/RedfishPkg.dec
> > > > > > > > + RedfishClientPkg/RedfishClientPkg.dec
> > > > > > > > +
> > > > > > > > +[Sources]
> > > > > > > > + RedfishBootstrapAccountDxe.h
> > > > > > > > + RedfishBootstrapAccountDxe.c
> > > > > > > > +
> > > > > > > > +[LibraryClasses]
> > > > > > > > + BaseLib
> > > > > > > > + BaseMemoryLib
> > > > > > > > + DebugLib
> > > > > > > > + MemoryAllocationLib
> > > > > > > > + PrintLib
> > > > > > > > + RedfishEventLib
> > > > > > > > + RedfishFeatureUtilityLib
> > > > > > > > + RedfishDebugLib
> > > > > > > > + RedfishVersionLib
> > > > > > > > + RedfishHttpLib
> > > > > > > > + UefiLib
> > > > > > > > + UefiBootServicesTableLib
> > > > > > > > + UefiRuntimeServicesTableLib
> > > > > > > > + UefiDriverEntryPoint
> > > > > > > > +
> > > > > > > > +[Protocols]
> > > > > > > > + gEdkIIRedfishConfigHandlerProtocolGuid ## CONSUMES ##
> > > > > > > > + gEdkIIRedfishCredentialProtocolGuid ## CONSUMES ##
> > > > > > > > + gEfiRestExProtocolGuid ## CONSUMES ##
> > > > > > > > +
> > > > > > > > +[Depex]
> > > > > > > > + gEdkIIRedfishCredentialProtocolGuid
> > > > > > > > diff --git
> > > > > > > >
> > > > > >
> > > >
> > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > > > xe.h
> > > > > > > >
> > > > > >
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > > > xe.h
> > > > > > > > new file mode 100644
> > > > > > > > index 000000000..5262f1e6b
> > > > > > > > --- /dev/null
> > > > > > > > +++
> > > > > > > >
> > > > > >
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > > > xe.h
> > > > > > > > @@ -0,0 +1,58 @@
> > > > > > > > +/** @file
> > > > > > > > + Common header file for RedfishBootstrapAccountDxe driver.
> > > > > > > > +
> > > > > > > > + (C) Copyright 2021-2022 Hewlett Packard Enterprise
> > > > > > > > + Development LP<BR> Copyright (c) 2023, NVIDIA
> > > > > > > > + CORPORATION
> > &
> > > > > > > > + AFFILIATES. All
> > > > > > rights
> > > > > > > reserved.
> > > > > > > > +
> > > > > > > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > > > > > +
> > > > > > > > +**/
> > > > > > > > +
> > > > > > > > +#ifndef REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_ #define
> > > > > > > > +REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_
> > > > > > > > +
> > > > > > > > +#include <Uefi.h>
> > > > > > > > +#include <RedfishBase.h>
> > > > > > > > +
> > > > > > > > +//
> > > > > > > > +// Libraries
> > > > > > > > +//
> > > > > > > > +#include <Library/BaseLib.h> #include
> > > > > > > > +<Library/BaseMemoryLib.h> #include <Library/DebugLib.h>
> > > > > > > > +
> > > > > > > > +#include <Library/MemoryAllocationLib.h> #include
> > > > > > > > +<Library/PrintLib.h> #include <Library/RedfishEventLib.h>
> > > > > > > > +#include <Library/RedfishFeatureUtilityLib.h>
> > > > > > > > +#include <Library/RedfishDebugLib.h> #include
> > > > > > > > +<Library/RedfishVersionLib.h> #include
> > > > > > > > +<Library/RedfishHttpLib.h> #include
> > > > > > > > +<Library/UefiBootServicesTableLib.h>
> > > > > > > > +#include <Library/UefiDriverEntryPoint.h> #include
> > > > > > > > +<Library/UefiLib.h> #include
> > > > > > > > +<Library/UefiRuntimeServicesTableLib.h>
> > > > > > > > +
> > > > > > > > +#include <Protocol/EdkIIRedfishConfigHandler.h>
> > > > > > > > +#include <Protocol/EdkIIRedfishCredential.h>
> > > > > > > > +#include <Protocol/RestEx.h>
> > > > > > > > +
> > > > > > > > +#define REDFISH_BOOTSTRAP_ACCOUNT_DEBUG
> > > > DEBUG_VERBOSE
> > > > > > > > +#define REDFISH_MANAGER_ACCOUNT_COLLECTION_URI
> > > > > > > > L"AccountService/Accounts"
> > > > > > > > +#define REDFISH_URI_LENGTH 128
> > > > > > > > +
> > > > > > > > +//
> > > > > > > > +// Definitions of REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE //
> > > > > > > > +typedef
> > > > > > struct
> > > > > > > > +{
> > > > > > > > + EFI_HANDLE ImageHandle;
> > > > > > > > + EFI_HANDLE RestExHandle;
> > > > > > > > + REDFISH_SERVICE RedfishService;
> > > > > > > > + EFI_EVENT RedfishEvent;
> > > > > > > > + EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL Protocol;
> > > > > > > > +} REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE;
> > > > > > > > +
> > > > > > > > +#define
> > > > > > REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL(This) \
> > > > > > > > + BASE_CR ((This),
> > > > > > > > +REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE,
> > > > > > > > +Protocol)
> > > > > > > > +
> > > > > > > > +#endif
> > > > > > > > diff --git
> > > > > > > >
> > > > > >
> > > >
> > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > > > xe.c
> > > > > > > >
> > > > > >
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > > > xe.c
> > > > > > > > new file mode 100644
> > > > > > > > index 000000000..6fe4856f8
> > > > > > > > --- /dev/null
> > > > > > > > +++
> > > > > > > >
> > > > > >
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > > > xe.c
> > > > > > > > @@ -0,0 +1,328 @@
> > > > > > > > +/** @file
> > > > > > > > + This driver deletes bootstrap account in BMC after BIOS
> > > > > > > > +Redfish finished
> > > > > > > > + all jobs.
> > > > > > > > +
> > > > > > > > + (C) Copyright 2021-2022 Hewlett Packard Enterprise
> > > > > > > > + Development LP<BR> Copyright (c) 2023, NVIDIA
> > > > > > > > + CORPORATION
> > &
> > > > > > > > + AFFILIATES. All
> > > > > > rights
> > > > > > > reserved.
> > > > > > > > +
> > > > > > > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > > > > > +
> > > > > > > > +**/
> > > > > > > > +
> > > > > > > > +#include "RedfishBootstrapAccountDxe.h"
> > > > > > > > +
> > > > > > > > +REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *mBootstrapPrivate =
> > > > NULL;
> > > > > > > > +
> > > > > > > > +/**
> > > > > > > > + Close Redfish service instance by calling RestEx
> > > > > > > > +protocol to release
> > > > > > instance.
> > > > > > > > +
> > > > > > > > + @param[in] RestExHandle Handle of RestEx protocol.
> > > > > > > > +
> > > > > > > > + @retval EFI_SUCCESS The Redfish service is closed
> > successfully.
> > > > > > > > + @retval EFI_INVALID_PARAMETER RestExHandle is NULL.
> > > > > > > > + @retval Others Error occurs.
> > > > > > > > +
> > > > > > > > +**/
> > > > > > > > +EFI_STATUS
> > > > > > > > +CloseRedfishService (
> > > > > > > > + IN EFI_HANDLE RestExHandle
> > > > > > > > + )
> > > > > > > > +{
> > > > > > > > + EFI_REST_EX_PROTOCOL *RestEx;
> > > > > > > > + EFI_STATUS Status;
> > > > > > > > +
> > > > > > > > + if (RestExHandle == NULL) {
> > > > > > > > + return EFI_INVALID_PARAMETER; }
> > > > > > > > +
> > > > > > > > + Status = gBS->HandleProtocol (
> > > > > > > > + RestExHandle,
> > > > > > > > + &gEfiRestExProtocolGuid,
> > > > > > > > + (VOID **)&RestEx
> > > > > > > > + );
> > > > > > > > + if (!EFI_ERROR (Status)) {
> > > > > > > > + Status = RestEx->Configure (RestEx, NULL);
> > > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: release
> > > > RestEx
> > > > > > > > instance: %r\n", __func__, Status));
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > + return Status;
> > > > > > > > +}
> > > > > > > > +
> > > > > > > > +/**
> > > > > > > > + Callback function executed when the AfterProvisioning
> > > > > > > > +event group is
> > > > > > > > signaled.
> > > > > > > > +
> > > > > > > > + @param[in] Event Event whose notification function is being
> > > > invoked.
> > > > > > > > + @param[out] Context Pointer to the Context buffer
> > > > > > > > +
> > > > > > > > +**/
> > > > > > > > +VOID
> > > > > > > > +EFIAPI
> > > > > > > > +RedfishBootstrapAccountOnRedfishAfterProvisioning (
> > > > > > > > + IN EFI_EVENT Event,
> > > > > > > > + OUT VOID *Context
> > > > > > > > + )
> > > > > > > > +{
> > > > > > > > + EFI_STATUS Status;
> > > > > > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > > > > > > > + EDKII_REDFISH_CREDENTIAL_PROTOCOL *credentialProtocol;
> > > > > > > > + EDKII_REDFISH_AUTH_METHOD AuthMethod;
> > > > > > > > + CHAR8 *AccountName;
> > > > > > > > + CHAR8 *AccountCredential;
> > > > > > > > + CHAR16 TargetUri[REDFISH_URI_LENGTH];
> > > > > > > > + CHAR16 *RedfishVersion;
> > > > > > > > + REDFISH_RESPONSE RedfishResponse;
> > > > > > > > +
> > > > > > > > + RedfishVersion = NULL;
> > > > > > > > +
> > > > > > > > + Private = (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *)Context;
> > if
> > > > > > > > + ((Private == NULL) || (Private->RedfishService == NULL)) {
> > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: Redfish service is not
> > > > > > > > + available\n",
> > > > > > > > __func__));
> > > > > > > > + return;
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > + //
> > > > > > > > + // Locate Redfish Credential Protocol to get credential
> > > > > > > > + for // accessing to Redfish service.
> > > > > > > > + //
> > > > > > > > + Status = gBS->LocateProtocol (
> > > > > > > > + &gEdkIIRedfishCredentialProtocolGuid,
> > > > > > > > + NULL,
> > > > > > > > + (VOID **)&credentialProtocol
> > > > > > > > + );
> > > > > > > > + if (EFI_ERROR (Status)) {
> > > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: No
> > Redfish
> > > > > > > > Credential Protocol is installed on system.", __func__));
> > > > > > > > + return;
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > + Status = credentialProtocol->GetAuthInfo (
> > > > > > > > + credentialProtocol,
> > > > > > > > + &AuthMethod,
> > > > > > > > + &AccountName,
> > > > > > > > + &AccountCredential
> > > > > > > > + );
> > > > > > >
> > > > > > > HI Nickle, I am not quite understand why do we acquire a
> > > > > > > credential here but delete it from the Redfish account
> > > > > > > service here
> > after
> > > provision.
> > > > > > > 1. We suppose acquire the credential before we start to
> > > > > > > communicate with Redfish. Will Redfish credential driver
> > > > > > > create another bootstrap account here after provisioning?
> > > > > > > 2. And why do we delete the credential after provisioning?
> > > > > > > How about the
> > > > > > later
> > > > > > > Redfish property updating process?
> > > > > > > Or do I misunderstand the code logic?
> > > > > > >
> > > > > > > Regards,
> > > > > > > Abner
> > > > > > >
> > > > > > > > + if (EFI_ERROR (Status)) {
> > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not get bootstrap
> > > > > > > > + account
> > > > > > information:
> > > > > > > > %r\n", __func__, Status));
> > > > > > > > + return;
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > + //
> > > > > > > > + // Carving the URI
> > > > > > > > + //
> > > > > > > > + RedfishVersion = RedfishGetVersion
> > > > > > > > + (Private->RedfishService); if (RedfishVersion == NULL) {
> > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not get Redfish
> > > > > > > > + version\n",
> > > > > > __func__));
> > > > > > > > + return;
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > + UnicodeSPrint (TargetUri, (sizeof (CHAR16) *
> > > > > > > > + REDFISH_URI_LENGTH),
> > > > > > > > L"%s%s/%a", RedfishVersion,
> > > > > > > REDFISH_MANAGER_ACCOUNT_COLLECTION_URI,
> > > > > > > > AccountName);
> > > > > > > > +
> > > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a:
> > bootstrap
> > > > > > account:
> > > > > > > > %a\n", __func__, AccountName));
> > > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a:
> > bootstrap
> > > > > > > > credential: %a\n", __func__, AccountCredential));
> > > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a:
> > bootstrap
> > > > URI:
> > > > > > > > %s\n", __func__, TargetUri));
> > > > > > > > +
> > > > > > > > + //
> > > > > > > > + // Remove bootstrap account at
> > > > > > > > + /redfish/v1/AccountService/Account
> > > > > > > > + //
> > > > > > > > + ZeroMem (&RedfishResponse, sizeof (REDFISH_RESPONSE));
> > > > > > > > + Status = RedfishHttpDeleteResource (
> > > > > > > > + Private->RedfishService,
> > > > > > > > + TargetUri,
> > > > > > > > + &RedfishResponse
> > > > > > > > + );
> > > > > > > > + if (EFI_ERROR (Status)) {
> > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not remove bootstrap
> > > > > > > > + account at
> > > > > > BMC:
> > > > > > > > %r", __func__, Status));
> > > > > > > > + DumpRedfishResponse (__func__, DEBUG_ERROR,
> > > > > > &RedfishResponse); }
> > > > > > > > + else {
> > > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a:
> > bootstrap
> > > > > > > account:
> > > > > > > > %a is removed from: %s\n", __func__, AccountName,
> > > > > > > > REDFISH_MANAGER_ACCOUNT_COLLECTION_URI));
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > + //
> > > > > > > > + // Clean credential
> > > > > > > > + //
> > > > > > > > + ZeroMem (AccountName, AsciiStrSize (AccountName));
> > ZeroMem
> > > > > > > > + (AccountCredential, AsciiStrSize (AccountCredential));
> > > > > > > > +
> > > > > > > > + //
> > > > > > > > + // Since the bootstrap account is deleted at BMC, the
> > > > > > > > + Redfish service instance
> > > > > > > > is no longer usable.
> > > > > > > > + // Close Redfish service instance to release the HTTP
> > > > > > > > + connection between
> > > > > > > > BIOS and BMC.
> > > > > > > > + //
> > > > > > > > + Status = CloseRedfishService (Private->RestExHandle);
> > > > > > > > + if (EFI_ERROR (Status)) {
> > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: cannot close Redfish
> > > > > > > > + service
> > instance:
> > > > > > > > + %r\n",
> > > > > > > > __func__, Status));
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > + RedfishHttpFreeResponse (&RedfishResponse);
> > > > > > > > +
> > > > > > > > + return;
> > > > > > > > +}
> > > > > > > > +
> > > > > > > > +/**
> > > > > > > > + Initialize a Redfish configure handler.
> > > > > > > > +
> > > > > > > > + This function will be called by the Redfish config
> > > > > > > > + driver to initialize each
> > > > > > > > Redfish configure
> > > > > > > > + handler.
> > > > > > > > +
> > > > > > > > + @param[in] This Pointer to
> > > > > > > > EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
> > > > > > > > + @param[in] RedfishConfigServiceInfo Redfish service
> > informaiton.
> > > > > > > > +
> > > > > > > > + @retval EFI_SUCCESS The handler has been initialized
> > > > > > successfully.
> > > > > > > > + @retval EFI_DEVICE_ERROR Failed to create or configure
> the
> > > > REST
> > > > > > EX
> > > > > > > > protocol instance.
> > > > > > > > + @retval EFI_ALREADY_STARTED This handler has already
> been
> > > > > > > > initialized.
> > > > > > > > + @retval Other Error happens during the initialization.
> > > > > > > > +
> > > > > > > > +**/
> > > > > > > > +EFI_STATUS
> > > > > > > > +EFIAPI
> > > > > > > > +RedfishBootstrapAccountInit (
> > > > > > > > + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This,
> > > > > > > > + IN REDFISH_CONFIG_SERVICE_INFORMATION
> > > > > > *RedfishConfigServiceInfo
> > > > > > > > + )
> > > > > > > > +{
> > > > > > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > > > > > > > +
> > > > > > > > + Private =
> > > > REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL
> > > > > > > > (This);
> > > > > > > > +
> > > > > > > > + Private->RedfishService = RedfishCreateService
> > > > > > > > + (RedfishConfigServiceInfo); if (Private->RedfishService == NULL) {
> > > > > > > > + return EFI_DEVICE_ERROR; }
> > > > > > > > +
> > > > > > > > + Private->RestExHandle = RedfishConfigServiceInfo-
> > > > > > > > >RedfishServiceRestExHandle;
> > > > > > > > +
> > > > > > > > + return EFI_SUCCESS;
> > > > > > > > +}
> > > > > > > > +
> > > > > > > > +/**
> > > > > > > > + Stop a Redfish configure handler.
> > > > > > > > +
> > > > > > > > + @param[in] This Pointer to
> > > > > > > > EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
> > > > > > > > +
> > > > > > > > + @retval EFI_SUCCESS This handler has been stoped
> > > > successfully.
> > > > > > > > + @retval Others Some error happened.
> > > > > > > > +
> > > > > > > > +**/
> > > > > > > > +EFI_STATUS
> > > > > > > > +EFIAPI
> > > > > > > > +RedfishBootstrapAccountStop (
> > > > > > > > + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This
> > > > > > > > + )
> > > > > > > > +{
> > > > > > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > > > > > > > +
> > > > > > > > + Private =
> > > > REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL
> > > > > > > > (This);
> > > > > > > > +
> > > > > > > > + if (Private->RedfishService != NULL) {
> > > > > > > > + RedfishCleanupService (Private->RedfishService);
> > > > > > > > + Private->RedfishService = NULL; }
> > > > > > > > +
> > > > > > > > + return EFI_SUCCESS;
> > > > > > > > +}
> > > > > > > > +
> > > > > > > > +EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL
> > > > mRedfishConfigHandler =
> > > > > > {
> > > > > > > > + RedfishBootstrapAccountInit,
> > > > > > > > + RedfishBootstrapAccountStop };
> > > > > > > > +
> > > > > > > > +/**
> > > > > > > > + Unloads an image.
> > > > > > > > +
> > > > > > > > + @param[in] ImageHandle Handle that identifies the image
> to
> > > be
> > > > > > > > unloaded.
> > > > > > > > +
> > > > > > > > + @retval EFI_SUCCESS The image has been unloaded.
> > > > > > > > + @retval EFI_INVALID_PARAMETER ImageHandle is not a
> > > > > > > > + valid image
> > > > > > handle.
> > > > > > > > +
> > > > > > > > +**/
> > > > > > > > +EFI_STATUS
> > > > > > > > +EFIAPI
> > > > > > > > +RedfishBootstrapAccountUnload (
> > > > > > > > + IN EFI_HANDLE ImageHandle
> > > > > > > > + )
> > > > > > > > +{
> > > > > > > > + EFI_STATUS Status;
> > > > > > > > +
> > > > > > > > + if (mBootstrapPrivate == NULL) {
> > > > > > > > + return EFI_SUCCESS;
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > + if (mBootstrapPrivate->RedfishEvent != NULL) {
> > > > > > > > + gBS->CloseEvent (mBootstrapPrivate->RedfishEvent);
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > + Status = gBS->UninstallProtocolInterface (
> > > > > > > > + mBootstrapPrivate->ImageHandle,
> > > > > > > > + &gEdkIIRedfishConfigHandlerProtocolGuid,
> > > > > > > > + (VOID *)&mBootstrapPrivate->Protocol
> > > > > > > > + );
> > > > > > > > + if (EFI_ERROR (Status)) {
> > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not uninstall Redfish
> > > > > > > > + config handler
> > > > > > > > protocol: %r\n", __func__, Status));
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > + FreePool (mBootstrapPrivate); mBootstrapPrivate =
> > > > > > > > + NULL;
> > > > > > > > +
> > > > > > > > + return EFI_SUCCESS;
> > > > > > > > +}
> > > > > > > > +
> > > > > > > > +/**
> > > > > > > > + This is the declaration of an EFI image entry point.
> > > > > > > > +This entry point is
> > > > > > > > + the same for UEFI Applications, UEFI OS Loaders, and
> > > > > > > > +UEFI Drivers including
> > > > > > > > + both device drivers and bus drivers.
> > > > > > > > +
> > > > > > > > + @param[in] ImageHandle The firmware allocated handle for
> > the
> > > > UEFI
> > > > > > > > image.
> > > > > > > > + @param[in] SystemTable A pointer to the EFI System Table.
> > > > > > > > +
> > > > > > > > + @retval EFI_SUCCESS The operation completed successfully.
> > > > > > > > + @retval Others An unexpected error occurred.
> > > > > > > > +**/
> > > > > > > > +EFI_STATUS
> > > > > > > > +EFIAPI
> > > > > > > > +RedfishBootstrapAccountEntryPoint (
> > > > > > > > + IN EFI_HANDLE ImageHandle,
> > > > > > > > + IN EFI_SYSTEM_TABLE *SystemTable
> > > > > > > > + )
> > > > > > > > +{
> > > > > > > > + EFI_STATUS Status;
> > > > > > > > +
> > > > > > > > + if (mBootstrapPrivate != NULL) {
> > > > > > > > + return EFI_ALREADY_STARTED; }
> > > > > > > > +
> > > > > > > > + mBootstrapPrivate = AllocateZeroPool (sizeof
> > > > > > > > (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE));
> > > > > > > > + if (mBootstrapPrivate == NULL) {
> > > > > > > > + return EFI_OUT_OF_RESOURCES; }
> > > > > > > > +
> > > > > > > > + CopyMem (&mBootstrapPrivate->Protocol,
> > > > &mRedfishConfigHandler,
> > > > > > > > + sizeof
> > > > > > > > (EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL));
> > > > > > > > + Status = gBS->InstallProtocolInterface (
> > > > > > > > + &ImageHandle,
> > > > > > > > + &gEdkIIRedfishConfigHandlerProtocolGuid,
> > > > > > > > + EFI_NATIVE_INTERFACE,
> > > > > > > > + &mBootstrapPrivate->Protocol
> > > > > > > > + );
> > > > > > > > + if (EFI_ERROR (Status)) {
> > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not install Redfish
> > > > > > > > + config handler
> > > > > > > > protocol: %r\n", __func__, Status));
> > > > > > > > + goto ON_ERROR;
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > + //
> > > > > > > > + // Register after provisioning event to remove bootstrap account.
> > > > > > > > + //
> > > > > > > > + Status = CreateAfterProvisioningEvent (
> > > > > > > > + RedfishBootstrapAccountOnRedfishAfterProvisioning,
> > > > > > > > + (VOID *)mBootstrapPrivate,
> > > > > > > > + &mBootstrapPrivate->RedfishEvent
> > > > > > > > + );
> > > > > > > > + if (EFI_ERROR (Status)) {
> > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: failed to register
> > > > > > > > + after-provisioning
> > > > > > event:
> > > > > > > > %r\n", __func__, Status));
> > > > > > > > + goto ON_ERROR;
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > + return EFI_SUCCESS;
> > > > > > > > +
> > > > > > > > +ON_ERROR:
> > > > > > > > +
> > > > > > > > + RedfishBootstrapAccountUnload (ImageHandle);
> > > > > > > > +
> > > > > > > > + return Status;
> > > > > > > > +}
> > > > > > > > diff --git a/RedfishClientPkg/RedfishClient.fdf.inc
> > > > > > > > b/RedfishClientPkg/RedfishClient.fdf.inc
> > > > > > > > index 154f641b2..47e5093f2 100644
> > > > > > > > --- a/RedfishClientPkg/RedfishClient.fdf.inc
> > > > > > > > +++ b/RedfishClientPkg/RedfishClient.fdf.inc
> > > > > > > > @@ -15,6 +15,7 @@
> > > > > > > > INF
> > > > RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.inf
> > > > > > > > INF RedfishClientPkg/RedfishETagDxe/RedfishETagDxe.inf
> > > > > > > > INF
> > > > > > > >
> > > > > >
> > > >
> > RedfishClientPkg/RedfishConfigLangMapDxe/RedfishConfigLangMapDxe.inf
> > > > > > > > + INF
> > > > > > > >
> > > > > > >
> > > > > >
> > > >
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > > > .inf
> > > > > > > > INF
> > > > RedfishClientPkg/Features/Memory/V1_7_1/Dxe/MemoryDxe.inf
> > > > > > > > INF
> > > > > > > >
> > > > > >
> > > >
> > RedfishClientPkg/Features/MemoryCollectionDxe/MemoryCollectionDxe.inf
> > > > > > > > INF
> > > > > > > >
> > > > > > >
> > > > > >
> > > >
> > RedfishClientPkg/Features/ComputerSystem/v1_5_0/Dxe/ComputerSystemD
> > > > > > xe.
> > > > > > > > i
> > > > > > > > nf
> > > > > > > > --
> > > > > > > > 2.34.1
> > > > > > >
> > > > > > > -The information contained in this message may be
> > > > > > > confidential and
> > > > > > proprietary
> > > > > > > to American Megatrends (AMI). This communication is intended
> > > > > > > to be read
> > > > > > only by
> > > > > > > the individual or entity to whom it is addressed or by their
> > > > > > > designee. If the
> > > > > > reader
> > > > > > > of this message is not the intended recipient, you are on
> > > > > > > notice that any distribution of this message, in any form,
> > > > > > > is strictly prohibited. Please
> > > > > > promptly
> > > > > > > notify the sender by reply e-mail or by telephone at
> > > > > > > 770-246-8600, and
> > > > > > then
> > > > > > > delete or destroy all copies of the transmission.
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > > -The information contained in this message may be confidential and
> > > > proprietary to American Megatrends (AMI). This communication is
> > > > intended to be read only by the individual or entity to whom it is
> > > > addressed or by their designee. If the reader of this message is
> > > > not the intended recipient, you are on notice that any
> > > > distribution of this message, in any form, is strictly prohibited.
> > > > Please promptly notify the sender by reply e-mail or by telephone
> > > > at 770-246-8600, and
> > then
> > > delete or destroy all copies of the transmission.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118947): https://edk2.groups.io/g/devel/message/118947
Mute This Topic: https://groups.io/mt/105596648/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg: introduce RedfishBootstrapAccountDxe
2024-05-16 3:09 ` Nickle Wang via groups.io
@ 2024-05-16 11:33 ` Igor Kulchytskyy via groups.io
2024-05-17 7:17 ` Nickle Wang via groups.io
0 siblings, 1 reply; 13+ messages in thread
From: Igor Kulchytskyy via groups.io @ 2024-05-16 11:33 UTC (permalink / raw)
To: Nickle Wang, Chang, Abner, devel@edk2.groups.io; +Cc: Nick Ramirez
We can have some protocol where all Redfish clients register saying that they are using the bootstrap credentials.
And when they finish their job they notify RedfishBootstrapAccountDxe driver and when all of registered modules finish their job RedfishBootstrapAccountDxe driver delete the account.
Thank you,
Igor
-----Original Message-----
From: Nickle Wang <nicklew@nvidia.com>
Sent: Wednesday, May 15, 2024 11:10 PM
To: Chang, Abner <Abner.Chang@amd.com>; Igor Kulchytskyy <igork@ami.com>; devel@edk2.groups.io
Cc: Nick Ramirez <nramirez@nvidia.com>
Subject: RE: [EXTERNAL] RE: [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg: introduce RedfishBootstrapAccountDxe
> RedfishFeatureCore could be one of the Redfish clients, delete the credential from
> Redfish account service in RedfishFeatureCore lifecycle may impact other Redfish
> clients that still need the communication with Redfish service, right?
When all Redfish clients are managed by RedfishFeatureCore, I think we don't have such case. And this may be a good reason to keep it in RedfishClientPkg. This driver offers a way for BIOS to delete bootstrapping account at BMC after everything is done. Platform owner can decide to include this driver or not depending on the Redfish design in system.
Regards,
Nickle
> -----Original Message-----
> From: Chang, Abner <Abner.Chang@amd.com>
> Sent: Thursday, May 16, 2024 10:41 AM
> To: Nickle Wang <nicklew@nvidia.com>; Igor Kulchytskyy <igork@ami.com>;
> devel@edk2.groups.io
> Cc: Nick Ramirez <nramirez@nvidia.com>
> Subject: RE: [EXTERNAL] RE: [edk2-devel] [edk2-redfish-client][PATCH]
> RedfishClientPkg: introduce RedfishBootstrapAccountDxe
>
> External email: Use caution opening links or attachments
>
>
> [AMD Official Use Only - General]
>
> I think we probably overlook some use cases. Multiple edk2 Redfish applications
> running simultaneously is allowed from the design perspective. However, we
> centralized GetAuthInfo in RedfishPlatformCredentialLib for all of edk2 Redfish
> client entities to leverage the same credential stored in EFI variable. This way we
> can limit the process of acquiring credential to only one time Redfish IPMI
> bootstrap command sent to BMC.
> RedfishFeatureCore could be one of the Redfish clients, delete the credential from
> Redfish account service in RedfishFeatureCore lifecycle may impact other Redfish
> clients that still need the communication with Redfish service, right?
>
> Thanks
> Abner
>
> > -----Original Message-----
> > From: Nickle Wang <nicklew@nvidia.com>
> > Sent: Thursday, May 16, 2024 9:38 AM
> > To: Chang, Abner <Abner.Chang@amd.com>; Igor Kulchytskyy
> > <igork@ami.com>; devel@edk2.groups.io
> > Cc: Nick Ramirez <nramirez@nvidia.com>
> > Subject: RE: [EXTERNAL] RE: [edk2-devel] [edk2-redfish-client][PATCH]
> > RedfishClientPkg: introduce RedfishBootstrapAccountDxe
> >
> > [AMD Official Use Only - General]
> >
> > Caution: This message originated from an External Source. Use proper
> > caution when opening attachments, clicking links, or responding.
> >
> >
> > Hi Igor, Abner,
> >
> > > Maybe we should consider moving RedfishBootstrapAccountDxe driver to
> > RedfishPkg and have some register mechanism which will be used by
> > interested drivers to notify that they finished their job and after
> > that RedfishBootstrapAccountDxe driver would delete an account.
> >
> > You are saying the mechanism in runtime, right? In current design,
> > RedfishFeatureCore driver will send "after provisioning" signal to
> > notify this driver to delete bootstrapping account. This makes sure
> > that all feature drivers are done with their jobs, so this driver is
> > safe to delete bootstrapping account at BMC.
> >
> > If we move it to RedfishPkg, there is no such centralized Redfish
> > driver managing Redfish stuff. How does a particular driver know that
> > there is no other driver running Redfish stuff after it? The way I can
> > think of now is to rely on EDK2 ready-to-boot event as the signal to
> > do the notification, since there is not supposed to have Redfish driver running
> jobs after this event...
> >
> > Regards,
> > Nickle
> >
> > > -----Original Message-----
> > > From: Chang, Abner <Abner.Chang@amd.com>
> > > Sent: Thursday, May 16, 2024 9:06 AM
> > > To: Igor Kulchytskyy <igork@ami.com>; Nickle Wang
> > > <nicklew@nvidia.com>; devel@edk2.groups.io
> > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > Subject: RE: [EXTERNAL] RE: [edk2-devel]
> > > [edk2-redfish-client][PATCH]
> > > RedfishClientPkg: introduce RedfishBootstrapAccountDxe
> > >
> > > External email: Use caution opening links or attachments
> > >
> > >
> > > [AMD Official Use Only - General]
> > >
> > > HI Igor,
> > > This sounds to me reasonable to me. As you mentioned, RedfishPkg was
> > designed
> > > to support multiple Redfish applications and RedfishClientPkg is
> > > just one of
> > them. I
> > > think we can review the implementation of acquiring/deleting credential.
> > >
> > > Thanks
> > > Abner
> > >
> > >
> > > > -----Original Message-----
> > > > From: Igor Kulchytskyy <igork@ami.com>
> > > > Sent: Wednesday, May 15, 2024 11:02 PM
> > > > To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io; Chang,
> > > > Abner <Abner.Chang@amd.com>
> > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > Subject: RE: [EXTERNAL] RE: [edk2-devel]
> > > > [edk2-redfish-client][PATCH]
> > > > RedfishClientPkg: introduce RedfishBootstrapAccountDxe
> > > >
> > > > [AMD Official Use Only - General]
> > > >
> > > > Caution: This message originated from an External Source. Use
> > > > proper caution when opening attachments, clicking links, or responding.
> > > >
> > > >
> > > > Hi Nickle,
> > > > I have one more question to discuss regarding this driver.
> > > > We have a bootstrap account and creation of this account
> > > > controlled by RedfishCredentialDxe driver in RedfishPkg.
> > > > But deletion of that bootstrap account is moved to RedfishClientPkg.
> > > > What if we have another Redfish Client or some customer service
> > > > which uses RedfishPkg for the communication.
> > > > Architecturally it is allowed.
> > > > But then RedfishBootstrapAccountDxe module would delete account
> > > > just based on the RedfishClientPkg needs.
> > > > Maybe we should consider moving RedfishBootstrapAccountDxe driver
> > > > to RedfishPkg and have some register mechanism which will be used
> > > > by interested drivers to notify that they finished their job and
> > > > after that RedfishBootstrapAccountDxe driver would delete an account.
> > > > What do you think?
> > > > Thank you,
> > > > Igor
> > > >
> > > > -----Original Message-----
> > > > From: Nickle Wang <nicklew@nvidia.com>
> > > > Sent: Tuesday, May 14, 2024 8:40 AM
> > > > To: devel@edk2.groups.io; abner.chang@amd.com; Igor Kulchytskyy
> > > > <igork@ami.com>
> > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > Subject: [EXTERNAL] RE: [edk2-devel] [edk2-redfish-client][PATCH]
> > > > RedfishClientPkg: introduce RedfishBootstrapAccountDxe
> > > >
> > > >
> > > > **CAUTION: The e-mail below is from an external source. Please
> > > > exercise caution before opening attachments, clicking links, or
> > > > following guidance.**
> > > >
> > > > Hi Abner,
> > > >
> > > > > Ok, then I don't have the problem with invoking GetAuthInfo again.
> > > > However, I
> > > > > will suggest to add more description in GetAuthInfo function
> > > > > header,
> > > > mention that
> > > > > we will keep the auth info in EFI variable until exist boot service.
> > > > > Also, give some more descriptions on the code you invoke to
> > GetAuthInfo.
> > > >
> > > > Thanks for your comment. I add descriptions to explain above
> > > > before calling GetAuthInfo(). Version 2 path is here:
> > > >
> > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk%25
> >
> 2F&data=05%7C02%7Cnicklew%40nvidia.com%7C77f28b71f7a9495ddbb308dc7
> 551a
> >
> 632%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638514240788650
> 508%7C
> >
> Unknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6I
> k1h
> >
> aWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=zGjzjMdGhyaOdjd56WA34xO
> 3vKD%2FMa
> > fSZNq0db9fo7k%3D&reserved=0
> > 2
> > >
> > > .groups.io%2Fg%2Fdevel%2Fmessage%2F118889&data=05%7C02%7Cnick
> > lew
> > > %40nvi
> > > >
> > >
> > dia.com%7C10ec4812a68a434b806008dc75445994%7C43083d15727340c
> > 1b7db
> > > 39efd
> > > >
> > >
> > 9ccc17a%7C0%7C0%7C638514183674607956%7CUnknown%7CTWFpbGZs
> > b3d8
> > > eyJWIjoiM
> > > >
> > >
> > C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7
> > C%7
> > > C%7C
> > > >
> > >
> > &sdata=GNlisCnBmVQRhCLTxICGDsArv%2B64lC%2BkktUMi8Yg%2BJM%3D&r
> > ese
> > > rved=0
> > > >
> > > > Regards,
> > > > Nickle
> > > >
> > > > > -----Original Message-----
> > > > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> > > > > Chang,
> > > > Abner
> > > > > via groups.io
> > > > > Sent: Tuesday, April 23, 2024 3:42 PM
> > > > > To: Nickle Wang <nicklew@nvidia.com>; Igor Kulchytskyy
> > > > > <igork@ami.com>; devel@edk2.groups.io
> > > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > > Subject: Re: [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg:
> > > > > introduce RedfishBootstrapAccountDxe
> > > > >
> > > > > External email: Use caution opening links or attachments
> > > > >
> > > > >
> > > > > [AMD Official Use Only - General]
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Nickle Wang <nicklew@nvidia.com>
> > > > > > Sent: Tuesday, April 23, 2024 3:09 PM
> > > > > > To: Igor Kulchytskyy <igork@ami.com>; Chang, Abner
> > > > > > <Abner.Chang@amd.com>; devel@edk2.groups.io
> > > > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > > > Subject: RE: [EXTERNAL] RE: [edk2-redfish-client][PATCH]
> > > > RedfishClientPkg:
> > > > > > introduce RedfishBootstrapAccountDxe
> > > > > >
> > > > > > [AMD Official Use Only - General]
> > > > > >
> > > > > > Caution: This message originated from an External Source. Use
> > > > > > proper caution when opening attachments, clicking links, or
> > responding.
> > > > > >
> > > > > >
> > > > > > Hi Igor, Abner,
> > > > > >
> > > > > > Thanks for your review. Please allow me to answer your
> > > > > > questions
> > > > together.
> > > > > >
> > > > > > > 1. We suppose acquire the credential before we start to
> > > > > > > communicate with
> > > > > > Redfish. Will Redfish credential driver create another
> > > > > > bootstrap account here after provisioning?
> > > > > > No, according to the RedfishPlatformCredentialIpmiLib
> > > > > > implementation, Redfish credential driver requests credential
> > > > > > from BMC and will keep it for later use. So only one
> > > > > > credential is requested for BIOS Redfish feature drivers during POST
> time.
> > > > > Ok, then I don't have the problem with invoking GetAuthInfo again.
> > > > However, I
> > > > > will suggest to add more description in GetAuthInfo function
> > > > > header,
> > > > mention that
> > > > > we will keep the auth info in EFI variable until exist boot service.
> > > > > Also, give some more descriptions on the code you invoke to
> > GetAuthInfo.
> > > > >
> > > > > >
> > > > > > > 2. And why do we delete the credential after provisioning?
> > > > > > > How about the
> > > > > > later Redfish property updating process?
> > > > > > In this driver, we listen to "AfterProvisioning" event. And
> > > > > > this is the event triggered after Redfish feature driver finish all jobs.
> > > > > > There is no feature driver which gets executed after this event.
> > > > > > And since we finished all Redfish operations, we remove this
> > > > > > account
> > on
> > > BMC.
> > > > > Then this makes sense to me now.
> > > > >
> > > > > >
> > > > > > > Why do we need to delete those credentials? According to
> > > > > > > spec BMC should
> > > > > > delete the bootstrap credentials automatically on host or service reset.
> > > > > > Yes, bootstrap credentials get deleted on host reset. In
> > > > > > practice, server in datacenter usually takes long time running
> > > > > > under OS before it gets
> > > > > rebooted.
> > > > > > The bootstrap credentials are exposed to end user at
> > > > > > "/redfish/v1/AccountService/Accounts". I got report that there
> > > > > > is concern for end user to see this unused account.
> > > > > This sounds to me reasonable as we will give bootstrap
> > > > > credential a high
> > > > privilege
> > > > > to update Redfish resource. Leave this information in Account
> > > > > service seems
> > > > not a
> > > > > good idea.
> > > > >
> > > > > Thanks
> > > > > Abner
> > > > >
> > > > > >
> > > > > > So, I create this driver to allows us to remove bootstrap
> > > > > > account at BMC after we finish Redfish jobs. And this also
> > > > > > release the BMC account resource since this account won't be
> > > > > > used for a long period of
> > > > time.
> > > > > >
> > > > > > Regards,
> > > > > > Nickle
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Igor Kulchytskyy <igork@ami.com>
> > > > > > > Sent: Monday, April 22, 2024 11:03 PM
> > > > > > > To: Chang, Abner <Abner.Chang@amd.com>; Nickle Wang
> > > > > > > <nicklew@nvidia.com>; devel@edk2.groups.io
> > > > > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > > > > Subject: RE: [EXTERNAL] RE: [edk2-redfish-client][PATCH]
> > > > RedfishClientPkg:
> > > > > > > introduce RedfishBootstrapAccountDxe
> > > > > > >
> > > > > > > External email: Use caution opening links or attachments
> > > > > > >
> > > > > > >
> > > > > > > Hi Nickle and Abner,
> > > > > > > I also have the same question as Abner.
> > > > > > > Why do we need to delete those credentials?
> > > > > > > According to spec BMC should delete the bootstrap
> > > > > > > credentials automatically
> > > > > > on
> > > > > > > host or service reset.
> > > > > > > Thank you,
> > > > > > > Igor
> > > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Chang, Abner <Abner.Chang@amd.com>
> > > > > > > Sent: Sunday, April 21, 2024 10:25 PM
> > > > > > > To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io
> > > > > > > Cc: Igor Kulchytskyy <igork@ami.com>; Nick Ramirez
> > > > > > <nramirez@nvidia.com>
> > > > > > > Subject: [EXTERNAL] RE: [edk2-redfish-client][PATCH]
> > RedfishClientPkg:
> > > > > > > introduce RedfishBootstrapAccountDxe
> > > > > > >
> > > > > > >
> > > > > > > **CAUTION: The e-mail below is from an external source.
> > > > > > > Please exercise caution before opening attachments, clicking
> > > > > > > links, or following guidance.**
> > > > > > >
> > > > > > > [AMD Official Use Only - General]
> > > > > > >
> > > > > > > Hi Nickle,
> > > > > > > One comment and few questions,
> > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: Nickle Wang <nicklew@nvidia.com>
> > > > > > > > Sent: Thursday, April 18, 2024 8:28 PM
> > > > > > > > To: devel@edk2.groups.io
> > > > > > > > Cc: Chang, Abner <Abner.Chang@amd.com>; Igor Kulchytskyy
> > > > > > > > <igork@ami.com>; Nick Ramirez <nramirez@nvidia.com>
> > > > > > > > Subject: [edk2-redfish-client][PATCH] RedfishClientPkg:
> > > > > > > > introduce RedfishBootstrapAccountDxe
> > > > > > > >
> > > > > > > > Caution: This message originated from an External Source.
> > > > > > > > Use proper caution when opening attachments, clicking
> > > > > > > > links, or
> > > > responding.
> > > > > > > >
> > > > > > > >
> > > > > > > > -Introduce RedfishBootstrapAccountDxe to delete bootstrap
> > > > > > > > account from /redfish/v1/AccountService/Accounts after
> > > > > > > > BIOS finished all Redfish jobs. The bootstrap account
> > > > > > > > won't be available to other
> > > > application.
> > > > > > > > So deleting bootstrap account helps to release resource at BMC.
> > > > > > > > - After bootstrap account is deleted at BMC, the Redfish
> > > > > > > > service instance is no longer usable. Close Redfish
> > > > > > > > service instance to release the HTTP connection between BIOS and
> BMC.
> > > > > > > >
> > > > > > > > Signed-off-by: Nickle Wang <nicklew@nvidia.com>
> > > > > > > > Cc: Abner Chang <abner.chang@amd.com>
> > > > > > > > Cc: Igor Kulchytskyy <igork@ami.com>
> > > > > > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > > > > > ---
> > > > > > > > .../RedfishClientComponents.dsc.inc | 1 +
> > > > > > > > .../RedfishBootstrapAccountDxe.inf | 53 +++
> > > > > > > > .../RedfishBootstrapAccountDxe.h | 58 ++++
> > > > > > > > .../RedfishBootstrapAccountDxe.c | 328
> > ++++++++++++++++++
> > > > > > > > RedfishClientPkg/RedfishClient.fdf.inc | 1 +
> > > > > > > > 5 files changed, 441 insertions(+) create mode 100644
> > > > > > > >
> > > > > >
> > > >
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > > > > > .inf
> > > > > > > > create mode 100644
> > > > > > > >
> > > > > >
> > > >
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > > > > > .h
> > > > > > > > create mode 100644
> > > > > > > >
> > > > > >
> > > >
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > > > > > .c
> > > > > > > >
> > > > > > > > diff --git
> > > > > > > > a/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > > > > > b/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > > > > > index 42fc0c299..fe5248b62 100644
> > > > > > > > --- a/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > > > > > +++ b/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > > > > > @@ -20,6 +20,7 @@
> > > > > > > >
> > > > RedfishClientPkg/HiiToRedfishMemoryDxe/HiiToRedfishMemoryDxe.inf
> > > > > > > >
> > > > > > > > RedfishClientPkg/HiiToRedfishBootDxe/HiiToRedfishBootDxe.i
> > > > > > > > nf
> > > > > > > >
> > > > > > > > RedfishClientPkg/HiiToRedfishBiosDxe/HiiToRedfishBiosDxe.i
> > > > > > > > nf
> > > > > > > > +
> > > > > > > >
> > > > > >
> > > >
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > > > > > .inf
> > > > > > > > !endif
> > > > > > > > #
> > > > > > > > # Below two modules should be pulled in by build tool.
> > > > > > > > diff --git
> > > > > > > >
> > > > > >
> > > >
> > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > > > xe.in
> > > > > > > > f
> > > > > > > >
> > > > > >
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > > > xe.in
> > > > > > > > f
> > > > > > > > new file mode 100644
> > > > > > > > index 000000000..4073e95f4
> > > > > > > > --- /dev/null
> > > > > > > > +++
> > > > > > > >
> > > > > >
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > > > xe.in
> > > > > > > > f
> > > > > > > > @@ -0,0 +1,53 @@
> > > > > > > > +## @file
> > > > > > > > +# This driver deletes bootstrap account in BMC after
> > > > > > > > +BIOS Redfish finished # all jobs # # (C) Copyright 2021
> > > > > > > > +Hewlett Packard Enterprise Development LP<BR> #
> > > > > > > > +Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights
> reserved.
> > > > > > >
> > > > > > >
> > > > > > > Not sure if you want to update the copyright to 2024.
> > > > > > >
> > > > > > >
> > > > > > > > +#
> > > > > > > > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ##
> > > > > > > > +
> > > > > > > > +[Defines]
> > > > > > > > + INF_VERSION = 0x0001000b
> > > > > > > > + BASE_NAME = RedfishBootstrapAccountDxe
> > > > > > > > + FILE_GUID = 87555253-2F7E-45FC-B469-FD35B2E51210
> > > > > > > > + MODULE_TYPE = DXE_DRIVER
> > > > > > > > + VERSION_STRING = 1.0
> > > > > > > > + ENTRY_POINT = RedfishBootstrapAccountEntryPoint
> > > > > > > > + UNLOAD_IMAGE = RedfishBootstrapAccountUnload
> > > > > > > > +
> > > > > > > > +[Packages]
> > > > > > > > + MdePkg/MdePkg.dec
> > > > > > > > + MdeModulePkg/MdeModulePkg.dec
> > > > > > > > + RedfishPkg/RedfishPkg.dec
> > > > > > > > + RedfishClientPkg/RedfishClientPkg.dec
> > > > > > > > +
> > > > > > > > +[Sources]
> > > > > > > > + RedfishBootstrapAccountDxe.h
> > > > > > > > + RedfishBootstrapAccountDxe.c
> > > > > > > > +
> > > > > > > > +[LibraryClasses]
> > > > > > > > + BaseLib
> > > > > > > > + BaseMemoryLib
> > > > > > > > + DebugLib
> > > > > > > > + MemoryAllocationLib
> > > > > > > > + PrintLib
> > > > > > > > + RedfishEventLib
> > > > > > > > + RedfishFeatureUtilityLib
> > > > > > > > + RedfishDebugLib
> > > > > > > > + RedfishVersionLib
> > > > > > > > + RedfishHttpLib
> > > > > > > > + UefiLib
> > > > > > > > + UefiBootServicesTableLib
> > > > > > > > + UefiRuntimeServicesTableLib
> > > > > > > > + UefiDriverEntryPoint
> > > > > > > > +
> > > > > > > > +[Protocols]
> > > > > > > > + gEdkIIRedfishConfigHandlerProtocolGuid ## CONSUMES ##
> > > > > > > > + gEdkIIRedfishCredentialProtocolGuid ## CONSUMES ##
> > > > > > > > + gEfiRestExProtocolGuid ## CONSUMES ##
> > > > > > > > +
> > > > > > > > +[Depex]
> > > > > > > > + gEdkIIRedfishCredentialProtocolGuid
> > > > > > > > diff --git
> > > > > > > >
> > > > > >
> > > >
> > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > > > xe.h
> > > > > > > >
> > > > > >
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > > > xe.h
> > > > > > > > new file mode 100644
> > > > > > > > index 000000000..5262f1e6b
> > > > > > > > --- /dev/null
> > > > > > > > +++
> > > > > > > >
> > > > > >
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > > > xe.h
> > > > > > > > @@ -0,0 +1,58 @@
> > > > > > > > +/** @file
> > > > > > > > + Common header file for RedfishBootstrapAccountDxe driver.
> > > > > > > > +
> > > > > > > > + (C) Copyright 2021-2022 Hewlett Packard Enterprise
> > > > > > > > + Development LP<BR> Copyright (c) 2023, NVIDIA
> > > > > > > > + CORPORATION
> > &
> > > > > > > > + AFFILIATES. All
> > > > > > rights
> > > > > > > reserved.
> > > > > > > > +
> > > > > > > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > > > > > +
> > > > > > > > +**/
> > > > > > > > +
> > > > > > > > +#ifndef REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_ #define
> > > > > > > > +REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_
> > > > > > > > +
> > > > > > > > +#include <Uefi.h>
> > > > > > > > +#include <RedfishBase.h>
> > > > > > > > +
> > > > > > > > +//
> > > > > > > > +// Libraries
> > > > > > > > +//
> > > > > > > > +#include <Library/BaseLib.h> #include
> > > > > > > > +<Library/BaseMemoryLib.h> #include <Library/DebugLib.h>
> > > > > > > > +
> > > > > > > > +#include <Library/MemoryAllocationLib.h> #include
> > > > > > > > +<Library/PrintLib.h> #include <Library/RedfishEventLib.h>
> > > > > > > > +#include <Library/RedfishFeatureUtilityLib.h>
> > > > > > > > +#include <Library/RedfishDebugLib.h> #include
> > > > > > > > +<Library/RedfishVersionLib.h> #include
> > > > > > > > +<Library/RedfishHttpLib.h> #include
> > > > > > > > +<Library/UefiBootServicesTableLib.h>
> > > > > > > > +#include <Library/UefiDriverEntryPoint.h> #include
> > > > > > > > +<Library/UefiLib.h> #include
> > > > > > > > +<Library/UefiRuntimeServicesTableLib.h>
> > > > > > > > +
> > > > > > > > +#include <Protocol/EdkIIRedfishConfigHandler.h>
> > > > > > > > +#include <Protocol/EdkIIRedfishCredential.h>
> > > > > > > > +#include <Protocol/RestEx.h>
> > > > > > > > +
> > > > > > > > +#define REDFISH_BOOTSTRAP_ACCOUNT_DEBUG
> > > > DEBUG_VERBOSE
> > > > > > > > +#define REDFISH_MANAGER_ACCOUNT_COLLECTION_URI
> > > > > > > > L"AccountService/Accounts"
> > > > > > > > +#define REDFISH_URI_LENGTH 128
> > > > > > > > +
> > > > > > > > +//
> > > > > > > > +// Definitions of REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE //
> > > > > > > > +typedef
> > > > > > struct
> > > > > > > > +{
> > > > > > > > + EFI_HANDLE ImageHandle;
> > > > > > > > + EFI_HANDLE RestExHandle;
> > > > > > > > + REDFISH_SERVICE RedfishService;
> > > > > > > > + EFI_EVENT RedfishEvent;
> > > > > > > > + EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL Protocol;
> > > > > > > > +} REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE;
> > > > > > > > +
> > > > > > > > +#define
> > > > > > REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL(This) \
> > > > > > > > + BASE_CR ((This),
> > > > > > > > +REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE,
> > > > > > > > +Protocol)
> > > > > > > > +
> > > > > > > > +#endif
> > > > > > > > diff --git
> > > > > > > >
> > > > > >
> > > >
> > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > > > xe.c
> > > > > > > >
> > > > > >
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > > > xe.c
> > > > > > > > new file mode 100644
> > > > > > > > index 000000000..6fe4856f8
> > > > > > > > --- /dev/null
> > > > > > > > +++
> > > > > > > >
> > > > > >
> > > >
> > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > > > > > > xe.c
> > > > > > > > @@ -0,0 +1,328 @@
> > > > > > > > +/** @file
> > > > > > > > + This driver deletes bootstrap account in BMC after BIOS
> > > > > > > > +Redfish finished
> > > > > > > > + all jobs.
> > > > > > > > +
> > > > > > > > + (C) Copyright 2021-2022 Hewlett Packard Enterprise
> > > > > > > > + Development LP<BR> Copyright (c) 2023, NVIDIA
> > > > > > > > + CORPORATION
> > &
> > > > > > > > + AFFILIATES. All
> > > > > > rights
> > > > > > > reserved.
> > > > > > > > +
> > > > > > > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > > > > > +
> > > > > > > > +**/
> > > > > > > > +
> > > > > > > > +#include "RedfishBootstrapAccountDxe.h"
> > > > > > > > +
> > > > > > > > +REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *mBootstrapPrivate =
> > > > NULL;
> > > > > > > > +
> > > > > > > > +/**
> > > > > > > > + Close Redfish service instance by calling RestEx
> > > > > > > > +protocol to release
> > > > > > instance.
> > > > > > > > +
> > > > > > > > + @param[in] RestExHandle Handle of RestEx protocol.
> > > > > > > > +
> > > > > > > > + @retval EFI_SUCCESS The Redfish service is closed
> > successfully.
> > > > > > > > + @retval EFI_INVALID_PARAMETER RestExHandle is NULL.
> > > > > > > > + @retval Others Error occurs.
> > > > > > > > +
> > > > > > > > +**/
> > > > > > > > +EFI_STATUS
> > > > > > > > +CloseRedfishService (
> > > > > > > > + IN EFI_HANDLE RestExHandle
> > > > > > > > + )
> > > > > > > > +{
> > > > > > > > + EFI_REST_EX_PROTOCOL *RestEx;
> > > > > > > > + EFI_STATUS Status;
> > > > > > > > +
> > > > > > > > + if (RestExHandle == NULL) {
> > > > > > > > + return EFI_INVALID_PARAMETER; }
> > > > > > > > +
> > > > > > > > + Status = gBS->HandleProtocol (
> > > > > > > > + RestExHandle,
> > > > > > > > + &gEfiRestExProtocolGuid,
> > > > > > > > + (VOID **)&RestEx
> > > > > > > > + );
> > > > > > > > + if (!EFI_ERROR (Status)) {
> > > > > > > > + Status = RestEx->Configure (RestEx, NULL);
> > > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: release
> > > > RestEx
> > > > > > > > instance: %r\n", __func__, Status));
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > + return Status;
> > > > > > > > +}
> > > > > > > > +
> > > > > > > > +/**
> > > > > > > > + Callback function executed when the AfterProvisioning
> > > > > > > > +event group is
> > > > > > > > signaled.
> > > > > > > > +
> > > > > > > > + @param[in] Event Event whose notification function is being
> > > > invoked.
> > > > > > > > + @param[out] Context Pointer to the Context buffer
> > > > > > > > +
> > > > > > > > +**/
> > > > > > > > +VOID
> > > > > > > > +EFIAPI
> > > > > > > > +RedfishBootstrapAccountOnRedfishAfterProvisioning (
> > > > > > > > + IN EFI_EVENT Event,
> > > > > > > > + OUT VOID *Context
> > > > > > > > + )
> > > > > > > > +{
> > > > > > > > + EFI_STATUS Status;
> > > > > > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > > > > > > > + EDKII_REDFISH_CREDENTIAL_PROTOCOL *credentialProtocol;
> > > > > > > > + EDKII_REDFISH_AUTH_METHOD AuthMethod;
> > > > > > > > + CHAR8 *AccountName;
> > > > > > > > + CHAR8 *AccountCredential;
> > > > > > > > + CHAR16 TargetUri[REDFISH_URI_LENGTH];
> > > > > > > > + CHAR16 *RedfishVersion;
> > > > > > > > + REDFISH_RESPONSE RedfishResponse;
> > > > > > > > +
> > > > > > > > + RedfishVersion = NULL;
> > > > > > > > +
> > > > > > > > + Private = (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *)Context;
> > if
> > > > > > > > + ((Private == NULL) || (Private->RedfishService == NULL)) {
> > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: Redfish service is not
> > > > > > > > + available\n",
> > > > > > > > __func__));
> > > > > > > > + return;
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > + //
> > > > > > > > + // Locate Redfish Credential Protocol to get credential
> > > > > > > > + for // accessing to Redfish service.
> > > > > > > > + //
> > > > > > > > + Status = gBS->LocateProtocol (
> > > > > > > > + &gEdkIIRedfishCredentialProtocolGuid,
> > > > > > > > + NULL,
> > > > > > > > + (VOID **)&credentialProtocol
> > > > > > > > + );
> > > > > > > > + if (EFI_ERROR (Status)) {
> > > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: No
> > Redfish
> > > > > > > > Credential Protocol is installed on system.", __func__));
> > > > > > > > + return;
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > + Status = credentialProtocol->GetAuthInfo (
> > > > > > > > + credentialProtocol,
> > > > > > > > + &AuthMethod,
> > > > > > > > + &AccountName,
> > > > > > > > + &AccountCredential
> > > > > > > > + );
> > > > > > >
> > > > > > > HI Nickle, I am not quite understand why do we acquire a
> > > > > > > credential here but delete it from the Redfish account
> > > > > > > service here
> > after
> > > provision.
> > > > > > > 1. We suppose acquire the credential before we start to
> > > > > > > communicate with Redfish. Will Redfish credential driver
> > > > > > > create another bootstrap account here after provisioning?
> > > > > > > 2. And why do we delete the credential after provisioning?
> > > > > > > How about the
> > > > > > later
> > > > > > > Redfish property updating process?
> > > > > > > Or do I misunderstand the code logic?
> > > > > > >
> > > > > > > Regards,
> > > > > > > Abner
> > > > > > >
> > > > > > > > + if (EFI_ERROR (Status)) {
> > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not get bootstrap
> > > > > > > > + account
> > > > > > information:
> > > > > > > > %r\n", __func__, Status));
> > > > > > > > + return;
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > + //
> > > > > > > > + // Carving the URI
> > > > > > > > + //
> > > > > > > > + RedfishVersion = RedfishGetVersion
> > > > > > > > + (Private->RedfishService); if (RedfishVersion == NULL) {
> > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not get Redfish
> > > > > > > > + version\n",
> > > > > > __func__));
> > > > > > > > + return;
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > + UnicodeSPrint (TargetUri, (sizeof (CHAR16) *
> > > > > > > > + REDFISH_URI_LENGTH),
> > > > > > > > L"%s%s/%a", RedfishVersion,
> > > > > > > REDFISH_MANAGER_ACCOUNT_COLLECTION_URI,
> > > > > > > > AccountName);
> > > > > > > > +
> > > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a:
> > bootstrap
> > > > > > account:
> > > > > > > > %a\n", __func__, AccountName));
> > > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a:
> > bootstrap
> > > > > > > > credential: %a\n", __func__, AccountCredential));
> > > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a:
> > bootstrap
> > > > URI:
> > > > > > > > %s\n", __func__, TargetUri));
> > > > > > > > +
> > > > > > > > + //
> > > > > > > > + // Remove bootstrap account at
> > > > > > > > + /redfish/v1/AccountService/Account
> > > > > > > > + //
> > > > > > > > + ZeroMem (&RedfishResponse, sizeof (REDFISH_RESPONSE));
> > > > > > > > + Status = RedfishHttpDeleteResource (
> > > > > > > > + Private->RedfishService,
> > > > > > > > + TargetUri,
> > > > > > > > + &RedfishResponse
> > > > > > > > + );
> > > > > > > > + if (EFI_ERROR (Status)) {
> > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not remove bootstrap
> > > > > > > > + account at
> > > > > > BMC:
> > > > > > > > %r", __func__, Status));
> > > > > > > > + DumpRedfishResponse (__func__, DEBUG_ERROR,
> > > > > > &RedfishResponse); }
> > > > > > > > + else {
> > > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a:
> > bootstrap
> > > > > > > account:
> > > > > > > > %a is removed from: %s\n", __func__, AccountName,
> > > > > > > > REDFISH_MANAGER_ACCOUNT_COLLECTION_URI));
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > + //
> > > > > > > > + // Clean credential
> > > > > > > > + //
> > > > > > > > + ZeroMem (AccountName, AsciiStrSize (AccountName));
> > ZeroMem
> > > > > > > > + (AccountCredential, AsciiStrSize (AccountCredential));
> > > > > > > > +
> > > > > > > > + //
> > > > > > > > + // Since the bootstrap account is deleted at BMC, the
> > > > > > > > + Redfish service instance
> > > > > > > > is no longer usable.
> > > > > > > > + // Close Redfish service instance to release the HTTP
> > > > > > > > + connection between
> > > > > > > > BIOS and BMC.
> > > > > > > > + //
> > > > > > > > + Status = CloseRedfishService (Private->RestExHandle);
> > > > > > > > + if (EFI_ERROR (Status)) {
> > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: cannot close Redfish
> > > > > > > > + service
> > instance:
> > > > > > > > + %r\n",
> > > > > > > > __func__, Status));
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > + RedfishHttpFreeResponse (&RedfishResponse);
> > > > > > > > +
> > > > > > > > + return;
> > > > > > > > +}
> > > > > > > > +
> > > > > > > > +/**
> > > > > > > > + Initialize a Redfish configure handler.
> > > > > > > > +
> > > > > > > > + This function will be called by the Redfish config
> > > > > > > > + driver to initialize each
> > > > > > > > Redfish configure
> > > > > > > > + handler.
> > > > > > > > +
> > > > > > > > + @param[in] This Pointer to
> > > > > > > > EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
> > > > > > > > + @param[in] RedfishConfigServiceInfo Redfish service
> > informaiton.
> > > > > > > > +
> > > > > > > > + @retval EFI_SUCCESS The handler has been initialized
> > > > > > successfully.
> > > > > > > > + @retval EFI_DEVICE_ERROR Failed to create or configure
> the
> > > > REST
> > > > > > EX
> > > > > > > > protocol instance.
> > > > > > > > + @retval EFI_ALREADY_STARTED This handler has already
> been
> > > > > > > > initialized.
> > > > > > > > + @retval Other Error happens during the initialization.
> > > > > > > > +
> > > > > > > > +**/
> > > > > > > > +EFI_STATUS
> > > > > > > > +EFIAPI
> > > > > > > > +RedfishBootstrapAccountInit (
> > > > > > > > + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This,
> > > > > > > > + IN REDFISH_CONFIG_SERVICE_INFORMATION
> > > > > > *RedfishConfigServiceInfo
> > > > > > > > + )
> > > > > > > > +{
> > > > > > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > > > > > > > +
> > > > > > > > + Private =
> > > > REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL
> > > > > > > > (This);
> > > > > > > > +
> > > > > > > > + Private->RedfishService = RedfishCreateService
> > > > > > > > + (RedfishConfigServiceInfo); if (Private->RedfishService == NULL) {
> > > > > > > > + return EFI_DEVICE_ERROR; }
> > > > > > > > +
> > > > > > > > + Private->RestExHandle = RedfishConfigServiceInfo-
> > > > > > > > >RedfishServiceRestExHandle;
> > > > > > > > +
> > > > > > > > + return EFI_SUCCESS;
> > > > > > > > +}
> > > > > > > > +
> > > > > > > > +/**
> > > > > > > > + Stop a Redfish configure handler.
> > > > > > > > +
> > > > > > > > + @param[in] This Pointer to
> > > > > > > > EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
> > > > > > > > +
> > > > > > > > + @retval EFI_SUCCESS This handler has been stoped
> > > > successfully.
> > > > > > > > + @retval Others Some error happened.
> > > > > > > > +
> > > > > > > > +**/
> > > > > > > > +EFI_STATUS
> > > > > > > > +EFIAPI
> > > > > > > > +RedfishBootstrapAccountStop (
> > > > > > > > + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This
> > > > > > > > + )
> > > > > > > > +{
> > > > > > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > > > > > > > +
> > > > > > > > + Private =
> > > > REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL
> > > > > > > > (This);
> > > > > > > > +
> > > > > > > > + if (Private->RedfishService != NULL) {
> > > > > > > > + RedfishCleanupService (Private->RedfishService);
> > > > > > > > + Private->RedfishService = NULL; }
> > > > > > > > +
> > > > > > > > + return EFI_SUCCESS;
> > > > > > > > +}
> > > > > > > > +
> > > > > > > > +EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL
> > > > mRedfishConfigHandler =
> > > > > > {
> > > > > > > > + RedfishBootstrapAccountInit,
> > > > > > > > + RedfishBootstrapAccountStop };
> > > > > > > > +
> > > > > > > > +/**
> > > > > > > > + Unloads an image.
> > > > > > > > +
> > > > > > > > + @param[in] ImageHandle Handle that identifies the image
> to
> > > be
> > > > > > > > unloaded.
> > > > > > > > +
> > > > > > > > + @retval EFI_SUCCESS The image has been unloaded.
> > > > > > > > + @retval EFI_INVALID_PARAMETER ImageHandle is not a
> > > > > > > > + valid image
> > > > > > handle.
> > > > > > > > +
> > > > > > > > +**/
> > > > > > > > +EFI_STATUS
> > > > > > > > +EFIAPI
> > > > > > > > +RedfishBootstrapAccountUnload (
> > > > > > > > + IN EFI_HANDLE ImageHandle
> > > > > > > > + )
> > > > > > > > +{
> > > > > > > > + EFI_STATUS Status;
> > > > > > > > +
> > > > > > > > + if (mBootstrapPrivate == NULL) {
> > > > > > > > + return EFI_SUCCESS;
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > + if (mBootstrapPrivate->RedfishEvent != NULL) {
> > > > > > > > + gBS->CloseEvent (mBootstrapPrivate->RedfishEvent);
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > + Status = gBS->UninstallProtocolInterface (
> > > > > > > > + mBootstrapPrivate->ImageHandle,
> > > > > > > > + &gEdkIIRedfishConfigHandlerProtocolGuid,
> > > > > > > > + (VOID *)&mBootstrapPrivate->Protocol
> > > > > > > > + );
> > > > > > > > + if (EFI_ERROR (Status)) {
> > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not uninstall Redfish
> > > > > > > > + config handler
> > > > > > > > protocol: %r\n", __func__, Status));
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > + FreePool (mBootstrapPrivate); mBootstrapPrivate =
> > > > > > > > + NULL;
> > > > > > > > +
> > > > > > > > + return EFI_SUCCESS;
> > > > > > > > +}
> > > > > > > > +
> > > > > > > > +/**
> > > > > > > > + This is the declaration of an EFI image entry point.
> > > > > > > > +This entry point is
> > > > > > > > + the same for UEFI Applications, UEFI OS Loaders, and
> > > > > > > > +UEFI Drivers including
> > > > > > > > + both device drivers and bus drivers.
> > > > > > > > +
> > > > > > > > + @param[in] ImageHandle The firmware allocated handle for
> > the
> > > > UEFI
> > > > > > > > image.
> > > > > > > > + @param[in] SystemTable A pointer to the EFI System Table.
> > > > > > > > +
> > > > > > > > + @retval EFI_SUCCESS The operation completed successfully.
> > > > > > > > + @retval Others An unexpected error occurred.
> > > > > > > > +**/
> > > > > > > > +EFI_STATUS
> > > > > > > > +EFIAPI
> > > > > > > > +RedfishBootstrapAccountEntryPoint (
> > > > > > > > + IN EFI_HANDLE ImageHandle,
> > > > > > > > + IN EFI_SYSTEM_TABLE *SystemTable
> > > > > > > > + )
> > > > > > > > +{
> > > > > > > > + EFI_STATUS Status;
> > > > > > > > +
> > > > > > > > + if (mBootstrapPrivate != NULL) {
> > > > > > > > + return EFI_ALREADY_STARTED; }
> > > > > > > > +
> > > > > > > > + mBootstrapPrivate = AllocateZeroPool (sizeof
> > > > > > > > (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE));
> > > > > > > > + if (mBootstrapPrivate == NULL) {
> > > > > > > > + return EFI_OUT_OF_RESOURCES; }
> > > > > > > > +
> > > > > > > > + CopyMem (&mBootstrapPrivate->Protocol,
> > > > &mRedfishConfigHandler,
> > > > > > > > + sizeof
> > > > > > > > (EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL));
> > > > > > > > + Status = gBS->InstallProtocolInterface (
> > > > > > > > + &ImageHandle,
> > > > > > > > + &gEdkIIRedfishConfigHandlerProtocolGuid,
> > > > > > > > + EFI_NATIVE_INTERFACE,
> > > > > > > > + &mBootstrapPrivate->Protocol
> > > > > > > > + );
> > > > > > > > + if (EFI_ERROR (Status)) {
> > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not install Redfish
> > > > > > > > + config handler
> > > > > > > > protocol: %r\n", __func__, Status));
> > > > > > > > + goto ON_ERROR;
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > + //
> > > > > > > > + // Register after provisioning event to remove bootstrap account.
> > > > > > > > + //
> > > > > > > > + Status = CreateAfterProvisioningEvent (
> > > > > > > > + RedfishBootstrapAccountOnRedfishAfterProvisioning,
> > > > > > > > + (VOID *)mBootstrapPrivate,
> > > > > > > > + &mBootstrapPrivate->RedfishEvent
> > > > > > > > + );
> > > > > > > > + if (EFI_ERROR (Status)) {
> > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: failed to register
> > > > > > > > + after-provisioning
> > > > > > event:
> > > > > > > > %r\n", __func__, Status));
> > > > > > > > + goto ON_ERROR;
> > > > > > > > + }
> > > > > > > > +
> > > > > > > > + return EFI_SUCCESS;
> > > > > > > > +
> > > > > > > > +ON_ERROR:
> > > > > > > > +
> > > > > > > > + RedfishBootstrapAccountUnload (ImageHandle);
> > > > > > > > +
> > > > > > > > + return Status;
> > > > > > > > +}
> > > > > > > > diff --git a/RedfishClientPkg/RedfishClient.fdf.inc
> > > > > > > > b/RedfishClientPkg/RedfishClient.fdf.inc
> > > > > > > > index 154f641b2..47e5093f2 100644
> > > > > > > > --- a/RedfishClientPkg/RedfishClient.fdf.inc
> > > > > > > > +++ b/RedfishClientPkg/RedfishClient.fdf.inc
> > > > > > > > @@ -15,6 +15,7 @@
> > > > > > > > INF
> > > > RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.inf
> > > > > > > > INF RedfishClientPkg/RedfishETagDxe/RedfishETagDxe.inf
> > > > > > > > INF
> > > > > > > >
> > > > > >
> > > >
> > RedfishClientPkg/RedfishConfigLangMapDxe/RedfishConfigLangMapDxe.inf
> > > > > > > > + INF
> > > > > > > >
> > > > > > >
> > > > > >
> > > >
> > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe
> > > > > > .inf
> > > > > > > > INF
> > > > RedfishClientPkg/Features/Memory/V1_7_1/Dxe/MemoryDxe.inf
> > > > > > > > INF
> > > > > > > >
> > > > > >
> > > >
> > RedfishClientPkg/Features/MemoryCollectionDxe/MemoryCollectionDxe.inf
> > > > > > > > INF
> > > > > > > >
> > > > > > >
> > > > > >
> > > >
> > RedfishClientPkg/Features/ComputerSystem/v1_5_0/Dxe/ComputerSystemD
> > > > > > xe.
> > > > > > > > i
> > > > > > > > nf
> > > > > > > > --
> > > > > > > > 2.34.1
> > > > > > >
> > > > > > > -The information contained in this message may be
> > > > > > > confidential and
> > > > > > proprietary
> > > > > > > to American Megatrends (AMI). This communication is intended
> > > > > > > to be read
> > > > > > only by
> > > > > > > the individual or entity to whom it is addressed or by their
> > > > > > > designee. If the
> > > > > > reader
> > > > > > > of this message is not the intended recipient, you are on
> > > > > > > notice that any distribution of this message, in any form,
> > > > > > > is strictly prohibited. Please
> > > > > > promptly
> > > > > > > notify the sender by reply e-mail or by telephone at
> > > > > > > 770-246-8600, and
> > > > > > then
> > > > > > > delete or destroy all copies of the transmission.
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > > -The information contained in this message may be confidential and
> > > > proprietary to American Megatrends (AMI). This communication is
> > > > intended to be read only by the individual or entity to whom it is
> > > > addressed or by their designee. If the reader of this message is
> > > > not the intended recipient, you are on notice that any
> > > > distribution of this message, in any form, is strictly prohibited.
> > > > Please promptly notify the sender by reply e-mail or by telephone
> > > > at 770-246-8600, and
> > then
> > > delete or destroy all copies of the transmission.
-The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118956): https://edk2.groups.io/g/devel/message/118956
Mute This Topic: https://groups.io/mt/105596648/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg: introduce RedfishBootstrapAccountDxe
2024-05-16 11:33 ` Igor Kulchytskyy via groups.io
@ 2024-05-17 7:17 ` Nickle Wang via groups.io
0 siblings, 0 replies; 13+ messages in thread
From: Nickle Wang via groups.io @ 2024-05-17 7:17 UTC (permalink / raw)
To: Igor Kulchytskyy, Chang, Abner, devel@edk2.groups.io; +Cc: Nick Ramirez
Hi Igor,
Thanks for your idea. This sounds feasible to me. Let me try to test it on my system.
Regards,
Nickle
> -----Original Message-----
> From: Igor Kulchytskyy <igork@ami.com>
> Sent: Thursday, May 16, 2024 7:34 PM
> To: Nickle Wang <nicklew@nvidia.com>; Chang, Abner
> <Abner.Chang@amd.com>; devel@edk2.groups.io
> Cc: Nick Ramirez <nramirez@nvidia.com>
> Subject: RE: [EXTERNAL] RE: [edk2-devel] [edk2-redfish-client][PATCH]
> RedfishClientPkg: introduce RedfishBootstrapAccountDxe
>
> External email: Use caution opening links or attachments
>
>
> We can have some protocol where all Redfish clients register saying that they are
> using the bootstrap credentials.
> And when they finish their job they notify RedfishBootstrapAccountDxe driver and
> when all of registered modules finish their job RedfishBootstrapAccountDxe driver
> delete the account.
> Thank you,
> Igor
>
> -----Original Message-----
> From: Nickle Wang <nicklew@nvidia.com>
> Sent: Wednesday, May 15, 2024 11:10 PM
> To: Chang, Abner <Abner.Chang@amd.com>; Igor Kulchytskyy <igork@ami.com>;
> devel@edk2.groups.io
> Cc: Nick Ramirez <nramirez@nvidia.com>
> Subject: RE: [EXTERNAL] RE: [edk2-devel] [edk2-redfish-client][PATCH]
> RedfishClientPkg: introduce RedfishBootstrapAccountDxe
>
> > RedfishFeatureCore could be one of the Redfish clients, delete the
> > credential from Redfish account service in RedfishFeatureCore
> > lifecycle may impact other Redfish clients that still need the communication
> with Redfish service, right?
>
> When all Redfish clients are managed by RedfishFeatureCore, I think we don't
> have such case. And this may be a good reason to keep it in RedfishClientPkg. This
> driver offers a way for BIOS to delete bootstrapping account at BMC after
> everything is done. Platform owner can decide to include this driver or not
> depending on the Redfish design in system.
>
> Regards,
> Nickle
>
> > -----Original Message-----
> > From: Chang, Abner <Abner.Chang@amd.com>
> > Sent: Thursday, May 16, 2024 10:41 AM
> > To: Nickle Wang <nicklew@nvidia.com>; Igor Kulchytskyy
> > <igork@ami.com>; devel@edk2.groups.io
> > Cc: Nick Ramirez <nramirez@nvidia.com>
> > Subject: RE: [EXTERNAL] RE: [edk2-devel] [edk2-redfish-client][PATCH]
> > RedfishClientPkg: introduce RedfishBootstrapAccountDxe
> >
> > External email: Use caution opening links or attachments
> >
> >
> > [AMD Official Use Only - General]
> >
> > I think we probably overlook some use cases. Multiple edk2 Redfish
> > applications running simultaneously is allowed from the design
> > perspective. However, we centralized GetAuthInfo in
> > RedfishPlatformCredentialLib for all of edk2 Redfish client entities
> > to leverage the same credential stored in EFI variable. This way we
> > can limit the process of acquiring credential to only one time Redfish IPMI
> bootstrap command sent to BMC.
> > RedfishFeatureCore could be one of the Redfish clients, delete the
> > credential from Redfish account service in RedfishFeatureCore
> > lifecycle may impact other Redfish clients that still need the communication
> with Redfish service, right?
> >
> > Thanks
> > Abner
> >
> > > -----Original Message-----
> > > From: Nickle Wang <nicklew@nvidia.com>
> > > Sent: Thursday, May 16, 2024 9:38 AM
> > > To: Chang, Abner <Abner.Chang@amd.com>; Igor Kulchytskyy
> > > <igork@ami.com>; devel@edk2.groups.io
> > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > Subject: RE: [EXTERNAL] RE: [edk2-devel]
> > > [edk2-redfish-client][PATCH]
> > > RedfishClientPkg: introduce RedfishBootstrapAccountDxe
> > >
> > > [AMD Official Use Only - General]
> > >
> > > Caution: This message originated from an External Source. Use proper
> > > caution when opening attachments, clicking links, or responding.
> > >
> > >
> > > Hi Igor, Abner,
> > >
> > > > Maybe we should consider moving RedfishBootstrapAccountDxe driver
> > > > to
> > > RedfishPkg and have some register mechanism which will be used by
> > > interested drivers to notify that they finished their job and after
> > > that RedfishBootstrapAccountDxe driver would delete an account.
> > >
> > > You are saying the mechanism in runtime, right? In current design,
> > > RedfishFeatureCore driver will send "after provisioning" signal to
> > > notify this driver to delete bootstrapping account. This makes sure
> > > that all feature drivers are done with their jobs, so this driver is
> > > safe to delete bootstrapping account at BMC.
> > >
> > > If we move it to RedfishPkg, there is no such centralized Redfish
> > > driver managing Redfish stuff. How does a particular driver know
> > > that there is no other driver running Redfish stuff after it? The
> > > way I can think of now is to rely on EDK2 ready-to-boot event as the
> > > signal to do the notification, since there is not supposed to have
> > > Redfish driver running
> > jobs after this event...
> > >
> > > Regards,
> > > Nickle
> > >
> > > > -----Original Message-----
> > > > From: Chang, Abner <Abner.Chang@amd.com>
> > > > Sent: Thursday, May 16, 2024 9:06 AM
> > > > To: Igor Kulchytskyy <igork@ami.com>; Nickle Wang
> > > > <nicklew@nvidia.com>; devel@edk2.groups.io
> > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > Subject: RE: [EXTERNAL] RE: [edk2-devel]
> > > > [edk2-redfish-client][PATCH]
> > > > RedfishClientPkg: introduce RedfishBootstrapAccountDxe
> > > >
> > > > External email: Use caution opening links or attachments
> > > >
> > > >
> > > > [AMD Official Use Only - General]
> > > >
> > > > HI Igor,
> > > > This sounds to me reasonable to me. As you mentioned, RedfishPkg
> > > > was
> > > designed
> > > > to support multiple Redfish applications and RedfishClientPkg is
> > > > just one of
> > > them. I
> > > > think we can review the implementation of acquiring/deleting credential.
> > > >
> > > > Thanks
> > > > Abner
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: Igor Kulchytskyy <igork@ami.com>
> > > > > Sent: Wednesday, May 15, 2024 11:02 PM
> > > > > To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io;
> > > > > Chang, Abner <Abner.Chang@amd.com>
> > > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > > Subject: RE: [EXTERNAL] RE: [edk2-devel]
> > > > > [edk2-redfish-client][PATCH]
> > > > > RedfishClientPkg: introduce RedfishBootstrapAccountDxe
> > > > >
> > > > > [AMD Official Use Only - General]
> > > > >
> > > > > Caution: This message originated from an External Source. Use
> > > > > proper caution when opening attachments, clicking links, or responding.
> > > > >
> > > > >
> > > > > Hi Nickle,
> > > > > I have one more question to discuss regarding this driver.
> > > > > We have a bootstrap account and creation of this account
> > > > > controlled by RedfishCredentialDxe driver in RedfishPkg.
> > > > > But deletion of that bootstrap account is moved to RedfishClientPkg.
> > > > > What if we have another Redfish Client or some customer service
> > > > > which uses RedfishPkg for the communication.
> > > > > Architecturally it is allowed.
> > > > > But then RedfishBootstrapAccountDxe module would delete account
> > > > > just based on the RedfishClientPkg needs.
> > > > > Maybe we should consider moving RedfishBootstrapAccountDxe
> > > > > driver to RedfishPkg and have some register mechanism which will
> > > > > be used by interested drivers to notify that they finished their
> > > > > job and after that RedfishBootstrapAccountDxe driver would delete an
> account.
> > > > > What do you think?
> > > > > Thank you,
> > > > > Igor
> > > > >
> > > > > -----Original Message-----
> > > > > From: Nickle Wang <nicklew@nvidia.com>
> > > > > Sent: Tuesday, May 14, 2024 8:40 AM
> > > > > To: devel@edk2.groups.io; abner.chang@amd.com; Igor Kulchytskyy
> > > > > <igork@ami.com>
> > > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > > Subject: [EXTERNAL] RE: [edk2-devel]
> > > > > [edk2-redfish-client][PATCH]
> > > > > RedfishClientPkg: introduce RedfishBootstrapAccountDxe
> > > > >
> > > > >
> > > > > **CAUTION: The e-mail below is from an external source. Please
> > > > > exercise caution before opening attachments, clicking links, or
> > > > > following guidance.**
> > > > >
> > > > > Hi Abner,
> > > > >
> > > > > > Ok, then I don't have the problem with invoking GetAuthInfo again.
> > > > > However, I
> > > > > > will suggest to add more description in GetAuthInfo function
> > > > > > header,
> > > > > mention that
> > > > > > we will keep the auth info in EFI variable until exist boot service.
> > > > > > Also, give some more descriptions on the code you invoke to
> > > GetAuthInfo.
> > > > >
> > > > > Thanks for your comment. I add descriptions to explain above
> > > > > before calling GetAuthInfo(). Version 2 path is here:
> > > > >
> > > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fed
> > > k%25
> > >
> >
> 2F&data=05%7C02%7Cnicklew%40nvidia.com%7C77f28b71f7a9495ddbb308dc7
> > 551a
> > >
> >
> 632%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638514240788650
> > 508%7C
> > >
> >
> Unknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6I
> > k1h
> > >
> >
> aWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=zGjzjMdGhyaOdjd56WA34xO
> > 3vKD%2FMa
> > > fSZNq0db9fo7k%3D&reserved=0
> > > 2
> > > >
> > > > .groups.io%2Fg%2Fdevel%2Fmessage%2F118889&data=05%7C02%7Cnick
> > > lew
> > > > %40nvi
> > > > >
> > > >
> > > dia.com%7C10ec4812a68a434b806008dc75445994%7C43083d15727340c
> > > 1b7db
> > > > 39efd
> > > > >
> > > >
> > > 9ccc17a%7C0%7C0%7C638514183674607956%7CUnknown%7CTWFpbGZs
> > > b3d8
> > > > eyJWIjoiM
> > > > >
> > > >
> > > C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7
> > > C%7
> > > > C%7C
> > > > >
> > > >
> > > &sdata=GNlisCnBmVQRhCLTxICGDsArv%2B64lC%2BkktUMi8Yg%2BJM%3D&r
> > > ese
> > > > rved=0
> > > > >
> > > > > Regards,
> > > > > Nickle
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> > > > > > Chang,
> > > > > Abner
> > > > > > via groups.io
> > > > > > Sent: Tuesday, April 23, 2024 3:42 PM
> > > > > > To: Nickle Wang <nicklew@nvidia.com>; Igor Kulchytskyy
> > > > > > <igork@ami.com>; devel@edk2.groups.io
> > > > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > > > Subject: Re: [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg:
> > > > > > introduce RedfishBootstrapAccountDxe
> > > > > >
> > > > > > External email: Use caution opening links or attachments
> > > > > >
> > > > > >
> > > > > > [AMD Official Use Only - General]
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Nickle Wang <nicklew@nvidia.com>
> > > > > > > Sent: Tuesday, April 23, 2024 3:09 PM
> > > > > > > To: Igor Kulchytskyy <igork@ami.com>; Chang, Abner
> > > > > > > <Abner.Chang@amd.com>; devel@edk2.groups.io
> > > > > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > > > > Subject: RE: [EXTERNAL] RE: [edk2-redfish-client][PATCH]
> > > > > RedfishClientPkg:
> > > > > > > introduce RedfishBootstrapAccountDxe
> > > > > > >
> > > > > > > [AMD Official Use Only - General]
> > > > > > >
> > > > > > > Caution: This message originated from an External Source.
> > > > > > > Use proper caution when opening attachments, clicking links,
> > > > > > > or
> > > responding.
> > > > > > >
> > > > > > >
> > > > > > > Hi Igor, Abner,
> > > > > > >
> > > > > > > Thanks for your review. Please allow me to answer your
> > > > > > > questions
> > > > > together.
> > > > > > >
> > > > > > > > 1. We suppose acquire the credential before we start to
> > > > > > > > communicate with
> > > > > > > Redfish. Will Redfish credential driver create another
> > > > > > > bootstrap account here after provisioning?
> > > > > > > No, according to the RedfishPlatformCredentialIpmiLib
> > > > > > > implementation, Redfish credential driver requests
> > > > > > > credential from BMC and will keep it for later use. So only
> > > > > > > one credential is requested for BIOS Redfish feature drivers
> > > > > > > during POST
> > time.
> > > > > > Ok, then I don't have the problem with invoking GetAuthInfo again.
> > > > > However, I
> > > > > > will suggest to add more description in GetAuthInfo function
> > > > > > header,
> > > > > mention that
> > > > > > we will keep the auth info in EFI variable until exist boot service.
> > > > > > Also, give some more descriptions on the code you invoke to
> > > GetAuthInfo.
> > > > > >
> > > > > > >
> > > > > > > > 2. And why do we delete the credential after provisioning?
> > > > > > > > How about the
> > > > > > > later Redfish property updating process?
> > > > > > > In this driver, we listen to "AfterProvisioning" event. And
> > > > > > > this is the event triggered after Redfish feature driver finish all jobs.
> > > > > > > There is no feature driver which gets executed after this event.
> > > > > > > And since we finished all Redfish operations, we remove this
> > > > > > > account
> > > on
> > > > BMC.
> > > > > > Then this makes sense to me now.
> > > > > >
> > > > > > >
> > > > > > > > Why do we need to delete those credentials? According to
> > > > > > > > spec BMC should
> > > > > > > delete the bootstrap credentials automatically on host or service reset.
> > > > > > > Yes, bootstrap credentials get deleted on host reset. In
> > > > > > > practice, server in datacenter usually takes long time
> > > > > > > running under OS before it gets
> > > > > > rebooted.
> > > > > > > The bootstrap credentials are exposed to end user at
> > > > > > > "/redfish/v1/AccountService/Accounts". I got report that
> > > > > > > there is concern for end user to see this unused account.
> > > > > > This sounds to me reasonable as we will give bootstrap
> > > > > > credential a high
> > > > > privilege
> > > > > > to update Redfish resource. Leave this information in Account
> > > > > > service seems
> > > > > not a
> > > > > > good idea.
> > > > > >
> > > > > > Thanks
> > > > > > Abner
> > > > > >
> > > > > > >
> > > > > > > So, I create this driver to allows us to remove bootstrap
> > > > > > > account at BMC after we finish Redfish jobs. And this also
> > > > > > > release the BMC account resource since this account won't be
> > > > > > > used for a long period of
> > > > > time.
> > > > > > >
> > > > > > > Regards,
> > > > > > > Nickle
> > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: Igor Kulchytskyy <igork@ami.com>
> > > > > > > > Sent: Monday, April 22, 2024 11:03 PM
> > > > > > > > To: Chang, Abner <Abner.Chang@amd.com>; Nickle Wang
> > > > > > > > <nicklew@nvidia.com>; devel@edk2.groups.io
> > > > > > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > > > > > Subject: RE: [EXTERNAL] RE: [edk2-redfish-client][PATCH]
> > > > > RedfishClientPkg:
> > > > > > > > introduce RedfishBootstrapAccountDxe
> > > > > > > >
> > > > > > > > External email: Use caution opening links or attachments
> > > > > > > >
> > > > > > > >
> > > > > > > > Hi Nickle and Abner,
> > > > > > > > I also have the same question as Abner.
> > > > > > > > Why do we need to delete those credentials?
> > > > > > > > According to spec BMC should delete the bootstrap
> > > > > > > > credentials automatically
> > > > > > > on
> > > > > > > > host or service reset.
> > > > > > > > Thank you,
> > > > > > > > Igor
> > > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: Chang, Abner <Abner.Chang@amd.com>
> > > > > > > > Sent: Sunday, April 21, 2024 10:25 PM
> > > > > > > > To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io
> > > > > > > > Cc: Igor Kulchytskyy <igork@ami.com>; Nick Ramirez
> > > > > > > <nramirez@nvidia.com>
> > > > > > > > Subject: [EXTERNAL] RE: [edk2-redfish-client][PATCH]
> > > RedfishClientPkg:
> > > > > > > > introduce RedfishBootstrapAccountDxe
> > > > > > > >
> > > > > > > >
> > > > > > > > **CAUTION: The e-mail below is from an external source.
> > > > > > > > Please exercise caution before opening attachments,
> > > > > > > > clicking links, or following guidance.**
> > > > > > > >
> > > > > > > > [AMD Official Use Only - General]
> > > > > > > >
> > > > > > > > Hi Nickle,
> > > > > > > > One comment and few questions,
> > > > > > > >
> > > > > > > > > -----Original Message-----
> > > > > > > > > From: Nickle Wang <nicklew@nvidia.com>
> > > > > > > > > Sent: Thursday, April 18, 2024 8:28 PM
> > > > > > > > > To: devel@edk2.groups.io
> > > > > > > > > Cc: Chang, Abner <Abner.Chang@amd.com>; Igor Kulchytskyy
> > > > > > > > > <igork@ami.com>; Nick Ramirez <nramirez@nvidia.com>
> > > > > > > > > Subject: [edk2-redfish-client][PATCH] RedfishClientPkg:
> > > > > > > > > introduce RedfishBootstrapAccountDxe
> > > > > > > > >
> > > > > > > > > Caution: This message originated from an External Source.
> > > > > > > > > Use proper caution when opening attachments, clicking
> > > > > > > > > links, or
> > > > > responding.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > -Introduce RedfishBootstrapAccountDxe to delete
> > > > > > > > > bootstrap account from
> > > > > > > > > /redfish/v1/AccountService/Accounts after BIOS finished
> > > > > > > > > all Redfish jobs. The bootstrap account won't be
> > > > > > > > > available to other
> > > > > application.
> > > > > > > > > So deleting bootstrap account helps to release resource at BMC.
> > > > > > > > > - After bootstrap account is deleted at BMC, the Redfish
> > > > > > > > > service instance is no longer usable. Close Redfish
> > > > > > > > > service instance to release the HTTP connection between
> > > > > > > > > BIOS and
> > BMC.
> > > > > > > > >
> > > > > > > > > Signed-off-by: Nickle Wang <nicklew@nvidia.com>
> > > > > > > > > Cc: Abner Chang <abner.chang@amd.com>
> > > > > > > > > Cc: Igor Kulchytskyy <igork@ami.com>
> > > > > > > > > Cc: Nick Ramirez <nramirez@nvidia.com>
> > > > > > > > > ---
> > > > > > > > > .../RedfishClientComponents.dsc.inc | 1 +
> > > > > > > > > .../RedfishBootstrapAccountDxe.inf | 53 +++
> > > > > > > > > .../RedfishBootstrapAccountDxe.h | 58 ++++
> > > > > > > > > .../RedfishBootstrapAccountDxe.c | 328
> > > ++++++++++++++++++
> > > > > > > > > RedfishClientPkg/RedfishClient.fdf.inc | 1 +
> > > > > > > > > 5 files changed, 441 insertions(+) create mode 100644
> > > > > > > > >
> > > > > > >
> > > > >
> > > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > xe
> > > > > > > > > .inf
> > > > > > > > > create mode 100644
> > > > > > > > >
> > > > > > >
> > > > >
> > > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > xe
> > > > > > > > > .h
> > > > > > > > > create mode 100644
> > > > > > > > >
> > > > > > >
> > > > >
> > > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > xe
> > > > > > > > > .c
> > > > > > > > >
> > > > > > > > > diff --git
> > > > > > > > > a/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > > > > > > b/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > > > > > > index 42fc0c299..fe5248b62 100644
> > > > > > > > > --- a/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > > > > > > +++ b/RedfishClientPkg/RedfishClientComponents.dsc.inc
> > > > > > > > > @@ -20,6 +20,7 @@
> > > > > > > > >
> > > > > RedfishClientPkg/HiiToRedfishMemoryDxe/HiiToRedfishMemoryDxe.inf
> > > > > > > > >
> > > > > > > > > RedfishClientPkg/HiiToRedfishBootDxe/HiiToRedfishBootDxe
> > > > > > > > > .i
> > > > > > > > > nf
> > > > > > > > >
> > > > > > > > > RedfishClientPkg/HiiToRedfishBiosDxe/HiiToRedfishBiosDxe
> > > > > > > > > .i
> > > > > > > > > nf
> > > > > > > > > +
> > > > > > > > >
> > > > > > >
> > > > >
> > > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > xe
> > > > > > > > > .inf
> > > > > > > > > !endif
> > > > > > > > > #
> > > > > > > > > # Below two modules should be pulled in by build tool.
> > > > > > > > > diff --git
> > > > > > > > >
> > > > > > >
> > > > >
> > > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccoun
> > > tD
> > > > > > > > > xe.in
> > > > > > > > > f
> > > > > > > > >
> > > > > > >
> > > > >
> > > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccoun
> > > tD
> > > > > > > > > xe.in
> > > > > > > > > f
> > > > > > > > > new file mode 100644
> > > > > > > > > index 000000000..4073e95f4
> > > > > > > > > --- /dev/null
> > > > > > > > > +++
> > > > > > > > >
> > > > > > >
> > > > >
> > > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccoun
> > > tD
> > > > > > > > > xe.in
> > > > > > > > > f
> > > > > > > > > @@ -0,0 +1,53 @@
> > > > > > > > > +## @file
> > > > > > > > > +# This driver deletes bootstrap account in BMC after
> > > > > > > > > +BIOS Redfish finished # all jobs # # (C) Copyright
> > > > > > > > > +2021 Hewlett Packard Enterprise Development LP<BR> #
> > > > > > > > > +Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES.
> > > > > > > > > +All rights
> > reserved.
> > > > > > > >
> > > > > > > >
> > > > > > > > Not sure if you want to update the copyright to 2024.
> > > > > > > >
> > > > > > > >
> > > > > > > > > +#
> > > > > > > > > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ##
> > > > > > > > > +
> > > > > > > > > +[Defines]
> > > > > > > > > + INF_VERSION = 0x0001000b
> > > > > > > > > + BASE_NAME = RedfishBootstrapAccountDxe
> > > > > > > > > + FILE_GUID = 87555253-2F7E-45FC-B469-
> FD35B2E51210
> > > > > > > > > + MODULE_TYPE = DXE_DRIVER
> > > > > > > > > + VERSION_STRING = 1.0
> > > > > > > > > + ENTRY_POINT = RedfishBootstrapAccountEntryPoint
> > > > > > > > > + UNLOAD_IMAGE = RedfishBootstrapAccountUnload
> > > > > > > > > +
> > > > > > > > > +[Packages]
> > > > > > > > > + MdePkg/MdePkg.dec
> > > > > > > > > + MdeModulePkg/MdeModulePkg.dec
> > > > > > > > > + RedfishPkg/RedfishPkg.dec
> > > > > > > > > + RedfishClientPkg/RedfishClientPkg.dec
> > > > > > > > > +
> > > > > > > > > +[Sources]
> > > > > > > > > + RedfishBootstrapAccountDxe.h
> > > > > > > > > + RedfishBootstrapAccountDxe.c
> > > > > > > > > +
> > > > > > > > > +[LibraryClasses]
> > > > > > > > > + BaseLib
> > > > > > > > > + BaseMemoryLib
> > > > > > > > > + DebugLib
> > > > > > > > > + MemoryAllocationLib
> > > > > > > > > + PrintLib
> > > > > > > > > + RedfishEventLib
> > > > > > > > > + RedfishFeatureUtilityLib
> > > > > > > > > + RedfishDebugLib
> > > > > > > > > + RedfishVersionLib
> > > > > > > > > + RedfishHttpLib
> > > > > > > > > + UefiLib
> > > > > > > > > + UefiBootServicesTableLib
> > > > > > > > > + UefiRuntimeServicesTableLib
> > > > > > > > > + UefiDriverEntryPoint
> > > > > > > > > +
> > > > > > > > > +[Protocols]
> > > > > > > > > + gEdkIIRedfishConfigHandlerProtocolGuid ## CONSUMES ##
> > > > > > > > > + gEdkIIRedfishCredentialProtocolGuid ## CONSUMES ##
> > > > > > > > > + gEfiRestExProtocolGuid ## CONSUMES ##
> > > > > > > > > +
> > > > > > > > > +[Depex]
> > > > > > > > > + gEdkIIRedfishCredentialProtocolGuid
> > > > > > > > > diff --git
> > > > > > > > >
> > > > > > >
> > > > >
> > > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccoun
> > > tD
> > > > > > > > > xe.h
> > > > > > > > >
> > > > > > >
> > > > >
> > > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccoun
> > > tD
> > > > > > > > > xe.h
> > > > > > > > > new file mode 100644
> > > > > > > > > index 000000000..5262f1e6b
> > > > > > > > > --- /dev/null
> > > > > > > > > +++
> > > > > > > > >
> > > > > > >
> > > > >
> > > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccoun
> > > tD
> > > > > > > > > xe.h
> > > > > > > > > @@ -0,0 +1,58 @@
> > > > > > > > > +/** @file
> > > > > > > > > + Common header file for RedfishBootstrapAccountDxe driver.
> > > > > > > > > +
> > > > > > > > > + (C) Copyright 2021-2022 Hewlett Packard Enterprise
> > > > > > > > > + Development LP<BR> Copyright (c) 2023, NVIDIA
> > > > > > > > > + CORPORATION
> > > &
> > > > > > > > > + AFFILIATES. All
> > > > > > > rights
> > > > > > > > reserved.
> > > > > > > > > +
> > > > > > > > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > > > > > > +
> > > > > > > > > +**/
> > > > > > > > > +
> > > > > > > > > +#ifndef REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_ #define
> > > > > > > > > +REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_
> > > > > > > > > +
> > > > > > > > > +#include <Uefi.h>
> > > > > > > > > +#include <RedfishBase.h>
> > > > > > > > > +
> > > > > > > > > +//
> > > > > > > > > +// Libraries
> > > > > > > > > +//
> > > > > > > > > +#include <Library/BaseLib.h> #include
> > > > > > > > > +<Library/BaseMemoryLib.h> #include <Library/DebugLib.h>
> > > > > > > > > +
> > > > > > > > > +#include <Library/MemoryAllocationLib.h> #include
> > > > > > > > > +<Library/PrintLib.h> #include
> > > > > > > > > +<Library/RedfishEventLib.h> #include
> > > > > > > > > +<Library/RedfishFeatureUtilityLib.h>
> > > > > > > > > +#include <Library/RedfishDebugLib.h> #include
> > > > > > > > > +<Library/RedfishVersionLib.h> #include
> > > > > > > > > +<Library/RedfishHttpLib.h> #include
> > > > > > > > > +<Library/UefiBootServicesTableLib.h>
> > > > > > > > > +#include <Library/UefiDriverEntryPoint.h> #include
> > > > > > > > > +<Library/UefiLib.h> #include
> > > > > > > > > +<Library/UefiRuntimeServicesTableLib.h>
> > > > > > > > > +
> > > > > > > > > +#include <Protocol/EdkIIRedfishConfigHandler.h>
> > > > > > > > > +#include <Protocol/EdkIIRedfishCredential.h>
> > > > > > > > > +#include <Protocol/RestEx.h>
> > > > > > > > > +
> > > > > > > > > +#define REDFISH_BOOTSTRAP_ACCOUNT_DEBUG
> > > > > DEBUG_VERBOSE
> > > > > > > > > +#define REDFISH_MANAGER_ACCOUNT_COLLECTION_URI
> > > > > > > > > L"AccountService/Accounts"
> > > > > > > > > +#define REDFISH_URI_LENGTH 128
> > > > > > > > > +
> > > > > > > > > +//
> > > > > > > > > +// Definitions of REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE //
> > > > > > > > > +typedef
> > > > > > > struct
> > > > > > > > > +{
> > > > > > > > > + EFI_HANDLE ImageHandle;
> > > > > > > > > + EFI_HANDLE RestExHandle;
> > > > > > > > > + REDFISH_SERVICE RedfishService;
> > > > > > > > > + EFI_EVENT RedfishEvent;
> > > > > > > > > + EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL Protocol;
> > > > > > > > > +} REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE;
> > > > > > > > > +
> > > > > > > > > +#define
> > > > > > > REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL(This) \
> > > > > > > > > + BASE_CR ((This),
> > > > > > > > > +REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE,
> > > > > > > > > +Protocol)
> > > > > > > > > +
> > > > > > > > > +#endif
> > > > > > > > > diff --git
> > > > > > > > >
> > > > > > >
> > > > >
> > > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccoun
> > > tD
> > > > > > > > > xe.c
> > > > > > > > >
> > > > > > >
> > > > >
> > > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccoun
> > > tD
> > > > > > > > > xe.c
> > > > > > > > > new file mode 100644
> > > > > > > > > index 000000000..6fe4856f8
> > > > > > > > > --- /dev/null
> > > > > > > > > +++
> > > > > > > > >
> > > > > > >
> > > > >
> > > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccoun
> > > tD
> > > > > > > > > xe.c
> > > > > > > > > @@ -0,0 +1,328 @@
> > > > > > > > > +/** @file
> > > > > > > > > + This driver deletes bootstrap account in BMC after
> > > > > > > > > +BIOS Redfish finished
> > > > > > > > > + all jobs.
> > > > > > > > > +
> > > > > > > > > + (C) Copyright 2021-2022 Hewlett Packard Enterprise
> > > > > > > > > + Development LP<BR> Copyright (c) 2023, NVIDIA
> > > > > > > > > + CORPORATION
> > > &
> > > > > > > > > + AFFILIATES. All
> > > > > > > rights
> > > > > > > > reserved.
> > > > > > > > > +
> > > > > > > > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > > > > > > +
> > > > > > > > > +**/
> > > > > > > > > +
> > > > > > > > > +#include "RedfishBootstrapAccountDxe.h"
> > > > > > > > > +
> > > > > > > > > +REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *mBootstrapPrivate
> =
> > > > > NULL;
> > > > > > > > > +
> > > > > > > > > +/**
> > > > > > > > > + Close Redfish service instance by calling RestEx
> > > > > > > > > +protocol to release
> > > > > > > instance.
> > > > > > > > > +
> > > > > > > > > + @param[in] RestExHandle Handle of RestEx protocol.
> > > > > > > > > +
> > > > > > > > > + @retval EFI_SUCCESS The Redfish service is closed
> > > successfully.
> > > > > > > > > + @retval EFI_INVALID_PARAMETER RestExHandle is NULL.
> > > > > > > > > + @retval Others Error occurs.
> > > > > > > > > +
> > > > > > > > > +**/
> > > > > > > > > +EFI_STATUS
> > > > > > > > > +CloseRedfishService (
> > > > > > > > > + IN EFI_HANDLE RestExHandle
> > > > > > > > > + )
> > > > > > > > > +{
> > > > > > > > > + EFI_REST_EX_PROTOCOL *RestEx;
> > > > > > > > > + EFI_STATUS Status;
> > > > > > > > > +
> > > > > > > > > + if (RestExHandle == NULL) {
> > > > > > > > > + return EFI_INVALID_PARAMETER; }
> > > > > > > > > +
> > > > > > > > > + Status = gBS->HandleProtocol (
> > > > > > > > > + RestExHandle,
> > > > > > > > > + &gEfiRestExProtocolGuid,
> > > > > > > > > + (VOID **)&RestEx
> > > > > > > > > + );
> > > > > > > > > + if (!EFI_ERROR (Status)) {
> > > > > > > > > + Status = RestEx->Configure (RestEx, NULL);
> > > > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a:
> > > > > > > > > + release
> > > > > RestEx
> > > > > > > > > instance: %r\n", __func__, Status));
> > > > > > > > > + }
> > > > > > > > > +
> > > > > > > > > + return Status;
> > > > > > > > > +}
> > > > > > > > > +
> > > > > > > > > +/**
> > > > > > > > > + Callback function executed when the AfterProvisioning
> > > > > > > > > +event group is
> > > > > > > > > signaled.
> > > > > > > > > +
> > > > > > > > > + @param[in] Event Event whose notification function is being
> > > > > invoked.
> > > > > > > > > + @param[out] Context Pointer to the Context buffer
> > > > > > > > > +
> > > > > > > > > +**/
> > > > > > > > > +VOID
> > > > > > > > > +EFIAPI
> > > > > > > > > +RedfishBootstrapAccountOnRedfishAfterProvisioning (
> > > > > > > > > + IN EFI_EVENT Event,
> > > > > > > > > + OUT VOID *Context
> > > > > > > > > + )
> > > > > > > > > +{
> > > > > > > > > + EFI_STATUS Status;
> > > > > > > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > > > > > > > > + EDKII_REDFISH_CREDENTIAL_PROTOCOL *credentialProtocol;
> > > > > > > > > + EDKII_REDFISH_AUTH_METHOD AuthMethod;
> > > > > > > > > + CHAR8 *AccountName;
> > > > > > > > > + CHAR8 *AccountCredential;
> > > > > > > > > + CHAR16 TargetUri[REDFISH_URI_LENGTH];
> > > > > > > > > + CHAR16 *RedfishVersion;
> > > > > > > > > + REDFISH_RESPONSE RedfishResponse;
> > > > > > > > > +
> > > > > > > > > + RedfishVersion = NULL;
> > > > > > > > > +
> > > > > > > > > + Private = (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE
> > > > > > > > > + *)Context;
> > > if
> > > > > > > > > + ((Private == NULL) || (Private->RedfishService == NULL)) {
> > > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: Redfish service is not
> > > > > > > > > + available\n",
> > > > > > > > > __func__));
> > > > > > > > > + return;
> > > > > > > > > + }
> > > > > > > > > +
> > > > > > > > > + //
> > > > > > > > > + // Locate Redfish Credential Protocol to get
> > > > > > > > > + credential for // accessing to Redfish service.
> > > > > > > > > + //
> > > > > > > > > + Status = gBS->LocateProtocol (
> > > > > > > > > + &gEdkIIRedfishCredentialProtocolGuid,
> > > > > > > > > + NULL,
> > > > > > > > > + (VOID **)&credentialProtocol
> > > > > > > > > + );
> > > > > > > > > + if (EFI_ERROR (Status)) {
> > > > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: No
> > > Redfish
> > > > > > > > > Credential Protocol is installed on system.",
> > > > > > > > > __func__));
> > > > > > > > > + return;
> > > > > > > > > + }
> > > > > > > > > +
> > > > > > > > > + Status = credentialProtocol->GetAuthInfo (
> > > > > > > > > + credentialProtocol,
> > > > > > > > > + &AuthMethod,
> > > > > > > > > + &AccountName,
> > > > > > > > > + &AccountCredential
> > > > > > > > > + );
> > > > > > > >
> > > > > > > > HI Nickle, I am not quite understand why do we acquire a
> > > > > > > > credential here but delete it from the Redfish account
> > > > > > > > service here
> > > after
> > > > provision.
> > > > > > > > 1. We suppose acquire the credential before we start to
> > > > > > > > communicate with Redfish. Will Redfish credential driver
> > > > > > > > create another bootstrap account here after provisioning?
> > > > > > > > 2. And why do we delete the credential after provisioning?
> > > > > > > > How about the
> > > > > > > later
> > > > > > > > Redfish property updating process?
> > > > > > > > Or do I misunderstand the code logic?
> > > > > > > >
> > > > > > > > Regards,
> > > > > > > > Abner
> > > > > > > >
> > > > > > > > > + if (EFI_ERROR (Status)) {
> > > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not get bootstrap
> > > > > > > > > + account
> > > > > > > information:
> > > > > > > > > %r\n", __func__, Status));
> > > > > > > > > + return;
> > > > > > > > > + }
> > > > > > > > > +
> > > > > > > > > + //
> > > > > > > > > + // Carving the URI
> > > > > > > > > + //
> > > > > > > > > + RedfishVersion = RedfishGetVersion
> > > > > > > > > + (Private->RedfishService); if (RedfishVersion == NULL) {
> > > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not get Redfish
> > > > > > > > > + version\n",
> > > > > > > __func__));
> > > > > > > > > + return;
> > > > > > > > > + }
> > > > > > > > > +
> > > > > > > > > + UnicodeSPrint (TargetUri, (sizeof (CHAR16) *
> > > > > > > > > + REDFISH_URI_LENGTH),
> > > > > > > > > L"%s%s/%a", RedfishVersion,
> > > > > > > > REDFISH_MANAGER_ACCOUNT_COLLECTION_URI,
> > > > > > > > > AccountName);
> > > > > > > > > +
> > > > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a:
> > > bootstrap
> > > > > > > account:
> > > > > > > > > %a\n", __func__, AccountName));
> > > > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a:
> > > bootstrap
> > > > > > > > > credential: %a\n", __func__, AccountCredential));
> > > > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a:
> > > bootstrap
> > > > > URI:
> > > > > > > > > %s\n", __func__, TargetUri));
> > > > > > > > > +
> > > > > > > > > + //
> > > > > > > > > + // Remove bootstrap account at
> > > > > > > > > + /redfish/v1/AccountService/Account
> > > > > > > > > + //
> > > > > > > > > + ZeroMem (&RedfishResponse, sizeof
> > > > > > > > > + (REDFISH_RESPONSE)); Status = RedfishHttpDeleteResource (
> > > > > > > > > + Private->RedfishService,
> > > > > > > > > + TargetUri,
> > > > > > > > > + &RedfishResponse
> > > > > > > > > + );
> > > > > > > > > + if (EFI_ERROR (Status)) {
> > > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not remove bootstrap
> > > > > > > > > + account at
> > > > > > > BMC:
> > > > > > > > > %r", __func__, Status));
> > > > > > > > > + DumpRedfishResponse (__func__, DEBUG_ERROR,
> > > > > > > &RedfishResponse); }
> > > > > > > > > + else {
> > > > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a:
> > > bootstrap
> > > > > > > > account:
> > > > > > > > > %a is removed from: %s\n", __func__, AccountName,
> > > > > > > > > REDFISH_MANAGER_ACCOUNT_COLLECTION_URI));
> > > > > > > > > + }
> > > > > > > > > +
> > > > > > > > > + //
> > > > > > > > > + // Clean credential
> > > > > > > > > + //
> > > > > > > > > + ZeroMem (AccountName, AsciiStrSize (AccountName));
> > > ZeroMem
> > > > > > > > > + (AccountCredential, AsciiStrSize (AccountCredential));
> > > > > > > > > +
> > > > > > > > > + //
> > > > > > > > > + // Since the bootstrap account is deleted at BMC, the
> > > > > > > > > + Redfish service instance
> > > > > > > > > is no longer usable.
> > > > > > > > > + // Close Redfish service instance to release the HTTP
> > > > > > > > > + connection between
> > > > > > > > > BIOS and BMC.
> > > > > > > > > + //
> > > > > > > > > + Status = CloseRedfishService (Private->RestExHandle);
> > > > > > > > > + if (EFI_ERROR (Status)) {
> > > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: cannot close Redfish
> > > > > > > > > + service
> > > instance:
> > > > > > > > > + %r\n",
> > > > > > > > > __func__, Status));
> > > > > > > > > + }
> > > > > > > > > +
> > > > > > > > > + RedfishHttpFreeResponse (&RedfishResponse);
> > > > > > > > > +
> > > > > > > > > + return;
> > > > > > > > > +}
> > > > > > > > > +
> > > > > > > > > +/**
> > > > > > > > > + Initialize a Redfish configure handler.
> > > > > > > > > +
> > > > > > > > > + This function will be called by the Redfish config
> > > > > > > > > + driver to initialize each
> > > > > > > > > Redfish configure
> > > > > > > > > + handler.
> > > > > > > > > +
> > > > > > > > > + @param[in] This Pointer to
> > > > > > > > > EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
> > > > > > > > > + @param[in] RedfishConfigServiceInfo Redfish service
> > > informaiton.
> > > > > > > > > +
> > > > > > > > > + @retval EFI_SUCCESS The handler has been initialized
> > > > > > > successfully.
> > > > > > > > > + @retval EFI_DEVICE_ERROR Failed to create or configure
> > the
> > > > > REST
> > > > > > > EX
> > > > > > > > > protocol instance.
> > > > > > > > > + @retval EFI_ALREADY_STARTED This handler has already
> > been
> > > > > > > > > initialized.
> > > > > > > > > + @retval Other Error happens during the
> initialization.
> > > > > > > > > +
> > > > > > > > > +**/
> > > > > > > > > +EFI_STATUS
> > > > > > > > > +EFIAPI
> > > > > > > > > +RedfishBootstrapAccountInit (
> > > > > > > > > + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This,
> > > > > > > > > + IN REDFISH_CONFIG_SERVICE_INFORMATION
> > > > > > > *RedfishConfigServiceInfo
> > > > > > > > > + )
> > > > > > > > > +{
> > > > > > > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > > > > > > > > +
> > > > > > > > > + Private =
> > > > > REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL
> > > > > > > > > (This);
> > > > > > > > > +
> > > > > > > > > + Private->RedfishService = RedfishCreateService
> > > > > > > > > + (RedfishConfigServiceInfo); if (Private->RedfishService == NULL) {
> > > > > > > > > + return EFI_DEVICE_ERROR; }
> > > > > > > > > +
> > > > > > > > > + Private->RestExHandle = RedfishConfigServiceInfo-
> > > > > > > > > >RedfishServiceRestExHandle;
> > > > > > > > > +
> > > > > > > > > + return EFI_SUCCESS;
> > > > > > > > > +}
> > > > > > > > > +
> > > > > > > > > +/**
> > > > > > > > > + Stop a Redfish configure handler.
> > > > > > > > > +
> > > > > > > > > + @param[in] This Pointer to
> > > > > > > > > EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance.
> > > > > > > > > +
> > > > > > > > > + @retval EFI_SUCCESS This handler has been stoped
> > > > > successfully.
> > > > > > > > > + @retval Others Some error happened.
> > > > > > > > > +
> > > > > > > > > +**/
> > > > > > > > > +EFI_STATUS
> > > > > > > > > +EFIAPI
> > > > > > > > > +RedfishBootstrapAccountStop (
> > > > > > > > > + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This
> > > > > > > > > + )
> > > > > > > > > +{
> > > > > > > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private;
> > > > > > > > > +
> > > > > > > > > + Private =
> > > > > REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL
> > > > > > > > > (This);
> > > > > > > > > +
> > > > > > > > > + if (Private->RedfishService != NULL) {
> > > > > > > > > + RedfishCleanupService (Private->RedfishService);
> > > > > > > > > + Private->RedfishService = NULL; }
> > > > > > > > > +
> > > > > > > > > + return EFI_SUCCESS;
> > > > > > > > > +}
> > > > > > > > > +
> > > > > > > > > +EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL
> > > > > mRedfishConfigHandler =
> > > > > > > {
> > > > > > > > > + RedfishBootstrapAccountInit,
> > > > > > > > > + RedfishBootstrapAccountStop };
> > > > > > > > > +
> > > > > > > > > +/**
> > > > > > > > > + Unloads an image.
> > > > > > > > > +
> > > > > > > > > + @param[in] ImageHandle Handle that identifies the image
> > to
> > > > be
> > > > > > > > > unloaded.
> > > > > > > > > +
> > > > > > > > > + @retval EFI_SUCCESS The image has been unloaded.
> > > > > > > > > + @retval EFI_INVALID_PARAMETER ImageHandle is not a
> > > > > > > > > + valid image
> > > > > > > handle.
> > > > > > > > > +
> > > > > > > > > +**/
> > > > > > > > > +EFI_STATUS
> > > > > > > > > +EFIAPI
> > > > > > > > > +RedfishBootstrapAccountUnload (
> > > > > > > > > + IN EFI_HANDLE ImageHandle
> > > > > > > > > + )
> > > > > > > > > +{
> > > > > > > > > + EFI_STATUS Status;
> > > > > > > > > +
> > > > > > > > > + if (mBootstrapPrivate == NULL) {
> > > > > > > > > + return EFI_SUCCESS; }
> > > > > > > > > +
> > > > > > > > > + if (mBootstrapPrivate->RedfishEvent != NULL) {
> > > > > > > > > + gBS->CloseEvent (mBootstrapPrivate->RedfishEvent);
> > > > > > > > > + }
> > > > > > > > > +
> > > > > > > > > + Status = gBS->UninstallProtocolInterface (
> > > > > > > > > + mBootstrapPrivate->ImageHandle,
> > > > > > > > > + &gEdkIIRedfishConfigHandlerProtocolGuid,
> > > > > > > > > + (VOID *)&mBootstrapPrivate->Protocol
> > > > > > > > > + );
> > > > > > > > > + if (EFI_ERROR (Status)) {
> > > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not uninstall Redfish
> > > > > > > > > + config handler
> > > > > > > > > protocol: %r\n", __func__, Status));
> > > > > > > > > + }
> > > > > > > > > +
> > > > > > > > > + FreePool (mBootstrapPrivate); mBootstrapPrivate =
> > > > > > > > > + NULL;
> > > > > > > > > +
> > > > > > > > > + return EFI_SUCCESS;
> > > > > > > > > +}
> > > > > > > > > +
> > > > > > > > > +/**
> > > > > > > > > + This is the declaration of an EFI image entry point.
> > > > > > > > > +This entry point is
> > > > > > > > > + the same for UEFI Applications, UEFI OS Loaders, and
> > > > > > > > > +UEFI Drivers including
> > > > > > > > > + both device drivers and bus drivers.
> > > > > > > > > +
> > > > > > > > > + @param[in] ImageHandle The firmware allocated handle for
> > > the
> > > > > UEFI
> > > > > > > > > image.
> > > > > > > > > + @param[in] SystemTable A pointer to the EFI System Table.
> > > > > > > > > +
> > > > > > > > > + @retval EFI_SUCCESS The operation completed
> successfully.
> > > > > > > > > + @retval Others An unexpected error occurred.
> > > > > > > > > +**/
> > > > > > > > > +EFI_STATUS
> > > > > > > > > +EFIAPI
> > > > > > > > > +RedfishBootstrapAccountEntryPoint (
> > > > > > > > > + IN EFI_HANDLE ImageHandle,
> > > > > > > > > + IN EFI_SYSTEM_TABLE *SystemTable
> > > > > > > > > + )
> > > > > > > > > +{
> > > > > > > > > + EFI_STATUS Status;
> > > > > > > > > +
> > > > > > > > > + if (mBootstrapPrivate != NULL) {
> > > > > > > > > + return EFI_ALREADY_STARTED; }
> > > > > > > > > +
> > > > > > > > > + mBootstrapPrivate = AllocateZeroPool (sizeof
> > > > > > > > > (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE));
> > > > > > > > > + if (mBootstrapPrivate == NULL) {
> > > > > > > > > + return EFI_OUT_OF_RESOURCES; }
> > > > > > > > > +
> > > > > > > > > + CopyMem (&mBootstrapPrivate->Protocol,
> > > > > &mRedfishConfigHandler,
> > > > > > > > > + sizeof
> > > > > > > > > (EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL));
> > > > > > > > > + Status = gBS->InstallProtocolInterface (
> > > > > > > > > + &ImageHandle,
> > > > > > > > > + &gEdkIIRedfishConfigHandlerProtocolGuid,
> > > > > > > > > + EFI_NATIVE_INTERFACE,
> > > > > > > > > + &mBootstrapPrivate->Protocol
> > > > > > > > > + );
> > > > > > > > > + if (EFI_ERROR (Status)) {
> > > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not install Redfish
> > > > > > > > > + config handler
> > > > > > > > > protocol: %r\n", __func__, Status));
> > > > > > > > > + goto ON_ERROR;
> > > > > > > > > + }
> > > > > > > > > +
> > > > > > > > > + //
> > > > > > > > > + // Register after provisioning event to remove bootstrap
> account.
> > > > > > > > > + //
> > > > > > > > > + Status = CreateAfterProvisioningEvent (
> > > > > > > > > + RedfishBootstrapAccountOnRedfishAfterProvisioning,
> > > > > > > > > + (VOID *)mBootstrapPrivate,
> > > > > > > > > + &mBootstrapPrivate->RedfishEvent
> > > > > > > > > + );
> > > > > > > > > + if (EFI_ERROR (Status)) {
> > > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: failed to register
> > > > > > > > > + after-provisioning
> > > > > > > event:
> > > > > > > > > %r\n", __func__, Status));
> > > > > > > > > + goto ON_ERROR;
> > > > > > > > > + }
> > > > > > > > > +
> > > > > > > > > + return EFI_SUCCESS;
> > > > > > > > > +
> > > > > > > > > +ON_ERROR:
> > > > > > > > > +
> > > > > > > > > + RedfishBootstrapAccountUnload (ImageHandle);
> > > > > > > > > +
> > > > > > > > > + return Status;
> > > > > > > > > +}
> > > > > > > > > diff --git a/RedfishClientPkg/RedfishClient.fdf.inc
> > > > > > > > > b/RedfishClientPkg/RedfishClient.fdf.inc
> > > > > > > > > index 154f641b2..47e5093f2 100644
> > > > > > > > > --- a/RedfishClientPkg/RedfishClient.fdf.inc
> > > > > > > > > +++ b/RedfishClientPkg/RedfishClient.fdf.inc
> > > > > > > > > @@ -15,6 +15,7 @@
> > > > > > > > > INF
> > > > > RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.inf
> > > > > > > > > INF RedfishClientPkg/RedfishETagDxe/RedfishETagDxe.inf
> > > > > > > > > INF
> > > > > > > > >
> > > > > > >
> > > > >
> > > RedfishClientPkg/RedfishConfigLangMapDxe/RedfishConfigLangMapDxe.inf
> > > > > > > > > + INF
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > >
> > > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD
> > > xe
> > > > > > > .inf
> > > > > > > > > INF
> > > > > RedfishClientPkg/Features/Memory/V1_7_1/Dxe/MemoryDxe.inf
> > > > > > > > > INF
> > > > > > > > >
> > > > > > >
> > > > >
> > > RedfishClientPkg/Features/MemoryCollectionDxe/MemoryCollectionDxe.in
> > > f
> > > > > > > > > INF
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > >
> > > RedfishClientPkg/Features/ComputerSystem/v1_5_0/Dxe/ComputerSystemD
> > > > > > > xe.
> > > > > > > > > i
> > > > > > > > > nf
> > > > > > > > > --
> > > > > > > > > 2.34.1
> > > > > > > >
> > > > > > > > -The information contained in this message may be
> > > > > > > > confidential and
> > > > > > > proprietary
> > > > > > > > to American Megatrends (AMI). This communication is
> > > > > > > > intended to be read
> > > > > > > only by
> > > > > > > > the individual or entity to whom it is addressed or by
> > > > > > > > their designee. If the
> > > > > > > reader
> > > > > > > > of this message is not the intended recipient, you are on
> > > > > > > > notice that any distribution of this message, in any form,
> > > > > > > > is strictly prohibited. Please
> > > > > > > promptly
> > > > > > > > notify the sender by reply e-mail or by telephone at
> > > > > > > > 770-246-8600, and
> > > > > > > then
> > > > > > > > delete or destroy all copies of the transmission.
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > > -The information contained in this message may be confidential
> > > > > and proprietary to American Megatrends (AMI). This communication
> > > > > is intended to be read only by the individual or entity to whom
> > > > > it is addressed or by their designee. If the reader of this
> > > > > message is not the intended recipient, you are on notice that
> > > > > any distribution of this message, in any form, is strictly prohibited.
> > > > > Please promptly notify the sender by reply e-mail or by
> > > > > telephone at 770-246-8600, and
> > > then
> > > > delete or destroy all copies of the transmission.
> -The information contained in this message may be confidential and proprietary
> to American Megatrends (AMI). This communication is intended to be read only by
> the individual or entity to whom it is addressed or by their designee. If the reader
> of this message is not the intended recipient, you are on notice that any
> distribution of this message, in any form, is strictly prohibited. Please promptly
> notify the sender by reply e-mail or by telephone at 770-246-8600, and then
> delete or destroy all copies of the transmission.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118986): https://edk2.groups.io/g/devel/message/118986
Mute This Topic: https://groups.io/mt/105596648/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2024-05-17 7:17 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-04-18 12:27 [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg: introduce RedfishBootstrapAccountDxe Nickle Wang via groups.io
2024-04-22 2:24 ` Chang, Abner via groups.io
2024-04-22 15:02 ` Igor Kulchytskyy via groups.io
2024-04-23 7:09 ` Nickle Wang via groups.io
2024-04-23 7:42 ` Chang, Abner via groups.io
2024-05-14 12:40 ` Nickle Wang via groups.io
2024-05-15 15:01 ` Igor Kulchytskyy via groups.io
2024-05-16 1:05 ` Chang, Abner via groups.io
2024-05-16 1:37 ` Nickle Wang via groups.io
2024-05-16 2:41 ` Chang, Abner via groups.io
2024-05-16 3:09 ` Nickle Wang via groups.io
2024-05-16 11:33 ` Igor Kulchytskyy via groups.io
2024-05-17 7:17 ` Nickle Wang via groups.io
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox