* Re: [edk2-devel] [PATCH] EmulatorPkg/library: RedfishPlatformCredentialLib
[not found] <16513D3EB0A79041.19442@groups.io>
@ 2021-01-15 12:46 ` Ni, Ray
0 siblings, 0 replies; only message in thread
From: Ni, Ray @ 2021-01-15 12:46 UTC (permalink / raw)
To: devel@edk2.groups.io, Chang, Abner (HPS SW/FW Technologist)
Cc: Justen, Jordan L, Andrew Fish, Wang, Nickle (HPS SW),
O'Hanley, Peter (EXL)
Acked-by: Ray Ni <ray.ni@intel.com>
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Chang,
> Abner (HPS SW/FW Technologist)
> Sent: Wednesday, December 16, 2020 11:35 AM
> To: devel@edk2.groups.io
> Cc: Justen, Jordan L <jordan.l.justen@intel.com>; Andrew Fish
> <afish@apple.com>; Ni, Ray <ray.ni@intel.com>; Wang, Nickle (HPS SW)
> <nickle.wang@hpe.com>; O'Hanley, Peter (EXL) <peter.ohanley@hpe.com>
> Subject: [edk2-devel] [PATCH] EmulatorPkg/library:
> RedfishPlatformCredentialLib
>
> Platform specific implementation of acquiring credential
> to access to Redfish service. This is the platform library
> which incorporates with Redfish Credential DXE driver under
> Redfish package.
>
> Signed-off-by: Abner Chang <abner.chang@hpe.com>
>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Andrew Fish <afish@apple.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Nickle Wang <nickle.wang@hpe.com>
> Cc: Peter O'Hanley <peter.ohanley@hpe.com>
> ---
> EmulatorPkg/EmulatorPkg.dec | 13 +-
> EmulatorPkg/EmulatorPkg.dsc | 1 +
> .../RedfishPlatformCredentialLib.c | 237 ++++++++++++++++++
> .../RedfishPlatformCredentialLib.inf | 49 ++++
> 4 files changed, 299 insertions(+), 1 deletion(-)
> create mode 100644
> EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredenti
> alLib.c
> create mode 100644
> EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredenti
> alLib.inf
>
> diff --git a/EmulatorPkg/EmulatorPkg.dec b/EmulatorPkg/EmulatorPkg.dec
> index 5d7fe6473e..b9c70b63b3 100644
> --- a/EmulatorPkg/EmulatorPkg.dec
> +++ b/EmulatorPkg/EmulatorPkg.dec
> @@ -74,7 +74,18 @@
> ## Size of the packet filter
>
> gEmulatorPkgTokenSpaceGuid.PcdNetworkPacketFilterSize|524288|UINT32|0
> x0000101c
>
> -
> + ## Platform level Redfish Service control PCD
> + # These PCDs are used to stop the Redfish sevice when secure boot is
> disabled
> + # or exit boot service.
> +
> gEmulatorPkgTokenSpaceGuid.PcdRedfishServieStopIfSecureBootDisabled|TR
> UE|BOOLEAN|0x00001020
> +
> gEmulatorPkgTokenSpaceGuid.PcdRedfishServieStopIfExitbootService|TRUE|
> BOOLEAN|0x00001021
> + ##
> + # edk2 Redfish implementation on Emulator package is designed to access
> + # to Redfish simulator.
> + # https://github.com/DMTF/Redfish-Profile-Simulator
> + # The user ID and password are fixed as below.
> +
> gEmulatorPkgTokenSpaceGuid.PcdRedfishServieUserId|"admin"|VOID*|0x00
> 001022
> +
> gEmulatorPkgTokenSpaceGuid.PcdRedfishServiePassword|"pwd123456"|VOI
> D*|0x00001023
>
> [PcdsFixedAtBuild, PcdsPatchableInModule]
> gEmulatorPkgTokenSpaceGuid.PcdEmuBootMode|1|UINT32|0x00001006
> diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
> index de8144844c..6bd8ed8386 100644
> --- a/EmulatorPkg/EmulatorPkg.dsc
> +++ b/EmulatorPkg/EmulatorPkg.dsc
> @@ -104,6 +104,7 @@
> KeyMapLib|EmulatorPkg/Library/KeyMapLibNull/KeyMapLibNull.inf
> !if $(REDFISH_ENABLE) == TRUE
>
> RedfishPlatformHostInterfaceLib|EmulatorPkg/Library/RedfishPlatformHostI
> nterfaceLib/RedfishPlatformHostInterfaceLib.inf
> +
> RedfishPlatformCredentialLib|EmulatorPkg/Library/RedfishPlatformCredenti
> alLib/RedfishPlatformCredentialLib.inf
> !endif
> #
> # Misc
> diff --git
> a/EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCreden
> tialLib.c
> b/EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCreden
> tialLib.c
> new file mode 100644
> index 0000000000..5428aa324e
> --- /dev/null
> +++
> b/EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCreden
> tialLib.c
> @@ -0,0 +1,237 @@
> +/** @file
> + EmulaotPkg RedfishPlatformCredentialLib instance
> +
> + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +#include <Uefi.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/BaseLib.h>
> +#include <Library/DebugLib.h>
> +#include <Library/MemoryAllocationLib.h>
> +#include <Library/UefiLib.h>
> +
> +#include <Protocol/EdkIIRedfishCredential.h>
> +
> +#include <Guid/GlobalVariable.h>
> +#include <Guid/ImageAuthentication.h>
> +
> +BOOLEAN mSecureBootDisabled = FALSE;
> +BOOLEAN mStopRedfishService = FALSE;
> +
> +EFI_STATUS
> +EFIAPI
> +LibStopRedfishService (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType
> +);
> +
> +/**
> + Return the credential for accessing to Redfish servcice.
> +
> + @param[out] AuthMethod The authentication method.
> + @param[out] UserId User ID.
> + @param[out] Password USer password.
> +
> + @retval EFI_SUCCESS Get the authentication information
> successfully.
> + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> resources.
> +
> +**/
> +EFI_STATUS
> +GetRedfishCredential (
> + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> + OUT CHAR8 **UserId,
> + OUT CHAR8 **Password
> +)
> +{
> + UINTN UserIdSize;
> + UINTN PasswordSize;
> +
> + //
> + // AuthMethod set to HTTP Basic authentication.
> + //
> + *AuthMethod = AuthMethodHttpBasic;
> +
> + //
> + // User ID and Password.
> + //
> + UserIdSize = AsciiStrSize ((CHAR8 *)PcdGetPtr (PcdRedfishServieUserId));
> + PasswordSize = AsciiStrSize ((CHAR8 *)PcdGetPtr
> (PcdRedfishServiePassword));
> + if (UserIdSize == 0 || PasswordSize == 0) {
> + DEBUG ((DEBUG_ERROR, "Incorrect string of UserID or Password for
> REdfish service.\n"));
> + return EFI_INVALID_PARAMETER;
> + }
> + *UserId = AllocateZeroPool (UserIdSize);
> + if (*UserId == NULL) {
> + return EFI_OUT_OF_RESOURCES;
> + }
> + CopyMem (*UserId, (CHAR8 *)PcdGetPtr (PcdRedfishServieUserId),
> UserIdSize);
> +
> + *Password = AllocateZeroPool (PasswordSize);
> + if (*Password == NULL) {
> + FreePool (*UserId);
> + return EFI_OUT_OF_RESOURCES;
> + }
> +
> + CopyMem (*Password, (CHAR8 *)PcdGetPtr (PcdRedfishServiePassword),
> PasswordSize);
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Retrieve platform's Redfish authentication information.
> +
> + This functions returns the Redfish authentication method together with
> the user Id and
> + password.
> + - For AuthMethodNone, the UserId and Password could be used for HTTP
> header authentication
> + as defined by RFC7235.
> + - For AuthMethodRedfishSession, the UserId and Password could be used
> for Redfish
> + session login as defined by Redfish API specification (DSP0266).
> +
> + Callers are responsible for and freeing the returned string storage.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> + @param[out] AuthMethod Type of Redfish authentication method.
> + @param[out] UserId The pointer to store the returned UserId
> string.
> + @param[out] Password The pointer to store the returned
> Password string.
> +
> + @retval EFI_SUCCESS Get the authentication information
> successfully.
> + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe.
> + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> Password is NULL.
> + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> resources.
> + @retval EFI_UNSUPPORTED Unsupported authentication method is
> found.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +LibCredentialGetAuthInfo (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> + OUT CHAR8 **UserId,
> + OUT CHAR8 **Password
> +)
> +{
> + EFI_STATUS Status;
> +
> + if (This == NULL || AuthMethod == NULL || UserId == NULL || Password ==
> NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + if (mStopRedfishService) {
> + return EFI_ACCESS_DENIED;
> + }
> +
> + if (mSecureBootDisabled) {
> + Status = LibStopRedfishService (This,
> ServiceStopTypeSecureBootDisabled);
> + if (EFI_ERROR (Status) && Status != EFI_UNSUPPORTED) {
> + DEBUG ((DEBUG_ERROR, "SecureBoot has been disabled, but failed to
> stop RedfishService - %r\n", Status));
> + return Status;
> + }
> + }
> +
> + Status = GetRedfishCredential (
> + AuthMethod,
> + UserId,
> + Password
> + );
> +
> + return Status;
> +}
> +
> +/**
> + Notify the Redfish service to stop provide configuration service to this
> platform.
> +
> + This function should be called when the platfrom is about to leave the
> safe environment.
> + It will notify the Redfish service provider to abort all logined session, and
> prohibit
> + further login with original auth info. GetAuthInfo() will return
> EFI_UNSUPPORTED once this
> + function is returned.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> + @param[in] ServiceStopType Reason of stopping Redfish service.
> +
> + @retval EFI_SUCCESS Service has been stoped successfully.
> + @retval EFI_INVALID_PARAMETER This is NULL or given the worng
> ServiceStopType.
> + @retval EFI_UNSUPPORTED Not support to stop Redfish service.
> + @retval Others Some error happened.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +LibStopRedfishService (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType
> +)
> +{
> + if (ServiceStopType >= ServiceStopTypeMax) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + if (ServiceStopType == ServiceStopTypeSecureBootDisabled) {
> + //
> + // Check platform PCD to determine the action for stopping
> + // Redfish service due to secure boot is disabled.
> + //
> + if (!PcdGetBool (PcdRedfishServieStopIfSecureBootDisabled)) {
> + return EFI_UNSUPPORTED;
> + } else {
> + mStopRedfishService = TRUE;
> + DEBUG ((DEBUG_INFO, "EFI Redfish service is stopped due to
> SecureBoot is disabled!!\n"));
> + }
> + } else if (ServiceStopType == ServiceStopTypeExitBootService) {
> + //
> + // Check platform PCD to determine the action for stopping
> + // Redfish service due to exit boot service.
> + //
> + if (PcdGetBool (PcdRedfishServieStopIfExitbootService)) {
> + return EFI_UNSUPPORTED;
> + } else {
> + mStopRedfishService = TRUE;
> + DEBUG ((DEBUG_INFO, "EFI Redfish service is stopped due to Exit Boot
> Service!!\n"));
> + }
> + } else {
> + mStopRedfishService = TRUE;
> + DEBUG ((DEBUG_INFO, "EFI Redfish service is stopped without Redfish
> service stop type!!\n"));
> + }
> + return EFI_SUCCESS;
> +}
> +/**
> + Notification of Exit Boot Service.
> +
> + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> +**/
> +VOID
> +EFIAPI
> +LibCredentialExitBootServicesNotify (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
> +)
> +{
> + LibStopRedfishService (This, ServiceStopTypeExitBootService);
> +}
> +
> +/**
> + Notification of End of DXE.
> +
> + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> +**/
> +VOID
> +EFIAPI
> +LibCredentialEndOfDxeNotify (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
> +)
> +{
> + EFI_STATUS Status;
> + UINT8 *SecureBootVar;
> +
> + //
> + // Check Secure Boot status and lock Redfish service if Secure Boot is
> disabled.
> + //
> + Status = GetVariable2 (EFI_SECURE_BOOT_MODE_NAME,
> &gEfiGlobalVariableGuid, (VOID**)&SecureBootVar, NULL);
> + if (EFI_ERROR (Status) || (*SecureBootVar !=
> SECURE_BOOT_MODE_ENABLE)) {
> + //
> + // Secure Boot is disabled
> + //
> + mSecureBootDisabled = TRUE;
> + LibStopRedfishService (This, ServiceStopTypeSecureBootDisabled);
> + }
> +}
> diff --git
> a/EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCreden
> tialLib.inf
> b/EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCreden
> tialLib.inf
> new file mode 100644
> index 0000000000..41c389c4a2
> --- /dev/null
> +++
> b/EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCreden
> tialLib.inf
> @@ -0,0 +1,49 @@
> +## @file
> +# NT32 instance of RedfishPlatformCredentialLib
> +#
> +# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> +#
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +[Defines]
> + INF_VERSION = 0x0001000b
> + BASE_NAME = RedfishPlatformCredentialLib
> + FILE_GUID = 00CF32A8-495C-3ED8-7C68-E9BB86810EE0
> + MODULE_TYPE = DXE_DRIVER
> + VERSION_STRING = 1.0
> + LIBRARY_CLASS = RedfishPlatformCredentialLib
> +
> +#
> +# VALID_ARCHITECTURES = IA32 X64
> +#
> +
> +[Sources]
> + RedfishPlatformCredentialLib.c
> +
> +[Packages]
> + EmulatorPkg/EmulatorPkg.dec
> + MdePkg/MdePkg.dec
> + MdeModulePkg/MdeModulePkg.dec
> + RedfishPkg/RedfishPkg.dec
> +
> +[LibraryClasses]
> + BaseLib
> + DebugLib
> + PcdLib
> + UefiBootServicesTableLib
> + UefiLib
> +
> +[Pcd]
> + gEmulatorPkgTokenSpaceGuid.PcdRedfishServieStopIfSecureBootDisabled
> ## CONSUMES
> + gEmulatorPkgTokenSpaceGuid.PcdRedfishServieStopIfExitbootService ##
> CONSUMES
> + gEmulatorPkgTokenSpaceGuid.PcdRedfishServieUserId ##
> CONSUMES
> + gEmulatorPkgTokenSpaceGuid.PcdRedfishServiePassword ##
> CONSUMES
> +
> +[Guids]
> + gEfiGlobalVariableGuid
> +
> +[Depex]
> + gEfiVariableArchProtocolGuid
> +
> --
> 2.17.1
>
>
>
>
>
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-01-15 12:46 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <16513D3EB0A79041.19442@groups.io>
2021-01-15 12:46 ` [edk2-devel] [PATCH] EmulatorPkg/library: RedfishPlatformCredentialLib Ni, Ray
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox