From: "Abner Chang" <abner.chang@hpe.com>
To: "Wang, Nickle (HPS SW)" <nickle.wang@hpe.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "O'Hanley, Peter (EXL)" <peter.ohanley@hpe.com>
Subject: Re: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish Credential DXE driver
Date: Wed, 16 Dec 2020 07:27:07 +0000 [thread overview]
Message-ID: <CS1PR8401MB1144FE37CDEFDDCAA96C9265FFC50@CS1PR8401MB1144.NAMPRD84.PROD.OUTLOOK.COM> (raw)
In-Reply-To: <CS1PR8401MB1144D86AA9185F45DE9C4B16FFC50@CS1PR8401MB1144.NAMPRD84.PROD.OUTLOOK.COM>
> -----Original Message-----
> From: Chang, Abner (HPS SW/FW Technologist)
> Sent: Wednesday, December 16, 2020 3:09 PM
> To: Wang, Nickle (HPS SW) <nickle.wang@hpe.com>; devel@edk2.groups.io
> Cc: O'Hanley, Peter (EXL) <peter.ohanley@hpe.com>
> Subject: RE: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish
> Credential DXE driver
>
>
>
> > -----Original Message-----
> > From: Wang, Nickle (HPS SW)
> > Sent: Wednesday, December 16, 2020 10:46 AM
> > To: Chang, Abner (HPS SW/FW Technologist) <abner.chang@hpe.com>;
> > devel@edk2.groups.io
> > Cc: O'Hanley, Peter (EXL) <peter.ohanley@hpe.com>
> > Subject: RE: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII
> > Redfish Credential DXE driver
> >
> > Hi Abner,
> >
> > Overall looks good to me. Just a question about implementation.
> >
> > The End-Of-DXE and Exit-Boot-Service is registered in Redfish
> > Credential driver and the implementation is provide by
> > RedfishPlatformCredentialLib library. May I know if it is possible to
> > register these two events in RedfishPlatformCredentialLib directly? In
> > this way, we do not need two additional interfaces in
> RedfishPlatformCredentialLib library.
> Yes Nickle, I think we can do that. Will resend the patch.
> thanks
Hi Nickle,
Sorry for the confusion, I just about to change the code but I still think we should keep these two registrations in RedfishCredentialDXe.
That is the security concern of implementing these two notifications in RedfishCredentialDxe and then invoke to platform code. This forces OEM to consider and provide their secret sauce for preventing from 3rd party code to steal the Redfish credential. That is OEM's choice if they want to leave these two functions in empty. But I think edk2 code should force them not forgetting to implement that.
So, I would like to still keep it.
> >
> > Thanks,
> > Nickle
> >
> > > -----Original Message-----
> > > From: Chang, Abner (HPS SW/FW Technologist)
> <abner.chang@hpe.com>
> > > Sent: Wednesday, December 9, 2020 4:44 PM
> > > To: devel@edk2.groups.io
> > > Cc: Wang, Nickle (HPS SW) <nickle.wang@hpe.com>; O'Hanley, Peter
> > > (EXL) <peter.ohanley@hpe.com>
> > > Subject: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish
> > > Credential DXE driver
> > >
> > > EDKII Redfish Credential DXE driver which abstracts platform Redfish
> > > credential implementation.
> > >
> > > Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
> > > Signed-off-by: Ting Ye <ting.ye@intel.com>
> > > Signed-off-by: Siyuan Fu <siyuan.fu@intel.com>
> > > Signed-off-by: Fan Wang <fan.wang@intel.com>
> > > Signed-off-by: Abner Chang <abner.chang@hpe.com>
> > >
> > > Cc: Nickle Wang <nickle.wang@hpe.com>
> > > Cc: Peter O'Hanley <peter.ohanley@hpe.com>
> > > ---
> > > .../Include/Library/RedfishCredentialLib.h | 91 ++++++++
> > > .../PlatformCredentialLibNull.c | 101 +++++++++
> > > .../PlatformCredentialLibNull.inf | 30 +++
> > > RedfishPkg/Redfish.fdf.inc | 1 +
> > > RedfishPkg/RedfishComponents.dsc.inc | 1 +
> > > .../RedfishCredentialDxe.c | 209 ++++++++++++++++++
> > > .../RedfishCredentialDxe.h | 75 +++++++
> > > .../RedfishCredentialDxe.inf | 51 +++++
> > > RedfishPkg/RedfishPkg.dec | 4 +
> > > RedfishPkg/RedfishPkg.dsc | 2 +
> > > 10 files changed, 565 insertions(+) create mode 100644
> > > RedfishPkg/Include/Library/RedfishCredentialLib.h
> > > create mode 100644
> > > RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNu
> > > ll
> > > .c
> > > create mode 100644
> > > RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNu
> > > ll
> > > .inf
> > > create mode 100644
> > > RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > > create mode 100644
> > > RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > > create mode 100644
> > > RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > >
> > > diff --git a/RedfishPkg/Include/Library/RedfishCredentialLib.h
> > > b/RedfishPkg/Include/Library/RedfishCredentialLib.h
> > > new file mode 100644
> > > index 0000000000..dac1b3303f
> > > --- /dev/null
> > > +++ b/RedfishPkg/Include/Library/RedfishCredentialLib.h
> > > @@ -0,0 +1,91 @@
> > > +/** @file
> > > + Definitinos of RedfishHostInterfaceDxe driver.
> > > +
> > > + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > > +
> > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > +
> > > +**/
> > > +#ifndef REDFISH_CREDENTIAL_LIB_H_
> > > +#define REDFISH_CREDENTIAL_LIB_H_
> > > +
> > > +#include <Uefi.h>
> > > +
> > > +/**
> > > + Notification of Exit Boot Service.
> > > +
> > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > > +**/
> > > +VOID
> > > +EFIAPI
> > > +LibCredentialExitBootServicesNotify (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This );
> > > +
> > > +/**
> > > + Notification of End of DXe.
> > > +
> > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > > +**/
> > > +VOID
> > > +EFIAPI
> > > +LibCredentialEndOfDxeNotify (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This );
> > > +
> > > +/**
> > > + Retrieve platform's Redfish authentication information.
> > > +
> > > + This functions returns the Redfish authentication method together
> > > + with
> > > the user Id and
> > > + password.
> > > + - For AuthMethodNone, the UserId and Password could be used for
> > > + HTTP
> > > header authentication
> > > + as defined by RFC7235.
> > > + - For AuthMethodRedfishSession, the UserId and Password could be
> > > + used
> > > for Redfish
> > > + session login as defined by Redfish API specification (DSP0266).
> > > +
> > > + Callers are responsible for and freeing the returned string storage.
> > > +
> > > + @param[in] This Pointer to
> > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > + @param[out] AuthMethod Type of Redfish authentication
> method.
> > > + @param[out] UserId The pointer to store the returned UserId
> > > string.
> > > + @param[out] Password The pointer to store the returned
> > Password
> > > string.
> > > +
> > > + @retval EFI_SUCCESS Get the authentication information
> > > successfully.
> > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> EndOfDxe.
> > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> > > Password is NULL.
> > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > > resources.
> > > + @retval EFI_UNSUPPORTED Unsupported authentication method
> is
> > > found.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +LibCredentialGetAuthInfo (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > > + OUT CHAR8 **UserId,
> > > + OUT CHAR8 **Password
> > > +);
> > > +
> > > +/**
> > > + Notify the Redfish service provide to stop provide configuration
> > > +service to
> > > this platform.
> > > +
> > > + This function should be called when the platfrom is about to
> > > + leave the safe
> > > environment.
> > > + It will notify the Redfish service provider to abort all logined
> > > + session, and
> > > prohibit
> > > + further login with original auth info. GetAuthInfo() will return
> > > EFI_UNSUPPORTED once this
> > > + function is returned.
> > > +
> > > + @param[in] This Pointer to
> > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > + @param[in] ServiceStopType Reason of stopping Redfish service.
> > > +
> > > + @retval EFI_SUCCESS Service has been stoped successfully.
> > > + @retval EFI_INVALID_PARAMETER This is NULL.
> > > + @retval Others Some error happened.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +LibStopRedfishService (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> ServiceStopType
> > > +);
> > > +#endif
> > > diff --git
> > > a/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLib
> > > Nu
> > > ll.c
> > > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLib
> > > Nu
> > > ll.c
> > > new file mode 100644
> > > index 0000000000..39de622d59
> > > --- /dev/null
> > > +++
> > > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLib
> > > Nu
> > > ll.c
> > > @@ -0,0 +1,101 @@
> > > +/** @file
> > > + NULL instace of RedfishPlatformCredentialLib
> > > +
> > > + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > > +
> > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > +
> > > +**/
> > > +#include <Uefi.h>
> > > +#include <Protocol/EdkIIRedfishCredential.h>
> > > +/**
> > > + Notification of Exit Boot Service.
> > > +
> > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > > +**/
> > > +VOID
> > > +EFIAPI
> > > +LibCredentialExitBootServicesNotify (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
> > > +)
> > > +{
> > > + return;
> > > +}
> > > +
> > > +/**
> > > + Notification of End of DXe.
> > > +
> > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > > +**/
> > > +VOID
> > > +EFIAPI
> > > +LibCredentialEndOfDxeNotify (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
> > > +)
> > > +{
> > > + return;
> > > +}
> > > +
> > > +/**
> > > + Retrieve platform's Redfish authentication information.
> > > +
> > > + This functions returns the Redfish authentication method together
> > > + with
> > > the user Id and
> > > + password.
> > > + - For AuthMethodNone, the UserId and Password could be used for
> > > + HTTP
> > > header authentication
> > > + as defined by RFC7235.
> > > + - For AuthMethodRedfishSession, the UserId and Password could be
> > > + used
> > > for Redfish
> > > + session login as defined by Redfish API specification (DSP0266).
> > > +
> > > + Callers are responsible for and freeing the returned string storage.
> > > +
> > > + @param[in] This Pointer to
> > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > + @param[out] AuthMethod Type of Redfish authentication
> method.
> > > + @param[out] UserId The pointer to store the returned UserId
> > > string.
> > > + @param[out] Password The pointer to store the returned
> > Password
> > > string.
> > > +
> > > + @retval EFI_SUCCESS Get the authentication information
> > > successfully.
> > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> EndOfDxe.
> > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> > > Password is NULL.
> > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > > resources.
> > > + @retval EFI_UNSUPPORTED Unsupported authentication method
> is
> > > found.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +LibCredentialGetAuthInfo (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > > + OUT CHAR8 **UserId,
> > > + OUT CHAR8 **Password
> > > +)
> > > +{
> > > + return EFI_UNSUPPORTED;
> > > +}
> > > +
> > > +/**
> > > + Notify the Redfish service provide to stop provide configuration
> > > +service to
> > > this platform.
> > > +
> > > + This function should be called when the platfrom is about to
> > > + leave the safe
> > > environment.
> > > + It will notify the Redfish service provider to abort all logined
> > > + session, and
> > > prohibit
> > > + further login with original auth info. GetAuthInfo() will return
> > > EFI_UNSUPPORTED once this
> > > + function is returned.
> > > +
> > > + @param[in] This Pointer to
> > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > + @param[in] ServiceStopType Reason of stopping Redfish service.
> > > +
> > > + @retval EFI_SUCCESS Service has been stoped successfully.
> > > + @retval EFI_INVALID_PARAMETER This is NULL or given the worng
> > > ServiceStopType.
> > > + @retval EFI_UNSUPPORTED Not support to stop Redfish service.
> > > + @retval Others Some error happened.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +LibStopRedfishService (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> ServiceStopType
> > > + )
> > > +{
> > > + return EFI_UNSUPPORTED;
> > > +}
> > > +
> > > diff --git
> > > a/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLib
> > > Nu
> > > ll.in
> > > f
> > > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLib
> > > Nu
> > > ll.in
> > > f
> > > new file mode 100644
> > > index 0000000000..4c22e89718
> > > --- /dev/null
> > > +++
> > > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLib
> > > Nu
> > > ll.in
> > > f
> > > @@ -0,0 +1,30 @@
> > > +## @file
> > > +# NULL instance of RedfishPlatformCredentialLib # # (C) Copyright
> > > +2020 Hewlett Packard Enterprise Development LP<BR> # #
> > > +SPDX-License-Identifier: BSD-2-Clause-Patent # ##
> > > +
> > > +[Defines]
> > > + INF_VERSION = 0x0001000b
> > > + BASE_NAME = RedfishPlatformCredentialLibNull
> > > + FILE_GUID = CA3BD843-0BDD-4EE0-A38A-B45CA663114F
> > > + MODULE_TYPE = DXE_DRIVER
> > > + VERSION_STRING = 1.0
> > > + LIBRARY_CLASS = RedfishPlatformCredentialLib
> > > +
> > > +#
> > > +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 RISCV64
> > > +#
> > > +
> > > +[Sources]
> > > + PlatformCredentialLibNull.c
> > > +
> > > +[Packages]
> > > + MdePkg/MdePkg.dec
> > > + MdeModulePkg/MdeModulePkg.dec
> > > + RedfishPkg/RedfishPkg.dec
> > > +
> > > +
> > > diff --git a/RedfishPkg/Redfish.fdf.inc b/RedfishPkg/Redfish.fdf.inc
> > > index 19de479a80..24e32e0abf 100644
> > > --- a/RedfishPkg/Redfish.fdf.inc
> > > +++ b/RedfishPkg/Redfish.fdf.inc
> > > @@ -13,4 +13,5 @@
> > > !if $(REDFISH_ENABLE) == TRUE
> > > INF RedfishPkg/RestJsonStructureDxe/RestJsonStructureDxe.inf
> > > INF
> > > RedfishPkg/RedfishHostInterfaceDxe/RedfishHostInterfaceDxe.inf
> > > + INF RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > > !endif
> > > diff --git a/RedfishPkg/RedfishComponents.dsc.inc
> > > b/RedfishPkg/RedfishComponents.dsc.inc
> > > index ac1b57ed8f..ff32653ec8 100644
> > > --- a/RedfishPkg/RedfishComponents.dsc.inc
> > > +++ b/RedfishPkg/RedfishComponents.dsc.inc
> > > @@ -15,4 +15,5 @@
> > > !if $(REDFISH_ENABLE) == TRUE
> > > RedfishPkg/RestJsonStructureDxe/RestJsonStructureDxe.inf
> > > RedfishPkg/RedfishHostInterfaceDxe/RedfishHostInterfaceDxe.inf
> > > + RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > > !endif
> > > diff --git a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > > b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > > new file mode 100644
> > > index 0000000000..f48d1d011c
> > > --- /dev/null
> > > +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > > @@ -0,0 +1,209 @@
> > > +/** @file
> > > + RedfishCrentialDxe produces the EdkIIRedfishCredentialProtocol
> > > +for the
> > > consumer
> > > + to get the Redfish credential Info and to restrict Redfish access
> > > + from UEFI
> > > side.
> > > +
> > > + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > > +
> > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > +
> > > +**/
> > > +
> > > +#include <RedfishCredentialDxe.h>
> > > +
> > > +EDKII_REDFISH_CREDENTIAL_PROTOCOL mRedfishCredentialProtocol =
> {
> > > + RedfishCredentialGetAuthInfo,
> > > + RedfishCredentialStopService
> > > +};
> > > +
> > > +/**
> > > + Callback function executed when the ExitBootServices event group
> > > +is
> > > signaled.
> > > +
> > > + @param[in] Event Event whose notification function is being invoked.
> > > + @param[out] Context Pointer to the buffer pass in.
> > > +**/
> > > +VOID
> > > +EFIAPI
> > > +RedfishCredentialExitBootServicesEventNotify (
> > > + IN EFI_EVENT Event,
> > > + OUT VOID *Context
> > > + )
> > > +{
> > > + LibCredentialExitBootServicesNotify
> > > ((EDKII_REDFISH_CREDENTIAL_PROTOCOL *)Context);
> > > +}
> > > +
> > > +/**
> > > + Callback function executed when the EndOfDxe event group is signaled.
> > > +
> > > + @param[in] Event Event whose notification function is being invoked.
> > > + @param[out] Context Pointer to the buffer pass in.
> > > +**/
> > > +VOID
> > > +EFIAPI
> > > +RedfishCredentialEndOfDxeEventNotify (
> > > + IN EFI_EVENT Event,
> > > + OUT VOID *Context
> > > + )
> > > +{
> > > + LibCredentialEndOfDxeNotify
> ((EDKII_REDFISH_CREDENTIAL_PROTOCOL
> > > *)Context);
> > > +
> > > + //
> > > + // Close event, so it will not be invoked again.
> > > + //
> > > + gBS->CloseEvent (Event);
> > > +}
> > > +
> > > +/**
> > > + Retrieve platform's Redfish authentication information.
> > > +
> > > + This functions returns the Redfish authentication method together
> > > + with
> > > the user Id and
> > > + password.
> > > + - For AuthMethodNone, the UserId and Password could be used for
> > > + HTTP
> > > header authentication
> > > + as defined by RFC7235.
> > > + - For AuthMethodRedfishSession, the UserId and Password could be
> > > + used
> > > for Redfish
> > > + session login as defined by Redfish API specification (DSP0266).
> > > +
> > > + Callers are responsible for and freeing the returned string storage.
> > > +
> > > + @param[in] This Pointer to
> > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > + @param[out] AuthMethod Type of Redfish authentication
> method.
> > > + @param[out] UserId The pointer to store the returned UserId
> > > string.
> > > + @param[out] Password The pointer to store the returned
> > Password
> > > string.
> > > +
> > > + @retval EFI_SUCCESS Get the authentication information
> > > successfully.
> > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> EndOfDxe.
> > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> > > Password is NULL.
> > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > > resources.
> > > + @retval EFI_UNSUPPORTED Unsupported authentication method
> is
> > > found.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +RedfishCredentialGetAuthInfo (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > > + OUT CHAR8 **UserId,
> > > + OUT CHAR8 **Password
> > > + )
> > > +{
> > > + if (This == NULL || AuthMethod == NULL || UserId == NULL ||
> > > +Password
> > > == NULL) {
> > > + return EFI_INVALID_PARAMETER;
> > > + }
> > > +
> > > + return LibCredentialGetAuthInfo (This, AuthMethod,
> > > +UserId,Password); }
> > > +
> > > +/**
> > > + Notify the Redfish service provide to stop provide configuration
> > > +service to
> > > this platform.
> > > +
> > > + This function should be called when the platfrom is about to
> > > + leave the safe
> > > environment.
> > > + It will notify the Redfish service provider to abort all logined
> > > + session, and
> > > prohibit
> > > + further login with original auth info. GetAuthInfo() will return
> > > EFI_UNSUPPORTED once this
> > > + function is returned.
> > > +
> > > + @param[in] This Pointer to
> > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > + @param[in] ServiceStopType Reason of stopping Redfish service.
> > > +
> > > + @retval EFI_SUCCESS Service has been stoped successfully.
> > > + @retval EFI_INVALID_PARAMETER This is NULL or given the worng
> > > ServiceStopType.
> > > + @retval EFI_UNSUPPORTED Not support to stop Redfish service.
> > > + @retval Others Some error happened.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +RedfishCredentialStopService (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> ServiceStopType
> > > + )
> > > +{
> > > + if (This == NULL) {
> > > + return EFI_INVALID_PARAMETER;
> > > + }
> > > +
> > > + return LibStopRedfishService (This, ServiceStopType); }
> > > +
> > > +/**
> > > + Main entry for this driver.
> > > +
> > > + @param ImageHandle Image handle this driver.
> > > + @param SystemTable Pointer to SystemTable.
> > > +
> > > + @retval EFI_SUCESS This function always complete successfully.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +RedfishCredentialDxeDriverEntryPoint (
> > > + IN EFI_HANDLE ImageHandle,
> > > + IN EFI_SYSTEM_TABLE *SystemTable
> > > + )
> > > +{
> > > + EFI_STATUS Status;
> > > + EFI_HANDLE Handle;
> > > + EFI_EVENT EndOfDxeEvent;
> > > + EFI_EVENT ExitBootServiceEvent;
> > > +
> > > + Handle = NULL;
> > > +
> > > + //
> > > + // Install the RedfishCredentialProtocol onto Handle.
> > > + //
> > > + Status = gBS->InstallMultipleProtocolInterfaces (
> > > + &Handle,
> > > + &gEdkIIRedfishCredentialProtocolGuid,
> > > + &mRedfishCredentialProtocol,
> > > + NULL
> > > + );
> > > + if (EFI_ERROR (Status)) {
> > > + return Status;
> > > + }
> > > +
> > > + //
> > > + // After EndOfDxe, if SecureBoot is disabled, Redfish Credential
> > > + Protocol
> > > should return
> > > + // error code to caller to avoid the 3rd code to bypass Redfish
> > > + Credential
> > > Protocol and
> > > + // retrieve userid/pwd directly. So, here, we create EndOfDxe
> > > + Event to
> > > check SecureBoot
> > > + // status.
> > > + //
> > > + Status = gBS->CreateEventEx (
> > > + EVT_NOTIFY_SIGNAL,
> > > + TPL_CALLBACK,
> > > + RedfishCredentialEndOfDxeEventNotify,
> > > + (VOID *)&mRedfishCredentialProtocol,
> > > + &gEfiEndOfDxeEventGroupGuid,
> > > + &EndOfDxeEvent
> > > + );
> > > + if (EFI_ERROR (Status)) {
> > > + goto ON_ERROR;
> > > + }
> > > +
> > > + //
> > > + // After ExitBootServices, Redfish Credential Protocol should
> > > + stop the
> > > service.
> > > + // So, here, we create ExitBootService Event to stop service.
> > > + //
> > > + Status = gBS->CreateEventEx (
> > > + EVT_NOTIFY_SIGNAL,
> > > + TPL_CALLBACK,
> > > + RedfishCredentialExitBootServicesEventNotify,
> > > + (VOID *)&mRedfishCredentialProtocol,
> > > + &gEfiEventExitBootServicesGuid,
> > > + &ExitBootServiceEvent
> > > + );
> > > + if (EFI_ERROR (Status)) {
> > > + gBS->CloseEvent (EndOfDxeEvent);
> > > + goto ON_ERROR;
> > > + }
> > > +
> > > + return EFI_SUCCESS;
> > > +
> > > +ON_ERROR:
> > > +
> > > + gBS->UninstallMultipleProtocolInterfaces (
> > > + Handle,
> > > + &gEdkIIRedfishCredentialProtocolGuid,
> > > + &mRedfishCredentialProtocol,
> > > + NULL
> > > + );
> > > +
> > > + return Status;
> > > +}
> > > diff --git a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > > b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > > new file mode 100644
> > > index 0000000000..6e7e417b33
> > > --- /dev/null
> > > +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > > @@ -0,0 +1,75 @@
> > > +/** @file
> > > + Definition of Redfish Credential DXE driver.
> > > +
> > > + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > > +
> > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > +
> > > +**/
> > > +#ifndef EDKII_REDFISH_CREDENTIAL_DXE_H_ #define
> > > +EDKII_REDFISH_CREDENTIAL_DXE_H_
> > > +
> > > +#include <Protocol/EdkIIRedfishCredential.h>
> > > +
> > > +#include <Library/BaseLib.h>
> > > +#include <Library/DebugLib.h>
> > > +#include <Library/PrintLib.h>
> > > +#include <Library/RedfishCredentialLib.h> #include
> > > +<Library/UefiLib.h> #include <Library/UefiBootServicesTableLib.h>
> > > +
> > > +/**
> > > + Retrieve platform's Redfish authentication information.
> > > +
> > > + This functions returns the Redfish authentication method together
> > > + with
> > > the user Id and
> > > + password.
> > > + - For AuthMethodNone, the UserId and Password could be used for
> > > + HTTP
> > > header authentication
> > > + as defined by RFC7235.
> > > + - For AuthMethodRedfishSession, the UserId and Password could be
> > > + used
> > > for Redfish
> > > + session login as defined by Redfish API specification (DSP0266).
> > > +
> > > + Callers are responsible for and freeing the returned string storage.
> > > +
> > > + @param[in] This Pointer to
> > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > + @param[out] AuthMethod Type of Redfish authentication
> method.
> > > + @param[out] UserId The pointer to store the returned UserId
> > > string.
> > > + @param[out] Password The pointer to store the returned
> > Password
> > > string.
> > > +
> > > + @retval EFI_SUCCESS Get the authentication information
> > > successfully.
> > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> EndOfDxe.
> > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> > > Password is NULL.
> > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > > resources.
> > > + @retval EFI_UNSUPPORTED Unsupported authentication method
> is
> > > found.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +RedfishCredentialGetAuthInfo (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > > + OUT CHAR8 **UserId,
> > > + OUT CHAR8 **Password
> > > + );
> > > +
> > > +/**
> > > + Notify the Redfish service provide to stop provide configuration
> > > +service to
> > > this platform.
> > > +
> > > + This function should be called when the platfrom is about to
> > > + leave the safe
> > > environment.
> > > + It will notify the Redfish service provider to abort all logined
> > > + session, and
> > > prohibit
> > > + further login with original auth info. GetAuthInfo() will return
> > > EFI_UNSUPPORTED once this
> > > + function is returned.
> > > +
> > > + @param[in] This Pointer to
> > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > +
> > > + @retval EFI_SUCCESS Service has been stoped successfully.
> > > + @retval EFI_INVALID_PARAMETER This is NULL.
> > > + @retval Others Some error happened.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +RedfishCredentialStopService (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> ServiceStopType
> > > + );
> > > +#endif
> > > diff --git
> > > a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > > b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > > new file mode 100644
> > > index 0000000000..707d9a04d9
> > > --- /dev/null
> > > +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > > @@ -0,0 +1,51 @@
> > > +## @file
> > > +# RedfishCredentialDxe is required to produce the # EdkII
> > > +RedfishCredentialProtocol for the consumer to get the Redfish #
> > > +credential Info and to restrict Redfish access from UEFI side.
> > > +#
> > > +# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > > +#
> > > +SPDX-License-Identifier: BSD-2-Clause-Patent # ##
> > > +
> > > +[Defines]
> > > + INF_VERSION = 0x0001000b
> > > + BASE_NAME = RedfishCredentialDxe
> > > + FILE_GUID = 458CE95A-4942-09A9-5D21-A6B16D5DAD7F
> > > + MODULE_TYPE = DXE_DRIVER
> > > + VERSION_STRING = 1.0
> > > + ENTRY_POINT = RedfishCredentialDxeDriverEntryPoint
> > > +
> > > +#
> > > +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 RISCV64
> > > +#
> > > +
> > > +[Sources]
> > > + RedfishCredentialDxe.c
> > > + RedfishCredentialDxe.h
> > > +
> > > +[Packages]
> > > + MdePkg/MdePkg.dec
> > > + MdeModulePkg/MdeModulePkg.dec
> > > + RedfishPkg/RedfishPkg.dec
> > > +
> > > +[LibraryClasses]
> > > + BaseLib
> > > + DebugLib
> > > + PrintLib
> > > + RedfishPlatformCredentialLib
> > > + UefiBootServicesTableLib
> > > + UefiDriverEntryPoint
> > > + UefiRuntimeServicesTableLib
> > > + UefiLib
> > > +
> > > +[Protocols]
> > > + gEdkIIRedfishCredentialProtocolGuid ## BY_START
> > > +
> > > +
> > > +[Guids]
> > > + gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event
> > > + gEfiEventExitBootServicesGuid ## CONSUMES ## Event
> > > +
> > > +[Depex]
> > > + TRUE
> > > diff --git a/RedfishPkg/RedfishPkg.dec b/RedfishPkg/RedfishPkg.dec
> > > index 861f6dd0c8..fc56b4fefb 100644
> > > --- a/RedfishPkg/RedfishPkg.dec
> > > +++ b/RedfishPkg/RedfishPkg.dec
> > > @@ -21,6 +21,10 @@
> > > # Platform implementation-specific Redfish Host Interface.
> > >
> > > RedfishPlatformHostInterfaceLib|Include/Library/RedfishHostInterface
> > > RedfishPlatformHostInterfaceLib|Li
> > > RedfishPlatformHostInterfaceLib|b.h
> > >
> > > + ## @libraryclass Platform Redfish Credential Library
> > > + # Platform implementation-specific Redfish Credential Interface.
> > > +
> > > + RedfishPlatformCredentialLib|Include/Library/RedfishCredentialLib.
> > > + h
> > > +
> > > [Protocols]
> > > ## Include/Protocol/RedfishDiscover.h
> > > gEfiRedfishDiscoverProtocolGuid = { 0x5db12509, 0x4550, 0x4347,
> { 0x96,
> > > 0xb3, 0x73, 0xc0, 0xff, 0x6e, 0x86, 0x9f }} diff --git
> > > a/RedfishPkg/RedfishPkg.dsc b/RedfishPkg/RedfishPkg.dsc index
> > > 94e7127bc6..f7d5b90918 100644
> > > --- a/RedfishPkg/RedfishPkg.dsc
> > > +++ b/RedfishPkg/RedfishPkg.dsc
> > > @@ -32,6 +32,7 @@
> > >
> > >
> >
> DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/Bas
> > > eDebugPrintErrorLevelLib.inf
> > > PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
> > >
> > > RedfishPlatformHostInterfaceLib|RedfishPkg/Library/PlatformHostInter
> > > RedfishPlatformHostInterfaceLib|fa
> > > RedfishPlatformHostInterfaceLib|ce
> > > LibNull/PlatformHostInterfaceLibNull.inf
> > > +
> > > RedfishPlatformCredentialLib|RedfishPkg/Library/PlatformCredentialLi
> > > RedfishPlatformCredentialLib|bN
> > > RedfishPlatformCredentialLib|ull/
> > > PlatformCredentialLibNull.inf
> > >
> > > [LibraryClasses.ARM, LibraryClasses.AARCH64]
> > > #
> > > @@ -43,5 +44,6 @@
> > >
> > > [Components]
> > >
> > > RedfishPkg/Library/PlatformHostInterfaceLibNull/PlatformHostInterfac
> > > eL
> > > ibN
> > > ull.inf
> > > +
> > > RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNu
> > > ll
> > > .inf
> > >
> > > !include RedfishPkg/Redfish.dsc.inc
> > > --
> > > 2.17.1
next prev parent reply other threads:[~2020-12-16 7:27 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-09 8:43 [PATCH 0/2] EDKII Redfish Credential DXE Driver Abner Chang
2020-12-09 8:43 ` [PATCH 1/2] RedfishPkg/Include: EDKII Redfish Credential Header file Abner Chang
2020-12-10 2:44 ` Nickle Wang
2020-12-16 2:37 ` Nickle Wang
2020-12-09 8:43 ` [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish Credential DXE driver Abner Chang
2020-12-10 2:00 ` 回复: [edk2-devel] " gaoliming
2020-12-10 2:12 ` Abner Chang
2020-12-16 2:45 ` Nickle Wang
2020-12-16 7:08 ` Abner Chang
2020-12-16 7:27 ` Abner Chang [this message]
2020-12-16 7:37 ` Nickle Wang
2020-12-16 7:43 ` Abner Chang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CS1PR8401MB1144FE37CDEFDDCAA96C9265FFC50@CS1PR8401MB1144.NAMPRD84.PROD.OUTLOOK.COM \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox