From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-002e3701.pphosted.com (mx0a-002e3701.pphosted.com [148.163.147.86]) by mx.groups.io with SMTP id smtpd.web09.4081.1608103631222284438 for ; Tue, 15 Dec 2020 23:27:11 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@hpe.com header.s=pps0720 header.b=ZNAKb9H5; spf=pass (domain: hpe.com, ip: 148.163.147.86, mailfrom: prvs=0619d1d483=abner.chang@hpe.com) Received: from pps.filterd (m0134420.ppops.net [127.0.0.1]) by mx0b-002e3701.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 0BG7Oicf019431 for ; Wed, 16 Dec 2020 07:27:10 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hpe.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=pps0720; bh=mCgZpX4CA51akX9khw2XxwLLbmDYZqZcrzgIkgXiQaQ=; b=ZNAKb9H5L6ejaoeYvNLtSt+dnOTjrGFgnJwbgTYW97lwt1T+FedeZfCmzJjoKaHsF9KL reuGhQQyzWenOeCEokhz2Rp1IBsLgvEyK9Ottv8I/DYPp3o/CDyL1zl39tNoEOnFSfR3 hI+riB58XCxmmaONv4/q9uulkI96HsFtXwPZtZaE9RUxfU6qeUqZNyJPpiHmJwABUYrJ ibzcbtaP78d7HbXyGEqQ0+nbW+4fo2jNRN4ib1PlNEy2uZVUAhOlFGTk9Q0e7mmVU64A gNPfAI5wLaVIsxCvF7Kc8sVvagVnKbwvUCfCWKB9GsIdhYAb+Yt4bykbIDK6XMR56++g 7g== Received: from g4t3426.houston.hpe.com (g4t3426.houston.hpe.com [15.241.140.75]) by mx0b-002e3701.pphosted.com with ESMTP id 35ex93y0xw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Dec 2020 07:27:10 +0000 Received: from G9W9210.americas.hpqcorp.net (g9w9210.houston.hpecorp.net [16.220.66.155]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by g4t3426.houston.hpe.com (Postfix) with ESMTPS id 95A545F for ; Wed, 16 Dec 2020 07:27:09 +0000 (UTC) Received: from G9W9209.americas.hpqcorp.net (2002:10dc:429c::10dc:429c) by G9W9210.americas.hpqcorp.net (2002:10dc:429b::10dc:429b) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 16 Dec 2020 07:27:09 +0000 Received: from NAM02-CY1-obe.outbound.protection.outlook.com (15.241.52.12) by G9W9209.americas.hpqcorp.net (16.220.66.156) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 16 Dec 2020 07:27:08 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OwMqvedkk182NckxOgE/vMiQKETvIVCIafXiM8rdNWJCiB4hOp3GAM96NbLK5fSHZ5W++LX3ZxEGET5TXrQOt5zJNB8iaxJ16U7hrYV+0B8XIlDYu9Bwd1i9BhUm8diUdaCBts0ankJfd2Rw5XjKlaWVn3UscrymSxdjk5bpe6cWVRhVomTHAn5pTKfl0QlV+0onBFTb2z5xrZyMo92ixtWHFoJnMoDpkAlGYo4hHcXMhH1doEvtqQNr6E6yoJKqS/5Pj8zWN3DOac91E03XRMJQ7tY5xmZLAopMeoRv5vULVo4ZGejin4VDFFvJCim0MCXe6zC/5vpQYFER0AxJgg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mCgZpX4CA51akX9khw2XxwLLbmDYZqZcrzgIkgXiQaQ=; b=O8o2FeF93vAfKHK+JtorI9BHJ3mPMq4MkBYiUuC9uH//oTvPTfyn1/yJll7KKgatKM0DYUTy4E9QtukPBVVZIhA9NJIdsVmxNoHwsu9bXeWdN9tZRWBJDoSqVThZdGsBnro6yDsOnALxLAvYh2/4AqjPJlpYG9iyYFFtzmYn7bdHybzEL0CTkYydqAyksnOd+yS5k5ni2PrebNvIHq6RXFpOHeGwqogwByabz5RJaGtcK63Zigf6xEcbi2eLBHJP2i7GhiGIyFBaHhxeVN7QXH23Ey6E7VAEZv93Pr3V/q52RgxLPherEDka/lpBX4Hx1KsrvKvA0sVG4ycPsYavpg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=hpe.com; dmarc=pass action=none header.from=hpe.com; dkim=pass header.d=hpe.com; arc=none Received: from CS1PR8401MB1144.NAMPRD84.PROD.OUTLOOK.COM (2a01:111:e400:7508::16) by CS1PR8401MB0421.NAMPRD84.PROD.OUTLOOK.COM (2a01:111:e400:7508::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Wed, 16 Dec 2020 07:27:07 +0000 Received: from CS1PR8401MB1144.NAMPRD84.PROD.OUTLOOK.COM ([fe80::a094:ed67:fb40:340e]) by CS1PR8401MB1144.NAMPRD84.PROD.OUTLOOK.COM ([fe80::a094:ed67:fb40:340e%10]) with mapi id 15.20.3654.025; Wed, 16 Dec 2020 07:27:07 +0000 From: "Abner Chang" To: "Wang, Nickle (HPS SW)" , "devel@edk2.groups.io" CC: "O'Hanley, Peter (EXL)" Subject: Re: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish Credential DXE driver Thread-Topic: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish Credential DXE driver Thread-Index: AQHWzg30T64bER/8z0CdUjUDIPC/3an5Df/AgABJNWCAAARcUA== Date: Wed, 16 Dec 2020 07:27:07 +0000 Message-ID: References: <20201209084333.22422-1-abner.chang@hpe.com> <20201209084333.22422-3-abner.chang@hpe.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: hpe.com; dkim=none (message not signed) header.d=none;hpe.com; dmarc=none action=none header.from=hpe.com; x-originating-ip: [16.242.247.131] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 335415de-0dfe-4cca-76eb-08d8a193feaa x-ms-traffictypediagnostic: CS1PR8401MB0421: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:3513; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: nLxCLnu+w7518WliQJwNrlJAbEGMXDOEvPlpTdvoPu7MnwdzikkX4861xhNbtTQ6kqqEJ0RDePE4SuIz95z3ORdO2qSHgzvfJV0/C/GdtglU1SKyMoyFDOE6Ct7439bBKlyOOde1DuTTEBC9YkacFMHmrzD2AmImymiyR5bjYHwa4qVKKv8QI9U7C1KoH6kHYOQlTBvh3lvSu0/DXlgGh6jugSV5rXZl53czNmslKwPjkCFqL7AvLP/fI60WhsUEeXYdK9ayDkmu3/OVzCdzQ9rhmnEIXSpUNTMkfnWRgOwU2CNEGFNAY0ZUkbqCIhY3XYyfdCkjlNvxnYJ0TsDIrMD69/wy/MybG2h0OXD24gIWvW65CLGIzgiCs8Nb4Q3Z x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CS1PR8401MB1144.NAMPRD84.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(366004)(136003)(376002)(396003)(346002)(39860400002)(2940100002)(66446008)(76116006)(26005)(8936002)(6506007)(9686003)(316002)(5660300002)(2906002)(33656002)(71200400001)(186003)(64756008)(4326008)(7696005)(66476007)(53546011)(55016002)(110136005)(66556008)(83380400001)(478600001)(52536014)(86362001)(8676002)(30864003)(66946007)(559001)(579004)(44824005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?7LElqNkeL6AIh+LHDP4ChUs67u0zLbYs7xUbIuvOljQsV2OG8BEvw55RacR8?= =?us-ascii?Q?BXnHgmJ3G2Wcf65q4k9CV83Ye6GD387r+D5qkV3gMsMsa0mb7LJq3CatOLuO?= =?us-ascii?Q?rhz4FalbpYsHKUyYL+ZzGZc/P9oXWf1JoPAnf9Q8p/bdOGT+Jv5KeuMGsuBM?= =?us-ascii?Q?1xJJXXWSXiUCqRXXplhrzaeqcNQYX97oG19FkL0QRQIkwURtEi/py7dI+NqQ?= =?us-ascii?Q?aD1MZZ70AgttU94/Aomoa3M1yZr4GCUZ4nlPRU4N0W5cfUfroGL7moAXXtH9?= =?us-ascii?Q?ng5ygZULzZumDT6RIBq1Xd8zKLS6CaJ2nXfzFxCmZPqn6FvuxWTnJjWJkYTd?= =?us-ascii?Q?Ce5eYUQrNGuCMS+ZTrw7O8Ikx0NnjUPqXxXkATtgYxDIBVZUjOtPdDrGb2jx?= =?us-ascii?Q?W141GlNOQI9k7hL2HNV+kkBVzjs06sFWx6SOG8DDij/tCckc7z85sMdhmrzW?= =?us-ascii?Q?qtTxlL3z4+o+til8QgSS4cyrNEIP1k4GrBSN20aVXFUA4p3REXtos2vUy13z?= =?us-ascii?Q?G01howo2SiJ54jrVMiILXDl6KIyA9rpwRAbzucnUeE+OcbFbn6Vs+HvH6waQ?= =?us-ascii?Q?1K4Gpisf7CDmOWktGLzGSxQnBFZ6Lbo4hjaaseSEaEY7vYA2bNVnnbB8RTWz?= =?us-ascii?Q?Td+V4AVCN9oAMwm0e+jvBvpgNjoyhkS1sPIGLIpZCqNjhLWPPWeH7VKXtTRL?= =?us-ascii?Q?BR+EueQALDZhhTG4RgYRn7mGGXYsHKvyq/8jJqU4TQ+z2X3N3D7VMNF8nTKK?= =?us-ascii?Q?tCe6MR/Vnt1AVKBesOYcxdPclqAKDcCNDhi9x+y9OEqHCO5xudUdddKCWQOK?= =?us-ascii?Q?yRcaifm20+DJC2Ga6/18Udm2O+/NXrWAKtwIEAu0SKuiedTnMT4tImwSKYkj?= =?us-ascii?Q?xLpVXzhZRSViLvQjmsjSggp3qrr7ZcgoLBReuz9HPanBrBIEWnPQgQwmT2G9?= =?us-ascii?Q?NqooODEgO21aBref12ch2Z0xp7x6wCxA514+WzkOeR8=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CS1PR8401MB1144.NAMPRD84.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 335415de-0dfe-4cca-76eb-08d8a193feaa X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Dec 2020 07:27:07.6914 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 105b2061-b669-4b31-92ac-24d304d195dc X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: HfD+yxaFPM1V0+VEEIvQunD+wrbhw4D9QLm/K4yXVKHwFG3NOTbDajWvEI/f4oV/AqZKZ/I/i60PH4c6BM4ALA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CS1PR8401MB0421 X-OriginatorOrg: hpe.com X-HPE-SCL: -1 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343,18.0.737 definitions=2020-12-16_02:2020-12-15,2020-12-16 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 lowpriorityscore=0 adultscore=0 spamscore=0 bulkscore=0 impostorscore=0 suspectscore=0 mlxlogscore=999 clxscore=1015 priorityscore=1501 malwarescore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2012160045 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable > -----Original Message----- > From: Chang, Abner (HPS SW/FW Technologist) > Sent: Wednesday, December 16, 2020 3:09 PM > To: Wang, Nickle (HPS SW) ; devel@edk2.groups.io > Cc: O'Hanley, Peter (EXL) > Subject: RE: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish > Credential DXE driver >=20 >=20 >=20 > > -----Original Message----- > > From: Wang, Nickle (HPS SW) > > Sent: Wednesday, December 16, 2020 10:46 AM > > To: Chang, Abner (HPS SW/FW Technologist) ; > > devel@edk2.groups.io > > Cc: O'Hanley, Peter (EXL) > > Subject: RE: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII > > Redfish Credential DXE driver > > > > Hi Abner, > > > > Overall looks good to me. Just a question about implementation. > > > > The End-Of-DXE and Exit-Boot-Service is registered in Redfish > > Credential driver and the implementation is provide by > > RedfishPlatformCredentialLib library. May I know if it is possible to > > register these two events in RedfishPlatformCredentialLib directly? In > > this way, we do not need two additional interfaces in > RedfishPlatformCredentialLib library. > Yes Nickle, I think we can do that. Will resend the patch. > thanks Hi Nickle, Sorry for the confusion, I just about to change the code but I still think = we should keep these two registrations in RedfishCredentialDXe. That is the security concern of implementing these two notifications in Re= dfishCredentialDxe and then invoke to platform code. This forces OEM to c= onsider and provide their secret sauce for preventing from 3rd party code t= o steal the Redfish credential. That is OEM's choice if they want to leave = these two functions in empty. But I think edk2 code should force them not f= orgetting to implement that. So, I would like to still keep it. > > > > Thanks, > > Nickle > > > > > -----Original Message----- > > > From: Chang, Abner (HPS SW/FW Technologist) > > > > Sent: Wednesday, December 9, 2020 4:44 PM > > > To: devel@edk2.groups.io > > > Cc: Wang, Nickle (HPS SW) ; O'Hanley, Peter > > > (EXL) > > > Subject: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish > > > Credential DXE driver > > > > > > EDKII Redfish Credential DXE driver which abstracts platform Redfish > > > credential implementation. > > > > > > Signed-off-by: Jiaxin Wu > > > Signed-off-by: Ting Ye > > > Signed-off-by: Siyuan Fu > > > Signed-off-by: Fan Wang > > > Signed-off-by: Abner Chang > > > > > > Cc: Nickle Wang > > > Cc: Peter O'Hanley > > > --- > > > .../Include/Library/RedfishCredentialLib.h | 91 ++++++++ > > > .../PlatformCredentialLibNull.c | 101 +++++++++ > > > .../PlatformCredentialLibNull.inf | 30 +++ > > > RedfishPkg/Redfish.fdf.inc | 1 + > > > RedfishPkg/RedfishComponents.dsc.inc | 1 + > > > .../RedfishCredentialDxe.c | 209 ++++++++++++++++= ++ > > > .../RedfishCredentialDxe.h | 75 +++++++ > > > .../RedfishCredentialDxe.inf | 51 +++++ > > > RedfishPkg/RedfishPkg.dec | 4 + > > > RedfishPkg/RedfishPkg.dsc | 2 + > > > 10 files changed, 565 insertions(+) create mode 100644 > > > RedfishPkg/Include/Library/RedfishCredentialLib.h > > > create mode 100644 > > > RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNu > > > ll > > > .c > > > create mode 100644 > > > RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNu > > > ll > > > .inf > > > create mode 100644 > > > RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c > > > create mode 100644 > > > RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h > > > create mode 100644 > > > RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf > > > > > > diff --git a/RedfishPkg/Include/Library/RedfishCredentialLib.h > > > b/RedfishPkg/Include/Library/RedfishCredentialLib.h > > > new file mode 100644 > > > index 0000000000..dac1b3303f > > > --- /dev/null > > > +++ b/RedfishPkg/Include/Library/RedfishCredentialLib.h > > > @@ -0,0 +1,91 @@ > > > +/** @file > > > + Definitinos of RedfishHostInterfaceDxe driver. > > > + > > > + (C) Copyright 2020 Hewlett Packard Enterprise Development LP
> > > + > > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > > + > > > +**/ > > > +#ifndef REDFISH_CREDENTIAL_LIB_H_ > > > +#define REDFISH_CREDENTIAL_LIB_H_ > > > + > > > +#include > > > + > > > +/** > > > + Notification of Exit Boot Service. > > > + > > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > > > +**/ > > > +VOID > > > +EFIAPI > > > +LibCredentialExitBootServicesNotify ( > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This ); > > > + > > > +/** > > > + Notification of End of DXe. > > > + > > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > > > +**/ > > > +VOID > > > +EFIAPI > > > +LibCredentialEndOfDxeNotify ( > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This ); > > > + > > > +/** > > > + Retrieve platform's Redfish authentication information. > > > + > > > + This functions returns the Redfish authentication method together > > > + with > > > the user Id and > > > + password. > > > + - For AuthMethodNone, the UserId and Password could be used for > > > + HTTP > > > header authentication > > > + as defined by RFC7235. > > > + - For AuthMethodRedfishSession, the UserId and Password could be > > > + used > > > for Redfish > > > + session login as defined by Redfish API specification (DSP0266)= . > > > + > > > + Callers are responsible for and freeing the returned string storag= e. > > > + > > > + @param[in] This Pointer to > > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > > > + @param[out] AuthMethod Type of Redfish authentication > method. > > > + @param[out] UserId The pointer to store the returned= UserId > > > string. > > > + @param[out] Password The pointer to store the returned > > Password > > > string. > > > + > > > + @retval EFI_SUCCESS Get the authentication informatio= n > > > successfully. > > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after > EndOfDxe. > > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or > > > Password is NULL. > > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory > > > resources. > > > + @retval EFI_UNSUPPORTED Unsupported authentication method > is > > > found. > > > + > > > +**/ > > > +EFI_STATUS > > > +EFIAPI > > > +LibCredentialGetAuthInfo ( > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod, > > > + OUT CHAR8 **UserId, > > > + OUT CHAR8 **Password > > > +); > > > + > > > +/** > > > + Notify the Redfish service provide to stop provide configuration > > > +service to > > > this platform. > > > + > > > + This function should be called when the platfrom is about to > > > + leave the safe > > > environment. > > > + It will notify the Redfish service provider to abort all logined > > > + session, and > > > prohibit > > > + further login with original auth info. GetAuthInfo() will return > > > EFI_UNSUPPORTED once this > > > + function is returned. > > > + > > > + @param[in] This Pointer to > > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > > > + @param[in] ServiceStopType Reason of stopping Redfish servic= e. > > > + > > > + @retval EFI_SUCCESS Service has been stoped successfu= lly. > > > + @retval EFI_INVALID_PARAMETER This is NULL. > > > + @retval Others Some error happened. > > > + > > > +**/ > > > +EFI_STATUS > > > +EFIAPI > > > +LibStopRedfishService ( > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE > ServiceStopType > > > +); > > > +#endif > > > diff --git > > > a/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLib > > > Nu > > > ll.c > > > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLib > > > Nu > > > ll.c > > > new file mode 100644 > > > index 0000000000..39de622d59 > > > --- /dev/null > > > +++ > > > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLib > > > Nu > > > ll.c > > > @@ -0,0 +1,101 @@ > > > +/** @file > > > + NULL instace of RedfishPlatformCredentialLib > > > + > > > + (C) Copyright 2020 Hewlett Packard Enterprise Development LP
> > > + > > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > > + > > > +**/ > > > +#include > > > +#include > > > +/** > > > + Notification of Exit Boot Service. > > > + > > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > > > +**/ > > > +VOID > > > +EFIAPI > > > +LibCredentialExitBootServicesNotify ( > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > > > +) > > > +{ > > > + return; > > > +} > > > + > > > +/** > > > + Notification of End of DXe. > > > + > > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > > > +**/ > > > +VOID > > > +EFIAPI > > > +LibCredentialEndOfDxeNotify ( > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > > > +) > > > +{ > > > + return; > > > +} > > > + > > > +/** > > > + Retrieve platform's Redfish authentication information. > > > + > > > + This functions returns the Redfish authentication method together > > > + with > > > the user Id and > > > + password. > > > + - For AuthMethodNone, the UserId and Password could be used for > > > + HTTP > > > header authentication > > > + as defined by RFC7235. > > > + - For AuthMethodRedfishSession, the UserId and Password could be > > > + used > > > for Redfish > > > + session login as defined by Redfish API specification (DSP0266)= . > > > + > > > + Callers are responsible for and freeing the returned string storag= e. > > > + > > > + @param[in] This Pointer to > > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > > > + @param[out] AuthMethod Type of Redfish authentication > method. > > > + @param[out] UserId The pointer to store the returned= UserId > > > string. > > > + @param[out] Password The pointer to store the returned > > Password > > > string. > > > + > > > + @retval EFI_SUCCESS Get the authentication informatio= n > > > successfully. > > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after > EndOfDxe. > > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or > > > Password is NULL. > > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory > > > resources. > > > + @retval EFI_UNSUPPORTED Unsupported authentication method > is > > > found. > > > + > > > +**/ > > > +EFI_STATUS > > > +EFIAPI > > > +LibCredentialGetAuthInfo ( > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod, > > > + OUT CHAR8 **UserId, > > > + OUT CHAR8 **Password > > > +) > > > +{ > > > + return EFI_UNSUPPORTED; > > > +} > > > + > > > +/** > > > + Notify the Redfish service provide to stop provide configuration > > > +service to > > > this platform. > > > + > > > + This function should be called when the platfrom is about to > > > + leave the safe > > > environment. > > > + It will notify the Redfish service provider to abort all logined > > > + session, and > > > prohibit > > > + further login with original auth info. GetAuthInfo() will return > > > EFI_UNSUPPORTED once this > > > + function is returned. > > > + > > > + @param[in] This Pointer to > > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > > > + @param[in] ServiceStopType Reason of stopping Redfish servic= e. > > > + > > > + @retval EFI_SUCCESS Service has been stoped successfu= lly. > > > + @retval EFI_INVALID_PARAMETER This is NULL or given the worng > > > ServiceStopType. > > > + @retval EFI_UNSUPPORTED Not support to stop Redfish servi= ce. > > > + @retval Others Some error happened. > > > + > > > +**/ > > > +EFI_STATUS > > > +EFIAPI > > > +LibStopRedfishService ( > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE > ServiceStopType > > > + ) > > > +{ > > > + return EFI_UNSUPPORTED; > > > +} > > > + > > > diff --git > > > a/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLib > > > Nu > > > ll.in > > > f > > > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLib > > > Nu > > > ll.in > > > f > > > new file mode 100644 > > > index 0000000000..4c22e89718 > > > --- /dev/null > > > +++ > > > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLib > > > Nu > > > ll.in > > > f > > > @@ -0,0 +1,30 @@ > > > +## @file > > > +# NULL instance of RedfishPlatformCredentialLib # # (C) Copyright > > > +2020 Hewlett Packard Enterprise Development LP
# # > > > +SPDX-License-Identifier: BSD-2-Clause-Patent # ## > > > + > > > +[Defines] > > > + INF_VERSION =3D 0x0001000b > > > + BASE_NAME =3D RedfishPlatformCredentialLibNul= l > > > + FILE_GUID =3D CA3BD843-0BDD-4EE0-A38A-B45CA66= 3114F > > > + MODULE_TYPE =3D DXE_DRIVER > > > + VERSION_STRING =3D 1.0 > > > + LIBRARY_CLASS =3D RedfishPlatformCredentialLib > > > + > > > +# > > > +# VALID_ARCHITECTURES =3D IA32 X64 ARM AARCH64 RISCV64 > > > +# > > > + > > > +[Sources] > > > + PlatformCredentialLibNull.c > > > + > > > +[Packages] > > > + MdePkg/MdePkg.dec > > > + MdeModulePkg/MdeModulePkg.dec > > > + RedfishPkg/RedfishPkg.dec > > > + > > > + > > > diff --git a/RedfishPkg/Redfish.fdf.inc b/RedfishPkg/Redfish.fdf.inc > > > index 19de479a80..24e32e0abf 100644 > > > --- a/RedfishPkg/Redfish.fdf.inc > > > +++ b/RedfishPkg/Redfish.fdf.inc > > > @@ -13,4 +13,5 @@ > > > !if $(REDFISH_ENABLE) =3D=3D TRUE > > > INF RedfishPkg/RestJsonStructureDxe/RestJsonStructureDxe.inf > > > INF > > > RedfishPkg/RedfishHostInterfaceDxe/RedfishHostInterfaceDxe.inf > > > + INF RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf > > > !endif > > > diff --git a/RedfishPkg/RedfishComponents.dsc.inc > > > b/RedfishPkg/RedfishComponents.dsc.inc > > > index ac1b57ed8f..ff32653ec8 100644 > > > --- a/RedfishPkg/RedfishComponents.dsc.inc > > > +++ b/RedfishPkg/RedfishComponents.dsc.inc > > > @@ -15,4 +15,5 @@ > > > !if $(REDFISH_ENABLE) =3D=3D TRUE > > > RedfishPkg/RestJsonStructureDxe/RestJsonStructureDxe.inf > > > RedfishPkg/RedfishHostInterfaceDxe/RedfishHostInterfaceDxe.inf > > > + RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf > > > !endif > > > diff --git a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c > > > b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c > > > new file mode 100644 > > > index 0000000000..f48d1d011c > > > --- /dev/null > > > +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c > > > @@ -0,0 +1,209 @@ > > > +/** @file > > > + RedfishCrentialDxe produces the EdkIIRedfishCredentialProtocol > > > +for the > > > consumer > > > + to get the Redfish credential Info and to restrict Redfish access > > > + from UEFI > > > side. > > > + > > > + (C) Copyright 2020 Hewlett Packard Enterprise Development LP
> > > + > > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > > + > > > +**/ > > > + > > > +#include > > > + > > > +EDKII_REDFISH_CREDENTIAL_PROTOCOL mRedfishCredentialProtocol =3D > { > > > + RedfishCredentialGetAuthInfo, > > > + RedfishCredentialStopService > > > +}; > > > + > > > +/** > > > + Callback function executed when the ExitBootServices event group > > > +is > > > signaled. > > > + > > > + @param[in] Event Event whose notification function is being in= voked. > > > + @param[out] Context Pointer to the buffer pass in. > > > +**/ > > > +VOID > > > +EFIAPI > > > +RedfishCredentialExitBootServicesEventNotify ( > > > + IN EFI_EVENT Event, > > > + OUT VOID *Context > > > + ) > > > +{ > > > + LibCredentialExitBootServicesNotify > > > ((EDKII_REDFISH_CREDENTIAL_PROTOCOL *)Context); > > > +} > > > + > > > +/** > > > + Callback function executed when the EndOfDxe event group is signal= ed. > > > + > > > + @param[in] Event Event whose notification function is being in= voked. > > > + @param[out] Context Pointer to the buffer pass in. > > > +**/ > > > +VOID > > > +EFIAPI > > > +RedfishCredentialEndOfDxeEventNotify ( > > > + IN EFI_EVENT Event, > > > + OUT VOID *Context > > > + ) > > > +{ > > > + LibCredentialEndOfDxeNotify > ((EDKII_REDFISH_CREDENTIAL_PROTOCOL > > > *)Context); > > > + > > > + // > > > + // Close event, so it will not be invoked again. > > > + // > > > + gBS->CloseEvent (Event); > > > +} > > > + > > > +/** > > > + Retrieve platform's Redfish authentication information. > > > + > > > + This functions returns the Redfish authentication method together > > > + with > > > the user Id and > > > + password. > > > + - For AuthMethodNone, the UserId and Password could be used for > > > + HTTP > > > header authentication > > > + as defined by RFC7235. > > > + - For AuthMethodRedfishSession, the UserId and Password could be > > > + used > > > for Redfish > > > + session login as defined by Redfish API specification (DSP0266)= . > > > + > > > + Callers are responsible for and freeing the returned string storag= e. > > > + > > > + @param[in] This Pointer to > > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > > > + @param[out] AuthMethod Type of Redfish authentication > method. > > > + @param[out] UserId The pointer to store the returned= UserId > > > string. > > > + @param[out] Password The pointer to store the returned > > Password > > > string. > > > + > > > + @retval EFI_SUCCESS Get the authentication informatio= n > > > successfully. > > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after > EndOfDxe. > > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or > > > Password is NULL. > > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory > > > resources. > > > + @retval EFI_UNSUPPORTED Unsupported authentication method > is > > > found. > > > + > > > +**/ > > > +EFI_STATUS > > > +EFIAPI > > > +RedfishCredentialGetAuthInfo ( > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod, > > > + OUT CHAR8 **UserId, > > > + OUT CHAR8 **Password > > > + ) > > > +{ > > > + if (This =3D=3D NULL || AuthMethod =3D=3D NULL || UserId =3D=3D NU= LL || > > > +Password > > > =3D=3D NULL) { > > > + return EFI_INVALID_PARAMETER; > > > + } > > > + > > > + return LibCredentialGetAuthInfo (This, AuthMethod, > > > +UserId,Password); } > > > + > > > +/** > > > + Notify the Redfish service provide to stop provide configuration > > > +service to > > > this platform. > > > + > > > + This function should be called when the platfrom is about to > > > + leave the safe > > > environment. > > > + It will notify the Redfish service provider to abort all logined > > > + session, and > > > prohibit > > > + further login with original auth info. GetAuthInfo() will return > > > EFI_UNSUPPORTED once this > > > + function is returned. > > > + > > > + @param[in] This Pointer to > > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > > > + @param[in] ServiceStopType Reason of stopping Redfish servic= e. > > > + > > > + @retval EFI_SUCCESS Service has been stoped successfu= lly. > > > + @retval EFI_INVALID_PARAMETER This is NULL or given the worng > > > ServiceStopType. > > > + @retval EFI_UNSUPPORTED Not support to stop Redfish servi= ce. > > > + @retval Others Some error happened. > > > + > > > +**/ > > > +EFI_STATUS > > > +EFIAPI > > > +RedfishCredentialStopService ( > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE > ServiceStopType > > > + ) > > > +{ > > > + if (This =3D=3D NULL) { > > > + return EFI_INVALID_PARAMETER; > > > + } > > > + > > > + return LibStopRedfishService (This, ServiceStopType); } > > > + > > > +/** > > > + Main entry for this driver. > > > + > > > + @param ImageHandle Image handle this driver. > > > + @param SystemTable Pointer to SystemTable. > > > + > > > + @retval EFI_SUCESS This function always complete successfully. > > > + > > > +**/ > > > +EFI_STATUS > > > +EFIAPI > > > +RedfishCredentialDxeDriverEntryPoint ( > > > + IN EFI_HANDLE ImageHandle, > > > + IN EFI_SYSTEM_TABLE *SystemTable > > > + ) > > > +{ > > > + EFI_STATUS Status; > > > + EFI_HANDLE Handle; > > > + EFI_EVENT EndOfDxeEvent; > > > + EFI_EVENT ExitBootServiceEvent; > > > + > > > + Handle =3D NULL; > > > + > > > + // > > > + // Install the RedfishCredentialProtocol onto Handle. > > > + // > > > + Status =3D gBS->InstallMultipleProtocolInterfaces ( > > > + &Handle, > > > + &gEdkIIRedfishCredentialProtocolGuid, > > > + &mRedfishCredentialProtocol, > > > + NULL > > > + ); > > > + if (EFI_ERROR (Status)) { > > > + return Status; > > > + } > > > + > > > + // > > > + // After EndOfDxe, if SecureBoot is disabled, Redfish Credential > > > + Protocol > > > should return > > > + // error code to caller to avoid the 3rd code to bypass Redfish > > > + Credential > > > Protocol and > > > + // retrieve userid/pwd directly. So, here, we create EndOfDxe > > > + Event to > > > check SecureBoot > > > + // status. > > > + // > > > + Status =3D gBS->CreateEventEx ( > > > + EVT_NOTIFY_SIGNAL, > > > + TPL_CALLBACK, > > > + RedfishCredentialEndOfDxeEventNotify, > > > + (VOID *)&mRedfishCredentialProtocol, > > > + &gEfiEndOfDxeEventGroupGuid, > > > + &EndOfDxeEvent > > > + ); > > > + if (EFI_ERROR (Status)) { > > > + goto ON_ERROR; > > > + } > > > + > > > + // > > > + // After ExitBootServices, Redfish Credential Protocol should > > > + stop the > > > service. > > > + // So, here, we create ExitBootService Event to stop service. > > > + // > > > + Status =3D gBS->CreateEventEx ( > > > + EVT_NOTIFY_SIGNAL, > > > + TPL_CALLBACK, > > > + RedfishCredentialExitBootServicesEventNotify, > > > + (VOID *)&mRedfishCredentialProtocol, > > > + &gEfiEventExitBootServicesGuid, > > > + &ExitBootServiceEvent > > > + ); > > > + if (EFI_ERROR (Status)) { > > > + gBS->CloseEvent (EndOfDxeEvent); > > > + goto ON_ERROR; > > > + } > > > + > > > + return EFI_SUCCESS; > > > + > > > +ON_ERROR: > > > + > > > + gBS->UninstallMultipleProtocolInterfaces ( > > > + Handle, > > > + &gEdkIIRedfishCredentialProtocolGuid, > > > + &mRedfishCredentialProtocol, > > > + NULL > > > + ); > > > + > > > + return Status; > > > +} > > > diff --git a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h > > > b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h > > > new file mode 100644 > > > index 0000000000..6e7e417b33 > > > --- /dev/null > > > +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h > > > @@ -0,0 +1,75 @@ > > > +/** @file > > > + Definition of Redfish Credential DXE driver. > > > + > > > + (C) Copyright 2020 Hewlett Packard Enterprise Development LP
> > > + > > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > > + > > > +**/ > > > +#ifndef EDKII_REDFISH_CREDENTIAL_DXE_H_ #define > > > +EDKII_REDFISH_CREDENTIAL_DXE_H_ > > > + > > > +#include > > > + > > > +#include > > > +#include > > > +#include > > > +#include #include > > > + #include > > > + > > > +/** > > > + Retrieve platform's Redfish authentication information. > > > + > > > + This functions returns the Redfish authentication method together > > > + with > > > the user Id and > > > + password. > > > + - For AuthMethodNone, the UserId and Password could be used for > > > + HTTP > > > header authentication > > > + as defined by RFC7235. > > > + - For AuthMethodRedfishSession, the UserId and Password could be > > > + used > > > for Redfish > > > + session login as defined by Redfish API specification (DSP0266)= . > > > + > > > + Callers are responsible for and freeing the returned string storag= e. > > > + > > > + @param[in] This Pointer to > > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > > > + @param[out] AuthMethod Type of Redfish authentication > method. > > > + @param[out] UserId The pointer to store the returned= UserId > > > string. > > > + @param[out] Password The pointer to store the returned > > Password > > > string. > > > + > > > + @retval EFI_SUCCESS Get the authentication informatio= n > > > successfully. > > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after > EndOfDxe. > > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or > > > Password is NULL. > > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory > > > resources. > > > + @retval EFI_UNSUPPORTED Unsupported authentication method > is > > > found. > > > + > > > +**/ > > > +EFI_STATUS > > > +EFIAPI > > > +RedfishCredentialGetAuthInfo ( > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod, > > > + OUT CHAR8 **UserId, > > > + OUT CHAR8 **Password > > > + ); > > > + > > > +/** > > > + Notify the Redfish service provide to stop provide configuration > > > +service to > > > this platform. > > > + > > > + This function should be called when the platfrom is about to > > > + leave the safe > > > environment. > > > + It will notify the Redfish service provider to abort all logined > > > + session, and > > > prohibit > > > + further login with original auth info. GetAuthInfo() will return > > > EFI_UNSUPPORTED once this > > > + function is returned. > > > + > > > + @param[in] This Pointer to > > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > > > + > > > + @retval EFI_SUCCESS Service has been stoped successfu= lly. > > > + @retval EFI_INVALID_PARAMETER This is NULL. > > > + @retval Others Some error happened. > > > + > > > +**/ > > > +EFI_STATUS > > > +EFIAPI > > > +RedfishCredentialStopService ( > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE > ServiceStopType > > > + ); > > > +#endif > > > diff --git > > > a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf > > > b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf > > > new file mode 100644 > > > index 0000000000..707d9a04d9 > > > --- /dev/null > > > +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf > > > @@ -0,0 +1,51 @@ > > > +## @file > > > +# RedfishCredentialDxe is required to produce the # EdkII > > > +RedfishCredentialProtocol for the consumer to get the Redfish # > > > +credential Info and to restrict Redfish access from UEFI side. > > > +# > > > +# (C) Copyright 2020 Hewlett Packard Enterprise Development LP
> > > +# > > > +SPDX-License-Identifier: BSD-2-Clause-Patent # ## > > > + > > > +[Defines] > > > + INF_VERSION =3D 0x0001000b > > > + BASE_NAME =3D RedfishCredentialDxe > > > + FILE_GUID =3D 458CE95A-4942-09A9-5D21-A6B16D5= DAD7F > > > + MODULE_TYPE =3D DXE_DRIVER > > > + VERSION_STRING =3D 1.0 > > > + ENTRY_POINT =3D RedfishCredentialDxeDriverEntry= Point > > > + > > > +# > > > +# VALID_ARCHITECTURES =3D IA32 X64 ARM AARCH64 RISCV64 > > > +# > > > + > > > +[Sources] > > > + RedfishCredentialDxe.c > > > + RedfishCredentialDxe.h > > > + > > > +[Packages] > > > + MdePkg/MdePkg.dec > > > + MdeModulePkg/MdeModulePkg.dec > > > + RedfishPkg/RedfishPkg.dec > > > + > > > +[LibraryClasses] > > > + BaseLib > > > + DebugLib > > > + PrintLib > > > + RedfishPlatformCredentialLib > > > + UefiBootServicesTableLib > > > + UefiDriverEntryPoint > > > + UefiRuntimeServicesTableLib > > > + UefiLib > > > + > > > +[Protocols] > > > + gEdkIIRedfishCredentialProtocolGuid ## BY_START > > > + > > > + > > > +[Guids] > > > + gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event > > > + gEfiEventExitBootServicesGuid ## CONSUMES ## Event > > > + > > > +[Depex] > > > + TRUE > > > diff --git a/RedfishPkg/RedfishPkg.dec b/RedfishPkg/RedfishPkg.dec > > > index 861f6dd0c8..fc56b4fefb 100644 > > > --- a/RedfishPkg/RedfishPkg.dec > > > +++ b/RedfishPkg/RedfishPkg.dec > > > @@ -21,6 +21,10 @@ > > > # Platform implementation-specific Redfish Host Interface. > > > > > > RedfishPlatformHostInterfaceLib|Include/Library/RedfishHostInterface > > > RedfishPlatformHostInterfaceLib|Li > > > RedfishPlatformHostInterfaceLib|b.h > > > > > > + ## @libraryclass Platform Redfish Credential Library > > > + # Platform implementation-specific Redfish Credential Interface. > > > + > > > + RedfishPlatformCredentialLib|Include/Library/RedfishCredentialLib. > > > + h > > > + > > > [Protocols] > > > ## Include/Protocol/RedfishDiscover.h > > > gEfiRedfishDiscoverProtocolGuid =3D { 0x5db12509, 0x4550, 0x4= 347, > { 0x96, > > > 0xb3, 0x73, 0xc0, 0xff, 0x6e, 0x86, 0x9f }} diff --git > > > a/RedfishPkg/RedfishPkg.dsc b/RedfishPkg/RedfishPkg.dsc index > > > 94e7127bc6..f7d5b90918 100644 > > > --- a/RedfishPkg/RedfishPkg.dsc > > > +++ b/RedfishPkg/RedfishPkg.dsc > > > @@ -32,6 +32,7 @@ > > > > > > > > > DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/Bas > > > eDebugPrintErrorLevelLib.inf > > > PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf > > > > > > RedfishPlatformHostInterfaceLib|RedfishPkg/Library/PlatformHostInter > > > RedfishPlatformHostInterfaceLib|fa > > > RedfishPlatformHostInterfaceLib|ce > > > LibNull/PlatformHostInterfaceLibNull.inf > > > + > > > RedfishPlatformCredentialLib|RedfishPkg/Library/PlatformCredentialLi > > > RedfishPlatformCredentialLib|bN > > > RedfishPlatformCredentialLib|ull/ > > > PlatformCredentialLibNull.inf > > > > > > [LibraryClasses.ARM, LibraryClasses.AARCH64] > > > # > > > @@ -43,5 +44,6 @@ > > > > > > [Components] > > > > > > RedfishPkg/Library/PlatformHostInterfaceLibNull/PlatformHostInterfac > > > eL > > > ibN > > > ull.inf > > > + > > > RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNu > > > ll > > > .inf > > > > > > !include RedfishPkg/Redfish.dsc.inc > > > -- > > > 2.17.1