* [PATCH 0/2] EDKII Redfish Credential DXE Driver
@ 2020-12-09 8:43 Abner Chang
2020-12-09 8:43 ` [PATCH 1/2] RedfishPkg/Include: EDKII Redfish Credential Header file Abner Chang
2020-12-09 8:43 ` [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish Credential DXE driver Abner Chang
0 siblings, 2 replies; 12+ messages in thread
From: Abner Chang @ 2020-12-09 8:43 UTC (permalink / raw)
To: devel
Cc: Jiaxin Wu, Ting Ye, Siyuan Fu, Fan Wang, Nickle Wang,
Peter O'Hanley
EDKII Redfish Credential DXE driver abstracts platform Redfish
credential implementation. Platform provides RedfishPlatformCredentialLib
library for the specific Redfish credential implementation. Currently
EDKII Redfish Credential driver supports two mechanisms of credential.
Which are basic authentication and session authentication.
Signed-off-by: Abner Chang <abner.chang@hpe.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Fan Wang <fan.wang@intel.com>
Cc: Nickle Wang <nickle.wang@hpe.com>
Cc: Peter O'Hanley <peter.ohanley@hpe.com>
Abner Chang (2):
RedfishPkg/Include: EDKII Redfish Credential Header file
RedfishPkg/RedfishCredentialDxe: EDKII Redfish Credential DXE driver
.../Include/Library/RedfishCredentialLib.h | 91 ++++++++
.../Include/Protocol/EdkIIRedfishCredential.h | 101 +++++++++
.../PlatformCredentialLibNull.c | 101 +++++++++
.../PlatformCredentialLibNull.inf | 30 +++
RedfishPkg/Redfish.fdf.inc | 1 +
RedfishPkg/RedfishComponents.dsc.inc | 1 +
.../RedfishCredentialDxe.c | 209 ++++++++++++++++++
.../RedfishCredentialDxe.h | 75 +++++++
.../RedfishCredentialDxe.inf | 51 +++++
RedfishPkg/RedfishPkg.dec | 7 +
RedfishPkg/RedfishPkg.dsc | 2 +
11 files changed, 669 insertions(+)
create mode 100644 RedfishPkg/Include/Library/RedfishCredentialLib.h
create mode 100644 RedfishPkg/Include/Protocol/EdkIIRedfishCredential.h
create mode 100644 RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.c
create mode 100644 RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.inf
create mode 100644 RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
create mode 100644 RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
create mode 100644 RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
--
2.17.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* [PATCH 1/2] RedfishPkg/Include: EDKII Redfish Credential Header file
2020-12-09 8:43 [PATCH 0/2] EDKII Redfish Credential DXE Driver Abner Chang
@ 2020-12-09 8:43 ` Abner Chang
2020-12-10 2:44 ` Nickle Wang
2020-12-16 2:37 ` Nickle Wang
2020-12-09 8:43 ` [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish Credential DXE driver Abner Chang
1 sibling, 2 replies; 12+ messages in thread
From: Abner Chang @ 2020-12-09 8:43 UTC (permalink / raw)
To: devel; +Cc: Nickle Wang, Peter O'Hanley
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Signed-off-by: Ting Ye <ting.ye@intel.com>
Signed-off-by: Siyuan Fu <siyuan.fu@intel.com>
Signed-off-by: Fan Wang <fan.wang@intel.com>
Signed-off-by: Abner Chang <abner.chang@hpe.com>
Cc: Nickle Wang <nickle.wang@hpe.com>
Cc: Peter O'Hanley <peter.ohanley@hpe.com>
---
.../Include/Protocol/EdkIIRedfishCredential.h | 101 ++++++++++++++++++
RedfishPkg/RedfishPkg.dec | 3 +
2 files changed, 104 insertions(+)
create mode 100644 RedfishPkg/Include/Protocol/EdkIIRedfishCredential.h
diff --git a/RedfishPkg/Include/Protocol/EdkIIRedfishCredential.h b/RedfishPkg/Include/Protocol/EdkIIRedfishCredential.h
new file mode 100644
index 0000000000..34e33b1e00
--- /dev/null
+++ b/RedfishPkg/Include/Protocol/EdkIIRedfishCredential.h
@@ -0,0 +1,101 @@
+/** @file
+ This file defines the EDKII_REDFISH_CREDENTIAL_PROTOCOL interface.
+
+ Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+ (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef EDKII_REDFISH_CREDENTIAL_H_
+#define EDKII_REDFISH_CREDENTIAL_H_
+
+typedef struct _EDKII_REDFISH_CREDENTIAL_PROTOCOL EDKII_REDFISH_CREDENTIAL_PROTOCOL;
+
+#define EDKII_REDFISH_CREDENTIAL_PROTOCOL_GUID \
+ { \
+ 0x8804377, 0xaf7a, 0x4496, { 0x8a, 0x7b, 0x17, 0x59, 0x0, 0xe9, 0xab, 0x46 } \
+ }
+
+typedef enum {
+ AuthMethodNone, ///< No authentication is required.
+ AuthMethodHttpBasic, ///< Basic authentication is required.
+ AuthMethodRedfishSession, ///< Session authentication is required.
+ AuthMethodMax
+} EDKII_REDFISH_AUTH_METHOD;
+
+typedef enum {
+ ServiceStopTypeNone = 0, ///< Stop Redfsih service without reason.
+ ServiceStopTypeSecureBootDisabled, ///< Stop Redfsih service becasue EFI
+ ///< Secure Boot is disabled.
+ ServiceStopTypeExitBootService, ///< Stop Redfsih service becasue existing
+ ///< Boot Service.
+ ServiceStopTypeMax
+} EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE;
+
+
+/**
+ Retrieve platform's Redfish authentication information.
+
+ This functions returns the Redfish authentication method together with the user Id and
+ password.
+ - For AuthMethodNone, the UserId and Password could be used for HTTP header authentication
+ as defined by RFC7235.
+ - For AuthMethodRedfishSession, the UserId and Password could be used for Redfish
+ session login as defined by Redfish API specification (DSP0266).
+
+ Callers are responsible for and freeing the returned string storage.
+
+ @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
+ @param[out] AuthMethod Type of Redfish authentication method.
+ @param[out] UserId The pointer to store the returned UserId string.
+ @param[out] Password The pointer to store the returned Password string.
+
+ @retval EFI_SUCCESS Get the authentication information successfully.
+ @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe.
+ @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or Password is NULL.
+ @retval EFI_OUT_OF_RESOURCES There are not enough memory resources.
+ @retval EFI_UNSUPPORTED Unsupported authentication method is found.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EDKII_REDFISH_CREDENTIAL_PROTOCOL_GET_AUTH_INFO) (
+ IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
+ OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
+ OUT CHAR8 **UserId,
+ OUT CHAR8 **Password
+ );
+
+/**
+ Notify the Redfish service provide to stop provide configuration service to this platform.
+
+ This function should be called when the platfrom is about to leave the safe environment.
+ It will notify the Redfish service provider to abort all logined session, and prohibit
+ further login with original auth info. GetAuthInfo() will return EFI_UNSUPPORTED once this
+ function is returned.
+
+ @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
+ @param[in] ServiceStopType Reason of stopping Redfish service.
+
+ @retval EFI_SUCCESS Service has been stoped successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval Others Some error happened.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EDKII_REDFISH_CREDENTIAL_PROTOCOL_STOP_SERVICE) (
+ IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
+ IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType
+ );
+
+struct _EDKII_REDFISH_CREDENTIAL_PROTOCOL {
+ EDKII_REDFISH_CREDENTIAL_PROTOCOL_GET_AUTH_INFO GetAuthInfo;
+ EDKII_REDFISH_CREDENTIAL_PROTOCOL_STOP_SERVICE StopService;
+};
+
+extern EFI_GUID gEdkIIRedfishCredentialProtocolGuid;
+
+#endif
diff --git a/RedfishPkg/RedfishPkg.dec b/RedfishPkg/RedfishPkg.dec
index b38e9b4789..861f6dd0c8 100644
--- a/RedfishPkg/RedfishPkg.dec
+++ b/RedfishPkg/RedfishPkg.dec
@@ -25,6 +25,9 @@
## Include/Protocol/RedfishDiscover.h
gEfiRedfishDiscoverProtocolGuid = { 0x5db12509, 0x4550, 0x4347, { 0x96, 0xb3, 0x73, 0xc0, 0xff, 0x6e, 0x86, 0x9f }}
+ ## Include/Protocol/EdkIIRedfishCredential.h
+ gEdkIIRedfishCredentialProtocolGuid = { 0x8804377, 0xaf7a, 0x4496, { 0x8a, 0x7b, 0x17, 0x59, 0x0, 0xe9, 0xab, 0x46 } }
+
[Guids]
gEfiRedfishPkgTokenSpaceGuid = { 0x4fdbccb7, 0xe829, 0x4b4c, { 0x88, 0x87, 0xb2, 0x3f, 0xd7, 0x25, 0x4b, 0x85 }}
--
2.17.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish Credential DXE driver
2020-12-09 8:43 [PATCH 0/2] EDKII Redfish Credential DXE Driver Abner Chang
2020-12-09 8:43 ` [PATCH 1/2] RedfishPkg/Include: EDKII Redfish Credential Header file Abner Chang
@ 2020-12-09 8:43 ` Abner Chang
2020-12-10 2:00 ` 回复: [edk2-devel] " gaoliming
2020-12-16 2:45 ` Nickle Wang
1 sibling, 2 replies; 12+ messages in thread
From: Abner Chang @ 2020-12-09 8:43 UTC (permalink / raw)
To: devel; +Cc: Nickle Wang, Peter O'Hanley
EDKII Redfish Credential DXE driver which abstracts platform Redfish
credential implementation.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Signed-off-by: Ting Ye <ting.ye@intel.com>
Signed-off-by: Siyuan Fu <siyuan.fu@intel.com>
Signed-off-by: Fan Wang <fan.wang@intel.com>
Signed-off-by: Abner Chang <abner.chang@hpe.com>
Cc: Nickle Wang <nickle.wang@hpe.com>
Cc: Peter O'Hanley <peter.ohanley@hpe.com>
---
.../Include/Library/RedfishCredentialLib.h | 91 ++++++++
.../PlatformCredentialLibNull.c | 101 +++++++++
.../PlatformCredentialLibNull.inf | 30 +++
RedfishPkg/Redfish.fdf.inc | 1 +
RedfishPkg/RedfishComponents.dsc.inc | 1 +
.../RedfishCredentialDxe.c | 209 ++++++++++++++++++
.../RedfishCredentialDxe.h | 75 +++++++
.../RedfishCredentialDxe.inf | 51 +++++
RedfishPkg/RedfishPkg.dec | 4 +
RedfishPkg/RedfishPkg.dsc | 2 +
10 files changed, 565 insertions(+)
create mode 100644 RedfishPkg/Include/Library/RedfishCredentialLib.h
create mode 100644 RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.c
create mode 100644 RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.inf
create mode 100644 RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
create mode 100644 RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
create mode 100644 RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
diff --git a/RedfishPkg/Include/Library/RedfishCredentialLib.h b/RedfishPkg/Include/Library/RedfishCredentialLib.h
new file mode 100644
index 0000000000..dac1b3303f
--- /dev/null
+++ b/RedfishPkg/Include/Library/RedfishCredentialLib.h
@@ -0,0 +1,91 @@
+/** @file
+ Definitinos of RedfishHostInterfaceDxe driver.
+
+ (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+#ifndef REDFISH_CREDENTIAL_LIB_H_
+#define REDFISH_CREDENTIAL_LIB_H_
+
+#include <Uefi.h>
+
+/**
+ Notification of Exit Boot Service.
+
+ @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
+**/
+VOID
+EFIAPI
+LibCredentialExitBootServicesNotify (
+ IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
+);
+
+/**
+ Notification of End of DXe.
+
+ @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
+**/
+VOID
+EFIAPI
+LibCredentialEndOfDxeNotify (
+ IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
+);
+
+/**
+ Retrieve platform's Redfish authentication information.
+
+ This functions returns the Redfish authentication method together with the user Id and
+ password.
+ - For AuthMethodNone, the UserId and Password could be used for HTTP header authentication
+ as defined by RFC7235.
+ - For AuthMethodRedfishSession, the UserId and Password could be used for Redfish
+ session login as defined by Redfish API specification (DSP0266).
+
+ Callers are responsible for and freeing the returned string storage.
+
+ @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
+ @param[out] AuthMethod Type of Redfish authentication method.
+ @param[out] UserId The pointer to store the returned UserId string.
+ @param[out] Password The pointer to store the returned Password string.
+
+ @retval EFI_SUCCESS Get the authentication information successfully.
+ @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe.
+ @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or Password is NULL.
+ @retval EFI_OUT_OF_RESOURCES There are not enough memory resources.
+ @retval EFI_UNSUPPORTED Unsupported authentication method is found.
+
+**/
+EFI_STATUS
+EFIAPI
+LibCredentialGetAuthInfo (
+ IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
+ OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
+ OUT CHAR8 **UserId,
+ OUT CHAR8 **Password
+);
+
+/**
+ Notify the Redfish service provide to stop provide configuration service to this platform.
+
+ This function should be called when the platfrom is about to leave the safe environment.
+ It will notify the Redfish service provider to abort all logined session, and prohibit
+ further login with original auth info. GetAuthInfo() will return EFI_UNSUPPORTED once this
+ function is returned.
+
+ @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
+ @param[in] ServiceStopType Reason of stopping Redfish service.
+
+ @retval EFI_SUCCESS Service has been stoped successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval Others Some error happened.
+
+**/
+EFI_STATUS
+EFIAPI
+LibStopRedfishService (
+ IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
+ IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType
+);
+#endif
diff --git a/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.c b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.c
new file mode 100644
index 0000000000..39de622d59
--- /dev/null
+++ b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.c
@@ -0,0 +1,101 @@
+/** @file
+ NULL instace of RedfishPlatformCredentialLib
+
+ (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+#include <Uefi.h>
+#include <Protocol/EdkIIRedfishCredential.h>
+/**
+ Notification of Exit Boot Service.
+
+ @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
+**/
+VOID
+EFIAPI
+LibCredentialExitBootServicesNotify (
+ IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
+)
+{
+ return;
+}
+
+/**
+ Notification of End of DXe.
+
+ @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
+**/
+VOID
+EFIAPI
+LibCredentialEndOfDxeNotify (
+ IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
+)
+{
+ return;
+}
+
+/**
+ Retrieve platform's Redfish authentication information.
+
+ This functions returns the Redfish authentication method together with the user Id and
+ password.
+ - For AuthMethodNone, the UserId and Password could be used for HTTP header authentication
+ as defined by RFC7235.
+ - For AuthMethodRedfishSession, the UserId and Password could be used for Redfish
+ session login as defined by Redfish API specification (DSP0266).
+
+ Callers are responsible for and freeing the returned string storage.
+
+ @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
+ @param[out] AuthMethod Type of Redfish authentication method.
+ @param[out] UserId The pointer to store the returned UserId string.
+ @param[out] Password The pointer to store the returned Password string.
+
+ @retval EFI_SUCCESS Get the authentication information successfully.
+ @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe.
+ @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or Password is NULL.
+ @retval EFI_OUT_OF_RESOURCES There are not enough memory resources.
+ @retval EFI_UNSUPPORTED Unsupported authentication method is found.
+
+**/
+EFI_STATUS
+EFIAPI
+LibCredentialGetAuthInfo (
+ IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
+ OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
+ OUT CHAR8 **UserId,
+ OUT CHAR8 **Password
+)
+{
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Notify the Redfish service provide to stop provide configuration service to this platform.
+
+ This function should be called when the platfrom is about to leave the safe environment.
+ It will notify the Redfish service provider to abort all logined session, and prohibit
+ further login with original auth info. GetAuthInfo() will return EFI_UNSUPPORTED once this
+ function is returned.
+
+ @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
+ @param[in] ServiceStopType Reason of stopping Redfish service.
+
+ @retval EFI_SUCCESS Service has been stoped successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL or given the worng ServiceStopType.
+ @retval EFI_UNSUPPORTED Not support to stop Redfish service.
+ @retval Others Some error happened.
+
+**/
+EFI_STATUS
+EFIAPI
+LibStopRedfishService (
+ IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
+ IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType
+ )
+{
+ return EFI_UNSUPPORTED;
+}
+
diff --git a/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.inf b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.inf
new file mode 100644
index 0000000000..4c22e89718
--- /dev/null
+++ b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.inf
@@ -0,0 +1,30 @@
+## @file
+# NULL instance of RedfishPlatformCredentialLib
+#
+# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x0001000b
+ BASE_NAME = RedfishPlatformCredentialLibNull
+ FILE_GUID = CA3BD843-0BDD-4EE0-A38A-B45CA663114F
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = RedfishPlatformCredentialLib
+
+#
+# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 RISCV64
+#
+
+[Sources]
+ PlatformCredentialLibNull.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ RedfishPkg/RedfishPkg.dec
+
+
diff --git a/RedfishPkg/Redfish.fdf.inc b/RedfishPkg/Redfish.fdf.inc
index 19de479a80..24e32e0abf 100644
--- a/RedfishPkg/Redfish.fdf.inc
+++ b/RedfishPkg/Redfish.fdf.inc
@@ -13,4 +13,5 @@
!if $(REDFISH_ENABLE) == TRUE
INF RedfishPkg/RestJsonStructureDxe/RestJsonStructureDxe.inf
INF RedfishPkg/RedfishHostInterfaceDxe/RedfishHostInterfaceDxe.inf
+ INF RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
!endif
diff --git a/RedfishPkg/RedfishComponents.dsc.inc b/RedfishPkg/RedfishComponents.dsc.inc
index ac1b57ed8f..ff32653ec8 100644
--- a/RedfishPkg/RedfishComponents.dsc.inc
+++ b/RedfishPkg/RedfishComponents.dsc.inc
@@ -15,4 +15,5 @@
!if $(REDFISH_ENABLE) == TRUE
RedfishPkg/RestJsonStructureDxe/RestJsonStructureDxe.inf
RedfishPkg/RedfishHostInterfaceDxe/RedfishHostInterfaceDxe.inf
+ RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
!endif
diff --git a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
new file mode 100644
index 0000000000..f48d1d011c
--- /dev/null
+++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
@@ -0,0 +1,209 @@
+/** @file
+ RedfishCrentialDxe produces the EdkIIRedfishCredentialProtocol for the consumer
+ to get the Redfish credential Info and to restrict Redfish access from UEFI side.
+
+ (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <RedfishCredentialDxe.h>
+
+EDKII_REDFISH_CREDENTIAL_PROTOCOL mRedfishCredentialProtocol = {
+ RedfishCredentialGetAuthInfo,
+ RedfishCredentialStopService
+};
+
+/**
+ Callback function executed when the ExitBootServices event group is signaled.
+
+ @param[in] Event Event whose notification function is being invoked.
+ @param[out] Context Pointer to the buffer pass in.
+**/
+VOID
+EFIAPI
+RedfishCredentialExitBootServicesEventNotify (
+ IN EFI_EVENT Event,
+ OUT VOID *Context
+ )
+{
+ LibCredentialExitBootServicesNotify ((EDKII_REDFISH_CREDENTIAL_PROTOCOL *)Context);
+}
+
+/**
+ Callback function executed when the EndOfDxe event group is signaled.
+
+ @param[in] Event Event whose notification function is being invoked.
+ @param[out] Context Pointer to the buffer pass in.
+**/
+VOID
+EFIAPI
+RedfishCredentialEndOfDxeEventNotify (
+ IN EFI_EVENT Event,
+ OUT VOID *Context
+ )
+{
+ LibCredentialEndOfDxeNotify ((EDKII_REDFISH_CREDENTIAL_PROTOCOL *)Context);
+
+ //
+ // Close event, so it will not be invoked again.
+ //
+ gBS->CloseEvent (Event);
+}
+
+/**
+ Retrieve platform's Redfish authentication information.
+
+ This functions returns the Redfish authentication method together with the user Id and
+ password.
+ - For AuthMethodNone, the UserId and Password could be used for HTTP header authentication
+ as defined by RFC7235.
+ - For AuthMethodRedfishSession, the UserId and Password could be used for Redfish
+ session login as defined by Redfish API specification (DSP0266).
+
+ Callers are responsible for and freeing the returned string storage.
+
+ @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
+ @param[out] AuthMethod Type of Redfish authentication method.
+ @param[out] UserId The pointer to store the returned UserId string.
+ @param[out] Password The pointer to store the returned Password string.
+
+ @retval EFI_SUCCESS Get the authentication information successfully.
+ @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe.
+ @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or Password is NULL.
+ @retval EFI_OUT_OF_RESOURCES There are not enough memory resources.
+ @retval EFI_UNSUPPORTED Unsupported authentication method is found.
+
+**/
+EFI_STATUS
+EFIAPI
+RedfishCredentialGetAuthInfo (
+ IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
+ OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
+ OUT CHAR8 **UserId,
+ OUT CHAR8 **Password
+ )
+{
+ if (This == NULL || AuthMethod == NULL || UserId == NULL || Password == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ return LibCredentialGetAuthInfo (This, AuthMethod, UserId,Password);
+}
+
+/**
+ Notify the Redfish service provide to stop provide configuration service to this platform.
+
+ This function should be called when the platfrom is about to leave the safe environment.
+ It will notify the Redfish service provider to abort all logined session, and prohibit
+ further login with original auth info. GetAuthInfo() will return EFI_UNSUPPORTED once this
+ function is returned.
+
+ @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
+ @param[in] ServiceStopType Reason of stopping Redfish service.
+
+ @retval EFI_SUCCESS Service has been stoped successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL or given the worng ServiceStopType.
+ @retval EFI_UNSUPPORTED Not support to stop Redfish service.
+ @retval Others Some error happened.
+
+**/
+EFI_STATUS
+EFIAPI
+RedfishCredentialStopService (
+ IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
+ IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType
+ )
+{
+ if (This == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ return LibStopRedfishService (This, ServiceStopType);
+}
+
+/**
+ Main entry for this driver.
+
+ @param ImageHandle Image handle this driver.
+ @param SystemTable Pointer to SystemTable.
+
+ @retval EFI_SUCESS This function always complete successfully.
+
+**/
+EFI_STATUS
+EFIAPI
+RedfishCredentialDxeDriverEntryPoint (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ EFI_STATUS Status;
+ EFI_HANDLE Handle;
+ EFI_EVENT EndOfDxeEvent;
+ EFI_EVENT ExitBootServiceEvent;
+
+ Handle = NULL;
+
+ //
+ // Install the RedfishCredentialProtocol onto Handle.
+ //
+ Status = gBS->InstallMultipleProtocolInterfaces (
+ &Handle,
+ &gEdkIIRedfishCredentialProtocolGuid,
+ &mRedfishCredentialProtocol,
+ NULL
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ //
+ // After EndOfDxe, if SecureBoot is disabled, Redfish Credential Protocol should return
+ // error code to caller to avoid the 3rd code to bypass Redfish Credential Protocol and
+ // retrieve userid/pwd directly. So, here, we create EndOfDxe Event to check SecureBoot
+ // status.
+ //
+ Status = gBS->CreateEventEx (
+ EVT_NOTIFY_SIGNAL,
+ TPL_CALLBACK,
+ RedfishCredentialEndOfDxeEventNotify,
+ (VOID *)&mRedfishCredentialProtocol,
+ &gEfiEndOfDxeEventGroupGuid,
+ &EndOfDxeEvent
+ );
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
+
+ //
+ // After ExitBootServices, Redfish Credential Protocol should stop the service.
+ // So, here, we create ExitBootService Event to stop service.
+ //
+ Status = gBS->CreateEventEx (
+ EVT_NOTIFY_SIGNAL,
+ TPL_CALLBACK,
+ RedfishCredentialExitBootServicesEventNotify,
+ (VOID *)&mRedfishCredentialProtocol,
+ &gEfiEventExitBootServicesGuid,
+ &ExitBootServiceEvent
+ );
+ if (EFI_ERROR (Status)) {
+ gBS->CloseEvent (EndOfDxeEvent);
+ goto ON_ERROR;
+ }
+
+ return EFI_SUCCESS;
+
+ON_ERROR:
+
+ gBS->UninstallMultipleProtocolInterfaces (
+ Handle,
+ &gEdkIIRedfishCredentialProtocolGuid,
+ &mRedfishCredentialProtocol,
+ NULL
+ );
+
+ return Status;
+}
diff --git a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
new file mode 100644
index 0000000000..6e7e417b33
--- /dev/null
+++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
@@ -0,0 +1,75 @@
+/** @file
+ Definition of Redfish Credential DXE driver.
+
+ (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+#ifndef EDKII_REDFISH_CREDENTIAL_DXE_H_
+#define EDKII_REDFISH_CREDENTIAL_DXE_H_
+
+#include <Protocol/EdkIIRedfishCredential.h>
+
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/PrintLib.h>
+#include <Library/RedfishCredentialLib.h>
+#include <Library/UefiLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+
+/**
+ Retrieve platform's Redfish authentication information.
+
+ This functions returns the Redfish authentication method together with the user Id and
+ password.
+ - For AuthMethodNone, the UserId and Password could be used for HTTP header authentication
+ as defined by RFC7235.
+ - For AuthMethodRedfishSession, the UserId and Password could be used for Redfish
+ session login as defined by Redfish API specification (DSP0266).
+
+ Callers are responsible for and freeing the returned string storage.
+
+ @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
+ @param[out] AuthMethod Type of Redfish authentication method.
+ @param[out] UserId The pointer to store the returned UserId string.
+ @param[out] Password The pointer to store the returned Password string.
+
+ @retval EFI_SUCCESS Get the authentication information successfully.
+ @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe.
+ @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or Password is NULL.
+ @retval EFI_OUT_OF_RESOURCES There are not enough memory resources.
+ @retval EFI_UNSUPPORTED Unsupported authentication method is found.
+
+**/
+EFI_STATUS
+EFIAPI
+RedfishCredentialGetAuthInfo (
+ IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
+ OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
+ OUT CHAR8 **UserId,
+ OUT CHAR8 **Password
+ );
+
+/**
+ Notify the Redfish service provide to stop provide configuration service to this platform.
+
+ This function should be called when the platfrom is about to leave the safe environment.
+ It will notify the Redfish service provider to abort all logined session, and prohibit
+ further login with original auth info. GetAuthInfo() will return EFI_UNSUPPORTED once this
+ function is returned.
+
+ @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
+
+ @retval EFI_SUCCESS Service has been stoped successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval Others Some error happened.
+
+**/
+EFI_STATUS
+EFIAPI
+RedfishCredentialStopService (
+ IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
+ IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType
+ );
+#endif
diff --git a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
new file mode 100644
index 0000000000..707d9a04d9
--- /dev/null
+++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
@@ -0,0 +1,51 @@
+## @file
+# RedfishCredentialDxe is required to produce the
+# EdkII RedfishCredentialProtocol for the consumer to get the Redfish
+# credential Info and to restrict Redfish access from UEFI side.
+#
+# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x0001000b
+ BASE_NAME = RedfishCredentialDxe
+ FILE_GUID = 458CE95A-4942-09A9-5D21-A6B16D5DAD7F
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ ENTRY_POINT = RedfishCredentialDxeDriverEntryPoint
+
+#
+# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 RISCV64
+#
+
+[Sources]
+ RedfishCredentialDxe.c
+ RedfishCredentialDxe.h
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ RedfishPkg/RedfishPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ DebugLib
+ PrintLib
+ RedfishPlatformCredentialLib
+ UefiBootServicesTableLib
+ UefiDriverEntryPoint
+ UefiRuntimeServicesTableLib
+ UefiLib
+
+[Protocols]
+ gEdkIIRedfishCredentialProtocolGuid ## BY_START
+
+
+[Guids]
+ gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event
+ gEfiEventExitBootServicesGuid ## CONSUMES ## Event
+
+[Depex]
+ TRUE
diff --git a/RedfishPkg/RedfishPkg.dec b/RedfishPkg/RedfishPkg.dec
index 861f6dd0c8..fc56b4fefb 100644
--- a/RedfishPkg/RedfishPkg.dec
+++ b/RedfishPkg/RedfishPkg.dec
@@ -21,6 +21,10 @@
# Platform implementation-specific Redfish Host Interface.
RedfishPlatformHostInterfaceLib|Include/Library/RedfishHostInterfaceLib.h
+ ## @libraryclass Platform Redfish Credential Library
+ # Platform implementation-specific Redfish Credential Interface.
+ RedfishPlatformCredentialLib|Include/Library/RedfishCredentialLib.h
+
[Protocols]
## Include/Protocol/RedfishDiscover.h
gEfiRedfishDiscoverProtocolGuid = { 0x5db12509, 0x4550, 0x4347, { 0x96, 0xb3, 0x73, 0xc0, 0xff, 0x6e, 0x86, 0x9f }}
diff --git a/RedfishPkg/RedfishPkg.dsc b/RedfishPkg/RedfishPkg.dsc
index 94e7127bc6..f7d5b90918 100644
--- a/RedfishPkg/RedfishPkg.dsc
+++ b/RedfishPkg/RedfishPkg.dsc
@@ -32,6 +32,7 @@
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
RedfishPlatformHostInterfaceLib|RedfishPkg/Library/PlatformHostInterfaceLibNull/PlatformHostInterfaceLibNull.inf
+ RedfishPlatformCredentialLib|RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.inf
[LibraryClasses.ARM, LibraryClasses.AARCH64]
#
@@ -43,5 +44,6 @@
[Components]
RedfishPkg/Library/PlatformHostInterfaceLibNull/PlatformHostInterfaceLibNull.inf
+ RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.inf
!include RedfishPkg/Redfish.dsc.inc
--
2.17.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* 回复: [edk2-devel] [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish Credential DXE driver
2020-12-09 8:43 ` [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish Credential DXE driver Abner Chang
@ 2020-12-10 2:00 ` gaoliming
2020-12-10 2:12 ` Abner Chang
2020-12-16 2:45 ` Nickle Wang
1 sibling, 1 reply; 12+ messages in thread
From: gaoliming @ 2020-12-10 2:00 UTC (permalink / raw)
To: devel, abner.chang; +Cc: 'Nickle Wang', 'Peter O'Hanley'
Abner:
For RedfishCredentialDxe module, please remove unused library class
PrintLib, UefiLib, UefiRuntimeServicesTableLib.
Thanks
Liming
> -----邮件原件-----
> 发件人: bounce+27952+68538+4905953+8761045@groups.io
> <bounce+27952+68538+4905953+8761045@groups.io> 代表 Abner Chang
> 发送时间: 2020年12月9日 16:44
> 收件人: devel@edk2.groups.io
> 抄送: Nickle Wang <nickle.wang@hpe.com>; Peter O'Hanley
> <peter.ohanley@hpe.com>
> 主题: [edk2-devel] [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII
> Redfish Credential DXE driver
>
> EDKII Redfish Credential DXE driver which abstracts platform Redfish
> credential implementation.
>
> Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
> Signed-off-by: Ting Ye <ting.ye@intel.com>
> Signed-off-by: Siyuan Fu <siyuan.fu@intel.com>
> Signed-off-by: Fan Wang <fan.wang@intel.com>
> Signed-off-by: Abner Chang <abner.chang@hpe.com>
>
> Cc: Nickle Wang <nickle.wang@hpe.com>
> Cc: Peter O'Hanley <peter.ohanley@hpe.com>
> ---
> .../Include/Library/RedfishCredentialLib.h | 91 ++++++++
> .../PlatformCredentialLibNull.c | 101 +++++++++
> .../PlatformCredentialLibNull.inf | 30 +++
> RedfishPkg/Redfish.fdf.inc | 1 +
> RedfishPkg/RedfishComponents.dsc.inc | 1 +
> .../RedfishCredentialDxe.c | 209
> ++++++++++++++++++
> .../RedfishCredentialDxe.h | 75 +++++++
> .../RedfishCredentialDxe.inf | 51 +++++
> RedfishPkg/RedfishPkg.dec | 4 +
> RedfishPkg/RedfishPkg.dsc | 2 +
> 10 files changed, 565 insertions(+)
> create mode 100644 RedfishPkg/Include/Library/RedfishCredentialLib.h
> create mode 100644
> RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.c
> create mode 100644
> RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.inf
> create mode 100644
> RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> create mode 100644
> RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> create mode 100644
> RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
>
> diff --git a/RedfishPkg/Include/Library/RedfishCredentialLib.h
> b/RedfishPkg/Include/Library/RedfishCredentialLib.h
> new file mode 100644
> index 0000000000..dac1b3303f
> --- /dev/null
> +++ b/RedfishPkg/Include/Library/RedfishCredentialLib.h
> @@ -0,0 +1,91 @@
> +/** @file
> + Definitinos of RedfishHostInterfaceDxe driver.
> +
> + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +#ifndef REDFISH_CREDENTIAL_LIB_H_
> +#define REDFISH_CREDENTIAL_LIB_H_
> +
> +#include <Uefi.h>
> +
> +/**
> + Notification of Exit Boot Service.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> +**/
> +VOID
> +EFIAPI
> +LibCredentialExitBootServicesNotify (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
> +);
> +
> +/**
> + Notification of End of DXe.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> +**/
> +VOID
> +EFIAPI
> +LibCredentialEndOfDxeNotify (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
> +);
> +
> +/**
> + Retrieve platform's Redfish authentication information.
> +
> + This functions returns the Redfish authentication method together with
> the user Id and
> + password.
> + - For AuthMethodNone, the UserId and Password could be used for HTTP
> header authentication
> + as defined by RFC7235.
> + - For AuthMethodRedfishSession, the UserId and Password could be used
> for Redfish
> + session login as defined by Redfish API specification (DSP0266).
> +
> + Callers are responsible for and freeing the returned string storage.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> + @param[out] AuthMethod Type of Redfish authentication
> method.
> + @param[out] UserId The pointer to store the returned
> UserId string.
> + @param[out] Password The pointer to store the returned
> Password string.
> +
> + @retval EFI_SUCCESS Get the authentication information
> successfully.
> + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> EndOfDxe.
> + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> Password is NULL.
> + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> resources.
> + @retval EFI_UNSUPPORTED Unsupported authentication
> method is found.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +LibCredentialGetAuthInfo (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> + OUT CHAR8 **UserId,
> + OUT CHAR8 **Password
> +);
> +
> +/**
> + Notify the Redfish service provide to stop provide configuration
service to
> this platform.
> +
> + This function should be called when the platfrom is about to leave the
safe
> environment.
> + It will notify the Redfish service provider to abort all logined
session, and
> prohibit
> + further login with original auth info. GetAuthInfo() will return
> EFI_UNSUPPORTED once this
> + function is returned.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> + @param[in] ServiceStopType Reason of stopping Redfish service.
> +
> + @retval EFI_SUCCESS Service has been stoped
> successfully.
> + @retval EFI_INVALID_PARAMETER This is NULL.
> + @retval Others Some error happened.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +LibStopRedfishService (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> ServiceStopType
> +);
> +#endif
> diff --git
> a/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.c
> b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.c
> new file mode 100644
> index 0000000000..39de622d59
> --- /dev/null
> +++
> b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.c
> @@ -0,0 +1,101 @@
> +/** @file
> + NULL instace of RedfishPlatformCredentialLib
> +
> + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +#include <Uefi.h>
> +#include <Protocol/EdkIIRedfishCredential.h>
> +/**
> + Notification of Exit Boot Service.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> +**/
> +VOID
> +EFIAPI
> +LibCredentialExitBootServicesNotify (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
> +)
> +{
> + return;
> +}
> +
> +/**
> + Notification of End of DXe.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> +**/
> +VOID
> +EFIAPI
> +LibCredentialEndOfDxeNotify (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
> +)
> +{
> + return;
> +}
> +
> +/**
> + Retrieve platform's Redfish authentication information.
> +
> + This functions returns the Redfish authentication method together with
> the user Id and
> + password.
> + - For AuthMethodNone, the UserId and Password could be used for HTTP
> header authentication
> + as defined by RFC7235.
> + - For AuthMethodRedfishSession, the UserId and Password could be used
> for Redfish
> + session login as defined by Redfish API specification (DSP0266).
> +
> + Callers are responsible for and freeing the returned string storage.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> + @param[out] AuthMethod Type of Redfish authentication
> method.
> + @param[out] UserId The pointer to store the returned
> UserId string.
> + @param[out] Password The pointer to store the returned
> Password string.
> +
> + @retval EFI_SUCCESS Get the authentication information
> successfully.
> + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> EndOfDxe.
> + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> Password is NULL.
> + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> resources.
> + @retval EFI_UNSUPPORTED Unsupported authentication
> method is found.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +LibCredentialGetAuthInfo (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> + OUT CHAR8 **UserId,
> + OUT CHAR8 **Password
> +)
> +{
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Notify the Redfish service provide to stop provide configuration
service to
> this platform.
> +
> + This function should be called when the platfrom is about to leave the
safe
> environment.
> + It will notify the Redfish service provider to abort all logined
session, and
> prohibit
> + further login with original auth info. GetAuthInfo() will return
> EFI_UNSUPPORTED once this
> + function is returned.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> + @param[in] ServiceStopType Reason of stopping Redfish service.
> +
> + @retval EFI_SUCCESS Service has been stoped
> successfully.
> + @retval EFI_INVALID_PARAMETER This is NULL or given the worng
> ServiceStopType.
> + @retval EFI_UNSUPPORTED Not support to stop Redfish
> service.
> + @retval Others Some error happened.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +LibStopRedfishService (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> ServiceStopType
> + )
> +{
> + return EFI_UNSUPPORTED;
> +}
> +
> diff --git
>
a/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.inf
>
b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.inf
> new file mode 100644
> index 0000000000..4c22e89718
> --- /dev/null
> +++
>
b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.inf
> @@ -0,0 +1,30 @@
> +## @file
> +# NULL instance of RedfishPlatformCredentialLib
> +#
> +# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> +#
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +[Defines]
> + INF_VERSION = 0x0001000b
> + BASE_NAME =
> RedfishPlatformCredentialLibNull
> + FILE_GUID =
> CA3BD843-0BDD-4EE0-A38A-B45CA663114F
> + MODULE_TYPE = DXE_DRIVER
> + VERSION_STRING = 1.0
> + LIBRARY_CLASS = RedfishPlatformCredentialLib
> +
> +#
> +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
> RISCV64
> +#
> +
> +[Sources]
> + PlatformCredentialLibNull.c
> +
> +[Packages]
> + MdePkg/MdePkg.dec
> + MdeModulePkg/MdeModulePkg.dec
> + RedfishPkg/RedfishPkg.dec
> +
> +
> diff --git a/RedfishPkg/Redfish.fdf.inc b/RedfishPkg/Redfish.fdf.inc
> index 19de479a80..24e32e0abf 100644
> --- a/RedfishPkg/Redfish.fdf.inc
> +++ b/RedfishPkg/Redfish.fdf.inc
> @@ -13,4 +13,5 @@
> !if $(REDFISH_ENABLE) == TRUE
> INF RedfishPkg/RestJsonStructureDxe/RestJsonStructureDxe.inf
> INF RedfishPkg/RedfishHostInterfaceDxe/RedfishHostInterfaceDxe.inf
> + INF RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> !endif
> diff --git a/RedfishPkg/RedfishComponents.dsc.inc
> b/RedfishPkg/RedfishComponents.dsc.inc
> index ac1b57ed8f..ff32653ec8 100644
> --- a/RedfishPkg/RedfishComponents.dsc.inc
> +++ b/RedfishPkg/RedfishComponents.dsc.inc
> @@ -15,4 +15,5 @@
> !if $(REDFISH_ENABLE) == TRUE
> RedfishPkg/RestJsonStructureDxe/RestJsonStructureDxe.inf
> RedfishPkg/RedfishHostInterfaceDxe/RedfishHostInterfaceDxe.inf
> + RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> !endif
> diff --git a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> new file mode 100644
> index 0000000000..f48d1d011c
> --- /dev/null
> +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> @@ -0,0 +1,209 @@
> +/** @file
> + RedfishCrentialDxe produces the EdkIIRedfishCredentialProtocol for the
> consumer
> + to get the Redfish credential Info and to restrict Redfish access from
UEFI
> side.
> +
> + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <RedfishCredentialDxe.h>
> +
> +EDKII_REDFISH_CREDENTIAL_PROTOCOL mRedfishCredentialProtocol = {
> + RedfishCredentialGetAuthInfo,
> + RedfishCredentialStopService
> +};
> +
> +/**
> + Callback function executed when the ExitBootServices event group is
> signaled.
> +
> + @param[in] Event Event whose notification function is being
> invoked.
> + @param[out] Context Pointer to the buffer pass in.
> +**/
> +VOID
> +EFIAPI
> +RedfishCredentialExitBootServicesEventNotify (
> + IN EFI_EVENT Event,
> + OUT VOID *Context
> + )
> +{
> + LibCredentialExitBootServicesNotify
> ((EDKII_REDFISH_CREDENTIAL_PROTOCOL *)Context);
> +}
> +
> +/**
> + Callback function executed when the EndOfDxe event group is signaled.
> +
> + @param[in] Event Event whose notification function is being
> invoked.
> + @param[out] Context Pointer to the buffer pass in.
> +**/
> +VOID
> +EFIAPI
> +RedfishCredentialEndOfDxeEventNotify (
> + IN EFI_EVENT Event,
> + OUT VOID *Context
> + )
> +{
> + LibCredentialEndOfDxeNotify ((EDKII_REDFISH_CREDENTIAL_PROTOCOL
> *)Context);
> +
> + //
> + // Close event, so it will not be invoked again.
> + //
> + gBS->CloseEvent (Event);
> +}
> +
> +/**
> + Retrieve platform's Redfish authentication information.
> +
> + This functions returns the Redfish authentication method together with
> the user Id and
> + password.
> + - For AuthMethodNone, the UserId and Password could be used for HTTP
> header authentication
> + as defined by RFC7235.
> + - For AuthMethodRedfishSession, the UserId and Password could be used
> for Redfish
> + session login as defined by Redfish API specification (DSP0266).
> +
> + Callers are responsible for and freeing the returned string storage.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> + @param[out] AuthMethod Type of Redfish authentication
> method.
> + @param[out] UserId The pointer to store the returned
> UserId string.
> + @param[out] Password The pointer to store the returned
> Password string.
> +
> + @retval EFI_SUCCESS Get the authentication information
> successfully.
> + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> EndOfDxe.
> + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> Password is NULL.
> + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> resources.
> + @retval EFI_UNSUPPORTED Unsupported authentication
> method is found.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishCredentialGetAuthInfo (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> + OUT CHAR8 **UserId,
> + OUT CHAR8 **Password
> + )
> +{
> + if (This == NULL || AuthMethod == NULL || UserId == NULL || Password
> == NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + return LibCredentialGetAuthInfo (This, AuthMethod, UserId,Password);
> +}
> +
> +/**
> + Notify the Redfish service provide to stop provide configuration
service to
> this platform.
> +
> + This function should be called when the platfrom is about to leave the
safe
> environment.
> + It will notify the Redfish service provider to abort all logined
session, and
> prohibit
> + further login with original auth info. GetAuthInfo() will return
> EFI_UNSUPPORTED once this
> + function is returned.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> + @param[in] ServiceStopType Reason of stopping Redfish service.
> +
> + @retval EFI_SUCCESS Service has been stoped
> successfully.
> + @retval EFI_INVALID_PARAMETER This is NULL or given the worng
> ServiceStopType.
> + @retval EFI_UNSUPPORTED Not support to stop Redfish
> service.
> + @retval Others Some error happened.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishCredentialStopService (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> ServiceStopType
> + )
> +{
> + if (This == NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + return LibStopRedfishService (This, ServiceStopType);
> +}
> +
> +/**
> + Main entry for this driver.
> +
> + @param ImageHandle Image handle this driver.
> + @param SystemTable Pointer to SystemTable.
> +
> + @retval EFI_SUCESS This function always complete successfully.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishCredentialDxeDriverEntryPoint (
> + IN EFI_HANDLE ImageHandle,
> + IN EFI_SYSTEM_TABLE *SystemTable
> + )
> +{
> + EFI_STATUS Status;
> + EFI_HANDLE Handle;
> + EFI_EVENT EndOfDxeEvent;
> + EFI_EVENT ExitBootServiceEvent;
> +
> + Handle = NULL;
> +
> + //
> + // Install the RedfishCredentialProtocol onto Handle.
> + //
> + Status = gBS->InstallMultipleProtocolInterfaces (
> + &Handle,
> + &gEdkIIRedfishCredentialProtocolGuid,
> + &mRedfishCredentialProtocol,
> + NULL
> + );
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + //
> + // After EndOfDxe, if SecureBoot is disabled, Redfish Credential
Protocol
> should return
> + // error code to caller to avoid the 3rd code to bypass Redfish
Credential
> Protocol and
> + // retrieve userid/pwd directly. So, here, we create EndOfDxe Event to
> check SecureBoot
> + // status.
> + //
> + Status = gBS->CreateEventEx (
> + EVT_NOTIFY_SIGNAL,
> + TPL_CALLBACK,
> + RedfishCredentialEndOfDxeEventNotify,
> + (VOID *)&mRedfishCredentialProtocol,
> + &gEfiEndOfDxeEventGroupGuid,
> + &EndOfDxeEvent
> + );
> + if (EFI_ERROR (Status)) {
> + goto ON_ERROR;
> + }
> +
> + //
> + // After ExitBootServices, Redfish Credential Protocol should stop the
> service.
> + // So, here, we create ExitBootService Event to stop service.
> + //
> + Status = gBS->CreateEventEx (
> + EVT_NOTIFY_SIGNAL,
> + TPL_CALLBACK,
> + RedfishCredentialExitBootServicesEventNotify,
> + (VOID *)&mRedfishCredentialProtocol,
> + &gEfiEventExitBootServicesGuid,
> + &ExitBootServiceEvent
> + );
> + if (EFI_ERROR (Status)) {
> + gBS->CloseEvent (EndOfDxeEvent);
> + goto ON_ERROR;
> + }
> +
> + return EFI_SUCCESS;
> +
> +ON_ERROR:
> +
> + gBS->UninstallMultipleProtocolInterfaces (
> + Handle,
> + &gEdkIIRedfishCredentialProtocolGuid,
> + &mRedfishCredentialProtocol,
> + NULL
> + );
> +
> + return Status;
> +}
> diff --git a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> new file mode 100644
> index 0000000000..6e7e417b33
> --- /dev/null
> +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> @@ -0,0 +1,75 @@
> +/** @file
> + Definition of Redfish Credential DXE driver.
> +
> + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +#ifndef EDKII_REDFISH_CREDENTIAL_DXE_H_
> +#define EDKII_REDFISH_CREDENTIAL_DXE_H_
> +
> +#include <Protocol/EdkIIRedfishCredential.h>
> +
> +#include <Library/BaseLib.h>
> +#include <Library/DebugLib.h>
> +#include <Library/PrintLib.h>
> +#include <Library/RedfishCredentialLib.h>
> +#include <Library/UefiLib.h>
> +#include <Library/UefiBootServicesTableLib.h>
> +
> +/**
> + Retrieve platform's Redfish authentication information.
> +
> + This functions returns the Redfish authentication method together with
> the user Id and
> + password.
> + - For AuthMethodNone, the UserId and Password could be used for HTTP
> header authentication
> + as defined by RFC7235.
> + - For AuthMethodRedfishSession, the UserId and Password could be used
> for Redfish
> + session login as defined by Redfish API specification (DSP0266).
> +
> + Callers are responsible for and freeing the returned string storage.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> + @param[out] AuthMethod Type of Redfish authentication
> method.
> + @param[out] UserId The pointer to store the returned
> UserId string.
> + @param[out] Password The pointer to store the returned
> Password string.
> +
> + @retval EFI_SUCCESS Get the authentication information
> successfully.
> + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> EndOfDxe.
> + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> Password is NULL.
> + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> resources.
> + @retval EFI_UNSUPPORTED Unsupported authentication
> method is found.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishCredentialGetAuthInfo (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> + OUT CHAR8 **UserId,
> + OUT CHAR8 **Password
> + );
> +
> +/**
> + Notify the Redfish service provide to stop provide configuration
service to
> this platform.
> +
> + This function should be called when the platfrom is about to leave the
safe
> environment.
> + It will notify the Redfish service provider to abort all logined
session, and
> prohibit
> + further login with original auth info. GetAuthInfo() will return
> EFI_UNSUPPORTED once this
> + function is returned.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> +
> + @retval EFI_SUCCESS Service has been stoped
> successfully.
> + @retval EFI_INVALID_PARAMETER This is NULL.
> + @retval Others Some error happened.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishCredentialStopService (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> ServiceStopType
> + );
> +#endif
> diff --git a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> new file mode 100644
> index 0000000000..707d9a04d9
> --- /dev/null
> +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> @@ -0,0 +1,51 @@
> +## @file
> +# RedfishCredentialDxe is required to produce the
> +# EdkII RedfishCredentialProtocol for the consumer to get the Redfish
> +# credential Info and to restrict Redfish access from UEFI side.
> +#
> +# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +[Defines]
> + INF_VERSION = 0x0001000b
> + BASE_NAME = RedfishCredentialDxe
> + FILE_GUID =
> 458CE95A-4942-09A9-5D21-A6B16D5DAD7F
> + MODULE_TYPE = DXE_DRIVER
> + VERSION_STRING = 1.0
> + ENTRY_POINT =
> RedfishCredentialDxeDriverEntryPoint
> +
> +#
> +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
> RISCV64
> +#
> +
> +[Sources]
> + RedfishCredentialDxe.c
> + RedfishCredentialDxe.h
> +
> +[Packages]
> + MdePkg/MdePkg.dec
> + MdeModulePkg/MdeModulePkg.dec
> + RedfishPkg/RedfishPkg.dec
> +
> +[LibraryClasses]
> + BaseLib
> + DebugLib
> + PrintLib
> + RedfishPlatformCredentialLib
> + UefiBootServicesTableLib
> + UefiDriverEntryPoint
> + UefiRuntimeServicesTableLib
> + UefiLib
> +
> +[Protocols]
> + gEdkIIRedfishCredentialProtocolGuid ## BY_START
> +
> +
> +[Guids]
> + gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event
> + gEfiEventExitBootServicesGuid ## CONSUMES ## Event
> +
> +[Depex]
> + TRUE
> diff --git a/RedfishPkg/RedfishPkg.dec b/RedfishPkg/RedfishPkg.dec
> index 861f6dd0c8..fc56b4fefb 100644
> --- a/RedfishPkg/RedfishPkg.dec
> +++ b/RedfishPkg/RedfishPkg.dec
> @@ -21,6 +21,10 @@
> # Platform implementation-specific Redfish Host Interface.
>
> RedfishPlatformHostInterfaceLib|Include/Library/RedfishHostInterfaceLib.h
>
> + ## @libraryclass Platform Redfish Credential Library
> + # Platform implementation-specific Redfish Credential Interface.
> + RedfishPlatformCredentialLib|Include/Library/RedfishCredentialLib.h
> +
> [Protocols]
> ## Include/Protocol/RedfishDiscover.h
> gEfiRedfishDiscoverProtocolGuid = { 0x5db12509, 0x4550, 0x4347,
> { 0x96, 0xb3, 0x73, 0xc0, 0xff, 0x6e, 0x86, 0x9f }}
> diff --git a/RedfishPkg/RedfishPkg.dsc b/RedfishPkg/RedfishPkg.dsc
> index 94e7127bc6..f7d5b90918 100644
> --- a/RedfishPkg/RedfishPkg.dsc
> +++ b/RedfishPkg/RedfishPkg.dsc
> @@ -32,6 +32,7 @@
>
> DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/Base
> DebugPrintErrorLevelLib.inf
> PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
>
> RedfishPlatformHostInterfaceLib|RedfishPkg/Library/PlatformHostInterfaceLi
> bNull/PlatformHostInterfaceLibNull.inf
> +
>
RedfishPlatformCredentialLib|RedfishPkg/Library/PlatformCredentialLibNull/P
> latformCredentialLibNull.inf
>
> [LibraryClasses.ARM, LibraryClasses.AARCH64]
> #
> @@ -43,5 +44,6 @@
>
> [Components]
>
> RedfishPkg/Library/PlatformHostInterfaceLibNull/PlatformHostInterfaceLibNu
> ll.inf
> +
> RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.inf
>
> !include RedfishPkg/Redfish.dsc.inc
> --
> 2.17.1
>
>
>
>
>
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [edk2-devel] [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish Credential DXE driver
2020-12-10 2:00 ` 回复: [edk2-devel] " gaoliming
@ 2020-12-10 2:12 ` Abner Chang
0 siblings, 0 replies; 12+ messages in thread
From: Abner Chang @ 2020-12-10 2:12 UTC (permalink / raw)
To: devel@edk2.groups.io, gaoliming@byosoft.com.cn
Cc: Wang, Nickle (HPS SW), O'Hanley, Peter (EXL)
Sure. I will address this comments with others together if any.
Thanks
> -----Original Message-----
> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
> gaoliming
> Sent: Thursday, December 10, 2020 10:00 AM
> To: devel@edk2.groups.io; Chang, Abner (HPS SW/FW Technologist)
> <abner.chang@hpe.com>
> Cc: Wang, Nickle (HPS SW) <nickle.wang@hpe.com>; O'Hanley, Peter (EXL)
> <peter.ohanley@hpe.com>
> Subject: 回复: [edk2-devel] [PATCH 2/2] RedfishPkg/RedfishCredentialDxe:
> EDKII Redfish Credential DXE driver
>
> Abner:
> For RedfishCredentialDxe module, please remove unused library class
> PrintLib, UefiLib, UefiRuntimeServicesTableLib.
>
> Thanks
> Liming
> > -----邮件原件-----
> > 发件人: bounce+27952+68538+4905953+8761045@groups.io
> > <bounce+27952+68538+4905953+8761045@groups.io> 代表 Abner Chang
> > 发送时间: 2020年12月9日 16:44
> > 收件人: devel@edk2.groups.io
> > 抄送: Nickle Wang <nickle.wang@hpe.com>; Peter O'Hanley
> > <peter.ohanley@hpe.com>
> > 主题: [edk2-devel] [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII
> > Redfish Credential DXE driver
> >
> > EDKII Redfish Credential DXE driver which abstracts platform Redfish
> > credential implementation.
> >
> > Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
> > Signed-off-by: Ting Ye <ting.ye@intel.com>
> > Signed-off-by: Siyuan Fu <siyuan.fu@intel.com>
> > Signed-off-by: Fan Wang <fan.wang@intel.com>
> > Signed-off-by: Abner Chang <abner.chang@hpe.com>
> >
> > Cc: Nickle Wang <nickle.wang@hpe.com>
> > Cc: Peter O'Hanley <peter.ohanley@hpe.com>
> > ---
> > .../Include/Library/RedfishCredentialLib.h | 91 ++++++++
> > .../PlatformCredentialLibNull.c | 101 +++++++++
> > .../PlatformCredentialLibNull.inf | 30 +++
> > RedfishPkg/Redfish.fdf.inc | 1 +
> > RedfishPkg/RedfishComponents.dsc.inc | 1 +
> > .../RedfishCredentialDxe.c | 209
> > ++++++++++++++++++
> > .../RedfishCredentialDxe.h | 75 +++++++
> > .../RedfishCredentialDxe.inf | 51 +++++
> > RedfishPkg/RedfishPkg.dec | 4 +
> > RedfishPkg/RedfishPkg.dsc | 2 +
> > 10 files changed, 565 insertions(+)
> > create mode 100644 RedfishPkg/Include/Library/RedfishCredentialLib.h
> > create mode 100644
> > RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull
> > .c
> > create mode 100644
> > RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull
> > .inf
> > create mode 100644
> > RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > create mode 100644
> > RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > create mode 100644
> > RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> >
> > diff --git a/RedfishPkg/Include/Library/RedfishCredentialLib.h
> > b/RedfishPkg/Include/Library/RedfishCredentialLib.h
> > new file mode 100644
> > index 0000000000..dac1b3303f
> > --- /dev/null
> > +++ b/RedfishPkg/Include/Library/RedfishCredentialLib.h
> > @@ -0,0 +1,91 @@
> > +/** @file
> > + Definitinos of RedfishHostInterfaceDxe driver.
> > +
> > + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > +
> > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +#ifndef REDFISH_CREDENTIAL_LIB_H_
> > +#define REDFISH_CREDENTIAL_LIB_H_
> > +
> > +#include <Uefi.h>
> > +
> > +/**
> > + Notification of Exit Boot Service.
> > +
> > + @param[in] This Pointer to
> > EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > +**/
> > +VOID
> > +EFIAPI
> > +LibCredentialExitBootServicesNotify (
> > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This );
> > +
> > +/**
> > + Notification of End of DXe.
> > +
> > + @param[in] This Pointer to
> > EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > +**/
> > +VOID
> > +EFIAPI
> > +LibCredentialEndOfDxeNotify (
> > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This );
> > +
> > +/**
> > + Retrieve platform's Redfish authentication information.
> > +
> > + This functions returns the Redfish authentication method together
> > + with
> > the user Id and
> > + password.
> > + - For AuthMethodNone, the UserId and Password could be used for
> > + HTTP
> > header authentication
> > + as defined by RFC7235.
> > + - For AuthMethodRedfishSession, the UserId and Password could be
> > + used
> > for Redfish
> > + session login as defined by Redfish API specification (DSP0266).
> > +
> > + Callers are responsible for and freeing the returned string storage.
> > +
> > + @param[in] This Pointer to
> > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > + @param[out] AuthMethod Type of Redfish authentication
> > method.
> > + @param[out] UserId The pointer to store the returned
> > UserId string.
> > + @param[out] Password The pointer to store the returned
> > Password string.
> > +
> > + @retval EFI_SUCCESS Get the authentication information
> > successfully.
> > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> > EndOfDxe.
> > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> > Password is NULL.
> > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > resources.
> > + @retval EFI_UNSUPPORTED Unsupported authentication
> > method is found.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +LibCredentialGetAuthInfo (
> > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > + OUT CHAR8 **UserId,
> > + OUT CHAR8 **Password
> > +);
> > +
> > +/**
> > + Notify the Redfish service provide to stop provide configuration
> service to
> > this platform.
> > +
> > + This function should be called when the platfrom is about to leave
> > + the
> safe
> > environment.
> > + It will notify the Redfish service provider to abort all logined
> session, and
> > prohibit
> > + further login with original auth info. GetAuthInfo() will return
> > EFI_UNSUPPORTED once this
> > + function is returned.
> > +
> > + @param[in] This Pointer to
> > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > + @param[in] ServiceStopType Reason of stopping Redfish service.
> > +
> > + @retval EFI_SUCCESS Service has been stoped
> > successfully.
> > + @retval EFI_INVALID_PARAMETER This is NULL.
> > + @retval Others Some error happened.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +LibStopRedfishService (
> > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> > ServiceStopType
> > +);
> > +#endif
> > diff --git
> > a/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNu
> > ll.c
> > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNu
> > ll.c
> > new file mode 100644
> > index 0000000000..39de622d59
> > --- /dev/null
> > +++
> > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNu
> > ll.c
> > @@ -0,0 +1,101 @@
> > +/** @file
> > + NULL instace of RedfishPlatformCredentialLib
> > +
> > + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > +
> > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +#include <Uefi.h>
> > +#include <Protocol/EdkIIRedfishCredential.h>
> > +/**
> > + Notification of Exit Boot Service.
> > +
> > + @param[in] This Pointer to
> > EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > +**/
> > +VOID
> > +EFIAPI
> > +LibCredentialExitBootServicesNotify (
> > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
> > +)
> > +{
> > + return;
> > +}
> > +
> > +/**
> > + Notification of End of DXe.
> > +
> > + @param[in] This Pointer to
> > EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > +**/
> > +VOID
> > +EFIAPI
> > +LibCredentialEndOfDxeNotify (
> > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
> > +)
> > +{
> > + return;
> > +}
> > +
> > +/**
> > + Retrieve platform's Redfish authentication information.
> > +
> > + This functions returns the Redfish authentication method together
> > + with
> > the user Id and
> > + password.
> > + - For AuthMethodNone, the UserId and Password could be used for
> > + HTTP
> > header authentication
> > + as defined by RFC7235.
> > + - For AuthMethodRedfishSession, the UserId and Password could be
> > + used
> > for Redfish
> > + session login as defined by Redfish API specification (DSP0266).
> > +
> > + Callers are responsible for and freeing the returned string storage.
> > +
> > + @param[in] This Pointer to
> > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > + @param[out] AuthMethod Type of Redfish authentication
> > method.
> > + @param[out] UserId The pointer to store the returned
> > UserId string.
> > + @param[out] Password The pointer to store the returned
> > Password string.
> > +
> > + @retval EFI_SUCCESS Get the authentication information
> > successfully.
> > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> > EndOfDxe.
> > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> > Password is NULL.
> > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > resources.
> > + @retval EFI_UNSUPPORTED Unsupported authentication
> > method is found.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +LibCredentialGetAuthInfo (
> > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > + OUT CHAR8 **UserId,
> > + OUT CHAR8 **Password
> > +)
> > +{
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > + Notify the Redfish service provide to stop provide configuration
> service to
> > this platform.
> > +
> > + This function should be called when the platfrom is about to leave
> > + the
> safe
> > environment.
> > + It will notify the Redfish service provider to abort all logined
> session, and
> > prohibit
> > + further login with original auth info. GetAuthInfo() will return
> > EFI_UNSUPPORTED once this
> > + function is returned.
> > +
> > + @param[in] This Pointer to
> > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > + @param[in] ServiceStopType Reason of stopping Redfish service.
> > +
> > + @retval EFI_SUCCESS Service has been stoped
> > successfully.
> > + @retval EFI_INVALID_PARAMETER This is NULL or given the worng
> > ServiceStopType.
> > + @retval EFI_UNSUPPORTED Not support to stop Redfish
> > service.
> > + @retval Others Some error happened.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +LibStopRedfishService (
> > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> > ServiceStopType
> > + )
> > +{
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > diff --git
> >
> a/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.in
> f
> >
> b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.in
> f
> > new file mode 100644
> > index 0000000000..4c22e89718
> > --- /dev/null
> > +++
> >
> b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.in
> f
> > @@ -0,0 +1,30 @@
> > +## @file
> > +# NULL instance of RedfishPlatformCredentialLib # # (C) Copyright
> > +2020 Hewlett Packard Enterprise Development LP<BR> # #
> > +SPDX-License-Identifier: BSD-2-Clause-Patent # ##
> > +
> > +[Defines]
> > + INF_VERSION = 0x0001000b
> > + BASE_NAME =
> > RedfishPlatformCredentialLibNull
> > + FILE_GUID =
> > CA3BD843-0BDD-4EE0-A38A-B45CA663114F
> > + MODULE_TYPE = DXE_DRIVER
> > + VERSION_STRING = 1.0
> > + LIBRARY_CLASS = RedfishPlatformCredentialLib
> > +
> > +#
> > +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
> > RISCV64
> > +#
> > +
> > +[Sources]
> > + PlatformCredentialLibNull.c
> > +
> > +[Packages]
> > + MdePkg/MdePkg.dec
> > + MdeModulePkg/MdeModulePkg.dec
> > + RedfishPkg/RedfishPkg.dec
> > +
> > +
> > diff --git a/RedfishPkg/Redfish.fdf.inc b/RedfishPkg/Redfish.fdf.inc
> > index 19de479a80..24e32e0abf 100644
> > --- a/RedfishPkg/Redfish.fdf.inc
> > +++ b/RedfishPkg/Redfish.fdf.inc
> > @@ -13,4 +13,5 @@
> > !if $(REDFISH_ENABLE) == TRUE
> > INF RedfishPkg/RestJsonStructureDxe/RestJsonStructureDxe.inf
> > INF RedfishPkg/RedfishHostInterfaceDxe/RedfishHostInterfaceDxe.inf
> > + INF RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > !endif
> > diff --git a/RedfishPkg/RedfishComponents.dsc.inc
> > b/RedfishPkg/RedfishComponents.dsc.inc
> > index ac1b57ed8f..ff32653ec8 100644
> > --- a/RedfishPkg/RedfishComponents.dsc.inc
> > +++ b/RedfishPkg/RedfishComponents.dsc.inc
> > @@ -15,4 +15,5 @@
> > !if $(REDFISH_ENABLE) == TRUE
> > RedfishPkg/RestJsonStructureDxe/RestJsonStructureDxe.inf
> > RedfishPkg/RedfishHostInterfaceDxe/RedfishHostInterfaceDxe.inf
> > + RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > !endif
> > diff --git a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > new file mode 100644
> > index 0000000000..f48d1d011c
> > --- /dev/null
> > +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > @@ -0,0 +1,209 @@
> > +/** @file
> > + RedfishCrentialDxe produces the EdkIIRedfishCredentialProtocol for
> > +the
> > consumer
> > + to get the Redfish credential Info and to restrict Redfish access
> > + from
> UEFI
> > side.
> > +
> > + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > +
> > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +
> > +#include <RedfishCredentialDxe.h>
> > +
> > +EDKII_REDFISH_CREDENTIAL_PROTOCOL mRedfishCredentialProtocol = {
> > + RedfishCredentialGetAuthInfo,
> > + RedfishCredentialStopService
> > +};
> > +
> > +/**
> > + Callback function executed when the ExitBootServices event group is
> > signaled.
> > +
> > + @param[in] Event Event whose notification function is being
> > invoked.
> > + @param[out] Context Pointer to the buffer pass in.
> > +**/
> > +VOID
> > +EFIAPI
> > +RedfishCredentialExitBootServicesEventNotify (
> > + IN EFI_EVENT Event,
> > + OUT VOID *Context
> > + )
> > +{
> > + LibCredentialExitBootServicesNotify
> > ((EDKII_REDFISH_CREDENTIAL_PROTOCOL *)Context);
> > +}
> > +
> > +/**
> > + Callback function executed when the EndOfDxe event group is signaled.
> > +
> > + @param[in] Event Event whose notification function is being
> > invoked.
> > + @param[out] Context Pointer to the buffer pass in.
> > +**/
> > +VOID
> > +EFIAPI
> > +RedfishCredentialEndOfDxeEventNotify (
> > + IN EFI_EVENT Event,
> > + OUT VOID *Context
> > + )
> > +{
> > + LibCredentialEndOfDxeNotify ((EDKII_REDFISH_CREDENTIAL_PROTOCOL
> > *)Context);
> > +
> > + //
> > + // Close event, so it will not be invoked again.
> > + //
> > + gBS->CloseEvent (Event);
> > +}
> > +
> > +/**
> > + Retrieve platform's Redfish authentication information.
> > +
> > + This functions returns the Redfish authentication method together
> > + with
> > the user Id and
> > + password.
> > + - For AuthMethodNone, the UserId and Password could be used for
> > + HTTP
> > header authentication
> > + as defined by RFC7235.
> > + - For AuthMethodRedfishSession, the UserId and Password could be
> > + used
> > for Redfish
> > + session login as defined by Redfish API specification (DSP0266).
> > +
> > + Callers are responsible for and freeing the returned string storage.
> > +
> > + @param[in] This Pointer to
> > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > + @param[out] AuthMethod Type of Redfish authentication
> > method.
> > + @param[out] UserId The pointer to store the returned
> > UserId string.
> > + @param[out] Password The pointer to store the returned
> > Password string.
> > +
> > + @retval EFI_SUCCESS Get the authentication information
> > successfully.
> > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> > EndOfDxe.
> > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> > Password is NULL.
> > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > resources.
> > + @retval EFI_UNSUPPORTED Unsupported authentication
> > method is found.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +RedfishCredentialGetAuthInfo (
> > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > + OUT CHAR8 **UserId,
> > + OUT CHAR8 **Password
> > + )
> > +{
> > + if (This == NULL || AuthMethod == NULL || UserId == NULL ||
> > +Password
> > == NULL) {
> > + return EFI_INVALID_PARAMETER;
> > + }
> > +
> > + return LibCredentialGetAuthInfo (This, AuthMethod,
> > +UserId,Password); }
> > +
> > +/**
> > + Notify the Redfish service provide to stop provide configuration
> service to
> > this platform.
> > +
> > + This function should be called when the platfrom is about to leave
> > + the
> safe
> > environment.
> > + It will notify the Redfish service provider to abort all logined
> session, and
> > prohibit
> > + further login with original auth info. GetAuthInfo() will return
> > EFI_UNSUPPORTED once this
> > + function is returned.
> > +
> > + @param[in] This Pointer to
> > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > + @param[in] ServiceStopType Reason of stopping Redfish service.
> > +
> > + @retval EFI_SUCCESS Service has been stoped
> > successfully.
> > + @retval EFI_INVALID_PARAMETER This is NULL or given the worng
> > ServiceStopType.
> > + @retval EFI_UNSUPPORTED Not support to stop Redfish
> > service.
> > + @retval Others Some error happened.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +RedfishCredentialStopService (
> > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> > ServiceStopType
> > + )
> > +{
> > + if (This == NULL) {
> > + return EFI_INVALID_PARAMETER;
> > + }
> > +
> > + return LibStopRedfishService (This, ServiceStopType); }
> > +
> > +/**
> > + Main entry for this driver.
> > +
> > + @param ImageHandle Image handle this driver.
> > + @param SystemTable Pointer to SystemTable.
> > +
> > + @retval EFI_SUCESS This function always complete successfully.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +RedfishCredentialDxeDriverEntryPoint (
> > + IN EFI_HANDLE ImageHandle,
> > + IN EFI_SYSTEM_TABLE *SystemTable
> > + )
> > +{
> > + EFI_STATUS Status;
> > + EFI_HANDLE Handle;
> > + EFI_EVENT EndOfDxeEvent;
> > + EFI_EVENT ExitBootServiceEvent;
> > +
> > + Handle = NULL;
> > +
> > + //
> > + // Install the RedfishCredentialProtocol onto Handle.
> > + //
> > + Status = gBS->InstallMultipleProtocolInterfaces (
> > + &Handle,
> > + &gEdkIIRedfishCredentialProtocolGuid,
> > + &mRedfishCredentialProtocol,
> > + NULL
> > + );
> > + if (EFI_ERROR (Status)) {
> > + return Status;
> > + }
> > +
> > + //
> > + // After EndOfDxe, if SecureBoot is disabled, Redfish Credential
> Protocol
> > should return
> > + // error code to caller to avoid the 3rd code to bypass Redfish
> Credential
> > Protocol and
> > + // retrieve userid/pwd directly. So, here, we create EndOfDxe Event
> > + to
> > check SecureBoot
> > + // status.
> > + //
> > + Status = gBS->CreateEventEx (
> > + EVT_NOTIFY_SIGNAL,
> > + TPL_CALLBACK,
> > + RedfishCredentialEndOfDxeEventNotify,
> > + (VOID *)&mRedfishCredentialProtocol,
> > + &gEfiEndOfDxeEventGroupGuid,
> > + &EndOfDxeEvent
> > + );
> > + if (EFI_ERROR (Status)) {
> > + goto ON_ERROR;
> > + }
> > +
> > + //
> > + // After ExitBootServices, Redfish Credential Protocol should stop
> > + the
> > service.
> > + // So, here, we create ExitBootService Event to stop service.
> > + //
> > + Status = gBS->CreateEventEx (
> > + EVT_NOTIFY_SIGNAL,
> > + TPL_CALLBACK,
> > + RedfishCredentialExitBootServicesEventNotify,
> > + (VOID *)&mRedfishCredentialProtocol,
> > + &gEfiEventExitBootServicesGuid,
> > + &ExitBootServiceEvent
> > + );
> > + if (EFI_ERROR (Status)) {
> > + gBS->CloseEvent (EndOfDxeEvent);
> > + goto ON_ERROR;
> > + }
> > +
> > + return EFI_SUCCESS;
> > +
> > +ON_ERROR:
> > +
> > + gBS->UninstallMultipleProtocolInterfaces (
> > + Handle,
> > + &gEdkIIRedfishCredentialProtocolGuid,
> > + &mRedfishCredentialProtocol,
> > + NULL
> > + );
> > +
> > + return Status;
> > +}
> > diff --git a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > new file mode 100644
> > index 0000000000..6e7e417b33
> > --- /dev/null
> > +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > @@ -0,0 +1,75 @@
> > +/** @file
> > + Definition of Redfish Credential DXE driver.
> > +
> > + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > +
> > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +#ifndef EDKII_REDFISH_CREDENTIAL_DXE_H_ #define
> > +EDKII_REDFISH_CREDENTIAL_DXE_H_
> > +
> > +#include <Protocol/EdkIIRedfishCredential.h>
> > +
> > +#include <Library/BaseLib.h>
> > +#include <Library/DebugLib.h>
> > +#include <Library/PrintLib.h>
> > +#include <Library/RedfishCredentialLib.h> #include
> > +<Library/UefiLib.h> #include <Library/UefiBootServicesTableLib.h>
> > +
> > +/**
> > + Retrieve platform's Redfish authentication information.
> > +
> > + This functions returns the Redfish authentication method together
> > + with
> > the user Id and
> > + password.
> > + - For AuthMethodNone, the UserId and Password could be used for
> > + HTTP
> > header authentication
> > + as defined by RFC7235.
> > + - For AuthMethodRedfishSession, the UserId and Password could be
> > + used
> > for Redfish
> > + session login as defined by Redfish API specification (DSP0266).
> > +
> > + Callers are responsible for and freeing the returned string storage.
> > +
> > + @param[in] This Pointer to
> > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > + @param[out] AuthMethod Type of Redfish authentication
> > method.
> > + @param[out] UserId The pointer to store the returned
> > UserId string.
> > + @param[out] Password The pointer to store the returned
> > Password string.
> > +
> > + @retval EFI_SUCCESS Get the authentication information
> > successfully.
> > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> > EndOfDxe.
> > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> > Password is NULL.
> > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > resources.
> > + @retval EFI_UNSUPPORTED Unsupported authentication
> > method is found.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +RedfishCredentialGetAuthInfo (
> > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > + OUT CHAR8 **UserId,
> > + OUT CHAR8 **Password
> > + );
> > +
> > +/**
> > + Notify the Redfish service provide to stop provide configuration
> service to
> > this platform.
> > +
> > + This function should be called when the platfrom is about to leave
> > + the
> safe
> > environment.
> > + It will notify the Redfish service provider to abort all logined
> session, and
> > prohibit
> > + further login with original auth info. GetAuthInfo() will return
> > EFI_UNSUPPORTED once this
> > + function is returned.
> > +
> > + @param[in] This Pointer to
> > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > +
> > + @retval EFI_SUCCESS Service has been stoped
> > successfully.
> > + @retval EFI_INVALID_PARAMETER This is NULL.
> > + @retval Others Some error happened.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +RedfishCredentialStopService (
> > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> > ServiceStopType
> > + );
> > +#endif
> > diff --git a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > new file mode 100644
> > index 0000000000..707d9a04d9
> > --- /dev/null
> > +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > @@ -0,0 +1,51 @@
> > +## @file
> > +# RedfishCredentialDxe is required to produce the # EdkII
> > +RedfishCredentialProtocol for the consumer to get the Redfish #
> > +credential Info and to restrict Redfish access from UEFI side.
> > +#
> > +# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR> #
> > +SPDX-License-Identifier: BSD-2-Clause-Patent # ##
> > +
> > +[Defines]
> > + INF_VERSION = 0x0001000b
> > + BASE_NAME = RedfishCredentialDxe
> > + FILE_GUID =
> > 458CE95A-4942-09A9-5D21-A6B16D5DAD7F
> > + MODULE_TYPE = DXE_DRIVER
> > + VERSION_STRING = 1.0
> > + ENTRY_POINT =
> > RedfishCredentialDxeDriverEntryPoint
> > +
> > +#
> > +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
> > RISCV64
> > +#
> > +
> > +[Sources]
> > + RedfishCredentialDxe.c
> > + RedfishCredentialDxe.h
> > +
> > +[Packages]
> > + MdePkg/MdePkg.dec
> > + MdeModulePkg/MdeModulePkg.dec
> > + RedfishPkg/RedfishPkg.dec
> > +
> > +[LibraryClasses]
> > + BaseLib
> > + DebugLib
> > + PrintLib
> > + RedfishPlatformCredentialLib
> > + UefiBootServicesTableLib
> > + UefiDriverEntryPoint
> > + UefiRuntimeServicesTableLib
> > + UefiLib
> > +
> > +[Protocols]
> > + gEdkIIRedfishCredentialProtocolGuid ## BY_START
> > +
> > +
> > +[Guids]
> > + gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event
> > + gEfiEventExitBootServicesGuid ## CONSUMES ## Event
> > +
> > +[Depex]
> > + TRUE
> > diff --git a/RedfishPkg/RedfishPkg.dec b/RedfishPkg/RedfishPkg.dec
> > index 861f6dd0c8..fc56b4fefb 100644
> > --- a/RedfishPkg/RedfishPkg.dec
> > +++ b/RedfishPkg/RedfishPkg.dec
> > @@ -21,6 +21,10 @@
> > # Platform implementation-specific Redfish Host Interface.
> >
> > RedfishPlatformHostInterfaceLib|Include/Library/RedfishHostInterfaceLi
> > RedfishPlatformHostInterfaceLib|b.h
> >
> > + ## @libraryclass Platform Redfish Credential Library
> > + # Platform implementation-specific Redfish Credential Interface.
> > + RedfishPlatformCredentialLib|Include/Library/RedfishCredentialLib.h
> > +
> > [Protocols]
> > ## Include/Protocol/RedfishDiscover.h
> > gEfiRedfishDiscoverProtocolGuid = { 0x5db12509, 0x4550, 0x4347,
> > { 0x96, 0xb3, 0x73, 0xc0, 0xff, 0x6e, 0x86, 0x9f }} diff --git
> > a/RedfishPkg/RedfishPkg.dsc b/RedfishPkg/RedfishPkg.dsc index
> > 94e7127bc6..f7d5b90918 100644
> > --- a/RedfishPkg/RedfishPkg.dsc
> > +++ b/RedfishPkg/RedfishPkg.dsc
> > @@ -32,6 +32,7 @@
> >
> >
> DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/Bas
> > DebugPrintErrorLevelLib|e
> > DebugPrintErrorLevelLib.inf
> > PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
> >
> > RedfishPlatformHostInterfaceLib|RedfishPkg/Library/PlatformHostInterfa
> > RedfishPlatformHostInterfaceLib|ceLi
> > bNull/PlatformHostInterfaceLibNull.inf
> > +
> >
> RedfishPlatformCredentialLib|RedfishPkg/Library/PlatformCredentialLibNul
> RedfishPlatformCredentialLib|l/P
> > latformCredentialLibNull.inf
> >
> > [LibraryClasses.ARM, LibraryClasses.AARCH64]
> > #
> > @@ -43,5 +44,6 @@
> >
> > [Components]
> >
> > RedfishPkg/Library/PlatformHostInterfaceLibNull/PlatformHostInterfaceL
> > ibNu
> > ll.inf
> > +
> > RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull
> > .inf
> >
> > !include RedfishPkg/Redfish.dsc.inc
> > --
> > 2.17.1
> >
> >
> >
> >
> >
>
>
>
>
>
>
>
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 1/2] RedfishPkg/Include: EDKII Redfish Credential Header file
2020-12-09 8:43 ` [PATCH 1/2] RedfishPkg/Include: EDKII Redfish Credential Header file Abner Chang
@ 2020-12-10 2:44 ` Nickle Wang
2020-12-16 2:37 ` Nickle Wang
1 sibling, 0 replies; 12+ messages in thread
From: Nickle Wang @ 2020-12-10 2:44 UTC (permalink / raw)
To: Chang, Abner (HPS SW/FW Technologist), devel@edk2.groups.io
Cc: O'Hanley, Peter (EXL)
Reviewed-by: Nickle Wang <nickle.wang@hpe.com>
> -----Original Message-----
> From: Chang, Abner (HPS SW/FW Technologist) <abner.chang@hpe.com>
> Sent: Wednesday, December 9, 2020 4:44 PM
> To: devel@edk2.groups.io
> Cc: Wang, Nickle (HPS SW) <nickle.wang@hpe.com>; O'Hanley, Peter (EXL)
> <peter.ohanley@hpe.com>
> Subject: [PATCH 1/2] RedfishPkg/Include: EDKII Redfish Credential Header
> file
>
> Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
> Signed-off-by: Ting Ye <ting.ye@intel.com>
> Signed-off-by: Siyuan Fu <siyuan.fu@intel.com>
> Signed-off-by: Fan Wang <fan.wang@intel.com>
> Signed-off-by: Abner Chang <abner.chang@hpe.com>
>
> Cc: Nickle Wang <nickle.wang@hpe.com>
> Cc: Peter O'Hanley <peter.ohanley@hpe.com>
> ---
> .../Include/Protocol/EdkIIRedfishCredential.h | 101 ++++++++++++++++++
> RedfishPkg/RedfishPkg.dec | 3 +
> 2 files changed, 104 insertions(+)
> create mode 100644 RedfishPkg/Include/Protocol/EdkIIRedfishCredential.h
>
> diff --git a/RedfishPkg/Include/Protocol/EdkIIRedfishCredential.h
> b/RedfishPkg/Include/Protocol/EdkIIRedfishCredential.h
> new file mode 100644
> index 0000000000..34e33b1e00
> --- /dev/null
> +++ b/RedfishPkg/Include/Protocol/EdkIIRedfishCredential.h
> @@ -0,0 +1,101 @@
> +/** @file
> + This file defines the EDKII_REDFISH_CREDENTIAL_PROTOCOL interface.
> +
> + Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
> + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef EDKII_REDFISH_CREDENTIAL_H_
> +#define EDKII_REDFISH_CREDENTIAL_H_
> +
> +typedef struct _EDKII_REDFISH_CREDENTIAL_PROTOCOL
> EDKII_REDFISH_CREDENTIAL_PROTOCOL;
> +
> +#define EDKII_REDFISH_CREDENTIAL_PROTOCOL_GUID \
> + { \
> + 0x8804377, 0xaf7a, 0x4496, { 0x8a, 0x7b, 0x17, 0x59, 0x0, 0xe9, 0xab,
> 0x46 } \
> + }
> +
> +typedef enum {
> + AuthMethodNone, ///< No authentication is required.
> + AuthMethodHttpBasic, ///< Basic authentication is required.
> + AuthMethodRedfishSession, ///< Session authentication is required.
> + AuthMethodMax
> +} EDKII_REDFISH_AUTH_METHOD;
> +
> +typedef enum {
> + ServiceStopTypeNone = 0, ///< Stop Redfsih service without reason.
> + ServiceStopTypeSecureBootDisabled, ///< Stop Redfsih service becasue
> EFI
> + ///< Secure Boot is disabled.
> + ServiceStopTypeExitBootService, ///< Stop Redfsih service becasue
> existing
> + ///< Boot Service.
> + ServiceStopTypeMax
> +} EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE;
> +
> +
> +/**
> + Retrieve platform's Redfish authentication information.
> +
> + This functions returns the Redfish authentication method together with
> the user Id and
> + password.
> + - For AuthMethodNone, the UserId and Password could be used for HTTP
> header authentication
> + as defined by RFC7235.
> + - For AuthMethodRedfishSession, the UserId and Password could be used
> for Redfish
> + session login as defined by Redfish API specification (DSP0266).
> +
> + Callers are responsible for and freeing the returned string storage.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> + @param[out] AuthMethod Type of Redfish authentication method.
> + @param[out] UserId The pointer to store the returned UserId
> string.
> + @param[out] Password The pointer to store the returned Password
> string.
> +
> + @retval EFI_SUCCESS Get the authentication information
> successfully.
> + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe.
> + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> Password is NULL.
> + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> resources.
> + @retval EFI_UNSUPPORTED Unsupported authentication method is
> found.
> +
> +**/
> +typedef
> +EFI_STATUS
> +(EFIAPI *EDKII_REDFISH_CREDENTIAL_PROTOCOL_GET_AUTH_INFO) (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> + OUT CHAR8 **UserId,
> + OUT CHAR8 **Password
> + );
> +
> +/**
> + Notify the Redfish service provide to stop provide configuration service to
> this platform.
> +
> + This function should be called when the platfrom is about to leave the safe
> environment.
> + It will notify the Redfish service provider to abort all logined session, and
> prohibit
> + further login with original auth info. GetAuthInfo() will return
> EFI_UNSUPPORTED once this
> + function is returned.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> + @param[in] ServiceStopType Reason of stopping Redfish service.
> +
> + @retval EFI_SUCCESS Service has been stoped successfully.
> + @retval EFI_INVALID_PARAMETER This is NULL.
> + @retval Others Some error happened.
> +
> +**/
> +typedef
> +EFI_STATUS
> +(EFIAPI *EDKII_REDFISH_CREDENTIAL_PROTOCOL_STOP_SERVICE) (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType
> + );
> +
> +struct _EDKII_REDFISH_CREDENTIAL_PROTOCOL {
> + EDKII_REDFISH_CREDENTIAL_PROTOCOL_GET_AUTH_INFO
> GetAuthInfo;
> + EDKII_REDFISH_CREDENTIAL_PROTOCOL_STOP_SERVICE StopService;
> +};
> +
> +extern EFI_GUID gEdkIIRedfishCredentialProtocolGuid;
> +
> +#endif
> diff --git a/RedfishPkg/RedfishPkg.dec b/RedfishPkg/RedfishPkg.dec
> index b38e9b4789..861f6dd0c8 100644
> --- a/RedfishPkg/RedfishPkg.dec
> +++ b/RedfishPkg/RedfishPkg.dec
> @@ -25,6 +25,9 @@
> ## Include/Protocol/RedfishDiscover.h
> gEfiRedfishDiscoverProtocolGuid = { 0x5db12509, 0x4550, 0x4347, { 0x96,
> 0xb3, 0x73, 0xc0, 0xff, 0x6e, 0x86, 0x9f }}
>
> + ## Include/Protocol/EdkIIRedfishCredential.h
> + gEdkIIRedfishCredentialProtocolGuid = { 0x8804377, 0xaf7a, 0x4496, { 0x8a,
> 0x7b, 0x17, 0x59, 0x0, 0xe9, 0xab, 0x46 } }
> +
> [Guids]
> gEfiRedfishPkgTokenSpaceGuid = { 0x4fdbccb7, 0xe829, 0x4b4c, { 0x88,
> 0x87, 0xb2, 0x3f, 0xd7, 0x25, 0x4b, 0x85 }}
>
> --
> 2.17.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 1/2] RedfishPkg/Include: EDKII Redfish Credential Header file
2020-12-09 8:43 ` [PATCH 1/2] RedfishPkg/Include: EDKII Redfish Credential Header file Abner Chang
2020-12-10 2:44 ` Nickle Wang
@ 2020-12-16 2:37 ` Nickle Wang
1 sibling, 0 replies; 12+ messages in thread
From: Nickle Wang @ 2020-12-16 2:37 UTC (permalink / raw)
To: Chang, Abner (HPS SW/FW Technologist), devel@edk2.groups.io
Cc: O'Hanley, Peter (EXL)
Reviewed-by: Nickle Wang <nickle.wang@hpe.com>
> -----Original Message-----
> From: Chang, Abner (HPS SW/FW Technologist) <abner.chang@hpe.com>
> Sent: Wednesday, December 9, 2020 4:44 PM
> To: devel@edk2.groups.io
> Cc: Wang, Nickle (HPS SW) <nickle.wang@hpe.com>; O'Hanley, Peter (EXL)
> <peter.ohanley@hpe.com>
> Subject: [PATCH 1/2] RedfishPkg/Include: EDKII Redfish Credential Header
> file
>
> Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
> Signed-off-by: Ting Ye <ting.ye@intel.com>
> Signed-off-by: Siyuan Fu <siyuan.fu@intel.com>
> Signed-off-by: Fan Wang <fan.wang@intel.com>
> Signed-off-by: Abner Chang <abner.chang@hpe.com>
>
> Cc: Nickle Wang <nickle.wang@hpe.com>
> Cc: Peter O'Hanley <peter.ohanley@hpe.com>
> ---
> .../Include/Protocol/EdkIIRedfishCredential.h | 101 ++++++++++++++++++
> RedfishPkg/RedfishPkg.dec | 3 +
> 2 files changed, 104 insertions(+)
> create mode 100644 RedfishPkg/Include/Protocol/EdkIIRedfishCredential.h
>
> diff --git a/RedfishPkg/Include/Protocol/EdkIIRedfishCredential.h
> b/RedfishPkg/Include/Protocol/EdkIIRedfishCredential.h
> new file mode 100644
> index 0000000000..34e33b1e00
> --- /dev/null
> +++ b/RedfishPkg/Include/Protocol/EdkIIRedfishCredential.h
> @@ -0,0 +1,101 @@
> +/** @file
> + This file defines the EDKII_REDFISH_CREDENTIAL_PROTOCOL interface.
> +
> + Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
> + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef EDKII_REDFISH_CREDENTIAL_H_
> +#define EDKII_REDFISH_CREDENTIAL_H_
> +
> +typedef struct _EDKII_REDFISH_CREDENTIAL_PROTOCOL
> EDKII_REDFISH_CREDENTIAL_PROTOCOL;
> +
> +#define EDKII_REDFISH_CREDENTIAL_PROTOCOL_GUID \
> + { \
> + 0x8804377, 0xaf7a, 0x4496, { 0x8a, 0x7b, 0x17, 0x59, 0x0, 0xe9, 0xab,
> 0x46 } \
> + }
> +
> +typedef enum {
> + AuthMethodNone, ///< No authentication is required.
> + AuthMethodHttpBasic, ///< Basic authentication is required.
> + AuthMethodRedfishSession, ///< Session authentication is required.
> + AuthMethodMax
> +} EDKII_REDFISH_AUTH_METHOD;
> +
> +typedef enum {
> + ServiceStopTypeNone = 0, ///< Stop Redfsih service without reason.
> + ServiceStopTypeSecureBootDisabled, ///< Stop Redfsih service becasue
> EFI
> + ///< Secure Boot is disabled.
> + ServiceStopTypeExitBootService, ///< Stop Redfsih service becasue
> existing
> + ///< Boot Service.
> + ServiceStopTypeMax
> +} EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE;
> +
> +
> +/**
> + Retrieve platform's Redfish authentication information.
> +
> + This functions returns the Redfish authentication method together with
> the user Id and
> + password.
> + - For AuthMethodNone, the UserId and Password could be used for HTTP
> header authentication
> + as defined by RFC7235.
> + - For AuthMethodRedfishSession, the UserId and Password could be used
> for Redfish
> + session login as defined by Redfish API specification (DSP0266).
> +
> + Callers are responsible for and freeing the returned string storage.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> + @param[out] AuthMethod Type of Redfish authentication method.
> + @param[out] UserId The pointer to store the returned UserId
> string.
> + @param[out] Password The pointer to store the returned Password
> string.
> +
> + @retval EFI_SUCCESS Get the authentication information
> successfully.
> + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe.
> + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> Password is NULL.
> + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> resources.
> + @retval EFI_UNSUPPORTED Unsupported authentication method is
> found.
> +
> +**/
> +typedef
> +EFI_STATUS
> +(EFIAPI *EDKII_REDFISH_CREDENTIAL_PROTOCOL_GET_AUTH_INFO) (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> + OUT CHAR8 **UserId,
> + OUT CHAR8 **Password
> + );
> +
> +/**
> + Notify the Redfish service provide to stop provide configuration service to
> this platform.
> +
> + This function should be called when the platfrom is about to leave the safe
> environment.
> + It will notify the Redfish service provider to abort all logined session, and
> prohibit
> + further login with original auth info. GetAuthInfo() will return
> EFI_UNSUPPORTED once this
> + function is returned.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> + @param[in] ServiceStopType Reason of stopping Redfish service.
> +
> + @retval EFI_SUCCESS Service has been stoped successfully.
> + @retval EFI_INVALID_PARAMETER This is NULL.
> + @retval Others Some error happened.
> +
> +**/
> +typedef
> +EFI_STATUS
> +(EFIAPI *EDKII_REDFISH_CREDENTIAL_PROTOCOL_STOP_SERVICE) (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType
> + );
> +
> +struct _EDKII_REDFISH_CREDENTIAL_PROTOCOL {
> + EDKII_REDFISH_CREDENTIAL_PROTOCOL_GET_AUTH_INFO
> GetAuthInfo;
> + EDKII_REDFISH_CREDENTIAL_PROTOCOL_STOP_SERVICE StopService;
> +};
> +
> +extern EFI_GUID gEdkIIRedfishCredentialProtocolGuid;
> +
> +#endif
> diff --git a/RedfishPkg/RedfishPkg.dec b/RedfishPkg/RedfishPkg.dec
> index b38e9b4789..861f6dd0c8 100644
> --- a/RedfishPkg/RedfishPkg.dec
> +++ b/RedfishPkg/RedfishPkg.dec
> @@ -25,6 +25,9 @@
> ## Include/Protocol/RedfishDiscover.h
> gEfiRedfishDiscoverProtocolGuid = { 0x5db12509, 0x4550, 0x4347, { 0x96,
> 0xb3, 0x73, 0xc0, 0xff, 0x6e, 0x86, 0x9f }}
>
> + ## Include/Protocol/EdkIIRedfishCredential.h
> + gEdkIIRedfishCredentialProtocolGuid = { 0x8804377, 0xaf7a, 0x4496, { 0x8a,
> 0x7b, 0x17, 0x59, 0x0, 0xe9, 0xab, 0x46 } }
> +
> [Guids]
> gEfiRedfishPkgTokenSpaceGuid = { 0x4fdbccb7, 0xe829, 0x4b4c, { 0x88,
> 0x87, 0xb2, 0x3f, 0xd7, 0x25, 0x4b, 0x85 }}
>
> --
> 2.17.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish Credential DXE driver
2020-12-09 8:43 ` [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish Credential DXE driver Abner Chang
2020-12-10 2:00 ` 回复: [edk2-devel] " gaoliming
@ 2020-12-16 2:45 ` Nickle Wang
2020-12-16 7:08 ` Abner Chang
1 sibling, 1 reply; 12+ messages in thread
From: Nickle Wang @ 2020-12-16 2:45 UTC (permalink / raw)
To: Chang, Abner (HPS SW/FW Technologist), devel@edk2.groups.io
Cc: O'Hanley, Peter (EXL)
Hi Abner,
Overall looks good to me. Just a question about implementation.
The End-Of-DXE and Exit-Boot-Service is registered in Redfish Credential driver and the implementation is provide by RedfishPlatformCredentialLib library. May I know if it is possible to register these two events in RedfishPlatformCredentialLib directly? In this way, we do not need two additional interfaces in RedfishPlatformCredentialLib library.
Thanks,
Nickle
> -----Original Message-----
> From: Chang, Abner (HPS SW/FW Technologist) <abner.chang@hpe.com>
> Sent: Wednesday, December 9, 2020 4:44 PM
> To: devel@edk2.groups.io
> Cc: Wang, Nickle (HPS SW) <nickle.wang@hpe.com>; O'Hanley, Peter (EXL)
> <peter.ohanley@hpe.com>
> Subject: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish
> Credential DXE driver
>
> EDKII Redfish Credential DXE driver which abstracts platform Redfish
> credential implementation.
>
> Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
> Signed-off-by: Ting Ye <ting.ye@intel.com>
> Signed-off-by: Siyuan Fu <siyuan.fu@intel.com>
> Signed-off-by: Fan Wang <fan.wang@intel.com>
> Signed-off-by: Abner Chang <abner.chang@hpe.com>
>
> Cc: Nickle Wang <nickle.wang@hpe.com>
> Cc: Peter O'Hanley <peter.ohanley@hpe.com>
> ---
> .../Include/Library/RedfishCredentialLib.h | 91 ++++++++
> .../PlatformCredentialLibNull.c | 101 +++++++++
> .../PlatformCredentialLibNull.inf | 30 +++
> RedfishPkg/Redfish.fdf.inc | 1 +
> RedfishPkg/RedfishComponents.dsc.inc | 1 +
> .../RedfishCredentialDxe.c | 209 ++++++++++++++++++
> .../RedfishCredentialDxe.h | 75 +++++++
> .../RedfishCredentialDxe.inf | 51 +++++
> RedfishPkg/RedfishPkg.dec | 4 +
> RedfishPkg/RedfishPkg.dsc | 2 +
> 10 files changed, 565 insertions(+)
> create mode 100644 RedfishPkg/Include/Library/RedfishCredentialLib.h
> create mode 100644
> RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.c
> create mode 100644
> RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.inf
> create mode 100644
> RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> create mode 100644
> RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> create mode 100644
> RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
>
> diff --git a/RedfishPkg/Include/Library/RedfishCredentialLib.h
> b/RedfishPkg/Include/Library/RedfishCredentialLib.h
> new file mode 100644
> index 0000000000..dac1b3303f
> --- /dev/null
> +++ b/RedfishPkg/Include/Library/RedfishCredentialLib.h
> @@ -0,0 +1,91 @@
> +/** @file
> + Definitinos of RedfishHostInterfaceDxe driver.
> +
> + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +#ifndef REDFISH_CREDENTIAL_LIB_H_
> +#define REDFISH_CREDENTIAL_LIB_H_
> +
> +#include <Uefi.h>
> +
> +/**
> + Notification of Exit Boot Service.
> +
> + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> +**/
> +VOID
> +EFIAPI
> +LibCredentialExitBootServicesNotify (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
> +);
> +
> +/**
> + Notification of End of DXe.
> +
> + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> +**/
> +VOID
> +EFIAPI
> +LibCredentialEndOfDxeNotify (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
> +);
> +
> +/**
> + Retrieve platform's Redfish authentication information.
> +
> + This functions returns the Redfish authentication method together with
> the user Id and
> + password.
> + - For AuthMethodNone, the UserId and Password could be used for HTTP
> header authentication
> + as defined by RFC7235.
> + - For AuthMethodRedfishSession, the UserId and Password could be used
> for Redfish
> + session login as defined by Redfish API specification (DSP0266).
> +
> + Callers are responsible for and freeing the returned string storage.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> + @param[out] AuthMethod Type of Redfish authentication method.
> + @param[out] UserId The pointer to store the returned UserId
> string.
> + @param[out] Password The pointer to store the returned Password
> string.
> +
> + @retval EFI_SUCCESS Get the authentication information
> successfully.
> + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe.
> + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> Password is NULL.
> + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> resources.
> + @retval EFI_UNSUPPORTED Unsupported authentication method is
> found.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +LibCredentialGetAuthInfo (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> + OUT CHAR8 **UserId,
> + OUT CHAR8 **Password
> +);
> +
> +/**
> + Notify the Redfish service provide to stop provide configuration service to
> this platform.
> +
> + This function should be called when the platfrom is about to leave the safe
> environment.
> + It will notify the Redfish service provider to abort all logined session, and
> prohibit
> + further login with original auth info. GetAuthInfo() will return
> EFI_UNSUPPORTED once this
> + function is returned.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> + @param[in] ServiceStopType Reason of stopping Redfish service.
> +
> + @retval EFI_SUCCESS Service has been stoped successfully.
> + @retval EFI_INVALID_PARAMETER This is NULL.
> + @retval Others Some error happened.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +LibStopRedfishService (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType
> +);
> +#endif
> diff --git
> a/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.c
> b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.c
> new file mode 100644
> index 0000000000..39de622d59
> --- /dev/null
> +++
> b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.c
> @@ -0,0 +1,101 @@
> +/** @file
> + NULL instace of RedfishPlatformCredentialLib
> +
> + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +#include <Uefi.h>
> +#include <Protocol/EdkIIRedfishCredential.h>
> +/**
> + Notification of Exit Boot Service.
> +
> + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> +**/
> +VOID
> +EFIAPI
> +LibCredentialExitBootServicesNotify (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
> +)
> +{
> + return;
> +}
> +
> +/**
> + Notification of End of DXe.
> +
> + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> +**/
> +VOID
> +EFIAPI
> +LibCredentialEndOfDxeNotify (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
> +)
> +{
> + return;
> +}
> +
> +/**
> + Retrieve platform's Redfish authentication information.
> +
> + This functions returns the Redfish authentication method together with
> the user Id and
> + password.
> + - For AuthMethodNone, the UserId and Password could be used for HTTP
> header authentication
> + as defined by RFC7235.
> + - For AuthMethodRedfishSession, the UserId and Password could be used
> for Redfish
> + session login as defined by Redfish API specification (DSP0266).
> +
> + Callers are responsible for and freeing the returned string storage.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> + @param[out] AuthMethod Type of Redfish authentication method.
> + @param[out] UserId The pointer to store the returned UserId
> string.
> + @param[out] Password The pointer to store the returned Password
> string.
> +
> + @retval EFI_SUCCESS Get the authentication information
> successfully.
> + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe.
> + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> Password is NULL.
> + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> resources.
> + @retval EFI_UNSUPPORTED Unsupported authentication method is
> found.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +LibCredentialGetAuthInfo (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> + OUT CHAR8 **UserId,
> + OUT CHAR8 **Password
> +)
> +{
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Notify the Redfish service provide to stop provide configuration service to
> this platform.
> +
> + This function should be called when the platfrom is about to leave the safe
> environment.
> + It will notify the Redfish service provider to abort all logined session, and
> prohibit
> + further login with original auth info. GetAuthInfo() will return
> EFI_UNSUPPORTED once this
> + function is returned.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> + @param[in] ServiceStopType Reason of stopping Redfish service.
> +
> + @retval EFI_SUCCESS Service has been stoped successfully.
> + @retval EFI_INVALID_PARAMETER This is NULL or given the worng
> ServiceStopType.
> + @retval EFI_UNSUPPORTED Not support to stop Redfish service.
> + @retval Others Some error happened.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +LibStopRedfishService (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType
> + )
> +{
> + return EFI_UNSUPPORTED;
> +}
> +
> diff --git
> a/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.in
> f
> b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.in
> f
> new file mode 100644
> index 0000000000..4c22e89718
> --- /dev/null
> +++
> b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.in
> f
> @@ -0,0 +1,30 @@
> +## @file
> +# NULL instance of RedfishPlatformCredentialLib
> +#
> +# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> +#
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +[Defines]
> + INF_VERSION = 0x0001000b
> + BASE_NAME = RedfishPlatformCredentialLibNull
> + FILE_GUID = CA3BD843-0BDD-4EE0-A38A-B45CA663114F
> + MODULE_TYPE = DXE_DRIVER
> + VERSION_STRING = 1.0
> + LIBRARY_CLASS = RedfishPlatformCredentialLib
> +
> +#
> +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 RISCV64
> +#
> +
> +[Sources]
> + PlatformCredentialLibNull.c
> +
> +[Packages]
> + MdePkg/MdePkg.dec
> + MdeModulePkg/MdeModulePkg.dec
> + RedfishPkg/RedfishPkg.dec
> +
> +
> diff --git a/RedfishPkg/Redfish.fdf.inc b/RedfishPkg/Redfish.fdf.inc
> index 19de479a80..24e32e0abf 100644
> --- a/RedfishPkg/Redfish.fdf.inc
> +++ b/RedfishPkg/Redfish.fdf.inc
> @@ -13,4 +13,5 @@
> !if $(REDFISH_ENABLE) == TRUE
> INF RedfishPkg/RestJsonStructureDxe/RestJsonStructureDxe.inf
> INF RedfishPkg/RedfishHostInterfaceDxe/RedfishHostInterfaceDxe.inf
> + INF RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> !endif
> diff --git a/RedfishPkg/RedfishComponents.dsc.inc
> b/RedfishPkg/RedfishComponents.dsc.inc
> index ac1b57ed8f..ff32653ec8 100644
> --- a/RedfishPkg/RedfishComponents.dsc.inc
> +++ b/RedfishPkg/RedfishComponents.dsc.inc
> @@ -15,4 +15,5 @@
> !if $(REDFISH_ENABLE) == TRUE
> RedfishPkg/RestJsonStructureDxe/RestJsonStructureDxe.inf
> RedfishPkg/RedfishHostInterfaceDxe/RedfishHostInterfaceDxe.inf
> + RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> !endif
> diff --git a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> new file mode 100644
> index 0000000000..f48d1d011c
> --- /dev/null
> +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> @@ -0,0 +1,209 @@
> +/** @file
> + RedfishCrentialDxe produces the EdkIIRedfishCredentialProtocol for the
> consumer
> + to get the Redfish credential Info and to restrict Redfish access from UEFI
> side.
> +
> + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <RedfishCredentialDxe.h>
> +
> +EDKII_REDFISH_CREDENTIAL_PROTOCOL mRedfishCredentialProtocol = {
> + RedfishCredentialGetAuthInfo,
> + RedfishCredentialStopService
> +};
> +
> +/**
> + Callback function executed when the ExitBootServices event group is
> signaled.
> +
> + @param[in] Event Event whose notification function is being invoked.
> + @param[out] Context Pointer to the buffer pass in.
> +**/
> +VOID
> +EFIAPI
> +RedfishCredentialExitBootServicesEventNotify (
> + IN EFI_EVENT Event,
> + OUT VOID *Context
> + )
> +{
> + LibCredentialExitBootServicesNotify
> ((EDKII_REDFISH_CREDENTIAL_PROTOCOL *)Context);
> +}
> +
> +/**
> + Callback function executed when the EndOfDxe event group is signaled.
> +
> + @param[in] Event Event whose notification function is being invoked.
> + @param[out] Context Pointer to the buffer pass in.
> +**/
> +VOID
> +EFIAPI
> +RedfishCredentialEndOfDxeEventNotify (
> + IN EFI_EVENT Event,
> + OUT VOID *Context
> + )
> +{
> + LibCredentialEndOfDxeNotify ((EDKII_REDFISH_CREDENTIAL_PROTOCOL
> *)Context);
> +
> + //
> + // Close event, so it will not be invoked again.
> + //
> + gBS->CloseEvent (Event);
> +}
> +
> +/**
> + Retrieve platform's Redfish authentication information.
> +
> + This functions returns the Redfish authentication method together with
> the user Id and
> + password.
> + - For AuthMethodNone, the UserId and Password could be used for HTTP
> header authentication
> + as defined by RFC7235.
> + - For AuthMethodRedfishSession, the UserId and Password could be used
> for Redfish
> + session login as defined by Redfish API specification (DSP0266).
> +
> + Callers are responsible for and freeing the returned string storage.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> + @param[out] AuthMethod Type of Redfish authentication method.
> + @param[out] UserId The pointer to store the returned UserId
> string.
> + @param[out] Password The pointer to store the returned Password
> string.
> +
> + @retval EFI_SUCCESS Get the authentication information
> successfully.
> + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe.
> + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> Password is NULL.
> + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> resources.
> + @retval EFI_UNSUPPORTED Unsupported authentication method is
> found.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishCredentialGetAuthInfo (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> + OUT CHAR8 **UserId,
> + OUT CHAR8 **Password
> + )
> +{
> + if (This == NULL || AuthMethod == NULL || UserId == NULL || Password
> == NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + return LibCredentialGetAuthInfo (This, AuthMethod, UserId,Password);
> +}
> +
> +/**
> + Notify the Redfish service provide to stop provide configuration service to
> this platform.
> +
> + This function should be called when the platfrom is about to leave the safe
> environment.
> + It will notify the Redfish service provider to abort all logined session, and
> prohibit
> + further login with original auth info. GetAuthInfo() will return
> EFI_UNSUPPORTED once this
> + function is returned.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> + @param[in] ServiceStopType Reason of stopping Redfish service.
> +
> + @retval EFI_SUCCESS Service has been stoped successfully.
> + @retval EFI_INVALID_PARAMETER This is NULL or given the worng
> ServiceStopType.
> + @retval EFI_UNSUPPORTED Not support to stop Redfish service.
> + @retval Others Some error happened.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishCredentialStopService (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType
> + )
> +{
> + if (This == NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + return LibStopRedfishService (This, ServiceStopType);
> +}
> +
> +/**
> + Main entry for this driver.
> +
> + @param ImageHandle Image handle this driver.
> + @param SystemTable Pointer to SystemTable.
> +
> + @retval EFI_SUCESS This function always complete successfully.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishCredentialDxeDriverEntryPoint (
> + IN EFI_HANDLE ImageHandle,
> + IN EFI_SYSTEM_TABLE *SystemTable
> + )
> +{
> + EFI_STATUS Status;
> + EFI_HANDLE Handle;
> + EFI_EVENT EndOfDxeEvent;
> + EFI_EVENT ExitBootServiceEvent;
> +
> + Handle = NULL;
> +
> + //
> + // Install the RedfishCredentialProtocol onto Handle.
> + //
> + Status = gBS->InstallMultipleProtocolInterfaces (
> + &Handle,
> + &gEdkIIRedfishCredentialProtocolGuid,
> + &mRedfishCredentialProtocol,
> + NULL
> + );
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + //
> + // After EndOfDxe, if SecureBoot is disabled, Redfish Credential Protocol
> should return
> + // error code to caller to avoid the 3rd code to bypass Redfish Credential
> Protocol and
> + // retrieve userid/pwd directly. So, here, we create EndOfDxe Event to
> check SecureBoot
> + // status.
> + //
> + Status = gBS->CreateEventEx (
> + EVT_NOTIFY_SIGNAL,
> + TPL_CALLBACK,
> + RedfishCredentialEndOfDxeEventNotify,
> + (VOID *)&mRedfishCredentialProtocol,
> + &gEfiEndOfDxeEventGroupGuid,
> + &EndOfDxeEvent
> + );
> + if (EFI_ERROR (Status)) {
> + goto ON_ERROR;
> + }
> +
> + //
> + // After ExitBootServices, Redfish Credential Protocol should stop the
> service.
> + // So, here, we create ExitBootService Event to stop service.
> + //
> + Status = gBS->CreateEventEx (
> + EVT_NOTIFY_SIGNAL,
> + TPL_CALLBACK,
> + RedfishCredentialExitBootServicesEventNotify,
> + (VOID *)&mRedfishCredentialProtocol,
> + &gEfiEventExitBootServicesGuid,
> + &ExitBootServiceEvent
> + );
> + if (EFI_ERROR (Status)) {
> + gBS->CloseEvent (EndOfDxeEvent);
> + goto ON_ERROR;
> + }
> +
> + return EFI_SUCCESS;
> +
> +ON_ERROR:
> +
> + gBS->UninstallMultipleProtocolInterfaces (
> + Handle,
> + &gEdkIIRedfishCredentialProtocolGuid,
> + &mRedfishCredentialProtocol,
> + NULL
> + );
> +
> + return Status;
> +}
> diff --git a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> new file mode 100644
> index 0000000000..6e7e417b33
> --- /dev/null
> +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> @@ -0,0 +1,75 @@
> +/** @file
> + Definition of Redfish Credential DXE driver.
> +
> + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +#ifndef EDKII_REDFISH_CREDENTIAL_DXE_H_
> +#define EDKII_REDFISH_CREDENTIAL_DXE_H_
> +
> +#include <Protocol/EdkIIRedfishCredential.h>
> +
> +#include <Library/BaseLib.h>
> +#include <Library/DebugLib.h>
> +#include <Library/PrintLib.h>
> +#include <Library/RedfishCredentialLib.h>
> +#include <Library/UefiLib.h>
> +#include <Library/UefiBootServicesTableLib.h>
> +
> +/**
> + Retrieve platform's Redfish authentication information.
> +
> + This functions returns the Redfish authentication method together with
> the user Id and
> + password.
> + - For AuthMethodNone, the UserId and Password could be used for HTTP
> header authentication
> + as defined by RFC7235.
> + - For AuthMethodRedfishSession, the UserId and Password could be used
> for Redfish
> + session login as defined by Redfish API specification (DSP0266).
> +
> + Callers are responsible for and freeing the returned string storage.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> + @param[out] AuthMethod Type of Redfish authentication method.
> + @param[out] UserId The pointer to store the returned UserId
> string.
> + @param[out] Password The pointer to store the returned Password
> string.
> +
> + @retval EFI_SUCCESS Get the authentication information
> successfully.
> + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe.
> + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> Password is NULL.
> + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> resources.
> + @retval EFI_UNSUPPORTED Unsupported authentication method is
> found.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishCredentialGetAuthInfo (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> + OUT CHAR8 **UserId,
> + OUT CHAR8 **Password
> + );
> +
> +/**
> + Notify the Redfish service provide to stop provide configuration service to
> this platform.
> +
> + This function should be called when the platfrom is about to leave the safe
> environment.
> + It will notify the Redfish service provider to abort all logined session, and
> prohibit
> + further login with original auth info. GetAuthInfo() will return
> EFI_UNSUPPORTED once this
> + function is returned.
> +
> + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> +
> + @retval EFI_SUCCESS Service has been stoped successfully.
> + @retval EFI_INVALID_PARAMETER This is NULL.
> + @retval Others Some error happened.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RedfishCredentialStopService (
> + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType
> + );
> +#endif
> diff --git a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> new file mode 100644
> index 0000000000..707d9a04d9
> --- /dev/null
> +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> @@ -0,0 +1,51 @@
> +## @file
> +# RedfishCredentialDxe is required to produce the
> +# EdkII RedfishCredentialProtocol for the consumer to get the Redfish
> +# credential Info and to restrict Redfish access from UEFI side.
> +#
> +# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +[Defines]
> + INF_VERSION = 0x0001000b
> + BASE_NAME = RedfishCredentialDxe
> + FILE_GUID = 458CE95A-4942-09A9-5D21-A6B16D5DAD7F
> + MODULE_TYPE = DXE_DRIVER
> + VERSION_STRING = 1.0
> + ENTRY_POINT = RedfishCredentialDxeDriverEntryPoint
> +
> +#
> +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 RISCV64
> +#
> +
> +[Sources]
> + RedfishCredentialDxe.c
> + RedfishCredentialDxe.h
> +
> +[Packages]
> + MdePkg/MdePkg.dec
> + MdeModulePkg/MdeModulePkg.dec
> + RedfishPkg/RedfishPkg.dec
> +
> +[LibraryClasses]
> + BaseLib
> + DebugLib
> + PrintLib
> + RedfishPlatformCredentialLib
> + UefiBootServicesTableLib
> + UefiDriverEntryPoint
> + UefiRuntimeServicesTableLib
> + UefiLib
> +
> +[Protocols]
> + gEdkIIRedfishCredentialProtocolGuid ## BY_START
> +
> +
> +[Guids]
> + gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event
> + gEfiEventExitBootServicesGuid ## CONSUMES ## Event
> +
> +[Depex]
> + TRUE
> diff --git a/RedfishPkg/RedfishPkg.dec b/RedfishPkg/RedfishPkg.dec
> index 861f6dd0c8..fc56b4fefb 100644
> --- a/RedfishPkg/RedfishPkg.dec
> +++ b/RedfishPkg/RedfishPkg.dec
> @@ -21,6 +21,10 @@
> # Platform implementation-specific Redfish Host Interface.
>
> RedfishPlatformHostInterfaceLib|Include/Library/RedfishHostInterfaceLib.h
>
> + ## @libraryclass Platform Redfish Credential Library
> + # Platform implementation-specific Redfish Credential Interface.
> + RedfishPlatformCredentialLib|Include/Library/RedfishCredentialLib.h
> +
> [Protocols]
> ## Include/Protocol/RedfishDiscover.h
> gEfiRedfishDiscoverProtocolGuid = { 0x5db12509, 0x4550, 0x4347, { 0x96,
> 0xb3, 0x73, 0xc0, 0xff, 0x6e, 0x86, 0x9f }}
> diff --git a/RedfishPkg/RedfishPkg.dsc b/RedfishPkg/RedfishPkg.dsc
> index 94e7127bc6..f7d5b90918 100644
> --- a/RedfishPkg/RedfishPkg.dsc
> +++ b/RedfishPkg/RedfishPkg.dsc
> @@ -32,6 +32,7 @@
>
> DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/Bas
> eDebugPrintErrorLevelLib.inf
> PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
>
> RedfishPlatformHostInterfaceLib|RedfishPkg/Library/PlatformHostInterface
> LibNull/PlatformHostInterfaceLibNull.inf
> +
> RedfishPlatformCredentialLib|RedfishPkg/Library/PlatformCredentialLibNull/
> PlatformCredentialLibNull.inf
>
> [LibraryClasses.ARM, LibraryClasses.AARCH64]
> #
> @@ -43,5 +44,6 @@
>
> [Components]
>
> RedfishPkg/Library/PlatformHostInterfaceLibNull/PlatformHostInterfaceLibN
> ull.inf
> +
> RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.inf
>
> !include RedfishPkg/Redfish.dsc.inc
> --
> 2.17.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish Credential DXE driver
2020-12-16 2:45 ` Nickle Wang
@ 2020-12-16 7:08 ` Abner Chang
2020-12-16 7:27 ` Abner Chang
0 siblings, 1 reply; 12+ messages in thread
From: Abner Chang @ 2020-12-16 7:08 UTC (permalink / raw)
To: Wang, Nickle (HPS SW), devel@edk2.groups.io; +Cc: O'Hanley, Peter (EXL)
> -----Original Message-----
> From: Wang, Nickle (HPS SW)
> Sent: Wednesday, December 16, 2020 10:46 AM
> To: Chang, Abner (HPS SW/FW Technologist) <abner.chang@hpe.com>;
> devel@edk2.groups.io
> Cc: O'Hanley, Peter (EXL) <peter.ohanley@hpe.com>
> Subject: RE: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish
> Credential DXE driver
>
> Hi Abner,
>
> Overall looks good to me. Just a question about implementation.
>
> The End-Of-DXE and Exit-Boot-Service is registered in Redfish Credential
> driver and the implementation is provide by RedfishPlatformCredentialLib
> library. May I know if it is possible to register these two events in
> RedfishPlatformCredentialLib directly? In this way, we do not need two
> additional interfaces in RedfishPlatformCredentialLib library.
Yes Nickle, I think we can do that. Will resend the patch.
thanks
>
> Thanks,
> Nickle
>
> > -----Original Message-----
> > From: Chang, Abner (HPS SW/FW Technologist) <abner.chang@hpe.com>
> > Sent: Wednesday, December 9, 2020 4:44 PM
> > To: devel@edk2.groups.io
> > Cc: Wang, Nickle (HPS SW) <nickle.wang@hpe.com>; O'Hanley, Peter (EXL)
> > <peter.ohanley@hpe.com>
> > Subject: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish
> > Credential DXE driver
> >
> > EDKII Redfish Credential DXE driver which abstracts platform Redfish
> > credential implementation.
> >
> > Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
> > Signed-off-by: Ting Ye <ting.ye@intel.com>
> > Signed-off-by: Siyuan Fu <siyuan.fu@intel.com>
> > Signed-off-by: Fan Wang <fan.wang@intel.com>
> > Signed-off-by: Abner Chang <abner.chang@hpe.com>
> >
> > Cc: Nickle Wang <nickle.wang@hpe.com>
> > Cc: Peter O'Hanley <peter.ohanley@hpe.com>
> > ---
> > .../Include/Library/RedfishCredentialLib.h | 91 ++++++++
> > .../PlatformCredentialLibNull.c | 101 +++++++++
> > .../PlatformCredentialLibNull.inf | 30 +++
> > RedfishPkg/Redfish.fdf.inc | 1 +
> > RedfishPkg/RedfishComponents.dsc.inc | 1 +
> > .../RedfishCredentialDxe.c | 209 ++++++++++++++++++
> > .../RedfishCredentialDxe.h | 75 +++++++
> > .../RedfishCredentialDxe.inf | 51 +++++
> > RedfishPkg/RedfishPkg.dec | 4 +
> > RedfishPkg/RedfishPkg.dsc | 2 +
> > 10 files changed, 565 insertions(+)
> > create mode 100644 RedfishPkg/Include/Library/RedfishCredentialLib.h
> > create mode 100644
> > RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull
> > .c
> > create mode 100644
> > RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull
> > .inf
> > create mode 100644
> > RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > create mode 100644
> > RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > create mode 100644
> > RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> >
> > diff --git a/RedfishPkg/Include/Library/RedfishCredentialLib.h
> > b/RedfishPkg/Include/Library/RedfishCredentialLib.h
> > new file mode 100644
> > index 0000000000..dac1b3303f
> > --- /dev/null
> > +++ b/RedfishPkg/Include/Library/RedfishCredentialLib.h
> > @@ -0,0 +1,91 @@
> > +/** @file
> > + Definitinos of RedfishHostInterfaceDxe driver.
> > +
> > + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > +
> > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +#ifndef REDFISH_CREDENTIAL_LIB_H_
> > +#define REDFISH_CREDENTIAL_LIB_H_
> > +
> > +#include <Uefi.h>
> > +
> > +/**
> > + Notification of Exit Boot Service.
> > +
> > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > +**/
> > +VOID
> > +EFIAPI
> > +LibCredentialExitBootServicesNotify (
> > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This );
> > +
> > +/**
> > + Notification of End of DXe.
> > +
> > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > +**/
> > +VOID
> > +EFIAPI
> > +LibCredentialEndOfDxeNotify (
> > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This );
> > +
> > +/**
> > + Retrieve platform's Redfish authentication information.
> > +
> > + This functions returns the Redfish authentication method together
> > + with
> > the user Id and
> > + password.
> > + - For AuthMethodNone, the UserId and Password could be used for
> > + HTTP
> > header authentication
> > + as defined by RFC7235.
> > + - For AuthMethodRedfishSession, the UserId and Password could be
> > + used
> > for Redfish
> > + session login as defined by Redfish API specification (DSP0266).
> > +
> > + Callers are responsible for and freeing the returned string storage.
> > +
> > + @param[in] This Pointer to
> > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > + @param[out] AuthMethod Type of Redfish authentication method.
> > + @param[out] UserId The pointer to store the returned UserId
> > string.
> > + @param[out] Password The pointer to store the returned
> Password
> > string.
> > +
> > + @retval EFI_SUCCESS Get the authentication information
> > successfully.
> > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe.
> > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> > Password is NULL.
> > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > resources.
> > + @retval EFI_UNSUPPORTED Unsupported authentication method is
> > found.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +LibCredentialGetAuthInfo (
> > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > + OUT CHAR8 **UserId,
> > + OUT CHAR8 **Password
> > +);
> > +
> > +/**
> > + Notify the Redfish service provide to stop provide configuration
> > +service to
> > this platform.
> > +
> > + This function should be called when the platfrom is about to leave
> > + the safe
> > environment.
> > + It will notify the Redfish service provider to abort all logined
> > + session, and
> > prohibit
> > + further login with original auth info. GetAuthInfo() will return
> > EFI_UNSUPPORTED once this
> > + function is returned.
> > +
> > + @param[in] This Pointer to
> > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > + @param[in] ServiceStopType Reason of stopping Redfish service.
> > +
> > + @retval EFI_SUCCESS Service has been stoped successfully.
> > + @retval EFI_INVALID_PARAMETER This is NULL.
> > + @retval Others Some error happened.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +LibStopRedfishService (
> > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType
> > +);
> > +#endif
> > diff --git
> > a/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNu
> > ll.c
> > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNu
> > ll.c
> > new file mode 100644
> > index 0000000000..39de622d59
> > --- /dev/null
> > +++
> > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNu
> > ll.c
> > @@ -0,0 +1,101 @@
> > +/** @file
> > + NULL instace of RedfishPlatformCredentialLib
> > +
> > + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > +
> > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +#include <Uefi.h>
> > +#include <Protocol/EdkIIRedfishCredential.h>
> > +/**
> > + Notification of Exit Boot Service.
> > +
> > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > +**/
> > +VOID
> > +EFIAPI
> > +LibCredentialExitBootServicesNotify (
> > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
> > +)
> > +{
> > + return;
> > +}
> > +
> > +/**
> > + Notification of End of DXe.
> > +
> > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > +**/
> > +VOID
> > +EFIAPI
> > +LibCredentialEndOfDxeNotify (
> > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
> > +)
> > +{
> > + return;
> > +}
> > +
> > +/**
> > + Retrieve platform's Redfish authentication information.
> > +
> > + This functions returns the Redfish authentication method together
> > + with
> > the user Id and
> > + password.
> > + - For AuthMethodNone, the UserId and Password could be used for
> > + HTTP
> > header authentication
> > + as defined by RFC7235.
> > + - For AuthMethodRedfishSession, the UserId and Password could be
> > + used
> > for Redfish
> > + session login as defined by Redfish API specification (DSP0266).
> > +
> > + Callers are responsible for and freeing the returned string storage.
> > +
> > + @param[in] This Pointer to
> > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > + @param[out] AuthMethod Type of Redfish authentication method.
> > + @param[out] UserId The pointer to store the returned UserId
> > string.
> > + @param[out] Password The pointer to store the returned
> Password
> > string.
> > +
> > + @retval EFI_SUCCESS Get the authentication information
> > successfully.
> > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe.
> > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> > Password is NULL.
> > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > resources.
> > + @retval EFI_UNSUPPORTED Unsupported authentication method is
> > found.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +LibCredentialGetAuthInfo (
> > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > + OUT CHAR8 **UserId,
> > + OUT CHAR8 **Password
> > +)
> > +{
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > + Notify the Redfish service provide to stop provide configuration
> > +service to
> > this platform.
> > +
> > + This function should be called when the platfrom is about to leave
> > + the safe
> > environment.
> > + It will notify the Redfish service provider to abort all logined
> > + session, and
> > prohibit
> > + further login with original auth info. GetAuthInfo() will return
> > EFI_UNSUPPORTED once this
> > + function is returned.
> > +
> > + @param[in] This Pointer to
> > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > + @param[in] ServiceStopType Reason of stopping Redfish service.
> > +
> > + @retval EFI_SUCCESS Service has been stoped successfully.
> > + @retval EFI_INVALID_PARAMETER This is NULL or given the worng
> > ServiceStopType.
> > + @retval EFI_UNSUPPORTED Not support to stop Redfish service.
> > + @retval Others Some error happened.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +LibStopRedfishService (
> > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType
> > + )
> > +{
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > diff --git
> > a/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNu
> > ll.in
> > f
> > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNu
> > ll.in
> > f
> > new file mode 100644
> > index 0000000000..4c22e89718
> > --- /dev/null
> > +++
> > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNu
> > ll.in
> > f
> > @@ -0,0 +1,30 @@
> > +## @file
> > +# NULL instance of RedfishPlatformCredentialLib # # (C) Copyright
> > +2020 Hewlett Packard Enterprise Development LP<BR> # #
> > +SPDX-License-Identifier: BSD-2-Clause-Patent # ##
> > +
> > +[Defines]
> > + INF_VERSION = 0x0001000b
> > + BASE_NAME = RedfishPlatformCredentialLibNull
> > + FILE_GUID = CA3BD843-0BDD-4EE0-A38A-B45CA663114F
> > + MODULE_TYPE = DXE_DRIVER
> > + VERSION_STRING = 1.0
> > + LIBRARY_CLASS = RedfishPlatformCredentialLib
> > +
> > +#
> > +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 RISCV64
> > +#
> > +
> > +[Sources]
> > + PlatformCredentialLibNull.c
> > +
> > +[Packages]
> > + MdePkg/MdePkg.dec
> > + MdeModulePkg/MdeModulePkg.dec
> > + RedfishPkg/RedfishPkg.dec
> > +
> > +
> > diff --git a/RedfishPkg/Redfish.fdf.inc b/RedfishPkg/Redfish.fdf.inc
> > index 19de479a80..24e32e0abf 100644
> > --- a/RedfishPkg/Redfish.fdf.inc
> > +++ b/RedfishPkg/Redfish.fdf.inc
> > @@ -13,4 +13,5 @@
> > !if $(REDFISH_ENABLE) == TRUE
> > INF RedfishPkg/RestJsonStructureDxe/RestJsonStructureDxe.inf
> > INF RedfishPkg/RedfishHostInterfaceDxe/RedfishHostInterfaceDxe.inf
> > + INF RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > !endif
> > diff --git a/RedfishPkg/RedfishComponents.dsc.inc
> > b/RedfishPkg/RedfishComponents.dsc.inc
> > index ac1b57ed8f..ff32653ec8 100644
> > --- a/RedfishPkg/RedfishComponents.dsc.inc
> > +++ b/RedfishPkg/RedfishComponents.dsc.inc
> > @@ -15,4 +15,5 @@
> > !if $(REDFISH_ENABLE) == TRUE
> > RedfishPkg/RestJsonStructureDxe/RestJsonStructureDxe.inf
> > RedfishPkg/RedfishHostInterfaceDxe/RedfishHostInterfaceDxe.inf
> > + RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > !endif
> > diff --git a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > new file mode 100644
> > index 0000000000..f48d1d011c
> > --- /dev/null
> > +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > @@ -0,0 +1,209 @@
> > +/** @file
> > + RedfishCrentialDxe produces the EdkIIRedfishCredentialProtocol for
> > +the
> > consumer
> > + to get the Redfish credential Info and to restrict Redfish access
> > + from UEFI
> > side.
> > +
> > + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > +
> > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +
> > +#include <RedfishCredentialDxe.h>
> > +
> > +EDKII_REDFISH_CREDENTIAL_PROTOCOL mRedfishCredentialProtocol = {
> > + RedfishCredentialGetAuthInfo,
> > + RedfishCredentialStopService
> > +};
> > +
> > +/**
> > + Callback function executed when the ExitBootServices event group is
> > signaled.
> > +
> > + @param[in] Event Event whose notification function is being invoked.
> > + @param[out] Context Pointer to the buffer pass in.
> > +**/
> > +VOID
> > +EFIAPI
> > +RedfishCredentialExitBootServicesEventNotify (
> > + IN EFI_EVENT Event,
> > + OUT VOID *Context
> > + )
> > +{
> > + LibCredentialExitBootServicesNotify
> > ((EDKII_REDFISH_CREDENTIAL_PROTOCOL *)Context);
> > +}
> > +
> > +/**
> > + Callback function executed when the EndOfDxe event group is signaled.
> > +
> > + @param[in] Event Event whose notification function is being invoked.
> > + @param[out] Context Pointer to the buffer pass in.
> > +**/
> > +VOID
> > +EFIAPI
> > +RedfishCredentialEndOfDxeEventNotify (
> > + IN EFI_EVENT Event,
> > + OUT VOID *Context
> > + )
> > +{
> > + LibCredentialEndOfDxeNotify ((EDKII_REDFISH_CREDENTIAL_PROTOCOL
> > *)Context);
> > +
> > + //
> > + // Close event, so it will not be invoked again.
> > + //
> > + gBS->CloseEvent (Event);
> > +}
> > +
> > +/**
> > + Retrieve platform's Redfish authentication information.
> > +
> > + This functions returns the Redfish authentication method together
> > + with
> > the user Id and
> > + password.
> > + - For AuthMethodNone, the UserId and Password could be used for
> > + HTTP
> > header authentication
> > + as defined by RFC7235.
> > + - For AuthMethodRedfishSession, the UserId and Password could be
> > + used
> > for Redfish
> > + session login as defined by Redfish API specification (DSP0266).
> > +
> > + Callers are responsible for and freeing the returned string storage.
> > +
> > + @param[in] This Pointer to
> > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > + @param[out] AuthMethod Type of Redfish authentication method.
> > + @param[out] UserId The pointer to store the returned UserId
> > string.
> > + @param[out] Password The pointer to store the returned
> Password
> > string.
> > +
> > + @retval EFI_SUCCESS Get the authentication information
> > successfully.
> > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe.
> > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> > Password is NULL.
> > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > resources.
> > + @retval EFI_UNSUPPORTED Unsupported authentication method is
> > found.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +RedfishCredentialGetAuthInfo (
> > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > + OUT CHAR8 **UserId,
> > + OUT CHAR8 **Password
> > + )
> > +{
> > + if (This == NULL || AuthMethod == NULL || UserId == NULL ||
> > +Password
> > == NULL) {
> > + return EFI_INVALID_PARAMETER;
> > + }
> > +
> > + return LibCredentialGetAuthInfo (This, AuthMethod,
> > +UserId,Password); }
> > +
> > +/**
> > + Notify the Redfish service provide to stop provide configuration
> > +service to
> > this platform.
> > +
> > + This function should be called when the platfrom is about to leave
> > + the safe
> > environment.
> > + It will notify the Redfish service provider to abort all logined
> > + session, and
> > prohibit
> > + further login with original auth info. GetAuthInfo() will return
> > EFI_UNSUPPORTED once this
> > + function is returned.
> > +
> > + @param[in] This Pointer to
> > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > + @param[in] ServiceStopType Reason of stopping Redfish service.
> > +
> > + @retval EFI_SUCCESS Service has been stoped successfully.
> > + @retval EFI_INVALID_PARAMETER This is NULL or given the worng
> > ServiceStopType.
> > + @retval EFI_UNSUPPORTED Not support to stop Redfish service.
> > + @retval Others Some error happened.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +RedfishCredentialStopService (
> > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType
> > + )
> > +{
> > + if (This == NULL) {
> > + return EFI_INVALID_PARAMETER;
> > + }
> > +
> > + return LibStopRedfishService (This, ServiceStopType); }
> > +
> > +/**
> > + Main entry for this driver.
> > +
> > + @param ImageHandle Image handle this driver.
> > + @param SystemTable Pointer to SystemTable.
> > +
> > + @retval EFI_SUCESS This function always complete successfully.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +RedfishCredentialDxeDriverEntryPoint (
> > + IN EFI_HANDLE ImageHandle,
> > + IN EFI_SYSTEM_TABLE *SystemTable
> > + )
> > +{
> > + EFI_STATUS Status;
> > + EFI_HANDLE Handle;
> > + EFI_EVENT EndOfDxeEvent;
> > + EFI_EVENT ExitBootServiceEvent;
> > +
> > + Handle = NULL;
> > +
> > + //
> > + // Install the RedfishCredentialProtocol onto Handle.
> > + //
> > + Status = gBS->InstallMultipleProtocolInterfaces (
> > + &Handle,
> > + &gEdkIIRedfishCredentialProtocolGuid,
> > + &mRedfishCredentialProtocol,
> > + NULL
> > + );
> > + if (EFI_ERROR (Status)) {
> > + return Status;
> > + }
> > +
> > + //
> > + // After EndOfDxe, if SecureBoot is disabled, Redfish Credential
> > + Protocol
> > should return
> > + // error code to caller to avoid the 3rd code to bypass Redfish
> > + Credential
> > Protocol and
> > + // retrieve userid/pwd directly. So, here, we create EndOfDxe Event
> > + to
> > check SecureBoot
> > + // status.
> > + //
> > + Status = gBS->CreateEventEx (
> > + EVT_NOTIFY_SIGNAL,
> > + TPL_CALLBACK,
> > + RedfishCredentialEndOfDxeEventNotify,
> > + (VOID *)&mRedfishCredentialProtocol,
> > + &gEfiEndOfDxeEventGroupGuid,
> > + &EndOfDxeEvent
> > + );
> > + if (EFI_ERROR (Status)) {
> > + goto ON_ERROR;
> > + }
> > +
> > + //
> > + // After ExitBootServices, Redfish Credential Protocol should stop
> > + the
> > service.
> > + // So, here, we create ExitBootService Event to stop service.
> > + //
> > + Status = gBS->CreateEventEx (
> > + EVT_NOTIFY_SIGNAL,
> > + TPL_CALLBACK,
> > + RedfishCredentialExitBootServicesEventNotify,
> > + (VOID *)&mRedfishCredentialProtocol,
> > + &gEfiEventExitBootServicesGuid,
> > + &ExitBootServiceEvent
> > + );
> > + if (EFI_ERROR (Status)) {
> > + gBS->CloseEvent (EndOfDxeEvent);
> > + goto ON_ERROR;
> > + }
> > +
> > + return EFI_SUCCESS;
> > +
> > +ON_ERROR:
> > +
> > + gBS->UninstallMultipleProtocolInterfaces (
> > + Handle,
> > + &gEdkIIRedfishCredentialProtocolGuid,
> > + &mRedfishCredentialProtocol,
> > + NULL
> > + );
> > +
> > + return Status;
> > +}
> > diff --git a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > new file mode 100644
> > index 0000000000..6e7e417b33
> > --- /dev/null
> > +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > @@ -0,0 +1,75 @@
> > +/** @file
> > + Definition of Redfish Credential DXE driver.
> > +
> > + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > +
> > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +#ifndef EDKII_REDFISH_CREDENTIAL_DXE_H_ #define
> > +EDKII_REDFISH_CREDENTIAL_DXE_H_
> > +
> > +#include <Protocol/EdkIIRedfishCredential.h>
> > +
> > +#include <Library/BaseLib.h>
> > +#include <Library/DebugLib.h>
> > +#include <Library/PrintLib.h>
> > +#include <Library/RedfishCredentialLib.h> #include
> > +<Library/UefiLib.h> #include <Library/UefiBootServicesTableLib.h>
> > +
> > +/**
> > + Retrieve platform's Redfish authentication information.
> > +
> > + This functions returns the Redfish authentication method together
> > + with
> > the user Id and
> > + password.
> > + - For AuthMethodNone, the UserId and Password could be used for
> > + HTTP
> > header authentication
> > + as defined by RFC7235.
> > + - For AuthMethodRedfishSession, the UserId and Password could be
> > + used
> > for Redfish
> > + session login as defined by Redfish API specification (DSP0266).
> > +
> > + Callers are responsible for and freeing the returned string storage.
> > +
> > + @param[in] This Pointer to
> > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > + @param[out] AuthMethod Type of Redfish authentication method.
> > + @param[out] UserId The pointer to store the returned UserId
> > string.
> > + @param[out] Password The pointer to store the returned
> Password
> > string.
> > +
> > + @retval EFI_SUCCESS Get the authentication information
> > successfully.
> > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe.
> > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> > Password is NULL.
> > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > resources.
> > + @retval EFI_UNSUPPORTED Unsupported authentication method is
> > found.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +RedfishCredentialGetAuthInfo (
> > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > + OUT CHAR8 **UserId,
> > + OUT CHAR8 **Password
> > + );
> > +
> > +/**
> > + Notify the Redfish service provide to stop provide configuration
> > +service to
> > this platform.
> > +
> > + This function should be called when the platfrom is about to leave
> > + the safe
> > environment.
> > + It will notify the Redfish service provider to abort all logined
> > + session, and
> > prohibit
> > + further login with original auth info. GetAuthInfo() will return
> > EFI_UNSUPPORTED once this
> > + function is returned.
> > +
> > + @param[in] This Pointer to
> > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > +
> > + @retval EFI_SUCCESS Service has been stoped successfully.
> > + @retval EFI_INVALID_PARAMETER This is NULL.
> > + @retval Others Some error happened.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +RedfishCredentialStopService (
> > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType
> > + );
> > +#endif
> > diff --git a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > new file mode 100644
> > index 0000000000..707d9a04d9
> > --- /dev/null
> > +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > @@ -0,0 +1,51 @@
> > +## @file
> > +# RedfishCredentialDxe is required to produce the # EdkII
> > +RedfishCredentialProtocol for the consumer to get the Redfish #
> > +credential Info and to restrict Redfish access from UEFI side.
> > +#
> > +# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR> #
> > +SPDX-License-Identifier: BSD-2-Clause-Patent # ##
> > +
> > +[Defines]
> > + INF_VERSION = 0x0001000b
> > + BASE_NAME = RedfishCredentialDxe
> > + FILE_GUID = 458CE95A-4942-09A9-5D21-A6B16D5DAD7F
> > + MODULE_TYPE = DXE_DRIVER
> > + VERSION_STRING = 1.0
> > + ENTRY_POINT = RedfishCredentialDxeDriverEntryPoint
> > +
> > +#
> > +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 RISCV64
> > +#
> > +
> > +[Sources]
> > + RedfishCredentialDxe.c
> > + RedfishCredentialDxe.h
> > +
> > +[Packages]
> > + MdePkg/MdePkg.dec
> > + MdeModulePkg/MdeModulePkg.dec
> > + RedfishPkg/RedfishPkg.dec
> > +
> > +[LibraryClasses]
> > + BaseLib
> > + DebugLib
> > + PrintLib
> > + RedfishPlatformCredentialLib
> > + UefiBootServicesTableLib
> > + UefiDriverEntryPoint
> > + UefiRuntimeServicesTableLib
> > + UefiLib
> > +
> > +[Protocols]
> > + gEdkIIRedfishCredentialProtocolGuid ## BY_START
> > +
> > +
> > +[Guids]
> > + gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event
> > + gEfiEventExitBootServicesGuid ## CONSUMES ## Event
> > +
> > +[Depex]
> > + TRUE
> > diff --git a/RedfishPkg/RedfishPkg.dec b/RedfishPkg/RedfishPkg.dec
> > index 861f6dd0c8..fc56b4fefb 100644
> > --- a/RedfishPkg/RedfishPkg.dec
> > +++ b/RedfishPkg/RedfishPkg.dec
> > @@ -21,6 +21,10 @@
> > # Platform implementation-specific Redfish Host Interface.
> >
> > RedfishPlatformHostInterfaceLib|Include/Library/RedfishHostInterfaceLi
> > RedfishPlatformHostInterfaceLib|b.h
> >
> > + ## @libraryclass Platform Redfish Credential Library
> > + # Platform implementation-specific Redfish Credential Interface.
> > + RedfishPlatformCredentialLib|Include/Library/RedfishCredentialLib.h
> > +
> > [Protocols]
> > ## Include/Protocol/RedfishDiscover.h
> > gEfiRedfishDiscoverProtocolGuid = { 0x5db12509, 0x4550, 0x4347, { 0x96,
> > 0xb3, 0x73, 0xc0, 0xff, 0x6e, 0x86, 0x9f }} diff --git
> > a/RedfishPkg/RedfishPkg.dsc b/RedfishPkg/RedfishPkg.dsc index
> > 94e7127bc6..f7d5b90918 100644
> > --- a/RedfishPkg/RedfishPkg.dsc
> > +++ b/RedfishPkg/RedfishPkg.dsc
> > @@ -32,6 +32,7 @@
> >
> >
> DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/Bas
> > eDebugPrintErrorLevelLib.inf
> > PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
> >
> > RedfishPlatformHostInterfaceLib|RedfishPkg/Library/PlatformHostInterfa
> > RedfishPlatformHostInterfaceLib|ce
> > LibNull/PlatformHostInterfaceLibNull.inf
> > +
> > RedfishPlatformCredentialLib|RedfishPkg/Library/PlatformCredentialLibN
> > RedfishPlatformCredentialLib|ull/
> > PlatformCredentialLibNull.inf
> >
> > [LibraryClasses.ARM, LibraryClasses.AARCH64]
> > #
> > @@ -43,5 +44,6 @@
> >
> > [Components]
> >
> > RedfishPkg/Library/PlatformHostInterfaceLibNull/PlatformHostInterfaceL
> > ibN
> > ull.inf
> > +
> > RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull
> > .inf
> >
> > !include RedfishPkg/Redfish.dsc.inc
> > --
> > 2.17.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish Credential DXE driver
2020-12-16 7:08 ` Abner Chang
@ 2020-12-16 7:27 ` Abner Chang
2020-12-16 7:37 ` Nickle Wang
0 siblings, 1 reply; 12+ messages in thread
From: Abner Chang @ 2020-12-16 7:27 UTC (permalink / raw)
To: Wang, Nickle (HPS SW), devel@edk2.groups.io; +Cc: O'Hanley, Peter (EXL)
> -----Original Message-----
> From: Chang, Abner (HPS SW/FW Technologist)
> Sent: Wednesday, December 16, 2020 3:09 PM
> To: Wang, Nickle (HPS SW) <nickle.wang@hpe.com>; devel@edk2.groups.io
> Cc: O'Hanley, Peter (EXL) <peter.ohanley@hpe.com>
> Subject: RE: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish
> Credential DXE driver
>
>
>
> > -----Original Message-----
> > From: Wang, Nickle (HPS SW)
> > Sent: Wednesday, December 16, 2020 10:46 AM
> > To: Chang, Abner (HPS SW/FW Technologist) <abner.chang@hpe.com>;
> > devel@edk2.groups.io
> > Cc: O'Hanley, Peter (EXL) <peter.ohanley@hpe.com>
> > Subject: RE: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII
> > Redfish Credential DXE driver
> >
> > Hi Abner,
> >
> > Overall looks good to me. Just a question about implementation.
> >
> > The End-Of-DXE and Exit-Boot-Service is registered in Redfish
> > Credential driver and the implementation is provide by
> > RedfishPlatformCredentialLib library. May I know if it is possible to
> > register these two events in RedfishPlatformCredentialLib directly? In
> > this way, we do not need two additional interfaces in
> RedfishPlatformCredentialLib library.
> Yes Nickle, I think we can do that. Will resend the patch.
> thanks
Hi Nickle,
Sorry for the confusion, I just about to change the code but I still think we should keep these two registrations in RedfishCredentialDXe.
That is the security concern of implementing these two notifications in RedfishCredentialDxe and then invoke to platform code. This forces OEM to consider and provide their secret sauce for preventing from 3rd party code to steal the Redfish credential. That is OEM's choice if they want to leave these two functions in empty. But I think edk2 code should force them not forgetting to implement that.
So, I would like to still keep it.
> >
> > Thanks,
> > Nickle
> >
> > > -----Original Message-----
> > > From: Chang, Abner (HPS SW/FW Technologist)
> <abner.chang@hpe.com>
> > > Sent: Wednesday, December 9, 2020 4:44 PM
> > > To: devel@edk2.groups.io
> > > Cc: Wang, Nickle (HPS SW) <nickle.wang@hpe.com>; O'Hanley, Peter
> > > (EXL) <peter.ohanley@hpe.com>
> > > Subject: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish
> > > Credential DXE driver
> > >
> > > EDKII Redfish Credential DXE driver which abstracts platform Redfish
> > > credential implementation.
> > >
> > > Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
> > > Signed-off-by: Ting Ye <ting.ye@intel.com>
> > > Signed-off-by: Siyuan Fu <siyuan.fu@intel.com>
> > > Signed-off-by: Fan Wang <fan.wang@intel.com>
> > > Signed-off-by: Abner Chang <abner.chang@hpe.com>
> > >
> > > Cc: Nickle Wang <nickle.wang@hpe.com>
> > > Cc: Peter O'Hanley <peter.ohanley@hpe.com>
> > > ---
> > > .../Include/Library/RedfishCredentialLib.h | 91 ++++++++
> > > .../PlatformCredentialLibNull.c | 101 +++++++++
> > > .../PlatformCredentialLibNull.inf | 30 +++
> > > RedfishPkg/Redfish.fdf.inc | 1 +
> > > RedfishPkg/RedfishComponents.dsc.inc | 1 +
> > > .../RedfishCredentialDxe.c | 209 ++++++++++++++++++
> > > .../RedfishCredentialDxe.h | 75 +++++++
> > > .../RedfishCredentialDxe.inf | 51 +++++
> > > RedfishPkg/RedfishPkg.dec | 4 +
> > > RedfishPkg/RedfishPkg.dsc | 2 +
> > > 10 files changed, 565 insertions(+) create mode 100644
> > > RedfishPkg/Include/Library/RedfishCredentialLib.h
> > > create mode 100644
> > > RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNu
> > > ll
> > > .c
> > > create mode 100644
> > > RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNu
> > > ll
> > > .inf
> > > create mode 100644
> > > RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > > create mode 100644
> > > RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > > create mode 100644
> > > RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > >
> > > diff --git a/RedfishPkg/Include/Library/RedfishCredentialLib.h
> > > b/RedfishPkg/Include/Library/RedfishCredentialLib.h
> > > new file mode 100644
> > > index 0000000000..dac1b3303f
> > > --- /dev/null
> > > +++ b/RedfishPkg/Include/Library/RedfishCredentialLib.h
> > > @@ -0,0 +1,91 @@
> > > +/** @file
> > > + Definitinos of RedfishHostInterfaceDxe driver.
> > > +
> > > + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > > +
> > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > +
> > > +**/
> > > +#ifndef REDFISH_CREDENTIAL_LIB_H_
> > > +#define REDFISH_CREDENTIAL_LIB_H_
> > > +
> > > +#include <Uefi.h>
> > > +
> > > +/**
> > > + Notification of Exit Boot Service.
> > > +
> > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > > +**/
> > > +VOID
> > > +EFIAPI
> > > +LibCredentialExitBootServicesNotify (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This );
> > > +
> > > +/**
> > > + Notification of End of DXe.
> > > +
> > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > > +**/
> > > +VOID
> > > +EFIAPI
> > > +LibCredentialEndOfDxeNotify (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This );
> > > +
> > > +/**
> > > + Retrieve platform's Redfish authentication information.
> > > +
> > > + This functions returns the Redfish authentication method together
> > > + with
> > > the user Id and
> > > + password.
> > > + - For AuthMethodNone, the UserId and Password could be used for
> > > + HTTP
> > > header authentication
> > > + as defined by RFC7235.
> > > + - For AuthMethodRedfishSession, the UserId and Password could be
> > > + used
> > > for Redfish
> > > + session login as defined by Redfish API specification (DSP0266).
> > > +
> > > + Callers are responsible for and freeing the returned string storage.
> > > +
> > > + @param[in] This Pointer to
> > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > + @param[out] AuthMethod Type of Redfish authentication
> method.
> > > + @param[out] UserId The pointer to store the returned UserId
> > > string.
> > > + @param[out] Password The pointer to store the returned
> > Password
> > > string.
> > > +
> > > + @retval EFI_SUCCESS Get the authentication information
> > > successfully.
> > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> EndOfDxe.
> > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> > > Password is NULL.
> > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > > resources.
> > > + @retval EFI_UNSUPPORTED Unsupported authentication method
> is
> > > found.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +LibCredentialGetAuthInfo (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > > + OUT CHAR8 **UserId,
> > > + OUT CHAR8 **Password
> > > +);
> > > +
> > > +/**
> > > + Notify the Redfish service provide to stop provide configuration
> > > +service to
> > > this platform.
> > > +
> > > + This function should be called when the platfrom is about to
> > > + leave the safe
> > > environment.
> > > + It will notify the Redfish service provider to abort all logined
> > > + session, and
> > > prohibit
> > > + further login with original auth info. GetAuthInfo() will return
> > > EFI_UNSUPPORTED once this
> > > + function is returned.
> > > +
> > > + @param[in] This Pointer to
> > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > + @param[in] ServiceStopType Reason of stopping Redfish service.
> > > +
> > > + @retval EFI_SUCCESS Service has been stoped successfully.
> > > + @retval EFI_INVALID_PARAMETER This is NULL.
> > > + @retval Others Some error happened.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +LibStopRedfishService (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> ServiceStopType
> > > +);
> > > +#endif
> > > diff --git
> > > a/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLib
> > > Nu
> > > ll.c
> > > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLib
> > > Nu
> > > ll.c
> > > new file mode 100644
> > > index 0000000000..39de622d59
> > > --- /dev/null
> > > +++
> > > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLib
> > > Nu
> > > ll.c
> > > @@ -0,0 +1,101 @@
> > > +/** @file
> > > + NULL instace of RedfishPlatformCredentialLib
> > > +
> > > + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > > +
> > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > +
> > > +**/
> > > +#include <Uefi.h>
> > > +#include <Protocol/EdkIIRedfishCredential.h>
> > > +/**
> > > + Notification of Exit Boot Service.
> > > +
> > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > > +**/
> > > +VOID
> > > +EFIAPI
> > > +LibCredentialExitBootServicesNotify (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
> > > +)
> > > +{
> > > + return;
> > > +}
> > > +
> > > +/**
> > > + Notification of End of DXe.
> > > +
> > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > > +**/
> > > +VOID
> > > +EFIAPI
> > > +LibCredentialEndOfDxeNotify (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
> > > +)
> > > +{
> > > + return;
> > > +}
> > > +
> > > +/**
> > > + Retrieve platform's Redfish authentication information.
> > > +
> > > + This functions returns the Redfish authentication method together
> > > + with
> > > the user Id and
> > > + password.
> > > + - For AuthMethodNone, the UserId and Password could be used for
> > > + HTTP
> > > header authentication
> > > + as defined by RFC7235.
> > > + - For AuthMethodRedfishSession, the UserId and Password could be
> > > + used
> > > for Redfish
> > > + session login as defined by Redfish API specification (DSP0266).
> > > +
> > > + Callers are responsible for and freeing the returned string storage.
> > > +
> > > + @param[in] This Pointer to
> > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > + @param[out] AuthMethod Type of Redfish authentication
> method.
> > > + @param[out] UserId The pointer to store the returned UserId
> > > string.
> > > + @param[out] Password The pointer to store the returned
> > Password
> > > string.
> > > +
> > > + @retval EFI_SUCCESS Get the authentication information
> > > successfully.
> > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> EndOfDxe.
> > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> > > Password is NULL.
> > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > > resources.
> > > + @retval EFI_UNSUPPORTED Unsupported authentication method
> is
> > > found.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +LibCredentialGetAuthInfo (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > > + OUT CHAR8 **UserId,
> > > + OUT CHAR8 **Password
> > > +)
> > > +{
> > > + return EFI_UNSUPPORTED;
> > > +}
> > > +
> > > +/**
> > > + Notify the Redfish service provide to stop provide configuration
> > > +service to
> > > this platform.
> > > +
> > > + This function should be called when the platfrom is about to
> > > + leave the safe
> > > environment.
> > > + It will notify the Redfish service provider to abort all logined
> > > + session, and
> > > prohibit
> > > + further login with original auth info. GetAuthInfo() will return
> > > EFI_UNSUPPORTED once this
> > > + function is returned.
> > > +
> > > + @param[in] This Pointer to
> > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > + @param[in] ServiceStopType Reason of stopping Redfish service.
> > > +
> > > + @retval EFI_SUCCESS Service has been stoped successfully.
> > > + @retval EFI_INVALID_PARAMETER This is NULL or given the worng
> > > ServiceStopType.
> > > + @retval EFI_UNSUPPORTED Not support to stop Redfish service.
> > > + @retval Others Some error happened.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +LibStopRedfishService (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> ServiceStopType
> > > + )
> > > +{
> > > + return EFI_UNSUPPORTED;
> > > +}
> > > +
> > > diff --git
> > > a/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLib
> > > Nu
> > > ll.in
> > > f
> > > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLib
> > > Nu
> > > ll.in
> > > f
> > > new file mode 100644
> > > index 0000000000..4c22e89718
> > > --- /dev/null
> > > +++
> > > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLib
> > > Nu
> > > ll.in
> > > f
> > > @@ -0,0 +1,30 @@
> > > +## @file
> > > +# NULL instance of RedfishPlatformCredentialLib # # (C) Copyright
> > > +2020 Hewlett Packard Enterprise Development LP<BR> # #
> > > +SPDX-License-Identifier: BSD-2-Clause-Patent # ##
> > > +
> > > +[Defines]
> > > + INF_VERSION = 0x0001000b
> > > + BASE_NAME = RedfishPlatformCredentialLibNull
> > > + FILE_GUID = CA3BD843-0BDD-4EE0-A38A-B45CA663114F
> > > + MODULE_TYPE = DXE_DRIVER
> > > + VERSION_STRING = 1.0
> > > + LIBRARY_CLASS = RedfishPlatformCredentialLib
> > > +
> > > +#
> > > +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 RISCV64
> > > +#
> > > +
> > > +[Sources]
> > > + PlatformCredentialLibNull.c
> > > +
> > > +[Packages]
> > > + MdePkg/MdePkg.dec
> > > + MdeModulePkg/MdeModulePkg.dec
> > > + RedfishPkg/RedfishPkg.dec
> > > +
> > > +
> > > diff --git a/RedfishPkg/Redfish.fdf.inc b/RedfishPkg/Redfish.fdf.inc
> > > index 19de479a80..24e32e0abf 100644
> > > --- a/RedfishPkg/Redfish.fdf.inc
> > > +++ b/RedfishPkg/Redfish.fdf.inc
> > > @@ -13,4 +13,5 @@
> > > !if $(REDFISH_ENABLE) == TRUE
> > > INF RedfishPkg/RestJsonStructureDxe/RestJsonStructureDxe.inf
> > > INF
> > > RedfishPkg/RedfishHostInterfaceDxe/RedfishHostInterfaceDxe.inf
> > > + INF RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > > !endif
> > > diff --git a/RedfishPkg/RedfishComponents.dsc.inc
> > > b/RedfishPkg/RedfishComponents.dsc.inc
> > > index ac1b57ed8f..ff32653ec8 100644
> > > --- a/RedfishPkg/RedfishComponents.dsc.inc
> > > +++ b/RedfishPkg/RedfishComponents.dsc.inc
> > > @@ -15,4 +15,5 @@
> > > !if $(REDFISH_ENABLE) == TRUE
> > > RedfishPkg/RestJsonStructureDxe/RestJsonStructureDxe.inf
> > > RedfishPkg/RedfishHostInterfaceDxe/RedfishHostInterfaceDxe.inf
> > > + RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > > !endif
> > > diff --git a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > > b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > > new file mode 100644
> > > index 0000000000..f48d1d011c
> > > --- /dev/null
> > > +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > > @@ -0,0 +1,209 @@
> > > +/** @file
> > > + RedfishCrentialDxe produces the EdkIIRedfishCredentialProtocol
> > > +for the
> > > consumer
> > > + to get the Redfish credential Info and to restrict Redfish access
> > > + from UEFI
> > > side.
> > > +
> > > + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > > +
> > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > +
> > > +**/
> > > +
> > > +#include <RedfishCredentialDxe.h>
> > > +
> > > +EDKII_REDFISH_CREDENTIAL_PROTOCOL mRedfishCredentialProtocol =
> {
> > > + RedfishCredentialGetAuthInfo,
> > > + RedfishCredentialStopService
> > > +};
> > > +
> > > +/**
> > > + Callback function executed when the ExitBootServices event group
> > > +is
> > > signaled.
> > > +
> > > + @param[in] Event Event whose notification function is being invoked.
> > > + @param[out] Context Pointer to the buffer pass in.
> > > +**/
> > > +VOID
> > > +EFIAPI
> > > +RedfishCredentialExitBootServicesEventNotify (
> > > + IN EFI_EVENT Event,
> > > + OUT VOID *Context
> > > + )
> > > +{
> > > + LibCredentialExitBootServicesNotify
> > > ((EDKII_REDFISH_CREDENTIAL_PROTOCOL *)Context);
> > > +}
> > > +
> > > +/**
> > > + Callback function executed when the EndOfDxe event group is signaled.
> > > +
> > > + @param[in] Event Event whose notification function is being invoked.
> > > + @param[out] Context Pointer to the buffer pass in.
> > > +**/
> > > +VOID
> > > +EFIAPI
> > > +RedfishCredentialEndOfDxeEventNotify (
> > > + IN EFI_EVENT Event,
> > > + OUT VOID *Context
> > > + )
> > > +{
> > > + LibCredentialEndOfDxeNotify
> ((EDKII_REDFISH_CREDENTIAL_PROTOCOL
> > > *)Context);
> > > +
> > > + //
> > > + // Close event, so it will not be invoked again.
> > > + //
> > > + gBS->CloseEvent (Event);
> > > +}
> > > +
> > > +/**
> > > + Retrieve platform's Redfish authentication information.
> > > +
> > > + This functions returns the Redfish authentication method together
> > > + with
> > > the user Id and
> > > + password.
> > > + - For AuthMethodNone, the UserId and Password could be used for
> > > + HTTP
> > > header authentication
> > > + as defined by RFC7235.
> > > + - For AuthMethodRedfishSession, the UserId and Password could be
> > > + used
> > > for Redfish
> > > + session login as defined by Redfish API specification (DSP0266).
> > > +
> > > + Callers are responsible for and freeing the returned string storage.
> > > +
> > > + @param[in] This Pointer to
> > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > + @param[out] AuthMethod Type of Redfish authentication
> method.
> > > + @param[out] UserId The pointer to store the returned UserId
> > > string.
> > > + @param[out] Password The pointer to store the returned
> > Password
> > > string.
> > > +
> > > + @retval EFI_SUCCESS Get the authentication information
> > > successfully.
> > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> EndOfDxe.
> > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> > > Password is NULL.
> > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > > resources.
> > > + @retval EFI_UNSUPPORTED Unsupported authentication method
> is
> > > found.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +RedfishCredentialGetAuthInfo (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > > + OUT CHAR8 **UserId,
> > > + OUT CHAR8 **Password
> > > + )
> > > +{
> > > + if (This == NULL || AuthMethod == NULL || UserId == NULL ||
> > > +Password
> > > == NULL) {
> > > + return EFI_INVALID_PARAMETER;
> > > + }
> > > +
> > > + return LibCredentialGetAuthInfo (This, AuthMethod,
> > > +UserId,Password); }
> > > +
> > > +/**
> > > + Notify the Redfish service provide to stop provide configuration
> > > +service to
> > > this platform.
> > > +
> > > + This function should be called when the platfrom is about to
> > > + leave the safe
> > > environment.
> > > + It will notify the Redfish service provider to abort all logined
> > > + session, and
> > > prohibit
> > > + further login with original auth info. GetAuthInfo() will return
> > > EFI_UNSUPPORTED once this
> > > + function is returned.
> > > +
> > > + @param[in] This Pointer to
> > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > + @param[in] ServiceStopType Reason of stopping Redfish service.
> > > +
> > > + @retval EFI_SUCCESS Service has been stoped successfully.
> > > + @retval EFI_INVALID_PARAMETER This is NULL or given the worng
> > > ServiceStopType.
> > > + @retval EFI_UNSUPPORTED Not support to stop Redfish service.
> > > + @retval Others Some error happened.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +RedfishCredentialStopService (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> ServiceStopType
> > > + )
> > > +{
> > > + if (This == NULL) {
> > > + return EFI_INVALID_PARAMETER;
> > > + }
> > > +
> > > + return LibStopRedfishService (This, ServiceStopType); }
> > > +
> > > +/**
> > > + Main entry for this driver.
> > > +
> > > + @param ImageHandle Image handle this driver.
> > > + @param SystemTable Pointer to SystemTable.
> > > +
> > > + @retval EFI_SUCESS This function always complete successfully.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +RedfishCredentialDxeDriverEntryPoint (
> > > + IN EFI_HANDLE ImageHandle,
> > > + IN EFI_SYSTEM_TABLE *SystemTable
> > > + )
> > > +{
> > > + EFI_STATUS Status;
> > > + EFI_HANDLE Handle;
> > > + EFI_EVENT EndOfDxeEvent;
> > > + EFI_EVENT ExitBootServiceEvent;
> > > +
> > > + Handle = NULL;
> > > +
> > > + //
> > > + // Install the RedfishCredentialProtocol onto Handle.
> > > + //
> > > + Status = gBS->InstallMultipleProtocolInterfaces (
> > > + &Handle,
> > > + &gEdkIIRedfishCredentialProtocolGuid,
> > > + &mRedfishCredentialProtocol,
> > > + NULL
> > > + );
> > > + if (EFI_ERROR (Status)) {
> > > + return Status;
> > > + }
> > > +
> > > + //
> > > + // After EndOfDxe, if SecureBoot is disabled, Redfish Credential
> > > + Protocol
> > > should return
> > > + // error code to caller to avoid the 3rd code to bypass Redfish
> > > + Credential
> > > Protocol and
> > > + // retrieve userid/pwd directly. So, here, we create EndOfDxe
> > > + Event to
> > > check SecureBoot
> > > + // status.
> > > + //
> > > + Status = gBS->CreateEventEx (
> > > + EVT_NOTIFY_SIGNAL,
> > > + TPL_CALLBACK,
> > > + RedfishCredentialEndOfDxeEventNotify,
> > > + (VOID *)&mRedfishCredentialProtocol,
> > > + &gEfiEndOfDxeEventGroupGuid,
> > > + &EndOfDxeEvent
> > > + );
> > > + if (EFI_ERROR (Status)) {
> > > + goto ON_ERROR;
> > > + }
> > > +
> > > + //
> > > + // After ExitBootServices, Redfish Credential Protocol should
> > > + stop the
> > > service.
> > > + // So, here, we create ExitBootService Event to stop service.
> > > + //
> > > + Status = gBS->CreateEventEx (
> > > + EVT_NOTIFY_SIGNAL,
> > > + TPL_CALLBACK,
> > > + RedfishCredentialExitBootServicesEventNotify,
> > > + (VOID *)&mRedfishCredentialProtocol,
> > > + &gEfiEventExitBootServicesGuid,
> > > + &ExitBootServiceEvent
> > > + );
> > > + if (EFI_ERROR (Status)) {
> > > + gBS->CloseEvent (EndOfDxeEvent);
> > > + goto ON_ERROR;
> > > + }
> > > +
> > > + return EFI_SUCCESS;
> > > +
> > > +ON_ERROR:
> > > +
> > > + gBS->UninstallMultipleProtocolInterfaces (
> > > + Handle,
> > > + &gEdkIIRedfishCredentialProtocolGuid,
> > > + &mRedfishCredentialProtocol,
> > > + NULL
> > > + );
> > > +
> > > + return Status;
> > > +}
> > > diff --git a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > > b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > > new file mode 100644
> > > index 0000000000..6e7e417b33
> > > --- /dev/null
> > > +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > > @@ -0,0 +1,75 @@
> > > +/** @file
> > > + Definition of Redfish Credential DXE driver.
> > > +
> > > + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > > +
> > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > +
> > > +**/
> > > +#ifndef EDKII_REDFISH_CREDENTIAL_DXE_H_ #define
> > > +EDKII_REDFISH_CREDENTIAL_DXE_H_
> > > +
> > > +#include <Protocol/EdkIIRedfishCredential.h>
> > > +
> > > +#include <Library/BaseLib.h>
> > > +#include <Library/DebugLib.h>
> > > +#include <Library/PrintLib.h>
> > > +#include <Library/RedfishCredentialLib.h> #include
> > > +<Library/UefiLib.h> #include <Library/UefiBootServicesTableLib.h>
> > > +
> > > +/**
> > > + Retrieve platform's Redfish authentication information.
> > > +
> > > + This functions returns the Redfish authentication method together
> > > + with
> > > the user Id and
> > > + password.
> > > + - For AuthMethodNone, the UserId and Password could be used for
> > > + HTTP
> > > header authentication
> > > + as defined by RFC7235.
> > > + - For AuthMethodRedfishSession, the UserId and Password could be
> > > + used
> > > for Redfish
> > > + session login as defined by Redfish API specification (DSP0266).
> > > +
> > > + Callers are responsible for and freeing the returned string storage.
> > > +
> > > + @param[in] This Pointer to
> > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > + @param[out] AuthMethod Type of Redfish authentication
> method.
> > > + @param[out] UserId The pointer to store the returned UserId
> > > string.
> > > + @param[out] Password The pointer to store the returned
> > Password
> > > string.
> > > +
> > > + @retval EFI_SUCCESS Get the authentication information
> > > successfully.
> > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> EndOfDxe.
> > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> > > Password is NULL.
> > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > > resources.
> > > + @retval EFI_UNSUPPORTED Unsupported authentication method
> is
> > > found.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +RedfishCredentialGetAuthInfo (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > > + OUT CHAR8 **UserId,
> > > + OUT CHAR8 **Password
> > > + );
> > > +
> > > +/**
> > > + Notify the Redfish service provide to stop provide configuration
> > > +service to
> > > this platform.
> > > +
> > > + This function should be called when the platfrom is about to
> > > + leave the safe
> > > environment.
> > > + It will notify the Redfish service provider to abort all logined
> > > + session, and
> > > prohibit
> > > + further login with original auth info. GetAuthInfo() will return
> > > EFI_UNSUPPORTED once this
> > > + function is returned.
> > > +
> > > + @param[in] This Pointer to
> > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > +
> > > + @retval EFI_SUCCESS Service has been stoped successfully.
> > > + @retval EFI_INVALID_PARAMETER This is NULL.
> > > + @retval Others Some error happened.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +RedfishCredentialStopService (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> ServiceStopType
> > > + );
> > > +#endif
> > > diff --git
> > > a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > > b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > > new file mode 100644
> > > index 0000000000..707d9a04d9
> > > --- /dev/null
> > > +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > > @@ -0,0 +1,51 @@
> > > +## @file
> > > +# RedfishCredentialDxe is required to produce the # EdkII
> > > +RedfishCredentialProtocol for the consumer to get the Redfish #
> > > +credential Info and to restrict Redfish access from UEFI side.
> > > +#
> > > +# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > > +#
> > > +SPDX-License-Identifier: BSD-2-Clause-Patent # ##
> > > +
> > > +[Defines]
> > > + INF_VERSION = 0x0001000b
> > > + BASE_NAME = RedfishCredentialDxe
> > > + FILE_GUID = 458CE95A-4942-09A9-5D21-A6B16D5DAD7F
> > > + MODULE_TYPE = DXE_DRIVER
> > > + VERSION_STRING = 1.0
> > > + ENTRY_POINT = RedfishCredentialDxeDriverEntryPoint
> > > +
> > > +#
> > > +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 RISCV64
> > > +#
> > > +
> > > +[Sources]
> > > + RedfishCredentialDxe.c
> > > + RedfishCredentialDxe.h
> > > +
> > > +[Packages]
> > > + MdePkg/MdePkg.dec
> > > + MdeModulePkg/MdeModulePkg.dec
> > > + RedfishPkg/RedfishPkg.dec
> > > +
> > > +[LibraryClasses]
> > > + BaseLib
> > > + DebugLib
> > > + PrintLib
> > > + RedfishPlatformCredentialLib
> > > + UefiBootServicesTableLib
> > > + UefiDriverEntryPoint
> > > + UefiRuntimeServicesTableLib
> > > + UefiLib
> > > +
> > > +[Protocols]
> > > + gEdkIIRedfishCredentialProtocolGuid ## BY_START
> > > +
> > > +
> > > +[Guids]
> > > + gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event
> > > + gEfiEventExitBootServicesGuid ## CONSUMES ## Event
> > > +
> > > +[Depex]
> > > + TRUE
> > > diff --git a/RedfishPkg/RedfishPkg.dec b/RedfishPkg/RedfishPkg.dec
> > > index 861f6dd0c8..fc56b4fefb 100644
> > > --- a/RedfishPkg/RedfishPkg.dec
> > > +++ b/RedfishPkg/RedfishPkg.dec
> > > @@ -21,6 +21,10 @@
> > > # Platform implementation-specific Redfish Host Interface.
> > >
> > > RedfishPlatformHostInterfaceLib|Include/Library/RedfishHostInterface
> > > RedfishPlatformHostInterfaceLib|Li
> > > RedfishPlatformHostInterfaceLib|b.h
> > >
> > > + ## @libraryclass Platform Redfish Credential Library
> > > + # Platform implementation-specific Redfish Credential Interface.
> > > +
> > > + RedfishPlatformCredentialLib|Include/Library/RedfishCredentialLib.
> > > + h
> > > +
> > > [Protocols]
> > > ## Include/Protocol/RedfishDiscover.h
> > > gEfiRedfishDiscoverProtocolGuid = { 0x5db12509, 0x4550, 0x4347,
> { 0x96,
> > > 0xb3, 0x73, 0xc0, 0xff, 0x6e, 0x86, 0x9f }} diff --git
> > > a/RedfishPkg/RedfishPkg.dsc b/RedfishPkg/RedfishPkg.dsc index
> > > 94e7127bc6..f7d5b90918 100644
> > > --- a/RedfishPkg/RedfishPkg.dsc
> > > +++ b/RedfishPkg/RedfishPkg.dsc
> > > @@ -32,6 +32,7 @@
> > >
> > >
> >
> DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/Bas
> > > eDebugPrintErrorLevelLib.inf
> > > PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
> > >
> > > RedfishPlatformHostInterfaceLib|RedfishPkg/Library/PlatformHostInter
> > > RedfishPlatformHostInterfaceLib|fa
> > > RedfishPlatformHostInterfaceLib|ce
> > > LibNull/PlatformHostInterfaceLibNull.inf
> > > +
> > > RedfishPlatformCredentialLib|RedfishPkg/Library/PlatformCredentialLi
> > > RedfishPlatformCredentialLib|bN
> > > RedfishPlatformCredentialLib|ull/
> > > PlatformCredentialLibNull.inf
> > >
> > > [LibraryClasses.ARM, LibraryClasses.AARCH64]
> > > #
> > > @@ -43,5 +44,6 @@
> > >
> > > [Components]
> > >
> > > RedfishPkg/Library/PlatformHostInterfaceLibNull/PlatformHostInterfac
> > > eL
> > > ibN
> > > ull.inf
> > > +
> > > RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNu
> > > ll
> > > .inf
> > >
> > > !include RedfishPkg/Redfish.dsc.inc
> > > --
> > > 2.17.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish Credential DXE driver
2020-12-16 7:27 ` Abner Chang
@ 2020-12-16 7:37 ` Nickle Wang
2020-12-16 7:43 ` Abner Chang
0 siblings, 1 reply; 12+ messages in thread
From: Nickle Wang @ 2020-12-16 7:37 UTC (permalink / raw)
To: Chang, Abner (HPS SW/FW Technologist), devel@edk2.groups.io
Cc: O'Hanley, Peter (EXL)
Hi Abner,
I got it. These two interfaces are defined in library so that platform library has to implement it. This makes sense to me.
Reviewed-by: Nickle Wang <nickle.wang@hpe.com>
Thanks,
Nickle
> -----Original Message-----
> From: Chang, Abner (HPS SW/FW Technologist) <abner.chang@hpe.com>
> Sent: Wednesday, December 16, 2020 3:27 PM
> To: Wang, Nickle (HPS SW) <nickle.wang@hpe.com>; devel@edk2.groups.io
> Cc: O'Hanley, Peter (EXL) <peter.ohanley@hpe.com>
> Subject: RE: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish
> Credential DXE driver
>
>
>
> > -----Original Message-----
> > From: Chang, Abner (HPS SW/FW Technologist)
> > Sent: Wednesday, December 16, 2020 3:09 PM
> > To: Wang, Nickle (HPS SW) <nickle.wang@hpe.com>;
> devel@edk2.groups.io
> > Cc: O'Hanley, Peter (EXL) <peter.ohanley@hpe.com>
> > Subject: RE: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII
> > Redfish Credential DXE driver
> >
> >
> >
> > > -----Original Message-----
> > > From: Wang, Nickle (HPS SW)
> > > Sent: Wednesday, December 16, 2020 10:46 AM
> > > To: Chang, Abner (HPS SW/FW Technologist) <abner.chang@hpe.com>;
> > > devel@edk2.groups.io
> > > Cc: O'Hanley, Peter (EXL) <peter.ohanley@hpe.com>
> > > Subject: RE: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII
> > > Redfish Credential DXE driver
> > >
> > > Hi Abner,
> > >
> > > Overall looks good to me. Just a question about implementation.
> > >
> > > The End-Of-DXE and Exit-Boot-Service is registered in Redfish
> > > Credential driver and the implementation is provide by
> > > RedfishPlatformCredentialLib library. May I know if it is possible
> > > to register these two events in RedfishPlatformCredentialLib
> > > directly? In this way, we do not need two additional interfaces in
> > RedfishPlatformCredentialLib library.
> > Yes Nickle, I think we can do that. Will resend the patch.
> > thanks
> Hi Nickle,
> Sorry for the confusion, I just about to change the code but I still think we
> should keep these two registrations in RedfishCredentialDXe.
> That is the security concern of implementing these two notifications in
> RedfishCredentialDxe and then invoke to platform code. This forces OEM to
> consider and provide their secret sauce for preventing from 3rd party code to
> steal the Redfish credential. That is OEM's choice if they want to leave these
> two functions in empty. But I think edk2 code should force them not
> forgetting to implement that.
> So, I would like to still keep it.
>
>
> > >
> > > Thanks,
> > > Nickle
> > >
> > > > -----Original Message-----
> > > > From: Chang, Abner (HPS SW/FW Technologist)
> > <abner.chang@hpe.com>
> > > > Sent: Wednesday, December 9, 2020 4:44 PM
> > > > To: devel@edk2.groups.io
> > > > Cc: Wang, Nickle (HPS SW) <nickle.wang@hpe.com>; O'Hanley, Peter
> > > > (EXL) <peter.ohanley@hpe.com>
> > > > Subject: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII
> > > > Redfish Credential DXE driver
> > > >
> > > > EDKII Redfish Credential DXE driver which abstracts platform
> > > > Redfish credential implementation.
> > > >
> > > > Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
> > > > Signed-off-by: Ting Ye <ting.ye@intel.com>
> > > > Signed-off-by: Siyuan Fu <siyuan.fu@intel.com>
> > > > Signed-off-by: Fan Wang <fan.wang@intel.com>
> > > > Signed-off-by: Abner Chang <abner.chang@hpe.com>
> > > >
> > > > Cc: Nickle Wang <nickle.wang@hpe.com>
> > > > Cc: Peter O'Hanley <peter.ohanley@hpe.com>
> > > > ---
> > > > .../Include/Library/RedfishCredentialLib.h | 91 ++++++++
> > > > .../PlatformCredentialLibNull.c | 101 +++++++++
> > > > .../PlatformCredentialLibNull.inf | 30 +++
> > > > RedfishPkg/Redfish.fdf.inc | 1 +
> > > > RedfishPkg/RedfishComponents.dsc.inc | 1 +
> > > > .../RedfishCredentialDxe.c | 209 ++++++++++++++++++
> > > > .../RedfishCredentialDxe.h | 75 +++++++
> > > > .../RedfishCredentialDxe.inf | 51 +++++
> > > > RedfishPkg/RedfishPkg.dec | 4 +
> > > > RedfishPkg/RedfishPkg.dsc | 2 +
> > > > 10 files changed, 565 insertions(+) create mode 100644
> > > > RedfishPkg/Include/Library/RedfishCredentialLib.h
> > > > create mode 100644
> > > > RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLib
> > > > Nu
> > > > ll
> > > > .c
> > > > create mode 100644
> > > > RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLib
> > > > Nu
> > > > ll
> > > > .inf
> > > > create mode 100644
> > > > RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > > > create mode 100644
> > > > RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > > > create mode 100644
> > > > RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > > >
> > > > diff --git a/RedfishPkg/Include/Library/RedfishCredentialLib.h
> > > > b/RedfishPkg/Include/Library/RedfishCredentialLib.h
> > > > new file mode 100644
> > > > index 0000000000..dac1b3303f
> > > > --- /dev/null
> > > > +++ b/RedfishPkg/Include/Library/RedfishCredentialLib.h
> > > > @@ -0,0 +1,91 @@
> > > > +/** @file
> > > > + Definitinos of RedfishHostInterfaceDxe driver.
> > > > +
> > > > + (C) Copyright 2020 Hewlett Packard Enterprise Development
> > > > + LP<BR>
> > > > +
> > > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > +
> > > > +**/
> > > > +#ifndef REDFISH_CREDENTIAL_LIB_H_ #define
> > > > +REDFISH_CREDENTIAL_LIB_H_
> > > > +
> > > > +#include <Uefi.h>
> > > > +
> > > > +/**
> > > > + Notification of Exit Boot Service.
> > > > +
> > > > + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > > > +**/
> > > > +VOID
> > > > +EFIAPI
> > > > +LibCredentialExitBootServicesNotify (
> > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This );
> > > > +
> > > > +/**
> > > > + Notification of End of DXe.
> > > > +
> > > > + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > > > +**/
> > > > +VOID
> > > > +EFIAPI
> > > > +LibCredentialEndOfDxeNotify (
> > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This );
> > > > +
> > > > +/**
> > > > + Retrieve platform's Redfish authentication information.
> > > > +
> > > > + This functions returns the Redfish authentication method
> > > > + together with
> > > > the user Id and
> > > > + password.
> > > > + - For AuthMethodNone, the UserId and Password could be used for
> > > > + HTTP
> > > > header authentication
> > > > + as defined by RFC7235.
> > > > + - For AuthMethodRedfishSession, the UserId and Password could
> > > > + be used
> > > > for Redfish
> > > > + session login as defined by Redfish API specification (DSP0266).
> > > > +
> > > > + Callers are responsible for and freeing the returned string storage.
> > > > +
> > > > + @param[in] This Pointer to
> > > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > > + @param[out] AuthMethod Type of Redfish authentication
> > method.
> > > > + @param[out] UserId The pointer to store the returned UserId
> > > > string.
> > > > + @param[out] Password The pointer to store the returned
> > > Password
> > > > string.
> > > > +
> > > > + @retval EFI_SUCCESS Get the authentication information
> > > > successfully.
> > > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> > EndOfDxe.
> > > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> > > > Password is NULL.
> > > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > > > resources.
> > > > + @retval EFI_UNSUPPORTED Unsupported authentication
> method
> > is
> > > > found.
> > > > +
> > > > +**/
> > > > +EFI_STATUS
> > > > +EFIAPI
> > > > +LibCredentialGetAuthInfo (
> > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > > > + OUT CHAR8 **UserId,
> > > > + OUT CHAR8 **Password
> > > > +);
> > > > +
> > > > +/**
> > > > + Notify the Redfish service provide to stop provide
> > > > +configuration service to
> > > > this platform.
> > > > +
> > > > + This function should be called when the platfrom is about to
> > > > + leave the safe
> > > > environment.
> > > > + It will notify the Redfish service provider to abort all
> > > > + logined session, and
> > > > prohibit
> > > > + further login with original auth info. GetAuthInfo() will
> > > > + return
> > > > EFI_UNSUPPORTED once this
> > > > + function is returned.
> > > > +
> > > > + @param[in] This Pointer to
> > > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > > + @param[in] ServiceStopType Reason of stopping Redfish service.
> > > > +
> > > > + @retval EFI_SUCCESS Service has been stoped successfully.
> > > > + @retval EFI_INVALID_PARAMETER This is NULL.
> > > > + @retval Others Some error happened.
> > > > +
> > > > +**/
> > > > +EFI_STATUS
> > > > +EFIAPI
> > > > +LibStopRedfishService (
> > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> > ServiceStopType
> > > > +);
> > > > +#endif
> > > > diff --git
> > > > a/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialL
> > > > ib
> > > > Nu
> > > > ll.c
> > > > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialL
> > > > ib
> > > > Nu
> > > > ll.c
> > > > new file mode 100644
> > > > index 0000000000..39de622d59
> > > > --- /dev/null
> > > > +++
> > > > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialL
> > > > ib
> > > > Nu
> > > > ll.c
> > > > @@ -0,0 +1,101 @@
> > > > +/** @file
> > > > + NULL instace of RedfishPlatformCredentialLib
> > > > +
> > > > + (C) Copyright 2020 Hewlett Packard Enterprise Development
> > > > + LP<BR>
> > > > +
> > > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > +
> > > > +**/
> > > > +#include <Uefi.h>
> > > > +#include <Protocol/EdkIIRedfishCredential.h>
> > > > +/**
> > > > + Notification of Exit Boot Service.
> > > > +
> > > > + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > > > +**/
> > > > +VOID
> > > > +EFIAPI
> > > > +LibCredentialExitBootServicesNotify (
> > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
> > > > +)
> > > > +{
> > > > + return;
> > > > +}
> > > > +
> > > > +/**
> > > > + Notification of End of DXe.
> > > > +
> > > > + @param[in] This Pointer to
> EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > > > +**/
> > > > +VOID
> > > > +EFIAPI
> > > > +LibCredentialEndOfDxeNotify (
> > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
> > > > +)
> > > > +{
> > > > + return;
> > > > +}
> > > > +
> > > > +/**
> > > > + Retrieve platform's Redfish authentication information.
> > > > +
> > > > + This functions returns the Redfish authentication method
> > > > + together with
> > > > the user Id and
> > > > + password.
> > > > + - For AuthMethodNone, the UserId and Password could be used for
> > > > + HTTP
> > > > header authentication
> > > > + as defined by RFC7235.
> > > > + - For AuthMethodRedfishSession, the UserId and Password could
> > > > + be used
> > > > for Redfish
> > > > + session login as defined by Redfish API specification (DSP0266).
> > > > +
> > > > + Callers are responsible for and freeing the returned string storage.
> > > > +
> > > > + @param[in] This Pointer to
> > > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > > + @param[out] AuthMethod Type of Redfish authentication
> > method.
> > > > + @param[out] UserId The pointer to store the returned UserId
> > > > string.
> > > > + @param[out] Password The pointer to store the returned
> > > Password
> > > > string.
> > > > +
> > > > + @retval EFI_SUCCESS Get the authentication information
> > > > successfully.
> > > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> > EndOfDxe.
> > > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> > > > Password is NULL.
> > > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > > > resources.
> > > > + @retval EFI_UNSUPPORTED Unsupported authentication
> method
> > is
> > > > found.
> > > > +
> > > > +**/
> > > > +EFI_STATUS
> > > > +EFIAPI
> > > > +LibCredentialGetAuthInfo (
> > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > > > + OUT CHAR8 **UserId,
> > > > + OUT CHAR8 **Password
> > > > +)
> > > > +{
> > > > + return EFI_UNSUPPORTED;
> > > > +}
> > > > +
> > > > +/**
> > > > + Notify the Redfish service provide to stop provide
> > > > +configuration service to
> > > > this platform.
> > > > +
> > > > + This function should be called when the platfrom is about to
> > > > + leave the safe
> > > > environment.
> > > > + It will notify the Redfish service provider to abort all
> > > > + logined session, and
> > > > prohibit
> > > > + further login with original auth info. GetAuthInfo() will
> > > > + return
> > > > EFI_UNSUPPORTED once this
> > > > + function is returned.
> > > > +
> > > > + @param[in] This Pointer to
> > > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > > + @param[in] ServiceStopType Reason of stopping Redfish service.
> > > > +
> > > > + @retval EFI_SUCCESS Service has been stoped successfully.
> > > > + @retval EFI_INVALID_PARAMETER This is NULL or given the worng
> > > > ServiceStopType.
> > > > + @retval EFI_UNSUPPORTED Not support to stop Redfish service.
> > > > + @retval Others Some error happened.
> > > > +
> > > > +**/
> > > > +EFI_STATUS
> > > > +EFIAPI
> > > > +LibStopRedfishService (
> > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> > ServiceStopType
> > > > + )
> > > > +{
> > > > + return EFI_UNSUPPORTED;
> > > > +}
> > > > +
> > > > diff --git
> > > > a/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialL
> > > > ib
> > > > Nu
> > > > ll.in
> > > > f
> > > > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialL
> > > > ib
> > > > Nu
> > > > ll.in
> > > > f
> > > > new file mode 100644
> > > > index 0000000000..4c22e89718
> > > > --- /dev/null
> > > > +++
> > > > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialL
> > > > ib
> > > > Nu
> > > > ll.in
> > > > f
> > > > @@ -0,0 +1,30 @@
> > > > +## @file
> > > > +# NULL instance of RedfishPlatformCredentialLib # # (C)
> > > > +Copyright
> > > > +2020 Hewlett Packard Enterprise Development LP<BR> # #
> > > > +SPDX-License-Identifier: BSD-2-Clause-Patent # ##
> > > > +
> > > > +[Defines]
> > > > + INF_VERSION = 0x0001000b
> > > > + BASE_NAME = RedfishPlatformCredentialLibNull
> > > > + FILE_GUID = CA3BD843-0BDD-4EE0-A38A-B45CA663114F
> > > > + MODULE_TYPE = DXE_DRIVER
> > > > + VERSION_STRING = 1.0
> > > > + LIBRARY_CLASS = RedfishPlatformCredentialLib
> > > > +
> > > > +#
> > > > +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 RISCV64
> > > > +#
> > > > +
> > > > +[Sources]
> > > > + PlatformCredentialLibNull.c
> > > > +
> > > > +[Packages]
> > > > + MdePkg/MdePkg.dec
> > > > + MdeModulePkg/MdeModulePkg.dec
> > > > + RedfishPkg/RedfishPkg.dec
> > > > +
> > > > +
> > > > diff --git a/RedfishPkg/Redfish.fdf.inc
> > > > b/RedfishPkg/Redfish.fdf.inc index 19de479a80..24e32e0abf 100644
> > > > --- a/RedfishPkg/Redfish.fdf.inc
> > > > +++ b/RedfishPkg/Redfish.fdf.inc
> > > > @@ -13,4 +13,5 @@
> > > > !if $(REDFISH_ENABLE) == TRUE
> > > > INF RedfishPkg/RestJsonStructureDxe/RestJsonStructureDxe.inf
> > > > INF
> > > > RedfishPkg/RedfishHostInterfaceDxe/RedfishHostInterfaceDxe.inf
> > > > + INF RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > > > !endif
> > > > diff --git a/RedfishPkg/RedfishComponents.dsc.inc
> > > > b/RedfishPkg/RedfishComponents.dsc.inc
> > > > index ac1b57ed8f..ff32653ec8 100644
> > > > --- a/RedfishPkg/RedfishComponents.dsc.inc
> > > > +++ b/RedfishPkg/RedfishComponents.dsc.inc
> > > > @@ -15,4 +15,5 @@
> > > > !if $(REDFISH_ENABLE) == TRUE
> > > > RedfishPkg/RestJsonStructureDxe/RestJsonStructureDxe.inf
> > > > RedfishPkg/RedfishHostInterfaceDxe/RedfishHostInterfaceDxe.inf
> > > > + RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > > > !endif
> > > > diff --git
> > > > a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > > > b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > > > new file mode 100644
> > > > index 0000000000..f48d1d011c
> > > > --- /dev/null
> > > > +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > > > @@ -0,0 +1,209 @@
> > > > +/** @file
> > > > + RedfishCrentialDxe produces the EdkIIRedfishCredentialProtocol
> > > > +for the
> > > > consumer
> > > > + to get the Redfish credential Info and to restrict Redfish
> > > > + access from UEFI
> > > > side.
> > > > +
> > > > + (C) Copyright 2020 Hewlett Packard Enterprise Development
> > > > + LP<BR>
> > > > +
> > > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > +
> > > > +**/
> > > > +
> > > > +#include <RedfishCredentialDxe.h>
> > > > +
> > > > +EDKII_REDFISH_CREDENTIAL_PROTOCOL mRedfishCredentialProtocol
> =
> > {
> > > > + RedfishCredentialGetAuthInfo,
> > > > + RedfishCredentialStopService
> > > > +};
> > > > +
> > > > +/**
> > > > + Callback function executed when the ExitBootServices event
> > > > +group is
> > > > signaled.
> > > > +
> > > > + @param[in] Event Event whose notification function is being
> invoked.
> > > > + @param[out] Context Pointer to the buffer pass in.
> > > > +**/
> > > > +VOID
> > > > +EFIAPI
> > > > +RedfishCredentialExitBootServicesEventNotify (
> > > > + IN EFI_EVENT Event,
> > > > + OUT VOID *Context
> > > > + )
> > > > +{
> > > > + LibCredentialExitBootServicesNotify
> > > > ((EDKII_REDFISH_CREDENTIAL_PROTOCOL *)Context);
> > > > +}
> > > > +
> > > > +/**
> > > > + Callback function executed when the EndOfDxe event group is
> signaled.
> > > > +
> > > > + @param[in] Event Event whose notification function is being
> invoked.
> > > > + @param[out] Context Pointer to the buffer pass in.
> > > > +**/
> > > > +VOID
> > > > +EFIAPI
> > > > +RedfishCredentialEndOfDxeEventNotify (
> > > > + IN EFI_EVENT Event,
> > > > + OUT VOID *Context
> > > > + )
> > > > +{
> > > > + LibCredentialEndOfDxeNotify
> > ((EDKII_REDFISH_CREDENTIAL_PROTOCOL
> > > > *)Context);
> > > > +
> > > > + //
> > > > + // Close event, so it will not be invoked again.
> > > > + //
> > > > + gBS->CloseEvent (Event);
> > > > +}
> > > > +
> > > > +/**
> > > > + Retrieve platform's Redfish authentication information.
> > > > +
> > > > + This functions returns the Redfish authentication method
> > > > + together with
> > > > the user Id and
> > > > + password.
> > > > + - For AuthMethodNone, the UserId and Password could be used for
> > > > + HTTP
> > > > header authentication
> > > > + as defined by RFC7235.
> > > > + - For AuthMethodRedfishSession, the UserId and Password could
> > > > + be used
> > > > for Redfish
> > > > + session login as defined by Redfish API specification (DSP0266).
> > > > +
> > > > + Callers are responsible for and freeing the returned string storage.
> > > > +
> > > > + @param[in] This Pointer to
> > > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > > + @param[out] AuthMethod Type of Redfish authentication
> > method.
> > > > + @param[out] UserId The pointer to store the returned UserId
> > > > string.
> > > > + @param[out] Password The pointer to store the returned
> > > Password
> > > > string.
> > > > +
> > > > + @retval EFI_SUCCESS Get the authentication information
> > > > successfully.
> > > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> > EndOfDxe.
> > > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> > > > Password is NULL.
> > > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > > > resources.
> > > > + @retval EFI_UNSUPPORTED Unsupported authentication
> method
> > is
> > > > found.
> > > > +
> > > > +**/
> > > > +EFI_STATUS
> > > > +EFIAPI
> > > > +RedfishCredentialGetAuthInfo (
> > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > > > + OUT CHAR8 **UserId,
> > > > + OUT CHAR8 **Password
> > > > + )
> > > > +{
> > > > + if (This == NULL || AuthMethod == NULL || UserId == NULL ||
> > > > +Password
> > > > == NULL) {
> > > > + return EFI_INVALID_PARAMETER; }
> > > > +
> > > > + return LibCredentialGetAuthInfo (This, AuthMethod,
> > > > +UserId,Password); }
> > > > +
> > > > +/**
> > > > + Notify the Redfish service provide to stop provide
> > > > +configuration service to
> > > > this platform.
> > > > +
> > > > + This function should be called when the platfrom is about to
> > > > + leave the safe
> > > > environment.
> > > > + It will notify the Redfish service provider to abort all
> > > > + logined session, and
> > > > prohibit
> > > > + further login with original auth info. GetAuthInfo() will
> > > > + return
> > > > EFI_UNSUPPORTED once this
> > > > + function is returned.
> > > > +
> > > > + @param[in] This Pointer to
> > > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > > + @param[in] ServiceStopType Reason of stopping Redfish service.
> > > > +
> > > > + @retval EFI_SUCCESS Service has been stoped successfully.
> > > > + @retval EFI_INVALID_PARAMETER This is NULL or given the worng
> > > > ServiceStopType.
> > > > + @retval EFI_UNSUPPORTED Not support to stop Redfish service.
> > > > + @retval Others Some error happened.
> > > > +
> > > > +**/
> > > > +EFI_STATUS
> > > > +EFIAPI
> > > > +RedfishCredentialStopService (
> > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> > ServiceStopType
> > > > + )
> > > > +{
> > > > + if (This == NULL) {
> > > > + return EFI_INVALID_PARAMETER;
> > > > + }
> > > > +
> > > > + return LibStopRedfishService (This, ServiceStopType); }
> > > > +
> > > > +/**
> > > > + Main entry for this driver.
> > > > +
> > > > + @param ImageHandle Image handle this driver.
> > > > + @param SystemTable Pointer to SystemTable.
> > > > +
> > > > + @retval EFI_SUCESS This function always complete successfully.
> > > > +
> > > > +**/
> > > > +EFI_STATUS
> > > > +EFIAPI
> > > > +RedfishCredentialDxeDriverEntryPoint (
> > > > + IN EFI_HANDLE ImageHandle,
> > > > + IN EFI_SYSTEM_TABLE *SystemTable
> > > > + )
> > > > +{
> > > > + EFI_STATUS Status;
> > > > + EFI_HANDLE Handle;
> > > > + EFI_EVENT EndOfDxeEvent;
> > > > + EFI_EVENT ExitBootServiceEvent;
> > > > +
> > > > + Handle = NULL;
> > > > +
> > > > + //
> > > > + // Install the RedfishCredentialProtocol onto Handle.
> > > > + //
> > > > + Status = gBS->InstallMultipleProtocolInterfaces (
> > > > + &Handle,
> > > > + &gEdkIIRedfishCredentialProtocolGuid,
> > > > + &mRedfishCredentialProtocol,
> > > > + NULL
> > > > + );
> > > > + if (EFI_ERROR (Status)) {
> > > > + return Status;
> > > > + }
> > > > +
> > > > + //
> > > > + // After EndOfDxe, if SecureBoot is disabled, Redfish
> > > > + Credential Protocol
> > > > should return
> > > > + // error code to caller to avoid the 3rd code to bypass Redfish
> > > > + Credential
> > > > Protocol and
> > > > + // retrieve userid/pwd directly. So, here, we create EndOfDxe
> > > > + Event to
> > > > check SecureBoot
> > > > + // status.
> > > > + //
> > > > + Status = gBS->CreateEventEx (
> > > > + EVT_NOTIFY_SIGNAL,
> > > > + TPL_CALLBACK,
> > > > + RedfishCredentialEndOfDxeEventNotify,
> > > > + (VOID *)&mRedfishCredentialProtocol,
> > > > + &gEfiEndOfDxeEventGroupGuid,
> > > > + &EndOfDxeEvent
> > > > + );
> > > > + if (EFI_ERROR (Status)) {
> > > > + goto ON_ERROR;
> > > > + }
> > > > +
> > > > + //
> > > > + // After ExitBootServices, Redfish Credential Protocol should
> > > > + stop the
> > > > service.
> > > > + // So, here, we create ExitBootService Event to stop service.
> > > > + //
> > > > + Status = gBS->CreateEventEx (
> > > > + EVT_NOTIFY_SIGNAL,
> > > > + TPL_CALLBACK,
> > > > + RedfishCredentialExitBootServicesEventNotify,
> > > > + (VOID *)&mRedfishCredentialProtocol,
> > > > + &gEfiEventExitBootServicesGuid,
> > > > + &ExitBootServiceEvent
> > > > + );
> > > > + if (EFI_ERROR (Status)) {
> > > > + gBS->CloseEvent (EndOfDxeEvent);
> > > > + goto ON_ERROR;
> > > > + }
> > > > +
> > > > + return EFI_SUCCESS;
> > > > +
> > > > +ON_ERROR:
> > > > +
> > > > + gBS->UninstallMultipleProtocolInterfaces (
> > > > + Handle,
> > > > + &gEdkIIRedfishCredentialProtocolGuid,
> > > > + &mRedfishCredentialProtocol,
> > > > + NULL
> > > > + );
> > > > +
> > > > + return Status;
> > > > +}
> > > > diff --git
> > > > a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > > > b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > > > new file mode 100644
> > > > index 0000000000..6e7e417b33
> > > > --- /dev/null
> > > > +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > > > @@ -0,0 +1,75 @@
> > > > +/** @file
> > > > + Definition of Redfish Credential DXE driver.
> > > > +
> > > > + (C) Copyright 2020 Hewlett Packard Enterprise Development
> > > > + LP<BR>
> > > > +
> > > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > +
> > > > +**/
> > > > +#ifndef EDKII_REDFISH_CREDENTIAL_DXE_H_ #define
> > > > +EDKII_REDFISH_CREDENTIAL_DXE_H_
> > > > +
> > > > +#include <Protocol/EdkIIRedfishCredential.h>
> > > > +
> > > > +#include <Library/BaseLib.h>
> > > > +#include <Library/DebugLib.h>
> > > > +#include <Library/PrintLib.h>
> > > > +#include <Library/RedfishCredentialLib.h> #include
> > > > +<Library/UefiLib.h> #include <Library/UefiBootServicesTableLib.h>
> > > > +
> > > > +/**
> > > > + Retrieve platform's Redfish authentication information.
> > > > +
> > > > + This functions returns the Redfish authentication method
> > > > + together with
> > > > the user Id and
> > > > + password.
> > > > + - For AuthMethodNone, the UserId and Password could be used for
> > > > + HTTP
> > > > header authentication
> > > > + as defined by RFC7235.
> > > > + - For AuthMethodRedfishSession, the UserId and Password could
> > > > + be used
> > > > for Redfish
> > > > + session login as defined by Redfish API specification (DSP0266).
> > > > +
> > > > + Callers are responsible for and freeing the returned string storage.
> > > > +
> > > > + @param[in] This Pointer to
> > > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > > + @param[out] AuthMethod Type of Redfish authentication
> > method.
> > > > + @param[out] UserId The pointer to store the returned UserId
> > > > string.
> > > > + @param[out] Password The pointer to store the returned
> > > Password
> > > > string.
> > > > +
> > > > + @retval EFI_SUCCESS Get the authentication information
> > > > successfully.
> > > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> > EndOfDxe.
> > > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> > > > Password is NULL.
> > > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > > > resources.
> > > > + @retval EFI_UNSUPPORTED Unsupported authentication
> method
> > is
> > > > found.
> > > > +
> > > > +**/
> > > > +EFI_STATUS
> > > > +EFIAPI
> > > > +RedfishCredentialGetAuthInfo (
> > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > > > + OUT CHAR8 **UserId,
> > > > + OUT CHAR8 **Password
> > > > + );
> > > > +
> > > > +/**
> > > > + Notify the Redfish service provide to stop provide
> > > > +configuration service to
> > > > this platform.
> > > > +
> > > > + This function should be called when the platfrom is about to
> > > > + leave the safe
> > > > environment.
> > > > + It will notify the Redfish service provider to abort all
> > > > + logined session, and
> > > > prohibit
> > > > + further login with original auth info. GetAuthInfo() will
> > > > + return
> > > > EFI_UNSUPPORTED once this
> > > > + function is returned.
> > > > +
> > > > + @param[in] This Pointer to
> > > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > > +
> > > > + @retval EFI_SUCCESS Service has been stoped successfully.
> > > > + @retval EFI_INVALID_PARAMETER This is NULL.
> > > > + @retval Others Some error happened.
> > > > +
> > > > +**/
> > > > +EFI_STATUS
> > > > +EFIAPI
> > > > +RedfishCredentialStopService (
> > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> > ServiceStopType
> > > > + );
> > > > +#endif
> > > > diff --git
> > > > a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > > > b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > > > new file mode 100644
> > > > index 0000000000..707d9a04d9
> > > > --- /dev/null
> > > > +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > > > @@ -0,0 +1,51 @@
> > > > +## @file
> > > > +# RedfishCredentialDxe is required to produce the # EdkII
> > > > +RedfishCredentialProtocol for the consumer to get the Redfish #
> > > > +credential Info and to restrict Redfish access from UEFI side.
> > > > +#
> > > > +# (C) Copyright 2020 Hewlett Packard Enterprise Development
> > > > +LP<BR> #
> > > > +SPDX-License-Identifier: BSD-2-Clause-Patent # ##
> > > > +
> > > > +[Defines]
> > > > + INF_VERSION = 0x0001000b
> > > > + BASE_NAME = RedfishCredentialDxe
> > > > + FILE_GUID = 458CE95A-4942-09A9-5D21-A6B16D5DAD7F
> > > > + MODULE_TYPE = DXE_DRIVER
> > > > + VERSION_STRING = 1.0
> > > > + ENTRY_POINT = RedfishCredentialDxeDriverEntryPoint
> > > > +
> > > > +#
> > > > +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 RISCV64
> > > > +#
> > > > +
> > > > +[Sources]
> > > > + RedfishCredentialDxe.c
> > > > + RedfishCredentialDxe.h
> > > > +
> > > > +[Packages]
> > > > + MdePkg/MdePkg.dec
> > > > + MdeModulePkg/MdeModulePkg.dec
> > > > + RedfishPkg/RedfishPkg.dec
> > > > +
> > > > +[LibraryClasses]
> > > > + BaseLib
> > > > + DebugLib
> > > > + PrintLib
> > > > + RedfishPlatformCredentialLib
> > > > + UefiBootServicesTableLib
> > > > + UefiDriverEntryPoint
> > > > + UefiRuntimeServicesTableLib
> > > > + UefiLib
> > > > +
> > > > +[Protocols]
> > > > + gEdkIIRedfishCredentialProtocolGuid ## BY_START
> > > > +
> > > > +
> > > > +[Guids]
> > > > + gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event
> > > > + gEfiEventExitBootServicesGuid ## CONSUMES ## Event
> > > > +
> > > > +[Depex]
> > > > + TRUE
> > > > diff --git a/RedfishPkg/RedfishPkg.dec b/RedfishPkg/RedfishPkg.dec
> > > > index 861f6dd0c8..fc56b4fefb 100644
> > > > --- a/RedfishPkg/RedfishPkg.dec
> > > > +++ b/RedfishPkg/RedfishPkg.dec
> > > > @@ -21,6 +21,10 @@
> > > > # Platform implementation-specific Redfish Host Interface.
> > > >
> > > > RedfishPlatformHostInterfaceLib|Include/Library/RedfishHostInterfa
> > > > RedfishPlatformHostInterfaceLib|ce
> > > > RedfishPlatformHostInterfaceLib|Li
> > > > RedfishPlatformHostInterfaceLib|b.h
> > > >
> > > > + ## @libraryclass Platform Redfish Credential Library
> > > > + # Platform implementation-specific Redfish Credential Interface.
> > > > +
> > > > + RedfishPlatformCredentialLib|Include/Library/RedfishCredentialLib.
> > > > + h
> > > > +
> > > > [Protocols]
> > > > ## Include/Protocol/RedfishDiscover.h
> > > > gEfiRedfishDiscoverProtocolGuid = { 0x5db12509, 0x4550, 0x4347,
> > { 0x96,
> > > > 0xb3, 0x73, 0xc0, 0xff, 0x6e, 0x86, 0x9f }} diff --git
> > > > a/RedfishPkg/RedfishPkg.dsc b/RedfishPkg/RedfishPkg.dsc index
> > > > 94e7127bc6..f7d5b90918 100644
> > > > --- a/RedfishPkg/RedfishPkg.dsc
> > > > +++ b/RedfishPkg/RedfishPkg.dsc
> > > > @@ -32,6 +32,7 @@
> > > >
> > > >
> > >
> >
> DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/Bas
> > > > eDebugPrintErrorLevelLib.inf
> > > > PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
> > > >
> > > > RedfishPlatformHostInterfaceLib|RedfishPkg/Library/PlatformHostInt
> > > > RedfishPlatformHostInterfaceLib|er
> > > > RedfishPlatformHostInterfaceLib|fa
> > > > RedfishPlatformHostInterfaceLib|ce
> > > > LibNull/PlatformHostInterfaceLibNull.inf
> > > > +
> > > > RedfishPlatformCredentialLib|RedfishPkg/Library/PlatformCredential
> > > > RedfishPlatformCredentialLib|Li
> > > > RedfishPlatformCredentialLib|bN
> > > > RedfishPlatformCredentialLib|ull/
> > > > PlatformCredentialLibNull.inf
> > > >
> > > > [LibraryClasses.ARM, LibraryClasses.AARCH64]
> > > > #
> > > > @@ -43,5 +44,6 @@
> > > >
> > > > [Components]
> > > >
> > > > RedfishPkg/Library/PlatformHostInterfaceLibNull/PlatformHostInterf
> > > > ac
> > > > eL
> > > > ibN
> > > > ull.inf
> > > > +
> > > > RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLib
> > > > Nu
> > > > ll
> > > > .inf
> > > >
> > > > !include RedfishPkg/Redfish.dsc.inc
> > > > --
> > > > 2.17.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish Credential DXE driver
2020-12-16 7:37 ` Nickle Wang
@ 2020-12-16 7:43 ` Abner Chang
0 siblings, 0 replies; 12+ messages in thread
From: Abner Chang @ 2020-12-16 7:43 UTC (permalink / raw)
To: Wang, Nickle (HPS SW), devel@edk2.groups.io; +Cc: O'Hanley, Peter (EXL)
> -----Original Message-----
> From: Wang, Nickle (HPS SW)
> Sent: Wednesday, December 16, 2020 3:38 PM
> To: Chang, Abner (HPS SW/FW Technologist) <abner.chang@hpe.com>;
> devel@edk2.groups.io
> Cc: O'Hanley, Peter (EXL) <peter.ohanley@hpe.com>
> Subject: RE: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish
> Credential DXE driver
>
> Hi Abner,
>
> I got it. These two interfaces are defined in library so that platform library has
> to implement it. This makes sense to me.
>
> Reviewed-by: Nickle Wang <nickle.wang@hpe.com>
Yes correct, thanks.
>
> Thanks,
> Nickle
>
> > -----Original Message-----
> > From: Chang, Abner (HPS SW/FW Technologist) <abner.chang@hpe.com>
> > Sent: Wednesday, December 16, 2020 3:27 PM
> > To: Wang, Nickle (HPS SW) <nickle.wang@hpe.com>;
> devel@edk2.groups.io
> > Cc: O'Hanley, Peter (EXL) <peter.ohanley@hpe.com>
> > Subject: RE: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII
> > Redfish Credential DXE driver
> >
> >
> >
> > > -----Original Message-----
> > > From: Chang, Abner (HPS SW/FW Technologist)
> > > Sent: Wednesday, December 16, 2020 3:09 PM
> > > To: Wang, Nickle (HPS SW) <nickle.wang@hpe.com>;
> > devel@edk2.groups.io
> > > Cc: O'Hanley, Peter (EXL) <peter.ohanley@hpe.com>
> > > Subject: RE: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII
> > > Redfish Credential DXE driver
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: Wang, Nickle (HPS SW)
> > > > Sent: Wednesday, December 16, 2020 10:46 AM
> > > > To: Chang, Abner (HPS SW/FW Technologist) <abner.chang@hpe.com>;
> > > > devel@edk2.groups.io
> > > > Cc: O'Hanley, Peter (EXL) <peter.ohanley@hpe.com>
> > > > Subject: RE: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII
> > > > Redfish Credential DXE driver
> > > >
> > > > Hi Abner,
> > > >
> > > > Overall looks good to me. Just a question about implementation.
> > > >
> > > > The End-Of-DXE and Exit-Boot-Service is registered in Redfish
> > > > Credential driver and the implementation is provide by
> > > > RedfishPlatformCredentialLib library. May I know if it is possible
> > > > to register these two events in RedfishPlatformCredentialLib
> > > > directly? In this way, we do not need two additional interfaces in
> > > RedfishPlatformCredentialLib library.
> > > Yes Nickle, I think we can do that. Will resend the patch.
> > > thanks
> > Hi Nickle,
> > Sorry for the confusion, I just about to change the code but I still
> > think we should keep these two registrations in RedfishCredentialDXe.
> > That is the security concern of implementing these two notifications
> > in RedfishCredentialDxe and then invoke to platform code. This forces
> > OEM to consider and provide their secret sauce for preventing from 3rd
> > party code to steal the Redfish credential. That is OEM's choice if
> > they want to leave these two functions in empty. But I think edk2 code
> > should force them not forgetting to implement that.
> > So, I would like to still keep it.
> >
> >
> > > >
> > > > Thanks,
> > > > Nickle
> > > >
> > > > > -----Original Message-----
> > > > > From: Chang, Abner (HPS SW/FW Technologist)
> > > <abner.chang@hpe.com>
> > > > > Sent: Wednesday, December 9, 2020 4:44 PM
> > > > > To: devel@edk2.groups.io
> > > > > Cc: Wang, Nickle (HPS SW) <nickle.wang@hpe.com>; O'Hanley, Peter
> > > > > (EXL) <peter.ohanley@hpe.com>
> > > > > Subject: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII
> > > > > Redfish Credential DXE driver
> > > > >
> > > > > EDKII Redfish Credential DXE driver which abstracts platform
> > > > > Redfish credential implementation.
> > > > >
> > > > > Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
> > > > > Signed-off-by: Ting Ye <ting.ye@intel.com>
> > > > > Signed-off-by: Siyuan Fu <siyuan.fu@intel.com>
> > > > > Signed-off-by: Fan Wang <fan.wang@intel.com>
> > > > > Signed-off-by: Abner Chang <abner.chang@hpe.com>
> > > > >
> > > > > Cc: Nickle Wang <nickle.wang@hpe.com>
> > > > > Cc: Peter O'Hanley <peter.ohanley@hpe.com>
> > > > > ---
> > > > > .../Include/Library/RedfishCredentialLib.h | 91 ++++++++
> > > > > .../PlatformCredentialLibNull.c | 101 +++++++++
> > > > > .../PlatformCredentialLibNull.inf | 30 +++
> > > > > RedfishPkg/Redfish.fdf.inc | 1 +
> > > > > RedfishPkg/RedfishComponents.dsc.inc | 1 +
> > > > > .../RedfishCredentialDxe.c | 209 ++++++++++++++++++
> > > > > .../RedfishCredentialDxe.h | 75 +++++++
> > > > > .../RedfishCredentialDxe.inf | 51 +++++
> > > > > RedfishPkg/RedfishPkg.dec | 4 +
> > > > > RedfishPkg/RedfishPkg.dsc | 2 +
> > > > > 10 files changed, 565 insertions(+) create mode 100644
> > > > > RedfishPkg/Include/Library/RedfishCredentialLib.h
> > > > > create mode 100644
> > > > > RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialL
> > > > > ib
> > > > > Nu
> > > > > ll
> > > > > .c
> > > > > create mode 100644
> > > > > RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialL
> > > > > ib
> > > > > Nu
> > > > > ll
> > > > > .inf
> > > > > create mode 100644
> > > > > RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > > > > create mode 100644
> > > > > RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > > > > create mode 100644
> > > > > RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > > > >
> > > > > diff --git a/RedfishPkg/Include/Library/RedfishCredentialLib.h
> > > > > b/RedfishPkg/Include/Library/RedfishCredentialLib.h
> > > > > new file mode 100644
> > > > > index 0000000000..dac1b3303f
> > > > > --- /dev/null
> > > > > +++ b/RedfishPkg/Include/Library/RedfishCredentialLib.h
> > > > > @@ -0,0 +1,91 @@
> > > > > +/** @file
> > > > > + Definitinos of RedfishHostInterfaceDxe driver.
> > > > > +
> > > > > + (C) Copyright 2020 Hewlett Packard Enterprise Development
> > > > > + LP<BR>
> > > > > +
> > > > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > > +
> > > > > +**/
> > > > > +#ifndef REDFISH_CREDENTIAL_LIB_H_ #define
> > > > > +REDFISH_CREDENTIAL_LIB_H_
> > > > > +
> > > > > +#include <Uefi.h>
> > > > > +
> > > > > +/**
> > > > > + Notification of Exit Boot Service.
> > > > > +
> > > > > + @param[in] This Pointer to
> > EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > > > > +**/
> > > > > +VOID
> > > > > +EFIAPI
> > > > > +LibCredentialExitBootServicesNotify (
> > > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This );
> > > > > +
> > > > > +/**
> > > > > + Notification of End of DXe.
> > > > > +
> > > > > + @param[in] This Pointer to
> > EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > > > > +**/
> > > > > +VOID
> > > > > +EFIAPI
> > > > > +LibCredentialEndOfDxeNotify (
> > > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This );
> > > > > +
> > > > > +/**
> > > > > + Retrieve platform's Redfish authentication information.
> > > > > +
> > > > > + This functions returns the Redfish authentication method
> > > > > + together with
> > > > > the user Id and
> > > > > + password.
> > > > > + - For AuthMethodNone, the UserId and Password could be used
> > > > > + for HTTP
> > > > > header authentication
> > > > > + as defined by RFC7235.
> > > > > + - For AuthMethodRedfishSession, the UserId and Password could
> > > > > + be used
> > > > > for Redfish
> > > > > + session login as defined by Redfish API specification (DSP0266).
> > > > > +
> > > > > + Callers are responsible for and freeing the returned string storage.
> > > > > +
> > > > > + @param[in] This Pointer to
> > > > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > > > + @param[out] AuthMethod Type of Redfish authentication
> > > method.
> > > > > + @param[out] UserId The pointer to store the returned
> UserId
> > > > > string.
> > > > > + @param[out] Password The pointer to store the returned
> > > > Password
> > > > > string.
> > > > > +
> > > > > + @retval EFI_SUCCESS Get the authentication information
> > > > > successfully.
> > > > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> > > EndOfDxe.
> > > > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId
> or
> > > > > Password is NULL.
> > > > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > > > > resources.
> > > > > + @retval EFI_UNSUPPORTED Unsupported authentication
> > method
> > > is
> > > > > found.
> > > > > +
> > > > > +**/
> > > > > +EFI_STATUS
> > > > > +EFIAPI
> > > > > +LibCredentialGetAuthInfo (
> > > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > > > > + OUT CHAR8 **UserId,
> > > > > + OUT CHAR8 **Password
> > > > > +);
> > > > > +
> > > > > +/**
> > > > > + Notify the Redfish service provide to stop provide
> > > > > +configuration service to
> > > > > this platform.
> > > > > +
> > > > > + This function should be called when the platfrom is about to
> > > > > + leave the safe
> > > > > environment.
> > > > > + It will notify the Redfish service provider to abort all
> > > > > + logined session, and
> > > > > prohibit
> > > > > + further login with original auth info. GetAuthInfo() will
> > > > > + return
> > > > > EFI_UNSUPPORTED once this
> > > > > + function is returned.
> > > > > +
> > > > > + @param[in] This Pointer to
> > > > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > > > + @param[in] ServiceStopType Reason of stopping Redfish service.
> > > > > +
> > > > > + @retval EFI_SUCCESS Service has been stoped successfully.
> > > > > + @retval EFI_INVALID_PARAMETER This is NULL.
> > > > > + @retval Others Some error happened.
> > > > > +
> > > > > +**/
> > > > > +EFI_STATUS
> > > > > +EFIAPI
> > > > > +LibStopRedfishService (
> > > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> > > ServiceStopType
> > > > > +);
> > > > > +#endif
> > > > > diff --git
> > > > > a/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentia
> > > > > lL
> > > > > ib
> > > > > Nu
> > > > > ll.c
> > > > > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentia
> > > > > lL
> > > > > ib
> > > > > Nu
> > > > > ll.c
> > > > > new file mode 100644
> > > > > index 0000000000..39de622d59
> > > > > --- /dev/null
> > > > > +++
> > > > > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentia
> > > > > lL
> > > > > ib
> > > > > Nu
> > > > > ll.c
> > > > > @@ -0,0 +1,101 @@
> > > > > +/** @file
> > > > > + NULL instace of RedfishPlatformCredentialLib
> > > > > +
> > > > > + (C) Copyright 2020 Hewlett Packard Enterprise Development
> > > > > + LP<BR>
> > > > > +
> > > > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > > +
> > > > > +**/
> > > > > +#include <Uefi.h>
> > > > > +#include <Protocol/EdkIIRedfishCredential.h>
> > > > > +/**
> > > > > + Notification of Exit Boot Service.
> > > > > +
> > > > > + @param[in] This Pointer to
> > EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > > > > +**/
> > > > > +VOID
> > > > > +EFIAPI
> > > > > +LibCredentialExitBootServicesNotify (
> > > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
> > > > > +)
> > > > > +{
> > > > > + return;
> > > > > +}
> > > > > +
> > > > > +/**
> > > > > + Notification of End of DXe.
> > > > > +
> > > > > + @param[in] This Pointer to
> > EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > > > > +**/
> > > > > +VOID
> > > > > +EFIAPI
> > > > > +LibCredentialEndOfDxeNotify (
> > > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
> > > > > +)
> > > > > +{
> > > > > + return;
> > > > > +}
> > > > > +
> > > > > +/**
> > > > > + Retrieve platform's Redfish authentication information.
> > > > > +
> > > > > + This functions returns the Redfish authentication method
> > > > > + together with
> > > > > the user Id and
> > > > > + password.
> > > > > + - For AuthMethodNone, the UserId and Password could be used
> > > > > + for HTTP
> > > > > header authentication
> > > > > + as defined by RFC7235.
> > > > > + - For AuthMethodRedfishSession, the UserId and Password could
> > > > > + be used
> > > > > for Redfish
> > > > > + session login as defined by Redfish API specification (DSP0266).
> > > > > +
> > > > > + Callers are responsible for and freeing the returned string storage.
> > > > > +
> > > > > + @param[in] This Pointer to
> > > > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > > > + @param[out] AuthMethod Type of Redfish authentication
> > > method.
> > > > > + @param[out] UserId The pointer to store the returned
> UserId
> > > > > string.
> > > > > + @param[out] Password The pointer to store the returned
> > > > Password
> > > > > string.
> > > > > +
> > > > > + @retval EFI_SUCCESS Get the authentication information
> > > > > successfully.
> > > > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> > > EndOfDxe.
> > > > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId
> or
> > > > > Password is NULL.
> > > > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > > > > resources.
> > > > > + @retval EFI_UNSUPPORTED Unsupported authentication
> > method
> > > is
> > > > > found.
> > > > > +
> > > > > +**/
> > > > > +EFI_STATUS
> > > > > +EFIAPI
> > > > > +LibCredentialGetAuthInfo (
> > > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > > > > + OUT CHAR8 **UserId,
> > > > > + OUT CHAR8 **Password
> > > > > +)
> > > > > +{
> > > > > + return EFI_UNSUPPORTED;
> > > > > +}
> > > > > +
> > > > > +/**
> > > > > + Notify the Redfish service provide to stop provide
> > > > > +configuration service to
> > > > > this platform.
> > > > > +
> > > > > + This function should be called when the platfrom is about to
> > > > > + leave the safe
> > > > > environment.
> > > > > + It will notify the Redfish service provider to abort all
> > > > > + logined session, and
> > > > > prohibit
> > > > > + further login with original auth info. GetAuthInfo() will
> > > > > + return
> > > > > EFI_UNSUPPORTED once this
> > > > > + function is returned.
> > > > > +
> > > > > + @param[in] This Pointer to
> > > > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > > > + @param[in] ServiceStopType Reason of stopping Redfish service.
> > > > > +
> > > > > + @retval EFI_SUCCESS Service has been stoped successfully.
> > > > > + @retval EFI_INVALID_PARAMETER This is NULL or given the
> worng
> > > > > ServiceStopType.
> > > > > + @retval EFI_UNSUPPORTED Not support to stop Redfish
> service.
> > > > > + @retval Others Some error happened.
> > > > > +
> > > > > +**/
> > > > > +EFI_STATUS
> > > > > +EFIAPI
> > > > > +LibStopRedfishService (
> > > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> > > ServiceStopType
> > > > > + )
> > > > > +{
> > > > > + return EFI_UNSUPPORTED;
> > > > > +}
> > > > > +
> > > > > diff --git
> > > > > a/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentia
> > > > > lL
> > > > > ib
> > > > > Nu
> > > > > ll.in
> > > > > f
> > > > > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentia
> > > > > lL
> > > > > ib
> > > > > Nu
> > > > > ll.in
> > > > > f
> > > > > new file mode 100644
> > > > > index 0000000000..4c22e89718
> > > > > --- /dev/null
> > > > > +++
> > > > > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentia
> > > > > lL
> > > > > ib
> > > > > Nu
> > > > > ll.in
> > > > > f
> > > > > @@ -0,0 +1,30 @@
> > > > > +## @file
> > > > > +# NULL instance of RedfishPlatformCredentialLib # # (C)
> > > > > +Copyright
> > > > > +2020 Hewlett Packard Enterprise Development LP<BR> # #
> > > > > +SPDX-License-Identifier: BSD-2-Clause-Patent # ##
> > > > > +
> > > > > +[Defines]
> > > > > + INF_VERSION = 0x0001000b
> > > > > + BASE_NAME = RedfishPlatformCredentialLibNull
> > > > > + FILE_GUID = CA3BD843-0BDD-4EE0-A38A-B45CA663114F
> > > > > + MODULE_TYPE = DXE_DRIVER
> > > > > + VERSION_STRING = 1.0
> > > > > + LIBRARY_CLASS = RedfishPlatformCredentialLib
> > > > > +
> > > > > +#
> > > > > +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 RISCV64
> > > > > +#
> > > > > +
> > > > > +[Sources]
> > > > > + PlatformCredentialLibNull.c
> > > > > +
> > > > > +[Packages]
> > > > > + MdePkg/MdePkg.dec
> > > > > + MdeModulePkg/MdeModulePkg.dec
> > > > > + RedfishPkg/RedfishPkg.dec
> > > > > +
> > > > > +
> > > > > diff --git a/RedfishPkg/Redfish.fdf.inc
> > > > > b/RedfishPkg/Redfish.fdf.inc index 19de479a80..24e32e0abf 100644
> > > > > --- a/RedfishPkg/Redfish.fdf.inc
> > > > > +++ b/RedfishPkg/Redfish.fdf.inc
> > > > > @@ -13,4 +13,5 @@
> > > > > !if $(REDFISH_ENABLE) == TRUE
> > > > > INF RedfishPkg/RestJsonStructureDxe/RestJsonStructureDxe.inf
> > > > > INF
> > > > > RedfishPkg/RedfishHostInterfaceDxe/RedfishHostInterfaceDxe.inf
> > > > > + INF RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > > > > !endif
> > > > > diff --git a/RedfishPkg/RedfishComponents.dsc.inc
> > > > > b/RedfishPkg/RedfishComponents.dsc.inc
> > > > > index ac1b57ed8f..ff32653ec8 100644
> > > > > --- a/RedfishPkg/RedfishComponents.dsc.inc
> > > > > +++ b/RedfishPkg/RedfishComponents.dsc.inc
> > > > > @@ -15,4 +15,5 @@
> > > > > !if $(REDFISH_ENABLE) == TRUE
> > > > > RedfishPkg/RestJsonStructureDxe/RestJsonStructureDxe.inf
> > > > >
> > > > > RedfishPkg/RedfishHostInterfaceDxe/RedfishHostInterfaceDxe.inf
> > > > > + RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > > > > !endif
> > > > > diff --git
> > > > > a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > > > > b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > > > > new file mode 100644
> > > > > index 0000000000..f48d1d011c
> > > > > --- /dev/null
> > > > > +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > > > > @@ -0,0 +1,209 @@
> > > > > +/** @file
> > > > > + RedfishCrentialDxe produces the
> > > > > +EdkIIRedfishCredentialProtocol for the
> > > > > consumer
> > > > > + to get the Redfish credential Info and to restrict Redfish
> > > > > + access from UEFI
> > > > > side.
> > > > > +
> > > > > + (C) Copyright 2020 Hewlett Packard Enterprise Development
> > > > > + LP<BR>
> > > > > +
> > > > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > > +
> > > > > +**/
> > > > > +
> > > > > +#include <RedfishCredentialDxe.h>
> > > > > +
> > > > > +EDKII_REDFISH_CREDENTIAL_PROTOCOL
> mRedfishCredentialProtocol
> > =
> > > {
> > > > > + RedfishCredentialGetAuthInfo,
> > > > > + RedfishCredentialStopService
> > > > > +};
> > > > > +
> > > > > +/**
> > > > > + Callback function executed when the ExitBootServices event
> > > > > +group is
> > > > > signaled.
> > > > > +
> > > > > + @param[in] Event Event whose notification function is being
> > invoked.
> > > > > + @param[out] Context Pointer to the buffer pass in.
> > > > > +**/
> > > > > +VOID
> > > > > +EFIAPI
> > > > > +RedfishCredentialExitBootServicesEventNotify (
> > > > > + IN EFI_EVENT Event,
> > > > > + OUT VOID *Context
> > > > > + )
> > > > > +{
> > > > > + LibCredentialExitBootServicesNotify
> > > > > ((EDKII_REDFISH_CREDENTIAL_PROTOCOL *)Context);
> > > > > +}
> > > > > +
> > > > > +/**
> > > > > + Callback function executed when the EndOfDxe event group is
> > signaled.
> > > > > +
> > > > > + @param[in] Event Event whose notification function is being
> > invoked.
> > > > > + @param[out] Context Pointer to the buffer pass in.
> > > > > +**/
> > > > > +VOID
> > > > > +EFIAPI
> > > > > +RedfishCredentialEndOfDxeEventNotify (
> > > > > + IN EFI_EVENT Event,
> > > > > + OUT VOID *Context
> > > > > + )
> > > > > +{
> > > > > + LibCredentialEndOfDxeNotify
> > > ((EDKII_REDFISH_CREDENTIAL_PROTOCOL
> > > > > *)Context);
> > > > > +
> > > > > + //
> > > > > + // Close event, so it will not be invoked again.
> > > > > + //
> > > > > + gBS->CloseEvent (Event);
> > > > > +}
> > > > > +
> > > > > +/**
> > > > > + Retrieve platform's Redfish authentication information.
> > > > > +
> > > > > + This functions returns the Redfish authentication method
> > > > > + together with
> > > > > the user Id and
> > > > > + password.
> > > > > + - For AuthMethodNone, the UserId and Password could be used
> > > > > + for HTTP
> > > > > header authentication
> > > > > + as defined by RFC7235.
> > > > > + - For AuthMethodRedfishSession, the UserId and Password could
> > > > > + be used
> > > > > for Redfish
> > > > > + session login as defined by Redfish API specification (DSP0266).
> > > > > +
> > > > > + Callers are responsible for and freeing the returned string storage.
> > > > > +
> > > > > + @param[in] This Pointer to
> > > > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > > > + @param[out] AuthMethod Type of Redfish authentication
> > > method.
> > > > > + @param[out] UserId The pointer to store the returned
> UserId
> > > > > string.
> > > > > + @param[out] Password The pointer to store the returned
> > > > Password
> > > > > string.
> > > > > +
> > > > > + @retval EFI_SUCCESS Get the authentication information
> > > > > successfully.
> > > > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> > > EndOfDxe.
> > > > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId
> or
> > > > > Password is NULL.
> > > > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > > > > resources.
> > > > > + @retval EFI_UNSUPPORTED Unsupported authentication
> > method
> > > is
> > > > > found.
> > > > > +
> > > > > +**/
> > > > > +EFI_STATUS
> > > > > +EFIAPI
> > > > > +RedfishCredentialGetAuthInfo (
> > > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > > > > + OUT CHAR8 **UserId,
> > > > > + OUT CHAR8 **Password
> > > > > + )
> > > > > +{
> > > > > + if (This == NULL || AuthMethod == NULL || UserId == NULL ||
> > > > > +Password
> > > > > == NULL) {
> > > > > + return EFI_INVALID_PARAMETER; }
> > > > > +
> > > > > + return LibCredentialGetAuthInfo (This, AuthMethod,
> > > > > +UserId,Password); }
> > > > > +
> > > > > +/**
> > > > > + Notify the Redfish service provide to stop provide
> > > > > +configuration service to
> > > > > this platform.
> > > > > +
> > > > > + This function should be called when the platfrom is about to
> > > > > + leave the safe
> > > > > environment.
> > > > > + It will notify the Redfish service provider to abort all
> > > > > + logined session, and
> > > > > prohibit
> > > > > + further login with original auth info. GetAuthInfo() will
> > > > > + return
> > > > > EFI_UNSUPPORTED once this
> > > > > + function is returned.
> > > > > +
> > > > > + @param[in] This Pointer to
> > > > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > > > + @param[in] ServiceStopType Reason of stopping Redfish service.
> > > > > +
> > > > > + @retval EFI_SUCCESS Service has been stoped successfully.
> > > > > + @retval EFI_INVALID_PARAMETER This is NULL or given the
> worng
> > > > > ServiceStopType.
> > > > > + @retval EFI_UNSUPPORTED Not support to stop Redfish
> service.
> > > > > + @retval Others Some error happened.
> > > > > +
> > > > > +**/
> > > > > +EFI_STATUS
> > > > > +EFIAPI
> > > > > +RedfishCredentialStopService (
> > > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> > > ServiceStopType
> > > > > + )
> > > > > +{
> > > > > + if (This == NULL) {
> > > > > + return EFI_INVALID_PARAMETER;
> > > > > + }
> > > > > +
> > > > > + return LibStopRedfishService (This, ServiceStopType); }
> > > > > +
> > > > > +/**
> > > > > + Main entry for this driver.
> > > > > +
> > > > > + @param ImageHandle Image handle this driver.
> > > > > + @param SystemTable Pointer to SystemTable.
> > > > > +
> > > > > + @retval EFI_SUCESS This function always complete successfully.
> > > > > +
> > > > > +**/
> > > > > +EFI_STATUS
> > > > > +EFIAPI
> > > > > +RedfishCredentialDxeDriverEntryPoint (
> > > > > + IN EFI_HANDLE ImageHandle,
> > > > > + IN EFI_SYSTEM_TABLE *SystemTable
> > > > > + )
> > > > > +{
> > > > > + EFI_STATUS Status;
> > > > > + EFI_HANDLE Handle;
> > > > > + EFI_EVENT EndOfDxeEvent;
> > > > > + EFI_EVENT ExitBootServiceEvent;
> > > > > +
> > > > > + Handle = NULL;
> > > > > +
> > > > > + //
> > > > > + // Install the RedfishCredentialProtocol onto Handle.
> > > > > + //
> > > > > + Status = gBS->InstallMultipleProtocolInterfaces (
> > > > > + &Handle,
> > > > > + &gEdkIIRedfishCredentialProtocolGuid,
> > > > > + &mRedfishCredentialProtocol,
> > > > > + NULL
> > > > > + );
> > > > > + if (EFI_ERROR (Status)) {
> > > > > + return Status;
> > > > > + }
> > > > > +
> > > > > + //
> > > > > + // After EndOfDxe, if SecureBoot is disabled, Redfish
> > > > > + Credential Protocol
> > > > > should return
> > > > > + // error code to caller to avoid the 3rd code to bypass
> > > > > + Redfish Credential
> > > > > Protocol and
> > > > > + // retrieve userid/pwd directly. So, here, we create EndOfDxe
> > > > > + Event to
> > > > > check SecureBoot
> > > > > + // status.
> > > > > + //
> > > > > + Status = gBS->CreateEventEx (
> > > > > + EVT_NOTIFY_SIGNAL,
> > > > > + TPL_CALLBACK,
> > > > > + RedfishCredentialEndOfDxeEventNotify,
> > > > > + (VOID *)&mRedfishCredentialProtocol,
> > > > > + &gEfiEndOfDxeEventGroupGuid,
> > > > > + &EndOfDxeEvent
> > > > > + );
> > > > > + if (EFI_ERROR (Status)) {
> > > > > + goto ON_ERROR;
> > > > > + }
> > > > > +
> > > > > + //
> > > > > + // After ExitBootServices, Redfish Credential Protocol should
> > > > > + stop the
> > > > > service.
> > > > > + // So, here, we create ExitBootService Event to stop service.
> > > > > + //
> > > > > + Status = gBS->CreateEventEx (
> > > > > + EVT_NOTIFY_SIGNAL,
> > > > > + TPL_CALLBACK,
> > > > > + RedfishCredentialExitBootServicesEventNotify,
> > > > > + (VOID *)&mRedfishCredentialProtocol,
> > > > > + &gEfiEventExitBootServicesGuid,
> > > > > + &ExitBootServiceEvent
> > > > > + );
> > > > > + if (EFI_ERROR (Status)) {
> > > > > + gBS->CloseEvent (EndOfDxeEvent);
> > > > > + goto ON_ERROR;
> > > > > + }
> > > > > +
> > > > > + return EFI_SUCCESS;
> > > > > +
> > > > > +ON_ERROR:
> > > > > +
> > > > > + gBS->UninstallMultipleProtocolInterfaces (
> > > > > + Handle,
> > > > > + &gEdkIIRedfishCredentialProtocolGuid,
> > > > > + &mRedfishCredentialProtocol,
> > > > > + NULL
> > > > > + );
> > > > > +
> > > > > + return Status;
> > > > > +}
> > > > > diff --git
> > > > > a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > > > > b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > > > > new file mode 100644
> > > > > index 0000000000..6e7e417b33
> > > > > --- /dev/null
> > > > > +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > > > > @@ -0,0 +1,75 @@
> > > > > +/** @file
> > > > > + Definition of Redfish Credential DXE driver.
> > > > > +
> > > > > + (C) Copyright 2020 Hewlett Packard Enterprise Development
> > > > > + LP<BR>
> > > > > +
> > > > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > > +
> > > > > +**/
> > > > > +#ifndef EDKII_REDFISH_CREDENTIAL_DXE_H_ #define
> > > > > +EDKII_REDFISH_CREDENTIAL_DXE_H_
> > > > > +
> > > > > +#include <Protocol/EdkIIRedfishCredential.h>
> > > > > +
> > > > > +#include <Library/BaseLib.h>
> > > > > +#include <Library/DebugLib.h>
> > > > > +#include <Library/PrintLib.h>
> > > > > +#include <Library/RedfishCredentialLib.h> #include
> > > > > +<Library/UefiLib.h> #include
> > > > > +<Library/UefiBootServicesTableLib.h>
> > > > > +
> > > > > +/**
> > > > > + Retrieve platform's Redfish authentication information.
> > > > > +
> > > > > + This functions returns the Redfish authentication method
> > > > > + together with
> > > > > the user Id and
> > > > > + password.
> > > > > + - For AuthMethodNone, the UserId and Password could be used
> > > > > + for HTTP
> > > > > header authentication
> > > > > + as defined by RFC7235.
> > > > > + - For AuthMethodRedfishSession, the UserId and Password could
> > > > > + be used
> > > > > for Redfish
> > > > > + session login as defined by Redfish API specification (DSP0266).
> > > > > +
> > > > > + Callers are responsible for and freeing the returned string storage.
> > > > > +
> > > > > + @param[in] This Pointer to
> > > > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > > > + @param[out] AuthMethod Type of Redfish authentication
> > > method.
> > > > > + @param[out] UserId The pointer to store the returned
> UserId
> > > > > string.
> > > > > + @param[out] Password The pointer to store the returned
> > > > Password
> > > > > string.
> > > > > +
> > > > > + @retval EFI_SUCCESS Get the authentication information
> > > > > successfully.
> > > > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> > > EndOfDxe.
> > > > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId
> or
> > > > > Password is NULL.
> > > > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > > > > resources.
> > > > > + @retval EFI_UNSUPPORTED Unsupported authentication
> > method
> > > is
> > > > > found.
> > > > > +
> > > > > +**/
> > > > > +EFI_STATUS
> > > > > +EFIAPI
> > > > > +RedfishCredentialGetAuthInfo (
> > > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > > > > + OUT CHAR8 **UserId,
> > > > > + OUT CHAR8 **Password
> > > > > + );
> > > > > +
> > > > > +/**
> > > > > + Notify the Redfish service provide to stop provide
> > > > > +configuration service to
> > > > > this platform.
> > > > > +
> > > > > + This function should be called when the platfrom is about to
> > > > > + leave the safe
> > > > > environment.
> > > > > + It will notify the Redfish service provider to abort all
> > > > > + logined session, and
> > > > > prohibit
> > > > > + further login with original auth info. GetAuthInfo() will
> > > > > + return
> > > > > EFI_UNSUPPORTED once this
> > > > > + function is returned.
> > > > > +
> > > > > + @param[in] This Pointer to
> > > > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > > > +
> > > > > + @retval EFI_SUCCESS Service has been stoped successfully.
> > > > > + @retval EFI_INVALID_PARAMETER This is NULL.
> > > > > + @retval Others Some error happened.
> > > > > +
> > > > > +**/
> > > > > +EFI_STATUS
> > > > > +EFIAPI
> > > > > +RedfishCredentialStopService (
> > > > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> > > ServiceStopType
> > > > > + );
> > > > > +#endif
> > > > > diff --git
> > > > > a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > > > > b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > > > > new file mode 100644
> > > > > index 0000000000..707d9a04d9
> > > > > --- /dev/null
> > > > > +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > > > > @@ -0,0 +1,51 @@
> > > > > +## @file
> > > > > +# RedfishCredentialDxe is required to produce the # EdkII
> > > > > +RedfishCredentialProtocol for the consumer to get the Redfish #
> > > > > +credential Info and to restrict Redfish access from UEFI side.
> > > > > +#
> > > > > +# (C) Copyright 2020 Hewlett Packard Enterprise Development
> > > > > +LP<BR> #
> > > > > +SPDX-License-Identifier: BSD-2-Clause-Patent # ##
> > > > > +
> > > > > +[Defines]
> > > > > + INF_VERSION = 0x0001000b
> > > > > + BASE_NAME = RedfishCredentialDxe
> > > > > + FILE_GUID = 458CE95A-4942-09A9-5D21-A6B16D5DAD7F
> > > > > + MODULE_TYPE = DXE_DRIVER
> > > > > + VERSION_STRING = 1.0
> > > > > + ENTRY_POINT = RedfishCredentialDxeDriverEntryPoint
> > > > > +
> > > > > +#
> > > > > +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 RISCV64
> > > > > +#
> > > > > +
> > > > > +[Sources]
> > > > > + RedfishCredentialDxe.c
> > > > > + RedfishCredentialDxe.h
> > > > > +
> > > > > +[Packages]
> > > > > + MdePkg/MdePkg.dec
> > > > > + MdeModulePkg/MdeModulePkg.dec
> > > > > + RedfishPkg/RedfishPkg.dec
> > > > > +
> > > > > +[LibraryClasses]
> > > > > + BaseLib
> > > > > + DebugLib
> > > > > + PrintLib
> > > > > + RedfishPlatformCredentialLib
> > > > > + UefiBootServicesTableLib
> > > > > + UefiDriverEntryPoint
> > > > > + UefiRuntimeServicesTableLib
> > > > > + UefiLib
> > > > > +
> > > > > +[Protocols]
> > > > > + gEdkIIRedfishCredentialProtocolGuid ## BY_START
> > > > > +
> > > > > +
> > > > > +[Guids]
> > > > > + gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event
> > > > > + gEfiEventExitBootServicesGuid ## CONSUMES ## Event
> > > > > +
> > > > > +[Depex]
> > > > > + TRUE
> > > > > diff --git a/RedfishPkg/RedfishPkg.dec
> > > > > b/RedfishPkg/RedfishPkg.dec index 861f6dd0c8..fc56b4fefb 100644
> > > > > --- a/RedfishPkg/RedfishPkg.dec
> > > > > +++ b/RedfishPkg/RedfishPkg.dec
> > > > > @@ -21,6 +21,10 @@
> > > > > # Platform implementation-specific Redfish Host Interface.
> > > > >
> > > > > RedfishPlatformHostInterfaceLib|Include/Library/RedfishHostInter
> > > > > RedfishPlatformHostInterfaceLib|fa
> > > > > RedfishPlatformHostInterfaceLib|ce
> > > > > RedfishPlatformHostInterfaceLib|Li
> > > > > RedfishPlatformHostInterfaceLib|b.h
> > > > >
> > > > > + ## @libraryclass Platform Redfish Credential Library
> > > > > + # Platform implementation-specific Redfish Credential Interface.
> > > > > +
> > > > > + RedfishPlatformCredentialLib|Include/Library/RedfishCredentialLib.
> > > > > + h
> > > > > +
> > > > > [Protocols]
> > > > > ## Include/Protocol/RedfishDiscover.h
> > > > > gEfiRedfishDiscoverProtocolGuid = { 0x5db12509, 0x4550, 0x4347,
> > > { 0x96,
> > > > > 0xb3, 0x73, 0xc0, 0xff, 0x6e, 0x86, 0x9f }} diff --git
> > > > > a/RedfishPkg/RedfishPkg.dsc b/RedfishPkg/RedfishPkg.dsc index
> > > > > 94e7127bc6..f7d5b90918 100644
> > > > > --- a/RedfishPkg/RedfishPkg.dsc
> > > > > +++ b/RedfishPkg/RedfishPkg.dsc
> > > > > @@ -32,6 +32,7 @@
> > > > >
> > > > >
> > > >
> > >
> >
> DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/Bas
> > > > > eDebugPrintErrorLevelLib.inf
> > > > > PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
> > > > >
> > > > > RedfishPlatformHostInterfaceLib|RedfishPkg/Library/PlatformHostI
> > > > > RedfishPlatformHostInterfaceLib|nt
> > > > > RedfishPlatformHostInterfaceLib|er
> > > > > RedfishPlatformHostInterfaceLib|fa
> > > > > RedfishPlatformHostInterfaceLib|ce
> > > > > LibNull/PlatformHostInterfaceLibNull.inf
> > > > > +
> > > > > RedfishPlatformCredentialLib|RedfishPkg/Library/PlatformCredenti
> > > > > RedfishPlatformCredentialLib|al
> > > > > RedfishPlatformCredentialLib|Li
> > > > > RedfishPlatformCredentialLib|bN
> > > > > RedfishPlatformCredentialLib|ull/
> > > > > PlatformCredentialLibNull.inf
> > > > >
> > > > > [LibraryClasses.ARM, LibraryClasses.AARCH64]
> > > > > #
> > > > > @@ -43,5 +44,6 @@
> > > > >
> > > > > [Components]
> > > > >
> > > > > RedfishPkg/Library/PlatformHostInterfaceLibNull/PlatformHostInte
> > > > > rf
> > > > > ac
> > > > > eL
> > > > > ibN
> > > > > ull.inf
> > > > > +
> > > > > RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialL
> > > > > ib
> > > > > Nu
> > > > > ll
> > > > > .inf
> > > > >
> > > > > !include RedfishPkg/Redfish.dsc.inc
> > > > > --
> > > > > 2.17.1
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2020-12-16 7:44 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-12-09 8:43 [PATCH 0/2] EDKII Redfish Credential DXE Driver Abner Chang
2020-12-09 8:43 ` [PATCH 1/2] RedfishPkg/Include: EDKII Redfish Credential Header file Abner Chang
2020-12-10 2:44 ` Nickle Wang
2020-12-16 2:37 ` Nickle Wang
2020-12-09 8:43 ` [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish Credential DXE driver Abner Chang
2020-12-10 2:00 ` 回复: [edk2-devel] " gaoliming
2020-12-10 2:12 ` Abner Chang
2020-12-16 2:45 ` Nickle Wang
2020-12-16 7:08 ` Abner Chang
2020-12-16 7:27 ` Abner Chang
2020-12-16 7:37 ` Nickle Wang
2020-12-16 7:43 ` Abner Chang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox