From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 2B7B7740049 for ; Tue, 23 Apr 2024 07:42:11 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=QlbJaK4tl2IxIM3YE+tsT6JlLeC+y1fKfJXCkFbdMoI=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:msip_labels:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1713858129; v=1; b=oWur/4I9bQqDh3b8Eb6WMax2yuiHW42TBKCMB0ggtIjprUkQp3GozVBzIjcKZJ6CW9Ir1MRE TMnLX+c5r6wdw2IxiLoXtI9smFTgzxLXe/VNcWxsAOEBABHuGFUqDiA25PHYMNYCTLyzOPA9Emv A7EmDWZKNUNilYBE5Zx66/bArfpOOzY7B+93QKTIX6lo+DwJwOCQfqlVFe/mqTO2NCxhYugD1hJ W28fAGNgL/TaDu5yBT4dhNhmP4G114iJmZvoaOj48DE9u8eMNbOHwQNaQMsKhs5tugZMRaihNAu DzYGBLIe6gkR7Rc3hFPA3DttWIb8YNnd5WyUo2tEfEi+g== X-Received: by 127.0.0.2 with SMTP id YKIuYY7687511xxzvM0VfjY5; Tue, 23 Apr 2024 00:42:09 -0700 X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.63]) by mx.groups.io with SMTP id smtpd.web10.13233.1713858128327954867 for ; Tue, 23 Apr 2024 00:42:08 -0700 X-Received: from LV8PR12MB9452.namprd12.prod.outlook.com (2603:10b6:408:200::8) by CH3PR12MB9123.namprd12.prod.outlook.com (2603:10b6:610:1a4::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.44; Tue, 23 Apr 2024 07:42:05 +0000 X-Received: from LV8PR12MB9452.namprd12.prod.outlook.com ([fe80::e006:4173:de2c:aca0]) by LV8PR12MB9452.namprd12.prod.outlook.com ([fe80::e006:4173:de2c:aca0%5]) with mapi id 15.20.7409.042; Tue, 23 Apr 2024 07:42:04 +0000 From: "Chang, Abner via groups.io" To: Nickle Wang , Igor Kulchytskyy , "devel@edk2.groups.io" CC: Nick Ramirez Subject: Re: [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg: introduce RedfishBootstrapAccountDxe Thread-Topic: [EXTERNAL] RE: [edk2-redfish-client][PATCH] RedfishClientPkg: introduce RedfishBootstrapAccountDxe Thread-Index: AQHalU0szf5s/hyiVEqnWiacbQ3kzrF1d03g Date: Tue, 23 Apr 2024 07:42:03 +0000 Message-ID: References: <20240418122730.18204-1-nicklew@nvidia.com> In-Reply-To: Accept-Language: en-US, zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_ActionId=02042108-8add-4e61-9fed-ea197e2b5c86;MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_ContentBits=0;MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_Enabled=true;MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_Method=Standard;MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_Name=General;MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_SetDate=2024-04-22T02:10:33Z;MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_SiteId=3dd8961f-e488-4e60-8e11-a82d994e183d; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: LV8PR12MB9452:EE_|CH3PR12MB9123:EE_ x-ms-office365-filtering-correlation-id: e4392b75-ebed-4c7e-c9f9-08dc6368de54 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: =?us-ascii?Q?VVoZ2C+HWEUzSEdLdUtOLrtxIRkN0htqGYtLCPsAzmmaFonxUHZEDlGaMuk1?= =?us-ascii?Q?RnIe29JvSGPQFoDehG7zTfESbDiEHBexqpLlN7faXP/+r9T9uzKMue3I+3CI?= =?us-ascii?Q?OkRwMFc0FhY+NpxfnEpswgrNrB3OUKlA+e+W1uZ5j6s9jKUrPk76wO6zvUhr?= =?us-ascii?Q?+6SP2GAJO0ZNkZp1SzgQKrQF/HUShBITRt+n/cZ+c5Q5qg2cTJzE+oVRBhdC?= =?us-ascii?Q?93NlC7no0DxZNP8gqHoQGBbNXUPOl7mzlkB/EOJu+Yo+BScZlV/0krq7DlLP?= =?us-ascii?Q?gAI//AYaPazj9T5i1d8By+vcwEbSjK/JwahPFc/XYUl3BCFUrmqx4adBS9Dm?= =?us-ascii?Q?VYvftTgZDmi6zGnyC57Fzhh2+Jed9NaKrDq1pbY3MlT7isVLlPsrJiqvfyIF?= =?us-ascii?Q?Z9C8tbnO2aBtOfo5efD66KiFa0x3upkcJfb6Q7jsgQI8tRrRawuPA8NxL7jU?= =?us-ascii?Q?/fm21H1vPwH2/xcm+bFP7HA7nxO0CNmr+sdeLzTbj1rYqSXlBd7ZuYu4CGOM?= =?us-ascii?Q?VYKVkilJPWqUVRUjKdNJiTvuZfTOEEpIW8D6iBD6/zVECbJqwrBKbLQlkZp8?= =?us-ascii?Q?ZdkrzxprR8EXStc4+w2PKbE5/DYG/Tuy9N7yb6Dleksv51+ATRYJKqRM2Ivw?= =?us-ascii?Q?M1RV1rSnwWISpP4RZGNkFX6ZorqWZPURANl9dsbQutS55xeLSQig8fUvIqbk?= =?us-ascii?Q?PvDui6eNhKcAZpXKGTdJSv+ZJK63ic7cBcmocG7jf5lzrG4s/FrqLgJwGnwH?= =?us-ascii?Q?zjCHuzGjD760lpM4tiRLQWBDtfApawyLZV+DEmU18QuZqyP0fSl66rQB2isc?= =?us-ascii?Q?j8R0WIbYJj8HjiFeXHvIelgSCkH9vYIyl8JWCe+JXwPnzfo7155Jao4VjSZy?= =?us-ascii?Q?9arK+wVDO5cp1P1zwmIpH/Qp1DK+8EF3Ze0ckyqQEP20DWSH8XoowhY1+Rfq?= =?us-ascii?Q?NWitts8Ns7r0kvZauyvAb93ve6/S6HftYDrUUuTWOGla3cL+dsUx056FJK7v?= =?us-ascii?Q?yNeqjBG/fFBf4t1flQuvs4XbFH+ayMqWjFGfLSbrefIHo2oiOEEo6jkrpN0K?= =?us-ascii?Q?2+JN6gBLpaMwHBYOQqK3bqnh3LHESJXHw2GS0LTd9LeKC9Hsx6H/QVOGuiAO?= =?us-ascii?Q?AlpwCN3G3q/dEyZkbEa6B87AGsVgWqH7SE5n1+DAKzee9M8nV4UZuv3j8FGT?= =?us-ascii?Q?Bt6ICu07hHTHtR9o5CSbaWsATWWdELW25HDxug9I2Xr8+RVr6EjJM9rK7fZN?= =?us-ascii?Q?dHYVMu+ksqnYo5T//bTzdA/Md/qeFFpmRjvCqY6/yzqzx6uWbsiu0aJ3k76L?= =?us-ascii?Q?vMp3xkx/ym8kPuDiR2qA5N78SbogBg1SDcVvlTOj1dO9RA=3D=3D?= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?6L6eBNweYxQSFSapIBFw0CXr63hNqV9I3tyhjV6iHrSJ80jjFTlIxwOfZLJi?= =?us-ascii?Q?p3pOli1mInXvdczCBZ41Kk47iBZt0Wmd9fbf+XIm1BuNYO6sBrkhN0lCJjs3?= =?us-ascii?Q?3ZlJli97AKRYtlRdde5LWRohbAMCto+4IR7UJa9hsHCCu1kbghAYR3HTkRxa?= =?us-ascii?Q?iKRBhuqmkfH4RVFRkXVwKppkwXlhRYD9X//2YqDze7sD/pnTDfjHAKlhboy/?= =?us-ascii?Q?7PFnLvUVjs1cOklqMtT0I0mZrG+pftLAHYPY2xf4qzE62DUQn+ExNyd1ri21?= =?us-ascii?Q?Eeg+eaNLOIPE39s2M7Tv0/teKPRFNJjHr7Tcd57geA/+IeVVv68g4FVaWcOT?= =?us-ascii?Q?M1VVaT79Lgb9G5i0qq+6hoizJ67NK9iIyG5hHCWFPr1Xutsx3pakJxxwkmo+?= =?us-ascii?Q?qLGRA7PP5rnImTaDIh3XGRGRe92ryZLaDDISLnTj/0UIA2YCAR1KyUkTM9G/?= =?us-ascii?Q?iCh+KFKJISS1qxxcaFeW1kkcSe0gXVZ0rdJWMnrDO/P4Y4D5iQtmfQjPts3B?= =?us-ascii?Q?ad2Of5SFWhIib5jVUEuWivajelqIhEzIC3uDNzTz49Sxd+zpgC5t/WT1Z+k/?= =?us-ascii?Q?xXysfTYBZLa8XfzG7tBbAFw6Mp/+xWIRfRwCQUTKC2fXWD8k9JstM5PGuMbG?= =?us-ascii?Q?two7l5iKKTBlBJxrteXsX3IxvUqa3JME5kWPVUqnvHLL9Y/rwnYJNXuX9MAf?= =?us-ascii?Q?Pi+paR42t8bqDozb8dQ3ZdMGGijWr6PbppX7J2U8e5RXPbtakUJHvX7VB6RL?= =?us-ascii?Q?A9etEhsnvRCeDCoJ3I9yd0sqMIj5PiF2hZxK+nTUqNh+G35JG4JYNnKUrQbu?= =?us-ascii?Q?0DtPAUN5f7/WXltPZ8ferZpYvO52xw+wjn28cQp+7T7c7Gb/agvukGJRCHoh?= =?us-ascii?Q?ibisz+1YacsgYgPgtSEG+ahlAfLYu7VnSi2//p70f6/ooBSHfcgSv5E8NiC9?= =?us-ascii?Q?4K4XiLpxWyETqgovYtXensrnSzMD9lSZ72i9Fbjx15WWGBwhdoU3sS5SKWOA?= =?us-ascii?Q?hxTje6UysO5nFAQjdMr/3LIXWRrUnNR+aLtI8OKHiOhbakTWI5Luoy/sDnOT?= =?us-ascii?Q?5OuKPIhNKeI+g088ksbmqlOvAaTQOZcYnjwQNB9bdvn2LZa8eiVf/Xdp1cW1?= =?us-ascii?Q?rwGcbzeW1nymQYK1Xoj89o1OLYvmUPpxTYz7XPiF1Z5kqZWEeagaiya3hLSP?= =?us-ascii?Q?tIFgKU/BR+buib6XEGefsFD+h/zwJZ6aSWtY7Y++M9HkxKNjkOwu6imrikCx?= =?us-ascii?Q?jFSEhQg/BrSaIJkshEDC+yTcghdsaNPQAqoaqWoCM+46vfgvXwgLWH8doFJp?= =?us-ascii?Q?8rkR7EDeqvmi0pNVcUF4T1RKXQDr9RHalJXZnUUdeaxQNKLseiYMyyBEwKAr?= =?us-ascii?Q?iREP5ZtGEjcv2T17gGj8bQtbDGSXystP/+trrTp93DXThc54k4wHIwxbXwEr?= =?us-ascii?Q?euH486fVmWjGGZvLS656Z2BSgVDfcRbBeQLM8T/jkqPcGwgCDcjAzkjUDfhN?= =?us-ascii?Q?ZQVdXKo58QhhQDS28ZZNMiZNZ8ZOAoAumizL5KIzuBCvQfulQ1vr28ac+z0d?= =?us-ascii?Q?q15ucWGB5nIL+0UxzvA=3D?= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: LV8PR12MB9452.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: e4392b75-ebed-4c7e-c9f9-08dc6368de54 X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Apr 2024 07:42:03.7248 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Ks0SFCdGKmZ4Uan8jNR8PrYF3IbfNxddJu2VkVxIEeA5z6ekB1aYINhawXr6bw7KfoBO4liYBPUJwEcMMuCmhw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR12MB9123 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Tue, 23 Apr 2024 00:42:08 -0700 Resent-From: abner.chang@amd.com Reply-To: devel@edk2.groups.io,abner.chang@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: ZWWuUXpVGlsn2ecROPgHri12x7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b="oWur/4I9"; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io [AMD Official Use Only - General] > -----Original Message----- > From: Nickle Wang > Sent: Tuesday, April 23, 2024 3:09 PM > To: Igor Kulchytskyy ; Chang, Abner > ; devel@edk2.groups.io > Cc: Nick Ramirez > Subject: RE: [EXTERNAL] RE: [edk2-redfish-client][PATCH] RedfishClientPkg= : > introduce RedfishBootstrapAccountDxe > > [AMD Official Use Only - General] > > Caution: This message originated from an External Source. Use proper caut= ion > when opening attachments, clicking links, or responding. > > > Hi Igor, Abner, > > Thanks for your review. Please allow me to answer your questions together= . > > > 1. We suppose acquire the credential before we start to communicate wit= h > Redfish. Will Redfish credential driver create another bootstrap account = here > after provisioning? > No, according to the RedfishPlatformCredentialIpmiLib implementation, > Redfish credential driver requests credential from BMC and will keep it f= or later > use. So only one credential is requested for BIOS Redfish feature drivers= during > POST time. Ok, then I don't have the problem with invoking GetAuthInfo again. However,= I will suggest to add more description in GetAuthInfo function header, men= tion that we will keep the auth info in EFI variable until exist boot servi= ce. Also, give some more descriptions on the code you invoke to GetAuthInfo. > > > 2. And why do we delete the credential after provisioning? How about th= e > later Redfish property updating process? > In this driver, we listen to "AfterProvisioning" event. And this is the e= vent > triggered after Redfish feature driver finish all jobs. There is no featu= re driver > which gets executed after this event. And since we finished all Redfish > operations, we remove this account on BMC. Then this makes sense to me now. > > > Why do we need to delete those credentials? According to spec BMC shoul= d > delete the bootstrap credentials automatically on host or service reset. > Yes, bootstrap credentials get deleted on host reset. In practice, server= in > datacenter usually takes long time running under OS before it gets reboot= ed. > The bootstrap credentials are exposed to end user at > "/redfish/v1/AccountService/Accounts". I got report that there is concern= for > end user to see this unused account. This sounds to me reasonable as we will give bootstrap credential a high pr= ivilege to update Redfish resource. Leave this information in Account servi= ce seems not a good idea. Thanks Abner > > So, I create this driver to allows us to remove bootstrap account at BMC = after > we finish Redfish jobs. And this also release the BMC account resource si= nce > this account won't be used for a long period of time. > > Regards, > Nickle > > > -----Original Message----- > > From: Igor Kulchytskyy > > Sent: Monday, April 22, 2024 11:03 PM > > To: Chang, Abner ; Nickle Wang > > ; devel@edk2.groups.io > > Cc: Nick Ramirez > > Subject: RE: [EXTERNAL] RE: [edk2-redfish-client][PATCH] RedfishClientP= kg: > > introduce RedfishBootstrapAccountDxe > > > > External email: Use caution opening links or attachments > > > > > > Hi Nickle and Abner, > > I also have the same question as Abner. > > Why do we need to delete those credentials? > > According to spec BMC should delete the bootstrap credentials automatic= ally > on > > host or service reset. > > Thank you, > > Igor > > > > -----Original Message----- > > From: Chang, Abner > > Sent: Sunday, April 21, 2024 10:25 PM > > To: Nickle Wang ; devel@edk2.groups.io > > Cc: Igor Kulchytskyy ; Nick Ramirez > > > Subject: [EXTERNAL] RE: [edk2-redfish-client][PATCH] RedfishClientPkg: > > introduce RedfishBootstrapAccountDxe > > > > > > **CAUTION: The e-mail below is from an external source. Please exercise > > caution before opening attachments, clicking links, or following guidan= ce.** > > > > [AMD Official Use Only - General] > > > > Hi Nickle, > > One comment and few questions, > > > > > -----Original Message----- > > > From: Nickle Wang > > > Sent: Thursday, April 18, 2024 8:28 PM > > > To: devel@edk2.groups.io > > > Cc: Chang, Abner ; Igor Kulchytskyy > > > ; Nick Ramirez > > > Subject: [edk2-redfish-client][PATCH] RedfishClientPkg: introduce > > > RedfishBootstrapAccountDxe > > > > > > Caution: This message originated from an External Source. Use proper > > > caution when opening attachments, clicking links, or responding. > > > > > > > > > -Introduce RedfishBootstrapAccountDxe to delete bootstrap account fro= m > > > /redfish/v1/AccountService/Accounts after BIOS finished all Redfish > > > jobs. The bootstrap account won't be available to other application. > > > So deleting bootstrap account helps to release resource at BMC. > > > - After bootstrap account is deleted at BMC, the Redfish service > > > instance is no longer usable. Close Redfish service instance to > > > release the HTTP connection between BIOS and BMC. > > > > > > Signed-off-by: Nickle Wang > > > Cc: Abner Chang > > > Cc: Igor Kulchytskyy > > > Cc: Nick Ramirez > > > --- > > > .../RedfishClientComponents.dsc.inc | 1 + > > > .../RedfishBootstrapAccountDxe.inf | 53 +++ > > > .../RedfishBootstrapAccountDxe.h | 58 ++++ > > > .../RedfishBootstrapAccountDxe.c | 328 ++++++++++++++++= ++ > > > RedfishClientPkg/RedfishClient.fdf.inc | 1 + > > > 5 files changed, 441 insertions(+) > > > create mode 100644 > > > > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe > > > .inf > > > create mode 100644 > > > > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe > > > .h > > > create mode 100644 > > > > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe > > > .c > > > > > > diff --git a/RedfishClientPkg/RedfishClientComponents.dsc.inc > > > b/RedfishClientPkg/RedfishClientComponents.dsc.inc > > > index 42fc0c299..fe5248b62 100644 > > > --- a/RedfishClientPkg/RedfishClientComponents.dsc.inc > > > +++ b/RedfishClientPkg/RedfishClientComponents.dsc.inc > > > @@ -20,6 +20,7 @@ > > > RedfishClientPkg/HiiToRedfishMemoryDxe/HiiToRedfishMemoryDxe.inf > > > RedfishClientPkg/HiiToRedfishBootDxe/HiiToRedfishBootDxe.inf > > > RedfishClientPkg/HiiToRedfishBiosDxe/HiiToRedfishBiosDxe.inf > > > + > > > > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe > > > .inf > > > !endif > > > # > > > # Below two modules should be pulled in by build tool. > > > diff --git > > > > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD > > > xe.in > > > f > > > > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD > > > xe.in > > > f > > > new file mode 100644 > > > index 000000000..4073e95f4 > > > --- /dev/null > > > +++ > > > > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD > > > xe.in > > > f > > > @@ -0,0 +1,53 @@ > > > +## @file > > > +# This driver deletes bootstrap account in BMC after BIOS Redfish > > > +finished # all jobs # # (C) Copyright 2021 Hewlett Packard > > > +Enterprise Development LP
# Copyright (c) 2023, NVIDIA > > > +CORPORATION & AFFILIATES. All rights reserved. > > > > > > Not sure if you want to update the copyright to 2024. > > > > > > > +# > > > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ## > > > + > > > +[Defines] > > > + INF_VERSION =3D 0x0001000b > > > + BASE_NAME =3D RedfishBootstrapAccountDxe > > > + FILE_GUID =3D 87555253-2F7E-45FC-B469-FD35B2E51210 > > > + MODULE_TYPE =3D DXE_DRIVER > > > + VERSION_STRING =3D 1.0 > > > + ENTRY_POINT =3D RedfishBootstrapAccountEntryPoint > > > + UNLOAD_IMAGE =3D RedfishBootstrapAccountUnload > > > + > > > +[Packages] > > > + MdePkg/MdePkg.dec > > > + MdeModulePkg/MdeModulePkg.dec > > > + RedfishPkg/RedfishPkg.dec > > > + RedfishClientPkg/RedfishClientPkg.dec > > > + > > > +[Sources] > > > + RedfishBootstrapAccountDxe.h > > > + RedfishBootstrapAccountDxe.c > > > + > > > +[LibraryClasses] > > > + BaseLib > > > + BaseMemoryLib > > > + DebugLib > > > + MemoryAllocationLib > > > + PrintLib > > > + RedfishEventLib > > > + RedfishFeatureUtilityLib > > > + RedfishDebugLib > > > + RedfishVersionLib > > > + RedfishHttpLib > > > + UefiLib > > > + UefiBootServicesTableLib > > > + UefiRuntimeServicesTableLib > > > + UefiDriverEntryPoint > > > + > > > +[Protocols] > > > + gEdkIIRedfishConfigHandlerProtocolGuid ## CONSUMES ## > > > + gEdkIIRedfishCredentialProtocolGuid ## CONSUMES ## > > > + gEfiRestExProtocolGuid ## CONSUMES ## > > > + > > > +[Depex] > > > + gEdkIIRedfishCredentialProtocolGuid > > > diff --git > > > > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD > > > xe.h > > > > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD > > > xe.h > > > new file mode 100644 > > > index 000000000..5262f1e6b > > > --- /dev/null > > > +++ > > > > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD > > > xe.h > > > @@ -0,0 +1,58 @@ > > > +/** @file > > > + Common header file for RedfishBootstrapAccountDxe driver. > > > + > > > + (C) Copyright 2021-2022 Hewlett Packard Enterprise Development > > > + LP
Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All > rights > > reserved. > > > + > > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > > + > > > +**/ > > > + > > > +#ifndef REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_ #define > > > +REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_ > > > + > > > +#include > > > +#include > > > + > > > +// > > > +// Libraries > > > +// > > > +#include > > > +#include > > > +#include > > > + > > > +#include #include > > > + #include #include > > > + > > > +#include > > > +#include #include > > > + #include > > > + > > > +#include #include > > > + #include > > > + > > > +#include > > > +#include > > > +#include > > > + > > > +#define REDFISH_BOOTSTRAP_ACCOUNT_DEBUG DEBUG_VERBOSE > > > +#define REDFISH_MANAGER_ACCOUNT_COLLECTION_URI > > > L"AccountService/Accounts" > > > +#define REDFISH_URI_LENGTH 128 > > > + > > > +// > > > +// Definitions of REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE // typedef > struct > > > +{ > > > + EFI_HANDLE ImageHandle; > > > + EFI_HANDLE RestExHandle; > > > + REDFISH_SERVICE RedfishService; > > > + EFI_EVENT RedfishEvent; > > > + EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL Protocol; > > > +} REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE; > > > + > > > +#define > REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL(This) \ > > > + BASE_CR ((This), REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE, > > > +Protocol) > > > + > > > +#endif > > > diff --git > > > > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD > > > xe.c > > > > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD > > > xe.c > > > new file mode 100644 > > > index 000000000..6fe4856f8 > > > --- /dev/null > > > +++ > > > > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD > > > xe.c > > > @@ -0,0 +1,328 @@ > > > +/** @file > > > + This driver deletes bootstrap account in BMC after BIOS Redfish > > > +finished > > > + all jobs. > > > + > > > + (C) Copyright 2021-2022 Hewlett Packard Enterprise Development > > > + LP
Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All > rights > > reserved. > > > + > > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > > + > > > +**/ > > > + > > > +#include "RedfishBootstrapAccountDxe.h" > > > + > > > +REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *mBootstrapPrivate =3D NULL; > > > + > > > +/** > > > + Close Redfish service instance by calling RestEx protocol to relea= se > instance. > > > + > > > + @param[in] RestExHandle Handle of RestEx protocol. > > > + > > > + @retval EFI_SUCCESS The Redfish service is closed succes= sfully. > > > + @retval EFI_INVALID_PARAMETER RestExHandle is NULL. > > > + @retval Others Error occurs. > > > + > > > +**/ > > > +EFI_STATUS > > > +CloseRedfishService ( > > > + IN EFI_HANDLE RestExHandle > > > + ) > > > +{ > > > + EFI_REST_EX_PROTOCOL *RestEx; > > > + EFI_STATUS Status; > > > + > > > + if (RestExHandle =3D=3D NULL) { > > > + return EFI_INVALID_PARAMETER; > > > + } > > > + > > > + Status =3D gBS->HandleProtocol ( > > > + RestExHandle, > > > + &gEfiRestExProtocolGuid, > > > + (VOID **)&RestEx > > > + ); > > > + if (!EFI_ERROR (Status)) { > > > + Status =3D RestEx->Configure (RestEx, NULL); > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: release RestEx > > > instance: %r\n", __func__, Status)); > > > + } > > > + > > > + return Status; > > > +} > > > + > > > +/** > > > + Callback function executed when the AfterProvisioning event group > > > +is > > > signaled. > > > + > > > + @param[in] Event Event whose notification function is being i= nvoked. > > > + @param[out] Context Pointer to the Context buffer > > > + > > > +**/ > > > +VOID > > > +EFIAPI > > > +RedfishBootstrapAccountOnRedfishAfterProvisioning ( > > > + IN EFI_EVENT Event, > > > + OUT VOID *Context > > > + ) > > > +{ > > > + EFI_STATUS Status; > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private; > > > + EDKII_REDFISH_CREDENTIAL_PROTOCOL *credentialProtocol; > > > + EDKII_REDFISH_AUTH_METHOD AuthMethod; > > > + CHAR8 *AccountName; > > > + CHAR8 *AccountCredential; > > > + CHAR16 TargetUri[REDFISH_URI_LENGTH]; > > > + CHAR16 *RedfishVersion; > > > + REDFISH_RESPONSE RedfishResponse; > > > + > > > + RedfishVersion =3D NULL; > > > + > > > + Private =3D (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *)Context; if > > > + ((Private =3D=3D NULL) || (Private->RedfishService =3D=3D NULL)) { > > > + DEBUG ((DEBUG_ERROR, "%a: Redfish service is not available\n", > > > __func__)); > > > + return; > > > + } > > > + > > > + // > > > + // Locate Redfish Credential Protocol to get credential for // > > > + accessing to Redfish service. > > > + // > > > + Status =3D gBS->LocateProtocol ( > > > + &gEdkIIRedfishCredentialProtocolGuid, > > > + NULL, > > > + (VOID **)&credentialProtocol > > > + ); > > > + if (EFI_ERROR (Status)) { > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: No Redfish > > > Credential Protocol is installed on system.", __func__)); > > > + return; > > > + } > > > + > > > + Status =3D credentialProtocol->GetAuthInfo ( > > > + credentialProtocol, > > > + &AuthMethod, > > > + &AccountName, > > > + &AccountCredential > > > + ); > > > > HI Nickle, I am not quite understand why do we acquire a credential her= e but > > delete it from the Redfish account service here after provision. > > 1. We suppose acquire the credential before we start to communicate wit= h > > Redfish. Will Redfish credential driver create another bootstrap accoun= t here > > after provisioning? > > 2. And why do we delete the credential after provisioning? How about th= e > later > > Redfish property updating process? > > Or do I misunderstand the code logic? > > > > Regards, > > Abner > > > > > + if (EFI_ERROR (Status)) { > > > + DEBUG ((DEBUG_ERROR, "%a: can not get bootstrap account > information: > > > %r\n", __func__, Status)); > > > + return; > > > + } > > > + > > > + // > > > + // Carving the URI > > > + // > > > + RedfishVersion =3D RedfishGetVersion (Private->RedfishService); i= f > > > + (RedfishVersion =3D=3D NULL) { > > > + DEBUG ((DEBUG_ERROR, "%a: can not get Redfish version\n", > __func__)); > > > + return; > > > + } > > > + > > > + UnicodeSPrint (TargetUri, (sizeof (CHAR16) * REDFISH_URI_LENGTH), > > > L"%s%s/%a", RedfishVersion, > > REDFISH_MANAGER_ACCOUNT_COLLECTION_URI, > > > AccountName); > > > + > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap > account: > > > %a\n", __func__, AccountName)); > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap > > > credential: %a\n", __func__, AccountCredential)); > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap URI: > > > %s\n", __func__, TargetUri)); > > > + > > > + // > > > + // Remove bootstrap account at /redfish/v1/AccountService/Account > > > + // > > > + ZeroMem (&RedfishResponse, sizeof (REDFISH_RESPONSE)); Status =3D > > > + RedfishHttpDeleteResource ( > > > + Private->RedfishService, > > > + TargetUri, > > > + &RedfishResponse > > > + ); > > > + if (EFI_ERROR (Status)) { > > > + DEBUG ((DEBUG_ERROR, "%a: can not remove bootstrap account at > BMC: > > > %r", __func__, Status)); > > > + DumpRedfishResponse (__func__, DEBUG_ERROR, > &RedfishResponse); } > > > + else { > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap > > account: > > > %a is removed from: %s\n", __func__, AccountName, > > > REDFISH_MANAGER_ACCOUNT_COLLECTION_URI)); > > > + } > > > + > > > + // > > > + // Clean credential > > > + // > > > + ZeroMem (AccountName, AsciiStrSize (AccountName)); ZeroMem > > > + (AccountCredential, AsciiStrSize (AccountCredential)); > > > + > > > + // > > > + // Since the bootstrap account is deleted at BMC, the Redfish > > > + service instance > > > is no longer usable. > > > + // Close Redfish service instance to release the HTTP connection > > > + between > > > BIOS and BMC. > > > + // > > > + Status =3D CloseRedfishService (Private->RestExHandle); if > > > + (EFI_ERROR (Status)) { > > > + DEBUG ((DEBUG_ERROR, "%a: cannot close Redfish service instance: > > > + %r\n", > > > __func__, Status)); > > > + } > > > + > > > + RedfishHttpFreeResponse (&RedfishResponse); > > > + > > > + return; > > > +} > > > + > > > +/** > > > + Initialize a Redfish configure handler. > > > + > > > + This function will be called by the Redfish config driver to > > > + initialize each > > > Redfish configure > > > + handler. > > > + > > > + @param[in] This Pointer to > > > EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance. > > > + @param[in] RedfishConfigServiceInfo Redfish service informaiton. > > > + > > > + @retval EFI_SUCCESS The handler has been initiali= zed > successfully. > > > + @retval EFI_DEVICE_ERROR Failed to create or configure= the REST > EX > > > protocol instance. > > > + @retval EFI_ALREADY_STARTED This handler has already been > > > initialized. > > > + @retval Other Error happens during the init= ialization. > > > + > > > +**/ > > > +EFI_STATUS > > > +EFIAPI > > > +RedfishBootstrapAccountInit ( > > > + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This, > > > + IN REDFISH_CONFIG_SERVICE_INFORMATION > *RedfishConfigServiceInfo > > > + ) > > > +{ > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private; > > > + > > > + Private =3D REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL > > > (This); > > > + > > > + Private->RedfishService =3D RedfishCreateService > > > + (RedfishConfigServiceInfo); if (Private->RedfishService =3D=3D NUL= L) { > > > + return EFI_DEVICE_ERROR; > > > + } > > > + > > > + Private->RestExHandle =3D RedfishConfigServiceInfo- > > > >RedfishServiceRestExHandle; > > > + > > > + return EFI_SUCCESS; > > > +} > > > + > > > +/** > > > + Stop a Redfish configure handler. > > > + > > > + @param[in] This Pointer to > > > EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance. > > > + > > > + @retval EFI_SUCCESS This handler has been stoped succ= essfully. > > > + @retval Others Some error happened. > > > + > > > +**/ > > > +EFI_STATUS > > > +EFIAPI > > > +RedfishBootstrapAccountStop ( > > > + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This > > > + ) > > > +{ > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private; > > > + > > > + Private =3D REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL > > > (This); > > > + > > > + if (Private->RedfishService !=3D NULL) { > > > + RedfishCleanupService (Private->RedfishService); > > > + Private->RedfishService =3D NULL; > > > + } > > > + > > > + return EFI_SUCCESS; > > > +} > > > + > > > +EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL mRedfishConfigHandler =3D > { > > > + RedfishBootstrapAccountInit, > > > + RedfishBootstrapAccountStop > > > +}; > > > + > > > +/** > > > + Unloads an image. > > > + > > > + @param[in] ImageHandle Handle that identifies the image= to be > > > unloaded. > > > + > > > + @retval EFI_SUCCESS The image has been unloaded. > > > + @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image > handle. > > > + > > > +**/ > > > +EFI_STATUS > > > +EFIAPI > > > +RedfishBootstrapAccountUnload ( > > > + IN EFI_HANDLE ImageHandle > > > + ) > > > +{ > > > + EFI_STATUS Status; > > > + > > > + if (mBootstrapPrivate =3D=3D NULL) { > > > + return EFI_SUCCESS; > > > + } > > > + > > > + if (mBootstrapPrivate->RedfishEvent !=3D NULL) { > > > + gBS->CloseEvent (mBootstrapPrivate->RedfishEvent); > > > + } > > > + > > > + Status =3D gBS->UninstallProtocolInterface ( > > > + mBootstrapPrivate->ImageHandle, > > > + &gEdkIIRedfishConfigHandlerProtocolGuid, > > > + (VOID *)&mBootstrapPrivate->Protocol > > > + ); > > > + if (EFI_ERROR (Status)) { > > > + DEBUG ((DEBUG_ERROR, "%a: can not uninstall Redfish config > > > + handler > > > protocol: %r\n", __func__, Status)); > > > + } > > > + > > > + FreePool (mBootstrapPrivate); > > > + mBootstrapPrivate =3D NULL; > > > + > > > + return EFI_SUCCESS; > > > +} > > > + > > > +/** > > > + This is the declaration of an EFI image entry point. This entry > > > +point is > > > + the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers > > > +including > > > + both device drivers and bus drivers. > > > + > > > + @param[in] ImageHandle The firmware allocated handle for th= e UEFI > > > image. > > > + @param[in] SystemTable A pointer to the EFI System Table. > > > + > > > + @retval EFI_SUCCESS The operation completed successfully= . > > > + @retval Others An unexpected error occurred. > > > +**/ > > > +EFI_STATUS > > > +EFIAPI > > > +RedfishBootstrapAccountEntryPoint ( > > > + IN EFI_HANDLE ImageHandle, > > > + IN EFI_SYSTEM_TABLE *SystemTable > > > + ) > > > +{ > > > + EFI_STATUS Status; > > > + > > > + if (mBootstrapPrivate !=3D NULL) { > > > + return EFI_ALREADY_STARTED; > > > + } > > > + > > > + mBootstrapPrivate =3D AllocateZeroPool (sizeof > > > (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE)); > > > + if (mBootstrapPrivate =3D=3D NULL) { > > > + return EFI_OUT_OF_RESOURCES; > > > + } > > > + > > > + CopyMem (&mBootstrapPrivate->Protocol, &mRedfishConfigHandler, > > > + sizeof > > > (EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL)); > > > + Status =3D gBS->InstallProtocolInterface ( > > > + &ImageHandle, > > > + &gEdkIIRedfishConfigHandlerProtocolGuid, > > > + EFI_NATIVE_INTERFACE, > > > + &mBootstrapPrivate->Protocol > > > + ); > > > + if (EFI_ERROR (Status)) { > > > + DEBUG ((DEBUG_ERROR, "%a: can not install Redfish config handler > > > protocol: %r\n", __func__, Status)); > > > + goto ON_ERROR; > > > + } > > > + > > > + // > > > + // Register after provisioning event to remove bootstrap account. > > > + // > > > + Status =3D CreateAfterProvisioningEvent ( > > > + RedfishBootstrapAccountOnRedfishAfterProvisioning, > > > + (VOID *)mBootstrapPrivate, > > > + &mBootstrapPrivate->RedfishEvent > > > + ); > > > + if (EFI_ERROR (Status)) { > > > + DEBUG ((DEBUG_ERROR, "%a: failed to register after-provisioning > event: > > > %r\n", __func__, Status)); > > > + goto ON_ERROR; > > > + } > > > + > > > + return EFI_SUCCESS; > > > + > > > +ON_ERROR: > > > + > > > + RedfishBootstrapAccountUnload (ImageHandle); > > > + > > > + return Status; > > > +} > > > diff --git a/RedfishClientPkg/RedfishClient.fdf.inc > > > b/RedfishClientPkg/RedfishClient.fdf.inc > > > index 154f641b2..47e5093f2 100644 > > > --- a/RedfishClientPkg/RedfishClient.fdf.inc > > > +++ b/RedfishClientPkg/RedfishClient.fdf.inc > > > @@ -15,6 +15,7 @@ > > > INF RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.i= nf > > > INF RedfishClientPkg/RedfishETagDxe/RedfishETagDxe.inf > > > INF > > > > RedfishClientPkg/RedfishConfigLangMapDxe/RedfishConfigLangMapDxe.inf > > > + INF > > > > > > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe > .inf > > > INF RedfishClientPkg/Features/Memory/V1_7_1/Dxe/MemoryDxe.inf > > > INF > > > > RedfishClientPkg/Features/MemoryCollectionDxe/MemoryCollectionDxe.inf > > > INF > > > > > > RedfishClientPkg/Features/ComputerSystem/v1_5_0/Dxe/ComputerSystemD > xe. > > > i > > > nf > > > -- > > > 2.34.1 > > > > -The information contained in this message may be confidential and > proprietary > > to American Megatrends (AMI). This communication is intended to be read > only by > > the individual or entity to whom it is addressed or by their designee. = If the > reader > > of this message is not the intended recipient, you are on notice that a= ny > > distribution of this message, in any form, is strictly prohibited. Plea= se > promptly > > notify the sender by reply e-mail or by telephone at 770-246-8600, and > then > > delete or destroy all copies of the transmission. -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118129): https://edk2.groups.io/g/devel/message/118129 Mute This Topic: https://groups.io/mt/105596648/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-