From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (NAM04-BN8-obe.outbound.protection.outlook.com [40.107.100.78]) by mx.groups.io with SMTP id smtpd.web10.6649.1678339385004877876 for ; Wed, 08 Mar 2023 21:23:05 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=xyuP3ByO; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.100.78, mailfrom: abner.chang@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SXv+7INfeG5Na+jKnTW8eiW38+UVxJs90Cx0aK6WCbDA6btGRAG84sjvakyPsKnl99AdKglFv4viW0iVAOetcQfMpFx0eeGUMnyVUvZo4eqzjt//q20Dg2FvjKfcfdiCg1UI2rVDy6xYQaR2+6Jve0OyTxjgVvN1FsPI1lckU2C6+V7r1EpkRf+80tDu9I/+tvIzvoy+iOENA8i4gQM894vjHHNkC21n/tR1taEDLoDNagdIyfgrNJVn03c+w4/0WGISt7uVeINl6SPpQZfM4JUfzouKwQ3NbSB50q7UdOX9r8pcUIlQSslwrij72scOedVDQdBADHiy/fQM0RN+0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iTklB99j3kDk9x7f6cluflpGV9v8YdppGyt5NcWSX1E=; b=QTgE1KEoAC/4ESWzxZtsQMs0z3k9rMCgQsxLCLSv63iL3+TudmOhqKc+/I3C3w6pXvpVT9VfYFaYgSu/3Nj1JcweOOHhw9wgZcYjq1c5lLJbYkRXDoxno3mdCZ/dfwp4/u9WkoaC/WJEzwthKy6AjyXUEQEmf7C4k6mWTL59Uooh4hUPL45ai7NAnrJQjGSaj2z18+U+czgr8BDV1vXV+X3ceoB2pJuuY4OGpy9DsZHYeFz3Jn+1C1e7QmxKhGN+CyfxwkjrVtUflhDiKEGgNkSo4QeefHdA6jXiVkWIQYAlMamOpFl3uE0MARkP0rB0/YMbB04u6POqvpSaBBHK1A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iTklB99j3kDk9x7f6cluflpGV9v8YdppGyt5NcWSX1E=; b=xyuP3ByOXhVF6d1yY06zesYeqgVgKdSyig34RwLDcdtWwzg2ga/8Oe75pYekDUAfDxaCNdofiSE0YimIJSJ918V9xGRidItEXK83NhYD3hmKAaj59p7gY+jZ70xfdVbv1bKAOktzEaYegkAySZWIwC+M8Fw80DpPKYTAh3UOIn8= Received: from MN2PR12MB3966.namprd12.prod.outlook.com (2603:10b6:208:165::18) by SJ1PR12MB6123.namprd12.prod.outlook.com (2603:10b6:a03:45a::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.16; Thu, 9 Mar 2023 05:23:01 +0000 Received: from MN2PR12MB3966.namprd12.prod.outlook.com ([fe80::8136:1f56:53e5:6fe]) by MN2PR12MB3966.namprd12.prod.outlook.com ([fe80::8136:1f56:53e5:6fe%3]) with mapi id 15.20.6156.028; Thu, 9 Mar 2023 05:23:01 +0000 From: "Chang, Abner" To: Nickle Wang , "devel@edk2.groups.io" CC: Igor Kulchytskyy , Nick Ramirez Subject: Re: [PATCH] RedfishPkg/RedfishPlatformCredentialIpmiLib: IPMI implementation Thread-Topic: [PATCH] RedfishPkg/RedfishPlatformCredentialIpmiLib: IPMI implementation Thread-Index: AQHZUY6oyCiXkUdbiEegC0xc7ayBC67x5kZA Date: Thu, 9 Mar 2023 05:23:00 +0000 Message-ID: References: <20230308072048.354-1-nicklew@nvidia.com> In-Reply-To: <20230308072048.354-1-nicklew@nvidia.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_Enabled=true; MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_SetDate=2023-03-09T05:22:58Z; MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_Method=Standard; MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_Name=General; MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_SiteId=3dd8961f-e488-4e60-8e11-a82d994e183d; MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_ActionId=9a95c3e1-3518-4cea-ba37-f9315238dd37; MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_ContentBits=1 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MN2PR12MB3966:EE_|SJ1PR12MB6123:EE_ x-ms-office365-filtering-correlation-id: 9292d677-e770-4cb7-4f56-08db205e597a x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: mCiqJ8otr+UTYPbVsjXcScain0jaBG9lWDr0U7gG8LiqEHBu+LvnWRlWroUoBVXd+3JxN8dbGyaR7SXuYp/jSZAZj6T2XqjSZWbkyZVMDkXzalq/Bl8EhvU1XlXJJpt1u0IlbAELAs7/zlLHrxx5rZAIZSEum+UaTKYDCka/RmGYee3/SmTztxILNG1Cd4sIMnC1nDPKS7EoinuX7bIVkYeksrO7G9GQhm3bS1WeCDFLd1gMayfjo+QvFpBvqytBSlxlmW+RyMpApwXf8q93giftut5k/pfOn4JRLtBgxZspnuQgzcC30SLtCEVmq4JSekNT7mZOq4UBsKpy4IFCc7sOSYuR8ct4zTIkEmGpPYWhgWYgjS26vlM7+E0JsBO/GQihsOvH4mmp5bOWPmdAq5Tb8vnQnIlKHkueQgV+P/OZinkKXHFwXqBVYwUVQ90yPXInxLsQrde4dsZ4+RWr1uwbWZt+HtRmqMFp/uE8CIZFjsrINdRc0lyCBQHmFeB7BdXC3kHNkhu4StUq4bF7KmsTbKmMfzGkCcwRMEe/P/LoZuVTOdAHwobdNaa6dKbmEtKfdzyVluypgb3lPMcO5+8cR4iwEL8vAKp9BzjqoI98lvIC7KlhQgRN9ythNuYRoYZMf7k/3C+levdi9e0oIcq6vfhEOGpdm9I1PD61twkhTIubAbsop2ACzNluG2NH9HYdYRDzsskGFxBabH1QYQ== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MN2PR12MB3966.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(4636009)(136003)(396003)(376002)(39860400002)(346002)(366004)(451199018)(5660300002)(186003)(26005)(9686003)(30864003)(71200400001)(7696005)(64756008)(66476007)(66556008)(76116006)(66446008)(8676002)(66946007)(4326008)(478600001)(33656002)(54906003)(110136005)(86362001)(316002)(55016003)(38070700005)(8936002)(53546011)(122000001)(38100700002)(52536014)(6506007)(41300700001)(2906002)(83380400001)(213903007)(559001)(579004);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?oS0s4rsFoa6RKGkLdY0ASNL3RjU+LOkms9jR+wxnGJ3CmWIEl4cM5bOz7YYl?= =?us-ascii?Q?1WyoAV2XeVOtBhxuD0Inl66VgWBS8wa6C/R9DOIRwQGGlrf2ar1hYmFOAAI3?= =?us-ascii?Q?1cZ6fZK4hOat6Af3Un6pTLpwoPK4HHlYhMUw+BubAgRlL0+s7dLz4jfyZvmg?= =?us-ascii?Q?XdOZKs79IpO41c5lL5rQ4ShIfIcxEc62IpRWFk4YzQZpjshcUyl86jI8QB8M?= =?us-ascii?Q?PxmRJ0xX+jhS7GsW7SfAowhnxI0YGd/MM6W+A43dW+YKwWNWDg0zqN61NLBD?= =?us-ascii?Q?vhchO0/3iOGjQvv1/sXIGz90cSsDIpkwGbKoVRBHaT1P4xvqFSxYubcpytCA?= =?us-ascii?Q?+QpidC1fQXecwoZXqnul1Bnl/6HaA27RSWZTAdsiuklrQvC+aJP1+voGNDFo?= =?us-ascii?Q?cv4znaghHii7ZQpzomHgCTG+29Zh9UWxrhBIaIGcLGEcmltPkhc/E2k1WiOr?= =?us-ascii?Q?0GFbRk/7tN4ixyl7hUWSSz5Wlz7C6zuTb4e1E3YDB1qMWjbbSq3vrOSP1c8j?= =?us-ascii?Q?+iK+axaq9IRGJ2EUgZ7X4sAn0uVhCqrg/K+b5s0nAeesifhNfxr+x+dH5TJt?= =?us-ascii?Q?Kp5y5Kt9frlSmnWCKwf8w8Wm/Dxt2DFQCbSyfzLCOE9sO55ZpEJ5xuqY8rWx?= =?us-ascii?Q?ZnJR0v46LokZ+t8Rkw+DKycAN4IkUvPGwYZQgaRZ+qWt2/Xr1EJ/UFuwnaCG?= =?us-ascii?Q?DIyl3kkrn8budLyodCp2KafIbfKaQ+KKrj64z+evGODI4c/wmV9OP04QGecu?= =?us-ascii?Q?rJYEOOqYTzWkAp+6ScURqoqeZKlIZlM50Qwkoc0BHABN6kQS4NFuyC2HhUxe?= =?us-ascii?Q?LRuEJV2M+DZpgdPvvbADryvTdiAfuNy9WgDdfS6mRzdR9mHd7BqMY7JDHeaQ?= =?us-ascii?Q?qcJIaHi7S6aL5ftkNejRXL8zgdUD0UpUdrQ692DwUTh3wcTYvOpdVNJaZmno?= =?us-ascii?Q?GNXfx1RVYC3qLMeUV0O9ZGAPSwTmoQq5u0TW+RzMdvVsgunERITN1vcRhDgh?= =?us-ascii?Q?JfLGsKYpoRpITPAvEsmBhbv1Imak39V3s+WdzD+ccLWIhqMcfEQaf9yhppP3?= =?us-ascii?Q?mlfWKrKODvT1t4CvNAqVzTVxfxl06z9aQwYfa46T7cI+9k/sJw5GsCzbSKRB?= =?us-ascii?Q?woZzv3JCR/fpCCYMF69GaUVDq0xJFyZ69bncDDQvbFvmDWQjPWBnqYRhFonj?= =?us-ascii?Q?xvLgAlTUjqZiGTWLri59TsugIk+Kekbbm0i2VzcGFGB/ejtA//PRjGoNO1/5?= =?us-ascii?Q?vNb/jIpRJCz0KUJMfUKr5JySww2n5Scm/ZQwANryOAZyt7j9SesBDgIdfzx4?= =?us-ascii?Q?jVkZkLuylh7/qjvC07jia4zcWuIYh19R34MjvSt/2vJHZwjIHVe6hRtybIFu?= =?us-ascii?Q?bNkOpLxNZXbcQvxeITJBV/R2xR/yuo27p9V+noPGo65a+uMJl4noKLQWxWjy?= =?us-ascii?Q?Y17CaOve9uDfJciu6sIqeKAqSdoyPY4yWHJcY0RMS6B68/bPbOWEBdAVUqs0?= =?us-ascii?Q?nG8VhtY/dFUm5BpuNy/iib3PCa7Y2Np92M1IDaJGTivb+QA8o5dcjhFURErk?= =?us-ascii?Q?fRhlw1Dv+V3CNP430CODnSQCTEYD5yfODNttgsGs?= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MN2PR12MB3966.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9292d677-e770-4cb7-4f56-08db205e597a X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Mar 2023 05:23:00.2634 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: YAW5zKI0SZXVReZ0sf1SNTwYIvGD38bCToBR/yQ4ZWzbGIcdVE3HSl5iA28vBPLMjLZMHB9cHuh64HFzHe+z7Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR12MB6123 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable [AMD Official Use Only - General] Hi Nickle, My comments in below, > -----Original Message----- > From: Nickle Wang > Sent: Wednesday, March 8, 2023 3:21 PM > To: devel@edk2.groups.io > Cc: Chang, Abner ; Igor Kulchytskyy > ; Nick Ramirez > Subject: [PATCH] RedfishPkg/RedfishPlatformCredentialIpmiLib: IPMI > implementation >=20 > Caution: This message originated from an External Source. Use proper > caution when opening attachments, clicking links, or responding. >=20 >=20 > This library follows Redfish Host Interface specification and use IPMI > command to get bootstrap account credential(NetFn 2Ch, Command 02h) > from BMC. RedfishHostInterfaceDxe will use this credential for the follow= ing > communication between BIOS and BMC. >=20 > Signed-off-by: Nickle Wang > Cc: Abner Chang > Cc: Igor Kulchytskyy > Cc: Nick Ramirez > --- > .../RedfishPlatformCredentialIpmiLib.c | 443 ++++++++++++++++++ > .../RedfishPlatformCredentialIpmiLib.h | 86 ++++ > .../RedfishPlatformCredentialIpmiLib.inf | 42 ++ > RedfishPkg/RedfishPkg.dec | 7 + > RedfishPkg/RedfishPkg.dsc | 2 + > 5 files changed, 580 insertions(+) > create mode 100644 > RedfishPkg/Library/RedfishPlatformCredentialIpmi/RedfishPlatformCredenti > alIpmiLib.c > create mode 100644 > RedfishPkg/Library/RedfishPlatformCredentialIpmi/RedfishPlatformCredenti > alIpmiLib.h > create mode 100644 > RedfishPkg/Library/RedfishPlatformCredentialIpmi/RedfishPlatformCredenti > alIpmiLib.inf >=20 > diff --git > a/RedfishPkg/Library/RedfishPlatformCredentialIpmi/RedfishPlatformCrede > ntialIpmiLib.c > b/RedfishPkg/Library/RedfishPlatformCredentialIpmi/RedfishPlatformCrede > ntialIpmiLib.c > new file mode 100644 > index 0000000000..2706b8508b > --- /dev/null > +++ b/RedfishPkg/Library/RedfishPlatformCredentialIpmi/RedfishPlatformCr > +++ edentialIpmiLib.c > @@ -0,0 +1,443 @@ > +/** @file > + Implementation of getting bootstrap credential via IPMI. > + > + Copyright (c) 2022-2023 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > + > + SPDX-License-Identifier: BSD-2-Clause-Patent > + > + @par Specification Reference: > + - Redfish Host Interface Specification > + > +(https://www.dmtf.org/sites/default/files/standards/documents/DSP0270 > _1 > +.3.0.pdf) > +**/ > + > +#include "RedfishPlatformCredentialIpmiLib.h" > + > +// > +// Global flag of controlling credential service // BOOLEAN > +mRedfishServiceStopped =3D FALSE; > + > +/** > + Notify the Redfish service provide to stop provide configuration servi= ce to > this platform. > + > + This function should be called when the platform is about to leave the= safe > environment. > + It will notify the Redfish service provider to abort all login > + session, and prohibit further login with original auth info. > + GetAuthInfo() will return EFI_UNSUPPORTED once this function is > returned. > + > + @param[in] This Pointer to > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > + @param[in] ServiceStopType Reason of stopping Redfish service. > + > + @retval EFI_SUCCESS Service has been stoped successfully. > + @retval EFI_INVALID_PARAMETER This is NULL. > + @retval Others Some error happened. > + > +**/ > +EFI_STATUS > +EFIAPI > +LibStopRedfishService ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType > + ) > +{ > + EFI_STATUS Status; > + > + if ((ServiceStopType <=3D ServiceStopTypeNone) || (ServiceStopType >= =3D > ServiceStopTypeMax)) { > + return EFI_INVALID_PARAMETER; > + } > + > + // > + // Only stop credential service after leaving BIOS // if > + (ServiceStopType !=3D ServiceStopTypeExitBootService) { > + return EFI_UNSUPPORTED; > + } > + > + // > + // Raise flag first > + // > + mRedfishServiceStopped =3D TRUE; > + > + // > + // Notify BMC to disable credential bootstrapping support. > + // > + if (PcdGetBool (PcdRedfishDisableBootstrapCredentialService)) { > + Status =3D GetBootstrapAccountCredentials (TRUE, NULL, NULL); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: fail to disable bootstrap credential: %r= \n", > __FUNCTION__, Status)); > + return Status; > + } > + } > + > + // > + // Delete cached variable > + // > + Status =3D SetBootstrapAccountCredentialsToVariable (NULL, NULL, TRUE)= ; > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: fail to remove bootstrap credential: > + %r\n", __FUNCTION__, Status)); } > + > + DEBUG ((DEBUG_INFO, "%a: bootstrap credential service stopped\n", > + __FUNCTION__)); > + > + return EFI_SUCCESS; > +} > + > +/** > + Notification of Exit Boot Service. > + > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > +**/ > +VOID > +EFIAPI > +LibCredentialExitBootServicesNotify ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > + ) > +{ > + // > + // Stop the credential support when system is about to enter OS. > + // > + LibStopRedfishService (This, ServiceStopTypeExitBootService); } > + > +/** > + Notification of End of DXe. > + > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > +**/ > +VOID > +EFIAPI > +LibCredentialEndOfDxeNotify ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > + ) > +{ > + // > + // Do nothing now. > + // We can stop credential support when system reach end-of-dxe for > security reason. > + // > +} > + > +/** > + Function to retrieve temporary user credentials for the UEFI redfish > +client. This function can > + also disable bootstrap credential service in BMC. > + > + @param[in] DisableBootstrapControl > + TRUE - Tell the BMC to disable the= bootstrap credential > + service to ensure no one el= se gains credentials > + FALSE Allow the bootstrap > + credential service to continue @param[in,out] BootstrapUsername > + A pointer to a Ascii encoded strin= g for the credential > username > + When DisableBootstrapControl is > + TRUE, this pointer can be NULL > + > + @param[in,out] BootstrapPassword > + A pointer to a Ascii encoded strin= g for the credential > password > + When DisableBootstrapControl is > + TRUE, this pointer can be NULL > + > + @retval EFI_SUCCESS Credentials were successfully fetc= hed and > returned. When DisableBootstrapControl > + is set to TRUE, the bootstrap cred= ential service is > disabled successfully. > + @retval EFI_INVALID_PARAMETER BootstrapUsername or > BootstrapPassword is NULL when DisableBootstrapControl > + is set to FALSE > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > +**/ > +EFI_STATUS > +GetBootstrapAccountCredentials ( > + IN BOOLEAN DisableBootstrapControl, > + IN OUT CHAR8 *BootstrapUsername, OPTIONAL > + IN OUT CHAR8 *BootstrapPassword OPTIONAL > + ) > +{ > + EFI_STATUS Status; > + IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA CommandData; > + IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE ResponseData; > + UINT32 ResponseSize; > + > + // > + // NULL buffer check > + // > + if (!DisableBootstrapControl && ((BootstrapUsername =3D=3D NULL) || > (BootstrapPassword =3D=3D NULL))) { > + return EFI_INVALID_PARAMETER; > + } > + > + DEBUG ((DEBUG_VERBOSE, "%a: Disable bootstrap control: 0x%x\n", > + __FUNCTION__, DisableBootstrapControl)); > + > + // > + // IPMI callout to NetFn 2C, command 02 > + // Request data: > + // Byte 1: REDFISH_IPMI_GROUP_EXTENSION > + // Byte 2: DisableBootstrapControl > + // > + CommandData.GroupExtensionId =3D > REDFISH_IPMI_GROUP_EXTENSION; > + CommandData.DisableBootstrapControl =3D (DisableBootstrapControl ? > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE : > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE); > + > + ResponseSize =3D sizeof (ResponseData); > + > + // > + // Response data: > + // Byte 1 : Completion code > + // Byte 2 : REDFISH_IPMI_GROUP_EXTENSION > + // Byte 3-18 : Username > + // Byte 19-34: Password > + // > + Status =3D IpmiSubmitCommand ( > + IPMI_NETFN_GROUP_EXT, > + REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD, > + (UINT8 *)&CommandData, > + sizeof (CommandData), > + (UINT8 *)&ResponseData, > + &ResponseSize > + ); > + > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: IPMI transaction failure. Returning\n", > __FUNCTION__)); > + return Status; > + } else { > + if (ResponseData.CompletionCode !=3D IPMI_COMP_CODE_NORMAL) { > + if (ResponseData.CompletionCode =3D=3D > REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED) { > + DEBUG ((DEBUG_ERROR, "%a: bootstrap credential support was > disabled\n", __FUNCTION__)); > + return EFI_ACCESS_DENIED; > + } > + > + DEBUG ((DEBUG_ERROR, "%a: Completion code =3D 0x%x. Returning\n", > __FUNCTION__, ResponseData.CompletionCode)); > + return EFI_PROTOCOL_ERROR; > + } else if (ResponseData.GroupExtensionId !=3D > REDFISH_IPMI_GROUP_EXTENSION) { > + DEBUG ((DEBUG_ERROR, "%a: Group Extension Response =3D 0x%x. > Returning\n", __FUNCTION__, ResponseData.GroupExtensionId)); > + return EFI_DEVICE_ERROR; > + } else { > + if (BootstrapUsername !=3D NULL) { > + CopyMem (BootstrapUsername, ResponseData.Username, > USERNAME_MAX_LENGTH); > + // > + // Manually append null-terminator in case 16 characters usernam= e > returned. > + // > + BootstrapUsername[USERNAME_MAX_LENGTH] =3D '\0'; > + } > + > + if (BootstrapPassword !=3D NULL) { > + CopyMem (BootstrapPassword, ResponseData.Password, > PASSWORD_MAX_LENGTH); > + // > + // Manually append null-terminator in case 16 characters passwor= d > returned. > + // > + BootstrapPassword[PASSWORD_MAX_LENGTH] =3D '\0'; > + } > + } > + } > + > + DEBUG ((DEBUG_INFO, "%a: get bootstrap credential via IPMI: %r\n", > + __FUNCTION__, Status)); > + > + return Status; > +} > + > +/** > + Function to retrieve temporary user credentials from cached boot time > variable. > + > + @param[in,out] BootstrapUsername A pointer to a Ascii encoded strin= g > for the credential username > + @param[in,out] BootstrapPassword A pointer to a Ascii encoded strin= g > for the credential password > + > + @retval EFI_SUCCESS Credentials were successfully fetc= hed and > returned > + @retval EFI_INVALID_PARAMETER BootstrapUsername or > BootstrapPassword is NULL > + @retval EFI_NOT_FOUND No variable found for account and > credentials > +**/ > +EFI_STATUS > +GetBootstrapAccountCredentialsFromVariable ( > + IN OUT CHAR8 *BootstrapUsername, > + IN OUT CHAR8 *BootstrapPassword > + ) > +{ > + EFI_STATUS Status; > + BOOTSTRAP_CREDENTIALS_VARIABLE *CredentialVariable; > + VOID *Data; > + UINTN DataSize; > + > + if ((BootstrapUsername =3D=3D NULL) || (BootstrapPassword =3D=3D NULL)= ) { > + return EFI_INVALID_PARAMETER; > + } > + > + DataSize =3D 0; > + Status =3D GetVariable2 ( > + CREDENTIAL_VARIABLE_NAME, > + &gEfiRedfishVariableGuid, > + (VOID *)&Data, > + &DataSize > + ); > + if (EFI_ERROR (Status)) { > + return EFI_NOT_FOUND; > + } > + > + if (DataSize !=3D sizeof (BOOTSTRAP_CREDENTIALS_VARIABLE)) { > + DEBUG ((DEBUG_ERROR, "%a: data corruption. returned size: %d !=3D > structure size: %d\n", __FUNCTION__, DataSize, sizeof > (BOOTSTRAP_CREDENTIALS_VARIABLE))); > + return EFI_NOT_FOUND; > + } > + > + CredentialVariable =3D (BOOTSTRAP_CREDENTIALS_VARIABLE *)Data; > + > + AsciiStrCpyS (BootstrapUsername, USERNAME_MAX_SIZE, > + CredentialVariable->Username); AsciiStrCpyS (BootstrapPassword, > + PASSWORD_MAX_SIZE, CredentialVariable->Password); > + > + ZeroMem (CredentialVariable->Username, USERNAME_MAX_SIZE); > ZeroMem > + (CredentialVariable->Password, PASSWORD_MAX_SIZE); > + > + FreePool (Data); > + > + DEBUG ((DEBUG_INFO, "%a: get bootstrap credential from variable\n", > + __FUNCTION__)); > + > + return EFI_SUCCESS; > +} > + > +/** > + Function to save temporary user credentials into boot time variable. > +When DeleteVariable is True, > + this function delete boot time variable. > + > + @param[in] BootstrapUsername A pointer to a Ascii encoded string= for > the credential username. > + @param[in] BootstrapPassword A pointer to a Ascii encoded string= for > the credential password. > + @param[in] DeleteVariable True to remove boot time variable. = False > otherwise. > + > + @retval EFI_SUCCESS Credentials were successfully save= d. > + @retval EFI_INVALID_PARAMETER BootstrapUsername or > BootstrapPassword is NULL > + @retval Others Error occurs > +**/ > +EFI_STATUS > +SetBootstrapAccountCredentialsToVariable ( > + IN CHAR8 *BootstrapUsername, OPTIONAL > + IN CHAR8 *BootstrapPassword, OPTIONAL > + IN BOOLEAN DeleteVariable > + ) > +{ > + EFI_STATUS Status; > + BOOTSTRAP_CREDENTIALS_VARIABLE CredentialVariable; > + VOID *Data; > + > + if (!DeleteVariable && ((BootstrapUsername =3D=3D NULL) || > (BootstrapUsername[0] =3D=3D '\0'))) { > + return EFI_INVALID_PARAMETER; > + } > + > + if (!DeleteVariable && ((BootstrapPassword =3D=3D NULL) || > (BootstrapPassword[0] =3D=3D '\0'))) { > + return EFI_INVALID_PARAMETER; > + } > + > + // > + // Delete variable > + // > + if (DeleteVariable) { > + Status =3D GetVariable2 ( > + CREDENTIAL_VARIABLE_NAME, > + &gEfiRedfishVariableGuid, > + (VOID *)&Data, > + NULL > + ); > + if (!EFI_ERROR (Status)) { > + FreePool (Data); > + gRT->SetVariable (CREDENTIAL_VARIABLE_NAME, > &gEfiRedfishVariableGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS, 0, NULL); > + } > + > + return EFI_SUCCESS; > + } > + > + ZeroMem (CredentialVariable.Username, USERNAME_MAX_SIZE); > ZeroMem > + (CredentialVariable.Password, PASSWORD_MAX_SIZE); > + > + AsciiStrCpyS (CredentialVariable.Username, USERNAME_MAX_SIZE, > + BootstrapUsername); AsciiStrCpyS (CredentialVariable.Password, > + PASSWORD_MAX_SIZE, BootstrapPassword); > + > + // > + // Check if variable exists already. If yes, remove it first. > + // > + Status =3D GetVariable2 ( > + CREDENTIAL_VARIABLE_NAME, > + &gEfiRedfishVariableGuid, > + (VOID *)&Data, > + NULL > + ); > + if (!EFI_ERROR (Status)) { > + FreePool (Data); > + gRT->SetVariable (CREDENTIAL_VARIABLE_NAME, > + &gEfiRedfishVariableGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS, 0, NULL); > + } > + > + Status =3D gRT->SetVariable (CREDENTIAL_VARIABLE_NAME, > + &gEfiRedfishVariableGuid, EFI_VARIABLE_BOOTSERVICE_ACCESS, sizeof > + (BOOTSTRAP_CREDENTIALS_VARIABLE), (VOID *)&CredentialVariable); > + > + ZeroMem (CredentialVariable.Username, USERNAME_MAX_SIZE); > ZeroMem > + (CredentialVariable.Password, PASSWORD_MAX_SIZE); > + > + return Status; > +} > + > +/** > + Retrieve platform's Redfish authentication information. > + > + This functions returns the Redfish authentication method together > + with the user Id and password. > + - For AuthMethodNone, the UserId and Password could be used for HTTP > header authentication > + as defined by RFC7235. > + - For AuthMethodRedfishSession, the UserId and Password could be used > for Redfish > + session login as defined by Redfish API specification (DSP0266). > + > + Callers are responsible for and freeing the returned string storage. > + > + @param[in] This Pointer to > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > + @param[out] AuthMethod Type of Redfish authentication method= . > + @param[out] UserId The pointer to store the returned Use= rId > string. > + @param[out] Password The pointer to store the returned Pas= sword > string. > + > + @retval EFI_SUCCESS Get the authentication information > successfully. > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe= . > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or > Password is NULL. > + @retval EFI_OUT_OF_RESOURCES There are not enough memory > resources. > + @retval EFI_UNSUPPORTED Unsupported authentication method is > found. > + > +**/ > +EFI_STATUS > +EFIAPI > +LibCredentialGetAuthInfo ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod, > + OUT CHAR8 **UserId, > + OUT CHAR8 **Password > + ) > +{ > + EFI_STATUS Status; > + > + if ((AuthMethod =3D=3D NULL) || (UserId =3D=3D NULL) || (Password =3D= =3D NULL)) { > + return EFI_INVALID_PARAMETER; > + } > + > + *UserId =3D NULL; > + *Password =3D NULL; > + > + if (mRedfishServiceStopped) { > + DEBUG ((DEBUG_ERROR, "%a: credential service is stopped due to > security reason\n", __FUNCTION__)); > + return EFI_ACCESS_DENIED; > + } > + > + *AuthMethod =3D AuthMethodHttpBasic; > + > + *UserId =3D AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); if > + (*UserId =3D=3D NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + *Password =3D AllocateZeroPool (sizeof (CHAR8) * PASSWORD_MAX_SIZE); > + if (*Password =3D=3D NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + // > + // Get bootstrap credential from variable first // Status =3D > + GetBootstrapAccountCredentialsFromVariable (*UserId, *Password); if > + (!EFI_ERROR (Status)) { > + return EFI_SUCCESS; > + } I think the process should keep going if the error status is EFI_NOT_FOUND?= Besides this, all others look fine to me. BTW, how about the conclusions we had in the previous discussion? Which is = to probe "/redfish/v1/Systems" to get the supported authentication method?= Is this idea is valid? Thanks Abner > + > + // > + // Make a IPMI query > + // > + Status =3D GetBootstrapAccountCredentials (FALSE, *UserId, *Password); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: fail to get bootstrap credential: %r\n", > __FUNCTION__, Status)); > + return Status; > + } > + > + Status =3D SetBootstrapAccountCredentialsToVariable (*UserId, > + *Password, FALSE); if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: fail to cache bootstrap credential: > + %r\n", __FUNCTION__, Status)); } > + > + return EFI_SUCCESS; > +} > diff --git > a/RedfishPkg/Library/RedfishPlatformCredentialIpmi/RedfishPlatformCrede > ntialIpmiLib.h > b/RedfishPkg/Library/RedfishPlatformCredentialIpmi/RedfishPlatformCrede > ntialIpmiLib.h > new file mode 100644 > index 0000000000..5325767eab > --- /dev/null > +++ b/RedfishPkg/Library/RedfishPlatformCredentialIpmi/RedfishPlatformCr > +++ edentialIpmiLib.h > @@ -0,0 +1,86 @@ > +/** @file > + Header file for RedfishPlatformCredentialIpmiLib. > + > + Copyright (c) 2022-2023 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > + > + SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#ifndef REDFISH_PLATFORM_CREDENTIAL_IPMI_LIB_H_ > +#define REDFISH_PLATFORM_CREDENTIAL_IPMI_LIB_H_ > + > +#include > +#include > +#include > + > +#include > + > +#include > +#include > +#include > +#include > +#include #include > + #include #include > + > + > +#define CREDENTIAL_VARIABLE_NAME L"Partstooblaitnederc" > + > +/// > +/// The bootstrap credential keeping in UEFI variable /// typedef > +struct { > + CHAR8 Username[USERNAME_MAX_SIZE]; > + CHAR8 Password[PASSWORD_MAX_SIZE]; > +} BOOTSTRAP_CREDENTIALS_VARIABLE; > + > +/** > + Function to retrieve temporary user credentials for the UEFI redfish > +client. This function can > + also disable bootstrap credential service in BMC. > + > + @param[in] DisableBootstrapControl > + TRUE - Tell the BMC to disable the= bootstrap credential > + service to ensure no one el= se gains credentials > + FALSE Allow the bootstrap > + credential service to continue @param[out] BootstrapUsername > + A pointer to a Ascii encoded strin= g for the credential > username > + When DisableBootstrapControl is > + TRUE, this pointer can be NULL > + > + @param[out] BootstrapPassword > + A pointer to a Ascii encoded strin= g for the credential > password > + When DisableBootstrapControl is > + TRUE, this pointer can be NULL > + > + @retval EFI_SUCCESS Credentials were successfully fetc= hed and > returned. When DisableBootstrapControl > + is set to TRUE, the bootstrap cred= ential service is > disabled successfully. > + @retval EFI_INVALID_PARAMETER BootstrapUsername or > BootstrapPassword is NULL when DisableBootstrapControl > + is set to FALSE > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > +**/ > +EFI_STATUS > +GetBootstrapAccountCredentials ( > + IN BOOLEAN DisableBootstrapControl, > + IN OUT CHAR8 *BootstrapUsername, > + IN OUT CHAR8 *BootstrapPassword > + ); > + > +/** > + Function to save temporary user credentials into boot time variable. > +When DeleteVariable is True, > + this function delete boot time variable. > + > + @param[in] BootstrapUsername A pointer to a Ascii encoded string= for > the credential username. > + @param[in] BootstrapPassword A pointer to a Ascii encoded string= for > the credential password. > + @param[in] DeleteVariable True to remove boot time variable. = False > otherwise. > + > + @retval EFI_SUCCESS Credentials were successfully save= d. > + @retval EFI_INVALID_PARAMETER BootstrapUsername or > BootstrapPassword is NULL > + @retval Others Error occurs > +**/ > +EFI_STATUS > +SetBootstrapAccountCredentialsToVariable ( > + IN CHAR8 *BootstrapUsername, OPTIONAL > + IN CHAR8 *BootstrapPassword, OPTIONAL > + IN BOOLEAN DeleteVariable > + ); > + > +#endif > diff --git > a/RedfishPkg/Library/RedfishPlatformCredentialIpmi/RedfishPlatformCrede > ntialIpmiLib.inf > b/RedfishPkg/Library/RedfishPlatformCredentialIpmi/RedfishPlatformCrede > ntialIpmiLib.inf > new file mode 100644 > index 0000000000..694e401ad9 > --- /dev/null > +++ b/RedfishPkg/Library/RedfishPlatformCredentialIpmi/RedfishPlatformCr > +++ edentialIpmiLib.inf > @@ -0,0 +1,42 @@ > +## @file > +# INF file for RedfishPlatformCredentialIpmiLib. > +# > +# Copyright (c) 2022-2023 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > +# > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ## > + > +[Defines] > + INF_VERSION =3D 0x0001000b > + BASE_NAME =3D RedfishPlatformCredentialIpmiLib > + FILE_GUID =3D 9C45D622-4C66-417F-814C-F76246D9723= 3 > + MODULE_TYPE =3D DXE_DRIVER > + VERSION_STRING =3D 1.0 > + LIBRARY_CLASS =3D RedfishPlatformCredentialIpmiLib > + > +[Sources] > + RedfishPlatformCredentialIpmiLib.c > + RedfishPlatformCredentialIpmiLib.h > + > +[Packages] > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + RedfishPkg/RedfishPkg.dec > + > +[LibraryClasses] > + UefiLib > + DebugLib > + IpmiBaseLib > + MemoryAllocationLib > + BaseMemoryLib > + UefiRuntimeServicesTableLib > + > +[Pcd] > + > +gEfiRedfishPkgTokenSpaceGuid.PcdRedfishDisableBootstrapCredentialServi > c > +e > + > +[Guids] > + gEfiRedfishVariableGuid > + > +[Depex] > + TRUE > diff --git a/RedfishPkg/RedfishPkg.dec b/RedfishPkg/RedfishPkg.dec index > 53e52c2b00..86102b8ffd 100644 > --- a/RedfishPkg/RedfishPkg.dec > +++ b/RedfishPkg/RedfishPkg.dec > @@ -81,6 +81,9 @@ > [Guids] > gEfiRedfishPkgTokenSpaceGuid =3D { 0x4fdbccb7, 0xe829, 0x4b4c, { = 0x88, > 0x87, 0xb2, 0x3f, 0xd7, 0x25, 0x4b, 0x85 }} >=20 > + # Redfish variable guid > + gEfiRedfishVariableGuid =3D { 0x85ef8dd3, 0xe606, 0x4b89, { = 0x8b, 0xbd, > 0x93, 0xbf, 0x5c, 0xbe, 0x1c, 0x18 } } > + > [PcdsFixedAtBuild, PcdsPatchableInModule] > # > # This PCD is the UEFI device path which is used as the Redfish host > interface. > @@ -113,3 +116,7 @@ > # Default is set to not add. > # >=20 > gEfiRedfishPkgTokenSpaceGuid.PcdRedfishRestExAddingExpect|FALSE|BOO > LEAN|0x00001004 > + # > + # This PCD indicates that if BMC bootstrap credential service will be > disabled by BIOS or not. > + # > + > + > gEfiRedfishPkgTokenSpaceGuid.PcdRedfishDisableBootstrapCredentialServi > + ce|FALSE|BOOLEAN|0x00001005 > diff --git a/RedfishPkg/RedfishPkg.dsc b/RedfishPkg/RedfishPkg.dsc index > cf25b63cc2..f2ca212bea 100644 > --- a/RedfishPkg/RedfishPkg.dsc > +++ b/RedfishPkg/RedfishPkg.dsc > @@ -3,6 +3,7 @@ > # > # Copyright (c) 2019 - 2021, Intel Corporation. All rights reserved.
= # (C) > Copyright 2021 Hewlett-Packard Enterprise Development LP. > +# Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > # > # SPDX-License-Identifier: BSD-2-Clause-Patent > # > @@ -52,6 +53,7 @@ > [Components] >=20 > RedfishPkg/Library/PlatformHostInterfaceLibNull/PlatformHostInterfaceLibN > ull.inf > RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull= .inf > + > + > RedfishPkg/Library/RedfishPlatformCredentialIpmi/RedfishPlatformCreden > + tialIpmiLib.inf Please also add this library to RedfishLibs.dsc.inc. The one in the [Compon= ent] section should be kept as well so the CI can build it even no module u= ses it, if my understanding of having library in [Component] section is cor= rect. Those *.inc under RedfishPkg should be relocated to under \Include later so= the platform can pull it in to the platform dsc. RedfishPkg.dsc is used to build the individual package. >=20 > RedfishPkg/Library/RedfishContentCodingLibNull/RedfishContentCodingLib > Null.inf > RedfishPkg/Library/DxeRestExLib/DxeRestExLib.inf > RedfishPkg/Library/BaseUcs2Utf8Lib/BaseUcs2Utf8Lib.inf > -- > 2.39.2.windows.1