From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM02-BN1-obe.outbound.protection.outlook.com (NAM02-BN1-obe.outbound.protection.outlook.com [40.107.212.57]) by mx.groups.io with SMTP id smtpd.web11.4015.1666422086559799513 for ; Sat, 22 Oct 2022 00:01:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=J3St0lFa; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.212.57, mailfrom: abner.chang@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=k5scG/7b5aeUi3WS9OXywiMDJWTB4+W0iOOYEj8v/Ka5FQFXgT5LOlA84is5I1G7ZEzEjG1Nj3krBhbjeU1f1RcA56PyGZVu2POOh4+xwZQ32JOgeymLqKis/EvbwxUUYGjcjeSwnuLZQ/ocM+q9Y6kz6lBB4TQeVSg5jlqXquDOLgTGI9sBmrt0btMcudmboJhjNHbxviPuHXVqpHmZjfkOAiDLQnlvd2m8LQqW7iKvDoC6AaO2OZsQJuHib66V8KwPy+crR1pwCh3RJSCs1WSDmd9rEKfMCYCnjsgPQjr/WM2hFUb1RLnLsHSOcIom3uhIPZxONWN0Bmdd0gihiA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gCl4TfE/yUnpvTBOZPEqSGjjPu8eHIYRnSfEFBYHcqw=; b=b07uzVbuqGusK1QoOv2zvs1xipqbqef9QGzv1NoMxXVjHM0myDtz7d06UjcMs/jekh+8I2K9zse8Ed/90jF4kPuE+P+sZnDmDHEcfOaqR83kPkH5XUNXQP2Bmi1FMgxsUq/2xhAid3vYk9hbUEB8nx7U23oDGg6RTanbfXWOXh0HUiNI1ffGe0Cy3W7xM4f+f9DnwEL45OhH3UG90vH7dKmdKJe/GPW4X+ATcu62eI/9CHP4qQi7zvCMZwF9GwMSoAcL87FDIFQMGG6WNjRd5IgE/+frY1ZIaiPLCktP9EFQHXDEH8HeXhfk4trxi2NGI4P9icNFwvXzMt3lUrGWwg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gCl4TfE/yUnpvTBOZPEqSGjjPu8eHIYRnSfEFBYHcqw=; b=J3St0lFaTrHdo5b1JbTKQwvD9glK16nIvjfjfkbpCbjE/ygzSqIcXNaFHT0dGxeSEJKcnlG8tV8m80Qb4uSyFSM4F7uJToPwzD4oSnWubneHxp/n0CkQLmnGrf+CUgF4cAFenWIYmkE+7vxwB4pBKKr/Rhogv9o2QRcFOYux+Sc= Received: from MN2PR12MB3966.namprd12.prod.outlook.com (2603:10b6:208:165::18) by DM4PR12MB6496.namprd12.prod.outlook.com (2603:10b6:8:bd::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5723.30; Sat, 22 Oct 2022 07:01:23 +0000 Received: from MN2PR12MB3966.namprd12.prod.outlook.com ([fe80::2eab:b851:827c:1d88]) by MN2PR12MB3966.namprd12.prod.outlook.com ([fe80::2eab:b851:827c:1d88%3]) with mapi id 15.20.5746.021; Sat, 22 Oct 2022 07:01:23 +0000 From: "Chang, Abner" To: Nickle Wang , "devel@edk2.groups.io" CC: Nick Ramirez , Igor Kulchytskyy Subject: Re: [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation Thread-Topic: [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation Thread-Index: AQHY5C9PGUTe6vZyy0GPSakTdTeet64ZvY7g Date: Sat, 22 Oct 2022 07:01:23 +0000 Message-ID: References: <20221020025434.29969-1-nicklew@nvidia.com> In-Reply-To: <20221020025434.29969-1-nicklew@nvidia.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_Enabled=true; MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_SetDate=2022-10-22T06:54:31Z; MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_Method=Standard; MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_Name=General; MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_SiteId=3dd8961f-e488-4e60-8e11-a82d994e183d; MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_ActionId=f317d2a2-540a-4f78-af60-076270a05f0a; MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_ContentBits=1 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MN2PR12MB3966:EE_|DM4PR12MB6496:EE_ x-ms-office365-filtering-correlation-id: aeb5f51e-92d5-444f-a3e7-08dab3fb3ace x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: p/KkWQbn4Fm0FLjmvergfuF7LxYcio8v1UgQEfX8u7XQY4A32iDQ/UP3ly/co7OT1Mmt6jsBekBbYn0hi0hgKWJ5IC+24YHdrEPOxD8kUQp733Krzkr+jqOMZfcy+d3pq4SqjQuIUqXMU1a3wEWeOiIKWYlrCdFhLlNJobrRPuehHym+QLfJ742hSuSHfduvgNyGC5+zlCrkuooE+Cs01Zev3sFX0AKd5cGn4LJhq+nLmFugzIDqbz7bIL004WwhT1Kcy+nU3MDDhxAmafHqpmSdtQtJgjcjzOU68zdrnhdNRpcgA82jGgHCliJ+xoe+QWcNGZESl0IQxKwha0GGxcW+DKWYmcKaa/osMs5rPiLMxEtqbPqgLpa8YRXxbJeDwYUZOHJhBlilRWeyGDi9G1zNTKJDYQJPbSLqDSQ5QbS9zDVd/KzjU6fuwm4fq709YciOwWWUbqdZnwQgOzJLqBWfgcQ6fW/3/W/bIJA8bLHRdM/gnxNP/Bs+HF/MLGVqhhzrZrdrUcLO1m6d7nms43Ln/ejqVZQupfsQE3Q8aiqmZ0j7E/ZHO1NFZ1B+FuiIxoloi3JtsZcIvNHOX/M/ps/d+3kDnrY5x0agveWhBGPf6Sxj0EsHpiJp59kGZ2Ob+JyZcS98Tg3midQdted3g5vk5rs8N7Br7rIxClhsi9IXpBC+d7q86wp3lgapw9+209k3wOvNLWJ6RTnZUtt3XuGfgy4F8VyC7+j5sm63uSp6Z8Bi67cRQhjtr0N07ebV4s4qs8DF3pr/KAb4GUe8wzPG52vng6j/9Hzf0ATggyg= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MN2PR12MB3966.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(396003)(136003)(376002)(366004)(39860400002)(346002)(451199015)(9686003)(54906003)(26005)(186003)(7696005)(53546011)(55016003)(83380400001)(6506007)(5660300002)(8936002)(41300700001)(316002)(66946007)(71200400001)(478600001)(64756008)(66476007)(52536014)(19627235002)(66446008)(4326008)(76116006)(966005)(8676002)(66556008)(110136005)(33656002)(2906002)(86362001)(38100700002)(38070700005)(122000001)(30864003);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?G0cpvYDN4LHeh++MwflyQi3NE4SoJidlUh4Wkd96PgaW59t8tBE0HUbt16Nl?= =?us-ascii?Q?ZgPYwLZxzh711pjlilQxvbmjJTGszlgIDgUWthlv7p/0TXgTS5MltcPWAXeM?= =?us-ascii?Q?1C1U2UWgpWlWk/5S4AmE1FrxfGCUJQoS0VBep++uiYBOyl0t+6a4j6ZBgsje?= =?us-ascii?Q?Hvg57aXcTSFNiw6uXh7xDnElAnVEV24WYYr4TkkpyB2fOmK6NBXgkIrSVic0?= =?us-ascii?Q?K3W/3HfzZRyfogjZ/s5zdiEOwHtVA2GwHuwJcSkMJ3txJqjRkLqarPah53US?= =?us-ascii?Q?PyNWEu/J25fiKP11V8BFCVZ8iv9yolepRvgNMUJSGAqiUk5fGpzA7OTeocLv?= =?us-ascii?Q?r7TDDKmgxo/n27GctRm7greU0zM3W7T/g7RzDDjOcKsKM1W8cg9TeASA4Qnq?= =?us-ascii?Q?2+jYx7Fag1FGCND71Y+NJ1HucPaI3NwkxvqDgTQNQaTRhdwNO3d7NeX+8+O6?= =?us-ascii?Q?75o3N27Q89c7RKJDurfRv5hqQzkv8SDM/8jKik9bEP11iNFQKbUbP7ygOELA?= =?us-ascii?Q?WueMHwKLa5Tt3kCWcJHs0Dq1Mk79miyKi4wOsRZP1fXyK3s/XtJM5yaLDtCd?= =?us-ascii?Q?QqxZZtA/2q6Zzrywi10U3k5kz/38e2FhuyvRMKd3a7u3FgA3zqjl2ox4csvl?= =?us-ascii?Q?hoyV7Ex20ckRym2Gj5rxgqtHF9rLBY3ECyPTje7MROcnLPk4osuoI6wNGYvI?= =?us-ascii?Q?Z/CTA9Hs7JBBgLc1erexnYL1rzeoVD60dJ1kvAMzgXc5ccCxvyxogYQJXPLm?= =?us-ascii?Q?jKEFxpIffbRZ5j7gvNurKHTA2uM+BgRkGdLpIYpm38suJMYPAdi8tdAhm3Bs?= =?us-ascii?Q?j1m9b3CBCivcLA5mrhOjdCFF2cPKK8gXbFlE5zWsdLVmBD9i8bGc34juabVA?= =?us-ascii?Q?RT5DcygrZqx5KydFsfvFsL9Plvz0+FwRhn/McubVxX5NI4izlMC7imm/9ySU?= =?us-ascii?Q?vCWb0jctW4OgagSAJCOUsG4CjMAqP5fpC/NhoiqgII1NFhKcU7X0Shb3u3NH?= =?us-ascii?Q?IKW9fJaJwxZBt2J2PA3IWmu7Qrnfg43KPtFxsv6Ng3jOAR3Ndr6Zi3NvgALP?= =?us-ascii?Q?cEtIkCITx9Xl7p37yxH79dJnWL9Py4g9WL9iCSO1lf95bvK1C5X5liI0W2UK?= =?us-ascii?Q?4l48Mq41pBm1kBam+mlKmb7l49uPhvlWMUp3J5wEXlsDjLC/KW5V+bke+2Vc?= =?us-ascii?Q?Jp2mHc8re7uP8hXXmeUNiCUHydY8QCmy/hBCPB3GwqcZ5YMHqlfUDyqs81eR?= =?us-ascii?Q?Q2X265wqZ95qSdW/ffwadS46U8gxAv0VCN5Fl8YvDOTgHIVs02Ipup1bBxyn?= =?us-ascii?Q?rgglb86UkVmdye8zaerg7K9JhfsRnWawO5kpJ//72FKosA6qr2zwJrVPw0jf?= =?us-ascii?Q?EInJyY51QkDpPTFoXd76ZJZ9iDGM1nQgGQ2/We7DH4b+uaYObAi+Lz6RZt2T?= =?us-ascii?Q?SNdeu8gd6AVAX4NvuClaEj1nFNlcRiBL7/X5iL1wuQiAD+u2yNVV6NM1CCg/?= =?us-ascii?Q?qXcNHnJlEFY3h9NSfZEM+anaa/GyMbdsZtrqVVckoznFVDTvcalKhbI+EKY9?= =?us-ascii?Q?sUX2pEUQyXRVhEGgCpc=3D?= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MN2PR12MB3966.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: aeb5f51e-92d5-444f-a3e7-08dab3fb3ace X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Oct 2022 07:01:23.0505 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: bWeFYQqei1jAkP99BvMO92nhh6DQXTrWkTo4hOEKsG5Tyg7hfUaQzN2W3maKBgDL1LjuAsPeLXGad/4vOWQnFQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB6496 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable [AMD Official Use Only - General] Hi Nickle, please add Igor as reviewer too. My comments is in below, > -----Original Message----- > From: Nickle Wang > Sent: Thursday, October 20, 2022 10:55 AM > To: devel@edk2.groups.io > Cc: Chang, Abner ; Nick Ramirez > > Subject: [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI > implementation >=20 > Caution: This message originated from an External Source. Use proper caut= ion > when opening attachments, clicking links, or responding. >=20 >=20 > This library follows Redfish Host Interface specification and use IPMI co= mmand > to get bootstrap account credential(NetFn 2Ch, Command 02h) from BMC. > RedfishHostInterfaceDxe will use this credential for the following > communication between BIOS and BMC. >=20 > Cc: Abner Chang > Cc: Nick Ramirez > Signed-off-by: Nickle Wang > --- > .../RedfishPlatformCredentialLib.c | 273 ++++++++++++++++++ > .../RedfishPlatformCredentialLib.h | 75 +++++ > .../RedfishPlatformCredentialLib.inf | 37 +++ [Chang, Abner]=20 Could we name this library RedfishPlatformCredentialIpmi so the naming styl= e is consistent with RedfishPlatformCredentialNull? > 3 files changed, 385 insertions(+) > create mode 100644 > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredential= Lib. > c > create mode 100644 > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredential= Lib. > h > create mode 100644 > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredential= Lib.i > nf >=20 > diff --git > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredenti= alLi > b.c > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredenti= alLi > b.c > new file mode 100644 > index 0000000000..23a15ab1fa > --- /dev/null > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > +++ dentialLib.c > @@ -0,0 +1,273 @@ > +/** @file > +* > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights reserv= ed. > +* > +* SPDX-License-Identifier: BSD-2-Clause-Patent [Chang, Abner]=20 We can have "@par Revision Reference:" in the file header to point out the= spec. https://www.dmtf.org/sites/default/files/standards/documents/DSP0270_1.3.0.= pdf > +* > +**/ > + > +#include "RedfishPlatformCredentialLib.h" > + > +// > +// Global flag of controlling credential service // BOOLEAN > +mRedfishServiceStopped =3D FALSE; > + > +/** > + Notify the Redfish service provide to stop provide configuration servi= ce to this > platform. > + > + This function should be called when the platfrom is about to leave the= safe > environment. > + It will notify the Redfish service provider to abort all logined > + session, and prohibit further login with original auth info. > + GetAuthInfo() will return EFI_UNSUPPORTED once this function is return= ed. > + > + @param[in] This Pointer to > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > + @param[in] ServiceStopType Reason of stopping Redfish service. > + > + @retval EFI_SUCCESS Service has been stoped successfully. > + @retval EFI_INVALID_PARAMETER This is NULL. > + @retval Others Some error happened. > + > +**/ > +EFI_STATUS > +EFIAPI > +LibStopRedfishService ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType > + ) > +{ > + EFI_STATUS Status; > + > + if ((ServiceStopType <=3D ServiceStopTypeNone) || (ServiceStopType >= =3D > ServiceStopTypeMax)) { > + return EFI_INVALID_PARAMETER; > + } > + > + // > + // Raise flag first > + // > + mRedfishServiceStopped =3D TRUE; > + > + // > + // Notify BMC to disable credential bootstrapping support. > + // > + Status =3D GetBootstrapAccountCredentials (TRUE, NULL, NULL); if > + (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: fail to disable bootstrap credential: %r\n= ", > __FUNCTION__, Status)); > + return Status; > + } > + > + return EFI_SUCCESS; > +} > + > +/** > + Notification of Exit Boot Service. > + > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > +**/ > +VOID > +EFIAPI > +LibCredentialExitBootServicesNotify ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > + ) > +{ > + // > + // Stop the credential support when system is about to enter OS. > + // > + LibStopRedfishService (This, ServiceStopTypeExitBootService); } > + > +/** > + Notification of End of DXe. > + > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > +**/ > +VOID > +EFIAPI > +LibCredentialEndOfDxeNotify ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > + ) > +{ > + // > + // Do nothing now. > + // We can stop credential support when system reach end-of-dxe for sec= urity > reason. > + // > +} > + > +/** > + Function to retrieve temporary use credentials for the UEFI redfish > +client [Chang, Abner]=20 We miss the functionality to disable bootstrap credential service in the fu= nction description. > + > + @param[in] DisableBootstrapControl > + TRUE - Tell the BMC to disable the= bootstrap credential > + service to ensure no one el= se gains credentials > + FALSE Allow the bootstrap > + credential service to continue @param[out] BootstrapUsername > + A pointer to a UTF-8 encoded strin= g for the credential > username > + When DisableBootstrapControl is > + TRUE, this pointer can be NULL > + > + @param[out] BootstrapPassword > + A pointer to a UTF-8 encoded strin= g for the credential > password > + When DisableBootstrapControl is > + TRUE, this pointer can be NULL > + > + @retval EFI_SUCCESS Credentials were successfully fetc= hed and > returned > + @retval EFI_INVALID_PARAMETER BootstrapUsername or > BootstrapPassword is NULL when DisableBootstrapControl > + is set to FALSE > + @retval EFI_DEVICE_ERROR An IPMI failure occurred [Chang, Abner] The return status should also include the status of disabling bootstrap cre= dential. > +**/ > +EFI_STATUS > +GetBootstrapAccountCredentials ( > + IN BOOLEAN DisableBootstrapControl, > + IN OUT CHAR8 *BootstrapUsername, OPTIONAL > + IN OUT CHAR8 *BootstrapPassword OPTIONAL > + ) > +{ > + EFI_STATUS Status; > + IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA CommandData; > + IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE ResponseData; > + UINT32 ResponseSize; > + > + if (!PcdGetBool (PcdIpmiFeatureEnable)) { > + DEBUG ((DEBUG_ERROR, "%a: IPMI is not enabled! Unable to fetch Redfi= sh > credentials\n", __FUNCTION__)); > + return EFI_UNSUPPORTED; > + } > + > + // > + // NULL buffer check > + // > + if (!DisableBootstrapControl && ((BootstrapUsername =3D=3D NULL) || > (BootstrapPassword =3D=3D NULL))) { > + return EFI_INVALID_PARAMETER; > + } > + > + DEBUG ((DEBUG_VERBOSE, "%a: Disable bootstrap control: 0x%x\n", > + __FUNCTION__, DisableBootstrapControl)); > + > + // > + // IPMI callout to NetFn 2C, command 02 > + // Request data: > + // Byte 1: REDFISH_IPMI_GROUP_EXTENSION > + // Byte 2: DisableBootstrapControl > + // > + CommandData.GroupExtensionId =3D REDFISH_IPMI_GROUP_EXTENSION; > + CommandData.DisableBootstrapControl =3D (DisableBootstrapControl ? > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE : > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE); > + > + ResponseSize =3D sizeof (ResponseData); > + > + // > + // Response data: > + // Byte 1 : Completion code > + // Byte 2 : REDFISH_IPMI_GROUP_EXTENSION > + // Byte 3-18 : Username > + // Byte 19-34: Password > + // > + Status =3D IpmiSubmitCommand ( > + IPMI_NETFN_GROUP_EXT, > + REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD, > + (UINT8 *)&CommandData, > + sizeof (CommandData), > + (UINT8 *)&ResponseData, > + &ResponseSize > + ); > + > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: IPMI transaction failure. Returning\n", > __FUNCTION__)); > + ASSERT_EFI_ERROR (Status); > + return Status; > + } else { > + if (ResponseData.CompletionCode !=3D IPMI_COMP_CODE_NORMAL) { > + if (ResponseData.CompletionCode =3D=3D > REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED) { > + DEBUG ((DEBUG_ERROR, "%a: bootstrap credential support was > disabled\n", __FUNCTION__)); > + return EFI_ACCESS_DENIED; > + } > + > + DEBUG ((DEBUG_ERROR, "%a: Completion code =3D 0x%x. Returning\n", > __FUNCTION__, ResponseData.CompletionCode)); > + return EFI_PROTOCOL_ERROR; > + } else if (ResponseData.GroupExtensionId !=3D > REDFISH_IPMI_GROUP_EXTENSION) { > + DEBUG ((DEBUG_ERROR, "%a: Group Extension Response =3D 0x%x. > Returning\n", __FUNCTION__, ResponseData.GroupExtensionId)); > + return EFI_DEVICE_ERROR; > + } else { > + if (BootstrapUsername !=3D NULL) { > + CopyMem (BootstrapUsername, ResponseData.Username, > USERNAME_MAX_LENGTH); > + // > + // Manually append null-terminator in case 16 characters usernam= e > returned. > + // > + BootstrapUsername[USERNAME_MAX_LENGTH] =3D '\0'; > + } > + > + if (BootstrapPassword !=3D NULL) { > + CopyMem (BootstrapPassword, ResponseData.Password, > PASSWORD_MAX_LENGTH); > + // > + // Manually append null-terminator in case 16 characters passwor= d > returned. > + // > + BootstrapPassword[PASSWORD_MAX_LENGTH] =3D '\0'; > + } > + } > + } > + > + return Status; > +} > + > +/** > + Retrieve platform's Redfish authentication information. > + > + This functions returns the Redfish authentication method together > + with the user Id and password. > + - For AuthMethodNone, the UserId and Password could be used for HTTP > header authentication > + as defined by RFC7235. > + - For AuthMethodRedfishSession, the UserId and Password could be used = for > Redfish > + session login as defined by Redfish API specification (DSP0266). > + > + Callers are responsible for and freeing the returned string storage. > + > + @param[in] This Pointer to > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > + @param[out] AuthMethod Type of Redfish authentication method= . > + @param[out] UserId The pointer to store the returned Use= rId string. > + @param[out] Password The pointer to store the returned Pas= sword > string. > + > + @retval EFI_SUCCESS Get the authentication information su= ccessfully. > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe= . > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or > Password is NULL. > + @retval EFI_OUT_OF_RESOURCES There are not enough memory resources= . > + @retval EFI_UNSUPPORTED Unsupported authentication method is > found. > + > +**/ > +EFI_STATUS > +EFIAPI > +LibCredentialGetAuthInfo ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod, > + OUT CHAR8 **UserId, > + OUT CHAR8 **Password > + ) > +{ > + EFI_STATUS Status; > + > + if ((AuthMethod =3D=3D NULL) || (UserId =3D=3D NULL) || (Password =3D= =3D NULL)) { > + return EFI_INVALID_PARAMETER; > + } > + > + *UserId =3D NULL; > + *Password =3D NULL; > + > + if (mRedfishServiceStopped) { > + DEBUG ((DEBUG_ERROR, "%a: credential service is stopped due to secur= ity > reason\n", __FUNCTION__)); > + return EFI_ACCESS_DENIED; > + } > + > + *AuthMethod =3D AuthMethodHttpBasic; > + > + *UserId =3D AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); if [Chang, Abner]=20 Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both BootUse= rname and BootstrapPassword? Because the maximum number of characters def= ined in the spec is USERNAME_MAX_LENGTH for the user/password. > + (*UserId =3D=3D NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + *Password =3D AllocateZeroPool (sizeof (CHAR8) * PASSWORD_MAX_SIZE); > + if (*Password =3D=3D NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + Status =3D GetBootstrapAccountCredentials (FALSE, *UserId, *Password); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: fail to get bootstrap credential: %r\n", > __FUNCTION__, Status)); > + return Status; > + } > + > + return EFI_SUCCESS; > +} > diff --git > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredenti= alLi > b.h > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredenti= alLi > b.h > new file mode 100644 > index 0000000000..5b448e01be > --- /dev/null > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > +++ dentialLib.h > @@ -0,0 +1,75 @@ > +/** @file > +* > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights reserv= ed. > +* > +* SPDX-License-Identifier: BSD-2-Clause-Patent > +* > +**/ > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include #include > + > + > +#define REDFISH_IPMI_GROUP_EXTENSION 0x52 > +#define REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD 0x02 > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE 0xA5 > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE 0x00 > +#define REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED > 0x80 > + > +// > +// Per Redfish Host Interface Specification 1.3, The maximum lenght of > +// username and password is 16 characters long. > +// > +#define USERNAME_MAX_LENGTH 16 > +#define PASSWORD_MAX_LENGTH 16 > +#define USERNAME_MAX_SIZE (USERNAME_MAX_LENGTH + 1) // NULL > terminator > +#define PASSWORD_MAX_SIZE (PASSWORD_MAX_LENGTH + 1) // NULL > terminator > + > +#pragma pack(1) > +/// > +/// The definition of IPMI command to get bootstrap account credentials > +/// typedef struct { > + UINT8 GroupExtensionId; > + UINT8 DisableBootstrapControl; > +} IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA; > + > +/// > +/// The response data of getting bootstrap credential /// typedef > +struct { > + UINT8 CompletionCode; > + UINT8 GroupExtensionId; > + CHAR8 Username[USERNAME_MAX_LENGTH]; > + CHAR8 Password[PASSWORD_MAX_LENGTH]; > +} IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE; > + > +#pragma pack() > + > +/** > + Function to retrieve temporary use credentials for the UEFI redfish > +client [Chang, Abner]=20 We miss the functionality to disable bootstrap credential service in the fu= nction description. > + > + @param[in] DisableBootstrapControl > + TRUE - Tell the BMC to disable the= bootstrap credential > + service to ensure no one el= se gains credentials > + FALSE Allow the bootstrap > + credential service to continue @param[out] BootstrapUsername > + A pointer to a UTF-8 encoded > + string for the credential username > + > + @param[out] BootstrapPassword > + A pointer to a UTF-8 encoded > + string for the credential password > + > + @retval EFI_SUCCESS Credentials were successfully fetc= hed and > returned [Chang, Abner] Or the bootstrap credential service is disabled successfully, right? > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > +**/ > +EFI_STATUS > +GetBootstrapAccountCredentials ( > + IN BOOLEAN DisableBootstrapControl, > + IN OUT CHAR8 *BootstrapUsername, > + IN OUT CHAR8 *BootstrapPassword > + ); > diff --git > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredenti= alLi > b.inf > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredenti= alLi > b.inf > new file mode 100644 > index 0000000000..a990d28363 > --- /dev/null > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > +++ dentialLib.inf > @@ -0,0 +1,37 @@ > +## @file > +# > +# Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights reserve= d. > +# > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ## > + > +[Defines] > + INF_VERSION =3D 0x0001000b > + BASE_NAME =3D RedfishPlatformCredentialLib > + FILE_GUID =3D 9C45D622-4C66-417F-814C-F76246D9723= 3 > + MODULE_TYPE =3D DXE_DRIVER > + VERSION_STRING =3D 1.0 > + LIBRARY_CLASS =3D RedfishPlatformCredentialLib > + > +[Sources] > + RedfishPlatformCredentialLib.c > + > +[Packages] > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + RedfishPkg/RedfishPkg.dec > + IpmiFeaturePkg/IpmiFeaturePkg.dec [Chang, Abner]=20 Could you please add a comment to the reference of IpmiFeaturePkg? We have= to give customers a notice that the dependence of "edk2-platforms/Features= /Intel/OutOfBandManagement/". They have to add the path to PACKAGES_PATH. Y= ou also have to skip this dependence in the RedfishPkg.yaml to avoid the CI= error. Another thing is I propose to move out IpmiFeaturePkg from edk2-platforms/F= eatures/Intel/OutOfBandManagement to edk2-platforms/Features/ManageabilityP= kg that also provides the implementation of PLDM/MCTP/IPMI/KCS. I had an = initial talk with IpmiFeaturePkg owner and get the positive response on thi= s proposal. I will kick off the discussion on the dev mailing list. That is= to say this module may need a little bit change later, however that is goo= d to me having this implementation now. Thanks Abner > + > +[LibraryClasses] > + UefiLib > + DebugLib > + IpmiBaseLib > + MemoryAllocationLib > + BaseMemoryLib > + > +[Pcd] > + gIpmiFeaturePkgTokenSpaceGuid.PcdIpmiFeatureEnable > + > +[Depex] > + TRUE > -- > 2.17.1