From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.87]) by mx.groups.io with SMTP id smtpd.web10.13958.1680053178506026839 for ; Tue, 28 Mar 2023 18:26:18 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@nvidia.com header.s=selector2 header.b=gZCDC/qJ; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: nvidia.com, ip: 40.107.223.87, mailfrom: nicklew@nvidia.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GsYWplW+xKdj/pR5RIQw4g/9kkNweKCXWEarVpBGvjwxnwB8QOtgBhWekb6GJ/HyZEBJHbhXNMBhPA87ZpEHrj6A+gifUHHS+15wdaJ8itTmmTKPGn5V7WWr8q8QY600U2+FJcVVX9hjX+F/PWmaYqeyl5hjQ2s7cVt/0+6Bj59zb8Qq+UU1X6u7S1NjXPtI3a8Wu5WxzUoAjhk1BGhRhiMhXKThbMHFAnyyqeX1+J/3VoIz70P/RtrejizFrTQbBX72KgUNtlsYrAJBO88ClqtLKGlBRG0XhRMIGEu+LMFbys1e0kF2EqXQRbQMiQ0PQ6ZajTGt2W1ZQC+BCKVPZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=g2gCxkMqXxcE9MnIO67//0y0Fj5TrnKvMzjU5XthqOo=; b=JqCK+MIN47cfrsSB5KgHq1NREb5H3KbXgQ9sFqTGnjxDM8PfWSLiZvKEHNj77dngp6FKUskh9INTBL1wlxVsSFvJZ3PFm/pOhXoFYyumOQONM/8ix8wJRnbnSOFdxBZD+EdNJKODxcQE+u62w8HEjtKC6eCEEKNDo2zxEl9LW63h94WiZOjOhccdvgfJgpLnjDm6zSl/1K1iz2/FxNc0o5DZ8ZXyqlef4PEoWdU8RS8/jWIv8mnNj+9vkwVk7LmRIFGFoJVVF0ye+7pLDYu7KLtKu0Rme3KjH7usGjnUjg4YMrCSSGbjxpNhGBLWJtoMH30WzPEv7mEni6Tn1hyVxQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=g2gCxkMqXxcE9MnIO67//0y0Fj5TrnKvMzjU5XthqOo=; b=gZCDC/qJ1J4uL53ZNRR2Uu5WXR6G9kS3dQdu+ggRUsYnVTlLhb9jZPFW4RCDgT8AfW2jmxAkI/Di9UsDR090bMeNnfCtnhA0zehZJy4LkaSJlr+GpIG9U+JHGN9vj8EFqYG7/pmTAZEbO9svUl+m1N4XEaM9o8JoxUmQVecO/fKg3Bw4rIhmUO3C6MwdaSy8YZLb3FOQ0gy6ZBbGWAKrhI4EHLOIcrrMLVoBzNcof4Voqbaz5bsp2fa725j1QEIZrWJHej8lHFRRAE0G+2Xoth3MqhbjOO1Jb2TZhJZxgoqznPeFvOxA8TfZszqREYLgIhCF1Wi4nV/zxkir/kRfoA== Received: from MW4PR12MB7031.namprd12.prod.outlook.com (2603:10b6:303:1ef::6) by MN2PR12MB4255.namprd12.prod.outlook.com (2603:10b6:208:198::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6222.33; Wed, 29 Mar 2023 01:26:15 +0000 Received: from MW4PR12MB7031.namprd12.prod.outlook.com ([fe80::c27a:fa4b:66ea:d266]) by MW4PR12MB7031.namprd12.prod.outlook.com ([fe80::c27a:fa4b:66ea:d266%6]) with mapi id 15.20.6178.041; Wed, 29 Mar 2023 01:26:15 +0000 From: "Nickle Wang" To: "devel@edk2.groups.io" , "igork@ami.com" CC: Abner Chang , Nick Ramirez Subject: Re: [edk2-devel] [PATCH v3] RedfishPkg/RedfishPlatformCredentialIpmiLib: IPMI implementation Thread-Topic: [edk2-devel] [PATCH v3] RedfishPkg/RedfishPlatformCredentialIpmiLib: IPMI implementation Thread-Index: AQHZYRaOop/h/avewk+bbR5QaYgLuq8QRRjAgACyhjA= Date: Wed, 29 Mar 2023 01:26:14 +0000 Message-ID: References: <20230328014208.48-1-nicklew@nvidia.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR12MB7031:EE_|MN2PR12MB4255:EE_ x-ms-office365-filtering-correlation-id: c7ed5f94-0e5a-4822-67d9-08db2ff496a0 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: kPvjOY3yv19UTPkZoICJXqfzNskgc+6I72TEnL7ZbkxVmh+CNSYNDcS4ZeeU61n0I+6maKXdRRXgr+UVk38qPqcC1qtHa6MGJHtAePGSeE3vFtDO8UJSE9pLoc6+MK46r+3ppgM0MLgw50R7MF8Jo26asgN9HM6L+Dz0R0D4OcieXrLHetlkJzjMfJo+NVCtJgNH9BUCAoXlvsN6nY2C+w8pErg9b9qNV4fj6vaSnH1fh+57b8xbGfYBlJLZ3l0WtLXOoJ6FnzlardFImK8XM5HRrHFLOxCvzdnx6a3ABthUwIWJehsRJ8Poql78IZKuYd+nt3mqSY2VgNUxwMqClcE9i/4sXVUUIyEPCKILNiFSjCKKT6ajfF8LmWnw20VSuh5xZKu9q6jsFKZbkdym3ISUzcpIu7qp0I/qjYHisJgaLUgnbDWvai688eMrY98+WwsLMR18+MlISOIQKG0KwGku7xah5Nm5Ugz99ed/aEc+ezixeeVqFTHtdRndR8nAAwMOe+I/S41vdGblKsRjN4DPiXumMj8mYfiyW8lD9VJK91CPRLWNoRn5KPBkVpXm772n1epA5vyWpK5iK+bM+zh6SXeuKHQSskEF0kLtjTJQbCxmj90L5L99wcib8iK9 x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR12MB7031.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(4636009)(396003)(346002)(376002)(136003)(39860400002)(366004)(451199021)(30864003)(2906002)(71200400001)(33656002)(38100700002)(966005)(7696005)(64756008)(66446008)(110136005)(66476007)(66946007)(4326008)(41300700001)(316002)(8676002)(76116006)(66556008)(54906003)(122000001)(478600001)(5660300002)(40140700001)(45080400002)(55016003)(83380400001)(38070700005)(52536014)(186003)(107886003)(9686003)(26005)(6506007)(53546011)(86362001)(8936002)(66899021)(213903007)(559001)(579004);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?KQufaXVNjTaIubeMt5JSRo3CUeqnVFO0z8XlW4qfOjtLg5PhumRg6KofIVFH?= =?us-ascii?Q?Y/75VeiBBn2BrE2la110Oel3L/Kp+k9jOAaoqoijUbdlwh9QZNii4zcM1S9s?= =?us-ascii?Q?14/KhfsaXSolX3a7dEDmcx2qQYvTbbingBbgG+pNRAJn3ccEnur+I3QRJAAz?= =?us-ascii?Q?Og7mau3E+VTfZDTquJMpz4cPuSy5FJxP1xe13h7H6T3JlBZX/YoVF0NqLQkr?= =?us-ascii?Q?IMAATtZYi2LnEI9fVH2QH0rQNslPEnD+eYP26cI0m5tVSoLV/NhdmSodBUoY?= =?us-ascii?Q?A25Ur8Ra+PQy3ykv3fk1fBXXi4g5xnUyiDLDLDhnEb/6dBVSvZp+Jso0wOYZ?= =?us-ascii?Q?5IpHqiWZsI1+xWGQwkPQmW3eH8TpwKXnS0RYL+mJexJuhkEVWAR02F2TNgdf?= =?us-ascii?Q?6pm4NDxOxvAN0LnPCdw3je0JDXrwNuunXaE6mPTE5ug1k8wlgRBQZQ0vuWp5?= =?us-ascii?Q?c4UIlCByZJhnTa522vS2RN8Rv/lcvneBQirXhDbbyrYoOt1WjVc7gP72wW9B?= =?us-ascii?Q?ujJc6Np3SAq06RhGh1HC2gyke5SNbapo0ZKRT5x2kpiII0y/LdYlySaYojjn?= =?us-ascii?Q?mZBxT/9PXof2v7aim3+q2YbUZGm7tkbk2ZoXV568lTz4UkI2bGSpcORv94nm?= =?us-ascii?Q?WYbaRI+N7m83Re7/xZBfEAWaHfCmNvjsddLnfHpi1407KHR0cjj8HtcTLDb4?= =?us-ascii?Q?LU8nCc3yfqhkOGRTeDEC1rd1OVGlAGnGx2iV5XJiN6zXMLzaLfWNhLIBb38T?= =?us-ascii?Q?0QX+OIL+ozTGan3IgXEitjEM8d3k5+64YDggCXjppx2KseyH1SRCpV5K7TYW?= =?us-ascii?Q?cozael6JGTa6dox3YWFJT+sXEu6NXDfyDk1Bw9Evo6e1xS3zILNNsgccS9lS?= =?us-ascii?Q?Pkr5jfIca5GoQtKhKf4iagXt5sEgehHQRIyJAfMA3Ru2vjPtd/Yedqgv/nwa?= =?us-ascii?Q?2jWfTmoCnFzDf4uHJcii2ZcblfoBU6v+bM8gzBuVfUzvS8eQFDxy0v7NhxVo?= =?us-ascii?Q?1jws/0Q0bn3WQyj03MzwnkIBvHwpTViZhn1dQZ8+9K26cT6ArbdUhUs8vJBy?= =?us-ascii?Q?/rA0bYTSLdoG4hkEw2mLkHqeZczaHPmy3CSjiiZF6eR9gjsemBtNZOXG53gm?= =?us-ascii?Q?szZz3AMUpgzxkp5/EVvw+lplZKqTpbdZfaJBbimnE4fpxFScgwSSi0IZk4ub?= =?us-ascii?Q?gzeVYUzL4KxLDmCdEpZJgWfHGupOvKAFWsD6wZ0ykPx277JxfrMV0H7+eE5p?= =?us-ascii?Q?67r/BmrLa62JYy8YozwHyjJljzrgpLCQ+3dg6Yx3USCr8cFwQ+kwUQ1eaxG7?= =?us-ascii?Q?3KUG7GQS0pYO8f2PFZILBlCgxLXgLB5YmF1ziz7vroRM0LF3WSioaS8qiPGh?= =?us-ascii?Q?SiXv1yHgDhpc+IxnMnO/E9C6kZoUoAgYq74CJE5N1fk2dNFVrEb5QPHDTWXY?= =?us-ascii?Q?97R3Vb9mY2NIyMwcD94PgU5LsCsSGePhwDXC00/YN6BVSw9+Y/ryYw+Nobtg?= =?us-ascii?Q?vFDs8Huvt5WVYD8zmtTB59ubuqkqR+eD5RxjWjq7lVrjQ4QXmu+8+U7opGOa?= =?us-ascii?Q?DG8xoqlLSfrHa0efbZM=3D?= MIME-Version: 1.0 X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR12MB7031.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: c7ed5f94-0e5a-4822-67d9-08db2ff496a0 X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Mar 2023 01:26:14.8052 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: WM7e/FfzmX4wkIGizcvx2pfB3wKEVjWKyjica6Td1jUoJ86s6TyULNg4oJFlhr4XKn+k+OtlnW1+q3s6faJ8uA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4255 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable > Igor: Since we get here when Status is success, then "Data" buffer will b= e allocated in that case. > Should we free that buffer before return? Thanks for catching this issue, Igor.=20 Version 4 is under CI testing. I will send it out soon. Regards, Nickle > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Igor > Kulchytskyy via groups.io > Sent: Tuesday, March 28, 2023 10:48 PM > To: Nickle Wang ; devel@edk2.groups.io > Cc: Abner Chang ; Nick Ramirez > > Subject: Re: [edk2-devel] [PATCH v3] > RedfishPkg/RedfishPlatformCredentialIpmiLib: IPMI implementation >=20 > External email: Use caution opening links or attachments >=20 >=20 > Hi Nickle, > It looks good except one small question I would like to raise. > Please check my comment below. > Thank you, > Igor >=20 > -----Original Message----- > From: Nickle Wang > Sent: Monday, March 27, 2023 9:42 PM > To: devel@edk2.groups.io > Cc: Abner Chang ; Igor Kulchytskyy ; > Nick Ramirez > Subject: [EXTERNAL] [PATCH v3] RedfishPkg/RedfishPlatformCredentialIpmiLi= b: > IPMI implementation >=20 >=20 > **CAUTION: The e-mail below is from an external source. Please exercise > caution before opening attachments, clicking links, or following guidance= .** >=20 > This library follows Redfish Host Interface specification and use IPMI co= mmand > to get bootstrap account credential(NetFn 2Ch, Command 02h) from BMC. > RedfishHostInterfaceDxe will use this credential for the following > communication between BIOS and BMC. >=20 > Signed-off-by: Nickle Wang > Cc: Abner Chang > Cc: Igor Kulchytskyy > Cc: Nick Ramirez > --- > RedfishPkg/RedfishPkg.dec | 7 + > RedfishPkg/RedfishLibs.dsc.inc | 1 + > RedfishPkg/RedfishPkg.dsc | 2 + > .../RedfishPlatformCredentialIpmiLib.inf | 42 ++ > .../RedfishPlatformCredentialIpmiLib.h | 89 ++++ > .../RedfishPlatformCredentialIpmiLib.c | 457 ++++++++++++++++++ > 6 files changed, 598 insertions(+) > create mode 100644 > RedfishPkg/Library/RedfishPlatformCredentialIpmiLib/RedfishPlatformCreden= tia > lIpmiLib.inf > create mode 100644 > RedfishPkg/Library/RedfishPlatformCredentialIpmiLib/RedfishPlatformCreden= tia > lIpmiLib.h > create mode 100644 > RedfishPkg/Library/RedfishPlatformCredentialIpmiLib/RedfishPlatformCreden= tia > lIpmiLib.c >=20 > diff --git a/RedfishPkg/RedfishPkg.dec b/RedfishPkg/RedfishPkg.dec index > 42d28d6dac..f171053aec 100644 > --- a/RedfishPkg/RedfishPkg.dec > +++ b/RedfishPkg/RedfishPkg.dec > @@ -81,6 +81,9 @@ > [Guids] > gEfiRedfishPkgTokenSpaceGuid =3D { 0x4fdbccb7, 0xe829, 0x4b4c, { = 0x88, > 0x87, 0xb2, 0x3f, 0xd7, 0x25, 0x4b, 0x85 }} >=20 > + # Redfish variable guid > + gEfiRedfishVariableGuid =3D { 0x85ef8dd3, 0xe606, 0x4b89, { = 0x8b, 0xbd, > 0x93, 0xbf, 0x5c, 0xbe, 0x1c, 0x18 } } > + > [PcdsFixedAtBuild, PcdsPatchableInModule] > # > # This PCD is the UEFI device path which is used as the Redfish host i= nterface. > @@ -123,3 +126,7 @@ > # specification for that. > # > gEfiRedfishPkgTokenSpaceGuid.PcdRedfishServiceUuid|L"00000000-0000- > 0000-0000-000000000000"|VOID*|0x00001006 > + # > + # This PCD indicates that if BMC bootstrap credential service will be = disabled > by BIOS or not. > + # > + > + gEfiRedfishPkgTokenSpaceGuid.PcdRedfishDisableBootstrapCredentialServi > + ce|FALSE|BOOLEAN|0x00001007 > diff --git a/RedfishPkg/RedfishLibs.dsc.inc b/RedfishPkg/RedfishLibs.dsc.= inc > index 84f52d4b27..110526738c 100644 > --- a/RedfishPkg/RedfishLibs.dsc.inc > +++ b/RedfishPkg/RedfishLibs.dsc.inc > @@ -19,5 +19,6 @@ > JsonLib|RedfishPkg/Library/JsonLib/JsonLib.inf > RedfishLib|RedfishPkg/PrivateLibrary/RedfishLib/RedfishLib.inf > RedfishDebugLib|RedfishPkg/Library/RedfishDebugLib/RedfishDebugLib.inf > + > + RedfishPlatformCredentialLib|RedfishPkg/Library/RedfishPlatformCredent > + ialIpmiLib/RedfishPlatformCredentialIpmiLib.inf > !endif >=20 > diff --git a/RedfishPkg/RedfishPkg.dsc b/RedfishPkg/RedfishPkg.dsc index > 223ab72c1d..5503e65de4 100644 > --- a/RedfishPkg/RedfishPkg.dsc > +++ b/RedfishPkg/RedfishPkg.dsc > @@ -4,6 +4,7 @@ > # Copyright (c) 2019 - 2021, Intel Corporation. All rights reserved.
= # (C) > Copyright 2021 Hewlett-Packard Enterprise Development LP. > # Copyright (C) 2023 Advanced Micro Devices, Inc. All rights reserved. > +# Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights reserv= ed. > # > # SPDX-License-Identifier: BSD-2-Clause-Patent > # > @@ -59,6 +60,7 @@ >=20 > RedfishPkg/Library/PlatformHostInterfaceLibNull/PlatformHostInterfaceLibN= ull. > inf >=20 > RedfishPkg/Library/PlatformHostInterfaceBmcUsbNicLib/PlatformHostInterfac= e > BmcUsbNicLib.inf > RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull= .inf > + > + RedfishPkg/Library/RedfishPlatformCredentialIpmiLib/RedfishPlatformCre > + dentialIpmiLib.inf >=20 > RedfishPkg/Library/RedfishContentCodingLibNull/RedfishContentCodingLibNul= l.i > nf > RedfishPkg/Library/DxeRestExLib/DxeRestExLib.inf > RedfishPkg/Library/BaseUcs2Utf8Lib/BaseUcs2Utf8Lib.inf > diff --git > a/RedfishPkg/Library/RedfishPlatformCredentialIpmiLib/RedfishPlatformCred= en > tialIpmiLib.inf > b/RedfishPkg/Library/RedfishPlatformCredentialIpmiLib/RedfishPlatformCred= en > tialIpmiLib.inf > new file mode 100644 > index 0000000000..5c20ea22f8 > --- /dev/null > +++ b/RedfishPkg/Library/RedfishPlatformCredentialIpmiLib/RedfishPlatfor > +++ mCredentialIpmiLib.inf > @@ -0,0 +1,42 @@ > +## @file > +# INF file for RedfishPlatformCredentialIpmiLib. > +# > +# Copyright (c) 2022-2023 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > +# > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ## > + > +[Defines] > + INF_VERSION =3D 0x0001000b > + BASE_NAME =3D RedfishPlatformCredentialIpmiLib > + FILE_GUID =3D 9C45D622-4C66-417F-814C-F76246D9723= 3 > + MODULE_TYPE =3D DXE_DRIVER > + VERSION_STRING =3D 1.0 > + LIBRARY_CLASS =3D RedfishPlatformCredentialIpmiLib > + > +[Sources] > + RedfishPlatformCredentialIpmiLib.c > + RedfishPlatformCredentialIpmiLib.h > + > +[Packages] > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + RedfishPkg/RedfishPkg.dec > + > +[LibraryClasses] > + UefiLib > + DebugLib > + IpmiLib > + MemoryAllocationLib > + BaseMemoryLib > + UefiRuntimeServicesTableLib > + > +[Pcd] > + > +gEfiRedfishPkgTokenSpaceGuid.PcdRedfishDisableBootstrapCredentialServic > +e > + > +[Guids] > + gEfiRedfishVariableGuid > + > +[Depex] > + TRUE > diff --git > a/RedfishPkg/Library/RedfishPlatformCredentialIpmiLib/RedfishPlatformCred= en > tialIpmiLib.h > b/RedfishPkg/Library/RedfishPlatformCredentialIpmiLib/RedfishPlatformCred= en > tialIpmiLib.h > new file mode 100644 > index 0000000000..898ee88844 > --- /dev/null > +++ b/RedfishPkg/Library/RedfishPlatformCredentialIpmiLib/RedfishPlatfor > +++ mCredentialIpmiLib.h > @@ -0,0 +1,89 @@ > +/** @file > + Header file for RedfishPlatformCredentialIpmiLib. > + > + Copyright (c) 2022-2023 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > + > + SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#ifndef REDFISH_PLATFORM_CREDENTIAL_IPMI_LIB_H_ > +#define REDFISH_PLATFORM_CREDENTIAL_IPMI_LIB_H_ > + > +#include > +#include > +#include > + > +#include > + > +#include > +#include > +#include > +#include > +#include #include > + #include #include > + > + > +#define CREDENTIAL_VARIABLE_NAME L"Partstooblaitnederc" > + > +/// > +/// The bootstrap credential keeping in UEFI variable /// typedef > +struct { > + CHAR8 Username[USERNAME_MAX_SIZE]; > + CHAR8 Password[PASSWORD_MAX_SIZE]; > +} BOOTSTRAP_CREDENTIALS_VARIABLE; > + > +/** > + Function to retrieve temporary user credentials for the UEFI redfish > +client. This function can > + also disable bootstrap credential service in BMC. > + > + @param[in] DisableBootstrapControl TRUE - Tell the BMC to disable = the > bootstrap credential > + service to ensure no one= else gains credentials > + FALSE Allow the bootstrap cred= ential service to > continue > + @param[in,out] BootstrapUsername A pointer to a Ascii encoded st= ring > for the credential username > + When DisableBootstrapControl is= TRUE, this pointer can > be NULL > + @param[in] BootstrapUsernameSize The size of BootstrapUsername > including NULL terminator in bytes. > + Per specification, the size is = USERNAME_MAX_SIZE. > + @param[in,out] BootstrapPassword A pointer to a Ascii encoded st= ring for > the credential password > + When DisableBootstrapControl is= TRUE, this pointer can > be NULL > + @param[in] BootstrapPasswordSize The size of BootstrapPassword > including NULL terminator in bytes. > + Per specification, the size is = PASSWORD_MAX_SIZE. > + > + @retval EFI_SUCCESS Credentials were successfully fetc= hed and > returned. When DisableBootstrapControl > + is set to TRUE, the bootstrap cred= ential service is disabled > successfully. > + @retval EFI_INVALID_PARAMETER BootstrapUsername or > BootstrapPassword is NULL when DisableBootstrapControl > + is set to FALSE. BootstrapUsername= Size or > BootstrapPasswordSize is incorrect when > + DisableBootstrapControl is set to = FALSE. > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > +**/ > +EFI_STATUS > +GetBootstrapAccountCredentials ( > + IN BOOLEAN DisableBootstrapControl, > + IN OUT CHAR8 *BootstrapUsername, OPTIONAL > + IN UINTN BootstrapUsernameSize, > + IN OUT CHAR8 *BootstrapPassword, OPTIONAL > + IN UINTN BootstrapPasswordSize > + ); > + > +/** > + Function to save temporary user credentials into boot time variable. > +When DeleteVariable is True, > + this function delete boot time variable. > + > + @param[in] BootstrapUsername A pointer to a Ascii encoded string= for the > credential username. > + @param[in] BootstrapPassword A pointer to a Ascii encoded string= for the > credential password. > + @param[in] DeleteVariable True to remove boot time variable. = False > otherwise. > + > + @retval EFI_SUCCESS Credentials were successfully save= d. > + @retval EFI_INVALID_PARAMETER BootstrapUsername or > BootstrapPassword is NULL > + @retval Others Error occurs > +**/ > +EFI_STATUS > +SetBootstrapAccountCredentialsToVariable ( > + IN CHAR8 *BootstrapUsername, OPTIONAL > + IN CHAR8 *BootstrapPassword, OPTIONAL > + IN BOOLEAN DeleteVariable > + ); > + > +#endif > diff --git > a/RedfishPkg/Library/RedfishPlatformCredentialIpmiLib/RedfishPlatformCred= en > tialIpmiLib.c > b/RedfishPkg/Library/RedfishPlatformCredentialIpmiLib/RedfishPlatformCred= en > tialIpmiLib.c > new file mode 100644 > index 0000000000..7fccf1795d > --- /dev/null > +++ b/RedfishPkg/Library/RedfishPlatformCredentialIpmiLib/RedfishPlatfor > +++ mCredentialIpmiLib.c > @@ -0,0 +1,457 @@ > +/** @file > + Implementation of getting bootstrap credential via IPMI. > + > + Copyright (c) 2022-2023 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > + > + SPDX-License-Identifier: BSD-2-Clause-Patent > + > + @par Specification Reference: > + - Redfish Host Interface Specification > + > +(https://nam12.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww= . > +dmtf.org%2Fsites%2Fdefault%2Ffiles%2Fstandards%2Fdocuments%2FDSP0270 > _1. > +3.0.pdf&data=3D05%7C01%7Cigork%40ami.com%7C161990c6849e4c32d2fa08d > b2f2dae > +cc%7C27e97857e15f486cb58e86c2b3040f93%7C1%7C1%7C638155645493575 > 932%7CUn > +known%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik > 1haWw > +iLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=3DuFc4G56EXmukiU9OxabYXBk > wmJnxr8C5J > +6gcBXZYnoI%3D&reserved=3D0) > +**/ > + > +#include "RedfishPlatformCredentialIpmiLib.h" > + > +// > +// Global flag of controlling credential service // BOOLEAN > +mRedfishServiceStopped =3D FALSE; > + > +/** > + Notify the Redfish service provide to stop provide configuration servi= ce to this > platform. > + > + This function should be called when the platform is about to leave the= safe > environment. > + It will notify the Redfish service provider to abort all login > + session, and prohibit further login with original auth info. > + GetAuthInfo() will return EFI_UNSUPPORTED once this function is return= ed. > + > + @param[in] This Pointer to > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > + @param[in] ServiceStopType Reason of stopping Redfish service. > + > + @retval EFI_SUCCESS Service has been stoped successfully. > + @retval EFI_INVALID_PARAMETER This is NULL. > + @retval Others Some error happened. > + > +**/ > +EFI_STATUS > +EFIAPI > +LibStopRedfishService ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType > + ) > +{ > + EFI_STATUS Status; > + > + if ((ServiceStopType <=3D ServiceStopTypeNone) || (ServiceStopType >= =3D > ServiceStopTypeMax)) { > + return EFI_INVALID_PARAMETER; > + } > + > + // > + // Only stop credential service after leaving BIOS // if > + (ServiceStopType !=3D ServiceStopTypeExitBootService) { > + return EFI_UNSUPPORTED; > + } > + > + // > + // Raise flag first > + // > + mRedfishServiceStopped =3D TRUE; > + > + // > + // Delete cached variable > + // > + Status =3D SetBootstrapAccountCredentialsToVariable (NULL, NULL, TRUE)= ; > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: fail to remove bootstrap credential: > + %r\n", __FUNCTION__, Status)); } > + > + DEBUG ((DEBUG_INFO, "%a: bootstrap credential service stopped\n", > + __FUNCTION__)); > + > + return EFI_SUCCESS; > +} > + > +/** > + Notification of Exit Boot Service. > + > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > +**/ > +VOID > +EFIAPI > +LibCredentialExitBootServicesNotify ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > + ) > +{ > + // > + // Stop the credential support when system is about to enter OS. > + // > + LibStopRedfishService (This, ServiceStopTypeExitBootService); } > + > +/** > + Notification of End of DXe. > + > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > +**/ > +VOID > +EFIAPI > +LibCredentialEndOfDxeNotify ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > + ) > +{ > + // > + // Do nothing now. > + // We can stop credential support when system reach end-of-dxe for sec= urity > reason. > + // > +} > + > +/** > + Function to retrieve temporary user credentials for the UEFI redfish > +client. This function can > + also disable bootstrap credential service in BMC. > + > + @param[in] DisableBootstrapControl TRUE - Tell the BMC to disable = the > bootstrap credential > + service to ensure no one= else gains credentials > + FALSE Allow the bootstrap cred= ential service to > continue > + @param[in,out] BootstrapUsername A pointer to a Ascii encoded st= ring > for the credential username > + When DisableBootstrapControl is= TRUE, this pointer can > be NULL > + @param[in] BootstrapUsernameSize The size of BootstrapUsername > including NULL terminator in bytes. > + Per specification, the size is = USERNAME_MAX_SIZE. > + @param[in,out] BootstrapPassword A pointer to a Ascii encoded st= ring for > the credential password > + When DisableBootstrapControl is= TRUE, this pointer can > be NULL > + @param[in] BootstrapPasswordSize The size of BootstrapPassword > including NULL terminator in bytes. > + Per specification, the size is = PASSWORD_MAX_SIZE. > + > + @retval EFI_SUCCESS Credentials were successfully fetc= hed and > returned. When DisableBootstrapControl > + is set to TRUE, the bootstrap cred= ential service is disabled > successfully. > + @retval EFI_INVALID_PARAMETER BootstrapUsername or > BootstrapPassword is NULL when DisableBootstrapControl > + is set to FALSE. BootstrapUsername= Size or > BootstrapPasswordSize is incorrect when > + DisableBootstrapControl is set to = FALSE. > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > +**/ > +EFI_STATUS > +GetBootstrapAccountCredentials ( > + IN BOOLEAN DisableBootstrapControl, > + IN OUT CHAR8 *BootstrapUsername, OPTIONAL > + IN UINTN BootstrapUsernameSize, > + IN OUT CHAR8 *BootstrapPassword, OPTIONAL > + IN UINTN BootstrapPasswordSize > + ) > +{ > + EFI_STATUS Status; > + IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA CommandData; > + IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE ResponseData; > + UINT32 ResponseSize; > + > + // > + // NULL buffer check > + // > + if (!DisableBootstrapControl && ((BootstrapUsername =3D=3D NULL) || > (BootstrapPassword =3D=3D NULL))) { > + return EFI_INVALID_PARAMETER; > + } > + > + if ((BootstrapUsernameSize !=3D USERNAME_MAX_SIZE) || > (BootstrapPasswordSize !=3D PASSWORD_MAX_SIZE)) { > + return EFI_INVALID_PARAMETER; > + } > + > + DEBUG ((DEBUG_VERBOSE, "%a: Disable bootstrap control: 0x%x\n", > + __FUNCTION__, DisableBootstrapControl)); > + > + // > + // IPMI callout to NetFn 2C, command 02 > + // Request data: > + // Byte 1: REDFISH_IPMI_GROUP_EXTENSION > + // Byte 2: DisableBootstrapControl > + // > + CommandData.GroupExtensionId =3D REDFISH_IPMI_GROUP_EXTENSION; > + CommandData.DisableBootstrapControl =3D (DisableBootstrapControl ? > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE : > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE); > + > + ResponseSize =3D sizeof (ResponseData); > + > + // > + // Response data: > + // Byte 1 : Completion code > + // Byte 2 : REDFISH_IPMI_GROUP_EXTENSION > + // Byte 3-18 : Username > + // Byte 19-34: Password > + // > + Status =3D IpmiSubmitCommand ( > + IPMI_NETFN_GROUP_EXT, > + REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD, > + (UINT8 *)&CommandData, > + sizeof (CommandData), > + (UINT8 *)&ResponseData, > + &ResponseSize > + ); > + > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: IPMI transaction failure. Returning\n", > __FUNCTION__)); > + return Status; > + } else { > + if (ResponseData.CompletionCode !=3D IPMI_COMP_CODE_NORMAL) { > + if (ResponseData.CompletionCode =3D=3D > REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED) { > + DEBUG ((DEBUG_ERROR, "%a: bootstrap credential support was > disabled\n", __FUNCTION__)); > + return EFI_ACCESS_DENIED; > + } > + > + DEBUG ((DEBUG_ERROR, "%a: Completion code =3D 0x%x. Returning\n", > __FUNCTION__, ResponseData.CompletionCode)); > + return EFI_PROTOCOL_ERROR; > + } else if (ResponseData.GroupExtensionId !=3D > REDFISH_IPMI_GROUP_EXTENSION) { > + DEBUG ((DEBUG_ERROR, "%a: Group Extension Response =3D 0x%x. > Returning\n", __FUNCTION__, ResponseData.GroupExtensionId)); > + return EFI_DEVICE_ERROR; > + } else { > + if (BootstrapUsername !=3D NULL) { > + CopyMem (BootstrapUsername, ResponseData.Username, > USERNAME_MAX_LENGTH); > + // > + // Manually append null-terminator in case 16 characters usernam= e > returned. > + // > + BootstrapUsername[USERNAME_MAX_LENGTH] =3D '\0'; > + } > + > + if (BootstrapPassword !=3D NULL) { > + CopyMem (BootstrapPassword, ResponseData.Password, > PASSWORD_MAX_LENGTH); > + // > + // Manually append null-terminator in case 16 characters passwor= d > returned. > + // > + BootstrapPassword[PASSWORD_MAX_LENGTH] =3D '\0'; > + } > + } > + } > + > + DEBUG ((DEBUG_INFO, "%a: get bootstrap credential via IPMI: %r\n", > + __FUNCTION__, Status)); > + > + return Status; > +} > + > +/** > + Function to retrieve temporary user credentials from cached boot time > variable. > + > + @param[in,out] BootstrapUsername A pointer to a Ascii encoded stri= ng for > the credential username. > + @param[in] BootstrapUsernameSize The size of BootstrapUsername > including NULL terminator in bytes. > + Per specification, the size is US= ERNAME_MAX_SIZE. > + @param[in,out] BootstrapPassword A pointer to a Ascii encoded stri= ng for > the credential password. > + @param[in] BootstrapPasswordSize The size of BootstrapPassword > including NULL terminator in bytes. > + Per specification, the size is PA= SSWORD_MAX_SIZE. > + > + @retval EFI_SUCCESS Credentials were successfully fetc= hed and > returned. > + @retval EFI_INVALID_PARAMETER BootstrapUsername or > BootstrapPassword is NULL. > + BootstrapUsernameSize or Bootstrap= PasswordSize is > incorrect. > + @retval EFI_NOT_FOUND No variable found for account and > credentials. > +**/ > +EFI_STATUS > +GetBootstrapAccountCredentialsFromVariable ( > + IN OUT CHAR8 *BootstrapUsername, > + IN UINTN BootstrapUsernameSize, > + IN OUT CHAR8 *BootstrapPassword, > + IN UINTN BootstrapPasswordSize > + ) > +{ > + EFI_STATUS Status; > + BOOTSTRAP_CREDENTIALS_VARIABLE *CredentialVariable; > + VOID *Data; > + UINTN DataSize; > + > + if ((BootstrapUsername =3D=3D NULL) || (BootstrapPassword =3D=3D NULL)= ) { > + return EFI_INVALID_PARAMETER; > + } > + > + if ((BootstrapUsernameSize !=3D USERNAME_MAX_SIZE) || > (BootstrapPasswordSize !=3D PASSWORD_MAX_SIZE)) { > + return EFI_INVALID_PARAMETER; > + } > + > + DataSize =3D 0; > + Status =3D GetVariable2 ( > + CREDENTIAL_VARIABLE_NAME, > + &gEfiRedfishVariableGuid, > + (VOID *)&Data, > + &DataSize > + ); > + if (EFI_ERROR (Status)) { > + return EFI_NOT_FOUND; > + } > + > + if (DataSize !=3D sizeof (BOOTSTRAP_CREDENTIALS_VARIABLE)) { > + DEBUG ((DEBUG_ERROR, "%a: data corruption. returned size: %d !=3D > + structure size: %d\n", __FUNCTION__, DataSize, sizeof > + (BOOTSTRAP_CREDENTIALS_VARIABLE))); > Igor: Since we get here when Status is success, then "Data" buffer will b= e > allocated in that case. > Should we free that buffer before return? > + return EFI_NOT_FOUND; > + } > + > + CredentialVariable =3D (BOOTSTRAP_CREDENTIALS_VARIABLE *)Data; > + > + AsciiStrCpyS (BootstrapUsername, USERNAME_MAX_SIZE, > + CredentialVariable->Username); AsciiStrCpyS (BootstrapPassword, > + PASSWORD_MAX_SIZE, CredentialVariable->Password); > + > + ZeroMem (CredentialVariable->Username, USERNAME_MAX_SIZE); ZeroMem > + (CredentialVariable->Password, PASSWORD_MAX_SIZE); > + > + FreePool (Data); > + > + DEBUG ((DEBUG_INFO, "%a: get bootstrap credential from variable\n", > + __FUNCTION__)); > + > + return EFI_SUCCESS; > +} > + > +/** > + Function to save temporary user credentials into boot time variable. > +When DeleteVariable is True, > + this function delete boot time variable. > + > + @param[in] BootstrapUsername A pointer to a Ascii encoded string= for the > credential username. > + @param[in] BootstrapPassword A pointer to a Ascii encoded string= for the > credential password. > + @param[in] DeleteVariable True to remove boot time variable. = False > otherwise. > + > + @retval EFI_SUCCESS Credentials were successfully save= d. > + @retval EFI_INVALID_PARAMETER BootstrapUsername or > BootstrapPassword is NULL > + @retval Others Error occurs > +**/ > +EFI_STATUS > +SetBootstrapAccountCredentialsToVariable ( > + IN CHAR8 *BootstrapUsername, OPTIONAL > + IN CHAR8 *BootstrapPassword, OPTIONAL > + IN BOOLEAN DeleteVariable > + ) > +{ > + EFI_STATUS Status; > + BOOTSTRAP_CREDENTIALS_VARIABLE CredentialVariable; > + VOID *Data; > + > + if (!DeleteVariable && ((BootstrapUsername =3D=3D NULL) || > (BootstrapUsername[0] =3D=3D '\0'))) { > + return EFI_INVALID_PARAMETER; > + } > + > + if (!DeleteVariable && ((BootstrapPassword =3D=3D NULL) || > (BootstrapPassword[0] =3D=3D '\0'))) { > + return EFI_INVALID_PARAMETER; > + } > + > + // > + // Delete variable > + // > + Status =3D GetVariable2 ( > + CREDENTIAL_VARIABLE_NAME, > + &gEfiRedfishVariableGuid, > + (VOID *)&Data, > + NULL > + ); > + if (!EFI_ERROR (Status)) { > + FreePool (Data); > + gRT->SetVariable ( > + CREDENTIAL_VARIABLE_NAME, > + &gEfiRedfishVariableGuid, > + EFI_VARIABLE_BOOTSERVICE_ACCESS, > + 0, > + NULL > + ); > + } > + > + // > + // This is request to delete credentials. We are done. > + // > + if (DeleteVariable) { > + return EFI_SUCCESS; > + } > + > + ZeroMem (CredentialVariable.Username, USERNAME_MAX_SIZE); ZeroMem > + (CredentialVariable.Password, PASSWORD_MAX_SIZE); > + > + AsciiStrCpyS (CredentialVariable.Username, USERNAME_MAX_SIZE, > + BootstrapUsername); AsciiStrCpyS (CredentialVariable.Password, > + PASSWORD_MAX_SIZE, BootstrapPassword); > + > + Status =3D gRT->SetVariable ( > + CREDENTIAL_VARIABLE_NAME, > + &gEfiRedfishVariableGuid, > + EFI_VARIABLE_BOOTSERVICE_ACCESS, > + sizeof (BOOTSTRAP_CREDENTIALS_VARIABLE), > + (VOID *)&CredentialVariable > + ); > + > + ZeroMem (CredentialVariable.Username, USERNAME_MAX_SIZE); ZeroMem > + (CredentialVariable.Password, PASSWORD_MAX_SIZE); > + > + return Status; > +} > + > +/** > + Retrieve platform's Redfish authentication information. > + > + This functions returns the Redfish authentication method together > + with the user Id and password. > + - For AuthMethodNone, the UserId and Password could be used for HTTP > header authentication > + as defined by RFC7235. > + - For AuthMethodRedfishSession, the UserId and Password could be used = for > Redfish > + session login as defined by Redfish API specification (DSP0266). > + > + Callers are responsible for and freeing the returned string storage. > + > + @param[in] This Pointer to > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > + @param[out] AuthMethod Type of Redfish authentication method= . > + @param[out] UserId The pointer to store the returned Use= rId string. > + @param[out] Password The pointer to store the returned Pas= sword > string. > + > + @retval EFI_SUCCESS Get the authentication information su= ccessfully. > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe= . > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or > Password is NULL. > + @retval EFI_OUT_OF_RESOURCES There are not enough memory resources= . > + @retval EFI_UNSUPPORTED Unsupported authentication method is > found. > + > +**/ > +EFI_STATUS > +EFIAPI > +LibCredentialGetAuthInfo ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod, > + OUT CHAR8 **UserId, > + OUT CHAR8 **Password > + ) > +{ > + EFI_STATUS Status; > + BOOLEAN DisableCredentialService; > + > + if ((AuthMethod =3D=3D NULL) || (UserId =3D=3D NULL) || (Password =3D= =3D NULL)) { > + return EFI_INVALID_PARAMETER; > + } > + > + *UserId =3D NULL; > + *Password =3D NULL; > + DisableCredentialService =3D PcdGetBool > + (PcdRedfishDisableBootstrapCredentialService); > + > + if (mRedfishServiceStopped) { > + DEBUG ((DEBUG_ERROR, "%a: credential service is stopped due to secur= ity > reason\n", __FUNCTION__)); > + return EFI_ACCESS_DENIED; > + } > + > + *AuthMethod =3D AuthMethodHttpBasic; > + > + *UserId =3D AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); if > + (*UserId =3D=3D NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + *Password =3D AllocateZeroPool (sizeof (CHAR8) * PASSWORD_MAX_SIZE); > + if (*Password =3D=3D NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + // > + // Get bootstrap credential from variable first // Status =3D > + GetBootstrapAccountCredentialsFromVariable (*UserId, > + USERNAME_MAX_SIZE, *Password, PASSWORD_MAX_SIZE); if (!EFI_ERROR > (Status)) { > + return EFI_SUCCESS; > + } > + > + // > + // Make a IPMI query > + // > + Status =3D GetBootstrapAccountCredentials (DisableCredentialService, > + *UserId, USERNAME_MAX_SIZE, *Password, PASSWORD_MAX_SIZE); if > (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: fail to get bootstrap credential: %r\n", > __FUNCTION__, Status)); > + return Status; > + } > + > + if (DisableCredentialService) { > + DEBUG ((DEBUG_INFO, "%a: credential bootstrapping control > + disabled\n", __FUNCTION__)); } > + > + Status =3D SetBootstrapAccountCredentialsToVariable (*UserId, > + *Password, FALSE); if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: fail to cache bootstrap credential: > + %r\n", __FUNCTION__, Status)); } > + > + return EFI_SUCCESS; > +} > -- > 2.40.0.windows.1 >=20 > -The information contained in this message may be confidential and propri= etary > to American Megatrends (AMI). This communication is intended to be read o= nly > by the individual or entity to whom it is addressed or by their designee.= If the > reader of this message is not the intended recipient, you are on notice t= hat any > distribution of this message, in any form, is strictly prohibited. Please= promptly > notify the sender by reply e-mail or by telephone at 770-246-8600, and th= en > delete or destroy all copies of the transmission. >=20 >=20 >=20 >=20