From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 66282740035 for ; Tue, 23 Apr 2024 07:09:27 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=4Gcp4E1cJfEDQbiXfg1CXIcznALyvhobkXgC+1f6RPo=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:msip_labels:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1713856165; v=1; b=4G/IeTz4TS8l1gzOSqwlbJ6cmYlMyLu7E3tfwaXhduV1/ZBmvO7YBJrJ6KPeIHYzUbgSHxAc cMmcSZ2QtdUjkenSpT4BarsrPgxq0UiMIEK8G3wUlrNFKzDa1nGoHGUufBR7utIa2pysez+LJ5X NypV3yuam9bUWqS2hy4l2gfc/ee0s7lGjPVktTWhUzrkF9FM3EXBx7br6YYDBPtM/y3tWLRIDIx TOjvJJWzj8odU7GXk9VUpadXKFdKf6gcjuvTSFN9BSzPXFXJ2bAdzg52jkKBjyvzO7AfX/jlK/y 00VdncOLdJHa8r5i13j5I5+JVNlaK9ct6z4jrPaYTlUeA== X-Received: by 127.0.0.2 with SMTP id X45pYY7687511x4QGEpawnwB; Tue, 23 Apr 2024 00:09:25 -0700 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.46]) by mx.groups.io with SMTP id smtpd.web11.12782.1713856164553449112 for ; Tue, 23 Apr 2024 00:09:24 -0700 X-Received: from MW4PR12MB7031.namprd12.prod.outlook.com (2603:10b6:303:1ef::6) by CY5PR12MB6406.namprd12.prod.outlook.com (2603:10b6:930:3d::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.44; Tue, 23 Apr 2024 07:09:19 +0000 X-Received: from MW4PR12MB7031.namprd12.prod.outlook.com ([fe80::fef9:2c9c:21b5:6f50]) by MW4PR12MB7031.namprd12.prod.outlook.com ([fe80::fef9:2c9c:21b5:6f50%2]) with mapi id 15.20.7472.044; Tue, 23 Apr 2024 07:09:19 +0000 From: "Nickle Wang via groups.io" To: Igor Kulchytskyy , "Chang, Abner" , "devel@edk2.groups.io" CC: Nick Ramirez Subject: Re: [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg: introduce RedfishBootstrapAccountDxe Thread-Topic: [EXTERNAL] RE: [edk2-redfish-client][PATCH] RedfishClientPkg: introduce RedfishBootstrapAccountDxe Thread-Index: AQHakYvahXCxgTyFuk+EKdJSQR7xS7FzkWuwgADXt4CAAN4gEA== Date: Tue, 23 Apr 2024 07:09:19 +0000 Message-ID: References: <20240418122730.18204-1-nicklew@nvidia.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_ActionId=02042108-8add-4e61-9fed-ea197e2b5c86;MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_ContentBits=0;MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_Enabled=true;MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_Method=Standard;MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_Name=General;MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_SetDate=2024-04-22T02:10:33Z;MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_SiteId=3dd8961f-e488-4e60-8e11-a82d994e183d; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR12MB7031:EE_|CY5PR12MB6406:EE_ x-ms-office365-filtering-correlation-id: 56bfa34c-d5c5-4be7-1d21-08dc63644b85 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: =?us-ascii?Q?BwwprryyslGyZiMreQTC5vODMODsWSoTbd08T+LwKdJoE0AAbq7x0Ld/VOTw?= =?us-ascii?Q?SNcaLf0yoEVWt4OLYEkUaANt4fW1d/2PdwhERYLV3KlFiVGMqtHQwvFDfTIc?= =?us-ascii?Q?OaoUdn4CUs1u9xRXJlLjqeSVd3QUFHw/rbp5uajbTpNwwTWbFU20IpSiCi4V?= =?us-ascii?Q?RZTbTw275g72kptdS2JokpKxfzmKW72F7SjjR6n09w4KKSvZzuZ0Uq564fOj?= =?us-ascii?Q?/Zyq9BylLPUUADGWOMrKcgdFLDAHCfZaAw5rnU0rdia2Z5zTweupZfQ0qUv1?= =?us-ascii?Q?jpk1nZ0fGqeDthF/LtSDXl9nWY6VatEjbFDcEG8f1Ydd7aKHz9+K5R+1tyd6?= =?us-ascii?Q?MUMrkl62VFLVWpUrQcyazScDXARJ2WSDhercXthw4UvucOLP7FSIp5vuvpIg?= =?us-ascii?Q?7EGTTB0gR/KpOQUdeRChwp9XK/Mzx9OhPLRWcQLwgQq+PABB7bY//TiMAbDA?= =?us-ascii?Q?/NuB2zrJYz8R6pm0pmNZRpvjC6qWOBdOIKY8N9iW7IbPEBW+RMtQhdJ1ofAO?= =?us-ascii?Q?TlnBt0r2USGA+LIP8tP80VW0WNKUbXWUlnYOMHoJ4A1ihojTh3oHwcAraFVq?= =?us-ascii?Q?XjbPriDh49foOas4WORz0Wq3U0D68fwZmd1Ceh+FBvKLhTo0YOxaKLVXQ+Pi?= =?us-ascii?Q?zq3Qrq/Uy26lI+0dUUu0UcpdqwJed9CCIUvqSqE/WzzUbwHg8RYS9UUN8y0F?= =?us-ascii?Q?s/nf3Y7t9QT8ZppCcy3NhZZ7mEzjyXPFNQKfHXzgbt8WTsk1jJKyH0o52NYd?= =?us-ascii?Q?juSy5iW5RWl6yRtUS03LLC7G7fd5SbsqB6VijEkwUQZlaBF+LORfpimKfWv1?= =?us-ascii?Q?xsfAtNjcgA+yOk4cTqobtUb1D+gSbVBxgZ1BL+tGAI2aHmMOO4rNPxoeKUDm?= =?us-ascii?Q?SPojM+7jWtPcSFSvbgRW83WjISfvdthJCYAo0F8HgqBpKDwKhjBibRZd0YP4?= =?us-ascii?Q?/2AYS8GUhlamTJcE3VhguUe/GTjBkZ5St0jiyeumfEI0R/NBQ1bpFXU83I73?= =?us-ascii?Q?ivSLtD4Agsa0OZ1/BfDpYJSWkvKEM/jFAyrHgk6tIuK3WHU9Ynqsy+fscFkK?= =?us-ascii?Q?j+GYh6kMW+X5jL+prnpQSLq4/yvoI1G5ZW9Fy3uM+2nrpqTr6ZS2UCGZs16e?= =?us-ascii?Q?/f+z0hirZRQmqR41Uz7F8W/iJhwRBNHAcT8eGvEu+5diJB8fuCOmYg38YMxi?= =?us-ascii?Q?r7GyCF+bYDvKkc3x93Q8GYgI7Q1+ICQwoK4mMYe5y9tCsI6XvBq5fVoaIG6D?= =?us-ascii?Q?Sere7EdyOd9UFZESJjzFfrhjgiXZN5vYl4S9LMJZJI0gLxxQwCqSQ1het0sq?= =?us-ascii?Q?SyVmSwybddRpYThzs7qxBXvMaYx3EXQ2E5JaD59LPlKypA=3D=3D?= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?18ATjSydpD2GmoJc/C5U9l0DzoaswNHK8RJh/hMg5isKrF7byT2JcvtKfqTZ?= =?us-ascii?Q?VhBaCZH5YbGPTkuBQzavECZVNIvKE8xlq8oEl71QzCjNJaJZP691JdDc2EdS?= =?us-ascii?Q?xocF9HuY59hhNyBF48d+GPbR3CE++TkRs9PO0fZS/OWLkNRF5I0A2oQmWEkY?= =?us-ascii?Q?oW1GYNXWpNFT5oj6gsHDxREbvsD6vjEjPddXLBgNzqJFLduKvZZd3lxs5lrC?= =?us-ascii?Q?0UG3wEklqeO4ncDO3aZcuonL03I1RK+ezGvlX8VshB5Rt5hL6BTVFYAS5iku?= =?us-ascii?Q?id3hgZ817qkpAkIYblfwn0gCcFnuPSktVo/DTKjyn5g7sBI4Dr1Iefhm6Bmn?= =?us-ascii?Q?g5DD2IJ0yZlqNvW/Xu0jddMLZN95yqcBWB65VmGwV4KsZm9uKFWuL7c3om7I?= =?us-ascii?Q?s37jyRHidIsIGrI5e8UU2zNTLGWdyVRk3JPBpNYCELuP/mo5N3Vae7cwmlYd?= =?us-ascii?Q?fqOosv45YWYhbOhnNvZo1+xDKxvTa3QTUnO9xfHQoARQi6j3Xo3vp7UTmF7s?= =?us-ascii?Q?ozUDjO+CpxRsTpjeln9iyPj8qx6gb7BYAsiPXSjr7Ha7G5l44h7PKJCf/zl7?= =?us-ascii?Q?s1jIe62ijJe+DKX8paExSBkqoZO13AmM/Os55RrM1RqF5MU2z2AF+TYsIVoz?= =?us-ascii?Q?q86539USE9xn7pzZhub8OEuxCSLrPUtWS2JpAerI7zBQ0lLx7U8Y4NHqJI6J?= =?us-ascii?Q?plFlco3EaUTQ5Un/usdqFniqsxIYqK77GXn4+cYK+xSp0LJ3CNn+G7Bm4/8R?= =?us-ascii?Q?/aHQoQacMpjW4vGCXv0HxKmowX1R3+y8TC4bKBc/+sZ9XZsol+jzz8Ck0YvX?= =?us-ascii?Q?qupIIFOecc6YnkJrH3OrEiE/Wf5eKrHh9xl37fjka16Yt7JHpQ5XYgcX2KIE?= =?us-ascii?Q?wkKSXkOHHCQ1j+GnOi7E+3IqJUhJXlK9hNrn7OYxqBm1mgESLZybZAvvEjTi?= =?us-ascii?Q?WjoRDFPElI7mnBlYrHGK8tBJGJ0tkZXK1qL+4DFbceXvLVBxFnlOKABkJ2tg?= =?us-ascii?Q?0hI9daVE6x/bW3OLCbuKHaOv228Fnf8CMqrOGs/O0bnPH0hMLhJuHERneIKv?= =?us-ascii?Q?ohHRxLMuMUIzFFWgFebKyqU0/s/1QSEJGj6t69fjCrjLsM3qRhKMGGQefZqF?= =?us-ascii?Q?VatD+6uyMKN8NbCMHbfYb51rTCjCdYGrBiSF+AmWNq4G9OZsHdXtepahq78E?= =?us-ascii?Q?aZm+5cE9VonttVysy6pUuzuDyY4mh+FNfX1IdfO7CEVD0z56dsli+j4POPjT?= =?us-ascii?Q?hiOHykVY6+xb9cB3aEUx7/JzcY8ocAwNkhN7lEV/DHacUgj8jajRr9ybrya+?= =?us-ascii?Q?g1gRrAT6A/kN9IG/XSsBvRrsChhJ9k58b0Teaza2DjfqRgCbi2QOHm9titiO?= =?us-ascii?Q?QyZMJTvazHoHEEZL1JxsaOFM9jjeYOxDoxFttE5atXU8rMGycBf8K4iFlpFA?= =?us-ascii?Q?+t3MX/wwUahJAa/xoOYWVlIKoaW2w7tvoE/19gcY/uhAjuDsgmrEW/8xw7pc?= =?us-ascii?Q?8CM5U+VSD2Jq+kICCohth/jrpHqtFjlIydXscftEKVV4EgtwipaXmaBKJrNX?= =?us-ascii?Q?3Cqb7WIzBFtN3ZHEX6hmWGryAndJYu1toNun8BZm+t/e9VHWjWZE0Z0JAgI6?= =?us-ascii?Q?0dgEz4XR6S13/UgWobjIqhxO8YhA9bA4LL8y9KQvbKh1?= MIME-Version: 1.0 X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR12MB7031.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 56bfa34c-d5c5-4be7-1d21-08dc63644b85 X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Apr 2024 07:09:19.4139 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: QXn+qQwCVltH6Q6DQeoFgjkwdS72HvmTa+bq2ofBXUDwaRB3tGvj82jeuGtVIiQGGHLwp8RJQpIKWjJA/+HhKw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY5PR12MB6406 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Tue, 23 Apr 2024 00:09:24 -0700 Resent-From: nicklew@nvidia.com Reply-To: devel@edk2.groups.io,nicklew@nvidia.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 0EbfMXKwl3wPCNWK4wD126uBx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b="4G/IeTz4"; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io Hi Igor, Abner, Thanks for your review. Please allow me to answer your questions together. > 1. We suppose acquire the credential before we start to communicate with = Redfish. Will Redfish credential driver create another bootstrap account he= re after provisioning? No, according to the RedfishPlatformCredentialIpmiLib implementation, Redfi= sh credential driver requests credential from BMC and will keep it for late= r use. So only one credential is requested for BIOS Redfish feature drivers= during POST time. > 2. And why do we delete the credential after provisioning? How about the = later Redfish property updating process? In this driver, we listen to "AfterProvisioning" event. And this is the eve= nt triggered after Redfish feature driver finish all jobs. There is no feat= ure driver which gets executed after this event. And since we finished all = Redfish operations, we remove this account on BMC. > Why do we need to delete those credentials? According to spec BMC should = delete the bootstrap credentials automatically on host or service reset. Yes, bootstrap credentials get deleted on host reset. In practice, server i= n datacenter usually takes long time running under OS before it gets reboot= ed. The bootstrap credentials are exposed to end user at "/redfish/v1/Accou= ntService/Accounts". I got report that there is concern for end user to see= this unused account.=20 So, I create this driver to allows us to remove bootstrap account at BMC af= ter we finish Redfish jobs. And this also release the BMC account resource = since this account won't be used for a long period of time. Regards, Nickle > -----Original Message----- > From: Igor Kulchytskyy > Sent: Monday, April 22, 2024 11:03 PM > To: Chang, Abner ; Nickle Wang > ; devel@edk2.groups.io > Cc: Nick Ramirez > Subject: RE: [EXTERNAL] RE: [edk2-redfish-client][PATCH] RedfishClientPkg= : > introduce RedfishBootstrapAccountDxe >=20 > External email: Use caution opening links or attachments >=20 >=20 > Hi Nickle and Abner, > I also have the same question as Abner. > Why do we need to delete those credentials? > According to spec BMC should delete the bootstrap credentials automatical= ly on > host or service reset. > Thank you, > Igor >=20 > -----Original Message----- > From: Chang, Abner > Sent: Sunday, April 21, 2024 10:25 PM > To: Nickle Wang ; devel@edk2.groups.io > Cc: Igor Kulchytskyy ; Nick Ramirez > Subject: [EXTERNAL] RE: [edk2-redfish-client][PATCH] RedfishClientPkg: > introduce RedfishBootstrapAccountDxe >=20 >=20 > **CAUTION: The e-mail below is from an external source. Please exercise > caution before opening attachments, clicking links, or following guidance= .** >=20 > [AMD Official Use Only - General] >=20 > Hi Nickle, > One comment and few questions, >=20 > > -----Original Message----- > > From: Nickle Wang > > Sent: Thursday, April 18, 2024 8:28 PM > > To: devel@edk2.groups.io > > Cc: Chang, Abner ; Igor Kulchytskyy > > ; Nick Ramirez > > Subject: [edk2-redfish-client][PATCH] RedfishClientPkg: introduce > > RedfishBootstrapAccountDxe > > > > Caution: This message originated from an External Source. Use proper > > caution when opening attachments, clicking links, or responding. > > > > > > -Introduce RedfishBootstrapAccountDxe to delete bootstrap account from > > /redfish/v1/AccountService/Accounts after BIOS finished all Redfish > > jobs. The bootstrap account won't be available to other application. > > So deleting bootstrap account helps to release resource at BMC. > > - After bootstrap account is deleted at BMC, the Redfish service > > instance is no longer usable. Close Redfish service instance to > > release the HTTP connection between BIOS and BMC. > > > > Signed-off-by: Nickle Wang > > Cc: Abner Chang > > Cc: Igor Kulchytskyy > > Cc: Nick Ramirez > > --- > > .../RedfishClientComponents.dsc.inc | 1 + > > .../RedfishBootstrapAccountDxe.inf | 53 +++ > > .../RedfishBootstrapAccountDxe.h | 58 ++++ > > .../RedfishBootstrapAccountDxe.c | 328 ++++++++++++++++++ > > RedfishClientPkg/RedfishClient.fdf.inc | 1 + > > 5 files changed, 441 insertions(+) > > create mode 100644 > > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe > > .inf > > create mode 100644 > > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe > > .h > > create mode 100644 > > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe > > .c > > > > diff --git a/RedfishClientPkg/RedfishClientComponents.dsc.inc > > b/RedfishClientPkg/RedfishClientComponents.dsc.inc > > index 42fc0c299..fe5248b62 100644 > > --- a/RedfishClientPkg/RedfishClientComponents.dsc.inc > > +++ b/RedfishClientPkg/RedfishClientComponents.dsc.inc > > @@ -20,6 +20,7 @@ > > RedfishClientPkg/HiiToRedfishMemoryDxe/HiiToRedfishMemoryDxe.inf > > RedfishClientPkg/HiiToRedfishBootDxe/HiiToRedfishBootDxe.inf > > RedfishClientPkg/HiiToRedfishBiosDxe/HiiToRedfishBiosDxe.inf > > + > > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe > > .inf > > !endif > > # > > # Below two modules should be pulled in by build tool. > > diff --git > > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD > > xe.in > > f > > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD > > xe.in > > f > > new file mode 100644 > > index 000000000..4073e95f4 > > --- /dev/null > > +++ > > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD > > xe.in > > f > > @@ -0,0 +1,53 @@ > > +## @file > > +# This driver deletes bootstrap account in BMC after BIOS Redfish > > +finished # all jobs # # (C) Copyright 2021 Hewlett Packard > > +Enterprise Development LP
# Copyright (c) 2023, NVIDIA > > +CORPORATION & AFFILIATES. All rights reserved. >=20 >=20 > Not sure if you want to update the copyright to 2024. >=20 >=20 > > +# > > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ## > > + > > +[Defines] > > + INF_VERSION =3D 0x0001000b > > + BASE_NAME =3D RedfishBootstrapAccountDxe > > + FILE_GUID =3D 87555253-2F7E-45FC-B469-FD35B2E51210 > > + MODULE_TYPE =3D DXE_DRIVER > > + VERSION_STRING =3D 1.0 > > + ENTRY_POINT =3D RedfishBootstrapAccountEntryPoint > > + UNLOAD_IMAGE =3D RedfishBootstrapAccountUnload > > + > > +[Packages] > > + MdePkg/MdePkg.dec > > + MdeModulePkg/MdeModulePkg.dec > > + RedfishPkg/RedfishPkg.dec > > + RedfishClientPkg/RedfishClientPkg.dec > > + > > +[Sources] > > + RedfishBootstrapAccountDxe.h > > + RedfishBootstrapAccountDxe.c > > + > > +[LibraryClasses] > > + BaseLib > > + BaseMemoryLib > > + DebugLib > > + MemoryAllocationLib > > + PrintLib > > + RedfishEventLib > > + RedfishFeatureUtilityLib > > + RedfishDebugLib > > + RedfishVersionLib > > + RedfishHttpLib > > + UefiLib > > + UefiBootServicesTableLib > > + UefiRuntimeServicesTableLib > > + UefiDriverEntryPoint > > + > > +[Protocols] > > + gEdkIIRedfishConfigHandlerProtocolGuid ## CONSUMES ## > > + gEdkIIRedfishCredentialProtocolGuid ## CONSUMES ## > > + gEfiRestExProtocolGuid ## CONSUMES ## > > + > > +[Depex] > > + gEdkIIRedfishCredentialProtocolGuid > > diff --git > > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD > > xe.h > > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD > > xe.h > > new file mode 100644 > > index 000000000..5262f1e6b > > --- /dev/null > > +++ > > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD > > xe.h > > @@ -0,0 +1,58 @@ > > +/** @file > > + Common header file for RedfishBootstrapAccountDxe driver. > > + > > + (C) Copyright 2021-2022 Hewlett Packard Enterprise Development > > + LP
Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All righ= ts > reserved. > > + > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > + > > +**/ > > + > > +#ifndef REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_ #define > > +REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_ > > + > > +#include > > +#include > > + > > +// > > +// Libraries > > +// > > +#include > > +#include > > +#include > > + > > +#include #include > > + #include #include > > + > > +#include > > +#include #include > > + #include > > + > > +#include #include > > + #include > > + > > +#include > > +#include > > +#include > > + > > +#define REDFISH_BOOTSTRAP_ACCOUNT_DEBUG DEBUG_VERBOSE > > +#define REDFISH_MANAGER_ACCOUNT_COLLECTION_URI > > L"AccountService/Accounts" > > +#define REDFISH_URI_LENGTH 128 > > + > > +// > > +// Definitions of REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE // typedef struct > > +{ > > + EFI_HANDLE ImageHandle; > > + EFI_HANDLE RestExHandle; > > + REDFISH_SERVICE RedfishService; > > + EFI_EVENT RedfishEvent; > > + EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL Protocol; > > +} REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE; > > + > > +#define REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL(This) \ > > + BASE_CR ((This), REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE, > > +Protocol) > > + > > +#endif > > diff --git > > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD > > xe.c > > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD > > xe.c > > new file mode 100644 > > index 000000000..6fe4856f8 > > --- /dev/null > > +++ > > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD > > xe.c > > @@ -0,0 +1,328 @@ > > +/** @file > > + This driver deletes bootstrap account in BMC after BIOS Redfish > > +finished > > + all jobs. > > + > > + (C) Copyright 2021-2022 Hewlett Packard Enterprise Development > > + LP
Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All righ= ts > reserved. > > + > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > + > > +**/ > > + > > +#include "RedfishBootstrapAccountDxe.h" > > + > > +REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *mBootstrapPrivate =3D NULL; > > + > > +/** > > + Close Redfish service instance by calling RestEx protocol to release= instance. > > + > > + @param[in] RestExHandle Handle of RestEx protocol. > > + > > + @retval EFI_SUCCESS The Redfish service is closed successf= ully. > > + @retval EFI_INVALID_PARAMETER RestExHandle is NULL. > > + @retval Others Error occurs. > > + > > +**/ > > +EFI_STATUS > > +CloseRedfishService ( > > + IN EFI_HANDLE RestExHandle > > + ) > > +{ > > + EFI_REST_EX_PROTOCOL *RestEx; > > + EFI_STATUS Status; > > + > > + if (RestExHandle =3D=3D NULL) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + Status =3D gBS->HandleProtocol ( > > + RestExHandle, > > + &gEfiRestExProtocolGuid, > > + (VOID **)&RestEx > > + ); > > + if (!EFI_ERROR (Status)) { > > + Status =3D RestEx->Configure (RestEx, NULL); > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: release RestEx > > instance: %r\n", __func__, Status)); > > + } > > + > > + return Status; > > +} > > + > > +/** > > + Callback function executed when the AfterProvisioning event group > > +is > > signaled. > > + > > + @param[in] Event Event whose notification function is being inv= oked. > > + @param[out] Context Pointer to the Context buffer > > + > > +**/ > > +VOID > > +EFIAPI > > +RedfishBootstrapAccountOnRedfishAfterProvisioning ( > > + IN EFI_EVENT Event, > > + OUT VOID *Context > > + ) > > +{ > > + EFI_STATUS Status; > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private; > > + EDKII_REDFISH_CREDENTIAL_PROTOCOL *credentialProtocol; > > + EDKII_REDFISH_AUTH_METHOD AuthMethod; > > + CHAR8 *AccountName; > > + CHAR8 *AccountCredential; > > + CHAR16 TargetUri[REDFISH_URI_LENGTH]; > > + CHAR16 *RedfishVersion; > > + REDFISH_RESPONSE RedfishResponse; > > + > > + RedfishVersion =3D NULL; > > + > > + Private =3D (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *)Context; if > > + ((Private =3D=3D NULL) || (Private->RedfishService =3D=3D NULL)) { > > + DEBUG ((DEBUG_ERROR, "%a: Redfish service is not available\n", > > __func__)); > > + return; > > + } > > + > > + // > > + // Locate Redfish Credential Protocol to get credential for // > > + accessing to Redfish service. > > + // > > + Status =3D gBS->LocateProtocol ( > > + &gEdkIIRedfishCredentialProtocolGuid, > > + NULL, > > + (VOID **)&credentialProtocol > > + ); > > + if (EFI_ERROR (Status)) { > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: No Redfish > > Credential Protocol is installed on system.", __func__)); > > + return; > > + } > > + > > + Status =3D credentialProtocol->GetAuthInfo ( > > + credentialProtocol, > > + &AuthMethod, > > + &AccountName, > > + &AccountCredential > > + ); >=20 > HI Nickle, I am not quite understand why do we acquire a credential here = but > delete it from the Redfish account service here after provision. > 1. We suppose acquire the credential before we start to communicate with > Redfish. Will Redfish credential driver create another bootstrap account = here > after provisioning? > 2. And why do we delete the credential after provisioning? How about the = later > Redfish property updating process? > Or do I misunderstand the code logic? >=20 > Regards, > Abner >=20 > > + if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: can not get bootstrap account informatio= n: > > %r\n", __func__, Status)); > > + return; > > + } > > + > > + // > > + // Carving the URI > > + // > > + RedfishVersion =3D RedfishGetVersion (Private->RedfishService); if > > + (RedfishVersion =3D=3D NULL) { > > + DEBUG ((DEBUG_ERROR, "%a: can not get Redfish version\n", __func__= )); > > + return; > > + } > > + > > + UnicodeSPrint (TargetUri, (sizeof (CHAR16) * REDFISH_URI_LENGTH), > > L"%s%s/%a", RedfishVersion, > REDFISH_MANAGER_ACCOUNT_COLLECTION_URI, > > AccountName); > > + > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap account: > > %a\n", __func__, AccountName)); > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap > > credential: %a\n", __func__, AccountCredential)); > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap URI: > > %s\n", __func__, TargetUri)); > > + > > + // > > + // Remove bootstrap account at /redfish/v1/AccountService/Account > > + // > > + ZeroMem (&RedfishResponse, sizeof (REDFISH_RESPONSE)); Status =3D > > + RedfishHttpDeleteResource ( > > + Private->RedfishService, > > + TargetUri, > > + &RedfishResponse > > + ); > > + if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: can not remove bootstrap account at BMC: > > %r", __func__, Status)); > > + DumpRedfishResponse (__func__, DEBUG_ERROR, &RedfishResponse); } > > + else { > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: bootstrap > account: > > %a is removed from: %s\n", __func__, AccountName, > > REDFISH_MANAGER_ACCOUNT_COLLECTION_URI)); > > + } > > + > > + // > > + // Clean credential > > + // > > + ZeroMem (AccountName, AsciiStrSize (AccountName)); ZeroMem > > + (AccountCredential, AsciiStrSize (AccountCredential)); > > + > > + // > > + // Since the bootstrap account is deleted at BMC, the Redfish > > + service instance > > is no longer usable. > > + // Close Redfish service instance to release the HTTP connection > > + between > > BIOS and BMC. > > + // > > + Status =3D CloseRedfishService (Private->RestExHandle); if > > + (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: cannot close Redfish service instance: > > + %r\n", > > __func__, Status)); > > + } > > + > > + RedfishHttpFreeResponse (&RedfishResponse); > > + > > + return; > > +} > > + > > +/** > > + Initialize a Redfish configure handler. > > + > > + This function will be called by the Redfish config driver to > > + initialize each > > Redfish configure > > + handler. > > + > > + @param[in] This Pointer to > > EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance. > > + @param[in] RedfishConfigServiceInfo Redfish service informaiton. > > + > > + @retval EFI_SUCCESS The handler has been initialize= d successfully. > > + @retval EFI_DEVICE_ERROR Failed to create or configure t= he REST EX > > protocol instance. > > + @retval EFI_ALREADY_STARTED This handler has already been > > initialized. > > + @retval Other Error happens during the initia= lization. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +RedfishBootstrapAccountInit ( > > + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This, > > + IN REDFISH_CONFIG_SERVICE_INFORMATION *RedfishConfigServiceInfo > > + ) > > +{ > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private; > > + > > + Private =3D REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL > > (This); > > + > > + Private->RedfishService =3D RedfishCreateService > > + (RedfishConfigServiceInfo); if (Private->RedfishService =3D=3D NULL)= { > > + return EFI_DEVICE_ERROR; > > + } > > + > > + Private->RestExHandle =3D RedfishConfigServiceInfo- > > >RedfishServiceRestExHandle; > > + > > + return EFI_SUCCESS; > > +} > > + > > +/** > > + Stop a Redfish configure handler. > > + > > + @param[in] This Pointer to > > EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance. > > + > > + @retval EFI_SUCCESS This handler has been stoped succes= sfully. > > + @retval Others Some error happened. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +RedfishBootstrapAccountStop ( > > + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This > > + ) > > +{ > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private; > > + > > + Private =3D REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL > > (This); > > + > > + if (Private->RedfishService !=3D NULL) { > > + RedfishCleanupService (Private->RedfishService); > > + Private->RedfishService =3D NULL; > > + } > > + > > + return EFI_SUCCESS; > > +} > > + > > +EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL mRedfishConfigHandler =3D { > > + RedfishBootstrapAccountInit, > > + RedfishBootstrapAccountStop > > +}; > > + > > +/** > > + Unloads an image. > > + > > + @param[in] ImageHandle Handle that identifies the image t= o be > > unloaded. > > + > > + @retval EFI_SUCCESS The image has been unloaded. > > + @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handl= e. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +RedfishBootstrapAccountUnload ( > > + IN EFI_HANDLE ImageHandle > > + ) > > +{ > > + EFI_STATUS Status; > > + > > + if (mBootstrapPrivate =3D=3D NULL) { > > + return EFI_SUCCESS; > > + } > > + > > + if (mBootstrapPrivate->RedfishEvent !=3D NULL) { > > + gBS->CloseEvent (mBootstrapPrivate->RedfishEvent); > > + } > > + > > + Status =3D gBS->UninstallProtocolInterface ( > > + mBootstrapPrivate->ImageHandle, > > + &gEdkIIRedfishConfigHandlerProtocolGuid, > > + (VOID *)&mBootstrapPrivate->Protocol > > + ); > > + if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: can not uninstall Redfish config > > + handler > > protocol: %r\n", __func__, Status)); > > + } > > + > > + FreePool (mBootstrapPrivate); > > + mBootstrapPrivate =3D NULL; > > + > > + return EFI_SUCCESS; > > +} > > + > > +/** > > + This is the declaration of an EFI image entry point. This entry > > +point is > > + the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers > > +including > > + both device drivers and bus drivers. > > + > > + @param[in] ImageHandle The firmware allocated handle for the = UEFI > > image. > > + @param[in] SystemTable A pointer to the EFI System Table. > > + > > + @retval EFI_SUCCESS The operation completed successfully. > > + @retval Others An unexpected error occurred. > > +**/ > > +EFI_STATUS > > +EFIAPI > > +RedfishBootstrapAccountEntryPoint ( > > + IN EFI_HANDLE ImageHandle, > > + IN EFI_SYSTEM_TABLE *SystemTable > > + ) > > +{ > > + EFI_STATUS Status; > > + > > + if (mBootstrapPrivate !=3D NULL) { > > + return EFI_ALREADY_STARTED; > > + } > > + > > + mBootstrapPrivate =3D AllocateZeroPool (sizeof > > (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE)); > > + if (mBootstrapPrivate =3D=3D NULL) { > > + return EFI_OUT_OF_RESOURCES; > > + } > > + > > + CopyMem (&mBootstrapPrivate->Protocol, &mRedfishConfigHandler, > > + sizeof > > (EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL)); > > + Status =3D gBS->InstallProtocolInterface ( > > + &ImageHandle, > > + &gEdkIIRedfishConfigHandlerProtocolGuid, > > + EFI_NATIVE_INTERFACE, > > + &mBootstrapPrivate->Protocol > > + ); > > + if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: can not install Redfish config handler > > protocol: %r\n", __func__, Status)); > > + goto ON_ERROR; > > + } > > + > > + // > > + // Register after provisioning event to remove bootstrap account. > > + // > > + Status =3D CreateAfterProvisioningEvent ( > > + RedfishBootstrapAccountOnRedfishAfterProvisioning, > > + (VOID *)mBootstrapPrivate, > > + &mBootstrapPrivate->RedfishEvent > > + ); > > + if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: failed to register after-provisioning ev= ent: > > %r\n", __func__, Status)); > > + goto ON_ERROR; > > + } > > + > > + return EFI_SUCCESS; > > + > > +ON_ERROR: > > + > > + RedfishBootstrapAccountUnload (ImageHandle); > > + > > + return Status; > > +} > > diff --git a/RedfishClientPkg/RedfishClient.fdf.inc > > b/RedfishClientPkg/RedfishClient.fdf.inc > > index 154f641b2..47e5093f2 100644 > > --- a/RedfishClientPkg/RedfishClient.fdf.inc > > +++ b/RedfishClientPkg/RedfishClient.fdf.inc > > @@ -15,6 +15,7 @@ > > INF RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.inf > > INF RedfishClientPkg/RedfishETagDxe/RedfishETagDxe.inf > > INF > > RedfishClientPkg/RedfishConfigLangMapDxe/RedfishConfigLangMapDxe.inf > > + INF > > > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountDxe.in= f > > INF RedfishClientPkg/Features/Memory/V1_7_1/Dxe/MemoryDxe.inf > > INF > > RedfishClientPkg/Features/MemoryCollectionDxe/MemoryCollectionDxe.inf > > INF > > > RedfishClientPkg/Features/ComputerSystem/v1_5_0/Dxe/ComputerSystemDxe. > > i > > nf > > -- > > 2.34.1 >=20 > -The information contained in this message may be confidential and propri= etary > to American Megatrends (AMI). This communication is intended to be read o= nly by > the individual or entity to whom it is addressed or by their designee. If= the reader > of this message is not the intended recipient, you are on notice that any > distribution of this message, in any form, is strictly prohibited. Please= promptly > notify the sender by reply e-mail or by telephone at 770-246-8600, and th= en > delete or destroy all copies of the transmission. -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118127): https://edk2.groups.io/g/devel/message/118127 Mute This Topic: https://groups.io/mt/105596648/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-