* [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation @ 2022-10-20 2:54 Nickle Wang 2022-10-22 7:01 ` Chang, Abner 0 siblings, 1 reply; 15+ messages in thread From: Nickle Wang @ 2022-10-20 2:54 UTC (permalink / raw) To: devel; +Cc: Abner Chang, Nick Ramirez This library follows Redfish Host Interface specification and use IPMI command to get bootstrap account credential(NetFn 2Ch, Command 02h) from BMC. RedfishHostInterfaceDxe will use this credential for the following communication between BIOS and BMC. Cc: Abner Chang <abner.chang@amd.com> Cc: Nick Ramirez <nramirez@nvidia.com> Signed-off-by: Nickle Wang <nicklew@nvidia.com> --- .../RedfishPlatformCredentialLib.c | 273 ++++++++++++++++++ .../RedfishPlatformCredentialLib.h | 75 +++++ .../RedfishPlatformCredentialLib.inf | 37 +++ 3 files changed, 385 insertions(+) create mode 100644 RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.c create mode 100644 RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.h create mode 100644 RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.inf diff --git a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.c b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.c new file mode 100644 index 0000000000..23a15ab1fa --- /dev/null +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.c @@ -0,0 +1,273 @@ +/** @file +* +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights reserved. +* +* SPDX-License-Identifier: BSD-2-Clause-Patent +* +**/ + +#include "RedfishPlatformCredentialLib.h" + +// +// Global flag of controlling credential service +// +BOOLEAN mRedfishServiceStopped = FALSE; + +/** + Notify the Redfish service provide to stop provide configuration service to this platform. + + This function should be called when the platfrom is about to leave the safe environment. + It will notify the Redfish service provider to abort all logined session, and prohibit + further login with original auth info. GetAuthInfo() will return EFI_UNSUPPORTED once this + function is returned. + + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. + @param[in] ServiceStopType Reason of stopping Redfish service. + + @retval EFI_SUCCESS Service has been stoped successfully. + @retval EFI_INVALID_PARAMETER This is NULL. + @retval Others Some error happened. + +**/ +EFI_STATUS +EFIAPI +LibStopRedfishService ( + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType + ) +{ + EFI_STATUS Status; + + if ((ServiceStopType <= ServiceStopTypeNone) || (ServiceStopType >= ServiceStopTypeMax)) { + return EFI_INVALID_PARAMETER; + } + + // + // Raise flag first + // + mRedfishServiceStopped = TRUE; + + // + // Notify BMC to disable credential bootstrapping support. + // + Status = GetBootstrapAccountCredentials (TRUE, NULL, NULL); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a: fail to disable bootstrap credential: %r\n", __FUNCTION__, Status)); + return Status; + } + + return EFI_SUCCESS; +} + +/** + Notification of Exit Boot Service. + + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. +**/ +VOID +EFIAPI +LibCredentialExitBootServicesNotify ( + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This + ) +{ + // + // Stop the credential support when system is about to enter OS. + // + LibStopRedfishService (This, ServiceStopTypeExitBootService); +} + +/** + Notification of End of DXe. + + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. +**/ +VOID +EFIAPI +LibCredentialEndOfDxeNotify ( + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This + ) +{ + // + // Do nothing now. + // We can stop credential support when system reach end-of-dxe for security reason. + // +} + +/** + Function to retrieve temporary use credentials for the UEFI redfish client + + @param[in] DisableBootstrapControl + TRUE - Tell the BMC to disable the bootstrap credential + service to ensure no one else gains credentials + FALSE Allow the bootstrap credential service to continue + @param[out] BootstrapUsername + A pointer to a UTF-8 encoded string for the credential username + When DisableBootstrapControl is TRUE, this pointer can be NULL + + @param[out] BootstrapPassword + A pointer to a UTF-8 encoded string for the credential password + When DisableBootstrapControl is TRUE, this pointer can be NULL + + @retval EFI_SUCCESS Credentials were successfully fetched and returned + @retval EFI_INVALID_PARAMETER BootstrapUsername or BootstrapPassword is NULL when DisableBootstrapControl + is set to FALSE + @retval EFI_DEVICE_ERROR An IPMI failure occurred +**/ +EFI_STATUS +GetBootstrapAccountCredentials ( + IN BOOLEAN DisableBootstrapControl, + IN OUT CHAR8 *BootstrapUsername, OPTIONAL + IN OUT CHAR8 *BootstrapPassword OPTIONAL + ) +{ + EFI_STATUS Status; + IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA CommandData; + IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE ResponseData; + UINT32 ResponseSize; + + if (!PcdGetBool (PcdIpmiFeatureEnable)) { + DEBUG ((DEBUG_ERROR, "%a: IPMI is not enabled! Unable to fetch Redfish credentials\n", __FUNCTION__)); + return EFI_UNSUPPORTED; + } + + // + // NULL buffer check + // + if (!DisableBootstrapControl && ((BootstrapUsername == NULL) || (BootstrapPassword == NULL))) { + return EFI_INVALID_PARAMETER; + } + + DEBUG ((DEBUG_VERBOSE, "%a: Disable bootstrap control: 0x%x\n", __FUNCTION__, DisableBootstrapControl)); + + // + // IPMI callout to NetFn 2C, command 02 + // Request data: + // Byte 1: REDFISH_IPMI_GROUP_EXTENSION + // Byte 2: DisableBootstrapControl + // + CommandData.GroupExtensionId = REDFISH_IPMI_GROUP_EXTENSION; + CommandData.DisableBootstrapControl = (DisableBootstrapControl ? REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE : REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE); + + ResponseSize = sizeof (ResponseData); + + // + // Response data: + // Byte 1 : Completion code + // Byte 2 : REDFISH_IPMI_GROUP_EXTENSION + // Byte 3-18 : Username + // Byte 19-34: Password + // + Status = IpmiSubmitCommand ( + IPMI_NETFN_GROUP_EXT, + REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD, + (UINT8 *)&CommandData, + sizeof (CommandData), + (UINT8 *)&ResponseData, + &ResponseSize + ); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a: IPMI transaction failure. Returning\n", __FUNCTION__)); + ASSERT_EFI_ERROR (Status); + return Status; + } else { + if (ResponseData.CompletionCode != IPMI_COMP_CODE_NORMAL) { + if (ResponseData.CompletionCode == REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED) { + DEBUG ((DEBUG_ERROR, "%a: bootstrap credential support was disabled\n", __FUNCTION__)); + return EFI_ACCESS_DENIED; + } + + DEBUG ((DEBUG_ERROR, "%a: Completion code = 0x%x. Returning\n", __FUNCTION__, ResponseData.CompletionCode)); + return EFI_PROTOCOL_ERROR; + } else if (ResponseData.GroupExtensionId != REDFISH_IPMI_GROUP_EXTENSION) { + DEBUG ((DEBUG_ERROR, "%a: Group Extension Response = 0x%x. Returning\n", __FUNCTION__, ResponseData.GroupExtensionId)); + return EFI_DEVICE_ERROR; + } else { + if (BootstrapUsername != NULL) { + CopyMem (BootstrapUsername, ResponseData.Username, USERNAME_MAX_LENGTH); + // + // Manually append null-terminator in case 16 characters username returned. + // + BootstrapUsername[USERNAME_MAX_LENGTH] = '\0'; + } + + if (BootstrapPassword != NULL) { + CopyMem (BootstrapPassword, ResponseData.Password, PASSWORD_MAX_LENGTH); + // + // Manually append null-terminator in case 16 characters password returned. + // + BootstrapPassword[PASSWORD_MAX_LENGTH] = '\0'; + } + } + } + + return Status; +} + +/** + Retrieve platform's Redfish authentication information. + + This functions returns the Redfish authentication method together with the user Id and + password. + - For AuthMethodNone, the UserId and Password could be used for HTTP header authentication + as defined by RFC7235. + - For AuthMethodRedfishSession, the UserId and Password could be used for Redfish + session login as defined by Redfish API specification (DSP0266). + + Callers are responsible for and freeing the returned string storage. + + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. + @param[out] AuthMethod Type of Redfish authentication method. + @param[out] UserId The pointer to store the returned UserId string. + @param[out] Password The pointer to store the returned Password string. + + @retval EFI_SUCCESS Get the authentication information successfully. + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe. + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or Password is NULL. + @retval EFI_OUT_OF_RESOURCES There are not enough memory resources. + @retval EFI_UNSUPPORTED Unsupported authentication method is found. + +**/ +EFI_STATUS +EFIAPI +LibCredentialGetAuthInfo ( + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod, + OUT CHAR8 **UserId, + OUT CHAR8 **Password + ) +{ + EFI_STATUS Status; + + if ((AuthMethod == NULL) || (UserId == NULL) || (Password == NULL)) { + return EFI_INVALID_PARAMETER; + } + + *UserId = NULL; + *Password = NULL; + + if (mRedfishServiceStopped) { + DEBUG ((DEBUG_ERROR, "%a: credential service is stopped due to security reason\n", __FUNCTION__)); + return EFI_ACCESS_DENIED; + } + + *AuthMethod = AuthMethodHttpBasic; + + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); + if (*UserId == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + *Password = AllocateZeroPool (sizeof (CHAR8) * PASSWORD_MAX_SIZE); + if (*Password == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + Status = GetBootstrapAccountCredentials (FALSE, *UserId, *Password); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a: fail to get bootstrap credential: %r\n", __FUNCTION__, Status)); + return Status; + } + + return EFI_SUCCESS; +} diff --git a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.h b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.h new file mode 100644 index 0000000000..5b448e01be --- /dev/null +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.h @@ -0,0 +1,75 @@ +/** @file +* +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights reserved. +* +* SPDX-License-Identifier: BSD-2-Clause-Patent +* +**/ +#include <Uefi.h> +#include <IndustryStandard/Ipmi.h> +#include <Protocol/EdkIIRedfishCredential.h> +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/DebugLib.h> +#include <Library/IpmiBaseLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/RedfishCredentialLib.h> + +#define REDFISH_IPMI_GROUP_EXTENSION 0x52 +#define REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD 0x02 +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE 0xA5 +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE 0x00 +#define REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED 0x80 + +// +// Per Redfish Host Interface Specification 1.3, The maximum lenght of +// username and password is 16 characters long. +// +#define USERNAME_MAX_LENGTH 16 +#define PASSWORD_MAX_LENGTH 16 +#define USERNAME_MAX_SIZE (USERNAME_MAX_LENGTH + 1) // NULL terminator +#define PASSWORD_MAX_SIZE (PASSWORD_MAX_LENGTH + 1) // NULL terminator + +#pragma pack(1) +/// +/// The definition of IPMI command to get bootstrap account credentials +/// +typedef struct { + UINT8 GroupExtensionId; + UINT8 DisableBootstrapControl; +} IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA; + +/// +/// The response data of getting bootstrap credential +/// +typedef struct { + UINT8 CompletionCode; + UINT8 GroupExtensionId; + CHAR8 Username[USERNAME_MAX_LENGTH]; + CHAR8 Password[PASSWORD_MAX_LENGTH]; +} IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE; + +#pragma pack() + +/** + Function to retrieve temporary use credentials for the UEFI redfish client + + @param[in] DisableBootstrapControl + TRUE - Tell the BMC to disable the bootstrap credential + service to ensure no one else gains credentials + FALSE Allow the bootstrap credential service to continue + @param[out] BootstrapUsername + A pointer to a UTF-8 encoded string for the credential username + + @param[out] BootstrapPassword + A pointer to a UTF-8 encoded string for the credential password + + @retval EFI_SUCCESS Credentials were successfully fetched and returned + @retval EFI_DEVICE_ERROR An IPMI failure occurred +**/ +EFI_STATUS +GetBootstrapAccountCredentials ( + IN BOOLEAN DisableBootstrapControl, + IN OUT CHAR8 *BootstrapUsername, + IN OUT CHAR8 *BootstrapPassword + ); diff --git a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.inf b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.inf new file mode 100644 index 0000000000..a990d28363 --- /dev/null +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.inf @@ -0,0 +1,37 @@ +## @file +# +# Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights reserved. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x0001000b + BASE_NAME = RedfishPlatformCredentialLib + FILE_GUID = 9C45D622-4C66-417F-814C-F76246D97233 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = RedfishPlatformCredentialLib + +[Sources] + RedfishPlatformCredentialLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + RedfishPkg/RedfishPkg.dec + IpmiFeaturePkg/IpmiFeaturePkg.dec + +[LibraryClasses] + UefiLib + DebugLib + IpmiBaseLib + MemoryAllocationLib + BaseMemoryLib + +[Pcd] + gIpmiFeaturePkgTokenSpaceGuid.PcdIpmiFeatureEnable + +[Depex] + TRUE -- 2.17.1 ^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation 2022-10-20 2:54 [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation Nickle Wang @ 2022-10-22 7:01 ` Chang, Abner 2022-10-25 8:23 ` [edk2-devel] " Nickle Wang 0 siblings, 1 reply; 15+ messages in thread From: Chang, Abner @ 2022-10-22 7:01 UTC (permalink / raw) To: Nickle Wang, devel@edk2.groups.io; +Cc: Nick Ramirez, Igor Kulchytskyy [AMD Official Use Only - General] Hi Nickle, please add Igor as reviewer too. My comments is in below, > -----Original Message----- > From: Nickle Wang <nicklew@nvidia.com> > Sent: Thursday, October 20, 2022 10:55 AM > To: devel@edk2.groups.io > Cc: Chang, Abner <Abner.Chang@amd.com>; Nick Ramirez > <nramirez@nvidia.com> > Subject: [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI > implementation > > Caution: This message originated from an External Source. Use proper caution > when opening attachments, clicking links, or responding. > > > This library follows Redfish Host Interface specification and use IPMI command > to get bootstrap account credential(NetFn 2Ch, Command 02h) from BMC. > RedfishHostInterfaceDxe will use this credential for the following > communication between BIOS and BMC. > > Cc: Abner Chang <abner.chang@amd.com> > Cc: Nick Ramirez <nramirez@nvidia.com> > Signed-off-by: Nickle Wang <nicklew@nvidia.com> > --- > .../RedfishPlatformCredentialLib.c | 273 ++++++++++++++++++ > .../RedfishPlatformCredentialLib.h | 75 +++++ > .../RedfishPlatformCredentialLib.inf | 37 +++ [Chang, Abner] Could we name this library RedfishPlatformCredentialIpmi so the naming style is consistent with RedfishPlatformCredentialNull? > 3 files changed, 385 insertions(+) > create mode 100644 > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib. > c > create mode 100644 > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib. > h > create mode 100644 > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.i > nf > > diff --git > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLi > b.c > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLi > b.c > new file mode 100644 > index 0000000000..23a15ab1fa > --- /dev/null > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > +++ dentialLib.c > @@ -0,0 +1,273 @@ > +/** @file > +* > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights reserved. > +* > +* SPDX-License-Identifier: BSD-2-Clause-Patent [Chang, Abner] We can have "@par Revision Reference:" in the file header to point out the spec. https://www.dmtf.org/sites/default/files/standards/documents/DSP0270_1.3.0.pdf > +* > +**/ > + > +#include "RedfishPlatformCredentialLib.h" > + > +// > +// Global flag of controlling credential service // BOOLEAN > +mRedfishServiceStopped = FALSE; > + > +/** > + Notify the Redfish service provide to stop provide configuration service to this > platform. > + > + This function should be called when the platfrom is about to leave the safe > environment. > + It will notify the Redfish service provider to abort all logined > + session, and prohibit further login with original auth info. > + GetAuthInfo() will return EFI_UNSUPPORTED once this function is returned. > + > + @param[in] This Pointer to > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > + @param[in] ServiceStopType Reason of stopping Redfish service. > + > + @retval EFI_SUCCESS Service has been stoped successfully. > + @retval EFI_INVALID_PARAMETER This is NULL. > + @retval Others Some error happened. > + > +**/ > +EFI_STATUS > +EFIAPI > +LibStopRedfishService ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType > + ) > +{ > + EFI_STATUS Status; > + > + if ((ServiceStopType <= ServiceStopTypeNone) || (ServiceStopType >= > ServiceStopTypeMax)) { > + return EFI_INVALID_PARAMETER; > + } > + > + // > + // Raise flag first > + // > + mRedfishServiceStopped = TRUE; > + > + // > + // Notify BMC to disable credential bootstrapping support. > + // > + Status = GetBootstrapAccountCredentials (TRUE, NULL, NULL); if > + (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: fail to disable bootstrap credential: %r\n", > __FUNCTION__, Status)); > + return Status; > + } > + > + return EFI_SUCCESS; > +} > + > +/** > + Notification of Exit Boot Service. > + > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > +**/ > +VOID > +EFIAPI > +LibCredentialExitBootServicesNotify ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > + ) > +{ > + // > + // Stop the credential support when system is about to enter OS. > + // > + LibStopRedfishService (This, ServiceStopTypeExitBootService); } > + > +/** > + Notification of End of DXe. > + > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > +**/ > +VOID > +EFIAPI > +LibCredentialEndOfDxeNotify ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > + ) > +{ > + // > + // Do nothing now. > + // We can stop credential support when system reach end-of-dxe for security > reason. > + // > +} > + > +/** > + Function to retrieve temporary use credentials for the UEFI redfish > +client [Chang, Abner] We miss the functionality to disable bootstrap credential service in the function description. > + > + @param[in] DisableBootstrapControl > + TRUE - Tell the BMC to disable the bootstrap credential > + service to ensure no one else gains credentials > + FALSE Allow the bootstrap > + credential service to continue @param[out] BootstrapUsername > + A pointer to a UTF-8 encoded string for the credential > username > + When DisableBootstrapControl is > + TRUE, this pointer can be NULL > + > + @param[out] BootstrapPassword > + A pointer to a UTF-8 encoded string for the credential > password > + When DisableBootstrapControl is > + TRUE, this pointer can be NULL > + > + @retval EFI_SUCCESS Credentials were successfully fetched and > returned > + @retval EFI_INVALID_PARAMETER BootstrapUsername or > BootstrapPassword is NULL when DisableBootstrapControl > + is set to FALSE > + @retval EFI_DEVICE_ERROR An IPMI failure occurred [Chang, Abner] The return status should also include the status of disabling bootstrap credential. > +**/ > +EFI_STATUS > +GetBootstrapAccountCredentials ( > + IN BOOLEAN DisableBootstrapControl, > + IN OUT CHAR8 *BootstrapUsername, OPTIONAL > + IN OUT CHAR8 *BootstrapPassword OPTIONAL > + ) > +{ > + EFI_STATUS Status; > + IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA CommandData; > + IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE ResponseData; > + UINT32 ResponseSize; > + > + if (!PcdGetBool (PcdIpmiFeatureEnable)) { > + DEBUG ((DEBUG_ERROR, "%a: IPMI is not enabled! Unable to fetch Redfish > credentials\n", __FUNCTION__)); > + return EFI_UNSUPPORTED; > + } > + > + // > + // NULL buffer check > + // > + if (!DisableBootstrapControl && ((BootstrapUsername == NULL) || > (BootstrapPassword == NULL))) { > + return EFI_INVALID_PARAMETER; > + } > + > + DEBUG ((DEBUG_VERBOSE, "%a: Disable bootstrap control: 0x%x\n", > + __FUNCTION__, DisableBootstrapControl)); > + > + // > + // IPMI callout to NetFn 2C, command 02 > + // Request data: > + // Byte 1: REDFISH_IPMI_GROUP_EXTENSION > + // Byte 2: DisableBootstrapControl > + // > + CommandData.GroupExtensionId = REDFISH_IPMI_GROUP_EXTENSION; > + CommandData.DisableBootstrapControl = (DisableBootstrapControl ? > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE : > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE); > + > + ResponseSize = sizeof (ResponseData); > + > + // > + // Response data: > + // Byte 1 : Completion code > + // Byte 2 : REDFISH_IPMI_GROUP_EXTENSION > + // Byte 3-18 : Username > + // Byte 19-34: Password > + // > + Status = IpmiSubmitCommand ( > + IPMI_NETFN_GROUP_EXT, > + REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD, > + (UINT8 *)&CommandData, > + sizeof (CommandData), > + (UINT8 *)&ResponseData, > + &ResponseSize > + ); > + > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: IPMI transaction failure. Returning\n", > __FUNCTION__)); > + ASSERT_EFI_ERROR (Status); > + return Status; > + } else { > + if (ResponseData.CompletionCode != IPMI_COMP_CODE_NORMAL) { > + if (ResponseData.CompletionCode == > REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED) { > + DEBUG ((DEBUG_ERROR, "%a: bootstrap credential support was > disabled\n", __FUNCTION__)); > + return EFI_ACCESS_DENIED; > + } > + > + DEBUG ((DEBUG_ERROR, "%a: Completion code = 0x%x. Returning\n", > __FUNCTION__, ResponseData.CompletionCode)); > + return EFI_PROTOCOL_ERROR; > + } else if (ResponseData.GroupExtensionId != > REDFISH_IPMI_GROUP_EXTENSION) { > + DEBUG ((DEBUG_ERROR, "%a: Group Extension Response = 0x%x. > Returning\n", __FUNCTION__, ResponseData.GroupExtensionId)); > + return EFI_DEVICE_ERROR; > + } else { > + if (BootstrapUsername != NULL) { > + CopyMem (BootstrapUsername, ResponseData.Username, > USERNAME_MAX_LENGTH); > + // > + // Manually append null-terminator in case 16 characters username > returned. > + // > + BootstrapUsername[USERNAME_MAX_LENGTH] = '\0'; > + } > + > + if (BootstrapPassword != NULL) { > + CopyMem (BootstrapPassword, ResponseData.Password, > PASSWORD_MAX_LENGTH); > + // > + // Manually append null-terminator in case 16 characters password > returned. > + // > + BootstrapPassword[PASSWORD_MAX_LENGTH] = '\0'; > + } > + } > + } > + > + return Status; > +} > + > +/** > + Retrieve platform's Redfish authentication information. > + > + This functions returns the Redfish authentication method together > + with the user Id and password. > + - For AuthMethodNone, the UserId and Password could be used for HTTP > header authentication > + as defined by RFC7235. > + - For AuthMethodRedfishSession, the UserId and Password could be used for > Redfish > + session login as defined by Redfish API specification (DSP0266). > + > + Callers are responsible for and freeing the returned string storage. > + > + @param[in] This Pointer to > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > + @param[out] AuthMethod Type of Redfish authentication method. > + @param[out] UserId The pointer to store the returned UserId string. > + @param[out] Password The pointer to store the returned Password > string. > + > + @retval EFI_SUCCESS Get the authentication information successfully. > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe. > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or > Password is NULL. > + @retval EFI_OUT_OF_RESOURCES There are not enough memory resources. > + @retval EFI_UNSUPPORTED Unsupported authentication method is > found. > + > +**/ > +EFI_STATUS > +EFIAPI > +LibCredentialGetAuthInfo ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod, > + OUT CHAR8 **UserId, > + OUT CHAR8 **Password > + ) > +{ > + EFI_STATUS Status; > + > + if ((AuthMethod == NULL) || (UserId == NULL) || (Password == NULL)) { > + return EFI_INVALID_PARAMETER; > + } > + > + *UserId = NULL; > + *Password = NULL; > + > + if (mRedfishServiceStopped) { > + DEBUG ((DEBUG_ERROR, "%a: credential service is stopped due to security > reason\n", __FUNCTION__)); > + return EFI_ACCESS_DENIED; > + } > + > + *AuthMethod = AuthMethodHttpBasic; > + > + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); if [Chang, Abner] Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both BootUsername and BootstrapPassword? Because the maximum number of characters defined in the spec is USERNAME_MAX_LENGTH for the user/password. > + (*UserId == NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + *Password = AllocateZeroPool (sizeof (CHAR8) * PASSWORD_MAX_SIZE); > + if (*Password == NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + Status = GetBootstrapAccountCredentials (FALSE, *UserId, *Password); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: fail to get bootstrap credential: %r\n", > __FUNCTION__, Status)); > + return Status; > + } > + > + return EFI_SUCCESS; > +} > diff --git > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLi > b.h > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLi > b.h > new file mode 100644 > index 0000000000..5b448e01be > --- /dev/null > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > +++ dentialLib.h > @@ -0,0 +1,75 @@ > +/** @file > +* > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights reserved. > +* > +* SPDX-License-Identifier: BSD-2-Clause-Patent > +* > +**/ > +#include <Uefi.h> > +#include <IndustryStandard/Ipmi.h> > +#include <Protocol/EdkIIRedfishCredential.h> > +#include <Library/BaseLib.h> > +#include <Library/BaseMemoryLib.h> > +#include <Library/DebugLib.h> > +#include <Library/IpmiBaseLib.h> > +#include <Library/MemoryAllocationLib.h> #include > +<Library/RedfishCredentialLib.h> > + > +#define REDFISH_IPMI_GROUP_EXTENSION 0x52 > +#define REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD 0x02 > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE 0xA5 > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE 0x00 > +#define REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED > 0x80 > + > +// > +// Per Redfish Host Interface Specification 1.3, The maximum lenght of > +// username and password is 16 characters long. > +// > +#define USERNAME_MAX_LENGTH 16 > +#define PASSWORD_MAX_LENGTH 16 > +#define USERNAME_MAX_SIZE (USERNAME_MAX_LENGTH + 1) // NULL > terminator > +#define PASSWORD_MAX_SIZE (PASSWORD_MAX_LENGTH + 1) // NULL > terminator > + > +#pragma pack(1) > +/// > +/// The definition of IPMI command to get bootstrap account credentials > +/// typedef struct { > + UINT8 GroupExtensionId; > + UINT8 DisableBootstrapControl; > +} IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA; > + > +/// > +/// The response data of getting bootstrap credential /// typedef > +struct { > + UINT8 CompletionCode; > + UINT8 GroupExtensionId; > + CHAR8 Username[USERNAME_MAX_LENGTH]; > + CHAR8 Password[PASSWORD_MAX_LENGTH]; > +} IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE; > + > +#pragma pack() > + > +/** > + Function to retrieve temporary use credentials for the UEFI redfish > +client [Chang, Abner] We miss the functionality to disable bootstrap credential service in the function description. > + > + @param[in] DisableBootstrapControl > + TRUE - Tell the BMC to disable the bootstrap credential > + service to ensure no one else gains credentials > + FALSE Allow the bootstrap > + credential service to continue @param[out] BootstrapUsername > + A pointer to a UTF-8 encoded > + string for the credential username > + > + @param[out] BootstrapPassword > + A pointer to a UTF-8 encoded > + string for the credential password > + > + @retval EFI_SUCCESS Credentials were successfully fetched and > returned [Chang, Abner] Or the bootstrap credential service is disabled successfully, right? > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > +**/ > +EFI_STATUS > +GetBootstrapAccountCredentials ( > + IN BOOLEAN DisableBootstrapControl, > + IN OUT CHAR8 *BootstrapUsername, > + IN OUT CHAR8 *BootstrapPassword > + ); > diff --git > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLi > b.inf > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLi > b.inf > new file mode 100644 > index 0000000000..a990d28363 > --- /dev/null > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > +++ dentialLib.inf > @@ -0,0 +1,37 @@ > +## @file > +# > +# Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights reserved. > +# > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ## > + > +[Defines] > + INF_VERSION = 0x0001000b > + BASE_NAME = RedfishPlatformCredentialLib > + FILE_GUID = 9C45D622-4C66-417F-814C-F76246D97233 > + MODULE_TYPE = DXE_DRIVER > + VERSION_STRING = 1.0 > + LIBRARY_CLASS = RedfishPlatformCredentialLib > + > +[Sources] > + RedfishPlatformCredentialLib.c > + > +[Packages] > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + RedfishPkg/RedfishPkg.dec > + IpmiFeaturePkg/IpmiFeaturePkg.dec [Chang, Abner] Could you please add a comment to the reference of IpmiFeaturePkg? We have to give customers a notice that the dependence of "edk2-platforms/Features/Intel/OutOfBandManagement/". They have to add the path to PACKAGES_PATH. You also have to skip this dependence in the RedfishPkg.yaml to avoid the CI error. Another thing is I propose to move out IpmiFeaturePkg from edk2-platforms/Features/Intel/OutOfBandManagement to edk2-platforms/Features/ManageabilityPkg that also provides the implementation of PLDM/MCTP/IPMI/KCS. I had an initial talk with IpmiFeaturePkg owner and get the positive response on this proposal. I will kick off the discussion on the dev mailing list. That is to say this module may need a little bit change later, however that is good to me having this implementation now. Thanks Abner > + > +[LibraryClasses] > + UefiLib > + DebugLib > + IpmiBaseLib > + MemoryAllocationLib > + BaseMemoryLib > + > +[Pcd] > + gIpmiFeaturePkgTokenSpaceGuid.PcdIpmiFeatureEnable > + > +[Depex] > + TRUE > -- > 2.17.1 ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation 2022-10-22 7:01 ` Chang, Abner @ 2022-10-25 8:23 ` Nickle Wang 2022-10-26 15:26 ` Igor Kulchytskyy 0 siblings, 1 reply; 15+ messages in thread From: Nickle Wang @ 2022-10-25 8:23 UTC (permalink / raw) To: devel@edk2.groups.io, abner.chang@amd.com; +Cc: Nick Ramirez, Igor Kulchytskyy Thanks for your review comments, Abner! I will update new version patch later. The CI build error will be handled together. > please add Igor as reviewer too Sure! > + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); > + if [Chang, Abner] Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both BootUsername and BootstrapPassword? Because the maximum number of characters defined in the spec is USERNAME_MAX_LENGTH for the user/password. Yes, the additional one byte is for NULL terminator. USERNAME_MAX_LENGTH is defined as 16 and follow host interface specification. Regards, Nickle -----Original Message----- From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Chang, Abner via groups.io Sent: Saturday, October 22, 2022 3:01 PM To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io Cc: Nick Ramirez <nramirez@nvidia.com>; Igor Kulchytskyy <igork@ami.com> Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation External email: Use caution opening links or attachments [AMD Official Use Only - General] Hi Nickle, please add Igor as reviewer too. My comments is in below, > -----Original Message----- > From: Nickle Wang <nicklew@nvidia.com> > Sent: Thursday, October 20, 2022 10:55 AM > To: devel@edk2.groups.io > Cc: Chang, Abner <Abner.Chang@amd.com>; Nick Ramirez > <nramirez@nvidia.com> > Subject: [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI > implementation > > Caution: This message originated from an External Source. Use proper > caution when opening attachments, clicking links, or responding. > > > This library follows Redfish Host Interface specification and use IPMI > command to get bootstrap account credential(NetFn 2Ch, Command 02h) from BMC. > RedfishHostInterfaceDxe will use this credential for the following > communication between BIOS and BMC. > > Cc: Abner Chang <abner.chang@amd.com> > Cc: Nick Ramirez <nramirez@nvidia.com> > Signed-off-by: Nickle Wang <nicklew@nvidia.com> > --- > .../RedfishPlatformCredentialLib.c | 273 ++++++++++++++++++ > .../RedfishPlatformCredentialLib.h | 75 +++++ > .../RedfishPlatformCredentialLib.inf | 37 +++ [Chang, Abner] Could we name this library RedfishPlatformCredentialIpmi so the naming style is consistent with RedfishPlatformCredentialNull? > 3 files changed, 385 insertions(+) > create mode 100644 > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib. > c > create mode 100644 > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib. > h > create mode 100644 > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredent > ialLib.i > nf > > diff --git > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > ntialLi > b.c > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > ntialLi > b.c > new file mode 100644 > index 0000000000..23a15ab1fa > --- /dev/null > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformC > +++ re > +++ dentialLib.c > @@ -0,0 +1,273 @@ > +/** @file > +* > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights reserved. > +* > +* SPDX-License-Identifier: BSD-2-Clause-Patent [Chang, Abner] We can have "@par Revision Reference:" in the file header to point out the spec. https://www.dmtf.org/sites/default/files/standards/documents/DSP0270_1.3.0.pdf > +* > +**/ > + > +#include "RedfishPlatformCredentialLib.h" > + > +// > +// Global flag of controlling credential service // BOOLEAN > +mRedfishServiceStopped = FALSE; > + > +/** > + Notify the Redfish service provide to stop provide configuration > +service to this > platform. > + > + This function should be called when the platfrom is about to leave > + the safe > environment. > + It will notify the Redfish service provider to abort all logined > + session, and prohibit further login with original auth info. > + GetAuthInfo() will return EFI_UNSUPPORTED once this function is returned. > + > + @param[in] This Pointer to > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > + @param[in] ServiceStopType Reason of stopping Redfish service. > + > + @retval EFI_SUCCESS Service has been stoped successfully. > + @retval EFI_INVALID_PARAMETER This is NULL. > + @retval Others Some error happened. > + > +**/ > +EFI_STATUS > +EFIAPI > +LibStopRedfishService ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType > + ) > +{ > + EFI_STATUS Status; > + > + if ((ServiceStopType <= ServiceStopTypeNone) || (ServiceStopType >= > ServiceStopTypeMax)) { > + return EFI_INVALID_PARAMETER; > + } > + > + // > + // Raise flag first > + // > + mRedfishServiceStopped = TRUE; > + > + // > + // Notify BMC to disable credential bootstrapping support. > + // > + Status = GetBootstrapAccountCredentials (TRUE, NULL, NULL); if > + (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: fail to disable bootstrap credential: > + %r\n", > __FUNCTION__, Status)); > + return Status; > + } > + > + return EFI_SUCCESS; > +} > + > +/** > + Notification of Exit Boot Service. > + > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > +**/ > +VOID > +EFIAPI > +LibCredentialExitBootServicesNotify ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > + ) > +{ > + // > + // Stop the credential support when system is about to enter OS. > + // > + LibStopRedfishService (This, ServiceStopTypeExitBootService); } > + > +/** > + Notification of End of DXe. > + > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > +**/ > +VOID > +EFIAPI > +LibCredentialEndOfDxeNotify ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > + ) > +{ > + // > + // Do nothing now. > + // We can stop credential support when system reach end-of-dxe for > +security > reason. > + // > +} > + > +/** > + Function to retrieve temporary use credentials for the UEFI redfish > +client [Chang, Abner] We miss the functionality to disable bootstrap credential service in the function description. > + > + @param[in] DisableBootstrapControl > + TRUE - Tell the BMC to disable the bootstrap credential > + service to ensure no one else gains credentials > + FALSE Allow the bootstrap > + credential service to continue @param[out] BootstrapUsername > + A pointer to a UTF-8 encoded > + string for the credential > username > + When DisableBootstrapControl is > + TRUE, this pointer can be NULL > + > + @param[out] BootstrapPassword > + A pointer to a UTF-8 encoded > + string for the credential > password > + When DisableBootstrapControl is > + TRUE, this pointer can be NULL > + > + @retval EFI_SUCCESS Credentials were successfully fetched and > returned > + @retval EFI_INVALID_PARAMETER BootstrapUsername or > BootstrapPassword is NULL when DisableBootstrapControl > + is set to FALSE > + @retval EFI_DEVICE_ERROR An IPMI failure occurred [Chang, Abner] The return status should also include the status of disabling bootstrap credential. > +**/ > +EFI_STATUS > +GetBootstrapAccountCredentials ( > + IN BOOLEAN DisableBootstrapControl, > + IN OUT CHAR8 *BootstrapUsername, OPTIONAL > + IN OUT CHAR8 *BootstrapPassword OPTIONAL > + ) > +{ > + EFI_STATUS Status; > + IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA CommandData; > + IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE ResponseData; > + UINT32 ResponseSize; > + > + if (!PcdGetBool (PcdIpmiFeatureEnable)) { > + DEBUG ((DEBUG_ERROR, "%a: IPMI is not enabled! Unable to fetch > + Redfish > credentials\n", __FUNCTION__)); > + return EFI_UNSUPPORTED; > + } > + > + // > + // NULL buffer check > + // > + if (!DisableBootstrapControl && ((BootstrapUsername == NULL) || > (BootstrapPassword == NULL))) { > + return EFI_INVALID_PARAMETER; > + } > + > + DEBUG ((DEBUG_VERBOSE, "%a: Disable bootstrap control: 0x%x\n", > + __FUNCTION__, DisableBootstrapControl)); > + > + // > + // IPMI callout to NetFn 2C, command 02 > + // Request data: > + // Byte 1: REDFISH_IPMI_GROUP_EXTENSION > + // Byte 2: DisableBootstrapControl > + // > + CommandData.GroupExtensionId = REDFISH_IPMI_GROUP_EXTENSION; > + CommandData.DisableBootstrapControl = (DisableBootstrapControl ? > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE : > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE); > + > + ResponseSize = sizeof (ResponseData); > + > + // > + // Response data: > + // Byte 1 : Completion code > + // Byte 2 : REDFISH_IPMI_GROUP_EXTENSION > + // Byte 3-18 : Username > + // Byte 19-34: Password > + // > + Status = IpmiSubmitCommand ( > + IPMI_NETFN_GROUP_EXT, > + REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD, > + (UINT8 *)&CommandData, > + sizeof (CommandData), > + (UINT8 *)&ResponseData, > + &ResponseSize > + ); > + > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: IPMI transaction failure. Returning\n", > __FUNCTION__)); > + ASSERT_EFI_ERROR (Status); > + return Status; > + } else { > + if (ResponseData.CompletionCode != IPMI_COMP_CODE_NORMAL) { > + if (ResponseData.CompletionCode == > REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED) { > + DEBUG ((DEBUG_ERROR, "%a: bootstrap credential support was > disabled\n", __FUNCTION__)); > + return EFI_ACCESS_DENIED; > + } > + > + DEBUG ((DEBUG_ERROR, "%a: Completion code = 0x%x. Returning\n", > __FUNCTION__, ResponseData.CompletionCode)); > + return EFI_PROTOCOL_ERROR; > + } else if (ResponseData.GroupExtensionId != > REDFISH_IPMI_GROUP_EXTENSION) { > + DEBUG ((DEBUG_ERROR, "%a: Group Extension Response = 0x%x. > Returning\n", __FUNCTION__, ResponseData.GroupExtensionId)); > + return EFI_DEVICE_ERROR; > + } else { > + if (BootstrapUsername != NULL) { > + CopyMem (BootstrapUsername, ResponseData.Username, > USERNAME_MAX_LENGTH); > + // > + // Manually append null-terminator in case 16 characters > + username > returned. > + // > + BootstrapUsername[USERNAME_MAX_LENGTH] = '\0'; > + } > + > + if (BootstrapPassword != NULL) { > + CopyMem (BootstrapPassword, ResponseData.Password, > PASSWORD_MAX_LENGTH); > + // > + // Manually append null-terminator in case 16 characters > + password > returned. > + // > + BootstrapPassword[PASSWORD_MAX_LENGTH] = '\0'; > + } > + } > + } > + > + return Status; > +} > + > +/** > + Retrieve platform's Redfish authentication information. > + > + This functions returns the Redfish authentication method together > + with the user Id and password. > + - For AuthMethodNone, the UserId and Password could be used for > + HTTP > header authentication > + as defined by RFC7235. > + - For AuthMethodRedfishSession, the UserId and Password could be > + used for > Redfish > + session login as defined by Redfish API specification (DSP0266). > + > + Callers are responsible for and freeing the returned string storage. > + > + @param[in] This Pointer to > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > + @param[out] AuthMethod Type of Redfish authentication method. > + @param[out] UserId The pointer to store the returned UserId string. > + @param[out] Password The pointer to store the returned Password > string. > + > + @retval EFI_SUCCESS Get the authentication information successfully. > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe. > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or > Password is NULL. > + @retval EFI_OUT_OF_RESOURCES There are not enough memory resources. > + @retval EFI_UNSUPPORTED Unsupported authentication method is > found. > + > +**/ > +EFI_STATUS > +EFIAPI > +LibCredentialGetAuthInfo ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod, > + OUT CHAR8 **UserId, > + OUT CHAR8 **Password > + ) > +{ > + EFI_STATUS Status; > + > + if ((AuthMethod == NULL) || (UserId == NULL) || (Password == NULL)) { > + return EFI_INVALID_PARAMETER; > + } > + > + *UserId = NULL; > + *Password = NULL; > + > + if (mRedfishServiceStopped) { > + DEBUG ((DEBUG_ERROR, "%a: credential service is stopped due to > + security > reason\n", __FUNCTION__)); > + return EFI_ACCESS_DENIED; > + } > + > + *AuthMethod = AuthMethodHttpBasic; > + > + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); > + if [Chang, Abner] Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both BootUsername and BootstrapPassword? Because the maximum number of characters defined in the spec is USERNAME_MAX_LENGTH for the user/password. > + (*UserId == NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + *Password = AllocateZeroPool (sizeof (CHAR8) * PASSWORD_MAX_SIZE); > + if (*Password == NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + Status = GetBootstrapAccountCredentials (FALSE, *UserId, > + *Password); if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: fail to get bootstrap credential: > + %r\n", > __FUNCTION__, Status)); > + return Status; > + } > + > + return EFI_SUCCESS; > +} > diff --git > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > ntialLi > b.h > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > ntialLi > b.h > new file mode 100644 > index 0000000000..5b448e01be > --- /dev/null > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformC > +++ re > +++ dentialLib.h > @@ -0,0 +1,75 @@ > +/** @file > +* > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights reserved. > +* > +* SPDX-License-Identifier: BSD-2-Clause-Patent > +* > +**/ > +#include <Uefi.h> > +#include <IndustryStandard/Ipmi.h> > +#include <Protocol/EdkIIRedfishCredential.h> > +#include <Library/BaseLib.h> > +#include <Library/BaseMemoryLib.h> > +#include <Library/DebugLib.h> > +#include <Library/IpmiBaseLib.h> > +#include <Library/MemoryAllocationLib.h> #include > +<Library/RedfishCredentialLib.h> > + > +#define REDFISH_IPMI_GROUP_EXTENSION 0x52 > +#define REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD 0x02 > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE 0xA5 > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE 0x00 > +#define REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED > 0x80 > + > +// > +// Per Redfish Host Interface Specification 1.3, The maximum lenght > +of // username and password is 16 characters long. > +// > +#define USERNAME_MAX_LENGTH 16 > +#define PASSWORD_MAX_LENGTH 16 > +#define USERNAME_MAX_SIZE (USERNAME_MAX_LENGTH + 1) // NULL > terminator > +#define PASSWORD_MAX_SIZE (PASSWORD_MAX_LENGTH + 1) // NULL > terminator > + > +#pragma pack(1) > +/// > +/// The definition of IPMI command to get bootstrap account > +credentials /// typedef struct { > + UINT8 GroupExtensionId; > + UINT8 DisableBootstrapControl; > +} IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA; > + > +/// > +/// The response data of getting bootstrap credential /// typedef > +struct { > + UINT8 CompletionCode; > + UINT8 GroupExtensionId; > + CHAR8 Username[USERNAME_MAX_LENGTH]; > + CHAR8 Password[PASSWORD_MAX_LENGTH]; > +} IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE; > + > +#pragma pack() > + > +/** > + Function to retrieve temporary use credentials for the UEFI redfish > +client [Chang, Abner] We miss the functionality to disable bootstrap credential service in the function description. > + > + @param[in] DisableBootstrapControl > + TRUE - Tell the BMC to disable the bootstrap credential > + service to ensure no one else gains credentials > + FALSE Allow the bootstrap > + credential service to continue @param[out] BootstrapUsername > + A pointer to a UTF-8 encoded > + string for the credential username > + > + @param[out] BootstrapPassword > + A pointer to a UTF-8 encoded > + string for the credential password > + > + @retval EFI_SUCCESS Credentials were successfully fetched and > returned [Chang, Abner] Or the bootstrap credential service is disabled successfully, right? > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > +**/ > +EFI_STATUS > +GetBootstrapAccountCredentials ( > + IN BOOLEAN DisableBootstrapControl, > + IN OUT CHAR8 *BootstrapUsername, > + IN OUT CHAR8 *BootstrapPassword > + ); > diff --git > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > ntialLi > b.inf > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > ntialLi > b.inf > new file mode 100644 > index 0000000000..a990d28363 > --- /dev/null > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformC > +++ re > +++ dentialLib.inf > @@ -0,0 +1,37 @@ > +## @file > +# > +# Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights reserved. > +# > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ## > + > +[Defines] > + INF_VERSION = 0x0001000b > + BASE_NAME = RedfishPlatformCredentialLib > + FILE_GUID = 9C45D622-4C66-417F-814C-F76246D97233 > + MODULE_TYPE = DXE_DRIVER > + VERSION_STRING = 1.0 > + LIBRARY_CLASS = RedfishPlatformCredentialLib > + > +[Sources] > + RedfishPlatformCredentialLib.c > + > +[Packages] > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + RedfishPkg/RedfishPkg.dec > + IpmiFeaturePkg/IpmiFeaturePkg.dec [Chang, Abner] Could you please add a comment to the reference of IpmiFeaturePkg? We have to give customers a notice that the dependence of "edk2-platforms/Features/Intel/OutOfBandManagement/". They have to add the path to PACKAGES_PATH. You also have to skip this dependence in the RedfishPkg.yaml to avoid the CI error. Another thing is I propose to move out IpmiFeaturePkg from edk2-platforms/Features/Intel/OutOfBandManagement to edk2-platforms/Features/ManageabilityPkg that also provides the implementation of PLDM/MCTP/IPMI/KCS. I had an initial talk with IpmiFeaturePkg owner and get the positive response on this proposal. I will kick off the discussion on the dev mailing list. That is to say this module may need a little bit change later, however that is good to me having this implementation now. Thanks Abner > + > +[LibraryClasses] > + UefiLib > + DebugLib > + IpmiBaseLib > + MemoryAllocationLib > + BaseMemoryLib > + > +[Pcd] > + gIpmiFeaturePkgTokenSpaceGuid.PcdIpmiFeatureEnable > + > +[Depex] > + TRUE > -- > 2.17.1 ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation 2022-10-25 8:23 ` [edk2-devel] " Nickle Wang @ 2022-10-26 15:26 ` Igor Kulchytskyy 2022-10-27 13:25 ` Nickle Wang 0 siblings, 1 reply; 15+ messages in thread From: Igor Kulchytskyy @ 2022-10-26 15:26 UTC (permalink / raw) To: Nickle Wang, devel@edk2.groups.io, abner.chang@amd.com; +Cc: Nick Ramirez Hi Nickle, I would like to discuss that DisableBootstrapControl flag and how it is used in our implementation. According to Redfish HI specification we can use this flag to disable credential bootstrapping control. It can be disabled permanently or till next reboot of the host or service. That depend on the EnableAfterReset setting on BMC side: CredentialBootstrapping (v1.3+) { object The credential bootstrapping settings for this interface. EnableAfterReset (v1.3+) Boolean read-write (null) An indication of whether credential bootstrapping is enabled after a reset for this interface. Enabled (v1.3+) Boolean read-write (null) An indication of whether credential bootstrapping is enabled for this interface. RoleId (v1.3+) string read-write The role used for the bootstrap account created for this interface. } So, if EnableAfterReset set to false, that means BMC will response with 0x80 error and will not return any credentials after reboot. And BIOS BMC communication will fail. Another concern with disabling credential bootstrapping control is that we do it on Exit Boot event before passing a control to OS. But OS may also need to communicate to BMC through Redfish Host Interface to post some information. And it will be blocked by our IPMI call. We create that SMBIOS Type 42 table with Redfish Host Interface settings which can be used by OS to communicate with BMC. But without the credentials it will not be possible. Another question is AuthMethod parameter you initialize in this library: *AuthMethod = AuthMethodHttpBasic; According to Redfish HI specification 3 methods may be used - No Auth, Basic Auth and Session Auth. Basic Auth and Session Auth methods are required the credentials to be used by BIOS. And both of them should be supported by BMC. And your high level function RedfishCreateLibredfishService also supports of creation Basic or Session Auth service. I'm not sure why low level library which is created to get credentials from BMC should decide what Authentication method should be used? Should it be configured with some PCD? Maybe user may select in Setup what method should be used? Or it could be build time configuration? Thank you, Igor -----Original Message----- From: Nickle Wang <nicklew@nvidia.com> Sent: Tuesday, October 25, 2022 4:24 AM To: devel@edk2.groups.io; abner.chang@amd.com Cc: Nick Ramirez <nramirez@nvidia.com>; Igor Kulchytskyy <igork@ami.com> Subject: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation **CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.** Thanks for your review comments, Abner! I will update new version patch later. The CI build error will be handled together. > please add Igor as reviewer too Sure! > + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); if [Chang, Abner] Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both BootUsername and BootstrapPassword? Because the maximum number of characters defined in the spec is USERNAME_MAX_LENGTH for the user/password. Yes, the additional one byte is for NULL terminator. USERNAME_MAX_LENGTH is defined as 16 and follow host interface specification. Regards, Nickle -----Original Message----- From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Chang, Abner via groups.io Sent: Saturday, October 22, 2022 3:01 PM To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io Cc: Nick Ramirez <nramirez@nvidia.com>; Igor Kulchytskyy <igork@ami.com> Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation External email: Use caution opening links or attachments [AMD Official Use Only - General] Hi Nickle, please add Igor as reviewer too. My comments is in below, > -----Original Message----- > From: Nickle Wang <nicklew@nvidia.com> > Sent: Thursday, October 20, 2022 10:55 AM > To: devel@edk2.groups.io > Cc: Chang, Abner <Abner.Chang@amd.com>; Nick Ramirez > <nramirez@nvidia.com> > Subject: [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI > implementation > > Caution: This message originated from an External Source. Use proper > caution when opening attachments, clicking links, or responding. > > > This library follows Redfish Host Interface specification and use IPMI > command to get bootstrap account credential(NetFn 2Ch, Command 02h) from BMC. > RedfishHostInterfaceDxe will use this credential for the following > communication between BIOS and BMC. > > Cc: Abner Chang <abner.chang@amd.com> > Cc: Nick Ramirez <nramirez@nvidia.com> > Signed-off-by: Nickle Wang <nicklew@nvidia.com> > --- > .../RedfishPlatformCredentialLib.c | 273 ++++++++++++++++++ > .../RedfishPlatformCredentialLib.h | 75 +++++ > .../RedfishPlatformCredentialLib.inf | 37 +++ [Chang, Abner] Could we name this library RedfishPlatformCredentialIpmi so the naming style is consistent with RedfishPlatformCredentialNull? > 3 files changed, 385 insertions(+) > create mode 100644 > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib. > c > create mode 100644 > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib. > h > create mode 100644 > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredent > ialLib.i > nf > > diff --git > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > ntialLi > b.c > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > ntialLi > b.c > new file mode 100644 > index 0000000000..23a15ab1fa > --- /dev/null > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformC > +++ re > +++ dentialLib.c > @@ -0,0 +1,273 @@ > +/** @file > +* > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights reserved. > +* > +* SPDX-License-Identifier: BSD-2-Clause-Patent [Chang, Abner] We can have "@par Revision Reference:" in the file header to point out the spec. https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.dmtf.org%2Fsites%2Fdefault%2Ffiles%2Fstandards%2Fdocuments%2FDSP0270_1.3.0.pdf&data=05%7C01%7Cigork%40ami.com%7Cebc4dc0526a34fad9c1108dab662388d%7C27e97857e15f486cb58e86c2b3040f93%7C1%7C1%7C638022830242966537%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ywFQL6E7TjNtBuos89mYh4TtlUCa4QWd3uEByRsRU8c%3D&reserved=0 > +* > +**/ > + > +#include "RedfishPlatformCredentialLib.h" > + > +// > +// Global flag of controlling credential service // BOOLEAN > +mRedfishServiceStopped = FALSE; > + > +/** > + Notify the Redfish service provide to stop provide configuration > +service to this > platform. > + > + This function should be called when the platfrom is about to leave > + the safe > environment. > + It will notify the Redfish service provider to abort all logined > + session, and prohibit further login with original auth info. > + GetAuthInfo() will return EFI_UNSUPPORTED once this function is returned. > + > + @param[in] This Pointer to > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > + @param[in] ServiceStopType Reason of stopping Redfish service. > + > + @retval EFI_SUCCESS Service has been stoped successfully. > + @retval EFI_INVALID_PARAMETER This is NULL. > + @retval Others Some error happened. > + > +**/ > +EFI_STATUS > +EFIAPI > +LibStopRedfishService ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType > + ) > +{ > + EFI_STATUS Status; > + > + if ((ServiceStopType <= ServiceStopTypeNone) || (ServiceStopType >= > ServiceStopTypeMax)) { > + return EFI_INVALID_PARAMETER; > + } > + > + // > + // Raise flag first > + // > + mRedfishServiceStopped = TRUE; > + > + // > + // Notify BMC to disable credential bootstrapping support. > + // > + Status = GetBootstrapAccountCredentials (TRUE, NULL, NULL); if > + (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: fail to disable bootstrap credential: > + %r\n", > __FUNCTION__, Status)); > + return Status; > + } > + > + return EFI_SUCCESS; > +} > + > +/** > + Notification of Exit Boot Service. > + > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > +**/ > +VOID > +EFIAPI > +LibCredentialExitBootServicesNotify ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > + ) > +{ > + // > + // Stop the credential support when system is about to enter OS. > + // > + LibStopRedfishService (This, ServiceStopTypeExitBootService); } > + > +/** > + Notification of End of DXe. > + > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > +**/ > +VOID > +EFIAPI > +LibCredentialEndOfDxeNotify ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > + ) > +{ > + // > + // Do nothing now. > + // We can stop credential support when system reach end-of-dxe for > +security > reason. > + // > +} > + > +/** > + Function to retrieve temporary use credentials for the UEFI redfish > +client [Chang, Abner] We miss the functionality to disable bootstrap credential service in the function description. > + > + @param[in] DisableBootstrapControl > + TRUE - Tell the BMC to disable the bootstrap credential > + service to ensure no one else gains credentials > + FALSE Allow the bootstrap > + credential service to continue @param[out] BootstrapUsername > + A pointer to a UTF-8 encoded > + string for the credential > username > + When DisableBootstrapControl is > + TRUE, this pointer can be NULL > + > + @param[out] BootstrapPassword > + A pointer to a UTF-8 encoded > + string for the credential > password > + When DisableBootstrapControl is > + TRUE, this pointer can be NULL > + > + @retval EFI_SUCCESS Credentials were successfully fetched and > returned > + @retval EFI_INVALID_PARAMETER BootstrapUsername or > BootstrapPassword is NULL when DisableBootstrapControl > + is set to FALSE > + @retval EFI_DEVICE_ERROR An IPMI failure occurred [Chang, Abner] The return status should also include the status of disabling bootstrap credential. > +**/ > +EFI_STATUS > +GetBootstrapAccountCredentials ( > + IN BOOLEAN DisableBootstrapControl, > + IN OUT CHAR8 *BootstrapUsername, OPTIONAL > + IN OUT CHAR8 *BootstrapPassword OPTIONAL > + ) > +{ > + EFI_STATUS Status; > + IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA CommandData; > + IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE ResponseData; > + UINT32 ResponseSize; > + > + if (!PcdGetBool (PcdIpmiFeatureEnable)) { > + DEBUG ((DEBUG_ERROR, "%a: IPMI is not enabled! Unable to fetch > + Redfish > credentials\n", __FUNCTION__)); > + return EFI_UNSUPPORTED; > + } > + > + // > + // NULL buffer check > + // > + if (!DisableBootstrapControl && ((BootstrapUsername == NULL) || > (BootstrapPassword == NULL))) { > + return EFI_INVALID_PARAMETER; > + } > + > + DEBUG ((DEBUG_VERBOSE, "%a: Disable bootstrap control: 0x%x\n", > + __FUNCTION__, DisableBootstrapControl)); > + > + // > + // IPMI callout to NetFn 2C, command 02 > + // Request data: > + // Byte 1: REDFISH_IPMI_GROUP_EXTENSION > + // Byte 2: DisableBootstrapControl > + // > + CommandData.GroupExtensionId = REDFISH_IPMI_GROUP_EXTENSION; > + CommandData.DisableBootstrapControl = (DisableBootstrapControl ? > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE : > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE); > + > + ResponseSize = sizeof (ResponseData); > + > + // > + // Response data: > + // Byte 1 : Completion code > + // Byte 2 : REDFISH_IPMI_GROUP_EXTENSION > + // Byte 3-18 : Username > + // Byte 19-34: Password > + // > + Status = IpmiSubmitCommand ( > + IPMI_NETFN_GROUP_EXT, > + REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD, > + (UINT8 *)&CommandData, > + sizeof (CommandData), > + (UINT8 *)&ResponseData, > + &ResponseSize > + ); > + > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: IPMI transaction failure. Returning\n", > __FUNCTION__)); > + ASSERT_EFI_ERROR (Status); > + return Status; > + } else { > + if (ResponseData.CompletionCode != IPMI_COMP_CODE_NORMAL) { > + if (ResponseData.CompletionCode == > REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED) { > + DEBUG ((DEBUG_ERROR, "%a: bootstrap credential support was > disabled\n", __FUNCTION__)); > + return EFI_ACCESS_DENIED; > + } > + > + DEBUG ((DEBUG_ERROR, "%a: Completion code = 0x%x. Returning\n", > __FUNCTION__, ResponseData.CompletionCode)); > + return EFI_PROTOCOL_ERROR; > + } else if (ResponseData.GroupExtensionId != > REDFISH_IPMI_GROUP_EXTENSION) { > + DEBUG ((DEBUG_ERROR, "%a: Group Extension Response = 0x%x. > Returning\n", __FUNCTION__, ResponseData.GroupExtensionId)); > + return EFI_DEVICE_ERROR; > + } else { > + if (BootstrapUsername != NULL) { > + CopyMem (BootstrapUsername, ResponseData.Username, > USERNAME_MAX_LENGTH); > + // > + // Manually append null-terminator in case 16 characters > + username > returned. > + // > + BootstrapUsername[USERNAME_MAX_LENGTH] = '\0'; > + } > + > + if (BootstrapPassword != NULL) { > + CopyMem (BootstrapPassword, ResponseData.Password, > PASSWORD_MAX_LENGTH); > + // > + // Manually append null-terminator in case 16 characters > + password > returned. > + // > + BootstrapPassword[PASSWORD_MAX_LENGTH] = '\0'; > + } > + } > + } > + > + return Status; > +} > + > +/** > + Retrieve platform's Redfish authentication information. > + > + This functions returns the Redfish authentication method together > + with the user Id and password. > + - For AuthMethodNone, the UserId and Password could be used for > + HTTP > header authentication > + as defined by RFC7235. > + - For AuthMethodRedfishSession, the UserId and Password could be > + used for > Redfish > + session login as defined by Redfish API specification (DSP0266). > + > + Callers are responsible for and freeing the returned string storage. > + > + @param[in] This Pointer to > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > + @param[out] AuthMethod Type of Redfish authentication method. > + @param[out] UserId The pointer to store the returned UserId string. > + @param[out] Password The pointer to store the returned Password > string. > + > + @retval EFI_SUCCESS Get the authentication information successfully. > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe. > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or > Password is NULL. > + @retval EFI_OUT_OF_RESOURCES There are not enough memory resources. > + @retval EFI_UNSUPPORTED Unsupported authentication method is > found. > + > +**/ > +EFI_STATUS > +EFIAPI > +LibCredentialGetAuthInfo ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod, > + OUT CHAR8 **UserId, > + OUT CHAR8 **Password > + ) > +{ > + EFI_STATUS Status; > + > + if ((AuthMethod == NULL) || (UserId == NULL) || (Password == NULL)) { > + return EFI_INVALID_PARAMETER; > + } > + > + *UserId = NULL; > + *Password = NULL; > + > + if (mRedfishServiceStopped) { > + DEBUG ((DEBUG_ERROR, "%a: credential service is stopped due to > + security > reason\n", __FUNCTION__)); > + return EFI_ACCESS_DENIED; > + } > + > + *AuthMethod = AuthMethodHttpBasic; > + > + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); if [Chang, Abner] Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both BootUsername and BootstrapPassword? Because the maximum number of characters defined in the spec is USERNAME_MAX_LENGTH for the user/password. > + (*UserId == NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + *Password = AllocateZeroPool (sizeof (CHAR8) * PASSWORD_MAX_SIZE); > + if (*Password == NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + Status = GetBootstrapAccountCredentials (FALSE, *UserId, > + *Password); if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: fail to get bootstrap credential: > + %r\n", > __FUNCTION__, Status)); > + return Status; > + } > + > + return EFI_SUCCESS; > +} > diff --git > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > ntialLi > b.h > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > ntialLi > b.h > new file mode 100644 > index 0000000000..5b448e01be > --- /dev/null > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformC > +++ re > +++ dentialLib.h > @@ -0,0 +1,75 @@ > +/** @file > +* > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights reserved. > +* > +* SPDX-License-Identifier: BSD-2-Clause-Patent > +* > +**/ > +#include <Uefi.h> > +#include <IndustryStandard/Ipmi.h> > +#include <Protocol/EdkIIRedfishCredential.h> > +#include <Library/BaseLib.h> > +#include <Library/BaseMemoryLib.h> > +#include <Library/DebugLib.h> > +#include <Library/IpmiBaseLib.h> > +#include <Library/MemoryAllocationLib.h> #include > +<Library/RedfishCredentialLib.h> > + > +#define REDFISH_IPMI_GROUP_EXTENSION 0x52 > +#define REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD 0x02 > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE 0xA5 > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE 0x00 > +#define REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED > 0x80 > + > +// > +// Per Redfish Host Interface Specification 1.3, The maximum lenght > +of // username and password is 16 characters long. > +// > +#define USERNAME_MAX_LENGTH 16 > +#define PASSWORD_MAX_LENGTH 16 > +#define USERNAME_MAX_SIZE (USERNAME_MAX_LENGTH + 1) // NULL > terminator > +#define PASSWORD_MAX_SIZE (PASSWORD_MAX_LENGTH + 1) // NULL > terminator > + > +#pragma pack(1) > +/// > +/// The definition of IPMI command to get bootstrap account > +credentials /// typedef struct { > + UINT8 GroupExtensionId; > + UINT8 DisableBootstrapControl; > +} IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA; > + > +/// > +/// The response data of getting bootstrap credential /// typedef > +struct { > + UINT8 CompletionCode; > + UINT8 GroupExtensionId; > + CHAR8 Username[USERNAME_MAX_LENGTH]; > + CHAR8 Password[PASSWORD_MAX_LENGTH]; > +} IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE; > + > +#pragma pack() > + > +/** > + Function to retrieve temporary use credentials for the UEFI redfish > +client [Chang, Abner] We miss the functionality to disable bootstrap credential service in the function description. > + > + @param[in] DisableBootstrapControl > + TRUE - Tell the BMC to disable the bootstrap credential > + service to ensure no one else gains credentials > + FALSE Allow the bootstrap > + credential service to continue @param[out] BootstrapUsername > + A pointer to a UTF-8 encoded > + string for the credential username > + > + @param[out] BootstrapPassword > + A pointer to a UTF-8 encoded > + string for the credential password > + > + @retval EFI_SUCCESS Credentials were successfully fetched and > returned [Chang, Abner] Or the bootstrap credential service is disabled successfully, right? > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > +**/ > +EFI_STATUS > +GetBootstrapAccountCredentials ( > + IN BOOLEAN DisableBootstrapControl, > + IN OUT CHAR8 *BootstrapUsername, > + IN OUT CHAR8 *BootstrapPassword > + ); > diff --git > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > ntialLi > b.inf > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > ntialLi > b.inf > new file mode 100644 > index 0000000000..a990d28363 > --- /dev/null > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformC > +++ re > +++ dentialLib.inf > @@ -0,0 +1,37 @@ > +## @file > +# > +# Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights reserved. > +# > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ## > + > +[Defines] > + INF_VERSION = 0x0001000b > + BASE_NAME = RedfishPlatformCredentialLib > + FILE_GUID = 9C45D622-4C66-417F-814C-F76246D97233 > + MODULE_TYPE = DXE_DRIVER > + VERSION_STRING = 1.0 > + LIBRARY_CLASS = RedfishPlatformCredentialLib > + > +[Sources] > + RedfishPlatformCredentialLib.c > + > +[Packages] > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + RedfishPkg/RedfishPkg.dec > + IpmiFeaturePkg/IpmiFeaturePkg.dec [Chang, Abner] Could you please add a comment to the reference of IpmiFeaturePkg? We have to give customers a notice that the dependence of "edk2-platforms/Features/Intel/OutOfBandManagement/". They have to add the path to PACKAGES_PATH. You also have to skip this dependence in the RedfishPkg.yaml to avoid the CI error. Another thing is I propose to move out IpmiFeaturePkg from edk2-platforms/Features/Intel/OutOfBandManagement to edk2-platforms/Features/ManageabilityPkg that also provides the implementation of PLDM/MCTP/IPMI/KCS. I had an initial talk with IpmiFeaturePkg owner and get the positive response on this proposal. I will kick off the discussion on the dev mailing list. That is to say this module may need a little bit change later, however that is good to me having this implementation now. Thanks Abner > + > +[LibraryClasses] > + UefiLib > + DebugLib > + IpmiBaseLib > + MemoryAllocationLib > + BaseMemoryLib > + > +[Pcd] > + gIpmiFeaturePkgTokenSpaceGuid.PcdIpmiFeatureEnable > + > +[Depex] > + TRUE > -- > 2.17.1 -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation 2022-10-26 15:26 ` Igor Kulchytskyy @ 2022-10-27 13:25 ` Nickle Wang 2022-10-27 14:42 ` Igor Kulchytskyy 0 siblings, 1 reply; 15+ messages in thread From: Nickle Wang @ 2022-10-27 13:25 UTC (permalink / raw) To: devel@edk2.groups.io, igork@ami.com, abner.chang@amd.com; +Cc: Nick Ramirez Hi Igor, Thank you for your help to review my changes. > And it will be blocked by our IPMI call. I see your point. So, BIOS should never be the person to shutdown credential service because BIOS always get executed prior to OS, right? > Should it be configured with some PCD? Maybe user may select in Setup what method should be used? Or it could be build time configuration? I have below assumption while I implemented the library. I admit this is not always true. No Auth: I think this is rare case for Redfish service which gives anonymous privilege to change BIOS settings. Basic Auth: this is the authentication method which uses username and password to build base64 encoded string. Session Auth: I assume that client must have a session token first and then use this authentication method. Can we use username and password to generate session token on our own? If my memory serves me correctly, client has to do a login with username and password first and then client can receive session token from server. If we really like to know what authentication method that Redfish service used, we can issue a HTTP query to "/redfish/v1/Systems" with "No Auth". Then we can know what authentication method is required by reading the "WWW-Authenticate " filed in returned HTTP header. Thanks, Nickle -----Original Message----- From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Igor Kulchytskyy via groups.io Sent: Wednesday, October 26, 2022 11:26 PM To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io; abner.chang@amd.com Cc: Nick Ramirez <nramirez@nvidia.com> Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation External email: Use caution opening links or attachments Hi Nickle, I would like to discuss that DisableBootstrapControl flag and how it is used in our implementation. According to Redfish HI specification we can use this flag to disable credential bootstrapping control. It can be disabled permanently or till next reboot of the host or service. That depend on the EnableAfterReset setting on BMC side: CredentialBootstrapping (v1.3+) { object The credential bootstrapping settings for this interface. EnableAfterReset (v1.3+) Boolean read-write (null) An indication of whether credential bootstrapping is enabled after a reset for this interface. Enabled (v1.3+) Boolean read-write (null) An indication of whether credential bootstrapping is enabled for this interface. RoleId (v1.3+) string read-write The role used for the bootstrap account created for this interface. } So, if EnableAfterReset set to false, that means BMC will response with 0x80 error and will not return any credentials after reboot. And BIOS BMC communication will fail. Another concern with disabling credential bootstrapping control is that we do it on Exit Boot event before passing a control to OS. But OS may also need to communicate to BMC through Redfish Host Interface to post some information. And it will be blocked by our IPMI call. We create that SMBIOS Type 42 table with Redfish Host Interface settings which can be used by OS to communicate with BMC. But without the credentials it will not be possible. Another question is AuthMethod parameter you initialize in this library: *AuthMethod = AuthMethodHttpBasic; According to Redfish HI specification 3 methods may be used - No Auth, Basic Auth and Session Auth. Basic Auth and Session Auth methods are required the credentials to be used by BIOS. And both of them should be supported by BMC. And your high level function RedfishCreateLibredfishService also supports of creation Basic or Session Auth service. I'm not sure why low level library which is created to get credentials from BMC should decide what Authentication method should be used? Should it be configured with some PCD? Maybe user may select in Setup what method should be used? Or it could be build time configuration? Thank you, Igor -----Original Message----- From: Nickle Wang <nicklew@nvidia.com> Sent: Tuesday, October 25, 2022 4:24 AM To: devel@edk2.groups.io; abner.chang@amd.com Cc: Nick Ramirez <nramirez@nvidia.com>; Igor Kulchytskyy <igork@ami.com> Subject: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation **CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.** Thanks for your review comments, Abner! I will update new version patch later. The CI build error will be handled together. > please add Igor as reviewer too Sure! > + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); if [Chang, Abner] Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both BootUsername and BootstrapPassword? Because the maximum number of characters defined in the spec is USERNAME_MAX_LENGTH for the user/password. Yes, the additional one byte is for NULL terminator. USERNAME_MAX_LENGTH is defined as 16 and follow host interface specification. Regards, Nickle -----Original Message----- From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Chang, Abner via groups.io Sent: Saturday, October 22, 2022 3:01 PM To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io Cc: Nick Ramirez <nramirez@nvidia.com>; Igor Kulchytskyy <igork@ami.com> Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation External email: Use caution opening links or attachments [AMD Official Use Only - General] Hi Nickle, please add Igor as reviewer too. My comments is in below, > -----Original Message----- > From: Nickle Wang <nicklew@nvidia.com> > Sent: Thursday, October 20, 2022 10:55 AM > To: devel@edk2.groups.io > Cc: Chang, Abner <Abner.Chang@amd.com>; Nick Ramirez > <nramirez@nvidia.com> > Subject: [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI > implementation > > Caution: This message originated from an External Source. Use proper > caution when opening attachments, clicking links, or responding. > > > This library follows Redfish Host Interface specification and use IPMI > command to get bootstrap account credential(NetFn 2Ch, Command 02h) from BMC. > RedfishHostInterfaceDxe will use this credential for the following > communication between BIOS and BMC. > > Cc: Abner Chang <abner.chang@amd.com> > Cc: Nick Ramirez <nramirez@nvidia.com> > Signed-off-by: Nickle Wang <nicklew@nvidia.com> > --- > .../RedfishPlatformCredentialLib.c | 273 ++++++++++++++++++ > .../RedfishPlatformCredentialLib.h | 75 +++++ > .../RedfishPlatformCredentialLib.inf | 37 +++ [Chang, Abner] Could we name this library RedfishPlatformCredentialIpmi so the naming style is consistent with RedfishPlatformCredentialNull? > 3 files changed, 385 insertions(+) > create mode 100644 > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib. > c > create mode 100644 > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib. > h > create mode 100644 > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredent > ialLib.i > nf > > diff --git > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > ntialLi > b.c > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > ntialLi > b.c > new file mode 100644 > index 0000000000..23a15ab1fa > --- /dev/null > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformC > +++ re > +++ dentialLib.c > @@ -0,0 +1,273 @@ > +/** @file > +* > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights reserved. > +* > +* SPDX-License-Identifier: BSD-2-Clause-Patent [Chang, Abner] We can have "@par Revision Reference:" in the file header to point out the spec. https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.dmtf.org%2Fsites%2Fdefault%2Ffiles%2Fstandards%2Fdocuments%2FDSP0270_1.3.0.pdf&data=05%7C01%7Cigork%40ami.com%7Cebc4dc0526a34fad9c1108dab662388d%7C27e97857e15f486cb58e86c2b3040f93%7C1%7C1%7C638022830242966537%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ywFQL6E7TjNtBuos89mYh4TtlUCa4QWd3uEByRsRU8c%3D&reserved=0 > +* > +**/ > + > +#include "RedfishPlatformCredentialLib.h" > + > +// > +// Global flag of controlling credential service // BOOLEAN > +mRedfishServiceStopped = FALSE; > + > +/** > + Notify the Redfish service provide to stop provide configuration > +service to this > platform. > + > + This function should be called when the platfrom is about to leave > + the safe > environment. > + It will notify the Redfish service provider to abort all logined > + session, and prohibit further login with original auth info. > + GetAuthInfo() will return EFI_UNSUPPORTED once this function is returned. > + > + @param[in] This Pointer to > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > + @param[in] ServiceStopType Reason of stopping Redfish service. > + > + @retval EFI_SUCCESS Service has been stoped successfully. > + @retval EFI_INVALID_PARAMETER This is NULL. > + @retval Others Some error happened. > + > +**/ > +EFI_STATUS > +EFIAPI > +LibStopRedfishService ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType > + ) > +{ > + EFI_STATUS Status; > + > + if ((ServiceStopType <= ServiceStopTypeNone) || (ServiceStopType >= > ServiceStopTypeMax)) { > + return EFI_INVALID_PARAMETER; > + } > + > + // > + // Raise flag first > + // > + mRedfishServiceStopped = TRUE; > + > + // > + // Notify BMC to disable credential bootstrapping support. > + // > + Status = GetBootstrapAccountCredentials (TRUE, NULL, NULL); if > + (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: fail to disable bootstrap credential: > + %r\n", > __FUNCTION__, Status)); > + return Status; > + } > + > + return EFI_SUCCESS; > +} > + > +/** > + Notification of Exit Boot Service. > + > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > +**/ > +VOID > +EFIAPI > +LibCredentialExitBootServicesNotify ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > + ) > +{ > + // > + // Stop the credential support when system is about to enter OS. > + // > + LibStopRedfishService (This, ServiceStopTypeExitBootService); } > + > +/** > + Notification of End of DXe. > + > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > +**/ > +VOID > +EFIAPI > +LibCredentialEndOfDxeNotify ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > + ) > +{ > + // > + // Do nothing now. > + // We can stop credential support when system reach end-of-dxe for > +security > reason. > + // > +} > + > +/** > + Function to retrieve temporary use credentials for the UEFI redfish > +client [Chang, Abner] We miss the functionality to disable bootstrap credential service in the function description. > + > + @param[in] DisableBootstrapControl > + TRUE - Tell the BMC to disable the bootstrap credential > + service to ensure no one else gains credentials > + FALSE Allow the bootstrap > + credential service to continue @param[out] BootstrapUsername > + A pointer to a UTF-8 encoded > + string for the credential > username > + When DisableBootstrapControl is > + TRUE, this pointer can be NULL > + > + @param[out] BootstrapPassword > + A pointer to a UTF-8 encoded > + string for the credential > password > + When DisableBootstrapControl is > + TRUE, this pointer can be NULL > + > + @retval EFI_SUCCESS Credentials were successfully fetched and > returned > + @retval EFI_INVALID_PARAMETER BootstrapUsername or > BootstrapPassword is NULL when DisableBootstrapControl > + is set to FALSE > + @retval EFI_DEVICE_ERROR An IPMI failure occurred [Chang, Abner] The return status should also include the status of disabling bootstrap credential. > +**/ > +EFI_STATUS > +GetBootstrapAccountCredentials ( > + IN BOOLEAN DisableBootstrapControl, > + IN OUT CHAR8 *BootstrapUsername, OPTIONAL > + IN OUT CHAR8 *BootstrapPassword OPTIONAL > + ) > +{ > + EFI_STATUS Status; > + IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA CommandData; > + IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE ResponseData; > + UINT32 ResponseSize; > + > + if (!PcdGetBool (PcdIpmiFeatureEnable)) { > + DEBUG ((DEBUG_ERROR, "%a: IPMI is not enabled! Unable to fetch > + Redfish > credentials\n", __FUNCTION__)); > + return EFI_UNSUPPORTED; > + } > + > + // > + // NULL buffer check > + // > + if (!DisableBootstrapControl && ((BootstrapUsername == NULL) || > (BootstrapPassword == NULL))) { > + return EFI_INVALID_PARAMETER; > + } > + > + DEBUG ((DEBUG_VERBOSE, "%a: Disable bootstrap control: 0x%x\n", > + __FUNCTION__, DisableBootstrapControl)); > + > + // > + // IPMI callout to NetFn 2C, command 02 > + // Request data: > + // Byte 1: REDFISH_IPMI_GROUP_EXTENSION > + // Byte 2: DisableBootstrapControl > + // > + CommandData.GroupExtensionId = REDFISH_IPMI_GROUP_EXTENSION; > + CommandData.DisableBootstrapControl = (DisableBootstrapControl ? > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE : > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE); > + > + ResponseSize = sizeof (ResponseData); > + > + // > + // Response data: > + // Byte 1 : Completion code > + // Byte 2 : REDFISH_IPMI_GROUP_EXTENSION > + // Byte 3-18 : Username > + // Byte 19-34: Password > + // > + Status = IpmiSubmitCommand ( > + IPMI_NETFN_GROUP_EXT, > + REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD, > + (UINT8 *)&CommandData, > + sizeof (CommandData), > + (UINT8 *)&ResponseData, > + &ResponseSize > + ); > + > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: IPMI transaction failure. Returning\n", > __FUNCTION__)); > + ASSERT_EFI_ERROR (Status); > + return Status; > + } else { > + if (ResponseData.CompletionCode != IPMI_COMP_CODE_NORMAL) { > + if (ResponseData.CompletionCode == > REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED) { > + DEBUG ((DEBUG_ERROR, "%a: bootstrap credential support was > disabled\n", __FUNCTION__)); > + return EFI_ACCESS_DENIED; > + } > + > + DEBUG ((DEBUG_ERROR, "%a: Completion code = 0x%x. Returning\n", > __FUNCTION__, ResponseData.CompletionCode)); > + return EFI_PROTOCOL_ERROR; > + } else if (ResponseData.GroupExtensionId != > REDFISH_IPMI_GROUP_EXTENSION) { > + DEBUG ((DEBUG_ERROR, "%a: Group Extension Response = 0x%x. > Returning\n", __FUNCTION__, ResponseData.GroupExtensionId)); > + return EFI_DEVICE_ERROR; > + } else { > + if (BootstrapUsername != NULL) { > + CopyMem (BootstrapUsername, ResponseData.Username, > USERNAME_MAX_LENGTH); > + // > + // Manually append null-terminator in case 16 characters > + username > returned. > + // > + BootstrapUsername[USERNAME_MAX_LENGTH] = '\0'; > + } > + > + if (BootstrapPassword != NULL) { > + CopyMem (BootstrapPassword, ResponseData.Password, > PASSWORD_MAX_LENGTH); > + // > + // Manually append null-terminator in case 16 characters > + password > returned. > + // > + BootstrapPassword[PASSWORD_MAX_LENGTH] = '\0'; > + } > + } > + } > + > + return Status; > +} > + > +/** > + Retrieve platform's Redfish authentication information. > + > + This functions returns the Redfish authentication method together > + with the user Id and password. > + - For AuthMethodNone, the UserId and Password could be used for > + HTTP > header authentication > + as defined by RFC7235. > + - For AuthMethodRedfishSession, the UserId and Password could be > + used for > Redfish > + session login as defined by Redfish API specification (DSP0266). > + > + Callers are responsible for and freeing the returned string storage. > + > + @param[in] This Pointer to > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > + @param[out] AuthMethod Type of Redfish authentication method. > + @param[out] UserId The pointer to store the returned UserId string. > + @param[out] Password The pointer to store the returned Password > string. > + > + @retval EFI_SUCCESS Get the authentication information successfully. > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe. > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or > Password is NULL. > + @retval EFI_OUT_OF_RESOURCES There are not enough memory resources. > + @retval EFI_UNSUPPORTED Unsupported authentication method is > found. > + > +**/ > +EFI_STATUS > +EFIAPI > +LibCredentialGetAuthInfo ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod, > + OUT CHAR8 **UserId, > + OUT CHAR8 **Password > + ) > +{ > + EFI_STATUS Status; > + > + if ((AuthMethod == NULL) || (UserId == NULL) || (Password == NULL)) { > + return EFI_INVALID_PARAMETER; > + } > + > + *UserId = NULL; > + *Password = NULL; > + > + if (mRedfishServiceStopped) { > + DEBUG ((DEBUG_ERROR, "%a: credential service is stopped due to > + security > reason\n", __FUNCTION__)); > + return EFI_ACCESS_DENIED; > + } > + > + *AuthMethod = AuthMethodHttpBasic; > + > + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); if [Chang, Abner] Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both BootUsername and BootstrapPassword? Because the maximum number of characters defined in the spec is USERNAME_MAX_LENGTH for the user/password. > + (*UserId == NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + *Password = AllocateZeroPool (sizeof (CHAR8) * PASSWORD_MAX_SIZE); > + if (*Password == NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + Status = GetBootstrapAccountCredentials (FALSE, *UserId, > + *Password); if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: fail to get bootstrap credential: > + %r\n", > __FUNCTION__, Status)); > + return Status; > + } > + > + return EFI_SUCCESS; > +} > diff --git > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > ntialLi > b.h > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > ntialLi > b.h > new file mode 100644 > index 0000000000..5b448e01be > --- /dev/null > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformC > +++ re > +++ dentialLib.h > @@ -0,0 +1,75 @@ > +/** @file > +* > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights reserved. > +* > +* SPDX-License-Identifier: BSD-2-Clause-Patent > +* > +**/ > +#include <Uefi.h> > +#include <IndustryStandard/Ipmi.h> > +#include <Protocol/EdkIIRedfishCredential.h> > +#include <Library/BaseLib.h> > +#include <Library/BaseMemoryLib.h> > +#include <Library/DebugLib.h> > +#include <Library/IpmiBaseLib.h> > +#include <Library/MemoryAllocationLib.h> #include > +<Library/RedfishCredentialLib.h> > + > +#define REDFISH_IPMI_GROUP_EXTENSION 0x52 > +#define REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD 0x02 > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE 0xA5 > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE 0x00 > +#define REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED > 0x80 > + > +// > +// Per Redfish Host Interface Specification 1.3, The maximum lenght > +of // username and password is 16 characters long. > +// > +#define USERNAME_MAX_LENGTH 16 > +#define PASSWORD_MAX_LENGTH 16 > +#define USERNAME_MAX_SIZE (USERNAME_MAX_LENGTH + 1) // NULL > terminator > +#define PASSWORD_MAX_SIZE (PASSWORD_MAX_LENGTH + 1) // NULL > terminator > + > +#pragma pack(1) > +/// > +/// The definition of IPMI command to get bootstrap account > +credentials /// typedef struct { > + UINT8 GroupExtensionId; > + UINT8 DisableBootstrapControl; > +} IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA; > + > +/// > +/// The response data of getting bootstrap credential /// typedef > +struct { > + UINT8 CompletionCode; > + UINT8 GroupExtensionId; > + CHAR8 Username[USERNAME_MAX_LENGTH]; > + CHAR8 Password[PASSWORD_MAX_LENGTH]; > +} IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE; > + > +#pragma pack() > + > +/** > + Function to retrieve temporary use credentials for the UEFI redfish > +client [Chang, Abner] We miss the functionality to disable bootstrap credential service in the function description. > + > + @param[in] DisableBootstrapControl > + TRUE - Tell the BMC to disable the bootstrap credential > + service to ensure no one else gains credentials > + FALSE Allow the bootstrap > + credential service to continue @param[out] BootstrapUsername > + A pointer to a UTF-8 encoded > + string for the credential username > + > + @param[out] BootstrapPassword > + A pointer to a UTF-8 encoded > + string for the credential password > + > + @retval EFI_SUCCESS Credentials were successfully fetched and > returned [Chang, Abner] Or the bootstrap credential service is disabled successfully, right? > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > +**/ > +EFI_STATUS > +GetBootstrapAccountCredentials ( > + IN BOOLEAN DisableBootstrapControl, > + IN OUT CHAR8 *BootstrapUsername, > + IN OUT CHAR8 *BootstrapPassword > + ); > diff --git > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > ntialLi > b.inf > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > ntialLi > b.inf > new file mode 100644 > index 0000000000..a990d28363 > --- /dev/null > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformC > +++ re > +++ dentialLib.inf > @@ -0,0 +1,37 @@ > +## @file > +# > +# Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights reserved. > +# > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ## > + > +[Defines] > + INF_VERSION = 0x0001000b > + BASE_NAME = RedfishPlatformCredentialLib > + FILE_GUID = 9C45D622-4C66-417F-814C-F76246D97233 > + MODULE_TYPE = DXE_DRIVER > + VERSION_STRING = 1.0 > + LIBRARY_CLASS = RedfishPlatformCredentialLib > + > +[Sources] > + RedfishPlatformCredentialLib.c > + > +[Packages] > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + RedfishPkg/RedfishPkg.dec > + IpmiFeaturePkg/IpmiFeaturePkg.dec [Chang, Abner] Could you please add a comment to the reference of IpmiFeaturePkg? We have to give customers a notice that the dependence of "edk2-platforms/Features/Intel/OutOfBandManagement/". They have to add the path to PACKAGES_PATH. You also have to skip this dependence in the RedfishPkg.yaml to avoid the CI error. Another thing is I propose to move out IpmiFeaturePkg from edk2-platforms/Features/Intel/OutOfBandManagement to edk2-platforms/Features/ManageabilityPkg that also provides the implementation of PLDM/MCTP/IPMI/KCS. I had an initial talk with IpmiFeaturePkg owner and get the positive response on this proposal. I will kick off the discussion on the dev mailing list. That is to say this module may need a little bit change later, however that is good to me having this implementation now. Thanks Abner > + > +[LibraryClasses] > + UefiLib > + DebugLib > + IpmiBaseLib > + MemoryAllocationLib > + BaseMemoryLib > + > +[Pcd] > + gIpmiFeaturePkgTokenSpaceGuid.PcdIpmiFeatureEnable > + > +[Depex] > + TRUE > -- > 2.17.1 -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation 2022-10-27 13:25 ` Nickle Wang @ 2022-10-27 14:42 ` Igor Kulchytskyy 2022-10-28 7:48 ` Chang, Abner 0 siblings, 1 reply; 15+ messages in thread From: Igor Kulchytskyy @ 2022-10-27 14:42 UTC (permalink / raw) To: devel@edk2.groups.io, nicklew@nvidia.com, abner.chang@amd.com Cc: Nick Ramirez Hi Nickle, Pleased, see my comments on your questions below. Another point I missed in my previous mail. You have that function in the library to get credentials and it is used by RedfishCredentialsDxe driver to create the protocol which in its turn will be used by other Redfish modules. We do not know how many modules and how many times will call this function during boot. Right? And on each call of this function you call IPMI command. That command will create new Redfish account on BMC side according to Redfish HI specification: " If the Get Bootstrap Account Credentials command has been issued and responds with the completion code 00h, a bootstrap account shall be added to the manager's account collection and enabled. If the Get Bootstrap Account Credentials command is sent subsequent times and responds with the completion code 00h, a new account shall be created based on the newly generated credentials. Any existing bootstrap accounts shall remain active." As I know BMC may have some restrictions on the number of Redfish accounts they can support. And because of that BOS may hit this limit. Which is not good. On the other hand I'm not sure we need to have different credentials for different modules? All those modules are part of FW. And all of them will be associated with the same RoleID (FW role) on BMC side. So, all of them may use the same credentials. Could we cash the credentials on first call of that RedfishCredentialGetAuthInfo and then use those cashed credentials on subsequential calls? It will also may save a boot time, since there is no need to send IPMI command. Thank you, Igor -----Original Message----- From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Nickle Wang via groups.io Sent: Thursday, October 27, 2022 9:26 AM To: devel@edk2.groups.io; Igor Kulchytskyy <igork@ami.com>; abner.chang@amd.com Cc: Nick Ramirez <nramirez@nvidia.com> Subject: [EXTERNAL] Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation **CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.** Hi Igor, Thank you for your help to review my changes. > And it will be blocked by our IPMI call. I see your point. So, BIOS should never be the person to shutdown credential service because BIOS always get executed prior to OS, right? Igor: Yes, my point is that we should not shutdown credential service from BIOS. Even if OS sends that IPMI command, new account will be created and BIOS credentials will not be compromised. > Should it be configured with some PCD? Maybe user may select in Setup what method should be used? Or it could be build time configuration? I have below assumption while I implemented the library. I admit this is not always true. No Auth: I think this is rare case for Redfish service which gives anonymous privilege to change BIOS settings. Basic Auth: this is the authentication method which uses username and password to build base64 encoded string. Session Auth: I assume that client must have a session token first and then use this authentication method. Can we use username and password to generate session token on our own? If my memory serves me correctly, client has to do a login with username and password first and then client can receive session token from server. Igor: BIOS will use the credentials to create session. It should send POST request to the session URI with user name and password to create session. If a session created successfully then on response BMC returns header "X-Auth-Token" which then used for the subsequential calls. If we really like to know what authentication method that Redfish service used, we can issue a HTTP query to "/redfish/v1/Systems" with "No Auth". Then we can know what authentication method is required by reading the "WWW-Authenticate " filed in returned HTTP header. Igor: As my understanding, even if you include authentication header (Base64 encoded) in the request to BMC and BMC has NoAuth configuration, then that authentication header would be just ignored by BMC. Thanks, Nickle -----Original Message----- From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Igor Kulchytskyy via groups.io Sent: Wednesday, October 26, 2022 11:26 PM To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io; abner.chang@amd.com Cc: Nick Ramirez <nramirez@nvidia.com> Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation External email: Use caution opening links or attachments Hi Nickle, I would like to discuss that DisableBootstrapControl flag and how it is used in our implementation. According to Redfish HI specification we can use this flag to disable credential bootstrapping control. It can be disabled permanently or till next reboot of the host or service. That depend on the EnableAfterReset setting on BMC side: CredentialBootstrapping (v1.3+) { object The credential bootstrapping settings for this interface. EnableAfterReset (v1.3+) Boolean read-write (null) An indication of whether credential bootstrapping is enabled after a reset for this interface. Enabled (v1.3+) Boolean read-write (null) An indication of whether credential bootstrapping is enabled for this interface. RoleId (v1.3+) string read-write The role used for the bootstrap account created for this interface. } So, if EnableAfterReset set to false, that means BMC will response with 0x80 error and will not return any credentials after reboot. And BIOS BMC communication will fail. Another concern with disabling credential bootstrapping control is that we do it on Exit Boot event before passing a control to OS. But OS may also need to communicate to BMC through Redfish Host Interface to post some information. And it will be blocked by our IPMI call. We create that SMBIOS Type 42 table with Redfish Host Interface settings which can be used by OS to communicate with BMC. But without the credentials it will not be possible. Another question is AuthMethod parameter you initialize in this library: *AuthMethod = AuthMethodHttpBasic; According to Redfish HI specification 3 methods may be used - No Auth, Basic Auth and Session Auth. Basic Auth and Session Auth methods are required the credentials to be used by BIOS. And both of them should be supported by BMC. And your high level function RedfishCreateLibredfishService also supports of creation Basic or Session Auth service. I'm not sure why low level library which is created to get credentials from BMC should decide what Authentication method should be used? Should it be configured with some PCD? Maybe user may select in Setup what method should be used? Or it could be build time configuration? Thank you, Igor -----Original Message----- From: Nickle Wang <nicklew@nvidia.com> Sent: Tuesday, October 25, 2022 4:24 AM To: devel@edk2.groups.io; abner.chang@amd.com Cc: Nick Ramirez <nramirez@nvidia.com>; Igor Kulchytskyy <igork@ami.com> Subject: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation **CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.** Thanks for your review comments, Abner! I will update new version patch later. The CI build error will be handled together. > please add Igor as reviewer too Sure! > + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); if [Chang, Abner] Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both BootUsername and BootstrapPassword? Because the maximum number of characters defined in the spec is USERNAME_MAX_LENGTH for the user/password. Yes, the additional one byte is for NULL terminator. USERNAME_MAX_LENGTH is defined as 16 and follow host interface specification. Regards, Nickle -----Original Message----- From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Chang, Abner via groups.io Sent: Saturday, October 22, 2022 3:01 PM To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io Cc: Nick Ramirez <nramirez@nvidia.com>; Igor Kulchytskyy <igork@ami.com> Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation External email: Use caution opening links or attachments [AMD Official Use Only - General] Hi Nickle, please add Igor as reviewer too. My comments is in below, > -----Original Message----- > From: Nickle Wang <nicklew@nvidia.com> > Sent: Thursday, October 20, 2022 10:55 AM > To: devel@edk2.groups.io > Cc: Chang, Abner <Abner.Chang@amd.com>; Nick Ramirez > <nramirez@nvidia.com> > Subject: [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI > implementation > > Caution: This message originated from an External Source. Use proper > caution when opening attachments, clicking links, or responding. > > > This library follows Redfish Host Interface specification and use IPMI > command to get bootstrap account credential(NetFn 2Ch, Command 02h) from BMC. > RedfishHostInterfaceDxe will use this credential for the following > communication between BIOS and BMC. > > Cc: Abner Chang <abner.chang@amd.com> > Cc: Nick Ramirez <nramirez@nvidia.com> > Signed-off-by: Nickle Wang <nicklew@nvidia.com> > --- > .../RedfishPlatformCredentialLib.c | 273 ++++++++++++++++++ > .../RedfishPlatformCredentialLib.h | 75 +++++ > .../RedfishPlatformCredentialLib.inf | 37 +++ [Chang, Abner] Could we name this library RedfishPlatformCredentialIpmi so the naming style is consistent with RedfishPlatformCredentialNull? > 3 files changed, 385 insertions(+) > create mode 100644 > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib. > c > create mode 100644 > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib. > h > create mode 100644 > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredent > ialLib.i > nf > > diff --git > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > ntialLi > b.c > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > ntialLi > b.c > new file mode 100644 > index 0000000000..23a15ab1fa > --- /dev/null > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformC > +++ re > +++ dentialLib.c > @@ -0,0 +1,273 @@ > +/** @file > +* > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights reserved. > +* > +* SPDX-License-Identifier: BSD-2-Clause-Patent [Chang, Abner] We can have "@par Revision Reference:" in the file header to point out the spec. https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.dmtf.org%2Fsites%2Fdefault%2Ffiles%2Fstandards%2Fdocuments%2FDSP0270_1.3.0.pdf&data=05%7C01%7Cigork%40ami.com%7Ca1da2ef246da436260c408dab81ec693%7C27e97857e15f486cb58e86c2b3040f93%7C1%7C1%7C638024739579162477%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=M3rvDfC6hyZBJeBKgL5pLswv2V3kYcf1FV8hLl7iEi8%3D&reserved=0 > +* > +**/ > + > +#include "RedfishPlatformCredentialLib.h" > + > +// > +// Global flag of controlling credential service // BOOLEAN > +mRedfishServiceStopped = FALSE; > + > +/** > + Notify the Redfish service provide to stop provide configuration > +service to this > platform. > + > + This function should be called when the platfrom is about to leave > + the safe > environment. > + It will notify the Redfish service provider to abort all logined > + session, and prohibit further login with original auth info. > + GetAuthInfo() will return EFI_UNSUPPORTED once this function is returned. > + > + @param[in] This Pointer to > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > + @param[in] ServiceStopType Reason of stopping Redfish service. > + > + @retval EFI_SUCCESS Service has been stoped successfully. > + @retval EFI_INVALID_PARAMETER This is NULL. > + @retval Others Some error happened. > + > +**/ > +EFI_STATUS > +EFIAPI > +LibStopRedfishService ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType > + ) > +{ > + EFI_STATUS Status; > + > + if ((ServiceStopType <= ServiceStopTypeNone) || (ServiceStopType >= > ServiceStopTypeMax)) { > + return EFI_INVALID_PARAMETER; > + } > + > + // > + // Raise flag first > + // > + mRedfishServiceStopped = TRUE; > + > + // > + // Notify BMC to disable credential bootstrapping support. > + // > + Status = GetBootstrapAccountCredentials (TRUE, NULL, NULL); if > + (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: fail to disable bootstrap credential: > + %r\n", > __FUNCTION__, Status)); > + return Status; > + } > + > + return EFI_SUCCESS; > +} > + > +/** > + Notification of Exit Boot Service. > + > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > +**/ > +VOID > +EFIAPI > +LibCredentialExitBootServicesNotify ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > + ) > +{ > + // > + // Stop the credential support when system is about to enter OS. > + // > + LibStopRedfishService (This, ServiceStopTypeExitBootService); } > + > +/** > + Notification of End of DXe. > + > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > +**/ > +VOID > +EFIAPI > +LibCredentialEndOfDxeNotify ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > + ) > +{ > + // > + // Do nothing now. > + // We can stop credential support when system reach end-of-dxe for > +security > reason. > + // > +} > + > +/** > + Function to retrieve temporary use credentials for the UEFI redfish > +client [Chang, Abner] We miss the functionality to disable bootstrap credential service in the function description. > + > + @param[in] DisableBootstrapControl > + TRUE - Tell the BMC to disable the bootstrap credential > + service to ensure no one else gains credentials > + FALSE Allow the bootstrap > + credential service to continue @param[out] BootstrapUsername > + A pointer to a UTF-8 encoded > + string for the credential > username > + When DisableBootstrapControl is > + TRUE, this pointer can be NULL > + > + @param[out] BootstrapPassword > + A pointer to a UTF-8 encoded > + string for the credential > password > + When DisableBootstrapControl is > + TRUE, this pointer can be NULL > + > + @retval EFI_SUCCESS Credentials were successfully fetched and > returned > + @retval EFI_INVALID_PARAMETER BootstrapUsername or > BootstrapPassword is NULL when DisableBootstrapControl > + is set to FALSE > + @retval EFI_DEVICE_ERROR An IPMI failure occurred [Chang, Abner] The return status should also include the status of disabling bootstrap credential. > +**/ > +EFI_STATUS > +GetBootstrapAccountCredentials ( > + IN BOOLEAN DisableBootstrapControl, > + IN OUT CHAR8 *BootstrapUsername, OPTIONAL > + IN OUT CHAR8 *BootstrapPassword OPTIONAL > + ) > +{ > + EFI_STATUS Status; > + IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA CommandData; > + IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE ResponseData; > + UINT32 ResponseSize; > + > + if (!PcdGetBool (PcdIpmiFeatureEnable)) { > + DEBUG ((DEBUG_ERROR, "%a: IPMI is not enabled! Unable to fetch > + Redfish > credentials\n", __FUNCTION__)); > + return EFI_UNSUPPORTED; > + } > + > + // > + // NULL buffer check > + // > + if (!DisableBootstrapControl && ((BootstrapUsername == NULL) || > (BootstrapPassword == NULL))) { > + return EFI_INVALID_PARAMETER; > + } > + > + DEBUG ((DEBUG_VERBOSE, "%a: Disable bootstrap control: 0x%x\n", > + __FUNCTION__, DisableBootstrapControl)); > + > + // > + // IPMI callout to NetFn 2C, command 02 > + // Request data: > + // Byte 1: REDFISH_IPMI_GROUP_EXTENSION > + // Byte 2: DisableBootstrapControl > + // > + CommandData.GroupExtensionId = REDFISH_IPMI_GROUP_EXTENSION; > + CommandData.DisableBootstrapControl = (DisableBootstrapControl ? > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE : > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE); > + > + ResponseSize = sizeof (ResponseData); > + > + // > + // Response data: > + // Byte 1 : Completion code > + // Byte 2 : REDFISH_IPMI_GROUP_EXTENSION > + // Byte 3-18 : Username > + // Byte 19-34: Password > + // > + Status = IpmiSubmitCommand ( > + IPMI_NETFN_GROUP_EXT, > + REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD, > + (UINT8 *)&CommandData, > + sizeof (CommandData), > + (UINT8 *)&ResponseData, > + &ResponseSize > + ); > + > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: IPMI transaction failure. Returning\n", > __FUNCTION__)); > + ASSERT_EFI_ERROR (Status); > + return Status; > + } else { > + if (ResponseData.CompletionCode != IPMI_COMP_CODE_NORMAL) { > + if (ResponseData.CompletionCode == > REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED) { > + DEBUG ((DEBUG_ERROR, "%a: bootstrap credential support was > disabled\n", __FUNCTION__)); > + return EFI_ACCESS_DENIED; > + } > + > + DEBUG ((DEBUG_ERROR, "%a: Completion code = 0x%x. Returning\n", > __FUNCTION__, ResponseData.CompletionCode)); > + return EFI_PROTOCOL_ERROR; > + } else if (ResponseData.GroupExtensionId != > REDFISH_IPMI_GROUP_EXTENSION) { > + DEBUG ((DEBUG_ERROR, "%a: Group Extension Response = 0x%x. > Returning\n", __FUNCTION__, ResponseData.GroupExtensionId)); > + return EFI_DEVICE_ERROR; > + } else { > + if (BootstrapUsername != NULL) { > + CopyMem (BootstrapUsername, ResponseData.Username, > USERNAME_MAX_LENGTH); > + // > + // Manually append null-terminator in case 16 characters > + username > returned. > + // > + BootstrapUsername[USERNAME_MAX_LENGTH] = '\0'; > + } > + > + if (BootstrapPassword != NULL) { > + CopyMem (BootstrapPassword, ResponseData.Password, > PASSWORD_MAX_LENGTH); > + // > + // Manually append null-terminator in case 16 characters > + password > returned. > + // > + BootstrapPassword[PASSWORD_MAX_LENGTH] = '\0'; > + } > + } > + } > + > + return Status; > +} > + > +/** > + Retrieve platform's Redfish authentication information. > + > + This functions returns the Redfish authentication method together > + with the user Id and password. > + - For AuthMethodNone, the UserId and Password could be used for > + HTTP > header authentication > + as defined by RFC7235. > + - For AuthMethodRedfishSession, the UserId and Password could be > + used for > Redfish > + session login as defined by Redfish API specification (DSP0266). > + > + Callers are responsible for and freeing the returned string storage. > + > + @param[in] This Pointer to > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > + @param[out] AuthMethod Type of Redfish authentication method. > + @param[out] UserId The pointer to store the returned UserId string. > + @param[out] Password The pointer to store the returned Password > string. > + > + @retval EFI_SUCCESS Get the authentication information successfully. > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe. > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or > Password is NULL. > + @retval EFI_OUT_OF_RESOURCES There are not enough memory resources. > + @retval EFI_UNSUPPORTED Unsupported authentication method is > found. > + > +**/ > +EFI_STATUS > +EFIAPI > +LibCredentialGetAuthInfo ( > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod, > + OUT CHAR8 **UserId, > + OUT CHAR8 **Password > + ) > +{ > + EFI_STATUS Status; > + > + if ((AuthMethod == NULL) || (UserId == NULL) || (Password == NULL)) { > + return EFI_INVALID_PARAMETER; > + } > + > + *UserId = NULL; > + *Password = NULL; > + > + if (mRedfishServiceStopped) { > + DEBUG ((DEBUG_ERROR, "%a: credential service is stopped due to > + security > reason\n", __FUNCTION__)); > + return EFI_ACCESS_DENIED; > + } > + > + *AuthMethod = AuthMethodHttpBasic; > + > + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); if [Chang, Abner] Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both BootUsername and BootstrapPassword? Because the maximum number of characters defined in the spec is USERNAME_MAX_LENGTH for the user/password. > + (*UserId == NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + *Password = AllocateZeroPool (sizeof (CHAR8) * PASSWORD_MAX_SIZE); > + if (*Password == NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + Status = GetBootstrapAccountCredentials (FALSE, *UserId, > + *Password); if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a: fail to get bootstrap credential: > + %r\n", > __FUNCTION__, Status)); > + return Status; > + } > + > + return EFI_SUCCESS; > +} > diff --git > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > ntialLi > b.h > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > ntialLi > b.h > new file mode 100644 > index 0000000000..5b448e01be > --- /dev/null > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformC > +++ re > +++ dentialLib.h > @@ -0,0 +1,75 @@ > +/** @file > +* > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights reserved. > +* > +* SPDX-License-Identifier: BSD-2-Clause-Patent > +* > +**/ > +#include <Uefi.h> > +#include <IndustryStandard/Ipmi.h> > +#include <Protocol/EdkIIRedfishCredential.h> > +#include <Library/BaseLib.h> > +#include <Library/BaseMemoryLib.h> > +#include <Library/DebugLib.h> > +#include <Library/IpmiBaseLib.h> > +#include <Library/MemoryAllocationLib.h> #include > +<Library/RedfishCredentialLib.h> > + > +#define REDFISH_IPMI_GROUP_EXTENSION 0x52 > +#define REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD 0x02 > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE 0xA5 > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE 0x00 > +#define REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED > 0x80 > + > +// > +// Per Redfish Host Interface Specification 1.3, The maximum lenght > +of // username and password is 16 characters long. > +// > +#define USERNAME_MAX_LENGTH 16 > +#define PASSWORD_MAX_LENGTH 16 > +#define USERNAME_MAX_SIZE (USERNAME_MAX_LENGTH + 1) // NULL > terminator > +#define PASSWORD_MAX_SIZE (PASSWORD_MAX_LENGTH + 1) // NULL > terminator > + > +#pragma pack(1) > +/// > +/// The definition of IPMI command to get bootstrap account > +credentials /// typedef struct { > + UINT8 GroupExtensionId; > + UINT8 DisableBootstrapControl; > +} IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA; > + > +/// > +/// The response data of getting bootstrap credential /// typedef > +struct { > + UINT8 CompletionCode; > + UINT8 GroupExtensionId; > + CHAR8 Username[USERNAME_MAX_LENGTH]; > + CHAR8 Password[PASSWORD_MAX_LENGTH]; > +} IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE; > + > +#pragma pack() > + > +/** > + Function to retrieve temporary use credentials for the UEFI redfish > +client [Chang, Abner] We miss the functionality to disable bootstrap credential service in the function description. > + > + @param[in] DisableBootstrapControl > + TRUE - Tell the BMC to disable the bootstrap credential > + service to ensure no one else gains credentials > + FALSE Allow the bootstrap > + credential service to continue @param[out] BootstrapUsername > + A pointer to a UTF-8 encoded > + string for the credential username > + > + @param[out] BootstrapPassword > + A pointer to a UTF-8 encoded > + string for the credential password > + > + @retval EFI_SUCCESS Credentials were successfully fetched and > returned [Chang, Abner] Or the bootstrap credential service is disabled successfully, right? > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > +**/ > +EFI_STATUS > +GetBootstrapAccountCredentials ( > + IN BOOLEAN DisableBootstrapControl, > + IN OUT CHAR8 *BootstrapUsername, > + IN OUT CHAR8 *BootstrapPassword > + ); > diff --git > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > ntialLi > b.inf > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > ntialLi > b.inf > new file mode 100644 > index 0000000000..a990d28363 > --- /dev/null > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformC > +++ re > +++ dentialLib.inf > @@ -0,0 +1,37 @@ > +## @file > +# > +# Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights reserved. > +# > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ## > + > +[Defines] > + INF_VERSION = 0x0001000b > + BASE_NAME = RedfishPlatformCredentialLib > + FILE_GUID = 9C45D622-4C66-417F-814C-F76246D97233 > + MODULE_TYPE = DXE_DRIVER > + VERSION_STRING = 1.0 > + LIBRARY_CLASS = RedfishPlatformCredentialLib > + > +[Sources] > + RedfishPlatformCredentialLib.c > + > +[Packages] > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + RedfishPkg/RedfishPkg.dec > + IpmiFeaturePkg/IpmiFeaturePkg.dec [Chang, Abner] Could you please add a comment to the reference of IpmiFeaturePkg? We have to give customers a notice that the dependence of "edk2-platforms/Features/Intel/OutOfBandManagement/". They have to add the path to PACKAGES_PATH. You also have to skip this dependence in the RedfishPkg.yaml to avoid the CI error. Another thing is I propose to move out IpmiFeaturePkg from edk2-platforms/Features/Intel/OutOfBandManagement to edk2-platforms/Features/ManageabilityPkg that also provides the implementation of PLDM/MCTP/IPMI/KCS. I had an initial talk with IpmiFeaturePkg owner and get the positive response on this proposal. I will kick off the discussion on the dev mailing list. That is to say this module may need a little bit change later, however that is good to me having this implementation now. Thanks Abner > + > +[LibraryClasses] > + UefiLib > + DebugLib > + IpmiBaseLib > + MemoryAllocationLib > + BaseMemoryLib > + > +[Pcd] > + gIpmiFeaturePkgTokenSpaceGuid.PcdIpmiFeatureEnable > + > +[Depex] > + TRUE > -- > 2.17.1 -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation 2022-10-27 14:42 ` Igor Kulchytskyy @ 2022-10-28 7:48 ` Chang, Abner 2022-10-28 13:54 ` Igor Kulchytskyy 0 siblings, 1 reply; 15+ messages in thread From: Chang, Abner @ 2022-10-28 7:48 UTC (permalink / raw) To: devel@edk2.groups.io, igork@ami.com, nicklew@nvidia.com; +Cc: Nick Ramirez [AMD Official Use Only - General] > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Igor > Kulchytskyy via groups.io > Sent: Thursday, October 27, 2022 10:42 PM > To: devel@edk2.groups.io; nicklew@nvidia.com; Chang, Abner > <Abner.Chang@amd.com> > Cc: Nick Ramirez <nramirez@nvidia.com> > Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: > IPMI implementation > > Caution: This message originated from an External Source. Use proper > caution when opening attachments, clicking links, or responding. > > > Hi Nickle, > Pleased, see my comments on your questions below. > > Another point I missed in my previous mail. > You have that function in the library to get credentials and it is used by > RedfishCredentialsDxe driver to create the protocol which in its turn will be > used by other Redfish modules. > We do not know how many modules and how many times will call this > function during boot. Right? > And on each call of this function you call IPMI command. That command will > create new Redfish account on BMC side according to Redfish HI specification: > > " If the Get Bootstrap Account Credentials command has been issued and > responds with the completion code 00h, a bootstrap account shall be added > to the manager's account collection and enabled. If the Get Bootstrap > Account Credentials command is sent subsequent times and responds with > the completion code 00h, a new account shall be created based on the newly > generated credentials. Any existing bootstrap accounts shall remain active." > > As I know BMC may have some restrictions on the number of Redfish > accounts they can support. > And because of that BOS may hit this limit. Which is not good. > On the other hand I'm not sure we need to have different credentials for > different modules? All those modules are part of FW. And all of them will be > associated with the same RoleID (FW role) on BMC side. > So, all of them may use the same credentials. > Could we cash the credentials on first call of that Yes, this is something we have to avoid. Many accounts will be created while each of Redfish client module requests a credential. FW can save it in EFI variable and delete it at proper timing. Unfortunately the credential delivering via EFI variable section was deprecated, otherwise we can deliver the credential to OS through EFI variable with disabling the bootstrap credential at exit boot service. Abner > RedfishCredentialGetAuthInfo and then use those cashed credentials on > subsequential calls? > It will also may save a boot time, since there is no need to send IPMI > command. > > Thank you, > Igor > > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Nickle > Wang via groups.io > Sent: Thursday, October 27, 2022 9:26 AM > To: devel@edk2.groups.io; Igor Kulchytskyy <igork@ami.com>; > abner.chang@amd.com > Cc: Nick Ramirez <nramirez@nvidia.com> > Subject: [EXTERNAL] Re: [edk2-devel] [PATCH] > RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation > > > **CAUTION: The e-mail below is from an external source. Please exercise > caution before opening attachments, clicking links, or following guidance.** > > Hi Igor, > > Thank you for your help to review my changes. > > > And it will be blocked by our IPMI call. > > I see your point. So, BIOS should never be the person to shutdown credential > service because BIOS always get executed prior to OS, right? > > Igor: Yes, my point is that we should not shutdown credential service from > BIOS. Even if OS sends that IPMI command, new account will be created and > BIOS credentials will not be compromised. > > > Should it be configured with some PCD? Maybe user may select in Setup > what method should be used? Or it could be build time configuration? > > I have below assumption while I implemented the library. I admit this is not > always true. > > No Auth: I think this is rare case for Redfish service which gives anonymous > privilege to change BIOS settings. > Basic Auth: this is the authentication method which uses username and > password to build base64 encoded string. > Session Auth: I assume that client must have a session token first and then > use this authentication method. Can we use username and password to > generate session token on our own? If my memory serves me correctly, > client has to do a login with username and password first and then client can > receive session token from server. > > Igor: BIOS will use the credentials to create session. It should send POST > request to the session URI with user name and password to create session. > If a session created successfully then on response BMC returns header "X- > Auth-Token" which then used for the subsequential calls. > > If we really like to know what authentication method that Redfish service > used, we can issue a HTTP query to "/redfish/v1/Systems" with "No Auth". > Then we can know what authentication method is required by reading the > "WWW-Authenticate " filed in returned HTTP header. > > Igor: As my understanding, even if you include authentication header > (Base64 encoded) in the request to BMC and BMC has NoAuth configuration, > then that authentication header would be just ignored by BMC. > > Thanks, > Nickle > > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Igor > Kulchytskyy via groups.io > Sent: Wednesday, October 26, 2022 11:26 PM > To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io; > abner.chang@amd.com > Cc: Nick Ramirez <nramirez@nvidia.com> > Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: > IPMI implementation > > External email: Use caution opening links or attachments > > > Hi Nickle, > I would like to discuss that DisableBootstrapControl flag and how it is used in > our implementation. > According to Redfish HI specification we can use this flag to disable credential > bootstrapping control. > It can be disabled permanently or till next reboot of the host or service. That > depend on the EnableAfterReset setting on BMC side: > CredentialBootstrapping (v1.3+) > { object The credential bootstrapping settings for this interface. > EnableAfterReset (v1.3+) Boolean read-write (null) An indication of > whether credential bootstrapping is enabled after a reset for this interface. > Enabled (v1.3+) Boolean read-write (null) An indication of whether > credential bootstrapping is enabled for this interface. > RoleId (v1.3+) string read-write The role used for the bootstrap account > created for this interface. > } > So, if EnableAfterReset set to false, that means BMC will response with 0x80 > error and will not return any credentials after reboot. And BIOS BMC > communication will fail. > Another concern with disabling credential bootstrapping control is that we > do it on Exit Boot event before passing a control to OS. > But OS may also need to communicate to BMC through Redfish Host > Interface to post some information. And it will be blocked by our IPMI call. > We create that SMBIOS Type 42 table with Redfish Host Interface settings > which can be used by OS to communicate with BMC. But without the > credentials it will not be possible. > > Another question is AuthMethod parameter you initialize in this library: > *AuthMethod = AuthMethodHttpBasic; > According to Redfish HI specification 3 methods may be used - No Auth, Basic > Auth and Session Auth. > Basic Auth and Session Auth methods are required the credentials to be used > by BIOS. And both of them should be supported by BMC. > And your high level function RedfishCreateLibredfishService also supports of > creation Basic or Session Auth service. > I'm not sure why low level library which is created to get credentials from > BMC should decide what Authentication method should be used? > Should it be configured with some PCD? Maybe user may select in Setup > what method should be used? Or it could be build time configuration? > > Thank you, > Igor > > -----Original Message----- > From: Nickle Wang <nicklew@nvidia.com> > Sent: Tuesday, October 25, 2022 4:24 AM > To: devel@edk2.groups.io; abner.chang@amd.com > Cc: Nick Ramirez <nramirez@nvidia.com>; Igor Kulchytskyy > <igork@ami.com> > Subject: [EXTERNAL] RE: [edk2-devel] [PATCH] > RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation > > > **CAUTION: The e-mail below is from an external source. Please exercise > caution before opening attachments, clicking links, or following guidance.** > > Thanks for your review comments, Abner! I will update new version patch > later. The CI build error will be handled together. > > > please add Igor as reviewer too > Sure! > > > > + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); if > [Chang, Abner] > Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both > BootUsername and BootstrapPassword? Because the maximum number of > characters defined in the spec is USERNAME_MAX_LENGTH for the > user/password. > > Yes, the additional one byte is for NULL terminator. > USERNAME_MAX_LENGTH is defined as 16 and follow host interface > specification. > > Regards, > Nickle > > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Chang, > Abner via groups.io > Sent: Saturday, October 22, 2022 3:01 PM > To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io > Cc: Nick Ramirez <nramirez@nvidia.com>; Igor Kulchytskyy > <igork@ami.com> > Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: > IPMI implementation > > External email: Use caution opening links or attachments > > > [AMD Official Use Only - General] > > Hi Nickle, please add Igor as reviewer too. My comments is in below, > > > -----Original Message----- > > From: Nickle Wang <nicklew@nvidia.com> > > Sent: Thursday, October 20, 2022 10:55 AM > > To: devel@edk2.groups.io > > Cc: Chang, Abner <Abner.Chang@amd.com>; Nick Ramirez > > <nramirez@nvidia.com> > > Subject: [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI > > implementation > > > > Caution: This message originated from an External Source. Use proper > > caution when opening attachments, clicking links, or responding. > > > > > > This library follows Redfish Host Interface specification and use IPMI > > command to get bootstrap account credential(NetFn 2Ch, Command 02h) > from BMC. > > RedfishHostInterfaceDxe will use this credential for the following > > communication between BIOS and BMC. > > > > Cc: Abner Chang <abner.chang@amd.com> > > Cc: Nick Ramirez <nramirez@nvidia.com> > > Signed-off-by: Nickle Wang <nicklew@nvidia.com> > > --- > > .../RedfishPlatformCredentialLib.c | 273 ++++++++++++++++++ > > .../RedfishPlatformCredentialLib.h | 75 +++++ > > .../RedfishPlatformCredentialLib.inf | 37 +++ > [Chang, Abner] > Could we name this library RedfishPlatformCredentialIpmi so the naming > style is consistent with RedfishPlatformCredentialNull? > > > 3 files changed, 385 insertions(+) > > create mode 100644 > > > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredential > Lib. > > c > > create mode 100644 > > > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredential > Lib. > > h > > create mode 100644 > > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredent > > ialLib.i > > nf > > > > diff --git > > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > > ntialLi > > b.c > > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > > ntialLi > > b.c > > new file mode 100644 > > index 0000000000..23a15ab1fa > > --- /dev/null > > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformC > > +++ re > > +++ dentialLib.c > > @@ -0,0 +1,273 @@ > > +/** @file > > +* > > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > > +* > > +* SPDX-License-Identifier: BSD-2-Clause-Patent > [Chang, Abner] > We can have "@par Revision Reference:" in the file header to point out the > spec. > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fww > w.dmtf.org%2Fsites%2Fdefault%2Ffiles%2Fstandards%2Fdocuments%2FDSP > 0270_1.3.0.pdf&data=05%7C01%7Cabner.chang%40amd.com%7C074aa > e162fba49409af408dab8297c03%7C3dd8961fe4884e608e11a82d994e183d%7C > 0%7C0%7C638024786060127888%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiM > C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000 > %7C%7C%7C&sdata=yY6hhKjQfVqmNuufbeDNk%2B2FKrebHyIAyS9Ya4 > szE3Y%3D&reserved=0 > > > +* > > +**/ > > + > > +#include "RedfishPlatformCredentialLib.h" > > + > > +// > > +// Global flag of controlling credential service // BOOLEAN > > +mRedfishServiceStopped = FALSE; > > + > > +/** > > + Notify the Redfish service provide to stop provide configuration > > +service to this > > platform. > > + > > + This function should be called when the platfrom is about to leave > > + the safe > > environment. > > + It will notify the Redfish service provider to abort all logined > > + session, and prohibit further login with original auth info. > > + GetAuthInfo() will return EFI_UNSUPPORTED once this function is > returned. > > + > > + @param[in] This Pointer to > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > > + @param[in] ServiceStopType Reason of stopping Redfish service. > > + > > + @retval EFI_SUCCESS Service has been stoped successfully. > > + @retval EFI_INVALID_PARAMETER This is NULL. > > + @retval Others Some error happened. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +LibStopRedfishService ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE > ServiceStopType > > + ) > > +{ > > + EFI_STATUS Status; > > + > > + if ((ServiceStopType <= ServiceStopTypeNone) || (ServiceStopType >= > > ServiceStopTypeMax)) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + // > > + // Raise flag first > > + // > > + mRedfishServiceStopped = TRUE; > > + > > + // > > + // Notify BMC to disable credential bootstrapping support. > > + // > > + Status = GetBootstrapAccountCredentials (TRUE, NULL, NULL); if > > + (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: fail to disable bootstrap credential: > > + %r\n", > > __FUNCTION__, Status)); > > + return Status; > > + } > > + > > + return EFI_SUCCESS; > > +} > > + > > +/** > > + Notification of Exit Boot Service. > > + > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > > +**/ > > +VOID > > +EFIAPI > > +LibCredentialExitBootServicesNotify ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > > + ) > > +{ > > + // > > + // Stop the credential support when system is about to enter OS. > > + // > > + LibStopRedfishService (This, ServiceStopTypeExitBootService); } > > + > > +/** > > + Notification of End of DXe. > > + > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > > +**/ > > +VOID > > +EFIAPI > > +LibCredentialEndOfDxeNotify ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > > + ) > > +{ > > + // > > + // Do nothing now. > > + // We can stop credential support when system reach end-of-dxe for > > +security > > reason. > > + // > > +} > > + > > +/** > > + Function to retrieve temporary use credentials for the UEFI redfish > > +client > [Chang, Abner] > We miss the functionality to disable bootstrap credential service in the > function description. > > > + > > + @param[in] DisableBootstrapControl > > + TRUE - Tell the BMC to disable the bootstrap credential > > + service to ensure no one else gains credentials > > + FALSE Allow the bootstrap > > + credential service to continue @param[out] BootstrapUsername > > + A pointer to a UTF-8 encoded > > + string for the credential > > username > > + When DisableBootstrapControl is > > + TRUE, this pointer can be NULL > > + > > + @param[out] BootstrapPassword > > + A pointer to a UTF-8 encoded > > + string for the credential > > password > > + When DisableBootstrapControl is > > + TRUE, this pointer can be NULL > > + > > + @retval EFI_SUCCESS Credentials were successfully fetched and > > returned > > + @retval EFI_INVALID_PARAMETER BootstrapUsername or > > BootstrapPassword is NULL when DisableBootstrapControl > > + is set to FALSE > > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > [Chang, Abner] > The return status should also include the status of disabling bootstrap > credential. > > > > +**/ > > +EFI_STATUS > > +GetBootstrapAccountCredentials ( > > + IN BOOLEAN DisableBootstrapControl, > > + IN OUT CHAR8 *BootstrapUsername, OPTIONAL > > + IN OUT CHAR8 *BootstrapPassword OPTIONAL > > + ) > > +{ > > + EFI_STATUS Status; > > + IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA CommandData; > > + IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE ResponseData; > > + UINT32 ResponseSize; > > + > > + if (!PcdGetBool (PcdIpmiFeatureEnable)) { > > + DEBUG ((DEBUG_ERROR, "%a: IPMI is not enabled! Unable to fetch > > + Redfish > > credentials\n", __FUNCTION__)); > > + return EFI_UNSUPPORTED; > > + } > > + > > + // > > + // NULL buffer check > > + // > > + if (!DisableBootstrapControl && ((BootstrapUsername == NULL) || > > (BootstrapPassword == NULL))) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + DEBUG ((DEBUG_VERBOSE, "%a: Disable bootstrap control: 0x%x\n", > > + __FUNCTION__, DisableBootstrapControl)); > > + > > + // > > + // IPMI callout to NetFn 2C, command 02 > > + // Request data: > > + // Byte 1: REDFISH_IPMI_GROUP_EXTENSION > > + // Byte 2: DisableBootstrapControl > > + // > > + CommandData.GroupExtensionId = > REDFISH_IPMI_GROUP_EXTENSION; > > + CommandData.DisableBootstrapControl = (DisableBootstrapControl ? > > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE : > > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE); > > + > > + ResponseSize = sizeof (ResponseData); > > + > > + // > > + // Response data: > > + // Byte 1 : Completion code > > + // Byte 2 : REDFISH_IPMI_GROUP_EXTENSION > > + // Byte 3-18 : Username > > + // Byte 19-34: Password > > + // > > + Status = IpmiSubmitCommand ( > > + IPMI_NETFN_GROUP_EXT, > > + REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD, > > + (UINT8 *)&CommandData, > > + sizeof (CommandData), > > + (UINT8 *)&ResponseData, > > + &ResponseSize > > + ); > > + > > + if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: IPMI transaction failure. Returning\n", > > __FUNCTION__)); > > + ASSERT_EFI_ERROR (Status); > > + return Status; > > + } else { > > + if (ResponseData.CompletionCode != IPMI_COMP_CODE_NORMAL) { > > + if (ResponseData.CompletionCode == > > REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED) { > > + DEBUG ((DEBUG_ERROR, "%a: bootstrap credential support was > > disabled\n", __FUNCTION__)); > > + return EFI_ACCESS_DENIED; > > + } > > + > > + DEBUG ((DEBUG_ERROR, "%a: Completion code = 0x%x. Returning\n", > > __FUNCTION__, ResponseData.CompletionCode)); > > + return EFI_PROTOCOL_ERROR; > > + } else if (ResponseData.GroupExtensionId != > > REDFISH_IPMI_GROUP_EXTENSION) { > > + DEBUG ((DEBUG_ERROR, "%a: Group Extension Response = 0x%x. > > Returning\n", __FUNCTION__, ResponseData.GroupExtensionId)); > > + return EFI_DEVICE_ERROR; > > + } else { > > + if (BootstrapUsername != NULL) { > > + CopyMem (BootstrapUsername, ResponseData.Username, > > USERNAME_MAX_LENGTH); > > + // > > + // Manually append null-terminator in case 16 characters > > + username > > returned. > > + // > > + BootstrapUsername[USERNAME_MAX_LENGTH] = '\0'; > > + } > > + > > + if (BootstrapPassword != NULL) { > > + CopyMem (BootstrapPassword, ResponseData.Password, > > PASSWORD_MAX_LENGTH); > > + // > > + // Manually append null-terminator in case 16 characters > > + password > > returned. > > + // > > + BootstrapPassword[PASSWORD_MAX_LENGTH] = '\0'; > > + } > > + } > > + } > > + > > + return Status; > > +} > > + > > +/** > > + Retrieve platform's Redfish authentication information. > > + > > + This functions returns the Redfish authentication method together > > + with the user Id and password. > > + - For AuthMethodNone, the UserId and Password could be used for > > + HTTP > > header authentication > > + as defined by RFC7235. > > + - For AuthMethodRedfishSession, the UserId and Password could be > > + used for > > Redfish > > + session login as defined by Redfish API specification (DSP0266). > > + > > + Callers are responsible for and freeing the returned string storage. > > + > > + @param[in] This Pointer to > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > > + @param[out] AuthMethod Type of Redfish authentication method. > > + @param[out] UserId The pointer to store the returned UserId > string. > > + @param[out] Password The pointer to store the returned > Password > > string. > > + > > + @retval EFI_SUCCESS Get the authentication information > successfully. > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe. > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or > > Password is NULL. > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory > resources. > > + @retval EFI_UNSUPPORTED Unsupported authentication method is > > found. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +LibCredentialGetAuthInfo ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod, > > + OUT CHAR8 **UserId, > > + OUT CHAR8 **Password > > + ) > > +{ > > + EFI_STATUS Status; > > + > > + if ((AuthMethod == NULL) || (UserId == NULL) || (Password == NULL)) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + *UserId = NULL; > > + *Password = NULL; > > + > > + if (mRedfishServiceStopped) { > > + DEBUG ((DEBUG_ERROR, "%a: credential service is stopped due to > > + security > > reason\n", __FUNCTION__)); > > + return EFI_ACCESS_DENIED; > > + } > > + > > + *AuthMethod = AuthMethodHttpBasic; > > + > > + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); if > [Chang, Abner] > Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both > BootUsername and BootstrapPassword? Because the maximum number of > characters defined in the spec is USERNAME_MAX_LENGTH for the > user/password. > > > > + (*UserId == NULL) { > > + return EFI_OUT_OF_RESOURCES; > > + } > > + > > + *Password = AllocateZeroPool (sizeof (CHAR8) * PASSWORD_MAX_SIZE); > > + if (*Password == NULL) { > > + return EFI_OUT_OF_RESOURCES; > > + } > > + > > + Status = GetBootstrapAccountCredentials (FALSE, *UserId, > > + *Password); if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: fail to get bootstrap credential: > > + %r\n", > > __FUNCTION__, Status)); > > + return Status; > > + } > > + > > + return EFI_SUCCESS; > > +} > > diff --git > > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > > ntialLi > > b.h > > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > > ntialLi > > b.h > > new file mode 100644 > > index 0000000000..5b448e01be > > --- /dev/null > > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformC > > +++ re > > +++ dentialLib.h > > @@ -0,0 +1,75 @@ > > +/** @file > > +* > > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > > +* > > +* SPDX-License-Identifier: BSD-2-Clause-Patent > > +* > > +**/ > > +#include <Uefi.h> > > +#include <IndustryStandard/Ipmi.h> > > +#include <Protocol/EdkIIRedfishCredential.h> > > +#include <Library/BaseLib.h> > > +#include <Library/BaseMemoryLib.h> > > +#include <Library/DebugLib.h> > > +#include <Library/IpmiBaseLib.h> > > +#include <Library/MemoryAllocationLib.h> #include > > +<Library/RedfishCredentialLib.h> > > + > > +#define REDFISH_IPMI_GROUP_EXTENSION 0x52 > > +#define REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD 0x02 > > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE 0xA5 > > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE 0x00 > > +#define > REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED > > 0x80 > > + > > +// > > +// Per Redfish Host Interface Specification 1.3, The maximum lenght > > +of // username and password is 16 characters long. > > +// > > +#define USERNAME_MAX_LENGTH 16 > > +#define PASSWORD_MAX_LENGTH 16 > > +#define USERNAME_MAX_SIZE (USERNAME_MAX_LENGTH + 1) // > NULL > > terminator > > +#define PASSWORD_MAX_SIZE (PASSWORD_MAX_LENGTH + 1) // > NULL > > terminator > > + > > +#pragma pack(1) > > +/// > > +/// The definition of IPMI command to get bootstrap account > > +credentials /// typedef struct { > > + UINT8 GroupExtensionId; > > + UINT8 DisableBootstrapControl; > > +} IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA; > > + > > +/// > > +/// The response data of getting bootstrap credential /// typedef > > +struct { > > + UINT8 CompletionCode; > > + UINT8 GroupExtensionId; > > + CHAR8 Username[USERNAME_MAX_LENGTH]; > > + CHAR8 Password[PASSWORD_MAX_LENGTH]; > > +} IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE; > > + > > +#pragma pack() > > + > > +/** > > + Function to retrieve temporary use credentials for the UEFI redfish > > +client > [Chang, Abner] > We miss the functionality to disable bootstrap credential service in the > function description. > > > + > > + @param[in] DisableBootstrapControl > > + TRUE - Tell the BMC to disable the bootstrap credential > > + service to ensure no one else gains credentials > > + FALSE Allow the bootstrap > > + credential service to continue @param[out] BootstrapUsername > > + A pointer to a UTF-8 encoded > > + string for the credential username > > + > > + @param[out] BootstrapPassword > > + A pointer to a UTF-8 encoded > > + string for the credential password > > + > > + @retval EFI_SUCCESS Credentials were successfully fetched and > > returned > [Chang, Abner] > Or the bootstrap credential service is disabled successfully, right? > > > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > > +**/ > > +EFI_STATUS > > +GetBootstrapAccountCredentials ( > > + IN BOOLEAN DisableBootstrapControl, > > + IN OUT CHAR8 *BootstrapUsername, > > + IN OUT CHAR8 *BootstrapPassword > > + ); > > diff --git > > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > > ntialLi > > b.inf > > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > > ntialLi > > b.inf > > new file mode 100644 > > index 0000000000..a990d28363 > > --- /dev/null > > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformC > > +++ re > > +++ dentialLib.inf > > @@ -0,0 +1,37 @@ > > +## @file > > +# > > +# Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > > +# > > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ## > > + > > +[Defines] > > + INF_VERSION = 0x0001000b > > + BASE_NAME = RedfishPlatformCredentialLib > > + FILE_GUID = 9C45D622-4C66-417F-814C-F76246D97233 > > + MODULE_TYPE = DXE_DRIVER > > + VERSION_STRING = 1.0 > > + LIBRARY_CLASS = RedfishPlatformCredentialLib > > + > > +[Sources] > > + RedfishPlatformCredentialLib.c > > + > > +[Packages] > > + MdePkg/MdePkg.dec > > + MdeModulePkg/MdeModulePkg.dec > > + RedfishPkg/RedfishPkg.dec > > + IpmiFeaturePkg/IpmiFeaturePkg.dec > [Chang, Abner] > Could you please add a comment to the reference of IpmiFeaturePkg? We > have to give customers a notice that the dependence of "edk2- > platforms/Features/Intel/OutOfBandManagement/". They have to add the > path to PACKAGES_PATH. You also have to skip this dependence in the > RedfishPkg.yaml to avoid the CI error. > > Another thing is I propose to move out IpmiFeaturePkg from edk2- > platforms/Features/Intel/OutOfBandManagement to edk2- > platforms/Features/ManageabilityPkg that also provides the > implementation of PLDM/MCTP/IPMI/KCS. I had an initial talk with > IpmiFeaturePkg owner and get the positive response on this proposal. I will > kick off the discussion on the dev mailing list. That is to say this module may > need a little bit change later, however that is good to me having this > implementation now. > Thanks > Abner > > + > > +[LibraryClasses] > > + UefiLib > > + DebugLib > > + IpmiBaseLib > > + MemoryAllocationLib > > + BaseMemoryLib > > + > > +[Pcd] > > + gIpmiFeaturePkgTokenSpaceGuid.PcdIpmiFeatureEnable > > + > > +[Depex] > > + TRUE > > -- > > 2.17.1 > > > > > > -The information contained in this message may be confidential and > proprietary to American Megatrends (AMI). This communication is intended > to be read only by the individual or entity to whom it is addressed or by their > designee. If the reader of this message is not the intended recipient, you are > on notice that any distribution of this message, in any form, is strictly > prohibited. Please promptly notify the sender by reply e-mail or by > telephone at 770-246-8600, and then delete or destroy all copies of the > transmission. > > > > > > > > > > > -The information contained in this message may be confidential and > proprietary to American Megatrends (AMI). This communication is intended > to be read only by the individual or entity to whom it is addressed or by their > designee. If the reader of this message is not the intended recipient, you are > on notice that any distribution of this message, in any form, is strictly > prohibited. Please promptly notify the sender by reply e-mail or by > telephone at 770-246-8600, and then delete or destroy all copies of the > transmission. > > > > ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation 2022-10-28 7:48 ` Chang, Abner @ 2022-10-28 13:54 ` Igor Kulchytskyy 2022-10-28 14:53 ` Nickle Wang 0 siblings, 1 reply; 15+ messages in thread From: Igor Kulchytskyy @ 2022-10-28 13:54 UTC (permalink / raw) To: Chang, Abner, devel@edk2.groups.io, nicklew@nvidia.com; +Cc: Nick Ramirez Hi Abner, Yes, you are right that NVRAM variables were deprecated by DMTF. But we can use our own boot time NVRAM variable to keep FW credentials. That variable will not be accessible from OS, but since we agreed not to disable bootstrap credentials service on exit boot event, then OS may get its own credentials. Or we can save the credentials in memory variable. But in this case if we have several instances of the library linked with different modules they will have to send their own IPMI command to get credentials. So, I think it is better to use our own NVRAM boot time variable. Thank you, Igor -----Original Message----- From: Chang, Abner <Abner.Chang@amd.com> Sent: Friday, October 28, 2022 3:48 AM To: devel@edk2.groups.io; Igor Kulchytskyy <igork@ami.com>; nicklew@nvidia.com Cc: Nick Ramirez <nramirez@nvidia.com> Subject: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation **CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.** [AMD Official Use Only - General] > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Igor > Kulchytskyy via groups.io > Sent: Thursday, October 27, 2022 10:42 PM > To: devel@edk2.groups.io; nicklew@nvidia.com; Chang, Abner > <Abner.Chang@amd.com> > Cc: Nick Ramirez <nramirez@nvidia.com> > Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: > IPMI implementation > > Caution: This message originated from an External Source. Use proper > caution when opening attachments, clicking links, or responding. > > > Hi Nickle, > Pleased, see my comments on your questions below. > > Another point I missed in my previous mail. > You have that function in the library to get credentials and it is > used by RedfishCredentialsDxe driver to create the protocol which in > its turn will be used by other Redfish modules. > We do not know how many modules and how many times will call this > function during boot. Right? > And on each call of this function you call IPMI command. That command > will create new Redfish account on BMC side according to Redfish HI specification: > > " If the Get Bootstrap Account Credentials command has been issued and > responds with the completion code 00h, a bootstrap account shall be > added to the manager's account collection and enabled. If the Get > Bootstrap Account Credentials command is sent subsequent times and > responds with the completion code 00h, a new account shall be created > based on the newly generated credentials. Any existing bootstrap accounts shall remain active." > > As I know BMC may have some restrictions on the number of Redfish > accounts they can support. > And because of that BOS may hit this limit. Which is not good. > On the other hand I'm not sure we need to have different credentials > for different modules? All those modules are part of FW. And all of > them will be associated with the same RoleID (FW role) on BMC side. > So, all of them may use the same credentials. > Could we cash the credentials on first call of that Yes, this is something we have to avoid. Many accounts will be created while each of Redfish client module requests a credential. FW can save it in EFI variable and delete it at proper timing. Unfortunately the credential delivering via EFI variable section was deprecated, otherwise we can deliver the credential to OS through EFI variable with disabling the bootstrap credential at exit boot service. Abner > RedfishCredentialGetAuthInfo and then use those cashed credentials on > subsequential calls? > It will also may save a boot time, since there is no need to send IPMI > command. > > Thank you, > Igor > > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Nickle > Wang via groups.io > Sent: Thursday, October 27, 2022 9:26 AM > To: devel@edk2.groups.io; Igor Kulchytskyy <igork@ami.com>; > abner.chang@amd.com > Cc: Nick Ramirez <nramirez@nvidia.com> > Subject: [EXTERNAL] Re: [edk2-devel] [PATCH] > RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation > > > **CAUTION: The e-mail below is from an external source. Please > exercise caution before opening attachments, clicking links, or > following guidance.** > > Hi Igor, > > Thank you for your help to review my changes. > > > And it will be blocked by our IPMI call. > > I see your point. So, BIOS should never be the person to shutdown > credential service because BIOS always get executed prior to OS, right? > > Igor: Yes, my point is that we should not shutdown credential service > from BIOS. Even if OS sends that IPMI command, new account will be > created and BIOS credentials will not be compromised. > > > Should it be configured with some PCD? Maybe user may select in > > Setup > what method should be used? Or it could be build time configuration? > > I have below assumption while I implemented the library. I admit this > is not always true. > > No Auth: I think this is rare case for Redfish service which gives > anonymous privilege to change BIOS settings. > Basic Auth: this is the authentication method which uses username and > password to build base64 encoded string. > Session Auth: I assume that client must have a session token first and > then use this authentication method. Can we use username and password > to generate session token on our own? If my memory serves me > correctly, client has to do a login with username and password first > and then client can receive session token from server. > > Igor: BIOS will use the credentials to create session. It should send > POST request to the session URI with user name and password to create session. > If a session created successfully then on response BMC returns header > "X- Auth-Token" which then used for the subsequential calls. > > If we really like to know what authentication method that Redfish > service used, we can issue a HTTP query to "/redfish/v1/Systems" with "No Auth". > Then we can know what authentication method is required by reading the > "WWW-Authenticate " filed in returned HTTP header. > > Igor: As my understanding, even if you include authentication header > (Base64 encoded) in the request to BMC and BMC has NoAuth > configuration, then that authentication header would be just ignored by BMC. > > Thanks, > Nickle > > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Igor > Kulchytskyy via groups.io > Sent: Wednesday, October 26, 2022 11:26 PM > To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io; > abner.chang@amd.com > Cc: Nick Ramirez <nramirez@nvidia.com> > Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: > IPMI implementation > > External email: Use caution opening links or attachments > > > Hi Nickle, > I would like to discuss that DisableBootstrapControl flag and how it > is used in our implementation. > According to Redfish HI specification we can use this flag to disable > credential bootstrapping control. > It can be disabled permanently or till next reboot of the host or > service. That depend on the EnableAfterReset setting on BMC side: > CredentialBootstrapping (v1.3+) > { object The credential bootstrapping settings for this interface. > EnableAfterReset (v1.3+) Boolean read-write (null) An > indication of whether credential bootstrapping is enabled after a reset for this interface. > Enabled (v1.3+) Boolean read-write (null) An indication of > whether credential bootstrapping is enabled for this interface. > RoleId (v1.3+) string read-write The role used for the > bootstrap account created for this interface. > } > So, if EnableAfterReset set to false, that means BMC will response > with 0x80 error and will not return any credentials after reboot. And > BIOS BMC communication will fail. > Another concern with disabling credential bootstrapping control is > that we do it on Exit Boot event before passing a control to OS. > But OS may also need to communicate to BMC through Redfish Host > Interface to post some information. And it will be blocked by our IPMI call. > We create that SMBIOS Type 42 table with Redfish Host Interface > settings which can be used by OS to communicate with BMC. But without > the credentials it will not be possible. > > Another question is AuthMethod parameter you initialize in this library: > *AuthMethod = AuthMethodHttpBasic; > According to Redfish HI specification 3 methods may be used - No Auth, > Basic Auth and Session Auth. > Basic Auth and Session Auth methods are required the credentials to be > used by BIOS. And both of them should be supported by BMC. > And your high level function RedfishCreateLibredfishService also > supports of creation Basic or Session Auth service. > I'm not sure why low level library which is created to get credentials > from BMC should decide what Authentication method should be used? > Should it be configured with some PCD? Maybe user may select in Setup > what method should be used? Or it could be build time configuration? > > Thank you, > Igor > > -----Original Message----- > From: Nickle Wang <nicklew@nvidia.com> > Sent: Tuesday, October 25, 2022 4:24 AM > To: devel@edk2.groups.io; abner.chang@amd.com > Cc: Nick Ramirez <nramirez@nvidia.com>; Igor Kulchytskyy > <igork@ami.com> > Subject: [EXTERNAL] RE: [edk2-devel] [PATCH] > RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation > > > **CAUTION: The e-mail below is from an external source. Please > exercise caution before opening attachments, clicking links, or > following guidance.** > > Thanks for your review comments, Abner! I will update new version > patch later. The CI build error will be handled together. > > > please add Igor as reviewer too > Sure! > > > > + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); > > + if > [Chang, Abner] > Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both > BootUsername and BootstrapPassword? Because the maximum number of > characters defined in the spec is USERNAME_MAX_LENGTH for the > user/password. > > Yes, the additional one byte is for NULL terminator. > USERNAME_MAX_LENGTH is defined as 16 and follow host interface > specification. > > Regards, > Nickle > > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Chang, > Abner via groups.io > Sent: Saturday, October 22, 2022 3:01 PM > To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io > Cc: Nick Ramirez <nramirez@nvidia.com>; Igor Kulchytskyy > <igork@ami.com> > Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: > IPMI implementation > > External email: Use caution opening links or attachments > > > [AMD Official Use Only - General] > > Hi Nickle, please add Igor as reviewer too. My comments is in below, > > > -----Original Message----- > > From: Nickle Wang <nicklew@nvidia.com> > > Sent: Thursday, October 20, 2022 10:55 AM > > To: devel@edk2.groups.io > > Cc: Chang, Abner <Abner.Chang@amd.com>; Nick Ramirez > > <nramirez@nvidia.com> > > Subject: [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI > > implementation > > > > Caution: This message originated from an External Source. Use proper > > caution when opening attachments, clicking links, or responding. > > > > > > This library follows Redfish Host Interface specification and use > > IPMI command to get bootstrap account credential(NetFn 2Ch, Command > > 02h) > from BMC. > > RedfishHostInterfaceDxe will use this credential for the following > > communication between BIOS and BMC. > > > > Cc: Abner Chang <abner.chang@amd.com> > > Cc: Nick Ramirez <nramirez@nvidia.com> > > Signed-off-by: Nickle Wang <nicklew@nvidia.com> > > --- > > .../RedfishPlatformCredentialLib.c | 273 ++++++++++++++++++ > > .../RedfishPlatformCredentialLib.h | 75 +++++ > > .../RedfishPlatformCredentialLib.inf | 37 +++ > [Chang, Abner] > Could we name this library RedfishPlatformCredentialIpmi so the naming > style is consistent with RedfishPlatformCredentialNull? > > > 3 files changed, 385 insertions(+) > > create mode 100644 > > > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredent > ial > Lib. > > c > > create mode 100644 > > > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredent > ial > Lib. > > h > > create mode 100644 > > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > > nt > > ialLib.i > > nf > > > > diff --git > > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.c > > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.c > > new file mode 100644 > > index 0000000000..23a15ab1fa > > --- /dev/null > > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatfor > > +++ mC > > +++ re > > +++ dentialLib.c > > @@ -0,0 +1,273 @@ > > +/** @file > > +* > > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > > +* > > +* SPDX-License-Identifier: BSD-2-Clause-Patent > [Chang, Abner] > We can have "@par Revision Reference:" in the file header to point > out the spec. > https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnam1 > 1.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fww&a > mp;data=05%7C01%7Cigork%40ami.com%7C2b5b562c02c04c90d51208dab8b8c0fd%7 > C27e97857e15f486cb58e86c2b3040f93%7C1%7C0%7C638025400915295621%7CUnkno > wn%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiL > CJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Uy%2B3HS336N3rgNSESPcyOPGX3eOR > 48hekdz08nLtJU4%3D&reserved=0 > w.dmtf.org%2Fsites%2Fdefault%2Ffiles%2Fstandards%2Fdocuments%2FDSP > 0270_1.3.0.pdf&data=05%7C01%7Cabner.chang%40amd.com%7C074aa > e162fba49409af408dab8297c03%7C3dd8961fe4884e608e11a82d994e183d%7C > 0%7C0%7C638024786060127888%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiM > C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000 > %7C%7C%7C&sdata=yY6hhKjQfVqmNuufbeDNk%2B2FKrebHyIAyS9Ya4 > szE3Y%3D&reserved=0 > > > +* > > +**/ > > + > > +#include "RedfishPlatformCredentialLib.h" > > + > > +// > > +// Global flag of controlling credential service // BOOLEAN > > +mRedfishServiceStopped = FALSE; > > + > > +/** > > + Notify the Redfish service provide to stop provide configuration > > +service to this > > platform. > > + > > + This function should be called when the platfrom is about to > > + leave the safe > > environment. > > + It will notify the Redfish service provider to abort all logined > > + session, and prohibit further login with original auth info. > > + GetAuthInfo() will return EFI_UNSUPPORTED once this function is > returned. > > + > > + @param[in] This Pointer to > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > > + @param[in] ServiceStopType Reason of stopping Redfish service. > > + > > + @retval EFI_SUCCESS Service has been stoped successfully. > > + @retval EFI_INVALID_PARAMETER This is NULL. > > + @retval Others Some error happened. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +LibStopRedfishService ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE > ServiceStopType > > + ) > > +{ > > + EFI_STATUS Status; > > + > > + if ((ServiceStopType <= ServiceStopTypeNone) || (ServiceStopType > > + >= > > ServiceStopTypeMax)) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + // > > + // Raise flag first > > + // > > + mRedfishServiceStopped = TRUE; > > + > > + // > > + // Notify BMC to disable credential bootstrapping support. > > + // > > + Status = GetBootstrapAccountCredentials (TRUE, NULL, NULL); if > > + (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: fail to disable bootstrap credential: > > + %r\n", > > __FUNCTION__, Status)); > > + return Status; > > + } > > + > > + return EFI_SUCCESS; > > +} > > + > > +/** > > + Notification of Exit Boot Service. > > + > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > > +**/ > > +VOID > > +EFIAPI > > +LibCredentialExitBootServicesNotify ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > > + ) > > +{ > > + // > > + // Stop the credential support when system is about to enter OS. > > + // > > + LibStopRedfishService (This, ServiceStopTypeExitBootService); } > > + > > +/** > > + Notification of End of DXe. > > + > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > > +**/ > > +VOID > > +EFIAPI > > +LibCredentialEndOfDxeNotify ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > > + ) > > +{ > > + // > > + // Do nothing now. > > + // We can stop credential support when system reach end-of-dxe > > +for security > > reason. > > + // > > +} > > + > > +/** > > + Function to retrieve temporary use credentials for the UEFI > > +redfish client > [Chang, Abner] > We miss the functionality to disable bootstrap credential service in > the function description. > > > + > > + @param[in] DisableBootstrapControl > > + TRUE - Tell the BMC to disable the bootstrap credential > > + service to ensure no one else gains credentials > > + FALSE Allow the bootstrap > > + credential service to continue @param[out] BootstrapUsername > > + A pointer to a UTF-8 encoded > > + string for the credential > > username > > + When DisableBootstrapControl > > + is TRUE, this pointer can be NULL > > + > > + @param[out] BootstrapPassword > > + A pointer to a UTF-8 encoded > > + string for the credential > > password > > + When DisableBootstrapControl > > + is TRUE, this pointer can be NULL > > + > > + @retval EFI_SUCCESS Credentials were successfully fetched and > > returned > > + @retval EFI_INVALID_PARAMETER BootstrapUsername or > > BootstrapPassword is NULL when DisableBootstrapControl > > + is set to FALSE > > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > [Chang, Abner] > The return status should also include the status of disabling > bootstrap credential. > > > > +**/ > > +EFI_STATUS > > +GetBootstrapAccountCredentials ( > > + IN BOOLEAN DisableBootstrapControl, > > + IN OUT CHAR8 *BootstrapUsername, OPTIONAL > > + IN OUT CHAR8 *BootstrapPassword OPTIONAL > > + ) > > +{ > > + EFI_STATUS Status; > > + IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA CommandData; > > + IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE ResponseData; > > + UINT32 ResponseSize; > > + > > + if (!PcdGetBool (PcdIpmiFeatureEnable)) { > > + DEBUG ((DEBUG_ERROR, "%a: IPMI is not enabled! Unable to fetch > > + Redfish > > credentials\n", __FUNCTION__)); > > + return EFI_UNSUPPORTED; > > + } > > + > > + // > > + // NULL buffer check > > + // > > + if (!DisableBootstrapControl && ((BootstrapUsername == NULL) || > > (BootstrapPassword == NULL))) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + DEBUG ((DEBUG_VERBOSE, "%a: Disable bootstrap control: 0x%x\n", > > + __FUNCTION__, DisableBootstrapControl)); > > + > > + // > > + // IPMI callout to NetFn 2C, command 02 > > + // Request data: > > + // Byte 1: REDFISH_IPMI_GROUP_EXTENSION > > + // Byte 2: DisableBootstrapControl > > + // > > + CommandData.GroupExtensionId = > REDFISH_IPMI_GROUP_EXTENSION; > > + CommandData.DisableBootstrapControl = (DisableBootstrapControl ? > > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE : > > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE); > > + > > + ResponseSize = sizeof (ResponseData); > > + > > + // > > + // Response data: > > + // Byte 1 : Completion code > > + // Byte 2 : REDFISH_IPMI_GROUP_EXTENSION > > + // Byte 3-18 : Username > > + // Byte 19-34: Password > > + // > > + Status = IpmiSubmitCommand ( > > + IPMI_NETFN_GROUP_EXT, > > + REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD, > > + (UINT8 *)&CommandData, > > + sizeof (CommandData), > > + (UINT8 *)&ResponseData, > > + &ResponseSize > > + ); > > + > > + if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: IPMI transaction failure. > > + Returning\n", > > __FUNCTION__)); > > + ASSERT_EFI_ERROR (Status); > > + return Status; > > + } else { > > + if (ResponseData.CompletionCode != IPMI_COMP_CODE_NORMAL) { > > + if (ResponseData.CompletionCode == > > REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED) { > > + DEBUG ((DEBUG_ERROR, "%a: bootstrap credential support was > > disabled\n", __FUNCTION__)); > > + return EFI_ACCESS_DENIED; > > + } > > + > > + DEBUG ((DEBUG_ERROR, "%a: Completion code = 0x%x. > > + Returning\n", > > __FUNCTION__, ResponseData.CompletionCode)); > > + return EFI_PROTOCOL_ERROR; > > + } else if (ResponseData.GroupExtensionId != > > REDFISH_IPMI_GROUP_EXTENSION) { > > + DEBUG ((DEBUG_ERROR, "%a: Group Extension Response = 0x%x. > > Returning\n", __FUNCTION__, ResponseData.GroupExtensionId)); > > + return EFI_DEVICE_ERROR; > > + } else { > > + if (BootstrapUsername != NULL) { > > + CopyMem (BootstrapUsername, ResponseData.Username, > > USERNAME_MAX_LENGTH); > > + // > > + // Manually append null-terminator in case 16 characters > > + username > > returned. > > + // > > + BootstrapUsername[USERNAME_MAX_LENGTH] = '\0'; > > + } > > + > > + if (BootstrapPassword != NULL) { > > + CopyMem (BootstrapPassword, ResponseData.Password, > > PASSWORD_MAX_LENGTH); > > + // > > + // Manually append null-terminator in case 16 characters > > + password > > returned. > > + // > > + BootstrapPassword[PASSWORD_MAX_LENGTH] = '\0'; > > + } > > + } > > + } > > + > > + return Status; > > +} > > + > > +/** > > + Retrieve platform's Redfish authentication information. > > + > > + This functions returns the Redfish authentication method together > > + with the user Id and password. > > + - For AuthMethodNone, the UserId and Password could be used for > > + HTTP > > header authentication > > + as defined by RFC7235. > > + - For AuthMethodRedfishSession, the UserId and Password could be > > + used for > > Redfish > > + session login as defined by Redfish API specification (DSP0266). > > + > > + Callers are responsible for and freeing the returned string storage. > > + > > + @param[in] This Pointer to > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > > + @param[out] AuthMethod Type of Redfish authentication method. > > + @param[out] UserId The pointer to store the returned UserId > string. > > + @param[out] Password The pointer to store the returned > Password > > string. > > + > > + @retval EFI_SUCCESS Get the authentication information > successfully. > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe. > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or > > Password is NULL. > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory > resources. > > + @retval EFI_UNSUPPORTED Unsupported authentication method is > > found. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +LibCredentialGetAuthInfo ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod, > > + OUT CHAR8 **UserId, > > + OUT CHAR8 **Password > > + ) > > +{ > > + EFI_STATUS Status; > > + > > + if ((AuthMethod == NULL) || (UserId == NULL) || (Password == NULL)) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + *UserId = NULL; > > + *Password = NULL; > > + > > + if (mRedfishServiceStopped) { > > + DEBUG ((DEBUG_ERROR, "%a: credential service is stopped due to > > + security > > reason\n", __FUNCTION__)); > > + return EFI_ACCESS_DENIED; > > + } > > + > > + *AuthMethod = AuthMethodHttpBasic; > > + > > + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); > > + if > [Chang, Abner] > Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both > BootUsername and BootstrapPassword? Because the maximum number of > characters defined in the spec is USERNAME_MAX_LENGTH for the > user/password. > > > > + (*UserId == NULL) { > > + return EFI_OUT_OF_RESOURCES; > > + } > > + > > + *Password = AllocateZeroPool (sizeof (CHAR8) * > > + PASSWORD_MAX_SIZE); if (*Password == NULL) { > > + return EFI_OUT_OF_RESOURCES; > > + } > > + > > + Status = GetBootstrapAccountCredentials (FALSE, *UserId, > > + *Password); if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: fail to get bootstrap credential: > > + %r\n", > > __FUNCTION__, Status)); > > + return Status; > > + } > > + > > + return EFI_SUCCESS; > > +} > > diff --git > > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.h > > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.h > > new file mode 100644 > > index 0000000000..5b448e01be > > --- /dev/null > > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatfor > > +++ mC > > +++ re > > +++ dentialLib.h > > @@ -0,0 +1,75 @@ > > +/** @file > > +* > > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > > +* > > +* SPDX-License-Identifier: BSD-2-Clause-Patent > > +* > > +**/ > > +#include <Uefi.h> > > +#include <IndustryStandard/Ipmi.h> > > +#include <Protocol/EdkIIRedfishCredential.h> > > +#include <Library/BaseLib.h> > > +#include <Library/BaseMemoryLib.h> > > +#include <Library/DebugLib.h> > > +#include <Library/IpmiBaseLib.h> > > +#include <Library/MemoryAllocationLib.h> #include > > +<Library/RedfishCredentialLib.h> > > + > > +#define REDFISH_IPMI_GROUP_EXTENSION 0x52 > > +#define REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD 0x02 > > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE 0xA5 > > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE 0x00 > > +#define > REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED > > 0x80 > > + > > +// > > +// Per Redfish Host Interface Specification 1.3, The maximum lenght > > +of // username and password is 16 characters long. > > +// > > +#define USERNAME_MAX_LENGTH 16 > > +#define PASSWORD_MAX_LENGTH 16 > > +#define USERNAME_MAX_SIZE (USERNAME_MAX_LENGTH + 1) // > NULL > > terminator > > +#define PASSWORD_MAX_SIZE (PASSWORD_MAX_LENGTH + 1) // > NULL > > terminator > > + > > +#pragma pack(1) > > +/// > > +/// The definition of IPMI command to get bootstrap account > > +credentials /// typedef struct { > > + UINT8 GroupExtensionId; > > + UINT8 DisableBootstrapControl; > > +} IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA; > > + > > +/// > > +/// The response data of getting bootstrap credential /// typedef > > +struct { > > + UINT8 CompletionCode; > > + UINT8 GroupExtensionId; > > + CHAR8 Username[USERNAME_MAX_LENGTH]; > > + CHAR8 Password[PASSWORD_MAX_LENGTH]; > > +} IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE; > > + > > +#pragma pack() > > + > > +/** > > + Function to retrieve temporary use credentials for the UEFI > > +redfish client > [Chang, Abner] > We miss the functionality to disable bootstrap credential service in > the function description. > > > + > > + @param[in] DisableBootstrapControl > > + TRUE - Tell the BMC to disable the bootstrap credential > > + service to ensure no one else gains credentials > > + FALSE Allow the bootstrap > > + credential service to continue @param[out] BootstrapUsername > > + A pointer to a UTF-8 encoded > > + string for the credential username > > + > > + @param[out] BootstrapPassword > > + A pointer to a UTF-8 encoded > > + string for the credential password > > + > > + @retval EFI_SUCCESS Credentials were successfully fetched and > > returned > [Chang, Abner] > Or the bootstrap credential service is disabled successfully, right? > > > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > > +**/ > > +EFI_STATUS > > +GetBootstrapAccountCredentials ( > > + IN BOOLEAN DisableBootstrapControl, > > + IN OUT CHAR8 *BootstrapUsername, > > + IN OUT CHAR8 *BootstrapPassword > > + ); > > diff --git > > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.inf > > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.inf > > new file mode 100644 > > index 0000000000..a990d28363 > > --- /dev/null > > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatfor > > +++ mC > > +++ re > > +++ dentialLib.inf > > @@ -0,0 +1,37 @@ > > +## @file > > +# > > +# Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > > +# > > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ## > > + > > +[Defines] > > + INF_VERSION = 0x0001000b > > + BASE_NAME = RedfishPlatformCredentialLib > > + FILE_GUID = 9C45D622-4C66-417F-814C-F76246D97233 > > + MODULE_TYPE = DXE_DRIVER > > + VERSION_STRING = 1.0 > > + LIBRARY_CLASS = RedfishPlatformCredentialLib > > + > > +[Sources] > > + RedfishPlatformCredentialLib.c > > + > > +[Packages] > > + MdePkg/MdePkg.dec > > + MdeModulePkg/MdeModulePkg.dec > > + RedfishPkg/RedfishPkg.dec > > + IpmiFeaturePkg/IpmiFeaturePkg.dec > [Chang, Abner] > Could you please add a comment to the reference of IpmiFeaturePkg? We > have to give customers a notice that the dependence of "edk2- > platforms/Features/Intel/OutOfBandManagement/". They have to add the > path to PACKAGES_PATH. You also have to skip this dependence in the > RedfishPkg.yaml to avoid the CI error. > > Another thing is I propose to move out IpmiFeaturePkg from edk2- > platforms/Features/Intel/OutOfBandManagement to edk2- > platforms/Features/ManageabilityPkg that also provides the > implementation of PLDM/MCTP/IPMI/KCS. I had an initial talk with > IpmiFeaturePkg owner and get the positive response on this proposal. I > will kick off the discussion on the dev mailing list. That is to say > this module may need a little bit change later, however that is good > to me having this implementation now. > Thanks > Abner > > + > > +[LibraryClasses] > > + UefiLib > > + DebugLib > > + IpmiBaseLib > > + MemoryAllocationLib > > + BaseMemoryLib > > + > > +[Pcd] > > + gIpmiFeaturePkgTokenSpaceGuid.PcdIpmiFeatureEnable > > + > > +[Depex] > > + TRUE > > -- > > 2.17.1 > > > > > > -The information contained in this message may be confidential and > proprietary to American Megatrends (AMI). This communication is > intended to be read only by the individual or entity to whom it is > addressed or by their designee. If the reader of this message is not > the intended recipient, you are on notice that any distribution of > this message, in any form, is strictly prohibited. Please promptly > notify the sender by reply e-mail or by telephone at 770-246-8600, and > then delete or destroy all copies of the transmission. > > > > > > > > > > > -The information contained in this message may be confidential and > proprietary to American Megatrends (AMI). This communication is > intended to be read only by the individual or entity to whom it is > addressed or by their designee. If the reader of this message is not > the intended recipient, you are on notice that any distribution of > this message, in any form, is strictly prohibited. Please promptly > notify the sender by reply e-mail or by telephone at 770-246-8600, and > then delete or destroy all copies of the transmission. > > > > -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation 2022-10-28 13:54 ` Igor Kulchytskyy @ 2022-10-28 14:53 ` Nickle Wang 2022-10-28 16:03 ` Igor Kulchytskyy 0 siblings, 1 reply; 15+ messages in thread From: Nickle Wang @ 2022-10-28 14:53 UTC (permalink / raw) To: Igor Kulchytskyy, Chang, Abner, devel@edk2.groups.io; +Cc: Nick Ramirez Hi Igor, Abner, Thanks for your comments. A quick summary as below: - BIOS is not supported to disable bootstrap credential service. For security purposes, BIOS should shutdown credential service with its internal control mechanism. - Credential libraries need a cache mechanism to prevent multiple queries to BMC. All applications in BIOS share the same credentials. - The storage of keeping credentials should be deleted before the end of the DXE event. So that the credential will not be retrieved by unauthorized user or application. (e.g. user can read variable under UEFI shell with dmpstore command) There is one thing remained and I like to have further discussion. For the authentication method, do we think that client user can decide what authentication method to use regardless of the requirement from server? I am thinking a detection mechanism as below: Issue HTTP GET to "/redfish/v1/Systems" (which normally require authentication) without authentication method. a) if client receive 200 OK, "No Auth" is used and we don't need to get credentials b) if client receive 401 Unauthorized, check the "WWW-Authenticate" field in returned HTTP header. "Basic realm" or "X-Auh-Token realm" or both two methods will be specified. Then client can know what method to use. Two methods all require credential. Above mechanism can be placed in RedfishCredentailDxe driver so driver will know if it needs to call credential lib or not. Thanks, Nickle -----Original Message----- From: Igor Kulchytskyy <igork@ami.com> Sent: Friday, October 28, 2022 9:54 PM To: Chang, Abner <Abner.Chang@amd.com>; devel@edk2.groups.io; Nickle Wang <nicklew@nvidia.com> Cc: Nick Ramirez <nramirez@nvidia.com> Subject: RE: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation External email: Use caution opening links or attachments Hi Abner, Yes, you are right that NVRAM variables were deprecated by DMTF. But we can use our own boot time NVRAM variable to keep FW credentials. That variable will not be accessible from OS, but since we agreed not to disable bootstrap credentials service on exit boot event, then OS may get its own credentials. Or we can save the credentials in memory variable. But in this case if we have several instances of the library linked with different modules they will have to send their own IPMI command to get credentials. So, I think it is better to use our own NVRAM boot time variable. Thank you, Igor -----Original Message----- From: Chang, Abner <Abner.Chang@amd.com> Sent: Friday, October 28, 2022 3:48 AM To: devel@edk2.groups.io; Igor Kulchytskyy <igork@ami.com>; nicklew@nvidia.com Cc: Nick Ramirez <nramirez@nvidia.com> Subject: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation **CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.** [AMD Official Use Only - General] > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Igor > Kulchytskyy via groups.io > Sent: Thursday, October 27, 2022 10:42 PM > To: devel@edk2.groups.io; nicklew@nvidia.com; Chang, Abner > <Abner.Chang@amd.com> > Cc: Nick Ramirez <nramirez@nvidia.com> > Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: > IPMI implementation > > Caution: This message originated from an External Source. Use proper > caution when opening attachments, clicking links, or responding. > > > Hi Nickle, > Pleased, see my comments on your questions below. > > Another point I missed in my previous mail. > You have that function in the library to get credentials and it is > used by RedfishCredentialsDxe driver to create the protocol which in > its turn will be used by other Redfish modules. > We do not know how many modules and how many times will call this > function during boot. Right? > And on each call of this function you call IPMI command. That command > will create new Redfish account on BMC side according to Redfish HI specification: > > " If the Get Bootstrap Account Credentials command has been issued and > responds with the completion code 00h, a bootstrap account shall be > added to the manager's account collection and enabled. If the Get > Bootstrap Account Credentials command is sent subsequent times and > responds with the completion code 00h, a new account shall be created > based on the newly generated credentials. Any existing bootstrap accounts shall remain active." > > As I know BMC may have some restrictions on the number of Redfish > accounts they can support. > And because of that BOS may hit this limit. Which is not good. > On the other hand I'm not sure we need to have different credentials > for different modules? All those modules are part of FW. And all of > them will be associated with the same RoleID (FW role) on BMC side. > So, all of them may use the same credentials. > Could we cash the credentials on first call of that Yes, this is something we have to avoid. Many accounts will be created while each of Redfish client module requests a credential. FW can save it in EFI variable and delete it at proper timing. Unfortunately the credential delivering via EFI variable section was deprecated, otherwise we can deliver the credential to OS through EFI variable with disabling the bootstrap credential at exit boot service. Abner > RedfishCredentialGetAuthInfo and then use those cashed credentials on > subsequential calls? > It will also may save a boot time, since there is no need to send IPMI > command. > > Thank you, > Igor > > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Nickle > Wang via groups.io > Sent: Thursday, October 27, 2022 9:26 AM > To: devel@edk2.groups.io; Igor Kulchytskyy <igork@ami.com>; > abner.chang@amd.com > Cc: Nick Ramirez <nramirez@nvidia.com> > Subject: [EXTERNAL] Re: [edk2-devel] [PATCH] > RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation > > > **CAUTION: The e-mail below is from an external source. Please > exercise caution before opening attachments, clicking links, or > following guidance.** > > Hi Igor, > > Thank you for your help to review my changes. > > > And it will be blocked by our IPMI call. > > I see your point. So, BIOS should never be the person to shutdown > credential service because BIOS always get executed prior to OS, right? > > Igor: Yes, my point is that we should not shutdown credential service > from BIOS. Even if OS sends that IPMI command, new account will be > created and BIOS credentials will not be compromised. > > > Should it be configured with some PCD? Maybe user may select in > > Setup > what method should be used? Or it could be build time configuration? > > I have below assumption while I implemented the library. I admit this > is not always true. > > No Auth: I think this is rare case for Redfish service which gives > anonymous privilege to change BIOS settings. > Basic Auth: this is the authentication method which uses username and > password to build base64 encoded string. > Session Auth: I assume that client must have a session token first and > then use this authentication method. Can we use username and password > to generate session token on our own? If my memory serves me > correctly, client has to do a login with username and password first > and then client can receive session token from server. > > Igor: BIOS will use the credentials to create session. It should send > POST request to the session URI with user name and password to create session. > If a session created successfully then on response BMC returns header > "X- Auth-Token" which then used for the subsequential calls. > > If we really like to know what authentication method that Redfish > service used, we can issue a HTTP query to "/redfish/v1/Systems" with "No Auth". > Then we can know what authentication method is required by reading the > "WWW-Authenticate " filed in returned HTTP header. > > Igor: As my understanding, even if you include authentication header > (Base64 encoded) in the request to BMC and BMC has NoAuth > configuration, then that authentication header would be just ignored by BMC. > > Thanks, > Nickle > > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Igor > Kulchytskyy via groups.io > Sent: Wednesday, October 26, 2022 11:26 PM > To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io; > abner.chang@amd.com > Cc: Nick Ramirez <nramirez@nvidia.com> > Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: > IPMI implementation > > External email: Use caution opening links or attachments > > > Hi Nickle, > I would like to discuss that DisableBootstrapControl flag and how it > is used in our implementation. > According to Redfish HI specification we can use this flag to disable > credential bootstrapping control. > It can be disabled permanently or till next reboot of the host or > service. That depend on the EnableAfterReset setting on BMC side: > CredentialBootstrapping (v1.3+) > { object The credential bootstrapping settings for this interface. > EnableAfterReset (v1.3+) Boolean read-write (null) An > indication of whether credential bootstrapping is enabled after a reset for this interface. > Enabled (v1.3+) Boolean read-write (null) An indication of > whether credential bootstrapping is enabled for this interface. > RoleId (v1.3+) string read-write The role used for the > bootstrap account created for this interface. > } > So, if EnableAfterReset set to false, that means BMC will response > with 0x80 error and will not return any credentials after reboot. And > BIOS BMC communication will fail. > Another concern with disabling credential bootstrapping control is > that we do it on Exit Boot event before passing a control to OS. > But OS may also need to communicate to BMC through Redfish Host > Interface to post some information. And it will be blocked by our IPMI call. > We create that SMBIOS Type 42 table with Redfish Host Interface > settings which can be used by OS to communicate with BMC. But without > the credentials it will not be possible. > > Another question is AuthMethod parameter you initialize in this library: > *AuthMethod = AuthMethodHttpBasic; > According to Redfish HI specification 3 methods may be used - No Auth, > Basic Auth and Session Auth. > Basic Auth and Session Auth methods are required the credentials to be > used by BIOS. And both of them should be supported by BMC. > And your high level function RedfishCreateLibredfishService also > supports of creation Basic or Session Auth service. > I'm not sure why low level library which is created to get credentials > from BMC should decide what Authentication method should be used? > Should it be configured with some PCD? Maybe user may select in Setup > what method should be used? Or it could be build time configuration? > > Thank you, > Igor > > -----Original Message----- > From: Nickle Wang <nicklew@nvidia.com> > Sent: Tuesday, October 25, 2022 4:24 AM > To: devel@edk2.groups.io; abner.chang@amd.com > Cc: Nick Ramirez <nramirez@nvidia.com>; Igor Kulchytskyy > <igork@ami.com> > Subject: [EXTERNAL] RE: [edk2-devel] [PATCH] > RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation > > > **CAUTION: The e-mail below is from an external source. Please > exercise caution before opening attachments, clicking links, or > following guidance.** > > Thanks for your review comments, Abner! I will update new version > patch later. The CI build error will be handled together. > > > please add Igor as reviewer too > Sure! > > > > + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); > > + if > [Chang, Abner] > Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both > BootUsername and BootstrapPassword? Because the maximum number of > characters defined in the spec is USERNAME_MAX_LENGTH for the > user/password. > > Yes, the additional one byte is for NULL terminator. > USERNAME_MAX_LENGTH is defined as 16 and follow host interface > specification. > > Regards, > Nickle > > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Chang, > Abner via groups.io > Sent: Saturday, October 22, 2022 3:01 PM > To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io > Cc: Nick Ramirez <nramirez@nvidia.com>; Igor Kulchytskyy > <igork@ami.com> > Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: > IPMI implementation > > External email: Use caution opening links or attachments > > > [AMD Official Use Only - General] > > Hi Nickle, please add Igor as reviewer too. My comments is in below, > > > -----Original Message----- > > From: Nickle Wang <nicklew@nvidia.com> > > Sent: Thursday, October 20, 2022 10:55 AM > > To: devel@edk2.groups.io > > Cc: Chang, Abner <Abner.Chang@amd.com>; Nick Ramirez > > <nramirez@nvidia.com> > > Subject: [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI > > implementation > > > > Caution: This message originated from an External Source. Use proper > > caution when opening attachments, clicking links, or responding. > > > > > > This library follows Redfish Host Interface specification and use > > IPMI command to get bootstrap account credential(NetFn 2Ch, Command > > 02h) > from BMC. > > RedfishHostInterfaceDxe will use this credential for the following > > communication between BIOS and BMC. > > > > Cc: Abner Chang <abner.chang@amd.com> > > Cc: Nick Ramirez <nramirez@nvidia.com> > > Signed-off-by: Nickle Wang <nicklew@nvidia.com> > > --- > > .../RedfishPlatformCredentialLib.c | 273 ++++++++++++++++++ > > .../RedfishPlatformCredentialLib.h | 75 +++++ > > .../RedfishPlatformCredentialLib.inf | 37 +++ > [Chang, Abner] > Could we name this library RedfishPlatformCredentialIpmi so the naming > style is consistent with RedfishPlatformCredentialNull? > > > 3 files changed, 385 insertions(+) > > create mode 100644 > > > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredent > ial > Lib. > > c > > create mode 100644 > > > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredent > ial > Lib. > > h > > create mode 100644 > > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > > nt > > ialLib.i > > nf > > > > diff --git > > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.c > > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.c > > new file mode 100644 > > index 0000000000..23a15ab1fa > > --- /dev/null > > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatfor > > +++ mC > > +++ re > > +++ dentialLib.c > > @@ -0,0 +1,273 @@ > > +/** @file > > +* > > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > > +* > > +* SPDX-License-Identifier: BSD-2-Clause-Patent > [Chang, Abner] > We can have "@par Revision Reference:" in the file header to point > out the spec. > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnam1 > 2.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fnam1 > &data=05%7C01%7Cnicklew%40nvidia.com%7C90696ea8811e49e371a708dab8e > be2d8%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638025620543993279% > 7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik > 1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CyvRgMZREOk5Yf0hU3CmH%2 > B08ktxMYw%2Bixr4UVywfrAQ%3D&reserved=0 > 1.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fww&a > mp;data=05%7C01%7Cigork%40ami.com%7C2b5b562c02c04c90d51208dab8b8c0fd%7 > C27e97857e15f486cb58e86c2b3040f93%7C1%7C0%7C638025400915295621%7CUnkno > wn%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiL > CJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Uy%2B3HS336N3rgNSESPcyOPGX3eOR > 48hekdz08nLtJU4%3D&reserved=0 > w.dmtf.org%2Fsites%2Fdefault%2Ffiles%2Fstandards%2Fdocuments%2FDSP > 0270_1.3.0.pdf&data=05%7C01%7Cabner.chang%40amd.com%7C074aa > e162fba49409af408dab8297c03%7C3dd8961fe4884e608e11a82d994e183d%7C > 0%7C0%7C638024786060127888%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiM > C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000 > %7C%7C%7C&sdata=yY6hhKjQfVqmNuufbeDNk%2B2FKrebHyIAyS9Ya4 > szE3Y%3D&reserved=0 > > > +* > > +**/ > > + > > +#include "RedfishPlatformCredentialLib.h" > > + > > +// > > +// Global flag of controlling credential service // BOOLEAN > > +mRedfishServiceStopped = FALSE; > > + > > +/** > > + Notify the Redfish service provide to stop provide configuration > > +service to this > > platform. > > + > > + This function should be called when the platfrom is about to > > + leave the safe > > environment. > > + It will notify the Redfish service provider to abort all logined > > + session, and prohibit further login with original auth info. > > + GetAuthInfo() will return EFI_UNSUPPORTED once this function is > returned. > > + > > + @param[in] This Pointer to > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > > + @param[in] ServiceStopType Reason of stopping Redfish service. > > + > > + @retval EFI_SUCCESS Service has been stoped successfully. > > + @retval EFI_INVALID_PARAMETER This is NULL. > > + @retval Others Some error happened. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +LibStopRedfishService ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE > ServiceStopType > > + ) > > +{ > > + EFI_STATUS Status; > > + > > + if ((ServiceStopType <= ServiceStopTypeNone) || (ServiceStopType > > + >= > > ServiceStopTypeMax)) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + // > > + // Raise flag first > > + // > > + mRedfishServiceStopped = TRUE; > > + > > + // > > + // Notify BMC to disable credential bootstrapping support. > > + // > > + Status = GetBootstrapAccountCredentials (TRUE, NULL, NULL); if > > + (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: fail to disable bootstrap credential: > > + %r\n", > > __FUNCTION__, Status)); > > + return Status; > > + } > > + > > + return EFI_SUCCESS; > > +} > > + > > +/** > > + Notification of Exit Boot Service. > > + > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > > +**/ > > +VOID > > +EFIAPI > > +LibCredentialExitBootServicesNotify ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > > + ) > > +{ > > + // > > + // Stop the credential support when system is about to enter OS. > > + // > > + LibStopRedfishService (This, ServiceStopTypeExitBootService); } > > + > > +/** > > + Notification of End of DXe. > > + > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > > +**/ > > +VOID > > +EFIAPI > > +LibCredentialEndOfDxeNotify ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > > + ) > > +{ > > + // > > + // Do nothing now. > > + // We can stop credential support when system reach end-of-dxe > > +for security > > reason. > > + // > > +} > > + > > +/** > > + Function to retrieve temporary use credentials for the UEFI > > +redfish client > [Chang, Abner] > We miss the functionality to disable bootstrap credential service in > the function description. > > > + > > + @param[in] DisableBootstrapControl > > + TRUE - Tell the BMC to disable the bootstrap credential > > + service to ensure no one else gains credentials > > + FALSE Allow the bootstrap > > + credential service to continue @param[out] BootstrapUsername > > + A pointer to a UTF-8 encoded > > + string for the credential > > username > > + When DisableBootstrapControl > > + is TRUE, this pointer can be NULL > > + > > + @param[out] BootstrapPassword > > + A pointer to a UTF-8 encoded > > + string for the credential > > password > > + When DisableBootstrapControl > > + is TRUE, this pointer can be NULL > > + > > + @retval EFI_SUCCESS Credentials were successfully fetched and > > returned > > + @retval EFI_INVALID_PARAMETER BootstrapUsername or > > BootstrapPassword is NULL when DisableBootstrapControl > > + is set to FALSE > > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > [Chang, Abner] > The return status should also include the status of disabling > bootstrap credential. > > > > +**/ > > +EFI_STATUS > > +GetBootstrapAccountCredentials ( > > + IN BOOLEAN DisableBootstrapControl, > > + IN OUT CHAR8 *BootstrapUsername, OPTIONAL > > + IN OUT CHAR8 *BootstrapPassword OPTIONAL > > + ) > > +{ > > + EFI_STATUS Status; > > + IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA CommandData; > > + IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE ResponseData; > > + UINT32 ResponseSize; > > + > > + if (!PcdGetBool (PcdIpmiFeatureEnable)) { > > + DEBUG ((DEBUG_ERROR, "%a: IPMI is not enabled! Unable to fetch > > + Redfish > > credentials\n", __FUNCTION__)); > > + return EFI_UNSUPPORTED; > > + } > > + > > + // > > + // NULL buffer check > > + // > > + if (!DisableBootstrapControl && ((BootstrapUsername == NULL) || > > (BootstrapPassword == NULL))) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + DEBUG ((DEBUG_VERBOSE, "%a: Disable bootstrap control: 0x%x\n", > > + __FUNCTION__, DisableBootstrapControl)); > > + > > + // > > + // IPMI callout to NetFn 2C, command 02 > > + // Request data: > > + // Byte 1: REDFISH_IPMI_GROUP_EXTENSION > > + // Byte 2: DisableBootstrapControl > > + // > > + CommandData.GroupExtensionId = > REDFISH_IPMI_GROUP_EXTENSION; > > + CommandData.DisableBootstrapControl = (DisableBootstrapControl ? > > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE : > > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE); > > + > > + ResponseSize = sizeof (ResponseData); > > + > > + // > > + // Response data: > > + // Byte 1 : Completion code > > + // Byte 2 : REDFISH_IPMI_GROUP_EXTENSION > > + // Byte 3-18 : Username > > + // Byte 19-34: Password > > + // > > + Status = IpmiSubmitCommand ( > > + IPMI_NETFN_GROUP_EXT, > > + REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD, > > + (UINT8 *)&CommandData, > > + sizeof (CommandData), > > + (UINT8 *)&ResponseData, > > + &ResponseSize > > + ); > > + > > + if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: IPMI transaction failure. > > + Returning\n", > > __FUNCTION__)); > > + ASSERT_EFI_ERROR (Status); > > + return Status; > > + } else { > > + if (ResponseData.CompletionCode != IPMI_COMP_CODE_NORMAL) { > > + if (ResponseData.CompletionCode == > > REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED) { > > + DEBUG ((DEBUG_ERROR, "%a: bootstrap credential support was > > disabled\n", __FUNCTION__)); > > + return EFI_ACCESS_DENIED; > > + } > > + > > + DEBUG ((DEBUG_ERROR, "%a: Completion code = 0x%x. > > + Returning\n", > > __FUNCTION__, ResponseData.CompletionCode)); > > + return EFI_PROTOCOL_ERROR; > > + } else if (ResponseData.GroupExtensionId != > > REDFISH_IPMI_GROUP_EXTENSION) { > > + DEBUG ((DEBUG_ERROR, "%a: Group Extension Response = 0x%x. > > Returning\n", __FUNCTION__, ResponseData.GroupExtensionId)); > > + return EFI_DEVICE_ERROR; > > + } else { > > + if (BootstrapUsername != NULL) { > > + CopyMem (BootstrapUsername, ResponseData.Username, > > USERNAME_MAX_LENGTH); > > + // > > + // Manually append null-terminator in case 16 characters > > + username > > returned. > > + // > > + BootstrapUsername[USERNAME_MAX_LENGTH] = '\0'; > > + } > > + > > + if (BootstrapPassword != NULL) { > > + CopyMem (BootstrapPassword, ResponseData.Password, > > PASSWORD_MAX_LENGTH); > > + // > > + // Manually append null-terminator in case 16 characters > > + password > > returned. > > + // > > + BootstrapPassword[PASSWORD_MAX_LENGTH] = '\0'; > > + } > > + } > > + } > > + > > + return Status; > > +} > > + > > +/** > > + Retrieve platform's Redfish authentication information. > > + > > + This functions returns the Redfish authentication method together > > + with the user Id and password. > > + - For AuthMethodNone, the UserId and Password could be used for > > + HTTP > > header authentication > > + as defined by RFC7235. > > + - For AuthMethodRedfishSession, the UserId and Password could be > > + used for > > Redfish > > + session login as defined by Redfish API specification (DSP0266). > > + > > + Callers are responsible for and freeing the returned string storage. > > + > > + @param[in] This Pointer to > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > > + @param[out] AuthMethod Type of Redfish authentication method. > > + @param[out] UserId The pointer to store the returned UserId > string. > > + @param[out] Password The pointer to store the returned > Password > > string. > > + > > + @retval EFI_SUCCESS Get the authentication information > successfully. > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe. > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or > > Password is NULL. > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory > resources. > > + @retval EFI_UNSUPPORTED Unsupported authentication method is > > found. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +LibCredentialGetAuthInfo ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod, > > + OUT CHAR8 **UserId, > > + OUT CHAR8 **Password > > + ) > > +{ > > + EFI_STATUS Status; > > + > > + if ((AuthMethod == NULL) || (UserId == NULL) || (Password == NULL)) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + *UserId = NULL; > > + *Password = NULL; > > + > > + if (mRedfishServiceStopped) { > > + DEBUG ((DEBUG_ERROR, "%a: credential service is stopped due to > > + security > > reason\n", __FUNCTION__)); > > + return EFI_ACCESS_DENIED; > > + } > > + > > + *AuthMethod = AuthMethodHttpBasic; > > + > > + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); > > + if > [Chang, Abner] > Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both > BootUsername and BootstrapPassword? Because the maximum number of > characters defined in the spec is USERNAME_MAX_LENGTH for the > user/password. > > > > + (*UserId == NULL) { > > + return EFI_OUT_OF_RESOURCES; > > + } > > + > > + *Password = AllocateZeroPool (sizeof (CHAR8) * > > + PASSWORD_MAX_SIZE); if (*Password == NULL) { > > + return EFI_OUT_OF_RESOURCES; > > + } > > + > > + Status = GetBootstrapAccountCredentials (FALSE, *UserId, > > + *Password); if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: fail to get bootstrap credential: > > + %r\n", > > __FUNCTION__, Status)); > > + return Status; > > + } > > + > > + return EFI_SUCCESS; > > +} > > diff --git > > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.h > > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.h > > new file mode 100644 > > index 0000000000..5b448e01be > > --- /dev/null > > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatfor > > +++ mC > > +++ re > > +++ dentialLib.h > > @@ -0,0 +1,75 @@ > > +/** @file > > +* > > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > > +* > > +* SPDX-License-Identifier: BSD-2-Clause-Patent > > +* > > +**/ > > +#include <Uefi.h> > > +#include <IndustryStandard/Ipmi.h> > > +#include <Protocol/EdkIIRedfishCredential.h> > > +#include <Library/BaseLib.h> > > +#include <Library/BaseMemoryLib.h> > > +#include <Library/DebugLib.h> > > +#include <Library/IpmiBaseLib.h> > > +#include <Library/MemoryAllocationLib.h> #include > > +<Library/RedfishCredentialLib.h> > > + > > +#define REDFISH_IPMI_GROUP_EXTENSION 0x52 > > +#define REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD 0x02 > > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE 0xA5 > > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE 0x00 > > +#define > REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED > > 0x80 > > + > > +// > > +// Per Redfish Host Interface Specification 1.3, The maximum lenght > > +of // username and password is 16 characters long. > > +// > > +#define USERNAME_MAX_LENGTH 16 > > +#define PASSWORD_MAX_LENGTH 16 > > +#define USERNAME_MAX_SIZE (USERNAME_MAX_LENGTH + 1) // > NULL > > terminator > > +#define PASSWORD_MAX_SIZE (PASSWORD_MAX_LENGTH + 1) // > NULL > > terminator > > + > > +#pragma pack(1) > > +/// > > +/// The definition of IPMI command to get bootstrap account > > +credentials /// typedef struct { > > + UINT8 GroupExtensionId; > > + UINT8 DisableBootstrapControl; > > +} IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA; > > + > > +/// > > +/// The response data of getting bootstrap credential /// typedef > > +struct { > > + UINT8 CompletionCode; > > + UINT8 GroupExtensionId; > > + CHAR8 Username[USERNAME_MAX_LENGTH]; > > + CHAR8 Password[PASSWORD_MAX_LENGTH]; > > +} IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE; > > + > > +#pragma pack() > > + > > +/** > > + Function to retrieve temporary use credentials for the UEFI > > +redfish client > [Chang, Abner] > We miss the functionality to disable bootstrap credential service in > the function description. > > > + > > + @param[in] DisableBootstrapControl > > + TRUE - Tell the BMC to disable the bootstrap credential > > + service to ensure no one else gains credentials > > + FALSE Allow the bootstrap > > + credential service to continue @param[out] BootstrapUsername > > + A pointer to a UTF-8 encoded > > + string for the credential username > > + > > + @param[out] BootstrapPassword > > + A pointer to a UTF-8 encoded > > + string for the credential password > > + > > + @retval EFI_SUCCESS Credentials were successfully fetched and > > returned > [Chang, Abner] > Or the bootstrap credential service is disabled successfully, right? > > > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > > +**/ > > +EFI_STATUS > > +GetBootstrapAccountCredentials ( > > + IN BOOLEAN DisableBootstrapControl, > > + IN OUT CHAR8 *BootstrapUsername, > > + IN OUT CHAR8 *BootstrapPassword > > + ); > > diff --git > > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.inf > > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.inf > > new file mode 100644 > > index 0000000000..a990d28363 > > --- /dev/null > > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatfor > > +++ mC > > +++ re > > +++ dentialLib.inf > > @@ -0,0 +1,37 @@ > > +## @file > > +# > > +# Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > > +# > > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ## > > + > > +[Defines] > > + INF_VERSION = 0x0001000b > > + BASE_NAME = RedfishPlatformCredentialLib > > + FILE_GUID = 9C45D622-4C66-417F-814C-F76246D97233 > > + MODULE_TYPE = DXE_DRIVER > > + VERSION_STRING = 1.0 > > + LIBRARY_CLASS = RedfishPlatformCredentialLib > > + > > +[Sources] > > + RedfishPlatformCredentialLib.c > > + > > +[Packages] > > + MdePkg/MdePkg.dec > > + MdeModulePkg/MdeModulePkg.dec > > + RedfishPkg/RedfishPkg.dec > > + IpmiFeaturePkg/IpmiFeaturePkg.dec > [Chang, Abner] > Could you please add a comment to the reference of IpmiFeaturePkg? We > have to give customers a notice that the dependence of "edk2- > platforms/Features/Intel/OutOfBandManagement/". They have to add the > path to PACKAGES_PATH. You also have to skip this dependence in the > RedfishPkg.yaml to avoid the CI error. > > Another thing is I propose to move out IpmiFeaturePkg from edk2- > platforms/Features/Intel/OutOfBandManagement to edk2- > platforms/Features/ManageabilityPkg that also provides the > implementation of PLDM/MCTP/IPMI/KCS. I had an initial talk with > IpmiFeaturePkg owner and get the positive response on this proposal. I > will kick off the discussion on the dev mailing list. That is to say > this module may need a little bit change later, however that is good > to me having this implementation now. > Thanks > Abner > > + > > +[LibraryClasses] > > + UefiLib > > + DebugLib > > + IpmiBaseLib > > + MemoryAllocationLib > > + BaseMemoryLib > > + > > +[Pcd] > > + gIpmiFeaturePkgTokenSpaceGuid.PcdIpmiFeatureEnable > > + > > +[Depex] > > + TRUE > > -- > > 2.17.1 > > > > > > -The information contained in this message may be confidential and > proprietary to American Megatrends (AMI). This communication is > intended to be read only by the individual or entity to whom it is > addressed or by their designee. If the reader of this message is not > the intended recipient, you are on notice that any distribution of > this message, in any form, is strictly prohibited. Please promptly > notify the sender by reply e-mail or by telephone at 770-246-8600, and > then delete or destroy all copies of the transmission. > > > > > > > > > > > -The information contained in this message may be confidential and > proprietary to American Megatrends (AMI). This communication is > intended to be read only by the individual or entity to whom it is > addressed or by their designee. If the reader of this message is not > the intended recipient, you are on notice that any distribution of > this message, in any form, is strictly prohibited. Please promptly > notify the sender by reply e-mail or by telephone at 770-246-8600, and > then delete or destroy all copies of the transmission. > > > > -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation 2022-10-28 14:53 ` Nickle Wang @ 2022-10-28 16:03 ` Igor Kulchytskyy 2022-10-28 23:29 ` Nickle Wang 0 siblings, 1 reply; 15+ messages in thread From: Igor Kulchytskyy @ 2022-10-28 16:03 UTC (permalink / raw) To: Nickle Wang, Chang, Abner, devel@edk2.groups.io; +Cc: Nick Ramirez Hi Nickle, I think this is a good idea to send a request to the URI which requires the authentication and then analyze the header of response. The only thing I would like to discuss is a hardcoded URI - "/redfish/v1/Systems". Shouldn't we parse "redfish/v1" json response and get the URI from "Systems" attribute. That, I think, would be more universal method. And that is what Redfish specification said, that user should be able to iterate from Redfish service root "redfish/v1" to any redfish resource. Thank you, Igor -----Original Message----- From: Nickle Wang <nicklew@nvidia.com> Sent: Friday, October 28, 2022 10:53 AM To: Igor Kulchytskyy <igork@ami.com>; Chang, Abner <Abner.Chang@amd.com>; devel@edk2.groups.io Cc: Nick Ramirez <nramirez@nvidia.com> Subject: RE: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation Hi Igor, Abner, Thanks for your comments. A quick summary as below: - BIOS is not supported to disable bootstrap credential service. For security purposes, BIOS should shutdown credential service with its internal control mechanism. - Credential libraries need a cache mechanism to prevent multiple queries to BMC. All applications in BIOS share the same credentials. - The storage of keeping credentials should be deleted before the end of the DXE event. So that the credential will not be retrieved by unauthorized user or application. (e.g. user can read variable under UEFI shell with dmpstore command) There is one thing remained and I like to have further discussion. For the authentication method, do we think that client user can decide what authentication method to use regardless of the requirement from server? I am thinking a detection mechanism as below: Issue HTTP GET to "/redfish/v1/Systems" (which normally require authentication) without authentication method. a) if client receive 200 OK, "No Auth" is used and we don't need to get credentials b) if client receive 401 Unauthorized, check the "WWW-Authenticate" field in returned HTTP header. "Basic realm" or "X-Auh-Token realm" or both two methods will be specified. Then client can know what method to use. Two methods all require credential. Above mechanism can be placed in RedfishCredentailDxe driver so driver will know if it needs to call credential lib or not. Thanks, Nickle -----Original Message----- From: Igor Kulchytskyy <igork@ami.com> Sent: Friday, October 28, 2022 9:54 PM To: Chang, Abner <Abner.Chang@amd.com>; devel@edk2.groups.io; Nickle Wang <nicklew@nvidia.com> Cc: Nick Ramirez <nramirez@nvidia.com> Subject: RE: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation External email: Use caution opening links or attachments Hi Abner, Yes, you are right that NVRAM variables were deprecated by DMTF. But we can use our own boot time NVRAM variable to keep FW credentials. That variable will not be accessible from OS, but since we agreed not to disable bootstrap credentials service on exit boot event, then OS may get its own credentials. Or we can save the credentials in memory variable. But in this case if we have several instances of the library linked with different modules they will have to send their own IPMI command to get credentials. So, I think it is better to use our own NVRAM boot time variable. Thank you, Igor -----Original Message----- From: Chang, Abner <Abner.Chang@amd.com> Sent: Friday, October 28, 2022 3:48 AM To: devel@edk2.groups.io; Igor Kulchytskyy <igork@ami.com>; nicklew@nvidia.com Cc: Nick Ramirez <nramirez@nvidia.com> Subject: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation **CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.** [AMD Official Use Only - General] > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Igor > Kulchytskyy via groups.io > Sent: Thursday, October 27, 2022 10:42 PM > To: devel@edk2.groups.io; nicklew@nvidia.com; Chang, Abner > <Abner.Chang@amd.com> > Cc: Nick Ramirez <nramirez@nvidia.com> > Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: > IPMI implementation > > Caution: This message originated from an External Source. Use proper > caution when opening attachments, clicking links, or responding. > > > Hi Nickle, > Pleased, see my comments on your questions below. > > Another point I missed in my previous mail. > You have that function in the library to get credentials and it is > used by RedfishCredentialsDxe driver to create the protocol which in > its turn will be used by other Redfish modules. > We do not know how many modules and how many times will call this > function during boot. Right? > And on each call of this function you call IPMI command. That command > will create new Redfish account on BMC side according to Redfish HI specification: > > " If the Get Bootstrap Account Credentials command has been issued and > responds with the completion code 00h, a bootstrap account shall be > added to the manager's account collection and enabled. If the Get > Bootstrap Account Credentials command is sent subsequent times and > responds with the completion code 00h, a new account shall be created > based on the newly generated credentials. Any existing bootstrap accounts shall remain active." > > As I know BMC may have some restrictions on the number of Redfish > accounts they can support. > And because of that BOS may hit this limit. Which is not good. > On the other hand I'm not sure we need to have different credentials > for different modules? All those modules are part of FW. And all of > them will be associated with the same RoleID (FW role) on BMC side. > So, all of them may use the same credentials. > Could we cash the credentials on first call of that Yes, this is something we have to avoid. Many accounts will be created while each of Redfish client module requests a credential. FW can save it in EFI variable and delete it at proper timing. Unfortunately the credential delivering via EFI variable section was deprecated, otherwise we can deliver the credential to OS through EFI variable with disabling the bootstrap credential at exit boot service. Abner > RedfishCredentialGetAuthInfo and then use those cashed credentials on > subsequential calls? > It will also may save a boot time, since there is no need to send IPMI > command. > > Thank you, > Igor > > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Nickle > Wang via groups.io > Sent: Thursday, October 27, 2022 9:26 AM > To: devel@edk2.groups.io; Igor Kulchytskyy <igork@ami.com>; > abner.chang@amd.com > Cc: Nick Ramirez <nramirez@nvidia.com> > Subject: [EXTERNAL] Re: [edk2-devel] [PATCH] > RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation > > > **CAUTION: The e-mail below is from an external source. Please > exercise caution before opening attachments, clicking links, or > following guidance.** > > Hi Igor, > > Thank you for your help to review my changes. > > > And it will be blocked by our IPMI call. > > I see your point. So, BIOS should never be the person to shutdown > credential service because BIOS always get executed prior to OS, right? > > Igor: Yes, my point is that we should not shutdown credential service > from BIOS. Even if OS sends that IPMI command, new account will be > created and BIOS credentials will not be compromised. > > > Should it be configured with some PCD? Maybe user may select in > > Setup > what method should be used? Or it could be build time configuration? > > I have below assumption while I implemented the library. I admit this > is not always true. > > No Auth: I think this is rare case for Redfish service which gives > anonymous privilege to change BIOS settings. > Basic Auth: this is the authentication method which uses username and > password to build base64 encoded string. > Session Auth: I assume that client must have a session token first and > then use this authentication method. Can we use username and password > to generate session token on our own? If my memory serves me > correctly, client has to do a login with username and password first > and then client can receive session token from server. > > Igor: BIOS will use the credentials to create session. It should send > POST request to the session URI with user name and password to create session. > If a session created successfully then on response BMC returns header > "X- Auth-Token" which then used for the subsequential calls. > > If we really like to know what authentication method that Redfish > service used, we can issue a HTTP query to "/redfish/v1/Systems" with "No Auth". > Then we can know what authentication method is required by reading the > "WWW-Authenticate " filed in returned HTTP header. > > Igor: As my understanding, even if you include authentication header > (Base64 encoded) in the request to BMC and BMC has NoAuth > configuration, then that authentication header would be just ignored by BMC. > > Thanks, > Nickle > > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Igor > Kulchytskyy via groups.io > Sent: Wednesday, October 26, 2022 11:26 PM > To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io; > abner.chang@amd.com > Cc: Nick Ramirez <nramirez@nvidia.com> > Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: > IPMI implementation > > External email: Use caution opening links or attachments > > > Hi Nickle, > I would like to discuss that DisableBootstrapControl flag and how it > is used in our implementation. > According to Redfish HI specification we can use this flag to disable > credential bootstrapping control. > It can be disabled permanently or till next reboot of the host or > service. That depend on the EnableAfterReset setting on BMC side: > CredentialBootstrapping (v1.3+) > { object The credential bootstrapping settings for this interface. > EnableAfterReset (v1.3+) Boolean read-write (null) An > indication of whether credential bootstrapping is enabled after a reset for this interface. > Enabled (v1.3+) Boolean read-write (null) An indication of > whether credential bootstrapping is enabled for this interface. > RoleId (v1.3+) string read-write The role used for the > bootstrap account created for this interface. > } > So, if EnableAfterReset set to false, that means BMC will response > with 0x80 error and will not return any credentials after reboot. And > BIOS BMC communication will fail. > Another concern with disabling credential bootstrapping control is > that we do it on Exit Boot event before passing a control to OS. > But OS may also need to communicate to BMC through Redfish Host > Interface to post some information. And it will be blocked by our IPMI call. > We create that SMBIOS Type 42 table with Redfish Host Interface > settings which can be used by OS to communicate with BMC. But without > the credentials it will not be possible. > > Another question is AuthMethod parameter you initialize in this library: > *AuthMethod = AuthMethodHttpBasic; > According to Redfish HI specification 3 methods may be used - No Auth, > Basic Auth and Session Auth. > Basic Auth and Session Auth methods are required the credentials to be > used by BIOS. And both of them should be supported by BMC. > And your high level function RedfishCreateLibredfishService also > supports of creation Basic or Session Auth service. > I'm not sure why low level library which is created to get credentials > from BMC should decide what Authentication method should be used? > Should it be configured with some PCD? Maybe user may select in Setup > what method should be used? Or it could be build time configuration? > > Thank you, > Igor > > -----Original Message----- > From: Nickle Wang <nicklew@nvidia.com> > Sent: Tuesday, October 25, 2022 4:24 AM > To: devel@edk2.groups.io; abner.chang@amd.com > Cc: Nick Ramirez <nramirez@nvidia.com>; Igor Kulchytskyy > <igork@ami.com> > Subject: [EXTERNAL] RE: [edk2-devel] [PATCH] > RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation > > > **CAUTION: The e-mail below is from an external source. Please > exercise caution before opening attachments, clicking links, or > following guidance.** > > Thanks for your review comments, Abner! I will update new version > patch later. The CI build error will be handled together. > > > please add Igor as reviewer too > Sure! > > > > + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); > > + if > [Chang, Abner] > Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both > BootUsername and BootstrapPassword? Because the maximum number of > characters defined in the spec is USERNAME_MAX_LENGTH for the > user/password. > > Yes, the additional one byte is for NULL terminator. > USERNAME_MAX_LENGTH is defined as 16 and follow host interface > specification. > > Regards, > Nickle > > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Chang, > Abner via groups.io > Sent: Saturday, October 22, 2022 3:01 PM > To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io > Cc: Nick Ramirez <nramirez@nvidia.com>; Igor Kulchytskyy > <igork@ami.com> > Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: > IPMI implementation > > External email: Use caution opening links or attachments > > > [AMD Official Use Only - General] > > Hi Nickle, please add Igor as reviewer too. My comments is in below, > > > -----Original Message----- > > From: Nickle Wang <nicklew@nvidia.com> > > Sent: Thursday, October 20, 2022 10:55 AM > > To: devel@edk2.groups.io > > Cc: Chang, Abner <Abner.Chang@amd.com>; Nick Ramirez > > <nramirez@nvidia.com> > > Subject: [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI > > implementation > > > > Caution: This message originated from an External Source. Use proper > > caution when opening attachments, clicking links, or responding. > > > > > > This library follows Redfish Host Interface specification and use > > IPMI command to get bootstrap account credential(NetFn 2Ch, Command > > 02h) > from BMC. > > RedfishHostInterfaceDxe will use this credential for the following > > communication between BIOS and BMC. > > > > Cc: Abner Chang <abner.chang@amd.com> > > Cc: Nick Ramirez <nramirez@nvidia.com> > > Signed-off-by: Nickle Wang <nicklew@nvidia.com> > > --- > > .../RedfishPlatformCredentialLib.c | 273 ++++++++++++++++++ > > .../RedfishPlatformCredentialLib.h | 75 +++++ > > .../RedfishPlatformCredentialLib.inf | 37 +++ > [Chang, Abner] > Could we name this library RedfishPlatformCredentialIpmi so the naming > style is consistent with RedfishPlatformCredentialNull? > > > 3 files changed, 385 insertions(+) > > create mode 100644 > > > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredent > ial > Lib. > > c > > create mode 100644 > > > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredent > ial > Lib. > > h > > create mode 100644 > > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > > nt > > ialLib.i > > nf > > > > diff --git > > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.c > > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.c > > new file mode 100644 > > index 0000000000..23a15ab1fa > > --- /dev/null > > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatfor > > +++ mC > > +++ re > > +++ dentialLib.c > > @@ -0,0 +1,273 @@ > > +/** @file > > +* > > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > > +* > > +* SPDX-License-Identifier: BSD-2-Clause-Patent > [Chang, Abner] > We can have "@par Revision Reference:" in the file header to point > out the spec. > https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnam1 > 1.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fnam1 > &data=05%7C01%7Cigork%40ami.com%7C224e78526d7d45a7b31108dab8f42ac1 > %7C27e97857e15f486cb58e86c2b3040f93%7C1%7C0%7C638025656093102767%7CUnk > nown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWw > iLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=YN52FOx%2F%2F1YYG8Nl86vu7zlz > M%2BpLMk3Ym0RNPLxLKqw%3D&reserved=0 > 2.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fnam1 > &data=05%7C01%7Cnicklew%40nvidia.com%7C90696ea8811e49e371a708dab8e > be2d8%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638025620543993279% > 7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik > 1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CyvRgMZREOk5Yf0hU3CmH%2 > B08ktxMYw%2Bixr4UVywfrAQ%3D&reserved=0 > 1.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fww&a > mp;data=05%7C01%7Cigork%40ami.com%7C2b5b562c02c04c90d51208dab8b8c0fd%7 > C27e97857e15f486cb58e86c2b3040f93%7C1%7C0%7C638025400915295621%7CUnkno > wn%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiL > CJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Uy%2B3HS336N3rgNSESPcyOPGX3eOR > 48hekdz08nLtJU4%3D&reserved=0 > w.dmtf.org%2Fsites%2Fdefault%2Ffiles%2Fstandards%2Fdocuments%2FDSP > 0270_1.3.0.pdf&data=05%7C01%7Cabner.chang%40amd.com%7C074aa > e162fba49409af408dab8297c03%7C3dd8961fe4884e608e11a82d994e183d%7C > 0%7C0%7C638024786060127888%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiM > C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000 > %7C%7C%7C&sdata=yY6hhKjQfVqmNuufbeDNk%2B2FKrebHyIAyS9Ya4 > szE3Y%3D&reserved=0 > > > +* > > +**/ > > + > > +#include "RedfishPlatformCredentialLib.h" > > + > > +// > > +// Global flag of controlling credential service // BOOLEAN > > +mRedfishServiceStopped = FALSE; > > + > > +/** > > + Notify the Redfish service provide to stop provide configuration > > +service to this > > platform. > > + > > + This function should be called when the platfrom is about to > > + leave the safe > > environment. > > + It will notify the Redfish service provider to abort all logined > > + session, and prohibit further login with original auth info. > > + GetAuthInfo() will return EFI_UNSUPPORTED once this function is > returned. > > + > > + @param[in] This Pointer to > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > > + @param[in] ServiceStopType Reason of stopping Redfish service. > > + > > + @retval EFI_SUCCESS Service has been stoped successfully. > > + @retval EFI_INVALID_PARAMETER This is NULL. > > + @retval Others Some error happened. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +LibStopRedfishService ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE > ServiceStopType > > + ) > > +{ > > + EFI_STATUS Status; > > + > > + if ((ServiceStopType <= ServiceStopTypeNone) || (ServiceStopType > > + >= > > ServiceStopTypeMax)) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + // > > + // Raise flag first > > + // > > + mRedfishServiceStopped = TRUE; > > + > > + // > > + // Notify BMC to disable credential bootstrapping support. > > + // > > + Status = GetBootstrapAccountCredentials (TRUE, NULL, NULL); if > > + (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: fail to disable bootstrap credential: > > + %r\n", > > __FUNCTION__, Status)); > > + return Status; > > + } > > + > > + return EFI_SUCCESS; > > +} > > + > > +/** > > + Notification of Exit Boot Service. > > + > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > > +**/ > > +VOID > > +EFIAPI > > +LibCredentialExitBootServicesNotify ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > > + ) > > +{ > > + // > > + // Stop the credential support when system is about to enter OS. > > + // > > + LibStopRedfishService (This, ServiceStopTypeExitBootService); } > > + > > +/** > > + Notification of End of DXe. > > + > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > > +**/ > > +VOID > > +EFIAPI > > +LibCredentialEndOfDxeNotify ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > > + ) > > +{ > > + // > > + // Do nothing now. > > + // We can stop credential support when system reach end-of-dxe > > +for security > > reason. > > + // > > +} > > + > > +/** > > + Function to retrieve temporary use credentials for the UEFI > > +redfish client > [Chang, Abner] > We miss the functionality to disable bootstrap credential service in > the function description. > > > + > > + @param[in] DisableBootstrapControl > > + TRUE - Tell the BMC to disable the bootstrap credential > > + service to ensure no one else gains credentials > > + FALSE Allow the bootstrap > > + credential service to continue @param[out] BootstrapUsername > > + A pointer to a UTF-8 encoded > > + string for the credential > > username > > + When DisableBootstrapControl > > + is TRUE, this pointer can be NULL > > + > > + @param[out] BootstrapPassword > > + A pointer to a UTF-8 encoded > > + string for the credential > > password > > + When DisableBootstrapControl > > + is TRUE, this pointer can be NULL > > + > > + @retval EFI_SUCCESS Credentials were successfully fetched and > > returned > > + @retval EFI_INVALID_PARAMETER BootstrapUsername or > > BootstrapPassword is NULL when DisableBootstrapControl > > + is set to FALSE > > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > [Chang, Abner] > The return status should also include the status of disabling > bootstrap credential. > > > > +**/ > > +EFI_STATUS > > +GetBootstrapAccountCredentials ( > > + IN BOOLEAN DisableBootstrapControl, > > + IN OUT CHAR8 *BootstrapUsername, OPTIONAL > > + IN OUT CHAR8 *BootstrapPassword OPTIONAL > > + ) > > +{ > > + EFI_STATUS Status; > > + IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA CommandData; > > + IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE ResponseData; > > + UINT32 ResponseSize; > > + > > + if (!PcdGetBool (PcdIpmiFeatureEnable)) { > > + DEBUG ((DEBUG_ERROR, "%a: IPMI is not enabled! Unable to fetch > > + Redfish > > credentials\n", __FUNCTION__)); > > + return EFI_UNSUPPORTED; > > + } > > + > > + // > > + // NULL buffer check > > + // > > + if (!DisableBootstrapControl && ((BootstrapUsername == NULL) || > > (BootstrapPassword == NULL))) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + DEBUG ((DEBUG_VERBOSE, "%a: Disable bootstrap control: 0x%x\n", > > + __FUNCTION__, DisableBootstrapControl)); > > + > > + // > > + // IPMI callout to NetFn 2C, command 02 > > + // Request data: > > + // Byte 1: REDFISH_IPMI_GROUP_EXTENSION > > + // Byte 2: DisableBootstrapControl > > + // > > + CommandData.GroupExtensionId = > REDFISH_IPMI_GROUP_EXTENSION; > > + CommandData.DisableBootstrapControl = (DisableBootstrapControl ? > > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE : > > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE); > > + > > + ResponseSize = sizeof (ResponseData); > > + > > + // > > + // Response data: > > + // Byte 1 : Completion code > > + // Byte 2 : REDFISH_IPMI_GROUP_EXTENSION > > + // Byte 3-18 : Username > > + // Byte 19-34: Password > > + // > > + Status = IpmiSubmitCommand ( > > + IPMI_NETFN_GROUP_EXT, > > + REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD, > > + (UINT8 *)&CommandData, > > + sizeof (CommandData), > > + (UINT8 *)&ResponseData, > > + &ResponseSize > > + ); > > + > > + if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: IPMI transaction failure. > > + Returning\n", > > __FUNCTION__)); > > + ASSERT_EFI_ERROR (Status); > > + return Status; > > + } else { > > + if (ResponseData.CompletionCode != IPMI_COMP_CODE_NORMAL) { > > + if (ResponseData.CompletionCode == > > REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED) { > > + DEBUG ((DEBUG_ERROR, "%a: bootstrap credential support was > > disabled\n", __FUNCTION__)); > > + return EFI_ACCESS_DENIED; > > + } > > + > > + DEBUG ((DEBUG_ERROR, "%a: Completion code = 0x%x. > > + Returning\n", > > __FUNCTION__, ResponseData.CompletionCode)); > > + return EFI_PROTOCOL_ERROR; > > + } else if (ResponseData.GroupExtensionId != > > REDFISH_IPMI_GROUP_EXTENSION) { > > + DEBUG ((DEBUG_ERROR, "%a: Group Extension Response = 0x%x. > > Returning\n", __FUNCTION__, ResponseData.GroupExtensionId)); > > + return EFI_DEVICE_ERROR; > > + } else { > > + if (BootstrapUsername != NULL) { > > + CopyMem (BootstrapUsername, ResponseData.Username, > > USERNAME_MAX_LENGTH); > > + // > > + // Manually append null-terminator in case 16 characters > > + username > > returned. > > + // > > + BootstrapUsername[USERNAME_MAX_LENGTH] = '\0'; > > + } > > + > > + if (BootstrapPassword != NULL) { > > + CopyMem (BootstrapPassword, ResponseData.Password, > > PASSWORD_MAX_LENGTH); > > + // > > + // Manually append null-terminator in case 16 characters > > + password > > returned. > > + // > > + BootstrapPassword[PASSWORD_MAX_LENGTH] = '\0'; > > + } > > + } > > + } > > + > > + return Status; > > +} > > + > > +/** > > + Retrieve platform's Redfish authentication information. > > + > > + This functions returns the Redfish authentication method together > > + with the user Id and password. > > + - For AuthMethodNone, the UserId and Password could be used for > > + HTTP > > header authentication > > + as defined by RFC7235. > > + - For AuthMethodRedfishSession, the UserId and Password could be > > + used for > > Redfish > > + session login as defined by Redfish API specification (DSP0266). > > + > > + Callers are responsible for and freeing the returned string storage. > > + > > + @param[in] This Pointer to > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > > + @param[out] AuthMethod Type of Redfish authentication method. > > + @param[out] UserId The pointer to store the returned UserId > string. > > + @param[out] Password The pointer to store the returned > Password > > string. > > + > > + @retval EFI_SUCCESS Get the authentication information > successfully. > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe. > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or > > Password is NULL. > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory > resources. > > + @retval EFI_UNSUPPORTED Unsupported authentication method is > > found. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +LibCredentialGetAuthInfo ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod, > > + OUT CHAR8 **UserId, > > + OUT CHAR8 **Password > > + ) > > +{ > > + EFI_STATUS Status; > > + > > + if ((AuthMethod == NULL) || (UserId == NULL) || (Password == NULL)) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + *UserId = NULL; > > + *Password = NULL; > > + > > + if (mRedfishServiceStopped) { > > + DEBUG ((DEBUG_ERROR, "%a: credential service is stopped due to > > + security > > reason\n", __FUNCTION__)); > > + return EFI_ACCESS_DENIED; > > + } > > + > > + *AuthMethod = AuthMethodHttpBasic; > > + > > + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); > > + if > [Chang, Abner] > Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both > BootUsername and BootstrapPassword? Because the maximum number of > characters defined in the spec is USERNAME_MAX_LENGTH for the > user/password. > > > > + (*UserId == NULL) { > > + return EFI_OUT_OF_RESOURCES; > > + } > > + > > + *Password = AllocateZeroPool (sizeof (CHAR8) * > > + PASSWORD_MAX_SIZE); if (*Password == NULL) { > > + return EFI_OUT_OF_RESOURCES; > > + } > > + > > + Status = GetBootstrapAccountCredentials (FALSE, *UserId, > > + *Password); if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: fail to get bootstrap credential: > > + %r\n", > > __FUNCTION__, Status)); > > + return Status; > > + } > > + > > + return EFI_SUCCESS; > > +} > > diff --git > > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.h > > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.h > > new file mode 100644 > > index 0000000000..5b448e01be > > --- /dev/null > > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatfor > > +++ mC > > +++ re > > +++ dentialLib.h > > @@ -0,0 +1,75 @@ > > +/** @file > > +* > > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > > +* > > +* SPDX-License-Identifier: BSD-2-Clause-Patent > > +* > > +**/ > > +#include <Uefi.h> > > +#include <IndustryStandard/Ipmi.h> > > +#include <Protocol/EdkIIRedfishCredential.h> > > +#include <Library/BaseLib.h> > > +#include <Library/BaseMemoryLib.h> > > +#include <Library/DebugLib.h> > > +#include <Library/IpmiBaseLib.h> > > +#include <Library/MemoryAllocationLib.h> #include > > +<Library/RedfishCredentialLib.h> > > + > > +#define REDFISH_IPMI_GROUP_EXTENSION 0x52 > > +#define REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD 0x02 > > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE 0xA5 > > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE 0x00 > > +#define > REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED > > 0x80 > > + > > +// > > +// Per Redfish Host Interface Specification 1.3, The maximum lenght > > +of // username and password is 16 characters long. > > +// > > +#define USERNAME_MAX_LENGTH 16 > > +#define PASSWORD_MAX_LENGTH 16 > > +#define USERNAME_MAX_SIZE (USERNAME_MAX_LENGTH + 1) // > NULL > > terminator > > +#define PASSWORD_MAX_SIZE (PASSWORD_MAX_LENGTH + 1) // > NULL > > terminator > > + > > +#pragma pack(1) > > +/// > > +/// The definition of IPMI command to get bootstrap account > > +credentials /// typedef struct { > > + UINT8 GroupExtensionId; > > + UINT8 DisableBootstrapControl; > > +} IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA; > > + > > +/// > > +/// The response data of getting bootstrap credential /// typedef > > +struct { > > + UINT8 CompletionCode; > > + UINT8 GroupExtensionId; > > + CHAR8 Username[USERNAME_MAX_LENGTH]; > > + CHAR8 Password[PASSWORD_MAX_LENGTH]; > > +} IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE; > > + > > +#pragma pack() > > + > > +/** > > + Function to retrieve temporary use credentials for the UEFI > > +redfish client > [Chang, Abner] > We miss the functionality to disable bootstrap credential service in > the function description. > > > + > > + @param[in] DisableBootstrapControl > > + TRUE - Tell the BMC to disable the bootstrap credential > > + service to ensure no one else gains credentials > > + FALSE Allow the bootstrap > > + credential service to continue @param[out] BootstrapUsername > > + A pointer to a UTF-8 encoded > > + string for the credential username > > + > > + @param[out] BootstrapPassword > > + A pointer to a UTF-8 encoded > > + string for the credential password > > + > > + @retval EFI_SUCCESS Credentials were successfully fetched and > > returned > [Chang, Abner] > Or the bootstrap credential service is disabled successfully, right? > > > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > > +**/ > > +EFI_STATUS > > +GetBootstrapAccountCredentials ( > > + IN BOOLEAN DisableBootstrapControl, > > + IN OUT CHAR8 *BootstrapUsername, > > + IN OUT CHAR8 *BootstrapPassword > > + ); > > diff --git > > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.inf > > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.inf > > new file mode 100644 > > index 0000000000..a990d28363 > > --- /dev/null > > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatfor > > +++ mC > > +++ re > > +++ dentialLib.inf > > @@ -0,0 +1,37 @@ > > +## @file > > +# > > +# Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > > +# > > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ## > > + > > +[Defines] > > + INF_VERSION = 0x0001000b > > + BASE_NAME = RedfishPlatformCredentialLib > > + FILE_GUID = 9C45D622-4C66-417F-814C-F76246D97233 > > + MODULE_TYPE = DXE_DRIVER > > + VERSION_STRING = 1.0 > > + LIBRARY_CLASS = RedfishPlatformCredentialLib > > + > > +[Sources] > > + RedfishPlatformCredentialLib.c > > + > > +[Packages] > > + MdePkg/MdePkg.dec > > + MdeModulePkg/MdeModulePkg.dec > > + RedfishPkg/RedfishPkg.dec > > + IpmiFeaturePkg/IpmiFeaturePkg.dec > [Chang, Abner] > Could you please add a comment to the reference of IpmiFeaturePkg? We > have to give customers a notice that the dependence of "edk2- > platforms/Features/Intel/OutOfBandManagement/". They have to add the > path to PACKAGES_PATH. You also have to skip this dependence in the > RedfishPkg.yaml to avoid the CI error. > > Another thing is I propose to move out IpmiFeaturePkg from edk2- > platforms/Features/Intel/OutOfBandManagement to edk2- > platforms/Features/ManageabilityPkg that also provides the > implementation of PLDM/MCTP/IPMI/KCS. I had an initial talk with > IpmiFeaturePkg owner and get the positive response on this proposal. I > will kick off the discussion on the dev mailing list. That is to say > this module may need a little bit change later, however that is good > to me having this implementation now. > Thanks > Abner > > + > > +[LibraryClasses] > > + UefiLib > > + DebugLib > > + IpmiBaseLib > > + MemoryAllocationLib > > + BaseMemoryLib > > + > > +[Pcd] > > + gIpmiFeaturePkgTokenSpaceGuid.PcdIpmiFeatureEnable > > + > > +[Depex] > > + TRUE > > -- > > 2.17.1 > > > > > > -The information contained in this message may be confidential and > proprietary to American Megatrends (AMI). This communication is > intended to be read only by the individual or entity to whom it is > addressed or by their designee. If the reader of this message is not > the intended recipient, you are on notice that any distribution of > this message, in any form, is strictly prohibited. Please promptly > notify the sender by reply e-mail or by telephone at 770-246-8600, and > then delete or destroy all copies of the transmission. > > > > > > > > > > > -The information contained in this message may be confidential and > proprietary to American Megatrends (AMI). This communication is > intended to be read only by the individual or entity to whom it is > addressed or by their designee. If the reader of this message is not > the intended recipient, you are on notice that any distribution of > this message, in any form, is strictly prohibited. Please promptly > notify the sender by reply e-mail or by telephone at 770-246-8600, and > then delete or destroy all copies of the transmission. > > > > -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation 2022-10-28 16:03 ` Igor Kulchytskyy @ 2022-10-28 23:29 ` Nickle Wang 2022-10-30 15:33 ` Chang, Abner 0 siblings, 1 reply; 15+ messages in thread From: Nickle Wang @ 2022-10-28 23:29 UTC (permalink / raw) To: Igor Kulchytskyy, Chang, Abner, devel@edk2.groups.io; +Cc: Nick Ramirez [-- Attachment #1: Type: text/plain, Size: 39217 bytes --] Hi Igor, Yes, we should get the URI to computer system collection by parsing "/redfish/v1". Hi Abner, What do you think about this? And if we like to select authentication method for Redfish communication in this way, we need to update RedfishCredentialLib.h because now the authentication method is not decided by this low-level library. Thanks, Nickle ________________________________ From: Igor Kulchytskyy <igork@ami.com> Sent: Saturday, October 29, 2022 12:03 AM To: Nickle Wang <nicklew@nvidia.com>; Chang, Abner <Abner.Chang@amd.com>; devel@edk2.groups.io <devel@edk2.groups.io> Cc: Nick Ramirez <nramirez@nvidia.com> Subject: RE: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation External email: Use caution opening links or attachments Hi Nickle, I think this is a good idea to send a request to the URI which requires the authentication and then analyze the header of response. The only thing I would like to discuss is a hardcoded URI - "/redfish/v1/Systems". Shouldn't we parse "redfish/v1" json response and get the URI from "Systems" attribute. That, I think, would be more universal method. And that is what Redfish specification said, that user should be able to iterate from Redfish service root "redfish/v1" to any redfish resource. Thank you, Igor -----Original Message----- From: Nickle Wang <nicklew@nvidia.com> Sent: Friday, October 28, 2022 10:53 AM To: Igor Kulchytskyy <igork@ami.com>; Chang, Abner <Abner.Chang@amd.com>; devel@edk2.groups.io Cc: Nick Ramirez <nramirez@nvidia.com> Subject: RE: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation Hi Igor, Abner, Thanks for your comments. A quick summary as below: - BIOS is not supported to disable bootstrap credential service. For security purposes, BIOS should shutdown credential service with its internal control mechanism. - Credential libraries need a cache mechanism to prevent multiple queries to BMC. All applications in BIOS share the same credentials. - The storage of keeping credentials should be deleted before the end of the DXE event. So that the credential will not be retrieved by unauthorized user or application. (e.g. user can read variable under UEFI shell with dmpstore command) There is one thing remained and I like to have further discussion. For the authentication method, do we think that client user can decide what authentication method to use regardless of the requirement from server? I am thinking a detection mechanism as below: Issue HTTP GET to "/redfish/v1/Systems" (which normally require authentication) without authentication method. a) if client receive 200 OK, "No Auth" is used and we don't need to get credentials b) if client receive 401 Unauthorized, check the "WWW-Authenticate" field in returned HTTP header. "Basic realm" or "X-Auh-Token realm" or both two methods will be specified. Then client can know what method to use. Two methods all require credential. Above mechanism can be placed in RedfishCredentailDxe driver so driver will know if it needs to call credential lib or not. Thanks, Nickle -----Original Message----- From: Igor Kulchytskyy <igork@ami.com> Sent: Friday, October 28, 2022 9:54 PM To: Chang, Abner <Abner.Chang@amd.com>; devel@edk2.groups.io; Nickle Wang <nicklew@nvidia.com> Cc: Nick Ramirez <nramirez@nvidia.com> Subject: RE: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation External email: Use caution opening links or attachments Hi Abner, Yes, you are right that NVRAM variables were deprecated by DMTF. But we can use our own boot time NVRAM variable to keep FW credentials. That variable will not be accessible from OS, but since we agreed not to disable bootstrap credentials service on exit boot event, then OS may get its own credentials. Or we can save the credentials in memory variable. But in this case if we have several instances of the library linked with different modules they will have to send their own IPMI command to get credentials. So, I think it is better to use our own NVRAM boot time variable. Thank you, Igor -----Original Message----- From: Chang, Abner <Abner.Chang@amd.com> Sent: Friday, October 28, 2022 3:48 AM To: devel@edk2.groups.io; Igor Kulchytskyy <igork@ami.com>; nicklew@nvidia.com Cc: Nick Ramirez <nramirez@nvidia.com> Subject: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation **CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.** [AMD Official Use Only - General] > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Igor > Kulchytskyy via groups.io > Sent: Thursday, October 27, 2022 10:42 PM > To: devel@edk2.groups.io; nicklew@nvidia.com; Chang, Abner > <Abner.Chang@amd.com> > Cc: Nick Ramirez <nramirez@nvidia.com> > Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: > IPMI implementation > > Caution: This message originated from an External Source. Use proper > caution when opening attachments, clicking links, or responding. > > > Hi Nickle, > Pleased, see my comments on your questions below. > > Another point I missed in my previous mail. > You have that function in the library to get credentials and it is > used by RedfishCredentialsDxe driver to create the protocol which in > its turn will be used by other Redfish modules. > We do not know how many modules and how many times will call this > function during boot. Right? > And on each call of this function you call IPMI command. That command > will create new Redfish account on BMC side according to Redfish HI specification: > > " If the Get Bootstrap Account Credentials command has been issued and > responds with the completion code 00h, a bootstrap account shall be > added to the manager's account collection and enabled. If the Get > Bootstrap Account Credentials command is sent subsequent times and > responds with the completion code 00h, a new account shall be created > based on the newly generated credentials. Any existing bootstrap accounts shall remain active." > > As I know BMC may have some restrictions on the number of Redfish > accounts they can support. > And because of that BOS may hit this limit. Which is not good. > On the other hand I'm not sure we need to have different credentials > for different modules? All those modules are part of FW. And all of > them will be associated with the same RoleID (FW role) on BMC side. > So, all of them may use the same credentials. > Could we cash the credentials on first call of that Yes, this is something we have to avoid. Many accounts will be created while each of Redfish client module requests a credential. FW can save it in EFI variable and delete it at proper timing. Unfortunately the credential delivering via EFI variable section was deprecated, otherwise we can deliver the credential to OS through EFI variable with disabling the bootstrap credential at exit boot service. Abner > RedfishCredentialGetAuthInfo and then use those cashed credentials on > subsequential calls? > It will also may save a boot time, since there is no need to send IPMI > command. > > Thank you, > Igor > > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Nickle > Wang via groups.io > Sent: Thursday, October 27, 2022 9:26 AM > To: devel@edk2.groups.io; Igor Kulchytskyy <igork@ami.com>; > abner.chang@amd.com > Cc: Nick Ramirez <nramirez@nvidia.com> > Subject: [EXTERNAL] Re: [edk2-devel] [PATCH] > RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation > > > **CAUTION: The e-mail below is from an external source. Please > exercise caution before opening attachments, clicking links, or > following guidance.** > > Hi Igor, > > Thank you for your help to review my changes. > > > And it will be blocked by our IPMI call. > > I see your point. So, BIOS should never be the person to shutdown > credential service because BIOS always get executed prior to OS, right? > > Igor: Yes, my point is that we should not shutdown credential service > from BIOS. Even if OS sends that IPMI command, new account will be > created and BIOS credentials will not be compromised. > > > Should it be configured with some PCD? Maybe user may select in > > Setup > what method should be used? Or it could be build time configuration? > > I have below assumption while I implemented the library. I admit this > is not always true. > > No Auth: I think this is rare case for Redfish service which gives > anonymous privilege to change BIOS settings. > Basic Auth: this is the authentication method which uses username and > password to build base64 encoded string. > Session Auth: I assume that client must have a session token first and > then use this authentication method. Can we use username and password > to generate session token on our own? If my memory serves me > correctly, client has to do a login with username and password first > and then client can receive session token from server. > > Igor: BIOS will use the credentials to create session. It should send > POST request to the session URI with user name and password to create session. > If a session created successfully then on response BMC returns header > "X- Auth-Token" which then used for the subsequential calls. > > If we really like to know what authentication method that Redfish > service used, we can issue a HTTP query to "/redfish/v1/Systems" with "No Auth". > Then we can know what authentication method is required by reading the > "WWW-Authenticate " filed in returned HTTP header. > > Igor: As my understanding, even if you include authentication header > (Base64 encoded) in the request to BMC and BMC has NoAuth > configuration, then that authentication header would be just ignored by BMC. > > Thanks, > Nickle > > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Igor > Kulchytskyy via groups.io > Sent: Wednesday, October 26, 2022 11:26 PM > To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io; > abner.chang@amd.com > Cc: Nick Ramirez <nramirez@nvidia.com> > Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: > IPMI implementation > > External email: Use caution opening links or attachments > > > Hi Nickle, > I would like to discuss that DisableBootstrapControl flag and how it > is used in our implementation. > According to Redfish HI specification we can use this flag to disable > credential bootstrapping control. > It can be disabled permanently or till next reboot of the host or > service. That depend on the EnableAfterReset setting on BMC side: > CredentialBootstrapping (v1.3+) > { object The credential bootstrapping settings for this interface. > EnableAfterReset (v1.3+) Boolean read-write (null) An > indication of whether credential bootstrapping is enabled after a reset for this interface. > Enabled (v1.3+) Boolean read-write (null) An indication of > whether credential bootstrapping is enabled for this interface. > RoleId (v1.3+) string read-write The role used for the > bootstrap account created for this interface. > } > So, if EnableAfterReset set to false, that means BMC will response > with 0x80 error and will not return any credentials after reboot. And > BIOS BMC communication will fail. > Another concern with disabling credential bootstrapping control is > that we do it on Exit Boot event before passing a control to OS. > But OS may also need to communicate to BMC through Redfish Host > Interface to post some information. And it will be blocked by our IPMI call. > We create that SMBIOS Type 42 table with Redfish Host Interface > settings which can be used by OS to communicate with BMC. But without > the credentials it will not be possible. > > Another question is AuthMethod parameter you initialize in this library: > *AuthMethod = AuthMethodHttpBasic; > According to Redfish HI specification 3 methods may be used - No Auth, > Basic Auth and Session Auth. > Basic Auth and Session Auth methods are required the credentials to be > used by BIOS. And both of them should be supported by BMC. > And your high level function RedfishCreateLibredfishService also > supports of creation Basic or Session Auth service. > I'm not sure why low level library which is created to get credentials > from BMC should decide what Authentication method should be used? > Should it be configured with some PCD? Maybe user may select in Setup > what method should be used? Or it could be build time configuration? > > Thank you, > Igor > > -----Original Message----- > From: Nickle Wang <nicklew@nvidia.com> > Sent: Tuesday, October 25, 2022 4:24 AM > To: devel@edk2.groups.io; abner.chang@amd.com > Cc: Nick Ramirez <nramirez@nvidia.com>; Igor Kulchytskyy > <igork@ami.com> > Subject: [EXTERNAL] RE: [edk2-devel] [PATCH] > RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation > > > **CAUTION: The e-mail below is from an external source. Please > exercise caution before opening attachments, clicking links, or > following guidance.** > > Thanks for your review comments, Abner! I will update new version > patch later. The CI build error will be handled together. > > > please add Igor as reviewer too > Sure! > > > > + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); > > + if > [Chang, Abner] > Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both > BootUsername and BootstrapPassword? Because the maximum number of > characters defined in the spec is USERNAME_MAX_LENGTH for the > user/password. > > Yes, the additional one byte is for NULL terminator. > USERNAME_MAX_LENGTH is defined as 16 and follow host interface > specification. > > Regards, > Nickle > > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Chang, > Abner via groups.io > Sent: Saturday, October 22, 2022 3:01 PM > To: Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io > Cc: Nick Ramirez <nramirez@nvidia.com>; Igor Kulchytskyy > <igork@ami.com> > Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: > IPMI implementation > > External email: Use caution opening links or attachments > > > [AMD Official Use Only - General] > > Hi Nickle, please add Igor as reviewer too. My comments is in below, > > > -----Original Message----- > > From: Nickle Wang <nicklew@nvidia.com> > > Sent: Thursday, October 20, 2022 10:55 AM > > To: devel@edk2.groups.io > > Cc: Chang, Abner <Abner.Chang@amd.com>; Nick Ramirez > > <nramirez@nvidia.com> > > Subject: [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI > > implementation > > > > Caution: This message originated from an External Source. Use proper > > caution when opening attachments, clicking links, or responding. > > > > > > This library follows Redfish Host Interface specification and use > > IPMI command to get bootstrap account credential(NetFn 2Ch, Command > > 02h) > from BMC. > > RedfishHostInterfaceDxe will use this credential for the following > > communication between BIOS and BMC. > > > > Cc: Abner Chang <abner.chang@amd.com> > > Cc: Nick Ramirez <nramirez@nvidia.com> > > Signed-off-by: Nickle Wang <nicklew@nvidia.com> > > --- > > .../RedfishPlatformCredentialLib.c | 273 ++++++++++++++++++ > > .../RedfishPlatformCredentialLib.h | 75 +++++ > > .../RedfishPlatformCredentialLib.inf | 37 +++ > [Chang, Abner] > Could we name this library RedfishPlatformCredentialIpmi so the naming > style is consistent with RedfishPlatformCredentialNull? > > > 3 files changed, 385 insertions(+) > > create mode 100644 > > > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredent > ial > Lib. > > c > > create mode 100644 > > > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredent > ial > Lib. > > h > > create mode 100644 > > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > > nt > > ialLib.i > > nf > > > > diff --git > > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.c > > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.c > > new file mode 100644 > > index 0000000000..23a15ab1fa > > --- /dev/null > > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatfor > > +++ mC > > +++ re > > +++ dentialLib.c > > @@ -0,0 +1,273 @@ > > +/** @file > > +* > > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > > +* > > +* SPDX-License-Identifier: BSD-2-Clause-Patent > [Chang, Abner] > We can have "@par Revision Reference:" in the file header to point > out the spec. > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fnam1&data=05%7C01%7Cnicklew%40nvidia.com%7C3f7c98d402b8471f95d408dab8fdeb00%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638025697967855556%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=90NlFqDGaEtk5kMibeuQ3%2FzQNn3ANJn1LcF6RNqsJJ0%3D&reserved=0 > 1.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fnam1 > &data=05%7C01%7Cigork%40ami.com%7C224e78526d7d45a7b31108dab8f42ac1 > %7C27e97857e15f486cb58e86c2b3040f93%7C1%7C0%7C638025656093102767%7CUnk > nown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWw > iLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=YN52FOx%2F%2F1YYG8Nl86vu7zlz > M%2BpLMk3Ym0RNPLxLKqw%3D&reserved=0 > 2.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fnam1 > &data=05%7C01%7Cnicklew%40nvidia.com%7C90696ea8811e49e371a708dab8e > be2d8%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638025620543993279% > 7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik > 1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CyvRgMZREOk5Yf0hU3CmH%2 > B08ktxMYw%2Bixr4UVywfrAQ%3D&reserved=0 > 1.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fww&a > mp;data=05%7C01%7Cigork%40ami.com%7C2b5b562c02c04c90d51208dab8b8c0fd%7 > C27e97857e15f486cb58e86c2b3040f93%7C1%7C0%7C638025400915295621%7CUnkno > wn%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiL > CJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Uy%2B3HS336N3rgNSESPcyOPGX3eOR > 48hekdz08nLtJU4%3D&reserved=0 > w.dmtf.org%2Fsites%2Fdefault%2Ffiles%2Fstandards%2Fdocuments%2FDSP > 0270_1.3.0.pdf&data=05%7C01%7Cabner.chang%40amd.com%7C074aa > e162fba49409af408dab8297c03%7C3dd8961fe4884e608e11a82d994e183d%7C > 0%7C0%7C638024786060127888%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiM > C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000 > %7C%7C%7C&sdata=yY6hhKjQfVqmNuufbeDNk%2B2FKrebHyIAyS9Ya4 > szE3Y%3D&reserved=0 > > > +* > > +**/ > > + > > +#include "RedfishPlatformCredentialLib.h" > > + > > +// > > +// Global flag of controlling credential service // BOOLEAN > > +mRedfishServiceStopped = FALSE; > > + > > +/** > > + Notify the Redfish service provide to stop provide configuration > > +service to this > > platform. > > + > > + This function should be called when the platfrom is about to > > + leave the safe > > environment. > > + It will notify the Redfish service provider to abort all logined > > + session, and prohibit further login with original auth info. > > + GetAuthInfo() will return EFI_UNSUPPORTED once this function is > returned. > > + > > + @param[in] This Pointer to > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > > + @param[in] ServiceStopType Reason of stopping Redfish service. > > + > > + @retval EFI_SUCCESS Service has been stoped successfully. > > + @retval EFI_INVALID_PARAMETER This is NULL. > > + @retval Others Some error happened. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +LibStopRedfishService ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE > ServiceStopType > > + ) > > +{ > > + EFI_STATUS Status; > > + > > + if ((ServiceStopType <= ServiceStopTypeNone) || (ServiceStopType > > + >= > > ServiceStopTypeMax)) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + // > > + // Raise flag first > > + // > > + mRedfishServiceStopped = TRUE; > > + > > + // > > + // Notify BMC to disable credential bootstrapping support. > > + // > > + Status = GetBootstrapAccountCredentials (TRUE, NULL, NULL); if > > + (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: fail to disable bootstrap credential: > > + %r\n", > > __FUNCTION__, Status)); > > + return Status; > > + } > > + > > + return EFI_SUCCESS; > > +} > > + > > +/** > > + Notification of Exit Boot Service. > > + > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > > +**/ > > +VOID > > +EFIAPI > > +LibCredentialExitBootServicesNotify ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > > + ) > > +{ > > + // > > + // Stop the credential support when system is about to enter OS. > > + // > > + LibStopRedfishService (This, ServiceStopTypeExitBootService); } > > + > > +/** > > + Notification of End of DXe. > > + > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > > +**/ > > +VOID > > +EFIAPI > > +LibCredentialEndOfDxeNotify ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > > + ) > > +{ > > + // > > + // Do nothing now. > > + // We can stop credential support when system reach end-of-dxe > > +for security > > reason. > > + // > > +} > > + > > +/** > > + Function to retrieve temporary use credentials for the UEFI > > +redfish client > [Chang, Abner] > We miss the functionality to disable bootstrap credential service in > the function description. > > > + > > + @param[in] DisableBootstrapControl > > + TRUE - Tell the BMC to disable the bootstrap credential > > + service to ensure no one else gains credentials > > + FALSE Allow the bootstrap > > + credential service to continue @param[out] BootstrapUsername > > + A pointer to a UTF-8 encoded > > + string for the credential > > username > > + When DisableBootstrapControl > > + is TRUE, this pointer can be NULL > > + > > + @param[out] BootstrapPassword > > + A pointer to a UTF-8 encoded > > + string for the credential > > password > > + When DisableBootstrapControl > > + is TRUE, this pointer can be NULL > > + > > + @retval EFI_SUCCESS Credentials were successfully fetched and > > returned > > + @retval EFI_INVALID_PARAMETER BootstrapUsername or > > BootstrapPassword is NULL when DisableBootstrapControl > > + is set to FALSE > > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > [Chang, Abner] > The return status should also include the status of disabling > bootstrap credential. > > > > +**/ > > +EFI_STATUS > > +GetBootstrapAccountCredentials ( > > + IN BOOLEAN DisableBootstrapControl, > > + IN OUT CHAR8 *BootstrapUsername, OPTIONAL > > + IN OUT CHAR8 *BootstrapPassword OPTIONAL > > + ) > > +{ > > + EFI_STATUS Status; > > + IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA CommandData; > > + IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE ResponseData; > > + UINT32 ResponseSize; > > + > > + if (!PcdGetBool (PcdIpmiFeatureEnable)) { > > + DEBUG ((DEBUG_ERROR, "%a: IPMI is not enabled! Unable to fetch > > + Redfish > > credentials\n", __FUNCTION__)); > > + return EFI_UNSUPPORTED; > > + } > > + > > + // > > + // NULL buffer check > > + // > > + if (!DisableBootstrapControl && ((BootstrapUsername == NULL) || > > (BootstrapPassword == NULL))) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + DEBUG ((DEBUG_VERBOSE, "%a: Disable bootstrap control: 0x%x\n", > > + __FUNCTION__, DisableBootstrapControl)); > > + > > + // > > + // IPMI callout to NetFn 2C, command 02 > > + // Request data: > > + // Byte 1: REDFISH_IPMI_GROUP_EXTENSION > > + // Byte 2: DisableBootstrapControl > > + // > > + CommandData.GroupExtensionId = > REDFISH_IPMI_GROUP_EXTENSION; > > + CommandData.DisableBootstrapControl = (DisableBootstrapControl ? > > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE : > > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE); > > + > > + ResponseSize = sizeof (ResponseData); > > + > > + // > > + // Response data: > > + // Byte 1 : Completion code > > + // Byte 2 : REDFISH_IPMI_GROUP_EXTENSION > > + // Byte 3-18 : Username > > + // Byte 19-34: Password > > + // > > + Status = IpmiSubmitCommand ( > > + IPMI_NETFN_GROUP_EXT, > > + REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD, > > + (UINT8 *)&CommandData, > > + sizeof (CommandData), > > + (UINT8 *)&ResponseData, > > + &ResponseSize > > + ); > > + > > + if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: IPMI transaction failure. > > + Returning\n", > > __FUNCTION__)); > > + ASSERT_EFI_ERROR (Status); > > + return Status; > > + } else { > > + if (ResponseData.CompletionCode != IPMI_COMP_CODE_NORMAL) { > > + if (ResponseData.CompletionCode == > > REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED) { > > + DEBUG ((DEBUG_ERROR, "%a: bootstrap credential support was > > disabled\n", __FUNCTION__)); > > + return EFI_ACCESS_DENIED; > > + } > > + > > + DEBUG ((DEBUG_ERROR, "%a: Completion code = 0x%x. > > + Returning\n", > > __FUNCTION__, ResponseData.CompletionCode)); > > + return EFI_PROTOCOL_ERROR; > > + } else if (ResponseData.GroupExtensionId != > > REDFISH_IPMI_GROUP_EXTENSION) { > > + DEBUG ((DEBUG_ERROR, "%a: Group Extension Response = 0x%x. > > Returning\n", __FUNCTION__, ResponseData.GroupExtensionId)); > > + return EFI_DEVICE_ERROR; > > + } else { > > + if (BootstrapUsername != NULL) { > > + CopyMem (BootstrapUsername, ResponseData.Username, > > USERNAME_MAX_LENGTH); > > + // > > + // Manually append null-terminator in case 16 characters > > + username > > returned. > > + // > > + BootstrapUsername[USERNAME_MAX_LENGTH] = '\0'; > > + } > > + > > + if (BootstrapPassword != NULL) { > > + CopyMem (BootstrapPassword, ResponseData.Password, > > PASSWORD_MAX_LENGTH); > > + // > > + // Manually append null-terminator in case 16 characters > > + password > > returned. > > + // > > + BootstrapPassword[PASSWORD_MAX_LENGTH] = '\0'; > > + } > > + } > > + } > > + > > + return Status; > > +} > > + > > +/** > > + Retrieve platform's Redfish authentication information. > > + > > + This functions returns the Redfish authentication method together > > + with the user Id and password. > > + - For AuthMethodNone, the UserId and Password could be used for > > + HTTP > > header authentication > > + as defined by RFC7235. > > + - For AuthMethodRedfishSession, the UserId and Password could be > > + used for > > Redfish > > + session login as defined by Redfish API specification (DSP0266). > > + > > + Callers are responsible for and freeing the returned string storage. > > + > > + @param[in] This Pointer to > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > > + @param[out] AuthMethod Type of Redfish authentication method. > > + @param[out] UserId The pointer to store the returned UserId > string. > > + @param[out] Password The pointer to store the returned > Password > > string. > > + > > + @retval EFI_SUCCESS Get the authentication information > successfully. > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe. > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or > > Password is NULL. > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory > resources. > > + @retval EFI_UNSUPPORTED Unsupported authentication method is > > found. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +LibCredentialGetAuthInfo ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod, > > + OUT CHAR8 **UserId, > > + OUT CHAR8 **Password > > + ) > > +{ > > + EFI_STATUS Status; > > + > > + if ((AuthMethod == NULL) || (UserId == NULL) || (Password == NULL)) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + *UserId = NULL; > > + *Password = NULL; > > + > > + if (mRedfishServiceStopped) { > > + DEBUG ((DEBUG_ERROR, "%a: credential service is stopped due to > > + security > > reason\n", __FUNCTION__)); > > + return EFI_ACCESS_DENIED; > > + } > > + > > + *AuthMethod = AuthMethodHttpBasic; > > + > > + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); > > + if > [Chang, Abner] > Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both > BootUsername and BootstrapPassword? Because the maximum number of > characters defined in the spec is USERNAME_MAX_LENGTH for the > user/password. > > > > + (*UserId == NULL) { > > + return EFI_OUT_OF_RESOURCES; > > + } > > + > > + *Password = AllocateZeroPool (sizeof (CHAR8) * > > + PASSWORD_MAX_SIZE); if (*Password == NULL) { > > + return EFI_OUT_OF_RESOURCES; > > + } > > + > > + Status = GetBootstrapAccountCredentials (FALSE, *UserId, > > + *Password); if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: fail to get bootstrap credential: > > + %r\n", > > __FUNCTION__, Status)); > > + return Status; > > + } > > + > > + return EFI_SUCCESS; > > +} > > diff --git > > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.h > > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.h > > new file mode 100644 > > index 0000000000..5b448e01be > > --- /dev/null > > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatfor > > +++ mC > > +++ re > > +++ dentialLib.h > > @@ -0,0 +1,75 @@ > > +/** @file > > +* > > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > > +* > > +* SPDX-License-Identifier: BSD-2-Clause-Patent > > +* > > +**/ > > +#include <Uefi.h> > > +#include <IndustryStandard/Ipmi.h> > > +#include <Protocol/EdkIIRedfishCredential.h> > > +#include <Library/BaseLib.h> > > +#include <Library/BaseMemoryLib.h> > > +#include <Library/DebugLib.h> > > +#include <Library/IpmiBaseLib.h> > > +#include <Library/MemoryAllocationLib.h> #include > > +<Library/RedfishCredentialLib.h> > > + > > +#define REDFISH_IPMI_GROUP_EXTENSION 0x52 > > +#define REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD 0x02 > > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE 0xA5 > > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE 0x00 > > +#define > REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED > > 0x80 > > + > > +// > > +// Per Redfish Host Interface Specification 1.3, The maximum lenght > > +of // username and password is 16 characters long. > > +// > > +#define USERNAME_MAX_LENGTH 16 > > +#define PASSWORD_MAX_LENGTH 16 > > +#define USERNAME_MAX_SIZE (USERNAME_MAX_LENGTH + 1) // > NULL > > terminator > > +#define PASSWORD_MAX_SIZE (PASSWORD_MAX_LENGTH + 1) // > NULL > > terminator > > + > > +#pragma pack(1) > > +/// > > +/// The definition of IPMI command to get bootstrap account > > +credentials /// typedef struct { > > + UINT8 GroupExtensionId; > > + UINT8 DisableBootstrapControl; > > +} IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA; > > + > > +/// > > +/// The response data of getting bootstrap credential /// typedef > > +struct { > > + UINT8 CompletionCode; > > + UINT8 GroupExtensionId; > > + CHAR8 Username[USERNAME_MAX_LENGTH]; > > + CHAR8 Password[PASSWORD_MAX_LENGTH]; > > +} IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE; > > + > > +#pragma pack() > > + > > +/** > > + Function to retrieve temporary use credentials for the UEFI > > +redfish client > [Chang, Abner] > We miss the functionality to disable bootstrap credential service in > the function description. > > > + > > + @param[in] DisableBootstrapControl > > + TRUE - Tell the BMC to disable the bootstrap credential > > + service to ensure no one else gains credentials > > + FALSE Allow the bootstrap > > + credential service to continue @param[out] BootstrapUsername > > + A pointer to a UTF-8 encoded > > + string for the credential username > > + > > + @param[out] BootstrapPassword > > + A pointer to a UTF-8 encoded > > + string for the credential password > > + > > + @retval EFI_SUCCESS Credentials were successfully fetched and > > returned > [Chang, Abner] > Or the bootstrap credential service is disabled successfully, right? > > > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > > +**/ > > +EFI_STATUS > > +GetBootstrapAccountCredentials ( > > + IN BOOLEAN DisableBootstrapControl, > > + IN OUT CHAR8 *BootstrapUsername, > > + IN OUT CHAR8 *BootstrapPassword > > + ); > > diff --git > > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.inf > > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.inf > > new file mode 100644 > > index 0000000000..a990d28363 > > --- /dev/null > > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatfor > > +++ mC > > +++ re > > +++ dentialLib.inf > > @@ -0,0 +1,37 @@ > > +## @file > > +# > > +# Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > > +# > > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ## > > + > > +[Defines] > > + INF_VERSION = 0x0001000b > > + BASE_NAME = RedfishPlatformCredentialLib > > + FILE_GUID = 9C45D622-4C66-417F-814C-F76246D97233 > > + MODULE_TYPE = DXE_DRIVER > > + VERSION_STRING = 1.0 > > + LIBRARY_CLASS = RedfishPlatformCredentialLib > > + > > +[Sources] > > + RedfishPlatformCredentialLib.c > > + > > +[Packages] > > + MdePkg/MdePkg.dec > > + MdeModulePkg/MdeModulePkg.dec > > + RedfishPkg/RedfishPkg.dec > > + IpmiFeaturePkg/IpmiFeaturePkg.dec > [Chang, Abner] > Could you please add a comment to the reference of IpmiFeaturePkg? We > have to give customers a notice that the dependence of "edk2- > platforms/Features/Intel/OutOfBandManagement/". They have to add the > path to PACKAGES_PATH. You also have to skip this dependence in the > RedfishPkg.yaml to avoid the CI error. > > Another thing is I propose to move out IpmiFeaturePkg from edk2- > platforms/Features/Intel/OutOfBandManagement to edk2- > platforms/Features/ManageabilityPkg that also provides the > implementation of PLDM/MCTP/IPMI/KCS. I had an initial talk with > IpmiFeaturePkg owner and get the positive response on this proposal. I > will kick off the discussion on the dev mailing list. That is to say > this module may need a little bit change later, however that is good > to me having this implementation now. > Thanks > Abner > > + > > +[LibraryClasses] > > + UefiLib > > + DebugLib > > + IpmiBaseLib > > + MemoryAllocationLib > > + BaseMemoryLib > > + > > +[Pcd] > > + gIpmiFeaturePkgTokenSpaceGuid.PcdIpmiFeatureEnable > > + > > +[Depex] > > + TRUE > > -- > > 2.17.1 > > > > > > -The information contained in this message may be confidential and > proprietary to American Megatrends (AMI). This communication is > intended to be read only by the individual or entity to whom it is > addressed or by their designee. If the reader of this message is not > the intended recipient, you are on notice that any distribution of > this message, in any form, is strictly prohibited. Please promptly > notify the sender by reply e-mail or by telephone at 770-246-8600, and > then delete or destroy all copies of the transmission. > > > > > > > > > > > -The information contained in this message may be confidential and > proprietary to American Megatrends (AMI). This communication is > intended to be read only by the individual or entity to whom it is > addressed or by their designee. If the reader of this message is not > the intended recipient, you are on notice that any distribution of > this message, in any form, is strictly prohibited. Please promptly > notify the sender by reply e-mail or by telephone at 770-246-8600, and > then delete or destroy all copies of the transmission. > > > > -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. [-- Attachment #2: Type: text/html, Size: 59187 bytes --] ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation 2022-10-28 23:29 ` Nickle Wang @ 2022-10-30 15:33 ` Chang, Abner 2022-10-30 18:56 ` Igor Kulchytskyy 0 siblings, 1 reply; 15+ messages in thread From: Chang, Abner @ 2022-10-30 15:33 UTC (permalink / raw) To: Nickle Wang, Igor Kulchytskyy, devel@edk2.groups.io; +Cc: Nick Ramirez [-- Attachment #1: Type: text/plain, Size: 41955 bytes --] [AMD Official Use Only - General] Does "/redfish/v1" require authentication? I think this solution is ok if "/redfish/v1" requires the authentication. Another thing is how do we determine to use Basic authentication or the session token? Abner From: Nickle Wang <nicklew@nvidia.com> Sent: Saturday, October 29, 2022 7:29 AM To: Igor Kulchytskyy <igork@ami.com>; Chang, Abner <Abner.Chang@amd.com>; devel@edk2.groups.io Cc: Nick Ramirez <nramirez@nvidia.com> Subject: Re: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation Caution: This message originated from an External Source. Use proper caution when opening attachments, clicking links, or responding. Hi Igor, Yes, we should get the URI to computer system collection by parsing "/redfish/v1". Hi Abner, What do you think about this? And if we like to select authentication method for Redfish communication in this way, we need to update RedfishCredentialLib.h because now the authentication method is not decided by this low-level library. Thanks, Nickle ________________________________ From: Igor Kulchytskyy <igork@ami.com<mailto:igork@ami.com>> Sent: Saturday, October 29, 2022 12:03 AM To: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>>; Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> Subject: RE: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation External email: Use caution opening links or attachments Hi Nickle, I think this is a good idea to send a request to the URI which requires the authentication and then analyze the header of response. The only thing I would like to discuss is a hardcoded URI - "/redfish/v1/Systems". Shouldn't we parse "redfish/v1" json response and get the URI from "Systems" attribute. That, I think, would be more universal method. And that is what Redfish specification said, that user should be able to iterate from Redfish service root "redfish/v1" to any redfish resource. Thank you, Igor -----Original Message----- From: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>> Sent: Friday, October 28, 2022 10:53 AM To: Igor Kulchytskyy <igork@ami.com<mailto:igork@ami.com>>; Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> Subject: RE: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation Hi Igor, Abner, Thanks for your comments. A quick summary as below: - BIOS is not supported to disable bootstrap credential service. For security purposes, BIOS should shutdown credential service with its internal control mechanism. - Credential libraries need a cache mechanism to prevent multiple queries to BMC. All applications in BIOS share the same credentials. - The storage of keeping credentials should be deleted before the end of the DXE event. So that the credential will not be retrieved by unauthorized user or application. (e.g. user can read variable under UEFI shell with dmpstore command) There is one thing remained and I like to have further discussion. For the authentication method, do we think that client user can decide what authentication method to use regardless of the requirement from server? I am thinking a detection mechanism as below: Issue HTTP GET to "/redfish/v1/Systems" (which normally require authentication) without authentication method. a) if client receive 200 OK, "No Auth" is used and we don't need to get credentials b) if client receive 401 Unauthorized, check the "WWW-Authenticate" field in returned HTTP header. "Basic realm" or "X-Auh-Token realm" or both two methods will be specified. Then client can know what method to use. Two methods all require credential. Above mechanism can be placed in RedfishCredentailDxe driver so driver will know if it needs to call credential lib or not. Thanks, Nickle -----Original Message----- From: Igor Kulchytskyy <igork@ami.com<mailto:igork@ami.com>> Sent: Friday, October 28, 2022 9:54 PM To: Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>> Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> Subject: RE: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation External email: Use caution opening links or attachments Hi Abner, Yes, you are right that NVRAM variables were deprecated by DMTF. But we can use our own boot time NVRAM variable to keep FW credentials. That variable will not be accessible from OS, but since we agreed not to disable bootstrap credentials service on exit boot event, then OS may get its own credentials. Or we can save the credentials in memory variable. But in this case if we have several instances of the library linked with different modules they will have to send their own IPMI command to get credentials. So, I think it is better to use our own NVRAM boot time variable. Thank you, Igor -----Original Message----- From: Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>> Sent: Friday, October 28, 2022 3:48 AM To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Igor Kulchytskyy <igork@ami.com<mailto:igork@ami.com>>; nicklew@nvidia.com<mailto:nicklew@nvidia.com> Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> Subject: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation **CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.** [AMD Official Use Only - General] > -----Original Message----- > From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Igor > Kulchytskyy via groups.io > Sent: Thursday, October 27, 2022 10:42 PM > To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; nicklew@nvidia.com<mailto:nicklew@nvidia.com>; Chang, Abner > <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>> > Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> > Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: > IPMI implementation > > Caution: This message originated from an External Source. Use proper > caution when opening attachments, clicking links, or responding. > > > Hi Nickle, > Pleased, see my comments on your questions below. > > Another point I missed in my previous mail. > You have that function in the library to get credentials and it is > used by RedfishCredentialsDxe driver to create the protocol which in > its turn will be used by other Redfish modules. > We do not know how many modules and how many times will call this > function during boot. Right? > And on each call of this function you call IPMI command. That command > will create new Redfish account on BMC side according to Redfish HI specification: > > " If the Get Bootstrap Account Credentials command has been issued and > responds with the completion code 00h, a bootstrap account shall be > added to the manager's account collection and enabled. If the Get > Bootstrap Account Credentials command is sent subsequent times and > responds with the completion code 00h, a new account shall be created > based on the newly generated credentials. Any existing bootstrap accounts shall remain active." > > As I know BMC may have some restrictions on the number of Redfish > accounts they can support. > And because of that BOS may hit this limit. Which is not good. > On the other hand I'm not sure we need to have different credentials > for different modules? All those modules are part of FW. And all of > them will be associated with the same RoleID (FW role) on BMC side. > So, all of them may use the same credentials. > Could we cash the credentials on first call of that Yes, this is something we have to avoid. Many accounts will be created while each of Redfish client module requests a credential. FW can save it in EFI variable and delete it at proper timing. Unfortunately the credential delivering via EFI variable section was deprecated, otherwise we can deliver the credential to OS through EFI variable with disabling the bootstrap credential at exit boot service. Abner > RedfishCredentialGetAuthInfo and then use those cashed credentials on > subsequential calls? > It will also may save a boot time, since there is no need to send IPMI > command. > > Thank you, > Igor > > -----Original Message----- > From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Nickle > Wang via groups.io > Sent: Thursday, October 27, 2022 9:26 AM > To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Igor Kulchytskyy <igork@ami.com<mailto:igork@ami.com>>; > abner.chang@amd.com<mailto:abner.chang@amd.com> > Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> > Subject: [EXTERNAL] Re: [edk2-devel] [PATCH] > RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation > > > **CAUTION: The e-mail below is from an external source. Please > exercise caution before opening attachments, clicking links, or > following guidance.** > > Hi Igor, > > Thank you for your help to review my changes. > > > And it will be blocked by our IPMI call. > > I see your point. So, BIOS should never be the person to shutdown > credential service because BIOS always get executed prior to OS, right? > > Igor: Yes, my point is that we should not shutdown credential service > from BIOS. Even if OS sends that IPMI command, new account will be > created and BIOS credentials will not be compromised. > > > Should it be configured with some PCD? Maybe user may select in > > Setup > what method should be used? Or it could be build time configuration? > > I have below assumption while I implemented the library. I admit this > is not always true. > > No Auth: I think this is rare case for Redfish service which gives > anonymous privilege to change BIOS settings. > Basic Auth: this is the authentication method which uses username and > password to build base64 encoded string. > Session Auth: I assume that client must have a session token first and > then use this authentication method. Can we use username and password > to generate session token on our own? If my memory serves me > correctly, client has to do a login with username and password first > and then client can receive session token from server. > > Igor: BIOS will use the credentials to create session. It should send > POST request to the session URI with user name and password to create session. > If a session created successfully then on response BMC returns header > "X- Auth-Token" which then used for the subsequential calls. > > If we really like to know what authentication method that Redfish > service used, we can issue a HTTP query to "/redfish/v1/Systems" with "No Auth". > Then we can know what authentication method is required by reading the > "WWW-Authenticate " filed in returned HTTP header. > > Igor: As my understanding, even if you include authentication header > (Base64 encoded) in the request to BMC and BMC has NoAuth > configuration, then that authentication header would be just ignored by BMC. > > Thanks, > Nickle > > -----Original Message----- > From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Igor > Kulchytskyy via groups.io > Sent: Wednesday, October 26, 2022 11:26 PM > To: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; > abner.chang@amd.com<mailto:abner.chang@amd.com> > Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> > Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: > IPMI implementation > > External email: Use caution opening links or attachments > > > Hi Nickle, > I would like to discuss that DisableBootstrapControl flag and how it > is used in our implementation. > According to Redfish HI specification we can use this flag to disable > credential bootstrapping control. > It can be disabled permanently or till next reboot of the host or > service. That depend on the EnableAfterReset setting on BMC side: > CredentialBootstrapping (v1.3+) > { object The credential bootstrapping settings for this interface. > EnableAfterReset (v1.3+) Boolean read-write (null) An > indication of whether credential bootstrapping is enabled after a reset for this interface. > Enabled (v1.3+) Boolean read-write (null) An indication of > whether credential bootstrapping is enabled for this interface. > RoleId (v1.3+) string read-write The role used for the > bootstrap account created for this interface. > } > So, if EnableAfterReset set to false, that means BMC will response > with 0x80 error and will not return any credentials after reboot. And > BIOS BMC communication will fail. > Another concern with disabling credential bootstrapping control is > that we do it on Exit Boot event before passing a control to OS. > But OS may also need to communicate to BMC through Redfish Host > Interface to post some information. And it will be blocked by our IPMI call. > We create that SMBIOS Type 42 table with Redfish Host Interface > settings which can be used by OS to communicate with BMC. But without > the credentials it will not be possible. > > Another question is AuthMethod parameter you initialize in this library: > *AuthMethod = AuthMethodHttpBasic; > According to Redfish HI specification 3 methods may be used - No Auth, > Basic Auth and Session Auth. > Basic Auth and Session Auth methods are required the credentials to be > used by BIOS. And both of them should be supported by BMC. > And your high level function RedfishCreateLibredfishService also > supports of creation Basic or Session Auth service. > I'm not sure why low level library which is created to get credentials > from BMC should decide what Authentication method should be used? > Should it be configured with some PCD? Maybe user may select in Setup > what method should be used? Or it could be build time configuration? > > Thank you, > Igor > > -----Original Message----- > From: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>> > Sent: Tuesday, October 25, 2022 4:24 AM > To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; abner.chang@amd.com<mailto:abner.chang@amd.com> > Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>>; Igor Kulchytskyy > <igork@ami.com<mailto:igork@ami.com>> > Subject: [EXTERNAL] RE: [edk2-devel] [PATCH] > RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation > > > **CAUTION: The e-mail below is from an external source. Please > exercise caution before opening attachments, clicking links, or > following guidance.** > > Thanks for your review comments, Abner! I will update new version > patch later. The CI build error will be handled together. > > > please add Igor as reviewer too > Sure! > > > > + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); > > + if > [Chang, Abner] > Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both > BootUsername and BootstrapPassword? Because the maximum number of > characters defined in the spec is USERNAME_MAX_LENGTH for the > user/password. > > Yes, the additional one byte is for NULL terminator. > USERNAME_MAX_LENGTH is defined as 16 and follow host interface > specification. > > Regards, > Nickle > > -----Original Message----- > From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Chang, > Abner via groups.io > Sent: Saturday, October 22, 2022 3:01 PM > To: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> > Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>>; Igor Kulchytskyy > <igork@ami.com<mailto:igork@ami.com>> > Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: > IPMI implementation > > External email: Use caution opening links or attachments > > > [AMD Official Use Only - General] > > Hi Nickle, please add Igor as reviewer too. My comments is in below, > > > -----Original Message----- > > From: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>> > > Sent: Thursday, October 20, 2022 10:55 AM > > To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> > > Cc: Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>>; Nick Ramirez > > <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> > > Subject: [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI > > implementation > > > > Caution: This message originated from an External Source. Use proper > > caution when opening attachments, clicking links, or responding. > > > > > > This library follows Redfish Host Interface specification and use > > IPMI command to get bootstrap account credential(NetFn 2Ch, Command > > 02h) > from BMC. > > RedfishHostInterfaceDxe will use this credential for the following > > communication between BIOS and BMC. > > > > Cc: Abner Chang <abner.chang@amd.com<mailto:abner.chang@amd.com>> > > Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> > > Signed-off-by: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>> > > --- > > .../RedfishPlatformCredentialLib.c | 273 ++++++++++++++++++ > > .../RedfishPlatformCredentialLib.h | 75 +++++ > > .../RedfishPlatformCredentialLib.inf | 37 +++ > [Chang, Abner] > Could we name this library RedfishPlatformCredentialIpmi so the naming > style is consistent with RedfishPlatformCredentialNull? > > > 3 files changed, 385 insertions(+) > > create mode 100644 > > > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredent > ial > Lib. > > c > > create mode 100644 > > > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredent > ial > Lib. > > h > > create mode 100644 > > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > > nt > > ialLib.i > > nf > > > > diff --git > > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.c > > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.c > > new file mode 100644 > > index 0000000000..23a15ab1fa > > --- /dev/null > > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatfor > > +++ mC > > +++ re > > +++ dentialLib.c > > @@ -0,0 +1,273 @@ > > +/** @file > > +* > > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > > +* > > +* SPDX-License-Identifier: BSD-2-Clause-Patent > [Chang, Abner] > We can have "@par Revision Reference:" in the file header to point > out the spec. > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fnam1&data=05%7C01%7Cnicklew%40nvidia.com%7C3f7c98d402b8471f95d408dab8fdeb00%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638025697967855556%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=90NlFqDGaEtk5kMibeuQ3%2FzQNn3ANJn1LcF6RNqsJJ0%3D&reserved=0<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fnam1&data=05%7C01%7Cabner.chang%40amd.com%7C1d7d09ba6c1641d6407808dab93c3fc1%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C638025965694783993%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=pYBQ2ukVH3yQg5%2FojJZvS%2BzvBPUCjND5vatCLiXqjUw%3D&reserved=0> > 1.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fnam1 > &data=05%7C01%7Cigork%40ami.com%7C224e78526d7d45a7b31108dab8f42ac1 > %7C27e97857e15f486cb58e86c2b3040f93%7C1%7C0%7C638025656093102767%7CUnk > nown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWw > iLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=YN52FOx%2F%2F1YYG8Nl86vu7zlz > M%2BpLMk3Ym0RNPLxLKqw%3D&reserved=0 > 2.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fnam1 > &data=05%7C01%7Cnicklew%40nvidia.com%7C90696ea8811e49e371a708dab8e > be2d8%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638025620543993279% > 7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik > 1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CyvRgMZREOk5Yf0hU3CmH%2 > B08ktxMYw%2Bixr4UVywfrAQ%3D&reserved=0 > 1.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fww&a > mp;data=05%7C01%7Cigork%40ami.com%7C2b5b562c02c04c90d51208dab8b8c0fd%7 > C27e97857e15f486cb58e86c2b3040f93%7C1%7C0%7C638025400915295621%7CUnkno > wn%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiL > CJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Uy%2B3HS336N3rgNSESPcyOPGX3eOR > 48hekdz08nLtJU4%3D&reserved=0 > w.dmtf.org%2Fsites%2Fdefault%2Ffiles%2Fstandards%2Fdocuments%2FDSP > 0270_1.3.0.pdf&data=05%7C01%7Cabner.chang%40amd.com%7C074aa > e162fba49409af408dab8297c03%7C3dd8961fe4884e608e11a82d994e183d%7C > 0%7C0%7C638024786060127888%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiM > C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000 > %7C%7C%7C&sdata=yY6hhKjQfVqmNuufbeDNk%2B2FKrebHyIAyS9Ya4 > szE3Y%3D&reserved=0 > > > +* > > +**/ > > + > > +#include "RedfishPlatformCredentialLib.h" > > + > > +// > > +// Global flag of controlling credential service // BOOLEAN > > +mRedfishServiceStopped = FALSE; > > + > > +/** > > + Notify the Redfish service provide to stop provide configuration > > +service to this > > platform. > > + > > + This function should be called when the platfrom is about to > > + leave the safe > > environment. > > + It will notify the Redfish service provider to abort all logined > > + session, and prohibit further login with original auth info. > > + GetAuthInfo() will return EFI_UNSUPPORTED once this function is > returned. > > + > > + @param[in] This Pointer to > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > > + @param[in] ServiceStopType Reason of stopping Redfish service. > > + > > + @retval EFI_SUCCESS Service has been stoped successfully. > > + @retval EFI_INVALID_PARAMETER This is NULL. > > + @retval Others Some error happened. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +LibStopRedfishService ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE > ServiceStopType > > + ) > > +{ > > + EFI_STATUS Status; > > + > > + if ((ServiceStopType <= ServiceStopTypeNone) || (ServiceStopType > > + >= > > ServiceStopTypeMax)) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + // > > + // Raise flag first > > + // > > + mRedfishServiceStopped = TRUE; > > + > > + // > > + // Notify BMC to disable credential bootstrapping support. > > + // > > + Status = GetBootstrapAccountCredentials (TRUE, NULL, NULL); if > > + (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: fail to disable bootstrap credential: > > + %r\n", > > __FUNCTION__, Status)); > > + return Status; > > + } > > + > > + return EFI_SUCCESS; > > +} > > + > > +/** > > + Notification of Exit Boot Service. > > + > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > > +**/ > > +VOID > > +EFIAPI > > +LibCredentialExitBootServicesNotify ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > > + ) > > +{ > > + // > > + // Stop the credential support when system is about to enter OS. > > + // > > + LibStopRedfishService (This, ServiceStopTypeExitBootService); } > > + > > +/** > > + Notification of End of DXe. > > + > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > > +**/ > > +VOID > > +EFIAPI > > +LibCredentialEndOfDxeNotify ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > > + ) > > +{ > > + // > > + // Do nothing now. > > + // We can stop credential support when system reach end-of-dxe > > +for security > > reason. > > + // > > +} > > + > > +/** > > + Function to retrieve temporary use credentials for the UEFI > > +redfish client > [Chang, Abner] > We miss the functionality to disable bootstrap credential service in > the function description. > > > + > > + @param[in] DisableBootstrapControl > > + TRUE - Tell the BMC to disable the bootstrap credential > > + service to ensure no one else gains credentials > > + FALSE Allow the bootstrap > > + credential service to continue @param[out] BootstrapUsername > > + A pointer to a UTF-8 encoded > > + string for the credential > > username > > + When DisableBootstrapControl > > + is TRUE, this pointer can be NULL > > + > > + @param[out] BootstrapPassword > > + A pointer to a UTF-8 encoded > > + string for the credential > > password > > + When DisableBootstrapControl > > + is TRUE, this pointer can be NULL > > + > > + @retval EFI_SUCCESS Credentials were successfully fetched and > > returned > > + @retval EFI_INVALID_PARAMETER BootstrapUsername or > > BootstrapPassword is NULL when DisableBootstrapControl > > + is set to FALSE > > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > [Chang, Abner] > The return status should also include the status of disabling > bootstrap credential. > > > > +**/ > > +EFI_STATUS > > +GetBootstrapAccountCredentials ( > > + IN BOOLEAN DisableBootstrapControl, > > + IN OUT CHAR8 *BootstrapUsername, OPTIONAL > > + IN OUT CHAR8 *BootstrapPassword OPTIONAL > > + ) > > +{ > > + EFI_STATUS Status; > > + IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA CommandData; > > + IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE ResponseData; > > + UINT32 ResponseSize; > > + > > + if (!PcdGetBool (PcdIpmiFeatureEnable)) { > > + DEBUG ((DEBUG_ERROR, "%a: IPMI is not enabled! Unable to fetch > > + Redfish > > credentials\n", __FUNCTION__)); > > + return EFI_UNSUPPORTED; > > + } > > + > > + // > > + // NULL buffer check > > + // > > + if (!DisableBootstrapControl && ((BootstrapUsername == NULL) || > > (BootstrapPassword == NULL))) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + DEBUG ((DEBUG_VERBOSE, "%a: Disable bootstrap control: 0x%x\n", > > + __FUNCTION__, DisableBootstrapControl)); > > + > > + // > > + // IPMI callout to NetFn 2C, command 02 > > + // Request data: > > + // Byte 1: REDFISH_IPMI_GROUP_EXTENSION > > + // Byte 2: DisableBootstrapControl > > + // > > + CommandData.GroupExtensionId = > REDFISH_IPMI_GROUP_EXTENSION; > > + CommandData.DisableBootstrapControl = (DisableBootstrapControl ? > > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE : > > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE); > > + > > + ResponseSize = sizeof (ResponseData); > > + > > + // > > + // Response data: > > + // Byte 1 : Completion code > > + // Byte 2 : REDFISH_IPMI_GROUP_EXTENSION > > + // Byte 3-18 : Username > > + // Byte 19-34: Password > > + // > > + Status = IpmiSubmitCommand ( > > + IPMI_NETFN_GROUP_EXT, > > + REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD, > > + (UINT8 *)&CommandData, > > + sizeof (CommandData), > > + (UINT8 *)&ResponseData, > > + &ResponseSize > > + ); > > + > > + if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: IPMI transaction failure. > > + Returning\n", > > __FUNCTION__)); > > + ASSERT_EFI_ERROR (Status); > > + return Status; > > + } else { > > + if (ResponseData.CompletionCode != IPMI_COMP_CODE_NORMAL) { > > + if (ResponseData.CompletionCode == > > REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED) { > > + DEBUG ((DEBUG_ERROR, "%a: bootstrap credential support was > > disabled\n", __FUNCTION__)); > > + return EFI_ACCESS_DENIED; > > + } > > + > > + DEBUG ((DEBUG_ERROR, "%a: Completion code = 0x%x. > > + Returning\n", > > __FUNCTION__, ResponseData.CompletionCode)); > > + return EFI_PROTOCOL_ERROR; > > + } else if (ResponseData.GroupExtensionId != > > REDFISH_IPMI_GROUP_EXTENSION) { > > + DEBUG ((DEBUG_ERROR, "%a: Group Extension Response = 0x%x. > > Returning\n", __FUNCTION__, ResponseData.GroupExtensionId)); > > + return EFI_DEVICE_ERROR; > > + } else { > > + if (BootstrapUsername != NULL) { > > + CopyMem (BootstrapUsername, ResponseData.Username, > > USERNAME_MAX_LENGTH); > > + // > > + // Manually append null-terminator in case 16 characters > > + username > > returned. > > + // > > + BootstrapUsername[USERNAME_MAX_LENGTH] = '\0'; > > + } > > + > > + if (BootstrapPassword != NULL) { > > + CopyMem (BootstrapPassword, ResponseData.Password, > > PASSWORD_MAX_LENGTH); > > + // > > + // Manually append null-terminator in case 16 characters > > + password > > returned. > > + // > > + BootstrapPassword[PASSWORD_MAX_LENGTH] = '\0'; > > + } > > + } > > + } > > + > > + return Status; > > +} > > + > > +/** > > + Retrieve platform's Redfish authentication information. > > + > > + This functions returns the Redfish authentication method together > > + with the user Id and password. > > + - For AuthMethodNone, the UserId and Password could be used for > > + HTTP > > header authentication > > + as defined by RFC7235. > > + - For AuthMethodRedfishSession, the UserId and Password could be > > + used for > > Redfish > > + session login as defined by Redfish API specification (DSP0266). > > + > > + Callers are responsible for and freeing the returned string storage. > > + > > + @param[in] This Pointer to > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > > + @param[out] AuthMethod Type of Redfish authentication method. > > + @param[out] UserId The pointer to store the returned UserId > string. > > + @param[out] Password The pointer to store the returned > Password > > string. > > + > > + @retval EFI_SUCCESS Get the authentication information > successfully. > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe. > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or > > Password is NULL. > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory > resources. > > + @retval EFI_UNSUPPORTED Unsupported authentication method is > > found. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +LibCredentialGetAuthInfo ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod, > > + OUT CHAR8 **UserId, > > + OUT CHAR8 **Password > > + ) > > +{ > > + EFI_STATUS Status; > > + > > + if ((AuthMethod == NULL) || (UserId == NULL) || (Password == NULL)) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + *UserId = NULL; > > + *Password = NULL; > > + > > + if (mRedfishServiceStopped) { > > + DEBUG ((DEBUG_ERROR, "%a: credential service is stopped due to > > + security > > reason\n", __FUNCTION__)); > > + return EFI_ACCESS_DENIED; > > + } > > + > > + *AuthMethod = AuthMethodHttpBasic; > > + > > + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); > > + if > [Chang, Abner] > Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both > BootUsername and BootstrapPassword? Because the maximum number of > characters defined in the spec is USERNAME_MAX_LENGTH for the > user/password. > > > > + (*UserId == NULL) { > > + return EFI_OUT_OF_RESOURCES; > > + } > > + > > + *Password = AllocateZeroPool (sizeof (CHAR8) * > > + PASSWORD_MAX_SIZE); if (*Password == NULL) { > > + return EFI_OUT_OF_RESOURCES; > > + } > > + > > + Status = GetBootstrapAccountCredentials (FALSE, *UserId, > > + *Password); if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: fail to get bootstrap credential: > > + %r\n", > > __FUNCTION__, Status)); > > + return Status; > > + } > > + > > + return EFI_SUCCESS; > > +} > > diff --git > > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.h > > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.h > > new file mode 100644 > > index 0000000000..5b448e01be > > --- /dev/null > > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatfor > > +++ mC > > +++ re > > +++ dentialLib.h > > @@ -0,0 +1,75 @@ > > +/** @file > > +* > > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > > +* > > +* SPDX-License-Identifier: BSD-2-Clause-Patent > > +* > > +**/ > > +#include <Uefi.h> > > +#include <IndustryStandard/Ipmi.h> > > +#include <Protocol/EdkIIRedfishCredential.h> > > +#include <Library/BaseLib.h> > > +#include <Library/BaseMemoryLib.h> > > +#include <Library/DebugLib.h> > > +#include <Library/IpmiBaseLib.h> > > +#include <Library/MemoryAllocationLib.h> #include > > +<Library/RedfishCredentialLib.h> > > + > > +#define REDFISH_IPMI_GROUP_EXTENSION 0x52 > > +#define REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD 0x02 > > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE 0xA5 > > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE 0x00 > > +#define > REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED > > 0x80 > > + > > +// > > +// Per Redfish Host Interface Specification 1.3, The maximum lenght > > +of // username and password is 16 characters long. > > +// > > +#define USERNAME_MAX_LENGTH 16 > > +#define PASSWORD_MAX_LENGTH 16 > > +#define USERNAME_MAX_SIZE (USERNAME_MAX_LENGTH + 1) // > NULL > > terminator > > +#define PASSWORD_MAX_SIZE (PASSWORD_MAX_LENGTH + 1) // > NULL > > terminator > > + > > +#pragma pack(1) > > +/// > > +/// The definition of IPMI command to get bootstrap account > > +credentials /// typedef struct { > > + UINT8 GroupExtensionId; > > + UINT8 DisableBootstrapControl; > > +} IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA; > > + > > +/// > > +/// The response data of getting bootstrap credential /// typedef > > +struct { > > + UINT8 CompletionCode; > > + UINT8 GroupExtensionId; > > + CHAR8 Username[USERNAME_MAX_LENGTH]; > > + CHAR8 Password[PASSWORD_MAX_LENGTH]; > > +} IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE; > > + > > +#pragma pack() > > + > > +/** > > + Function to retrieve temporary use credentials for the UEFI > > +redfish client > [Chang, Abner] > We miss the functionality to disable bootstrap credential service in > the function description. > > > + > > + @param[in] DisableBootstrapControl > > + TRUE - Tell the BMC to disable the bootstrap credential > > + service to ensure no one else gains credentials > > + FALSE Allow the bootstrap > > + credential service to continue @param[out] BootstrapUsername > > + A pointer to a UTF-8 encoded > > + string for the credential username > > + > > + @param[out] BootstrapPassword > > + A pointer to a UTF-8 encoded > > + string for the credential password > > + > > + @retval EFI_SUCCESS Credentials were successfully fetched and > > returned > [Chang, Abner] > Or the bootstrap credential service is disabled successfully, right? > > > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > > +**/ > > +EFI_STATUS > > +GetBootstrapAccountCredentials ( > > + IN BOOLEAN DisableBootstrapControl, > > + IN OUT CHAR8 *BootstrapUsername, > > + IN OUT CHAR8 *BootstrapPassword > > + ); > > diff --git > > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.inf > > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.inf > > new file mode 100644 > > index 0000000000..a990d28363 > > --- /dev/null > > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatfor > > +++ mC > > +++ re > > +++ dentialLib.inf > > @@ -0,0 +1,37 @@ > > +## @file > > +# > > +# Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > > +# > > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ## > > + > > +[Defines] > > + INF_VERSION = 0x0001000b > > + BASE_NAME = RedfishPlatformCredentialLib > > + FILE_GUID = 9C45D622-4C66-417F-814C-F76246D97233 > > + MODULE_TYPE = DXE_DRIVER > > + VERSION_STRING = 1.0 > > + LIBRARY_CLASS = RedfishPlatformCredentialLib > > + > > +[Sources] > > + RedfishPlatformCredentialLib.c > > + > > +[Packages] > > + MdePkg/MdePkg.dec > > + MdeModulePkg/MdeModulePkg.dec > > + RedfishPkg/RedfishPkg.dec > > + IpmiFeaturePkg/IpmiFeaturePkg.dec > [Chang, Abner] > Could you please add a comment to the reference of IpmiFeaturePkg? We > have to give customers a notice that the dependence of "edk2- > platforms/Features/Intel/OutOfBandManagement/". They have to add the > path to PACKAGES_PATH. You also have to skip this dependence in the > RedfishPkg.yaml to avoid the CI error. > > Another thing is I propose to move out IpmiFeaturePkg from edk2- > platforms/Features/Intel/OutOfBandManagement to edk2- > platforms/Features/ManageabilityPkg that also provides the > implementation of PLDM/MCTP/IPMI/KCS. I had an initial talk with > IpmiFeaturePkg owner and get the positive response on this proposal. I > will kick off the discussion on the dev mailing list. That is to say > this module may need a little bit change later, however that is good > to me having this implementation now. > Thanks > Abner > > + > > +[LibraryClasses] > > + UefiLib > > + DebugLib > > + IpmiBaseLib > > + MemoryAllocationLib > > + BaseMemoryLib > > + > > +[Pcd] > > + gIpmiFeaturePkgTokenSpaceGuid.PcdIpmiFeatureEnable > > + > > +[Depex] > > + TRUE > > -- > > 2.17.1 > > > > > > -The information contained in this message may be confidential and > proprietary to American Megatrends (AMI). This communication is > intended to be read only by the individual or entity to whom it is > addressed or by their designee. If the reader of this message is not > the intended recipient, you are on notice that any distribution of > this message, in any form, is strictly prohibited. Please promptly > notify the sender by reply e-mail or by telephone at 770-246-8600, and > then delete or destroy all copies of the transmission. > > > > > > > > > > > -The information contained in this message may be confidential and > proprietary to American Megatrends (AMI). This communication is > intended to be read only by the individual or entity to whom it is > addressed or by their designee. If the reader of this message is not > the intended recipient, you are on notice that any distribution of > this message, in any form, is strictly prohibited. Please promptly > notify the sender by reply e-mail or by telephone at 770-246-8600, and > then delete or destroy all copies of the transmission. > > > > -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. [-- Attachment #2: Type: text/html, Size: 65232 bytes --] ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation 2022-10-30 15:33 ` Chang, Abner @ 2022-10-30 18:56 ` Igor Kulchytskyy 2022-10-31 2:24 ` Chang, Abner 0 siblings, 1 reply; 15+ messages in thread From: Igor Kulchytskyy @ 2022-10-30 18:56 UTC (permalink / raw) To: Chang, Abner, Nickle Wang, devel@edk2.groups.io; +Cc: Nick Ramirez [-- Attachment #1: Type: text/plain, Size: 43428 bytes --] Hi Abner, "redfish/v1" does not require any authentication. But "redfish/v1" json response contains the links to high level resources - systems, chassis etc. My point was to get the URI to systems from that json response, rather than have it hard coded. If both auth methods supported, we should go with more secured one - session authentication. In this case we do not need to send username and password within each request. Thank you, Igor Get Outlook for Android<https://aka.ms/AAb9ysg> ________________________________ From: Chang, Abner <Abner.Chang@amd.com> Sent: Sunday, October 30, 2022 11:33:26 AM To: Nickle Wang <nicklew@nvidia.com>; Igor Kulchytskyy <igork@ami.com>; devel@edk2.groups.io <devel@edk2.groups.io> Cc: Nick Ramirez <nramirez@nvidia.com> Subject: RE: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation [AMD Official Use Only - General] Does "/redfish/v1” require authentication? I think this solution is ok if "/redfish/v1” requires the authentication. Another thing is how do we determine to use Basic authentication or the session token? Abner From: Nickle Wang <nicklew@nvidia.com> Sent: Saturday, October 29, 2022 7:29 AM To: Igor Kulchytskyy <igork@ami.com>; Chang, Abner <Abner.Chang@amd.com>; devel@edk2.groups.io Cc: Nick Ramirez <nramirez@nvidia.com> Subject: Re: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation Caution: This message originated from an External Source. Use proper caution when opening attachments, clicking links, or responding. Hi Igor, Yes, we should get the URI to computer system collection by parsing "/redfish/v1". Hi Abner, What do you think about this? And if we like to select authentication method for Redfish communication in this way, we need to update RedfishCredentialLib.h because now the authentication method is not decided by this low-level library. Thanks, Nickle ________________________________ From: Igor Kulchytskyy <igork@ami.com<mailto:igork@ami.com>> Sent: Saturday, October 29, 2022 12:03 AM To: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>>; Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> Subject: RE: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation External email: Use caution opening links or attachments Hi Nickle, I think this is a good idea to send a request to the URI which requires the authentication and then analyze the header of response. The only thing I would like to discuss is a hardcoded URI - "/redfish/v1/Systems". Shouldn't we parse "redfish/v1" json response and get the URI from "Systems" attribute. That, I think, would be more universal method. And that is what Redfish specification said, that user should be able to iterate from Redfish service root "redfish/v1" to any redfish resource. Thank you, Igor -----Original Message----- From: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>> Sent: Friday, October 28, 2022 10:53 AM To: Igor Kulchytskyy <igork@ami.com<mailto:igork@ami.com>>; Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> Subject: RE: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation Hi Igor, Abner, Thanks for your comments. A quick summary as below: - BIOS is not supported to disable bootstrap credential service. For security purposes, BIOS should shutdown credential service with its internal control mechanism. - Credential libraries need a cache mechanism to prevent multiple queries to BMC. All applications in BIOS share the same credentials. - The storage of keeping credentials should be deleted before the end of the DXE event. So that the credential will not be retrieved by unauthorized user or application. (e.g. user can read variable under UEFI shell with dmpstore command) There is one thing remained and I like to have further discussion. For the authentication method, do we think that client user can decide what authentication method to use regardless of the requirement from server? I am thinking a detection mechanism as below: Issue HTTP GET to "/redfish/v1/Systems" (which normally require authentication) without authentication method. a) if client receive 200 OK, "No Auth" is used and we don't need to get credentials b) if client receive 401 Unauthorized, check the "WWW-Authenticate" field in returned HTTP header. "Basic realm" or "X-Auh-Token realm" or both two methods will be specified. Then client can know what method to use. Two methods all require credential. Above mechanism can be placed in RedfishCredentailDxe driver so driver will know if it needs to call credential lib or not. Thanks, Nickle -----Original Message----- From: Igor Kulchytskyy <igork@ami.com<mailto:igork@ami.com>> Sent: Friday, October 28, 2022 9:54 PM To: Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>> Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> Subject: RE: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation External email: Use caution opening links or attachments Hi Abner, Yes, you are right that NVRAM variables were deprecated by DMTF. But we can use our own boot time NVRAM variable to keep FW credentials. That variable will not be accessible from OS, but since we agreed not to disable bootstrap credentials service on exit boot event, then OS may get its own credentials. Or we can save the credentials in memory variable. But in this case if we have several instances of the library linked with different modules they will have to send their own IPMI command to get credentials. So, I think it is better to use our own NVRAM boot time variable. Thank you, Igor -----Original Message----- From: Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>> Sent: Friday, October 28, 2022 3:48 AM To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Igor Kulchytskyy <igork@ami.com<mailto:igork@ami.com>>; nicklew@nvidia.com<mailto:nicklew@nvidia.com> Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> Subject: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation **CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.** [AMD Official Use Only - General] > -----Original Message----- > From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Igor > Kulchytskyy via groups.io > Sent: Thursday, October 27, 2022 10:42 PM > To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; nicklew@nvidia.com<mailto:nicklew@nvidia.com>; Chang, Abner > <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>> > Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> > Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: > IPMI implementation > > Caution: This message originated from an External Source. Use proper > caution when opening attachments, clicking links, or responding. > > > Hi Nickle, > Pleased, see my comments on your questions below. > > Another point I missed in my previous mail. > You have that function in the library to get credentials and it is > used by RedfishCredentialsDxe driver to create the protocol which in > its turn will be used by other Redfish modules. > We do not know how many modules and how many times will call this > function during boot. Right? > And on each call of this function you call IPMI command. That command > will create new Redfish account on BMC side according to Redfish HI specification: > > " If the Get Bootstrap Account Credentials command has been issued and > responds with the completion code 00h, a bootstrap account shall be > added to the manager's account collection and enabled. If the Get > Bootstrap Account Credentials command is sent subsequent times and > responds with the completion code 00h, a new account shall be created > based on the newly generated credentials. Any existing bootstrap accounts shall remain active." > > As I know BMC may have some restrictions on the number of Redfish > accounts they can support. > And because of that BOS may hit this limit. Which is not good. > On the other hand I'm not sure we need to have different credentials > for different modules? All those modules are part of FW. And all of > them will be associated with the same RoleID (FW role) on BMC side. > So, all of them may use the same credentials. > Could we cash the credentials on first call of that Yes, this is something we have to avoid. Many accounts will be created while each of Redfish client module requests a credential. FW can save it in EFI variable and delete it at proper timing. Unfortunately the credential delivering via EFI variable section was deprecated, otherwise we can deliver the credential to OS through EFI variable with disabling the bootstrap credential at exit boot service. Abner > RedfishCredentialGetAuthInfo and then use those cashed credentials on > subsequential calls? > It will also may save a boot time, since there is no need to send IPMI > command. > > Thank you, > Igor > > -----Original Message----- > From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Nickle > Wang via groups.io > Sent: Thursday, October 27, 2022 9:26 AM > To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Igor Kulchytskyy <igork@ami.com<mailto:igork@ami.com>>; > abner.chang@amd.com<mailto:abner.chang@amd.com> > Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> > Subject: [EXTERNAL] Re: [edk2-devel] [PATCH] > RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation > > > **CAUTION: The e-mail below is from an external source. Please > exercise caution before opening attachments, clicking links, or > following guidance.** > > Hi Igor, > > Thank you for your help to review my changes. > > > And it will be blocked by our IPMI call. > > I see your point. So, BIOS should never be the person to shutdown > credential service because BIOS always get executed prior to OS, right? > > Igor: Yes, my point is that we should not shutdown credential service > from BIOS. Even if OS sends that IPMI command, new account will be > created and BIOS credentials will not be compromised. > > > Should it be configured with some PCD? Maybe user may select in > > Setup > what method should be used? Or it could be build time configuration? > > I have below assumption while I implemented the library. I admit this > is not always true. > > No Auth: I think this is rare case for Redfish service which gives > anonymous privilege to change BIOS settings. > Basic Auth: this is the authentication method which uses username and > password to build base64 encoded string. > Session Auth: I assume that client must have a session token first and > then use this authentication method. Can we use username and password > to generate session token on our own? If my memory serves me > correctly, client has to do a login with username and password first > and then client can receive session token from server. > > Igor: BIOS will use the credentials to create session. It should send > POST request to the session URI with user name and password to create session. > If a session created successfully then on response BMC returns header > "X- Auth-Token" which then used for the subsequential calls. > > If we really like to know what authentication method that Redfish > service used, we can issue a HTTP query to "/redfish/v1/Systems" with "No Auth". > Then we can know what authentication method is required by reading the > "WWW-Authenticate " filed in returned HTTP header. > > Igor: As my understanding, even if you include authentication header > (Base64 encoded) in the request to BMC and BMC has NoAuth > configuration, then that authentication header would be just ignored by BMC. > > Thanks, > Nickle > > -----Original Message----- > From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Igor > Kulchytskyy via groups.io > Sent: Wednesday, October 26, 2022 11:26 PM > To: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; > abner.chang@amd.com<mailto:abner.chang@amd.com> > Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> > Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: > IPMI implementation > > External email: Use caution opening links or attachments > > > Hi Nickle, > I would like to discuss that DisableBootstrapControl flag and how it > is used in our implementation. > According to Redfish HI specification we can use this flag to disable > credential bootstrapping control. > It can be disabled permanently or till next reboot of the host or > service. That depend on the EnableAfterReset setting on BMC side: > CredentialBootstrapping (v1.3+) > { object The credential bootstrapping settings for this interface. > EnableAfterReset (v1.3+) Boolean read-write (null) An > indication of whether credential bootstrapping is enabled after a reset for this interface. > Enabled (v1.3+) Boolean read-write (null) An indication of > whether credential bootstrapping is enabled for this interface. > RoleId (v1.3+) string read-write The role used for the > bootstrap account created for this interface. > } > So, if EnableAfterReset set to false, that means BMC will response > with 0x80 error and will not return any credentials after reboot. And > BIOS BMC communication will fail. > Another concern with disabling credential bootstrapping control is > that we do it on Exit Boot event before passing a control to OS. > But OS may also need to communicate to BMC through Redfish Host > Interface to post some information. And it will be blocked by our IPMI call. > We create that SMBIOS Type 42 table with Redfish Host Interface > settings which can be used by OS to communicate with BMC. But without > the credentials it will not be possible. > > Another question is AuthMethod parameter you initialize in this library: > *AuthMethod = AuthMethodHttpBasic; > According to Redfish HI specification 3 methods may be used - No Auth, > Basic Auth and Session Auth. > Basic Auth and Session Auth methods are required the credentials to be > used by BIOS. And both of them should be supported by BMC. > And your high level function RedfishCreateLibredfishService also > supports of creation Basic or Session Auth service. > I'm not sure why low level library which is created to get credentials > from BMC should decide what Authentication method should be used? > Should it be configured with some PCD? Maybe user may select in Setup > what method should be used? Or it could be build time configuration? > > Thank you, > Igor > > -----Original Message----- > From: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>> > Sent: Tuesday, October 25, 2022 4:24 AM > To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; abner.chang@amd.com<mailto:abner.chang@amd.com> > Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>>; Igor Kulchytskyy > <igork@ami.com<mailto:igork@ami.com>> > Subject: [EXTERNAL] RE: [edk2-devel] [PATCH] > RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation > > > **CAUTION: The e-mail below is from an external source. Please > exercise caution before opening attachments, clicking links, or > following guidance.** > > Thanks for your review comments, Abner! I will update new version > patch later. The CI build error will be handled together. > > > please add Igor as reviewer too > Sure! > > > > + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); > > + if > [Chang, Abner] > Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both > BootUsername and BootstrapPassword? Because the maximum number of > characters defined in the spec is USERNAME_MAX_LENGTH for the > user/password. > > Yes, the additional one byte is for NULL terminator. > USERNAME_MAX_LENGTH is defined as 16 and follow host interface > specification. > > Regards, > Nickle > > -----Original Message----- > From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Chang, > Abner via groups.io > Sent: Saturday, October 22, 2022 3:01 PM > To: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> > Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>>; Igor Kulchytskyy > <igork@ami.com<mailto:igork@ami.com>> > Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: > IPMI implementation > > External email: Use caution opening links or attachments > > > [AMD Official Use Only - General] > > Hi Nickle, please add Igor as reviewer too. My comments is in below, > > > -----Original Message----- > > From: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>> > > Sent: Thursday, October 20, 2022 10:55 AM > > To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> > > Cc: Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>>; Nick Ramirez > > <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> > > Subject: [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI > > implementation > > > > Caution: This message originated from an External Source. Use proper > > caution when opening attachments, clicking links, or responding. > > > > > > This library follows Redfish Host Interface specification and use > > IPMI command to get bootstrap account credential(NetFn 2Ch, Command > > 02h) > from BMC. > > RedfishHostInterfaceDxe will use this credential for the following > > communication between BIOS and BMC. > > > > Cc: Abner Chang <abner.chang@amd.com<mailto:abner.chang@amd.com>> > > Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> > > Signed-off-by: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>> > > --- > > .../RedfishPlatformCredentialLib.c | 273 ++++++++++++++++++ > > .../RedfishPlatformCredentialLib.h | 75 +++++ > > .../RedfishPlatformCredentialLib.inf | 37 +++ > [Chang, Abner] > Could we name this library RedfishPlatformCredentialIpmi so the naming > style is consistent with RedfishPlatformCredentialNull? > > > 3 files changed, 385 insertions(+) > > create mode 100644 > > > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredent > ial > Lib. > > c > > create mode 100644 > > > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredent > ial > Lib. > > h > > create mode 100644 > > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > > nt > > ialLib.i > > nf > > > > diff --git > > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.c > > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.c > > new file mode 100644 > > index 0000000000..23a15ab1fa > > --- /dev/null > > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatfor > > +++ mC > > +++ re > > +++ dentialLib.c > > @@ -0,0 +1,273 @@ > > +/** @file > > +* > > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > > +* > > +* SPDX-License-Identifier: BSD-2-Clause-Patent > [Chang, Abner] > We can have "@par Revision Reference:" in the file header to point > out the spec. > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fnam1&data=05%7C01%7Cnicklew%40nvidia.com%7C3f7c98d402b8471f95d408dab8fdeb00%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638025697967855556%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=90NlFqDGaEtk5kMibeuQ3%2FzQNn3ANJn1LcF6RNqsJJ0%3D&reserved=0<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fnam1&data=05%7C01%7Cabner.chang%40amd.com%7C1d7d09ba6c1641d6407808dab93c3fc1%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C638025965694783993%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=pYBQ2ukVH3yQg5%2FojJZvS%2BzvBPUCjND5vatCLiXqjUw%3D&reserved=0> > 1.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fnam1 > &data=05%7C01%7Cigork%40ami.com%7C224e78526d7d45a7b31108dab8f42ac1 > %7C27e97857e15f486cb58e86c2b3040f93%7C1%7C0%7C638025656093102767%7CUnk > nown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWw > iLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=YN52FOx%2F%2F1YYG8Nl86vu7zlz > M%2BpLMk3Ym0RNPLxLKqw%3D&reserved=0 > 2.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fnam1 > &data=05%7C01%7Cnicklew%40nvidia.com%7C90696ea8811e49e371a708dab8e > be2d8%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638025620543993279% > 7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik > 1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CyvRgMZREOk5Yf0hU3CmH%2 > B08ktxMYw%2Bixr4UVywfrAQ%3D&reserved=0 > 1.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fww&a > mp;data=05%7C01%7Cigork%40ami.com%7C2b5b562c02c04c90d51208dab8b8c0fd%7 > C27e97857e15f486cb58e86c2b3040f93%7C1%7C0%7C638025400915295621%7CUnkno > wn%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiL > CJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Uy%2B3HS336N3rgNSESPcyOPGX3eOR > 48hekdz08nLtJU4%3D&reserved=0 > w.dmtf.org%2Fsites%2Fdefault%2Ffiles%2Fstandards%2Fdocuments%2FDSP > 0270_1.3.0.pdf&data=05%7C01%7Cabner.chang%40amd.com%7C074aa > e162fba49409af408dab8297c03%7C3dd8961fe4884e608e11a82d994e183d%7C > 0%7C0%7C638024786060127888%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiM > C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000 > %7C%7C%7C&sdata=yY6hhKjQfVqmNuufbeDNk%2B2FKrebHyIAyS9Ya4 > szE3Y%3D&reserved=0 > > > +* > > +**/ > > + > > +#include "RedfishPlatformCredentialLib.h" > > + > > +// > > +// Global flag of controlling credential service // BOOLEAN > > +mRedfishServiceStopped = FALSE; > > + > > +/** > > + Notify the Redfish service provide to stop provide configuration > > +service to this > > platform. > > + > > + This function should be called when the platfrom is about to > > + leave the safe > > environment. > > + It will notify the Redfish service provider to abort all logined > > + session, and prohibit further login with original auth info. > > + GetAuthInfo() will return EFI_UNSUPPORTED once this function is > returned. > > + > > + @param[in] This Pointer to > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > > + @param[in] ServiceStopType Reason of stopping Redfish service. > > + > > + @retval EFI_SUCCESS Service has been stoped successfully. > > + @retval EFI_INVALID_PARAMETER This is NULL. > > + @retval Others Some error happened. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +LibStopRedfishService ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE > ServiceStopType > > + ) > > +{ > > + EFI_STATUS Status; > > + > > + if ((ServiceStopType <= ServiceStopTypeNone) || (ServiceStopType > > + >= > > ServiceStopTypeMax)) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + // > > + // Raise flag first > > + // > > + mRedfishServiceStopped = TRUE; > > + > > + // > > + // Notify BMC to disable credential bootstrapping support. > > + // > > + Status = GetBootstrapAccountCredentials (TRUE, NULL, NULL); if > > + (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: fail to disable bootstrap credential: > > + %r\n", > > __FUNCTION__, Status)); > > + return Status; > > + } > > + > > + return EFI_SUCCESS; > > +} > > + > > +/** > > + Notification of Exit Boot Service. > > + > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > > +**/ > > +VOID > > +EFIAPI > > +LibCredentialExitBootServicesNotify ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > > + ) > > +{ > > + // > > + // Stop the credential support when system is about to enter OS. > > + // > > + LibStopRedfishService (This, ServiceStopTypeExitBootService); } > > + > > +/** > > + Notification of End of DXe. > > + > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > > +**/ > > +VOID > > +EFIAPI > > +LibCredentialEndOfDxeNotify ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > > + ) > > +{ > > + // > > + // Do nothing now. > > + // We can stop credential support when system reach end-of-dxe > > +for security > > reason. > > + // > > +} > > + > > +/** > > + Function to retrieve temporary use credentials for the UEFI > > +redfish client > [Chang, Abner] > We miss the functionality to disable bootstrap credential service in > the function description. > > > + > > + @param[in] DisableBootstrapControl > > + TRUE - Tell the BMC to disable the bootstrap credential > > + service to ensure no one else gains credentials > > + FALSE Allow the bootstrap > > + credential service to continue @param[out] BootstrapUsername > > + A pointer to a UTF-8 encoded > > + string for the credential > > username > > + When DisableBootstrapControl > > + is TRUE, this pointer can be NULL > > + > > + @param[out] BootstrapPassword > > + A pointer to a UTF-8 encoded > > + string for the credential > > password > > + When DisableBootstrapControl > > + is TRUE, this pointer can be NULL > > + > > + @retval EFI_SUCCESS Credentials were successfully fetched and > > returned > > + @retval EFI_INVALID_PARAMETER BootstrapUsername or > > BootstrapPassword is NULL when DisableBootstrapControl > > + is set to FALSE > > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > [Chang, Abner] > The return status should also include the status of disabling > bootstrap credential. > > > > +**/ > > +EFI_STATUS > > +GetBootstrapAccountCredentials ( > > + IN BOOLEAN DisableBootstrapControl, > > + IN OUT CHAR8 *BootstrapUsername, OPTIONAL > > + IN OUT CHAR8 *BootstrapPassword OPTIONAL > > + ) > > +{ > > + EFI_STATUS Status; > > + IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA CommandData; > > + IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE ResponseData; > > + UINT32 ResponseSize; > > + > > + if (!PcdGetBool (PcdIpmiFeatureEnable)) { > > + DEBUG ((DEBUG_ERROR, "%a: IPMI is not enabled! Unable to fetch > > + Redfish > > credentials\n", __FUNCTION__)); > > + return EFI_UNSUPPORTED; > > + } > > + > > + // > > + // NULL buffer check > > + // > > + if (!DisableBootstrapControl && ((BootstrapUsername == NULL) || > > (BootstrapPassword == NULL))) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + DEBUG ((DEBUG_VERBOSE, "%a: Disable bootstrap control: 0x%x\n", > > + __FUNCTION__, DisableBootstrapControl)); > > + > > + // > > + // IPMI callout to NetFn 2C, command 02 > > + // Request data: > > + // Byte 1: REDFISH_IPMI_GROUP_EXTENSION > > + // Byte 2: DisableBootstrapControl > > + // > > + CommandData.GroupExtensionId = > REDFISH_IPMI_GROUP_EXTENSION; > > + CommandData.DisableBootstrapControl = (DisableBootstrapControl ? > > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE : > > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE); > > + > > + ResponseSize = sizeof (ResponseData); > > + > > + // > > + // Response data: > > + // Byte 1 : Completion code > > + // Byte 2 : REDFISH_IPMI_GROUP_EXTENSION > > + // Byte 3-18 : Username > > + // Byte 19-34: Password > > + // > > + Status = IpmiSubmitCommand ( > > + IPMI_NETFN_GROUP_EXT, > > + REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD, > > + (UINT8 *)&CommandData, > > + sizeof (CommandData), > > + (UINT8 *)&ResponseData, > > + &ResponseSize > > + ); > > + > > + if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: IPMI transaction failure. > > + Returning\n", > > __FUNCTION__)); > > + ASSERT_EFI_ERROR (Status); > > + return Status; > > + } else { > > + if (ResponseData.CompletionCode != IPMI_COMP_CODE_NORMAL) { > > + if (ResponseData.CompletionCode == > > REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED) { > > + DEBUG ((DEBUG_ERROR, "%a: bootstrap credential support was > > disabled\n", __FUNCTION__)); > > + return EFI_ACCESS_DENIED; > > + } > > + > > + DEBUG ((DEBUG_ERROR, "%a: Completion code = 0x%x. > > + Returning\n", > > __FUNCTION__, ResponseData.CompletionCode)); > > + return EFI_PROTOCOL_ERROR; > > + } else if (ResponseData.GroupExtensionId != > > REDFISH_IPMI_GROUP_EXTENSION) { > > + DEBUG ((DEBUG_ERROR, "%a: Group Extension Response = 0x%x. > > Returning\n", __FUNCTION__, ResponseData.GroupExtensionId)); > > + return EFI_DEVICE_ERROR; > > + } else { > > + if (BootstrapUsername != NULL) { > > + CopyMem (BootstrapUsername, ResponseData.Username, > > USERNAME_MAX_LENGTH); > > + // > > + // Manually append null-terminator in case 16 characters > > + username > > returned. > > + // > > + BootstrapUsername[USERNAME_MAX_LENGTH] = '\0'; > > + } > > + > > + if (BootstrapPassword != NULL) { > > + CopyMem (BootstrapPassword, ResponseData.Password, > > PASSWORD_MAX_LENGTH); > > + // > > + // Manually append null-terminator in case 16 characters > > + password > > returned. > > + // > > + BootstrapPassword[PASSWORD_MAX_LENGTH] = '\0'; > > + } > > + } > > + } > > + > > + return Status; > > +} > > + > > +/** > > + Retrieve platform's Redfish authentication information. > > + > > + This functions returns the Redfish authentication method together > > + with the user Id and password. > > + - For AuthMethodNone, the UserId and Password could be used for > > + HTTP > > header authentication > > + as defined by RFC7235. > > + - For AuthMethodRedfishSession, the UserId and Password could be > > + used for > > Redfish > > + session login as defined by Redfish API specification (DSP0266). > > + > > + Callers are responsible for and freeing the returned string storage. > > + > > + @param[in] This Pointer to > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > > + @param[out] AuthMethod Type of Redfish authentication method. > > + @param[out] UserId The pointer to store the returned UserId > string. > > + @param[out] Password The pointer to store the returned > Password > > string. > > + > > + @retval EFI_SUCCESS Get the authentication information > successfully. > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe. > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or > > Password is NULL. > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory > resources. > > + @retval EFI_UNSUPPORTED Unsupported authentication method is > > found. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +LibCredentialGetAuthInfo ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod, > > + OUT CHAR8 **UserId, > > + OUT CHAR8 **Password > > + ) > > +{ > > + EFI_STATUS Status; > > + > > + if ((AuthMethod == NULL) || (UserId == NULL) || (Password == NULL)) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + *UserId = NULL; > > + *Password = NULL; > > + > > + if (mRedfishServiceStopped) { > > + DEBUG ((DEBUG_ERROR, "%a: credential service is stopped due to > > + security > > reason\n", __FUNCTION__)); > > + return EFI_ACCESS_DENIED; > > + } > > + > > + *AuthMethod = AuthMethodHttpBasic; > > + > > + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); > > + if > [Chang, Abner] > Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both > BootUsername and BootstrapPassword? Because the maximum number of > characters defined in the spec is USERNAME_MAX_LENGTH for the > user/password. > > > > + (*UserId == NULL) { > > + return EFI_OUT_OF_RESOURCES; > > + } > > + > > + *Password = AllocateZeroPool (sizeof (CHAR8) * > > + PASSWORD_MAX_SIZE); if (*Password == NULL) { > > + return EFI_OUT_OF_RESOURCES; > > + } > > + > > + Status = GetBootstrapAccountCredentials (FALSE, *UserId, > > + *Password); if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: fail to get bootstrap credential: > > + %r\n", > > __FUNCTION__, Status)); > > + return Status; > > + } > > + > > + return EFI_SUCCESS; > > +} > > diff --git > > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.h > > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.h > > new file mode 100644 > > index 0000000000..5b448e01be > > --- /dev/null > > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatfor > > +++ mC > > +++ re > > +++ dentialLib.h > > @@ -0,0 +1,75 @@ > > +/** @file > > +* > > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > > +* > > +* SPDX-License-Identifier: BSD-2-Clause-Patent > > +* > > +**/ > > +#include <Uefi.h> > > +#include <IndustryStandard/Ipmi.h> > > +#include <Protocol/EdkIIRedfishCredential.h> > > +#include <Library/BaseLib.h> > > +#include <Library/BaseMemoryLib.h> > > +#include <Library/DebugLib.h> > > +#include <Library/IpmiBaseLib.h> > > +#include <Library/MemoryAllocationLib.h> #include > > +<Library/RedfishCredentialLib.h> > > + > > +#define REDFISH_IPMI_GROUP_EXTENSION 0x52 > > +#define REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD 0x02 > > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE 0xA5 > > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE 0x00 > > +#define > REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED > > 0x80 > > + > > +// > > +// Per Redfish Host Interface Specification 1.3, The maximum lenght > > +of // username and password is 16 characters long. > > +// > > +#define USERNAME_MAX_LENGTH 16 > > +#define PASSWORD_MAX_LENGTH 16 > > +#define USERNAME_MAX_SIZE (USERNAME_MAX_LENGTH + 1) // > NULL > > terminator > > +#define PASSWORD_MAX_SIZE (PASSWORD_MAX_LENGTH + 1) // > NULL > > terminator > > + > > +#pragma pack(1) > > +/// > > +/// The definition of IPMI command to get bootstrap account > > +credentials /// typedef struct { > > + UINT8 GroupExtensionId; > > + UINT8 DisableBootstrapControl; > > +} IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA; > > + > > +/// > > +/// The response data of getting bootstrap credential /// typedef > > +struct { > > + UINT8 CompletionCode; > > + UINT8 GroupExtensionId; > > + CHAR8 Username[USERNAME_MAX_LENGTH]; > > + CHAR8 Password[PASSWORD_MAX_LENGTH]; > > +} IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE; > > + > > +#pragma pack() > > + > > +/** > > + Function to retrieve temporary use credentials for the UEFI > > +redfish client > [Chang, Abner] > We miss the functionality to disable bootstrap credential service in > the function description. > > > + > > + @param[in] DisableBootstrapControl > > + TRUE - Tell the BMC to disable the bootstrap credential > > + service to ensure no one else gains credentials > > + FALSE Allow the bootstrap > > + credential service to continue @param[out] BootstrapUsername > > + A pointer to a UTF-8 encoded > > + string for the credential username > > + > > + @param[out] BootstrapPassword > > + A pointer to a UTF-8 encoded > > + string for the credential password > > + > > + @retval EFI_SUCCESS Credentials were successfully fetched and > > returned > [Chang, Abner] > Or the bootstrap credential service is disabled successfully, right? > > > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > > +**/ > > +EFI_STATUS > > +GetBootstrapAccountCredentials ( > > + IN BOOLEAN DisableBootstrapControl, > > + IN OUT CHAR8 *BootstrapUsername, > > + IN OUT CHAR8 *BootstrapPassword > > + ); > > diff --git > > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.inf > > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.inf > > new file mode 100644 > > index 0000000000..a990d28363 > > --- /dev/null > > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatfor > > +++ mC > > +++ re > > +++ dentialLib.inf > > @@ -0,0 +1,37 @@ > > +## @file > > +# > > +# Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > > +# > > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ## > > + > > +[Defines] > > + INF_VERSION = 0x0001000b > > + BASE_NAME = RedfishPlatformCredentialLib > > + FILE_GUID = 9C45D622-4C66-417F-814C-F76246D97233 > > + MODULE_TYPE = DXE_DRIVER > > + VERSION_STRING = 1.0 > > + LIBRARY_CLASS = RedfishPlatformCredentialLib > > + > > +[Sources] > > + RedfishPlatformCredentialLib.c > > + > > +[Packages] > > + MdePkg/MdePkg.dec > > + MdeModulePkg/MdeModulePkg.dec > > + RedfishPkg/RedfishPkg.dec > > + IpmiFeaturePkg/IpmiFeaturePkg.dec > [Chang, Abner] > Could you please add a comment to the reference of IpmiFeaturePkg? We > have to give customers a notice that the dependence of "edk2- > platforms/Features/Intel/OutOfBandManagement/". They have to add the > path to PACKAGES_PATH. You also have to skip this dependence in the > RedfishPkg.yaml to avoid the CI error. > > Another thing is I propose to move out IpmiFeaturePkg from edk2- > platforms/Features/Intel/OutOfBandManagement to edk2- > platforms/Features/ManageabilityPkg that also provides the > implementation of PLDM/MCTP/IPMI/KCS. I had an initial talk with > IpmiFeaturePkg owner and get the positive response on this proposal. I > will kick off the discussion on the dev mailing list. That is to say > this module may need a little bit change later, however that is good > to me having this implementation now. > Thanks > Abner > > + > > +[LibraryClasses] > > + UefiLib > > + DebugLib > > + IpmiBaseLib > > + MemoryAllocationLib > > + BaseMemoryLib > > + > > +[Pcd] > > + gIpmiFeaturePkgTokenSpaceGuid.PcdIpmiFeatureEnable > > + > > +[Depex] > > + TRUE > > -- > > 2.17.1 > > > > > > -The information contained in this message may be confidential and > proprietary to American Megatrends (AMI). This communication is > intended to be read only by the individual or entity to whom it is > addressed or by their designee. If the reader of this message is not > the intended recipient, you are on notice that any distribution of > this message, in any form, is strictly prohibited. Please promptly > notify the sender by reply e-mail or by telephone at 770-246-8600, and > then delete or destroy all copies of the transmission. > > > > > > > > > > > -The information contained in this message may be confidential and > proprietary to American Megatrends (AMI). This communication is > intended to be read only by the individual or entity to whom it is > addressed or by their designee. If the reader of this message is not > the intended recipient, you are on notice that any distribution of > this message, in any form, is strictly prohibited. Please promptly > notify the sender by reply e-mail or by telephone at 770-246-8600, and > then delete or destroy all copies of the transmission. > > > > -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. [-- Attachment #2: Type: text/html, Size: 65936 bytes --] ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation 2022-10-30 18:56 ` Igor Kulchytskyy @ 2022-10-31 2:24 ` Chang, Abner 2022-10-31 13:20 ` Igor Kulchytskyy 0 siblings, 1 reply; 15+ messages in thread From: Chang, Abner @ 2022-10-31 2:24 UTC (permalink / raw) To: Igor Kulchytskyy, Nickle Wang, devel@edk2.groups.io; +Cc: Nick Ramirez [-- Attachment #1: Type: text/plain, Size: 45389 bytes --] [AMD Official Use Only - General] Hi Igor, My response in below, From: Igor Kulchytskyy <igork@ami.com> Sent: Monday, October 31, 2022 2:56 AM To: Chang, Abner <Abner.Chang@amd.com>; Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io Cc: Nick Ramirez <nramirez@nvidia.com> Subject: Re: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation Caution: This message originated from an External Source. Use proper caution when opening attachments, clicking links, or responding. Hi Abner, "redfish/v1" does not require any authentication. But "redfish/v1" json response contains the links to high level resources - systems, chassis etc. My point was to get the URI to systems from that json response, rather than have it hard coded. [Chang, Abner] Ah I see. I remember we do have the code on RedfishClinetPkg to determine the version under Redfish/. Then concatenate those to Redfish/{version}. Another way is: We do the authentication check only if the HTTP transfer to Redfish service gets 401. Means the upper layer driver (RedfishConfigHandler driver? I have to check) invokes RedfishCrendtialLib to create the Basic authorization or session Token when the HTTP action to Redfish service returns 401. If both auth methods supported, we should go with more secured one - session authentication. In this case we do not need to send username and password within each request. [Chang, Abner] Ok, this make sense to me. So we don't need to provide a BIOS setup option or PCD to the platform for selecting the auth method. We will determine it automatically. Then we can preserve this token secured for each request, but delete it at End of DXE. Abner Thank you, Igor Get Outlook for Android<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Faka.ms%2FAAb9ysg&data=05%7C01%7CAbner.Chang%40amd.com%7C7de19a7cbc3143598ba508dabaa86cf1%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C638027529821487127%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=02Pm9dM7H1uQiwNx%2BAMT%2F6Gtv8ncbiL%2FZH%2FcL0Tvqiw%3D&reserved=0> ________________________________ From: Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>> Sent: Sunday, October 30, 2022 11:33:26 AM To: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>>; Igor Kulchytskyy <igork@ami.com<mailto:igork@ami.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> Subject: RE: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation [AMD Official Use Only - General] Does "/redfish/v1" require authentication? I think this solution is ok if "/redfish/v1" requires the authentication. Another thing is how do we determine to use Basic authentication or the session token? Abner From: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>> Sent: Saturday, October 29, 2022 7:29 AM To: Igor Kulchytskyy <igork@ami.com<mailto:igork@ami.com>>; Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> Subject: Re: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation Caution: This message originated from an External Source. Use proper caution when opening attachments, clicking links, or responding. Hi Igor, Yes, we should get the URI to computer system collection by parsing "/redfish/v1". Hi Abner, What do you think about this? And if we like to select authentication method for Redfish communication in this way, we need to update RedfishCredentialLib.h because now the authentication method is not decided by this low-level library. Thanks, Nickle ________________________________ From: Igor Kulchytskyy <igork@ami.com<mailto:igork@ami.com>> Sent: Saturday, October 29, 2022 12:03 AM To: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>>; Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> Subject: RE: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation External email: Use caution opening links or attachments Hi Nickle, I think this is a good idea to send a request to the URI which requires the authentication and then analyze the header of response. The only thing I would like to discuss is a hardcoded URI - "/redfish/v1/Systems". Shouldn't we parse "redfish/v1" json response and get the URI from "Systems" attribute. That, I think, would be more universal method. And that is what Redfish specification said, that user should be able to iterate from Redfish service root "redfish/v1" to any redfish resource. Thank you, Igor -----Original Message----- From: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>> Sent: Friday, October 28, 2022 10:53 AM To: Igor Kulchytskyy <igork@ami.com<mailto:igork@ami.com>>; Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> Subject: RE: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation Hi Igor, Abner, Thanks for your comments. A quick summary as below: - BIOS is not supported to disable bootstrap credential service. For security purposes, BIOS should shutdown credential service with its internal control mechanism. - Credential libraries need a cache mechanism to prevent multiple queries to BMC. All applications in BIOS share the same credentials. - The storage of keeping credentials should be deleted before the end of the DXE event. So that the credential will not be retrieved by unauthorized user or application. (e.g. user can read variable under UEFI shell with dmpstore command) There is one thing remained and I like to have further discussion. For the authentication method, do we think that client user can decide what authentication method to use regardless of the requirement from server? I am thinking a detection mechanism as below: Issue HTTP GET to "/redfish/v1/Systems" (which normally require authentication) without authentication method. a) if client receive 200 OK, "No Auth" is used and we don't need to get credentials b) if client receive 401 Unauthorized, check the "WWW-Authenticate" field in returned HTTP header. "Basic realm" or "X-Auh-Token realm" or both two methods will be specified. Then client can know what method to use. Two methods all require credential. Above mechanism can be placed in RedfishCredentailDxe driver so driver will know if it needs to call credential lib or not. Thanks, Nickle -----Original Message----- From: Igor Kulchytskyy <igork@ami.com<mailto:igork@ami.com>> Sent: Friday, October 28, 2022 9:54 PM To: Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>> Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> Subject: RE: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation External email: Use caution opening links or attachments Hi Abner, Yes, you are right that NVRAM variables were deprecated by DMTF. But we can use our own boot time NVRAM variable to keep FW credentials. That variable will not be accessible from OS, but since we agreed not to disable bootstrap credentials service on exit boot event, then OS may get its own credentials. Or we can save the credentials in memory variable. But in this case if we have several instances of the library linked with different modules they will have to send their own IPMI command to get credentials. So, I think it is better to use our own NVRAM boot time variable. Thank you, Igor -----Original Message----- From: Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>> Sent: Friday, October 28, 2022 3:48 AM To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Igor Kulchytskyy <igork@ami.com<mailto:igork@ami.com>>; nicklew@nvidia.com<mailto:nicklew@nvidia.com> Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> Subject: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation **CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.** [AMD Official Use Only - General] > -----Original Message----- > From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Igor > Kulchytskyy via groups.io > Sent: Thursday, October 27, 2022 10:42 PM > To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; nicklew@nvidia.com<mailto:nicklew@nvidia.com>; Chang, Abner > <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>> > Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> > Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: > IPMI implementation > > Caution: This message originated from an External Source. Use proper > caution when opening attachments, clicking links, or responding. > > > Hi Nickle, > Pleased, see my comments on your questions below. > > Another point I missed in my previous mail. > You have that function in the library to get credentials and it is > used by RedfishCredentialsDxe driver to create the protocol which in > its turn will be used by other Redfish modules. > We do not know how many modules and how many times will call this > function during boot. Right? > And on each call of this function you call IPMI command. That command > will create new Redfish account on BMC side according to Redfish HI specification: > > " If the Get Bootstrap Account Credentials command has been issued and > responds with the completion code 00h, a bootstrap account shall be > added to the manager's account collection and enabled. If the Get > Bootstrap Account Credentials command is sent subsequent times and > responds with the completion code 00h, a new account shall be created > based on the newly generated credentials. Any existing bootstrap accounts shall remain active." > > As I know BMC may have some restrictions on the number of Redfish > accounts they can support. > And because of that BOS may hit this limit. Which is not good. > On the other hand I'm not sure we need to have different credentials > for different modules? All those modules are part of FW. And all of > them will be associated with the same RoleID (FW role) on BMC side. > So, all of them may use the same credentials. > Could we cash the credentials on first call of that Yes, this is something we have to avoid. Many accounts will be created while each of Redfish client module requests a credential. FW can save it in EFI variable and delete it at proper timing. Unfortunately the credential delivering via EFI variable section was deprecated, otherwise we can deliver the credential to OS through EFI variable with disabling the bootstrap credential at exit boot service. Abner > RedfishCredentialGetAuthInfo and then use those cashed credentials on > subsequential calls? > It will also may save a boot time, since there is no need to send IPMI > command. > > Thank you, > Igor > > -----Original Message----- > From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Nickle > Wang via groups.io > Sent: Thursday, October 27, 2022 9:26 AM > To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Igor Kulchytskyy <igork@ami.com<mailto:igork@ami.com>>; > abner.chang@amd.com<mailto:abner.chang@amd.com> > Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> > Subject: [EXTERNAL] Re: [edk2-devel] [PATCH] > RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation > > > **CAUTION: The e-mail below is from an external source. Please > exercise caution before opening attachments, clicking links, or > following guidance.** > > Hi Igor, > > Thank you for your help to review my changes. > > > And it will be blocked by our IPMI call. > > I see your point. So, BIOS should never be the person to shutdown > credential service because BIOS always get executed prior to OS, right? > > Igor: Yes, my point is that we should not shutdown credential service > from BIOS. Even if OS sends that IPMI command, new account will be > created and BIOS credentials will not be compromised. > > > Should it be configured with some PCD? Maybe user may select in > > Setup > what method should be used? Or it could be build time configuration? > > I have below assumption while I implemented the library. I admit this > is not always true. > > No Auth: I think this is rare case for Redfish service which gives > anonymous privilege to change BIOS settings. > Basic Auth: this is the authentication method which uses username and > password to build base64 encoded string. > Session Auth: I assume that client must have a session token first and > then use this authentication method. Can we use username and password > to generate session token on our own? If my memory serves me > correctly, client has to do a login with username and password first > and then client can receive session token from server. > > Igor: BIOS will use the credentials to create session. It should send > POST request to the session URI with user name and password to create session. > If a session created successfully then on response BMC returns header > "X- Auth-Token" which then used for the subsequential calls. > > If we really like to know what authentication method that Redfish > service used, we can issue a HTTP query to "/redfish/v1/Systems" with "No Auth". > Then we can know what authentication method is required by reading the > "WWW-Authenticate " filed in returned HTTP header. > > Igor: As my understanding, even if you include authentication header > (Base64 encoded) in the request to BMC and BMC has NoAuth > configuration, then that authentication header would be just ignored by BMC. > > Thanks, > Nickle > > -----Original Message----- > From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Igor > Kulchytskyy via groups.io > Sent: Wednesday, October 26, 2022 11:26 PM > To: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; > abner.chang@amd.com<mailto:abner.chang@amd.com> > Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> > Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: > IPMI implementation > > External email: Use caution opening links or attachments > > > Hi Nickle, > I would like to discuss that DisableBootstrapControl flag and how it > is used in our implementation. > According to Redfish HI specification we can use this flag to disable > credential bootstrapping control. > It can be disabled permanently or till next reboot of the host or > service. That depend on the EnableAfterReset setting on BMC side: > CredentialBootstrapping (v1.3+) > { object The credential bootstrapping settings for this interface. > EnableAfterReset (v1.3+) Boolean read-write (null) An > indication of whether credential bootstrapping is enabled after a reset for this interface. > Enabled (v1.3+) Boolean read-write (null) An indication of > whether credential bootstrapping is enabled for this interface. > RoleId (v1.3+) string read-write The role used for the > bootstrap account created for this interface. > } > So, if EnableAfterReset set to false, that means BMC will response > with 0x80 error and will not return any credentials after reboot. And > BIOS BMC communication will fail. > Another concern with disabling credential bootstrapping control is > that we do it on Exit Boot event before passing a control to OS. > But OS may also need to communicate to BMC through Redfish Host > Interface to post some information. And it will be blocked by our IPMI call. > We create that SMBIOS Type 42 table with Redfish Host Interface > settings which can be used by OS to communicate with BMC. But without > the credentials it will not be possible. > > Another question is AuthMethod parameter you initialize in this library: > *AuthMethod = AuthMethodHttpBasic; > According to Redfish HI specification 3 methods may be used - No Auth, > Basic Auth and Session Auth. > Basic Auth and Session Auth methods are required the credentials to be > used by BIOS. And both of them should be supported by BMC. > And your high level function RedfishCreateLibredfishService also > supports of creation Basic or Session Auth service. > I'm not sure why low level library which is created to get credentials > from BMC should decide what Authentication method should be used? > Should it be configured with some PCD? Maybe user may select in Setup > what method should be used? Or it could be build time configuration? > > Thank you, > Igor > > -----Original Message----- > From: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>> > Sent: Tuesday, October 25, 2022 4:24 AM > To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; abner.chang@amd.com<mailto:abner.chang@amd.com> > Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>>; Igor Kulchytskyy > <igork@ami.com<mailto:igork@ami.com>> > Subject: [EXTERNAL] RE: [edk2-devel] [PATCH] > RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation > > > **CAUTION: The e-mail below is from an external source. Please > exercise caution before opening attachments, clicking links, or > following guidance.** > > Thanks for your review comments, Abner! I will update new version > patch later. The CI build error will be handled together. > > > please add Igor as reviewer too > Sure! > > > > + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); > > + if > [Chang, Abner] > Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both > BootUsername and BootstrapPassword? Because the maximum number of > characters defined in the spec is USERNAME_MAX_LENGTH for the > user/password. > > Yes, the additional one byte is for NULL terminator. > USERNAME_MAX_LENGTH is defined as 16 and follow host interface > specification. > > Regards, > Nickle > > -----Original Message----- > From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Chang, > Abner via groups.io > Sent: Saturday, October 22, 2022 3:01 PM > To: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> > Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>>; Igor Kulchytskyy > <igork@ami.com<mailto:igork@ami.com>> > Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: > IPMI implementation > > External email: Use caution opening links or attachments > > > [AMD Official Use Only - General] > > Hi Nickle, please add Igor as reviewer too. My comments is in below, > > > -----Original Message----- > > From: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>> > > Sent: Thursday, October 20, 2022 10:55 AM > > To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> > > Cc: Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>>; Nick Ramirez > > <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> > > Subject: [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI > > implementation > > > > Caution: This message originated from an External Source. Use proper > > caution when opening attachments, clicking links, or responding. > > > > > > This library follows Redfish Host Interface specification and use > > IPMI command to get bootstrap account credential(NetFn 2Ch, Command > > 02h) > from BMC. > > RedfishHostInterfaceDxe will use this credential for the following > > communication between BIOS and BMC. > > > > Cc: Abner Chang <abner.chang@amd.com<mailto:abner.chang@amd.com>> > > Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> > > Signed-off-by: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>> > > --- > > .../RedfishPlatformCredentialLib.c | 273 ++++++++++++++++++ > > .../RedfishPlatformCredentialLib.h | 75 +++++ > > .../RedfishPlatformCredentialLib.inf | 37 +++ > [Chang, Abner] > Could we name this library RedfishPlatformCredentialIpmi so the naming > style is consistent with RedfishPlatformCredentialNull? > > > 3 files changed, 385 insertions(+) > > create mode 100644 > > > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredent > ial > Lib. > > c > > create mode 100644 > > > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredent > ial > Lib. > > h > > create mode 100644 > > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > > nt > > ialLib.i > > nf > > > > diff --git > > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.c > > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.c > > new file mode 100644 > > index 0000000000..23a15ab1fa > > --- /dev/null > > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatfor > > +++ mC > > +++ re > > +++ dentialLib.c > > @@ -0,0 +1,273 @@ > > +/** @file > > +* > > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > > +* > > +* SPDX-License-Identifier: BSD-2-Clause-Patent > [Chang, Abner] > We can have "@par Revision Reference:" in the file header to point > out the spec. > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fnam1&data=05%7C01%7Cnicklew%40nvidia.com%7C3f7c98d402b8471f95d408dab8fdeb00%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638025697967855556%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=90NlFqDGaEtk5kMibeuQ3%2FzQNn3ANJn1LcF6RNqsJJ0%3D&reserved=0<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fnam1&data=05%7C01%7CAbner.Chang%40amd.com%7C7de19a7cbc3143598ba508dabaa86cf1%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C638027529821487127%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=3uYwsOctApfUtrK22CzDxCYxEzJZeimYoiX3tipJooY%3D&reserved=0> > 1.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fnam1 > &data=05%7C01%7Cigork%40ami.com%7C224e78526d7d45a7b31108dab8f42ac1 > %7C27e97857e15f486cb58e86c2b3040f93%7C1%7C0%7C638025656093102767%7CUnk > nown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWw > iLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=YN52FOx%2F%2F1YYG8Nl86vu7zlz > M%2BpLMk3Ym0RNPLxLKqw%3D&reserved=0 > 2.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fnam1 > &data=05%7C01%7Cnicklew%40nvidia.com%7C90696ea8811e49e371a708dab8e > be2d8%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638025620543993279% > 7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik > 1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CyvRgMZREOk5Yf0hU3CmH%2 > B08ktxMYw%2Bixr4UVywfrAQ%3D&reserved=0 > 1.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fww&a > mp;data=05%7C01%7Cigork%40ami.com%7C2b5b562c02c04c90d51208dab8b8c0fd%7 > C27e97857e15f486cb58e86c2b3040f93%7C1%7C0%7C638025400915295621%7CUnkno > wn%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiL > CJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Uy%2B3HS336N3rgNSESPcyOPGX3eOR > 48hekdz08nLtJU4%3D&reserved=0 > w.dmtf.org%2Fsites%2Fdefault%2Ffiles%2Fstandards%2Fdocuments%2FDSP > 0270_1.3.0.pdf&data=05%7C01%7Cabner.chang%40amd.com%7C074aa > e162fba49409af408dab8297c03%7C3dd8961fe4884e608e11a82d994e183d%7C > 0%7C0%7C638024786060127888%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiM > C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000 > %7C%7C%7C&sdata=yY6hhKjQfVqmNuufbeDNk%2B2FKrebHyIAyS9Ya4 > szE3Y%3D&reserved=0 > > > +* > > +**/ > > + > > +#include "RedfishPlatformCredentialLib.h" > > + > > +// > > +// Global flag of controlling credential service // BOOLEAN > > +mRedfishServiceStopped = FALSE; > > + > > +/** > > + Notify the Redfish service provide to stop provide configuration > > +service to this > > platform. > > + > > + This function should be called when the platfrom is about to > > + leave the safe > > environment. > > + It will notify the Redfish service provider to abort all logined > > + session, and prohibit further login with original auth info. > > + GetAuthInfo() will return EFI_UNSUPPORTED once this function is > returned. > > + > > + @param[in] This Pointer to > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > > + @param[in] ServiceStopType Reason of stopping Redfish service. > > + > > + @retval EFI_SUCCESS Service has been stoped successfully. > > + @retval EFI_INVALID_PARAMETER This is NULL. > > + @retval Others Some error happened. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +LibStopRedfishService ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE > ServiceStopType > > + ) > > +{ > > + EFI_STATUS Status; > > + > > + if ((ServiceStopType <= ServiceStopTypeNone) || (ServiceStopType > > + >= > > ServiceStopTypeMax)) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + // > > + // Raise flag first > > + // > > + mRedfishServiceStopped = TRUE; > > + > > + // > > + // Notify BMC to disable credential bootstrapping support. > > + // > > + Status = GetBootstrapAccountCredentials (TRUE, NULL, NULL); if > > + (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: fail to disable bootstrap credential: > > + %r\n", > > __FUNCTION__, Status)); > > + return Status; > > + } > > + > > + return EFI_SUCCESS; > > +} > > + > > +/** > > + Notification of Exit Boot Service. > > + > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > > +**/ > > +VOID > > +EFIAPI > > +LibCredentialExitBootServicesNotify ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > > + ) > > +{ > > + // > > + // Stop the credential support when system is about to enter OS. > > + // > > + LibStopRedfishService (This, ServiceStopTypeExitBootService); } > > + > > +/** > > + Notification of End of DXe. > > + > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > > +**/ > > +VOID > > +EFIAPI > > +LibCredentialEndOfDxeNotify ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > > + ) > > +{ > > + // > > + // Do nothing now. > > + // We can stop credential support when system reach end-of-dxe > > +for security > > reason. > > + // > > +} > > + > > +/** > > + Function to retrieve temporary use credentials for the UEFI > > +redfish client > [Chang, Abner] > We miss the functionality to disable bootstrap credential service in > the function description. > > > + > > + @param[in] DisableBootstrapControl > > + TRUE - Tell the BMC to disable the bootstrap credential > > + service to ensure no one else gains credentials > > + FALSE Allow the bootstrap > > + credential service to continue @param[out] BootstrapUsername > > + A pointer to a UTF-8 encoded > > + string for the credential > > username > > + When DisableBootstrapControl > > + is TRUE, this pointer can be NULL > > + > > + @param[out] BootstrapPassword > > + A pointer to a UTF-8 encoded > > + string for the credential > > password > > + When DisableBootstrapControl > > + is TRUE, this pointer can be NULL > > + > > + @retval EFI_SUCCESS Credentials were successfully fetched and > > returned > > + @retval EFI_INVALID_PARAMETER BootstrapUsername or > > BootstrapPassword is NULL when DisableBootstrapControl > > + is set to FALSE > > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > [Chang, Abner] > The return status should also include the status of disabling > bootstrap credential. > > > > +**/ > > +EFI_STATUS > > +GetBootstrapAccountCredentials ( > > + IN BOOLEAN DisableBootstrapControl, > > + IN OUT CHAR8 *BootstrapUsername, OPTIONAL > > + IN OUT CHAR8 *BootstrapPassword OPTIONAL > > + ) > > +{ > > + EFI_STATUS Status; > > + IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA CommandData; > > + IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE ResponseData; > > + UINT32 ResponseSize; > > + > > + if (!PcdGetBool (PcdIpmiFeatureEnable)) { > > + DEBUG ((DEBUG_ERROR, "%a: IPMI is not enabled! Unable to fetch > > + Redfish > > credentials\n", __FUNCTION__)); > > + return EFI_UNSUPPORTED; > > + } > > + > > + // > > + // NULL buffer check > > + // > > + if (!DisableBootstrapControl && ((BootstrapUsername == NULL) || > > (BootstrapPassword == NULL))) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + DEBUG ((DEBUG_VERBOSE, "%a: Disable bootstrap control: 0x%x\n", > > + __FUNCTION__, DisableBootstrapControl)); > > + > > + // > > + // IPMI callout to NetFn 2C, command 02 > > + // Request data: > > + // Byte 1: REDFISH_IPMI_GROUP_EXTENSION > > + // Byte 2: DisableBootstrapControl > > + // > > + CommandData.GroupExtensionId = > REDFISH_IPMI_GROUP_EXTENSION; > > + CommandData.DisableBootstrapControl = (DisableBootstrapControl ? > > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE : > > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE); > > + > > + ResponseSize = sizeof (ResponseData); > > + > > + // > > + // Response data: > > + // Byte 1 : Completion code > > + // Byte 2 : REDFISH_IPMI_GROUP_EXTENSION > > + // Byte 3-18 : Username > > + // Byte 19-34: Password > > + // > > + Status = IpmiSubmitCommand ( > > + IPMI_NETFN_GROUP_EXT, > > + REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD, > > + (UINT8 *)&CommandData, > > + sizeof (CommandData), > > + (UINT8 *)&ResponseData, > > + &ResponseSize > > + ); > > + > > + if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: IPMI transaction failure. > > + Returning\n", > > __FUNCTION__)); > > + ASSERT_EFI_ERROR (Status); > > + return Status; > > + } else { > > + if (ResponseData.CompletionCode != IPMI_COMP_CODE_NORMAL) { > > + if (ResponseData.CompletionCode == > > REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED) { > > + DEBUG ((DEBUG_ERROR, "%a: bootstrap credential support was > > disabled\n", __FUNCTION__)); > > + return EFI_ACCESS_DENIED; > > + } > > + > > + DEBUG ((DEBUG_ERROR, "%a: Completion code = 0x%x. > > + Returning\n", > > __FUNCTION__, ResponseData.CompletionCode)); > > + return EFI_PROTOCOL_ERROR; > > + } else if (ResponseData.GroupExtensionId != > > REDFISH_IPMI_GROUP_EXTENSION) { > > + DEBUG ((DEBUG_ERROR, "%a: Group Extension Response = 0x%x. > > Returning\n", __FUNCTION__, ResponseData.GroupExtensionId)); > > + return EFI_DEVICE_ERROR; > > + } else { > > + if (BootstrapUsername != NULL) { > > + CopyMem (BootstrapUsername, ResponseData.Username, > > USERNAME_MAX_LENGTH); > > + // > > + // Manually append null-terminator in case 16 characters > > + username > > returned. > > + // > > + BootstrapUsername[USERNAME_MAX_LENGTH] = '\0'; > > + } > > + > > + if (BootstrapPassword != NULL) { > > + CopyMem (BootstrapPassword, ResponseData.Password, > > PASSWORD_MAX_LENGTH); > > + // > > + // Manually append null-terminator in case 16 characters > > + password > > returned. > > + // > > + BootstrapPassword[PASSWORD_MAX_LENGTH] = '\0'; > > + } > > + } > > + } > > + > > + return Status; > > +} > > + > > +/** > > + Retrieve platform's Redfish authentication information. > > + > > + This functions returns the Redfish authentication method together > > + with the user Id and password. > > + - For AuthMethodNone, the UserId and Password could be used for > > + HTTP > > header authentication > > + as defined by RFC7235. > > + - For AuthMethodRedfishSession, the UserId and Password could be > > + used for > > Redfish > > + session login as defined by Redfish API specification (DSP0266). > > + > > + Callers are responsible for and freeing the returned string storage. > > + > > + @param[in] This Pointer to > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > > + @param[out] AuthMethod Type of Redfish authentication method. > > + @param[out] UserId The pointer to store the returned UserId > string. > > + @param[out] Password The pointer to store the returned > Password > > string. > > + > > + @retval EFI_SUCCESS Get the authentication information > successfully. > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe. > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or > > Password is NULL. > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory > resources. > > + @retval EFI_UNSUPPORTED Unsupported authentication method is > > found. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +LibCredentialGetAuthInfo ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod, > > + OUT CHAR8 **UserId, > > + OUT CHAR8 **Password > > + ) > > +{ > > + EFI_STATUS Status; > > + > > + if ((AuthMethod == NULL) || (UserId == NULL) || (Password == NULL)) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + *UserId = NULL; > > + *Password = NULL; > > + > > + if (mRedfishServiceStopped) { > > + DEBUG ((DEBUG_ERROR, "%a: credential service is stopped due to > > + security > > reason\n", __FUNCTION__)); > > + return EFI_ACCESS_DENIED; > > + } > > + > > + *AuthMethod = AuthMethodHttpBasic; > > + > > + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); > > + if > [Chang, Abner] > Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both > BootUsername and BootstrapPassword? Because the maximum number of > characters defined in the spec is USERNAME_MAX_LENGTH for the > user/password. > > > > + (*UserId == NULL) { > > + return EFI_OUT_OF_RESOURCES; > > + } > > + > > + *Password = AllocateZeroPool (sizeof (CHAR8) * > > + PASSWORD_MAX_SIZE); if (*Password == NULL) { > > + return EFI_OUT_OF_RESOURCES; > > + } > > + > > + Status = GetBootstrapAccountCredentials (FALSE, *UserId, > > + *Password); if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: fail to get bootstrap credential: > > + %r\n", > > __FUNCTION__, Status)); > > + return Status; > > + } > > + > > + return EFI_SUCCESS; > > +} > > diff --git > > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.h > > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.h > > new file mode 100644 > > index 0000000000..5b448e01be > > --- /dev/null > > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatfor > > +++ mC > > +++ re > > +++ dentialLib.h > > @@ -0,0 +1,75 @@ > > +/** @file > > +* > > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > > +* > > +* SPDX-License-Identifier: BSD-2-Clause-Patent > > +* > > +**/ > > +#include <Uefi.h> > > +#include <IndustryStandard/Ipmi.h> > > +#include <Protocol/EdkIIRedfishCredential.h> > > +#include <Library/BaseLib.h> > > +#include <Library/BaseMemoryLib.h> > > +#include <Library/DebugLib.h> > > +#include <Library/IpmiBaseLib.h> > > +#include <Library/MemoryAllocationLib.h> #include > > +<Library/RedfishCredentialLib.h> > > + > > +#define REDFISH_IPMI_GROUP_EXTENSION 0x52 > > +#define REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD 0x02 > > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE 0xA5 > > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE 0x00 > > +#define > REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED > > 0x80 > > + > > +// > > +// Per Redfish Host Interface Specification 1.3, The maximum lenght > > +of // username and password is 16 characters long. > > +// > > +#define USERNAME_MAX_LENGTH 16 > > +#define PASSWORD_MAX_LENGTH 16 > > +#define USERNAME_MAX_SIZE (USERNAME_MAX_LENGTH + 1) // > NULL > > terminator > > +#define PASSWORD_MAX_SIZE (PASSWORD_MAX_LENGTH + 1) // > NULL > > terminator > > + > > +#pragma pack(1) > > +/// > > +/// The definition of IPMI command to get bootstrap account > > +credentials /// typedef struct { > > + UINT8 GroupExtensionId; > > + UINT8 DisableBootstrapControl; > > +} IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA; > > + > > +/// > > +/// The response data of getting bootstrap credential /// typedef > > +struct { > > + UINT8 CompletionCode; > > + UINT8 GroupExtensionId; > > + CHAR8 Username[USERNAME_MAX_LENGTH]; > > + CHAR8 Password[PASSWORD_MAX_LENGTH]; > > +} IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE; > > + > > +#pragma pack() > > + > > +/** > > + Function to retrieve temporary use credentials for the UEFI > > +redfish client > [Chang, Abner] > We miss the functionality to disable bootstrap credential service in > the function description. > > > + > > + @param[in] DisableBootstrapControl > > + TRUE - Tell the BMC to disable the bootstrap credential > > + service to ensure no one else gains credentials > > + FALSE Allow the bootstrap > > + credential service to continue @param[out] BootstrapUsername > > + A pointer to a UTF-8 encoded > > + string for the credential username > > + > > + @param[out] BootstrapPassword > > + A pointer to a UTF-8 encoded > > + string for the credential password > > + > > + @retval EFI_SUCCESS Credentials were successfully fetched and > > returned > [Chang, Abner] > Or the bootstrap credential service is disabled successfully, right? > > > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > > +**/ > > +EFI_STATUS > > +GetBootstrapAccountCredentials ( > > + IN BOOLEAN DisableBootstrapControl, > > + IN OUT CHAR8 *BootstrapUsername, > > + IN OUT CHAR8 *BootstrapPassword > > + ); > > diff --git > > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.inf > > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.inf > > new file mode 100644 > > index 0000000000..a990d28363 > > --- /dev/null > > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatfor > > +++ mC > > +++ re > > +++ dentialLib.inf > > @@ -0,0 +1,37 @@ > > +## @file > > +# > > +# Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > > +# > > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ## > > + > > +[Defines] > > + INF_VERSION = 0x0001000b > > + BASE_NAME = RedfishPlatformCredentialLib > > + FILE_GUID = 9C45D622-4C66-417F-814C-F76246D97233 > > + MODULE_TYPE = DXE_DRIVER > > + VERSION_STRING = 1.0 > > + LIBRARY_CLASS = RedfishPlatformCredentialLib > > + > > +[Sources] > > + RedfishPlatformCredentialLib.c > > + > > +[Packages] > > + MdePkg/MdePkg.dec > > + MdeModulePkg/MdeModulePkg.dec > > + RedfishPkg/RedfishPkg.dec > > + IpmiFeaturePkg/IpmiFeaturePkg.dec > [Chang, Abner] > Could you please add a comment to the reference of IpmiFeaturePkg? We > have to give customers a notice that the dependence of "edk2- > platforms/Features/Intel/OutOfBandManagement/". They have to add the > path to PACKAGES_PATH. You also have to skip this dependence in the > RedfishPkg.yaml to avoid the CI error. > > Another thing is I propose to move out IpmiFeaturePkg from edk2- > platforms/Features/Intel/OutOfBandManagement to edk2- > platforms/Features/ManageabilityPkg that also provides the > implementation of PLDM/MCTP/IPMI/KCS. I had an initial talk with > IpmiFeaturePkg owner and get the positive response on this proposal. I > will kick off the discussion on the dev mailing list. That is to say > this module may need a little bit change later, however that is good > to me having this implementation now. > Thanks > Abner > > + > > +[LibraryClasses] > > + UefiLib > > + DebugLib > > + IpmiBaseLib > > + MemoryAllocationLib > > + BaseMemoryLib > > + > > +[Pcd] > > + gIpmiFeaturePkgTokenSpaceGuid.PcdIpmiFeatureEnable > > + > > +[Depex] > > + TRUE > > -- > > 2.17.1 > > > > > > -The information contained in this message may be confidential and > proprietary to American Megatrends (AMI). This communication is > intended to be read only by the individual or entity to whom it is > addressed or by their designee. If the reader of this message is not > the intended recipient, you are on notice that any distribution of > this message, in any form, is strictly prohibited. Please promptly > notify the sender by reply e-mail or by telephone at 770-246-8600, and > then delete or destroy all copies of the transmission. > > > > > > > > > > > -The information contained in this message may be confidential and > proprietary to American Megatrends (AMI). This communication is > intended to be read only by the individual or entity to whom it is > addressed or by their designee. If the reader of this message is not > the intended recipient, you are on notice that any distribution of > this message, in any form, is strictly prohibited. Please promptly > notify the sender by reply e-mail or by telephone at 770-246-8600, and > then delete or destroy all copies of the transmission. > > > > -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. [-- Attachment #2: Type: text/html, Size: 72540 bytes --] ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation 2022-10-31 2:24 ` Chang, Abner @ 2022-10-31 13:20 ` Igor Kulchytskyy 0 siblings, 0 replies; 15+ messages in thread From: Igor Kulchytskyy @ 2022-10-31 13:20 UTC (permalink / raw) To: Chang, Abner, Nickle Wang, devel@edk2.groups.io; +Cc: Nick Ramirez [-- Attachment #1: Type: text/plain, Size: 46647 bytes --] Hi Abner, See my comments below. From: Chang, Abner <Abner.Chang@amd.com> Sent: Sunday, October 30, 2022 10:24 PM To: Igor Kulchytskyy <igork@ami.com>; Nickle Wang <nicklew@nvidia.com>; devel@edk2.groups.io Cc: Nick Ramirez <nramirez@nvidia.com> Subject: RE: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation [AMD Official Use Only - General] Hi Igor, My response in below, From: Igor Kulchytskyy <igork@ami.com<mailto:igork@ami.com>> Sent: Monday, October 31, 2022 2:56 AM To: Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>>; Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> Subject: Re: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation Caution: This message originated from an External Source. Use proper caution when opening attachments, clicking links, or responding. Hi Abner, "redfish/v1" does not require any authentication. But "redfish/v1" json response contains the links to high level resources - systems, chassis etc. My point was to get the URI to systems from that json response, rather than have it hard coded. [Chang, Abner] Ah I see. I remember we do have the code on RedfishClinetPkg to determine the version under Redfish/. Then concatenate those to Redfish/{version}. Another way is: We do the authentication check only if the HTTP transfer to Redfish service gets 401. Means the upper layer driver (RedfishConfigHandler driver? I have to check) invokes RedfishCrendtialLib to create the Basic authorization or session Token when the HTTP action to Redfish service returns 401. [Igor]Yes, I also thought to move those Redfish requests to upper layer driver and not to send them from the Credentials library. Library should be used only for IPMI communication. If both auth methods supported, we should go with more secured one - session authentication. In this case we do not need to send username and password within each request. [Chang, Abner] Ok, this make sense to me. So we don't need to provide a BIOS setup option or PCD to the platform for selecting the auth method. We will determine it automatically. Then we can preserve this token secured for each request, but delete it at End of DXE. [Igor] Yes, that would be correct use of it. Abner Thank you, Igor Get Outlook for Android<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Faka.ms%2FAAb9ysg&data=05%7C01%7Cigork%40ami.com%7C3da0355ef010412498bd08dabae7090c%7C27e97857e15f486cb58e86c2b3040f93%7C1%7C0%7C638027798732192285%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2B39qysnl3eODmpM3p84mhA6MXk6Q7JYLPvTz%2BO3%2Fm1w%3D&reserved=0> ________________________________ From: Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>> Sent: Sunday, October 30, 2022 11:33:26 AM To: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>>; Igor Kulchytskyy <igork@ami.com<mailto:igork@ami.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> Subject: RE: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation [AMD Official Use Only - General] Does "/redfish/v1" require authentication? I think this solution is ok if "/redfish/v1" requires the authentication. Another thing is how do we determine to use Basic authentication or the session token? Abner From: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>> Sent: Saturday, October 29, 2022 7:29 AM To: Igor Kulchytskyy <igork@ami.com<mailto:igork@ami.com>>; Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> Subject: Re: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation Caution: This message originated from an External Source. Use proper caution when opening attachments, clicking links, or responding. Hi Igor, Yes, we should get the URI to computer system collection by parsing "/redfish/v1". Hi Abner, What do you think about this? And if we like to select authentication method for Redfish communication in this way, we need to update RedfishCredentialLib.h because now the authentication method is not decided by this low-level library. Thanks, Nickle ________________________________ From: Igor Kulchytskyy <igork@ami.com<mailto:igork@ami.com>> Sent: Saturday, October 29, 2022 12:03 AM To: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>>; Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> Subject: RE: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation External email: Use caution opening links or attachments Hi Nickle, I think this is a good idea to send a request to the URI which requires the authentication and then analyze the header of response. The only thing I would like to discuss is a hardcoded URI - "/redfish/v1/Systems". Shouldn't we parse "redfish/v1" json response and get the URI from "Systems" attribute. That, I think, would be more universal method. And that is what Redfish specification said, that user should be able to iterate from Redfish service root "redfish/v1" to any redfish resource. Thank you, Igor -----Original Message----- From: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>> Sent: Friday, October 28, 2022 10:53 AM To: Igor Kulchytskyy <igork@ami.com<mailto:igork@ami.com>>; Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> Subject: RE: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation Hi Igor, Abner, Thanks for your comments. A quick summary as below: - BIOS is not supported to disable bootstrap credential service. For security purposes, BIOS should shutdown credential service with its internal control mechanism. - Credential libraries need a cache mechanism to prevent multiple queries to BMC. All applications in BIOS share the same credentials. - The storage of keeping credentials should be deleted before the end of the DXE event. So that the credential will not be retrieved by unauthorized user or application. (e.g. user can read variable under UEFI shell with dmpstore command) There is one thing remained and I like to have further discussion. For the authentication method, do we think that client user can decide what authentication method to use regardless of the requirement from server? I am thinking a detection mechanism as below: Issue HTTP GET to "/redfish/v1/Systems" (which normally require authentication) without authentication method. a) if client receive 200 OK, "No Auth" is used and we don't need to get credentials b) if client receive 401 Unauthorized, check the "WWW-Authenticate" field in returned HTTP header. "Basic realm" or "X-Auh-Token realm" or both two methods will be specified. Then client can know what method to use. Two methods all require credential. Above mechanism can be placed in RedfishCredentailDxe driver so driver will know if it needs to call credential lib or not. Thanks, Nickle -----Original Message----- From: Igor Kulchytskyy <igork@ami.com<mailto:igork@ami.com>> Sent: Friday, October 28, 2022 9:54 PM To: Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>> Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> Subject: RE: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation External email: Use caution opening links or attachments Hi Abner, Yes, you are right that NVRAM variables were deprecated by DMTF. But we can use our own boot time NVRAM variable to keep FW credentials. That variable will not be accessible from OS, but since we agreed not to disable bootstrap credentials service on exit boot event, then OS may get its own credentials. Or we can save the credentials in memory variable. But in this case if we have several instances of the library linked with different modules they will have to send their own IPMI command to get credentials. So, I think it is better to use our own NVRAM boot time variable. Thank you, Igor -----Original Message----- From: Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>> Sent: Friday, October 28, 2022 3:48 AM To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Igor Kulchytskyy <igork@ami.com<mailto:igork@ami.com>>; nicklew@nvidia.com<mailto:nicklew@nvidia.com> Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> Subject: [EXTERNAL] RE: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation **CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.** [AMD Official Use Only - General] > -----Original Message----- > From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Igor > Kulchytskyy via groups.io > Sent: Thursday, October 27, 2022 10:42 PM > To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; nicklew@nvidia.com<mailto:nicklew@nvidia.com>; Chang, Abner > <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>> > Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> > Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: > IPMI implementation > > Caution: This message originated from an External Source. Use proper > caution when opening attachments, clicking links, or responding. > > > Hi Nickle, > Pleased, see my comments on your questions below. > > Another point I missed in my previous mail. > You have that function in the library to get credentials and it is > used by RedfishCredentialsDxe driver to create the protocol which in > its turn will be used by other Redfish modules. > We do not know how many modules and how many times will call this > function during boot. Right? > And on each call of this function you call IPMI command. That command > will create new Redfish account on BMC side according to Redfish HI specification: > > " If the Get Bootstrap Account Credentials command has been issued and > responds with the completion code 00h, a bootstrap account shall be > added to the manager's account collection and enabled. If the Get > Bootstrap Account Credentials command is sent subsequent times and > responds with the completion code 00h, a new account shall be created > based on the newly generated credentials. Any existing bootstrap accounts shall remain active." > > As I know BMC may have some restrictions on the number of Redfish > accounts they can support. > And because of that BOS may hit this limit. Which is not good. > On the other hand I'm not sure we need to have different credentials > for different modules? All those modules are part of FW. And all of > them will be associated with the same RoleID (FW role) on BMC side. > So, all of them may use the same credentials. > Could we cash the credentials on first call of that Yes, this is something we have to avoid. Many accounts will be created while each of Redfish client module requests a credential. FW can save it in EFI variable and delete it at proper timing. Unfortunately the credential delivering via EFI variable section was deprecated, otherwise we can deliver the credential to OS through EFI variable with disabling the bootstrap credential at exit boot service. Abner > RedfishCredentialGetAuthInfo and then use those cashed credentials on > subsequential calls? > It will also may save a boot time, since there is no need to send IPMI > command. > > Thank you, > Igor > > -----Original Message----- > From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Nickle > Wang via groups.io > Sent: Thursday, October 27, 2022 9:26 AM > To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Igor Kulchytskyy <igork@ami.com<mailto:igork@ami.com>>; > abner.chang@amd.com<mailto:abner.chang@amd.com> > Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> > Subject: [EXTERNAL] Re: [edk2-devel] [PATCH] > RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation > > > **CAUTION: The e-mail below is from an external source. Please > exercise caution before opening attachments, clicking links, or > following guidance.** > > Hi Igor, > > Thank you for your help to review my changes. > > > And it will be blocked by our IPMI call. > > I see your point. So, BIOS should never be the person to shutdown > credential service because BIOS always get executed prior to OS, right? > > Igor: Yes, my point is that we should not shutdown credential service > from BIOS. Even if OS sends that IPMI command, new account will be > created and BIOS credentials will not be compromised. > > > Should it be configured with some PCD? Maybe user may select in > > Setup > what method should be used? Or it could be build time configuration? > > I have below assumption while I implemented the library. I admit this > is not always true. > > No Auth: I think this is rare case for Redfish service which gives > anonymous privilege to change BIOS settings. > Basic Auth: this is the authentication method which uses username and > password to build base64 encoded string. > Session Auth: I assume that client must have a session token first and > then use this authentication method. Can we use username and password > to generate session token on our own? If my memory serves me > correctly, client has to do a login with username and password first > and then client can receive session token from server. > > Igor: BIOS will use the credentials to create session. It should send > POST request to the session URI with user name and password to create session. > If a session created successfully then on response BMC returns header > "X- Auth-Token" which then used for the subsequential calls. > > If we really like to know what authentication method that Redfish > service used, we can issue a HTTP query to "/redfish/v1/Systems" with "No Auth". > Then we can know what authentication method is required by reading the > "WWW-Authenticate " filed in returned HTTP header. > > Igor: As my understanding, even if you include authentication header > (Base64 encoded) in the request to BMC and BMC has NoAuth > configuration, then that authentication header would be just ignored by BMC. > > Thanks, > Nickle > > -----Original Message----- > From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Igor > Kulchytskyy via groups.io > Sent: Wednesday, October 26, 2022 11:26 PM > To: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; > abner.chang@amd.com<mailto:abner.chang@amd.com> > Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> > Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: > IPMI implementation > > External email: Use caution opening links or attachments > > > Hi Nickle, > I would like to discuss that DisableBootstrapControl flag and how it > is used in our implementation. > According to Redfish HI specification we can use this flag to disable > credential bootstrapping control. > It can be disabled permanently or till next reboot of the host or > service. That depend on the EnableAfterReset setting on BMC side: > CredentialBootstrapping (v1.3+) > { object The credential bootstrapping settings for this interface. > EnableAfterReset (v1.3+) Boolean read-write (null) An > indication of whether credential bootstrapping is enabled after a reset for this interface. > Enabled (v1.3+) Boolean read-write (null) An indication of > whether credential bootstrapping is enabled for this interface. > RoleId (v1.3+) string read-write The role used for the > bootstrap account created for this interface. > } > So, if EnableAfterReset set to false, that means BMC will response > with 0x80 error and will not return any credentials after reboot. And > BIOS BMC communication will fail. > Another concern with disabling credential bootstrapping control is > that we do it on Exit Boot event before passing a control to OS. > But OS may also need to communicate to BMC through Redfish Host > Interface to post some information. And it will be blocked by our IPMI call. > We create that SMBIOS Type 42 table with Redfish Host Interface > settings which can be used by OS to communicate with BMC. But without > the credentials it will not be possible. > > Another question is AuthMethod parameter you initialize in this library: > *AuthMethod = AuthMethodHttpBasic; > According to Redfish HI specification 3 methods may be used - No Auth, > Basic Auth and Session Auth. > Basic Auth and Session Auth methods are required the credentials to be > used by BIOS. And both of them should be supported by BMC. > And your high level function RedfishCreateLibredfishService also > supports of creation Basic or Session Auth service. > I'm not sure why low level library which is created to get credentials > from BMC should decide what Authentication method should be used? > Should it be configured with some PCD? Maybe user may select in Setup > what method should be used? Or it could be build time configuration? > > Thank you, > Igor > > -----Original Message----- > From: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>> > Sent: Tuesday, October 25, 2022 4:24 AM > To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; abner.chang@amd.com<mailto:abner.chang@amd.com> > Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>>; Igor Kulchytskyy > <igork@ami.com<mailto:igork@ami.com>> > Subject: [EXTERNAL] RE: [edk2-devel] [PATCH] > RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation > > > **CAUTION: The e-mail below is from an external source. Please > exercise caution before opening attachments, clicking links, or > following guidance.** > > Thanks for your review comments, Abner! I will update new version > patch later. The CI build error will be handled together. > > > please add Igor as reviewer too > Sure! > > > > + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); > > + if > [Chang, Abner] > Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both > BootUsername and BootstrapPassword? Because the maximum number of > characters defined in the spec is USERNAME_MAX_LENGTH for the > user/password. > > Yes, the additional one byte is for NULL terminator. > USERNAME_MAX_LENGTH is defined as 16 and follow host interface > specification. > > Regards, > Nickle > > -----Original Message----- > From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Chang, > Abner via groups.io > Sent: Saturday, October 22, 2022 3:01 PM > To: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> > Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>>; Igor Kulchytskyy > <igork@ami.com<mailto:igork@ami.com>> > Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishPlatformCredentialLib: > IPMI implementation > > External email: Use caution opening links or attachments > > > [AMD Official Use Only - General] > > Hi Nickle, please add Igor as reviewer too. My comments is in below, > > > -----Original Message----- > > From: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>> > > Sent: Thursday, October 20, 2022 10:55 AM > > To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> > > Cc: Chang, Abner <Abner.Chang@amd.com<mailto:Abner.Chang@amd.com>>; Nick Ramirez > > <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> > > Subject: [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI > > implementation > > > > Caution: This message originated from an External Source. Use proper > > caution when opening attachments, clicking links, or responding. > > > > > > This library follows Redfish Host Interface specification and use > > IPMI command to get bootstrap account credential(NetFn 2Ch, Command > > 02h) > from BMC. > > RedfishHostInterfaceDxe will use this credential for the following > > communication between BIOS and BMC. > > > > Cc: Abner Chang <abner.chang@amd.com<mailto:abner.chang@amd.com>> > > Cc: Nick Ramirez <nramirez@nvidia.com<mailto:nramirez@nvidia.com>> > > Signed-off-by: Nickle Wang <nicklew@nvidia.com<mailto:nicklew@nvidia.com>> > > --- > > .../RedfishPlatformCredentialLib.c | 273 ++++++++++++++++++ > > .../RedfishPlatformCredentialLib.h | 75 +++++ > > .../RedfishPlatformCredentialLib.inf | 37 +++ > [Chang, Abner] > Could we name this library RedfishPlatformCredentialIpmi so the naming > style is consistent with RedfishPlatformCredentialNull? > > > 3 files changed, 385 insertions(+) > > create mode 100644 > > > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredent > ial > Lib. > > c > > create mode 100644 > > > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredent > ial > Lib. > > h > > create mode 100644 > > RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede > > nt > > ialLib.i > > nf > > > > diff --git > > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.c > > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.c > > new file mode 100644 > > index 0000000000..23a15ab1fa > > --- /dev/null > > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatfor > > +++ mC > > +++ re > > +++ dentialLib.c > > @@ -0,0 +1,273 @@ > > +/** @file > > +* > > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > > +* > > +* SPDX-License-Identifier: BSD-2-Clause-Patent > [Chang, Abner] > We can have "@par Revision Reference:" in the file header to point > out the spec. > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fnam1&data=05%7C01%7Cnicklew%40nvidia.com%7C3f7c98d402b8471f95d408dab8fdeb00%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638025697967855556%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=90NlFqDGaEtk5kMibeuQ3%2FzQNn3ANJn1LcF6RNqsJJ0%3D&reserved=0<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fnam1&data=05%7C01%7CAbner.Chang%40amd.com%7C7de19a7cbc3143598ba508dabaa86cf1%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C638027529821487127%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=3uYwsOctApfUtrK22CzDxCYxEzJZeimYoiX3tipJooY%3D&reserved=0> > 1.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fnam1 > &data=05%7C01%7Cigork%40ami.com%7C224e78526d7d45a7b31108dab8f42ac1 > %7C27e97857e15f486cb58e86c2b3040f93%7C1%7C0%7C638025656093102767%7CUnk > nown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWw > iLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=YN52FOx%2F%2F1YYG8Nl86vu7zlz > M%2BpLMk3Ym0RNPLxLKqw%3D&reserved=0 > 2.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fnam1 > &data=05%7C01%7Cnicklew%40nvidia.com%7C90696ea8811e49e371a708dab8e > be2d8%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638025620543993279% > 7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik > 1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CyvRgMZREOk5Yf0hU3CmH%2 > B08ktxMYw%2Bixr4UVywfrAQ%3D&reserved=0 > 1.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fww&a > mp;data=05%7C01%7Cigork%40ami.com%7C2b5b562c02c04c90d51208dab8b8c0fd%7 > C27e97857e15f486cb58e86c2b3040f93%7C1%7C0%7C638025400915295621%7CUnkno > wn%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiL > CJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Uy%2B3HS336N3rgNSESPcyOPGX3eOR > 48hekdz08nLtJU4%3D&reserved=0 > w.dmtf.org%2Fsites%2Fdefault%2Ffiles%2Fstandards%2Fdocuments%2FDSP > 0270_1.3.0.pdf&data=05%7C01%7Cabner.chang%40amd.com%7C074aa > e162fba49409af408dab8297c03%7C3dd8961fe4884e608e11a82d994e183d%7C > 0%7C0%7C638024786060127888%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiM > C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000 > %7C%7C%7C&sdata=yY6hhKjQfVqmNuufbeDNk%2B2FKrebHyIAyS9Ya4 > szE3Y%3D&reserved=0 > > > +* > > +**/ > > + > > +#include "RedfishPlatformCredentialLib.h" > > + > > +// > > +// Global flag of controlling credential service // BOOLEAN > > +mRedfishServiceStopped = FALSE; > > + > > +/** > > + Notify the Redfish service provide to stop provide configuration > > +service to this > > platform. > > + > > + This function should be called when the platfrom is about to > > + leave the safe > > environment. > > + It will notify the Redfish service provider to abort all logined > > + session, and prohibit further login with original auth info. > > + GetAuthInfo() will return EFI_UNSUPPORTED once this function is > returned. > > + > > + @param[in] This Pointer to > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > > + @param[in] ServiceStopType Reason of stopping Redfish service. > > + > > + @retval EFI_SUCCESS Service has been stoped successfully. > > + @retval EFI_INVALID_PARAMETER This is NULL. > > + @retval Others Some error happened. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +LibStopRedfishService ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE > ServiceStopType > > + ) > > +{ > > + EFI_STATUS Status; > > + > > + if ((ServiceStopType <= ServiceStopTypeNone) || (ServiceStopType > > + >= > > ServiceStopTypeMax)) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + // > > + // Raise flag first > > + // > > + mRedfishServiceStopped = TRUE; > > + > > + // > > + // Notify BMC to disable credential bootstrapping support. > > + // > > + Status = GetBootstrapAccountCredentials (TRUE, NULL, NULL); if > > + (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: fail to disable bootstrap credential: > > + %r\n", > > __FUNCTION__, Status)); > > + return Status; > > + } > > + > > + return EFI_SUCCESS; > > +} > > + > > +/** > > + Notification of Exit Boot Service. > > + > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > > +**/ > > +VOID > > +EFIAPI > > +LibCredentialExitBootServicesNotify ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > > + ) > > +{ > > + // > > + // Stop the credential support when system is about to enter OS. > > + // > > + LibStopRedfishService (This, ServiceStopTypeExitBootService); } > > + > > +/** > > + Notification of End of DXe. > > + > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. > > +**/ > > +VOID > > +EFIAPI > > +LibCredentialEndOfDxeNotify ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This > > + ) > > +{ > > + // > > + // Do nothing now. > > + // We can stop credential support when system reach end-of-dxe > > +for security > > reason. > > + // > > +} > > + > > +/** > > + Function to retrieve temporary use credentials for the UEFI > > +redfish client > [Chang, Abner] > We miss the functionality to disable bootstrap credential service in > the function description. > > > + > > + @param[in] DisableBootstrapControl > > + TRUE - Tell the BMC to disable the bootstrap credential > > + service to ensure no one else gains credentials > > + FALSE Allow the bootstrap > > + credential service to continue @param[out] BootstrapUsername > > + A pointer to a UTF-8 encoded > > + string for the credential > > username > > + When DisableBootstrapControl > > + is TRUE, this pointer can be NULL > > + > > + @param[out] BootstrapPassword > > + A pointer to a UTF-8 encoded > > + string for the credential > > password > > + When DisableBootstrapControl > > + is TRUE, this pointer can be NULL > > + > > + @retval EFI_SUCCESS Credentials were successfully fetched and > > returned > > + @retval EFI_INVALID_PARAMETER BootstrapUsername or > > BootstrapPassword is NULL when DisableBootstrapControl > > + is set to FALSE > > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > [Chang, Abner] > The return status should also include the status of disabling > bootstrap credential. > > > > +**/ > > +EFI_STATUS > > +GetBootstrapAccountCredentials ( > > + IN BOOLEAN DisableBootstrapControl, > > + IN OUT CHAR8 *BootstrapUsername, OPTIONAL > > + IN OUT CHAR8 *BootstrapPassword OPTIONAL > > + ) > > +{ > > + EFI_STATUS Status; > > + IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA CommandData; > > + IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE ResponseData; > > + UINT32 ResponseSize; > > + > > + if (!PcdGetBool (PcdIpmiFeatureEnable)) { > > + DEBUG ((DEBUG_ERROR, "%a: IPMI is not enabled! Unable to fetch > > + Redfish > > credentials\n", __FUNCTION__)); > > + return EFI_UNSUPPORTED; > > + } > > + > > + // > > + // NULL buffer check > > + // > > + if (!DisableBootstrapControl && ((BootstrapUsername == NULL) || > > (BootstrapPassword == NULL))) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + DEBUG ((DEBUG_VERBOSE, "%a: Disable bootstrap control: 0x%x\n", > > + __FUNCTION__, DisableBootstrapControl)); > > + > > + // > > + // IPMI callout to NetFn 2C, command 02 > > + // Request data: > > + // Byte 1: REDFISH_IPMI_GROUP_EXTENSION > > + // Byte 2: DisableBootstrapControl > > + // > > + CommandData.GroupExtensionId = > REDFISH_IPMI_GROUP_EXTENSION; > > + CommandData.DisableBootstrapControl = (DisableBootstrapControl ? > > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE : > > + REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE); > > + > > + ResponseSize = sizeof (ResponseData); > > + > > + // > > + // Response data: > > + // Byte 1 : Completion code > > + // Byte 2 : REDFISH_IPMI_GROUP_EXTENSION > > + // Byte 3-18 : Username > > + // Byte 19-34: Password > > + // > > + Status = IpmiSubmitCommand ( > > + IPMI_NETFN_GROUP_EXT, > > + REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD, > > + (UINT8 *)&CommandData, > > + sizeof (CommandData), > > + (UINT8 *)&ResponseData, > > + &ResponseSize > > + ); > > + > > + if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: IPMI transaction failure. > > + Returning\n", > > __FUNCTION__)); > > + ASSERT_EFI_ERROR (Status); > > + return Status; > > + } else { > > + if (ResponseData.CompletionCode != IPMI_COMP_CODE_NORMAL) { > > + if (ResponseData.CompletionCode == > > REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED) { > > + DEBUG ((DEBUG_ERROR, "%a: bootstrap credential support was > > disabled\n", __FUNCTION__)); > > + return EFI_ACCESS_DENIED; > > + } > > + > > + DEBUG ((DEBUG_ERROR, "%a: Completion code = 0x%x. > > + Returning\n", > > __FUNCTION__, ResponseData.CompletionCode)); > > + return EFI_PROTOCOL_ERROR; > > + } else if (ResponseData.GroupExtensionId != > > REDFISH_IPMI_GROUP_EXTENSION) { > > + DEBUG ((DEBUG_ERROR, "%a: Group Extension Response = 0x%x. > > Returning\n", __FUNCTION__, ResponseData.GroupExtensionId)); > > + return EFI_DEVICE_ERROR; > > + } else { > > + if (BootstrapUsername != NULL) { > > + CopyMem (BootstrapUsername, ResponseData.Username, > > USERNAME_MAX_LENGTH); > > + // > > + // Manually append null-terminator in case 16 characters > > + username > > returned. > > + // > > + BootstrapUsername[USERNAME_MAX_LENGTH] = '\0'; > > + } > > + > > + if (BootstrapPassword != NULL) { > > + CopyMem (BootstrapPassword, ResponseData.Password, > > PASSWORD_MAX_LENGTH); > > + // > > + // Manually append null-terminator in case 16 characters > > + password > > returned. > > + // > > + BootstrapPassword[PASSWORD_MAX_LENGTH] = '\0'; > > + } > > + } > > + } > > + > > + return Status; > > +} > > + > > +/** > > + Retrieve platform's Redfish authentication information. > > + > > + This functions returns the Redfish authentication method together > > + with the user Id and password. > > + - For AuthMethodNone, the UserId and Password could be used for > > + HTTP > > header authentication > > + as defined by RFC7235. > > + - For AuthMethodRedfishSession, the UserId and Password could be > > + used for > > Redfish > > + session login as defined by Redfish API specification (DSP0266). > > + > > + Callers are responsible for and freeing the returned string storage. > > + > > + @param[in] This Pointer to > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance. > > + @param[out] AuthMethod Type of Redfish authentication method. > > + @param[out] UserId The pointer to store the returned UserId > string. > > + @param[out] Password The pointer to store the returned > Password > > string. > > + > > + @retval EFI_SUCCESS Get the authentication information > successfully. > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe. > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or > > Password is NULL. > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory > resources. > > + @retval EFI_UNSUPPORTED Unsupported authentication method is > > found. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +LibCredentialGetAuthInfo ( > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod, > > + OUT CHAR8 **UserId, > > + OUT CHAR8 **Password > > + ) > > +{ > > + EFI_STATUS Status; > > + > > + if ((AuthMethod == NULL) || (UserId == NULL) || (Password == NULL)) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + *UserId = NULL; > > + *Password = NULL; > > + > > + if (mRedfishServiceStopped) { > > + DEBUG ((DEBUG_ERROR, "%a: credential service is stopped due to > > + security > > reason\n", __FUNCTION__)); > > + return EFI_ACCESS_DENIED; > > + } > > + > > + *AuthMethod = AuthMethodHttpBasic; > > + > > + *UserId = AllocateZeroPool (sizeof (CHAR8) * USERNAME_MAX_SIZE); > > + if > [Chang, Abner] > Allocation memory with the size (USERNAME_MAX_LENGTH + 1) for both > BootUsername and BootstrapPassword? Because the maximum number of > characters defined in the spec is USERNAME_MAX_LENGTH for the > user/password. > > > > + (*UserId == NULL) { > > + return EFI_OUT_OF_RESOURCES; > > + } > > + > > + *Password = AllocateZeroPool (sizeof (CHAR8) * > > + PASSWORD_MAX_SIZE); if (*Password == NULL) { > > + return EFI_OUT_OF_RESOURCES; > > + } > > + > > + Status = GetBootstrapAccountCredentials (FALSE, *UserId, > > + *Password); if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "%a: fail to get bootstrap credential: > > + %r\n", > > __FUNCTION__, Status)); > > + return Status; > > + } > > + > > + return EFI_SUCCESS; > > +} > > diff --git > > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.h > > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.h > > new file mode 100644 > > index 0000000000..5b448e01be > > --- /dev/null > > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatfor > > +++ mC > > +++ re > > +++ dentialLib.h > > @@ -0,0 +1,75 @@ > > +/** @file > > +* > > +* Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > > +* > > +* SPDX-License-Identifier: BSD-2-Clause-Patent > > +* > > +**/ > > +#include <Uefi.h> > > +#include <IndustryStandard/Ipmi.h> > > +#include <Protocol/EdkIIRedfishCredential.h> > > +#include <Library/BaseLib.h> > > +#include <Library/BaseMemoryLib.h> > > +#include <Library/DebugLib.h> > > +#include <Library/IpmiBaseLib.h> > > +#include <Library/MemoryAllocationLib.h> #include > > +<Library/RedfishCredentialLib.h> > > + > > +#define REDFISH_IPMI_GROUP_EXTENSION 0x52 > > +#define REDFISH_IPMI_GET_BOOTSTRAP_CREDENTIALS_CMD 0x02 > > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_ENABLE 0xA5 > > +#define REDFISH_IPMI_BOOTSTRAP_CREDENTIAL_DISABLE 0x00 > > +#define > REDFISH_IPMI_COMP_CODE_BOOTSTRAP_CREDENTIAL_DISABLED > > 0x80 > > + > > +// > > +// Per Redfish Host Interface Specification 1.3, The maximum lenght > > +of // username and password is 16 characters long. > > +// > > +#define USERNAME_MAX_LENGTH 16 > > +#define PASSWORD_MAX_LENGTH 16 > > +#define USERNAME_MAX_SIZE (USERNAME_MAX_LENGTH + 1) // > NULL > > terminator > > +#define PASSWORD_MAX_SIZE (PASSWORD_MAX_LENGTH + 1) // > NULL > > terminator > > + > > +#pragma pack(1) > > +/// > > +/// The definition of IPMI command to get bootstrap account > > +credentials /// typedef struct { > > + UINT8 GroupExtensionId; > > + UINT8 DisableBootstrapControl; > > +} IPMI_BOOTSTRAP_CREDENTIALS_COMMAND_DATA; > > + > > +/// > > +/// The response data of getting bootstrap credential /// typedef > > +struct { > > + UINT8 CompletionCode; > > + UINT8 GroupExtensionId; > > + CHAR8 Username[USERNAME_MAX_LENGTH]; > > + CHAR8 Password[PASSWORD_MAX_LENGTH]; > > +} IPMI_BOOTSTRAP_CREDENTIALS_RESULT_RESPONSE; > > + > > +#pragma pack() > > + > > +/** > > + Function to retrieve temporary use credentials for the UEFI > > +redfish client > [Chang, Abner] > We miss the functionality to disable bootstrap credential service in > the function description. > > > + > > + @param[in] DisableBootstrapControl > > + TRUE - Tell the BMC to disable the bootstrap credential > > + service to ensure no one else gains credentials > > + FALSE Allow the bootstrap > > + credential service to continue @param[out] BootstrapUsername > > + A pointer to a UTF-8 encoded > > + string for the credential username > > + > > + @param[out] BootstrapPassword > > + A pointer to a UTF-8 encoded > > + string for the credential password > > + > > + @retval EFI_SUCCESS Credentials were successfully fetched and > > returned > [Chang, Abner] > Or the bootstrap credential service is disabled successfully, right? > > > + @retval EFI_DEVICE_ERROR An IPMI failure occurred > > +**/ > > +EFI_STATUS > > +GetBootstrapAccountCredentials ( > > + IN BOOLEAN DisableBootstrapControl, > > + IN OUT CHAR8 *BootstrapUsername, > > + IN OUT CHAR8 *BootstrapPassword > > + ); > > diff --git > > a/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.inf > > b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCre > > de > > ntialLi > > b.inf > > new file mode 100644 > > index 0000000000..a990d28363 > > --- /dev/null > > +++ b/RedfishPkg/Library/RedfishPlatformCredentialLib/RedfishPlatfor > > +++ mC > > +++ re > > +++ dentialLib.inf > > @@ -0,0 +1,37 @@ > > +## @file > > +# > > +# Copyright (c) 2022 NVIDIA CORPORATION & AFFILIATES. All rights > reserved. > > +# > > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ## > > + > > +[Defines] > > + INF_VERSION = 0x0001000b > > + BASE_NAME = RedfishPlatformCredentialLib > > + FILE_GUID = 9C45D622-4C66-417F-814C-F76246D97233 > > + MODULE_TYPE = DXE_DRIVER > > + VERSION_STRING = 1.0 > > + LIBRARY_CLASS = RedfishPlatformCredentialLib > > + > > +[Sources] > > + RedfishPlatformCredentialLib.c > > + > > +[Packages] > > + MdePkg/MdePkg.dec > > + MdeModulePkg/MdeModulePkg.dec > > + RedfishPkg/RedfishPkg.dec > > + IpmiFeaturePkg/IpmiFeaturePkg.dec > [Chang, Abner] > Could you please add a comment to the reference of IpmiFeaturePkg? We > have to give customers a notice that the dependence of "edk2- > platforms/Features/Intel/OutOfBandManagement/". They have to add the > path to PACKAGES_PATH. You also have to skip this dependence in the > RedfishPkg.yaml to avoid the CI error. > > Another thing is I propose to move out IpmiFeaturePkg from edk2- > platforms/Features/Intel/OutOfBandManagement to edk2- > platforms/Features/ManageabilityPkg that also provides the > implementation of PLDM/MCTP/IPMI/KCS. I had an initial talk with > IpmiFeaturePkg owner and get the positive response on this proposal. I > will kick off the discussion on the dev mailing list. That is to say > this module may need a little bit change later, however that is good > to me having this implementation now. > Thanks > Abner > > + > > +[LibraryClasses] > > + UefiLib > > + DebugLib > > + IpmiBaseLib > > + MemoryAllocationLib > > + BaseMemoryLib > > + > > +[Pcd] > > + gIpmiFeaturePkgTokenSpaceGuid.PcdIpmiFeatureEnable > > + > > +[Depex] > > + TRUE > > -- > > 2.17.1 > > > > > > -The information contained in this message may be confidential and > proprietary to American Megatrends (AMI). This communication is > intended to be read only by the individual or entity to whom it is > addressed or by their designee. If the reader of this message is not > the intended recipient, you are on notice that any distribution of > this message, in any form, is strictly prohibited. Please promptly > notify the sender by reply e-mail or by telephone at 770-246-8600, and > then delete or destroy all copies of the transmission. > > > > > > > > > > > -The information contained in this message may be confidential and > proprietary to American Megatrends (AMI). This communication is > intended to be read only by the individual or entity to whom it is > addressed or by their designee. If the reader of this message is not > the intended recipient, you are on notice that any distribution of > this message, in any form, is strictly prohibited. Please promptly > notify the sender by reply e-mail or by telephone at 770-246-8600, and > then delete or destroy all copies of the transmission. > > > > -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. [-- Attachment #2: Type: text/html, Size: 74447 bytes --] ^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2022-10-31 13:20 UTC | newest] Thread overview: 15+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2022-10-20 2:54 [PATCH] RedfishPkg/RedfishPlatformCredentialLib: IPMI implementation Nickle Wang 2022-10-22 7:01 ` Chang, Abner 2022-10-25 8:23 ` [edk2-devel] " Nickle Wang 2022-10-26 15:26 ` Igor Kulchytskyy 2022-10-27 13:25 ` Nickle Wang 2022-10-27 14:42 ` Igor Kulchytskyy 2022-10-28 7:48 ` Chang, Abner 2022-10-28 13:54 ` Igor Kulchytskyy 2022-10-28 14:53 ` Nickle Wang 2022-10-28 16:03 ` Igor Kulchytskyy 2022-10-28 23:29 ` Nickle Wang 2022-10-30 15:33 ` Chang, Abner 2022-10-30 18:56 ` Igor Kulchytskyy 2022-10-31 2:24 ` Chang, Abner 2022-10-31 13:20 ` Igor Kulchytskyy
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox