From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id B073A740046 for ; Fri, 17 May 2024 07:17:26 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=I+0BjaWHDd+yh87oK8MSY6Q6vFh4JU5Ge8lqwsyCNII=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:msip_labels:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1715930245; v=1; b=5A1EKrQbpa3xblfiQ7NDjLwksxQqylN/7v/gIiPHDoj4napCqx+wINztond0wHJlZwM7UHNx zT/mMm1gwF5qHTLY0cQlgiZtxXdLJwICH7r2rxDQv/TuHGPI5f5FGbXj+snGVpqs9ZNXleNxo5/ 0U72TQNYU/ZhcJCZHJJrAnkaY2CDSU2lyViH+kaWRfuXzrhT/XRrUGdxT+1sNq5ct2JUKpTl93F HWxANrq2e8yqD789XOviDVEpEFScPgkxUW1Y7DKjbdsIJwkkFaPbPhd8YPAm3P9sTDkLjqppNNp btICmonA+g1J/uBsHZAQThZo1kri9FyaM+lKbWzSqEinw== X-Received: by 127.0.0.2 with SMTP id NpPJYY7687511xgnS9yQuwWW; Fri, 17 May 2024 00:17:25 -0700 X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.73]) by mx.groups.io with SMTP id smtpd.web10.34411.1715930243626410677 for ; Fri, 17 May 2024 00:17:23 -0700 X-Received: from PH8PR12MB7025.namprd12.prod.outlook.com (2603:10b6:510:1bc::22) by MN2PR12MB4207.namprd12.prod.outlook.com (2603:10b6:208:1d9::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7587.30; Fri, 17 May 2024 07:17:18 +0000 X-Received: from PH8PR12MB7025.namprd12.prod.outlook.com ([fe80::cd43:b9f3:7c11:6a48]) by PH8PR12MB7025.namprd12.prod.outlook.com ([fe80::cd43:b9f3:7c11:6a48%5]) with mapi id 15.20.7587.026; Fri, 17 May 2024 07:17:17 +0000 From: "Nickle Wang via groups.io" To: Igor Kulchytskyy , "Chang, Abner" , "devel@edk2.groups.io" CC: Nick Ramirez Subject: Re: [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg: introduce RedfishBootstrapAccountDxe Thread-Topic: [EXTERNAL] RE: [edk2-devel] [edk2-redfish-client][PATCH] RedfishClientPkg: introduce RedfishBootstrapAccountDxe Thread-Index: AQHalVHC+eOwnTG3tUCDH2WLi/Js3bGWzJvQgAG6VgCAAKjSAIAABYRwgAAVEwCAAATrkIAAj+YAgAFKKTA= Date: Fri, 17 May 2024 07:17:17 +0000 Message-ID: References: <20240418122730.18204-1-nicklew@nvidia.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_ActionId=02042108-8add-4e61-9fed-ea197e2b5c86;MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_ContentBits=0;MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_Enabled=true;MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_Method=Standard;MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_Name=General;MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_SetDate=2024-04-22T02:10:33Z;MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_SiteId=3dd8961f-e488-4e60-8e11-a82d994e183d; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PH8PR12MB7025:EE_|MN2PR12MB4207:EE_ x-ms-office365-filtering-correlation-id: 0e5fa6f6-0c7f-48ef-8bf2-08dc7641627e x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: =?us-ascii?Q?4ItMQ8/fSILpW25W2z7Id8/t7EJ/wiZVmF5F99CbJ2rhm59W+lqC/GkGMld7?= =?us-ascii?Q?YOrd8CbzObTHcmQ01O3CJ6ELiRFJa36IsNJUXJLzGYsEx4KJdEU+XV8atQiA?= =?us-ascii?Q?sxIeGxQHkDCSThuLahzc7jcAXsDZrxw+fwIJLsGEh1DTfAViwqQwVF+135em?= =?us-ascii?Q?N9j8mPeQlShjYa0oQqSd0Q8MpM3W9zuwr5kXP6Wc0lVjFaiKS9RHRk0bSRI7?= =?us-ascii?Q?uFfLkJp8N9YibaxvLDV6P9NLjW1KtQynPt+CCOFI561BCM043acYyPUQtCLf?= =?us-ascii?Q?VvRsZZf7pHu+GPEKNTpV+Knno/IXOJl1Y60O/UJOmh1vtRaTDNKjL/eB1GUg?= =?us-ascii?Q?FDDhMf1O3Be2JIf4WDIQ7E33QxPREhYHynlc25t7vABu7mtk+KbCYxmxmsPy?= =?us-ascii?Q?XOUGLsiNqQhgO7fICLE/8pgll2c/cDlJLQdb4+BpA9xLfkulVdlEauE0VwjC?= =?us-ascii?Q?jgtHbVJDYvzDHCG9bPXZzz2dfrhaU+G4qGY3054kDyDnr5+w/nA6rCBbQxNC?= =?us-ascii?Q?dBlAX5Q3b4SJnZzb73NmrPQXokc/5TFfOxCgSw2olV7LG4FaI3AxmbT90CbX?= =?us-ascii?Q?uA2DaA7/kDzejU+Wxdglqw3Yoow8STl3TFn3+nesWwCbDw4w3C0ooxQOmwXZ?= =?us-ascii?Q?UTfEnAH40cduFBA/1go+NzGiGESt4jTEsm/vhfQgiDm7INhJomMupmOIkm4G?= =?us-ascii?Q?wOCjJIAJZpqZ+nm1sOqBMttLiVa9T7PdanZyV96HjPmLS+/kPPFSjTUvqGll?= =?us-ascii?Q?JmZ8SeFcfF3quyoSFmBJKJSAIVKEsthIJ3gQ8CFFnlDS/PPRwoBnl9+swQtx?= =?us-ascii?Q?sRV5yJMyK1EdKR/IKSFEMq5/OMXnO3ZrorGL1+3F1vf0QPHeqbEqGqMIG1f3?= =?us-ascii?Q?Qy1sFuK/pr7uy2g+Dnmwsro5C7gINZUlLmUuehOPZIEkfY4vLWbUY9P2lcp+?= =?us-ascii?Q?amLUSR/ueAQaF/pe+Qjt6BkwFAOw9kQU6g3yRb6rakxtHcSDh43e0Dx61uUp?= =?us-ascii?Q?NeCpTD9cJ90/9mPn0Hu/TNi7bA8OnX5WNolu2Xe2eNpfShBLkDrxmOghKL9u?= =?us-ascii?Q?gqyDhHoWHAt1r7b3mfTlsBZJAl4G4dTECkeW2w/3zzlf0t8CT6qKBrSuCGxJ?= =?us-ascii?Q?CGhI1KNGcyyzCOx2bZ/wBmkQVcRFXaqVPTeAzjrtQcmpX8z9ssCB9TOQnIe3?= =?us-ascii?Q?NQgvOHrfk7REgRsMLLVMv8OqjoTC9jIuTuNXDXsucU8GFAOVdrhD1kYaGhFz?= =?us-ascii?Q?PdpZJDQqyG1s8YvlDN2Y02wMOe+vGrz0K6654mz/0ve3Fg3B6vowqwpOrTxW?= =?us-ascii?Q?fSVN4Pxy3gpwcww3DxJui4Uu1CnYYldcxEq6o/2t9rmhZQ=3D=3D?= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?QuljqTzhrCD1wlJmv4ZpHkxwfQcZsgN/9DzwN/CKX493kTXpgWudXq6VEzG9?= =?us-ascii?Q?yShyAGEt5XIuB+EX3EF1452P31yOJ+so3v9H9VG4weafWJLKnEhyhNb2yMZ5?= =?us-ascii?Q?5xwMuf8K/qw1bQJ8Qgt0qZN546lxmHlESxxQKQH3LIpuxpcilKG8LUOyLP8M?= =?us-ascii?Q?PmrMnfG8Sutgf33A/6+8+sAyL5/4ON1AcBLWiaDmXjwnLjPBykcFMCxPvqu2?= =?us-ascii?Q?Z6oiKUuNYGQsF5OgqDSYqZocky0lqxHGgFF+GQh2sMSoWmFRv7+by5k1NAjC?= =?us-ascii?Q?MsU4NawOhCfImdZtWjp1+CJBWlUhH6rOgNUrfdNOZFeTMRxfvDhj0iumR0no?= =?us-ascii?Q?YVodrnUKuMY6o4Pr/9s2Kz0wt/rQrCDy+713gXfuYt4OqFYz/0NghYRKsw4W?= =?us-ascii?Q?vEpzugveWE9ChTFGHapsqAvwtP2MpUWhR7dyYQp4xSud7VPH2vJqEroc5JeW?= =?us-ascii?Q?mNGW/k55ggdbeGWj23xyaOY+7XI7c8h6pN1/lAhDVENo9LT21mI3uZqPk8Aw?= =?us-ascii?Q?C1RPZFfFmnZ6y5FAiGQzYDk7fT9qzn1DmIVldJrEXuiggU3GLshujg1KLMHu?= =?us-ascii?Q?0R/ceAVB/t2i4pZu+YZSG7wl0BuRUYtM39Zl8YrJK+3x8gYvGrCEoUg6H35S?= =?us-ascii?Q?xLl3IuDTItJeuHypKASBEU/eUpdVjJ29ydRZSCviBZoq9e7pU+sCe7LZx7yI?= =?us-ascii?Q?etYbwrf7lu3MOlAeDlkJw189HnRFWrwO3KQ7xHPJJ6ZxyuK06cYHdo9rvF8a?= =?us-ascii?Q?Lgzx31BuRdXWrSXjIAosOpj61hZUX3gbskD9aMobRm6Zxvy8XEBkEZeh50+H?= =?us-ascii?Q?ZnR1Uf1r/bFVducccr3SluCNGdeKkM6Gu7OBLyQ1rD9OJP7EvsRPD3M44EtN?= =?us-ascii?Q?xFbMEN7EatP3j5N6dNh2MLZH5bJx1h1qST1AjI2amhiP+Gg3pkwME1p65Ksb?= =?us-ascii?Q?VHjr7xy3Cq6hFsoYI79axUHrMDVG0MJt9JlL1ApeUqIVfgI8eCYCiFx09mcv?= =?us-ascii?Q?IwHWgsMBK+w0kmjWhI3TrhQ7EKu5Mp9Uu74O7gVHRPxS+IZePbVubp/GqmS4?= =?us-ascii?Q?T8gSv70WZdw1dET0quErRTY7RD2rI1Blvm5anSbA/fRcpRi4XtLBray9hkqc?= =?us-ascii?Q?7zv7aIRDGAhKnw3nIKR76SjAJvKxBP4uVfLDD03Eqd80QXcUDG+UedAeiA3E?= =?us-ascii?Q?Skkl27A9QoCcgN/NjleW5KXuEorqhhgRkxKXimwuoAF15XnToKuLBnOfPQiP?= =?us-ascii?Q?fwcts2Y8KAbKeJalqAD+XiuWE+T49IIdyM57x3VxiSl/llhpUCSYSxiPH1wf?= =?us-ascii?Q?GsZDx3/TkxbwzfUB05idp+9/guKlfKZSW+OTB4/qixuE1ex3SUXnpJw6+9WV?= =?us-ascii?Q?UOyjqJ5zJYXNyxdOrDE4Ki53BSWgP4VuoYUKlAaYza+D+za2yoqhq2W2D4Bm?= =?us-ascii?Q?sRl6uk4/k0OxhQCYIGXAkKr8miSQ1Fb4w+lwc1M7a0h2OqbLL4CboefeeTdy?= =?us-ascii?Q?eA1BECc5FF5ybBxLdpo8BXHBLZ2Mwv78mJopi0AHLuVYGZNCr5nKiuk6gzGb?= =?us-ascii?Q?CNRx6ApWoZ4AoP9rSQN2IYyM66J1AMSWWfqx0DJMximVYHQ3tp/eHhVb/p5S?= =?us-ascii?Q?zYL/QdUnOW6MWuR/qgHNF8u9J2wVxPRykLuqbIMu2J04?= MIME-Version: 1.0 X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH8PR12MB7025.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0e5fa6f6-0c7f-48ef-8bf2-08dc7641627e X-MS-Exchange-CrossTenant-originalarrivaltime: 17 May 2024 07:17:17.6658 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: wljC0vaup/leNR28RzqSrkqgBye+gUnKejSENfpD6JQv0WGhKuSc6LCjI37ZpFqkhIIOhLt+oafW8+Lbfr7sHA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4207 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Fri, 17 May 2024 00:17:23 -0700 Resent-From: nicklew@nvidia.com Reply-To: devel@edk2.groups.io,nicklew@nvidia.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 1mYIOjaoypPtU3Au3zdCZ4t0x7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=5A1EKrQb; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io Hi Igor, Thanks for your idea. This sounds feasible to me. Let me try to test it on = my system. Regards, Nickle > -----Original Message----- > From: Igor Kulchytskyy > Sent: Thursday, May 16, 2024 7:34 PM > To: Nickle Wang ; Chang, Abner > ; devel@edk2.groups.io > Cc: Nick Ramirez > Subject: RE: [EXTERNAL] RE: [edk2-devel] [edk2-redfish-client][PATCH] > RedfishClientPkg: introduce RedfishBootstrapAccountDxe >=20 > External email: Use caution opening links or attachments >=20 >=20 > We can have some protocol where all Redfish clients register saying that = they are > using the bootstrap credentials. > And when they finish their job they notify RedfishBootstrapAccountDxe dri= ver and > when all of registered modules finish their job RedfishBootstrapAccountDx= e driver > delete the account. > Thank you, > Igor >=20 > -----Original Message----- > From: Nickle Wang > Sent: Wednesday, May 15, 2024 11:10 PM > To: Chang, Abner ; Igor Kulchytskyy ; > devel@edk2.groups.io > Cc: Nick Ramirez > Subject: RE: [EXTERNAL] RE: [edk2-devel] [edk2-redfish-client][PATCH] > RedfishClientPkg: introduce RedfishBootstrapAccountDxe >=20 > > RedfishFeatureCore could be one of the Redfish clients, delete the > > credential from Redfish account service in RedfishFeatureCore > > lifecycle may impact other Redfish clients that still need the communic= ation > with Redfish service, right? >=20 > When all Redfish clients are managed by RedfishFeatureCore, I think we do= n't > have such case. And this may be a good reason to keep it in RedfishClient= Pkg. This > driver offers a way for BIOS to delete bootstrapping account at BMC after > everything is done. Platform owner can decide to include this driver or n= ot > depending on the Redfish design in system. >=20 > Regards, > Nickle >=20 > > -----Original Message----- > > From: Chang, Abner > > Sent: Thursday, May 16, 2024 10:41 AM > > To: Nickle Wang ; Igor Kulchytskyy > > ; devel@edk2.groups.io > > Cc: Nick Ramirez > > Subject: RE: [EXTERNAL] RE: [edk2-devel] [edk2-redfish-client][PATCH] > > RedfishClientPkg: introduce RedfishBootstrapAccountDxe > > > > External email: Use caution opening links or attachments > > > > > > [AMD Official Use Only - General] > > > > I think we probably overlook some use cases. Multiple edk2 Redfish > > applications running simultaneously is allowed from the design > > perspective. However, we centralized GetAuthInfo in > > RedfishPlatformCredentialLib for all of edk2 Redfish client entities > > to leverage the same credential stored in EFI variable. This way we > > can limit the process of acquiring credential to only one time Redfish = IPMI > bootstrap command sent to BMC. > > RedfishFeatureCore could be one of the Redfish clients, delete the > > credential from Redfish account service in RedfishFeatureCore > > lifecycle may impact other Redfish clients that still need the communic= ation > with Redfish service, right? > > > > Thanks > > Abner > > > > > -----Original Message----- > > > From: Nickle Wang > > > Sent: Thursday, May 16, 2024 9:38 AM > > > To: Chang, Abner ; Igor Kulchytskyy > > > ; devel@edk2.groups.io > > > Cc: Nick Ramirez > > > Subject: RE: [EXTERNAL] RE: [edk2-devel] > > > [edk2-redfish-client][PATCH] > > > RedfishClientPkg: introduce RedfishBootstrapAccountDxe > > > > > > [AMD Official Use Only - General] > > > > > > Caution: This message originated from an External Source. Use proper > > > caution when opening attachments, clicking links, or responding. > > > > > > > > > Hi Igor, Abner, > > > > > > > Maybe we should consider moving RedfishBootstrapAccountDxe driver > > > > to > > > RedfishPkg and have some register mechanism which will be used by > > > interested drivers to notify that they finished their job and after > > > that RedfishBootstrapAccountDxe driver would delete an account. > > > > > > You are saying the mechanism in runtime, right? In current design, > > > RedfishFeatureCore driver will send "after provisioning" signal to > > > notify this driver to delete bootstrapping account. This makes sure > > > that all feature drivers are done with their jobs, so this driver is > > > safe to delete bootstrapping account at BMC. > > > > > > If we move it to RedfishPkg, there is no such centralized Redfish > > > driver managing Redfish stuff. How does a particular driver know > > > that there is no other driver running Redfish stuff after it? The > > > way I can think of now is to rely on EDK2 ready-to-boot event as the > > > signal to do the notification, since there is not supposed to have > > > Redfish driver running > > jobs after this event... > > > > > > Regards, > > > Nickle > > > > > > > -----Original Message----- > > > > From: Chang, Abner > > > > Sent: Thursday, May 16, 2024 9:06 AM > > > > To: Igor Kulchytskyy ; Nickle Wang > > > > ; devel@edk2.groups.io > > > > Cc: Nick Ramirez > > > > Subject: RE: [EXTERNAL] RE: [edk2-devel] > > > > [edk2-redfish-client][PATCH] > > > > RedfishClientPkg: introduce RedfishBootstrapAccountDxe > > > > > > > > External email: Use caution opening links or attachments > > > > > > > > > > > > [AMD Official Use Only - General] > > > > > > > > HI Igor, > > > > This sounds to me reasonable to me. As you mentioned, RedfishPkg > > > > was > > > designed > > > > to support multiple Redfish applications and RedfishClientPkg is > > > > just one of > > > them. I > > > > think we can review the implementation of acquiring/deleting creden= tial. > > > > > > > > Thanks > > > > Abner > > > > > > > > > > > > > -----Original Message----- > > > > > From: Igor Kulchytskyy > > > > > Sent: Wednesday, May 15, 2024 11:02 PM > > > > > To: Nickle Wang ; devel@edk2.groups.io; > > > > > Chang, Abner > > > > > Cc: Nick Ramirez > > > > > Subject: RE: [EXTERNAL] RE: [edk2-devel] > > > > > [edk2-redfish-client][PATCH] > > > > > RedfishClientPkg: introduce RedfishBootstrapAccountDxe > > > > > > > > > > [AMD Official Use Only - General] > > > > > > > > > > Caution: This message originated from an External Source. Use > > > > > proper caution when opening attachments, clicking links, or respo= nding. > > > > > > > > > > > > > > > Hi Nickle, > > > > > I have one more question to discuss regarding this driver. > > > > > We have a bootstrap account and creation of this account > > > > > controlled by RedfishCredentialDxe driver in RedfishPkg. > > > > > But deletion of that bootstrap account is moved to RedfishClientP= kg. > > > > > What if we have another Redfish Client or some customer service > > > > > which uses RedfishPkg for the communication. > > > > > Architecturally it is allowed. > > > > > But then RedfishBootstrapAccountDxe module would delete account > > > > > just based on the RedfishClientPkg needs. > > > > > Maybe we should consider moving RedfishBootstrapAccountDxe > > > > > driver to RedfishPkg and have some register mechanism which will > > > > > be used by interested drivers to notify that they finished their > > > > > job and after that RedfishBootstrapAccountDxe driver would delete= an > account. > > > > > What do you think? > > > > > Thank you, > > > > > Igor > > > > > > > > > > -----Original Message----- > > > > > From: Nickle Wang > > > > > Sent: Tuesday, May 14, 2024 8:40 AM > > > > > To: devel@edk2.groups.io; abner.chang@amd.com; Igor Kulchytskyy > > > > > > > > > > Cc: Nick Ramirez > > > > > Subject: [EXTERNAL] RE: [edk2-devel] > > > > > [edk2-redfish-client][PATCH] > > > > > RedfishClientPkg: introduce RedfishBootstrapAccountDxe > > > > > > > > > > > > > > > **CAUTION: The e-mail below is from an external source. Please > > > > > exercise caution before opening attachments, clicking links, or > > > > > following guidance.** > > > > > > > > > > Hi Abner, > > > > > > > > > > > Ok, then I don't have the problem with invoking GetAuthInfo aga= in. > > > > > However, I > > > > > > will suggest to add more description in GetAuthInfo function > > > > > > header, > > > > > mention that > > > > > > we will keep the auth info in EFI variable until exist boot ser= vice. > > > > > > Also, give some more descriptions on the code you invoke to > > > GetAuthInfo. > > > > > > > > > > Thanks for your comment. I add descriptions to explain above > > > > > before calling GetAuthInfo(). Version 2 path is here: > > > > > > > > https://nam11.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fe= d > > > k%25 > > > > > > 2F&data=3D05%7C02%7Cnicklew%40nvidia.com%7C77f28b71f7a9495ddbb308dc7 > > 551a > > > > > > 632%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638514240788650 > > 508%7C > > > > > > Unknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6I > > k1h > > > > > > aWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=3DzGjzjMdGhyaOdjd56WA34xO > > 3vKD%2FMa > > > fSZNq0db9fo7k%3D&reserved=3D0 > > > 2 > > > > > > > > .groups.io%2Fg%2Fdevel%2Fmessage%2F118889&data=3D05%7C02%7Cnick > > > lew > > > > %40nvi > > > > > > > > > > > > dia.com%7C10ec4812a68a434b806008dc75445994%7C43083d15727340c > > > 1b7db > > > > 39efd > > > > > > > > > > > > 9ccc17a%7C0%7C0%7C638514183674607956%7CUnknown%7CTWFpbGZs > > > b3d8 > > > > eyJWIjoiM > > > > > > > > > > > > C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7 > > > C%7 > > > > C%7C > > > > > > > > > > > > &sdata=3DGNlisCnBmVQRhCLTxICGDsArv%2B64lC%2BkktUMi8Yg%2BJM%3D&r > > > ese > > > > rved=3D0 > > > > > > > > > > Regards, > > > > > Nickle > > > > > > > > > > > -----Original Message----- > > > > > > From: devel@edk2.groups.io On Behalf Of > > > > > > Chang, > > > > > Abner > > > > > > via groups.io > > > > > > Sent: Tuesday, April 23, 2024 3:42 PM > > > > > > To: Nickle Wang ; Igor Kulchytskyy > > > > > > ; devel@edk2.groups.io > > > > > > Cc: Nick Ramirez > > > > > > Subject: Re: [edk2-devel] [edk2-redfish-client][PATCH] RedfishC= lientPkg: > > > > > > introduce RedfishBootstrapAccountDxe > > > > > > > > > > > > External email: Use caution opening links or attachments > > > > > > > > > > > > > > > > > > [AMD Official Use Only - General] > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: Nickle Wang > > > > > > > Sent: Tuesday, April 23, 2024 3:09 PM > > > > > > > To: Igor Kulchytskyy ; Chang, Abner > > > > > > > ; devel@edk2.groups.io > > > > > > > Cc: Nick Ramirez > > > > > > > Subject: RE: [EXTERNAL] RE: [edk2-redfish-client][PATCH] > > > > > RedfishClientPkg: > > > > > > > introduce RedfishBootstrapAccountDxe > > > > > > > > > > > > > > [AMD Official Use Only - General] > > > > > > > > > > > > > > Caution: This message originated from an External Source. > > > > > > > Use proper caution when opening attachments, clicking links, > > > > > > > or > > > responding. > > > > > > > > > > > > > > > > > > > > > Hi Igor, Abner, > > > > > > > > > > > > > > Thanks for your review. Please allow me to answer your > > > > > > > questions > > > > > together. > > > > > > > > > > > > > > > 1. We suppose acquire the credential before we start to > > > > > > > > communicate with > > > > > > > Redfish. Will Redfish credential driver create another > > > > > > > bootstrap account here after provisioning? > > > > > > > No, according to the RedfishPlatformCredentialIpmiLib > > > > > > > implementation, Redfish credential driver requests > > > > > > > credential from BMC and will keep it for later use. So only > > > > > > > one credential is requested for BIOS Redfish feature drivers > > > > > > > during POST > > time. > > > > > > Ok, then I don't have the problem with invoking GetAuthInfo aga= in. > > > > > However, I > > > > > > will suggest to add more description in GetAuthInfo function > > > > > > header, > > > > > mention that > > > > > > we will keep the auth info in EFI variable until exist boot ser= vice. > > > > > > Also, give some more descriptions on the code you invoke to > > > GetAuthInfo. > > > > > > > > > > > > > > > > > > > > > 2. And why do we delete the credential after provisioning? > > > > > > > > How about the > > > > > > > later Redfish property updating process? > > > > > > > In this driver, we listen to "AfterProvisioning" event. And > > > > > > > this is the event triggered after Redfish feature driver fini= sh all jobs. > > > > > > > There is no feature driver which gets executed after this eve= nt. > > > > > > > And since we finished all Redfish operations, we remove this > > > > > > > account > > > on > > > > BMC. > > > > > > Then this makes sense to me now. > > > > > > > > > > > > > > > > > > > > > Why do we need to delete those credentials? According to > > > > > > > > spec BMC should > > > > > > > delete the bootstrap credentials automatically on host or ser= vice reset. > > > > > > > Yes, bootstrap credentials get deleted on host reset. In > > > > > > > practice, server in datacenter usually takes long time > > > > > > > running under OS before it gets > > > > > > rebooted. > > > > > > > The bootstrap credentials are exposed to end user at > > > > > > > "/redfish/v1/AccountService/Accounts". I got report that > > > > > > > there is concern for end user to see this unused account. > > > > > > This sounds to me reasonable as we will give bootstrap > > > > > > credential a high > > > > > privilege > > > > > > to update Redfish resource. Leave this information in Account > > > > > > service seems > > > > > not a > > > > > > good idea. > > > > > > > > > > > > Thanks > > > > > > Abner > > > > > > > > > > > > > > > > > > > > So, I create this driver to allows us to remove bootstrap > > > > > > > account at BMC after we finish Redfish jobs. And this also > > > > > > > release the BMC account resource since this account won't be > > > > > > > used for a long period of > > > > > time. > > > > > > > > > > > > > > Regards, > > > > > > > Nickle > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > From: Igor Kulchytskyy > > > > > > > > Sent: Monday, April 22, 2024 11:03 PM > > > > > > > > To: Chang, Abner ; Nickle Wang > > > > > > > > ; devel@edk2.groups.io > > > > > > > > Cc: Nick Ramirez > > > > > > > > Subject: RE: [EXTERNAL] RE: [edk2-redfish-client][PATCH] > > > > > RedfishClientPkg: > > > > > > > > introduce RedfishBootstrapAccountDxe > > > > > > > > > > > > > > > > External email: Use caution opening links or attachments > > > > > > > > > > > > > > > > > > > > > > > > Hi Nickle and Abner, > > > > > > > > I also have the same question as Abner. > > > > > > > > Why do we need to delete those credentials? > > > > > > > > According to spec BMC should delete the bootstrap > > > > > > > > credentials automatically > > > > > > > on > > > > > > > > host or service reset. > > > > > > > > Thank you, > > > > > > > > Igor > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > From: Chang, Abner > > > > > > > > Sent: Sunday, April 21, 2024 10:25 PM > > > > > > > > To: Nickle Wang ; devel@edk2.groups.io > > > > > > > > Cc: Igor Kulchytskyy ; Nick Ramirez > > > > > > > > > > > > > > > Subject: [EXTERNAL] RE: [edk2-redfish-client][PATCH] > > > RedfishClientPkg: > > > > > > > > introduce RedfishBootstrapAccountDxe > > > > > > > > > > > > > > > > > > > > > > > > **CAUTION: The e-mail below is from an external source. > > > > > > > > Please exercise caution before opening attachments, > > > > > > > > clicking links, or following guidance.** > > > > > > > > > > > > > > > > [AMD Official Use Only - General] > > > > > > > > > > > > > > > > Hi Nickle, > > > > > > > > One comment and few questions, > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > > From: Nickle Wang > > > > > > > > > Sent: Thursday, April 18, 2024 8:28 PM > > > > > > > > > To: devel@edk2.groups.io > > > > > > > > > Cc: Chang, Abner ; Igor Kulchytskyy > > > > > > > > > ; Nick Ramirez > > > > > > > > > Subject: [edk2-redfish-client][PATCH] RedfishClientPkg: > > > > > > > > > introduce RedfishBootstrapAccountDxe > > > > > > > > > > > > > > > > > > Caution: This message originated from an External Source. > > > > > > > > > Use proper caution when opening attachments, clicking > > > > > > > > > links, or > > > > > responding. > > > > > > > > > > > > > > > > > > > > > > > > > > > -Introduce RedfishBootstrapAccountDxe to delete > > > > > > > > > bootstrap account from > > > > > > > > > /redfish/v1/AccountService/Accounts after BIOS finished > > > > > > > > > all Redfish jobs. The bootstrap account won't be > > > > > > > > > available to other > > > > > application. > > > > > > > > > So deleting bootstrap account helps to release resource a= t BMC. > > > > > > > > > - After bootstrap account is deleted at BMC, the Redfish > > > > > > > > > service instance is no longer usable. Close Redfish > > > > > > > > > service instance to release the HTTP connection between > > > > > > > > > BIOS and > > BMC. > > > > > > > > > > > > > > > > > > Signed-off-by: Nickle Wang > > > > > > > > > Cc: Abner Chang > > > > > > > > > Cc: Igor Kulchytskyy > > > > > > > > > Cc: Nick Ramirez > > > > > > > > > --- > > > > > > > > > .../RedfishClientComponents.dsc.inc | 1 + > > > > > > > > > .../RedfishBootstrapAccountDxe.inf | 53 +++ > > > > > > > > > .../RedfishBootstrapAccountDxe.h | 58 ++++ > > > > > > > > > .../RedfishBootstrapAccountDxe.c | 328 > > > ++++++++++++++++++ > > > > > > > > > RedfishClientPkg/RedfishClient.fdf.inc | 1 + > > > > > > > > > 5 files changed, 441 insertions(+) create mode 100644 > > > > > > > > > > > > > > > > > > > > > > > > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD > > > xe > > > > > > > > > .inf > > > > > > > > > create mode 100644 > > > > > > > > > > > > > > > > > > > > > > > > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD > > > xe > > > > > > > > > .h > > > > > > > > > create mode 100644 > > > > > > > > > > > > > > > > > > > > > > > > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD > > > xe > > > > > > > > > .c > > > > > > > > > > > > > > > > > > diff --git > > > > > > > > > a/RedfishClientPkg/RedfishClientComponents.dsc.inc > > > > > > > > > b/RedfishClientPkg/RedfishClientComponents.dsc.inc > > > > > > > > > index 42fc0c299..fe5248b62 100644 > > > > > > > > > --- a/RedfishClientPkg/RedfishClientComponents.dsc.inc > > > > > > > > > +++ b/RedfishClientPkg/RedfishClientComponents.dsc.inc > > > > > > > > > @@ -20,6 +20,7 @@ > > > > > > > > > > > > > > RedfishClientPkg/HiiToRedfishMemoryDxe/HiiToRedfishMemoryDxe.inf > > > > > > > > > > > > > > > > > > RedfishClientPkg/HiiToRedfishBootDxe/HiiToRedfishBootDxe > > > > > > > > > .i > > > > > > > > > nf > > > > > > > > > > > > > > > > > > RedfishClientPkg/HiiToRedfishBiosDxe/HiiToRedfishBiosDxe > > > > > > > > > .i > > > > > > > > > nf > > > > > > > > > + > > > > > > > > > > > > > > > > > > > > > > > > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD > > > xe > > > > > > > > > .inf > > > > > > > > > !endif > > > > > > > > > # > > > > > > > > > # Below two modules should be pulled in by build tool. > > > > > > > > > diff --git > > > > > > > > > > > > > > > > > > > > > > > > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccoun > > > tD > > > > > > > > > xe.in > > > > > > > > > f > > > > > > > > > > > > > > > > > > > > > > > > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccoun > > > tD > > > > > > > > > xe.in > > > > > > > > > f > > > > > > > > > new file mode 100644 > > > > > > > > > index 000000000..4073e95f4 > > > > > > > > > --- /dev/null > > > > > > > > > +++ > > > > > > > > > > > > > > > > > > > > > > > > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccoun > > > tD > > > > > > > > > xe.in > > > > > > > > > f > > > > > > > > > @@ -0,0 +1,53 @@ > > > > > > > > > +## @file > > > > > > > > > +# This driver deletes bootstrap account in BMC after > > > > > > > > > +BIOS Redfish finished # all jobs # # (C) Copyright > > > > > > > > > +2021 Hewlett Packard Enterprise Development LP
# > > > > > > > > > +Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. > > > > > > > > > +All rights > > reserved. > > > > > > > > > > > > > > > > > > > > > > > > Not sure if you want to update the copyright to 2024. > > > > > > > > > > > > > > > > > > > > > > > > > +# > > > > > > > > > +# SPDX-License-Identifier: BSD-2-Clause-Patent # ## > > > > > > > > > + > > > > > > > > > +[Defines] > > > > > > > > > + INF_VERSION =3D 0x0001000b > > > > > > > > > + BASE_NAME =3D RedfishBootstrapAccountD= xe > > > > > > > > > + FILE_GUID =3D 87555253-2F7E-45FC-B469- > FD35B2E51210 > > > > > > > > > + MODULE_TYPE =3D DXE_DRIVER > > > > > > > > > + VERSION_STRING =3D 1.0 > > > > > > > > > + ENTRY_POINT =3D RedfishBootstrapAccountE= ntryPoint > > > > > > > > > + UNLOAD_IMAGE =3D RedfishBootstrapAccountU= nload > > > > > > > > > + > > > > > > > > > +[Packages] > > > > > > > > > + MdePkg/MdePkg.dec > > > > > > > > > + MdeModulePkg/MdeModulePkg.dec > > > > > > > > > + RedfishPkg/RedfishPkg.dec > > > > > > > > > + RedfishClientPkg/RedfishClientPkg.dec > > > > > > > > > + > > > > > > > > > +[Sources] > > > > > > > > > + RedfishBootstrapAccountDxe.h > > > > > > > > > + RedfishBootstrapAccountDxe.c > > > > > > > > > + > > > > > > > > > +[LibraryClasses] > > > > > > > > > + BaseLib > > > > > > > > > + BaseMemoryLib > > > > > > > > > + DebugLib > > > > > > > > > + MemoryAllocationLib > > > > > > > > > + PrintLib > > > > > > > > > + RedfishEventLib > > > > > > > > > + RedfishFeatureUtilityLib > > > > > > > > > + RedfishDebugLib > > > > > > > > > + RedfishVersionLib > > > > > > > > > + RedfishHttpLib > > > > > > > > > + UefiLib > > > > > > > > > + UefiBootServicesTableLib > > > > > > > > > + UefiRuntimeServicesTableLib > > > > > > > > > + UefiDriverEntryPoint > > > > > > > > > + > > > > > > > > > +[Protocols] > > > > > > > > > + gEdkIIRedfishConfigHandlerProtocolGuid ## CONSUMES ## > > > > > > > > > + gEdkIIRedfishCredentialProtocolGuid ## CONSUMES ## > > > > > > > > > + gEfiRestExProtocolGuid ## CONSUMES ## > > > > > > > > > + > > > > > > > > > +[Depex] > > > > > > > > > + gEdkIIRedfishCredentialProtocolGuid > > > > > > > > > diff --git > > > > > > > > > > > > > > > > > > > > > > > > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccoun > > > tD > > > > > > > > > xe.h > > > > > > > > > > > > > > > > > > > > > > > > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccoun > > > tD > > > > > > > > > xe.h > > > > > > > > > new file mode 100644 > > > > > > > > > index 000000000..5262f1e6b > > > > > > > > > --- /dev/null > > > > > > > > > +++ > > > > > > > > > > > > > > > > > > > > > > > > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccoun > > > tD > > > > > > > > > xe.h > > > > > > > > > @@ -0,0 +1,58 @@ > > > > > > > > > +/** @file > > > > > > > > > + Common header file for RedfishBootstrapAccountDxe driv= er. > > > > > > > > > + > > > > > > > > > + (C) Copyright 2021-2022 Hewlett Packard Enterprise > > > > > > > > > + Development LP
Copyright (c) 2023, NVIDIA > > > > > > > > > + CORPORATION > > > & > > > > > > > > > + AFFILIATES. All > > > > > > > rights > > > > > > > > reserved. > > > > > > > > > + > > > > > > > > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > > > > > > > > + > > > > > > > > > +**/ > > > > > > > > > + > > > > > > > > > +#ifndef REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_ #define > > > > > > > > > +REDFISH_BOOTSTRAP_ACCOUNT_DXE_H_ > > > > > > > > > + > > > > > > > > > +#include > > > > > > > > > +#include > > > > > > > > > + > > > > > > > > > +// > > > > > > > > > +// Libraries > > > > > > > > > +// > > > > > > > > > +#include #include > > > > > > > > > + #include > > > > > > > > > + > > > > > > > > > +#include #include > > > > > > > > > + #include > > > > > > > > > + #include > > > > > > > > > + > > > > > > > > > +#include #include > > > > > > > > > + #include > > > > > > > > > + #include > > > > > > > > > + > > > > > > > > > +#include #include > > > > > > > > > + #include > > > > > > > > > + > > > > > > > > > + > > > > > > > > > +#include > > > > > > > > > +#include > > > > > > > > > +#include > > > > > > > > > + > > > > > > > > > +#define REDFISH_BOOTSTRAP_ACCOUNT_DEBUG > > > > > DEBUG_VERBOSE > > > > > > > > > +#define REDFISH_MANAGER_ACCOUNT_COLLECTION_URI > > > > > > > > > L"AccountService/Accounts" > > > > > > > > > +#define REDFISH_URI_LENGTH 128 > > > > > > > > > + > > > > > > > > > +// > > > > > > > > > +// Definitions of REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE // > > > > > > > > > +typedef > > > > > > > struct > > > > > > > > > +{ > > > > > > > > > + EFI_HANDLE ImageHandle; > > > > > > > > > + EFI_HANDLE RestExHandle; > > > > > > > > > + REDFISH_SERVICE RedfishServic= e; > > > > > > > > > + EFI_EVENT RedfishEvent; > > > > > > > > > + EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL Protocol; > > > > > > > > > +} REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE; > > > > > > > > > + > > > > > > > > > +#define > > > > > > > REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL(This) \ > > > > > > > > > + BASE_CR ((This), > > > > > > > > > +REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE, > > > > > > > > > +Protocol) > > > > > > > > > + > > > > > > > > > +#endif > > > > > > > > > diff --git > > > > > > > > > > > > > > > > > > > > > > > > a/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccoun > > > tD > > > > > > > > > xe.c > > > > > > > > > > > > > > > > > > > > > > > > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccoun > > > tD > > > > > > > > > xe.c > > > > > > > > > new file mode 100644 > > > > > > > > > index 000000000..6fe4856f8 > > > > > > > > > --- /dev/null > > > > > > > > > +++ > > > > > > > > > > > > > > > > > > > > > > > > b/RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccoun > > > tD > > > > > > > > > xe.c > > > > > > > > > @@ -0,0 +1,328 @@ > > > > > > > > > +/** @file > > > > > > > > > + This driver deletes bootstrap account in BMC after > > > > > > > > > +BIOS Redfish finished > > > > > > > > > + all jobs. > > > > > > > > > + > > > > > > > > > + (C) Copyright 2021-2022 Hewlett Packard Enterprise > > > > > > > > > + Development LP
Copyright (c) 2023, NVIDIA > > > > > > > > > + CORPORATION > > > & > > > > > > > > > + AFFILIATES. All > > > > > > > rights > > > > > > > > reserved. > > > > > > > > > + > > > > > > > > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > > > > > > > > + > > > > > > > > > +**/ > > > > > > > > > + > > > > > > > > > +#include "RedfishBootstrapAccountDxe.h" > > > > > > > > > + > > > > > > > > > +REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *mBootstrapPrivate > =3D > > > > > NULL; > > > > > > > > > + > > > > > > > > > +/** > > > > > > > > > + Close Redfish service instance by calling RestEx > > > > > > > > > +protocol to release > > > > > > > instance. > > > > > > > > > + > > > > > > > > > + @param[in] RestExHandle Handle of RestEx protoco= l. > > > > > > > > > + > > > > > > > > > + @retval EFI_SUCCESS The Redfish service is c= losed > > > successfully. > > > > > > > > > + @retval EFI_INVALID_PARAMETER RestExHandle is NULL. > > > > > > > > > + @retval Others Error occurs. > > > > > > > > > + > > > > > > > > > +**/ > > > > > > > > > +EFI_STATUS > > > > > > > > > +CloseRedfishService ( > > > > > > > > > + IN EFI_HANDLE RestExHandle > > > > > > > > > + ) > > > > > > > > > +{ > > > > > > > > > + EFI_REST_EX_PROTOCOL *RestEx; > > > > > > > > > + EFI_STATUS Status; > > > > > > > > > + > > > > > > > > > + if (RestExHandle =3D=3D NULL) { > > > > > > > > > + return EFI_INVALID_PARAMETER; } > > > > > > > > > + > > > > > > > > > + Status =3D gBS->HandleProtocol ( > > > > > > > > > + RestExHandle, > > > > > > > > > + &gEfiRestExProtocolGuid, > > > > > > > > > + (VOID **)&RestEx > > > > > > > > > + ); > > > > > > > > > + if (!EFI_ERROR (Status)) { > > > > > > > > > + Status =3D RestEx->Configure (RestEx, NULL); > > > > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: > > > > > > > > > + release > > > > > RestEx > > > > > > > > > instance: %r\n", __func__, Status)); > > > > > > > > > + } > > > > > > > > > + > > > > > > > > > + return Status; > > > > > > > > > +} > > > > > > > > > + > > > > > > > > > +/** > > > > > > > > > + Callback function executed when the AfterProvisioning > > > > > > > > > +event group is > > > > > > > > > signaled. > > > > > > > > > + > > > > > > > > > + @param[in] Event Event whose notification functio= n is being > > > > > invoked. > > > > > > > > > + @param[out] Context Pointer to the Context buffer > > > > > > > > > + > > > > > > > > > +**/ > > > > > > > > > +VOID > > > > > > > > > +EFIAPI > > > > > > > > > +RedfishBootstrapAccountOnRedfishAfterProvisioning ( > > > > > > > > > + IN EFI_EVENT Event, > > > > > > > > > + OUT VOID *Context > > > > > > > > > + ) > > > > > > > > > +{ > > > > > > > > > + EFI_STATUS Status; > > > > > > > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private; > > > > > > > > > + EDKII_REDFISH_CREDENTIAL_PROTOCOL *credentialProtocol= ; > > > > > > > > > + EDKII_REDFISH_AUTH_METHOD AuthMethod; > > > > > > > > > + CHAR8 *AccountName; > > > > > > > > > + CHAR8 *AccountCredential; > > > > > > > > > + CHAR16 TargetUri[REDFISH_U= RI_LENGTH]; > > > > > > > > > + CHAR16 *RedfishVersion; > > > > > > > > > + REDFISH_RESPONSE RedfishResponse; > > > > > > > > > + > > > > > > > > > + RedfishVersion =3D NULL; > > > > > > > > > + > > > > > > > > > + Private =3D (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE > > > > > > > > > + *)Context; > > > if > > > > > > > > > + ((Private =3D=3D NULL) || (Private->RedfishService =3D= =3D NULL)) { > > > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: Redfish service is not > > > > > > > > > + available\n", > > > > > > > > > __func__)); > > > > > > > > > + return; > > > > > > > > > + } > > > > > > > > > + > > > > > > > > > + // > > > > > > > > > + // Locate Redfish Credential Protocol to get > > > > > > > > > + credential for // accessing to Redfish service. > > > > > > > > > + // > > > > > > > > > + Status =3D gBS->LocateProtocol ( > > > > > > > > > + &gEdkIIRedfishCredentialProtocolGuid, > > > > > > > > > + NULL, > > > > > > > > > + (VOID **)&credentialProtocol > > > > > > > > > + ); > > > > > > > > > + if (EFI_ERROR (Status)) { > > > > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: No > > > Redfish > > > > > > > > > Credential Protocol is installed on system.", > > > > > > > > > __func__)); > > > > > > > > > + return; > > > > > > > > > + } > > > > > > > > > + > > > > > > > > > + Status =3D credentialProtocol->GetAuthInfo ( > > > > > > > > > + credentialProtocol, > > > > > > > > > + &AuthMethod, > > > > > > > > > + &AccountName, > > > > > > > > > + &AccountCredential > > > > > > > > > + ); > > > > > > > > > > > > > > > > HI Nickle, I am not quite understand why do we acquire a > > > > > > > > credential here but delete it from the Redfish account > > > > > > > > service here > > > after > > > > provision. > > > > > > > > 1. We suppose acquire the credential before we start to > > > > > > > > communicate with Redfish. Will Redfish credential driver > > > > > > > > create another bootstrap account here after provisioning? > > > > > > > > 2. And why do we delete the credential after provisioning? > > > > > > > > How about the > > > > > > > later > > > > > > > > Redfish property updating process? > > > > > > > > Or do I misunderstand the code logic? > > > > > > > > > > > > > > > > Regards, > > > > > > > > Abner > > > > > > > > > > > > > > > > > + if (EFI_ERROR (Status)) { > > > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not get bootstrap > > > > > > > > > + account > > > > > > > information: > > > > > > > > > %r\n", __func__, Status)); > > > > > > > > > + return; > > > > > > > > > + } > > > > > > > > > + > > > > > > > > > + // > > > > > > > > > + // Carving the URI > > > > > > > > > + // > > > > > > > > > + RedfishVersion =3D RedfishGetVersion > > > > > > > > > + (Private->RedfishService); if (RedfishVersion =3D=3D NU= LL) { > > > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not get Redfish > > > > > > > > > + version\n", > > > > > > > __func__)); > > > > > > > > > + return; > > > > > > > > > + } > > > > > > > > > + > > > > > > > > > + UnicodeSPrint (TargetUri, (sizeof (CHAR16) * > > > > > > > > > + REDFISH_URI_LENGTH), > > > > > > > > > L"%s%s/%a", RedfishVersion, > > > > > > > > REDFISH_MANAGER_ACCOUNT_COLLECTION_URI, > > > > > > > > > AccountName); > > > > > > > > > + > > > > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: > > > bootstrap > > > > > > > account: > > > > > > > > > %a\n", __func__, AccountName)); > > > > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: > > > bootstrap > > > > > > > > > credential: %a\n", __func__, AccountCredential)); > > > > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: > > > bootstrap > > > > > URI: > > > > > > > > > %s\n", __func__, TargetUri)); > > > > > > > > > + > > > > > > > > > + // > > > > > > > > > + // Remove bootstrap account at > > > > > > > > > + /redfish/v1/AccountService/Account > > > > > > > > > + // > > > > > > > > > + ZeroMem (&RedfishResponse, sizeof > > > > > > > > > + (REDFISH_RESPONSE)); Status =3D RedfishHttpDeleteResour= ce ( > > > > > > > > > + Private->RedfishService, > > > > > > > > > + TargetUri, > > > > > > > > > + &RedfishResponse > > > > > > > > > + ); > > > > > > > > > + if (EFI_ERROR (Status)) { > > > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not remove bootstrap > > > > > > > > > + account at > > > > > > > BMC: > > > > > > > > > %r", __func__, Status)); > > > > > > > > > + DumpRedfishResponse (__func__, DEBUG_ERROR, > > > > > > > &RedfishResponse); } > > > > > > > > > + else { > > > > > > > > > + DEBUG ((REDFISH_BOOTSTRAP_ACCOUNT_DEBUG, "%a: > > > bootstrap > > > > > > > > account: > > > > > > > > > %a is removed from: %s\n", __func__, AccountName, > > > > > > > > > REDFISH_MANAGER_ACCOUNT_COLLECTION_URI)); > > > > > > > > > + } > > > > > > > > > + > > > > > > > > > + // > > > > > > > > > + // Clean credential > > > > > > > > > + // > > > > > > > > > + ZeroMem (AccountName, AsciiStrSize (AccountName)); > > > ZeroMem > > > > > > > > > + (AccountCredential, AsciiStrSize (AccountCredential)); > > > > > > > > > + > > > > > > > > > + // > > > > > > > > > + // Since the bootstrap account is deleted at BMC, the > > > > > > > > > + Redfish service instance > > > > > > > > > is no longer usable. > > > > > > > > > + // Close Redfish service instance to release the HTTP > > > > > > > > > + connection between > > > > > > > > > BIOS and BMC. > > > > > > > > > + // > > > > > > > > > + Status =3D CloseRedfishService (Private->RestExHandle)= ; > > > > > > > > > + if (EFI_ERROR (Status)) { > > > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: cannot close Redfish > > > > > > > > > + service > > > instance: > > > > > > > > > + %r\n", > > > > > > > > > __func__, Status)); > > > > > > > > > + } > > > > > > > > > + > > > > > > > > > + RedfishHttpFreeResponse (&RedfishResponse); > > > > > > > > > + > > > > > > > > > + return; > > > > > > > > > +} > > > > > > > > > + > > > > > > > > > +/** > > > > > > > > > + Initialize a Redfish configure handler. > > > > > > > > > + > > > > > > > > > + This function will be called by the Redfish config > > > > > > > > > + driver to initialize each > > > > > > > > > Redfish configure > > > > > > > > > + handler. > > > > > > > > > + > > > > > > > > > + @param[in] This Pointer to > > > > > > > > > EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance. > > > > > > > > > + @param[in] RedfishConfigServiceInfo Redfish service > > > informaiton. > > > > > > > > > + > > > > > > > > > + @retval EFI_SUCCESS The handler has b= een initialized > > > > > > > successfully. > > > > > > > > > + @retval EFI_DEVICE_ERROR Failed to create = or configure > > the > > > > > REST > > > > > > > EX > > > > > > > > > protocol instance. > > > > > > > > > + @retval EFI_ALREADY_STARTED This handler has = already > > been > > > > > > > > > initialized. > > > > > > > > > + @retval Other Error happens dur= ing the > initialization. > > > > > > > > > + > > > > > > > > > +**/ > > > > > > > > > +EFI_STATUS > > > > > > > > > +EFIAPI > > > > > > > > > +RedfishBootstrapAccountInit ( > > > > > > > > > + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This, > > > > > > > > > + IN REDFISH_CONFIG_SERVICE_INFORMATION > > > > > > > *RedfishConfigServiceInfo > > > > > > > > > + ) > > > > > > > > > +{ > > > > > > > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private; > > > > > > > > > + > > > > > > > > > + Private =3D > > > > > REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL > > > > > > > > > (This); > > > > > > > > > + > > > > > > > > > + Private->RedfishService =3D RedfishCreateService > > > > > > > > > + (RedfishConfigServiceInfo); if (Private->RedfishServic= e =3D=3D NULL) { > > > > > > > > > + return EFI_DEVICE_ERROR; } > > > > > > > > > + > > > > > > > > > + Private->RestExHandle =3D RedfishConfigServiceInfo- > > > > > > > > > >RedfishServiceRestExHandle; > > > > > > > > > + > > > > > > > > > + return EFI_SUCCESS; > > > > > > > > > +} > > > > > > > > > + > > > > > > > > > +/** > > > > > > > > > + Stop a Redfish configure handler. > > > > > > > > > + > > > > > > > > > + @param[in] This Pointer to > > > > > > > > > EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL instance. > > > > > > > > > + > > > > > > > > > + @retval EFI_SUCCESS This handler has been= stoped > > > > > successfully. > > > > > > > > > + @retval Others Some error happened. > > > > > > > > > + > > > > > > > > > +**/ > > > > > > > > > +EFI_STATUS > > > > > > > > > +EFIAPI > > > > > > > > > +RedfishBootstrapAccountStop ( > > > > > > > > > + IN EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL *This > > > > > > > > > + ) > > > > > > > > > +{ > > > > > > > > > + REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE *Private; > > > > > > > > > + > > > > > > > > > + Private =3D > > > > > REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE_FROM_PROTOCOL > > > > > > > > > (This); > > > > > > > > > + > > > > > > > > > + if (Private->RedfishService !=3D NULL) { > > > > > > > > > + RedfishCleanupService (Private->RedfishService); > > > > > > > > > + Private->RedfishService =3D NULL; } > > > > > > > > > + > > > > > > > > > + return EFI_SUCCESS; > > > > > > > > > +} > > > > > > > > > + > > > > > > > > > +EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL > > > > > mRedfishConfigHandler =3D > > > > > > > { > > > > > > > > > + RedfishBootstrapAccountInit, > > > > > > > > > + RedfishBootstrapAccountStop }; > > > > > > > > > + > > > > > > > > > +/** > > > > > > > > > + Unloads an image. > > > > > > > > > + > > > > > > > > > + @param[in] ImageHandle Handle that identifi= es the image > > to > > > > be > > > > > > > > > unloaded. > > > > > > > > > + > > > > > > > > > + @retval EFI_SUCCESS The image has been unloa= ded. > > > > > > > > > + @retval EFI_INVALID_PARAMETER ImageHandle is not a > > > > > > > > > + valid image > > > > > > > handle. > > > > > > > > > + > > > > > > > > > +**/ > > > > > > > > > +EFI_STATUS > > > > > > > > > +EFIAPI > > > > > > > > > +RedfishBootstrapAccountUnload ( > > > > > > > > > + IN EFI_HANDLE ImageHandle > > > > > > > > > + ) > > > > > > > > > +{ > > > > > > > > > + EFI_STATUS Status; > > > > > > > > > + > > > > > > > > > + if (mBootstrapPrivate =3D=3D NULL) { > > > > > > > > > + return EFI_SUCCESS; } > > > > > > > > > + > > > > > > > > > + if (mBootstrapPrivate->RedfishEvent !=3D NULL) { > > > > > > > > > + gBS->CloseEvent (mBootstrapPrivate->RedfishEvent); > > > > > > > > > + } > > > > > > > > > + > > > > > > > > > + Status =3D gBS->UninstallProtocolInterface ( > > > > > > > > > + mBootstrapPrivate->ImageHandle, > > > > > > > > > + &gEdkIIRedfishConfigHandlerProtocolGui= d, > > > > > > > > > + (VOID *)&mBootstrapPrivate->Protocol > > > > > > > > > + ); > > > > > > > > > + if (EFI_ERROR (Status)) { > > > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not uninstall Redfish > > > > > > > > > + config handler > > > > > > > > > protocol: %r\n", __func__, Status)); > > > > > > > > > + } > > > > > > > > > + > > > > > > > > > + FreePool (mBootstrapPrivate); mBootstrapPrivate =3D > > > > > > > > > + NULL; > > > > > > > > > + > > > > > > > > > + return EFI_SUCCESS; > > > > > > > > > +} > > > > > > > > > + > > > > > > > > > +/** > > > > > > > > > + This is the declaration of an EFI image entry point. > > > > > > > > > +This entry point is > > > > > > > > > + the same for UEFI Applications, UEFI OS Loaders, and > > > > > > > > > +UEFI Drivers including > > > > > > > > > + both device drivers and bus drivers. > > > > > > > > > + > > > > > > > > > + @param[in] ImageHandle The firmware allocated h= andle for > > > the > > > > > UEFI > > > > > > > > > image. > > > > > > > > > + @param[in] SystemTable A pointer to the EFI Sys= tem Table. > > > > > > > > > + > > > > > > > > > + @retval EFI_SUCCESS The operation completed > successfully. > > > > > > > > > + @retval Others An unexpected error occu= rred. > > > > > > > > > +**/ > > > > > > > > > +EFI_STATUS > > > > > > > > > +EFIAPI > > > > > > > > > +RedfishBootstrapAccountEntryPoint ( > > > > > > > > > + IN EFI_HANDLE ImageHandle, > > > > > > > > > + IN EFI_SYSTEM_TABLE *SystemTable > > > > > > > > > + ) > > > > > > > > > +{ > > > > > > > > > + EFI_STATUS Status; > > > > > > > > > + > > > > > > > > > + if (mBootstrapPrivate !=3D NULL) { > > > > > > > > > + return EFI_ALREADY_STARTED; } > > > > > > > > > + > > > > > > > > > + mBootstrapPrivate =3D AllocateZeroPool (sizeof > > > > > > > > > (REDFISH_BOOTSTRAP_ACCOUNT_PRIVATE)); > > > > > > > > > + if (mBootstrapPrivate =3D=3D NULL) { > > > > > > > > > + return EFI_OUT_OF_RESOURCES; } > > > > > > > > > + > > > > > > > > > + CopyMem (&mBootstrapPrivate->Protocol, > > > > > &mRedfishConfigHandler, > > > > > > > > > + sizeof > > > > > > > > > (EDKII_REDFISH_CONFIG_HANDLER_PROTOCOL)); > > > > > > > > > + Status =3D gBS->InstallProtocolInterface ( > > > > > > > > > + &ImageHandle, > > > > > > > > > + &gEdkIIRedfishConfigHandlerProtocolGui= d, > > > > > > > > > + EFI_NATIVE_INTERFACE, > > > > > > > > > + &mBootstrapPrivate->Protocol > > > > > > > > > + ); > > > > > > > > > + if (EFI_ERROR (Status)) { > > > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: can not install Redfish > > > > > > > > > + config handler > > > > > > > > > protocol: %r\n", __func__, Status)); > > > > > > > > > + goto ON_ERROR; > > > > > > > > > + } > > > > > > > > > + > > > > > > > > > + // > > > > > > > > > + // Register after provisioning event to remove bootstr= ap > account. > > > > > > > > > + // > > > > > > > > > + Status =3D CreateAfterProvisioningEvent ( > > > > > > > > > + RedfishBootstrapAccountOnRedfishAfterProvis= ioning, > > > > > > > > > + (VOID *)mBootstrapPrivate, > > > > > > > > > + &mBootstrapPrivate->RedfishEvent > > > > > > > > > + ); > > > > > > > > > + if (EFI_ERROR (Status)) { > > > > > > > > > + DEBUG ((DEBUG_ERROR, "%a: failed to register > > > > > > > > > + after-provisioning > > > > > > > event: > > > > > > > > > %r\n", __func__, Status)); > > > > > > > > > + goto ON_ERROR; > > > > > > > > > + } > > > > > > > > > + > > > > > > > > > + return EFI_SUCCESS; > > > > > > > > > + > > > > > > > > > +ON_ERROR: > > > > > > > > > + > > > > > > > > > + RedfishBootstrapAccountUnload (ImageHandle); > > > > > > > > > + > > > > > > > > > + return Status; > > > > > > > > > +} > > > > > > > > > diff --git a/RedfishClientPkg/RedfishClient.fdf.inc > > > > > > > > > b/RedfishClientPkg/RedfishClient.fdf.inc > > > > > > > > > index 154f641b2..47e5093f2 100644 > > > > > > > > > --- a/RedfishClientPkg/RedfishClient.fdf.inc > > > > > > > > > +++ b/RedfishClientPkg/RedfishClient.fdf.inc > > > > > > > > > @@ -15,6 +15,7 @@ > > > > > > > > > INF > > > > > RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.inf > > > > > > > > > INF RedfishClientPkg/RedfishETagDxe/RedfishETagDxe.inf > > > > > > > > > INF > > > > > > > > > > > > > > > > > > > > > > > > RedfishClientPkg/RedfishConfigLangMapDxe/RedfishConfigLangMapDxe.inf > > > > > > > > > + INF > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > RedfishClientPkg/RedfishBootstrapAccountDxe/RedfishBootstrapAccountD > > > xe > > > > > > > .inf > > > > > > > > > INF > > > > > RedfishClientPkg/Features/Memory/V1_7_1/Dxe/MemoryDxe.inf > > > > > > > > > INF > > > > > > > > > > > > > > > > > > > > > > > > RedfishClientPkg/Features/MemoryCollectionDxe/MemoryCollectionDxe.in > > > f > > > > > > > > > INF > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > RedfishClientPkg/Features/ComputerSystem/v1_5_0/Dxe/ComputerSystemD > > > > > > > xe. > > > > > > > > > i > > > > > > > > > nf > > > > > > > > > -- > > > > > > > > > 2.34.1 > > > > > > > > > > > > > > > > -The information contained in this message may be > > > > > > > > confidential and > > > > > > > proprietary > > > > > > > > to American Megatrends (AMI). This communication is > > > > > > > > intended to be read > > > > > > > only by > > > > > > > > the individual or entity to whom it is addressed or by > > > > > > > > their designee. If the > > > > > > > reader > > > > > > > > of this message is not the intended recipient, you are on > > > > > > > > notice that any distribution of this message, in any form, > > > > > > > > is strictly prohibited. Please > > > > > > > promptly > > > > > > > > notify the sender by reply e-mail or by telephone at > > > > > > > > 770-246-8600, and > > > > > > > then > > > > > > > > delete or destroy all copies of the transmission. > > > > > > > > > > > > > > > > > >=20 > > > > > > > > > > > > > > > > -The information contained in this message may be confidential > > > > > and proprietary to American Megatrends (AMI). This communication > > > > > is intended to be read only by the individual or entity to whom > > > > > it is addressed or by their designee. If the reader of this > > > > > message is not the intended recipient, you are on notice that > > > > > any distribution of this message, in any form, is strictly prohib= ited. > > > > > Please promptly notify the sender by reply e-mail or by > > > > > telephone at 770-246-8600, and > > > then > > > > delete or destroy all copies of the transmission. > -The information contained in this message may be confidential and propri= etary > to American Megatrends (AMI). This communication is intended to be read o= nly by > the individual or entity to whom it is addressed or by their designee. If= the reader > of this message is not the intended recipient, you are on notice that any > distribution of this message, in any form, is strictly prohibited. Please= promptly > notify the sender by reply e-mail or by telephone at 770-246-8600, and th= en > delete or destroy all copies of the transmission. -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118986): https://edk2.groups.io/g/devel/message/118986 Mute This Topic: https://groups.io/mt/105596648/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-