From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0b-002e3701.pphosted.com (mx0b-002e3701.pphosted.com [148.163.143.35]) by mx.groups.io with SMTP id smtpd.web11.6167.1647311527008220058 for ; Mon, 14 Mar 2022 19:32:07 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@hpe.com header.s=pps0720 header.b=SvGkHpkV; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: hpe.com, ip: 148.163.143.35, mailfrom: prvs=0073bc80b6=nickle.wang@hpe.com) Received: from pps.filterd (m0134425.ppops.net [127.0.0.1]) by mx0b-002e3701.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 22EKYMur006566; Tue, 15 Mar 2022 02:32:02 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hpe.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=pps0720; bh=n71vlccKNChMHKV8DAV0z1c5dXeadnlAGxxwRbUpti4=; b=SvGkHpkVKUm3dobnl5T0C/cF0QkiNWHy9xJi5XHALmxWvUi0mj5immuJ0r+ie+a5rBTq v9GZ8ubkrQ4COpLDwuTlXZGwdzIk5/0JIGSQSWnV2XaoGlNnGPYbQni4rRZSJ9xPBt3M OC2PiS+Yhky2+opPLFxm6o7sgnKL1W53zhPhZXy1SkgNug71z6/yVJxhPx2fjwldzXgP XHE5cDKMO+2e9GWQV0WBghpBrAk8dAsUCxKhw6DhlGlFy3TY1YjI1f/CadRZ5Aw/z90R fLvOM62i24kVIX0NfKfdQoVJ9KZtQfIQ8neaNfKHWx7pt+ysHHtuetTmc3a53szy6B+h Qg== Received: from g4t3427.houston.hpe.com (g4t3427.houston.hpe.com [15.241.140.73]) by mx0b-002e3701.pphosted.com (PPS) with ESMTPS id 3etcv2hysb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 15 Mar 2022 02:32:01 +0000 Received: from G4W9120.americas.hpqcorp.net (exchangepmrr1.us.hpecorp.net [16.210.21.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by g4t3427.houston.hpe.com (Postfix) with ESMTPS id 1FCFB57; Tue, 15 Mar 2022 02:32:00 +0000 (UTC) Received: from G4W9119.americas.hpqcorp.net (2002:10d2:14d6::10d2:14d6) by G4W9120.americas.hpqcorp.net (2002:10d2:150f::10d2:150f) with Microsoft SMTP Server (TLS) id 15.0.1497.23; Tue, 15 Mar 2022 02:31:59 +0000 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (15.241.52.12) by G4W9119.americas.hpqcorp.net (16.210.20.214) with Microsoft SMTP Server (TLS) id 15.0.1497.23 via Frontend Transport; Tue, 15 Mar 2022 02:31:59 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=I5zo6Y8Ygeps4pkyJJfz3E+prBE+5KIz7zrJEr9emw5HeUZZiLEhw5UaDpEm5dF39EeVdnK5N1tNybTOgF2Qeq2VZ9nhhty4Mj8OgrbaiU7E1Qq8ZEz9XYERq0lK3vHk0QBSVU/a8zbgYUErOVd6RNB8a4PXquQZq0V09z8uVTTDrPHO0YsU6SJLVW5DB2dosT7WqdQ+ItA7lacVtOl614y5lAMJaV8Yk2E5I71g+xHjF/I4WfvxM0r+vFkwlhcFJQAEZfRjfS5UQ2cgI8SPMk04ql9RmFRq5f4e+paqKNW1W3Ffs3tgd89nV+c8nqaKkB7qX6sBMveBpBJWfaWRQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=n71vlccKNChMHKV8DAV0z1c5dXeadnlAGxxwRbUpti4=; b=BM0Z9aKlS2ARz+2SR3sFr2pqCzhIRT7/UQDxo+qYT0bIzO8y8eHTWjqmuo+ar+8PndvZapP6VqnSxhctXFtHkeQM/cjZrWBQ+OJ6qmVXWF5NUXVkuLxjiQ/hFY2gIPOjHR+1VhoO3y5nAfbR1PKFrYCn6ZrQ+x3wu1aJTfY36fetkR7jZ71ZT85jK3fnNzHNYlnKdc1gVsnftcNRLKn3p+Q6EeiSvgiE7JF8e+BBde2y2CW33GHgYkmDmr7CM5u5fB96m0wi248T+xKK6xWUfACFvL/Zw/h7aGBrcOvmBapQ8y63uP/cQ8E9CXv1dZMdnFzU5yzntBYuitH8oDZptQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=hpe.com; dmarc=pass action=none header.from=hpe.com; dkim=pass header.d=hpe.com; arc=none Received: from SJ0PR84MB1433.NAMPRD84.PROD.OUTLOOK.COM (2603:10b6:a03:381::17) by PH0PR84MB1809.NAMPRD84.PROD.OUTLOOK.COM (2603:10b6:510:160::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5061.29; Tue, 15 Mar 2022 02:31:57 +0000 Received: from SJ0PR84MB1433.NAMPRD84.PROD.OUTLOOK.COM ([fe80::d5f:cd44:d334:3fdf]) by SJ0PR84MB1433.NAMPRD84.PROD.OUTLOOK.COM ([fe80::d5f:cd44:d334:3fdf%3]) with mapi id 15.20.5061.028; Tue, 15 Mar 2022 02:31:57 +0000 From: "Nickle Wang" To: "Chang, Abner (HPS SW/FW Technologist)" , "devel@edk2.groups.io" CC: Andrew Fish , Ray Ni , "Wang, Nickle (Server BIOS)" Subject: Re: [PATCH] EmulatorPkg/RedfishPlatformCredentialLib: Check EFI_SECURE_BOOT_MODE_NAME Thread-Topic: [PATCH] EmulatorPkg/RedfishPlatformCredentialLib: Check EFI_SECURE_BOOT_MODE_NAME Thread-Index: AQHYNEqD4LMQQrz2XkCYhYScEhQBhKy/wOsw Date: Tue, 15 Mar 2022 02:31:57 +0000 Message-ID: References: <20220310054225.21135-1-abner.chang@hpe.com> In-Reply-To: <20220310054225.21135-1-abner.chang@hpe.com> Accept-Language: en-US, zh-TW X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 19fa8e76-e213-4718-92cb-08da062bfa53 x-ms-traffictypediagnostic: PH0PR84MB1809:EE_ x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 6ZrayZ6ch2+ZdS5SZ6sC77DzFSRWAYz5aIgqtMIqBCPbkcyu3Oq05oJNt++aKB+J735Ozp00nzHiACyM5i9Q1aQu2KKsEo/MTSwNOsjC6mZHp2daPei6GgmhJ/uZRerWwaKlNDQ4O/gA5dzOGHEU6DTQ91ndn7q0MnLnmYrf/tyryAkR9YYW37xJvTm0CKevrnLWcY9bi9t5tN7m5P5QBcYbZBpwUPC6XdHqQjhRz/ULv/AoKK66v2SmkKGZHY58utxQXcuhu9aOqJALERwmyauN7WlXGmXp6lLAScKfOMKinEVvwSkoWnozv18J+2L8z8g18wbYStovM+7RfUjGtZoMUNLrd/grohpL7W1MfNpXrtF2NnYnY0ZD44iClViK6dpWRHo+IIsNFIsdZZs9mYkzBMvETJa+Cfx6GqFVrLz5B1YtL8WfavlT99/wOw1/48VyDeq1l/uXjriG0Bo+iH+vjJgWGIrK0+UsRNw40WhcjoPQDlFRr2S++MluIYAEsdO+Hj/dOjOGXbgaxXLf/etcSsZzPK4x1K8NvcbLBKl9IBBOOFJRixZAyd0TtUq5ZbN/2LXxOKZsjZbEOAzibFZ1jl0f5bcvn05zurI4f5kapxm4U4AXXcZzxWEA2REk4QxFc1/k9xVQuOJMrsrBOr/dKYGMcX4N1ay04JD2spk/yiUf8TQ6ECvrCP8wTvXXtxzzdInmw5GUKiAVsLff0w== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SJ0PR84MB1433.NAMPRD84.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230001)(366004)(55016003)(64756008)(66446008)(66476007)(8676002)(66556008)(82960400001)(4326008)(71200400001)(76116006)(66946007)(38100700002)(316002)(122000001)(110136005)(54906003)(2906002)(53546011)(6506007)(83380400001)(5660300002)(7696005)(9686003)(26005)(186003)(86362001)(33656002)(52536014)(508600001)(8936002)(38070700005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?8qQS/FCe5nYBAtbVry7LMo5TOF2SaBvqgknwjvngkzpVpgZECYjlEZM/oZct?= =?us-ascii?Q?2pYL66uuUtlYBs0o/2yv88VzvW2HKofHp8edNyMMlLpAMOXMIcTb1bW77l3q?= =?us-ascii?Q?hWI+BgVgxciZ8TxKAqLgofJcNTFcbcvSBP0odmNcso5ukCAYDIGFodl3/F9/?= =?us-ascii?Q?PsFeztgDvMpoC4iYMcsu/krg6OVnC8aCWBscfry0ge6lO+WhDbVVYM7glZHB?= =?us-ascii?Q?gdyg2+ECs/TMMmkS5fWPQuyhO1r5lqJkfREstRqm4Df+pAPPBELEyBFYw8tc?= =?us-ascii?Q?TIJyOxsc4O01NaJUOYOpZq7ieL9130rTh2mkn0dnbII7oOvgp14lcJfy1fKa?= =?us-ascii?Q?nsDv5eusoDKXBsawB+znWWhY/2ThtnF0Od5gS3kPkWpVfQEGQh7H78EYcsa6?= =?us-ascii?Q?17LuKNBEzJke76jLNUmqAS6/08ka70X/ciBxikEHzMhX0MXV4g0kY6DQz2DI?= =?us-ascii?Q?OyizKE2GqnHRksfsCjYSdRHQ/Am889/V1USOTZ1nyK5ueKdQYBEGSuJ6EmNU?= =?us-ascii?Q?MAVNk0s91k0w8V9Vi2EEHUMCRNy9HQtocHBUQRpa/R2yrbQLC9M1TKh3v2FE?= =?us-ascii?Q?Gd/wMZJkdZ3YbpusO9KRvV2WWuAO8VS2LzYnWlO/bQVV35tyj1s2kEZKIuZA?= =?us-ascii?Q?4zfJC6iqd0tIlbW9PsD6FZTEYLdY/aatGqyNC5nGHkCi2JXHTZEgK5F1eNZf?= =?us-ascii?Q?z0TJFylZXbywnYYlFi4ju0JSJ9Yfa9PnaMq/YxVLGhTbEk6/uBK9Yqb5iCVN?= =?us-ascii?Q?Tz9pBpgvyrBnH43veraOnFl6pCG5gU+9t6tYVrLZI0icTUC3i+zy9SycTdpM?= =?us-ascii?Q?kfbwnxD7baVOHuM+0kyOH3311ZF0LKkvHzl7PSGGbLi6TxC9aghHRzbs2BIx?= =?us-ascii?Q?QvTBvpzOOh6nFuGSX8P4mXUEtVkwi4xJKyea5m60S/ES/EZ0wHaSfBSd2+iU?= =?us-ascii?Q?vW7iJCRYDw9hRThJCr7X7Z1Ks5p4Jt2tXYErbjT+CUKKXivxg7y1MvACn2yY?= =?us-ascii?Q?fzKq8rQBdgfx8Z3LPoP2qbUrydeixtUOt6rjIwjkq9w3T6oZYTybvJAx2IGG?= =?us-ascii?Q?0O9ja+7vICOR5b7WT4EWgbJzBKcN3snQSQ9HasqgwIMUL8Ycl2eDPqQmg9Ny?= =?us-ascii?Q?mbHQRnx498CJwd0dwAGXlkNvkfBscEwxjvmS0PzGG8cAisOwKn3NhEa7zb5W?= =?us-ascii?Q?9ThDi+72sBuJFIzfOVsW1U2xmv/6e83HBogOOVSwNJqC2XXyOae9lroRhIzE?= =?us-ascii?Q?PGl6BylHywG0eDyGn47p9kTNPUDGMWXCrIzLaZJL6Ixw8rzdoX2x9D31qN37?= =?us-ascii?Q?HVnWDi+Cnz5eJiMA8sVV1C/4AIfEX61D6Z1o1D7tu61gZw4EV/ndeTdQOjwV?= =?us-ascii?Q?LpVKiUKlFPwPExKQLSobHIanlmb4hIt6T1skbcMZRweHSF7yZoN38jx+0w9y?= =?us-ascii?Q?dKppUR7Q1Cohpq7mB+0NSxa9izHqkrYR?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SJ0PR84MB1433.NAMPRD84.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 19fa8e76-e213-4718-92cb-08da062bfa53 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Mar 2022 02:31:57.8863 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 105b2061-b669-4b31-92ac-24d304d195dc X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: uKFIqmpd4xEqwc3piIB+pQzjGgw4NdDfGvFWWXn9ZRCweHycG0tEIpjobHe3rMzelNDVMQiyMVKsA+T7Cl6lXw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR84MB1809 X-OriginatorOrg: hpe.com X-Proofpoint-GUID: CslXYKO3_pZEE5o3XB6PLJ7-Xc0KwNos X-Proofpoint-ORIG-GUID: CslXYKO3_pZEE5o3XB6PLJ7-Xc0KwNos X-HPE-SCL: -1 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.850,Hydra:6.0.425,FMLib:17.11.64.514 definitions=2022-03-14_14,2022-03-14_02,2022-02-23_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 clxscore=1011 adultscore=0 phishscore=0 priorityscore=1501 malwarescore=0 lowpriorityscore=0 impostorscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2202240000 definitions=main-2203150014 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Nickle Wang Thanks, Nickle -----Original Message----- From: Chang, Abner (HPS SW/FW Technologist) =20 Sent: Thursday, March 10, 2022 1:42 PM To: devel@edk2.groups.io Cc: Wang, Nickle (Server BIOS) ; Andrew Fish ; Ray Ni Subject: [PATCH] EmulatorPkg/RedfishPlatformCredentialLib: Check EFI_SECURE= _BOOT_MODE_NAME Check EFI_SECURE_BOOT_MODE_NAME before setting the flags to prohibit acquiring Redfish service credential and using Redfish service. Signed-off-by: Abner Chang Cc: Nickle Wang Cc: Andrew Fish Cc: Ray Ni --- .../RedfishPlatformCredentialLib.c | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatfo= rmCredentialLib.c b/EmulatorPkg/Library/RedfishPlatformCredentialLib/Redfis= hPlatformCredentialLib.c index eaf9c56450..a0233a984d 100644 --- a/EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede= ntialLib.c +++ b/EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCrede= ntialLib.c @@ -165,6 +165,9 @@ LibStopRedfishService ( IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType ) { + EFI_STATUS Status; + UINT8 *SecureBootVar; + if (ServiceStopType >=3D ServiceStopTypeMax) { return EFI_INVALID_PARAMETER; } @@ -177,8 +180,18 @@ LibStopRedfishService ( if (!PcdGetBool (PcdRedfishServieStopIfSecureBootDisabled)) { return EFI_UNSUPPORTED; } else { - mStopRedfishService =3D TRUE; - DEBUG ((DEBUG_INFO, "EFI Redfish service is stopped due to SecureBoo= t is disabled!!\n")); + // + // Check Secure Boot status and lock Redfish service if Secure Boot = is disabled. + // + Status =3D GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVaria= bleGuid, (VOID **)&SecureBootVar, NULL); + if (EFI_ERROR (Status) || (*SecureBootVar !=3D SECURE_BOOT_MODE_ENAB= LE)) { + // + // Secure Boot is disabled + // + mSecureBootDisabled =3D TRUE; + mStopRedfishService =3D TRUE; + DEBUG ((DEBUG_INFO, "EFI Redfish service is stopped due to SecureB= oot is disabled!!\n")); + } } } else if (ServiceStopType =3D=3D ServiceStopTypeExitBootService) { // @@ -224,18 +237,5 @@ LibCredentialEndOfDxeNotify ( IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This ) { - EFI_STATUS Status; - UINT8 *SecureBootVar; - - // - // Check Secure Boot status and lock Redfish service if Secure Boot is d= isabled. - // - Status =3D GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableG= uid, (VOID **)&SecureBootVar, NULL); - if (EFI_ERROR (Status) || (*SecureBootVar !=3D SECURE_BOOT_MODE_ENABLE))= { - // - // Secure Boot is disabled - // - mSecureBootDisabled =3D TRUE; - LibStopRedfishService (This, ServiceStopTypeSecureBootDisabled); - } + LibStopRedfishService (This, ServiceStopTypeSecureBootDisabled); } --=20 2.17.1