[edk2-devel] [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish Credential DXE driver
Abner Chang
abner.chang at hpe.com
Wed Dec 16 07:27:07 UTC 2020
> -----Original Message-----
> From: Chang, Abner (HPS SW/FW Technologist)
> Sent: Wednesday, December 16, 2020 3:09 PM
> To: Wang, Nickle (HPS SW) <nickle.wang at hpe.com>; devel at edk2.groups.io
> Cc: O'Hanley, Peter (EXL) <peter.ohanley at hpe.com>
> Subject: RE: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish
> Credential DXE driver
>
>
>
> > -----Original Message-----
> > From: Wang, Nickle (HPS SW)
> > Sent: Wednesday, December 16, 2020 10:46 AM
> > To: Chang, Abner (HPS SW/FW Technologist) <abner.chang at hpe.com>;
> > devel at edk2.groups.io
> > Cc: O'Hanley, Peter (EXL) <peter.ohanley at hpe.com>
> > Subject: RE: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII
> > Redfish Credential DXE driver
> >
> > Hi Abner,
> >
> > Overall looks good to me. Just a question about implementation.
> >
> > The End-Of-DXE and Exit-Boot-Service is registered in Redfish
> > Credential driver and the implementation is provide by
> > RedfishPlatformCredentialLib library. May I know if it is possible to
> > register these two events in RedfishPlatformCredentialLib directly? In
> > this way, we do not need two additional interfaces in
> RedfishPlatformCredentialLib library.
> Yes Nickle, I think we can do that. Will resend the patch.
> thanks
Hi Nickle,
Sorry for the confusion, I just about to change the code but I still think we should keep these two registrations in RedfishCredentialDXe.
That is the security concern of implementing these two notifications in RedfishCredentialDxe and then invoke to platform code. This forces OEM to consider and provide their secret sauce for preventing from 3rd party code to steal the Redfish credential. That is OEM's choice if they want to leave these two functions in empty. But I think edk2 code should force them not forgetting to implement that.
So, I would like to still keep it.
> >
> > Thanks,
> > Nickle
> >
> > > -----Original Message-----
> > > From: Chang, Abner (HPS SW/FW Technologist)
> <abner.chang at hpe.com>
> > > Sent: Wednesday, December 9, 2020 4:44 PM
> > > To: devel at edk2.groups.io
> > > Cc: Wang, Nickle (HPS SW) <nickle.wang at hpe.com>; O'Hanley, Peter
> > > (EXL) <peter.ohanley at hpe.com>
> > > Subject: [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish
> > > Credential DXE driver
> > >
> > > EDKII Redfish Credential DXE driver which abstracts platform Redfish
> > > credential implementation.
> > >
> > > Signed-off-by: Jiaxin Wu <jiaxin.wu at intel.com>
> > > Signed-off-by: Ting Ye <ting.ye at intel.com>
> > > Signed-off-by: Siyuan Fu <siyuan.fu at intel.com>
> > > Signed-off-by: Fan Wang <fan.wang at intel.com>
> > > Signed-off-by: Abner Chang <abner.chang at hpe.com>
> > >
> > > Cc: Nickle Wang <nickle.wang at hpe.com>
> > > Cc: Peter O'Hanley <peter.ohanley at hpe.com>
> > > ---
> > > .../Include/Library/RedfishCredentialLib.h | 91 ++++++++
> > > .../PlatformCredentialLibNull.c | 101 +++++++++
> > > .../PlatformCredentialLibNull.inf | 30 +++
> > > RedfishPkg/Redfish.fdf.inc | 1 +
> > > RedfishPkg/RedfishComponents.dsc.inc | 1 +
> > > .../RedfishCredentialDxe.c | 209 ++++++++++++++++++
> > > .../RedfishCredentialDxe.h | 75 +++++++
> > > .../RedfishCredentialDxe.inf | 51 +++++
> > > RedfishPkg/RedfishPkg.dec | 4 +
> > > RedfishPkg/RedfishPkg.dsc | 2 +
> > > 10 files changed, 565 insertions(+) create mode 100644
> > > RedfishPkg/Include/Library/RedfishCredentialLib.h
> > > create mode 100644
> > > RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNu
> > > ll
> > > .c
> > > create mode 100644
> > > RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNu
> > > ll
> > > .inf
> > > create mode 100644
> > > RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > > create mode 100644
> > > RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > > create mode 100644
> > > RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > >
> > > diff --git a/RedfishPkg/Include/Library/RedfishCredentialLib.h
> > > b/RedfishPkg/Include/Library/RedfishCredentialLib.h
> > > new file mode 100644
> > > index 0000000000..dac1b3303f
> > > --- /dev/null
> > > +++ b/RedfishPkg/Include/Library/RedfishCredentialLib.h
> > > @@ -0,0 +1,91 @@
> > > +/** @file
> > > + Definitinos of RedfishHostInterfaceDxe driver.
> > > +
> > > + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > > +
> > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > +
> > > +**/
> > > +#ifndef REDFISH_CREDENTIAL_LIB_H_
> > > +#define REDFISH_CREDENTIAL_LIB_H_
> > > +
> > > +#include <Uefi.h>
> > > +
> > > +/**
> > > + Notification of Exit Boot Service.
> > > +
> > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > > +**/
> > > +VOID
> > > +EFIAPI
> > > +LibCredentialExitBootServicesNotify (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This );
> > > +
> > > +/**
> > > + Notification of End of DXe.
> > > +
> > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > > +**/
> > > +VOID
> > > +EFIAPI
> > > +LibCredentialEndOfDxeNotify (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This );
> > > +
> > > +/**
> > > + Retrieve platform's Redfish authentication information.
> > > +
> > > + This functions returns the Redfish authentication method together
> > > + with
> > > the user Id and
> > > + password.
> > > + - For AuthMethodNone, the UserId and Password could be used for
> > > + HTTP
> > > header authentication
> > > + as defined by RFC7235.
> > > + - For AuthMethodRedfishSession, the UserId and Password could be
> > > + used
> > > for Redfish
> > > + session login as defined by Redfish API specification (DSP0266).
> > > +
> > > + Callers are responsible for and freeing the returned string storage.
> > > +
> > > + @param[in] This Pointer to
> > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > + @param[out] AuthMethod Type of Redfish authentication
> method.
> > > + @param[out] UserId The pointer to store the returned UserId
> > > string.
> > > + @param[out] Password The pointer to store the returned
> > Password
> > > string.
> > > +
> > > + @retval EFI_SUCCESS Get the authentication information
> > > successfully.
> > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> EndOfDxe.
> > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> > > Password is NULL.
> > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > > resources.
> > > + @retval EFI_UNSUPPORTED Unsupported authentication method
> is
> > > found.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +LibCredentialGetAuthInfo (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > > + OUT CHAR8 **UserId,
> > > + OUT CHAR8 **Password
> > > +);
> > > +
> > > +/**
> > > + Notify the Redfish service provide to stop provide configuration
> > > +service to
> > > this platform.
> > > +
> > > + This function should be called when the platfrom is about to
> > > + leave the safe
> > > environment.
> > > + It will notify the Redfish service provider to abort all logined
> > > + session, and
> > > prohibit
> > > + further login with original auth info. GetAuthInfo() will return
> > > EFI_UNSUPPORTED once this
> > > + function is returned.
> > > +
> > > + @param[in] This Pointer to
> > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > + @param[in] ServiceStopType Reason of stopping Redfish service.
> > > +
> > > + @retval EFI_SUCCESS Service has been stoped successfully.
> > > + @retval EFI_INVALID_PARAMETER This is NULL.
> > > + @retval Others Some error happened.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +LibStopRedfishService (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> ServiceStopType
> > > +);
> > > +#endif
> > > diff --git
> > > a/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLib
> > > Nu
> > > ll.c
> > > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLib
> > > Nu
> > > ll.c
> > > new file mode 100644
> > > index 0000000000..39de622d59
> > > --- /dev/null
> > > +++
> > > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLib
> > > Nu
> > > ll.c
> > > @@ -0,0 +1,101 @@
> > > +/** @file
> > > + NULL instace of RedfishPlatformCredentialLib
> > > +
> > > + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > > +
> > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > +
> > > +**/
> > > +#include <Uefi.h>
> > > +#include <Protocol/EdkIIRedfishCredential.h>
> > > +/**
> > > + Notification of Exit Boot Service.
> > > +
> > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > > +**/
> > > +VOID
> > > +EFIAPI
> > > +LibCredentialExitBootServicesNotify (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
> > > +)
> > > +{
> > > + return;
> > > +}
> > > +
> > > +/**
> > > + Notification of End of DXe.
> > > +
> > > + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
> > > +**/
> > > +VOID
> > > +EFIAPI
> > > +LibCredentialEndOfDxeNotify (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
> > > +)
> > > +{
> > > + return;
> > > +}
> > > +
> > > +/**
> > > + Retrieve platform's Redfish authentication information.
> > > +
> > > + This functions returns the Redfish authentication method together
> > > + with
> > > the user Id and
> > > + password.
> > > + - For AuthMethodNone, the UserId and Password could be used for
> > > + HTTP
> > > header authentication
> > > + as defined by RFC7235.
> > > + - For AuthMethodRedfishSession, the UserId and Password could be
> > > + used
> > > for Redfish
> > > + session login as defined by Redfish API specification (DSP0266).
> > > +
> > > + Callers are responsible for and freeing the returned string storage.
> > > +
> > > + @param[in] This Pointer to
> > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > + @param[out] AuthMethod Type of Redfish authentication
> method.
> > > + @param[out] UserId The pointer to store the returned UserId
> > > string.
> > > + @param[out] Password The pointer to store the returned
> > Password
> > > string.
> > > +
> > > + @retval EFI_SUCCESS Get the authentication information
> > > successfully.
> > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> EndOfDxe.
> > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> > > Password is NULL.
> > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > > resources.
> > > + @retval EFI_UNSUPPORTED Unsupported authentication method
> is
> > > found.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +LibCredentialGetAuthInfo (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > > + OUT CHAR8 **UserId,
> > > + OUT CHAR8 **Password
> > > +)
> > > +{
> > > + return EFI_UNSUPPORTED;
> > > +}
> > > +
> > > +/**
> > > + Notify the Redfish service provide to stop provide configuration
> > > +service to
> > > this platform.
> > > +
> > > + This function should be called when the platfrom is about to
> > > + leave the safe
> > > environment.
> > > + It will notify the Redfish service provider to abort all logined
> > > + session, and
> > > prohibit
> > > + further login with original auth info. GetAuthInfo() will return
> > > EFI_UNSUPPORTED once this
> > > + function is returned.
> > > +
> > > + @param[in] This Pointer to
> > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > + @param[in] ServiceStopType Reason of stopping Redfish service.
> > > +
> > > + @retval EFI_SUCCESS Service has been stoped successfully.
> > > + @retval EFI_INVALID_PARAMETER This is NULL or given the worng
> > > ServiceStopType.
> > > + @retval EFI_UNSUPPORTED Not support to stop Redfish service.
> > > + @retval Others Some error happened.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +LibStopRedfishService (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> ServiceStopType
> > > + )
> > > +{
> > > + return EFI_UNSUPPORTED;
> > > +}
> > > +
> > > diff --git
> > > a/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLib
> > > Nu
> > > ll.in
> > > f
> > > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLib
> > > Nu
> > > ll.in
> > > f
> > > new file mode 100644
> > > index 0000000000..4c22e89718
> > > --- /dev/null
> > > +++
> > > b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLib
> > > Nu
> > > ll.in
> > > f
> > > @@ -0,0 +1,30 @@
> > > +## @file
> > > +# NULL instance of RedfishPlatformCredentialLib # # (C) Copyright
> > > +2020 Hewlett Packard Enterprise Development LP<BR> # #
> > > +SPDX-License-Identifier: BSD-2-Clause-Patent # ##
> > > +
> > > +[Defines]
> > > + INF_VERSION = 0x0001000b
> > > + BASE_NAME = RedfishPlatformCredentialLibNull
> > > + FILE_GUID = CA3BD843-0BDD-4EE0-A38A-B45CA663114F
> > > + MODULE_TYPE = DXE_DRIVER
> > > + VERSION_STRING = 1.0
> > > + LIBRARY_CLASS = RedfishPlatformCredentialLib
> > > +
> > > +#
> > > +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 RISCV64
> > > +#
> > > +
> > > +[Sources]
> > > + PlatformCredentialLibNull.c
> > > +
> > > +[Packages]
> > > + MdePkg/MdePkg.dec
> > > + MdeModulePkg/MdeModulePkg.dec
> > > + RedfishPkg/RedfishPkg.dec
> > > +
> > > +
> > > diff --git a/RedfishPkg/Redfish.fdf.inc b/RedfishPkg/Redfish.fdf.inc
> > > index 19de479a80..24e32e0abf 100644
> > > --- a/RedfishPkg/Redfish.fdf.inc
> > > +++ b/RedfishPkg/Redfish.fdf.inc
> > > @@ -13,4 +13,5 @@
> > > !if $(REDFISH_ENABLE) == TRUE
> > > INF RedfishPkg/RestJsonStructureDxe/RestJsonStructureDxe.inf
> > > INF
> > > RedfishPkg/RedfishHostInterfaceDxe/RedfishHostInterfaceDxe.inf
> > > + INF RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > > !endif
> > > diff --git a/RedfishPkg/RedfishComponents.dsc.inc
> > > b/RedfishPkg/RedfishComponents.dsc.inc
> > > index ac1b57ed8f..ff32653ec8 100644
> > > --- a/RedfishPkg/RedfishComponents.dsc.inc
> > > +++ b/RedfishPkg/RedfishComponents.dsc.inc
> > > @@ -15,4 +15,5 @@
> > > !if $(REDFISH_ENABLE) == TRUE
> > > RedfishPkg/RestJsonStructureDxe/RestJsonStructureDxe.inf
> > > RedfishPkg/RedfishHostInterfaceDxe/RedfishHostInterfaceDxe.inf
> > > + RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > > !endif
> > > diff --git a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > > b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > > new file mode 100644
> > > index 0000000000..f48d1d011c
> > > --- /dev/null
> > > +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c
> > > @@ -0,0 +1,209 @@
> > > +/** @file
> > > + RedfishCrentialDxe produces the EdkIIRedfishCredentialProtocol
> > > +for the
> > > consumer
> > > + to get the Redfish credential Info and to restrict Redfish access
> > > + from UEFI
> > > side.
> > > +
> > > + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > > +
> > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > +
> > > +**/
> > > +
> > > +#include <RedfishCredentialDxe.h>
> > > +
> > > +EDKII_REDFISH_CREDENTIAL_PROTOCOL mRedfishCredentialProtocol =
> {
> > > + RedfishCredentialGetAuthInfo,
> > > + RedfishCredentialStopService
> > > +};
> > > +
> > > +/**
> > > + Callback function executed when the ExitBootServices event group
> > > +is
> > > signaled.
> > > +
> > > + @param[in] Event Event whose notification function is being invoked.
> > > + @param[out] Context Pointer to the buffer pass in.
> > > +**/
> > > +VOID
> > > +EFIAPI
> > > +RedfishCredentialExitBootServicesEventNotify (
> > > + IN EFI_EVENT Event,
> > > + OUT VOID *Context
> > > + )
> > > +{
> > > + LibCredentialExitBootServicesNotify
> > > ((EDKII_REDFISH_CREDENTIAL_PROTOCOL *)Context);
> > > +}
> > > +
> > > +/**
> > > + Callback function executed when the EndOfDxe event group is signaled.
> > > +
> > > + @param[in] Event Event whose notification function is being invoked.
> > > + @param[out] Context Pointer to the buffer pass in.
> > > +**/
> > > +VOID
> > > +EFIAPI
> > > +RedfishCredentialEndOfDxeEventNotify (
> > > + IN EFI_EVENT Event,
> > > + OUT VOID *Context
> > > + )
> > > +{
> > > + LibCredentialEndOfDxeNotify
> ((EDKII_REDFISH_CREDENTIAL_PROTOCOL
> > > *)Context);
> > > +
> > > + //
> > > + // Close event, so it will not be invoked again.
> > > + //
> > > + gBS->CloseEvent (Event);
> > > +}
> > > +
> > > +/**
> > > + Retrieve platform's Redfish authentication information.
> > > +
> > > + This functions returns the Redfish authentication method together
> > > + with
> > > the user Id and
> > > + password.
> > > + - For AuthMethodNone, the UserId and Password could be used for
> > > + HTTP
> > > header authentication
> > > + as defined by RFC7235.
> > > + - For AuthMethodRedfishSession, the UserId and Password could be
> > > + used
> > > for Redfish
> > > + session login as defined by Redfish API specification (DSP0266).
> > > +
> > > + Callers are responsible for and freeing the returned string storage.
> > > +
> > > + @param[in] This Pointer to
> > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > + @param[out] AuthMethod Type of Redfish authentication
> method.
> > > + @param[out] UserId The pointer to store the returned UserId
> > > string.
> > > + @param[out] Password The pointer to store the returned
> > Password
> > > string.
> > > +
> > > + @retval EFI_SUCCESS Get the authentication information
> > > successfully.
> > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> EndOfDxe.
> > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> > > Password is NULL.
> > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > > resources.
> > > + @retval EFI_UNSUPPORTED Unsupported authentication method
> is
> > > found.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +RedfishCredentialGetAuthInfo (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > > + OUT CHAR8 **UserId,
> > > + OUT CHAR8 **Password
> > > + )
> > > +{
> > > + if (This == NULL || AuthMethod == NULL || UserId == NULL ||
> > > +Password
> > > == NULL) {
> > > + return EFI_INVALID_PARAMETER;
> > > + }
> > > +
> > > + return LibCredentialGetAuthInfo (This, AuthMethod,
> > > +UserId,Password); }
> > > +
> > > +/**
> > > + Notify the Redfish service provide to stop provide configuration
> > > +service to
> > > this platform.
> > > +
> > > + This function should be called when the platfrom is about to
> > > + leave the safe
> > > environment.
> > > + It will notify the Redfish service provider to abort all logined
> > > + session, and
> > > prohibit
> > > + further login with original auth info. GetAuthInfo() will return
> > > EFI_UNSUPPORTED once this
> > > + function is returned.
> > > +
> > > + @param[in] This Pointer to
> > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > + @param[in] ServiceStopType Reason of stopping Redfish service.
> > > +
> > > + @retval EFI_SUCCESS Service has been stoped successfully.
> > > + @retval EFI_INVALID_PARAMETER This is NULL or given the worng
> > > ServiceStopType.
> > > + @retval EFI_UNSUPPORTED Not support to stop Redfish service.
> > > + @retval Others Some error happened.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +RedfishCredentialStopService (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> ServiceStopType
> > > + )
> > > +{
> > > + if (This == NULL) {
> > > + return EFI_INVALID_PARAMETER;
> > > + }
> > > +
> > > + return LibStopRedfishService (This, ServiceStopType); }
> > > +
> > > +/**
> > > + Main entry for this driver.
> > > +
> > > + @param ImageHandle Image handle this driver.
> > > + @param SystemTable Pointer to SystemTable.
> > > +
> > > + @retval EFI_SUCESS This function always complete successfully.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +RedfishCredentialDxeDriverEntryPoint (
> > > + IN EFI_HANDLE ImageHandle,
> > > + IN EFI_SYSTEM_TABLE *SystemTable
> > > + )
> > > +{
> > > + EFI_STATUS Status;
> > > + EFI_HANDLE Handle;
> > > + EFI_EVENT EndOfDxeEvent;
> > > + EFI_EVENT ExitBootServiceEvent;
> > > +
> > > + Handle = NULL;
> > > +
> > > + //
> > > + // Install the RedfishCredentialProtocol onto Handle.
> > > + //
> > > + Status = gBS->InstallMultipleProtocolInterfaces (
> > > + &Handle,
> > > + &gEdkIIRedfishCredentialProtocolGuid,
> > > + &mRedfishCredentialProtocol,
> > > + NULL
> > > + );
> > > + if (EFI_ERROR (Status)) {
> > > + return Status;
> > > + }
> > > +
> > > + //
> > > + // After EndOfDxe, if SecureBoot is disabled, Redfish Credential
> > > + Protocol
> > > should return
> > > + // error code to caller to avoid the 3rd code to bypass Redfish
> > > + Credential
> > > Protocol and
> > > + // retrieve userid/pwd directly. So, here, we create EndOfDxe
> > > + Event to
> > > check SecureBoot
> > > + // status.
> > > + //
> > > + Status = gBS->CreateEventEx (
> > > + EVT_NOTIFY_SIGNAL,
> > > + TPL_CALLBACK,
> > > + RedfishCredentialEndOfDxeEventNotify,
> > > + (VOID *)&mRedfishCredentialProtocol,
> > > + &gEfiEndOfDxeEventGroupGuid,
> > > + &EndOfDxeEvent
> > > + );
> > > + if (EFI_ERROR (Status)) {
> > > + goto ON_ERROR;
> > > + }
> > > +
> > > + //
> > > + // After ExitBootServices, Redfish Credential Protocol should
> > > + stop the
> > > service.
> > > + // So, here, we create ExitBootService Event to stop service.
> > > + //
> > > + Status = gBS->CreateEventEx (
> > > + EVT_NOTIFY_SIGNAL,
> > > + TPL_CALLBACK,
> > > + RedfishCredentialExitBootServicesEventNotify,
> > > + (VOID *)&mRedfishCredentialProtocol,
> > > + &gEfiEventExitBootServicesGuid,
> > > + &ExitBootServiceEvent
> > > + );
> > > + if (EFI_ERROR (Status)) {
> > > + gBS->CloseEvent (EndOfDxeEvent);
> > > + goto ON_ERROR;
> > > + }
> > > +
> > > + return EFI_SUCCESS;
> > > +
> > > +ON_ERROR:
> > > +
> > > + gBS->UninstallMultipleProtocolInterfaces (
> > > + Handle,
> > > + &gEdkIIRedfishCredentialProtocolGuid,
> > > + &mRedfishCredentialProtocol,
> > > + NULL
> > > + );
> > > +
> > > + return Status;
> > > +}
> > > diff --git a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > > b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > > new file mode 100644
> > > index 0000000000..6e7e417b33
> > > --- /dev/null
> > > +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h
> > > @@ -0,0 +1,75 @@
> > > +/** @file
> > > + Definition of Redfish Credential DXE driver.
> > > +
> > > + (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > > +
> > > + SPDX-License-Identifier: BSD-2-Clause-Patent
> > > +
> > > +**/
> > > +#ifndef EDKII_REDFISH_CREDENTIAL_DXE_H_ #define
> > > +EDKII_REDFISH_CREDENTIAL_DXE_H_
> > > +
> > > +#include <Protocol/EdkIIRedfishCredential.h>
> > > +
> > > +#include <Library/BaseLib.h>
> > > +#include <Library/DebugLib.h>
> > > +#include <Library/PrintLib.h>
> > > +#include <Library/RedfishCredentialLib.h> #include
> > > +<Library/UefiLib.h> #include <Library/UefiBootServicesTableLib.h>
> > > +
> > > +/**
> > > + Retrieve platform's Redfish authentication information.
> > > +
> > > + This functions returns the Redfish authentication method together
> > > + with
> > > the user Id and
> > > + password.
> > > + - For AuthMethodNone, the UserId and Password could be used for
> > > + HTTP
> > > header authentication
> > > + as defined by RFC7235.
> > > + - For AuthMethodRedfishSession, the UserId and Password could be
> > > + used
> > > for Redfish
> > > + session login as defined by Redfish API specification (DSP0266).
> > > +
> > > + Callers are responsible for and freeing the returned string storage.
> > > +
> > > + @param[in] This Pointer to
> > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > + @param[out] AuthMethod Type of Redfish authentication
> method.
> > > + @param[out] UserId The pointer to store the returned UserId
> > > string.
> > > + @param[out] Password The pointer to store the returned
> > Password
> > > string.
> > > +
> > > + @retval EFI_SUCCESS Get the authentication information
> > > successfully.
> > > + @retval EFI_ACCESS_DENIED SecureBoot is disabled after
> EndOfDxe.
> > > + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or
> > > Password is NULL.
> > > + @retval EFI_OUT_OF_RESOURCES There are not enough memory
> > > resources.
> > > + @retval EFI_UNSUPPORTED Unsupported authentication method
> is
> > > found.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +RedfishCredentialGetAuthInfo (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod,
> > > + OUT CHAR8 **UserId,
> > > + OUT CHAR8 **Password
> > > + );
> > > +
> > > +/**
> > > + Notify the Redfish service provide to stop provide configuration
> > > +service to
> > > this platform.
> > > +
> > > + This function should be called when the platfrom is about to
> > > + leave the safe
> > > environment.
> > > + It will notify the Redfish service provider to abort all logined
> > > + session, and
> > > prohibit
> > > + further login with original auth info. GetAuthInfo() will return
> > > EFI_UNSUPPORTED once this
> > > + function is returned.
> > > +
> > > + @param[in] This Pointer to
> > > EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
> > > +
> > > + @retval EFI_SUCCESS Service has been stoped successfully.
> > > + @retval EFI_INVALID_PARAMETER This is NULL.
> > > + @retval Others Some error happened.
> > > +
> > > +**/
> > > +EFI_STATUS
> > > +EFIAPI
> > > +RedfishCredentialStopService (
> > > + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This,
> > > + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE
> ServiceStopType
> > > + );
> > > +#endif
> > > diff --git
> > > a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > > b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > > new file mode 100644
> > > index 0000000000..707d9a04d9
> > > --- /dev/null
> > > +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf
> > > @@ -0,0 +1,51 @@
> > > +## @file
> > > +# RedfishCredentialDxe is required to produce the # EdkII
> > > +RedfishCredentialProtocol for the consumer to get the Redfish #
> > > +credential Info and to restrict Redfish access from UEFI side.
> > > +#
> > > +# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > > +#
> > > +SPDX-License-Identifier: BSD-2-Clause-Patent # ##
> > > +
> > > +[Defines]
> > > + INF_VERSION = 0x0001000b
> > > + BASE_NAME = RedfishCredentialDxe
> > > + FILE_GUID = 458CE95A-4942-09A9-5D21-A6B16D5DAD7F
> > > + MODULE_TYPE = DXE_DRIVER
> > > + VERSION_STRING = 1.0
> > > + ENTRY_POINT = RedfishCredentialDxeDriverEntryPoint
> > > +
> > > +#
> > > +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 RISCV64
> > > +#
> > > +
> > > +[Sources]
> > > + RedfishCredentialDxe.c
> > > + RedfishCredentialDxe.h
> > > +
> > > +[Packages]
> > > + MdePkg/MdePkg.dec
> > > + MdeModulePkg/MdeModulePkg.dec
> > > + RedfishPkg/RedfishPkg.dec
> > > +
> > > +[LibraryClasses]
> > > + BaseLib
> > > + DebugLib
> > > + PrintLib
> > > + RedfishPlatformCredentialLib
> > > + UefiBootServicesTableLib
> > > + UefiDriverEntryPoint
> > > + UefiRuntimeServicesTableLib
> > > + UefiLib
> > > +
> > > +[Protocols]
> > > + gEdkIIRedfishCredentialProtocolGuid ## BY_START
> > > +
> > > +
> > > +[Guids]
> > > + gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event
> > > + gEfiEventExitBootServicesGuid ## CONSUMES ## Event
> > > +
> > > +[Depex]
> > > + TRUE
> > > diff --git a/RedfishPkg/RedfishPkg.dec b/RedfishPkg/RedfishPkg.dec
> > > index 861f6dd0c8..fc56b4fefb 100644
> > > --- a/RedfishPkg/RedfishPkg.dec
> > > +++ b/RedfishPkg/RedfishPkg.dec
> > > @@ -21,6 +21,10 @@
> > > # Platform implementation-specific Redfish Host Interface.
> > >
> > > RedfishPlatformHostInterfaceLib|Include/Library/RedfishHostInterface
> > > RedfishPlatformHostInterfaceLib|Li
> > > RedfishPlatformHostInterfaceLib|b.h
> > >
> > > + ## @libraryclass Platform Redfish Credential Library
> > > + # Platform implementation-specific Redfish Credential Interface.
> > > +
> > > + RedfishPlatformCredentialLib|Include/Library/RedfishCredentialLib.
> > > + h
> > > +
> > > [Protocols]
> > > ## Include/Protocol/RedfishDiscover.h
> > > gEfiRedfishDiscoverProtocolGuid = { 0x5db12509, 0x4550, 0x4347,
> { 0x96,
> > > 0xb3, 0x73, 0xc0, 0xff, 0x6e, 0x86, 0x9f }} diff --git
> > > a/RedfishPkg/RedfishPkg.dsc b/RedfishPkg/RedfishPkg.dsc index
> > > 94e7127bc6..f7d5b90918 100644
> > > --- a/RedfishPkg/RedfishPkg.dsc
> > > +++ b/RedfishPkg/RedfishPkg.dsc
> > > @@ -32,6 +32,7 @@
> > >
> > >
> >
> DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/Bas
> > > eDebugPrintErrorLevelLib.inf
> > > PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
> > >
> > > RedfishPlatformHostInterfaceLib|RedfishPkg/Library/PlatformHostInter
> > > RedfishPlatformHostInterfaceLib|fa
> > > RedfishPlatformHostInterfaceLib|ce
> > > LibNull/PlatformHostInterfaceLibNull.inf
> > > +
> > > RedfishPlatformCredentialLib|RedfishPkg/Library/PlatformCredentialLi
> > > RedfishPlatformCredentialLib|bN
> > > RedfishPlatformCredentialLib|ull/
> > > PlatformCredentialLibNull.inf
> > >
> > > [LibraryClasses.ARM, LibraryClasses.AARCH64]
> > > #
> > > @@ -43,5 +44,6 @@
> > >
> > > [Components]
> > >
> > > RedfishPkg/Library/PlatformHostInterfaceLibNull/PlatformHostInterfac
> > > eL
> > > ibN
> > > ull.inf
> > > +
> > > RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNu
> > > ll
> > > .inf
> > >
> > > !include RedfishPkg/Redfish.dsc.inc
> > > --
> > > 2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#68941): https://edk2.groups.io/g/devel/message/68941
Mute This Topic: https://groups.io/mt/78825588/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list