From nobody Tue May 14 08:43:58 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+112914+1787277+3901457@groups.io;
	arc=fail (BodyHash is different from the expected one)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1703590148799959.0381795139183;
 Tue, 26 Dec 2023 03:29:08 -0800 (PST)
Return-Path: <bounce+27952+112914+1787277+3901457@groups.io>
DKIM-Signature: a=rsa-sha256; bh=0UMMJ2bsow88t5enDVxFk3KjGdFt1XR4v10LOs7RkJM=;
 c=relaxed/simple; d=groups.io;
 h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type;
 s=20140610; t=1703590148; v=1;
 b=eZb89w7tr8uHNUqWTcfaP/5ZJYxa+XkQ1E6HGTiI7FOQ80z9lOa0/JoJz/PSrTWxyGanKiQv
 aW9alyC/b1H8KvCB4cxfaERaKCkGyouY0L+P99rlSDRczsuM2Oo69yvHFga4LRu5OS+mILj8iGW
 0EyJxkGNgqyhs/sv9+xrv+eg=
X-Received: by 127.0.0.2 with SMTP id bcBKYY1788612xpNERmvSltB;
 Tue, 26 Dec 2023 03:29:08 -0800
X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com
 (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.77])
 by mx.groups.io with SMTP id smtpd.web10.80564.1703590147844949909
 for <devel@edk2.groups.io>;
 Tue, 26 Dec 2023 03:29:08 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=TchjQoOujT9H3UbBOtU2Hnmk3BGXQCmgEBaljDvD4vQckIQCh34mteHcGkJG0xhxRkMESnlYlQnDKrtOhs07wPIeSdIryAUfIylXXyk6N69eCVRW7kKx06CG8O62GoWmo4UwufPqg3dxW6EmzKBZzd1kUAA2AWYQEZ2a3FIABRHj+oWE+jYAuasQXOHyoZlBcP+yT40PG2G/9HnwvnOKVo0H/JkICDbejVH7DizpZh3lNKyxMi8PrUiCDhBbAgJ5/Pm3TNcYEKHwD8WD7zP5ygUeaGwk+ODTSiWl2WoM0MMjQq/DipBqvw4kVd72AXvz3fwuWgLRy1hEIc/k0f2peQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=6i6ojwZo8Dc+tqSwUpEvG+vakAyPvH1w+g43uljLmx0=;
 b=HQNSulOtgZTOFR/EXB5+qXTT2fI9R4jowuOXZvfEO+KIKpj1Fdms4pLPrgZglsxTMh7tFihnKnMnwHL9bYOWdKy9SqFZ6/RNhI32Ngs66gpEBf0mKO2ySuGWm+S+KZJeNZ9qKm8KquGyFMlRwFifeB2Lp1OEXGI/PVNscJW1ytCQvlRLtfkfEDSx38dB/3f8MA/EsdYoXBJDT2qd/kpZg9uopMH2dm1sJVehRkzAwkWVXZ8OSmRXg98PO/S+/qxI64ZWnsoUHQypM44Y6wiysSRzGWCeyzfh90mA+qqVy9o7Oii50np02upwTkLZIG2ojOdjuAkrZf8Lwsj2TjMZhA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com;
 dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
 header.from=amd.com; dkim=none (message not signed); arc=none (0)
X-Received: from DS7PR05CA0104.namprd05.prod.outlook.com (2603:10b6:8:56::16)
 by
 PH7PR12MB6636.namprd12.prod.outlook.com (2603:10b6:510:212::13) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7135.18; Tue, 26 Dec
 2023 11:29:02 +0000
X-Received: from DS1PEPF00017092.namprd03.prod.outlook.com
 (2603:10b6:8:56:cafe::3f) by DS7PR05CA0104.outlook.office365.com
 (2603:10b6:8:56::16) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7135.18 via Frontend
 Transport; Tue, 26 Dec 2023 11:29:01 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+112914+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
X-Received: from SATLEXMB04.amd.com (165.204.84.17) by
 DS1PEPF00017092.mail.protection.outlook.com (10.167.17.135) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.20.7135.14 via Frontend Transport; Tue, 26 Dec 2023 11:29:01 +0000
X-Received: from TPE-L1-ABNCHANG.amd.com (10.180.168.240) by
 SATLEXMB04.amd.com
 (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Tue, 26 Dec
 2023 05:28:58 -0600
From: "Chang, Abner via groups.io" <abner.chang=amd.com@groups.io>
To: <devel@edk2.groups.io>
CC: Saloni Kasbekar <saloni.kasbekar@intel.com>, Zachary Clark-williams
	<zachary.clark-williams@intel.com>, Michael Brown <mcb30@ipxe.org>, Nickle
 Wang <nicklew@nvidia.com>, Igor Kulchytskyy <igork@ami.com>
Subject: [edk2-devel] [RFC][PATCH 1/2] NetworkPkg: EDKII HTTPS platform TLS
 policy
Date: Tue, 26 Dec 2023 19:28:38 +0800
Message-ID: <20231226112839.1152-2-abner.chang@amd.com>
In-Reply-To: <20231226112839.1152-1-abner.chang@amd.com>
References: <20231226112839.1152-1-abner.chang@amd.com>
MIME-Version: 1.0
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
 (10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DS1PEPF00017092:EE_|PH7PR12MB6636:EE_
X-MS-Office365-Filtering-Correlation-Id: 31a4ce7d-2967-4e57-0065-08dc0605dc1f
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Message-Info: 
 eT8j8ctidFFsubOqXzFGFvY/nNMiqyHvNqFs7+qLpfocf0/WnCZZHkT4iPnFSr5jiqMnMfEDX7EO5ZcIAsb/x3jq6XvjwLIhfmyJiXzjtFRzUYk2xX1SgqWvFJaq3ugvfjm6goCQyUhoMIt0XrvAZjocLRuxFFbDCeFwJ4BF/JrF+2pZuNHyizW9DyV6ZsIQJnetkePB1n3unIDO2neNuDLHG86MMp610XBmV6WBRYro8MPfIjFc8UXCB/oaYsbrTP7500mMxtneKnXbNAjkV367E8FYX9tDpzbGLWkMGJWtDNJK7I8P7364D4ymzL321m8estJHsOOPwngJ1uZYmU7YRH8/I47/f9OpYd5Tt4V+adDm/nVJTLl5H0nhX9bYMoNyR6QaNo7Z5vqHujgC+XWLhYeleyBZapRG9U6MBPLtwP2759lBqzqBN1YhXSwPGUKC4MbsjSOOgsahJx4Lg98hirhKp0y2UbwCjpHJ9RIrCvRFpFrV1OhOTDevQm7wB7Hmv0gy0t3EAr9sSTvYiVSdmnVipYx877+a49jCgpT4Ut5r6yZQdFssuMR8qpcpAGDOk/EWhgGzs4lLIiRpWXy7OdpJ4F2hibwHgLeCTuLDxwdzhGaRNdGr1Cm9m7M83vYZLkLSNIHiAlyYlWonSgmwzsPe1PtAI+IgRc2VJOnsO4XurBJMuTryk2KQDoJMrbHUEX4bB4kn+lMLZuftGjMYGputIo+V1suCCRZgezn9/6ZWqoF+8AU/aYupV279ZnEPaOyGxgmiDSq3553Jww==
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Dec 2023 11:29:01.6608
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 31a4ce7d-2967-4e57-0065-08dc0605dc1f
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 DS1PEPF00017092.namprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB6636
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,abner.chang@amd.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: 
 <https://edk2.groups.io/g/devel/leave/3901457/1787277/102458076/plugh>
X-Gm-Message-State: qtTAmAtvUTWWnJf5C21ykOrbx1787277AA=
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1703590149274100007
Content-Type: text/plain; charset="utf-8"

From: Abner Chang <abner.chang@amd.com>

Definitions of EDKII_HTTPS_TLS_PLATFORM_POLICY_PROTOCOL.

Signed-off-by: Abner Chang <abner.chang@amd.com>
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Cc: Michael Brown <mcb30@ipxe.org>
Cc: Nickle Wang <nicklew@nvidia.com>
Cc: Igor Kulchytskyy <igork@ami.com>
---
 NetworkPkg/NetworkPkg.dec                     |  3 +
 .../Protocol/HttpsTlsPlatformPolicyProtocol.h | 72 +++++++++++++++++++
 2 files changed, 75 insertions(+)
 create mode 100644 NetworkPkg/Include/Protocol/HttpsTlsPlatformPolicyProto=
col.h

diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec
index e06f35e7747..88676c7eaf6 100644
--- a/NetworkPkg/NetworkPkg.dec
+++ b/NetworkPkg/NetworkPkg.dec
@@ -94,6 +94,9 @@
   ## Include/Protocol/WiFiProfileSyncProtocol.h
   gEdkiiWiFiProfileSyncProtocolGuid =3D {0x399a2b8a, 0xc267, 0x44aa, {0x9a=
, 0xb4, 0x30, 0x58, 0x8c, 0xd2, 0x2d, 0xcc}}
=20
+  ## Include/Protocol/HttpsTlsPlatformPolicyProtocol.h
+  gEdkiiHttpsTlsPlatformPolicyProtocolGuid =3D {0xbfe8e3e3, 0xb884, 0x4a6f=
, {0xae, 0xd3, 0xb8, 0xdb, 0xeb, 0xc5, 0x58, 0xc0}}
+
 [PcdsFixedAtBuild]
   ## The max attempt number will be created by iSCSI driver.
   # @Prompt Max attempt number.
diff --git a/NetworkPkg/Include/Protocol/HttpsTlsPlatformPolicyProtocol.h b=
/NetworkPkg/Include/Protocol/HttpsTlsPlatformPolicyProtocol.h
new file mode 100644
index 00000000000..5f82ceba924
--- /dev/null
+++ b/NetworkPkg/Include/Protocol/HttpsTlsPlatformPolicyProtocol.h
@@ -0,0 +1,72 @@
+/** @file
+  This file defines the EDKII HTTPS TLS Platform Protocol interface.
+
+  Copyright (C) 2023 Advanced Micro Devices, Inc. All rights reserved.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef EDKII_HTTPS_TLS_PLATFORM_POLICY_PROTOCOL_H_
+#define EDKII_HTTPS_TLS_PLATFORM_POLICY_PROTOCOL_H_
+
+#include <Protocol/Http.h>
+#include <Protocol/Tls.h>
+
+#define EEDKII_HTTPS_TLS_PLATFORM_POLICY_PROTOCOL_GUID \
+  { \
+    0xbfe8e3e3, 0xb884, 0x4a6f, {0xae, 0xd3, 0xb8, 0xdb, 0xeb, 0xc5, 0x58,=
 0xc0} \
+  }
+
+typedef struct _EDKII_HTTPS_TLS_PLATFORM_POLICY_PROTOCOL EDKII_HTTPS_TLS_P=
LATFORM_POLICY_PROTOCOL;
+
+///
+/// EDKII_PLATFORM_HTTPS_TLS_CONFIG_DATA_VERSION
+///
+typedef struct {
+  UINT8    Major;
+  UINT8    Minor;
+} EDKII_PLATFORM_HTTPS_TLS_CONFIG_DATA_VERSION;
+
+typedef struct {
+  EDKII_PLATFORM_HTTPS_TLS_CONFIG_DATA_VERSION    Version;
+  ///
+  /// EDKII_PLATFORM_HTTPS_TLS_CONFIG_DATA_VERSION V1.0
+  ///
+  EFI_TLS_CONNECTION_END                          ConnectionEnd;
+  EFI_TLS_VERIFY                                  VerifyMethod;
+  EFI_TLS_VERIFY_HOST                             VerifyHost;
+} EDKII_PLATFORM_HTTPS_TLS_CONFIG_DATA;
+
+/**
+  Function to get platform HTTPS TLS Policy.
+
+  @param[in]   This                   Pointer to the EDKII_HTTPS_TLS_PLATF=
ORM_POLICY_PROTOCOL
+                                      instance.
+  @param[in]   HttpHandle             EFI_HTTP_PROTOCOL handle used to tra=
nsfer HTTP payload.
+  @param[out]  PlatformPolicy         Pointer to retrieve EDKII_PLATFORM_H=
TTPS_TLS_CONFIG_DATA.
+
+  @retval EFI_SUCCESS                 Platform HTTPS TLS config data is re=
turned in
+                                      PlatformPolicy.
+  @retval EFI_INVALID_PARAMETER       Either HttpHandle or PlatformPolicy =
is NULL, or both are NULL.
+  @retval EFI_NOT_FOUND               No HTTP protocol insterface is found=
 on HttpHandle.
+  @retval EFI_UNSUPPORTED             HttpProtocolInstance is not the HTTP=
 instance platform
+                                      would like to config.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EDKII_HTTPS_TLS_GET_PLATFORM_POLICY)(
+  IN   EDKII_HTTPS_TLS_PLATFORM_POLICY_PROTOCOL  *This,
+  IN   EFI_HANDLE                                HttpHandle,
+  OUT  EDKII_PLATFORM_HTTPS_TLS_CONFIG_DATA      *PlatformPolicy
+  );
+
+///
+/// Platform can install more than one EDKII_HTTPS_TLS_PLATFORM_POLICY_PRO=
TOCOL
+/// instances to return the platfrom HTTP TLS policy config data for the
+/// multiple HTTP instances.
+///
+struct _EDKII_HTTPS_TLS_PLATFORM_POLICY_PROTOCOL {
+  EDKII_HTTPS_TLS_GET_PLATFORM_POLICY    PlatformGetPolicy;
+};
+
+extern EFI_GUID  gEdkiiHttpsTlsPlatformPolicyProtocolGuid;
+#endif // EDKII_HTTPS_TLS_PLATFORM_POLICY_PROTOCOL_H_
--=20
2.37.1.windows.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#112914): https://edk2.groups.io/g/devel/message/112914
Mute This Topic: https://groups.io/mt/103368440/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
From nobody Tue May 14 08:43:58 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+112913+1787277+3901457@groups.io;
	arc=fail (BodyHash is different from the expected one)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1703590147881124.01355331207083;
 Tue, 26 Dec 2023 03:29:07 -0800 (PST)
Return-Path: <bounce+27952+112913+1787277+3901457@groups.io>
DKIM-Signature: a=rsa-sha256; bh=qJE9BAlLIQXoSXpW2nMSu6NT8i/+HCIfcQVbFhQb0C0=;
 c=relaxed/simple; d=groups.io;
 h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type;
 s=20140610; t=1703590147; v=1;
 b=I5eAam0Ox+/mq96Pz338I/+Y5ggv1ih52soUK18lmhVRu+ibuFFBwS73/ssd3Ij9l51q4ieM
 6GpAdIGRqcoPPpg+bCXBv3XZ4nNOcmMa9cYh991VyIzJenX+6v8oyWOXahO5xY8DJeLj6LrEEXw
 0SDbtlQ7FwwasJzQxJF5153Y=
X-Received: by 127.0.0.2 with SMTP id zAWyYY1788612xS25Y0Zt2JX;
 Tue, 26 Dec 2023 03:29:07 -0800
X-Received: from NAM04-BN8-obe.outbound.protection.outlook.com
 (NAM04-BN8-obe.outbound.protection.outlook.com [40.107.100.81])
 by mx.groups.io with SMTP id smtpd.web11.80179.1703590146458823043
 for <devel@edk2.groups.io>;
 Tue, 26 Dec 2023 03:29:06 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=ka+QAsT7nyW+qS93D+M5Q6euCDxz8I+oaCBT3UZ8h3vxl9dFNJY3AqaohZwFsP1eZNsmNj3r0ob1f8PZ37sdPDEkxLCZIdjWjVkjO/fCYWBYbODFD+bwxtZWUROHQQD9iKtACCDGctTPo5empXZCOz1Kh2Wh94cJSAlhd/QLM9DwEZBGYxBa9uTjjogHqB6aA4PpWLoSu5ffQXCJyVD52mO85fsHupsFtzOZeISfk2S2Bz0Kx5ISMExel2UcEDt+DUKuio7zcvOVddH3gDdZ+oM7L1KzYj64A6w/T2WFyBkXaoaFXrujSCFiNdS/WIGrQ+tF8whOND93wba4T79QZA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=GrZUBvZVr6V+0owlIMTV7QfvAIbWqN08e9P4Krt/zVc=;
 b=Qtmc68wagnNLxCfHlNG1WZOI2c735IKrfUvgyKGQf3bghhTDMdEaNmgFQDB8S0b9AUyBhQqxgi3yuEFV8OGLi8U5yQOqi79M6IfvZTaJgZPAmENBWlf6Z3d/2F8s4pp7PkHNStb3fR0+rVTiODCjCCmIAPlxscfKBv+Y57b0dpy2lxIUobpoA1/82+xMJHhT5LBepT8D5Ng4lbls3/7s7RhZWsb1lHcEC5QgpqYHNVzuxKo7kxFVQlkgrcgeLeceUL2RsA6wJvzDdHra4zJh956kgp7lLGZMdbXgLch+bqICkbF9x0gRjlpKOMcMSmlLE7jkEl0M6IrWWH03FJXjUA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com;
 dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
 header.from=amd.com; dkim=none (message not signed); arc=none (0)
X-Received: from DM6PR05CA0051.namprd05.prod.outlook.com (2603:10b6:5:335::20)
 by MW6PR12MB8899.namprd12.prod.outlook.com (2603:10b6:303:248::7) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7113.27; Tue, 26 Dec
 2023 11:29:03 +0000
X-Received: from DS1PEPF0001708E.namprd03.prod.outlook.com
 (2603:10b6:5:335:cafe::d5) by DM6PR05CA0051.outlook.office365.com
 (2603:10b6:5:335::20) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7135.18 via Frontend
 Transport; Tue, 26 Dec 2023 11:29:03 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+112913+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
X-Received: from SATLEXMB04.amd.com (165.204.84.17) by
 DS1PEPF0001708E.mail.protection.outlook.com (10.167.17.134) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.20.7135.14 via Frontend Transport; Tue, 26 Dec 2023 11:29:03 +0000
X-Received: from TPE-L1-ABNCHANG.amd.com (10.180.168.240) by
 SATLEXMB04.amd.com
 (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Tue, 26 Dec
 2023 05:29:01 -0600
From: "Chang, Abner via groups.io" <abner.chang=amd.com@groups.io>
To: <devel@edk2.groups.io>
CC: Saloni Kasbekar <saloni.kasbekar@intel.com>, Zachary Clark-williams
	<zachary.clark-williams@intel.com>, Michael Brown <mcb30@ipxe.org>, Nickle
 Wang <nicklew@nvidia.com>, Igor Kulchytskyy <igork@ami.com>
Subject: [edk2-devel] [RFC][PATCH 2/2] NetworkPkg: Check platform TLS policy
Date: Tue, 26 Dec 2023 19:28:39 +0800
Message-ID: <20231226112839.1152-3-abner.chang@amd.com>
In-Reply-To: <20231226112839.1152-1-abner.chang@amd.com>
References: <20231226112839.1152-1-abner.chang@amd.com>
MIME-Version: 1.0
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
 (10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DS1PEPF0001708E:EE_|MW6PR12MB8899:EE_
X-MS-Office365-Filtering-Correlation-Id: 81eb4ff7-8f4e-4639-8fce-08dc0605dd35
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Message-Info: 
 B+8xID5BVN+kNU3N2kWP9OUYUuD9h0mJlADcYGGd60k8T6wp67AGChXzJDqPaSaOjpbxasKdwT2IisV7tFqbNSXfzokTnzTCTuniWPnsRp27j99vi9BHHJxg+K55W/LdDD0iI2IIpKBADri6lKl5v/at6cLDbPYkVz1Zyw/E16KFPOdnMoRNqSusFhSG6b81pOKpmk1f6MVNXaCvPPO7XH+950jhOMvm76ZMtK72HLm4iuTePn5+OP04ckIJ7zTvSo+8NQ1boPwJZ00zBBRJZgI3x8rfT8pNjQB7kNcH2YgLD3yjfM9TFCqgRaz/OxmJKRWGLuXwTK8n6nv1GPQvJkjZPKAs+p9KkmUnLJqn61rdlUmyAeELK0sfwx0+xhqLwf8hAdLCpm7KYpVpfPiN4EZR2Z+r/b5U0VqjSJCIs6UuMOFMkt9W84vLVgLtG++LZ5mJ7sfghmDNTWTrBqvXbmZPGrFGUfVz+ZG3BVvF6jDD+WiFMj5SELraSvxKSxDSLKWaRcU/+Pk92huUw14xbHnElnda0JvUsyAB4HSZYoReUPg29HUG58pa8R8ykydPQQSk2Gv0qENjIXnFBvbJrAz6T+E/cj+wPdb9vMILY07w+QGGPnHNNyr5upXnLI7GfHL3OwaLlagcOoIEQqGPJKOrgrbqWGZQxnx1dBjCQS0N9r776M+ZhYteYoZNhqMKaQ8A1jABX200H8TNTaTNG844AJSTRvotYaoUCGV1PETxSFNoQfBLJTm9DQQYBCDiMI+wAPK+qkLipyFEEjTrUA==
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Dec 2023 11:29:03.4864
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 81eb4ff7-8f4e-4639-8fce-08dc0605dd35
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 DS1PEPF0001708E.namprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW6PR12MB8899
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,abner.chang@amd.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: 
 <https://edk2.groups.io/g/devel/leave/3901457/1787277/102458076/plugh>
X-Gm-Message-State: QqxjHA06eZSK8e7MLDGlSc9fx1787277AA=
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1703590149289100008
Content-Type: text/plain; charset="utf-8"

From: Abenr Chang <abner.chang@amd.com>

Go through each
EDKII_HTTPS_TLS_PLATFORM_POLICY_PROTOCOL protocol
instance to check if platform HTTPS TLS policy is
provided.

Signed-off-by: Abner Chang <abner.chang@amd.com>
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Cc: Michael Brown <mcb30@ipxe.org>
Cc: Nickle Wang <nicklew@nvidia.com>
Cc: Igor Kulchytskyy <igork@ami.com>
---
 NetworkPkg/HttpDxe/HttpDxe.inf    |   1 +
 NetworkPkg/HttpDxe/HttpDriver.h   |   1 +
 NetworkPkg/HttpDxe/HttpsSupport.c | 117 +++++++++++++++++++++++++++---
 3 files changed, 107 insertions(+), 12 deletions(-)

diff --git a/NetworkPkg/HttpDxe/HttpDxe.inf b/NetworkPkg/HttpDxe/HttpDxe.inf
index c9502d0bb6d..7699bd9cc17 100644
--- a/NetworkPkg/HttpDxe/HttpDxe.inf
+++ b/NetworkPkg/HttpDxe/HttpDxe.inf
@@ -66,6 +66,7 @@
   gEfiTlsProtocolGuid                              ## SOMETIMES_CONSUMES
   gEfiTlsConfigurationProtocolGuid                 ## SOMETIMES_CONSUMES
   gEdkiiHttpCallbackProtocolGuid                   ## SOMETIMES_CONSUMES
+  gEdkiiHttpsTlsPlatformPolicyProtocolGuid         ## SOMETIMES_CONSUMES
=20
 [Guids]
   gEfiTlsCaCertificateGuid                         ## SOMETIMES_CONSUMES  =
## Variable:L"TlsCaCertificate"
diff --git a/NetworkPkg/HttpDxe/HttpDriver.h b/NetworkPkg/HttpDxe/HttpDrive=
r.h
index 01a6bb7f4b7..5554befad4d 100644
--- a/NetworkPkg/HttpDxe/HttpDriver.h
+++ b/NetworkPkg/HttpDxe/HttpDriver.h
@@ -48,6 +48,7 @@
 #include <Protocol/Tls.h>
 #include <Protocol/TlsConfig.h>
 #include <Protocol/HttpCallback.h>
+#include <Protocol/HttpsTlsPlatformPolicyProtocol.h>
=20
 #include <Guid/ImageAuthentication.h>
 //
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSu=
pport.c
index 7330be42c00..354e5cfc79c 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
@@ -131,6 +131,93 @@ IsHttpsUrl (
   return FALSE;
 }
=20
+/**
+  Locate all EDKII_HTTPS_TLS_PLATFORM_POLICY_PROTOCOL instances and go thr=
ough each
+  to check if platform HTTPS TLS policy is provided.
+
+  @param[in]       HttpHandle         The HTTP protocol handle.
+  @param[in, out]  TlsConfigData      Pointer to TLS_CONFIG_DATA of this H=
TTP instance.
+
+**/
+VOID
+HttpsPlatformTlsPolicy (
+  IN EFI_HANDLE           HttpHandle,
+  IN OUT TLS_CONFIG_DATA  *TlsConfigData
+  )
+{
+  EFI_STATUS                                Status;
+  UINTN                                     NumHandles;
+  EFI_HANDLE                                *HandleBuffer;
+  EFI_HANDLE                                *HandleBufferIndex;
+  EDKII_PLATFORM_HTTPS_TLS_CONFIG_DATA      PlatformHttpsTlsPolicy;
+  EDKII_HTTPS_TLS_PLATFORM_POLICY_PROTOCOL  *ProtocolInterface;
+
+  if ((HttpHandle =3D=3D NULL) || (TlsConfigData =3D=3D NULL)) {
+    return;
+  }
+
+  Status =3D gBS->LocateHandleBuffer (
+                  ByProtocol,
+                  &gEdkiiHttpsTlsPlatformPolicyProtocolGuid,
+                  NULL,
+                  &NumHandles,
+                  &HandleBuffer
+                  );
+  if (EFI_ERROR (Status)) {
+    DEBUG ((
+      DEBUG_INFO,
+      "%a: There is no EDKII_HTTPS_TLS_PLATFORM_POLICY_PROTOCOL instance i=
s installed for HTTP this handle:0x%x.\n",
+      __func__,
+      HttpHandle
+      ));
+    return;
+  }
+
+  HandleBufferIndex =3D HandleBuffer;
+  while (NumHandles !=3D 0) {
+    Status =3D gBS->HandleProtocol (
+                    *HandleBufferIndex,
+                    &gEdkiiHttpsTlsPlatformPolicyProtocolGuid,
+                    (VOID **)&ProtocolInterface
+                    );
+    if (!EFI_ERROR (Status)) {
+      Status =3D ProtocolInterface->PlatformGetPolicy (
+                                    *HandleBufferIndex,
+                                    HttpHandle,
+                                    &PlatformHttpsTlsPolicy
+                                    );
+      if (!EFI_ERROR (Status)) {
+        if ((PlatformHttpsTlsPolicy.Version.Major =3D=3D 1) && (PlatformHt=
tpsTlsPolicy.Version.Minor =3D=3D 0)) {
+          //
+          // HTTPS platform TLS policy config data version 1.0.
+          //
+          TlsConfigData->ConnectionEnd =3D PlatformHttpsTlsPolicy.Connecti=
onEnd;
+          TlsConfigData->VerifyHost    =3D PlatformHttpsTlsPolicy.VerifyHo=
st;
+          TlsConfigData->VerifyMethod  =3D PlatformHttpsTlsPolicy.VerifyMe=
thod;
+          Status                       =3D EFI_SUCCESS;
+          break;
+        }
+      }
+    }
+
+    HandleBufferIndex++;
+    NumHandles--;
+    Status =3D EFI_NOT_FOUND;
+  }
+
+  FreePool ((VOID *)HandleBuffer);
+  if (!EFI_ERROR (Status)) {
+    DEBUG ((
+      DEBUG_INFO,
+      "%a: There is a EDKII_HTTPS_TLS_PLATFORM_POLICY_PROTOCOL instance in=
stalled for this HTTP handle:0x%x.\n",
+      __func__,
+      HttpHandle
+      ));
+  }
+
+  return;
+}
+
 /**
   Creates a Tls child handle, open EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURAT=
ION_PROTOCOL.
=20
@@ -650,6 +737,8 @@ TlsConfigureSession (
   HttpInstance->TlsConfigData.VerifyHost.HostName =3D HttpInstance->Remote=
Host;
   HttpInstance->TlsConfigData.SessionState        =3D EfiTlsSessionNotStar=
ted;
=20
+  HttpsPlatformTlsPolicy (HttpInstance->Handle, &HttpInstance->TlsConfigDa=
ta);
+
   //
   // EfiTlsConnectionEnd,
   // EfiTlsVerifyMethod,
@@ -676,14 +765,16 @@ TlsConfigureSession (
     return Status;
   }
=20
-  Status =3D HttpInstance->Tls->SetSessionData (
-                                HttpInstance->Tls,
-                                EfiTlsVerifyHost,
-                                &HttpInstance->TlsConfigData.VerifyHost,
-                                sizeof (EFI_TLS_VERIFY_HOST)
-                                );
-  if (EFI_ERROR (Status)) {
-    return Status;
+  if (HttpInstance->TlsConfigData.VerifyMethod !=3D EFI_TLS_VERIFY_NONE) {
+    Status =3D HttpInstance->Tls->SetSessionData (
+                                  HttpInstance->Tls,
+                                  EfiTlsVerifyHost,
+                                  &HttpInstance->TlsConfigData.VerifyHost,
+                                  sizeof (EFI_TLS_VERIFY_HOST)
+                                  );
+    if (EFI_ERROR (Status)) {
+      return Status;
+    }
   }
=20
   Status =3D HttpInstance->Tls->SetSessionData (
@@ -708,10 +799,12 @@ TlsConfigureSession (
   //
   // Tls Config Certificate
   //
-  Status =3D TlsConfigCertificate (HttpInstance);
-  if (EFI_ERROR (Status)) {
-    DEBUG ((DEBUG_ERROR, "TLS Certificate Config Error!\n"));
-    return Status;
+  if (HttpInstance->TlsConfigData.VerifyMethod !=3D EFI_TLS_VERIFY_NONE) {
+    Status =3D TlsConfigCertificate (HttpInstance);
+    if (EFI_ERROR (Status)) {
+      DEBUG ((DEBUG_ERROR, "TLS Certificate Config Error!\n"));
+      return Status;
+    }
   }
=20
   //
--=20
2.37.1.windows.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#112913): https://edk2.groups.io/g/devel/message/112913
Mute This Topic: https://groups.io/mt/103368439/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-