From nobody Mon Apr 29 08:10:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+68537+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+68537+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=hpe.com ARC-Seal: i=1; a=rsa-sha256; t=1607506223; cv=none; d=zohomail.com; s=zohoarc; b=H0XBgTRNaq1h3BYLUlOMGW6Nqz7damAx2mBEBKbOggA8I/6fmpcQG2FquBbz6/4fysa2g594KWKqoUgiYuFST/SsoxzpWeNyfzPyYpHIZPaC+Upspe3EjgpPUcrXdjjTlP7TYYaACi7ETKdyDhsGatUZNB5k+LcRt/XXB3ezHQk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1607506223; h=Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:Message-ID:Reply-To:References:Sender:Subject:To; bh=BTd5eT8dTsj3PiCv5J0z4dFDqA5KtUSSGmbXzurwK1E=; b=mg7/3wlVwNw8HsVOGiL6yXuTDlcNyKsgihNvbgeTao/lKi5n+BVwoa/h4m+TnY9+Ld3gTkqIyQIwx3YUabBm8skiZ1PhNzRAKmCE2yMCph7xNXoVhj7F6a4ENDgU4HsfTnaJ2wquzebnwTGQQ3Dwp6AL3O+ejMhSG8AvShPiVwE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+68537+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1607506223437650.7145141162913; Wed, 9 Dec 2020 01:30:23 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id wcHhYY1788612x0nMmKdURs2; Wed, 09 Dec 2020 01:30:23 -0800 X-Received: from mx0a-002e3701.pphosted.com (mx0a-002e3701.pphosted.com [148.163.147.86]) by mx.groups.io with SMTP id smtpd.web10.4184.1607506217782917455 for ; Wed, 09 Dec 2020 01:30:17 -0800 X-Received: from pps.filterd (m0148663.ppops.net [127.0.0.1]) by mx0a-002e3701.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 0B99TpiP003062 for ; Wed, 9 Dec 2020 09:30:17 GMT X-Received: from g9t5009.houston.hpe.com (g9t5009.houston.hpe.com [15.241.48.73]) by mx0a-002e3701.pphosted.com with ESMTP id 35agyhm6y8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 09 Dec 2020 09:30:17 +0000 X-Received: from g9t2301.houston.hpecorp.net (g9t2301.houston.hpecorp.net [16.220.97.129]) by g9t5009.houston.hpe.com (Postfix) with ESMTP id 9DBA06F for ; Wed, 9 Dec 2020 09:30:16 +0000 (UTC) X-Received: from abner-virtual-machine.asiapacific.hpqcorp.net (abner-virtual-machine.asiapacific.hpqcorp.net [15.119.210.153]) by g9t2301.houston.hpecorp.net (Postfix) with ESMTP id B87C648; Wed, 9 Dec 2020 09:30:15 +0000 (UTC) From: "Abner Chang" To: devel@edk2.groups.io Cc: Nickle Wang , Peter O'Hanley Subject: [edk2-devel] [PATCH 1/2] RedfishPkg/Include: EDKII Redfish Credential Header file Date: Wed, 9 Dec 2020 16:43:32 +0800 Message-Id: <20201209084333.22422-2-abner.chang@hpe.com> In-Reply-To: <20201209084333.22422-1-abner.chang@hpe.com> References: <20201209084333.22422-1-abner.chang@hpe.com> X-HPE-SCL: -1 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,abner.chang@hpe.com X-Gm-Message-State: z6yaFPYzwTYWN46N438uhgHJx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1607506223; bh=8eegA5UxPHbxh+S/emmcH91eURphX07UFBiHEgU6crk=; h=Cc:Date:From:Reply-To:Subject:To; b=c3pmpcdkv+1di3kOLLuh+d0God3ruEerbrSQmMZda1GEr8w8vkI5dw3LrRqrWusIYUJ msh+k0VESQ8dhC82wkkApMnnLGv+SNeKDtYD4eYnR8bGEZrB/kRt1lzorvOT+SpvN5Wl0 RsRzYva9joW5EjlTTAM7HVURNlC8eWQgylw= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Signed-off-by: Jiaxin Wu Signed-off-by: Ting Ye Signed-off-by: Siyuan Fu Signed-off-by: Fan Wang Signed-off-by: Abner Chang Cc: Nickle Wang Cc: Peter O'Hanley Reviewed-by: Nickle Wang --- .../Include/Protocol/EdkIIRedfishCredential.h | 101 ++++++++++++++++++ RedfishPkg/RedfishPkg.dec | 3 + 2 files changed, 104 insertions(+) create mode 100644 RedfishPkg/Include/Protocol/EdkIIRedfishCredential.h diff --git a/RedfishPkg/Include/Protocol/EdkIIRedfishCredential.h b/Redfish= Pkg/Include/Protocol/EdkIIRedfishCredential.h new file mode 100644 index 0000000000..34e33b1e00 --- /dev/null +++ b/RedfishPkg/Include/Protocol/EdkIIRedfishCredential.h @@ -0,0 +1,101 @@ +/** @file + This file defines the EDKII_REDFISH_CREDENTIAL_PROTOCOL interface. + + Copyright (c) 2019, Intel Corporation. All rights reserved.
+ (C) Copyright 2020 Hewlett Packard Enterprise Development LP
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef EDKII_REDFISH_CREDENTIAL_H_ +#define EDKII_REDFISH_CREDENTIAL_H_ + +typedef struct _EDKII_REDFISH_CREDENTIAL_PROTOCOL EDKII_REDFISH_CREDENTIAL= _PROTOCOL; + +#define EDKII_REDFISH_CREDENTIAL_PROTOCOL_GUID \ + { \ + 0x8804377, 0xaf7a, 0x4496, { 0x8a, 0x7b, 0x17, 0x59, 0x0, 0xe9, 0xab= , 0x46 } \ + } + +typedef enum { + AuthMethodNone, ///< No authentication is required. + AuthMethodHttpBasic, ///< Basic authentication is required. + AuthMethodRedfishSession, ///< Session authentication is required. + AuthMethodMax +} EDKII_REDFISH_AUTH_METHOD; + +typedef enum { + ServiceStopTypeNone =3D 0, ///< Stop Redfsih service without = reason. + ServiceStopTypeSecureBootDisabled, ///< Stop Redfsih service becasue EFI + ///< Secure Boot is disabled. + ServiceStopTypeExitBootService, ///< Stop Redfsih service becasue ex= isting + ///< Boot Service. + ServiceStopTypeMax +} EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE; + + +/** + Retrieve platform's Redfish authentication information. + + This functions returns the Redfish authentication method together with t= he user Id and + password. + - For AuthMethodNone, the UserId and Password could be used for HTTP hea= der authentication + as defined by RFC7235. + - For AuthMethodRedfishSession, the UserId and Password could be used fo= r Redfish + session login as defined by Redfish API specification (DSP0266). + + Callers are responsible for and freeing the returned string storage. + + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PRO= TOCOL instance. + @param[out] AuthMethod Type of Redfish authentication method. + @param[out] UserId The pointer to store the returned UserI= d string. + @param[out] Password The pointer to store the returned Passw= ord string. + + @retval EFI_SUCCESS Get the authentication information succ= essfully. + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe. + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or Passwor= d is NULL. + @retval EFI_OUT_OF_RESOURCES There are not enough memory resources. + @retval EFI_UNSUPPORTED Unsupported authentication method is fo= und. + +**/ +typedef +EFI_STATUS +(EFIAPI *EDKII_REDFISH_CREDENTIAL_PROTOCOL_GET_AUTH_INFO) ( + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod, + OUT CHAR8 **UserId, + OUT CHAR8 **Password + ); + +/** + Notify the Redfish service provide to stop provide configuration service= to this platform. + + This function should be called when the platfrom is about to leave the s= afe environment. + It will notify the Redfish service provider to abort all logined session= , and prohibit + further login with original auth info. GetAuthInfo() will return EFI_UNS= UPPORTED once this + function is returned. + + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PRO= TOCOL instance. + @param[in] ServiceStopType Reason of stopping Redfish service. + + @retval EFI_SUCCESS Service has been stoped successfully. + @retval EFI_INVALID_PARAMETER This is NULL. + @retval Others Some error happened. + +**/ +typedef +EFI_STATUS +(EFIAPI *EDKII_REDFISH_CREDENTIAL_PROTOCOL_STOP_SERVICE) ( + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType + ); + +struct _EDKII_REDFISH_CREDENTIAL_PROTOCOL { + EDKII_REDFISH_CREDENTIAL_PROTOCOL_GET_AUTH_INFO GetAuthInfo; + EDKII_REDFISH_CREDENTIAL_PROTOCOL_STOP_SERVICE StopService; +}; + +extern EFI_GUID gEdkIIRedfishCredentialProtocolGuid; + +#endif diff --git a/RedfishPkg/RedfishPkg.dec b/RedfishPkg/RedfishPkg.dec index b38e9b4789..861f6dd0c8 100644 --- a/RedfishPkg/RedfishPkg.dec +++ b/RedfishPkg/RedfishPkg.dec @@ -25,6 +25,9 @@ ## Include/Protocol/RedfishDiscover.h gEfiRedfishDiscoverProtocolGuid =3D { 0x5db12509, 0x4550, 0x4347, {= 0x96, 0xb3, 0x73, 0xc0, 0xff, 0x6e, 0x86, 0x9f }} =20 + ## Include/Protocol/EdkIIRedfishCredential.h + gEdkIIRedfishCredentialProtocolGuid =3D { 0x8804377, 0xaf7a, 0x4496, { 0= x8a, 0x7b, 0x17, 0x59, 0x0, 0xe9, 0xab, 0x46 } } + [Guids] gEfiRedfishPkgTokenSpaceGuid =3D { 0x4fdbccb7, 0xe829, 0x4b4c, { 0x= 88, 0x87, 0xb2, 0x3f, 0xd7, 0x25, 0x4b, 0x85 }} =20 --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#68537): https://edk2.groups.io/g/devel/message/68537 Mute This Topic: https://groups.io/mt/78825587/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon Apr 29 08:10:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+68538+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+68538+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=hpe.com ARC-Seal: i=1; a=rsa-sha256; t=1607506219; cv=none; d=zohomail.com; s=zohoarc; b=nRVNWZrH2jAr76kFNDfi3b6//S4KYZ1EOMB3tuL5u6R6uOF4ERbT73XVho49X8AvobFMVleGdfChuQ1mLLqg+9ltaFUOvzVp/tt6hK2GZqNkIanuta2L6DmEmleGqISiBq1wta4um4pqRqVpi9ja26U4SybTai7V6LKIX9pCOPo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1607506219; h=Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:Message-ID:Reply-To:References:Sender:Subject:To; bh=PrTETI6NMyG0k4Id6S0N4o0Dy/AeZvPi0Fxg9f8fTUc=; b=k1ZHBeDPcZT4+SahxBEgcW3Hcd6XT6Oj/FagREgL7s7zHw3ZB8w5yNY+fNgw/+OsHhFVjjs4SUhGx1oVYbsr9mVrdgZdTZVASWmU7f5m0yVGswFsEikSWUlsVF9EvHJy5k/yT5jZiCLgAkxb24uA4e6LzllUvA7f7toZwapKKfU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+68538+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1607506219851156.6510371502036; Wed, 9 Dec 2020 01:30:19 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id NytHYY1788612xkBFfPZZ7Hi; Wed, 09 Dec 2020 01:30:19 -0800 X-Received: from mx0a-002e3701.pphosted.com (mx0a-002e3701.pphosted.com [148.163.147.86]) by mx.groups.io with SMTP id smtpd.web11.4197.1607506218990414079 for ; Wed, 09 Dec 2020 01:30:19 -0800 X-Received: from pps.filterd (m0134421.ppops.net [127.0.0.1]) by mx0b-002e3701.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 0B99SICE028225 for ; Wed, 9 Dec 2020 09:30:18 GMT X-Received: from g9t5008.houston.hpe.com (g9t5008.houston.hpe.com [15.241.48.72]) by mx0b-002e3701.pphosted.com with ESMTP id 358m848smc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 09 Dec 2020 09:30:18 +0000 X-Received: from g9t2301.houston.hpecorp.net (g9t2301.houston.hpecorp.net [16.220.97.129]) by g9t5008.houston.hpe.com (Postfix) with ESMTP id D207A59 for ; Wed, 9 Dec 2020 09:30:17 +0000 (UTC) X-Received: from abner-virtual-machine.asiapacific.hpqcorp.net (abner-virtual-machine.asiapacific.hpqcorp.net [15.119.210.153]) by g9t2301.houston.hpecorp.net (Postfix) with ESMTP id EC43A4D; Wed, 9 Dec 2020 09:30:16 +0000 (UTC) From: "Abner Chang" To: devel@edk2.groups.io Cc: Nickle Wang , Peter O'Hanley Subject: [edk2-devel] [PATCH 2/2] RedfishPkg/RedfishCredentialDxe: EDKII Redfish Credential DXE driver Date: Wed, 9 Dec 2020 16:43:33 +0800 Message-Id: <20201209084333.22422-3-abner.chang@hpe.com> In-Reply-To: <20201209084333.22422-1-abner.chang@hpe.com> References: <20201209084333.22422-1-abner.chang@hpe.com> X-HPE-SCL: -1 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,abner.chang@hpe.com X-Gm-Message-State: 4FV998EWYb4mUpRZnh61mvh8x1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1607506219; bh=TmjYMUYmnIF3bjmRALQV7kmJpMIPPC1Y42UJDqqo3bM=; h=Cc:Date:From:Reply-To:Subject:To; b=bdYb78MvyQ49PU4IyiM2BTDuZHSXNEPvX0uGW4FHYDiGb08q0oDCv4K2TsXQ7OZjGzf 4vhnKl9GzDe4/dKNodKZEOeIHwr27w3EyRB4f9Oplq+sTUx8Vre3evMdPmQvxdmmWioeg j39WPvBKFt0XG0ol1BzMntoGoYZEaoXwLnk= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" EDKII Redfish Credential DXE driver which abstracts platform Redfish credential implementation. Signed-off-by: Jiaxin Wu Signed-off-by: Ting Ye Signed-off-by: Siyuan Fu Signed-off-by: Fan Wang Signed-off-by: Abner Chang Cc: Nickle Wang Cc: Peter O'Hanley Reviewed-by: Nickle Wang --- .../Include/Library/RedfishCredentialLib.h | 91 ++++++++ .../PlatformCredentialLibNull.c | 101 +++++++++ .../PlatformCredentialLibNull.inf | 30 +++ RedfishPkg/Redfish.fdf.inc | 1 + RedfishPkg/RedfishComponents.dsc.inc | 1 + .../RedfishCredentialDxe.c | 209 ++++++++++++++++++ .../RedfishCredentialDxe.h | 75 +++++++ .../RedfishCredentialDxe.inf | 51 +++++ RedfishPkg/RedfishPkg.dec | 4 + RedfishPkg/RedfishPkg.dsc | 2 + 10 files changed, 565 insertions(+) create mode 100644 RedfishPkg/Include/Library/RedfishCredentialLib.h create mode 100644 RedfishPkg/Library/PlatformCredentialLibNull/PlatformCr= edentialLibNull.c create mode 100644 RedfishPkg/Library/PlatformCredentialLibNull/PlatformCr= edentialLibNull.inf create mode 100644 RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c create mode 100644 RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h create mode 100644 RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf diff --git a/RedfishPkg/Include/Library/RedfishCredentialLib.h b/RedfishPkg= /Include/Library/RedfishCredentialLib.h new file mode 100644 index 0000000000..dac1b3303f --- /dev/null +++ b/RedfishPkg/Include/Library/RedfishCredentialLib.h @@ -0,0 +1,91 @@ +/** @file + Definitinos of RedfishHostInterfaceDxe driver. + + (C) Copyright 2020 Hewlett Packard Enterprise Development LP
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +#ifndef REDFISH_CREDENTIAL_LIB_H_ +#define REDFISH_CREDENTIAL_LIB_H_ + +#include + +/** + Notification of Exit Boot Service. + + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. +**/ +VOID +EFIAPI +LibCredentialExitBootServicesNotify ( + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This +); + +/** + Notification of End of DXe. + + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. +**/ +VOID +EFIAPI +LibCredentialEndOfDxeNotify ( + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This +); + +/** + Retrieve platform's Redfish authentication information. + + This functions returns the Redfish authentication method together with t= he user Id and + password. + - For AuthMethodNone, the UserId and Password could be used for HTTP hea= der authentication + as defined by RFC7235. + - For AuthMethodRedfishSession, the UserId and Password could be used fo= r Redfish + session login as defined by Redfish API specification (DSP0266). + + Callers are responsible for and freeing the returned string storage. + + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PRO= TOCOL instance. + @param[out] AuthMethod Type of Redfish authentication method. + @param[out] UserId The pointer to store the returned UserI= d string. + @param[out] Password The pointer to store the returned Passw= ord string. + + @retval EFI_SUCCESS Get the authentication information succ= essfully. + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe. + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or Passwor= d is NULL. + @retval EFI_OUT_OF_RESOURCES There are not enough memory resources. + @retval EFI_UNSUPPORTED Unsupported authentication method is fo= und. + +**/ +EFI_STATUS +EFIAPI +LibCredentialGetAuthInfo ( + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod, + OUT CHAR8 **UserId, + OUT CHAR8 **Password +); + +/** + Notify the Redfish service provide to stop provide configuration service= to this platform. + + This function should be called when the platfrom is about to leave the s= afe environment. + It will notify the Redfish service provider to abort all logined session= , and prohibit + further login with original auth info. GetAuthInfo() will return EFI_UNS= UPPORTED once this + function is returned. + + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PRO= TOCOL instance. + @param[in] ServiceStopType Reason of stopping Redfish service. + + @retval EFI_SUCCESS Service has been stoped successfully. + @retval EFI_INVALID_PARAMETER This is NULL. + @retval Others Some error happened. + +**/ +EFI_STATUS +EFIAPI +LibStopRedfishService ( + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType +); +#endif diff --git a/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentia= lLibNull.c b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentia= lLibNull.c new file mode 100644 index 0000000000..39de622d59 --- /dev/null +++ b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNul= l.c @@ -0,0 +1,101 @@ +/** @file + NULL instace of RedfishPlatformCredentialLib + + (C) Copyright 2020 Hewlett Packard Enterprise Development LP
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +#include +#include +/** + Notification of Exit Boot Service. + + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. +**/ +VOID +EFIAPI +LibCredentialExitBootServicesNotify ( + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This +) +{ + return; +} + +/** + Notification of End of DXe. + + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL. +**/ +VOID +EFIAPI +LibCredentialEndOfDxeNotify ( + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This +) +{ + return; +} + +/** + Retrieve platform's Redfish authentication information. + + This functions returns the Redfish authentication method together with t= he user Id and + password. + - For AuthMethodNone, the UserId and Password could be used for HTTP hea= der authentication + as defined by RFC7235. + - For AuthMethodRedfishSession, the UserId and Password could be used fo= r Redfish + session login as defined by Redfish API specification (DSP0266). + + Callers are responsible for and freeing the returned string storage. + + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PRO= TOCOL instance. + @param[out] AuthMethod Type of Redfish authentication method. + @param[out] UserId The pointer to store the returned UserI= d string. + @param[out] Password The pointer to store the returned Passw= ord string. + + @retval EFI_SUCCESS Get the authentication information succ= essfully. + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe. + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or Passwor= d is NULL. + @retval EFI_OUT_OF_RESOURCES There are not enough memory resources. + @retval EFI_UNSUPPORTED Unsupported authentication method is fo= und. + +**/ +EFI_STATUS +EFIAPI +LibCredentialGetAuthInfo ( + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod, + OUT CHAR8 **UserId, + OUT CHAR8 **Password +) +{ + return EFI_UNSUPPORTED; +} + +/** + Notify the Redfish service provide to stop provide configuration service= to this platform. + + This function should be called when the platfrom is about to leave the s= afe environment. + It will notify the Redfish service provider to abort all logined session= , and prohibit + further login with original auth info. GetAuthInfo() will return EFI_UNS= UPPORTED once this + function is returned. + + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PRO= TOCOL instance. + @param[in] ServiceStopType Reason of stopping Redfish service. + + @retval EFI_SUCCESS Service has been stoped successfully. + @retval EFI_INVALID_PARAMETER This is NULL or given the worng Service= StopType. + @retval EFI_UNSUPPORTED Not support to stop Redfish service. + @retval Others Some error happened. + +**/ +EFI_STATUS +EFIAPI +LibStopRedfishService ( + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType + ) +{ + return EFI_UNSUPPORTED; +} + diff --git a/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentia= lLibNull.inf b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredent= ialLibNull.inf new file mode 100644 index 0000000000..4c22e89718 --- /dev/null +++ b/RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNul= l.inf @@ -0,0 +1,30 @@ +## @file +# NULL instance of RedfishPlatformCredentialLib +# +# (C) Copyright 2020 Hewlett Packard Enterprise Development LP
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x0001000b + BASE_NAME =3D RedfishPlatformCredentialLibNull + FILE_GUID =3D CA3BD843-0BDD-4EE0-A38A-B45CA663114F + MODULE_TYPE =3D DXE_DRIVER + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D RedfishPlatformCredentialLib + +# +# VALID_ARCHITECTURES =3D IA32 X64 ARM AARCH64 RISCV64 +# + +[Sources] + PlatformCredentialLibNull.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + RedfishPkg/RedfishPkg.dec + + diff --git a/RedfishPkg/Redfish.fdf.inc b/RedfishPkg/Redfish.fdf.inc index 19de479a80..24e32e0abf 100644 --- a/RedfishPkg/Redfish.fdf.inc +++ b/RedfishPkg/Redfish.fdf.inc @@ -13,4 +13,5 @@ !if $(REDFISH_ENABLE) =3D=3D TRUE INF RedfishPkg/RestJsonStructureDxe/RestJsonStructureDxe.inf INF RedfishPkg/RedfishHostInterfaceDxe/RedfishHostInterfaceDxe.inf + INF RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf !endif diff --git a/RedfishPkg/RedfishComponents.dsc.inc b/RedfishPkg/RedfishCompo= nents.dsc.inc index ac1b57ed8f..ff32653ec8 100644 --- a/RedfishPkg/RedfishComponents.dsc.inc +++ b/RedfishPkg/RedfishComponents.dsc.inc @@ -15,4 +15,5 @@ !if $(REDFISH_ENABLE) =3D=3D TRUE RedfishPkg/RestJsonStructureDxe/RestJsonStructureDxe.inf RedfishPkg/RedfishHostInterfaceDxe/RedfishHostInterfaceDxe.inf + RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf !endif diff --git a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c b/Redfi= shPkg/RedfishCredentialDxe/RedfishCredentialDxe.c new file mode 100644 index 0000000000..f48d1d011c --- /dev/null +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.c @@ -0,0 +1,209 @@ +/** @file + RedfishCrentialDxe produces the EdkIIRedfishCredentialProtocol for the c= onsumer + to get the Redfish credential Info and to restrict Redfish access from U= EFI side. + + (C) Copyright 2020 Hewlett Packard Enterprise Development LP
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +EDKII_REDFISH_CREDENTIAL_PROTOCOL mRedfishCredentialProtocol =3D { + RedfishCredentialGetAuthInfo, + RedfishCredentialStopService +}; + +/** + Callback function executed when the ExitBootServices event group is sign= aled. + + @param[in] Event Event whose notification function is being invoked. + @param[out] Context Pointer to the buffer pass in. +**/ +VOID +EFIAPI +RedfishCredentialExitBootServicesEventNotify ( + IN EFI_EVENT Event, + OUT VOID *Context + ) +{ + LibCredentialExitBootServicesNotify ((EDKII_REDFISH_CREDENTIAL_PROTOCOL = *)Context); +} + +/** + Callback function executed when the EndOfDxe event group is signaled. + + @param[in] Event Event whose notification function is being invoked. + @param[out] Context Pointer to the buffer pass in. +**/ +VOID +EFIAPI +RedfishCredentialEndOfDxeEventNotify ( + IN EFI_EVENT Event, + OUT VOID *Context + ) +{ + LibCredentialEndOfDxeNotify ((EDKII_REDFISH_CREDENTIAL_PROTOCOL *)Contex= t); + + // + // Close event, so it will not be invoked again. + // + gBS->CloseEvent (Event); +} + +/** + Retrieve platform's Redfish authentication information. + + This functions returns the Redfish authentication method together with t= he user Id and + password. + - For AuthMethodNone, the UserId and Password could be used for HTTP hea= der authentication + as defined by RFC7235. + - For AuthMethodRedfishSession, the UserId and Password could be used fo= r Redfish + session login as defined by Redfish API specification (DSP0266). + + Callers are responsible for and freeing the returned string storage. + + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PRO= TOCOL instance. + @param[out] AuthMethod Type of Redfish authentication method. + @param[out] UserId The pointer to store the returned UserI= d string. + @param[out] Password The pointer to store the returned Passw= ord string. + + @retval EFI_SUCCESS Get the authentication information succ= essfully. + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe. + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or Passwor= d is NULL. + @retval EFI_OUT_OF_RESOURCES There are not enough memory resources. + @retval EFI_UNSUPPORTED Unsupported authentication method is fo= und. + +**/ +EFI_STATUS +EFIAPI +RedfishCredentialGetAuthInfo ( + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod, + OUT CHAR8 **UserId, + OUT CHAR8 **Password + ) +{ + if (This =3D=3D NULL || AuthMethod =3D=3D NULL || UserId =3D=3D NULL || = Password =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + + return LibCredentialGetAuthInfo (This, AuthMethod, UserId,Password); +} + +/** + Notify the Redfish service provide to stop provide configuration service= to this platform. + + This function should be called when the platfrom is about to leave the s= afe environment. + It will notify the Redfish service provider to abort all logined session= , and prohibit + further login with original auth info. GetAuthInfo() will return EFI_UNS= UPPORTED once this + function is returned. + + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PRO= TOCOL instance. + @param[in] ServiceStopType Reason of stopping Redfish service. + + @retval EFI_SUCCESS Service has been stoped successfully. + @retval EFI_INVALID_PARAMETER This is NULL or given the worng Service= StopType. + @retval EFI_UNSUPPORTED Not support to stop Redfish service. + @retval Others Some error happened. + +**/ +EFI_STATUS +EFIAPI +RedfishCredentialStopService ( + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType + ) +{ + if (This =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + + return LibStopRedfishService (This, ServiceStopType); +} + +/** + Main entry for this driver. + + @param ImageHandle Image handle this driver. + @param SystemTable Pointer to SystemTable. + + @retval EFI_SUCESS This function always complete successfully. + +**/ +EFI_STATUS +EFIAPI +RedfishCredentialDxeDriverEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + EFI_HANDLE Handle; + EFI_EVENT EndOfDxeEvent; + EFI_EVENT ExitBootServiceEvent; + + Handle =3D NULL; + + // + // Install the RedfishCredentialProtocol onto Handle. + // + Status =3D gBS->InstallMultipleProtocolInterfaces ( + &Handle, + &gEdkIIRedfishCredentialProtocolGuid, + &mRedfishCredentialProtocol, + NULL + ); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // After EndOfDxe, if SecureBoot is disabled, Redfish Credential Protoco= l should return + // error code to caller to avoid the 3rd code to bypass Redfish Credenti= al Protocol and + // retrieve userid/pwd directly. So, here, we create EndOfDxe Event to c= heck SecureBoot + // status. + // + Status =3D gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_CALLBACK, + RedfishCredentialEndOfDxeEventNotify, + (VOID *)&mRedfishCredentialProtocol, + &gEfiEndOfDxeEventGroupGuid, + &EndOfDxeEvent + ); + if (EFI_ERROR (Status)) { + goto ON_ERROR; + } + + // + // After ExitBootServices, Redfish Credential Protocol should stop the s= ervice. + // So, here, we create ExitBootService Event to stop service. + // + Status =3D gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_CALLBACK, + RedfishCredentialExitBootServicesEventNotify, + (VOID *)&mRedfishCredentialProtocol, + &gEfiEventExitBootServicesGuid, + &ExitBootServiceEvent + ); + if (EFI_ERROR (Status)) { + gBS->CloseEvent (EndOfDxeEvent); + goto ON_ERROR; + } + + return EFI_SUCCESS; + +ON_ERROR: + + gBS->UninstallMultipleProtocolInterfaces ( + Handle, + &gEdkIIRedfishCredentialProtocolGuid, + &mRedfishCredentialProtocol, + NULL + ); + + return Status; +} diff --git a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h b/Redfi= shPkg/RedfishCredentialDxe/RedfishCredentialDxe.h new file mode 100644 index 0000000000..6e7e417b33 --- /dev/null +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.h @@ -0,0 +1,75 @@ +/** @file + Definition of Redfish Credential DXE driver. + + (C) Copyright 2020 Hewlett Packard Enterprise Development LP
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +#ifndef EDKII_REDFISH_CREDENTIAL_DXE_H_ +#define EDKII_REDFISH_CREDENTIAL_DXE_H_ + +#include + +#include +#include +#include +#include +#include +#include + +/** + Retrieve platform's Redfish authentication information. + + This functions returns the Redfish authentication method together with t= he user Id and + password. + - For AuthMethodNone, the UserId and Password could be used for HTTP hea= der authentication + as defined by RFC7235. + - For AuthMethodRedfishSession, the UserId and Password could be used fo= r Redfish + session login as defined by Redfish API specification (DSP0266). + + Callers are responsible for and freeing the returned string storage. + + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PRO= TOCOL instance. + @param[out] AuthMethod Type of Redfish authentication method. + @param[out] UserId The pointer to store the returned UserI= d string. + @param[out] Password The pointer to store the returned Passw= ord string. + + @retval EFI_SUCCESS Get the authentication information succ= essfully. + @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe. + @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or Passwor= d is NULL. + @retval EFI_OUT_OF_RESOURCES There are not enough memory resources. + @retval EFI_UNSUPPORTED Unsupported authentication method is fo= und. + +**/ +EFI_STATUS +EFIAPI +RedfishCredentialGetAuthInfo ( + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, + OUT EDKII_REDFISH_AUTH_METHOD *AuthMethod, + OUT CHAR8 **UserId, + OUT CHAR8 **Password + ); + +/** + Notify the Redfish service provide to stop provide configuration service= to this platform. + + This function should be called when the platfrom is about to leave the s= afe environment. + It will notify the Redfish service provider to abort all logined session= , and prohibit + further login with original auth info. GetAuthInfo() will return EFI_UNS= UPPORTED once this + function is returned. + + @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PRO= TOCOL instance. + + @retval EFI_SUCCESS Service has been stoped successfully. + @retval EFI_INVALID_PARAMETER This is NULL. + @retval Others Some error happened. + +**/ +EFI_STATUS +EFIAPI +RedfishCredentialStopService ( + IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This, + IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType + ); +#endif diff --git a/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf b/Red= fishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf new file mode 100644 index 0000000000..707d9a04d9 --- /dev/null +++ b/RedfishPkg/RedfishCredentialDxe/RedfishCredentialDxe.inf @@ -0,0 +1,51 @@ +## @file +# RedfishCredentialDxe is required to produce the +# EdkII RedfishCredentialProtocol for the consumer to get the Redfish +# credential Info and to restrict Redfish access from UEFI side. +# +# (C) Copyright 2020 Hewlett Packard Enterprise Development LP
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x0001000b + BASE_NAME =3D RedfishCredentialDxe + FILE_GUID =3D 458CE95A-4942-09A9-5D21-A6B16D5DAD7F + MODULE_TYPE =3D DXE_DRIVER + VERSION_STRING =3D 1.0 + ENTRY_POINT =3D RedfishCredentialDxeDriverEntryPoint + +# +# VALID_ARCHITECTURES =3D IA32 X64 ARM AARCH64 RISCV64 +# + +[Sources] + RedfishCredentialDxe.c + RedfishCredentialDxe.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + RedfishPkg/RedfishPkg.dec + +[LibraryClasses] + BaseLib + DebugLib + PrintLib + RedfishPlatformCredentialLib + UefiBootServicesTableLib + UefiDriverEntryPoint + UefiRuntimeServicesTableLib + UefiLib + +[Protocols] + gEdkIIRedfishCredentialProtocolGuid ## BY_START + + +[Guids] + gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event + gEfiEventExitBootServicesGuid ## CONSUMES ## Event + +[Depex] + TRUE diff --git a/RedfishPkg/RedfishPkg.dec b/RedfishPkg/RedfishPkg.dec index 861f6dd0c8..fc56b4fefb 100644 --- a/RedfishPkg/RedfishPkg.dec +++ b/RedfishPkg/RedfishPkg.dec @@ -21,6 +21,10 @@ # Platform implementation-specific Redfish Host Interface. RedfishPlatformHostInterfaceLib|Include/Library/RedfishHostInterfaceLib.h =20 + ## @libraryclass Platform Redfish Credential Library + # Platform implementation-specific Redfish Credential Interface. + RedfishPlatformCredentialLib|Include/Library/RedfishCredentialLib.h + [Protocols] ## Include/Protocol/RedfishDiscover.h gEfiRedfishDiscoverProtocolGuid =3D { 0x5db12509, 0x4550, 0x4347, {= 0x96, 0xb3, 0x73, 0xc0, 0xff, 0x6e, 0x86, 0x9f }} diff --git a/RedfishPkg/RedfishPkg.dsc b/RedfishPkg/RedfishPkg.dsc index 94e7127bc6..f7d5b90918 100644 --- a/RedfishPkg/RedfishPkg.dsc +++ b/RedfishPkg/RedfishPkg.dsc @@ -32,6 +32,7 @@ DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseD= ebugPrintErrorLevelLib.inf PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf RedfishPlatformHostInterfaceLib|RedfishPkg/Library/PlatformHostInterface= LibNull/PlatformHostInterfaceLibNull.inf + RedfishPlatformCredentialLib|RedfishPkg/Library/PlatformCredentialLibNul= l/PlatformCredentialLibNull.inf =20 [LibraryClasses.ARM, LibraryClasses.AARCH64] # @@ -43,5 +44,6 @@ =20 [Components] RedfishPkg/Library/PlatformHostInterfaceLibNull/PlatformHostInterfaceLib= Null.inf + RedfishPkg/Library/PlatformCredentialLibNull/PlatformCredentialLibNull.i= nf =20 !include RedfishPkg/Redfish.dsc.inc --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#68538): https://edk2.groups.io/g/devel/message/68538 Mute This Topic: https://groups.io/mt/78825588/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-