Series comparison

From: Abner Chang <abner.chang@amd.com>

For the HTTPS connetion that doesn't require TLS peer verification,
We introduce a new HTTP event HttpEventTlsConfigured to notify HTTP callback
functions after TlsConfigureSession(). With this event, the upper layer
HTTP application can listen to HttpEventTlsConfigured HTTP event and
reconfigure TLS configuration data in the callback function to set TLS verify
method to TLS_VERIFY_NONE.
The use case such as Redfish service connction which doesn't require the
TLS peer verification on the cetificate, especially to the Redfish service
connection through the in-band network interface.
The root cause we are fixing is the TLS config data is hardcoded in
TlsConfigureSession() for any TLS child in HttpSupport.c. With this hardcoded
code, HTTP application has no way to give the proper TLS config data when TLS
session is initiated.

In Patch 1/5: We agreed to refactor TlsCreateChild and install TLS on
              the given HTTP handle.
In Patch 2/5: We consider TLS certificate not found as a success case to
              ensures HTTP session is still initiated and HttpInitSession()
              returns EFI_SUCCESS to the caller. The failure is pushed back to
              TLS DXE driver if the HTTP communication actually requires
              certificate.
In Patch 3/5: Introduce HttpEventTlsConfigured HTTP callback event
In Patch 4/5: REST EX DXE provides HTTP event callback protocol
In Patch 5/5: REST EX DXE fix.

Abner Chang (5):
  NetwokrPkg/HttpDxe: Refactor TlsCreateChild
  NetwokrPkg/HttpDxe: Consider TLS certificate not found as a success
    case
  NetwokrPkg/HttpDxe: Add HttpEventTlsConfigured HTTP callback event
  RedfishPkg/RedfishRestExDxe: Implement EDKII_HTTP_CALLBACK_PROTOCOL
  RedfishPkg/RedfishRestExDxe: Update Supported function

.../RedfishRestExDxe/RedfishRestExDxe.inf     |  2 +
 NetworkPkg/HttpDxe/HttpProto.h                |  3 +-
 NetworkPkg/HttpDxe/HttpsSupport.h             | 18 ++--
 NetworkPkg/Include/Protocol/HttpCallback.h    | 11 +++
 .../RedfishRestExDxe/RedfishRestExDriver.h    | 31 ++++--
 NetworkPkg/HttpDxe/HttpImpl.c                 | 23 +----
 NetworkPkg/HttpDxe/HttpProto.c                |  8 +-
 NetworkPkg/HttpDxe/HttpsSupport.c             | 95 ++++++++++++-------
 .../RedfishRestExDxe/RedfishRestExDriver.c    | 84 ++++++++++++++++
 9 files changed, 198 insertions(+), 77 deletions(-)

-- 
2.37.1.windows.1

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113224): https://edk2.groups.io/g/devel/message/113224
Mute This Topic: https://groups.io/mt/103539577/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

From: Abner Chang <abner.chang@amd.com>

- Use HTTP instance as the parameter for TlsCreateChild function.
- Install TLS protocol on the HTTP instance thats create TLS child.

Signed-off-by: Abner Chang <abner.chang@amd.com>
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Cc: Michael Brown <mcb30@ipxe.org>
Cc: Nickle Wang <nicklew@nvidia.com>
Cc: Igor Kulchytskyy <igork@ami.com>
---
 NetworkPkg/HttpDxe/HttpProto.h | 3 +-
 NetworkPkg/HttpDxe/HttpsSupport.h | 18 ++++---
 NetworkPkg/HttpDxe/HttpImpl.c | 23 ++-------
 NetworkPkg/HttpDxe/HttpProto.c | 7 +--
 NetworkPkg/HttpDxe/HttpsSupport.c | 78 ++++++++++++++++++-------------
 5 files changed, 64 insertions(+), 65 deletions(-)

diff --git a/NetworkPkg/HttpDxe/HttpProto.h b/NetworkPkg/HttpDxe/HttpProto.h
index XXXXXXX..XXXXXXX 100644
--- a/NetworkPkg/HttpDxe/HttpProto.h
+++ b/NetworkPkg/HttpDxe/HttpProto.h
@@ -XXX,XX +XXX,XX @@
 
 Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved. 
 (C) Copyright 2016 Hewlett Packard Enterprise Development LP 
+Copyright (C) 2024 Advanced Micro Devices, Inc. All rights reserved. 
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -XXX,XX +XXX,XX @@ typedef struct _HTTP_PROTOCOL {
 BOOLEAN UseHttps;
 
 EFI_SERVICE_BINDING_PROTOCOL *TlsSb;
- EFI_HANDLE TlsChildHandle; /// Tls ChildHandle
+ BOOLEAN TlsAlreadyCreated;
 TLS_CONFIG_DATA TlsConfigData;
 EFI_TLS_PROTOCOL *Tls;
 EFI_TLS_CONFIGURATION_PROTOCOL *TlsConfiguration;
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.h b/NetworkPkg/HttpDxe/HttpsSupport.h
index XXXXXXX..XXXXXXX 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.h
+++ b/NetworkPkg/HttpDxe/HttpsSupport.h
@@ -XXX,XX +XXX,XX @@
 The header files of miscellaneous routines specific to Https for HttpDxe driver.
 
 Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved. 
+Copyright (C) 2024 Advanced Micro Devices, Inc. All rights reserved. 
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -XXX,XX +XXX,XX @@ IsHttpsUrl (
 /**
 Creates a Tls child handle, open EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
 
- @param[in] ImageHandle The firmware allocated handle for the UEFI image.
- @param[out] TlsSb Pointer to the TLS SERVICE_BINDING_PROTOCOL.
- @param[out] TlsProto Pointer to the EFI_TLS_PROTOCOL instance.
- @param[out] TlsConfiguration Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
+ @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
 
- @return The child handle with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
+ @return EFI_SUCCESS TLS child handle is returned in HttpInstance->TlsChildHandle
+ with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
+ EFI_DEVICE_ERROR TLS service binding protocol is not found.
+ Otherwise Fail to create TLS chile handle.
 
 **/
-EFI_HANDLE
+EFI_STATUS
 EFIAPI
 TlsCreateChild (
- IN EFI_HANDLE ImageHandle,
- OUT EFI_SERVICE_BINDING_PROTOCOL **TlsSb,
- OUT EFI_TLS_PROTOCOL **TlsProto,
- OUT EFI_TLS_CONFIGURATION_PROTOCOL **TlsConfiguration
+ IN HTTP_PROTOCOL *HttpInstance
 );
 
 /**
diff --git a/NetworkPkg/HttpDxe/HttpImpl.c b/NetworkPkg/HttpDxe/HttpImpl.c
index XXXXXXX..XXXXXXX 100644
--- a/NetworkPkg/HttpDxe/HttpImpl.c
+++ b/NetworkPkg/HttpDxe/HttpImpl.c
@@ -XXX,XX +XXX,XX @@
 
 Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved. 
 (C) Copyright 2015-2016 Hewlett Packard Enterprise Development LP 
+ Copyright (C) 2024 Advanced Micro Devices, Inc. All rights reserved. 
 
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -XXX,XX +XXX,XX @@ EfiHttpRequest (
 HTTP_TOKEN_WRAP *Wrap;
 CHAR8 *FileUrl;
 UINTN RequestMsgSize;
- EFI_HANDLE ImageHandle;
 
 //
 // Initializations
@@ -XXX,XX +XXX,XX @@ EfiHttpRequest (
 //
 // Check whether we need to create Tls child and open the TLS protocol.
 //
- if (HttpInstance->UseHttps && (HttpInstance->TlsChildHandle == NULL)) {
- //
- // Use TlsSb to create Tls child and open the TLS protocol.
- //
- if (HttpInstance->LocalAddressIsIPv6) {
- ImageHandle = HttpInstance->Service->Ip6DriverBindingHandle;
- } else {
- ImageHandle = HttpInstance->Service->Ip4DriverBindingHandle;
- }
-
- HttpInstance->TlsChildHandle = TlsCreateChild (
- ImageHandle,
- &(HttpInstance->TlsSb),
- &(HttpInstance->Tls),
- &(HttpInstance->TlsConfiguration)
- );
- if (HttpInstance->TlsChildHandle == NULL) {
+ if (HttpInstance->UseHttps && !HttpInstance->TlsAlreadyCreated) {
+ // Create TLS child for this HTTP instance.
+ Status = TlsCreateChild (HttpInstance);
+ if (EFI_ERROR (Status)) {
 return EFI_DEVICE_ERROR;
 }
 
diff --git a/NetworkPkg/HttpDxe/HttpProto.c b/NetworkPkg/HttpDxe/HttpProto.c
index XXXXXXX..XXXXXXX 100644
--- a/NetworkPkg/HttpDxe/HttpProto.c
+++ b/NetworkPkg/HttpDxe/HttpProto.c
@@ -XXX,XX +XXX,XX @@
 
 Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved. 
 (C) Copyright 2016 Hewlett Packard Enterprise Development LP 
+Copyright (C) 2024 Advanced Micro Devices, Inc. All rights reserved. 
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -XXX,XX +XXX,XX @@ HttpCleanProtocol (
 NetMapClean (&HttpInstance->TxTokens);
 NetMapClean (&HttpInstance->RxTokens);
 
- if ((HttpInstance->TlsSb != NULL) && (HttpInstance->TlsChildHandle != NULL)) {
+ if ((HttpInstance->TlsSb != NULL) && HttpInstance->TlsAlreadyCreated) {
 //
 // Destroy the TLS instance.
 //
- HttpInstance->TlsSb->DestroyChild (HttpInstance->TlsSb, HttpInstance->TlsChildHandle);
- HttpInstance->TlsChildHandle = NULL;
+ HttpInstance->TlsSb->DestroyChild (HttpInstance->TlsSb, HttpInstance->Handle);
+ HttpInstance->TlsAlreadyCreated = FALSE;
 }
 
 if (HttpInstance->Tcp4ChildHandle != NULL) {
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c
index XXXXXXX..XXXXXXX 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
@@ -XXX,XX +XXX,XX @@
 
 Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved. 
 (C) Copyright 2016 Hewlett Packard Enterprise Development LP 
+Copyright (C) 2024 Advanced Micro Devices, Inc. All rights reserved. 
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -XXX,XX +XXX,XX @@ IsHttpsUrl (
 /**
 Creates a Tls child handle, open EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
 
- @param[in] ImageHandle The firmware allocated handle for the UEFI image.
- @param[out] TlsSb Pointer to the TLS SERVICE_BINDING_PROTOCOL.
- @param[out] TlsProto Pointer to the EFI_TLS_PROTOCOL instance.
- @param[out] TlsConfiguration Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
+ @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
 
- @return The child handle with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
+ @return EFI_SUCCESS TLS child handle is returned in HttpInstance->TlsChildHandle
+ with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
+ EFI_DEVICE_ERROR TLS service binding protocol is not found.
+ Otherwise Fail to create TLS chile handle.
 
 **/
-EFI_HANDLE
+EFI_STATUS
 EFIAPI
 TlsCreateChild (
- IN EFI_HANDLE ImageHandle,
- OUT EFI_SERVICE_BINDING_PROTOCOL **TlsSb,
- OUT EFI_TLS_PROTOCOL **TlsProto,
- OUT EFI_TLS_CONFIGURATION_PROTOCOL **TlsConfiguration
+ IN HTTP_PROTOCOL *HttpInstance
 )
 {
+ EFI_HANDLE ImageHandle;
 EFI_STATUS Status;
- EFI_HANDLE TlsChildHandle;
 
- TlsChildHandle = 0;
+ //
+ // Use TlsSb to create Tls child and open the TLS protocol.
+ //
+ if (HttpInstance->LocalAddressIsIPv6) {
+ ImageHandle = HttpInstance->Service->Ip6DriverBindingHandle;
+ } else {
+ ImageHandle = HttpInstance->Service->Ip4DriverBindingHandle;
+ }
 
 //
 // Locate TlsServiceBinding protocol.
@@ -XXX,XX +XXX,XX @@ TlsCreateChild (
 gBS->LocateProtocol (
 &gEfiTlsServiceBindingProtocolGuid,
 NULL,
- (VOID **)TlsSb
+ (VOID **)&HttpInstance->TlsSb
 );
- if (*TlsSb == NULL) {
- return NULL;
+ if (HttpInstance->TlsSb == NULL) {
+ return EFI_DEVICE_ERROR;
 }
 
- Status = (*TlsSb)->CreateChild (*TlsSb, &TlsChildHandle);
+ //
+ // Create TLS protocol on HTTP handle, this creates the association between HTTP and TLS
+ // for HTTP driver external usages.
+ //
+ Status = HttpInstance->TlsSb->CreateChild (HttpInstance->TlsSb, &HttpInstance->Handle);
 if (EFI_ERROR (Status)) {
- return NULL;
+ return Status;
 }
 
- Status = gBS->OpenProtocol (
- TlsChildHandle,
- &gEfiTlsProtocolGuid,
- (VOID **)TlsProto,
- ImageHandle,
- TlsChildHandle,
- EFI_OPEN_PROTOCOL_GET_PROTOCOL
- );
+ HttpInstance->TlsAlreadyCreated = TRUE;
+ Status = gBS->OpenProtocol (
+ HttpInstance->Handle,
+ &gEfiTlsProtocolGuid,
+ (VOID **)&HttpInstance->Tls,
+ ImageHandle,
+ HttpInstance->Handle,
+ EFI_OPEN_PROTOCOL_GET_PROTOCOL
+ );
 if (EFI_ERROR (Status)) {
- (*TlsSb)->DestroyChild (*TlsSb, TlsChildHandle);
- return NULL;
+ HttpInstance->TlsSb->DestroyChild (HttpInstance->TlsSb, HttpInstance->Handle);
+ HttpInstance->TlsAlreadyCreated = FALSE;
+ return Status;
 }
 
 Status = gBS->OpenProtocol (
- TlsChildHandle,
+ HttpInstance->Handle,
 &gEfiTlsConfigurationProtocolGuid,
- (VOID **)TlsConfiguration,
+ (VOID **)&HttpInstance->TlsConfiguration,
 ImageHandle,
- TlsChildHandle,
+ HttpInstance->Handle,
 EFI_OPEN_PROTOCOL_GET_PROTOCOL
 );
 if (EFI_ERROR (Status)) {
- (*TlsSb)->DestroyChild (*TlsSb, TlsChildHandle);
- return NULL;
+ HttpInstance->TlsSb->DestroyChild (HttpInstance->TlsSb, HttpInstance->Handle);
+ HttpInstance->TlsAlreadyCreated = FALSE;
+ return Status;
 }
 
- return TlsChildHandle;
+ return EFI_SUCCESS;
 }
 
 /**
-- 
2.37.1.windows.1

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113225): https://edk2.groups.io/g/devel/message/113225
Mute This Topic: https://groups.io/mt/103539578/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

From: Abner Chang <abner.chang@amd.com>

We still return EFI_SUCCESS to the caller when TlsConfigCertificate
returns error, for the use case the platform doesn't require
certificate for the specific HTTP session. This ensures
HttpInitSession function still initiated and returns EFI_SUCCESS to
the caller. The failure is pushed back to TLS DXE driver if the
HTTP communication actually requires certificate.

diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c
index XXXXXXX..XXXXXXX 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
@@ -XXX,XX +XXX,XX @@ TlsConfigureSession (
   //
   Status = TlsConfigCertificate (HttpInstance);
   if (EFI_ERROR (Status)) {
-    DEBUG ((DEBUG_ERROR, "TLS Certificate Config Error!\n"));
-    return Status;
+    if (Status == EFI_NOT_FOUND) {
+      DEBUG((DEBUG_WARN, "TLS Certificate is not found on the system!\n"));
+      //
+      // We still return EFI_SUCCESS to the caller when TlsConfigCertificate
+      // returns error, for the use case the platform doesn't require
+      // certificate for the specific HTTP session. This ensures
+      // HttpInitSession function still initiated and returns EFI_SUCCESS to
+      // the caller. The failure is pushed back to TLS DXE driver if the
+      // HTTP communication actually requires certificate.
+      //
+      Status = EFI_SUCCESS;
+    } else {
+      DEBUG((DEBUG_ERROR, "TLS Certificate Config Error!\n"));
+      return Status;
+    }
   }
 
   //
-- 
2.37.1.windows.1

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113226): https://edk2.groups.io/g/devel/message/113226
Mute This Topic: https://groups.io/mt/103539579/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

From: Abner Chang <abner.chang@amd.com>

Add HttpEventTlsConfigured HTTP callback event and notify
callback functions when TlsConfigureSession () returns.

Signed-off-by: Abner Chang <abner.chang@amd.com>
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Cc: Michael Brown <mcb30@ipxe.org>
Cc: Nickle Wang <nicklew@nvidia.com>
Cc: Igor Kulchytskyy <igork@ami.com>
---
 NetworkPkg/Include/Protocol/HttpCallback.h | 11 +++++++++++
 NetworkPkg/HttpDxe/HttpProto.c | 1 +
 NetworkPkg/HttpDxe/HttpsSupport.c | 4 ++--
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/NetworkPkg/Include/Protocol/HttpCallback.h b/NetworkPkg/Include/Protocol/HttpCallback.h
index XXXXXXX..XXXXXXX 100644
--- a/NetworkPkg/Include/Protocol/HttpCallback.h
+++ b/NetworkPkg/Include/Protocol/HttpCallback.h
@@ -XXX,XX +XXX,XX @@ typedef enum {
   ///
   HttpEventConnectTcp,
 
+  ///
+  /// The Status of Event to configure TLS configuration data.
+  /// EventStatus:
+  /// EFI_SUCCESS            The TLS is configured successfully with the default value.
+  /// EFI_INVALID_PARAMETER  One or more input parameters to SetSessionData() is invalid.
+  /// EFI_NOT_READY          Current TLS session state is NOT EfiTlsSessionStateNotStarted.
+  /// EFI_NOT_FOUND          Fail to get 'HttpTlsCipherList' variable.
+  /// Others                 Other error as indicated.
+  ///
+  HttpEventTlsConfigured,
+
   ///
   /// The Status of Event to connect one TLS session by finishing the TLS handshake process.
   /// EventStatus:
diff --git a/NetworkPkg/HttpDxe/HttpProto.c b/NetworkPkg/HttpDxe/HttpProto.c
index XXXXXXX..XXXXXXX 100644
--- a/NetworkPkg/HttpDxe/HttpProto.c
+++ b/NetworkPkg/HttpDxe/HttpProto.c
@@ -XXX,XX +XXX,XX @@ HttpInitSession (
   //
   if (TlsConfigure) {
     Status = TlsConfigureSession (HttpInstance);
+    HttpNotify (HttpEventTlsConfigured, Status);
     if (EFI_ERROR (Status)) {
       return Status;
     }
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c
index XXXXXXX..XXXXXXX 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
@@ -XXX,XX +XXX,XX @@ TlsConfigureSession (
   Status = TlsConfigCertificate (HttpInstance);
   if (EFI_ERROR (Status)) {
     if (Status == EFI_NOT_FOUND) {
-      DEBUG((DEBUG_WARN, "TLS Certificate is not found on the system!\n"));
+      DEBUG ((DEBUG_WARN, "TLS Certificate is not found on the system!\n"));
       //
       // We still return EFI_SUCCESS to the caller when TlsConfigCertificate
       // returns error, for the use case the platform doesn't require
@@ -XXX,XX +XXX,XX @@ TlsConfigureSession (
       //
       Status = EFI_SUCCESS;
     } else {
-      DEBUG((DEBUG_ERROR, "TLS Certificate Config Error!\n"));
+      DEBUG ((DEBUG_ERROR, "TLS Certificate Config Error!\n"));
       return Status;
     }
   }
-- 
2.37.1.windows.1

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113227): https://edk2.groups.io/g/devel/message/113227
Mute This Topic: https://groups.io/mt/103539580/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

From: Abner Chang <abner.chang@amd.com>

Implement EDKII_HTTP_CALLBACK_PROTOCOL that listens to
HttpEventTlsConfigured event for reconfiguring TLS configuration
data.

Signed-off-by: Abner Chang <abner.chang@amd.com>
Cc: Nickle Wang <nicklew@nvidia.com>
Cc: Igor Kulchytskyy <igork@ami.com>
---
 .../RedfishRestExDxe/RedfishRestExDxe.inf | 2 +
 .../RedfishRestExDxe/RedfishRestExDriver.h | 31 ++++++---
 .../RedfishRestExDxe/RedfishRestExDriver.c | 69 +++++++++++++++++++
 3 files changed, 92 insertions(+), 10 deletions(-)

diff --git a/RedfishPkg/RedfishRestExDxe/RedfishRestExDxe.inf b/RedfishPkg/RedfishRestExDxe/RedfishRestExDxe.inf
index XXXXXXX..XXXXXXX 100644
--- a/RedfishPkg/RedfishRestExDxe/RedfishRestExDxe.inf
+++ b/RedfishPkg/RedfishRestExDxe/RedfishRestExDxe.inf
@@ -XXX,XX +XXX,XX @@
 gEfiHttpServiceBindingProtocolGuid ## TO_START
 gEfiHttpProtocolGuid ## TO_START
 gEfiDevicePathProtocolGuid ## TO_START
+ gEdkiiHttpCallbackProtocolGuid ## CONSUMES
+ gEfiTlsProtocolGuid ## CONSUMES
 
 [Pcd]
 gEfiRedfishPkgTokenSpaceGuid.PcdRedfishRestExServiceAccessModeInBand ## CONSUMES
diff --git a/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.h b/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.h
index XXXXXXX..XXXXXXX 100644
--- a/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.h
+++ b/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.h
@@ -XXX,XX +XXX,XX @@
 #include <Protocol/DriverBinding.h>
 #include <Protocol/RestEx.h>
 #include <Protocol/ServiceBinding.h>
+#include <Protocol/HttpCallback.h>
+#include <Protocol/Tls.h>
 
 ///
 /// Protocol instances
@@ -XXX,XX +XXX,XX @@ typedef struct _RESTEX_INSTANCE RESTEX_INSTANCE;
 #define RESTEX_INSTANCE_FROM_THIS(a) \
 CR (a, RESTEX_INSTANCE, RestEx, RESTEX_INSTANCE_SIGNATURE)
 
+#define RESTEX_INSTANCE_FROM_HTTP_CALLBACK(a) \
+ CR (a, RESTEX_INSTANCE, HttpCallbakFunction, RESTEX_INSTANCE_SIGNATURE)
+
 #define RESTEX_STATE_UNCONFIGED 0
 #define RESTEX_STATE_CONFIGED 1
 
@@ -XXX,XX +XXX,XX @@ struct _RESTEX_SERVICE {
 #define RESTEX_INSTANCE_FLAGS_TCP_ERROR_RETRY 0x00000002
 
 struct _RESTEX_INSTANCE {
- UINT32 Signature;
- LIST_ENTRY Link;
+ UINT32 Signature;
+ LIST_ENTRY Link;
 
- EFI_REST_EX_PROTOCOL RestEx;
+ EFI_REST_EX_PROTOCOL RestEx;
 
- INTN State;
- BOOLEAN InDestroy;
+ INTN State;
+ BOOLEAN InDestroy;
 
- RESTEX_SERVICE *Service;
- EFI_HANDLE ChildHandle;
+ RESTEX_SERVICE *Service;
+ EFI_HANDLE ChildHandle;
 
- EFI_REST_EX_CONFIG_DATA ConfigData;
+ EFI_REST_EX_CONFIG_DATA ConfigData;
 
 //
 // HTTP_IO to access the HTTP service
 //
- HTTP_IO HttpIo;
+ HTTP_IO HttpIo;
+
+ //
+ // EDKII_HTTP_CALLBACK_PROTOCOL that listens to
+ // HttpEventInitSession event.
+ //
+ EDKII_HTTP_CALLBACK_PROTOCOL HttpCallbakFunction;
 
- UINT32 Flags;
+ UINT32 Flags;
 };
 
 typedef struct {
diff --git a/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c b/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c
index XXXXXXX..XXXXXXX 100644
--- a/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c
+++ b/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c
@@ -XXX,XX +XXX,XX @@ RedfishRestExDriverBindingStop (
 return Status;
 }
 
+/**
+ Callback function that is invoked when HTTP event occurs.
+
+ @param[in] This Pointer to the EDKII_HTTP_CALLBACK_PROTOCOL instance.
+ @param[in] Event The event that occurs in the current state.
+ @param[in] EventStatus The Status of Event, EFI_SUCCESS or other errors.
+**/
+VOID
+EFIAPI
+RestExHttpCallback (
+ IN EDKII_HTTP_CALLBACK_PROTOCOL *This,
+ IN EDKII_HTTP_CALLBACK_EVENT Event,
+ IN EFI_STATUS EventStatus
+ )
+{
+ EFI_STATUS Status;
+ EFI_TLS_PROTOCOL *TlsProtocol;
+ RESTEX_INSTANCE *Instance;
+ EFI_TLS_VERIFY TlsVerifyMethod;
+
+ if ((Event == HttpEventTlsConfigured) && (EventStatus == EFI_SUCCESS)) {
+ // Reconfigure TLS configuration data.
+ Instance = RESTEX_INSTANCE_FROM_HTTP_CALLBACK (This);
+ Status = gBS->HandleProtocol (
+ Instance->HttpIo.Handle,
+ &gEfiTlsProtocolGuid,
+ (VOID **)&TlsProtocol
+ );
+ if (EFI_ERROR (Status)) {
+ return;
+ }
+
+ TlsVerifyMethod = EFI_TLS_VERIFY_NONE;
+ Status = TlsProtocol->SetSessionData (
+ TlsProtocol,
+ EfiTlsVerifyMethod,
+ &TlsVerifyMethod,
+ sizeof (EFI_TLS_VERIFY)
+ );
+ if (!EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_MANAGEABILITY, "%a: REST EX reconfigures TLS verify method.\n", __func__));
+ }
+ }
+
+ return;
+}
+
 /**
 Creates a child handle and installs a protocol.
 
@@ -XXX,XX +XXX,XX @@ RedfishRestExServiceBindingCreateChild (
 goto ON_ERROR;
 }
 
+ // Initial HTTP callback funciton on this REST EX instance
+ Instance->HttpCallbakFunction.Callback = RestExHttpCallback;
+ Status = gBS->InstallProtocolInterface (
+ &Instance->HttpIo.Handle,
+ &gEdkiiHttpCallbackProtocolGuid,
+ EFI_NATIVE_INTERFACE,
+ &Instance->HttpCallbakFunction
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a: Fail to install HttpCallbakFunction.\n", __func__));
+ goto ON_ERROR;
+ }
+
 //
 // Add it to the parent's child list.
 //
@@ -XXX,XX +XXX,XX @@ RedfishRestExServiceBindingDestroyChild (
 RestEx
 );
 
+ //
+ // Uninstall the HTTP callback protocol.
+ //
+ Status = gBS->UninstallProtocolInterface (
+ Instance->HttpIo.Handle,
+ &gEdkiiHttpCallbackProtocolGuid,
+ &Instance->HttpCallbakFunction
+ );
+
 OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
 
 if (EFI_ERROR (Status)) {
-- 
2.37.1.windows.1

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113228): https://edk2.groups.io/g/devel/message/113228
Mute This Topic: https://groups.io/mt/103539581/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

From: Abner Chang <abner.chang@amd.com>

Update Supported function to check it the given
controller handle is already started.

Signed-off-by: Abner Chang <abner.chang@amd.com>
Cc: Nickle Wang <nicklew@nvidia.com>
Cc: Igor Kulchytskyy <igork@ami.com>
---
 RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c b/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c
index XXXXXXX..XXXXXXX 100644
--- a/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c
+++ b/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c
@@ -XXX,XX +XXX,XX @@ RedfishRestExDriverBindingSupported (
   IN EFI_DEVICE_PATH_PROTOCOL     *RemainingDevicePath OPTIONAL
   )
 {
+  EFI_STATUS  Status;
+  UINT32      *Id;
+
+  Status = gBS->OpenProtocol (
+                  ControllerHandle,
+                  &gEfiCallerIdGuid,
+                  (VOID **)&Id,
+                  This->DriverBindingHandle,
+                  ControllerHandle,
+                  EFI_OPEN_PROTOCOL_GET_PROTOCOL
+                  );
+  if (!EFI_ERROR (Status)) {
+    return EFI_ALREADY_STARTED;
+  }
+
   //
   // Test for the HttpServiceBinding Protocol.
   //
-- 
2.37.1.windows.1

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113229): https://edk2.groups.io/g/devel/message/113229
Mute This Topic: https://groups.io/mt/103539584/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

From: Abner Chang <abner.chang@amd.com>

In V2, total six patches. Relocate HttpEventTlsConfigured event to the end of
       enum. This keeps the enum number backward compatiable.
   - Add 5/6 patch to uncrustify RedfishRestExDriver.h.
   - Fix typo in the commit sibject.

In V1, total five patches:
   Patch 1/5: We agreed to refactor TlsCreateChild and install TLS on
              the given HTTP handle.
   Patch 2/5: We consider TLS certificate not found as a success case to
              ensures HTTP session is still initiated and HttpInitSession()
              returns EFI_SUCCESS to the caller. The failure is pushed back to
              TLS DXE driver if the HTTP communication actually requires
              certificate.
   Patch 3/5: Introduce HttpEventTlsConfigured HTTP callback event
   Patch 4/5: REST EX DXE provides HTTP event callback protocol
   Patch 5/5: REST EX DXE fix.

Abner Chang (6):
  NetworkPkg/HttpDxe: Refactor TlsCreateChild
  NetworkPkg/HttpDxe: Consider TLS certificate not found as a success
    case
  NetworkPkg/HttpDxe: Add HttpEventTlsConfigured HTTP callback event
  RedfishPkg/RedfishRestExDxe: Implement EDKII_HTTP_CALLBACK_PROTOCOL
  RedfishPkg/RedfishRestExDxe: Uncrustify RedfishRestExDriver.h
  RedfishPkg/RedfishRestExDxe: Update Supported function

.../RedfishRestExDxe/RedfishRestExDxe.inf     |  3 +
 NetworkPkg/HttpDxe/HttpProto.h                |  3 +-
 NetworkPkg/HttpDxe/HttpsSupport.h             | 18 ++--
 NetworkPkg/Include/Protocol/HttpCallback.h    | 15 ++-
 .../RedfishRestExDxe/RedfishRestExDriver.h    | 32 +++++--
 NetworkPkg/HttpDxe/HttpImpl.c                 | 23 +----
 NetworkPkg/HttpDxe/HttpProto.c                |  8 +-
 NetworkPkg/HttpDxe/HttpsSupport.c             | 95 ++++++++++++-------
 .../RedfishRestExDxe/RedfishRestExDriver.c    | 85 +++++++++++++++++
 9 files changed, 204 insertions(+), 78 deletions(-)

-- 
2.37.1.windows.1

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113327): https://edk2.groups.io/g/devel/message/113327
Mute This Topic: https://groups.io/mt/103577241/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

From: Abner Chang <abner.chang@amd.com>

- Use HTTP instance as the parameter for TlsCreateChild function.
- Install TLS protocol on the HTTP instance thats create TLS child.

Signed-off-by: Abner Chang <abner.chang@amd.com>
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Cc: Michael Brown <mcb30@ipxe.org>
Cc: Nickle Wang <nicklew@nvidia.com>
Cc: Igor Kulchytskyy <igork@ami.com>
Reviewed-by: Michael Brown <mcb30@ipxe.org>
---
 NetworkPkg/HttpDxe/HttpProto.h | 3 +-
 NetworkPkg/HttpDxe/HttpsSupport.h | 18 ++++---
 NetworkPkg/HttpDxe/HttpImpl.c | 23 ++-------
 NetworkPkg/HttpDxe/HttpProto.c | 7 +--
 NetworkPkg/HttpDxe/HttpsSupport.c | 78 ++++++++++++++++++-------------
 5 files changed, 64 insertions(+), 65 deletions(-)

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113328): https://edk2.groups.io/g/devel/message/113328
Mute This Topic: https://groups.io/mt/103577242/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

From: Abner Chang <abner.chang@amd.com>

Signed-off-by: Abner Chang <abner.chang@amd.com>
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Cc: Michael Brown <mcb30@ipxe.org>
Cc: Nickle Wang <nicklew@nvidia.com>
Cc: Igor Kulchytskyy <igork@ami.com>
Reviewed-by: Michael Brown <mcb30@ipxe.org>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
---
 NetworkPkg/HttpDxe/HttpsSupport.c | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113329): https://edk2.groups.io/g/devel/message/113329
Mute This Topic: https://groups.io/mt/103577245/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

From: Abner Chang <abner.chang@amd.com>

Add HttpEventTlsConfigured HTTP callback event and notify
callback functions when TlsConfigureSession () returns.

Signed-off-by: Abner Chang <abner.chang@amd.com>
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Cc: Michael Brown <mcb30@ipxe.org>
Cc: Nickle Wang <nicklew@nvidia.com>
Cc: Igor Kulchytskyy <igork@ami.com>
Reviewed-by: Michael Brown <mcb30@ipxe.org>
---
 NetworkPkg/Include/Protocol/HttpCallback.h | 15 ++++++++++++++-
 NetworkPkg/HttpDxe/HttpProto.c | 1 +
 NetworkPkg/HttpDxe/HttpsSupport.c | 4 ++--
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/NetworkPkg/Include/Protocol/HttpCallback.h b/NetworkPkg/Include/Protocol/HttpCallback.h
index XXXXXXX..XXXXXXX 100644
--- a/NetworkPkg/Include/Protocol/HttpCallback.h
+++ b/NetworkPkg/Include/Protocol/HttpCallback.h
@@ -XXX,XX +XXX,XX @@
 This file defines the EDKII HTTP Callback Protocol interface.
 
 Copyright (c) 2021, Intel Corporation. All rights reserved. 
+ Copyright (C) 2024 Advanced Micro Devices, Inc. All rights reserved. 
 SPDX-License-Identifier: BSD-2-Clause-Patent
 **/
 
@@ -XXX,XX +XXX,XX @@ typedef enum {
 /// EFI_SUCCESS The initialization of session is done.
 /// Others Other error as indicated.
 ///
- HttpEventInitSession
+ HttpEventInitSession,
+
+ ///
+ /// The Status of Event to configure TLS configuration data.
+ /// EventStatus:
+ /// EFI_SUCCESS The TLS is configured successfully with the default value.
+ /// EFI_INVALID_PARAMETER One or more input parameters to SetSessionData() is invalid.
+ /// EFI_NOT_READY Current TLS session state is NOT EfiTlsSessionStateNotStarted.
+ /// EFI_NOT_FOUND Fail to get 'HttpTlsCipherList' variable.
+ /// Others Other error as indicated.
+ ///
+ HttpEventTlsConfigured
+
 } EDKII_HTTP_CALLBACK_EVENT;
 
 /**
diff --git a/NetworkPkg/HttpDxe/HttpProto.c b/NetworkPkg/HttpDxe/HttpProto.c
index XXXXXXX..XXXXXXX 100644
--- a/NetworkPkg/HttpDxe/HttpProto.c
+++ b/NetworkPkg/HttpDxe/HttpProto.c
@@ -XXX,XX +XXX,XX @@ HttpInitSession (
 //
 if (TlsConfigure) {
 Status = TlsConfigureSession (HttpInstance);
+ HttpNotify (HttpEventTlsConfigured, Status);
 if (EFI_ERROR (Status)) {
 return Status;
 }
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c
index XXXXXXX..XXXXXXX 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
@@ -XXX,XX +XXX,XX @@ TlsConfigureSession (
 Status = TlsConfigCertificate (HttpInstance);
 if (EFI_ERROR (Status)) {
 if (Status == EFI_NOT_FOUND) {
- DEBUG((DEBUG_WARN, "TLS Certificate is not found on the system!\n"));
+ DEBUG ((DEBUG_WARN, "TLS Certificate is not found on the system!\n"));
 //
 // We still return EFI_SUCCESS to the caller when TlsConfigCertificate
 // returns error, for the use case the platform doesn't require
@@ -XXX,XX +XXX,XX @@ TlsConfigureSession (
 //
 Status = EFI_SUCCESS;
 } else {
- DEBUG((DEBUG_ERROR, "TLS Certificate Config Error!\n"));
+ DEBUG ((DEBUG_ERROR, "TLS Certificate Config Error!\n"));
 return Status;
 }
 }
-- 
2.37.1.windows.1

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113331): https://edk2.groups.io/g/devel/message/113331
Mute This Topic: https://groups.io/mt/103577248/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

From: Abner Chang <abner.chang@amd.com>

Implement EDKII_HTTP_CALLBACK_PROTOCOL that listens to
HttpEventTlsConfigured event for reconfiguring TLS configuration
data.

Signed-off-by: Abner Chang <abner.chang@amd.com>
Cc: Nickle Wang <nicklew@nvidia.com>
Cc: Igor Kulchytskyy <igork@ami.com>
---
 .../RedfishRestExDxe/RedfishRestExDxe.inf | 3 +
 .../RedfishRestExDxe/RedfishRestExDriver.h | 32 ++++++---
 .../RedfishRestExDxe/RedfishRestExDriver.c | 70 +++++++++++++++++++
 3 files changed, 95 insertions(+), 10 deletions(-)

diff --git a/RedfishPkg/RedfishRestExDxe/RedfishRestExDxe.inf b/RedfishPkg/RedfishRestExDxe/RedfishRestExDxe.inf
index XXXXXXX..XXXXXXX 100644
--- a/RedfishPkg/RedfishRestExDxe/RedfishRestExDxe.inf
+++ b/RedfishPkg/RedfishRestExDxe/RedfishRestExDxe.inf
@@ -XXX,XX +XXX,XX @@
 # (C) Copyright 2020 Hewlett Packard Enterprise Development LP 
 # Copyright (c) 2023, American Megatrends International LLC.
 # Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+# Copyright (C) 2024 Advanced Micro Devices, Inc. All rights reserved. 
 #
 # SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -XXX,XX +XXX,XX @@
 gEfiHttpServiceBindingProtocolGuid ## TO_START
 gEfiHttpProtocolGuid ## TO_START
 gEfiDevicePathProtocolGuid ## TO_START
+ gEdkiiHttpCallbackProtocolGuid ## CONSUMES
+ gEfiTlsProtocolGuid ## CONSUMES
 
 [Pcd]
 gEfiRedfishPkgTokenSpaceGuid.PcdRedfishRestExServiceAccessModeInBand ## CONSUMES
diff --git a/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.h b/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.h
index XXXXXXX..XXXXXXX 100644
--- a/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.h
+++ b/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.h
@@ -XXX,XX +XXX,XX @@
 Copyright (c) 2019, Intel Corporation. All rights reserved. 
 (C) Copyright 2020 Hewlett Packard Enterprise Development LP 
 Copyright (c) 2023, Ampere Computing LLC. All rights reserved. 
+ Copyright (C) 2024 Advanced Micro Devices, Inc. All rights reserved. 
 
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -XXX,XX +XXX,XX @@
 #include <Protocol/DriverBinding.h>
 #include <Protocol/RestEx.h>
 #include <Protocol/ServiceBinding.h>
+#include <Protocol/HttpCallback.h>
+#include <Protocol/Tls.h>
 
 ///
 /// Protocol instances
@@ -XXX,XX +XXX,XX @@ typedef struct _RESTEX_INSTANCE RESTEX_INSTANCE;
 #define RESTEX_INSTANCE_FROM_THIS(a) \
 CR (a, RESTEX_INSTANCE, RestEx, RESTEX_INSTANCE_SIGNATURE)
 
+#define RESTEX_INSTANCE_FROM_HTTP_CALLBACK(a) \
+ CR (a, RESTEX_INSTANCE, HttpCallbakFunction, RESTEX_INSTANCE_SIGNATURE)
+
 #define RESTEX_STATE_UNCONFIGED 0
 #define RESTEX_STATE_CONFIGED 1
 
@@ -XXX,XX +XXX,XX @@ struct _RESTEX_SERVICE {
 #define RESTEX_INSTANCE_FLAGS_TCP_ERROR_RETRY 0x00000002
 
 struct _RESTEX_INSTANCE {
- UINT32 Signature;
- LIST_ENTRY Link;
+ UINT32 Signature;
+ LIST_ENTRY Link;
 
- EFI_REST_EX_PROTOCOL RestEx;
+ EFI_REST_EX_PROTOCOL RestEx;
 
- INTN State;
- BOOLEAN InDestroy;
+ INTN State;
+ BOOLEAN InDestroy;
 
- RESTEX_SERVICE *Service;
- EFI_HANDLE ChildHandle;
+ RESTEX_SERVICE *Service;
+ EFI_HANDLE ChildHandle;
 
- EFI_REST_EX_CONFIG_DATA ConfigData;
+ EFI_REST_EX_CONFIG_DATA ConfigData;
 
 //
 // HTTP_IO to access the HTTP service
 //
- HTTP_IO HttpIo;
+ HTTP_IO HttpIo;
+
+ //
+ // EDKII_HTTP_CALLBACK_PROTOCOL that listens to
+ // HttpEventInitSession event.
+ //
+ EDKII_HTTP_CALLBACK_PROTOCOL HttpCallbakFunction;
 
- UINT32 Flags;
+ UINT32 Flags;
 };
 
 typedef struct {
diff --git a/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c b/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c
index XXXXXXX..XXXXXXX 100644
--- a/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c
+++ b/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c
@@ -XXX,XX +XXX,XX @@
 Copyright (c) 2019, Intel Corporation. All rights reserved. 
 (C) Copyright 2020 Hewlett Packard Enterprise Development LP 
 Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+ Copyright (C) 2024 Advanced Micro Devices, Inc. All rights reserved. 
 
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -XXX,XX +XXX,XX @@ RedfishRestExDriverBindingStop (
 return Status;
 }
 
+/**
+ Callback function that is invoked when HTTP event occurs.
+
+ @param[in] This Pointer to the EDKII_HTTP_CALLBACK_PROTOCOL instance.
+ @param[in] Event The event that occurs in the current state.
+ @param[in] EventStatus The Status of Event, EFI_SUCCESS or other errors.
+**/
+VOID
+EFIAPI
+RestExHttpCallback (
+ IN EDKII_HTTP_CALLBACK_PROTOCOL *This,
+ IN EDKII_HTTP_CALLBACK_EVENT Event,
+ IN EFI_STATUS EventStatus
+ )
+{
+ EFI_STATUS Status;
+ EFI_TLS_PROTOCOL *TlsProtocol;
+ RESTEX_INSTANCE *Instance;
+ EFI_TLS_VERIFY TlsVerifyMethod;
+
+ if ((Event == HttpEventTlsConfigured) && (EventStatus == EFI_SUCCESS)) {
+ // Reconfigure TLS configuration data.
+ Instance = RESTEX_INSTANCE_FROM_HTTP_CALLBACK (This);
+ Status = gBS->HandleProtocol (
+ Instance->HttpIo.Handle,
+ &gEfiTlsProtocolGuid,
+ (VOID **)&TlsProtocol
+ );
+ if (EFI_ERROR (Status)) {
+ return;
+ }
+
+ TlsVerifyMethod = EFI_TLS_VERIFY_NONE;
+ Status = TlsProtocol->SetSessionData (
+ TlsProtocol,
+ EfiTlsVerifyMethod,
+ &TlsVerifyMethod,
+ sizeof (EFI_TLS_VERIFY)
+ );
+ if (!EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_MANAGEABILITY, "%a: REST EX reconfigures TLS verify method.\n", __func__));
+ }
+ }
+
+ return;
+}
+
 /**
 Creates a child handle and installs a protocol.
 
@@ -XXX,XX +XXX,XX @@ RedfishRestExServiceBindingCreateChild (
 goto ON_ERROR;
 }
 
+ // Initial HTTP callback funciton on this REST EX instance
+ Instance->HttpCallbakFunction.Callback = RestExHttpCallback;
+ Status = gBS->InstallProtocolInterface (
+ &Instance->HttpIo.Handle,
+ &gEdkiiHttpCallbackProtocolGuid,
+ EFI_NATIVE_INTERFACE,
+ &Instance->HttpCallbakFunction
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a: Fail to install HttpCallbakFunction.\n", __func__));
+ goto ON_ERROR;
+ }
+
 //
 // Add it to the parent's child list.
 //
@@ -XXX,XX +XXX,XX @@ RedfishRestExServiceBindingDestroyChild (
 RestEx
 );
 
+ //
+ // Uninstall the HTTP callback protocol.
+ //
+ Status = gBS->UninstallProtocolInterface (
+ Instance->HttpIo.Handle,
+ &gEdkiiHttpCallbackProtocolGuid,
+ &Instance->HttpCallbakFunction
+ );
+
 OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
 
 if (EFI_ERROR (Status)) {
-- 
2.37.1.windows.1

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113330): https://edk2.groups.io/g/devel/message/113330
Mute This Topic: https://groups.io/mt/103577246/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

From: Abner Chang <abner.chang@amd.com>

Signed-off-by: Abner Chang <abner.chang@amd.com>
Cc: Nickle Wang <nicklew@nvidia.com>
Cc: Igor Kulchytskyy <igork@ami.com>
---
 .../RedfishRestExDxe/RedfishRestExDriver.h | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.h b/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.h
index XXXXXXX..XXXXXXX 100644
--- a/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.h
+++ b/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.h
@@ -XXX,XX +XXX,XX @@ struct _RESTEX_SERVICE {
 #define RESTEX_INSTANCE_FLAGS_TCP_ERROR_RETRY  0x00000002
 
 struct _RESTEX_INSTANCE {
-  UINT32                        Signature;
-  LIST_ENTRY                    Link;
+  UINT32                          Signature;
+  LIST_ENTRY                      Link;
 
-  EFI_REST_EX_PROTOCOL          RestEx;
+  EFI_REST_EX_PROTOCOL            RestEx;
 
-  INTN                          State;
-  BOOLEAN                       InDestroy;
+  INTN                            State;
+  BOOLEAN                         InDestroy;
 
-  RESTEX_SERVICE                *Service;
-  EFI_HANDLE                    ChildHandle;
+  RESTEX_SERVICE                  *Service;
+  EFI_HANDLE                      ChildHandle;
 
-  EFI_REST_EX_CONFIG_DATA       ConfigData;
+  EFI_REST_EX_CONFIG_DATA         ConfigData;
 
   //
   // HTTP_IO to access the HTTP service
   //
-  HTTP_IO                       HttpIo;
+  HTTP_IO                         HttpIo;
 
   //
   // EDKII_HTTP_CALLBACK_PROTOCOL that listens to
   // HttpEventInitSession event.
   //
-  EDKII_HTTP_CALLBACK_PROTOCOL  HttpCallbakFunction;
+  EDKII_HTTP_CALLBACK_PROTOCOL    HttpCallbakFunction;
 
-  UINT32                        Flags;
+  UINT32                          Flags;
 };
 
 typedef struct {
-- 
2.37.1.windows.1

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113332): https://edk2.groups.io/g/devel/message/113332
Mute This Topic: https://groups.io/mt/103577250/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

From: Abner Chang <abner.chang@amd.com>

Update Supported function to check it the given
controller handle is already started.

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113333): https://edk2.groups.io/g/devel/message/113333
Mute This Topic: https://groups.io/mt/103577253/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-