2 EmulaotPkg RedfishPlatformCredentialLib instance
4 (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
6 SPDX-License-Identifier: BSD-2-Clause-Patent
10 #include <Library/BaseMemoryLib.h>
11 #include <Library/BaseLib.h>
12 #include <Library/DebugLib.h>
13 #include <Library/MemoryAllocationLib.h>
14 #include <Library/UefiLib.h>
16 #include <Protocol/EdkIIRedfishCredential.h>
18 #include <Guid/GlobalVariable.h>
19 #include <Guid/ImageAuthentication.h>
21 BOOLEAN mSecureBootDisabled
= FALSE
;
22 BOOLEAN mStopRedfishService
= FALSE
;
26 LibStopRedfishService (
27 IN EDKII_REDFISH_CREDENTIAL_PROTOCOL
*This
,
28 IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType
32 Return the credential for accessing to Redfish servcice.
34 @param[out] AuthMethod The authentication method.
35 @param[out] UserId User ID.
36 @param[out] Password USer password.
38 @retval EFI_SUCCESS Get the authentication information successfully.
39 @retval EFI_OUT_OF_RESOURCES There are not enough memory resources.
43 GetRedfishCredential (
44 OUT EDKII_REDFISH_AUTH_METHOD
*AuthMethod
,
53 // AuthMethod set to HTTP Basic authentication.
55 *AuthMethod
= AuthMethodHttpBasic
;
58 // User ID and Password.
60 UserIdSize
= AsciiStrSize ((CHAR8
*)PcdGetPtr (PcdRedfishServieUserId
));
61 PasswordSize
= AsciiStrSize ((CHAR8
*)PcdGetPtr (PcdRedfishServiePassword
));
62 if ((UserIdSize
== 0) || (PasswordSize
== 0)) {
63 DEBUG ((DEBUG_ERROR
, "Incorrect string of UserID or Password for REdfish service.\n"));
64 return EFI_INVALID_PARAMETER
;
67 *UserId
= AllocateZeroPool (UserIdSize
);
68 if (*UserId
== NULL
) {
69 return EFI_OUT_OF_RESOURCES
;
72 CopyMem (*UserId
, (CHAR8
*)PcdGetPtr (PcdRedfishServieUserId
), UserIdSize
);
74 *Password
= AllocateZeroPool (PasswordSize
);
75 if (*Password
== NULL
) {
77 return EFI_OUT_OF_RESOURCES
;
80 CopyMem (*Password
, (CHAR8
*)PcdGetPtr (PcdRedfishServiePassword
), PasswordSize
);
85 Retrieve platform's Redfish authentication information.
87 This functions returns the Redfish authentication method together with the user Id and
89 - For AuthMethodNone, the UserId and Password could be used for HTTP header authentication
90 as defined by RFC7235.
91 - For AuthMethodRedfishSession, the UserId and Password could be used for Redfish
92 session login as defined by Redfish API specification (DSP0266).
94 Callers are responsible for and freeing the returned string storage.
96 @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
97 @param[out] AuthMethod Type of Redfish authentication method.
98 @param[out] UserId The pointer to store the returned UserId string.
99 @param[out] Password The pointer to store the returned Password string.
101 @retval EFI_SUCCESS Get the authentication information successfully.
102 @retval EFI_ACCESS_DENIED SecureBoot is disabled after EndOfDxe.
103 @retval EFI_INVALID_PARAMETER This or AuthMethod or UserId or Password is NULL.
104 @retval EFI_OUT_OF_RESOURCES There are not enough memory resources.
105 @retval EFI_UNSUPPORTED Unsupported authentication method is found.
110 LibCredentialGetAuthInfo (
111 IN EDKII_REDFISH_CREDENTIAL_PROTOCOL
*This
,
112 OUT EDKII_REDFISH_AUTH_METHOD
*AuthMethod
,
119 if ((This
== NULL
) || (AuthMethod
== NULL
) || (UserId
== NULL
) || (Password
== NULL
)) {
120 return EFI_INVALID_PARAMETER
;
123 if (mStopRedfishService
) {
124 return EFI_ACCESS_DENIED
;
127 if (mSecureBootDisabled
) {
128 Status
= LibStopRedfishService (This
, ServiceStopTypeSecureBootDisabled
);
129 if (EFI_ERROR (Status
) && (Status
!= EFI_UNSUPPORTED
)) {
130 DEBUG ((DEBUG_ERROR
, "SecureBoot has been disabled, but failed to stop RedfishService - %r\n", Status
));
135 Status
= GetRedfishCredential (
145 Notify the Redfish service to stop provide configuration service to this platform.
147 This function should be called when the platfrom is about to leave the safe environment.
148 It will notify the Redfish service provider to abort all logined session, and prohibit
149 further login with original auth info. GetAuthInfo() will return EFI_UNSUPPORTED once this
150 function is returned.
152 @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL instance.
153 @param[in] ServiceStopType Reason of stopping Redfish service.
155 @retval EFI_SUCCESS Service has been stoped successfully.
156 @retval EFI_INVALID_PARAMETER This is NULL or given the worng ServiceStopType.
157 @retval EFI_UNSUPPORTED Not support to stop Redfish service.
158 @retval Others Some error happened.
163 LibStopRedfishService (
164 IN EDKII_REDFISH_CREDENTIAL_PROTOCOL
*This
,
165 IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType
168 if (ServiceStopType
>= ServiceStopTypeMax
) {
169 return EFI_INVALID_PARAMETER
;
172 if (ServiceStopType
== ServiceStopTypeSecureBootDisabled
) {
174 // Check platform PCD to determine the action for stopping
175 // Redfish service due to secure boot is disabled.
177 if (!PcdGetBool (PcdRedfishServieStopIfSecureBootDisabled
)) {
178 return EFI_UNSUPPORTED
;
180 mStopRedfishService
= TRUE
;
181 DEBUG ((DEBUG_INFO
, "EFI Redfish service is stopped due to SecureBoot is disabled!!\n"));
183 } else if (ServiceStopType
== ServiceStopTypeExitBootService
) {
185 // Check platform PCD to determine the action for stopping
186 // Redfish service due to exit boot service.
188 if (PcdGetBool (PcdRedfishServieStopIfExitbootService
)) {
189 return EFI_UNSUPPORTED
;
191 mStopRedfishService
= TRUE
;
192 DEBUG ((DEBUG_INFO
, "EFI Redfish service is stopped due to Exit Boot Service!!\n"));
195 mStopRedfishService
= TRUE
;
196 DEBUG ((DEBUG_INFO
, "EFI Redfish service is stopped without Redfish service stop type!!\n"));
203 Notification of Exit Boot Service.
205 @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
209 LibCredentialExitBootServicesNotify (
210 IN EDKII_REDFISH_CREDENTIAL_PROTOCOL
*This
213 LibStopRedfishService (This
, ServiceStopTypeExitBootService
);
217 Notification of End of DXE.
219 @param[in] This Pointer to EDKII_REDFISH_CREDENTIAL_PROTOCOL.
223 LibCredentialEndOfDxeNotify (
224 IN EDKII_REDFISH_CREDENTIAL_PROTOCOL
*This
228 UINT8
*SecureBootVar
;
231 // Check Secure Boot status and lock Redfish service if Secure Boot is disabled.
233 Status
= GetVariable2 (EFI_SECURE_BOOT_MODE_NAME
, &gEfiGlobalVariableGuid
, (VOID
**)&SecureBootVar
, NULL
);
234 if (EFI_ERROR (Status
) || (*SecureBootVar
!= SECURE_BOOT_MODE_ENABLE
)) {
236 // Secure Boot is disabled
238 mSecureBootDisabled
= TRUE
;
239 LibStopRedfishService (This
, ServiceStopTypeSecureBootDisabled
);