Date   

[PATCH v4 04/11] OvmfPkg: add library class BlobVerifierLib with null implementation

Dov Murik
 

BlobVerifierLib will be used to verify blobs fetching them from QEMU's
firmware config (fw_cfg) in platforms that enable such verification.

The null implementation BlobVerifierLibNull treats all blobs as valid.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3457
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
---
OvmfPkg/OvmfPkg.dec | 3 ++
OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibNull.inf | 24 +++++++++++++
OvmfPkg/Include/Library/BlobVerifierLib.h | 38 +++++++++++++=
+++++++
OvmfPkg/Library/BlobVerifierLib/BlobVerifierNull.c | 33 +++++++++++++=
++++
4 files changed, 98 insertions(+)

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 6ae733f6e39f..f82228d69cc2 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -23,6 +23,9 @@ [LibraryClasses]
## @libraryclass Access bhyve's firmware control interface.=0D
BhyveFwCtlLib|Include/Library/BhyveFwCtlLib.h=0D
=0D
+ ## @libraryclass Verify blobs read from the VMM=0D
+ BlobVerifierLib|Include/Library/BlobVerifierLib.h=0D
+=0D
## @libraryclass Loads and boots a Linux kernel image=0D
#=0D
LoadLinuxLib|Include/Library/LoadLinuxLib.h=0D
diff --git a/OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibNull.inf b/Ovmf=
Pkg/Library/BlobVerifierLib/BlobVerifierLibNull.inf
new file mode 100644
index 000000000000..850d398e65a4
--- /dev/null
+++ b/OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibNull.inf
@@ -0,0 +1,24 @@
+## @file=0D
+#=0D
+# Null implementation of the blob verifier library.=0D
+#=0D
+# Copyright (C) 2021, IBM Corp=0D
+#=0D
+# SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+#=0D
+##=0D
+=0D
+[Defines]=0D
+ INF_VERSION =3D 1.29=0D
+ BASE_NAME =3D BlobVerifierLibNull=0D
+ FILE_GUID =3D b1b5533e-e01a-43bb-9e54-414f00ca036e=
=0D
+ MODULE_TYPE =3D BASE=0D
+ VERSION_STRING =3D 1.0=0D
+ LIBRARY_CLASS =3D BlobVerifierLib=0D
+=0D
+[Sources]=0D
+ BlobVerifierNull.c=0D
+=0D
+[Packages]=0D
+ MdePkg/MdePkg.dec=0D
+ OvmfPkg/OvmfPkg.dec=0D
diff --git a/OvmfPkg/Include/Library/BlobVerifierLib.h b/OvmfPkg/Include/Li=
brary/BlobVerifierLib.h
new file mode 100644
index 000000000000..db122684f76c
--- /dev/null
+++ b/OvmfPkg/Include/Library/BlobVerifierLib.h
@@ -0,0 +1,38 @@
+/** @file=0D
+=0D
+ Blob verification library=0D
+=0D
+ This library class allows verifiying whether blobs from external sources=
=0D
+ (such as QEMU's firmware config) are trusted.=0D
+=0D
+ Copyright (C) 2021, IBM Corporation=0D
+=0D
+ SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+**/=0D
+=0D
+#ifndef BLOB_VERIFIER_LIB_H__=0D
+#define BLOB_VERIFIER_LIB_H__=0D
+=0D
+#include <Uefi/UefiBaseType.h>=0D
+#include <Base.h>=0D
+=0D
+/**=0D
+ Verify blob from an external source.=0D
+=0D
+ @param[in] BlobName The name of the blob=0D
+ @param[in] Buf The data of the blob=0D
+ @param[in] BufSize The size of the blob in bytes=0D
+=0D
+ @retval EFI_SUCCESS The blob was verified successfully.=0D
+ @retval EFI_ACCESS_DENIED The blob could not be verified, and theref=
ore=0D
+ should be considered non-secure.=0D
+**/=0D
+EFI_STATUS=0D
+EFIAPI=0D
+VerifyBlob (=0D
+ IN CONST CHAR16 *BlobName,=0D
+ IN CONST VOID *Buf,=0D
+ IN UINT32 BufSize=0D
+ );=0D
+=0D
+#endif=0D
diff --git a/OvmfPkg/Library/BlobVerifierLib/BlobVerifierNull.c b/OvmfPkg/L=
ibrary/BlobVerifierLib/BlobVerifierNull.c
new file mode 100644
index 000000000000..975d4dd52f80
--- /dev/null
+++ b/OvmfPkg/Library/BlobVerifierLib/BlobVerifierNull.c
@@ -0,0 +1,33 @@
+/** @file=0D
+=0D
+ Null implementation of the blob verifier library.=0D
+=0D
+ Copyright (C) 2021, IBM Corporation=0D
+=0D
+ SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+**/=0D
+=0D
+#include <Library/BaseLib.h>=0D
+#include <Library/BlobVerifierLib.h>=0D
+=0D
+/**=0D
+ Verify blob from an external source.=0D
+=0D
+ @param[in] BlobName The name of the blob=0D
+ @param[in] Buf The data of the blob=0D
+ @param[in] BufSize The size of the blob in bytes=0D
+=0D
+ @retval EFI_SUCCESS The blob was verified successfully.=0D
+ @retval EFI_ACCESS_DENIED The blob could not be verified, and theref=
ore=0D
+ should be considered non-secure.=0D
+**/=0D
+EFI_STATUS=0D
+EFIAPI=0D
+VerifyBlob (=0D
+ IN CONST CHAR16 *BlobName,=0D
+ IN CONST VOID *Buf,=0D
+ IN UINT32 BufSize=0D
+ )=0D
+{=0D
+ return EFI_SUCCESS;=0D
+}=0D
--=20
2.25.1


[PATCH v4 11/11] OvmfPkg/AmdSev: Enforce hash verification of kernel blobs

Dov Murik
 

In the AmdSevX64 build, use BlobVerifierLibSevHashes to enforce
verification of hashes of the kernel/initrd/cmdline blobs fetched from
firmware config.

This allows for secure (measured) boot of SEV guests with QEMU's
-kernel/-initrd/-append switches (with the corresponding QEMU support
for injecting the hashes table into initial measured guest memory).

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3457
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index b2cc96cc5a97..c01599ea354f 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -173,7 +173,7 @@ [LibraryClasses]
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf=0D
CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/Customize=
dDisplayLib.inf=0D
FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltL=
ib.inf=0D
- BlobVerifierLib|OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibNull.inf=
=0D
+ BlobVerifierLib|OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibSevHashes=
.inf=0D
=0D
!if $(SOURCE_DEBUG_ENABLE) =3D=3D TRUE=0D
PeCoffExtraActionLib|SourceLevelDebugPkg/Library/PeCoffExtraActionLibDeb=
ug/PeCoffExtraActionLibDebug.inf=0D
@@ -696,7 +696,7 @@ [Components]
}=0D
OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf {=0D
<LibraryClasses>=0D
- NULL|OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibNull.inf=0D
+ NULL|OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibSevHashes.inf=0D
}=0D
OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf=0D
OvmfPkg/Virtio10Dxe/Virtio10.inf=0D
--=20
2.25.1


[PATCH v4 03/11] OvmfPkg: PlatformBootManagerLibGrub: Allow executing kernel via fw_cfg

Dov Murik
 

From: James Bottomley <jejb@linux.ibm.com>

Support QEMU's -kernel option.

Create a QemuKernel.c for PlatformBootManagerLibGrub
which is an exact copy of the file
PlatformBootManagerLib/QemuKernel.c .

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3457
Signed-off-by: James Bottomley <jejb@linux.ibm.com>
Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>
---
OvmfPkg/AmdSev/AmdSevX64.dsc =
| 1 +
OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformBootManagerLibGrub.inf =
| 2 ++
OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.h =
| 11 +++++++++++
OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c =
| 5 +++++
OvmfPkg/Library/{PlatformBootManagerLib =3D> PlatformBootManagerLibGrub}/Q=
emuKernel.c | 0
5 files changed, 19 insertions(+)

diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index a2f1324c40a6..aefdcf881c99 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -281,6 +281,7 @@ [LibraryClasses.common.PEIM]
CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuE=
xceptionHandlerLib.inf=0D
MpInitLib|UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf=0D
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/PeiQemuFwCfgS3LibFwCfg.inf=
=0D
+ QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoad=
ImageLib.inf=0D
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf=0D
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf=0D
=0D
diff --git a/OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformBootManager=
LibGrub.inf b/OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformBootManage=
rLibGrub.inf
index 9a806d17ec45..5f6f73d18470 100644
--- a/OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformBootManagerLibGrub=
.inf
+++ b/OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformBootManagerLibGrub=
.inf
@@ -23,6 +23,7 @@ [Defines]
=0D
[Sources]=0D
BdsPlatform.c=0D
+ QemuKernel.c=0D
PlatformData.c=0D
BdsPlatform.h=0D
=0D
@@ -46,6 +47,7 @@ [LibraryClasses]
BootLogoLib=0D
DevicePathLib=0D
PciLib=0D
+ QemuLoadImageLib=0D
UefiLib=0D
PlatformBmPrintScLib=0D
Tcg2PhysicalPresenceLib=0D
diff --git a/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.h b/Ovm=
fPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.h
index 748c63081920..f1d3a2906c00 100644
--- a/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.h
+++ b/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.h
@@ -172,4 +172,15 @@ PlatformInitializeConsole (
IN PLATFORM_CONSOLE_CONNECT_ENTRY *PlatformConsole=0D
);=0D
=0D
+/**=0D
+ Loads and boots UEFI Linux via the FwCfg interface.=0D
+=0D
+ @retval EFI_NOT_FOUND - The Linux kernel was not found=0D
+=0D
+**/=0D
+EFI_STATUS=0D
+TryRunningQemuKernel (=0D
+ VOID=0D
+ );=0D
+=0D
#endif // _PLATFORM_SPECIFIC_BDS_PLATFORM_H_=0D
diff --git a/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c b/Ovm=
fPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c
index 5c92d4fc2b09..7cceeea4879c 100644
--- a/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c
@@ -1315,6 +1315,11 @@ PlatformBootManagerAfterConsole (
//=0D
Tcg2PhysicalPresenceLibProcessRequest (NULL);=0D
=0D
+ //=0D
+ // Process QEMU's -kernel command line option=0D
+ //=0D
+ TryRunningQemuKernel ();=0D
+=0D
//=0D
// Perform some platform specific connect sequence=0D
//=0D
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/QemuKernel.c b/OvmfPkg/=
Library/PlatformBootManagerLibGrub/QemuKernel.c
similarity index 100%
copy from OvmfPkg/Library/PlatformBootManagerLib/QemuKernel.c
copy to OvmfPkg/Library/PlatformBootManagerLibGrub/QemuKernel.c
--=20
2.25.1


[PATCH v4 06/11] ArmVirtPkg: add BlobVerifierLibNull to DSC

Dov Murik
 

This prepares the ground for calling VerifyBlob() in
QemuKernelLoaderFsDxe.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3457
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
---
ArmVirtPkg/ArmVirtQemu.dsc | 5 ++++-
ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 ++++-
2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 7ef5e7297bc7..bf8bb1ec9578 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -440,7 +440,10 @@ [Components.common]
NULL|MdeModulePkg/Library/BootManagerUiLib/BootManagerUiLib.inf=0D
NULL|MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanc=
eManagerUiLib.inf=0D
}=0D
- OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf=0D
+ OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf {=0D
+ <LibraryClasses>=0D
+ NULL|OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibNull.inf=0D
+ }=0D
=0D
#=0D
# Networking stack=0D
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKerne=
l.dsc
index a542fcb157e9..af34cb47a12d 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -376,7 +376,10 @@ [Components.common]
NULL|MdeModulePkg/Library/BootManagerUiLib/BootManagerUiLib.inf=0D
NULL|MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanc=
eManagerUiLib.inf=0D
}=0D
- OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf=0D
+ OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf {=0D
+ <LibraryClasses>=0D
+ NULL|OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibNull.inf=0D
+ }=0D
=0D
#=0D
# Networking stack=0D
--=20
2.25.1


[PATCH v4 09/11] OvmfPkg/AmdSev: reserve MEMFD space for for firmware config hashes

Dov Murik
 

From: James Bottomley <jejb@linux.ibm.com>

Split the existing 4KB page reserved for SEV launch secrets into two
parts: first 3KB for SEV launch secrets and last 1KB for firmware
config hashes.

The area of the firmware config hashes will be attested (measured) by
the PSP and thus the untrusted VMM can't pass in different files from
what the guest owner allows.

Declare this in the Reset Vector table using GUID
7255371f-3a3b-4b04-927b-1da6efa8d454 and a uint32_t table of a base
and size value (similar to the structure used to declare the launch
secret block).

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3457
Co-developed-by: Dov Murik <dovmurik@linux.ibm.com>
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
Signed-off-by: James Bottomley <jejb@linux.ibm.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>
---
OvmfPkg/OvmfPkg.dec | 6 ++++++
OvmfPkg/AmdSev/AmdSevX64.fdf | 5 ++++-
OvmfPkg/ResetVector/ResetVector.inf | 2 ++
OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 20 ++++++++++++++++++++
OvmfPkg/ResetVector/ResetVector.nasmb | 2 ++
5 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index f82228d69cc2..2ab27f0c73c2 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -324,6 +324,12 @@ [PcdsFixedAtBuild]
gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|0x0|UINT32|0x42=0D
gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize|0x0|UINT32|0x43=0D
=0D
+ ## The base address and size of a hash table confirming allowed=0D
+ # parameters to be passed in via the Qemu firmware configuration=0D
+ # device=0D
+ gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|0x0|UINT32|0x47=0D
+ gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize|0x0|UINT32|0x48=0D
+=0D
[PcdsDynamic, PcdsDynamicEx]=0D
gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2=0D
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x1=
0=0D
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index 9977b0f00a18..0a89749700c3 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -59,9 +59,12 @@ [FD.MEMFD]
0x00B000|0x001000=0D
gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpaceGuid.P=
cdSevEsWorkAreaSize=0D
=0D
-0x00C000|0x001000=0D
+0x00C000|0x000C00=0D
gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenSpaceGu=
id.PcdSevLaunchSecretSize=0D
=0D
+0x00CC00|0x000400=0D
+gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|gUefiOvmfPkgTokenSpaceGuid=
.PcdQemuHashTableSize=0D
+=0D
0x00D000|0x001000=0D
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpace=
Guid.PcdOvmfSecGhcbBackupSize=0D
=0D
diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/Rese=
tVector.inf
index dc38f68919cd..d028c92d8cfa 100644
--- a/OvmfPkg/ResetVector/ResetVector.inf
+++ b/OvmfPkg/ResetVector/ResetVector.inf
@@ -47,3 +47,5 @@ [Pcd]
[FixedPcd]=0D
gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase=0D
gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize=0D
+ gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase=0D
+ gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize=0D
diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVe=
ctor/Ia16/ResetVectorVtf0.asm
index 9c0b5853a46f..7ec3c6e980c3 100644
--- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
+++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
@@ -47,7 +47,27 @@ TIMES (15 - ((guidedStructureEnd - guidedStructureStart =
+ 15) % 16)) DB 0
;=0D
guidedStructureStart:=0D
=0D
+; SEV Hash Table Block=0D
;=0D
+; This describes the guest ram area where the hypervisor should=0D
+; install a table describing the hashes of certain firmware configuration=
=0D
+; device files that would otherwise be passed in unchecked. The current=0D
+; use is for the kernel, initrd and command line values, but others may be=
=0D
+; added. The data format is:=0D
+;=0D
+; base physical address (32 bit word)=0D
+; table length (32 bit word)=0D
+;=0D
+; GUID (SEV FW config hash block): 7255371f-3a3b-4b04-927b-1da6efa8d454=0D
+;=0D
+sevFwHashBlockStart:=0D
+ DD SEV_FW_HASH_BLOCK_BASE=0D
+ DD SEV_FW_HASH_BLOCK_SIZE=0D
+ DW sevFwHashBlockEnd - sevFwHashBlockStart=0D
+ DB 0x1f, 0x37, 0x55, 0x72, 0x3b, 0x3a, 0x04, 0x4b=0D
+ DB 0x92, 0x7b, 0x1d, 0xa6, 0xef, 0xa8, 0xd4, 0x54=0D
+sevFwHashBlockEnd:=0D
+=0D
; SEV Secret block=0D
;=0D
; This describes the guest ram area where the hypervisor should=0D
diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re=
setVector.nasmb
index 5fbacaed5f9d..8d0bab02f8cb 100644
--- a/OvmfPkg/ResetVector/ResetVector.nasmb
+++ b/OvmfPkg/ResetVector/ResetVector.nasmb
@@ -88,5 +88,7 @@
%define SEV_ES_AP_RESET_IP FixedPcdGet32 (PcdSevEsWorkAreaBase)=0D
%define SEV_LAUNCH_SECRET_BASE FixedPcdGet32 (PcdSevLaunchSecretBase)=0D
%define SEV_LAUNCH_SECRET_SIZE FixedPcdGet32 (PcdSevLaunchSecretSize)=0D
+ %define SEV_FW_HASH_BLOCK_BASE FixedPcdGet32 (PcdQemuHashTableBase)=0D
+ %define SEV_FW_HASH_BLOCK_SIZE FixedPcdGet32 (PcdQemuHashTableSize)=0D
%include "Ia16/ResetVectorVtf0.asm"=0D
=0D
--=20
2.25.1


[PATCH v4 08/11] OvmfPkg/AmdSev/SecretPei: build hob for full page

Dov Murik
 

Round up the size of the SEV launch secret area to a whole page, as
required by BuildMemoryAllocationHob. This will allow the secret
area defined in the MEMFD to take less than a whole 4KB page.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3457
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>
---
OvmfPkg/AmdSev/SecretPei/SecretPei.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/AmdSev/SecretPei/SecretPei.c b/OvmfPkg/AmdSev/SecretPe=
i/SecretPei.c
index ad491515dd5d..db94c26b54d1 100644
--- a/OvmfPkg/AmdSev/SecretPei/SecretPei.c
+++ b/OvmfPkg/AmdSev/SecretPei/SecretPei.c
@@ -4,6 +4,7 @@
Copyright (C) 2020 James Bottomley, IBM Corporation.=0D
SPDX-License-Identifier: BSD-2-Clause-Patent=0D
**/=0D
+#include <Base.h>=0D
#include <PiPei.h>=0D
#include <Library/HobLib.h>=0D
#include <Library/PcdLib.h>=0D
@@ -17,7 +18,7 @@ InitializeSecretPei (
{=0D
BuildMemoryAllocationHob (=0D
PcdGet32 (PcdSevLaunchSecretBase),=0D
- PcdGet32 (PcdSevLaunchSecretSize),=0D
+ ALIGN_VALUE (PcdGet32 (PcdSevLaunchSecretSize), EFI_PAGE_SIZE),=0D
EfiBootServicesData=0D
);=0D
=0D
--=20
2.25.1


[PATCH v4 07/11] OvmfPkg/QemuKernelLoaderFsDxe: call VerifyBlob after fetch from fw_cfg

Dov Murik
 

In QemuKernelLoaderFsDxeEntrypoint we use FetchBlob to read the content
of the kernel/initrd/cmdline from the QEMU fw_cfg interface. Insert a
call to VerifyBlob after fetching to allow BlobVerifierLib
implementations to add a verification step for these blobs.

This will allow confidential computing OVMF builds to add verification
mechanisms for these blobs that originate from an untrusted source
(QEMU).

The null implementation of BlobVerifierLib does nothing in VerifyBlob,
and therefore no functional change is expected.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3457
Co-developed-by: James Bottomley <jejb@linux.ibm.com>
Signed-off-by: James Bottomley <jejb@linux.ibm.com>
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
---
OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c | 9 +++++++++
1 file changed, 9 insertions(+)

diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c b/OvmfPk=
g/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
index c7ddd86f5c75..6832d563bcb0 100644
--- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
+++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
@@ -17,6 +17,7 @@
#include <Guid/QemuKernelLoaderFsMedia.h>=0D
#include <Library/BaseLib.h>=0D
#include <Library/BaseMemoryLib.h>=0D
+#include <Library/BlobVerifierLib.h>=0D
#include <Library/DebugLib.h>=0D
#include <Library/DevicePathLib.h>=0D
#include <Library/MemoryAllocationLib.h>=0D
@@ -1039,6 +1040,14 @@ QemuKernelLoaderFsDxeEntrypoint (
if (EFI_ERROR (Status)) {=0D
goto FreeBlobs;=0D
}=0D
+ Status =3D VerifyBlob (=0D
+ CurrentBlob->Name,=0D
+ CurrentBlob->Data,=0D
+ CurrentBlob->Size=0D
+ );=0D
+ if (EFI_ERROR (Status)) {=0D
+ goto FreeBlobs;=0D
+ }=0D
mTotalBlobBytes +=3D CurrentBlob->Size;=0D
}=0D
KernelBlob =3D &mKernelBlob[KernelBlobTypeKernel];=0D
--=20
2.25.1


[PATCH v4 05/11] OvmfPkg: add BlobVerifierLibNull to DSC

Dov Murik
 

This prepares the ground for calling VerifyBlob() in
QemuKernelLoaderFsDxe.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3457
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 6 +++++-
OvmfPkg/OvmfPkgIa32.dsc | 5 ++++-
OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++-
OvmfPkg/OvmfPkgX64.dsc | 5 ++++-
4 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index aefdcf881c99..b2cc96cc5a97 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -173,6 +173,7 @@ [LibraryClasses]
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf=0D
CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/Customize=
dDisplayLib.inf=0D
FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltL=
ib.inf=0D
+ BlobVerifierLib|OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibNull.inf=
=0D
=0D
!if $(SOURCE_DEBUG_ENABLE) =3D=3D TRUE=0D
PeCoffExtraActionLib|SourceLevelDebugPkg/Library/PeCoffExtraActionLibDeb=
ug/PeCoffExtraActionLibDebug.inf=0D
@@ -693,7 +694,10 @@ [Components]
NULL|MdeModulePkg/Library/BootManagerUiLib/BootManagerUiLib.inf=0D
NULL|MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanc=
eManagerUiLib.inf=0D
}=0D
- OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf=0D
+ OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf {=0D
+ <LibraryClasses>=0D
+ NULL|OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibNull.inf=0D
+ }=0D
OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf=0D
OvmfPkg/Virtio10Dxe/Virtio10.inf=0D
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf=0D
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index f53efeae7986..7613abab6a7f 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -786,7 +786,10 @@ [Components]
NULL|OvmfPkg/Csm/LegacyBootMaintUiLib/LegacyBootMaintUiLib.inf=0D
!endif=0D
}=0D
- OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf=0D
+ OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf {=0D
+ <LibraryClasses>=0D
+ NULL|OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibNull.inf=0D
+ }=0D
OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf=0D
OvmfPkg/Virtio10Dxe/Virtio10.inf=0D
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf=0D
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index b3662e17f256..8b35aaf4b44c 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -800,7 +800,10 @@ [Components.X64]
NULL|OvmfPkg/Csm/LegacyBootMaintUiLib/LegacyBootMaintUiLib.inf=0D
!endif=0D
}=0D
- OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf=0D
+ OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf {=0D
+ <LibraryClasses>=0D
+ NULL|OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibNull.inf=0D
+ }=0D
OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf=0D
OvmfPkg/Virtio10Dxe/Virtio10.inf=0D
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf=0D
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 0a237a905866..0c95c74ad1a8 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -798,7 +798,10 @@ [Components]
NULL|OvmfPkg/Csm/LegacyBootMaintUiLib/LegacyBootMaintUiLib.inf=0D
!endif=0D
}=0D
- OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf=0D
+ OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf {=0D
+ <LibraryClasses>=0D
+ NULL|OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibNull.inf=0D
+ }=0D
OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf=0D
OvmfPkg/Virtio10Dxe/Virtio10.inf=0D
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf=0D
--=20
2.25.1


[PATCH v4 00/11] Measured SEV boot with kernel/initrd/cmdline

Dov Murik
 

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3457

Booting with SEV prevented the loading of kernel, initrd, and kernel
command-line via QEMU fw_cfg interface because they arrive from the VMM
which is untrusted in SEV.

However, in some cases the kernel, initrd, and cmdline are not secret
but should not be modified by the host. In such a case, we want to
verify inside the trusted VM that the kernel, initrd, and cmdline are
indeed the ones expected by the Guest Owner, and only if that is the
case go on and boot them up (removing the need for grub inside OVMF in
that mode).

This patch series reserves an area in MEMFD (previously the last 1KB of
the launch secret page) which will contain the hashes of these three
blobs (kernel, initrd, cmdline), each under its own GUID entry. This
tables of hashes is populated by QEMU before launch, and encrypted as
part of the initial VM memory; this makes sure these hashes are part of
the SEV measurement (which has to be approved by the Guest Owner for
secret injection, for example). Note that populating the hashes table
requires QEMU support [1].

OVMF parses the table of hashes populated by QEMU (patch 10), and as it
reads the fw_cfg blobs from QEMU, it will verify each one against the
expected hash. This is all done inside the trusted VM context. If all
the hashes are correct, boot of the kernel is allowed to continue.

Any attempt by QEMU to modify the kernel, initrd, cmdline (including
dropping one of them), or to modify the OVMF code that verifies those
hashes, will cause the initial SEV measurement to change and therefore
will be detectable by the Guest Owner during launch before secret
injection.

Relevant part of OVMF serial log during boot with AmdSevX86 build and
QEMU with -kernel/-initrd/-append:

...
BlobVerifierLibSevHashesConstructor: Found injected hashes table in secure location
Select Item: 0x17
Select Item: 0x8
FetchBlob: loading 7379328 bytes for "kernel"
Select Item: 0x18
Select Item: 0x11
VerifyBlob: Found GUID 4DE79437-ABD2-427F-B835-D5B172D2045B in table
VerifyBlob: Hash comparison succeeded for "kernel"
Select Item: 0xB
FetchBlob: loading 12483878 bytes for "initrd"
Select Item: 0x12
VerifyBlob: Found GUID 44BAF731-3A2F-4BD7-9AF1-41E29169781D in table
VerifyBlob: Hash comparison succeeded for "initrd"
Select Item: 0x14
FetchBlob: loading 86 bytes for "cmdline"
Select Item: 0x15
VerifyBlob: Found GUID 97D02DD8-BD20-4C94-AA78-E7714D36AB2A in table
VerifyBlob: Hash comparison succeeded for "cmdline"
...

The patch series is organized as follows:

1: Simple comment fix in adjacent area in the code.
2: Use GenericQemuLoadImageLib to gain one location for fw_cfg blob
fetching.
3: Allow the (previously blocked) usage of -kernel in AmdSevX64.
4-7: Add BlobVerifierLib with null implementation and use it in the correct
location in QemuKernelLoaderFsDxe.
8-9: Reserve memory for hashes table, declare this area in the reset vector.
10-11: Add the secure implementation BlobVerifierLibSevHashes and use it in
AmdSevX64 builds.

[1] https://lore.kernel.org/qemu-devel/20210624102040.2015280-1-dovmurik@linux.ibm.com/

Code is at
https://github.com/confidential-containers-demo/edk2/tree/sev-hashes-v4

v4 changes:
- BlobVerifierSevHashes (patch 10): more comprehensive overflow tests
when parsing the SEV hashes table structure

v3: https://edk2.groups.io/g/devel/message/77955
v3 changes:
- Rename to BlobVerifierLibNull, use decimal INF_VERSION, remove unused
DebugLib reference, fix doxygen comments, add missing IN attribute
- Rename to BlobVerifierLibSevHashes, use decimal INF_VERSION, fix
doxygen comments, add missing IN attribute,
calculate buffer hash only when the guid is found in hashes table
- SecretPei: use ALIGN_VALUE to round the hob size
- Coding style fixes
- Add missing 'Ref:' in patch 1 commit message
- Fix phrasing and typos in commit messages
- Remove Cc: Laszlo from series

v2: https://edk2.groups.io/g/devel/message/77505
v2 changes:
- Use the last 1KB of the existing SEV launch secret page for hashes table
(instead of reserving a whole new MEMFD page).
- Build on top of commit cf203024745f ("OvmfPkg/GenericQemuLoadImageLib: Read
cmdline from QemuKernelLoaderFs", 2021-06-28) to have a single location in
which all of kernel/initrd/cmdline are fetched from QEMU.
- Use static linking of the two BlobVerifierLib implemenatations.
- Reorganize series.

v1: https://edk2.groups.io/g/devel/message/75567

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>

---

Ard: please review patch 6 (ArmVirtPkg). Thanks.

Tom, Brijesh: I'll also send the diff for patch 10. Thanks.

---

Dov Murik (8):
OvmfPkg/AmdSev: use GenericQemuLoadImageLib in AmdSev builds
OvmfPkg: add library class BlobVerifierLib with null implementation
OvmfPkg: add BlobVerifierLibNull to DSC
ArmVirtPkg: add BlobVerifierLibNull to DSC
OvmfPkg/QemuKernelLoaderFsDxe: call VerifyBlob after fetch from fw_cfg
OvmfPkg/AmdSev/SecretPei: build hob for full page
OvmfPkg: add BlobVerifierLibSevHashes
OvmfPkg/AmdSev: Enforce hash verification of kernel blobs

James Bottomley (3):
OvmfPkg/AmdSev/SecretDxe: fix header comment to generic naming
OvmfPkg: PlatformBootManagerLibGrub: Allow executing kernel via fw_cfg
OvmfPkg/AmdSev: reserve MEMFD space for for firmware config hashes

OvmfPkg/OvmfPkg.dec | 9 +
ArmVirtPkg/ArmVirtQemu.dsc | 5 +-
ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 +-
OvmfPkg/AmdSev/AmdSevX64.dsc | 9 +-
OvmfPkg/OvmfPkgIa32.dsc | 5 +-
OvmfPkg/OvmfPkgIa32X64.dsc | 5 +-
OvmfPkg/OvmfPkgX64.dsc | 5 +-
OvmfPkg/AmdSev/AmdSevX64.fdf | 5 +-
OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibNull.inf | 24 +++
OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibSevHashes.inf | 37 ++++
OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformBootManagerLibGrub.inf | 2 +
OvmfPkg/ResetVector/ResetVector.inf | 2 +
OvmfPkg/Include/Library/BlobVerifierLib.h | 38 ++++
OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.h | 11 ++
OvmfPkg/AmdSev/SecretDxe/SecretDxe.c | 2 +-
OvmfPkg/AmdSev/SecretPei/SecretPei.c | 3 +-
OvmfPkg/Library/BlobVerifierLib/BlobVerifierNull.c | 33 ++++
OvmfPkg/Library/BlobVerifierLib/BlobVerifierSevHashes.c | 199 ++++++++++++++++++++
OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c | 5 +
OvmfPkg/Library/{PlatformBootManagerLib => PlatformBootManagerLibGrub}/QemuKernel.c | 0
OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c | 9 +
OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 20 ++
OvmfPkg/ResetVector/ResetVector.nasmb | 2 +
23 files changed, 425 insertions(+), 10 deletions(-)
create mode 100644 OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibNull.inf
create mode 100644 OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibSevHashes.inf
create mode 100644 OvmfPkg/Include/Library/BlobVerifierLib.h
create mode 100644 OvmfPkg/Library/BlobVerifierLib/BlobVerifierNull.c
create mode 100644 OvmfPkg/Library/BlobVerifierLib/BlobVerifierSevHashes.c
copy OvmfPkg/Library/{PlatformBootManagerLib => PlatformBootManagerLibGrub}/QemuKernel.c (100%)

--
2.25.1


[PATCH v4 01/11] OvmfPkg/AmdSev/SecretDxe: fix header comment to generic naming

Dov Murik
 

From: James Bottomley <jejb@linux.ibm.com>

Commit 96201ae7bf97 ("OvmfPkg/AmdSev/SecretDxe: make secret location
naming generic", 2020-12-15) replaced references to SEV with the generic
term Confidential Computing, but missed the file header comment. Fix
the naming in that header.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3457
Signed-off-by: James Bottomley <jejb@linux.ibm.com>
Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>
---
OvmfPkg/AmdSev/SecretDxe/SecretDxe.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c b/OvmfPkg/AmdSev/SecretDx=
e/SecretDxe.c
index 308022b5b25e..934ad207632b 100644
--- a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c
+++ b/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c
@@ -1,5 +1,5 @@
/** @file=0D
- SEV Secret configuration table constructor=0D
+ Confidential Computing Secret configuration table constructor=0D
=0D
Copyright (C) 2020 James Bottomley, IBM Corporation.=0D
SPDX-License-Identifier: BSD-2-Clause-Patent=0D
--=20
2.25.1


[edk2-platforms PATCH v4 2/2] Revert "Platform/RaspberryPi: Setup option for disabling Fast Boot"

Grzegorz Bernacki
 

This reverts commit efdc159ef7c9f15581a0f63d755a1530ff475156.

This commit is not longer required as Boot Discovery Policy has
been implemented for RPi.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
Reviewed-by: Sunny Wang <sunny.wang@arm.com>
---
Platform/RaspberryPi/RaspberryPi.dec | 2 --
Platform/RaspberryPi/RPi3/RPi3.dsc | 9 +--------
Platform/RaspberryPi/RPi4/RPi4.dsc | 9 +--------
Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxe.inf | 3 +--
Platform/RaspberryPi/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf | 1 -
Platform/RaspberryPi/Include/ConfigVars.h | 12 +-----------
Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxeHii.vfr | 16 +---------------
Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxe.c | 11 +----------
Platform/RaspberryPi/Library/PlatformBootManagerLib/PlatformBm.c | 15 ++-------------
Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxeHii.uni | 10 +---------
10 files changed, 9 insertions(+), 79 deletions(-)

diff --git a/Platform/RaspberryPi/RaspberryPi.dec b/Platform/RaspberryPi/RaspberryPi.dec
index f1dd8ac0ed..2ca25ff9e6 100644
--- a/Platform/RaspberryPi/RaspberryPi.dec
+++ b/Platform/RaspberryPi/RaspberryPi.dec
@@ -2,7 +2,6 @@
#
# Copyright (c) 2016, Linaro, Ltd. All rights reserved.
# Copyright (c) 2017-2018, Andrei Warkentin <andrey.warkentin@gmail.com>
-# Copyright (c) 2021, ARM Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -71,5 +70,4 @@
gRaspberryPiTokenSpaceGuid.PcdFanTemp|0|UINT32|0x0000001D
gRaspberryPiTokenSpaceGuid.PcdPlatformResetDelay|0|UINT32|0x0000001E
gRaspberryPiTokenSpaceGuid.PcdMmcEnableDma|0|UINT32|0x0000001F
- gRaspberryPiTokenSpaceGuid.PcdBootPolicy|0|UINT32|0x00000020
gRaspberryPiTokenSpaceGuid.PcdUartInUse|1|UINT32|0x00000021
diff --git a/Platform/RaspberryPi/RPi3/RPi3.dsc b/Platform/RaspberryPi/RPi3/RPi3.dsc
index 53825bcf62..b6e3372c61 100644
--- a/Platform/RaspberryPi/RPi3/RPi3.dsc
+++ b/Platform/RaspberryPi/RPi3/RPi3.dsc
@@ -1,6 +1,6 @@
# @file
#
-# Copyright (c) 2011 - 2021, ARM Limited. All rights reserved.
+# Copyright (c) 2011 - 2020, ARM Limited. All rights reserved.
# Copyright (c) 2014, Linaro Limited. All rights reserved.
# Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.
# Copyright (c) 2017 - 2018, Andrei Warkentin <andrey.warkentin@gmail.com>
@@ -512,13 +512,6 @@
gRaspberryPiTokenSpaceGuid.PcdFanOnGpio|L"FanOnGpio"|gConfigDxeFormSetGuid|0x0|0
gRaspberryPiTokenSpaceGuid.PcdFanTemp|L"FanTemp"|gConfigDxeFormSetGuid|0x0|0

- #
- # Boot Policy
- # 0 - Fast Boot
- # 1 - Full Discovery (Connect All)
- #
- gRaspberryPiTokenSpaceGuid.PcdBootPolicy|L"BootPolicy"|gConfigDxeFormSetGuid|0x0|1
-
#
# Reset-related.
#
diff --git a/Platform/RaspberryPi/RPi4/RPi4.dsc b/Platform/RaspberryPi/RPi4/RPi4.dsc
index 8b9beac64a..07f36e7f1b 100644
--- a/Platform/RaspberryPi/RPi4/RPi4.dsc
+++ b/Platform/RaspberryPi/RPi4/RPi4.dsc
@@ -1,6 +1,6 @@
# @file
#
-# Copyright (c) 2011 - 2021, ARM Limited. All rights reserved.
+# Copyright (c) 2011 - 2020, ARM Limited. All rights reserved.
# Copyright (c) 2017 - 2018, Andrei Warkentin <andrey.warkentin@gmail.com>
# Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.
# Copyright (c) 2014, Linaro Limited. All rights reserved.
@@ -528,13 +528,6 @@
gRaspberryPiTokenSpaceGuid.PcdFanOnGpio|L"FanOnGpio"|gConfigDxeFormSetGuid|0x0|0
gRaspberryPiTokenSpaceGuid.PcdFanTemp|L"FanTemp"|gConfigDxeFormSetGuid|0x0|60

- #
- # Boot Policy
- # 0 - Fast Boot
- # 1 - Full Discovery (Connect All)
- #
- gRaspberryPiTokenSpaceGuid.PcdBootPolicy|L"BootPolicy"|gConfigDxeFormSetGuid|0x0|1
-
#
# Reset-related.
#
diff --git a/Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxe.inf b/Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxe.inf
index 597e1b4205..4bb2d08550 100644
--- a/Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxe.inf
+++ b/Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxe.inf
@@ -2,7 +2,7 @@
#
# Component description file for the RasbperryPi DXE platform config driver.
#
-# Copyright (c) 2019 - 2021, ARM Limited. All rights reserved.
+# Copyright (c) 2019 - 2020, ARM Limited. All rights reserved.
# Copyright (c) 2018 - 2020, Andrei Warkentin <andrey.warkentin@gmail.com>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -93,7 +93,6 @@
gRaspberryPiTokenSpaceGuid.PcdRamLimitTo3GB
gRaspberryPiTokenSpaceGuid.PcdFanOnGpio
gRaspberryPiTokenSpaceGuid.PcdFanTemp
- gRaspberryPiTokenSpaceGuid.PcdBootPolicy
gRaspberryPiTokenSpaceGuid.PcdUartInUse

[Depex]
diff --git a/Platform/RaspberryPi/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/Platform/RaspberryPi/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
index 4ef2f791ae..c047364b28 100644
--- a/Platform/RaspberryPi/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/Platform/RaspberryPi/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
@@ -64,7 +64,6 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdBootDiscoveryPolicy
gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut
gRaspberryPiTokenSpaceGuid.PcdSdIsArasan
- gRaspberryPiTokenSpaceGuid.PcdBootPolicy

[Guids]
gBootDiscoveryPolicyMgrFormsetGuid
diff --git a/Platform/RaspberryPi/Include/ConfigVars.h b/Platform/RaspberryPi/Include/ConfigVars.h
index 9ef62b7a6e..142317985a 100644
--- a/Platform/RaspberryPi/Include/ConfigVars.h
+++ b/Platform/RaspberryPi/Include/ConfigVars.h
@@ -1,7 +1,7 @@
/** @file
*
* Copyright (c) 2020, Andrei Warkentin <andrey.warkentin@gmail.com>
- * Copyright (c) 2020 - 2021, ARM Limited. All rights reserved.
+ * Copyright (c) 2020, ARM Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-2-Clause-Patent
*
@@ -143,14 +143,4 @@ typedef struct {
UINT32 EnableDma;
} MMC_EMMC_DMA_VARSTORE_DATA;

-#define FAST_BOOT 0
-#define FULL_DISCOVERY 1
-typedef struct {
- /*
- * 0 - Fast Boot
- * 1 - Full Discovery (Connect All)
- */
- UINT32 BootPolicy;
-} BOOT_POLICY_VARSTORE_DATA;
-
#endif /* CONFIG_VARS_H */
diff --git a/Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxeHii.vfr b/Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxeHii.vfr
index 759db6212f..fa34eab809 100644
--- a/Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxeHii.vfr
+++ b/Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxeHii.vfr
@@ -1,7 +1,7 @@
/** @file
*
* Copyright (c) 2018 Andrei Warkentin <andrey.warkentin@gmail.com>
- * Copyright (c) 2020 - 2021, ARM Limited. All rights reserved.
+ * Copyright (c) 2020, ARM Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-2-Clause-Patent
*
@@ -116,11 +116,6 @@ formset
name = DisplayEnableSShot,
guid = CONFIGDXE_FORM_SET_GUID;

- efivarstore BOOT_POLICY_VARSTORE_DATA,
- attribute = EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE,
- name = BootPolicy,
- guid = CONFIGDXE_FORM_SET_GUID;
-
form formid = 1,
title = STRING_TOKEN(STR_FORM_SET_TITLE);
subtitle text = STRING_TOKEN(STR_NULL_STRING);
@@ -195,14 +190,6 @@ formset
option text = STRING_TOKEN(STR_ADVANCED_SYSTAB_DT), value = SYSTEM_TABLE_MODE_DT, flags = DEFAULT;
endoneof;

- oneof varid = BootPolicy.BootPolicy,
- prompt = STRING_TOKEN(STR_BOOT_POLICY_PROMPT),
- help = STRING_TOKEN(STR_BOOT_POLICY_HELP),
- flags = NUMERIC_SIZE_4 | INTERACTIVE | RESET_REQUIRED,
- option text = STRING_TOKEN(STR_FAST_BOOT), value = FAST_BOOT , flags = 0;
- option text = STRING_TOKEN(STR_FULL_DISCOVERY), value = FULL_DISCOVERY, flags = DEFAULT;
- endoneof;
-
#if (RPI_MODEL == 4)
grayoutif NOT ideqval SystemTableMode.Mode == SYSTEM_TABLE_MODE_ACPI;
oneof varid = FanOnGpio.Enabled,
@@ -233,7 +220,6 @@ formset
minsize = 0,
maxsize = ASSET_TAG_STR_MAX_LEN,
endstring;
-
endform;

form formid = 0x1003,
diff --git a/Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxe.c b/Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxe.c
index cf9880bd20..9e78cb47ad 100644
--- a/Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxe.c
+++ b/Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxe.c
@@ -1,6 +1,6 @@
/** @file
*
- * Copyright (c) 2019 - 2021, ARM Limited. All rights reserved.
+ * Copyright (c) 2019 - 2020, ARM Limited. All rights reserved.
* Copyright (c) 2018 - 2020, Andrei Warkentin <andrey.warkentin@gmail.com>
*
* SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -286,15 +286,6 @@ SetupVariables (
);
}

- Size = sizeof (UINT32);
- Status = gRT->GetVariable (L"BootPolicy",
- &gConfigDxeFormSetGuid,
- NULL, &Size, &Var32);
- if (EFI_ERROR (Status)) {
- Status = PcdSet32S (PcdBootPolicy, PcdGet32 (PcdBootPolicy));
- ASSERT_EFI_ERROR (Status);
- }
-
Size = sizeof (UINT32);
Status = gRT->GetVariable (L"SdIsArasan",
&gConfigDxeFormSetGuid,
diff --git a/Platform/RaspberryPi/Library/PlatformBootManagerLib/PlatformBm.c b/Platform/RaspberryPi/Library/PlatformBootManagerLib/PlatformBm.c
index d944d1a38d..c8305ce4f5 100644
--- a/Platform/RaspberryPi/Library/PlatformBootManagerLib/PlatformBm.c
+++ b/Platform/RaspberryPi/Library/PlatformBootManagerLib/PlatformBm.c
@@ -4,7 +4,7 @@
* Copyright (c) 2017-2018, Andrei Warkentin <andrey.warkentin@gmail.com>
* Copyright (c) 2016, Linaro Ltd. All rights reserved.
* Copyright (c) 2015-2016, Red Hat, Inc.
- * Copyright (c) 2014-2021, ARM Ltd. All rights reserved.
+ * Copyright (c) 2014-2020, ARM Ltd. All rights reserved.
* Copyright (c) 2004-2016, Intel Corporation. All rights reserved.
* Copyright (c) 2021, Semihalf All rights reserved.
*
@@ -28,11 +28,10 @@
#include <Guid/BootDiscoveryPolicy.h>
#include <Guid/EventGroup.h>
#include <Guid/TtyTerm.h>
-#include <ConfigVars.h>

#include "PlatformBm.h"

-#define BOOT_PROMPT L"ESC (setup), F1 (shell), ENTER (boot)\n"
+#define BOOT_PROMPT L"ESC (setup), F1 (shell), ENTER (boot)"

#define DP_NODE_LEN(Type) { (UINT8)sizeof (Type), (UINT8)(sizeof (Type) >> 8) }

@@ -720,16 +719,6 @@ PlatformBootManagerAfterConsole (
Print (BOOT_PROMPT);
}

- //
- // Connect the rest of the devices if the boot polcy is set to Full discovery
- //
- if (PcdGet32 (PcdBootPolicy) == FULL_DISCOVERY) {
- DEBUG ((DEBUG_INFO, "Boot Policy is Full Discovery. Connect all devices\n"));
- EfiBootManagerConnectAll ();
- } else if (PcdGet32 (PcdBootPolicy) == FAST_BOOT) {
- DEBUG ((DEBUG_INFO, "Boot Policy is Fast Boot. Skip connecting all devices\n"));
- }
-
Status = BootDiscoveryPolicyHandler ();
if (EFI_ERROR(Status)) {
DEBUG ((DEBUG_INFO, "Error applying Boot Discovery Policy:%r\n", Status));
diff --git a/Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxeHii.uni b/Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxeHii.uni
index 81761d64bb..466fa852cb 100644
--- a/Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxeHii.uni
+++ b/Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxeHii.uni
@@ -1,7 +1,7 @@
/** @file
*
* Copyright (c) 2018, Andrei Warkentin <andrey.warkentin@gmail.com>
- * Copyright (c) 2020 - 2021, ARM Limited. All rights reserved.
+ * Copyright (c) 2020, ARM Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-2-Clause-Patent
*
@@ -60,14 +60,6 @@
#string STR_ADVANCED_ASSET_TAG_PROMPT #language en-US "Asset Tag"
#string STR_ADVANCED_ASSET_TAG_HELP #language en-US "Set the system Asset Tag"

-#string STR_BOOT_POLICY_PROMPT #language en-US "Boot Policy"
-#string STR_BOOT_POLICY_HELP #language en-US "When Fast Boot is selected, only required devices will be discovered for reducing "
- "the boot time. "
- "When Full Discovery is selected, all the devices will be discovered for some "
- "scenarios such as system deployment and diagnostic tests."
-#string STR_FAST_BOOT #language en-US "Fast Boot"
-#string STR_FULL_DISCOVERY #language en-US "Full Discovery"
-
/*
* MMC/SD configuration.
*/
--
2.25.1


[edk2-platforms PATCH v4 1/2] Platform/RaspberryPi: Enable Boot Discovery Policy.

Grzegorz Bernacki
 

This commit modify platform boot to check the value of
BootDiscoveryPolicy variable and use BootPolicyManager
Protocol to connect devices specified by the variable.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
Reviewed-by: Sunny Wang <sunny.wang@arm.com>
---
Platform/RaspberryPi/RPi4/RPi4.dsc | 3 +
Platform/RaspberryPi/RPi4/RPi4.fdf | 1 +
Platform/RaspberryPi/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf | 5 ++
Platform/RaspberryPi/Library/PlatformBootManagerLib/PlatformBm.c | 91 ++++++++++++++++++++
4 files changed, 100 insertions(+)

diff --git a/Platform/RaspberryPi/RPi4/RPi4.dsc b/Platform/RaspberryPi/RPi4/RPi4.dsc
index fd73c4d14b..8b9beac64a 100644
--- a/Platform/RaspberryPi/RPi4/RPi4.dsc
+++ b/Platform/RaspberryPi/RPi4/RPi4.dsc
@@ -555,6 +555,7 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdConOutColumn|L"Columns"|gRaspberryPiTokenSpaceGuid|0x0|80
gEfiMdeModulePkgTokenSpaceGuid.PcdSetupConOutRow|L"Rows"|gRaspberryPiTokenSpaceGuid|0x0|25
gEfiMdeModulePkgTokenSpaceGuid.PcdConOutRow|L"Rows"|gRaspberryPiTokenSpaceGuid|0x0|25
+ gEfiMdeModulePkgTokenSpaceGuid.PcdBootDiscoveryPolicy|L"BootDiscoveryPolicy"|gBootDiscoveryPolicyMgrFormsetGuid|0

[PcdsDynamicDefault.common]
#
@@ -682,6 +683,7 @@
#
# Bds
#
+ MdeModulePkg/Universal/BootManagerPolicyDxe/BootManagerPolicyDxe.inf
MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
@@ -690,6 +692,7 @@
Platform/RaspberryPi/Drivers/LogoDxe/LogoDxe.inf
MdeModulePkg/Application/UiApp/UiApp.inf {
<LibraryClasses>
+ NULL|MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.inf
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
NULL|MdeModulePkg/Library/BootManagerUiLib/BootManagerUiLib.inf
NULL|Platform/RaspberryPi/Library/PlatformUiAppLib/PlatformUiAppLib.inf
diff --git a/Platform/RaspberryPi/RPi4/RPi4.fdf b/Platform/RaspberryPi/RPi4/RPi4.fdf
index 1e13909a57..371197a93e 100644
--- a/Platform/RaspberryPi/RPi4/RPi4.fdf
+++ b/Platform/RaspberryPi/RPi4/RPi4.fdf
@@ -253,6 +253,7 @@ READ_LOCK_STATUS = TRUE
#
# Bds
#
+ INF MdeModulePkg/Universal/BootManagerPolicyDxe/BootManagerPolicyDxe.inf
INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf
INF MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
INF MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
diff --git a/Platform/RaspberryPi/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/Platform/RaspberryPi/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
index fbf510ab96..4ef2f791ae 100644
--- a/Platform/RaspberryPi/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/Platform/RaspberryPi/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
@@ -61,11 +61,13 @@
gEfiMdePkgTokenSpaceGuid.PcdDefaultTerminalType

[Pcd]
+ gEfiMdeModulePkgTokenSpaceGuid.PcdBootDiscoveryPolicy
gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut
gRaspberryPiTokenSpaceGuid.PcdSdIsArasan
gRaspberryPiTokenSpaceGuid.PcdBootPolicy

[Guids]
+ gBootDiscoveryPolicyMgrFormsetGuid
gEfiFileInfoGuid
gEfiFileSystemInfoGuid
gEfiFileSystemVolumeLabelInfoIdGuid
@@ -73,8 +75,11 @@
gEfiTtyTermGuid
gUefiShellFileGuid
gEfiEventExitBootServicesGuid
+ gEfiBootManagerPolicyNetworkGuid
+ gEfiBootManagerPolicyConnectAllGuid

[Protocols]
+ gEfiBootManagerPolicyProtocolGuid
gEfiDevicePathProtocolGuid
gEfiGraphicsOutputProtocolGuid
gEfiLoadedImageProtocolGuid
diff --git a/Platform/RaspberryPi/Library/PlatformBootManagerLib/PlatformBm.c b/Platform/RaspberryPi/Library/PlatformBootManagerLib/PlatformBm.c
index d081fdae63..d944d1a38d 100644
--- a/Platform/RaspberryPi/Library/PlatformBootManagerLib/PlatformBm.c
+++ b/Platform/RaspberryPi/Library/PlatformBootManagerLib/PlatformBm.c
@@ -6,6 +6,7 @@
* Copyright (c) 2015-2016, Red Hat, Inc.
* Copyright (c) 2014-2021, ARM Ltd. All rights reserved.
* Copyright (c) 2004-2016, Intel Corporation. All rights reserved.
+ * Copyright (c) 2021, Semihalf All rights reserved.
*
* SPDX-License-Identifier: BSD-2-Clause-Patent
*
@@ -19,10 +20,12 @@
#include <Library/UefiBootManagerLib.h>
#include <Library/UefiLib.h>
#include <Library/PrintLib.h>
+#include <Protocol/BootManagerPolicy.h>
#include <Protocol/DevicePath.h>
#include <Protocol/EsrtManagement.h>
#include <Protocol/GraphicsOutput.h>
#include <Protocol/LoadedImage.h>
+#include <Guid/BootDiscoveryPolicy.h>
#include <Guid/EventGroup.h>
#include <Guid/TtyTerm.h>
#include <ConfigVars.h>
@@ -598,6 +601,89 @@ PlatformBootManagerBeforeConsole (
FilterAndProcess (&gEfiUsb2HcProtocolGuid, NULL, Connect);
}

+/**
+ Connect device specified by BootDiscoverPolicy variable and refresh
+ Boot order for newly discovered boot device.
+
+ @retval EFI_SUCCESS Devices connected succesfully or connection
+ not required.
+ @retval others Return values from GetVariable(), LocateProtocol()
+ and ConnectDeviceClass().
+--*/
+STATIC
+EFI_STATUS
+BootDiscoveryPolicyHandler (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ UINT32 DiscoveryPolicy;
+ UINTN Size;
+ EFI_BOOT_MANAGER_POLICY_PROTOCOL *BMPolicy;
+ EFI_GUID *Class;
+
+ Size = sizeof (DiscoveryPolicy);
+ Status = gRT->GetVariable (
+ BOOT_DISCOVERY_POLICY_VAR,
+ &gBootDiscoveryPolicyMgrFormsetGuid,
+ NULL,
+ &Size,
+ &DiscoveryPolicy
+ );
+ if (Status == EFI_NOT_FOUND) {
+ Status = PcdSet32S (PcdBootDiscoveryPolicy, PcdGet32 (PcdBootDiscoveryPolicy));
+ DiscoveryPolicy = PcdGet32 (PcdBootDiscoveryPolicy);
+ if (Status == EFI_NOT_FOUND) {
+ return EFI_SUCCESS;
+ } else if (EFI_ERROR (Status)) {
+ return Status;
+ }
+ } else if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ if (DiscoveryPolicy == BDP_CONNECT_MINIMAL) {
+ return EFI_SUCCESS;
+ }
+
+ switch (DiscoveryPolicy) {
+ case BDP_CONNECT_NET:
+ Class = &gEfiBootManagerPolicyNetworkGuid;
+ break;
+ case BDP_CONNECT_ALL:
+ Class = &gEfiBootManagerPolicyConnectAllGuid;
+ break;
+ default:
+ DEBUG ((
+ DEBUG_INFO,
+ "%a - Unexpected DiscoveryPolicy (0x%x). Run Minimal Discovery Policy\n",
+ __FUNCTION__,
+ DiscoveryPolicy
+ ));
+ return EFI_SUCCESS;
+ }
+
+ Status = gBS->LocateProtocol (
+ &gEfiBootManagerPolicyProtocolGuid,
+ NULL,
+ (VOID **)&BMPolicy
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a - Failed to locate gEfiBootManagerPolicyProtocolGuid - %r\n", __FUNCTION__, Status));
+ return Status;
+ }
+
+ Status = BMPolicy->ConnectDeviceClass (BMPolicy, Class);
+ if (EFI_ERROR (Status)){
+ DEBUG ((DEBUG_ERROR, "%a - ConnectDeviceClass returns - %r\n", __FUNCTION__, Status));
+ return Status;
+ }
+
+ EfiBootManagerRefreshAllBootOption();
+
+ return EFI_SUCCESS;
+}
+
/**
Do the platform specific action after the console is ready
Possible things that can be done in PlatformBootManagerAfterConsole:
@@ -644,6 +730,11 @@ PlatformBootManagerAfterConsole (
DEBUG ((DEBUG_INFO, "Boot Policy is Fast Boot. Skip connecting all devices\n"));
}

+ Status = BootDiscoveryPolicyHandler ();
+ if (EFI_ERROR(Status)) {
+ DEBUG ((DEBUG_INFO, "Error applying Boot Discovery Policy:%r\n", Status));
+ }
+
Status = gBS->LocateProtocol (&gEsrtManagementProtocolGuid, NULL, (VOID**)&EsrtManagement);
if (!EFI_ERROR (Status)) {
EsrtManagement->SyncEsrtFmp ();
--
2.25.1


[PATCH v4 1/1] MdeModulePkg: Add BootDiscoveryPolicyUiLib.

Grzegorz Bernacki
 

This library extends Boot Maintenance Menu and allows to select
Boot Discovery Policy. When choice is made BootDiscoveryPolicy
variable is set. Platform code can use this variable to decide
which class of device shall be connected.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
Reviewed-by: Zhichao Gao <zhichao.gao@intel.com>
---
MdeModulePkg/MdeModulePkg.dec | 9 ++
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.inf | 52 +++++++
MdeModulePkg/Include/Guid/BootDiscoveryPolicy.h | 22 +++
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.c | 160 ++++++++++++++++++++
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.uni | 18 +++
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLibStrings.uni | 29 ++++
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLibVfr.Vfr | 44 ++++++
7 files changed, 334 insertions(+)
create mode 100644 MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.inf
create mode 100644 MdeModulePkg/Include/Guid/BootDiscoveryPolicy.h
create mode 100644 MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.c
create mode 100644 MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.uni
create mode 100644 MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLibStrings.uni
create mode 100644 MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLibVfr.Vfr

diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index ad84421cf3..133e04ee86 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -425,6 +425,9 @@
## Include/UniversalPayload/SerialPortInfo.h
gUniversalPayloadSerialPortInfoGuid = { 0xaa7e190d, 0xbe21, 0x4409, { 0x8e, 0x67, 0xa2, 0xcd, 0xf, 0x61, 0xe1, 0x70 } }

+ ## GUID used for Boot Discovery Policy FormSet guid and related variables.
+ gBootDiscoveryPolicyMgrFormsetGuid = { 0x5b6f7107, 0xbb3c, 0x4660, { 0x92, 0xcd, 0x54, 0x26, 0x90, 0x28, 0x0b, 0xbd } }
+
[Ppis]
## Include/Ppi/AtaController.h
gPeiAtaControllerPpiGuid = { 0xa45e60d1, 0xc719, 0x44aa, { 0xb0, 0x7a, 0xaa, 0x77, 0x7f, 0x85, 0x90, 0x6d }}
@@ -1600,6 +1603,12 @@
# @Prompt Console Output Row of Text Setup
gEfiMdeModulePkgTokenSpaceGuid.PcdSetupConOutRow|25|UINT32|0x4000000e

+ ## Specify the Boot Discovery Policy settings
+ # To support configuring from setup page, this PCD should be overridden in DynamicHii type in its platform .dsc:
+ # gEfiMdeModulePkgTokenSpaceGuid.PcdBootDiscoveryPolicy|L"BootDiscoveryPolicy"|gBootDiscoveryPolicyMgrFormsetGuid|0
+ # @Prompt Boot Discovery Policy
+ gEfiMdeModulePkgTokenSpaceGuid.PcdBootDiscoveryPolicy|2|UINT32|0x4000000f
+
[PcdsFixedAtBuild.AARCH64, PcdsPatchableInModule.AARCH64]
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiExposedTableVersions|0x20|UINT32|0x0001004c

diff --git a/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.inf b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.inf
new file mode 100644
index 0000000000..1fb4d43caa
--- /dev/null
+++ b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.inf
@@ -0,0 +1,52 @@
+## @file
+# Library for BDS phase to use Boot Discovery Policy
+#
+# Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>
+# Copyright (c) 2021, Semihalf All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = BootDiscoveryPolicyUiLib
+ MODULE_UNI_FILE = BootDiscoveryPolicyUiLib.uni
+ FILE_GUID = BE73105A-B13D-4B57-A41A-463DBD15FE10
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = NULL|DXE_DRIVER UEFI_APPLICATION
+ CONSTRUCTOR = BootDiscoveryPolicyUiLibConstructor
+ DESTRUCTOR = BootDiscoveryPolicyUiLibDestructor
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 AARCH64
+#
+
+[Sources]
+ BootDiscoveryPolicyUiLib.c
+ BootDiscoveryPolicyUiLibStrings.uni
+ BootDiscoveryPolicyUiLibVfr.Vfr
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+
+[LibraryClasses]
+ DevicePathLib
+ BaseLib
+ UefiRuntimeServicesTableLib
+ UefiBootServicesTableLib
+ DebugLib
+ HiiLib
+ UefiLib
+ BaseMemoryLib
+
+[Guids]
+ gBootDiscoveryPolicyMgrFormsetGuid
+
+[Pcd]
+ gEfiMdeModulePkgTokenSpaceGuid.PcdBootDiscoveryPolicy ## PRODUCES
+
+[Depex]
+ gEfiHiiDatabaseProtocolGuid AND gPcdProtocolGuid
diff --git a/MdeModulePkg/Include/Guid/BootDiscoveryPolicy.h b/MdeModulePkg/Include/Guid/BootDiscoveryPolicy.h
new file mode 100644
index 0000000000..8eb0968a16
--- /dev/null
+++ b/MdeModulePkg/Include/Guid/BootDiscoveryPolicy.h
@@ -0,0 +1,22 @@
+/** @file
+ Definition for structure & defines exported by Boot Discovery Policy UI
+
+ Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>
+ Copyright (c) 2021, Semihalf All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _BOOT_DISCOVERY_POLICY_UI_LIB_H_
+#define _BOOT_DISCOVERY_POLICY_UI_LIB_H_
+
+#define BDP_CONNECT_MINIMAL 0 /* Do not connect any additional devices */
+#define BDP_CONNECT_NET 1
+#define BDP_CONNECT_ALL 2
+
+#define BOOT_DISCOVERY_POLICY_MGR_FORMSET_GUID { 0x5b6f7107, 0xbb3c, 0x4660, { 0x92, 0xcd, 0x54, 0x26, 0x90, 0x28, 0x0b, 0xbd } }
+
+#define BOOT_DISCOVERY_POLICY_VAR L"BootDiscoveryPolicy"
+
+#endif
diff --git a/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.c b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.c
new file mode 100644
index 0000000000..6814d0bb8f
--- /dev/null
+++ b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.c
@@ -0,0 +1,160 @@
+/** @file
+ Boot Discovery Policy UI for Boot Maintenance menu.
+
+ Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>
+ Copyright (c) 2021, Semihalf All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Guid/BootDiscoveryPolicy.h>
+#include <Library/UefiDriverEntryPoint.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+#include <Library/BaseLib.h>
+#include <Library/DevicePathLib.h>
+#include <Library/DebugLib.h>
+#include <Library/HiiLib.h>
+#include <Library/UefiLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Include/Library/PcdLib.h>
+
+///
+/// HII specific Vendor Device Path definition.
+///
+typedef struct {
+ VENDOR_DEVICE_PATH VendorDevicePath;
+ EFI_DEVICE_PATH_PROTOCOL End;
+} HII_VENDOR_DEVICE_PATH;
+
+extern unsigned char BootDiscoveryPolicyUiLibVfrBin[];
+
+EFI_HII_HANDLE mBPHiiHandle = NULL;
+EFI_HANDLE mBPDriverHandle = NULL;
+
+STATIC HII_VENDOR_DEVICE_PATH mVendorDevicePath = {
+ {
+ {
+ HARDWARE_DEVICE_PATH,
+ HW_VENDOR_DP,
+ {
+ (UINT8)(sizeof (VENDOR_DEVICE_PATH)),
+ (UINT8)((sizeof (VENDOR_DEVICE_PATH)) >> 8)
+ }
+ },
+ BOOT_DISCOVERY_POLICY_MGR_FORMSET_GUID
+ },
+ {
+ END_DEVICE_PATH_TYPE,
+ END_ENTIRE_DEVICE_PATH_SUBTYPE,
+ {
+ (UINT8)(END_DEVICE_PATH_LENGTH),
+ (UINT8)((END_DEVICE_PATH_LENGTH) >> 8)
+ }
+ }
+};
+
+/**
+
+ Initialize Boot Maintenance Menu library.
+
+ @param ImageHandle The image handle.
+ @param SystemTable The system table.
+
+ @retval EFI_SUCCESS Install Boot manager menu success.
+ @retval Other Return error status.gBPDisplayLibGuid
+
+**/
+EFI_STATUS
+EFIAPI
+BootDiscoveryPolicyUiLibConstructor (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ EFI_STATUS Status;
+ UINTN Size;
+ UINT32 BootDiscoveryPolicy;
+
+ Size = sizeof (UINT32);
+ Status = gRT->GetVariable (
+ BOOT_DISCOVERY_POLICY_VAR,
+ &gBootDiscoveryPolicyMgrFormsetGuid,
+ NULL,
+ &Size,
+ &BootDiscoveryPolicy
+ );
+ if (EFI_ERROR (Status)) {
+ Status = PcdSet32S (PcdBootDiscoveryPolicy, PcdGet32 (PcdBootDiscoveryPolicy));
+ ASSERT_EFI_ERROR (Status);
+ }
+
+ Status = gBS->InstallMultipleProtocolInterfaces (
+ &mBPDriverHandle,
+ &gEfiDevicePathProtocolGuid,
+ &mVendorDevicePath,
+ NULL
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ //
+ // Publish our HII data
+ //
+ mBPHiiHandle = HiiAddPackages (
+ &gBootDiscoveryPolicyMgrFormsetGuid,
+ mBPDriverHandle,
+ BootDiscoveryPolicyUiLibVfrBin,
+ BootDiscoveryPolicyUiLibStrings,
+ NULL
+ );
+ if (mBPHiiHandle == NULL) {
+ gBS->UninstallMultipleProtocolInterfaces (
+ mBPDriverHandle,
+ &gEfiDevicePathProtocolGuid,
+ &mVendorDevicePath,
+ NULL
+ );
+
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Destructor of Boot Maintenance menu library.
+
+ @param ImageHandle The firmware allocated handle for the EFI image.
+ @param SystemTable A pointer to the EFI System Table.
+
+ @retval EFI_SUCCESS The destructor completed successfully.
+ @retval Other value The destructor did not complete successfully.
+
+**/
+EFI_STATUS
+EFIAPI
+BootDiscoveryPolicyUiLibDestructor (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+
+ if (mBPDriverHandle != NULL) {
+ gBS->UninstallProtocolInterface (
+ mBPDriverHandle,
+ &gEfiDevicePathProtocolGuid,
+ &mVendorDevicePath
+ );
+ mBPDriverHandle = NULL;
+ }
+
+ if (mBPHiiHandle != NULL) {
+ HiiRemovePackages (mBPHiiHandle);
+ mBPHiiHandle = NULL;
+ }
+
+ return EFI_SUCCESS;
+}
diff --git a/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.uni b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.uni
new file mode 100644
index 0000000000..eea3ca6c8d
--- /dev/null
+++ b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.uni
@@ -0,0 +1,18 @@
+// /** @file
+// Boot Discovery Policy UI module.
+//
+// Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>
+// Copyright (c) 2021, Semihalf All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT
+#language en-US "Boot Discovery Policy UI module."
+
+#string STR_MODULE_DESCRIPTION
+#language en-US "Boot Discovery Policy UI module."
+
+
diff --git a/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLibStrings.uni b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLibStrings.uni
new file mode 100644
index 0000000000..736011c9bb
--- /dev/null
+++ b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLibStrings.uni
@@ -0,0 +1,29 @@
+// *++
+//
+// Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>
+// Copyright (c) 2021, Semihalf All rights reserved.<BR>
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// Module Name:
+//
+// BootDiscoveryPolicyUiLibStrings.uni
+//
+// Abstract:
+//
+// String definitions for Boot Discovery Policy UI.
+//
+// --*/
+
+/=#
+
+
+#langdef en-US "English"
+
+#string STR_FORM_BDP_MAIN_TITLE #language en-US "Boot Discovery Policy"
+
+#string STR_FORM_BDP_CONN_MIN #language en-US "Minimal"
+
+#string STR_FORM_BDP_CONN_NET #language en-US "Connect Network Devices"
+
+#string STR_FORM_BDP_CONN_ALL #language en-US "Connect All Devices"
+
diff --git a/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLibVfr.Vfr b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLibVfr.Vfr
new file mode 100644
index 0000000000..0de87ec34f
--- /dev/null
+++ b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLibVfr.Vfr
@@ -0,0 +1,44 @@
+///** @file
+//
+// Formset for Boot Discovery Policy UI
+//
+// Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>
+// Copyright (c) 2021, Semihalf All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+//**/
+
+#include <Uefi/UefiMultiPhase.h>
+#include "Guid/BootDiscoveryPolicy.h"
+#include <Guid/HiiBootMaintenanceFormset.h>
+
+typedef struct {
+ UINT32 BootDiscoveryPolicy;
+} BOOT_DISCOVERY_POLICY_VARSTORE_DATA;
+
+formset
+ guid = BOOT_DISCOVERY_POLICY_MGR_FORMSET_GUID,
+ title = STRING_TOKEN(STR_FORM_BDP_MAIN_TITLE),
+ help = STRING_TOKEN(STR_FORM_BDP_MAIN_TITLE),
+ classguid = EFI_IFR_BOOT_MAINTENANCE_GUID,
+
+ efivarstore BOOT_DISCOVERY_POLICY_VARSTORE_DATA,
+ attribute = EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE,
+ name = BootDiscoveryPolicy,
+ guid = BOOT_DISCOVERY_POLICY_MGR_FORMSET_GUID;
+
+ form formid = 0x0001,
+ title = STRING_TOKEN(STR_FORM_BDP_MAIN_TITLE);
+
+ oneof varid = BootDiscoveryPolicy.BootDiscoveryPolicy,
+ prompt = STRING_TOKEN(STR_FORM_BDP_MAIN_TITLE),
+ help = STRING_TOKEN(STR_FORM_BDP_MAIN_TITLE),
+ flags = NUMERIC_SIZE_4 | INTERACTIVE | RESET_REQUIRED,
+ option text = STRING_TOKEN(STR_FORM_BDP_CONN_MIN), value = BDP_CONNECT_MINIMAL, flags = DEFAULT;
+ option text = STRING_TOKEN(STR_FORM_BDP_CONN_NET), value = BDP_CONNECT_NET, flags = 0;
+ option text = STRING_TOKEN(STR_FORM_BDP_CONN_ALL), value = BDP_CONNECT_ALL, flags = 0;
+ endoneof;
+
+ endform;
+endformset;
--
2.25.1


[edk2-platforms PATCH v4 0/2]Add BootDiscoveryPolicyUiLib

Grzegorz Bernacki
 

This patchset extends Boot Maintenance Menu and allows to select
Boot Discovery Policy. Raspberry Pi platforms uses the variable to
connect specified class of devices on boot. This patchset also
removes efdc159e which has similar functionality.

Discussion on design can be found at:
https://edk2.groups.io/g/rfc/topic/rfc_boot_discovery_policy/82450628

Changes since v1:
- make 'Connect All' (0x2) default value for PcdBootDiscoveryPolicy
- initialize BootDiscoveryPolicy variable in platform code, if not found

Changes since v2:
- add missing local variable initialization

Changes since v3:
- add description to PcdBootDiscoveryPolicy

Grzegorz Bernacki (3):
edk2:
MdeModulePkg: Add BootDiscoveryPolicyUiLib.
edk2-platform:
Platform/RaspberryPi: Enable Boot Discovery Policy.
Revert "Platform/RaspberryPi: Setup option for disabling Fast Boot"

Platform/RaspberryPi/RaspberryPi.dec | 2 -
Platform/RaspberryPi/RPi3/RPi3.dsc | 9 +-
Platform/RaspberryPi/RPi4/RPi4.dsc | 12 +--
Platform/RaspberryPi/RPi4/RPi4.fdf | 1 +
Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxe.inf | 3 +-
Platform/RaspberryPi/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf | 6 +-
Platform/RaspberryPi/Include/ConfigVars.h | 12 +--
Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxeHii.vfr | 16 +--
Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxe.c | 11 +--
Platform/RaspberryPi/Library/PlatformBootManagerLib/PlatformBm.c | 102 +++++++++++++++++---
Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxeHii.uni | 10 +-
MdeModulePkg/MdeModulePkg.dec | 9 ++
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.inf | 52 +++++++
MdeModulePkg/Include/Guid/BootDiscoveryPolicy.h | 22 +++
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.c | 160 ++++++++++++++++++++
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.uni | 18 +++
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLibStrings.uni | 29 ++++
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLibVfr.Vfr | 44 ++++++
18 files changed, 443 insertions(+), 77 deletions(-)
create mode 100644 MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.inf
create mode 100644 MdeModulePkg/Include/Guid/BootDiscoveryPolicy.h
create mode 100644 MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.c
create mode 100644 MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.uni
create mode 100644 MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLibStrings.uni
create mode 100644 MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLibVfr.Vfr


--
2.25.1


[Patch V2] NetworkPkg: Add HTTP Additional Event Notifications

Heng Luo
 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3496

Add new EDKII_HTTP_CALLBACK_PROTOCOL in NetworkPkg,
Send HTTP Events via EDKII_HTTP_CALLBACK_PROTOCOL
when Dns/ConnectTcp/TlsConnectSession/InitSession
occurs.

Signed-off-by: Heng Luo <heng.luo@intel.com>
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
---
NetworkPkg/HttpDxe/HttpDriver.h | 3 ++-
NetworkPkg/HttpDxe/HttpDxe.inf | 3 ++-
NetworkPkg/HttpDxe/HttpImpl.c | 4 +++-
NetworkPkg/HttpDxe/HttpProto.c | 58 ++++++++++++++++++++++++++=
+++++++++++++++++++++++++++++++-
NetworkPkg/HttpDxe/HttpProto.h | 15 ++++++++++++++-
NetworkPkg/Include/Protocol/HttpCallback.h | 85 ++++++++++++++++++++++++++=
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
NetworkPkg/NetworkPkg.dec | 3 +++
7 files changed, 166 insertions(+), 5 deletions(-)

diff --git a/NetworkPkg/HttpDxe/HttpDriver.h b/NetworkPkg/HttpDxe/HttpDrive=
r.h
index 5fe8c5b5e9..b701b80858 100644
--- a/NetworkPkg/HttpDxe/HttpDriver.h
+++ b/NetworkPkg/HttpDxe/HttpDriver.h
@@ -1,7 +1,7 @@
/** @file=0D
The header files of the driver binding and service binding protocol for =
HttpDxe driver.=0D
=0D
- Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>=0D
+ Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.<BR>=0D
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>=0D
=0D
SPDX-License-Identifier: BSD-2-Clause-Patent=0D
@@ -47,6 +47,7 @@
#include <Protocol/Ip6Config.h>=0D
#include <Protocol/Tls.h>=0D
#include <Protocol/TlsConfig.h>=0D
+#include <Protocol/HttpCallback.h>=0D
=0D
#include <Guid/ImageAuthentication.h>=0D
//=0D
diff --git a/NetworkPkg/HttpDxe/HttpDxe.inf b/NetworkPkg/HttpDxe/HttpDxe.inf
index 35fe31af18..23fb9ec394 100644
--- a/NetworkPkg/HttpDxe/HttpDxe.inf
+++ b/NetworkPkg/HttpDxe/HttpDxe.inf
@@ -1,7 +1,7 @@
## @file=0D
# Implementation of EFI HTTP protocol interfaces.=0D
#=0D
-# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>=
=0D
+# Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.<BR>=
=0D
#=0D
# SPDX-License-Identifier: BSD-2-Clause-Patent=0D
#=0D
@@ -65,6 +65,7 @@
gEfiTlsServiceBindingProtocolGuid ## SOMETIMES_CONSUMES=0D
gEfiTlsProtocolGuid ## SOMETIMES_CONSUMES=0D
gEfiTlsConfigurationProtocolGuid ## SOMETIMES_CONSUMES=0D
+ gEdkiiHttpCallbackProtocolGuid ## SOMETIMES_CONSUMES=0D
=0D
[Guids]=0D
gEfiTlsCaCertificateGuid ## SOMETIMES_CONSUMES =
## Variable:L"TlsCaCertificate"=0D
diff --git a/NetworkPkg/HttpDxe/HttpImpl.c b/NetworkPkg/HttpDxe/HttpImpl.c
index 5a6ecbc9d9..97f15d229f 100644
--- a/NetworkPkg/HttpDxe/HttpImpl.c
+++ b/NetworkPkg/HttpDxe/HttpImpl.c
@@ -1,7 +1,7 @@
/** @file=0D
Implementation of EFI_HTTP_PROTOCOL protocol interfaces.=0D
=0D
- Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>=0D
+ Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.<BR>=0D
(C) Copyright 2015-2016 Hewlett Packard Enterprise Development LP<BR>=0D
=0D
SPDX-License-Identifier: BSD-2-Clause-Patent=0D
@@ -527,6 +527,7 @@ EfiHttpRequest (
} else {=0D
Status =3D HttpDns6 (HttpInstance, HostNameStr, &HttpInstance->Rem=
oteIpv6Addr);=0D
}=0D
+ HttpNotify (HttpEventDns, Status);=0D
=0D
FreePool (HostNameStr);=0D
if (EFI_ERROR (Status)) {=0D
@@ -588,6 +589,7 @@ EfiHttpRequest (
Configure || ReConfigure,=0D
TlsConfigure=0D
);=0D
+ HttpNotify (HttpEventInitSession, Status);=0D
if (EFI_ERROR (Status)) {=0D
goto Error2;=0D
}=0D
diff --git a/NetworkPkg/HttpDxe/HttpProto.c b/NetworkPkg/HttpDxe/HttpProto.c
index afc7db5a72..affa916bd6 100644
--- a/NetworkPkg/HttpDxe/HttpProto.c
+++ b/NetworkPkg/HttpDxe/HttpProto.c
@@ -1,7 +1,7 @@
/** @file=0D
Miscellaneous routines for HttpDxe driver.=0D
=0D
-Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>=0D
+Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.<BR>=0D
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>=0D
SPDX-License-Identifier: BSD-2-Clause-Patent=0D
=0D
@@ -966,6 +966,7 @@ HttpCreateConnection (
HttpInstance->IsTcp4ConnDone =3D FALSE;=0D
HttpInstance->Tcp4ConnToken.CompletionToken.Status =3D EFI_NOT_READY;=
=0D
Status =3D HttpInstance->Tcp4->Connect (HttpInstance->Tcp4, &HttpInsta=
nce->Tcp4ConnToken);=0D
+ HttpNotify (HttpEventConnectTcp, Status);=0D
if (EFI_ERROR (Status)) {=0D
DEBUG ((EFI_D_ERROR, "HttpCreateConnection: Tcp4->Connect() =3D %r\n=
", Status));=0D
return Status;=0D
@@ -981,6 +982,7 @@ HttpCreateConnection (
HttpInstance->IsTcp6ConnDone =3D FALSE;=0D
HttpInstance->Tcp6ConnToken.CompletionToken.Status =3D EFI_NOT_READY;=
=0D
Status =3D HttpInstance->Tcp6->Connect (HttpInstance->Tcp6, &HttpInsta=
nce->Tcp6ConnToken);=0D
+ HttpNotify (HttpEventConnectTcp, Status);=0D
if (EFI_ERROR (Status)) {=0D
DEBUG ((EFI_D_ERROR, "HttpCreateConnection: Tcp6->Connect() =3D %r\n=
", Status));=0D
return Status;=0D
@@ -1277,6 +1279,7 @@ HttpConnectTcp4 (
}=0D
=0D
Status =3D TlsConnectSession (HttpInstance, HttpInstance->TimeoutEvent=
);=0D
+ HttpNotify (HttpEventTlsConnectSession, Status);=0D
=0D
gBS->SetTimer (HttpInstance->TimeoutEvent, TimerCancel, 0);=0D
=0D
@@ -1369,6 +1372,7 @@ HttpConnectTcp6 (
}=0D
=0D
Status =3D TlsConnectSession (HttpInstance, HttpInstance->TimeoutEvent=
);=0D
+ HttpNotify (HttpEventTlsConnectSession, Status);=0D
=0D
gBS->SetTimer (HttpInstance->TimeoutEvent, TimerCancel, 0);=0D
=0D
@@ -2195,3 +2199,55 @@ HttpTcpTokenCleanup (
}=0D
=0D
}=0D
+=0D
+/**=0D
+ Send Events via EDKII_HTTP_CALLBACK_PROTOCOL.=0D
+=0D
+ @param[in] Event The event that occurs in the current sta=
te.=0D
+ @param[in] EventStatus The Status of Event, EFI_SUCCESS or othe=
r errors.=0D
+=0D
+**/=0D
+VOID=0D
+HttpNotify (=0D
+ IN EDKII_HTTP_CALLBACK_EVENT Event,=0D
+ IN EFI_STATUS EventStatus=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ EFI_HANDLE *Handles;=0D
+ UINTN Index;=0D
+ UINTN HandleCount;=0D
+ EFI_HANDLE Handle;=0D
+ EDKII_HTTP_CALLBACK_PROTOCOL *HttpCallback;=0D
+=0D
+ DEBUG ((DEBUG_INFO, "HttpNotify: Event - %d, EventStatus - %r\n", Event,=
EventStatus));=0D
+=0D
+ Handles =3D NULL;=0D
+ HandleCount =3D 0;=0D
+ Status =3D gBS->LocateHandleBuffer (=0D
+ ByProtocol,=0D
+ &gEdkiiHttpCallbackProtocolGuid,=0D
+ NULL,=0D
+ &HandleCount,=0D
+ &Handles=0D
+ );=0D
+ if (Status =3D=3D EFI_SUCCESS) {=0D
+ for (Index =3D 0; Index < HandleCount; Index++) {=0D
+ Handle =3D Handles[Index];=0D
+ Status =3D gBS->HandleProtocol (=0D
+ Handle,=0D
+ &gEdkiiHttpCallbackProtocolGuid,=0D
+ (VOID **) &HttpCallback=0D
+ );=0D
+ if (Status =3D=3D EFI_SUCCESS) {=0D
+ DEBUG ((DEBUG_INFO, "HttpNotify: Notifying %p\n", HttpCallback));=
=0D
+ HttpCallback->Callback (=0D
+ HttpCallback,=0D
+ Event,=0D
+ EventStatus=0D
+ );=0D
+ }=0D
+ }=0D
+ FreePool (Handles);=0D
+ }=0D
+}=0D
diff --git a/NetworkPkg/HttpDxe/HttpProto.h b/NetworkPkg/HttpDxe/HttpProto.h
index 00ba26aca4..5b90a6b074 100644
--- a/NetworkPkg/HttpDxe/HttpProto.h
+++ b/NetworkPkg/HttpDxe/HttpProto.h
@@ -1,7 +1,7 @@
/** @file=0D
The header files of miscellaneous routines for HttpDxe driver.=0D
=0D
-Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>=0D
+Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.<BR>=0D
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>=0D
SPDX-License-Identifier: BSD-2-Clause-Patent=0D
=0D
@@ -609,4 +609,17 @@ HttpResponseWorker (
IN HTTP_TOKEN_WRAP *Wrap=0D
);=0D
=0D
+/**=0D
+ Send Events via EDKII_HTTP_CALLBACK_PROTOCOL.=0D
+=0D
+ @param[in] Event The event that occurs in the current sta=
te.=0D
+ @param[in] EventStatus The Status of Event, EFI_SUCCESS or othe=
r errors.=0D
+=0D
+**/=0D
+VOID=0D
+HttpNotify (=0D
+ IN EDKII_HTTP_CALLBACK_EVENT Event,=0D
+ IN EFI_STATUS EventStatus=0D
+ );=0D
+=0D
#endif=0D
diff --git a/NetworkPkg/Include/Protocol/HttpCallback.h b/NetworkPkg/Includ=
e/Protocol/HttpCallback.h
new file mode 100644
index 0000000000..d036a8a4be
--- /dev/null
+++ b/NetworkPkg/Include/Protocol/HttpCallback.h
@@ -0,0 +1,85 @@
+/** @file=0D
+ This file defines the EDKII HTTP Callback Protocol interface.=0D
+=0D
+ Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>=0D
+ SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+**/=0D
+=0D
+#ifndef __EDKII_HTTP_CALLBACK_H__=0D
+#define __EDKII_HTTP_CALLBACK_H__=0D
+=0D
+#define EDKII_HTTP_CALLBACK_PROTOCOL_GUID \=0D
+ { \=0D
+ 0x611114f1, 0xa37b, 0x4468, {0xa4, 0x36, 0x5b, 0xdd, 0xa1, 0x6a, 0xa2,=
0x40} \=0D
+ }=0D
+=0D
+typedef struct _EDKII_HTTP_CALLBACK_PROTOCOL EDKII_HTTP_CALLBACK_PROTOCOL=
;=0D
+=0D
+///=0D
+/// EDKII_HTTP_CALLBACK_EVENT=0D
+///=0D
+typedef enum {=0D
+ ///=0D
+ /// The Status of DNS Event to retrieve the host address.=0D
+ /// EventStatus:=0D
+ /// EFI_SUCCESS Operation succeeded.=0D
+ /// EFI_OUT_OF_RESOURCES Failed to allocate needed resources.=0D
+ /// EFI_DEVICE_ERROR An unexpected network error occurred.=0D
+ /// Others Other errors as indicated.=0D
+ ///=0D
+ HttpEventDns,=0D
+=0D
+ ///=0D
+ /// The Status of Event to initiate a nonblocking TCP connection request=
.=0D
+ /// EventStatus:=0D
+ /// EFI_SUCCESS The connection request is successfully initia=
ted.=0D
+ /// EFI_NOT_STARTED This EFI TCP Protocol instance has not been c=
onfigured.=0D
+ /// EFI_DEVICE_ERROR An unexpected system or network error occurre=
d.=0D
+ /// Others Other errors as indicated.=0D
+ ///=0D
+ HttpEventConnectTcp,=0D
+=0D
+ ///=0D
+ /// The Status of Event to connect one TLS session by finishing the TLS =
handshake process.=0D
+ /// EventStatus:=0D
+ /// EFI_SUCCESS The TLS session is established.=0D
+ /// EFI_OUT_OF_RESOURCES Can't allocate memory resources.=0D
+ /// EFI_ABORTED TLS session state is incorrect.=0D
+ /// Others Other error as indicated.=0D
+ ///=0D
+ HttpEventTlsConnectSession,=0D
+=0D
+ ///=0D
+ /// The Status of Event to initialize Http session=0D
+ /// EventStatus:=0D
+ /// EFI_SUCCESS The initialization of session is done.=0D
+ /// Others Other error as indicated.=0D
+ ///=0D
+ HttpEventInitSession=0D
+} EDKII_HTTP_CALLBACK_EVENT;=0D
+=0D
+/**=0D
+ Callback function that is invoked when HTTP event occurs.=0D
+=0D
+ @param[in] This Pointer to the EDKII_HTTP_CALLBACK_PROTO=
COL instance.=0D
+ @param[in] Event The event that occurs in the current sta=
te.=0D
+ @param[in] EventStatus The Status of Event, EFI_SUCCESS or othe=
r errors.=0D
+**/=0D
+typedef=0D
+VOID=0D
+(EFIAPI * EDKII_HTTP_CALLBACK) (=0D
+ IN EDKII_HTTP_CALLBACK_PROTOCOL *This,=0D
+ IN EDKII_HTTP_CALLBACK_EVENT Event,=0D
+ IN EFI_STATUS EventStatus=0D
+ );=0D
+=0D
+///=0D
+/// EFI HTTP Callback Protocol is invoked when HTTP event occurs.=0D
+///=0D
+struct _EDKII_HTTP_CALLBACK_PROTOCOL {=0D
+ EDKII_HTTP_CALLBACK Callback;=0D
+};=0D
+=0D
+extern EFI_GUID gEdkiiHttpCallbackProtocolGuid;=0D
+=0D
+#endif=0D
diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec
index b81f10ef6e..0f9f7bb15e 100644
--- a/NetworkPkg/NetworkPkg.dec
+++ b/NetworkPkg/NetworkPkg.dec
@@ -88,6 +88,9 @@
## Include/Protocol/Dpc.h=0D
gEfiDpcProtocolGuid =3D {0x480f8ae9, 0xc46, 0x4aa9, { 0xbc, 0=
x89, 0xdb, 0x9f, 0xba, 0x61, 0x98, 0x6 }}=0D
=0D
+ ## Include/Protocol/HttpCallback.h=0D
+ gEdkiiHttpCallbackProtocolGuid =3D {0x611114f1, 0xa37b, 0x4468, {0xa4, =
0x36, 0x5b, 0xdd, 0xa1, 0x6a, 0xa2, 0x40}}=0D
+=0D
[PcdsFixedAtBuild]=0D
## The max attempt number will be created by iSCSI driver.=0D
# @Prompt Max attempt number.=0D
--=20
2.31.1.windows.1


[staging/edk2-redfish-client Tools PATCH 5/6] RedfishClientPkg/Redfish-Profile-Simulator: Add ETAG on memory resource

Abner Chang
 

Add ETAG support on Memory resource.

Signed-off-by: Abner Chang <abner.chang@hpe.com>
Cc: Nickle Wang <nickle.wang@hpe.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
---
.../Redfish-Profile-Simulator/v1sim/systems.py | 13 +++++++++++++
1 file changed, 13 insertions(+)

diff --git a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/systems.py b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/systems.py
index 690101fb10..de4b839aeb 100644
--- a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/systems.py
+++ b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/systems.py
@@ -18,6 +18,7 @@ from .resource import RfResource, RfCollection
from .storage import RfSimpleStorageCollection, RfSmartStorage
import flask
import json
+import hashlib
from collections import OrderedDict

class RfSystemsCollection(RfCollection):
@@ -142,13 +143,25 @@ class RfMemoryCollection(RfCollection):
self.res_data["Members"].append({"@odata.id":newMemoryUrl})

post_data["@odata.id"] = newMemoryUrl
+
+ md5 = hashlib.md5()
+ md5.update(json.dumps(post_data).encode("utf-8"))
+ etag_str = 'W/"' + md5.hexdigest() + '"'
+ post_data["@odata.etag"] = etag_str
self.elements[str(newMemoryIdx)] = post_data

resp = flask.Response(json.dumps(post_data,indent=4))
resp.headers["Location"] = newMemoryUrl
+ resp.headers["ETag"] = etag_str
+
return 0, 200, None, resp

def patch_memory(self, Idx, patch_data):
+ md5 = hashlib.md5()
+ md5.update(json.dumps(patch_data).encode("utf-8"))
+ etag_str = 'W/"' + md5.hexdigest() + '"'
+ patch_data["@odata.etag"] = etag_str
+
self.elements[str(Idx)] = {**self.elements[str(Idx)], **patch_data}
resp = flask.Response(json.dumps(self.elements[str(Idx)],indent=4))
return 0, 200, None, resp
--
2.17.1


[staging/edk2-redfish-client Tools PATCH 6/6] RedfishClientPkg/Redfish-Profile-Simulator: Add requirements

Abner Chang
 

add requirements.txt for the required python module

Signed-off-by: Abner Chang <abner.chang@hpe.com>
Cc: Nickle Wang <nickle.wang@hpe.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
---
.../Tools/Redfish-Profile-Simulator/requirements.txt | 2 ++
1 file changed, 2 insertions(+)
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/requirements.txt

diff --git a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/requirements.txt b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/requirements.txt
new file mode 100644
index 0000000000..88807d87c2
--- /dev/null
+++ b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/requirements.txt
@@ -0,0 +1,2 @@
+flask==1.1.1
+pyOpenSSL
--
2.17.1


[staging/edk2-redfish-client Tools PATCH 0/6] Initial commit of Redfish Profile Simulator

Abner Chang
 

This is an open source project on DMTF GitHub.
(https://github.com/DMTF/Redfish-Profile-Simulator)

We clone this project under RedfishClientPkg and maintain it by edk2
because this project has currently been using and updating rarely.
That is easier for edk2 to add features to the simulator or modify the
simulator to align with edk2 requirement on Redfish service.

The license of this tool is on the term of BSD 3-Clause License.
Refer to LICENSE.md.

Signed-off-by: Abner Chang <abner.chang@hpe.com>
Cc: Nickle Wang <nickle.wang@hpe.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>

Abner Chang (6):
RedfishClientPkg/Tools: Initial commit of Redfish Profile Simulator
RedfishClientPkg/Tools: Add more Redfish resource
RedfishClientPkg/Redfish-Profile-Simulator: Add more features
RedfishClientPkg/Redfish-Profile-Simulator: HTTP methods on Memory
Collection
RedfishClientPkg/Redfish-Profile-Simulator: Add ETAG on memory
resource
RedfishClientPkg/Redfish-Profile-Simulator: Add requirements

.../Redfish-Profile-Simulator/AUTHORS.md | 2 +
.../Redfish-Profile-Simulator/CHANGELOG.md | 15 +
.../Redfish-Profile-Simulator/LICENSE.md | 57 +++
.../Tools/Redfish-Profile-Simulator/README.md | 96 +++++
.../SimpleOcpServerV1/redfish/index.json | 3 +
.../redfish/v1/$metadata/index.xml | 151 +++++++
.../v1/AccountService/Accounts/index.json | 19 +
.../AccountService/Accounts/jane/index.json | 19 +
.../AccountService/Accounts/john/index.json | 19 +
.../AccountService/Accounts/root/index.json | 19 +
.../v1/AccountService/Roles/Admin/index.json | 17 +
.../AccountService/Roles/Operator/index.json | 15 +
.../Roles/ReadOnlyUser/index.json | 13 +
.../v1/AccountService/Roles/index.json | 19 +
.../redfish/v1/AccountService/index.json | 25 ++
.../redfish/v1/Chassis/A33/Power/index.json | 28 ++
.../redfish/v1/Chassis/A33/Thermal/index.json | 150 +++++++
.../redfish/v1/Chassis/A33/index.json | 46 ++
.../redfish/v1/Chassis/index.json | 13 +
.../bmc/EthernetInterfaces/eth0/index.json | 60 +++
.../bmc/EthernetInterfaces/index.json | 15 +
.../Managers/bmc/NetworkProtocol/index.json | 47 +++
.../redfish/v1/Managers/bmc/index.json | 53 +++
.../redfish/v1/Managers/index.json | 13 +
.../index.json | 16 +
.../redfish/v1/Registries/index.json | 14 +
.../Sessions/SESSION123456/index.json | 10 +
.../v1/SessionService/Sessions/index.json | 12 +
.../redfish/v1/SessionService/index.json | 17 +
.../2M220100SL/Bios/Settings/index.json | 31 ++
.../v1/Systems/2M220100SL/Bios/index.json | 202 +++++++++
.../LogServices/SEL/Entries/1/index.json | 27 ++
.../LogServices/SEL/Entries/2/index.json | 27 ++
.../LogServices/SEL/Entries/index.json | 62 +++
.../2M220100SL/LogServices/SEL/index.json | 27 ++
.../Systems/2M220100SL/LogServices/index.json | 15 +
.../v1/Systems/2M220100SL/Memory/1/index.json | 56 +++
.../v1/Systems/2M220100SL/Memory/2/index.json | 46 ++
.../v1/Systems/2M220100SL/Memory/3/index.json | 46 ++
.../v1/Systems/2M220100SL/Memory/4/index.json | 46 ++
.../v1/Systems/2M220100SL/Memory/index.json | 22 +
.../redfish/v1/Systems/2M220100SL/index.json | 76 ++++
.../2M220101SL/Bios/Settings/index.json | 13 +
.../v1/Systems/2M220101SL/Bios/index.json | 17 +
.../Systems/2M220101SL/BootOptions/index.json | 10 +
.../LogServices/SEL/Entries/1/index.json | 28 ++
.../LogServices/SEL/Entries/2/index.json | 28 ++
.../LogServices/SEL/Entries/index.json | 64 +++
.../2M220101SL/LogServices/SEL/index.json | 27 ++
.../Systems/2M220101SL/LogServices/index.json | 15 +
.../2M220101SL/Memory/_backup/1/index.json | 56 +++
.../2M220101SL/Memory/_backup/2/index.json | 46 ++
.../2M220101SL/Memory/_backup/3/index.json | 46 ++
.../2M220101SL/Memory/_backup/4/index.json | 46 ++
.../2M220101SL/Memory/_backup/index.json | 22 +
.../v1/Systems/2M220101SL/Memory/index.json | 10 +
.../redfish/v1/Systems/2M220101SL/index.json | 82 ++++
.../2M220102SL/Bios/Settings/index.json | 31 ++
.../v1/Systems/2M220102SL/Bios/index.json | 202 +++++++++
.../LogServices/SEL/Entries/1/index.json | 28 ++
.../LogServices/SEL/Entries/2/index.json | 28 ++
.../LogServices/SEL/Entries/index.json | 64 +++
.../2M220102SL/LogServices/SEL/index.json | 27 ++
.../Systems/2M220102SL/LogServices/index.json | 15 +
.../v1/Systems/2M220102SL/Memory/1/index.json | 56 +++
.../v1/Systems/2M220102SL/Memory/2/index.json | 46 ++
.../v1/Systems/2M220102SL/Memory/3/index.json | 46 ++
.../v1/Systems/2M220102SL/Memory/4/index.json | 46 ++
.../v1/Systems/2M220102SL/Memory/index.json | 22 +
.../redfish/v1/Systems/2M220102SL/index.json | 76 ++++
.../redfish/v1/Systems/index.json | 19 +
.../SimpleOcpServerV1/redfish/v1/index.json | 34 ++
.../redfish/v1/odata/index.json | 56 +++
.../redfishProfileSimulator.py | 197 +++++++++
.../requirements.txt | 2 +
.../v1sim/__init__.py | 4 +
.../v1sim/accountService.py | 76 ++++
.../v1sim/chassis.py | 115 +++++
.../v1sim/common_services.py | 28 ++
.../v1sim/flask_redfish_auth.py | 278 ++++++++++++
.../v1sim/managers.py | 211 ++++++++++
.../v1sim/network.py | 48 +++
.../v1sim/redfishURIs.py | 397 ++++++++++++++++++
.../v1sim/registry.py | 14 +
.../v1sim/resource.py | 123 ++++++
.../v1sim/security.py | 35 ++
.../v1sim/serviceRoot.py | 87 ++++
.../v1sim/serviceVersions.py | 9 +
.../v1sim/sessionService.py | 41 ++
.../v1sim/storage.py | 116 +++++
.../v1sim/systems.py | 325 ++++++++++++++
.../v1sim/updateService.py | 84 ++++
92 files changed, 5162 insertions(+)
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/AUTHORS.md
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/CHANGELOG.md
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/LICENSE.md
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/README.md
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/$metadata/index.xml
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/AccountService/Accounts/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/AccountService/Accounts/jane/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/AccountService/Accounts/john/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/AccountService/Accounts/root/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/AccountService/Roles/Admin/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/AccountService/Roles/Operator/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/AccountService/Roles/ReadOnlyUser/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/AccountService/Roles/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/AccountService/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Chassis/A33/Power/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Chassis/A33/Thermal/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Chassis/A33/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Chassis/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Managers/bmc/EthernetInterfaces/eth0/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Managers/bmc/EthernetInterfaces/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Managers/bmc/NetworkProtocol/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Managers/bmc/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Managers/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Registries/BiosAttributeRegistryUefiKeyword.v1_0_0/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Registries/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/SessionService/Sessions/SESSION123456/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/SessionService/Sessions/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/SessionService/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220100SL/Bios/Settings/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220100SL/Bios/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220100SL/LogServices/SEL/Entries/1/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220100SL/LogServices/SEL/Entries/2/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220100SL/LogServices/SEL/Entries/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220100SL/LogServices/SEL/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220100SL/LogServices/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220100SL/Memory/1/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220100SL/Memory/2/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220100SL/Memory/3/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220100SL/Memory/4/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220100SL/Memory/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220100SL/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220101SL/Bios/Settings/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220101SL/Bios/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220101SL/BootOptions/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220101SL/LogServices/SEL/Entries/1/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220101SL/LogServices/SEL/Entries/2/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220101SL/LogServices/SEL/Entries/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220101SL/LogServices/SEL/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220101SL/LogServices/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220101SL/Memory/_backup/1/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220101SL/Memory/_backup/2/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220101SL/Memory/_backup/3/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220101SL/Memory/_backup/4/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220101SL/Memory/_backup/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220101SL/Memory/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220101SL/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220102SL/Bios/Settings/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220102SL/Bios/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220102SL/LogServices/SEL/Entries/1/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220102SL/LogServices/SEL/Entries/2/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220102SL/LogServices/SEL/Entries/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220102SL/LogServices/SEL/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220102SL/LogServices/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220102SL/Memory/1/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220102SL/Memory/2/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220102SL/Memory/3/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220102SL/Memory/4/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220102SL/Memory/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/2M220102SL/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/Systems/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/MockupData/SimpleOcpServerV1/redfish/v1/odata/index.json
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/redfishProfileSimulator.py
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/requirements.txt
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/__init__.py
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/accountService.py
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/chassis.py
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/common_services.py
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/flask_redfish_auth.py
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/managers.py
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/network.py
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/redfishURIs.py
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/registry.py
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/resource.py
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/security.py
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/serviceRoot.py
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/serviceVersions.py
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/sessionService.py
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/storage.py
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/systems.py
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/updateService.py

--
2.17.1


[staging/edk2-redfish-client Tools PATCH 4/6] RedfishClientPkg/Redfish-Profile-Simulator: HTTP methods on Memory Collection

Abner Chang
 

Add POST and PATCH methods on Memory collection and resource.

Signed-off-by: Abner Chang <abner.chang@hpe.com>
Cc: Nickle Wang <nickle.wang@hpe.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
---
.../v1sim/redfishURIs.py | 25 +++++++++++
.../v1sim/systems.py | 43 +++++++++++++++++++
2 files changed, 68 insertions(+)

diff --git a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/redfishURIs.py b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/redfishURIs.py
index 3c912f7ce1..35d3794cc6 100644
--- a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/redfishURIs.py
+++ b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/redfishURIs.py
@@ -1,6 +1,7 @@
#
# Copyright Notice:
# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+# (C) Copyright 2021 Hewlett Packard Enterprise Development LP<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
# Copyright Notice:
@@ -308,6 +309,30 @@ def rfApi_SimpleServer(root, versions, host="127.0.0.1", port=5000, cert="", key
else:
return err_string, status_code

+ @app.route("/redfish/v1/Systems/<string:system_id>/Memory", methods=['POST'])
+ @auth.rfAuthRequired
+ def rf_computer_memory_post(system_id):
+ print ("in POST memory collection")
+ rdata = json.loads(request.data,object_pairs_hook=OrderedDict)
+ print("rdata:{}".format(rdata))
+ rc, status_code, err_string, resp = root.components['Systems'].get_element(system_id).components['Memory'].post_resource(rdata)
+ if rc == 0:
+ return resp, status_code
+ else:
+ return err_string, status_code
+
+ @app.route("/redfish/v1/Systems/<string:system_id>/Memory/<string:MemoryIdx>", methods=['PATCH'])
+ @auth.rfAuthRequired
+ def rf_computer_memory_patch(system_id, MemoryIdx):
+ print ("in PATCH memory[%s] resource" % MemoryIdx)
+ rdata = json.loads(request.data,object_pairs_hook=OrderedDict)
+ print("rdata:{}".format(rdata))
+ rc, status_code, err_string, resp = root.components['Systems'].get_element(system_id).components['Memory'].patch_memory(MemoryIdx, rdata)
+ if rc == 0:
+ return resp, status_code
+ else:
+ return err_string, status_code
+
def resolve_path(service, path):
parts = path.split('/')
result = service
diff --git a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/systems.py b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/systems.py
index b8b3788054..690101fb10 100644
--- a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/systems.py
+++ b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/systems.py
@@ -2,6 +2,7 @@
# Copyright Notice:
#
# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+# (C) Copyright 2021 Hewlett Packard Enterprise Development LP<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
# Copyright Notice:
@@ -123,9 +124,50 @@ class RfSystemObj(RfResource):

# subclass Logs Collection
class RfMemoryCollection(RfCollection):
+ def final_init_processing(self, base_path, rel_path):
+ self.maxIdx = self.res_data["Members@odata.count"]
+
def element_type(self):
return RfMemory

+ def post_resource(self, post_data):
+ print("Members@odata.count:{}".format(self.res_data["Members@odata.count"]))
+ print("Members:{}".format(self.res_data["Members"]))
+ print("post_data:{}".format(post_data))
+
+ self.res_data["Members@odata.count"] = self.res_data["Members@odata.count"] + 1
+ self.maxIdx = self.maxIdx + 1
+ newMemoryIdx = self.maxIdx
+ newMemoryUrl = self.res_data["@odata.id"] + "/" + str(newMemoryIdx)
+ self.res_data["Members"].append({"@odata.id":newMemoryUrl})
+
+ post_data["@odata.id"] = newMemoryUrl
+ self.elements[str(newMemoryIdx)] = post_data
+
+ resp = flask.Response(json.dumps(post_data,indent=4))
+ resp.headers["Location"] = newMemoryUrl
+ return 0, 200, None, resp
+
+ def patch_memory(self, Idx, patch_data):
+ self.elements[str(Idx)] = {**self.elements[str(Idx)], **patch_data}
+ resp = flask.Response(json.dumps(self.elements[str(Idx)],indent=4))
+ return 0, 200, None, resp
+
+ def get_memory(self, Idx):
+ return json.dumps(self.elements[Idx],indent=4)
+
+ def delete_memory(self, Idx):
+ print("in delete_memory")
+
+ resp = flask.Response(json.dumps(self.elements[Idx],indent=4))
+
+ self.elements.pop(Idx)
+ self.res_data["Members@odata.count"] = self.res_data["Members@odata.count"] - 1
+
+ newMemoryUrl = self.res_data["@odata.id"] + "/" + str(Idx)
+ self.res_data["Members"].remove({"@odata.id":newMemoryUrl})
+ return 0, 200, None, resp
+

class RfMemory(RfResource):
pass
@@ -267,3 +309,4 @@ class RfBootOptionCollection(RfCollection):
return 0, 200, None, resp

class RfBootOption(RfResource):
+ pass
--
2.17.1


[staging/edk2-redfish-client Tools PATCH 3/6] RedfishClientPkg/Redfish-Profile-Simulator: Add more features

Abner Chang
 

- Add HTTPs support
- Add ETAG support
- Change default credential to admin/pwd123456
- Add HTTP methods on BIOS managed resource.

Signed-off-by: Abner Chang <abner.chang@hpe.com>
Cc: Nickle Wang <nickle.wang@hpe.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
---
.../redfishProfileSimulator.py | 92 ++++++++--
.../v1sim/redfishURIs.py | 161 ++++++++++++------
.../v1sim/registry.py | 14 ++
.../v1sim/resource.py | 27 ++-
.../v1sim/systems.py | 85 ++++++++-
5 files changed, 311 insertions(+), 68 deletions(-)
create mode 100644 RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/registry.py

diff --git a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/redfishProfileSimulator.py b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/redfishProfileSimulator.py
index 24be52bafc..91c792a2b7 100644
--- a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/redfishProfileSimulator.py
+++ b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/redfishProfileSimulator.py
@@ -1,4 +1,9 @@
# Copyright Notice:
+#
+# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# Copyright Notice:
# Copyright 2016 Distributed Management Task Force, Inc. All rights reserved.
# License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/Redfish-Profile-Simulator/blob/master/LICENSE.md

@@ -9,13 +14,16 @@
import sys
import getopt
import os
+import functools
+import flask
+import werkzeug

rfVersion = "0.9.6"
rfProgram1 = "redfishProfileSimulator"
rfProgram2 = " "
rfUsage1 = "[-Vh] [--Version][--help]"
-rfUsage2 = "[-H<hostIP>] [-P<port>] [-p<profile_path>]"
-rfUsage3 = "[--Host=<hostIP>] [--Port=<port>] [--profile_path=<profile_path>]"
+rfUsage2 = "[-H<hostIP>] [-P<port>] [-C<cert>] [-K<key>] [-p<profile_path>]"
+rfUsage3 = "[--Host=<hostIP>] [--Port=<port>] [--Cert=<cert>] [--Key=<key>] [--profile_path=<profile_path>]"


def rf_usage():
@@ -27,18 +35,19 @@ def rf_usage():

def rf_help():
print(rfProgram1,"implements a simulation of a redfish service for the \"Simple OCP Server V1\" Mockup.")
- print(" The simulation includes an http server, RestEngine, and dynamic Redfish datamodel.")
+ print(" The simulation includes an http/https server, RestEngine, and dynamic Redfish datamodel.")
print(" You can GET, PATHCH,... to the service just like a real Redfish service.")
print(" Both Basic and Redfish Session/Token authentication is supported (for a single user/passwd and token")
print(" the user/passwd is: root/password123456. The authToken is: 123456SESSIONauthcode")
print(" these can be changed by editing the redfishURIs.py file. will make dynamic later.")
- print(" The http service and Rest engine is built on Flask, and all code is Python 3.4+")
+ print(" The http/https service and Rest engine is built on Flask, and all code is Python 3.4+")
print(" The data model resources are \"initialized\" from the SPMF \"SimpleOcpServerV1\" Mockup.")
print(" and stored as python dictionaries--then the dictionaries are updated with patches, posts, deletes.")
print(" The program can be extended to support other mockup \"profiles\".")
print("")
- print(" By default, the simulation runs on localhost (127.0.0.1), on port 5000.")
- print(" These can be changed with CLI options: -P<port> -H <hostIP> | --port=<port> --host=<hostIp>")
+ print(" By default, the simulation runs over http, on localhost (127.0.0.1), on port 5000.")
+ print(" These can be changed with CLI options: -P<port> -C<cert> -K<key> -H <hostIP> | --port=<port> --Cert=<cert> --Key=<key> --host=<hostIp>")
+ print(" -C<cert> -K<key> | --Cert=<cert> --Key=<key> options must be used together with port 443 to enable https session.")
print("")
print("Version: ", rfVersion)
rf_usage()
@@ -47,19 +56,69 @@ def rf_help():
print(" -h, --help, --- help")
print(" -H<hostIP>, --Host=<hostIp> --- host IP address. dflt=127.0.0.1")
print(" -P<port>, --Port=<port> --- the port to use. dflt=5000")
+ print(" -C<cert>, --Cert=<cert> --- Server certificate.")
+ print(" -K<key>, --Key=<key> --- Server key.")
print(" -p<profile_path>, --profile=<profile_path> --- the path to the Redfish profile to use. "
"dflt=\"./MockupData/SimpleOcpServerV1\" ")

+# Conditional Requests with ETags
+# http://flask.pocoo.org/snippets/95/
+def conditional(func):
+ '''Start conditional method execution for this resource'''
+ @functools.wraps(func)
+ def wrapper(*args, **kwargs):
+ flask.g.condtnl_etags_start = True
+ return func(*args, **kwargs)
+ return wrapper
+
+class NotModified(werkzeug.exceptions.HTTPException):
+ code = 304
+ def get_response(self, environment):
+ return flask.Response(status=304)
+
+class PreconditionRequired(werkzeug.exceptions.HTTPException):
+ code = 428
+ description = ('<p>This request is required to be '
+ 'conditional; try using "If-Match".')
+ name = 'Precondition Required'
+ def get_response(self, environment):
+ resp = super(PreconditionRequired,
+ self).get_response(environment)
+ resp.status = str(self.code) + ' ' + self.name.upper()
+ return resp

def main(argv):
+ #Monkey patch the set_etag() method for conditional request.
+ _old_set_etag = werkzeug.ETagResponseMixin.set_etag
+ @functools.wraps(werkzeug.ETagResponseMixin.set_etag)
+ def _new_set_etag(self, etag, weak=False):
+ # only check the first time through; when called twice
+ # we're modifying
+ if (hasattr(flask.g, 'condtnl_etags_start') and
+ flask.g.condtnl_etags_start):
+ if flask.request.method in ('PUT', 'DELETE', 'PATCH'):
+ if not flask.request.if_match:
+ raise PreconditionRequired
+ if etag not in flask.request.if_match:
+ flask.abort(412)
+ elif (flask.request.method == 'GET' and
+ flask.request.if_none_match and
+ etag in flask.request.if_none_match):
+ raise NotModified
+ flask.g.condtnl_etags_start = False
+ _old_set_etag(self, etag, weak)
+ werkzeug.ETagResponseMixin.set_etag = _new_set_etag
+
# set default option args
rf_profile_path = os.path.abspath("./MockupData/SimpleOcpServerV1")
- rf_host = "127.0.0.1"
+ rf_host = "0.0.0.0"
rf_port = 5000
+ rf_cert =""
+ rf_key=""

try:
- opts, args = getopt.getopt(argv[1:], "VhH:P:p:",
- ["Version", "help", "Host=", "Port=", "profile="])
+ opts, args = getopt.getopt(argv[1:], "VhH:P:C:K:p:",
+ ["Version", "help", "Host=", "Port=", "Cert=", "Key=", "profile="])
except getopt.GetoptError:
print(rfProgram1, ": Error parsing options")
rf_usage()
@@ -77,11 +136,24 @@ def main(argv):
rf_host = arg
elif opt in "--Port=":
rf_port=int(arg)
+ elif opt in "--Cert=":
+ rf_cert=arg
+ elif opt in "--Key=":
+ rf_key=arg
else:
print(" ", rfProgram1, ": Error: unsupported option")
rf_usage()
sys.exit(2)

+ if rf_port == 443:
+ if rf_cert == "" or rf_key == "":
+ print(" ", rfProgram1, ": Error: port 443 must be used together with -C<cert> and -K<key> to enable https session")
+ sys.exit(2)
+ else:
+ if rf_cert != "" or rf_key != "":
+ print(" ", rfProgram1, ": Error: -C<cert> and -K<key> options must be used together with port 443 to enable https session")
+ sys.exit(2)
+
print("{} Version: {}".format(rfProgram1,rfVersion))
print(" Starting redfishProfileSimulator at: hostIP={}, port={}".format(rf_host, rf_port))
print(" Using Profile at {}".format(rf_profile_path))
@@ -102,7 +174,7 @@ def main(argv):
root = RfServiceRoot(rf_profile_path, root_path)

# start the flask REST API service
- rfApi_SimpleServer(root, versions, host=rf_host, port=rf_port)
+ rfApi_SimpleServer(root, versions, host=rf_host, port=rf_port, cert=rf_cert, key=rf_key)
else:
print("invalid profile path")

diff --git a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/redfishURIs.py b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/redfishURIs.py
index 2380a4058a..3c912f7ce1 100644
--- a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/redfishURIs.py
+++ b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/redfishURIs.py
@@ -1,17 +1,23 @@
+#
+# Copyright Notice:
+# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
# Copyright Notice:
# Copyright 2016 Distributed Management Task Force, Inc. All rights reserved.
# License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/Redfish-Profile-Simulator/blob/master/LICENSE.md

import json
+from collections import OrderedDict

from flask import Flask
from flask import request

from .flask_redfish_auth import RfHTTPBasicOrTokenAuth
-from .resource import RfResource, RfResourceRaw, RfCollection

+from werkzeug.serving import WSGIRequestHandler

-def rfApi_SimpleServer(root, versions, host="127.0.0.1", port=5000):
+def rfApi_SimpleServer(root, versions, host="127.0.0.1", port=5000, cert="", key=""):
app = Flask(__name__)

# create auth class that does basic or redifish session auth
@@ -21,8 +27,8 @@ def rfApi_SimpleServer(root, versions, host="127.0.0.1", port=5000):
# for basic auth, we only support user=catfish, passwd=hunter
@auth.verify_basic_password
def verify_rf_passwd(user, passwd):
- if user == "root":
- if passwd == "password123456":
+ if user == "admin":
+ if passwd == "pwd123456":
return True
return False

@@ -43,13 +49,13 @@ def rfApi_SimpleServer(root, versions, host="127.0.0.1", port=5000):

# GET /redfish
@app.route("/redfish", methods=['GET'])
- @app.route("/redfish/", methods=['GET'])
+ #@app.route("/redfish/", methods=['GET'])
def rf_versions():
return versions.get_resource()

# GET /redfish/v1
@app.route("/redfish/v1", methods=['GET'])
- @app.route("/redfish/v1/", methods=['GET'])
+ #@app.route("/redfish/v1/", methods=['GET'])
def rf_service_root():
return root.get_resource()

@@ -65,8 +71,9 @@ def rfApi_SimpleServer(root, versions, host="127.0.0.1", port=5000):
return resolve_path(root, rf_path)

@app.route("/redfish/v1/<path:rf_path>", methods=['GET'])
- @app.route("/redfish/v1/<path:rf_path>/", methods=['GET'])
+ #@app.route("/redfish/v1/<path:rf_path>/", methods=['GET'])
@auth.rfAuthRequired
+ @conditional
def rf_subsystems(rf_path):
return resolve_path(root, rf_path)

@@ -78,135 +85,189 @@ def rfApi_SimpleServer(root, versions, host="127.0.0.1", port=5000):
return root.get_resource()

@app.route("/redfish/v1/Systems/<path:sys_path>", methods=['PATCH'])
- @app.route("/redfish/v1/Systems/<path:sys_path>/", methods=['PATCH'])
+ #@app.route("/redfish/v1/Systems/<path:sys_path>/", methods=['PATCH'])
@auth.rfAuthRequired
def rf_computer_systempatch(sys_path):
- rdata = request.get_json(cache=True)
+ rdata = json.loads(request.data,object_pairs_hook=OrderedDict)
print("rdata:{}".format(rdata))
- obj = patch_path(root.systems, sys_path)
+ obj = patch_path(root.components['Systems'], sys_path)
rc, status_code, err_string, resp = obj.patch_resource(rdata)
if rc == 0:
- return "", status_code
+ return resp, status_code
+ else:
+ return err_string, status_code
+
+ @app.route("/redfish/v1/Systems/<string:system_id>/BootOptions/<string:bootOptIdx>", methods=['GET'])
+ @auth.rfAuthRequired
+ def rf_computer_bootoptions_get(system_id, bootOptIdx):
+ return root.components['Systems'].get_element(system_id).components['BootOptions'].get_bootOpt(bootOptIdx)
+
+ @app.route("/redfish/v1/Systems/<string:system_id>/BootOptions/<string:bootOptIdx>", methods=['DELETE'])
+ @auth.rfAuthRequired
+ def rf_computer_bootoptions_del(system_id, bootOptIdx):
+ print("in rf_computer_bootoptions_del")
+ rc, status_code, err_string, resp = root.components['Systems'].get_element(system_id).components['BootOptions'].delete_bootOpt(bootOptIdx)
+ if rc == 0:
+ return resp, status_code
+ else:
+ return err_string, status_code
+
+ @app.route("/redfish/v1/Systems/<string:system_id>/BootOptions/<string:bootOptIdx>", methods=['PATCH'])
+ @auth.rfAuthRequired
+ def rf_computer_bootoption_patch(system_id, bootOptIdx):
+ print ("in POST boot options")
+ rdata = json.loads(request.data,object_pairs_hook=OrderedDict)
+ print("rdata:{}".format(rdata))
+ rc, status_code, err_string, resp = root.components['Systems'].get_element(system_id).components['BootOptions'].patch_bootOpt(bootOptIdx, rdata)
+ if rc == 0:
+ return resp, status_code
+ else:
+ return err_string, status_code
+
+ @app.route("/redfish/v1/Systems/<string:system_id>/BootOptions", methods=['POST'])
+ @auth.rfAuthRequired
+ def rf_computer_bootoptions_post(system_id):
+ print ("in POST boot options")
+ rdata = json.loads(request.data,object_pairs_hook=OrderedDict)
+ print("rdata:{}".format(rdata))
+ rc, status_code, err_string, resp = root.components['Systems'].get_element(system_id).components['BootOptions'].post_resource(rdata)
+ if rc == 0:
+ return resp, status_code
else:
return err_string, status_code

@app.route("/redfish/v1/Systems/<string:system_id>/Actions/ComputerSystem.Reset", methods=['POST'])
- @app.route("/redfish/v1/Systems/<string:system_id>/Actions/ComputerSystem.Reset/", methods=['POST'])
+ #@app.route("/redfish/v1/Systems/<string:system_id>/Actions/ComputerSystem.Reset/", methods=['POST'])
@auth.rfAuthRequired
def rf_computer_systemreset(system_id):
# print("in reset")
- rdata = request.get_json(cache=True)
+ rdata = json.loads(request.data,object_pairs_hook=OrderedDict)
# print("rdata:{}".format(rdata))
rc, status_code, err_string, resp = root.components['Systems'].get_element(system_id).reset_resource(rdata)
if rc == 0:
- return "", status_code
+ return resp, status_code
else:
return err_string, status_code

- @app.route("/redfish/v1/Systems/<string:system_id>/bios/Actions/Bios.ResetBios", methods=['POST'])
- @app.route("/redfish/v1/Systems/<string:system_id>/bios/Actions/Bios.ResetBios/", methods=['POST'])
+ @app.route("/redfish/v1/Systems/<string:system_id>/Bios/Actions/Bios.ResetBios", methods=['POST'])
+ #@app.route("/redfish/v1/Systems/<string:system_id>/Bios/Actions/Bios.ResetBios/", methods=['POST'])
@auth.rfAuthRequired
def rf_computer_biosreset(system_id):
# print("in reset")
- rdata = request.get_json(cache=True)
+ rdata = json.loads(request.data,object_pairs_hook=OrderedDict)
# print("rdata:{}".format(rdata))
system = root.systems.get_element(system_id)
- bios = system.get_component("bios")
+ bios = system.get_component("Bios")
rc, status_code, err_string, resp = bios.reset_resource(rdata)
if rc == 0:
- return "", status_code
+ return resp, status_code
else:
return err_string, status_code

- @app.route("/redfish/v1/Systems/<string:system_id>/bios/Actions/Bios.ChangePassword", methods=['PATCH'])
- @app.route("/redfish/v1/Systems/<string:system_id>/bios/Actions/Bios.ChangePassword/", methods=['PATCH'])
+ @app.route("/redfish/v1/Systems/<string:system_id>/Bios/Actions/Bios.ChangePassword", methods=['PATCH'])
+ #@app.route("/redfish/v1/Systems/<string:system_id>/Bios/Actions/Bios.ChangePassword/", methods=['PATCH'])
@auth.rfAuthRequired
def rf_computer_change_pswd(system_id):
# print("in reset")
- rdata = request.get_json(cache=True)
+ rdata = json.loads(request.data,object_pairs_hook=OrderedDict)
# print("rdata:{}".format(rdata))
system = root.systems.get_element(system_id)
- bios = system.get_component("bios")
+ bios = system.get_component("Bios")
rc, status_code, err_string, resp = bios.change_password(rdata)
if rc == 0:
- return "", status_code
+ return resp, status_code
else:
return err_string, status_code

@app.route("/redfish/v1/Chassis/<string:chassis_id>/Actions/Chassis.Reset", methods=['POST'])
- @app.route("/redfish/v1/Chassis/<string:chassis_id>/Actions/Chassis.Reset/", methods=['POST'])
+ #@app.route("/redfish/v1/Chassis/<string:chassis_id>/Actions/Chassis.Reset/", methods=['POST'])
@auth.rfAuthRequired
def rf_computer_chassisreset(chassis_id):
# print("in reset")
- rdata = request.get_json(cache=True)
+ rdata = json.loads(request.data,object_pairs_hook=OrderedDict)
# print("rdata:{}".format(rdata))
rc, status_code, err_string, resp = root.chassis.get_element(chassis_id).reset_resource(rdata)
if rc == 0:
- return "", status_code
+ return resp, status_code
else:
return err_string, status_code

@app.route("/redfish/v1/Chassis/<string:chassis_id>/Power", methods=['PATCH'])
- @app.route("/redfish/v1/Chassis/<string:chassis_id>/Power/", methods=['PATCH'])
+ #@app.route("/redfish/v1/Chassis/<string:chassis_id>/Power/", methods=['PATCH'])
@auth.rfAuthRequired
def rf_chassis_powerpatch(chassis_id):
# rawdata=request.data
- rdata = request.get_json(cache=True)
+ rdata = json.loads(request.data,object_pairs_hook=OrderedDict)
# print("RRrdata:{}".format(rdata))
rc, status_code, err_string, resp = root.chassis.get_element(chassis_id).power.patch_resource(rdata)
+ if rc == 0:
+ return resp, status_code
+ else:
+ return err_string, status_code
+
+ @app.route("/redfish/v1/Registries/<path:sys_path>", methods=['PATCH'])
+ @auth.rfAuthRequired
+ def rf_registries_patch(sys_path):
+ rdata = json.loads(request.data,object_pairs_hook=OrderedDict)
+ print("rdata:{}".format(rdata))
+ obj = patch_path(root.components['Registries'], sys_path)
+ rc, status_code, err_string, resp = obj.patch_resource(rdata)
if rc == 0:
return "", status_code
else:
return err_string, status_code

@app.route("/redfish/v1/Managers/<string:manager_id>", methods=['PATCH'])
- @app.route("/redfish/v1/Managers/<string:manager_id>/", methods=['PATCH'])
+ #@app.route("/redfish/v1/Managers/<string:manager_id>/", methods=['PATCH'])
@auth.rfAuthRequired
def rf_patch_manager_entity(manager_id):
- rdata = request.get_json(cache=True)
+ rdata = json.loads(request.data,object_pairs_hook=OrderedDict)
# print("RRrdata:{}".format(rdata))
rc, status_code, err_string, resp = root.managers.get_element(manager_id).patch_resource(rdata)
if rc == 0:
- return "", status_code
+ return resp, status_code
else:
return err_string, status_code

# rest/v1/Managers/1
@app.route("/redfish/v1/Managers/<string:manager_id>/Actions/Manager.Reset", methods=['POST'])
- @app.route("/redfish/v1/Managers/<string:manager_id>/Actions/Manager.Reset/", methods=['POST'])
+ #@app.route("/redfish/v1/Managers/<string:manager_id>/Actions/Manager.Reset/", methods=['POST'])
@auth.rfAuthRequired
def rf_reset_manager(manager_id):
- rdata = request.get_json(cache=True)
+ rdata = json.loads(request.data,object_pairs_hook=OrderedDict)
# print("rdata:{}".format(rdata))
rc, status_code, err_string, resp = root.managers.get_element(manager_id).reset_resource(rdata)
if rc == 0:
- return "", status_code
+ return resp, status_code
else:
return err_string, status_code

@app.route("/redfish/v1/Managers/<string:manager_id>/EthernetInterfaces/<string:eth_id>", methods=['PATCH'])
- @app.route("/redfish/v1/Managers/<string:manager_id>/EthernetInterfaces/<string:eth_id>/", methods=['PATCH'])
+ #@app.route("/redfish/v1/Managers/<string:manager_id>/EthernetInterfaces/<string:eth_id>/", methods=['PATCH'])
@auth.rfAuthRequired
def rf_patch_manager_nic_entity(manager_id, eth_id):
resp = root.managers.get_element(manager_id).ethernetColl.get_interface(eth_id).get_resource()
- rdata = request.get_json(cache=True)
+ rdata = json.loads(request.data,object_pairs_hook=OrderedDict)
# print("RRrdata:{}".format(rdata))
ethernet_coll = root.managers.get_element(manager_id).ethernetColl
rc, status_code, err_string, resp = ethernet_coll.get_interface(eth_id).patch_resource(rdata)
if rc == 0:
- return "", status_code
+ return resp, status_code
else:
return err_string, status_code

+ @app.route("/redfish/v1/SessionService", methods=['GET'])
+ def rf_get_session_service():
+ return root.components['SessionService'].get_resource()
+
@app.route("/redfish/v1/SessionService", methods=['PATCH'])
- @app.route("/redfish/v1/SessionService/", methods=['PATCH'])
- @auth.rfAuthRequired
+ #@app.route("/redfish/v1/SessionService/", methods=['PATCH'])
def rf_patch_session_service():
- rdata = request.get_json(cache=True)
+ rdata = json.loads(request.data,object_pairs_hook=OrderedDict)
# print("RRrdata:{}".format(rdata))
rc, status_code, err_string, resp = root.sessionService.patch_resource(rdata)
if rc == 0:
- return "", status_code
+ return resp, status_code
else:
return err_string, status_code

@@ -215,7 +276,7 @@ def rfApi_SimpleServer(root, versions, host="127.0.0.1", port=5000):
@app.route("/redfish/v1/SessionService/Sessions", methods=['POST'])
def rf_login():
print("login")
- rdata = request.get_json(cache=True)
+ rdata = json.loads(request.data,object_pairs_hook=OrderedDict)
print("rdata:{}".format(rdata))
if rdata["UserName"] == "root" and rdata["Password"] == "password123456":
x = {"Id": "SESSION123456"}
@@ -233,17 +294,17 @@ def rfApi_SimpleServer(root, versions, host="127.0.0.1", port=5000):
@auth.rfAuthRequired
def rf_session_logout(session_id):
print("session logout %s" % session_id)
- # rdata=request.get_json(cache=True)
+ # rdata = json.loads(request.data,object_pairs_hook=OrderedDict)
# print("rdata:{}".format(rdata))
return "", 204

@app.route("/redfish/v1/AccountService", methods=['PATCH'])
@auth.rfAuthRequired
def rf_patch_account_service():
- rdata = request.get_json(cache=True)
+ rdata = json.loads(request.data,object_pairs_hook=OrderedDict)
rc, status_code, err_string, resp = root.accountService.patch_resource(rdata)
if rc == 0:
- return "", status_code
+ return resp, status_code
else:
return err_string, status_code

@@ -293,12 +354,14 @@ def rfApi_SimpleServer(root, versions, host="127.0.0.1", port=5000):
'''

# END file redfishURIs
-
# start Flask REST engine running
- app.run(host=host, port=port)

- # never returns
+ if key != "" and cert != "":
+ app.run(host=host, port=port, ssl_context=(cert, key))
+ else:
+ app.run(host=host, port=port)

+ # never returns

'''
reference source links:
diff --git a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/registry.py b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/registry.py
new file mode 100644
index 0000000000..9cfbb30cde
--- /dev/null
+++ b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/registry.py
@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+
+from .resource import RfResource, RfCollection
+
+class RfRegistryCollection(RfCollection):
+ def element_type(self):
+ return RfRegistry
+
+#subclass Bios
+class RfRegistry(RfResource):
+ pass
diff --git a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/resource.py b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/resource.py
index 6fee348064..ca7541f172 100644
--- a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/resource.py
+++ b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/resource.py
@@ -1,6 +1,13 @@
+#
+# Copyright Notice:
+#
+# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
# Copyright Notice:
# Copyright 2016 Distributed Management Task Force, Inc. All rights reserved.
# License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/Redfish-Profile-Simulator/blob/master/LICENSE.md
+#

import json
import os
@@ -23,7 +30,7 @@ class RfResource:
if os.path.exists(indx_file_path):
res_file = open(indx_file_path, "r")
res_rawdata = res_file.read()
- self.res_data = json.loads(res_rawdata)
+ self.res_data = json.loads(res_rawdata,object_pairs_hook=OrderedDict)
self.create_sub_objects(base_path, rel_path)
self.final_init_processing(base_path, rel_path)
else:
@@ -36,7 +43,15 @@ class RfResource:
pass

def get_resource(self):
- return flask.jsonify(self.res_data)
+ self.response=json.dumps(self.res_data,indent=4)
+ try:
+ # SHA1 should generate well-behaved etags
+ response = flask.make_response(self.response)
+ etag = hashlib.sha1(self.response.encode('utf-8')).hexdigest()
+ response.set_etag(etag)
+ return response
+ except KeyError:
+ flask.abort(404)

def get_attribute(self, attribute):
return flask.jsonify(self.res_data[attribute])
@@ -54,6 +69,14 @@ class RfResource:
else:
raise Exception("attribute %s not found" % key)

+ resp = flask.Response(json.dumps(self.res_data,indent=4))
+ return 0, 200, None, resp
+
+ def post_resource(self, post_data):
+ pass
+
+ def delete_resource(self):
+ pass

class RfResourceRaw:
def __init__(self, base_path, rel_path, parent=None):
diff --git a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/systems.py b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/systems.py
index b107f035db..b8b3788054 100644
--- a/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/systems.py
+++ b/RedfishClientPkg/Tools/Redfish-Profile-Simulator/v1sim/systems.py
@@ -1,6 +1,13 @@
+#
+# Copyright Notice:
+#
+# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
# Copyright Notice:
# Copyright 2016 Distributed Management Task Force, Inc. All rights reserved.
# License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/Redfish-Profile-Simulator/blob/master/LICENSE.md
+#

import os

@@ -8,7 +15,9 @@ from .common_services import RfLogServiceCollection
from .network import RfEthernetCollection, RfNetworkInterfaceCollection
from .resource import RfResource, RfCollection
from .storage import RfSimpleStorageCollection, RfSmartStorage
-
+import flask
+import json
+from collections import OrderedDict

class RfSystemsCollection(RfCollection):
def element_type(self):
@@ -48,15 +57,17 @@ class RfSystemObj(RfResource):
self.components[item] = RfUSBDeviceCollection(base_path, os.path.join(rel_path, item), parent=self)
elif item == "USBPorts":
self.components[item] = RfUSBPortCollection(base_path, os.path.join(rel_path, item), parent=self)
+ elif item == "BootOptions":
+ self.components[item] = RfBootOptionCollection(base_path, os.path.join(rel_path, item), parent=self)

def patch_resource(self, patch_data):
# first verify client didn't send us a property we cant patch
for key in patch_data.keys():
- if key != "AssetTag" and key != "IndicatorLED" and key != "Boot":
+ if key != "AssetTag" and key != "IndicatorLED" and key != "Boot" and key != "BiosVersion":
return 4, 400, "Invalid Patch Property Sent", ""
elif key == "Boot":
for prop2 in patch_data["Boot"].keys():
- if prop2 != "BootSourceOverrideEnabled" and prop2 != "BootSourceOverrideTarget":
+ if prop2 != "BootSourceOverrideEnabled" and prop2 != "BootSourceOverrideTarget" and prop2 != "BootNext" and prop2 != "BootOrder":
return 4, 400, "Invalid Patch Property Sent", ""
# now patch the valid properties sent
if "AssetTag" in patch_data:
@@ -64,6 +75,8 @@ class RfSystemObj(RfResource):
self.res_data['AssetTag'] = patch_data['AssetTag']
if "IndicatorLED" in patch_data:
self.res_data['IndicatorLED'] = patch_data['IndicatorLED']
+ if "BiosVersion" in patch_data:
+ self.res_data['BiosVersion'] = patch_data['BiosVersion']
if "Boot" in patch_data:
boot_data = patch_data["Boot"]
if "BootSourceOverrideEnabled" in boot_data:
@@ -80,7 +93,13 @@ class RfSystemObj(RfResource):
self.res_data['Boot']['BootSourceOverrideTarget'] = value
else:
return 4, 400, "Invalid_Value_Specified: BootSourceOverrideTarget", ""
- return 0, 204, None, None
+ if "BootNext" in boot_data:
+ self.res_data['Boot']['BootNext'] = boot_data['BootNext']
+ if "BootOrder" in boot_data:
+ self.res_data['Boot']['BootOrder'] = boot_data['BootOrder']
+
+ resp = flask.Response(json.dumps(self.res_data,indent=4))
+ return 0, 200, None, resp

def reset_resource(self, reset_data):
if "ResetType" in reset_data:
@@ -145,13 +164,17 @@ class RfBiosSettings(RfResource):
def patch_resource(self, patch_data):
if "Attributes" not in patch_data:
return 4, 400, "Invalid Payload. No Attributes found", ""
+ self.res_data["Attributes"] = OrderedDict()
for key in patch_data["Attributes"].keys():
+ print("Check key in patch_data:{}".format(key))
# verify client didn't send us a property we cant patch
- if key not in self.res_data["Attributes"]:
+ if key not in self.parent.res_data["Attributes"]:
+ print("Invalid Patch Property Sent")
return 4, 400, "Invalid Patch Property Sent", ""
else:
- self.parent.res_data["Attributes"][key] = patch_data["Attributes"][key]
- return 0, 204, None, None
+ self.res_data["Attributes"][key] = patch_data["Attributes"][key]
+ resp = flask.Response(json.dumps(self.res_data,indent=4))
+ return 0, 200, None, resp


class RfPCIeDeviceCollection(RfCollection):
@@ -196,3 +219,51 @@ class RfUSBPortCollection(RfCollection):

class RfUSBPort(RfResource):
pass
+
+class RfBootOptionCollection(RfCollection):
+ def final_init_processing(self, base_path, rel_path):
+ self.maxIdx = 0
+ self.bootOptions = {}
+
+ def element_type(self):
+ return RfBootOption
+
+ def post_resource(self, post_data):
+ print("Members@odata.count:{}".format(self.res_data["Members@odata.count"]))
+ print("Members:{}".format(self.res_data["Members"]))
+ print("post_data:{}".format(post_data))
+
+ self.res_data["Members@odata.count"] = self.res_data["Members@odata.count"] + 1
+ self.maxIdx = self.maxIdx + 1
+ newBootOptIdx = self.maxIdx
+ newBootOptUrl = self.res_data["@odata.id"] + "/" + str(newBootOptIdx)
+ self.res_data["Members"].append({"@odata.id":newBootOptUrl})
+
+ post_data["@odata.id"] = newBootOptUrl
+ self.bootOptions[str(newBootOptIdx)] = post_data
+
+ resp = flask.Response(json.dumps(post_data,indent=4))
+ resp.headers["Location"] = newBootOptUrl
+ return 0, 200, None, resp
+
+ def patch_bootOpt(self, Idx, patch_data):
+ self.bootOptions[str(Idx)] = {**self.bootOptions[str(Idx)], **patch_data}
+ resp = flask.Response(json.dumps(self.bootOptions[str(Idx)],indent=4))
+ return 0, 200, None, resp
+
+ def get_bootOpt(self, Idx):
+ return json.dumps(self.bootOptions[Idx],indent=4)
+
+ def delete_bootOpt(self, Idx):
+ print("in delete_bootOpt")
+
+ resp = flask.Response(json.dumps(self.bootOptions[Idx],indent=4))
+
+ self.bootOptions.pop(Idx)
+ self.res_data["Members@odata.count"] = self.res_data["Members@odata.count"] - 1
+
+ bootOptUrl = self.res_data["@odata.id"] + "/" + str(Idx)
+ self.res_data["Members"].remove({"@odata.id":bootOptUrl})
+ return 0, 200, None, resp
+
+class RfBootOption(RfResource):
--
2.17.1

4641 - 4660 of 82648