blob: 52c3e6cefb7a1566efd05cdaaa77051f305f4013 [file] [log] [blame]
Ed Tanous0cd5f782022-04-26 16:09:09 -07001option(
2 'yocto-deps',
3 type: 'feature',
4 value: 'disabled',
5 description: 'Use YOCTO dependencies system'
6)
7
8option(
9 'kvm',
10 type: 'feature',
11 value: 'enabled',
12 description: '''Enable the KVM host video WebSocket. Path is /kvm/0.
13 Video is from the BMCs /dev/videodevice.'''
14)
15
16option(
17 'tests',
18 type: 'feature',
19 value: 'enabled',
20 description: 'Enable Unit tests for bmcweb'
21)
22
23option(
24 'vm-websocket',
25 type: 'feature',
26 value: 'enabled',
27 description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 to
28 open the websocket. See
29 https://github.com/openbmc/jsnbd/blob/master/README.'''
30)
Ed Tanousefb80622021-02-20 11:04:01 -080031
32# if you use this option and are seeing this comment, please comment here:
33# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions
34# for this code. At this point, no daemon has been upstreamed that implements
35# this interface, so for the moment this appears to be dead code; In leiu of
36# removing it, it has been disabled to try to give those that use it the
37# opportunity to upstream their backend implementation
Ed Tanous0cd5f782022-04-26 16:09:09 -070038#option(
39# 'vm-nbdproxy',
40# type: 'feature', value: 'disabled',
41# description: 'Enable the Virtual Media WebSocket.'
42#)
43
44option(
45 'rest',
46 type: 'feature',
47 value: 'disabled',
48 description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map
49 Phosphor D-Bus object paths, for example,
50 /xyz/openbmc_project/logging/entry/enumerate. See
51 https://github.com/openbmc/docs/blob/master/rest-api.md.'''
52)
53
54option(
55 'redfish',
56 type: 'feature',
57 value: 'enabled',
58 description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See
59 https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.'''
60)
61
62option(
63 'host-serial-socket',
64 type: 'feature',
65 value: 'enabled',
66 description: '''Enable host serial console WebSocket. Path is /console0.
67 See https://github.com/openbmc/docs/blob/master/console.md.'''
68)
69
70option(
71 'static-hosting',
72 type: 'feature',
73 value: 'enabled',
74 description: '''Enable serving files from the /usr/share/www directory
75 as paths under /.'''
76)
77
78option(
79 'redfish-bmc-journal',
80 type: 'feature',
Willy Tuf8483672022-05-10 15:08:10 -070081 value: 'enabled',
Ed Tanous0cd5f782022-04-26 16:09:09 -070082 description: '''Enable BMC journal access through Redfish. Paths are under
83 /redfish/v1/Managers/bmc/LogServices/Journal.'''
84)
85
86option(
87 'redfish-cpu-log',
88 type: 'feature',
89 value: 'disabled',
90 description: '''Enable CPU log service transactions through Redfish. Paths
91 are under /redfish/v1/Systems/system/LogServices/Crashdump'.'''
92)
93
94option(
95 'redfish-dump-log',
96 type: 'feature',
97 value: 'disabled',
98 description: '''Enable Dump log service transactions through Redfish. Paths
99 are under /redfish/v1/Systems/system/LogServices/Dump
100 and /redfish/v1/Managers/bmc/LogServices/Dump'''
101)
102
103option(
104 'redfish-dbus-log',
105 type: 'feature',
106 value: 'disabled',
107 description: '''Enable DBUS log service transactions through Redfish. Paths
108 are under
109 /redfish/v1/Systems/system/LogServices/EventLog/Entries'''
110)
111
112option(
113 'redfish-host-logger',
114 type: 'feature',
115 value: 'enabled',
116 description: '''Enable host log service transactions based on
117 phosphor-hostlogger through Redfish. Paths are under
118 /redfish/v1/Systems/system/LogServices/HostLogger'''
119)
120
121option(
122 'redfish-provisioning-feature',
123 type: 'feature',
124 value: 'disabled',
125 description: '''Enable provisioning feature support in redfish. Paths are
126 under /redfish/v1/Systems/system/'''
127)
128
129option(
130 'bmcweb-logging',
131 type: 'feature',
132 value: 'disabled',
133 description: 'Enable output the extended debug logs'
134)
135
136option(
137 'basic-auth',
138 type: 'feature',
139 value: 'enabled',
140 description: 'Enable basic authentication'
141)
142
143option(
144 'session-auth',
145 type: 'feature',
146 value: 'enabled',
147 description: 'Enable session authentication'
148)
149
150option(
151 'xtoken-auth',
152 type: 'feature',
153 value: 'enabled',
154 description: 'Enable xtoken authentication'
155)
156
157option(
158 'cookie-auth',
159 type: 'feature',
160 value: 'enabled',
161 description: 'Enable cookie authentication'
162)
163
164option(
165 'mutual-tls-auth',
166 type: 'feature',
167 value: 'enabled',
168 description: '''Enables authenticating users through TLS client
169 certificates. The insecure-disable-ssl must be disabled for
170 this option to take effect.'''
171)
172
173option(
174 'ibm-management-console',
175 type: 'feature',
176 value: 'disabled',
177 description: '''Enable the IBM management console specific functionality.
178 Paths are under /ibm/v1/'''
179)
180
181option(
182 'google-api',
183 type: 'feature',
184 value: 'disabled',
185 description: '''Enable the Google specific functionality. Paths are under
186 /google/v1/'''
187)
188
189option(
190 'http-body-limit',
191 type: 'integer',
192 min: 0,
193 max: 512,
194 value: 30,
195 description: 'Specifies the http request body length limit'
196)
197
198option(
199 'redfish-new-powersubsystem-thermalsubsystem',
200 type: 'feature',
201 value: 'disabled',
202 description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem,
203 and all children schemas. This includes displaying all
204 sensors in the SensorCollection. At a later date, this
205 feature will be defaulted to enabled.'''
206)
207
208option(
209 'redfish-allow-deprecated-power-thermal',
210 type: 'feature',
211 value: 'enabled',
212 description: '''Enable/disable the old Power / Thermal. The default
213 condition is allowing the old Power / Thermal.'''
214)
215
216option(
Ed Tanous4dc23f32022-05-11 11:32:19 -0700217 'redfish-post-to-old-updateservice',
218 type: 'feature',
219 value: 'enabled',
220 description: '''Allows POST to /redfish/v1/UpdateService, counter to
221 the redfish specification. Option provided to allow
222 potential users to move away from using this endpoint.
223 Option will be removed Q4 2022.'''
224)
225
Ed Tanous4dc23f32022-05-11 11:32:19 -0700226option(
Gunnar Mills54dce7f2022-08-05 17:01:32 +0000227 'redfish-oem-manager-fan-data',
228 type: 'feature',
229 value: 'enabled',
230 description: '''Enables Redfish OEM fan data on the manager resource.
231 This includes PID and Stepwise controller data. See
232 OemManager schema for more detail.'''
233)
234
235option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700236 'https_port',
237 type: 'integer',
238 min: 1,
239 max: 65535,
240 value: 443,
241 description: 'HTTPS Port number.'
242)
Manojkiran Edaaf6298d2020-05-27 08:51:32 +0530243
Carson Labrado7fb33562022-04-18 23:26:56 +0000244option(
245 'redfish-aggregation',
246 type: 'feature',
247 value: 'disabled',
248 description: 'Allows this BMC to aggregate resources from satellite BMCs'
249)
250
Manojkiran Edaaf6298d2020-05-27 08:51:32 +0530251# Insecure options. Every option that starts with a `insecure` flag should
252# not be enabled by default for any platform, unless the author fully comprehends
253# the implications of doing so.In general, enabling these options will cause security
254# problems of varying degrees
255
Ed Tanous0cd5f782022-04-26 16:09:09 -0700256option(
257 'insecure-disable-csrf',
258 type: 'feature',
259 value: 'disabled',
260 description: '''Disable CSRF prevention checks.Should be set to false for
261 production systems.'''
262)
263
264option(
265 'insecure-disable-ssl',
266 type: 'feature',
267 value: 'disabled',
268 description: '''Disable SSL ports. Should be set to false for production
269 systems.'''
270)
271
272option(
273 'insecure-disable-auth',
274 type: 'feature',
275 value: 'disabled',
Nan Zhoua43ea822022-05-27 00:42:44 +0000276 description: '''Disable authentication and authoriztion on all ports.
277 Should be set to false for production systems.'''
Ed Tanous0cd5f782022-04-26 16:09:09 -0700278)
279
280option(
281 'insecure-disable-xss',
282 type: 'feature',
283 value: 'disabled',
284 description: 'Disable XSS preventions'
285)
286
287option(
288 'insecure-tftp-update',
289 type: 'feature',
290 value: 'disabled',
291 description: '''Enable TFTP based firmware update transactions through
292 Redfish UpdateService. SimpleUpdate.'''
293)
294
295option(
Ed Tanous1aa0c2b2022-02-08 12:24:30 +0100296 'insecure-ignore-content-type',
297 type: 'feature',
298 value: 'enabled',
299 description: '''Allows parsing PUT/POST/PATCH content as JSON regardless
300 of the presence of the content-type header. Enabling this
301 conflicts with the input parsing guidelines, but may be
302 required to support old clients that may not set the
303 Content-Type header on payloads.'''
304)
305
306option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700307 'insecure-push-style-notification',
308 type: 'feature',
309 value: 'disabled',
310 description: 'Enable HTTP push style eventing feature'
311)
312
313option(
314 'insecure-enable-redfish-query',
315 type: 'feature',
316 value: 'disabled',
317 description: '''Enables Redfish expand query parameter. This feature is
318 experimental, and has not been tested against the full
319 limits of user-facing behavior. It is not recommended to
320 enable on production systems at this time. Other query
321 parameters such as only are not controlled by this option.'''
322)