blob: a32a4a4f992403e8879012a064334ea2282128f1 [file] [log] [blame]
Ed Tanous0cd5f782022-04-26 16:09:09 -07001option(
2 'yocto-deps',
3 type: 'feature',
4 value: 'disabled',
5 description: 'Use YOCTO dependencies system'
6)
7
8option(
9 'kvm',
10 type: 'feature',
11 value: 'enabled',
12 description: '''Enable the KVM host video WebSocket. Path is /kvm/0.
13 Video is from the BMCs /dev/videodevice.'''
14)
15
16option(
17 'tests',
18 type: 'feature',
19 value: 'enabled',
20 description: 'Enable Unit tests for bmcweb'
21)
22
23option(
24 'vm-websocket',
25 type: 'feature',
26 value: 'enabled',
27 description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 to
28 open the websocket. See
29 https://github.com/openbmc/jsnbd/blob/master/README.'''
30)
Ed Tanousefb80622021-02-20 11:04:01 -080031
32# if you use this option and are seeing this comment, please comment here:
33# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions
34# for this code. At this point, no daemon has been upstreamed that implements
35# this interface, so for the moment this appears to be dead code; In leiu of
36# removing it, it has been disabled to try to give those that use it the
37# opportunity to upstream their backend implementation
Ed Tanous0cd5f782022-04-26 16:09:09 -070038#option(
39# 'vm-nbdproxy',
40# type: 'feature', value: 'disabled',
41# description: 'Enable the Virtual Media WebSocket.'
42#)
43
44option(
45 'rest',
46 type: 'feature',
47 value: 'disabled',
48 description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map
49 Phosphor D-Bus object paths, for example,
50 /xyz/openbmc_project/logging/entry/enumerate. See
51 https://github.com/openbmc/docs/blob/master/rest-api.md.'''
52)
53
54option(
55 'redfish',
56 type: 'feature',
57 value: 'enabled',
58 description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See
59 https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.'''
60)
61
62option(
63 'host-serial-socket',
64 type: 'feature',
65 value: 'enabled',
66 description: '''Enable host serial console WebSocket. Path is /console0.
67 See https://github.com/openbmc/docs/blob/master/console.md.'''
68)
69
70option(
71 'static-hosting',
72 type: 'feature',
73 value: 'enabled',
74 description: '''Enable serving files from the /usr/share/www directory
75 as paths under /.'''
76)
77
78option(
79 'redfish-bmc-journal',
80 type: 'feature',
Willy Tuf8483672022-05-10 15:08:10 -070081 value: 'enabled',
Ed Tanous0cd5f782022-04-26 16:09:09 -070082 description: '''Enable BMC journal access through Redfish. Paths are under
83 /redfish/v1/Managers/bmc/LogServices/Journal.'''
84)
85
86option(
87 'redfish-cpu-log',
88 type: 'feature',
89 value: 'disabled',
90 description: '''Enable CPU log service transactions through Redfish. Paths
91 are under /redfish/v1/Systems/system/LogServices/Crashdump'.'''
92)
93
94option(
95 'redfish-dump-log',
96 type: 'feature',
97 value: 'disabled',
98 description: '''Enable Dump log service transactions through Redfish. Paths
99 are under /redfish/v1/Systems/system/LogServices/Dump
100 and /redfish/v1/Managers/bmc/LogServices/Dump'''
101)
102
103option(
104 'redfish-dbus-log',
105 type: 'feature',
106 value: 'disabled',
107 description: '''Enable DBUS log service transactions through Redfish. Paths
108 are under
109 /redfish/v1/Systems/system/LogServices/EventLog/Entries'''
110)
111
112option(
113 'redfish-host-logger',
114 type: 'feature',
115 value: 'enabled',
116 description: '''Enable host log service transactions based on
117 phosphor-hostlogger through Redfish. Paths are under
118 /redfish/v1/Systems/system/LogServices/HostLogger'''
119)
120
121option(
122 'redfish-provisioning-feature',
123 type: 'feature',
124 value: 'disabled',
125 description: '''Enable provisioning feature support in redfish. Paths are
126 under /redfish/v1/Systems/system/'''
127)
128
129option(
130 'bmcweb-logging',
131 type: 'feature',
132 value: 'disabled',
133 description: 'Enable output the extended debug logs'
134)
135
136option(
137 'basic-auth',
138 type: 'feature',
139 value: 'enabled',
140 description: 'Enable basic authentication'
141)
142
143option(
144 'session-auth',
145 type: 'feature',
146 value: 'enabled',
147 description: 'Enable session authentication'
148)
149
150option(
151 'xtoken-auth',
152 type: 'feature',
153 value: 'enabled',
154 description: 'Enable xtoken authentication'
155)
156
157option(
158 'cookie-auth',
159 type: 'feature',
160 value: 'enabled',
161 description: 'Enable cookie authentication'
162)
163
164option(
165 'mutual-tls-auth',
166 type: 'feature',
167 value: 'enabled',
168 description: '''Enables authenticating users through TLS client
169 certificates. The insecure-disable-ssl must be disabled for
170 this option to take effect.'''
171)
172
173option(
174 'ibm-management-console',
175 type: 'feature',
176 value: 'disabled',
177 description: '''Enable the IBM management console specific functionality.
178 Paths are under /ibm/v1/'''
179)
180
181option(
182 'google-api',
183 type: 'feature',
184 value: 'disabled',
185 description: '''Enable the Google specific functionality. Paths are under
186 /google/v1/'''
187)
188
189option(
190 'http-body-limit',
191 type: 'integer',
192 min: 0,
193 max: 512,
194 value: 30,
195 description: 'Specifies the http request body length limit'
196)
197
198option(
199 'redfish-new-powersubsystem-thermalsubsystem',
200 type: 'feature',
201 value: 'disabled',
202 description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem,
203 and all children schemas. This includes displaying all
204 sensors in the SensorCollection. At a later date, this
205 feature will be defaulted to enabled.'''
206)
207
208option(
209 'redfish-allow-deprecated-power-thermal',
210 type: 'feature',
211 value: 'enabled',
212 description: '''Enable/disable the old Power / Thermal. The default
213 condition is allowing the old Power / Thermal.'''
214)
215
216option(
Ed Tanous4dc23f32022-05-11 11:32:19 -0700217 'redfish-post-to-old-updateservice',
218 type: 'feature',
219 value: 'enabled',
220 description: '''Allows POST to /redfish/v1/UpdateService, counter to
221 the redfish specification. Option provided to allow
222 potential users to move away from using this endpoint.
223 Option will be removed Q4 2022.'''
224)
225
Ed Tanous4dc23f32022-05-11 11:32:19 -0700226option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700227 'https_port',
228 type: 'integer',
229 min: 1,
230 max: 65535,
231 value: 443,
232 description: 'HTTPS Port number.'
233)
Manojkiran Edaaf6298d2020-05-27 08:51:32 +0530234
Carson Labrado7fb33562022-04-18 23:26:56 +0000235option(
236 'redfish-aggregation',
237 type: 'feature',
238 value: 'disabled',
239 description: 'Allows this BMC to aggregate resources from satellite BMCs'
240)
241
Manojkiran Edaaf6298d2020-05-27 08:51:32 +0530242# Insecure options. Every option that starts with a `insecure` flag should
243# not be enabled by default for any platform, unless the author fully comprehends
244# the implications of doing so.In general, enabling these options will cause security
245# problems of varying degrees
246
Ed Tanous0cd5f782022-04-26 16:09:09 -0700247option(
248 'insecure-disable-csrf',
249 type: 'feature',
250 value: 'disabled',
251 description: '''Disable CSRF prevention checks.Should be set to false for
252 production systems.'''
253)
254
255option(
256 'insecure-disable-ssl',
257 type: 'feature',
258 value: 'disabled',
259 description: '''Disable SSL ports. Should be set to false for production
260 systems.'''
261)
262
263option(
264 'insecure-disable-auth',
265 type: 'feature',
266 value: 'disabled',
Nan Zhoua43ea822022-05-27 00:42:44 +0000267 description: '''Disable authentication and authoriztion on all ports.
268 Should be set to false for production systems.'''
Ed Tanous0cd5f782022-04-26 16:09:09 -0700269)
270
271option(
272 'insecure-disable-xss',
273 type: 'feature',
274 value: 'disabled',
275 description: 'Disable XSS preventions'
276)
277
278option(
279 'insecure-tftp-update',
280 type: 'feature',
281 value: 'disabled',
282 description: '''Enable TFTP based firmware update transactions through
283 Redfish UpdateService. SimpleUpdate.'''
284)
285
286option(
287 'insecure-push-style-notification',
288 type: 'feature',
289 value: 'disabled',
290 description: 'Enable HTTP push style eventing feature'
291)
292
293option(
294 'insecure-enable-redfish-query',
295 type: 'feature',
296 value: 'disabled',
297 description: '''Enables Redfish expand query parameter. This feature is
298 experimental, and has not been tested against the full
299 limits of user-facing behavior. It is not recommended to
300 enable on production systems at this time. Other query
301 parameters such as only are not controlled by this option.'''
302)