blob: 26fdecf2d41e13d968b683bf51f7be3e97466fcf [file] [log] [blame]
Ed Tanous0cd5f782022-04-26 16:09:09 -07001option(
2 'yocto-deps',
3 type: 'feature',
4 value: 'disabled',
5 description: 'Use YOCTO dependencies system'
6)
7
8option(
9 'kvm',
10 type: 'feature',
11 value: 'enabled',
12 description: '''Enable the KVM host video WebSocket. Path is /kvm/0.
13 Video is from the BMCs /dev/videodevice.'''
14)
15
16option(
17 'tests',
18 type: 'feature',
19 value: 'enabled',
20 description: 'Enable Unit tests for bmcweb'
21)
22
23option(
24 'vm-websocket',
25 type: 'feature',
26 value: 'enabled',
27 description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 to
28 open the websocket. See
29 https://github.com/openbmc/jsnbd/blob/master/README.'''
30)
Ed Tanousefb80622021-02-20 11:04:01 -080031
32# if you use this option and are seeing this comment, please comment here:
33# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions
34# for this code. At this point, no daemon has been upstreamed that implements
35# this interface, so for the moment this appears to be dead code; In leiu of
36# removing it, it has been disabled to try to give those that use it the
37# opportunity to upstream their backend implementation
Ed Tanous0cd5f782022-04-26 16:09:09 -070038#option(
39# 'vm-nbdproxy',
40# type: 'feature', value: 'disabled',
41# description: 'Enable the Virtual Media WebSocket.'
42#)
43
44option(
45 'rest',
46 type: 'feature',
47 value: 'disabled',
48 description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map
49 Phosphor D-Bus object paths, for example,
50 /xyz/openbmc_project/logging/entry/enumerate. See
51 https://github.com/openbmc/docs/blob/master/rest-api.md.'''
52)
53
54option(
55 'redfish',
56 type: 'feature',
57 value: 'enabled',
58 description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See
59 https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.'''
60)
61
62option(
63 'host-serial-socket',
64 type: 'feature',
65 value: 'enabled',
66 description: '''Enable host serial console WebSocket. Path is /console0.
67 See https://github.com/openbmc/docs/blob/master/console.md.'''
68)
69
70option(
71 'static-hosting',
72 type: 'feature',
73 value: 'enabled',
74 description: '''Enable serving files from the /usr/share/www directory
75 as paths under /.'''
76)
77
78option(
79 'redfish-bmc-journal',
80 type: 'feature',
Willy Tuf8483672022-05-10 15:08:10 -070081 value: 'enabled',
Ed Tanous0cd5f782022-04-26 16:09:09 -070082 description: '''Enable BMC journal access through Redfish. Paths are under
83 /redfish/v1/Managers/bmc/LogServices/Journal.'''
84)
85
86option(
87 'redfish-cpu-log',
88 type: 'feature',
89 value: 'disabled',
90 description: '''Enable CPU log service transactions through Redfish. Paths
91 are under /redfish/v1/Systems/system/LogServices/Crashdump'.'''
92)
93
94option(
95 'redfish-dump-log',
96 type: 'feature',
97 value: 'disabled',
98 description: '''Enable Dump log service transactions through Redfish. Paths
99 are under /redfish/v1/Systems/system/LogServices/Dump
100 and /redfish/v1/Managers/bmc/LogServices/Dump'''
101)
102
103option(
104 'redfish-dbus-log',
105 type: 'feature',
106 value: 'disabled',
107 description: '''Enable DBUS log service transactions through Redfish. Paths
108 are under
109 /redfish/v1/Systems/system/LogServices/EventLog/Entries'''
110)
111
112option(
113 'redfish-host-logger',
114 type: 'feature',
115 value: 'enabled',
116 description: '''Enable host log service transactions based on
117 phosphor-hostlogger through Redfish. Paths are under
118 /redfish/v1/Systems/system/LogServices/HostLogger'''
119)
120
121option(
Ninad Palsule5fd0aaf2023-04-20 15:11:21 -0500122 'redfish-enable-proccessor-memory-status',
123 type: 'feature',
124 value: 'disabled',
125 description: '''Enable/disable the deprecated processor and memory summary
126 status. The default condition is disabling the processor
127 and memory summary status. This option will be removed in
128 1Q 2024.'''
129)
130
131option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700132 'redfish-provisioning-feature',
133 type: 'feature',
134 value: 'disabled',
135 description: '''Enable provisioning feature support in redfish. Paths are
136 under /redfish/v1/Systems/system/'''
137)
138
139option(
140 'bmcweb-logging',
Myung Bae662aa6e2023-01-10 14:20:28 -0600141 type: 'combo',
142 choices : [ 'disabled', 'enabled', 'debug', 'info', 'warning', 'error', 'critical' ],
Ed Tanous0cd5f782022-04-26 16:09:09 -0700143 value: 'disabled',
Myung Bae662aa6e2023-01-10 14:20:28 -0600144 description: '''Enable output the extended logging level.
145 - disabled: disable bmcweb log traces.
146 - enabled: treated as 'debug'
147 - For the other logging level option, see DEVELOPING.md.'''
Ed Tanous0cd5f782022-04-26 16:09:09 -0700148)
149
150option(
151 'basic-auth',
152 type: 'feature',
153 value: 'enabled',
154 description: 'Enable basic authentication'
155)
156
157option(
158 'session-auth',
159 type: 'feature',
160 value: 'enabled',
161 description: 'Enable session authentication'
162)
163
164option(
165 'xtoken-auth',
166 type: 'feature',
167 value: 'enabled',
168 description: 'Enable xtoken authentication'
169)
170
171option(
172 'cookie-auth',
173 type: 'feature',
174 value: 'enabled',
175 description: 'Enable cookie authentication'
176)
177
178option(
179 'mutual-tls-auth',
180 type: 'feature',
181 value: 'enabled',
182 description: '''Enables authenticating users through TLS client
183 certificates. The insecure-disable-ssl must be disabled for
184 this option to take effect.'''
185)
186
187option(
188 'ibm-management-console',
189 type: 'feature',
190 value: 'disabled',
191 description: '''Enable the IBM management console specific functionality.
192 Paths are under /ibm/v1/'''
193)
194
195option(
196 'google-api',
197 type: 'feature',
198 value: 'disabled',
199 description: '''Enable the Google specific functionality. Paths are under
200 /google/v1/'''
201)
202
203option(
204 'http-body-limit',
205 type: 'integer',
206 min: 0,
207 max: 512,
208 value: 30,
209 description: 'Specifies the http request body length limit'
210)
211
212option(
213 'redfish-new-powersubsystem-thermalsubsystem',
214 type: 'feature',
215 value: 'disabled',
216 description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem,
217 and all children schemas. This includes displaying all
218 sensors in the SensorCollection. At a later date, this
219 feature will be defaulted to enabled.'''
220)
221
222option(
223 'redfish-allow-deprecated-power-thermal',
224 type: 'feature',
225 value: 'enabled',
226 description: '''Enable/disable the old Power / Thermal. The default
227 condition is allowing the old Power / Thermal.'''
228)
229
230option(
Gunnar Mills54dce7f2022-08-05 17:01:32 +0000231 'redfish-oem-manager-fan-data',
232 type: 'feature',
233 value: 'enabled',
234 description: '''Enables Redfish OEM fan data on the manager resource.
235 This includes PID and Stepwise controller data. See
236 OemManager schema for more detail.'''
237)
238
239option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700240 'https_port',
241 type: 'integer',
242 min: 1,
243 max: 65535,
244 value: 443,
245 description: 'HTTPS Port number.'
246)
Manojkiran Edaaf6298d2020-05-27 08:51:32 +0530247
Carson Labrado7fb33562022-04-18 23:26:56 +0000248option(
Ed Tanousf8ca6d72022-06-28 12:12:03 -0700249 'dns-resolver',
250 type: 'combo',
251 choices: ['systemd-dbus', 'asio'],
252 value: 'systemd-dbus',
253 description: '''Sets which DNS resolver backend should be used.
254 systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus
255 support. asio relies on boost::asio::tcp::resolver, but cannot resolve
256 names when boost threading is disabled.'''
257)
258
259option(
Carson Labrado7fb33562022-04-18 23:26:56 +0000260 'redfish-aggregation',
261 type: 'feature',
262 value: 'disabled',
263 description: 'Allows this BMC to aggregate resources from satellite BMCs'
264)
265
Manojkiran Edaaf6298d2020-05-27 08:51:32 +0530266# Insecure options. Every option that starts with a `insecure` flag should
267# not be enabled by default for any platform, unless the author fully comprehends
268# the implications of doing so.In general, enabling these options will cause security
269# problems of varying degrees
270
Ed Tanous0cd5f782022-04-26 16:09:09 -0700271option(
272 'insecure-disable-csrf',
273 type: 'feature',
274 value: 'disabled',
275 description: '''Disable CSRF prevention checks.Should be set to false for
276 production systems.'''
277)
278
279option(
280 'insecure-disable-ssl',
281 type: 'feature',
282 value: 'disabled',
283 description: '''Disable SSL ports. Should be set to false for production
284 systems.'''
285)
286
287option(
288 'insecure-disable-auth',
289 type: 'feature',
290 value: 'disabled',
Nan Zhoua43ea822022-05-27 00:42:44 +0000291 description: '''Disable authentication and authoriztion on all ports.
292 Should be set to false for production systems.'''
Ed Tanous0cd5f782022-04-26 16:09:09 -0700293)
294
295option(
296 'insecure-disable-xss',
297 type: 'feature',
298 value: 'disabled',
299 description: 'Disable XSS preventions'
300)
301
302option(
303 'insecure-tftp-update',
304 type: 'feature',
305 value: 'disabled',
306 description: '''Enable TFTP based firmware update transactions through
307 Redfish UpdateService. SimpleUpdate.'''
308)
309
310option(
Ed Tanous1aa0c2b2022-02-08 12:24:30 +0100311 'insecure-ignore-content-type',
312 type: 'feature',
313 value: 'enabled',
314 description: '''Allows parsing PUT/POST/PATCH content as JSON regardless
315 of the presence of the content-type header. Enabling this
316 conflicts with the input parsing guidelines, but may be
317 required to support old clients that may not set the
318 Content-Type header on payloads.'''
319)
320
321option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700322 'insecure-push-style-notification',
323 type: 'feature',
324 value: 'disabled',
325 description: 'Enable HTTP push style eventing feature'
326)
327
328option(
329 'insecure-enable-redfish-query',
330 type: 'feature',
331 value: 'disabled',
332 description: '''Enables Redfish expand query parameter. This feature is
333 experimental, and has not been tested against the full
334 limits of user-facing behavior. It is not recommended to
335 enable on production systems at this time. Other query
336 parameters such as only are not controlled by this option.'''
337)
Willy Tu13451e32023-05-24 16:08:18 -0700338
339option(
340 'health-populate',
341 type: 'feature',
342 value: 'enabled',
343 description: '''Enables HealthPopulate and generate the Status property for
344 the resource'''
345)
Ninad Palsule5fd0aaf2023-04-20 15:11:21 -0500346