Ed Tanous | 0cd5f78 | 2022-04-26 16:09:09 -0700 | [diff] [blame] | 1 | option( |
| 2 | 'yocto-deps', |
| 3 | type: 'feature', |
| 4 | value: 'disabled', |
| 5 | description: 'Use YOCTO dependencies system' |
| 6 | ) |
| 7 | |
| 8 | option( |
| 9 | 'kvm', |
| 10 | type: 'feature', |
| 11 | value: 'enabled', |
| 12 | description: '''Enable the KVM host video WebSocket. Path is /kvm/0. |
| 13 | Video is from the BMCs /dev/videodevice.''' |
| 14 | ) |
| 15 | |
| 16 | option( |
| 17 | 'tests', |
| 18 | type: 'feature', |
| 19 | value: 'enabled', |
| 20 | description: 'Enable Unit tests for bmcweb' |
| 21 | ) |
| 22 | |
| 23 | option( |
| 24 | 'vm-websocket', |
| 25 | type: 'feature', |
| 26 | value: 'enabled', |
| 27 | description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 to |
| 28 | open the websocket. See |
| 29 | https://github.com/openbmc/jsnbd/blob/master/README.''' |
| 30 | ) |
Ed Tanous | efb8062 | 2021-02-20 11:04:01 -0800 | [diff] [blame] | 31 | |
| 32 | # if you use this option and are seeing this comment, please comment here: |
| 33 | # https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions |
| 34 | # for this code. At this point, no daemon has been upstreamed that implements |
| 35 | # this interface, so for the moment this appears to be dead code; In leiu of |
| 36 | # removing it, it has been disabled to try to give those that use it the |
| 37 | # opportunity to upstream their backend implementation |
Ed Tanous | 0cd5f78 | 2022-04-26 16:09:09 -0700 | [diff] [blame] | 38 | #option( |
| 39 | # 'vm-nbdproxy', |
| 40 | # type: 'feature', value: 'disabled', |
| 41 | # description: 'Enable the Virtual Media WebSocket.' |
| 42 | #) |
| 43 | |
| 44 | option( |
| 45 | 'rest', |
| 46 | type: 'feature', |
| 47 | value: 'disabled', |
| 48 | description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map |
| 49 | Phosphor D-Bus object paths, for example, |
| 50 | /xyz/openbmc_project/logging/entry/enumerate. See |
| 51 | https://github.com/openbmc/docs/blob/master/rest-api.md.''' |
| 52 | ) |
| 53 | |
| 54 | option( |
| 55 | 'redfish', |
| 56 | type: 'feature', |
| 57 | value: 'enabled', |
| 58 | description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See |
| 59 | https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.''' |
| 60 | ) |
| 61 | |
| 62 | option( |
| 63 | 'host-serial-socket', |
| 64 | type: 'feature', |
| 65 | value: 'enabled', |
| 66 | description: '''Enable host serial console WebSocket. Path is /console0. |
| 67 | See https://github.com/openbmc/docs/blob/master/console.md.''' |
| 68 | ) |
| 69 | |
| 70 | option( |
| 71 | 'static-hosting', |
| 72 | type: 'feature', |
| 73 | value: 'enabled', |
| 74 | description: '''Enable serving files from the /usr/share/www directory |
| 75 | as paths under /.''' |
| 76 | ) |
| 77 | |
| 78 | option( |
| 79 | 'redfish-bmc-journal', |
| 80 | type: 'feature', |
Willy Tu | f848367 | 2022-05-10 15:08:10 -0700 | [diff] [blame] | 81 | value: 'enabled', |
Ed Tanous | 0cd5f78 | 2022-04-26 16:09:09 -0700 | [diff] [blame] | 82 | description: '''Enable BMC journal access through Redfish. Paths are under |
| 83 | /redfish/v1/Managers/bmc/LogServices/Journal.''' |
| 84 | ) |
| 85 | |
| 86 | option( |
| 87 | 'redfish-cpu-log', |
| 88 | type: 'feature', |
| 89 | value: 'disabled', |
| 90 | description: '''Enable CPU log service transactions through Redfish. Paths |
| 91 | are under /redfish/v1/Systems/system/LogServices/Crashdump'.''' |
| 92 | ) |
| 93 | |
| 94 | option( |
| 95 | 'redfish-dump-log', |
| 96 | type: 'feature', |
| 97 | value: 'disabled', |
| 98 | description: '''Enable Dump log service transactions through Redfish. Paths |
| 99 | are under /redfish/v1/Systems/system/LogServices/Dump |
| 100 | and /redfish/v1/Managers/bmc/LogServices/Dump''' |
| 101 | ) |
| 102 | |
| 103 | option( |
| 104 | 'redfish-dbus-log', |
| 105 | type: 'feature', |
| 106 | value: 'disabled', |
| 107 | description: '''Enable DBUS log service transactions through Redfish. Paths |
| 108 | are under |
| 109 | /redfish/v1/Systems/system/LogServices/EventLog/Entries''' |
| 110 | ) |
| 111 | |
| 112 | option( |
| 113 | 'redfish-host-logger', |
| 114 | type: 'feature', |
| 115 | value: 'enabled', |
| 116 | description: '''Enable host log service transactions based on |
| 117 | phosphor-hostlogger through Redfish. Paths are under |
| 118 | /redfish/v1/Systems/system/LogServices/HostLogger''' |
| 119 | ) |
| 120 | |
| 121 | option( |
Ninad Palsule | 5fd0aaf | 2023-04-20 15:11:21 -0500 | [diff] [blame^] | 122 | 'redfish-enable-proccessor-memory-status', |
| 123 | type: 'feature', |
| 124 | value: 'disabled', |
| 125 | description: '''Enable/disable the deprecated processor and memory summary |
| 126 | status. The default condition is disabling the processor |
| 127 | and memory summary status. This option will be removed in |
| 128 | 1Q 2024.''' |
| 129 | ) |
| 130 | |
| 131 | option( |
Ed Tanous | 0cd5f78 | 2022-04-26 16:09:09 -0700 | [diff] [blame] | 132 | 'redfish-provisioning-feature', |
| 133 | type: 'feature', |
| 134 | value: 'disabled', |
| 135 | description: '''Enable provisioning feature support in redfish. Paths are |
| 136 | under /redfish/v1/Systems/system/''' |
| 137 | ) |
| 138 | |
| 139 | option( |
| 140 | 'bmcweb-logging', |
Myung Bae | 662aa6e | 2023-01-10 14:20:28 -0600 | [diff] [blame] | 141 | type: 'combo', |
| 142 | choices : [ 'disabled', 'enabled', 'debug', 'info', 'warning', 'error', 'critical' ], |
Ed Tanous | 0cd5f78 | 2022-04-26 16:09:09 -0700 | [diff] [blame] | 143 | value: 'disabled', |
Myung Bae | 662aa6e | 2023-01-10 14:20:28 -0600 | [diff] [blame] | 144 | description: '''Enable output the extended logging level. |
| 145 | - disabled: disable bmcweb log traces. |
| 146 | - enabled: treated as 'debug' |
| 147 | - For the other logging level option, see DEVELOPING.md.''' |
Ed Tanous | 0cd5f78 | 2022-04-26 16:09:09 -0700 | [diff] [blame] | 148 | ) |
| 149 | |
| 150 | option( |
| 151 | 'basic-auth', |
| 152 | type: 'feature', |
| 153 | value: 'enabled', |
| 154 | description: 'Enable basic authentication' |
| 155 | ) |
| 156 | |
| 157 | option( |
| 158 | 'session-auth', |
| 159 | type: 'feature', |
| 160 | value: 'enabled', |
| 161 | description: 'Enable session authentication' |
| 162 | ) |
| 163 | |
| 164 | option( |
| 165 | 'xtoken-auth', |
| 166 | type: 'feature', |
| 167 | value: 'enabled', |
| 168 | description: 'Enable xtoken authentication' |
| 169 | ) |
| 170 | |
| 171 | option( |
| 172 | 'cookie-auth', |
| 173 | type: 'feature', |
| 174 | value: 'enabled', |
| 175 | description: 'Enable cookie authentication' |
| 176 | ) |
| 177 | |
| 178 | option( |
| 179 | 'mutual-tls-auth', |
| 180 | type: 'feature', |
| 181 | value: 'enabled', |
| 182 | description: '''Enables authenticating users through TLS client |
| 183 | certificates. The insecure-disable-ssl must be disabled for |
| 184 | this option to take effect.''' |
| 185 | ) |
| 186 | |
| 187 | option( |
| 188 | 'ibm-management-console', |
| 189 | type: 'feature', |
| 190 | value: 'disabled', |
| 191 | description: '''Enable the IBM management console specific functionality. |
| 192 | Paths are under /ibm/v1/''' |
| 193 | ) |
| 194 | |
| 195 | option( |
| 196 | 'google-api', |
| 197 | type: 'feature', |
| 198 | value: 'disabled', |
| 199 | description: '''Enable the Google specific functionality. Paths are under |
| 200 | /google/v1/''' |
| 201 | ) |
| 202 | |
| 203 | option( |
| 204 | 'http-body-limit', |
| 205 | type: 'integer', |
| 206 | min: 0, |
| 207 | max: 512, |
| 208 | value: 30, |
| 209 | description: 'Specifies the http request body length limit' |
| 210 | ) |
| 211 | |
| 212 | option( |
| 213 | 'redfish-new-powersubsystem-thermalsubsystem', |
| 214 | type: 'feature', |
| 215 | value: 'disabled', |
| 216 | description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem, |
| 217 | and all children schemas. This includes displaying all |
| 218 | sensors in the SensorCollection. At a later date, this |
| 219 | feature will be defaulted to enabled.''' |
| 220 | ) |
| 221 | |
| 222 | option( |
| 223 | 'redfish-allow-deprecated-power-thermal', |
| 224 | type: 'feature', |
| 225 | value: 'enabled', |
| 226 | description: '''Enable/disable the old Power / Thermal. The default |
| 227 | condition is allowing the old Power / Thermal.''' |
| 228 | ) |
| 229 | |
| 230 | option( |
Gunnar Mills | 54dce7f | 2022-08-05 17:01:32 +0000 | [diff] [blame] | 231 | 'redfish-oem-manager-fan-data', |
| 232 | type: 'feature', |
| 233 | value: 'enabled', |
| 234 | description: '''Enables Redfish OEM fan data on the manager resource. |
| 235 | This includes PID and Stepwise controller data. See |
| 236 | OemManager schema for more detail.''' |
| 237 | ) |
| 238 | |
| 239 | option( |
Ed Tanous | 0cd5f78 | 2022-04-26 16:09:09 -0700 | [diff] [blame] | 240 | 'https_port', |
| 241 | type: 'integer', |
| 242 | min: 1, |
| 243 | max: 65535, |
| 244 | value: 443, |
| 245 | description: 'HTTPS Port number.' |
| 246 | ) |
Manojkiran Eda | af6298d | 2020-05-27 08:51:32 +0530 | [diff] [blame] | 247 | |
Carson Labrado | 7fb3356 | 2022-04-18 23:26:56 +0000 | [diff] [blame] | 248 | option( |
Ed Tanous | f8ca6d7 | 2022-06-28 12:12:03 -0700 | [diff] [blame] | 249 | 'dns-resolver', |
| 250 | type: 'combo', |
| 251 | choices: ['systemd-dbus', 'asio'], |
| 252 | value: 'systemd-dbus', |
| 253 | description: '''Sets which DNS resolver backend should be used. |
| 254 | systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus |
| 255 | support. asio relies on boost::asio::tcp::resolver, but cannot resolve |
| 256 | names when boost threading is disabled.''' |
| 257 | ) |
| 258 | |
| 259 | option( |
Carson Labrado | 7fb3356 | 2022-04-18 23:26:56 +0000 | [diff] [blame] | 260 | 'redfish-aggregation', |
| 261 | type: 'feature', |
| 262 | value: 'disabled', |
| 263 | description: 'Allows this BMC to aggregate resources from satellite BMCs' |
| 264 | ) |
| 265 | |
Manojkiran Eda | af6298d | 2020-05-27 08:51:32 +0530 | [diff] [blame] | 266 | # Insecure options. Every option that starts with a `insecure` flag should |
| 267 | # not be enabled by default for any platform, unless the author fully comprehends |
| 268 | # the implications of doing so.In general, enabling these options will cause security |
| 269 | # problems of varying degrees |
| 270 | |
Ed Tanous | 0cd5f78 | 2022-04-26 16:09:09 -0700 | [diff] [blame] | 271 | option( |
| 272 | 'insecure-disable-csrf', |
| 273 | type: 'feature', |
| 274 | value: 'disabled', |
| 275 | description: '''Disable CSRF prevention checks.Should be set to false for |
| 276 | production systems.''' |
| 277 | ) |
| 278 | |
| 279 | option( |
| 280 | 'insecure-disable-ssl', |
| 281 | type: 'feature', |
| 282 | value: 'disabled', |
| 283 | description: '''Disable SSL ports. Should be set to false for production |
| 284 | systems.''' |
| 285 | ) |
| 286 | |
| 287 | option( |
| 288 | 'insecure-disable-auth', |
| 289 | type: 'feature', |
| 290 | value: 'disabled', |
Nan Zhou | a43ea82 | 2022-05-27 00:42:44 +0000 | [diff] [blame] | 291 | description: '''Disable authentication and authoriztion on all ports. |
| 292 | Should be set to false for production systems.''' |
Ed Tanous | 0cd5f78 | 2022-04-26 16:09:09 -0700 | [diff] [blame] | 293 | ) |
| 294 | |
| 295 | option( |
| 296 | 'insecure-disable-xss', |
| 297 | type: 'feature', |
| 298 | value: 'disabled', |
| 299 | description: 'Disable XSS preventions' |
| 300 | ) |
| 301 | |
| 302 | option( |
| 303 | 'insecure-tftp-update', |
| 304 | type: 'feature', |
| 305 | value: 'disabled', |
| 306 | description: '''Enable TFTP based firmware update transactions through |
| 307 | Redfish UpdateService. SimpleUpdate.''' |
| 308 | ) |
| 309 | |
| 310 | option( |
Ed Tanous | 1aa0c2b | 2022-02-08 12:24:30 +0100 | [diff] [blame] | 311 | 'insecure-ignore-content-type', |
| 312 | type: 'feature', |
| 313 | value: 'enabled', |
| 314 | description: '''Allows parsing PUT/POST/PATCH content as JSON regardless |
| 315 | of the presence of the content-type header. Enabling this |
| 316 | conflicts with the input parsing guidelines, but may be |
| 317 | required to support old clients that may not set the |
| 318 | Content-Type header on payloads.''' |
| 319 | ) |
| 320 | |
| 321 | option( |
Ed Tanous | 0cd5f78 | 2022-04-26 16:09:09 -0700 | [diff] [blame] | 322 | 'insecure-push-style-notification', |
| 323 | type: 'feature', |
| 324 | value: 'disabled', |
| 325 | description: 'Enable HTTP push style eventing feature' |
| 326 | ) |
| 327 | |
| 328 | option( |
| 329 | 'insecure-enable-redfish-query', |
| 330 | type: 'feature', |
| 331 | value: 'disabled', |
| 332 | description: '''Enables Redfish expand query parameter. This feature is |
| 333 | experimental, and has not been tested against the full |
| 334 | limits of user-facing behavior. It is not recommended to |
| 335 | enable on production systems at this time. Other query |
| 336 | parameters such as only are not controlled by this option.''' |
| 337 | ) |
Willy Tu | 13451e3 | 2023-05-24 16:08:18 -0700 | [diff] [blame] | 338 | |
| 339 | option( |
| 340 | 'health-populate', |
| 341 | type: 'feature', |
| 342 | value: 'enabled', |
| 343 | description: '''Enables HealthPopulate and generate the Status property for |
| 344 | the resource''' |
| 345 | ) |
Ninad Palsule | 5fd0aaf | 2023-04-20 15:11:21 -0500 | [diff] [blame^] | 346 | |