blob: 31095007f0b2bebd2ea1cd9af4d813ba966c1436 [file] [log] [blame]
Ed Tanous0cd5f782022-04-26 16:09:09 -07001option(
2 'yocto-deps',
3 type: 'feature',
4 value: 'disabled',
5 description: 'Use YOCTO dependencies system'
6)
7
8option(
9 'kvm',
10 type: 'feature',
11 value: 'enabled',
12 description: '''Enable the KVM host video WebSocket. Path is /kvm/0.
13 Video is from the BMCs /dev/videodevice.'''
14)
15
16option(
17 'tests',
18 type: 'feature',
19 value: 'enabled',
20 description: 'Enable Unit tests for bmcweb'
21)
22
23option(
24 'vm-websocket',
25 type: 'feature',
26 value: 'enabled',
27 description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 to
28 open the websocket. See
29 https://github.com/openbmc/jsnbd/blob/master/README.'''
30)
Ed Tanousefb80622021-02-20 11:04:01 -080031
32# if you use this option and are seeing this comment, please comment here:
33# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions
34# for this code. At this point, no daemon has been upstreamed that implements
35# this interface, so for the moment this appears to be dead code; In leiu of
36# removing it, it has been disabled to try to give those that use it the
37# opportunity to upstream their backend implementation
Ed Tanous0cd5f782022-04-26 16:09:09 -070038#option(
39# 'vm-nbdproxy',
40# type: 'feature', value: 'disabled',
41# description: 'Enable the Virtual Media WebSocket.'
42#)
43
44option(
45 'rest',
46 type: 'feature',
47 value: 'disabled',
48 description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map
49 Phosphor D-Bus object paths, for example,
50 /xyz/openbmc_project/logging/entry/enumerate. See
51 https://github.com/openbmc/docs/blob/master/rest-api.md.'''
52)
53
54option(
55 'redfish',
56 type: 'feature',
57 value: 'enabled',
58 description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See
59 https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.'''
60)
61
62option(
63 'host-serial-socket',
64 type: 'feature',
65 value: 'enabled',
66 description: '''Enable host serial console WebSocket. Path is /console0.
67 See https://github.com/openbmc/docs/blob/master/console.md.'''
68)
69
70option(
71 'static-hosting',
72 type: 'feature',
73 value: 'enabled',
74 description: '''Enable serving files from the /usr/share/www directory
75 as paths under /.'''
76)
77
78option(
79 'redfish-bmc-journal',
80 type: 'feature',
Willy Tuf8483672022-05-10 15:08:10 -070081 value: 'enabled',
Ed Tanous0cd5f782022-04-26 16:09:09 -070082 description: '''Enable BMC journal access through Redfish. Paths are under
83 /redfish/v1/Managers/bmc/LogServices/Journal.'''
84)
85
86option(
87 'redfish-cpu-log',
88 type: 'feature',
89 value: 'disabled',
90 description: '''Enable CPU log service transactions through Redfish. Paths
91 are under /redfish/v1/Systems/system/LogServices/Crashdump'.'''
92)
93
94option(
95 'redfish-dump-log',
96 type: 'feature',
97 value: 'disabled',
98 description: '''Enable Dump log service transactions through Redfish. Paths
99 are under /redfish/v1/Systems/system/LogServices/Dump
100 and /redfish/v1/Managers/bmc/LogServices/Dump'''
101)
102
103option(
104 'redfish-dbus-log',
105 type: 'feature',
106 value: 'disabled',
107 description: '''Enable DBUS log service transactions through Redfish. Paths
108 are under
109 /redfish/v1/Systems/system/LogServices/EventLog/Entries'''
110)
111
112option(
113 'redfish-host-logger',
114 type: 'feature',
115 value: 'enabled',
116 description: '''Enable host log service transactions based on
117 phosphor-hostlogger through Redfish. Paths are under
118 /redfish/v1/Systems/system/LogServices/HostLogger'''
119)
120
121option(
Ninad Palsule5fd0aaf2023-04-20 15:11:21 -0500122 'redfish-enable-proccessor-memory-status',
123 type: 'feature',
124 value: 'disabled',
125 description: '''Enable/disable the deprecated processor and memory summary
126 status. The default condition is disabling the processor
127 and memory summary status. This option will be removed in
128 1Q 2024.'''
129)
130
131option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700132 'redfish-provisioning-feature',
133 type: 'feature',
134 value: 'disabled',
135 description: '''Enable provisioning feature support in redfish. Paths are
136 under /redfish/v1/Systems/system/'''
137)
138
139option(
140 'bmcweb-logging',
Myung Bae662aa6e2023-01-10 14:20:28 -0600141 type: 'combo',
142 choices : [ 'disabled', 'enabled', 'debug', 'info', 'warning', 'error', 'critical' ],
Ed Tanous0cd5f782022-04-26 16:09:09 -0700143 value: 'disabled',
Myung Bae662aa6e2023-01-10 14:20:28 -0600144 description: '''Enable output the extended logging level.
145 - disabled: disable bmcweb log traces.
146 - enabled: treated as 'debug'
147 - For the other logging level option, see DEVELOPING.md.'''
Ed Tanous0cd5f782022-04-26 16:09:09 -0700148)
149
150option(
151 'basic-auth',
152 type: 'feature',
153 value: 'enabled',
154 description: 'Enable basic authentication'
155)
156
157option(
158 'session-auth',
159 type: 'feature',
160 value: 'enabled',
161 description: 'Enable session authentication'
162)
163
164option(
165 'xtoken-auth',
166 type: 'feature',
167 value: 'enabled',
168 description: 'Enable xtoken authentication'
169)
170
171option(
172 'cookie-auth',
173 type: 'feature',
174 value: 'enabled',
175 description: 'Enable cookie authentication'
176)
177
178option(
179 'mutual-tls-auth',
180 type: 'feature',
181 value: 'enabled',
182 description: '''Enables authenticating users through TLS client
183 certificates. The insecure-disable-ssl must be disabled for
184 this option to take effect.'''
185)
186
187option(
188 'ibm-management-console',
189 type: 'feature',
190 value: 'disabled',
191 description: '''Enable the IBM management console specific functionality.
192 Paths are under /ibm/v1/'''
193)
194
195option(
196 'google-api',
197 type: 'feature',
198 value: 'disabled',
199 description: '''Enable the Google specific functionality. Paths are under
200 /google/v1/'''
201)
202
203option(
204 'http-body-limit',
205 type: 'integer',
206 min: 0,
207 max: 512,
208 value: 30,
209 description: 'Specifies the http request body length limit'
210)
211
212option(
213 'redfish-new-powersubsystem-thermalsubsystem',
214 type: 'feature',
215 value: 'disabled',
216 description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem,
217 and all children schemas. This includes displaying all
218 sensors in the SensorCollection. At a later date, this
219 feature will be defaulted to enabled.'''
220)
221
222option(
223 'redfish-allow-deprecated-power-thermal',
224 type: 'feature',
225 value: 'enabled',
226 description: '''Enable/disable the old Power / Thermal. The default
227 condition is allowing the old Power / Thermal.'''
228)
229
230option(
Gunnar Mills54dce7f2022-08-05 17:01:32 +0000231 'redfish-oem-manager-fan-data',
232 type: 'feature',
233 value: 'enabled',
234 description: '''Enables Redfish OEM fan data on the manager resource.
235 This includes PID and Stepwise controller data. See
236 OemManager schema for more detail.'''
237)
238
239option(
Ed Tanous6f8273e2023-05-31 12:44:26 -0700240 'redfish-health-populate',
241 type: 'feature',
242 value: 'disabled',
243 description: '''Enables HealthPopulate and generate the Status property for
244 the resource. This option will be removed Q1 2024'''
245)
246
247option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700248 'https_port',
249 type: 'integer',
250 min: 1,
251 max: 65535,
252 value: 443,
253 description: 'HTTPS Port number.'
254)
Manojkiran Edaaf6298d2020-05-27 08:51:32 +0530255
Carson Labrado7fb33562022-04-18 23:26:56 +0000256option(
Ed Tanousf8ca6d72022-06-28 12:12:03 -0700257 'dns-resolver',
258 type: 'combo',
259 choices: ['systemd-dbus', 'asio'],
260 value: 'systemd-dbus',
261 description: '''Sets which DNS resolver backend should be used.
262 systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus
263 support. asio relies on boost::asio::tcp::resolver, but cannot resolve
264 names when boost threading is disabled.'''
265)
266
267option(
Carson Labrado7fb33562022-04-18 23:26:56 +0000268 'redfish-aggregation',
269 type: 'feature',
270 value: 'disabled',
271 description: 'Allows this BMC to aggregate resources from satellite BMCs'
272)
273
Manojkiran Edaaf6298d2020-05-27 08:51:32 +0530274# Insecure options. Every option that starts with a `insecure` flag should
275# not be enabled by default for any platform, unless the author fully comprehends
276# the implications of doing so.In general, enabling these options will cause security
277# problems of varying degrees
278
Ed Tanous0cd5f782022-04-26 16:09:09 -0700279option(
280 'insecure-disable-csrf',
281 type: 'feature',
282 value: 'disabled',
283 description: '''Disable CSRF prevention checks.Should be set to false for
284 production systems.'''
285)
286
287option(
288 'insecure-disable-ssl',
289 type: 'feature',
290 value: 'disabled',
291 description: '''Disable SSL ports. Should be set to false for production
292 systems.'''
293)
294
295option(
296 'insecure-disable-auth',
297 type: 'feature',
298 value: 'disabled',
Nan Zhoua43ea822022-05-27 00:42:44 +0000299 description: '''Disable authentication and authoriztion on all ports.
300 Should be set to false for production systems.'''
Ed Tanous0cd5f782022-04-26 16:09:09 -0700301)
302
303option(
304 'insecure-disable-xss',
305 type: 'feature',
306 value: 'disabled',
307 description: 'Disable XSS preventions'
308)
309
310option(
311 'insecure-tftp-update',
312 type: 'feature',
313 value: 'disabled',
314 description: '''Enable TFTP based firmware update transactions through
315 Redfish UpdateService. SimpleUpdate.'''
316)
317
318option(
Ed Tanous1aa0c2b2022-02-08 12:24:30 +0100319 'insecure-ignore-content-type',
320 type: 'feature',
321 value: 'enabled',
322 description: '''Allows parsing PUT/POST/PATCH content as JSON regardless
323 of the presence of the content-type header. Enabling this
324 conflicts with the input parsing guidelines, but may be
325 required to support old clients that may not set the
326 Content-Type header on payloads.'''
327)
328
329option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700330 'insecure-push-style-notification',
331 type: 'feature',
332 value: 'disabled',
333 description: 'Enable HTTP push style eventing feature'
334)
335
336option(
337 'insecure-enable-redfish-query',
338 type: 'feature',
339 value: 'disabled',
340 description: '''Enables Redfish expand query parameter. This feature is
341 experimental, and has not been tested against the full
342 limits of user-facing behavior. It is not recommended to
343 enable on production systems at this time. Other query
344 parameters such as only are not controlled by this option.'''
345)