blob: 0bf2c3507a938505e73f15f046470ae9d79b0755 [file] [log] [blame]
Ed Tanous0cd5f782022-04-26 16:09:09 -07001option(
2 'yocto-deps',
3 type: 'feature',
4 value: 'disabled',
5 description: 'Use YOCTO dependencies system'
6)
7
8option(
9 'kvm',
10 type: 'feature',
11 value: 'enabled',
12 description: '''Enable the KVM host video WebSocket. Path is /kvm/0.
13 Video is from the BMCs /dev/videodevice.'''
14)
15
16option(
17 'tests',
18 type: 'feature',
19 value: 'enabled',
20 description: 'Enable Unit tests for bmcweb'
21)
22
23option(
24 'vm-websocket',
25 type: 'feature',
26 value: 'enabled',
27 description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 to
28 open the websocket. See
29 https://github.com/openbmc/jsnbd/blob/master/README.'''
30)
Ed Tanousefb80622021-02-20 11:04:01 -080031
32# if you use this option and are seeing this comment, please comment here:
33# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions
34# for this code. At this point, no daemon has been upstreamed that implements
35# this interface, so for the moment this appears to be dead code; In leiu of
36# removing it, it has been disabled to try to give those that use it the
37# opportunity to upstream their backend implementation
Ed Tanous0cd5f782022-04-26 16:09:09 -070038#option(
39# 'vm-nbdproxy',
40# type: 'feature', value: 'disabled',
41# description: 'Enable the Virtual Media WebSocket.'
42#)
43
44option(
45 'rest',
46 type: 'feature',
47 value: 'disabled',
48 description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map
49 Phosphor D-Bus object paths, for example,
50 /xyz/openbmc_project/logging/entry/enumerate. See
51 https://github.com/openbmc/docs/blob/master/rest-api.md.'''
52)
53
54option(
55 'redfish',
56 type: 'feature',
57 value: 'enabled',
58 description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See
59 https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.'''
60)
61
62option(
63 'host-serial-socket',
64 type: 'feature',
65 value: 'enabled',
66 description: '''Enable host serial console WebSocket. Path is /console0.
67 See https://github.com/openbmc/docs/blob/master/console.md.'''
68)
69
70option(
71 'static-hosting',
72 type: 'feature',
73 value: 'enabled',
74 description: '''Enable serving files from the /usr/share/www directory
75 as paths under /.'''
76)
77
78option(
79 'redfish-bmc-journal',
80 type: 'feature',
Willy Tuf8483672022-05-10 15:08:10 -070081 value: 'enabled',
Ed Tanous0cd5f782022-04-26 16:09:09 -070082 description: '''Enable BMC journal access through Redfish. Paths are under
83 /redfish/v1/Managers/bmc/LogServices/Journal.'''
84)
85
86option(
87 'redfish-cpu-log',
88 type: 'feature',
89 value: 'disabled',
90 description: '''Enable CPU log service transactions through Redfish. Paths
91 are under /redfish/v1/Systems/system/LogServices/Crashdump'.'''
92)
93
94option(
95 'redfish-dump-log',
96 type: 'feature',
97 value: 'disabled',
98 description: '''Enable Dump log service transactions through Redfish. Paths
99 are under /redfish/v1/Systems/system/LogServices/Dump
100 and /redfish/v1/Managers/bmc/LogServices/Dump'''
101)
102
103option(
104 'redfish-dbus-log',
105 type: 'feature',
106 value: 'disabled',
107 description: '''Enable DBUS log service transactions through Redfish. Paths
108 are under
109 /redfish/v1/Systems/system/LogServices/EventLog/Entries'''
110)
111
112option(
113 'redfish-host-logger',
114 type: 'feature',
115 value: 'enabled',
116 description: '''Enable host log service transactions based on
117 phosphor-hostlogger through Redfish. Paths are under
118 /redfish/v1/Systems/system/LogServices/HostLogger'''
119)
120
121option(
122 'redfish-provisioning-feature',
123 type: 'feature',
124 value: 'disabled',
125 description: '''Enable provisioning feature support in redfish. Paths are
126 under /redfish/v1/Systems/system/'''
127)
128
129option(
130 'bmcweb-logging',
Myung Bae662aa6e2023-01-10 14:20:28 -0600131 type: 'combo',
132 choices : [ 'disabled', 'enabled', 'debug', 'info', 'warning', 'error', 'critical' ],
Ed Tanous0cd5f782022-04-26 16:09:09 -0700133 value: 'disabled',
Myung Bae662aa6e2023-01-10 14:20:28 -0600134 description: '''Enable output the extended logging level.
135 - disabled: disable bmcweb log traces.
136 - enabled: treated as 'debug'
137 - For the other logging level option, see DEVELOPING.md.'''
Ed Tanous0cd5f782022-04-26 16:09:09 -0700138)
139
140option(
141 'basic-auth',
142 type: 'feature',
143 value: 'enabled',
144 description: 'Enable basic authentication'
145)
146
147option(
148 'session-auth',
149 type: 'feature',
150 value: 'enabled',
151 description: 'Enable session authentication'
152)
153
154option(
155 'xtoken-auth',
156 type: 'feature',
157 value: 'enabled',
158 description: 'Enable xtoken authentication'
159)
160
161option(
162 'cookie-auth',
163 type: 'feature',
164 value: 'enabled',
165 description: 'Enable cookie authentication'
166)
167
168option(
169 'mutual-tls-auth',
170 type: 'feature',
171 value: 'enabled',
172 description: '''Enables authenticating users through TLS client
173 certificates. The insecure-disable-ssl must be disabled for
174 this option to take effect.'''
175)
176
177option(
178 'ibm-management-console',
179 type: 'feature',
180 value: 'disabled',
181 description: '''Enable the IBM management console specific functionality.
182 Paths are under /ibm/v1/'''
183)
184
185option(
186 'google-api',
187 type: 'feature',
188 value: 'disabled',
189 description: '''Enable the Google specific functionality. Paths are under
190 /google/v1/'''
191)
192
193option(
194 'http-body-limit',
195 type: 'integer',
196 min: 0,
197 max: 512,
198 value: 30,
199 description: 'Specifies the http request body length limit'
200)
201
202option(
203 'redfish-new-powersubsystem-thermalsubsystem',
204 type: 'feature',
205 value: 'disabled',
206 description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem,
207 and all children schemas. This includes displaying all
208 sensors in the SensorCollection. At a later date, this
209 feature will be defaulted to enabled.'''
210)
211
212option(
213 'redfish-allow-deprecated-power-thermal',
214 type: 'feature',
215 value: 'enabled',
216 description: '''Enable/disable the old Power / Thermal. The default
217 condition is allowing the old Power / Thermal.'''
218)
219
220option(
Ed Tanous4dc23f32022-05-11 11:32:19 -0700221 'redfish-post-to-old-updateservice',
222 type: 'feature',
Ed Tanous4e7f9312023-02-07 14:00:10 -0800223 value: 'disabled',
Ed Tanous4dc23f32022-05-11 11:32:19 -0700224 description: '''Allows POST to /redfish/v1/UpdateService, counter to
225 the redfish specification. Option provided to allow
226 potential users to move away from using this endpoint.
Ed Tanous4e7f9312023-02-07 14:00:10 -0800227 Option will be removed Q2 2023.'''
Ed Tanous4dc23f32022-05-11 11:32:19 -0700228)
229
Ed Tanous4dc23f32022-05-11 11:32:19 -0700230option(
Gunnar Mills54dce7f2022-08-05 17:01:32 +0000231 'redfish-oem-manager-fan-data',
232 type: 'feature',
233 value: 'enabled',
234 description: '''Enables Redfish OEM fan data on the manager resource.
235 This includes PID and Stepwise controller data. See
236 OemManager schema for more detail.'''
237)
238
239option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700240 'https_port',
241 type: 'integer',
242 min: 1,
243 max: 65535,
244 value: 443,
245 description: 'HTTPS Port number.'
246)
Manojkiran Edaaf6298d2020-05-27 08:51:32 +0530247
Carson Labrado7fb33562022-04-18 23:26:56 +0000248option(
249 'redfish-aggregation',
250 type: 'feature',
251 value: 'disabled',
252 description: 'Allows this BMC to aggregate resources from satellite BMCs'
253)
254
Manojkiran Edaaf6298d2020-05-27 08:51:32 +0530255# Insecure options. Every option that starts with a `insecure` flag should
256# not be enabled by default for any platform, unless the author fully comprehends
257# the implications of doing so.In general, enabling these options will cause security
258# problems of varying degrees
259
Ed Tanous0cd5f782022-04-26 16:09:09 -0700260option(
261 'insecure-disable-csrf',
262 type: 'feature',
263 value: 'disabled',
264 description: '''Disable CSRF prevention checks.Should be set to false for
265 production systems.'''
266)
267
268option(
269 'insecure-disable-ssl',
270 type: 'feature',
271 value: 'disabled',
272 description: '''Disable SSL ports. Should be set to false for production
273 systems.'''
274)
275
276option(
277 'insecure-disable-auth',
278 type: 'feature',
279 value: 'disabled',
Nan Zhoua43ea822022-05-27 00:42:44 +0000280 description: '''Disable authentication and authoriztion on all ports.
281 Should be set to false for production systems.'''
Ed Tanous0cd5f782022-04-26 16:09:09 -0700282)
283
284option(
285 'insecure-disable-xss',
286 type: 'feature',
287 value: 'disabled',
288 description: 'Disable XSS preventions'
289)
290
291option(
292 'insecure-tftp-update',
293 type: 'feature',
294 value: 'disabled',
295 description: '''Enable TFTP based firmware update transactions through
296 Redfish UpdateService. SimpleUpdate.'''
297)
298
299option(
Ed Tanous1aa0c2b2022-02-08 12:24:30 +0100300 'insecure-ignore-content-type',
301 type: 'feature',
302 value: 'enabled',
303 description: '''Allows parsing PUT/POST/PATCH content as JSON regardless
304 of the presence of the content-type header. Enabling this
305 conflicts with the input parsing guidelines, but may be
306 required to support old clients that may not set the
307 Content-Type header on payloads.'''
308)
309
310option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700311 'insecure-push-style-notification',
312 type: 'feature',
313 value: 'disabled',
314 description: 'Enable HTTP push style eventing feature'
315)
316
317option(
318 'insecure-enable-redfish-query',
319 type: 'feature',
320 value: 'disabled',
321 description: '''Enables Redfish expand query parameter. This feature is
322 experimental, and has not been tested against the full
323 limits of user-facing behavior. It is not recommended to
324 enable on production systems at this time. Other query
325 parameters such as only are not controlled by this option.'''
326)