blob: 23874027d156768b56d87791260542fff1134d75 [file] [log] [blame]
Manojkiran Edaaf6298d2020-05-27 08:51:32 +05301option('pam', type: 'feature', value : 'enabled', description : 'Built static libraries')
2option('yocto-deps', type: 'feature', value: 'disabled', description : 'Use YOCTO dependencies system')
3option('kvm', type : 'feature',value : 'enabled', description : 'Enable the KVM host video WebSocket. Path is \'/kvm/0\'. Video is from the BMC\'s \'/dev/video\' device.')
4option ('tests', type : 'feature', value : 'enabled', description : 'Enable Unit tests for bmcweb')
5option('vm-websocket', type : 'feature', value : 'enabled', description : '''Enable the Virtual Media WebSocket. Path is \'/vm/0/0\'to open the websocket. See https://github.com/openbmc/jsnbd/blob/master/README.''')
Ed Tanousefb80622021-02-20 11:04:01 -08006
7# if you use this option and are seeing this comment, please comment here:
8# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions
9# for this code. At this point, no daemon has been upstreamed that implements
10# this interface, so for the moment this appears to be dead code; In leiu of
11# removing it, it has been disabled to try to give those that use it the
12# opportunity to upstream their backend implementation
13#option('vm-nbdproxy', type: 'feature', value : 'disabled', description : 'Enable the Virtual Media WebSocket.')
Manojkiran Edaaf6298d2020-05-27 08:51:32 +053014option('rest', type : 'feature', value : 'enabled', description : '''Enable Phosphor REST (D-Bus) APIs. Paths directly map Phosphor D-Bus object paths, for example, \'/xyz/openbmc_project/logging/entry/enumerate\'. See https://github.com/openbmc/docs/blob/master/rest-api.md.''')
15option('redfish', type : 'feature',value : 'enabled', description: 'Enable Redfish APIs. Paths are under \'/redfish/v1/\'. See https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.')
16option('host-serial-socket', type : 'feature', value : 'enabled', description : 'Enable host serial console WebSocket. Path is \'/console0\'. See https://github.com/openbmc/docs/blob/master/console.md.')
17option('static-hosting', type : 'feature', value : 'enabled', description : 'Enable serving files from the \'/usr/share/www\' directory as paths under \'/\'.')
18option('redfish-bmc-journal', type : 'feature', value : 'disabled', description : 'Enable BMC journal access through Redfish. Paths are under \'/redfish/v1/Managers/bmc/LogServices/Journal\'.')
Manojkiran Edaaf6298d2020-05-27 08:51:32 +053019option('redfish-cpu-log', type : 'feature', value : 'disabled', description : '''Enable CPU log service transactions through Redfish. Paths are under \'/redfish/v1/Systems/system/LogServices/Crashdump'.''')
Ravi Teja3fad0d52020-10-16 11:18:02 -050020option('redfish-dump-log', type : 'feature', value : 'disabled', description : 'Enable Dump log service transactions through Redfish. Paths are under \'/redfish/v1/Systems/system/LogServices/Dump\'and \'/redfish/v1/Managers/bmc/LogServices/Dump\'')
Manojkiran Edaaf6298d2020-05-27 08:51:32 +053021option('redfish-dbus-log', type : 'feature', value : 'disabled', description : 'Enable DBUS log service transactions through Redfish. Paths are under \'/redfish/v1/Systems/system/LogServices/EventLog/Entries\'')
22option('redfish-provisioning-feature', type : 'feature', value : 'disabled', description : 'Enable provisioning feature support in redfish. Paths are under \'/redfish/v1/Systems/system/\'')
23option('bmcweb-logging', type : 'feature', value : 'disabled', description : 'Enable output the extended debug logs')
Alan Kuof16f6262020-12-08 19:29:59 +080024option('basic-auth', type : 'feature', value : 'enabled', description : '''Enable basic authentication''')
25option('session-auth', type : 'feature', value : 'enabled', description : '''Enable session authentication''')
26option('xtoken-auth', type : 'feature', value : 'enabled', description : '''Enable xtoken authentication''')
27option('cookie-auth', type : 'feature', value : 'enabled', description : '''Enable cookie authentication''')
Manojkiran Edaaf6298d2020-05-27 08:51:32 +053028option('mutual-tls-auth', type : 'feature', value : 'enabled', description : '''Enables authenticating users through TLS client certificates. The insecure-disable-ssl must be disabled for this option to take effect.''')
29option('ibm-management-console', type : 'feature', value : 'disabled', description : 'Enable the IBM management console specific functionality. Paths are under \'/ibm/v1/\'')
Feras Aldahlawi735ef6d2021-03-19 14:01:46 -070030option('google-api', type : 'feature', value : 'disabled', description : 'Enable the Google specific functionality. Paths are under \'/google/v1/\'')
Ed Tanousb9c0b582020-10-07 11:57:19 -070031option('http-body-limit', type: 'integer', min : 0, max : 512, value : 30, description : 'Specifies the http request body length limit')
Johnathan Mantey2db77d32020-11-20 08:51:11 -080032option('redfish-allow-deprecated-hostname-patch', type : 'feature', value : 'disabled', description : 'Enable/disable Managers/bmc/NetworkProtocol HostName PATCH commands. The default condition is to prevent HostName changes from this URI, following the Redfish schema. Enabling this switch permits the HostName to be PATCHed at this URI. In Q4 2021 this feature will be removed, and the Redfish schema enforced, making the HostName read-only.')
zhanghch050256b692021-06-12 10:26:52 +080033option('redfish-allow-deprecated-power-thermal', type : 'feature', value : 'enabled', description : 'Enable/disable the old Power / Thermal. The default condition is allowing the old Power / Thermal.')
Vivekanand Veeracholan54d13552021-06-14 19:16:36 -070034option ('https_port', type : 'integer', min : 1, max : 65535, value : 443, description : 'HTTPS Port number.')
Manojkiran Edaaf6298d2020-05-27 08:51:32 +053035
36# Insecure options. Every option that starts with a `insecure` flag should
37# not be enabled by default for any platform, unless the author fully comprehends
38# the implications of doing so.In general, enabling these options will cause security
39# problems of varying degrees
40
41option ('insecure-disable-csrf', type : 'feature', value : 'disabled', description : 'Disable CSRF prevention checks.Should be set to false for production systems.')
42option ('insecure-disable-ssl', type : 'feature', value : 'disabled', description : 'Disable SSL ports. Should be set to false for production systems.')
43option ('insecure-disable-auth', type : 'feature', value : 'disabled', description : 'Disable authentication on all ports. Should be set to false for production systems')
44option ('insecure-disable-xss', type : 'feature', value : 'disabled', description : 'Disable XSS preventions')
45option ('insecure-tftp-update', type : 'feature', value : 'disabled', description : '''Enable TFTP based firmware update transactions through Redfish UpdateService.SimpleUpdate.''')
46option ('insecure-push-style-notification',type : 'feature', value : 'disabled', description : 'Enable HTTP push style eventing feature')