blob: 57fb8ce05e3be381c229b71e1697bd24230321c0 [file] [log] [blame]
Ed Tanous0cd5f782022-04-26 16:09:09 -07001option(
2 'yocto-deps',
3 type: 'feature',
4 value: 'disabled',
5 description: 'Use YOCTO dependencies system'
6)
7
8option(
9 'kvm',
10 type: 'feature',
11 value: 'enabled',
12 description: '''Enable the KVM host video WebSocket. Path is /kvm/0.
13 Video is from the BMCs /dev/videodevice.'''
14)
15
16option(
17 'tests',
18 type: 'feature',
19 value: 'enabled',
20 description: 'Enable Unit tests for bmcweb'
21)
22
23option(
24 'vm-websocket',
25 type: 'feature',
26 value: 'enabled',
27 description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 to
28 open the websocket. See
29 https://github.com/openbmc/jsnbd/blob/master/README.'''
30)
Ed Tanousefb80622021-02-20 11:04:01 -080031
32# if you use this option and are seeing this comment, please comment here:
33# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions
34# for this code. At this point, no daemon has been upstreamed that implements
35# this interface, so for the moment this appears to be dead code; In leiu of
36# removing it, it has been disabled to try to give those that use it the
37# opportunity to upstream their backend implementation
Ed Tanous0cd5f782022-04-26 16:09:09 -070038#option(
39# 'vm-nbdproxy',
40# type: 'feature', value: 'disabled',
41# description: 'Enable the Virtual Media WebSocket.'
42#)
43
44option(
45 'rest',
46 type: 'feature',
47 value: 'disabled',
48 description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map
49 Phosphor D-Bus object paths, for example,
50 /xyz/openbmc_project/logging/entry/enumerate. See
51 https://github.com/openbmc/docs/blob/master/rest-api.md.'''
52)
53
54option(
55 'redfish',
56 type: 'feature',
57 value: 'enabled',
58 description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See
59 https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.'''
60)
61
62option(
63 'host-serial-socket',
64 type: 'feature',
65 value: 'enabled',
66 description: '''Enable host serial console WebSocket. Path is /console0.
67 See https://github.com/openbmc/docs/blob/master/console.md.'''
68)
69
70option(
71 'static-hosting',
72 type: 'feature',
73 value: 'enabled',
74 description: '''Enable serving files from the /usr/share/www directory
75 as paths under /.'''
76)
77
78option(
79 'redfish-bmc-journal',
80 type: 'feature',
Willy Tuf8483672022-05-10 15:08:10 -070081 value: 'enabled',
Ed Tanous0cd5f782022-04-26 16:09:09 -070082 description: '''Enable BMC journal access through Redfish. Paths are under
83 /redfish/v1/Managers/bmc/LogServices/Journal.'''
84)
85
86option(
87 'redfish-cpu-log',
88 type: 'feature',
89 value: 'disabled',
90 description: '''Enable CPU log service transactions through Redfish. Paths
91 are under /redfish/v1/Systems/system/LogServices/Crashdump'.'''
92)
93
94option(
95 'redfish-dump-log',
96 type: 'feature',
97 value: 'disabled',
98 description: '''Enable Dump log service transactions through Redfish. Paths
99 are under /redfish/v1/Systems/system/LogServices/Dump
100 and /redfish/v1/Managers/bmc/LogServices/Dump'''
101)
102
103option(
104 'redfish-dbus-log',
105 type: 'feature',
106 value: 'disabled',
107 description: '''Enable DBUS log service transactions through Redfish. Paths
108 are under
109 /redfish/v1/Systems/system/LogServices/EventLog/Entries'''
110)
111
112option(
113 'redfish-host-logger',
114 type: 'feature',
115 value: 'enabled',
116 description: '''Enable host log service transactions based on
117 phosphor-hostlogger through Redfish. Paths are under
118 /redfish/v1/Systems/system/LogServices/HostLogger'''
119)
120
121option(
122 'redfish-provisioning-feature',
123 type: 'feature',
124 value: 'disabled',
125 description: '''Enable provisioning feature support in redfish. Paths are
126 under /redfish/v1/Systems/system/'''
127)
128
129option(
130 'bmcweb-logging',
131 type: 'feature',
132 value: 'disabled',
133 description: 'Enable output the extended debug logs'
134)
135
136option(
137 'basic-auth',
138 type: 'feature',
139 value: 'enabled',
140 description: 'Enable basic authentication'
141)
142
143option(
144 'session-auth',
145 type: 'feature',
146 value: 'enabled',
147 description: 'Enable session authentication'
148)
149
150option(
151 'xtoken-auth',
152 type: 'feature',
153 value: 'enabled',
154 description: 'Enable xtoken authentication'
155)
156
157option(
158 'cookie-auth',
159 type: 'feature',
160 value: 'enabled',
161 description: 'Enable cookie authentication'
162)
163
164option(
165 'mutual-tls-auth',
166 type: 'feature',
167 value: 'enabled',
168 description: '''Enables authenticating users through TLS client
169 certificates. The insecure-disable-ssl must be disabled for
170 this option to take effect.'''
171)
172
173option(
174 'ibm-management-console',
175 type: 'feature',
176 value: 'disabled',
177 description: '''Enable the IBM management console specific functionality.
178 Paths are under /ibm/v1/'''
179)
180
181option(
182 'google-api',
183 type: 'feature',
184 value: 'disabled',
185 description: '''Enable the Google specific functionality. Paths are under
186 /google/v1/'''
187)
188
189option(
190 'http-body-limit',
191 type: 'integer',
192 min: 0,
193 max: 512,
194 value: 30,
195 description: 'Specifies the http request body length limit'
196)
197
198option(
199 'redfish-new-powersubsystem-thermalsubsystem',
200 type: 'feature',
201 value: 'disabled',
202 description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem,
203 and all children schemas. This includes displaying all
204 sensors in the SensorCollection. At a later date, this
205 feature will be defaulted to enabled.'''
206)
207
208option(
209 'redfish-allow-deprecated-power-thermal',
210 type: 'feature',
211 value: 'enabled',
212 description: '''Enable/disable the old Power / Thermal. The default
213 condition is allowing the old Power / Thermal.'''
214)
215
216option(
Ed Tanous4dc23f32022-05-11 11:32:19 -0700217 'redfish-post-to-old-updateservice',
218 type: 'feature',
Ed Tanous4e7f9312023-02-07 14:00:10 -0800219 value: 'disabled',
Ed Tanous4dc23f32022-05-11 11:32:19 -0700220 description: '''Allows POST to /redfish/v1/UpdateService, counter to
221 the redfish specification. Option provided to allow
222 potential users to move away from using this endpoint.
Ed Tanous4e7f9312023-02-07 14:00:10 -0800223 Option will be removed Q2 2023.'''
Ed Tanous4dc23f32022-05-11 11:32:19 -0700224)
225
Ed Tanous4dc23f32022-05-11 11:32:19 -0700226option(
Gunnar Mills54dce7f2022-08-05 17:01:32 +0000227 'redfish-oem-manager-fan-data',
228 type: 'feature',
229 value: 'enabled',
230 description: '''Enables Redfish OEM fan data on the manager resource.
231 This includes PID and Stepwise controller data. See
232 OemManager schema for more detail.'''
233)
234
235option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700236 'https_port',
237 type: 'integer',
238 min: 1,
239 max: 65535,
240 value: 443,
241 description: 'HTTPS Port number.'
242)
Manojkiran Edaaf6298d2020-05-27 08:51:32 +0530243
Carson Labrado7fb33562022-04-18 23:26:56 +0000244option(
245 'redfish-aggregation',
246 type: 'feature',
247 value: 'disabled',
248 description: 'Allows this BMC to aggregate resources from satellite BMCs'
249)
250
Manojkiran Edaaf6298d2020-05-27 08:51:32 +0530251# Insecure options. Every option that starts with a `insecure` flag should
252# not be enabled by default for any platform, unless the author fully comprehends
253# the implications of doing so.In general, enabling these options will cause security
254# problems of varying degrees
255
Ed Tanous0cd5f782022-04-26 16:09:09 -0700256option(
257 'insecure-disable-csrf',
258 type: 'feature',
259 value: 'disabled',
260 description: '''Disable CSRF prevention checks.Should be set to false for
261 production systems.'''
262)
263
264option(
265 'insecure-disable-ssl',
266 type: 'feature',
267 value: 'disabled',
268 description: '''Disable SSL ports. Should be set to false for production
269 systems.'''
270)
271
272option(
273 'insecure-disable-auth',
274 type: 'feature',
275 value: 'disabled',
Nan Zhoua43ea822022-05-27 00:42:44 +0000276 description: '''Disable authentication and authoriztion on all ports.
277 Should be set to false for production systems.'''
Ed Tanous0cd5f782022-04-26 16:09:09 -0700278)
279
280option(
281 'insecure-disable-xss',
282 type: 'feature',
283 value: 'disabled',
284 description: 'Disable XSS preventions'
285)
286
287option(
288 'insecure-tftp-update',
289 type: 'feature',
290 value: 'disabled',
291 description: '''Enable TFTP based firmware update transactions through
292 Redfish UpdateService. SimpleUpdate.'''
293)
294
295option(
Ed Tanous1aa0c2b2022-02-08 12:24:30 +0100296 'insecure-ignore-content-type',
297 type: 'feature',
298 value: 'enabled',
299 description: '''Allows parsing PUT/POST/PATCH content as JSON regardless
300 of the presence of the content-type header. Enabling this
301 conflicts with the input parsing guidelines, but may be
302 required to support old clients that may not set the
303 Content-Type header on payloads.'''
304)
305
306option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700307 'insecure-push-style-notification',
308 type: 'feature',
309 value: 'disabled',
310 description: 'Enable HTTP push style eventing feature'
311)
312
313option(
314 'insecure-enable-redfish-query',
315 type: 'feature',
316 value: 'disabled',
317 description: '''Enables Redfish expand query parameter. This feature is
318 experimental, and has not been tested against the full
319 limits of user-facing behavior. It is not recommended to
320 enable on production systems at this time. Other query
321 parameters such as only are not controlled by this option.'''
322)