Manojkiran Eda | af6298d | 2020-05-27 08:51:32 +0530 | [diff] [blame] | 1 | option('pam', type: 'feature', value : 'enabled', description : 'Built static libraries') |
| 2 | option('yocto-deps', type: 'feature', value: 'disabled', description : 'Use YOCTO dependencies system') |
| 3 | option('kvm', type : 'feature',value : 'enabled', description : 'Enable the KVM host video WebSocket. Path is \'/kvm/0\'. Video is from the BMC\'s \'/dev/video\' device.') |
| 4 | option ('tests', type : 'feature', value : 'enabled', description : 'Enable Unit tests for bmcweb') |
| 5 | option('vm-websocket', type : 'feature', value : 'enabled', description : '''Enable the Virtual Media WebSocket. Path is \'/vm/0/0\'to open the websocket. See https://github.com/openbmc/jsnbd/blob/master/README.''') |
| 6 | option('vm-nbdproxy', type: 'feature', value : 'disabled', description : 'Enable the Virtual Media WebSocket.') |
| 7 | option('rest', type : 'feature', value : 'enabled', description : '''Enable Phosphor REST (D-Bus) APIs. Paths directly map Phosphor D-Bus object paths, for example, \'/xyz/openbmc_project/logging/entry/enumerate\'. See https://github.com/openbmc/docs/blob/master/rest-api.md.''') |
| 8 | option('redfish', type : 'feature',value : 'enabled', description: 'Enable Redfish APIs. Paths are under \'/redfish/v1/\'. See https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.') |
| 9 | option('host-serial-socket', type : 'feature', value : 'enabled', description : 'Enable host serial console WebSocket. Path is \'/console0\'. See https://github.com/openbmc/docs/blob/master/console.md.') |
| 10 | option('static-hosting', type : 'feature', value : 'enabled', description : 'Enable serving files from the \'/usr/share/www\' directory as paths under \'/\'.') |
| 11 | option('redfish-bmc-journal', type : 'feature', value : 'disabled', description : 'Enable BMC journal access through Redfish. Paths are under \'/redfish/v1/Managers/bmc/LogServices/Journal\'.') |
| 12 | option('redfish-raw-peci', type : 'feature', value : 'disabled', description : '''Enable PECI transactions through Redfish. Paths are under \/redfish/v1/Systems/system/LogServices/CpuLog/Actions/Oem/CpuLog.SendRawPeci\'.''') |
| 13 | option('redfish-cpu-log', type : 'feature', value : 'disabled', description : '''Enable CPU log service transactions through Redfish. Paths are under \'/redfish/v1/Systems/system/LogServices/Crashdump'.''') |
Ravi Teja | 3fad0d5 | 2020-10-16 11:18:02 -0500 | [diff] [blame] | 14 | option('redfish-dump-log', type : 'feature', value : 'disabled', description : 'Enable Dump log service transactions through Redfish. Paths are under \'/redfish/v1/Systems/system/LogServices/Dump\'and \'/redfish/v1/Managers/bmc/LogServices/Dump\'') |
Manojkiran Eda | af6298d | 2020-05-27 08:51:32 +0530 | [diff] [blame] | 15 | option('redfish-dbus-log', type : 'feature', value : 'disabled', description : 'Enable DBUS log service transactions through Redfish. Paths are under \'/redfish/v1/Systems/system/LogServices/EventLog/Entries\'') |
| 16 | option('redfish-provisioning-feature', type : 'feature', value : 'disabled', description : 'Enable provisioning feature support in redfish. Paths are under \'/redfish/v1/Systems/system/\'') |
| 17 | option('bmcweb-logging', type : 'feature', value : 'disabled', description : 'Enable output the extended debug logs') |
Alan Kuo | f16f626 | 2020-12-08 19:29:59 +0800 | [diff] [blame] | 18 | option('basic-auth', type : 'feature', value : 'enabled', description : '''Enable basic authentication''') |
| 19 | option('session-auth', type : 'feature', value : 'enabled', description : '''Enable session authentication''') |
| 20 | option('xtoken-auth', type : 'feature', value : 'enabled', description : '''Enable xtoken authentication''') |
| 21 | option('cookie-auth', type : 'feature', value : 'enabled', description : '''Enable cookie authentication''') |
Manojkiran Eda | af6298d | 2020-05-27 08:51:32 +0530 | [diff] [blame] | 22 | option('mutual-tls-auth', type : 'feature', value : 'enabled', description : '''Enables authenticating users through TLS client certificates. The insecure-disable-ssl must be disabled for this option to take effect.''') |
| 23 | option('ibm-management-console', type : 'feature', value : 'disabled', description : 'Enable the IBM management console specific functionality. Paths are under \'/ibm/v1/\'') |
Ed Tanous | b9c0b58 | 2020-10-07 11:57:19 -0700 | [diff] [blame] | 24 | option('http-body-limit', type: 'integer', min : 0, max : 512, value : 30, description : 'Specifies the http request body length limit') |
Manojkiran Eda | af6298d | 2020-05-27 08:51:32 +0530 | [diff] [blame] | 25 | |
| 26 | # Insecure options. Every option that starts with a `insecure` flag should |
| 27 | # not be enabled by default for any platform, unless the author fully comprehends |
| 28 | # the implications of doing so.In general, enabling these options will cause security |
| 29 | # problems of varying degrees |
| 30 | |
| 31 | option ('insecure-disable-csrf', type : 'feature', value : 'disabled', description : 'Disable CSRF prevention checks.Should be set to false for production systems.') |
| 32 | option ('insecure-disable-ssl', type : 'feature', value : 'disabled', description : 'Disable SSL ports. Should be set to false for production systems.') |
| 33 | option ('insecure-disable-auth', type : 'feature', value : 'disabled', description : 'Disable authentication on all ports. Should be set to false for production systems') |
| 34 | option ('insecure-disable-xss', type : 'feature', value : 'disabled', description : 'Disable XSS preventions') |
| 35 | option ('insecure-tftp-update', type : 'feature', value : 'disabled', description : '''Enable TFTP based firmware update transactions through Redfish UpdateService.SimpleUpdate.''') |
| 36 | option ('insecure-push-style-notification',type : 'feature', value : 'disabled', description : 'Enable HTTP push style eventing feature') |
| 37 | option ('validate-unsecure-feature', type : 'feature', value : 'disabled', description : '''Enables unsecure features required by validation. Note: mustbe turned off for production images.''') |
| 38 | option ('insecure-sensor-override', type : 'feature', value : 'disabled', description : 'Enables Sensor override feature without any check.') |