blob: 6bdb615be956c1643c7889585f35d0532a4a38dc [file] [log] [blame]
Manojkiran Edaaf6298d2020-05-27 08:51:32 +05301option('yocto-deps', type: 'feature', value: 'disabled', description : 'Use YOCTO dependencies system')
2option('kvm', type : 'feature',value : 'enabled', description : 'Enable the KVM host video WebSocket. Path is \'/kvm/0\'. Video is from the BMC\'s \'/dev/video\' device.')
3option ('tests', type : 'feature', value : 'enabled', description : 'Enable Unit tests for bmcweb')
4option('vm-websocket', type : 'feature', value : 'enabled', description : '''Enable the Virtual Media WebSocket. Path is \'/vm/0/0\'to open the websocket. See https://github.com/openbmc/jsnbd/blob/master/README.''')
Ed Tanousefb80622021-02-20 11:04:01 -08005
6# if you use this option and are seeing this comment, please comment here:
7# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions
8# for this code. At this point, no daemon has been upstreamed that implements
9# this interface, so for the moment this appears to be dead code; In leiu of
10# removing it, it has been disabled to try to give those that use it the
11# opportunity to upstream their backend implementation
12#option('vm-nbdproxy', type: 'feature', value : 'disabled', description : 'Enable the Virtual Media WebSocket.')
James Feist47c9e102020-02-12 13:05:07 -080013option('rest', type : 'feature', value : 'disabled', description : '''Enable Phosphor REST (D-Bus) APIs. Paths directly map Phosphor D-Bus object paths, for example, \'/xyz/openbmc_project/logging/entry/enumerate\'. See https://github.com/openbmc/docs/blob/master/rest-api.md.''')
Manojkiran Edaaf6298d2020-05-27 08:51:32 +053014option('redfish', type : 'feature',value : 'enabled', description: 'Enable Redfish APIs. Paths are under \'/redfish/v1/\'. See https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.')
15option('host-serial-socket', type : 'feature', value : 'enabled', description : 'Enable host serial console WebSocket. Path is \'/console0\'. See https://github.com/openbmc/docs/blob/master/console.md.')
16option('static-hosting', type : 'feature', value : 'enabled', description : 'Enable serving files from the \'/usr/share/www\' directory as paths under \'/\'.')
17option('redfish-bmc-journal', type : 'feature', value : 'disabled', description : 'Enable BMC journal access through Redfish. Paths are under \'/redfish/v1/Managers/bmc/LogServices/Journal\'.')
Manojkiran Edaaf6298d2020-05-27 08:51:32 +053018option('redfish-cpu-log', type : 'feature', value : 'disabled', description : '''Enable CPU log service transactions through Redfish. Paths are under \'/redfish/v1/Systems/system/LogServices/Crashdump'.''')
Ravi Teja3fad0d52020-10-16 11:18:02 -050019option('redfish-dump-log', type : 'feature', value : 'disabled', description : 'Enable Dump log service transactions through Redfish. Paths are under \'/redfish/v1/Systems/system/LogServices/Dump\'and \'/redfish/v1/Managers/bmc/LogServices/Dump\'')
Manojkiran Edaaf6298d2020-05-27 08:51:32 +053020option('redfish-dbus-log', type : 'feature', value : 'disabled', description : 'Enable DBUS log service transactions through Redfish. Paths are under \'/redfish/v1/Systems/system/LogServices/EventLog/Entries\'')
Spencer Kub7028eb2021-10-26 15:27:35 +080021option('redfish-host-logger', type : 'feature', value : 'enabled', description : 'Enable host log service transactions based on phosphor-hostlogger through Redfish. Paths are under \'/redfish/v1/Systems/system/LogServices/HostLogger\'')
Manojkiran Edaaf6298d2020-05-27 08:51:32 +053022option('redfish-provisioning-feature', type : 'feature', value : 'disabled', description : 'Enable provisioning feature support in redfish. Paths are under \'/redfish/v1/Systems/system/\'')
23option('bmcweb-logging', type : 'feature', value : 'disabled', description : 'Enable output the extended debug logs')
Alan Kuof16f6262020-12-08 19:29:59 +080024option('basic-auth', type : 'feature', value : 'enabled', description : '''Enable basic authentication''')
25option('session-auth', type : 'feature', value : 'enabled', description : '''Enable session authentication''')
26option('xtoken-auth', type : 'feature', value : 'enabled', description : '''Enable xtoken authentication''')
27option('cookie-auth', type : 'feature', value : 'enabled', description : '''Enable cookie authentication''')
Manojkiran Edaaf6298d2020-05-27 08:51:32 +053028option('mutual-tls-auth', type : 'feature', value : 'enabled', description : '''Enables authenticating users through TLS client certificates. The insecure-disable-ssl must be disabled for this option to take effect.''')
29option('ibm-management-console', type : 'feature', value : 'disabled', description : 'Enable the IBM management console specific functionality. Paths are under \'/ibm/v1/\'')
Feras Aldahlawi735ef6d2021-03-19 14:01:46 -070030option('google-api', type : 'feature', value : 'disabled', description : 'Enable the Google specific functionality. Paths are under \'/google/v1/\'')
Ed Tanousb9c0b582020-10-07 11:57:19 -070031option('http-body-limit', type: 'integer', min : 0, max : 512, value : 30, description : 'Specifies the http request body length limit')
George Liue8204932021-02-01 14:42:49 +080032option('redfish-new-powersubsystem-thermalsubsystem', type : 'feature', value : 'disabled', description : 'Enable/disable the new PowerSubsystem, ThermalSubsystem, and all children schemas. This includes displaying all sensors in the SensorCollection. At a later date, this feature will be defaulted to enabled.')
zhanghch050256b692021-06-12 10:26:52 +080033option('redfish-allow-deprecated-power-thermal', type : 'feature', value : 'enabled', description : 'Enable/disable the old Power / Thermal. The default condition is allowing the old Power / Thermal.')
Vivekanand Veeracholan54d13552021-06-14 19:16:36 -070034option ('https_port', type : 'integer', min : 1, max : 65535, value : 443, description : 'HTTPS Port number.')
Manojkiran Edaaf6298d2020-05-27 08:51:32 +053035
36# Insecure options. Every option that starts with a `insecure` flag should
37# not be enabled by default for any platform, unless the author fully comprehends
38# the implications of doing so.In general, enabling these options will cause security
39# problems of varying degrees
40
41option ('insecure-disable-csrf', type : 'feature', value : 'disabled', description : 'Disable CSRF prevention checks.Should be set to false for production systems.')
42option ('insecure-disable-ssl', type : 'feature', value : 'disabled', description : 'Disable SSL ports. Should be set to false for production systems.')
43option ('insecure-disable-auth', type : 'feature', value : 'disabled', description : 'Disable authentication on all ports. Should be set to false for production systems')
44option ('insecure-disable-xss', type : 'feature', value : 'disabled', description : 'Disable XSS preventions')
45option ('insecure-tftp-update', type : 'feature', value : 'disabled', description : '''Enable TFTP based firmware update transactions through Redfish UpdateService.SimpleUpdate.''')
46option ('insecure-push-style-notification',type : 'feature', value : 'disabled', description : 'Enable HTTP push style eventing feature')
Ed Tanous5e528702022-04-26 10:20:25 -070047option ('insecure-enable-redfish-query', type : 'feature', value : 'disabled', description : 'Enables Redfish expand query parameter. This feature is experimental, and has not been tested against the full limits of user-facing behavior. It is not recommended to enable on production systems at this time. Other query parameters such as only are not controlled by this option.')