encrypted-storage: use luks as the feature name for current implementation

encrypted-storage layer will include more security features about encrypted
storage so the term "encrypted-storage" won't be used to specify a dedicated
technology term such as "LUKS".

Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>

14 files changed, 29 insertions, 30 deletions

diff --git a/README b/README
index e4402f8..9fbdcea 100644
--- a/README
+++ b/README
@@ -75,14 +75,14 @@ The full features in meta-secure-core can be configured with these definitions
 in local.conf:
 
 INITRAMFS_IMAGE = "secure-core-image-initramfs"
-DISTRO_FEATURES_NATIVE_append += " ima tpm tpm2 efi-secure-boot encrypted-storage"
-DISTRO_FEATURES_append += " ima tpm tpm2 efi-secure-boot encrypted-storage"
+DISTRO_FEATURES_NATIVE_append += " ima tpm tpm2 efi-secure-boot luks"
+DISTRO_FEATURES_append += " ima tpm tpm2 efi-secure-boot luks"
 SECURE_CORE_IMAGE_EXTRA_INSTALL ?= "\
     packagegroup-efi-secure-boot \
     packagegroup-tpm \
     packagegroup-tpm2 \
     packagegroup-ima \
-    packagegroup-encrypted-storage \
+    packagegroup-luks \
 "
 DEBUG_FLAGS_forcevariable = ""
 
diff --git a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi_2.02.bbappend b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi_2.02.bbappend
index da02b5c..1700adc 100644
--- a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi_2.02.bbappend
+++ b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi_2.02.bbappend
@@ -65,11 +65,10 @@ do_install_append_class-native() {
 do_install_append_class-target() {
     local menu="${WORKDIR}/boot-menu.inc"
 
-    # Enable the default IMA rules if IMA is enabled and encrypted-storage is
-    # disabled. This is because unseal operation will fail when any PCR is
-    # extended due to updating the aggregate integrity value by the default
-    # IMA rules.
-    [ x"${IMA}" = x"1" -a x"${@bb.utils.contains('DISTRO_FEATURES', 'encrypted-storage', '1', '0', d)}" != x"1" ] && {
+    # Enable the default IMA rules if IMA is enabled and luks is disabled.
+    # This is because unseal operation will fail when any PCR is extended
+    # due to updating the aggregate integrity value by the default IMA rules.
+    [ x"${IMA}" = x"1" -a x"${@bb.utils.contains('DISTRO_FEATURES', 'luks', '1', '0', d)}" != x"1" ] && {
         ! grep -q "ima_policy=tcb" "$menu" &&
             sed -i 's/^\s*linux\s\+.*bzImage.*/& ima_policy=tcb/g' "$menu"
     }
diff --git a/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-encrypted-storage-initramfs.bb b/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-encrypted-storage-initramfs.bb
deleted file mode 100644
index 91c16fd..0000000
--- a/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-encrypted-storage-initramfs.bb
+++ /dev/null
@@ -1,8 +0,0 @@
-DESCRIPTION = "The packages used for encrypted storage in initramfs."
-
-require packagegroup-encrypted-storage.inc
-
-RDEPENDS_${PN} += "\
-    cryptfs-tpm2-initramfs \
-    packagegroup-tpm2-initramfs \
-"
diff --git a/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks-initramfs.bb b/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks-initramfs.bb
new file mode 100644
index 0000000..34bc907
--- /dev/null
+++ b/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks-initramfs.bb
@@ -0,0 +1,8 @@
+DESCRIPTION = "The packages used for luks in initramfs."
+
+require packagegroup-luks.inc
+
+RDEPENDS_${PN} += "\
+    cryptfs-tpm2-initramfs \
+    packagegroup-tpm2-initramfs \
+"
diff --git a/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-encrypted-storage.bb b/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.bb
index 46ed2a8..fd0c162 100644
--- a/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-encrypted-storage.bb
+++ b/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.bb
@@ -1,6 +1,6 @@
-DESCRIPTION = "The packages used for encrypted storage."
+DESCRIPTION = "The packages used for LUKS."
 
-require packagegroup-encrypted-storage.inc
+require packagegroup-luks.inc
 
 # Install the minimal stuffs only for the linux rootfs.
 # The common packages shared between initramfs and rootfs
diff --git a/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-encrypted-storage.inc b/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.inc
index b3fa991..b3fa991 100644
--- a/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-encrypted-storage.inc
+++ b/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.inc
diff --git a/meta-encrypted-storage/recipes-core/systemd/systemd_%.bbappend b/meta-encrypted-storage/recipes-core/systemd/systemd_%.bbappend
index 166b6a8..9bd4ee1 100644
--- a/meta-encrypted-storage/recipes-core/systemd/systemd_%.bbappend
+++ b/meta-encrypted-storage/recipes-core/systemd/systemd_%.bbappend
@@ -1,4 +1,4 @@
 #PACKAGECONFIG_append += "\
-#    ${@bb.utils.contains('DISTRO_FEATURES', 'encrypted-storage', \
+#    ${@bb.utils.contains('DISTRO_FEATURES', 'luks', \
 #                         'cryptsetup', '', d)} \
 #"
diff --git a/meta-encrypted-storage/recipes-kernel/linux/linux-yocto-encrypted-storage.inc b/meta-encrypted-storage/recipes-kernel/linux/linux-yocto-luks.inc
index faa613f..91dceb6 100644
--- a/meta-encrypted-storage/recipes-kernel/linux/linux-yocto-encrypted-storage.inc
+++ b/meta-encrypted-storage/recipes-kernel/linux/linux-yocto-luks.inc
@@ -1,6 +1,6 @@
 FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:"
 
 SRC_URI += "\
-    ${@bb.utils.contains('DISTRO_FEATURES', 'encrypted-storage', \
+    ${@bb.utils.contains('DISTRO_FEATURES', 'luks', \
                          'file://dmcrypt.scc file://dmcrypt.cfg', '', d)} \
 "
diff --git a/meta-encrypted-storage/recipes-kernel/linux/linux-yocto-rt_%.bbappend b/meta-encrypted-storage/recipes-kernel/linux/linux-yocto-rt_%.bbappend
index fc85431..49d5d48 100644
--- a/meta-encrypted-storage/recipes-kernel/linux/linux-yocto-rt_%.bbappend
+++ b/meta-encrypted-storage/recipes-kernel/linux/linux-yocto-rt_%.bbappend
@@ -1 +1 @@
-include linux-yocto-encrypted-storage.inc
+include linux-yocto-luks.inc
diff --git a/meta-encrypted-storage/recipes-kernel/linux/linux-yocto_%.bbappend b/meta-encrypted-storage/recipes-kernel/linux/linux-yocto_%.bbappend
index fc85431..49d5d48 100644
--- a/meta-encrypted-storage/recipes-kernel/linux/linux-yocto_%.bbappend
+++ b/meta-encrypted-storage/recipes-kernel/linux/linux-yocto_%.bbappend
@@ -1 +1 @@
-include linux-yocto-encrypted-storage.inc
+include linux-yocto-luks.inc
diff --git a/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb b/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb
index 97c0fbd..217cf65 100644
--- a/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb
+++ b/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb
@@ -44,7 +44,7 @@ PARALLEL_MAKE = ""
 do_install() {
     oe_runmake install DESTDIR="${D}"
 
-    if [ "${@bb.utils.contains('DISTRO_FEATURES', 'encrypted-storage', '1', '0', d)}" = "1" ]; then
+    if [ "${@bb.utils.contains('DISTRO_FEATURES', 'luks', '1', '0', d)}" = "1" ]; then
         install -m 0500 "${S}/scripts/init.cryptfs" "${D}"
     fi
 }
diff --git a/meta-integrity/README.md b/meta-integrity/README.md
index 82db535..8ffd484 100644
--- a/meta-integrity/README.md
+++ b/meta-integrity/README.md
@@ -170,9 +170,9 @@ The following best practices should be applied with using IMA.
 
 - The default IMA rules provides the ability of measuring the boot components
   and calculating the aggregate integrity value for attesting. However, this
-  function conflicts with encrypted-storage feature which employs PCR policy
-  session to retrieve the passphrase in a safe way. If both of them are
-  enabled, the default IMA rules will be not used.
+  function conflicts with the luks feature which employs PCR policy session to
+  retrieve the passphrase in a safe way. If both of them are enabled, the
+  default IMA rules will be not used.
 
 ### Reference
 [Official IMA wiki page](https://sourceforge.net/p/linux-ima/wiki/Home/)
diff --git a/meta/recipes-core/images/secure-core-image-initramfs.bb b/meta/recipes-core/images/secure-core-image-initramfs.bb
index 1b97261..87eaec2 100644
--- a/meta/recipes-core/images/secure-core-image-initramfs.bb
+++ b/meta/recipes-core/images/secure-core-image-initramfs.bb
@@ -8,8 +8,8 @@ ROOTFS_BOOTSTRAP_INSTALL_append += "\
                          "packagegroup-tpm2-initramfs", "", d)} \
     ${@bb.utils.contains("DISTRO_FEATURES", "ima", \
                          "packagegroup-ima-initramfs", "", d)} \
-    ${@bb.utils.contains("DISTRO_FEATURES", "encrypted-storage", \
-                         "packagegroup-encrypted-storage-initramfs", "", d)} \
+    ${@bb.utils.contains("DISTRO_FEATURES", "luks", \
+                         "packagegroup-luks-initramfs", "", d)} \
 "
 
 PACKAGE_INSTALL = "\
diff --git a/meta/recipes-core/images/secure-core-image.inc b/meta/recipes-core/images/secure-core-image.inc
index e08b84a..0fc56fb 100644
--- a/meta/recipes-core/images/secure-core-image.inc
+++ b/meta/recipes-core/images/secure-core-image.inc
@@ -10,8 +10,8 @@ SECURE_CORE_IMAGE_EXTRA_INSTALL_append += "\
                          "packagegroup-tpm2", "", d)} \
     ${@bb.utils.contains("DISTRO_FEATURES", "ima", \
                          "packagegroup-ima", "", d)} \
-    ${@bb.utils.contains("DISTRO_FEATURES", "encrypted-storage", \
-                         "packagegroup-encrypted-storage", "", d)} \
+    ${@bb.utils.contains("DISTRO_FEATURES", "luks", \
+                         "packagegroup-luks", "", d)} \
 "
 
 IMAGE_INSTALL = "\