meta-integrity: rename IMA_EVM_BASE to INTEGRITY_BASE

data/debug-keys will be reused for demo modsign keys, so rename
IMA_EVM_BASE to more generic INTEGRITY_BASE.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>

meta-integrity/README.md

@@ -74,7 +74,7 @@ compilation of the Linux kernel. To also activate it when building
 the image, enable image signing in the local.conf like this:
 
     INHERIT += "ima-evm-rootfs"
-    IMA_EVM_KEY_DIR = "${IMA_EVM_BASE}/data/debug-keys"
+    IMA_EVM_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys"
 
 This uses the default keys provided in the "data" directory of the layer.
 Because everyone has access to these private keys, such an image
@@ -96,7 +96,7 @@ for that are included in the layer. This is also how the
     # In that shell, create the keys. Several options exist:
 
     # 1. Self-signed keys.
-    $IMA_EVM_BASE/scripts/ima-gen-self-signed.sh
+    $INTEGRITY_BASE/scripts/ima-gen-self-signed.sh
 
     # 2. Keys signed by a new CA.
     # When asked for a PEM passphrase, that will be for the root CA.
@@ -104,11 +104,11 @@ for that are included in the layer. This is also how the
     # only creating new certificates does. Most likely the default
     # attributes for these certificates need to be adapted; modify
     # the scripts as needed.
-    # $IMA_EVM_BASE/scripts/ima-gen-local-ca.sh
-    # $IMA_EVM_BASE/scripts/ima-gen-CA-signed.sh
+    # $INTEGRITY_BASE/scripts/ima-gen-local-ca.sh
+    # $INTEGRITY_BASE/scripts/ima-gen-CA-signed.sh
 
     # 3. Keys signed by an existing CA.
-    # $IMA_EVM_BASE/scripts/ima-gen-CA-signed.sh <CA.pem> <CA.priv>
+    # $INTEGRITY_BASE/scripts/ima-gen-CA-signed.sh <CA.pem> <CA.priv>
     exit
 
 When using ``ima-self-signed.sh`` as described above, self-signed keys
@@ -169,7 +169,7 @@ IMA policy loading became broken in systemd 2.18. The modified systemd
 changes. To activate policy loading via systemd, place a policy file
 in `/etc/ima/ima-policy`, for example with:
 
-    IMA_EVM_POLICY_SYSTEMD = "${IMA_EVM_BASE}/data/ima_policy_simple"
+    IMA_EVM_POLICY_SYSTEMD = "${INTEGRITY_BASE}/data/ima_policy_simple"
 
 To check that measuring works, look at `/sys/kernel/security/ima/ascii_runtime_measurements`
 

meta-integrity/classes/ima-evm-rootfs.bbclass

@@ -1,7 +1,7 @@
 # No default! Either this or IMA_EVM_PRIVKEY/IMA_EVM_X509 have to be
 # set explicitly in a local.conf before activating ima-evm-rootfs.
 # To use the insecure (because public) example keys, use
-# IMA_EVM_KEY_DIR = "${IMA_EVM_BASE}/data/debug-keys"
+# IMA_EVM_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys"
 IMA_EVM_KEY_DIR ?= "IMA_EVM_KEY_DIR_NOT_SET"
 
 # Private key for IMA signing. The default is okay when

meta-integrity/conf/layer.conf

@@ -13,13 +13,13 @@ BBFILE_PRIORITY_integrity = "6"
 # Set a variable to get to the top of the metadata location. Needed
 # for finding scripts (when following the README.md instructions) and
 # default debug keys (in ima-evm-rootfs.bbclass).
-IMA_EVM_BASE := '${LAYERDIR}'
+INTEGRITY_BASE := '${LAYERDIR}'
 
 # We must not export this path to all shell scripts (as in "export
-# IMA_EVM_BASE"), because that causes problems with sstate (becames
+# INTEGRITY_BASE"), because that causes problems with sstate (becames
 # dependent on location of the layer). Exporting it to just the
 # interactive shell is enough.
-OE_TERMINAL_EXPORTS += "IMA_EVM_BASE"
+OE_TERMINAL_EXPORTS += "INTEGRITY_BASE"
 
 LAYERSERIES_COMPAT_integrity = "warrior"
 # ima-evm-utils depends on keyutils from meta-security

meta-integrity/recipes-core/images/integrity-image-minimal.bb

@@ -17,6 +17,6 @@ inherit core-image
 export IMAGE_BASENAME = "integrity-image-minimal"
 
 INHERIT += "ima-evm-rootfs"
-IMA_EVM_KEY_DIR = "${IMA_EVM_BASE}/data/debug-keys"
+IMA_EVM_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys"
 
 QB_KERNEL_CMDLINE_APPEND_append = " ima_appraise=fix ima_policy=tcb ima_policy=appraise_tcb"