meta-secure-core: Convert to new override syntax

Converting the metadata to use ":" as the override character instead of "_".

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>

56 files changed, 202 insertions, 202 deletions

diff --git a/README b/README
index 5ae8533..79b19ad 100644
--- a/README
+++ b/README
@@ -77,10 +77,10 @@ The full features in meta-secure-core can be configured with these definitions
 in local.conf:
 
 INITRAMFS_IMAGE = "secure-core-image-initramfs"
-DISTRO_FEATURES_NATIVE_append += "systemd ima tpm tpm2 efi-secure-boot luks"
-DISTRO_FEATURES_append += "systemd ima tpm tpm2 efi-secure-boot luks modsign"
-MACHINE_FEATURES_NATIVE_append += "efi"
-MACHINE_FEATURES_append += "efi"
+DISTRO_FEATURES_NATIVE:append = " systemd ima tpm tpm2 efi-secure-boot luks"
+DISTRO_FEATURES:append = " systemd ima tpm tpm2 efi-secure-boot luks modsign"
+MACHINE_FEATURES_NATIVE:append = " efi"
+MACHINE_FEATURES:append = " efi"
 PACKAGE_CLASSES = "package_rpm"
 INHERIT += "sign_rpm_ext"
 SECURE_CORE_IMAGE_EXTRA_INSTALL ?= "\
@@ -90,9 +90,9 @@ SECURE_CORE_IMAGE_EXTRA_INSTALL ?= "\
     packagegroup-ima \
     packagegroup-luks \
 "
-DEBUG_FLAGS_forcevariable = ""
+DEBUG_FLAGS:forcevariable = ""
 IMAGE_INSTALL += "kernel-image-bzimage"
-USER_CLASSES_remove = "image-prelink"
+USER_CLASSES:remove = "image-prelink"
 
 # Uncomment this line to modify the root parameter in boot command line if the default one
 # is not working for you. It is helpful when secure boot is enabled.
diff --git a/meta-efi-secure-boot/recipes-base/packagegroups/packagegroup-efi-secure-boot.bb b/meta-efi-secure-boot/recipes-base/packagegroups/packagegroup-efi-secure-boot.bb
index 341e767..61afc93 100644
--- a/meta-efi-secure-boot/recipes-base/packagegroups/packagegroup-efi-secure-boot.bb
+++ b/meta-efi-secure-boot/recipes-base/packagegroups/packagegroup-efi-secure-boot.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "\
 S = "${WORKDIR}"
 
 SELOADER_PKG = "${@'seloader' if d.getVar('UEFI_SELOADER', True) == '1' else ''}"
-ALLOW_EMPTY_${PN} = "1"
+ALLOW_EMPTY:${PN} = "1"
 
 pkgs = "\
     grub-efi \
@@ -18,15 +18,15 @@ pkgs = "\
     shim \
 "
 
-RDEPENDS_${PN}_x86 = "${pkgs}"
-RDEPENDS_${PN}_x86-64 = "${pkgs}"
+RDEPENDS:${PN}:x86 = "${pkgs}"
+RDEPENDS:${PN}:x86-64 = "${pkgs}"
 
 kmods = "\
     kernel-module-efivarfs \
     kernel-module-efivars \
 "
 
-RRECOMMENDS_${PN}_x86 += "${kmods}"
-RRECOMMENDS_${PN}_x86-64 += "${kmods}"
+RRECOMMENDS:${PN}:x86 += "${kmods}"
+RRECOMMENDS:${PN}:x86-64 += "${kmods}"
 
-IMAGE_INSTALL_remove += "grub"
+IMAGE_INSTALL:remove += "grub"
diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools-native_git.bb b/meta-efi-secure-boot/recipes-bsp/efitools/efitools-native_git.bb
index 616e2fd..7b8cbc5 100644
--- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools-native_git.bb
+++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools-native_git.bb
@@ -1,10 +1,10 @@
 require efitools.inc
 
-DEPENDS_append = " gnu-efi-native"
+DEPENDS:append = " gnu-efi-native"
 
 inherit native
 
-EXTRA_OEMAKE_append = "\
+EXTRA_OEMAKE:append = " \
     INCDIR_PREFIX='${STAGING_DIR_NATIVE}' \
     CRTPATH_PREFIX='${STAGING_DIR_NATIVE}' \
 "
diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc b/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc
index 9f4bec4..6f2582a 100644
--- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc
+++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc
@@ -10,7 +10,7 @@ in the Linux 3.8 kernel. \
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=e28f66b16cb46be47b20a4cdfe6e99a1"
 
-DEPENDS_append += "\
+DEPENDS:append = " \
     help2man-native openssl-native sbsigntool-native \
     libfile-slurp-perl-native \
 "
@@ -47,12 +47,12 @@ EXTRA_OEMAKE = "\
     OPENSSL_LIB='${STAGING_LIBDIR_NATIVE}' \
     EXTRA_LDFLAGS='${LDFLAGS}' \
 "
-EXTRA_OEMAKE_append_x86 += " ARCH=ia32"
-EXTRA_OEMAKE_append_x86-64 += " ARCH=x86_64"
+EXTRA_OEMAKE:append:x86 = " ARCH=ia32"
+EXTRA_OEMAKE:append:x86-64 = " ARCH=x86_64"
 
 EFI_BOOT_PATH = "/boot/efi/EFI/BOOT"
 
-do_compile_prepend() {
+do_compile:prepend() {
     sed -i -e "1s:#!.*:#!/usr/bin/env nativeperl:" xxdi.pl 
 }
 
@@ -60,7 +60,7 @@ do_install() {
     oe_runmake install DESTDIR='${D}${base_prefix}'
 }
 
-fakeroot python do_sign_class-target() {
+fakeroot python do_sign:class-target() {
     if d.getVar('GRUB_SIGN_VERIFY', True) != '1':
         return
 
@@ -74,6 +74,6 @@ do_sign[prefuncs] += "${@'check_boot_public_key' if d.getVar('GRUB_SIGN_VERIFY',
 fakeroot python do_sign() {
 }
 
-FILES_${PN} += "${EFI_BOOT_PATH}"
+FILES:${PN} += "${EFI_BOOT_PATH}"
 
 SSTATE_DUPWHITELIST += "${DEPLOY_DIR_IMAGE}/LockDown.efi"
diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools_git.bb b/meta-efi-secure-boot/recipes-bsp/efitools/efitools_git.bb
index ffc2dc8..9b484f1 100644
--- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools_git.bb
+++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools_git.bb
@@ -3,7 +3,7 @@ require efitools.inc
 # The generated native binaries are used during native and target build
 DEPENDS += "${BPN}-native gnu-efi openssl"
 
-SRC_URI_append += "\
+SRC_URI:append = " \
     file://LockDown-enable-the-enrollment-for-DBX.patch \
     file://LockDown-show-the-error-message-with-3-sec-timeout.patch \
     file://Makefile-do-not-build-signed-efi-image.patch \
@@ -16,7 +16,7 @@ COMPATIBLE_HOST = '(i.86|x86_64).*-linux'
 
 inherit user-key-store deploy
 
-EXTRA_OEMAKE_append += "\
+EXTRA_OEMAKE:append = " \
     INCDIR_PREFIX='${STAGING_DIR_TARGET}' \
     CRTPATH_PREFIX='${STAGING_DIR_TARGET}' \
     SIGN_EFI_SIG_LIST='${STAGING_BINDIR_NATIVE}/sign-efi-sig-list' \
@@ -67,7 +67,7 @@ python do_prepare_signing_keys() {
 addtask prepare_signing_keys after do_configure before do_compile
 do_prepare_signing_keys[prefuncs] += "check_deploy_keys"
 
-do_install_append() {
+do_install:append() {
     install -d ${D}${EFI_BOOT_PATH}
     install -m 0755 ${D}${datadir}/efitools/efi/LockDown.efi ${D}${EFI_BOOT_PATH}
 }
@@ -82,6 +82,6 @@ do_deploy() {
 }
 addtask deploy after do_install before do_build
 
-RDEPENDS_${PN}_append += "\
+RDEPENDS:${PN}:append = " \
     parted mtools coreutils util-linux openssl libcrypto \
 "
diff --git a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc
index 2c58687..4ce638a 100644
--- a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc
+++ b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc
@@ -1,5 +1,5 @@
 DEPENDS += "openssl-native"
-FILESEXTRAPATHS_prepend := "${THISDIR}/grub-efi:"
+FILESEXTRAPATHS:prepend := "${THISDIR}/grub-efi:"
 
 GRUB_SIGN_VERIFY_STRICT ?= "1"
 
@@ -13,7 +13,7 @@ GRUB_MOKVERIFY_PATCH = " \
    file://verify-all-buffiles.patch \
 "
 
-SRC_URI_append_class-target += "\
+SRC_URI:append:class-target = " \
     file://0001-pe32.h-add-header-structures-for-TE-and-DOS-executab.patch \
     file://0002-shim-add-needed-data-structures.patch \
     file://0003-efi-chainloader-implement-an-UEFI-Exit-service-for-s.patch \
@@ -36,7 +36,7 @@ SRC_URI_append_class-target += "\
 "
 
 # functions efi_call_foo and efi_shim_exit are not implemented for arm64 yet
-COMPATIBLE_HOST_aarch64 = 'null'
+COMPATIBLE_HOST:aarch64 = 'null'
 
 GRUB_PREFIX_DIR ?= "/EFI/BOOT"
 EFI_BOOT_PATH ?= "/boot/efi/EFI/BOOT"
@@ -48,14 +48,14 @@ GRUB_SIGNING_MODULES += "${@'pgp gcry_rsa gcry_sha256 gcry_sha512 --pubkey %s '
 
 GRUB_SELOADER_MODULES += "${@'mok2verify ' if d.getVar('UEFI_SELOADER', True) == '1' else ''}"
 
-GRUB_BUILDIN_append_class-target += "\
+GRUB_BUILDIN:append:class-target = " \
   tftp reboot chain \
   ${GRUB_SECURE_BOOT_MODULES} \
   ${GRUB_SIGNING_MODULES} \
   ${GRUB_SELOADER_MODULES}"
 
 # For efi_call_foo and efi_shim_exit
-CFLAGS_append_class-target = " -fno-toplevel-reorder"
+CFLAGS:append:class-target = " -fno-toplevel-reorder"
 
 # Set a default root specifier.
 inherit user-key-store
@@ -80,7 +80,7 @@ python __anonymous () {
     d.setVar("GRUB_IMAGE", grubimage)
 }
 
-do_compile_append_class-target() {
+do_compile:append:class-target() {
         if [ "${GRUB_SIGN_VERIFY}" = "1" -a "${GRUB_SIGN_VERIFY_STRICT}" = "1" ] ; then
                 cat<<EOF>${WORKDIR}/cfg
 set strict_security=1
@@ -94,15 +94,15 @@ set prefix=(\$root)${GRUB_PREFIX_DIR}
 EOF
 }
 
-do_compile_append_class-native() {
+do_compile:append:class-native() {
     make grub-editenv
 }
 
-do_install_append_class-native() {
+do_install:append:class-native() {
     install -m 0755 grub-editenv "${D}${bindir}"
 }
 
-do_install_append_class-target() {
+do_install:append:class-target() {
     local menu="${WORKDIR}/boot-menu.inc"
 
     # Enable the default IMA rules if IMA is enabled and luks is disabled.
@@ -145,13 +145,13 @@ do_install_append_class-target() {
     rm -f ${D}${EFI_BOOT_PATH}/${GRUB_TARGET}-efi/*.module
 }
 
-python do_sign_prepend_class-target() {
+python do_sign:prepend:class-target() {
     bb.build.exec_func("check_deploy_keys", d)
     if d.getVar('GRUB_SIGN_VERIFY') == '1':
         bb.build.exec_func("check_boot_public_key", d)
 }
 
-fakeroot python do_sign_class-target() {
+fakeroot python do_sign:class-target() {
     image_dir = d.getVar('D', True)
     efi_boot_path = d.getVar('EFI_BOOT_PATH', True)
     grub_image = d.getVar('GRUB_IMAGE', True)
@@ -181,7 +181,7 @@ fakeroot do_chownboot() {
 addtask chownboot after do_deploy before do_package
 
 # Append the do_deploy() in oe-core.
-do_deploy_append_class-target() {
+do_deploy:append:class-target() {
     install -m 0644 "${D}${EFI_BOOT_PATH}/${GRUB_IMAGE}" "${DEPLOYDIR}"
 
     # Deploy the stacked grub configs.
@@ -202,9 +202,9 @@ do_deploy_append_class-target() {
     PSEUDO_DISABLED=1 cp -af "${D}${EFI_BOOT_PATH}/${GRUB_TARGET}-efi" "${DEPLOYDIR}/efi-unsigned"
 }
 
-FILES_${PN} += "${EFI_BOOT_PATH}"
+FILES:${PN} += "${EFI_BOOT_PATH}"
 
-CONFFILES_${PN} += "\
+CONFFILES:${PN} += "\
     ${EFI_BOOT_PATH}/grub.cfg \
     ${EFI_BOOT_PATH}/grubenv \
     ${EFI_BOOT_PATH}/boot-menu.inc \
diff --git a/meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb b/meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb
index fee1504..f6cacc0 100644
--- a/meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb
+++ b/meta-efi-secure-boot/recipes-bsp/seloader/seloader_git.bb
@@ -45,8 +45,8 @@ EXTRA_OEMAKE = "\
     LIB_GCC="`${CC} -print-libgcc-file-name`" \
 "
 
-EFI_ARCH_x86 = "ia32"
-EFI_ARCH_x86-64 = "x64"
+EFI_ARCH:x86 = "ia32"
+EFI_ARCH:x86-64 = "x64"
 
 EFI_TARGET = "/boot/efi/EFI/BOOT"
 
@@ -91,8 +91,8 @@ do_deploy() {
 }
 addtask deploy after do_install before do_build
 
-RDEPENDS_${PN} += "ovmf-pkcs7-efi"
+RDEPENDS:${PN} += "ovmf-pkcs7-efi"
 
-FILES_${PN} += "${EFI_TARGET}"
+FILES:${PN} += "${EFI_TARGET}"
 
 SSTATE_DUPWHITELIST += "${DEPLOY_DIR_IMAGE}/efi-unsigned"
diff --git a/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb b/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb
index 489f1c3..3b71690 100644
--- a/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb
+++ b/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb
@@ -30,7 +30,7 @@ SRC_URI = "\
     file://0001-MokManager-Use-CompareMem-on-MokListNode.Type-instea.patch \
     file://0001-console.c-Fix-compilation-against-latest-usr-include.patch \
 "
-SRC_URI_append_x86-64 = "\
+SRC_URI:append:x86-64 = " \
     ${@bb.utils.contains('DISTRO_FEATURES', 'msft', \
                          'file://shim' + d.expand('EFI_ARCH') + '.efi.signed file://LICENSE' \
                          if uks_signing_model(d) == 'sample' else '', '', d)} \
@@ -66,7 +66,7 @@ EXTRA_OEMAKE = "\
     ENABLE_SBSIGN=1 \
 "
 
-EXTRA_OEMAKE_append_x86-64 = " OVERRIDE_SECURITY_POLICY=1"
+EXTRA_OEMAKE:append:x86-64 = " OVERRIDE_SECURITY_POLICY=1"
 
 PARALLEL_MAKE = ""
 COMPATIBLE_HOST = '(i.86|x86_64).*-linux'
@@ -75,8 +75,8 @@ EFI_TARGET = "/boot/efi/EFI/BOOT"
 
 MSFT = "${@bb.utils.contains('DISTRO_FEATURES', 'msft', '1', '0', d)}"
 
-EFI_ARCH_x86 = "ia32"
-EFI_ARCH_x86-64 = "x64"
+EFI_ARCH:x86 = "ia32"
+EFI_ARCH:x86-64 = "x64"
 
 # Prepare the signing certificate and keys
 python do_prepare_signing_keys() {
@@ -148,4 +148,4 @@ do_deploy() {
 }
 addtask deploy after do_install before do_build
 
-FILES_${PN} += "${EFI_TARGET}"
+FILES:${PN} += "${EFI_TARGET}"
diff --git a/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc
index 2ac5e8c..9d92672 100644
--- a/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc
+++ b/meta-efi-secure-boot/recipes-core/images/kernel-initramfs-efi-secure-boot.inc
@@ -23,16 +23,16 @@ do_deploy() {
 }
 addtask deploy after do_install before do_package
 
-python do_package_prepend () {
+python do_package:prepend () {
     ext = d.expand('${SB_FILE_EXT}')
     if d.getVar('BUNDLE') == '1':
-        d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs' + ext))
+        d.appendVar(d.expand('ALTERNATIVE:${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs' + ext))
         d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs' + ext, d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs' + ext))
         d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs' + ext, d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}' + ext))
         d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs' + ext, '50101')
     else:
         for compr in d.getVar('INITRAMFS_FSTYPES').split():
-            d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}') + ext)
+            d.appendVar(d.expand('ALTERNATIVE:${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}') + ext)
             d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${INITRAMFS_IMAGE}') + ext, d.expand('/boot/${INITRAMFS_IMAGE}') + ext)
             d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${INITRAMFS_IMAGE}') + ext, d.expand('/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.' + compr + ext))
             d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${INITRAMFS_IMAGE}') + ext, '50101')
diff --git a/meta-efi-secure-boot/recipes-core/ovmf/ovmf_%.bbappend b/meta-efi-secure-boot/recipes-core/ovmf/ovmf_%.bbappend
index 01c7007..5d1a163 100644
--- a/meta-efi-secure-boot/recipes-core/ovmf/ovmf_%.bbappend
+++ b/meta-efi-secure-boot/recipes-core/ovmf/ovmf_%.bbappend
@@ -1,9 +1,9 @@
 inherit user-key-store
 
-PACKAGECONFIG_append = " secureboot"
+PACKAGECONFIG:append = " secureboot"
 
 # For SELoader
-do_compile_class-target_append() {
+do_compile:class-target:append() {
     if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then
         secbuild_dir="${S}/Build/SecurityPkg/RELEASE_${FIXED_GCCVER}"
         ${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} ${OVMF_SECURE_BOOT_FLAGS} -p SecurityPkg/SecurityPkg.dsc
@@ -14,7 +14,7 @@ do_compile_class-target_append() {
 
 EFI_TARGET = "/boot/efi/EFI/BOOT"
 
-do_install_class-target_append() {
+do_install:class-target:append() {
     if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then
         mkdir -p ${D}${EFI_TARGET}
         if [ x"${UEFI_SB}" = x"1" ]; then
@@ -30,13 +30,13 @@ do_install_class-target_append() {
 python do_sign() {
 }
 
-python do_sign_class-target() {
+python do_sign:class-target() {
     sb_sign(d.expand('${WORKDIR}/ovmf/Hash2DxeCrypto.efi'), d.expand('${WORKDIR}/ovmf/Hash2DxeCrypto.efi.signed'), d)
     sb_sign(d.expand('${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi'), d.expand('${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi.signed'), d)
 }
 addtask sign after do_compile before do_install do_deploy
 
-do_deploy_class-target_append() {
+do_deploy:class-target:append() {
     if [ x"${UEFI_SB}" = x"1" ]; then
         install -d ${DEPLOYDIR}/efi-unsigned
         install ${WORKDIR}/ovmf/Pkcs7VerifyDxe.efi "${DEPLOYDIR}/efi-unsigned/Pkcs7VerifyDxe.efi"
@@ -53,7 +53,7 @@ PACKAGES += " \
    ovmf-pkcs7-efi \
 "
 
-FILES_ovmf-pkcs7-efi += " \
+FILES:ovmf-pkcs7-efi += " \
     ${EFI_TARGET}/Hash2DxeCrypto.efi \
     ${EFI_TARGET}/Pkcs7VerifyDxe.efi \
 "
diff --git a/meta-efi-secure-boot/recipes-core/systemd/systemd-efi-secure-boot.inc b/meta-efi-secure-boot/recipes-core/systemd/systemd-efi-secure-boot.inc
index da6e27b..b7b631c 100644
--- a/meta-efi-secure-boot/recipes-core/systemd/systemd-efi-secure-boot.inc
+++ b/meta-efi-secure-boot/recipes-core/systemd/systemd-efi-secure-boot.inc
@@ -1,5 +1,5 @@
 DEPENDS += "gnu-efi"
-PACKAGECONFIG_append = " efi"
+PACKAGECONFIG:append = " efi"
 EXTRA_OEMESON += "-Dgnu-efi=true \
                   -Defi-libdir=${STAGING_LIBDIR} \
                   -Defi-includedir=${STAGING_INCDIR}"
diff --git a/meta-efi-secure-boot/recipes-extended/mokutil/mokutil_git.bb b/meta-efi-secure-boot/recipes-extended/mokutil/mokutil_git.bb
index b91790c..3c215fb 100644
--- a/meta-efi-secure-boot/recipes-extended/mokutil/mokutil_git.bb
+++ b/meta-efi-secure-boot/recipes-extended/mokutil/mokutil_git.bb
@@ -24,6 +24,6 @@ EXTRA_OEMAKE += "\
 
 COMPATIBLE_HOST = '(i.86|x86_64|arm|aarch64).*-linux'
 
-FILES_${PN} += "${datadir}/bash-completion/*"
+FILES:${PN} += "${datadir}/bash-completion/*"
 
-RDEPENDS_${PN} += "openssl efivar"
+RDEPENDS:${PN} += "openssl efivar"
diff --git a/meta-efi-secure-boot/recipes-kernel/linux/linux-yocto-efi-secure-boot.inc b/meta-efi-secure-boot/recipes-kernel/linux/linux-yocto-efi-secure-boot.inc
index 27bb3a2..28bd91b 100644
--- a/meta-efi-secure-boot/recipes-kernel/linux/linux-yocto-efi-secure-boot.inc
+++ b/meta-efi-secure-boot/recipes-kernel/linux/linux-yocto-efi-secure-boot.inc
@@ -4,8 +4,8 @@ efi_secure_boot_sccs = "\
     ${@bb.utils.contains('DISTRO_FEATURES', 'efi-secure-boot', \
                          'cfg/efi-ext.scc', '', d)} \
 "
-KERNEL_FEATURES_append_x86 += "${efi_secure_boot_sccs}"
-KERNEL_FEATURES_append_x86-64 += "${efi_secure_boot_sccs}"
+KERNEL_FEATURES:append:x86 = " ${efi_secure_boot_sccs}"
+KERNEL_FEATURES:append:x86-64 = " ${efi_secure_boot_sccs}"
 
 inherit user-key-store
 
@@ -75,7 +75,7 @@ fakeroot python do_sign_bundled_kernel() {
 }
 addtask sign_bundled_kernel after do_bundle_initramfs before do_deploy
 
-do_deploy_append() {
+do_deploy:append() {
     install -d "${DEPLOYDIR}/efi-unsigned"
 
     for imageType in ${KERNEL_IMAGETYPES}; do
@@ -102,9 +102,9 @@ do_deploy_append() {
 }
 
 # Ship *.p7b or *.sig files to related packages
-python do_package_prepend() {
+python do_package:prepend() {
     for type in d.expand('${KERNEL_IMAGETYPES}').split():
         typelower = type.lower()
-        d.appendVar('FILES_kernel-image-' + typelower, ' /boot/' + type + d.expand('-${KERNEL_VERSION_NAME}${SB_FILE_EXT}'))
-        d.appendVar('FILES_kernel-image-' + typelower, ' /boot/' + type + d.expand('${SB_FILE_EXT}'))
+        d.appendVar('FILES:kernel-image-' + typelower, ' /boot/' + type + d.expand('-${KERNEL_VERSION_NAME}${SB_FILE_EXT}'))
+        d.appendVar('FILES:kernel-image-' + typelower, ' /boot/' + type + d.expand('${SB_FILE_EXT}'))
 }
diff --git a/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks-initramfs.bb b/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks-initramfs.bb
index 5a31477..bc6c90b 100644
--- a/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks-initramfs.bb
+++ b/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks-initramfs.bb
@@ -2,7 +2,7 @@ DESCRIPTION = "The packages used for luks in initramfs."
 
 require packagegroup-luks.inc
 
-RDEPENDS_${PN} += "\
+RDEPENDS:${PN} += "\
     cryptfs-tpm2-initramfs \
     ${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', 'packagegroup-tpm2-initramfs', '', d)} \
 "
diff --git a/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.bb b/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.bb
index fd0c162..4297b54 100644
--- a/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.bb
+++ b/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.bb
@@ -6,7 +6,7 @@ require packagegroup-luks.inc
 # The common packages shared between initramfs and rootfs
 # are listed in the .inc.
 
-RDEPENDS_${PN} += "\
+RDEPENDS:${PN} += "\
     util-linux-fdisk \
     parted \
     packagegroup-tpm2 \
diff --git a/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.inc b/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.inc
index b6a520d..7d8a5eb 100644
--- a/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.inc
+++ b/meta-encrypted-storage/recipes-base/packagegroups/packagegroup-luks.inc
@@ -3,11 +3,11 @@ LIC_FILES_CHKSUM = "\
     file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \
 "
 
-ALLOW_EMPTY_${PN} = "1"
+ALLOW_EMPTY:${PN} = "1"
 
 S = "${WORKDIR}"
 
-RDEPENDS_${PN} += "\
+RDEPENDS:${PN} += "\
     cryptfs-tpm2 \
     lvm2-udevrules \
 "
diff --git a/meta-encrypted-storage/recipes-core/systemd/systemd_%.bbappend b/meta-encrypted-storage/recipes-core/systemd/systemd_%.bbappend
index 9bd4ee1..63b5076 100644
--- a/meta-encrypted-storage/recipes-core/systemd/systemd_%.bbappend
+++ b/meta-encrypted-storage/recipes-core/systemd/systemd_%.bbappend
@@ -1,4 +1,4 @@
-#PACKAGECONFIG_append += "\
+#PACKAGECONFIG:append = " \
 #    ${@bb.utils.contains('DISTRO_FEATURES', 'luks', \
 #                         'cryptsetup', '', d)} \
 #"
diff --git a/meta-encrypted-storage/recipes-kernel/linux/linux-yocto-luks.inc b/meta-encrypted-storage/recipes-kernel/linux/linux-yocto-luks.inc
index 91dceb6..795ba48 100644
--- a/meta-encrypted-storage/recipes-kernel/linux/linux-yocto-luks.inc
+++ b/meta-encrypted-storage/recipes-kernel/linux/linux-yocto-luks.inc
@@ -1,4 +1,4 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:"
+FILESEXTRAPATHS:prepend := "${THISDIR}/linux-yocto:"
 
 SRC_URI += "\
     ${@bb.utils.contains('DISTRO_FEATURES', 'luks', \
diff --git a/meta-encrypted-storage/recipes-support/cryptsetup/cryptsetup_%.bbappend b/meta-encrypted-storage/recipes-support/cryptsetup/cryptsetup_%.bbappend
index 1798720..693a68b 100644
--- a/meta-encrypted-storage/recipes-support/cryptsetup/cryptsetup_%.bbappend
+++ b/meta-encrypted-storage/recipes-support/cryptsetup/cryptsetup_%.bbappend
@@ -1,2 +1,2 @@
-RDEPENDS_${PN} += "lvm2"
-RRECOMMENDS_${PN}_append_class-target = " lvm2-udevrules"
+RDEPENDS:${PN} += "lvm2"
+RRECOMMENDS:${PN}:append:class-target = " lvm2-udevrules"
diff --git a/meta-encrypted-storage/recipes-support/lvm2/lvm2_%.bbappend b/meta-encrypted-storage/recipes-support/lvm2/lvm2_%.bbappend
index e2dd834..b7db196 100644
--- a/meta-encrypted-storage/recipes-support/lvm2/lvm2_%.bbappend
+++ b/meta-encrypted-storage/recipes-support/lvm2/lvm2_%.bbappend
@@ -2,6 +2,6 @@
 # Copyright (C) 2019 Wind River Systems, Inc.
 #
 
-FILESEXTRAPATHS_prepend := "${THISDIR}/lvm2:"
+FILESEXTRAPATHS:prepend := "${THISDIR}/lvm2:"
 
 SRC_URI += "file://0001-10-dm.rules.in-Fix-dmcrypt-hanging-on-hand-over-from.patch"
diff --git a/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb b/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb
index 594e52f..d3b0869 100644
--- a/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb
+++ b/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb
@@ -44,7 +44,7 @@ EXTRA_OEMAKE = "\
     EXTRA_CFLAGS="${CFLAGS}" \
     EXTRA_LDFLAGS="${LDFLAGS}" \
 "
-SECURITY_LDFLAGS_remove_pn-${BPN} = "-fstack-protector-strong"
+SECURITY_LDFLAGS:remove:pn-${BPN} = "-fstack-protector-strong"
 
 PARALLEL_MAKE = ""
 
@@ -60,7 +60,7 @@ PACKAGES =+ "\
     ${PN}-initramfs \
 "
 
-FILES_${PN}-initramfs = "\
+FILES:${PN}-initramfs = "\
     /init.cryptfs \
 "
 
@@ -75,7 +75,7 @@ FILES_${PN}-initramfs = "\
 # @cryptsetup: cryptsetup
 # @tpm2-tools: tpm2_*
 # @tpm2-abrmd: optional
-RDEPENDS_${PN} += "\
+RDEPENDS:${PN} += "\
     libtss2 \
     libtss2-tcti-device \
     libtss2-tcti-mssim \
@@ -98,7 +98,7 @@ RDEPENDS_${PN} += "\
 # @cryptfs-tpm2: cryptfs-tpm2
 # @net-tools: ifconfig
 # @util-linux: mount, umount, blkid
-RDEPENDS_${PN}-initramfs += "\
+RDEPENDS:${PN}-initramfs += "\
     bash \
     coreutils \
     grep \
@@ -113,7 +113,7 @@ RDEPENDS_${PN}-initramfs += "\
     util-linux-blkid \
 "
 
-RRECOMMENDS_${PN}-initramfs += "\
+RRECOMMENDS:${PN}-initramfs += "\
     kernel-module-tpm-crb \
     kernel-module-tpm-tis \
 "
diff --git a/meta-ids/recipes-base/packagegroups/packagegroup-ids.bb b/meta-ids/recipes-base/packagegroups/packagegroup-ids.bb
index 89623c3..04771a3 100644
--- a/meta-ids/recipes-base/packagegroups/packagegroup-ids.bb
+++ b/meta-ids/recipes-base/packagegroups/packagegroup-ids.bb
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "\
 
 inherit packagegroup
 
-RDEPENDS_${PN} += "\
+RDEPENDS:${PN} += "\
     snort \
     mtree \
 "
diff --git a/meta-integrity/classes/sign_rpm_ext.bbclass b/meta-integrity/classes/sign_rpm_ext.bbclass
index 4da64bd..0adf172 100644
--- a/meta-integrity/classes/sign_rpm_ext.bbclass
+++ b/meta-integrity/classes/sign_rpm_ext.bbclass
@@ -21,11 +21,11 @@ check_rpm_public_key[prefuncs] += "check_deploy_keys"
 do_package_write_rpm[depends] += "${GPG_DEP}"
 do_rootfs[depends] += "${GPG_DEP}"
 
-python do_package_write_rpm_prepend() {
+python do_package_write_rpm:prepend() {
     bb.build.exec_func("check_rpm_public_key", d)
 }
 
-python do_rootfs_prepend() {
+python do_rootfs:prepend() {
     bb.build.exec_func("check_rpm_public_key", d)
 }
 
diff --git a/meta-integrity/conf/layer.conf b/meta-integrity/conf/layer.conf
index 9f68ce5..0b3c057 100644
--- a/meta-integrity/conf/layer.conf
+++ b/meta-integrity/conf/layer.conf
@@ -24,7 +24,7 @@ LAYERRECOMMENDS_integrity = "\
     tpm \
 "
 
-BB_HASHBASE_WHITELIST_append += "\
+BB_HASHBASE_WHITELIST += "\
     RPM_FSK_PATH \
 "
 
diff --git a/meta-integrity/recipes-base/packagegroups/packagegroup-ima-initramfs.bb b/meta-integrity/recipes-base/packagegroups/packagegroup-ima-initramfs.bb
index ee80f3f..1c6a783 100644
--- a/meta-integrity/recipes-base/packagegroups/packagegroup-ima-initramfs.bb
+++ b/meta-integrity/recipes-base/packagegroups/packagegroup-ima-initramfs.bb
@@ -2,6 +2,6 @@ DESCRIPTION = "Linux Integrity Measurement Architecture (IMA) subsystem for init
 
 include packagegroup-ima.inc
 
-RDEPENDS_${PN} += "\
+RDEPENDS:${PN} += "\
     initrdscripts-ima \
 "
diff --git a/meta-integrity/recipes-base/packagegroups/packagegroup-ima.bb b/meta-integrity/recipes-base/packagegroups/packagegroup-ima.bb
index 7755a87..8dcaaa8 100644
--- a/meta-integrity/recipes-base/packagegroups/packagegroup-ima.bb
+++ b/meta-integrity/recipes-base/packagegroups/packagegroup-ima.bb
@@ -7,14 +7,14 @@ DEPENDS += "\
     attr-native \
 "
 
-RDEPENDS_${PN} += "\
+RDEPENDS:${PN} += "\
     attr \
     ima-inspect \
     util-linux-switch-root.static \
 "
 
 # Note any private key is not available if user key signing model used.
-RRECOMMENDS_${PN} += "\
+RRECOMMENDS:${PN} += "\
     key-store-ima-cert \
     key-store-system-trusted-cert \
 "
diff --git a/meta-integrity/recipes-base/packagegroups/packagegroup-ima.inc b/meta-integrity/recipes-base/packagegroups/packagegroup-ima.inc
index b84cf68..518419b 100644
--- a/meta-integrity/recipes-base/packagegroups/packagegroup-ima.inc
+++ b/meta-integrity/recipes-base/packagegroups/packagegroup-ima.inc
@@ -5,8 +5,8 @@ LIC_FILES_CHKSUM = "\
 
 S = "${WORKDIR}"
 
-ALLOW_EMPTY_${PN} = "1"
+ALLOW_EMPTY:${PN} = "1"
 
-RDEPENDS_${PN} = "\
+RDEPENDS:${PN} = "\
     ima-evm-utils \
 "
diff --git a/meta-integrity/recipes-core/base-files/base-files-integrity.inc b/meta-integrity/recipes-core/base-files/base-files-integrity.inc
index 7e9e210..cfa65a2 100644
--- a/meta-integrity/recipes-core/base-files/base-files-integrity.inc
+++ b/meta-integrity/recipes-core/base-files/base-files-integrity.inc
@@ -1,5 +1,5 @@
 # Append iversion option for auto types
-do_install_append() {
+do_install:append() {
     sed -i 's/\s*auto\s*defaults/&,iversion/' "${D}${sysconfdir}/fstab"
     echo 'securityfs  /sys/kernel/security  securityfs  defaults  0  0' >> "${D}${sysconfdir}/fstab"
 }
diff --git a/meta-integrity/recipes-core/initrdscripts/initrdscripts-ima.bb b/meta-integrity/recipes-core/initrdscripts/initrdscripts-ima.bb
index b261e9e..36d2770 100644
--- a/meta-integrity/recipes-core/initrdscripts/initrdscripts-ima.bb
+++ b/meta-integrity/recipes-core/initrdscripts/initrdscripts-ima.bb
@@ -10,13 +10,13 @@ SRC_URI = "\
 
 S = "${WORKDIR}"
 
-ALLOW_EMPTY_${PN} = "1"
+ALLOW_EMPTY:${PN} = "1"
 
 do_install() {
     install -m 0500 "${WORKDIR}/init.ima" "${D}"
 }
 
-FILES_${PN} += "\
+FILES:${PN} += "\
     /init.ima \
 "
 
@@ -28,7 +28,7 @@ FILES_${PN} += "\
 # @gawk: awk
 # @util-linux: mount, umount
 # @ima-evm-utils: evmctl
-RDEPENDS_${PN} += "\
+RDEPENDS:${PN} += "\
     coreutils \
     grep \
     gawk \
@@ -38,6 +38,6 @@ RDEPENDS_${PN} += "\
     ima-policy \
 "
 
-RRECOMMENDS_${PN} += "\
+RRECOMMENDS:${PN} += "\
     key-store-ima-cert \
 "
diff --git a/meta-integrity/recipes-core/systemd/systemd_%.bbappend b/meta-integrity/recipes-core/systemd/systemd_%.bbappend
index ff3464a..259ac07 100644
--- a/meta-integrity/recipes-core/systemd/systemd_%.bbappend
+++ b/meta-integrity/recipes-core/systemd/systemd_%.bbappend
@@ -1,4 +1,4 @@
-PACKAGECONFIG_append += "\
+PACKAGECONFIG:append = " \
     ${@bb.utils.contains('DISTRO_FEATURES', 'ima', \
                          'ima', '', d)} \
 "
diff --git a/meta-integrity/recipes-core/util-linux/util-linux-integrity.inc b/meta-integrity/recipes-core/util-linux/util-linux-integrity.inc
index d3d498e..59cca65 100644
--- a/meta-integrity/recipes-core/util-linux/util-linux-integrity.inc
+++ b/meta-integrity/recipes-core/util-linux/util-linux-integrity.inc
@@ -1,14 +1,14 @@
-CFLAGS_remove += "-pie -fpie"
+CFLAGS:remove += "-pie -fpie"
 
 # We need -no-pie in case the default is to generate pie code.
 #
-do_compile_append_class-target() {
+do_compile:append:class-target() {
     ${CC} ${CFLAGS} ${LDFLAGS} -no-pie -static \
         sys-utils/switch_root.o \
         -o switch_root.static
 }
 
-do_install_append_class-target() {
+do_install:append:class-target() {
     install -d "${D}${sbindir}"
     install -m 0700 "${B}/switch_root.static" \
         "${D}${sbindir}/switch_root.static"
@@ -16,4 +16,4 @@ do_install_append_class-target() {
 
 PACKAGES =+ "${PN}-switch-root.static"
 
-FILES_${PN}-switch-root.static = "${sbindir}/switch_root.static"
+FILES:${PN}-switch-root.static = "${sbindir}/switch_root.static"
diff --git a/meta-integrity/recipes-devtools/rpm/rpm-integrity.inc b/meta-integrity/recipes-devtools/rpm/rpm-integrity.inc
index 8b9c378..b957bc6 100644
--- a/meta-integrity/recipes-devtools/rpm/rpm-integrity.inc
+++ b/meta-integrity/recipes-devtools/rpm/rpm-integrity.inc
@@ -1,20 +1,20 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/rpm:"
+FILESEXTRAPATHS:prepend := "${THISDIR}/rpm:"
 
-PACKAGECONFIG_append = " \
+PACKAGECONFIG:append = " \
     ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'imaevm', '', d)} \
     "
 
 # IMA signing support is provided by RPM plugin.
-EXTRA_OECONF_remove += "\
+EXTRA_OECONF:remove += "\
     --disable-plugins \
 "
-EXTRA_OECONF_append_class-native = " --disable-inhibit-plugin"
+EXTRA_OECONF:append:class-native = " --disable-inhibit-plugin"
 
-SRC_URI_append = " \
+SRC_URI:append = " \
                   file://macros.ima \
                  "
 
-do_install_append () {
+do_install:append () {
     install -d ${D}${sysconfdir}/rpm
     install -m 0644 ${WORKDIR}/macros.ima ${D}${sysconfdir}/rpm/
 }
diff --git a/meta-integrity/recipes-kernel/linux/linux-yocto-integrity.inc b/meta-integrity/recipes-kernel/linux/linux-yocto-integrity.inc
index 295b97d..83a2b8b 100644
--- a/meta-integrity/recipes-kernel/linux/linux-yocto-integrity.inc
+++ b/meta-integrity/recipes-kernel/linux/linux-yocto-integrity.inc
@@ -1,4 +1,4 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:"
+FILESEXTRAPATHS:prepend := "${THISDIR}/linux-yocto:"
 
 IMA_ENABLED = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', '1', '0', d)}"
 MODSIGN_ENABLED = "${@bb.utils.contains('DISTRO_FEATURES', 'modsign', '1', '0', d)}"
@@ -19,7 +19,7 @@ INHIBIT_PACKAGE_STRIP = "${@'1' if d.getVar('MODSIGN_ENABLED', True) == '1' else
 
 inherit user-key-store
 
-do_configure_prepend() {
+do_configure:prepend() {
     sys_cert="${STAGING_DIR_TARGET}${sysconfdir}/keys/system_trusted_key.crt"
     if [ ${MODSIGN_ENABLED} = "1" ]; then
         modsign_key="${@uks_modsign_keys_dir(d)}/modsign_key.key"
diff --git a/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils_git.bb b/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils_git.bb
index 46722b8..852632f 100644
--- a/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils_git.bb
+++ b/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils_git.bb
@@ -21,8 +21,8 @@ inherit pkgconfig autotools
 # Specify any options you want to pass to the configure script using EXTRA_OECONF:
 EXTRA_OECONF = ""
 
-FILES_${PN}-dev += "${includedir}"
+FILES:${PN}-dev += "${includedir}"
 
-RDEPENDS_${PN}_class-target += "libcrypto libattr keyutils"
+RDEPENDS:${PN}:class-target += "libcrypto libattr keyutils"
 
 BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-integrity/recipes-support/ima-policy/ima-policy_0.1.bb b/meta-integrity/recipes-support/ima-policy/ima-policy_0.1.bb
index cfab5be..2254ead 100644
--- a/meta-integrity/recipes-support/ima-policy/ima-policy_0.1.bb
+++ b/meta-integrity/recipes-support/ima-policy/ima-policy_0.1.bb
@@ -16,4 +16,4 @@ do_install() {
         "${D}${sysconfdir}/ima"
 }
 
-FILES_${PN} = "${sysconfdir}"
+FILES:${PN} = "${sysconfdir}"
diff --git a/meta-intel-sgx/recipes-kernel/intel-sgx-driver/intel-sgx-driver_2.1.bb b/meta-intel-sgx/recipes-kernel/intel-sgx-driver/intel-sgx-driver_2.1.bb
index b1abcd5..a95ba8e 100644
--- a/meta-intel-sgx/recipes-kernel/intel-sgx-driver/intel-sgx-driver_2.1.bb
+++ b/meta-intel-sgx/recipes-kernel/intel-sgx-driver/intel-sgx-driver_2.1.bb
@@ -31,4 +31,4 @@ do_install () {
     install -m 0644 "${MODULE_NAME}.ko" "$dir"
 }
 
-RPROVIDES_${PN} += "kernel-module-${MODULE_NAME}"
+RPROVIDES:${PN} += "kernel-module-${MODULE_NAME}"
diff --git a/meta-signing-key/classes/user-key-store.bbclass b/meta-signing-key/classes/user-key-store.bbclass
index f89a810..5180427 100644
--- a/meta-signing-key/classes/user-key-store.bbclass
+++ b/meta-signing-key/classes/user-key-store.bbclass
@@ -1,4 +1,4 @@
-DEPENDS_append_class-target += "\
+DEPENDS:append:class-target = " \
     ${@bb.utils.contains("DISTRO_FEATURES", "efi-secure-boot", "sbsigntool-native", "", d)} \
     ${@bb.utils.contains("DISTRO_FEATURES", "efi-secure-boot", "libsign-native", "", d)} \
     openssl-native \
diff --git a/meta-signing-key/conf/layer.conf b/meta-signing-key/conf/layer.conf
index 9176709..89e8b58 100644
--- a/meta-signing-key/conf/layer.conf
+++ b/meta-signing-key/conf/layer.conf
@@ -64,7 +64,7 @@ RPM_GPG_PASSPHRASE ??= "SecureCore"
 BOOT_GPG_NAME ??= "SecureBootCore"
 BOOT_GPG_PASSPHRASE ??= "SecureCore"
 
-BB_HASHBASE_WHITELIST_append += "\
+BB_HASHBASE_WHITELIST += "\
     SYSTEM_TRUSTED_KEYS_DIR \
     SECONDARY_TRUSTED_KEYS_DIR \
     MODSIGN_KEYS_DIR \
diff --git a/meta-signing-key/recipes-devtools/libsign/libsign_git.bb b/meta-signing-key/recipes-devtools/libsign/libsign_git.bb
index 7964e03..79eb347 100644
--- a/meta-signing-key/recipes-devtools/libsign/libsign_git.bb
+++ b/meta-signing-key/recipes-devtools/libsign/libsign_git.bb
@@ -39,17 +39,17 @@ EXTRA_OEMAKE = "\
     BINDIR="${bindir}" \
     LIBDIR="${libdir}" \
 "
-SECURITY_LDFLAGS_remove_pn-${BPN} = "-fstack-protector-strong"
+SECURITY_LDFLAGS:remove:pn-${BPN} = "-fstack-protector-strong"
 
 do_install() {
     oe_runmake install DESTDIR="${D}"
 }
 
-FILES_${PN} += "\
+FILES:${PN} += "\
     ${libdir}/signaturelet \
 "
 
-RDEPENDS_${PN}_class-target += "libcrypto"
-RDEPENDS_${PN}_class-native += "openssl-native"
+RDEPENDS:${PN}:class-target += "libcrypto"
+RDEPENDS:${PN}:class-native += "openssl-native"
 
 BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-signing-key/recipes-devtools/sbsigntool/sbsigntool_git.bb b/meta-signing-key/recipes-devtools/sbsigntool/sbsigntool_git.bb
index 408eb8a..f84108e 100644
--- a/meta-signing-key/recipes-devtools/sbsigntool/sbsigntool_git.bb
+++ b/meta-signing-key/recipes-devtools/sbsigntool/sbsigntool_git.bb
@@ -55,7 +55,7 @@ EXTRA_OEMAKE += "\
                   -I${STAGING_INCDIR}/efi/${@efi_arch(d)}' \
 "
 
-do_configure_prepend() {
+do_configure:prepend() {
     cd ${S}
 
     if [ ! -e lib/ccan ]; then
diff --git a/meta-signing-key/recipes-support/key-store/key-store_0.1.bb b/meta-signing-key/recipes-support/key-store/key-store_0.1.bb
index 4f117d4..2ecd415 100644
--- a/meta-signing-key/recipes-support/key-store/key-store_0.1.bb
+++ b/meta-signing-key/recipes-support/key-store/key-store_0.1.bb
@@ -8,7 +8,7 @@ S = "${WORKDIR}"
 
 inherit user-key-store
 
-ALLOW_EMPTY_${PN} = "1"
+ALLOW_EMPTY:${PN} = "1"
 
 KEY_DIR = "${sysconfdir}/keys"
 # For RPM verification
@@ -32,11 +32,11 @@ python () {
         return
 
     pn = d.getVar('PN', True) + '-rpm-pubkey'
-    d.setVar('PACKAGES_prepend', pn + ' ')
-    d.setVar('FILES_' + pn, d.getVar('RPM_KEY_DIR', True) + '/RPM-GPG-KEY-' + d.getVar('RPM_GPG_NAME', True))
-    d.setVar('CONFFILES_' + pn, d.getVar('RPM_KEY_DIR', True) + '/RPM-GPG-KEY-' + d.getVar('RPM_GPG_NAME', True))
+    d.setVar('PACKAGES:prepend', pn + ' ')
+    d.setVar('FILES:' + pn, d.getVar('RPM_KEY_DIR', True) + '/RPM-GPG-KEY-' + d.getVar('RPM_GPG_NAME', True))
+    d.setVar('CONFFILES:' + pn, d.getVar('RPM_KEY_DIR', True) + '/RPM-GPG-KEY-' + d.getVar('RPM_GPG_NAME', True))
     mlprefix = d.getVar('MLPREFIX')
-    d.appendVar('RDEPENDS_' + pn, ' %srpm' % mlprefix)
+    d.appendVar('RDEPENDS:' + pn, ' %srpm' % mlprefix)
 }
 
 do_install() {
@@ -84,7 +84,7 @@ key_store_sysroot_preprocess() {
     sysroot_stage_dir "${D}${sysconfdir}" "${SYSROOT_DESTDIR}${sysconfdir}"
 }
 
-pkg_postinst_ontarget_${PN}-rpm-pubkey() {
+pkg_postinst_ontarget:${PN}-rpm-pubkey() {
     keydir="${RPM_KEY_DIR}"
 
     [ ! -d "$keydir" ] && mkdir -p "$keydir"
@@ -112,20 +112,20 @@ PACKAGES_DYNAMIC = "\
     ${PN}-rpm-pubkey \
 "
 
-FILES_${PN}-system-trusted-cert = "${SYSTEM_CERT}"
-CONFFILES_${PN}-system-trusted-cert = "${SYSTEM_CERT}"
+FILES:${PN}-system-trusted-cert = "${SYSTEM_CERT}"
+CONFFILES:${PN}-system-trusted-cert = "${SYSTEM_CERT}"
 
-FILES_${PN}-secondary-trusted-cert = "\
+FILES:${PN}-secondary-trusted-cert = "\
     ${SECONDARY_TRUSTED_CERT} \
     ${SECONDARY_TRUSTED_DER_ENC_CERT} \
     "
-CONFFILES_${PN}-secondary-trusted-cert = "\
+CONFFILES:${PN}-secondary-trusted-cert = "\
     ${SECONDARY_TRUSTED_CERT} \
     ${SECONDARY_TRUSTED_DER_ENC_CERT} \
     "
 
-FILES_${PN}-modsign-cert = "${MODSIGN_CERT}"
-CONFFILES_${PN}-modsign-cert = "${MODSIGN_CERT}"
+FILES:${PN}-modsign-cert = "${MODSIGN_CERT}"
+CONFFILES:${PN}-modsign-cert = "${MODSIGN_CERT}"
 
-FILES_${PN}-ima-cert = "${IMA_CERT}"
-CONFFILES_${PN}-ima-cert = "${IMA_CERT}"
+FILES:${PN}-ima-cert = "${IMA_CERT}"
+CONFFILES:${PN}-ima-cert = "${IMA_CERT}"
diff --git a/meta-tpm/recipes-base/packagegroups/packagegroup-tpm.bb b/meta-tpm/recipes-base/packagegroups/packagegroup-tpm.bb
index 8a501a5..ee70eaa 100644
--- a/meta-tpm/recipes-base/packagegroups/packagegroup-tpm.bb
+++ b/meta-tpm/recipes-base/packagegroups/packagegroup-tpm.bb
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "\
 
 inherit packagegroup
 
-RDEPENDS_${PN} = "\
+RDEPENDS:${PN} = "\
     trousers \
     tpm-tools \
     tpm-quote-tools \
@@ -14,7 +14,7 @@ RDEPENDS_${PN} = "\
     rng-tools \
 "
 
-RRECOMMENDS_${PN} = "\
+RRECOMMENDS:${PN} = "\
     kernel-module-tpm-rng \
     kernel-module-tpm-tis \
     kernel-module-tpm-atmel \
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto-tpm.inc b/meta-tpm/recipes-kernel/linux/linux-yocto-tpm.inc
index 4285531..0fa0338 100644
--- a/meta-tpm/recipes-kernel/linux/linux-yocto-tpm.inc
+++ b/meta-tpm/recipes-kernel/linux/linux-yocto-tpm.inc
@@ -1,4 +1,4 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:"
+FILESEXTRAPATHS:prepend := "${THISDIR}/linux-yocto:"
 
 SRC_URI += "\
     ${@bb.utils.contains('DISTRO_FEATURES', 'tpm', \
diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb b/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
index 3d7bd05..b652b4c 100644
--- a/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
+++ b/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
@@ -32,7 +32,7 @@ inherit autotools-brokensep pkgconfig
 # The definitions below are used to decrypt the passwords of both srk and loaded key.
 dec_pw ?= "\\"\\\x1\\"\\"nc\\"\\"\\\x3\\"\\"nd\\"\\"\\\x1\\"\\"a\\""
 dec_salt ?= "\\"r\\"\\"\\\x00\\\x00\\"\\"t\\""
-CFLAGS_append += "-DDEC_PW=${dec_pw} -DDEC_SALT=${dec_salt}"
+CFLAGS:append = " -DDEC_PW=${dec_pw} -DDEC_SALT=${dec_salt}"
 
 # Due to the limit of escape character, the hybrid must be written in
 # above style. The actual values defined below in C code style are:
@@ -40,31 +40,31 @@ CFLAGS_append += "-DDEC_PW=${dec_pw} -DDEC_SALT=${dec_salt}"
 # dec_salt[] = {'r', 0x00, 0x00, 't'};
 
 # Uncomment below line if using the plain srk password for development
-#CFLAGS_append += "-DTPM_SRK_PLAIN_PW"
+#CFLAGS:append = " -DTPM_SRK_PLAIN_PW"
 
 # Uncomment below line if using the plain tpm key password for development
-#CFLAGS_append += "-DTPM_KEY_PLAIN_PW"
+#CFLAGS:append = " -DTPM_KEY_PLAIN_PW"
 
-do_configure_prepend() {
+do_configure:prepend() {
     cd ${B}
     cp LICENSE COPYING
     touch NEWS AUTHORS ChangeLog README
 }
 
-FILES_${PN}-staticdev += "${libdir}/ssl/engines-1.1/tpm.la"
-FILES_${PN}-dbg += "\
+FILES:${PN}-staticdev += "${libdir}/ssl/engines-1.1/tpm.la"
+FILES:${PN}-dbg += "\
     ${libdir}/ssl/engines-1.1/.debug \
     ${libdir}/engines-1.1/.debug \
     ${prefix}/local/ssl/lib/engines-1.1/.debug \
 "
-FILES_${PN} += "\
+FILES:${PN} += "\
     ${libdir}/ssl/engines-1.1/tpm.so* \
     ${libdir}/engines-1.1/tpm.so* \
     ${libdir}/libtpm.so* \
     ${prefix}/local/ssl/lib/engines-1.1/tpm.so* \
 "
 
-RDEPENDS_${PN} += "libcrypto libtspi"
+RDEPENDS:${PN} += "libcrypto libtspi"
 
-INSANE_SKIP_${PN} = "libdir"
-INSANE_SKIP_${PN}-dbg = "libdir"
+INSANE_SKIP:${PN} = "libdir"
+INSANE_SKIP:${PN}-dbg = "libdir"
diff --git a/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb b/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb
index 04e4880..40fc14a 100644
--- a/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb
+++ b/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb
@@ -11,7 +11,7 @@ LICENSE = "CPL-1.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=059e8cd6165cb4c31e351f2b69388fd9"
 
 DEPENDS = "libtspi openssl"
-DEPENDS_class-native = "trousers-native"
+DEPENDS:class-native = "trousers-native"
 
 PV = "1.3.9.1+git${SRCPV}"
 
@@ -26,7 +26,7 @@ S = "${WORKDIR}/git"
 
 inherit autotools-brokensep gettext perlnative
 
-do_configure_prepend() {
+do_configure:prepend() {
     mkdir -p po
     mkdir -p m4
     cp -R po_/* po/
@@ -34,7 +34,7 @@ do_configure_prepend() {
     touch m4/Makefile.am
 }
 
-do_install_append() {
+do_install:append() {
     #install -m 0755 "src/tpm_mgmt/tpm_startup" "${D}${sbindir}/tpm_startup"
     #install -m 0744 "src/tpm_mgmt/tpm_reset" "${D}${sbindir}/tpm_reset"
     #install -m 0744 "../tpm_integrationtest" "${D}${bindir}/tpm_integrationtest"
diff --git a/meta-tpm/recipes-tpm/trousers/trousers_git.bb b/meta-tpm/recipes-tpm/trousers/trousers_git.bb
index 601d35d..545c2a7 100644
--- a/meta-tpm/recipes-tpm/trousers/trousers_git.bb
+++ b/meta-tpm/recipes-tpm/trousers/trousers_git.bb
@@ -39,7 +39,7 @@ inherit autotools pkgconfig useradd update-rc.d \
 EXTRA_OECONF="--with-gui=none"
 
 # Fix build failure for gcc-10
-CFLAGS_append = " -fcommon"
+CFLAGS:append = " -fcommon"
 
 PACKAGECONFIG ?= "gmp "
 PACKAGECONFIG[gmp] = "--with-gmp, --with-gmp=no, gmp"
@@ -49,14 +49,14 @@ INITSCRIPT_NAME = "trousers"
 INITSCRIPT_PARAMS = "start 99 2 3 4 5 . stop 19 0 1 6 ."
 
 USERADD_PACKAGES = "${PN}"
-GROUPADD_PARAM_${PN} = "--system tss"
-USERADD_PARAM_${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss"
+GROUPADD_PARAM:${PN} = "--system tss"
+USERADD_PARAM:${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss"
 
 SYSTEMD_PACKAGES = "${PN}"
-SYSTEMD_SERVICE_${PN} = "tcsd.service"
+SYSTEMD_SERVICE:${PN} = "tcsd.service"
 SYSTEMD_AUTO_ENABLE = "enable"
 
-do_install_append() {
+do_install:append() {
     install -d "${D}${sysconfdir}/init.d"
     install -m 0755 "${WORKDIR}/trousers.init.sh" "${D}${sysconfdir}/init.d/trousers"
 
@@ -82,28 +82,28 @@ PACKAGES =+ "\
     libtspi-staticdev \
 "
 
-FILES_libtspi = "\
+FILES:libtspi = "\
     ${libdir}/libtspi.so.* \
 "
-FILES_libtspi-dbg = "\
+FILES:libtspi-dbg = "\
     ${libdir}/.debug \
     ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/tspi \
     ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/trspi \
     ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/include/*.h \
     ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/include/tss \
 "
-FILES_libtspi-dev = "\
+FILES:libtspi-dev = "\
     ${includedir} \
     ${libdir}/*.so \
 "
-FILES_libtspi-doc = "\
+FILES:libtspi-doc = "\
     ${mandir}/man3 \
 "
-FILES_libtspi-staticdev = "\
+FILES:libtspi-staticdev = "\
     ${libdir}/*.la \
     ${libdir}/*.a \
 "
-FILES_${PN}-dbg += "\
+FILES:${PN}-dbg += "\
     ${sbindir}/.debug \
     ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/tcs \
     ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/tcsd \
@@ -111,9 +111,9 @@ FILES_${PN}-dbg += "\
     ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/trousers \
     ${prefix}/src/debug/${PN}/${PV}-${PR}/${PN}-${PV}/src/include/trousers \
 "
-FILES_${PN}-dev += "${libdir}/trousers"
-FILES_${PN} += "${systemd_unitdir}/system/tcsd.service"
+FILES:${PN}-dev += "${libdir}/trousers"
+FILES:${PN} += "${systemd_unitdir}/system/tcsd.service"
 
-CONFFILES_${PN} += "${sysconfig}/tcsd.conf"
+CONFFILES:${PN} += "${sysconfig}/tcsd.conf"
 
 BBCLASSEXTEND = "native"
diff --git a/meta-tpm/recipes-tpm/tss-testsuite/tss-testsuite_git.bb b/meta-tpm/recipes-tpm/tss-testsuite/tss-testsuite_git.bb
index 2034370..ae68f4f 100644
--- a/meta-tpm/recipes-tpm/tss-testsuite/tss-testsuite_git.bb
+++ b/meta-tpm/recipes-tpm/tss-testsuite/tss-testsuite_git.bb
@@ -41,7 +41,7 @@ testsuite_SUBDIRS = "\
 CFLAGS += "-DOPENSSL_NO_DES"
 LDFLAGS += "-L${STAGING_LIBDIR} -lcrypto -lpthread"
 
-do_configure_prepend() {
+do_configure:prepend() {
     cp -f "${S}/tcg/Makefile" "${S}"
     cp -f "${S}/tcg/init/makefile" "${S}/tcg/init/Makefile"
     # remove test case about DES
@@ -57,10 +57,10 @@ do_install() {
     install -m 0755 tsstests.sh "${D}/opt/tss-testsuite"
 }
  
-FILES_${PN} += "/opt/*"
-FILES_${PN}-dbg += "\
+FILES:${PN} += "/opt/*"
+FILES:${PN}-dbg += "\
     /opt/tss-testsuite/tcg/*/.debug \
     /opt/tss-testsuite/tcg/*/*/.debug \
 "
 
-RDEPENDS_${PN} += "tpm-tools openssl bash"
+RDEPENDS:${PN} += "tpm-tools openssl bash"
diff --git a/meta-tpm2/recipes-base/packagegroups/packagegroup-tpm2.bb b/meta-tpm2/recipes-base/packagegroups/packagegroup-tpm2.bb
index eb096e0..8e5223e 100644
--- a/meta-tpm2/recipes-base/packagegroups/packagegroup-tpm2.bb
+++ b/meta-tpm2/recipes-base/packagegroups/packagegroup-tpm2.bb
@@ -1,11 +1,11 @@
 require packagegroup-tpm2.inc
 
-RDEPENDS_${PN} += "\
+RDEPENDS:${PN} += "\
     tpm2-abrmd \
     tpm2-tools \
     rng-tools \
 "
 
-RRECOMMENDS_${PN} += "\
+RRECOMMENDS:${PN} += "\
     kernel-module-tpm-rng \
 "
diff --git a/meta-tpm2/recipes-kernel/linux/linux-yocto-tpm2.inc b/meta-tpm2/recipes-kernel/linux/linux-yocto-tpm2.inc
index 51ab57e..a0cdf49 100644
--- a/meta-tpm2/recipes-kernel/linux/linux-yocto-tpm2.inc
+++ b/meta-tpm2/recipes-kernel/linux/linux-yocto-tpm2.inc
@@ -1,4 +1,4 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:"
+FILESEXTRAPATHS:prepend := "${THISDIR}/linux-yocto:"
 
 SRC_URI += "\
     ${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', \
diff --git a/meta-tpm2/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.3.2.bb b/meta-tpm2/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.3.2.bb
index b092549..51bcaf0 100644
--- a/meta-tpm2/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.3.2.bb
+++ b/meta-tpm2/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.3.2.bb
@@ -26,20 +26,20 @@ S = "${WORKDIR}/git"
 inherit autotools pkgconfig systemd update-rc.d useradd
 
 SYSTEMD_PACKAGES += "${PN}"
-SYSTEMD_SERVICE_${PN} = "tpm2-abrmd.service"
-SYSTEMD_AUTO_ENABLE_${PN} = "disable"
+SYSTEMD_SERVICE:${PN} = "tpm2-abrmd.service"
+SYSTEMD_AUTO_ENABLE:${PN} = "disable"
 
 INITSCRIPT_NAME = "${PN}"
 INITSCRIPT_PARAMS = "start 99 2 3 4 5 . stop 19 0 1 6 ."
 
 USERADD_PACKAGES = "${PN}"
-GROUPADD_PARAM_${PN} = "tss"
-USERADD_PARAM_${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss"
+GROUPADD_PARAM:${PN} = "tss"
+USERADD_PARAM:${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss"
 
 PACKAGECONFIG ?="${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd', '', d)}"
 PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}, --with-systemdsystemunitdir=no"
 
-do_install_append() {
+do_install:append() {
     install -d "${D}${sysconfdir}/init.d"
     install -m 0755 "${WORKDIR}/tpm2-abrmd-init.sh" "${D}${sysconfdir}/init.d/tpm2-abrmd"
 
@@ -47,9 +47,9 @@ do_install_append() {
     install -m 0644 "${WORKDIR}/tpm2-abrmd.default" "${D}${sysconfdir}/default/tpm2-abrmd"
 }
 
-FILES_${PN} += "${libdir}/systemd/system-preset \
+FILES:${PN} += "${libdir}/systemd/system-preset \
                 ${datadir}/dbus-1"
 
-RDEPENDS_${PN} += "tpm2-tss libtss2-tcti-device libtss2-tcti-mssim"
+RDEPENDS:${PN} += "tpm2-tss libtss2-tcti-device libtss2-tcti-mssim"
 
 BBCLASSEXTEND = "native"
diff --git a/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss_2.3.3.bb b/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss_2.3.3.bb
index 89b7452..099c788 100644
--- a/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss_2.3.3.bb
+++ b/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss_2.3.3.bb
@@ -16,7 +16,7 @@ PACKAGECONFIG ??= ""
 PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, "
 
 EXTRA_OECONF += "--enable-static --with-udevrulesdir=${nonarch_base_libdir}/udev/rules.d/"
-EXTRA_OECONF_remove = " --disable-static"
+EXTRA_OECONF:remove = " --disable-static"
 
 
 EXTRA_USERS_PARAMS = "\
@@ -43,34 +43,34 @@ PACKAGES = " \
     libtss2-staticdev \
 "
 
-FILES_libtss2-tcti-device = "${libdir}/libtss2-tcti-device.so.*"
-FILES_libtss2-tcti-device-dev = " \
+FILES:libtss2-tcti-device = "${libdir}/libtss2-tcti-device.so.*"
+FILES:libtss2-tcti-device-dev = " \
     ${includedir}/tss2/tss2_tcti_device.h \
     ${libdir}/pkgconfig/tss2-tcti-device.pc \
     ${libdir}/libtss2-tcti-device.so"
-FILES_libtss2-tcti-device-staticdev = "${libdir}/libtss2-tcti-device.*a"
+FILES:libtss2-tcti-device-staticdev = "${libdir}/libtss2-tcti-device.*a"
 
-FILES_libtss2-tcti-mssim = "${libdir}/libtss2-tcti-mssim.so.*"
-FILES_libtss2-tcti-mssim-dev = " \
+FILES:libtss2-tcti-mssim = "${libdir}/libtss2-tcti-mssim.so.*"
+FILES:libtss2-tcti-mssim-dev = " \
     ${includedir}/tss2/tss2_tcti_mssim.h \
     ${libdir}/pkgconfig/tss2-tcti-mssim.pc \
     ${libdir}/libtss2-tcti-mssim.so"
-FILES_libtss2-tcti-mssim-staticdev = "${libdir}/libtss2-tcti-mssim.*a"
+FILES:libtss2-tcti-mssim-staticdev = "${libdir}/libtss2-tcti-mssim.*a"
 
-FILES_libtss2-mu = "${libdir}/libtss2-mu.so.*"
-FILES_libtss2-mu-dev = " \
+FILES:libtss2-mu = "${libdir}/libtss2-mu.so.*"
+FILES:libtss2-mu-dev = " \
     ${includedir}/tss2/tss2_mu.h \
     ${libdir}/pkgconfig/tss2-mu.pc \
     ${libdir}/libtss2-mu.so"
-FILES_libtss2-mu-staticdev = "${libdir}/libtss2-mu.*a"
+FILES:libtss2-mu-staticdev = "${libdir}/libtss2-mu.*a"
 
-FILES_libtss2 = "${libdir}/libtss2*so.*"
-FILES_libtss2-dev = " \
+FILES:libtss2 = "${libdir}/libtss2*so.*"
+FILES:libtss2-dev = " \
     ${includedir} \
     ${libdir}/pkgconfig \
     ${libdir}/libtss2*so"
-FILES_libtss2-staticdev = "${libdir}/libtss*a"
+FILES:libtss2-staticdev = "${libdir}/libtss*a"
 
-FILES_${PN} = "${libdir}/udev ${nonarch_base_libdir}/udev"
+FILES:${PN} = "${libdir}/udev ${nonarch_base_libdir}/udev"
 
-RDEPENDS_libtss2 = "libgcrypt"
+RDEPENDS:libtss2 = "libgcrypt"
diff --git a/meta/recipes-core/images/kernel-initramfs.bb b/meta/recipes-core/images/kernel-initramfs.bb
index 2a3a1cd..9dad7b2 100644
--- a/meta/recipes-core/images/kernel-initramfs.bb
+++ b/meta/recipes-core/images/kernel-initramfs.bb
@@ -9,7 +9,7 @@ DEPENDS = "virtual/kernel"
 
 PROVIDES = "virtual/kernel-initramfs"
 
-ALLOW_EMPTY_${PN} = "1"
+ALLOW_EMPTY:${PN} = "1"
 
 B = "${WORKDIR}/${BPN}-${PV}"
 
@@ -55,15 +55,15 @@ inherit update-alternatives
 
 ALTERNATIVES_${PN} = ""
 
-python do_package_prepend () {
+python do_package:prepend () {
     if d.getVar('BUNDLE') == '1':
-        d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs'))
+        d.appendVar(d.expand('ALTERNATIVE:${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs'))
         d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs'))
         d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}'))
         d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs', '50101')
     else:
         for compr in d.getVar('INITRAMFS_FSTYPES').split():
-            d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}'))
+            d.appendVar(d.expand('ALTERNATIVE:${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}'))
             d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${INITRAMFS_IMAGE}'), d.expand('/boot/${INITRAMFS_IMAGE}'))
             d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${INITRAMFS_IMAGE}'), d.expand('/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.' + compr))
             d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${INITRAMFS_IMAGE}'), '50101')
@@ -71,4 +71,4 @@ python do_package_prepend () {
 
 PACKAGE_ARCH = "${MACHINE_ARCH}"
 
-FILES_${PN} = "/boot/*"
+FILES:${PN} = "/boot/*"
diff --git a/meta/recipes-core/images/secure-core-image-initramfs.bb b/meta/recipes-core/images/secure-core-image-initramfs.bb
index 1a50036..d868600 100644
--- a/meta/recipes-core/images/secure-core-image-initramfs.bb
+++ b/meta/recipes-core/images/secure-core-image-initramfs.bb
@@ -3,7 +3,7 @@ the Minimal RAM-based Initial Root Filesystem (initramfs), which finds the \
 first 'init' program more efficiently."
 LICENSE = "MIT"
 
-ROOTFS_BOOTSTRAP_INSTALL_append += "\
+ROOTFS_BOOTSTRAP_INSTALL:append = " \
     ${@bb.utils.contains("DISTRO_FEATURES", "tpm2", \
                          "packagegroup-tpm2-initramfs", "", d)} \
     ${@bb.utils.contains("DISTRO_FEATURES", "ima", \
diff --git a/meta/recipes-core/images/secure-core-image.bb b/meta/recipes-core/images/secure-core-image.bb
index 05db5f4..3621b2d 100644
--- a/meta/recipes-core/images/secure-core-image.bb
+++ b/meta/recipes-core/images/secure-core-image.bb
@@ -5,4 +5,4 @@ IMAGE_INSTALL += "\
 "
 
 inherit extrausers
-EXTRA_USERS_PARAMS_prepend += " usermod -P toor root;"
+EXTRA_USERS_PARAMS += "usermod -P toor root;"
diff --git a/meta/recipes-core/images/secure-core-image.inc b/meta/recipes-core/images/secure-core-image.inc
index 52cf672..5ed3eda 100644
--- a/meta/recipes-core/images/secure-core-image.inc
+++ b/meta/recipes-core/images/secure-core-image.inc
@@ -1,7 +1,7 @@
 SUMMARY = "The root image of SecureCore."
 LICENSE = "MIT"
 
-SECURE_CORE_IMAGE_EXTRA_INSTALL_append += "\
+SECURE_CORE_IMAGE_EXTRA_INSTALL:append = " \
     ${@bb.utils.contains("DISTRO_FEATURES", "efi-secure-boot", \
                          "packagegroup-efi-secure-boot", "", d)} \
     ${@bb.utils.contains("DISTRO_FEATURES", "tpm", \
@@ -30,6 +30,6 @@ INITRAMFS_IMAGE ?= "secure-core-image-initramfs"
 inherit core-image
 
 IMAGE_ROOTFS_SIZE ?= "8192"
-IMAGE_ROOTFS_EXTRA_SPACE_append = "\
+IMAGE_ROOTFS_EXTRA_SPACE:append = " \
     ${@bb.utils.contains("DISTRO_FEATURES", "systemd", " + 4096", "" ,d)} \
 "
diff --git a/meta/recipes-core/initrdscripts/initrdscripts-secure-core.bb b/meta/recipes-core/initrdscripts/initrdscripts-secure-core.bb
index a2e994d..188681b 100644
--- a/meta/recipes-core/initrdscripts/initrdscripts-secure-core.bb
+++ b/meta/recipes-core/initrdscripts/initrdscripts-secure-core.bb
@@ -18,7 +18,7 @@ do_install() {
     mknod -m 0600 "${D}/dev/console" c 5 1
 }
 
-FILES_${PN} = "\
+FILES:${PN} = "\
     /init \
     /dev \
     /run \
@@ -32,7 +32,7 @@ FILES_${PN} = "\
 # @grep: grep
 # @gawk: awk
 # @eudev or udev: udevd, udevadm
-RDEPENDS_${PN} += "\
+RDEPENDS:${PN} += "\
     coreutils \
     util-linux-mount \
     grep \
@@ -42,7 +42,7 @@ RDEPENDS_${PN} += "\
 
 # @initrdscripts-ima: init.ima
 # @cryptfs-tpm2-initramfs: init.cryptfs
-RRECOMMENDS_${PN} += "\
+RRECOMMENDS:${PN} += "\
     ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'initrdscripts-ima', '', d)} \
     ${@bb.utils.contains('DISTRO_FEATURES', 'luks', 'cryptfs-tpm2-initramfs', '', d)} \
 "