8 files changed, 29 insertions, 30 deletions

diff --git a/documentation/dev-manual/build-quality.rst b/documentation/dev-manual/build-quality.rst
index 713ea3a48e..fbe5fb6f0b 100644
--- a/documentation/dev-manual/build-quality.rst
+++ b/documentation/dev-manual/build-quality.rst
@@ -236,7 +236,7 @@ Here is an example of ``image-info.txt``:
    DISTRO_VERSION = 3.4+snapshot-a0245d7be08f3d24ea1875e9f8872aa6bbff93be
    USER_CLASSES = buildstats
    IMAGE_CLASSES = qemuboot qemuboot license_image
-   IMAGE_FEATURES = debug-tweaks
+   IMAGE_FEATURES = allow-empty-password empty-root-password allow-root-login post-install-logging
    IMAGE_LINGUAS =
    IMAGE_INSTALL = packagegroup-core-boot speex speexdsp
    BAD_RECOMMENDATIONS =
diff --git a/documentation/dev-manual/customizing-images.rst b/documentation/dev-manual/customizing-images.rst
index 5b18958ade..6348259446 100644
--- a/documentation/dev-manual/customizing-images.rst
+++ b/documentation/dev-manual/customizing-images.rst
@@ -62,8 +62,7 @@ To understand how these features work, the best reference is
 :ref:`meta/classes-recipe/image.bbclass <ref-classes-image>`.
 This class lists out the available
 :term:`IMAGE_FEATURES` of which most map to package groups while some, such
-as ``debug-tweaks`` and ``read-only-rootfs``, resolve as general
-configuration settings.
+as ``read-only-rootfs``, resolve as general configuration settings.
 
 In summary, the file looks at the contents of the :term:`IMAGE_FEATURES`
 variable and then maps or configures the feature accordingly. Based on
diff --git a/documentation/dev-manual/securing-images.rst b/documentation/dev-manual/securing-images.rst
index e5791d3d6d..f4b528e559 100644
--- a/documentation/dev-manual/securing-images.rst
+++ b/documentation/dev-manual/securing-images.rst
@@ -107,18 +107,18 @@ Considerations Specific to the OpenEmbedded Build System
 You can take some steps that are specific to the OpenEmbedded build
 system to make your images more secure:
 
--  Ensure "debug-tweaks" is not one of your selected
-   :term:`IMAGE_FEATURES`.
+-  Ensure that "allow-empty-password", "allow-root-login", or
+   "empty-root-password" are not one of your selected :term:`IMAGE_FEATURES`.
    When creating a new project, the default is to provide you with an
-   initial ``local.conf`` file that enables this feature using the
+   initial ``local.conf`` file that enables these features using the
    :term:`EXTRA_IMAGE_FEATURES`
    variable with the line::
 
-      EXTRA_IMAGE_FEATURES = "debug-tweaks"
+      EXTRA_IMAGE_FEATURES = "allow-empty-password empty-root-password allow-root-login"
 
-   To disable that feature, simply comment out that line in your
+   To disable these features, simply comment out that line in your
    ``local.conf`` file, or make sure :term:`IMAGE_FEATURES` does not contain
-   "debug-tweaks" before producing your final image. Among other things,
+   any of these features before producing your final image. Among other things,
    leaving this in place sets the root password as blank, which makes
    logging in for debugging or inspection easy during development but
    also means anyone can easily log in during production.
diff --git a/documentation/profile-manual/intro.rst b/documentation/profile-manual/intro.rst
index 86310cf318..3179125524 100644
--- a/documentation/profile-manual/intro.rst
+++ b/documentation/profile-manual/intro.rst
@@ -43,7 +43,7 @@ an ``sdk`` image, perhaps one of::
 Alternatively,  you can add ``tools-profile`` to the :term:`EXTRA_IMAGE_FEATURES` line in
 your ``local.conf`` file::
 
-   EXTRA_IMAGE_FEATURES = "debug-tweaks tools-profile"
+   EXTRA_IMAGE_FEATURES:append = " tools-profile"
 
 If you use the ``tools-profile`` method, you don't need to build an sdk image ---
 the tracing and profiling tools will be included in non-sdk images as well e.g.::
@@ -69,7 +69,7 @@ packages (xxx-dbg) which you can manually install as needed.
 To generate debug info for packages, you can add ``dbg-pkgs`` to
 :term:`EXTRA_IMAGE_FEATURES` in ``local.conf``. For example::
 
-   EXTRA_IMAGE_FEATURES = "debug-tweaks tools-profile dbg-pkgs"
+   EXTRA_IMAGE_FEATURES:append = " dbg-pkgs"
 
 Additionally, in order to generate the right type of debug info, we also need to
 set :term:`PACKAGE_DEBUG_SPLIT_STYLE` in the ``local.conf`` file::
diff --git a/documentation/profile-manual/usage.rst b/documentation/profile-manual/usage.rst
index 17be149580..d17b256d0f 100644
--- a/documentation/profile-manual/usage.rst
+++ b/documentation/profile-manual/usage.rst
@@ -308,7 +308,7 @@ install the debugging information for the BusyBox package.
 To generate the debug info for the packages in the image, we can add
 ``dbg-pkgs`` to :term:`EXTRA_IMAGE_FEATURES` in ``local.conf``. For example::
 
-   EXTRA_IMAGE_FEATURES = "debug-tweaks tools-profile dbg-pkgs"
+   EXTRA_IMAGE_FEATURES:append = " dbg-pkgs"
 
 Additionally, in order to generate the type of debugging information that perf
 understands, we also need to set :term:`PACKAGE_DEBUG_SPLIT_STYLE`
diff --git a/documentation/ref-manual/features.rst b/documentation/ref-manual/features.rst
index 6e52dfce17..4d327f1a7d 100644
--- a/documentation/ref-manual/features.rst
+++ b/documentation/ref-manual/features.rst
@@ -285,31 +285,24 @@ The image features available for all images are:
 -  *dbg-pkgs:* Installs debug symbol packages for all packages installed
    in a given image.
 
--  *debug-tweaks:* Makes an image suitable for development (e.g. allows
-   root logins, logins without passwords ---including root ones, and enables
-   post-installation logging). See the ``allow-empty-password``,
-   ``allow-root-login``, ``empty-root-password``, and ``post-install-logging``
-   features in this list for additional information.
-
 -  *dev-pkgs:* Installs development packages (headers and extra library
    links) for all packages installed in a given image.
 
 -  *doc-pkgs:* Installs documentation packages for all packages
    installed in a given image.
 
--  *empty-root-password:* This feature or ``debug-tweaks`` is required if
-   you want to allow root login with an empty password. If these features
-   are not present in :term:`IMAGE_FEATURES`, a non-empty password is
-   forced in ``/etc/passwd`` and ``/etc/shadow`` if such files exist.
+-  *empty-root-password:* This feature can be used if you want to allow root
+   login with an empty password. If this feature is not present in
+   :term:`IMAGE_FEATURES`, a non-empty password is forced in ``/etc/passwd`` and
+   ``/etc/shadow`` if such files exist.
 
    .. note::
        ``empty-root-password`` doesn't set an empty root password by itself.
        You get an initial empty root password thanks to the
        :oe_git:`base-passwd </openembedded-core/tree/meta/recipes-core/base-passwd/>`
        and :oe_git:`shadow </openembedded-core/tree/meta/recipes-extended/shadow/>`
-       recipes, and the presence of ``empty-root-password`` or ``debug-tweaks``
-       just disables the mechanism which forces an non-empty password for the
-       root user.
+       recipes, and the presence of ``empty-root-password`` just disables the
+       mechanism which forces an non-empty password for the root user.
 
 -  *lic-pkgs:* Installs license packages for all packages installed in a
    given image.
diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
index 89c37729bd..5d24e80865 100644
--- a/documentation/ref-manual/variables.rst
+++ b/documentation/ref-manual/variables.rst
@@ -2604,10 +2604,14 @@ system and gives an overview of their function and contents.
         - "dbg-pkgs" --- adds -dbg packages for all installed packages including
           symbol information for debugging and profiling.
 
-        - "debug-tweaks" --- makes an image suitable for debugging. For example, allows root logins without passwords and
-          enables post-installation logging. See the 'allow-empty-password' and
-          'post-install-logging' features in the ":ref:`ref-features-image`"
-          section for more information.
+        - "empty-root-password" --- This feature can be used if you want to
+          allow root login with an empty password.
+        - "allow-empty-password" --- Allows Dropbear and OpenSSH to accept
+          logins from accounts having an empty password string.
+        - "allow-root-login" --- Allows Dropbear and OpenSSH to accept root logins.
+        - "post-install-logging" --- Enables logging postinstall script runs to
+          the ``/var/log/postinstall.log`` file on first boot of the image on
+          the target system.
         - "dev-pkgs" --- adds -dev packages for all installed packages. This is
           useful if you want to develop against the libraries in the image.
         - "read-only-rootfs" --- creates an image whose root filesystem is
diff --git a/documentation/sdk-manual/extensible.rst b/documentation/sdk-manual/extensible.rst
index 3f6a754d88..9a50d7fc54 100644
--- a/documentation/sdk-manual/extensible.rst
+++ b/documentation/sdk-manual/extensible.rst
@@ -655,7 +655,10 @@ The extensible SDK supports two different development modes.
       # SSH is mandatory, no password simplifies the usage
       EXTRA_IMAGE_FEATURES += "\
          ssh-server-openssh \
-         debug-tweaks \
+         allow-empty-password \
+         allow-root-login \
+         empty-root-password \
+         post-install-logging \
       "
 
       # Remote debugging needs gdbserver on the target device