diff --git a/board/coreboot/linux-4.1.config b/board/coreboot/linux-4.1.config
index 28b64bc..4c96974 100644
--- a/board/coreboot/linux-4.1.config
+++ b/board/coreboot/linux-4.1.config
@@ -148,7 +148,6 @@ CONFIG_LOG_BUF_SHIFT=17
 CONFIG_LOG_CPU_MAX_BUF_SHIFT=17
 CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
 CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
-CONFIG_ARCH_SUPPORTS_INT128=y
 # CONFIG_NUMA_BALANCING is not set
 CONFIG_CGROUPS=y
 # CONFIG_CGROUP_DEBUG is not set
@@ -165,7 +164,6 @@ CONFIG_FAIR_GROUP_SCHED=y
 # CONFIG_CFS_BANDWIDTH is not set
 # CONFIG_RT_GROUP_SCHED is not set
 # CONFIG_BLK_CGROUP is not set
-# CONFIG_CHECKPOINT_RESTORE is not set
 CONFIG_NAMESPACES=y
 CONFIG_UTS_NS=y
 CONFIG_IPC_NS=y
@@ -371,7 +369,6 @@ CONFIG_IOSF_MBI=y
 # CONFIG_IOSF_MBI_DEBUG is not set
 CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y
 CONFIG_SCHED_OMIT_FRAME_POINTER=y
-# CONFIG_HYPERVISOR_GUEST is not set
 CONFIG_NO_BOOTMEM=y
 # CONFIG_MK8 is not set
 # CONFIG_MPSC is not set
@@ -412,8 +409,6 @@ CONFIG_X86_MCE_INTEL=y
 CONFIG_X86_MCE_THRESHOLD=y
 # CONFIG_X86_MCE_INJECT is not set
 CONFIG_X86_THERMAL_VECTOR=y
-CONFIG_X86_16BIT=y
-CONFIG_X86_ESPFIX64=y
 CONFIG_X86_VSYSCALL_EMULATION=y
 # CONFIG_I8K is not set
 CONFIG_MICROCODE=y
@@ -493,18 +488,16 @@ CONFIG_SECCOMP=y
 CONFIG_HZ_1000=y
 CONFIG_HZ=1000
 CONFIG_SCHED_HRTICK=y
-CONFIG_KEXEC=y
-# CONFIG_KEXEC_FILE is not set
 CONFIG_CRASH_DUMP=y
 CONFIG_PHYSICAL_START=0x1000000
 CONFIG_RELOCATABLE=y
 # CONFIG_RANDOMIZE_BASE is not set
-CONFIG_PHYSICAL_ALIGN=0x200000
+CONFIG_PHYSICAL_ALIGN=0x400000
 CONFIG_HOTPLUG_CPU=y
 # CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set
 # CONFIG_DEBUG_HOTPLUG_CPU0 is not set
-# CONFIG_COMPAT_VDSO is not set
 # CONFIG_CMDLINE_BOOL is not set
+CONFIG_DEFAULT_MODIFY_LDT_SYSCALL=y
 CONFIG_HAVE_LIVEPATCH=y
 CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
 CONFIG_USE_PERCPU_NUMA_NODE_ID=y
@@ -514,7 +507,6 @@ CONFIG_USE_PERCPU_NUMA_NODE_ID=y
 #
 CONFIG_SUSPEND=y
 CONFIG_SUSPEND_FREEZER=y
-# CONFIG_HIBERNATION is not set
 CONFIG_PM_SLEEP=y
 CONFIG_PM_SLEEP_SMP=y
 # CONFIG_PM_AUTOSLEEP is not set
@@ -1572,7 +1564,6 @@ CONFIG_UNIX98_PTYS=y
 # CONFIG_N_GSM is not set
 # CONFIG_TRACE_SINK is not set
 CONFIG_DEVMEM=y
-CONFIG_DEVKMEM=y
 
 #
 # Serial drivers
@@ -1615,7 +1606,6 @@ CONFIG_TCG_TIS=y
 # CONFIG_TCG_CRB is not set
 # CONFIG_TCG_TIS_ST33ZP24 is not set
 # CONFIG_TELCLOCK is not set
-CONFIG_DEVPORT=y
 # CONFIG_XILLYBUS is not set
 
 #
@@ -3056,10 +3046,7 @@ CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1"
 # Pseudo filesystems
 #
 CONFIG_PROC_FS=y
-# CONFIG_PROC_KCORE is not set
-CONFIG_PROC_VMCORE=y
 CONFIG_PROC_SYSCTL=y
-CONFIG_PROC_PAGE_MONITOR=y
 CONFIG_KERNFS=y
 CONFIG_SYSFS=y
 CONFIG_TMPFS=y
@@ -3200,10 +3187,6 @@ CONFIG_TIMER_STATS=y
 # CONFIG_DEBUG_RT_MUTEXES is not set
 # CONFIG_DEBUG_SPINLOCK is not set
 # CONFIG_DEBUG_MUTEXES is not set
-# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set
-# CONFIG_DEBUG_LOCK_ALLOC is not set
-# CONFIG_PROVE_LOCKING is not set
-# CONFIG_LOCK_STAT is not set
 # CONFIG_DEBUG_ATOMIC_SLEEP is not set
 # CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
 # CONFIG_LOCK_TORTURE_TEST is not set
@@ -3229,9 +3212,7 @@ CONFIG_RCU_CPU_STALL_INFO=y
 # CONFIG_DEBUG_BLOCK_EXT_DEVT is not set
 # CONFIG_NOTIFIER_ERROR_INJECTION is not set
 # CONFIG_FAULT_INJECTION is not set
-# CONFIG_LATENCYTOP is not set
 CONFIG_ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS=y
-# CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set
 CONFIG_USER_STACKTRACE_SUPPORT=y
 CONFIG_NOP_TRACER=y
 CONFIG_HAVE_FUNCTION_TRACER=y
@@ -3287,7 +3268,6 @@ CONFIG_PROBE_EVENTS=y
 # CONFIG_TEST_STRING_HELPERS is not set
 # CONFIG_TEST_KSTRTOX is not set
 # CONFIG_TEST_RHASHTABLE is not set
-# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set
 # CONFIG_DMA_API_DEBUG is not set
 # CONFIG_TEST_LKM is not set
 # CONFIG_TEST_USER_COPY is not set
@@ -3298,14 +3278,11 @@ CONFIG_PROBE_EVENTS=y
 # CONFIG_SAMPLES is not set
 CONFIG_HAVE_ARCH_KGDB=y
 # CONFIG_KGDB is not set
-# CONFIG_STRICT_DEVMEM is not set
+CONFIG_STRICT_DEVMEM=y
 CONFIG_X86_VERBOSE_BOOTUP=y
 CONFIG_EARLY_PRINTK=y
 CONFIG_EARLY_PRINTK_DBGP=y
 # CONFIG_X86_PTDUMP is not set
-CONFIG_DEBUG_RODATA=y
-CONFIG_DEBUG_RODATA_TEST=y
-# CONFIG_DEBUG_SET_MODULE_RONX is not set
 # CONFIG_DEBUG_NX_TEST is not set
 CONFIG_DOUBLEFAULT=y
 # CONFIG_DEBUG_TLBFLUSH is not set
@@ -3330,6 +3307,189 @@ CONFIG_OPTIMIZE_INLINING=y
 #
 # Security options
 #
+
+#
+# Grsecurity
+#
+CONFIG_PAX_KERNEXEC_PLUGIN=y
+CONFIG_PAX_PER_CPU_PGD=y
+CONFIG_TASK_SIZE_MAX_SHIFT=42
+CONFIG_PAX_USERCOPY_SLABS=y
+CONFIG_GRKERNSEC=y
+CONFIG_GRKERNSEC_CONFIG_AUTO=y
+# CONFIG_GRKERNSEC_CONFIG_CUSTOM is not set
+# CONFIG_GRKERNSEC_CONFIG_SERVER is not set
+CONFIG_GRKERNSEC_CONFIG_DESKTOP=y
+CONFIG_GRKERNSEC_CONFIG_VIRT_NONE=y
+# CONFIG_GRKERNSEC_CONFIG_VIRT_GUEST is not set
+# CONFIG_GRKERNSEC_CONFIG_VIRT_HOST is not set
+CONFIG_GRKERNSEC_CONFIG_PRIORITY_PERF=y
+# CONFIG_GRKERNSEC_CONFIG_PRIORITY_SECURITY is not set
+
+#
+# Default Special Groups
+#
+CONFIG_GRKERNSEC_PROC_GID=1001
+
+#
+# Customize Configuration
+#
+
+#
+# PaX
+#
+CONFIG_PAX=y
+
+#
+# PaX Control
+#
+# CONFIG_PAX_SOFTMODE is not set
+# CONFIG_PAX_EI_PAX is not set
+CONFIG_PAX_PT_PAX_FLAGS=y
+# CONFIG_PAX_XATTR_PAX_FLAGS is not set
+# CONFIG_PAX_NO_ACL_FLAGS is not set
+CONFIG_PAX_HAVE_ACL_FLAGS=y
+# CONFIG_PAX_HOOK_ACL_FLAGS is not set
+
+#
+# Non-executable pages
+#
+CONFIG_PAX_NOEXEC=y
+CONFIG_PAX_PAGEEXEC=y
+CONFIG_PAX_EMUTRAMP=y
+CONFIG_PAX_MPROTECT=y
+CONFIG_PAX_MPROTECT_COMPAT=y
+# CONFIG_PAX_ELFRELOCS is not set
+CONFIG_PAX_KERNEXEC=y
+CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_BTS=y
+# CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR is not set
+CONFIG_PAX_KERNEXEC_PLUGIN_METHOD="bts"
+
+#
+# Address Space Layout Randomization
+#
+CONFIG_PAX_ASLR=y
+CONFIG_PAX_RANDKSTACK=y
+CONFIG_PAX_RANDUSTACK=y
+CONFIG_PAX_RANDMMAP=y
+
+#
+# Miscellaneous hardening features
+#
+# CONFIG_PAX_MEMORY_SANITIZE is not set
+# CONFIG_PAX_MEMORY_STACKLEAK is not set
+# CONFIG_PAX_MEMORY_STRUCTLEAK is not set
+# CONFIG_PAX_MEMORY_UDEREF is not set
+CONFIG_PAX_REFCOUNT=y
+CONFIG_PAX_CONSTIFY_PLUGIN=y
+CONFIG_PAX_USERCOPY=y
+# CONFIG_PAX_USERCOPY_DEBUG is not set
+CONFIG_PAX_SIZE_OVERFLOW=y
+CONFIG_PAX_LATENT_ENTROPY=y
+
+#
+# Memory Protections
+#
+CONFIG_GRKERNSEC_KMEM=y
+# CONFIG_GRKERNSEC_IO is not set
+CONFIG_GRKERNSEC_BPF_HARDEN=y
+CONFIG_GRKERNSEC_PERF_HARDEN=y
+CONFIG_GRKERNSEC_RAND_THREADSTACK=y
+CONFIG_GRKERNSEC_PROC_MEMMAP=y
+CONFIG_GRKERNSEC_KSTACKOVERFLOW=y
+CONFIG_GRKERNSEC_BRUTE=y
+CONFIG_GRKERNSEC_MODHARDEN=y
+CONFIG_GRKERNSEC_HIDESYM=y
+CONFIG_GRKERNSEC_RANDSTRUCT=y
+CONFIG_GRKERNSEC_RANDSTRUCT_PERFORMANCE=y
+CONFIG_GRKERNSEC_KERN_LOCKOUT=y
+
+#
+# Role Based Access Control Options
+#
+CONFIG_GRKERNSEC_NO_RBAC=y
+# CONFIG_GRKERNSEC_ACL_HIDEKERN is not set
+CONFIG_GRKERNSEC_ACL_MAXTRIES=3
+CONFIG_GRKERNSEC_ACL_TIMEOUT=30
+
+#
+# Filesystem Protections
+#
+CONFIG_GRKERNSEC_PROC=y
+# CONFIG_GRKERNSEC_PROC_USER is not set
+CONFIG_GRKERNSEC_PROC_USERGROUP=y
+CONFIG_GRKERNSEC_PROC_ADD=y
+CONFIG_GRKERNSEC_LINK=y
+# CONFIG_GRKERNSEC_SYMLINKOWN is not set
+CONFIG_GRKERNSEC_FIFO=y
+# CONFIG_GRKERNSEC_SYSFS_RESTRICT is not set
+# CONFIG_GRKERNSEC_ROFS is not set
+CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL=y
+CONFIG_GRKERNSEC_CHROOT=y
+CONFIG_GRKERNSEC_CHROOT_MOUNT=y
+CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
+CONFIG_GRKERNSEC_CHROOT_PIVOT=y
+CONFIG_GRKERNSEC_CHROOT_CHDIR=y
+CONFIG_GRKERNSEC_CHROOT_CHMOD=y
+CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
+CONFIG_GRKERNSEC_CHROOT_MKNOD=y
+CONFIG_GRKERNSEC_CHROOT_SHMAT=y
+CONFIG_GRKERNSEC_CHROOT_UNIX=y
+CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
+CONFIG_GRKERNSEC_CHROOT_NICE=y
+CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
+CONFIG_GRKERNSEC_CHROOT_RENAME=y
+CONFIG_GRKERNSEC_CHROOT_CAPS=y
+CONFIG_GRKERNSEC_CHROOT_INITRD=y
+
+#
+# Kernel Auditing
+#
+# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
+# CONFIG_GRKERNSEC_EXECLOG is not set
+# CONFIG_GRKERNSEC_RESLOG is not set
+# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
+# CONFIG_GRKERNSEC_AUDIT_PTRACE is not set
+# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
+# CONFIG_GRKERNSEC_AUDIT_MOUNT is not set
+# CONFIG_GRKERNSEC_SIGNAL is not set
+# CONFIG_GRKERNSEC_FORKFAIL is not set
+CONFIG_GRKERNSEC_TIME=y
+CONFIG_GRKERNSEC_PROC_IPADDR=y
+CONFIG_GRKERNSEC_RWXMAP_LOG=y
+
+#
+# Executable Protections
+#
+CONFIG_GRKERNSEC_DMESG=y
+CONFIG_GRKERNSEC_HARDEN_PTRACE=y
+CONFIG_GRKERNSEC_PTRACE_READEXEC=y
+CONFIG_GRKERNSEC_SETXID=y
+CONFIG_GRKERNSEC_HARDEN_IPC=y
+# CONFIG_GRKERNSEC_TPE is not set
+
+#
+# Network Protections
+#
+CONFIG_GRKERNSEC_BLACKHOLE=y
+CONFIG_GRKERNSEC_NO_SIMULT_CONNECT=y
+# CONFIG_GRKERNSEC_SOCKET is not set
+
+#
+# Physical Protections
+#
+# CONFIG_GRKERNSEC_DENYUSB is not set
+
+#
+# Sysctl Support
+#
+# CONFIG_GRKERNSEC_SYSCTL is not set
+
+#
+# Logging Options
+#
+CONFIG_GRKERNSEC_FLOODTIME=10
+CONFIG_GRKERNSEC_FLOODBURST=3
 CONFIG_KEYS=y
 # CONFIG_PERSISTENT_KEYRINGS is not set
 # CONFIG_BIG_KEYS is not set
@@ -3346,7 +3506,6 @@ CONFIG_SECURITY_NETWORK=y
 # CONFIG_SECURITY_SMACK is not set
 # CONFIG_SECURITY_TOMOYO is not set
 # CONFIG_SECURITY_APPARMOR is not set
-# CONFIG_SECURITY_YAMA is not set
 CONFIG_INTEGRITY=y
 # CONFIG_INTEGRITY_SIGNATURE is not set
 CONFIG_INTEGRITY_AUDIT=y