diff --git a/kernel/packages/prawnos-linux-image-armhf/README.md b/kernel/packages/prawnos-linux-image-armhf/README.md
index 1a3b31c0a..ec7a1f4ba 100644
--- a/kernel/packages/prawnos-linux-image-armhf/README.md
+++ b/kernel/packages/prawnos-linux-image-armhf/README.md
@@ -11,7 +11,7 @@
 prawnos linux kernel images have 3 version numbers, each representing a different type of change. This is to keep versioning organized, and to make the debian packaging system happy. 
 
 the format is: 
-`prawnos-linus-image-armhf_<upstream_kver>-<prawnos_kver>-<debian_package_ver>`
+`prawnos-linux-image-armhf_<upstream_kver>-<prawnos_kver>-<debian_package_ver>`
 
 upstream_kver changes with a new version of the linux kernel
 prawnos_kver changes when new patches are added or a config change occurs
diff --git a/kernel/resources/armhf/libre-config b/kernel/resources/armhf/libre-config
index b986bd421..c236199a1 100644
--- a/kernel/resources/armhf/libre-config
+++ b/kernel/resources/armhf/libre-config
@@ -5757,9 +5757,12 @@ CONFIG_KEYS=y
 # CONFIG_TRUSTED_KEYS is not set
 CONFIG_ENCRYPTED_KEYS=y
 # CONFIG_KEY_DH_OPERATIONS is not set
-# CONFIG_SECURITY_DMESG_RESTRICT is not set
+CONFIG_SECURITY_DMESG_RESTRICT=y
 CONFIG_SECURITY=y
 CONFIG_SECURITYFS=y
+CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
+CONFIG_SECURITY_APPARMOR_HASH=y
+SECURITY_APPARMOR_HASH_DEFAULT=y
 CONFIG_SECURITY_NETWORK=y
 # CONFIG_SECURITY_NETWORK_XFRM is not set
 CONFIG_SECURITY_PATH=y
@@ -5772,7 +5775,7 @@ CONFIG_HARDENED_USERCOPY_FALLBACK=y
 CONFIG_STATIC_USERMODEHELPER=y
 CONFIG_STATIC_USERMODEHELPER_PATH="/sbin/usermode-helper"
 CONFIG_SECURITY_SELINUX=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+# CONFIG_SECURITY_SELINUX_BOOTPARAM is not set
 # CONFIG_SECURITY_SELINUX_DISABLE is not set
 CONFIG_SECURITY_SELINUX_DEVELOP=y
 CONFIG_SECURITY_SELINUX_AVC_STATS=y
@@ -5781,7 +5784,7 @@ CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9
 CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256
 # CONFIG_SECURITY_SMACK is not set
 # CONFIG_SECURITY_TOMOYO is not set
-# CONFIG_SECURITY_APPARMOR is not set
+CONFIG_SECURITY_APPARMOR=y
 CONFIG_SECURITY_LOADPIN=y
 # CONFIG_SECURITY_LOADPIN_ENFORCE is not set
 CONFIG_SECURITY_YAMA=y
@@ -5792,10 +5795,10 @@ CONFIG_INTEGRITY=y
 CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_IMA is not set
 # CONFIG_EVM is not set
-CONFIG_DEFAULT_SECURITY_SELINUX=y
+CONFIG_DEFAULT_SECURITY_APPARMOR=y
+# CONFIG_DEFAULT_SECURITY_SELINUX is not set
 # CONFIG_DEFAULT_SECURITY_DAC is not set
 CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
-
 #
 # Kernel hardening options
 #
diff --git a/kernel/resources/shared/FlashKernelPartition.sh b/kernel/resources/shared/FlashKernelPartition.sh
index 56b7b0882..e75261577 100755
--- a/kernel/resources/shared/FlashKernelPartition.sh
+++ b/kernel/resources/shared/FlashKernelPartition.sh
@@ -36,7 +36,7 @@ get_emmc_devname() {
     local devname=$(ls /dev/mmcblk* | grep -F boot0 | sed "s/boot0//")
     if [ -z "$devname" ]
     then
-        echo "Unknown device! can't determine emmc devname. Please file an issue with the output of fdisk -l if you get this on a supported device"; exit 1;;
+        echo "Unknown device! can't determine emmc devname. Please file an issue with the output of fdisk -l if you get this on a supported device"; exit 1;
     fi
     echo $devname
 }
diff --git a/scripts/InstallScripts/InstallPackages.sh b/scripts/InstallScripts/InstallPackages.sh
index 1282643b5..accea08ed 100755
--- a/scripts/InstallScripts/InstallPackages.sh
+++ b/scripts/InstallScripts/InstallPackages.sh
@@ -37,7 +37,7 @@ get_emmc_devname() {
     local devname=$(ls /dev/mmcblk* | grep -F boot0 | sed "s/boot0//")
     if [ -z "$devname" ]
     then
-        echo "Unknown device! can't determine emmc devname. Please file an issue with the output of fdisk -l if you get this on a supported device"; exit 1;;
+        echo "Unknown device! can't determine emmc devname. Please file an issue with the output of fdisk -l if you get this on a supported device"; exit 1;
     fi
     echo $devname
 }
diff --git a/scripts/InstallScripts/InstallPrawnOS.sh b/scripts/InstallScripts/InstallPrawnOS.sh
index 701b06acf..f5b25b432 100755
--- a/scripts/InstallScripts/InstallPrawnOS.sh
+++ b/scripts/InstallScripts/InstallPrawnOS.sh
@@ -40,7 +40,7 @@ get_emmc_devname() {
     local devname=$(ls /dev/mmcblk* | grep -F boot0 | sed "s/boot0//")
     if [ -z "$devname" ]
     then
-        echo "Unknown device! can't determine emmc devname. Please file an issue with the output of fdisk -l if you get this on a supported device"; exit 1;;
+        echo "Unknown device! can't determine emmc devname. Please file an issue with the output of fdisk -l if you get this on a supported device"; exit 1;
     fi
     echo $devname
 }