diff --git a/layers/meta-belden-coreos-bsp/conf/machine/qemu-coreos-arm64.conf b/layers/meta-belden-coreos-bsp/conf/machine/qemu-coreos-arm64.conf
index 3507392..c40e3d4 100644
--- a/layers/meta-belden-coreos-bsp/conf/machine/qemu-coreos-arm64.conf
+++ b/layers/meta-belden-coreos-bsp/conf/machine/qemu-coreos-arm64.conf
@@ -6,9 +6,9 @@
 require conf/machine/qemu-generic-arm64.conf
 MACHINEOVERRIDES =. "qemu-generic-arm64:"
 
-IMAGE_FSTYPES += "wic.xz wic.bmap"
+COREOS_IMAGE_GENERATE_INSTALLER = "0"
+
 WKS_FILE = "qemu-efi-coreos-generic.wks.in"
-QB_DRIVE_TYPE = "/dev/sd"
 
 EFIBOOTGUARD_TIMEOUT ?= "0"
 require conf/machine/include/coreos-generic-features/efi.inc
diff --git a/layers/meta-belden-coreos-bsp/recipes-kernel/linux/files/secure-storage.cfg b/layers/meta-belden-coreos-bsp/recipes-kernel/linux/files/secure-storage.cfg
new file mode 100644
index 0000000..07ef65b
--- /dev/null
+++ b/layers/meta-belden-coreos-bsp/recipes-kernel/linux/files/secure-storage.cfg
@@ -0,0 +1,4 @@
+CONFIG_BLK_DEV_DM=y
+CONFIG_KEYS=y
+CONFIG_ENCRYPTED_KEYS=y
+CONFIG_DM_CRYPT=y
\ No newline at end of file
diff --git a/layers/meta-belden-coreos-bsp/recipes-kernel/linux/linux-yocto_%.bbappend b/layers/meta-belden-coreos-bsp/recipes-kernel/linux/linux-yocto_%.bbappend
new file mode 100644
index 0000000..e2c6aba
--- /dev/null
+++ b/layers/meta-belden-coreos-bsp/recipes-kernel/linux/linux-yocto_%.bbappend
@@ -0,0 +1,2 @@
+# Set kernel config needed by secure-storage
+SRC_URI += "file://secure-storage.cfg"
diff --git a/layers/meta-belden-coreos-bsp/wic/qemu-efi-coreos-generic.wks.in b/layers/meta-belden-coreos-bsp/wic/qemu-efi-coreos-generic.wks.in
index dfcd3d7..1db9345 100644
--- a/layers/meta-belden-coreos-bsp/wic/qemu-efi-coreos-generic.wks.in
+++ b/layers/meta-belden-coreos-bsp/wic/qemu-efi-coreos-generic.wks.in
@@ -2,11 +2,11 @@
 # long-description: Creates a partitioned EFI disk image that the user
 # can directly dd to boot media.
 
-part --source efibootguard-efi --label efi --part-type=EF00 --ondisk mmcblk1 --offset 20480S --size 64M --extra-space 0 --overhead-factor 1
-part / --source rootfs --fstype=ext4 --label rootfs0 --ondisk mmcblk1 --size ${WKS_PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
-part --fstype=ext4 --label rootfs1 --ondisk mmcblk1 --size ${WKS_PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
-part --source efibootguard-boot --label ebg0 --part-type=0700 --sourceparams "args=coreos.root=rootfs0,watchdog=${EFIBOOTGUARD_TIMEOUT},revision=2,kernel=${COREOS_KERNEL_FILENAME};KERNEL.EFI" --ondisk mmcblk1  --align 1024 --size 128M --extra-space 0 --overhead-factor 1
-part --source efibootguard-boot --label ebg1 --part-type=0700 --sourceparams "args=coreos.root=rootfs1,watchdog=${EFIBOOTGUARD_TIMEOUT},revision=1,kernel=${COREOS_KERNEL_FILENAME};KERNEL.EFI" --ondisk mmcblk1  --align 1024 --size 128M --extra-space 0 --overhead-factor 1
-${WKS_PART_USERDATA} --ondisk mmcblk1 --size ${WKS_PART_USERDATA_SIZE} --extra-space 0 --overhead-factor 1
+part --source efibootguard-efi --label efi --part-type=EF00 --use-uuid --offset 20480S --size 64M --extra-space 0 --overhead-factor 1
+part / --source rootfs --fstype=ext4 --label rootfs0 --use-uuid --size ${WKS_PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
+part --fstype=ext4 --label rootfs1 --use-uuid --size ${WKS_PART_ROOT_SIZE} --extra-space 0 --overhead-factor 1
+part --source efibootguard-boot --label ebg0 --part-type=0700 --sourceparams "args=coreos.root=rootfs0,watchdog=${EFIBOOTGUARD_TIMEOUT},revision=2,kernel=${COREOS_KERNEL_FILENAME};KERNEL.EFI" --use-uuid  --align 1024 --size 128M --extra-space 0 --overhead-factor 1
+part --source efibootguard-boot --label ebg1 --part-type=0700 --sourceparams "args=coreos.root=rootfs1,watchdog=${EFIBOOTGUARD_TIMEOUT},revision=1,kernel=${COREOS_KERNEL_FILENAME};KERNEL.EFI" --use-uuid  --align 1024 --size 128M --extra-space 0 --overhead-factor 1
+${WKS_PART_USERDATA} --use-uuid --size ${WKS_PART_USERDATA_SIZE} --extra-space 0 --overhead-factor 1
 
 bootloader --ptable gpt
\ No newline at end of file