diff --git a/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw/0001-compile-fix.patch b/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw/0001-compile-fix.patch
deleted file mode 100644
index 11f8420..0000000
--- a/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw/0001-compile-fix.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-diff --git a/arch/arm/boot/dts/am335x-nbhw16-prod2.dts b/arch/arm/boot/dts/am335x-nbhw16-prod2.dts
-index 1871d78bca89..b4830a8ef61c 100755
---- a/arch/arm/boot/dts/am335x-nbhw16-prod2.dts
-+++ b/arch/arm/boot/dts/am335x-nbhw16-prod2.dts
-@@ -73,7 +73,7 @@ netbox_dio: netbox_dio {
- 	wlan_bt_clock: wlan_bt_clock {
- 		compatible = "pwm-clock";
- 		#clock-cells = <0>;
--		pwms = <&ecap2 0 30518 0>;
-+		pwms = <&ecap_2 0 30518 0>;
- 	};
- 
- 	wlan_bt_oscillator: wlan_bt_oscillator {
-@@ -93,7 +93,7 @@ &reset_button {
- &epwmss2 {
- 	status = "okay";
- 
--	ecap2: ecap@48304100 {
-+	ecap_2: ecap@48304100 {
- 		status = "okay";
- 		pinctrl-names = "default";
- 		pinctrl-0 = <&ecap2_pins>;
diff --git a/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw/0001-remove-nrsw-specific-parts.patch b/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw/0001-remove-nrsw-specific-parts.patch
new file mode 100644
index 0000000..8df05ab
--- /dev/null
+++ b/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw/0001-remove-nrsw-specific-parts.patch
@@ -0,0 +1,689 @@
+diff --git a/crypto/Kconfig b/crypto/Kconfig
+index fe8394895c1e..1157f82dc9cf 100644
+--- a/crypto/Kconfig
++++ b/crypto/Kconfig
+@@ -1936,12 +1936,6 @@ config CRYPTO_STATS
+ config CRYPTO_HASH_INFO
+ 	bool
+ 
+-config BOFH_KEY
+-    depends on SECURITY
+-    depends on INTEGRITY_SIGNATURE
+-    bool "BOFH key support"
+-    default y
+-
+ source "lib/crypto/Kconfig"
+ source "drivers/crypto/Kconfig"
+ source "crypto/asymmetric_keys/Kconfig"
+diff --git a/crypto/Makefile b/crypto/Makefile
+index 471270fba15b..b279483fba50 100644
+--- a/crypto/Makefile
++++ b/crypto/Makefile
+@@ -197,5 +197,3 @@ obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys/
+ obj-$(CONFIG_CRYPTO_HASH_INFO) += hash_info.o
+ crypto_simd-y := simd.o
+ obj-$(CONFIG_CRYPTO_SIMD) += crypto_simd.o
+-
+-obj-$(CONFIG_BOFH_KEY) += bofh-key.o
+diff --git a/crypto/bofh-key.c b/crypto/bofh-key.c
+deleted file mode 100644
+index 78b0f5abda21..000000000000
+--- a/crypto/bofh-key.c
++++ /dev/null
+@@ -1,63 +0,0 @@
+-#include <linux/module.h>
+-#include <linux/kernel.h>
+-#include <linux/slab.h>
+-#include <linux/crypto.h>
+-#include <crypto/public_key.h>
+-#include <bofh-key.h>
+-
+-#if BOFH_KEY_PRESENT
+-
+-static const struct public_key *bofh_key = NULL;
+-
+-const struct public_key * request_bofh_key (const char *signer, size_t signer_len,
+-                                            const u8 *keyid, size_t keyid_len)
+-{
+-        struct public_key *pubkey = NULL;
+-        static unsigned char key[] = BOFH_KEY_PUBKEY;
+-
+-        if (bofh_key) {
+-                return bofh_key; /* already requested */
+-        }
+-
+-        if (BOFH_KEY_SIGNER_LEN != 0) {
+-            if (BOFH_KEY_SIGNER_LEN != signer_len ||
+-                memcmp(BOFH_KEY_SIGNER, signer, BOFH_KEY_SIGNER_LEN)) {
+-                printk(KERN_ERR "invalid signer\n");
+-                return NULL;
+-            }
+-        }
+-        if (BOFH_KEY_KEYID_LEN != 0) { /* optional */
+-            if (BOFH_KEY_KEYID_LEN != keyid_len ||
+-                memcmp(BOFH_KEY_KEYID, keyid, BOFH_KEY_KEYID_LEN)) {
+-                    printk(KERN_ERR "invalid keyid\n");
+-                    return NULL;
+-            }
+-        }
+-        pubkey = kzalloc(sizeof(struct public_key), GFP_KERNEL);
+-        if (!pubkey) {
+-                return NULL;
+-        }
+-
+-        pubkey->key = key;
+-        pubkey->keylen = sizeof(key);
+-        pubkey->id_type = BOFH_KEY_ID_TYPE_STR;
+-        pubkey->pkey_algo = BOFH_KEY_PKEY_ALGO_STR;
+-
+-        bofh_key = (const struct public_key *) pubkey;
+-
+-        if (pubkey && !bofh_key) kfree(pubkey);
+-
+-        return bofh_key;
+-}
+-
+-#else /* !BOFH_KEY_PRESENT */
+-
+-const struct public_key * request_bofh_key (const char *signer, size_t signer_len,
+-                                              const u8 *keyid, size_t keyid_len)
+-{
+-        return NULL;
+-}
+-
+-#endif /* BOFH_KEY_PRESENT */
+-
+-
+diff --git a/drivers/mfd/nm-fpga-gpio.h b/drivers/mfd/nm-fpga-gpio.h
+index 0ad49861a0ab..a65d8680f706 100644
+--- a/drivers/mfd/nm-fpga-gpio.h
++++ b/drivers/mfd/nm-fpga-gpio.h
+@@ -14,7 +14,6 @@
+ 
+ #include <linux/types.h>
+ #include <linux/regmap.h>
+-#include <nbsw.h>
+ 
+ struct nm_fpga_gpio_config {
+ 	void (*init_fpga)(struct regmap* regmap);
+diff --git a/drivers/mfd/nm-fpga-gpio08.c b/drivers/mfd/nm-fpga-gpio08.c
+index 3f833213e651..77f06d4f1b90 100644
+--- a/drivers/mfd/nm-fpga-gpio08.c
++++ b/drivers/mfd/nm-fpga-gpio08.c
+@@ -9,7 +9,6 @@
+  * (at your option) any later version.
+  */
+ 
+-#include <nbsw.h>
+ #if defined(NBSW_TARGET_netbox_ppc)
+ 
+ #include <linux/export.h>
+diff --git a/drivers/mfd/nm-fpga-gpio12.c b/drivers/mfd/nm-fpga-gpio12.c
+index 1fcf5b923a3f..1b30879c0e3f 100644
+--- a/drivers/mfd/nm-fpga-gpio12.c
++++ b/drivers/mfd/nm-fpga-gpio12.c
+@@ -9,7 +9,6 @@
+  * (at your option) any later version.
+  */
+ 
+-#include <nbsw.h>
+ #if defined(NBSW_TARGET_netbox_ppc)
+ 
+ #include <linux/export.h>
+diff --git a/drivers/mfd/nm-fpga-gpio14.c b/drivers/mfd/nm-fpga-gpio14.c
+index 4ae68d15f4b1..8db75be169e8 100644
+--- a/drivers/mfd/nm-fpga-gpio14.c
++++ b/drivers/mfd/nm-fpga-gpio14.c
+@@ -9,7 +9,6 @@
+  * (at your option) any later version.
+  */
+ 
+-#include <nbsw.h>
+ #if defined(NBSW_TARGET_netbolt_arm)
+ 
+ #include <linux/export.h>
+diff --git a/drivers/mfd/nm-fpga-gpio17.c b/drivers/mfd/nm-fpga-gpio17.c
+index efc689ce6989..9b8c35a2de17 100644
+--- a/drivers/mfd/nm-fpga-gpio17.c
++++ b/drivers/mfd/nm-fpga-gpio17.c
+@@ -9,7 +9,6 @@
+  * (at your option) any later version.
+  */
+ 
+-#include <nbsw.h>
+ #if defined(NBSW_TARGET_netbolt_arm)
+ 
+ #include <linux/export.h>
+diff --git a/drivers/mfd/nm-fpga-gpio18.c b/drivers/mfd/nm-fpga-gpio18.c
+index ffc2f8afaba9..7ab90a4f2e4e 100644
+--- a/drivers/mfd/nm-fpga-gpio18.c
++++ b/drivers/mfd/nm-fpga-gpio18.c
+@@ -9,7 +9,6 @@
+  * (at your option) any later version.
+  */
+ 
+-#include <nbsw.h>
+ #if defined(NBSW_TARGET_netbolt_arm)
+ 
+ #include <linux/export.h>
+diff --git a/drivers/misc/eeprom/at24.c b/drivers/misc/eeprom/at24.c
+index 09ce3e72b414..305ffad131a2 100644
+--- a/drivers/misc/eeprom/at24.c
++++ b/drivers/misc/eeprom/at24.c
+@@ -25,8 +25,6 @@
+ #include <linux/regulator/consumer.h>
+ #include <linux/slab.h>
+ 
+-#include <bofh-key.h>
+-
+ /* Address pointer is 16 bit. */
+ #define AT24_FLAG_ADDR16	BIT(7)
+ /* sysfs-entry will be read-only. */
+@@ -473,21 +471,6 @@ static int at24_write(void *priv, unsigned int off, void *val, size_t count)
+ 	char *buf = val;
+ 	int ret;
+ 
+-#if BOFH_KEY_PRESENT
+-	if (off < 0x0600) {
+-		/* We need to protect BD, PD and licenses which are at
+-			offsets below 0x600. Partition table and
+-			serdes config above 0x600 can be written by
+-			any process. */
+-		if (!current->is_signed) {
+-			if (off == 0)
+-				printk(KERN_ERR "current process is not "
+-				       "authorized to access eeprom\n");
+-			return -EPERM;
+-		}
+-	}
+-#endif
+-
+ 	at24 = priv;
+ 	dev = at24_base_client_dev(at24);
+ 
+diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
+index e9aad942370c..04c4aa7a1df2 100644
+--- a/fs/binfmt_elf.c
++++ b/fs/binfmt_elf.c
+@@ -49,13 +49,6 @@
+ #include <asm/param.h>
+ #include <asm/page.h>
+ 
+-#include <bofh-key.h>
+-#if BOFH_KEY_PRESENT
+-#include <linux/digsig.h>
+-#include <linux/crypto.h>
+-#include <crypto/hash.h>
+-#include <crypto/public_key.h>
+-#endif /* BOFH_KEY_PRESENT */
+ #ifndef ELF_COMPAT
+ #define ELF_COMPAT 0
+ #endif
+@@ -112,386 +105,6 @@ static struct linux_binfmt elf_format = {
+ 	.min_coredump	= ELF_EXEC_PAGESIZE,
+ };
+ 
+-/* ELF signature verification related stuff */
+-#if BOFH_KEY_PRESENT
+-extern const struct public_key * request_bofh_key (const char *signer, size_t signer_len,
+-                                                   const u8 *key_id, size_t key_id_len);
+-
+-struct elf_sig_info {
+-	/* Note: currently algo, hash and id_type are meaningless magic numbers */
+-	u8 algo;       		/* public-key crypto algorithm [enum pkey_algo] */
+-	u8 hash;       		/* digest algorithm [enum pkey_hash_algo] */
+-	u8 id_type;    		/* key identifier type [enum pkey_id_type] */
+-	u8 signer_len; 		/* length of signer's name */
+-	u8 key_id_len; 		/* length of key identifier */
+-	u8 __pad[3];		/* padding */
+-	__be32 sig_len;    	/* length of signature data */
+-};
+-
+-struct elf_sig_data {
+-	struct shash_desc *desc;
+-	const struct public_key *pubkey;
+-	struct public_key_signature pks;
+-};
+-
+-static int esd_shash_init(struct elf_sig_data *esd)
+-{
+-    struct shash_desc *desc;
+-    struct crypto_shash *tfm;
+-    size_t digest_size, desc_size;
+-    char *digest;
+-    int ret;
+-
+-    tfm = crypto_alloc_shash(esd->pks.hash_algo, 0, 0);
+-    if (IS_ERR(tfm)) {
+-        ret = PTR_ERR(tfm);
+-        return (ret == -ENOENT ? -ENOPKG : ret);
+-    }
+-
+-    desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
+-    digest_size = crypto_shash_digestsize(tfm);
+-
+-    desc = kzalloc(desc_size, GFP_KERNEL);
+-    if (!desc) {
+-        ret = -ENOMEM;
+-        goto out_free_tfm;
+-    }
+-
+-    digest = kzalloc(digest_size, GFP_KERNEL);
+-    if (!digest) {
+-        ret = -ENOMEM;
+-        goto out_free_desc;
+-    }
+-
+-    desc->tfm   = tfm;
+-
+-    ret = crypto_shash_init(desc);
+-    if (ret < 0) {
+-        goto out_free_digest;
+-    }
+-
+-    esd->desc = desc;
+-    esd->pks.digest = digest;
+-    esd->pks.digest_size = digest_size;
+-
+-    return 0;
+-
+-out_free_digest:
+-    kfree(digest);
+-out_free_desc:
+-    kfree(desc);
+-out_free_tfm:
+-    crypto_free_shash(tfm);
+-    return ret;
+-}
+-
+-static struct elf_sig_data *
+-elf_parse_binary_signature(struct elfhdr *ehdr, struct file *file)
+-{
+-	loff_t rem_file_sz, file_sz;
+-	loff_t offset;
+-	struct elf_sig_data *esd;
+-	struct elf_sig_info *esi;
+-	int retval, i;
+-	char *sig;
+-	size_t sig_len;
+-	struct elf_shdr *elf_shtable, *elf_spnt, *elf_shstrpnt;
+-	unsigned int sig_info_sz, shtable_sz;
+-	uint16_t shstrndx;
+-	bool found_sig_section = false;
+-	void *signer_name, *key_id;
+-
+-	if (!ehdr->e_shnum) return NULL;
+-
+-	if (ehdr->e_shstrndx == SHN_UNDEF) return NULL;
+-
+-	/* Read in elf section table */
+-	file_sz = i_size_read(file->f_path.dentry->d_inode);
+-	shtable_sz = ehdr->e_shnum * sizeof(struct elf_shdr);
+-	elf_shtable = kmalloc(shtable_sz, GFP_KERNEL);
+-	if (!elf_shtable) return ERR_PTR(-ENOMEM);
+-
+-	offset = ehdr->e_shoff;
+-	retval = kernel_read(file, (char *)elf_shtable, shtable_sz, &offset);
+-	if (retval != shtable_sz) {
+-		if (retval >= 0) retval = -EIO;
+-		goto out_free_shtable;
+-	}
+-
+-	if (ehdr->e_shstrndx == 0xffff)
+-		shstrndx = elf_shtable[0].sh_link;
+-	else
+-		shstrndx = ehdr->e_shstrndx;
+-
+-	if (shstrndx >= ehdr->e_shnum) {
+-		retval = -EINVAL;
+-		goto out_free_shtable;
+-	}
+-
+-	elf_shstrpnt = elf_shtable + shstrndx;
+-	elf_spnt = elf_shtable;
+-
+-	/* Scan for section with name ".signature" */
+-	for (i = 0; i < ehdr->e_shnum; i++) {
+-		char sec_name[11];
+-		offset = elf_shstrpnt->sh_offset + elf_spnt->sh_name;
+-		retval = kernel_read(file, sec_name, sizeof(sec_name), &offset);
+-		if (retval != 11) {
+-			if (retval >= 0) retval = -EIO;
+-			goto out_free_shtable;
+-		}
+-		if (!strcmp(sec_name, ".signature")) {
+-			found_sig_section = true;
+-			break;
+-		}
+-		elf_spnt++;
+-	}
+-
+-	if (!found_sig_section) {
+-		/* File is not signed */
+-		retval = 0;
+-		goto out_free_shtable;
+-	}
+-
+-	esi = kzalloc(sizeof(struct elf_sig_info), GFP_KERNEL);
+-	if (!esi) {
+-		retval = -ENOMEM;
+-		goto out_free_shtable;
+-	}
+-
+-	esd = kzalloc(sizeof(struct elf_sig_data), GFP_KERNEL);
+-	if (!esd) {
+-		retval = -ENOMEM;
+-		goto out_free_esi;
+-	}
+-
+-	/* Read in sig info */
+-	sig_info_sz = sizeof(struct elf_sig_info);
+-
+-	offset = elf_spnt->sh_offset + elf_spnt->sh_size - sig_info_sz;
+-	rem_file_sz = file_sz - sig_info_sz;
+-	retval = kernel_read(file, (char *)esi, sig_info_sz, &offset);
+-	offset -= sig_info_sz;
+-	if (retval != sig_info_sz) {
+-		if (retval >= 0) retval = -EIO;
+-		goto out_free_esd;
+-	}
+-
+-	sig_len = be32_to_cpu(esi->sig_len);
+-	if (sig_len >= rem_file_sz) {
+-		retval = -EBADMSG;
+-		goto out_free_esd;
+-	}
+-	rem_file_sz -= sig_len;
+-
+-	if ((size_t)esi->signer_len + esi->key_id_len >= rem_file_sz) {
+-		retval = -EBADMSG;
+-		goto out_free_esd;
+-	}
+-
+-	rem_file_sz -= ((size_t)esi->signer_len + esi->key_id_len);
+-
+-	if (esi->algo != BOFH_KEY_PKEY_ALGO) {
+-		printk(KERN_ERR "invalid pkey algo %d\n", esi->algo);
+-		retval = -ENOPKG;
+-		goto out_free_esd;
+-	}
+-	if (esi->id_type != BOFH_KEY_ID_TYPE) {
+-		printk(KERN_ERR "invalid key id type %d\n", esi->id_type);
+-		retval = -ENOPKG;
+-		goto out_free_esd;
+-	}
+-	if (esi->hash != BOFH_KEY_HASH_ALGO) {
+-		printk(KERN_ERR "invalid hash algo %d\n", esi->hash);
+-		retval = -ENOPKG;
+-		goto out_free_esd;
+-	}
+-
+-	/* Read in signature */
+-	sig = kzalloc(sig_len, GFP_KERNEL);
+-	if (!sig) {
+-		retval = -ENOMEM;
+-		goto out_free_esd;
+-	}
+-
+-	offset = offset - sig_len;
+-	retval = kernel_read(file, sig, sig_len, &offset);
+-	offset -= sig_len;
+-	if (retval != sig_len) {
+-		if (retval >= 0) retval = -EIO;
+-		goto out_free_sig;
+-	}
+-
+-	/* siglen is stored in first 2 bytes */
+-	if ((sig_len - sizeof(uint16_t)) != __be16_to_cpu(*((uint16_t *) sig))) {
+-		retval = -EIO;
+-		goto out_free_sig;
+-	}
+-
+-	/* Read in skid */
+-	key_id = kzalloc(esi->key_id_len, GFP_KERNEL);
+-	if (!key_id) {
+-		retval = -ENOMEM;
+-		goto out_free_sig;
+-	}
+-
+-	offset = offset - esi->key_id_len;
+-	retval = kernel_read(file, key_id, esi->key_id_len, &offset);
+-	offset -= esi->key_id_len;
+-	if (retval != esi->key_id_len) {
+-		if (retval >= 0) retval = -EIO;
+-		goto out_free_key_id;
+-	}
+-
+-	/* Read in signer_name */
+-	signer_name = kzalloc(esi->signer_len, GFP_KERNEL);
+-	if (!signer_name) {
+-		retval = -ENOMEM;
+-		goto out_free_key_id;
+-	}
+-
+-	offset = offset - esi->signer_len;
+-	retval = kernel_read(file, signer_name, esi->signer_len, &offset);
+-	if (retval != esi->signer_len) {
+-		if (retval >= 0) retval = -EIO;
+-		goto out_free_signer_name;
+-	}
+-
+-	/* obtain bofh's public key */
+-	esd->pubkey = request_bofh_key(signer_name, esi->signer_len,
+-								   key_id, esi->key_id_len);
+-	if (!esd->pubkey) {
+-		printk(KERN_ERR "could not request bofh key\n");
+-		retval = -EIO;
+-		goto out_free_signer_name;
+-	}
+-
+-	/* construct public key signature */
+-	esd->pks.pkey_algo = BOFH_KEY_PKEY_ALGO_STR;
+-	esd->pks.hash_algo = BOFH_KEY_HASH_ALGO_STR;
+-	/* siglen is stored in first 2 bytes */
+-	esd->pks.s = sig + sizeof(uint16_t);
+-	esd->pks.s_size = sig_len - sizeof(uint16_t);
+-
+-	retval = esd_shash_init(esd);
+-	if (retval < 0)
+-		goto out_free_signer_name;
+-
+-	kfree(elf_shtable);
+-	kfree(signer_name);
+-	kfree(key_id);
+-	kfree(esi);
+-
+-	return esd;
+-
+-out_free_signer_name:
+-	kfree(signer_name);
+-out_free_key_id:
+-	kfree(key_id);
+-out_free_sig:
+-	kfree(sig);
+-out_free_esd:
+-	kfree(esd);
+-out_free_esi:
+-	kfree(esi);
+-out_free_shtable:
+-	kfree(elf_shtable);
+-	return ERR_PTR(retval);
+-}
+-
+-static void free_elf_sig_data (struct elf_sig_data *esd)
+-{
+-	if (!esd) return;
+-
+-	if (esd->desc && esd->desc->tfm)
+-	   crypto_free_shash(esd->desc->tfm);
+-
+-	if (esd->desc)
+-	   kfree(esd->desc);
+-
+-        kfree(esd);
+-}
+-
+-static void elf_digest_first_phdr (struct elfhdr *elfhdr,
+-       struct elf_phdr *elf_ppnt, struct elf_sig_data *esd,
+-       unsigned long map_addr)
+-{
+-	unsigned int off_e_shoff = offsetof(struct elfhdr, e_shoff);
+-	unsigned int off_e_flags = offsetof(struct elfhdr, e_flags);
+-	unsigned int off_e_shnum = offsetof(struct elfhdr, e_shnum);
+-
+-	/*
+-	 * If elf header is mapped in first segment, execlude e_shoff, e_shnum
+-	 * and e_shstrndx from digest calculation as this can change when
+-	 * signature section is added or executable is stripped after
+-	 * signing.
+-	 */
+-
+-	if (!elf_ppnt->p_offset) {
+-		/* ELF header is mapped into first PT_LOAD segment */
+-		unsigned long sz = off_e_shoff;
+-
+-		crypto_shash_update(esd->desc, (u8*)map_addr, sz);
+-
+-		/* Digest e_flags to e_shentsize */
+-		sz = off_e_shnum - off_e_flags;
+-
+-		crypto_shash_update(esd->desc, (u8*)map_addr + off_e_flags, sz);
+-
+-		/* Digest rest of the segment */
+-		crypto_shash_update(esd->desc, (u8*)map_addr + elfhdr->e_ehsize,
+-				    elf_ppnt->p_filesz - elfhdr->e_ehsize);
+-	} else {
+-		/* Digest full segment */
+-		crypto_shash_update(esd->desc, (u8*)map_addr,
+-				    elf_ppnt->p_filesz);
+-	}
+-}
+-
+-static void elf_digest_phdr (struct elfhdr *ehdr, struct elf_phdr *phdr,
+-           struct elf_sig_data *esd, unsigned long map_addr,
+-           bool first_phdr)
+-{
+-	/*
+-	 * Note: we get unhandled page domain fault (0x01b) while reading
+-	 * map_addr if CONFIG_CPU_SW_DOMAIN_PAN=y.
+-	 * Currently CONFIG_CPU_SW_DOMAIN_PAN is not set.
+-	 */
+-
+-	/*
+-	* If phdr->p_vaddr is not aligned, then elf_map() will map
+-	* at aligned address. Take that into account
+-	*/
+-	map_addr = map_addr + ELF_PAGEOFFSET(phdr->p_vaddr);
+-
+-	if (first_phdr) {
+-		elf_digest_first_phdr(ehdr, phdr, esd, map_addr);
+-	} else {
+-		crypto_shash_update(esd->desc, (u8*)map_addr, phdr->p_filesz);
+-	}
+-}
+-
+-static int elf_finalize_digest_verify_signature (struct elf_sig_data *esd)
+-{
+-	int retval = -1;;
+-
+-	retval = crypto_shash_final(esd->desc, (u8*)esd->pks.digest);
+-	if (retval < 0) return retval;
+-
+-	retval = public_key_verify_signature((const struct public_key *) esd->pubkey,
+-								  (const struct public_key_signature *) &esd->pks);
+-	if (retval < 0) {
+-			printk(KERN_ERR "RSA_verify_signature returns %d\n", retval);
+-			goto out;
+-	}
+-
+-	retval = 0;
+-out:
+-	return retval;
+-}
+-
+-#endif /* BOFH_KEY_PRESENT */
+-
+ #define BAD_ADDR(x) (unlikely((unsigned long)(x) >= TASK_SIZE))
+ 
+ static int set_brk(unsigned long start, unsigned long end, int prot)
+@@ -1227,11 +840,6 @@ static int load_elf_binary(struct linux_binprm *bprm)
+ 	struct mm_struct *mm;
+ 	struct pt_regs *regs;
+ 
+-#if BOFH_KEY_PRESENT
+-	struct elf_sig_data *esd = NULL;
+-	bool first_signed_phdr = true;
+-#endif
+-
+ 	retval = -ENOEXEC;
+ 	/* First of all, some simple consistency checks */
+ 	if (memcmp(elf_ex->e_ident, ELFMAG, SELFMAG) != 0)
+@@ -1417,18 +1025,6 @@ static int load_elf_binary(struct linux_binprm *bprm)
+ 	start_data = 0;
+ 	end_data = 0;
+ 
+-#if BOFH_KEY_PRESENT
+-	esd = elf_parse_binary_signature(elf_ex, bprm->file);
+-	if (IS_ERR(esd)) {
+-		printk(KERN_ERR "could not verify signature of %s\n",
+-						bprm->filename);
+-		retval = PTR_ERR(esd);
+-		send_sig(SIGKILL, current, 0);
+-		esd = NULL;
+-		goto out_free_dentry;
+-	}
+-#endif
+-
+ 	/* Now we do a little grungy work by mmapping the ELF image into
+ 	   the correct location in memory. */
+ 	for(i = 0, elf_ppnt = elf_phdata;
+@@ -1557,15 +1153,6 @@ static int load_elf_binary(struct linux_binprm *bprm)
+ 				reloc_func_desc = load_bias;
+ 			}
+ 		}
+-
+-#if BOFH_KEY_PRESENT
+-		/* Calculate digest of PT_LOAD segments */
+-		if (esd) {
+-			elf_digest_phdr(elf_ex, elf_ppnt, esd, error, first_signed_phdr);
+-			first_signed_phdr = false;
+-		}
+-#endif
+-
+ 		k = elf_ppnt->p_vaddr;
+ 		if ((elf_ppnt->p_flags & PF_X) && k < start_code)
+ 			start_code = k;
+@@ -1600,23 +1187,6 @@ static int load_elf_binary(struct linux_binprm *bprm)
+ 		}
+ 	}
+ 
+-#if BOFH_KEY_PRESENT
+-	if (esd) {
+-		/* Finalize digest and do signature verification */
+-		retval = elf_finalize_digest_verify_signature(esd);
+-		if (retval < 0) {
+-			printk(KERN_ERR "unable to verify ELF signature of %s\n",
+-							 bprm->filename);
+-			send_sig(SIGKILL, current, 0);
+-			goto out_free_dentry;
+-		} else {
+-			printk(KERN_DEBUG "verified ELF signature of %s\n",
+-							  bprm->filename);
+-			current->is_signed = 1;
+-		}
+-	}
+-#endif
+-
+ 	e_entry = elf_ex->e_entry + load_bias;
+ 	elf_bss += load_bias;
+ 	elf_brk += load_bias;
+@@ -1740,9 +1310,6 @@ static int load_elf_binary(struct linux_binprm *bprm)
+ 	start_thread(regs, elf_entry, bprm->p);
+ 	retval = 0;
+ out:
+-#if BOFH_KEY_PRESENT
+-	if (esd) free_elf_sig_data(esd);
+-#endif
+ 	return retval;
+ 
+ 	/* error cleanup */
diff --git a/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw/bd-key.h b/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw/bd-key.h
deleted file mode 100644
index c05a5eb..0000000
--- a/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw/bd-key.h
+++ /dev/null
@@ -1,6 +0,0 @@
-#ifndef _BD_KEY_H
-#define _BD_KEY_H
-
-static const unsigned char BD_KEY[] = { 0xa1, 0x73, 0x17, 0x9a, 0x5e, 0xf4, 0x42, 0xb9, 0xae, 0x8c,
-                                       0xa3, 0xcd, 0x75, 0x63, 0xd3, 0x91, 0x4f, 0x11, 0xf1, 0x7b};
-#endif
diff --git a/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw/bofh-key.h b/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw/bofh-key.h
deleted file mode 100644
index 89944fa..0000000
--- a/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw/bofh-key.h
+++ /dev/null
@@ -1,7 +0,0 @@
-#ifndef _BOFH_KEY
-#define _BOFH_KEY
-
-#define BOFH_KEY_PRESENT      0
-#warning bofh key is missing
-
-#endif
diff --git a/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw/conf/netbird_defconfig b/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw/conf/netbird_defconfig
index 8230797..3bc7c68 100644
--- a/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw/conf/netbird_defconfig
+++ b/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw/conf/netbird_defconfig
@@ -4041,7 +4041,6 @@ CONFIG_CRYPTO_JITTERENTROPY=y
 # CONFIG_CRYPTO_USER_API_RNG is not set
 # CONFIG_CRYPTO_USER_API_AEAD is not set
 CONFIG_CRYPTO_HASH_INFO=y
-CONFIG_BOFH_KEY=y
 
 #
 # Crypto library routines
@@ -4072,8 +4071,8 @@ CONFIG_PKCS7_MESSAGE_PARSER=y
 #
 # Certificates for signature checking
 #
-CONFIG_SYSTEM_TRUSTED_KEYRING=y
-CONFIG_SYSTEM_TRUSTED_KEYS="certs/firmware_signing.pem"
+# CONFIG_SYSTEM_TRUSTED_KEYRING is not set
+# CONFIG_SYSTEM_TRUSTED_KEYS is not set
 # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
 # CONFIG_SECONDARY_TRUSTED_KEYRING is not set
 # CONFIG_SYSTEM_BLACKLIST_KEYRING is not set
diff --git a/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw/conf/netbolt_defconfig b/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw/conf/netbolt_defconfig
index 0afd871..4ffa3be 100644
--- a/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw/conf/netbolt_defconfig
+++ b/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw/conf/netbolt_defconfig
@@ -4390,7 +4390,6 @@ CONFIG_CRYPTO_JITTERENTROPY=y
 # CONFIG_CRYPTO_USER_API_RNG is not set
 # CONFIG_CRYPTO_USER_API_AEAD is not set
 CONFIG_CRYPTO_HASH_INFO=y
-CONFIG_BOFH_KEY=y
 
 #
 # Crypto library routines
@@ -4423,8 +4422,8 @@ CONFIG_PKCS7_MESSAGE_PARSER=y
 #
 # Certificates for signature checking
 #
-CONFIG_SYSTEM_TRUSTED_KEYRING=y
-CONFIG_SYSTEM_TRUSTED_KEYS="certs/firmware_signing.pem"
+# CONFIG_SYSTEM_TRUSTED_KEYRING is not set
+# CONFIG_SYSTEM_TRUSTED_KEYS is not set
 # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
 # CONFIG_SECONDARY_TRUSTED_KEYRING is not set
 # CONFIG_SYSTEM_BLACKLIST_KEYRING is not set
diff --git a/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw/license-key.h b/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw/license-key.h
deleted file mode 100644
index de6c726..0000000
--- a/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw/license-key.h
+++ /dev/null
@@ -1,48 +0,0 @@
-#ifndef _LICENSE_KEY_H
-#define _LICENSE_KEY_H
-
-#define HMAC_KEY_SIZE             20
-#define SHA1_DIGEST_SIZE          20
-#define MOD_LENGTH                1536
-
-/* RSA public key */
-
-static
-unsigned char rsa1536E[MOD_LENGTH/8] =
-{
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01,
-} ;
-
-static
-unsigned char rsa1536N[MOD_LENGTH/8] =
-{
-    0xA1, 0xFD, 0x5A, 0xC5, 0x77, 0xB8, 0xCC, 0x20, 0xFC, 0x80, 0xC2, 0xF0, 0xBD, 0x6F, 0x6F, 0x4A,
-    0xEC, 0x70, 0xEE, 0x18, 0xBD, 0x6C, 0x07, 0xBB, 0xD6, 0x57, 0xE2, 0xE7, 0x3F, 0x2D, 0x51, 0x6D,
-    0x9B, 0x76, 0xD7, 0x93, 0xCC, 0x1B, 0x7B, 0x38, 0x2F, 0x10, 0xEC, 0xAD, 0x3A, 0x79, 0x0C, 0xC6,
-    0x74, 0x76, 0x93, 0x13, 0x6A, 0x20, 0xD9, 0xEB, 0x5B, 0x3C, 0x47, 0xB7, 0xCA, 0xAA, 0xFF, 0x7B,
-    0x7F, 0x5A, 0x7D, 0xEE, 0xA3, 0x0B, 0xA0, 0x57, 0xB4, 0xB8, 0x77, 0xE9, 0xAD, 0x6D, 0xE8, 0xF7,
-    0xF8, 0x2F, 0xE7, 0x49, 0xE5, 0x17, 0xBB, 0x7D, 0x5A, 0x6D, 0xF2, 0xD8, 0x1B, 0x01, 0x51, 0xB1,
-    0x63, 0x48, 0xC1, 0x9E, 0x74, 0xE6, 0x64, 0xB1, 0x9C, 0xC9, 0xFC, 0x75, 0x73, 0x9F, 0x61, 0x89,
-    0xE1, 0x10, 0x88, 0xFF, 0x90, 0x53, 0xE6, 0x4A, 0x41, 0x63, 0x01, 0x60, 0x2F, 0x85, 0x93, 0xAC,
-    0x1A, 0x68, 0xAA, 0x8D, 0xBD, 0x31, 0x70, 0xF7, 0x48, 0x5B, 0xFF, 0x44, 0xC9, 0x63, 0xDC, 0xE4,
-    0x25, 0x5E, 0xBA, 0xD5, 0x3E, 0x11, 0x55, 0xF4, 0x41, 0x58, 0xCF, 0xB3, 0x8A, 0x7A, 0x2B, 0xC3,
-    0xA7, 0x07, 0x47, 0xAA, 0x88, 0x44, 0x18, 0x5C, 0x8B, 0x88, 0x64, 0x39, 0x07, 0xC4, 0xD1, 0x82,
-    0x62, 0xA7, 0xDB, 0x9A, 0x53, 0x4D, 0xB9, 0x36, 0x69, 0x72, 0x01, 0x75, 0x88, 0x40, 0xD5, 0xF5,
-} ;
-
-static char checksumKey[HMAC_KEY_SIZE] = {0x17, 0x5e, 0x73, 0x42, 0xb9, 0xae, 0x11, 0xcd, 0x91, 0xa3,
-                                          0x9a, 0xf4, 0x8c, 0xa1, 0x7b, 0x4f, 0x63, 0xf1, 0x75, 0xd3};
-
-#endif
-
diff --git a/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw/verify_config_merge_log.py b/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw/verify_config_merge_log.py
deleted file mode 100755
index dcf088c..0000000
--- a/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw/verify_config_merge_log.py
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/usr/bin/python3
-
-def config_merge_log_is_ok(log_file):
-    import re
-    str1_pattern = re.compile("^Value requested for (.*) not in final \.config")
-    requested_pattern = re.compile("^Requested value:  (.*)$")
-    actual_pattern = re.compile("^Actual value:     (.*)$")
-    is_not_set_pattern = re.compile("^# (.*) is not set$")
-    val, requested = None, None
-    with open(log_file, "r") as f:
-        for line in f:
-            if requested:
-                match = actual_pattern.match(line)
-                if not match:
-                    raise ValueError("Can't determine actual config value")
-                actual = match.group(1)
-                if (not actual) and is_not_set:
-                    val, requested = None, None
-                    continue
-                return False
-            if val:
-                match = requested_pattern.match(line)
-                if not match:
-                    raise ValueError("Can't determine requested config value")
-                requested = match.group(1)
-                match = is_not_set_pattern.match(requested)
-                is_not_set = True if match else False
-                continue
-            if not val:
-                match = str1_pattern.match(line)
-                if not match:
-                    continue
-                val = match.group(1)
-                continue
-    return True
-
-if __name__ == "__main__":
-    import sys
-    try:
-        ret = config_merge_log_is_ok(sys.argv[1])
-    except Exception as err:
-        ret = False
-    if not ret:
-        sys.exit(1)
diff --git a/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw_%.bb b/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw_%.bb
index e986ebe..ab2a7c3 100644
--- a/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw_%.bb
+++ b/layers/meta-netmodule-legacy-bsp/recipes-kernel/linux/linux-nrsw_%.bb
@@ -11,18 +11,13 @@ KERNEL_MODULES_CONF_DIR = "${BPN}/modules"
 require ${KERNEL_MODULES_CONF_DIR}/${DISTRO}.inc
 require ${KERNEL_MODULES_CONF_DIR}/${NM_TARGET}.inc
 
-headers_to_copy = "\
-    bd-key.h \
-    bofh-key.h \
-    license-key.h \
-    "
-
 config = "${@' '.join(['conf/' + f for f in "\
     ${NM_TARGET}_defconfig \
     ".split()])}"
 
 SRC_URI = "git://git.netmodule.intranet/NRSW/nmlinux-kernel.git;protocol=ssh;user=gitea;branch=nmlinux-kernel-upgrade\
-           ${@' '.join(['file://' + f for f in " ${headers_to_copy} ${config} ".split()])} \
+           ${@' '.join(['file://' + f for f in " ${config} ".split()])} \
+           file://0001-remove-nrsw-specific-parts.patch \
            "
 
 SRCREV ?= "${AUTOREV}"
@@ -43,60 +38,6 @@ do_configure:append() {
     if [ "${KERNEL_DEFCONFIG}" != "" ]; then
         oe_runmake ${KERNEL_DEFCONFIG}
     fi
-    re="\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)"
-    NBSW_VERSION_MAJOR=$(echo ${ROOTFS_RELEASE} | sed "s/${re}/\1/")
-    NBSW_VERSION_MINOR=$(echo ${ROOTFS_RELEASE} | sed "s/${re}/\2/")
-    NBSW_VERSION_PATCH=$(echo ${ROOTFS_RELEASE} | sed "s/${re}/\3/")
-    NBSW_VERSION_BUILD=$(echo ${ROOTFS_RELEASE} | sed "s/${re}/\4/")
-
-    cat << EOF > ${S}/include/nbsw.h
-#define NBSW_VERSION_MAJOR      ${NBSW_VERSION_MAJOR}
-#define NBSW_VERSION_MINOR      ${NBSW_VERSION_MINOR}
-#define NBSW_VERSION_PATCH      ${NBSW_VERSION_PATCH}
-#define NBSW_VERSION_BUILD      ${NBSW_VERSION_BUILD}
-#define NBSW_VERSION_DATE       "$(date +%Y%m%d%H%M%S)"
-#define NBSW_PROFILE            "$(echo ${NM_TARGET} | awk '{ print toupper($0) }')"
-#define NBSW_TARGET_${NM_TARGET}_${NM_ARCH}  1
-EOF
-    for f in ${headers_to_copy}; do
-        cp ${WORKDIR}/${f} ${S}/include/
-    done
-    openssl x509 -in ${S}/firmware.crt -outform PEM -out ${S}/certs/firmware_signing.pem
-
-    bbnote "Writing genkey config to ${B}/certs/x509.genkey"
-    mkdir -p ${B}/certs/
-    cat > ${B}/certs/x509.genkey << EOF
-[ req ]
-default_bits = 2048
-distinguished_name = req_distinguished_name
-prompt = no
-string_mask = utf8only
-x509_extensions = myexts
- 
-[ req_distinguished_name ]
-O = ${VENDOR_NAME} ${VENDOR_EXT}
-L = ${VENDOR_LOCATION}
-CN = ${PRODUCT} signing key
-emailAddress = ${VENDOR_EMAIL}
- 
-[ myexts ]
-basicConstraints=critical,CA:FALSE
-keyUsage=digitalSignature
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid
- 
-EOF
-
-    # install BOFH key, if available
-    PROFILE=$(echo "${NM_TARGET}" | tr '[:lower:]' '[:upper:]')
-    BOFH_CERT="${BOFH_KEY_PATH}/public/bofhkey-${PROFILE}.pub.crt"
-    if [ -r "$BOFH_CERT" ] ; then
-        BOFH_KEY_FILE="${S}/include/bofh-key.h"
-        GENBOFHKEY="genbofhkey"
-        if ! $GENBOFHKEY -c $BOFH_CERT -o $BOFH_KEY_FILE; then
-            bbfatal_log "unable to add bofh key"
-        fi
-    fi
 }
 
 FILES_${KERNEL_PACKAGE_NAME}-image += "${KERNEL_IMAGEDEST}/kernel.bin"