diff --git a/flake.nix b/flake.nix
index 2655ff0..776919f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -15,30 +15,44 @@
     flake-utils.lib.eachDefaultSystem (
       system:
       let
-        pkgs = import nixpkgs { inherit system; };
-        patosPkgs = self.packages.${system};
         version = "0.0.1";
         secureBoot = "false";
         cpuArch = "intel";
         updateUrl = "http://10.0.2.2:8000/";
+
+        overlay = final: prev: {
+          patos = prev.lib.makeScope prev.newScope (self: {
+            kernel = final.callPackage ./pkgs/kernel { };
+            glibc = final.callPackage ./pkgs/glibc { };
+            busybox = final.callPackage ./pkgs/busybox { };
+            openssl = final.callPackage ./pkgs/openssl { };
+            kexec = final.callPackage ./pkgs/kexec-tools { };
+            lvm2 = final.callPackage ./pkgs/lvm2 { };
+            tpm2-tools = final.callPackage ./pkgs/tpm2-tools { };
+            tpm2-tss = final.callPackage ./pkgs/tpm2-tss { };
+            systemd = final.callPackage ./pkgs/systemd { };
+            dbus-broker = final.callPackage ./pkgs/dbus-broker { };
+
+            rootfs = final.callPackage ./pkgs/rootfs/mkrootfs.nix { inherit version; };
+            initrd = final.callPackage ./pkgs/rootfs/mkinitrd.nix { inherit version; };
+          });
+        };
+
+        pkgs = import nixpkgs { inherit system; overlays = [ overlay ]; };
+        pkgsCross = import nixpkgs {
+          inherit system;
+          overlays = [ overlay ];
+          crossSystem = {
+            config = "aarch64-unknown-linux-gnu";
+          };
+        };
       in
       {
         packages = {
-          default = patosPkgs.image;
-          image = pkgs.callPackage ./pkgs/image { inherit patosPkgs version updateUrl cpuArch secureBoot; };
-          rootfs = pkgs.callPackage ./pkgs/rootfs/mkrootfs.nix { inherit patosPkgs version; };
-          initrd = pkgs.callPackage ./pkgs/rootfs/mkinitrd.nix { inherit patosPkgs version; };
-          kernel = pkgs.callPackage ./pkgs/kernel { };
-          glibc = pkgs.callPackage ./pkgs/glibc { };
-          busybox = pkgs.callPackage ./pkgs/busybox { };
-          openssl = pkgs.callPackage ./pkgs/openssl { };
-          cert = pkgs.callPackage ./pkgs/cert { };
-          kexec = pkgs.callPackage ./pkgs/kexec-tools { };
-          lvm2 = pkgs.callPackage ./pkgs/lvm2 { };
-          tpm2-tools = pkgs.callPackage ./pkgs/tpm2-tools { inherit patosPkgs; };
-          tpm2-tss = pkgs.callPackage ./pkgs/tpm2-tss { };
-          systemd = pkgs.callPackage ./pkgs/systemd { };
-          dbus-broker = pkgs.callPackage ./pkgs/dbus-broker { };
+          default = self.packages.${system}.image;
+
+          image = pkgs.callPackage ./pkgs/image { inherit version updateUrl cpuArch secureBoot; };
+          image-aarch64 = pkgsCross.callPackage ./pkgs/image { inherit version updateUrl cpuArch secureBoot; };
 
           qemu-uefi-tpm = pkgs.callPackage ./utils/qemu-uefi-tpm.nix { };
 
@@ -81,9 +95,9 @@
               { drv = pkgs.util-linuxMinimal.mount; path = "bin/"; }
               { drv = pkgs.util-linuxMinimal.login; path = "bin/"; }
               { drv = pkgs.util-linuxMinimal.swap; path = "bin/"; }
-              { drv = patosPkgs.glibc; path = "bin/ldd"; }
-              { drv = patosPkgs.tpm2-tools; path = "bin/tpm2"; }
-              { drv = patosPkgs.openssl; path = "bin/openssl"; }
+              { drv = pkgs.patos.glibc; path = "bin/ldd"; }
+              { drv = pkgs.patos.tpm2-tools; path = "bin/tpm2"; }
+              { drv = pkgs.patos.openssl; path = "bin/openssl"; }
               # shared lib required for mkfs.erofs
               { drv = pkgs.lz4.lib; path = "lib/"; }
               # shared lib required for cryptsetup
@@ -111,7 +125,7 @@
             just
             nixd
             nixfmt-rfc-style
-            patosPkgs.qemu-uefi-tpm
+            self.packages.${system}.qemu-uefi-tpm
           ];
         };
 
diff --git a/pkgs/image/default.nix b/pkgs/image/default.nix
index 86c3708..d9205f3 100644
--- a/pkgs/image/default.nix
+++ b/pkgs/image/default.nix
@@ -1,7 +1,6 @@
 {
   lib,
   pkgs,
-  patosPkgs,
   version,
   runCommand,
   updateUrl,
@@ -37,13 +36,13 @@ mkdir -p $out/init.repart.d $out/final.repart.d
 pushd $out
 
 mkdir rootfs
-cp -prP ${patosPkgs.rootfs}/* rootfs/
+cp -prP ${pkgs.patos.rootfs}/* rootfs/
 find rootfs/ -type d -exec chmod 755 {} \;
 
 # package kernel modules as sysext (will reduce the image size a little bit (~3MB))
 mkdir rootfs/etc/extensions
 rm -rf rootfs/usr/lib/modules
-cp ${patosPkgs.kernel}/patos-kernel-modules* rootfs/etc/extensions/
+cp ${pkgs.patos.kernel}/patos-kernel-modules* rootfs/etc/extensions/
 
 # set default target to multi-user
 ln -sf multi-user.target rootfs/usr/lib/systemd/system/default.target
@@ -160,7 +159,7 @@ EOF
 
 #TODO: Add verity signature partition
 
-${patosPkgs.systemd}/usr/bin/systemd-repart \
+${pkgs.patos.systemd}/usr/bin/systemd-repart \
   --no-pager \
   --empty=create \
   --size=auto \
@@ -182,16 +181,16 @@ verityUuid=$(jq -r '.[1].uuid' init-repart-output.json)
 ln -sf patos_$version.verity.raw patos_${version}_$verityUuid.verity
 ln -sf patos_$version.root.raw patos_${version}_$rootUuid.root
 
-${patosPkgs.systemd}/usr/bin/ukify build \
-  --linux ${patosPkgs.kernel}/bzImage \
-  --initrd ${patosPkgs.initrd}/initrd.xz \
+${pkgs.patos.systemd}/usr/bin/ukify build \
+  --linux ${pkgs.patos.kernel}/bzImage \
+  --initrd ${pkgs.patos.initrd}/initrd.xz \
   $microcode \
   --os-release @rootfs/etc/os-release \
   --cmdline "$kernelCmdLine roothash=$roothash" \
   -o patos_${version}.efi
 
 # install ESP
-SYSTEMD_RELAX_ESP_CHECKS=1 ${patosPkgs.systemd}/usr/bin/bootctl install --root ./rootfs --esp-path /boot
+SYSTEMD_RELAX_ESP_CHECKS=1 ${pkgs.patos.systemd}/usr/bin/bootctl install --root ./rootfs --esp-path /boot
 
 # setup factory reset
 mkdir -p rootfs/boot/EFI/tools
@@ -245,14 +244,14 @@ ReadOnly=1
 EOF
 
 # finalize image ready for boot
-${patosPkgs.systemd}/usr/bin/systemd-repart \
+${pkgs.patos.systemd}/usr/bin/systemd-repart \
   --no-pager \
   --empty=create \
   --size=auto \
   --definitions=./final.repart.d \
   patos_${version}.img > final-repart-output.json
 
-rm -rf rootfs init.repart.d final.repart.d *.json
+rm -rf init.repart.d final.repart.d *.json
 sha256sum *.root *.verity *.efi *.tar.xz > SHA256SUMS
 
 popd
diff --git a/pkgs/rootfs/mkinitrd.nix b/pkgs/rootfs/mkinitrd.nix
index c46ed9d..cdbfe11 100644
--- a/pkgs/rootfs/mkinitrd.nix
+++ b/pkgs/rootfs/mkinitrd.nix
@@ -1,6 +1,5 @@
 {
   pkgs,
-  patosPkgs,
   runCommand,
   ...
 }:
@@ -21,7 +20,7 @@ mkdir -p $out/root
 pushd $out/root
 
 ### copy rootfs
-cp -prP ${patosPkgs.rootfs}/* .
+cp -prP ${pkgs.patos.rootfs}/* .
 find . -type d -exec chmod 755 {} \;
 mkdir sysroot
 
diff --git a/pkgs/rootfs/mkrootfs.nix b/pkgs/rootfs/mkrootfs.nix
index 4818478..ed34662 100644
--- a/pkgs/rootfs/mkrootfs.nix
+++ b/pkgs/rootfs/mkrootfs.nix
@@ -1,6 +1,5 @@
 {
   pkgs,
-  patosPkgs,
   version,
   runCommand,
 }:
@@ -32,7 +31,7 @@ ln -sf /tmp $out/var/tmp
 ln -sf ../proc/self/mounts $out/etc/mtab
 
 ### install systemd
-cp -Pr ${patosPkgs.systemd}/* $out/
+cp -Pr ${pkgs.patos.systemd}/* $out/
 find $out -type d -exec chmod 755 {} \;
 rm -rf $out/usr/include
 rm -rf $out/usr/sbin
@@ -137,33 +136,33 @@ ManagerEnvironment=PATH=/bin:/sbin:/usr/bin SYSTEMD_CRYPTTAB=/run/crypttab SYSTE
 EOF
 
 ### install PatOS glibc
-cp -P ${patosPkgs.glibc}/lib/*.so* $out/usr/lib/
+cp -P ${pkgs.patos.glibc}/lib/*.so* $out/usr/lib/
 
 ### install openssl
-cp -P ${patosPkgs.openssl}/lib/*.so* $out/usr/lib/
-cp -Pr ${patosPkgs.openssl}/etc/ssl $out/etc/
+cp -P ${pkgs.patos.openssl}/lib/*.so* $out/usr/lib/
+cp -Pr ${pkgs.patos.openssl}/etc/ssl $out/etc/
 
 ### install busybox
-cp ${patosPkgs.busybox}/bin/busybox $out/usr/bin/
+cp ${pkgs.patos.busybox}/bin/busybox $out/usr/bin/
 $out/usr/bin/busybox --list | xargs -I {} ln -sf busybox $out/usr/bin/{}
 
 ### install dbus broker
-cp -r ${patosPkgs.dbus-broker}/* $out/
+cp -r ${pkgs.patos.dbus-broker}/* $out/
 
 ### install kexec
-cp -Pr ${patosPkgs.kexec}/sbin/kexec $out/usr/bin/
+cp -Pr ${pkgs.patos.kexec}/sbin/kexec $out/usr/bin/
 
 ### install dmsetup udev rules
-cp -P ${patosPkgs.lvm2}/usr/bin/dmsetup $out/usr/bin/
-cp -P ${patosPkgs.lvm2}/lib/libdevmapper.so* $out/usr/lib/
-cp -P ${patosPkgs.lvm2}/lib/udev/rules.d/* $out/usr/lib/udev/rules.d/
+cp -P ${pkgs.patos.lvm2}/usr/bin/dmsetup $out/usr/bin/
+cp -P ${pkgs.patos.lvm2}/lib/libdevmapper.so* $out/usr/lib/
+cp -P ${pkgs.patos.lvm2}/lib/udev/rules.d/* $out/usr/lib/udev/rules.d/
 
 ### install btrfs progs
 cp -Pr ${pkgs.btrfs-progs}/bin/* $out/usr/bin/
 cp -Pr ${pkgs.btrfs-progs}/lib/* $out/usr/lib/
 
 ### install tpm2 libs
-cp -P ${patosPkgs.tpm2-tss}/lib/*.so* $out/usr/lib/
+cp -P ${pkgs.patos.tpm2-tss}/lib/*.so* $out/usr/lib/
 
 ### install lib kmod
 cp -P ${pkgs.kmod.lib}/lib/*.so* $out/usr/lib/
@@ -194,22 +193,22 @@ ln -sf ../cert.pem $out/etc/ssl/certs/ca-bundle.crt
 rm -rf $out/usr/lib/pkgconfig
 
 # setup default files
-${patosPkgs.systemd}/usr/bin/systemd-hwdb --root=$out --usr update
-${patosPkgs.systemd}/usr/bin/systemd-tmpfiles --root=$out $out/usr/lib/tmpfiles.d/etc.conf --create
+${pkgs.patos.systemd}/usr/bin/systemd-hwdb --root=$out --usr update
+${pkgs.patos.systemd}/usr/bin/systemd-tmpfiles --root=$out $out/usr/lib/tmpfiles.d/etc.conf --create
 cp $out/usr/share/factory/etc/nsswitch.conf $out/etc/
 cp $out/usr/share/factory/etc/locale.conf $out/etc/
 cp $out/usr/share/factory/etc/vconsole.conf $out/etc/
 # install sys users
 mkdir creds
 echo -n ${defaultPassword} > creds/passwd.plaintext-password.root
-CREDENTIALS_DIRECTORY=$PWD/creds SYSTEMD_CRYPT_PREFIX='$6$' ${patosPkgs.systemd}/usr/bin/systemd-sysusers --root=$out rootfs/usr/lib/sysusers.d/*.conf
+CREDENTIALS_DIRECTORY=$PWD/creds SYSTEMD_CRYPT_PREFIX='$6$' ${pkgs.patos.systemd}/usr/bin/systemd-sysusers --root=$out rootfs/usr/lib/sysusers.d/*.conf
 chmod 600 $out/etc/shadow
 rm -rf creds
 
 # Ephemeral machine-id until registration
 # ln -sf /run/machine-id $out/etc/machine-id
 # FIXME: above line does not work in systemd > 257
-${patosPkgs.systemd}/usr/bin/systemd-machine-id-setup --root=$out
+${pkgs.patos.systemd}/usr/bin/systemd-machine-id-setup --root=$out
 
 ### Find and install all shared libs
 find $out -type f -executable -exec ldd {} \; | awk '{print $3}' | \
@@ -219,15 +218,17 @@ find $out -type f -executable -exec ldd {} \; | awk '{print $3}' | \
 find $out -type f -executable -exec chmod 755 {} \;
 
 # patch ELFs
+interpreter=$(patchelf --print-interpreter $out/usr/bin/busybox)
+ldLinux=$(basename $interpreter)
 find $out -type f -executable -exec patchelf --set-rpath /lib:/usr/lib:/usr/lib/systemd:/usr/lib/cryptsetup {} \;
-find $out -type f -executable -exec patchelf --set-interpreter /lib/ld-linux-x86-64.so.2 {} \;
-patchelf --remove-rpath $out/usr/lib/ld-linux-x86-64.so.2
+find $out -type f -executable -exec patchelf --set-interpreter /lib/$ldLinux {} \;
+patchelf --remove-rpath $out/usr/lib/$ldLinux
 
 # strip binaries
 find $out -type f -executable -exec $STRIP {} \;
 find $out -type d -exec chmod 755 {} \;
 
 # install kernel modules
-cp -r ${patosPkgs.kernel}/lib/modules $out/usr/lib/
+cp -r ${pkgs.patos.kernel}/lib/modules $out/usr/lib/
 find $out/usr/lib/modules -type d -exec chmod 755 {} \;
 ''