diff --git a/pkgs/busybox/default.nix b/pkgs/busybox/default.nix
index 571d0cf..e318d8a 100644
--- a/pkgs/busybox/default.nix
+++ b/pkgs/busybox/default.nix
@@ -163,7 +163,7 @@ stdenv.mkDerivation rec {
     CONFIG_TC n
 
     # Set the path for the udhcpc script
-    CONFIG_UDHCPC_DEFAULT_SCRIPT "${outDispatchPath}"
+    CONFIG_UDHCPC_DEFAULT_SCRIPT "/usr/share/busybox/"
 
     ${extraConfig}
     CONFIG_CROSS_COMPILER_PREFIX "${stdenv.cc.targetPrefix}"
@@ -181,15 +181,6 @@ stdenv.mkDerivation rec {
 
   makeFlags = [ "SKIP_STRIP=y" ];
 
-  postInstall = ''
-    sed -e '
-    1 a busybox() { '$out'/bin/busybox "$@"; }\
-    logger() { '$out'/bin/logger "$@"; }\
-    ' ${debianDispatcherScript} > ${outDispatchPath}
-    chmod 555 ${outDispatchPath}
-    HOST_PATH=$out/bin patchShebangs --host ${outDispatchPath}
-  '';
-
   strictDeps = true;
 
   depsBuildBuild = [ buildPackages.stdenv.cc ];
diff --git a/pkgs/rootfs/default.nix b/pkgs/rootfs/default.nix
index 5ac9c6a..4e64ddd 100644
--- a/pkgs/rootfs/default.nix
+++ b/pkgs/rootfs/default.nix
@@ -24,15 +24,12 @@ stdenvNoCC.mkDerivation (finalAttrs: {
   busybox = patosPkgs.busybox.out;
   kmodLibs = pkgs.kmod.lib;
   kmodBin = pkgs.kmod.out;
+  cacert = pkgs.cacert.out;
   libbpf = pkgs.libbpf.out;
   btrfs = pkgs.btrfs-progs.out;
   tpm2Libs = patosPkgs.tpm2-tss.out;
   kexec = patosPkgs.kexec.out;
   lvm2 = patosPkgs.lvm2.out;
-  # FIXME: remove later:
-  tpm2Tools = patosPkgs.tpm2-tools.out;
-  cryptsetup = pkgs.cryptsetup.bin;
-  erofsUtils = pkgs.erofs-utils.out;
 
   builder = ./mkrootfs.sh;
 })
diff --git a/pkgs/rootfs/mkrootfs.sh b/pkgs/rootfs/mkrootfs.sh
index 9d1e621..ad227ad 100644
--- a/pkgs/rootfs/mkrootfs.sh
+++ b/pkgs/rootfs/mkrootfs.sh
@@ -138,26 +138,27 @@ cp -P ${lvm2}/lib/udev/rules.d/* $out/usr/lib/udev/rules.d/
 cp -Pr ${btrfs}/bin/* $out/usr/bin/
 cp -Pr ${btrfs}/lib/* $out/usr/lib/
 
-### install tpm2 tools
-# For TPM debugging
-# cp -P ${tpm2Tools}/bin/* $out/usr/bin/
-# cp -P $cryptsetup/bin/* $out/usr/bin/
+### install tpm2 libs
 cp -P ${tpm2Libs}/lib/*.so* $out/usr/lib/
 
 ### install lib kmod
-cp -P $kmodLibs/lib/* $out/usr/lib
+cp -P $kmodLibs/lib/*.so* $out/usr/lib/
 cp -P $kmodBin/bin/* $out/usr/bin
 
 ### install libbpf
 cp -P $libbpf/lib/libbpf* $out/usr/lib
 
+### install ca cert bundle
+cp -Pr $cacert/etc/ssl $out/etc/
+
 # setup default files
 $systemd/usr/bin/systemd-hwdb --root=$out --usr update
 $systemd/usr/bin/systemd-tmpfiles --root=$out $out/usr/lib/tmpfiles.d/etc.conf --create
 cp $out/usr/share/factory/etc/nsswitch.conf $out/etc/
 cp $out/usr/share/factory/etc/locale.conf $out/etc/
 cp $out/usr/share/factory/etc/vconsole.conf $out/etc/
-#Ephemeral machine-id until registration
+
+# Ephemeral machine-id until registration
 ln -sf /run/machine-id $out/etc/machine-id
 
 # remove pkgconfig
@@ -167,6 +168,7 @@ rm -rf $out/usr/lib/pkgconfig
 find $out -type f -executable -exec ldd {} \; | awk '{print $3}' | \
   grep -v systemd | grep -v glibc | grep -v tpm2 | grep -v devmapper | \
   sort -u | xargs -I {} cp {} $out/usr/lib/
+
 find $out -type f -executable -exec chmod 755 {} \;
 
 # FIXME: ELF patching. Is there a better way?