diff --git a/kernel.sh b/kernel.sh
index aa2b403..08c3b8e 100644
--- a/kernel.sh
+++ b/kernel.sh
@@ -1,21 +1,22 @@
 #!/bin/bash
-UPDATED="2025-04-11"
+UPDATED="2025-04-12"
 
-DISABLE=1        # disable some options
-ENABLE=1         # enable some options
-SECURED=1        # enable/disable security
-PATCHES=1        # enable/disable patch apply
-UARCH=0          # apply more uarch patch
-CLANG=0          # use Clang compiler (if not, use GCC)
-O3=1             # use -O3 vs -O2 (optimisation)
-ARCH="native"    # target architecture (uarch patch)
-CONFIGCLOUD=1    # enable cloud 'from' config
-CONFIGOLD=1      # enable old def config
-CONFIGMOD=0      # enable all mod config
-SCRATCH=0        # perform from scratch (remove preexisting content)
-UNCOMPRESS=1     # perform uncompress if already exist
-CLEANUP=1        # perform folder cleanup
-TESTING=0        # add testing options
+DISABLE=1     # disable some options
+ENABLE=1      # enable some options
+SECURED=1     # enable/disable security
+PATCHES=1     # enable/disable patch apply
+UARCH=0       # apply more uarch patch
+CLANG=0       # use Clang compiler (if not, use GCC)
+O3=1          # use -O3 vs -O2 (optimisation)
+ARCH="native" # target architecture (uarch patch)
+CONFIGCLOUD=1 # enable cloud 'from' config
+CONFIGOLD=1   # enable old def config
+CONFIGMOD=0   # enable all mod config
+SCRATCH=0     # perform from scratch (remove preexisting content)
+UNCOMPRESS=1  # perform uncompress if already exist
+CLEANUP=1     # perform folder cleanup
+TESTING=0     # add testing options
+NVIDIA=1      # add support for nvidia
 
 #
 # Sources:
@@ -71,12 +72,12 @@ doBuildSystem() {
 # Get target distribution name
 doTargetName() {
     case ${TARGET} in
-        debian)
-            TARGETNAME="Debian"
-            ;;
-        ubuntu)
-            TARGETNAME="Ubuntu"
-            ;;
+    debian)
+        TARGETNAME="Debian"
+        ;;
+    ubuntu)
+        TARGETNAME="Ubuntu"
+        ;;
     esac
 }
 
@@ -137,18 +138,17 @@ cd $CURRENT
 # Perform specific distribution adjustments
 doTarget() {
     case ${TARGET} in
-        ubuntu)
-            DISABLE=0
-            PATCHES=0
-            UARCH=0
-            ARCH="native"
-            CONFIGCLOUD=0
-            CONFIGMOD=0
-            CONFIGOLD=1
-            SCRATCH=0
-            ;;
-        *)
-            ;;
+    ubuntu)
+        DISABLE=0
+        PATCHES=0
+        UARCH=0
+        ARCH="native"
+        CONFIGCLOUD=0
+        CONFIGMOD=0
+        CONFIGOLD=1
+        SCRATCH=0
+        ;;
+    *) ;;
     esac
 }
 
@@ -158,23 +158,22 @@ doTargetAdapt() {
 
     doTargetName
     case ${TARGET} in
-        ubuntu)
-            doEchoStep "Adaptation for: ${TARGETNAME}"
-            doEchoStep " - Certificates generation"
-            openssl req -x509 -newkey rsa:4096 -keyout certs/zogg.pem -out certs/zogg.pem -nodes -days 3650 -config $CERTS/zogg.cnf
-            doEchoStep " - Options override"
-            ./scripts/config --set-str CONFIG_MODULE_SIG_KEY "certs/zogg.pem"
-            ./scripts/config --enable CONFIG_SYSTEM_TRUSTED_KEYRING
-            ./scripts/config --set-str CONFIG_SYSTEM_TRUSTED_KEYS "certs/zogg.pem"
-            ./scripts/config --enable CONFIG_SYSTEM_EXTRA_CERTIFICATE
-            ./scripts/config --set-val CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
-            ./scripts/config --enable CONFIG_SECONDARY_TRUSTED_KEYRING
-            ./scripts/config --enable CONFIG_SYSTEM_BLACKLIST_KEYRING
-            ./scripts/config --set-str CONFIG_SYSTEM_BLACKLIST_HASH_LIST ""
-            export CC="x86_64-pc-linux-gnu"
-            ;;
-        *)
-            ;;
+    ubuntu)
+        doEchoStep "Adaptation for: ${TARGETNAME}"
+        doEchoStep " - Certificates generation"
+        openssl req -x509 -newkey rsa:4096 -keyout certs/zogg.pem -out certs/zogg.pem -nodes -days 3650 -config $CERTS/zogg.cnf
+        doEchoStep " - Options override"
+        ./scripts/config --set-str CONFIG_MODULE_SIG_KEY "certs/zogg.pem"
+        ./scripts/config --enable CONFIG_SYSTEM_TRUSTED_KEYRING
+        ./scripts/config --set-str CONFIG_SYSTEM_TRUSTED_KEYS "certs/zogg.pem"
+        ./scripts/config --enable CONFIG_SYSTEM_EXTRA_CERTIFICATE
+        ./scripts/config --set-val CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
+        ./scripts/config --enable CONFIG_SECONDARY_TRUSTED_KEYRING
+        ./scripts/config --enable CONFIG_SYSTEM_BLACKLIST_KEYRING
+        ./scripts/config --set-str CONFIG_SYSTEM_BLACKLIST_HASH_LIST ""
+        export CC="x86_64-pc-linux-gnu"
+        ;;
+    *) ;;
     esac
 }
 
@@ -458,11 +457,18 @@ doScriptsConfigFile() {
     FILE=$2
 
     while read -r option; do
-        ./scripts/config --${SWITCH} $option
+        if [[ 
+            (-n $option) &&
+            (${option:0:1} != ';') ]]; then
+            # if not null
+            # skip when starting with ';' (comment)
+
+            ./scripts/config --${SWITCH} $option
+        fi
     done <"$FILE"
 }
 
-# Generate defaults options for this kernel
+# Generate defaults 'disabled' options for this kernel
 doDefaultsDisable() {
     if [ $DISABLE == 1 ]; then
         doEchoStep "Options: disable"
@@ -470,11 +476,13 @@ doDefaultsDisable() {
         if [ -f .config ]; then
             cp .config .config.disable.before
         fi
-        doScriptsConfigFile disable $OPTIONS/disable.txt
+        doScriptsConfigFile disable $OPTIONS/disable/disable.txt
 
         cp .config .config.disable.after
     fi
 }
+
+# Generate defaults 'enabled' options for this kernel
 doDefaultsEnable() {
     if [ $ENABLE == 1 ]; then
         doEchoStep "Options: enable"
@@ -483,9 +491,9 @@ doDefaultsEnable() {
             cp .config .config.enable.before
         fi
         if [ "$CLANG" == "1" ]; then
-            doScriptsConfigFile enable $OPTIONS/clang.txt
+            doScriptsConfigFile enable $OPTIONS/enable/clang.txt
         fi
-        doScriptsConfigFile enable $OPTIONS/enable.txt
+        doScriptsConfigFile enable $OPTIONS/enable/enable.txt
 
         case ${ARCH} in
         "x86-64-v2")
@@ -502,6 +510,8 @@ doDefaultsEnable() {
         cp .config .config.enable.after
     fi
 }
+
+# Generate defaults 'mitigations' options for this kernel
 doDefaultMitigations() {
     if [ -f .config ]; then
         cp .config .config.mitigations.before
@@ -509,14 +519,16 @@ doDefaultMitigations() {
 
     if [ $SECURED == 0 ]; then
         doEchoStep "Options: secured OFF"
-        doScriptsConfigFile disable $OPTIONS/unsecured.txt
+        doScriptsConfigFile disable $OPTIONS/disable/unsecure.txt
     else
         doEchoStep "Options: secured ON"
-        doScriptsConfigFile enable $OPTIONS/secured.txt
+        doScriptsConfigFile enable $OPTIONS/enable/secure.txt
     fi
 
     cp .config .config.mitigations.after
 }
+
+# Generate defaults 'testing' options for this kernel
 doDefaultsTesting() {
     if [ $TESTING == 1 ]; then
         doEchoStep "Options: testings activated..."
@@ -529,6 +541,24 @@ doDefaultsTesting() {
         cp .config .config.testing.after
     fi
 }
+
+# Generate defaults 'NVIDIA' options for this kernel
+doDefaultsNvidia() {
+    if [ $NVIDIA == 1 ]; then
+        doEchoStep "Options: NVIDIA activated..."
+
+        if [ -f .config ]; then
+            cp .config .config.nvidia.before
+        fi
+
+        doEchoStep "Options: NVIDIA disable"
+        doScriptsConfigFile disable $OPTIONS/disable/nvidia.txt
+
+        cp .config .config.nvidia.after
+    fi
+}
+
+# Generate defaults options for this kernel
 doDefaults() {
     cd $WORKDIR
 
@@ -553,6 +583,7 @@ doDefaults() {
     doDefaultsDisable
     doDefaultsEnable
     doDefaultMitigations
+    doDefaultsNvidia
     doDefaultsTesting
 
     cp .config .config.default.after
@@ -660,10 +691,10 @@ doCompile() {
     cd $WORKDIR
 
     if [ -f ../revision.log ]; then
-        REVISION="`head -1 ../revision.log`"
-        REVISION=$((REVISION+1))
+        REVISION="$(head -1 ../revision.log)"
+        REVISION=$((REVISION + 1))
     fi
-    echo $REVISION > ../revision.log
+    echo $REVISION >../revision.log
 
     doStripSig
     doStripDebug
diff --git a/options/disable/disable.txt b/options/disable/disable.txt
new file mode 100644
index 0000000..37e7d2b
--- /dev/null
+++ b/options/disable/disable.txt
@@ -0,0 +1,305 @@
+;2025-04-12
+CONFIG_WERROR
+CONFIG_ACCESSIBILITY
+CONFIG_ACORN_PARTITION
+CONFIG_ACPI_DEBUG
+CONFIG_ACPI_DEBUGGER
+CONFIG_ACPI_EC_DEBUGFS
+CONFIG_ACRN_GUEST
+CONFIG_AF_RXRPC
+CONFIG_AIX_PARTITION
+CONFIG_AMD_IOMMU
+CONFIG_AMIGA_PARTITION
+CONFIG_APPLE_DART
+CONFIG_APPLE_PROPERTIES
+CONFIG_ARCH_MEMORY_PROBE
+CONFIG_ARM_INTEGRATOR_LM
+CONFIG_ARM_SCMI_PROTOCOL
+CONFIG_ARM_SCPI_PROTOCOL
+CONFIG_ARM_SMMU
+CONFIG_ATA_OVER_ETH
+CONFIG_ATARI_PARTITION
+CONFIG_ATM_DRIVERS
+CONFIG_BFQ_CGROUP_DEBUG
+CONFIG_BLK_CGROUP_IOLATENCY
+CONFIG_BLK_DEBUG_FS
+CONFIG_BLK_DEV_BSGLIB
+CONFIG_BLK_DEV_INTEGRITY
+CONFIG_BLK_DEV_THROTTLING_LOW
+CONFIG_BLK_DEV_ZONED
+CONFIG_BSD_DISKLABEL
+CONFIG_BT
+CONFIG_BTRFS_ASSERT
+CONFIG_BTRFS_DEBUG
+CONFIG_BTRFS_FS
+CONFIG_BTRFS_FS_CHECK_INTEGRITY
+CONFIG_BTRFS_FS_REF_VERIFY
+CONFIG_BTRFS_FS_RUN_SANITY_TESTS
+CONFIG_CACHEFILES_DEBUG
+CONFIG_CACHEFILES_ONDEMAND
+CONFIG_CAIF
+CONFIG_CAN
+CONFIG_CDROM_PKTCDVD
+CONFIG_CEPH_LIB
+CONFIG_CFG80211
+CONFIG_CGROUP_DEBUG
+CONFIG_CIFS_DEBUG
+CONFIG_CMA
+CONFIG_CMA_DEBUG
+CONFIG_CMA_DEBUGFS
+CONFIG_CMA_SYSFS
+CONFIG_COMPAT_VDSO
+CONFIG_CPA_DEBUG
+CONFIG_CPU_SRSO
+CONFIG_CPU_SUP_AMD
+CONFIG_CPU_SUP_CENTAUR
+CONFIG_CPU_SUP_HYGON
+CONFIG_CPU_SUP_ZHAOXIN
+CONFIG_CRASH_DUMP
+CONFIG_DAMON
+CONFIG_DEBUG_BOOT_PARAMS
+CONFIG_DEBUG_CGROUP_REF
+CONFIG_DEBUG_CREDENTIALS
+CONFIG_DEBUG_DEVRES
+CONFIG_DEBUG_DRIVER
+CONFIG_DEBUG_ENTRY
+CONFIG_DEBUG_KERNEL
+CONFIG_DEBUG_KOBJECT
+CONFIG_DEBUG_KOBJECT_RELEASE
+CONFIG_DEBUG_LIST
+CONFIG_DEBUG_MAPLE_TREE
+CONFIG_DEBUG_MISC
+CONFIG_DEBUG_NMI_SELFTEST
+CONFIG_DEBUG_NOTIFIERS
+CONFIG_DEBUG_PERF_USE_VMALLOC
+CONFIG_DEBUG_PLIST
+CONFIG_DEBUG_PREEMPT
+CONFIG_DEBUG_RSEQ
+CONFIG_DEBUG_SG
+CONFIG_DEBUG_SHIRQ
+CONFIG_DEBUG_TEST_DRIVER_REMOVE
+CONFIG_DEBUG_TIMEKEEPING
+CONFIG_DEBUG_TLBFLUSH
+CONFIG_DEBUG_WQ_FORCE_RR_CPU
+CONFIG_DRM_AMDGPU
+CONFIG_DRM_HDLCD
+CONFIG_DRM_KOMEDA
+CONFIG_DRM_LEGACY
+CONFIG_DRM_MALI_DISPLAY
+CONFIG_DRM_RADEON
+CONFIG_DVB_DUMMY_FE
+CONFIG_DVB_MMAP
+CONFIG_EARLY_PRINTK
+CONFIG_EDD
+CONFIG_EFI_FAKE_MEMMAP
+CONFIG_EFI_PGT_DUMP
+CONFIG_EISA
+CONFIG_EXT3_FS
+CONFIG_EXT4_DEBUG
+CONFIG_EXT4_KUNIT_TESTS
+CONFIG_F2FS_FS
+CONFIG_FAT_KUNIT_TEST
+CONFIG_FAULT_INJECTION
+CONFIG_FDDI
+CONFIG_FIREWIRE
+CONFIG_FIREWIRE_NOSY
+CONFIG_FS_DAX
+CONFIG_FSCACHE_DEBUG
+CONFIG_FTRACE
+CONFIG_FUJITSU_ES
+CONFIG_FUNCTION_ERROR_INJECTION
+CONFIG_FW_DEVLINK_SYNC_STATE_TIMEOUT
+CONFIG_GCOV_KERNEL
+CONFIG_GENERIC_IRQ_DEBUGFS
+CONFIG_GFS2_FS
+CONFIG_GNSS
+CONFIG_GOOGLE_FIRMWARE
+CONFIG_HAMRADIO
+CONFIG_HIBERNATION
+CONFIG_HIPPI
+CONFIG_HOTPLUG_PCI
+CONFIG_HYPERV_NET
+CONFIG_HYPERV_TESTING
+CONFIG_IOSF_MBI
+CONFIG_IOSF_MBI_DEBUG
+CONFIG_IRQ_TIME_ACCOUNTING
+CONFIG_ISA_BUS
+CONFIG_ISDN
+CONFIG_JBD2_DEBUG
+CONFIG_JFS_FS
+CONFIG_KARMA_PARTITION
+CONFIG_KCOV
+CONFIG_KVM_XEN
+CONFIG_LDM_PARTITION
+CONFIG_LIB80211_DEBUG
+CONFIG_LOCK_EVENT_COUNTS
+CONFIG_LRU_GEN_STATS
+CONFIG_MAC_PARTITION
+CONFIG_MAC80211
+CONFIG_MACINTOSH_DRIVERS
+CONFIG_MEDIA_CONTROLLER_DVB
+CONFIG_MEMORY_FAILURE
+CONFIG_MEMTEST
+CONFIG_MICROCODE_LATE_LOADING
+CONFIG_MINIX_SUBPARTITION
+CONFIG_MODIFY_LDT_SYSCALL
+CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
+CONFIG_MODULE_DEBUG
+CONFIG_MODULE_FORCE_UNLOAD
+CONFIG_MODULE_SIG
+CONFIG_MODULE_SRCVERSION_ALL
+CONFIG_MODULE_UNLOAD_TAINT_TRACKING
+CONFIG_MODVERSIONS
+CONFIG_NET_9P
+CONFIG_NET_SB1000
+CONFIG_NETDEVSIM
+CONFIG_NFC
+CONFIG_NILFS2_FS
+CONFIG_NO_HZ
+CONFIG_NTFS_DEBUG
+CONFIG_NTFS3_64BIT_CLUSTER
+CONFIG_OCFS2_FS
+CONFIG_OSF_PARTITION
+CONFIG_PAGE_POOL_STATS
+CONFIG_PARAVIRT_DEBUG
+CONFIG_PARAVIRT_TIME_ACCOUNTING
+CONFIG_PARPORT
+CONFIG_PCCARD
+CONFIG_PCI_CNB20LE_QUIRK
+CONFIG_PCI_DEBUG
+CONFIG_PCI_EPF_TEST
+CONFIG_PCI_P2PDMA
+CONFIG_PCI_PF_STUB
+CONFIG_PCI_STUB
+CONFIG_PCIE_ECRC
+CONFIG_PCIEAER_INJECT
+CONFIG_PERF_EVENTS_AMD_UNCORE
+CONFIG_PM_DEBUG
+CONFIG_PPS
+CONFIG_PROVIDE_OHCI1394_DMA_INIT
+CONFIG_PSE_CONTROLLER
+CONFIG_PUNIT_ATOM_DEBUG
+CONFIG_QCOM_IPA
+CONFIG_QFMT_V1
+CONFIG_QFMT_V2
+CONFIG_QUOTA_DEBUG
+CONFIG_RADIO_ADAPTERS
+CONFIG_RAPIDIO
+CONFIG_PROVE_RCU_LIST
+CONFIG_RCU_CPU_STALL_CPUTIME
+CONFIG_RCU_EQS_DEBUG
+CONFIG_RCU_STRICT_GRACE_PERIOD
+CONFIG_RCU_TRACE
+CONFIG_RCU_NOCB_CPU
+CONFIG_READ_ONLY_THP_FOR_FS
+CONFIG_REISERFS_FS
+CONFIG_RFKILL
+CONFIG_SAMPLES
+CONFIG_SECCOMP_CACHE_DEBUG
+CONFIG_SGI_PARTITION
+CONFIG_SMS_SIANO_DEBUGFS
+CONFIG_SOLARIS_X86_PARTITION
+CONFIG_STRICT_SIGALTSTACK_SIZE
+CONFIG_SUN_PARTITION
+CONFIG_SYSV68_PARTITION
+CONFIG_TEST_ASYNC_DRIVER_PROBE
+CONFIG_TIME_KUNIT_TEST
+CONFIG_ULTRIX_PARTITION
+CONFIG_UNIXWARE_DISKLABEL
+CONFIG_USB4_NET
+CONFIG_USELIB
+CONFIG_VMXNET3
+CONFIG_WAN
+CONFIG_WARN_ABI_ERRORS
+CONFIG_WARN_ALL_UNSEEDED_RANDOM
+CONFIG_WARN_MISSING_DOCUMENTS
+CONFIG_WLAN
+CONFIG_WQ_POWER_EFFICIENT_DEFAULT
+CONFIG_WWAN
+CONFIG_X86_16BIT
+CONFIG_X86_5LEVEL
+CONFIG_X86_AMD_PLATFORM_DEVICE
+CONFIG_X86_AMD_PSTATE
+CONFIG_X86_AMD_PSTATE_UT
+CONFIG_X86_CHECK_BIOS_CORRUPTION
+CONFIG_X86_DEBUG_FPU
+CONFIG_X86_EXTENDED_PLATFORM
+CONFIG_X86_GOLDFISH
+CONFIG_X86_INTEL_LPSS
+CONFIG_X86_INTEL_MID
+CONFIG_X86_IOPL_IOPERM
+CONFIG_X86_MCE_INJECT
+CONFIG_X86_MCELOG_LEGACY
+CONFIG_X86_MPPARSE
+CONFIG_X86_P4_CLOCKMOD
+CONFIG_X86_POWERNOW_K8
+CONFIG_X86_SPEEDSTEP_CENTRINO
+CONFIG_XEN
+CONFIG_XFS_ASSERT_FATAL
+CONFIG_XFS_DEBUG
+CONFIG_XFS_ONLINE_REPAIR
+CONFIG_XFS_ONLINE_SCRUB
+CONFIG_XFS_ONLINE_SCRUB_STATS
+CONFIG_XFS_QUOTA
+CONFIG_XFS_RT
+CONFIG_XFS_SUPPORT_ASCII_CI
+CONFIG_XFS_SUPPORT_V4
+USB_NET_DRIVER
+WIRELESS
+CONFIG_KERNEL_GZIP
+CONFIG_KERNEL_BZIP2
+CONFIG_KERNEL_LZMA
+CONFIG_KERNEL_LZO
+CONFIG_KERNEL_LZ4
+CONFIG_KERNEL_ZSTD
+CONFIG_NET_VENDOR_AMAZON
+CONFIG_NET_VENDOR_ASIX
+CONFIG_NET_VENDOR_CORTINA
+CONFIG_NET_VENDOR_DAVICOM
+CONFIG_NET_VENDOR_ENGLEDER
+CONFIG_NET_VENDOR_FUNGIBLE
+CONFIG_NET_VENDOR_GOOGLE
+CONFIG_GVE
+CONFIG_NET_VENDOR_LITEX
+CONFIG_NET_VENDOR_MELLANOX
+CONFIG_MLX4_EN
+CONFIG_MLX4_DEBUG
+CONFIG_MLX4_CORE_GEN2
+CONFIG_MLX5_CORE
+CONFIG_MLXFW
+CONFIG_NET_VENDOR_MICROSEMI
+CONFIG_NET_VENDOR_MICROSOFT
+CONFIG_MICROSOFT_MANA
+CONFIG_NET_VENDOR_NI
+CONFIG_NET_VENDOR_PENSANDO
+CONFIG_NET_VENDOR_SOCIONEXT
+CONFIG_NET_VENDOR_VERTEXCOM
+CONFIG_NET_VENDOR_WANGXUN
+CONFIG_NET_VENDOR_XILINX
+CONFIG_INFINIBAND
+CONFIG_COMEDI
+CONFIG_SURFACE_PLATFORMS
+CONFIG_SOUNDWIRE
+CONFIG_PREEMPT_VOLUNTARY
+CONFIG_HZ_250
+CONFIG_HZ_300
+CONFIG_HZ_1000
+CONFIG_VIRT_CPU_ACCOUNTING_GEN
+CONFIG_TASKSTATS
+CONFIG_PSI
+CONFIG_SCHED_MC
+CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS
+CONFIG_INIT_ON_ALLOC_DEFAULT_ON
+CONFIG_LIST_HARDENED
+CONFIG_BUG_ON_DATA_CORRUPTION
+CONFIG_CALL_THUNKS_DEBUG
+CONFIG_KPROBES
+CONFIG_SLUB_DEBUG
+CONFIG_PCSPKR_PLATFORM
+CONFIG_DEBUG_FS_ALLOW_ALL
+CONFIG_DEBUG_FS
+CONFIG_X86_SGX
+CONFIG_X86_UMIP
+CONFIG_X86_USER_SHADOW_STACK
+CONFIG_X86_SGX_KVM
+CONFIG_EXT2_FS
diff --git a/options/disable/nvidia.txt b/options/disable/nvidia.txt
new file mode 100644
index 0000000..39d4781
--- /dev/null
+++ b/options/disable/nvidia.txt
@@ -0,0 +1,3 @@
+;2025-04-12
+CONFIG_RETHUNK
+CONFIG_X86_KERNEL_IBT
diff --git a/options/disable/unsecure.txt b/options/disable/unsecure.txt
new file mode 100644
index 0000000..2d09fe1
--- /dev/null
+++ b/options/disable/unsecure.txt
@@ -0,0 +1,10 @@
+;2025-04-12
+CONFIG_SPECULATION_MITIGATIONS
+CONFIG_RETPOLINE
+CONFIG_CPU_IBRS_ENTRY
+CONFIG_SLS
+CONFIG_GDS_FORCE_MITIGATION
+CONFIG_INTEL_TDX_HOST
+CONFIG_X86_UMIP
+CONFIG_X86_SGX
+CONFIG_X86_USER_SHADOW_STACK
diff --git a/options/enable/clang.txt b/options/enable/clang.txt
new file mode 100644
index 0000000..5001e05
--- /dev/null
+++ b/options/enable/clang.txt
@@ -0,0 +1,7 @@
+;2025-04-12
+CONFIG_HAS_LTO_CLANG
+CONFIG_ARCH_SUPPORTS_CFI_CLANG
+CONFIG_ARCH_SUPPORTS_LTO_CLANG_THIN
+CONFIG_ARCH_SUPPORTS_LTO_CLANG
+CONFIG_LTO_CLANG_THIN
+CONFIG_LTO_CLANG_FULL
diff --git a/options/enable/enable.txt b/options/enable/enable.txt
new file mode 100644
index 0000000..e211ba2
--- /dev/null
+++ b/options/enable/enable.txt
@@ -0,0 +1,414 @@
+;2025-04-12
+CONFIG_ADDRESS_MASKING
+CONFIG_AF_KCM
+CONFIG_ARCH_CPUIDLE_HALTPOLL
+CONFIG_BINFMT_MISC
+CONFIG_BINFMT_SCRIPT
+CONFIG_BLK_CGROUP
+CONFIG_BLK_DEV
+CONFIG_BLK_DEV_INITRD
+CONFIG_BLK_WBT
+CONFIG_BOOT_CONFIG
+CONFIG_BSD_PROCESS_ACCT
+CONFIG_CALL_DEPTH_TRACKING
+CONFIG_CGROUP_CPUACCT
+CONFIG_CGROUP_DEVICE
+CONFIG_CGROUP_MISC
+CONFIG_CGROUP_NET_CLASSID
+CONFIG_CGROUP_NET_PRIO
+CONFIG_CGROUP_PIDS
+CONFIG_CGROUP_RDMA
+CONFIG_CGROUP_SCHED
+CONFIG_CGROUPS
+CONFIG_CIFS
+CONFIG_CIFS_ALLOW_INSECURE_LEGACY
+CONFIG_CIFS_DFS_UPCALL
+CONFIG_CIFS_STATS2
+CONFIG_CIFS_SWN_UPCALL
+CONFIG_COMPAT_32BIT_TIME
+CONFIG_CONFIGFS_FS
+CONFIG_CPU_FREQ
+CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND
+CONFIG_CPU_FREQ_GOV_CONSERVATIVE
+CONFIG_CPU_FREQ_GOV_ONDEMAND
+CONFIG_CPU_FREQ_GOV_PERFORMANCE
+CONFIG_CPU_FREQ_GOV_POWERSAVE
+CONFIG_CPU_FREQ_GOV_USERSPACE
+CONFIG_CPU_IBPB_ENTRY
+CONFIG_CPU_UNRET_ENTRY
+CONFIG_DEVTMPFS
+CONFIG_DRM_VIRTIO_GPU
+CONFIG_DRM_VIRTIO_GPU_KMS
+CONFIG_EFI
+CONFIG_EFI_BOOTLOADER_CONTROL
+CONFIG_EFI_MIXED
+CONFIG_EFI_PARTITION
+CONFIG_EFI_VARS_PSTORE
+CONFIG_EFIVAR_FS
+CONFIG_ETHERNET
+CONFIG_ETHTOOL_NETLINK
+CONFIG_EXT2_FS
+CONFIG_EXT4_FS
+CONFIG_EXT4_USE_FOR_EXT2
+CONFIG_FANOTIFY
+CONFIG_FORTIFY_SOURCE
+CONFIG_HANGCHECK_TIMER
+CONFIG_HARDENED_USERCOPY
+CONFIG_HIGH_RES_TIMERS
+CONFIG_HYPERVISOR_GUEST
+CONFIG_IA32_EMULATION
+CONFIG_IKCONFIG
+CONFIG_IKCONFIG_PROC
+CONFIG_IKHEADERS
+CONFIG_INET
+CONFIG_INET_AH
+CONFIG_INET_ESP
+CONFIG_INET_IPCOMP
+CONFIG_INET_RAW_DIAG
+CONFIG_INET_UDP_DIAG
+CONFIG_INET6_AH
+CONFIG_INET6_ESP
+CONFIG_INET6_IPCOMP
+CONFIG_INTEL_HFI_THERMAL
+CONFIG_INTEL_IDLE
+CONFIG_INTEL_POWERCLAMP
+CONFIG_INTEL_RST
+CONFIG_IOMMU_SUPPORT
+CONFIG_IOSCHED_BFQ
+CONFIG_IP_NF_ARPTABLES
+CONFIG_IP_NF_IPTABLES
+CONFIG_IP6_NF_IPTABLES
+CONFIG_IPV6_VTI
+CONFIG_JUMP_LABEL
+CONFIG_KERNEL_XZ
+CONFIG_KVM
+CONFIG_KVM_INTEL
+CONFIG_LOCALVERSION_AUTO
+CONFIG_LRU_GEN
+CONFIG_LRU_GEN_ENABLED
+CONFIG_MEDIA_SUBDRV_AUTOSELECT
+CONFIG_MEDIA_SUPPORT
+CONFIG_MEDIA_SUPPORT_FILTER
+CONFIG_MEMCG
+CONFIG_MODULE_COMPRESS_NONE
+CONFIG_MODULE_FORCE_LOAD
+CONFIG_MODULE_UNLOAD
+CONFIG_MODULES
+CONFIG_MQ_IOSCHED_DEADLINE
+CONFIG_MQ_IOSCHED_KYBER
+CONFIG_MSDOS_PARTITION
+CONFIG_NET
+CONFIG_NET_CLS_CGROUP
+CONFIG_NET_CLS_FLOWER
+CONFIG_NET_CLS_FW
+CONFIG_NET_CLS_ROUTE4
+CONFIG_NET_CORE
+CONFIG_NET_FOU
+CONFIG_NET_FOU_IP_TUNNELS
+CONFIG_NET_IPVTI
+CONFIG_NET_SCH_CBS
+CONFIG_NET_SCH_ETF
+CONFIG_NET_SCH_GRED
+CONFIG_NET_SCH_HFSC
+CONFIG_NET_SCH_HHF
+CONFIG_NET_SCH_HTB
+CONFIG_NET_SCH_PRIO
+CONFIG_NET_SCH_RED
+CONFIG_NET_SCH_SFB
+CONFIG_NET_SCH_SFQ
+CONFIG_NET_SCH_TAPRIO
+CONFIG_NET_SCH_TBF
+CONFIG_NET_SCH_TEQL
+CONFIG_NET_SCHED
+CONFIG_NETDEVICES
+CONFIG_NETFILTER
+CONFIG_NETFILTER_XTABLES
+CONFIG_NETLINK_DIAG
+CONFIG_NETWORK_FILESYSTEMS
+CONFIG_NF_SOCKET_IPV4
+CONFIG_NF_SOCKET_IPV6
+CONFIG_NF_TABLES
+CONFIG_PACKET
+CONFIG_PACKET_DIAG
+CONFIG_PAGE_REPORTING
+CONFIG_PAGE_TABLE_ISOLATION
+CONFIG_PARAVIRT
+CONFIG_PARTITION_ADVANCED
+CONFIG_PCI
+CONFIG_PCI_IOV
+CONFIG_PCI_PASID
+CONFIG_PCI_PRI
+CONFIG_PCIE_BUS_PERFORMANCE
+CONFIG_PCIEASPM
+CONFIG_PM_AUTOSLEEP
+CONFIG_PNP
+CONFIG_PROC_KCORE
+CONFIG_PSAMPLE
+CONFIG_PVH
+CONFIG_PVPANIC
+CONFIG_RETHUNK
+CONFIG_SCHED_AUTOGROUP
+CONFIG_SHUFFLE_PAGE_ALLOCATOR
+CONFIG_SMB_SERVER
+CONFIG_SMB_SERVER_CHECK_CAP_NET_ADMIN
+CONFIG_SYN_COOKIES
+CONFIG_SYSFB_SIMPLEFB
+CONFIG_SYSVIPC
+CONFIG_TCP_CONG_ADVANCED
+CONFIG_TCP_CONG_BBR
+CONFIG_TMPFS
+CONFIG_TRANSPARENT_HUGEPAGE
+CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS
+CONFIG_UNIX
+CONFIG_VGA_ARB
+CONFIG_VHOST_NET
+CONFIG_VIRT_DRIVERS
+CONFIG_VIRTIO_BLK
+CONFIG_VIRTIO_CONSOLE
+CONFIG_VIRTIO_IOMMU
+CONFIG_VIRTUALIZATION
+CONFIG_VMGENID
+CONFIG_WATCH_QUEUE
+CONFIG_X86_ACPI_CPUFREQ
+CONFIG_X86_CPUID
+CONFIG_X86_INTEL_PSTATE
+CONFIG_X86_INTEL_TSX_MODE_AUTO
+CONFIG_X86_MSR
+CONFIG_X86_PKG_TEMP_THERMAL
+CONFIG_X86_PLATFORM_DEVICES
+CONFIG_X86_PMEM_LEGACY
+CONFIG_X86_X32_ABI
+CONFIG_ZRAM
+DEFAULT_BBR
+FAIR_GROUP_SCHED
+VIRTIO_MENU
+ZRAM_DEF_COMP_ZSTD
+CONFIG_ATA
+CONFIG_ATA_SFF
+CONFIG_ATA_BMDMA
+CONFIG_ATA_ACPI
+CONFIG_SATA_AHCI
+CONFIG_SCSI
+CONFIG_SCSI_PROC_FS
+CONFIG_BLK_DEV_SD
+CONFIG_CHR_DEV_SG
+CONFIG_SCSI_SAS_ATA
+CONFIG_SCSI_VIRTIO
+CONFIG_VFIO_VIRQFD
+CONFIG_VIRTIO_PCI
+CONFIG_VIRTIO_PCI_LEGACY
+CONFIG_VIRTIO_PMEM
+CONFIG_VIRTIO_BALLOON
+CONFIG_VIRTIO_MEM
+CONFIG_VIRTIO_INPUT
+CONFIG_VIRTIO_MMIO
+CONFIG_INTEL_IOMMU
+CONFIG_INTEL_IOMMU_SVM
+CONFIG_INTEL_IOMMU_DEFAULT_ON
+CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON
+CONFIG_IRQ_REMAP
+CONFIG_HYPERV_IOMMU
+CONFIG_SCHED_CORE
+CONFIG_X86_X2APIC
+CONFIG_X86_CPU_RESCTRL
+CONFIG_PARAVIRT_SPINLOCKS
+CONFIG_PROCESSOR_SELECT
+CONFIG_CPU_SUP_INTEL
+CONFIG_X86_KERNEL_IBT
+CONFIG_KVM_PROVE_MMU
+CONFIG_TRIM_UNUSED_KSYMS
+CONFIG_IXGBEVF
+CONFIG_VFIO
+CONFIG_CRYPTO_PCRYPT
+CONFIG_CRYPTO_CRYPTD
+CONFIG_CRYPTO_LZO
+CONFIG_CRYPTO_LZ4
+CONFIG_CRYPTO_ZSTD
+CONFIG_HZ_100
+CONFIG_PREEMPT_NONE
+CONFIG_ZSWAP
+CONFIG_ZSWAP_DEFAULT_ON
+CONFIG_TRANSPARENT_HUGEPAGE_MADVISE
+CONFIG_BTRFS_FS_POSIX_ACL
+CONFIG_XFS_POSIX_ACL
+CONFIG_CEPH_FS_POSIX_ACL
+CONFIG_EROFS_FS_POSIX_ACL
+CONFIG_NFS_V3_ACL
+CONFIG_NFSD_V3_ACL
+CONFIG_NTFS3_FS_POSIX_ACL
+CONFIG_TMPFS_POSIX_ACL
+CONFIG_EXT4_FS_POSIX_ACL
+CONFIG_FS_POSIX_ACL
+CONFIG_EXT2_FS_POSIX_ACL
+CONFIG_REISERFS_FS_POSIX_ACL
+CONFIG_JFS_POSIX_ACL
+CONFIG_F2FS_FS_POSIX_ACL
+CONFIG_JFFS2_FS_POSIX_ACL
+CONFIG_NFSD_V2_ACL
+CONFIG_9P_FS_POSIX_ACL
+CONFIG_EROFS_FS_XATTR
+CONFIG_EVM_ADD_XATTRS
+CONFIG_SQUASHFS_XATTR
+CONFIG_CIFS_XATTR
+CONFIG_TMPFS_XATTR
+CONFIG_EXT2_FS_XATTR
+CONFIG_EXT4_FS_XATTR
+CONFIG_REISERFS_FS_XATTR
+CONFIG_F2FS_FS_XATTR
+CONFIG_JFFS2_FS_XATTR
+CONFIG_UBIFS_FS_XATTR
+CONFIG_EXT4_FS_SECURITY
+CONFIG_EXT2_FS_SECURITY
+CONFIG_REISERFS_FS_SECURITY
+CONFIG_JFS_SECURITY
+CONFIG_F2FS_FS_SECURITY
+CONFIG_JFFS2_FS_SECURITY
+CONFIG_UBIFS_FS_SECURITY
+CONFIG_EROFS_FS_SECURITY
+CONFIG_SECURITYFS
+CONFIG_KEYS_REQUEST_CACHE
+CONFIG_IMA_READ_POLICY
+CONFIG_CRYPTO_ECDH
+CONFIG_CRYPTO_ECRDSA
+CONFIG_CRYPTO_SM2
+CONFIG_CRYPTO_CURVE25519
+CONFIG_CRYPTO_AES_TI
+CONFIG_CRYPTO_ARIA
+CONFIG_CRYPTO_BLOWFISH
+CONFIG_CRYPTO_CAMELLIA
+CONFIG_CRYPTO_CAST5
+CONFIG_CRYPTO_CAST6
+CONFIG_CRYPTO_DES
+CONFIG_CRYPTO_FCRYPT
+CONFIG_CRYPTO_SERPENT
+CONFIG_CRYPTO_SM4_GENERIC
+CONFIG_CRYPTO_TWOFISH
+CONFIG_CRYPTO_ADIANTUM
+CONFIG_CRYPTO_CHACHA20
+CONFIG_CRYPTO_CFB
+CONFIG_CRYPTO_CTS
+CONFIG_CRYPTO_HCTR2
+CONFIG_CRYPTO_KEYWRAP
+CONFIG_CRYPTO_LRW
+CONFIG_CRYPTO_OFB
+CONFIG_CRYPTO_PCBC
+CONFIG_CRYPTO_XTS
+CONFIG_CRYPTO_AEGIS128
+CONFIG_CRYPTO_CHACHA20POLY1305
+CONFIG_CRYPTO_ESSIV
+CONFIG_CRYPTO_BLAKE2B
+CONFIG_CRYPTO_MD4
+CONFIG_CRYPTO_MICHAEL_MIC
+CONFIG_CRYPTO_POLY1305
+CONFIG_CRYPTO_RMD160
+CONFIG_CRYPTO_SM3_GENERIC
+CONFIG_CRYPTO_STREEBOG
+CONFIG_CRYPTO_VMAC
+CONFIG_CRYPTO_WP512
+CONFIG_CRYPTO_XCBC
+CONFIG_CRYPTO_XXHASH
+CONFIG_CRYPTO_CRC32
+CONFIG_CRYPTO_LZ4HC
+CONFIG_CRYPTO_ANSI_CPRNG
+CONFIG_CRYPTO_USER_API_HASH
+CONFIG_CRYPTO_USER_API_SKCIPHER
+CONFIG_CRYPTO_USER_API_RNG
+CONFIG_CRYPTO_USER_API_AEAD
+CONFIG_CRYPTO_AES_NI_INTEL
+CONFIG_CRYPTO_SHA1_SSSE3
+CONFIG_CRYPTO_SHA256_SSSE3
+CONFIG_CRYPTO_SHA512_SSSE3
+CONFIG_CRYPTO_CRC32C_INTEL
+CONFIG_CRYPTO_CRC32_PCLMUL
+CONFIG_CRYPTO_LIB_CHACHA
+CONFIG_CRYPTO_LIB_CURVE25519
+CONFIG_CRYPTO_LIB_POLY1305
+CONFIG_CORDIC
+CONFIG_CRC7
+CONFIG_CRC8
+CRYPTO_LIB_CHACHA20POLY1305
+CONFIG_CRC4
+CONFIG_NO_HZ_IDLE
+CONFIG_PERF_EVENTS_INTEL_UNCORE
+CONFIG_PERF_EVENTS_INTEL_RAPL
+CONFIG_PERF_EVENTS_INTEL_CSTATE
+CONFIG_X86_CPA_STATISTICS
+CONFIG_LEGACY_VSYSCALL_XONLY
+CONFIG_ACPI_FPDT
+CONFIG_ACPI_BGRT
+CONFIG_ACPI_NFIT
+CONFIG_ACPI_DPTF
+CONFIG_ACPI_FFH
+CONFIG_ACPI_PFRUT
+CONFIG_DEVTMPFS_MOUNT
+CONFIG_FW_LOADER_COMPRESS_ZSTD
+CONFIG_FW_CFG_SYSFS
+CONFIG_EFI_COCO_SECRET
+CONFIG_VIRTIO_NET
+CONFIG_MEDIA_PLATFORM_SUPPORT
+CONFIG_FB_VESA
+CONFIG_FB_NVIDIA
+CONFIG_FB_RIVA
+CONFIG_FB_SIMPLE
+CONFIG_DMADEVICES
+CONFIG_INTEL_IDMA64
+CONFIG_INTEL_IDXD
+CONFIG_INTEL_IOATDMA
+CONFIG_VFIO_PCI_VGA
+CONFIG_NFS_FS
+CONFIG_BPF
+CONFIG_BPF_JIT
+CONFIG_BPF_SYSCALL
+CONFIG_NET_CLS_BPF
+CONFIG_BPF_JIT_ALWAYS_ON
+CONFIG_NET_ACT_BPF
+CONFIG_HAVE_BPF_JIT
+CONFIG_BPF_EVENTS
+CONFIG_X86_VSYSCALL_EMULATION
+CONFIG_ZSWAP_EXCLUSIVE_LOADS_DEFAULT_ON
+CONFIG_ZSWAP_COMPRESSOR_DEFAULT_ZSTD
+ZRAM_MEMORY_TRACKING
+CONFIG_ZRAM_MULTI_COMP
+CONFIG_CRASH_CORE
+CONFIG_HAVE_IMA_KEXEC
+CONFIG_KEXEC
+CONFIG_KEXEC_CORE
+CONFIG_KEXEC_FILE
+CONFIG_KEXEC_BZIMAGE_VERIFY_SIG
+CONFIG_KEXEC_SIG
+CONFIG_KEXEC_SIG_FORCE
+CONFIG_ARCH_SELECTS_KEXEC_FILE
+CONFIG_CALL_PADDING
+CONFIG_HAVE_ARCH_NODE_DEV_GROUP
+CONFIG_WATCHDOG_CORE
+CONFIG_DEVMEM
+CONFIG_STRICT_DEVMEM
+CONFIG_IO_STRICT_DEVMEM
+CONFIG_IPV6
+CONFIG_X86_64
+CONFIG_SMP
+CONFIG_NUMA
+CONFIG_KSM
+CONFIG_SYSFS
+CONFIG_KALLSYMS
+CONFIG_KALLSYMS_ALL
+CONFIG_RCU_EXPERT
+CONFIG_RCU_BOOST
+CONFIG_PREEMPT_RCU
+CONFIG_RCU_LAZY
+CONFIG_X86_MPPARSE
+CONFIG_X86_INTEL_LPSS
+CONFIG_COMPAT_VDSO
+CONFIG_HIBERNATION
+CONFIG_PM_WAKELOCKS
+CONFIG_ACPI_PROCESSOR_AGGREGATOR
+CONFIG_ACPI_CONFIGFS
+CONFIG_ZSWAP_SHRINKER_DEFAULT_ON
+CONFIG_DEBUG_INFO_REDUCED
+CONFIG_DEBUG_INFO_COMPRESSED_ZLIB
+CONFIG_MULTIUSER
+CONFIG_TASKSTATS
+CONFIG_TASK_XACCT
+CONFIG_TASK_IO_ACCOUNTING
+CONFIG_COMPILE_TEST
+CONFIG_CGROUP_DMEM
diff --git a/options/enable/secure.txt b/options/enable/secure.txt
new file mode 100644
index 0000000..2d09fe1
--- /dev/null
+++ b/options/enable/secure.txt
@@ -0,0 +1,10 @@
+;2025-04-12
+CONFIG_SPECULATION_MITIGATIONS
+CONFIG_RETPOLINE
+CONFIG_CPU_IBRS_ENTRY
+CONFIG_SLS
+CONFIG_GDS_FORCE_MITIGATION
+CONFIG_INTEL_TDX_HOST
+CONFIG_X86_UMIP
+CONFIG_X86_SGX
+CONFIG_X86_USER_SHADOW_STACK
diff --git a/options/clang.txt b/options/original/clang.txt
similarity index 100%
rename from options/clang.txt
rename to options/original/clang.txt
diff --git a/options/disable.txt b/options/original/disable.txt
similarity index 100%
rename from options/disable.txt
rename to options/original/disable.txt
diff --git a/options/enable.txt b/options/original/enable.txt
similarity index 100%
rename from options/enable.txt
rename to options/original/enable.txt
diff --git a/options/secured.txt b/options/original/secured.txt
similarity index 100%
rename from options/secured.txt
rename to options/original/secured.txt
diff --git a/options/unsecured.txt b/options/original/unsecured.txt
similarity index 100%
rename from options/unsecured.txt
rename to options/original/unsecured.txt