diff --git a/hosts/modules/hal/samsung/default.nix b/hosts/modules/hal/samsung/default.nix
index 47380e00..21ef701d 100644
--- a/hosts/modules/hal/samsung/default.nix
+++ b/hosts/modules/hal/samsung/default.nix
@@ -128,36 +128,41 @@ in
     # });
     # boot.kernelPackages = with pkgs; linuxPackagesFor linux_6_1;
     # boot.kernelPackages = with pkgs; linuxPackagesFor linux-exynos5-mainline;
-    boot.kernelPackages = with pkgs; linuxPackagesFor (linux-postmarketos-exynos5.override {
-      # linux = let version = "6.6.0-rc1"; rev = "6.6.0-rc6-bi-5264"; in {
-      #   # src = pkgs.fetchzip {
-      #   #   url = "https://git.kernel.org/stable/t/linux-6.2.16.tar.gz";
-      #   # };
-      #   src = pkgs.fetchFromGitea {
-      #     domain = "git.uninsane.org";
-      #     owner = "colin";
-      #     repo = "linux";
-      #     rev = "v${rev}";
-      #     hash = linuxSourceHashes."${rev}";
-      #   };
-      #   inherit version;
-      #   modDirVersion = version;
-      #   extraMakeFlags = [];
-      # };
-      # linux = linux_6_6;
-      # linux = linux_6_8;
-      # linux = linux_6_9;
-      linux = linux_latest;
-      # optimizeForSize = true;
-      # useEdpPanel = true;
-      revertPanelSimplePatch = true;
-    });
-    # boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux-postmarketos-exynos5;
-    # boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.linux_latest.override {
-    #   kernelPatches = [
-    #     pkgs.linux-postmarketos-exynos5.sanePatches.revertPanelSimplePatch
-    #   ];
+    # boot.kernelPackages = with pkgs; linuxPackagesFor (linux-postmarketos-exynos5.override {
+    #   # linux = let version = "6.6.0-rc1"; rev = "6.6.0-rc6-bi-5264"; in {
+    #   #   # src = pkgs.fetchzip {
+    #   #   #   url = "https://git.kernel.org/stable/t/linux-6.2.16.tar.gz";
+    #   #   # };
+    #   #   src = pkgs.fetchFromGitea {
+    #   #     domain = "git.uninsane.org";
+    #   #     owner = "colin";
+    #   #     repo = "linux";
+    #   #     rev = "v${rev}";
+    #   #     hash = linuxSourceHashes."${rev}";
+    #   #   };
+    #   #   inherit version;
+    #   #   modDirVersion = version;
+    #   #   extraMakeFlags = [];
+    #   # };
+    #   # linux = linux_6_6;
+    #   # linux = linux_6_8;
+    #   # linux = linux_6_9;
+    #   linux = linux_latest;
+    #   # optimizeForSize = true;
+    #   # useEdpPanel = true;
+    #   revertPanelSimplePatch = true;
     # });
+    # boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux-postmarketos-exynos5;
+    boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.linux-exynos5-mainline.override {
+      kernelPatches = [
+        pkgs.linux-postmarketos-exynos5.sanePatches.revertPanelSimplePatch
+      ];
+      structuredExtraConfig = with lib.kernel; {
+        SECURITY = yes;
+        SECURITY_LANDLOCK = yes;
+        LSM = freeform "landlock,lockdown,yama,loadpin,safesetid,selinux,smack,tomoyo,apparmor,bpf";
+      };
+    });
 
     system.build.u-boot = pkgs.buildUBoot {
       defconfig = "snow_defconfig";
diff --git a/pkgs/additional/linux-exynos5-mainline/default.nix b/pkgs/additional/linux-exynos5-mainline/default.nix
index c4db4469..4aba9a8b 100644
--- a/pkgs/additional/linux-exynos5-mainline/default.nix
+++ b/pkgs/additional/linux-exynos5-mainline/default.nix
@@ -2,7 +2,9 @@
 , fetchFromGitLab
 #v nixpkgs calls `.override` on the kernel to configure additional things
 , features ? {}
+, kernelPatches ? []
 , randstructSeed ? ""
+, structuredExtraConfig ? {}
 , ...
 }:
 buildLinux {
@@ -21,5 +23,5 @@ buildLinux {
   autoModules = false;
   # preferBuiltin = false;
 
-  inherit features randstructSeed;
+  inherit features kernelPatches randstructSeed structuredExtraConfig;
 }