diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
index 2981e79..74801ed 100644
--- a/.github/workflows/build-and-test.yml
+++ b/.github/workflows/build-and-test.yml
@@ -13,7 +13,7 @@ env:
   ARCH: 'x86_64'
   IMAGE_NAME: 'base'
   IMAGE_REPO: 'quay.io/fedora-ostree-desktops'
-  VERSION: '39'
+  IMAGE_TAG: '39'
   VARIANT: 'Server'
   SECURE_BOOT_KEY_URL: 'https://github.com/ublue-os/akmods/raw/main/certs/public_key.der'
   ENROLLMENT_PASSWORD: 'container-installer'
@@ -64,6 +64,11 @@ jobs:
     permissions:
       contents: read
       packages: write
+    strategy:
+      matrix:
+        version:
+          - 38
+          - 39
     steps:
       - name: Checkout repo
         uses: actions/checkout@v4
@@ -88,20 +93,21 @@ jobs:
           arch: ${{ env.ARCH}}
           image_name: ${{ env.IMAGE_NAME}}
           image_repo: ${{ env.IMAGE_REPO}}
-          version: ${{ env.VERSION }}
+          image_tag: ${{ env.IMAGE_TAG }}
+          version: ${{ matrix.version }}
           variant: ${{ env.VARIANT }}
           secure_boot_key_url: ${{ env.SECURE_BOOT_KEY_URL }}
           enrollment_password: ${{ env.ENROLLMENT_PASSWORD }}
 
       - name: Rename ISO
         run: |
-          mv build/deploy.iso build/${{ env.IMAGE_NAME }}-${{ env.VERSION }}.iso
+          mv build/deploy.iso build/${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso
 
       - name: Upload ISO as artifact
         id: upload
         uses: actions/upload-artifact@v4
         with:
-          name: ${{ env.IMAGE_NAME }}-${{ env.VERSION }}.iso
+          name: ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso
           path: build/*.iso
           if-no-files-found: error
           retention-days: 0
@@ -115,6 +121,11 @@ jobs:
     permissions:
       contents: read
       packages: write
+    strategy:
+      matrix:
+        version:
+          - 38
+          - 39
     steps:
       - name: Checkout repo
         uses: actions/checkout@v4
@@ -131,15 +142,15 @@ jobs:
       - name: Download generated ISO
         uses: actions/download-artifact@v4
         with:
-          name: ${{ env.IMAGE_NAME }}-${{ env.VERSION }}.iso
+          name: ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso
     
       - name: Verify ISO
-        run: checkisomd5 ${{ env.IMAGE_NAME }}-${{ env.VERSION }}.iso
+        run: checkisomd5 ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso
 
       - name: Run ISO checks
         run: |
-          mv ${{ env.IMAGE_NAME }}-${{ env.VERSION }}.iso deploy.iso
-          make test-iso
+          mv ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso deploy.iso
+          make test-iso VERSION=${{ matrix.version }}
 
       - name: Add Kickstart and Grub options to ISO
         run: |
diff --git a/Makefile b/Makefile
index 3fcacdb..c09e88f 100644
--- a/Makefile
+++ b/Makefile
@@ -10,7 +10,8 @@ WEB_UI = false
 REPOS = $(subst :,\:,$(shell ls /etc/yum.repos.d/*.repo))
 ENROLLMENT_PASSWORD =
 SECURE_BOOT_KEY_URL =
-ADDITIONAL_TEMPLATES = 
+ADDITIONAL_TEMPLATES =
+EXTRA_BOOT_PARAMS =
 ROOTFS_SIZE = 4
 DNF_CACHE = 
 
@@ -159,6 +160,8 @@ container/$(IMAGE_NAME)-$(IMAGE_TAG):
 
 # Step 5: Generate xorriso script
 xorriso/%.sh: xorriso/%.sh.in
+	sed -i 's/quiet/quiet $(EXTRA_BOOT_PARAMS)/g' results/boot/grub2/grub.cfg
+	sed -i 's/quiet/quiet $(EXTRA_BOOT_PARAMS)/g' results/EFI/BOOT/grub.cfg
 	$(eval _VARS = IMAGE_NAME IMAGE_TAG ARCH VERSION)
 	$(foreach var,$(_VARS),$(var)=$($(var))) envsubst '$(foreach var,$(_VARS),$$$(var))' < $(_BASE_DIR)/xorriso/$*.sh.in > $(_BASE_DIR)/xorriso/$*.sh 
 
diff --git a/lorax_templates/scripts/post/configure_upgrades b/lorax_templates/scripts/post/configure_upgrades
index 5b56ef2..761764d 100644
--- a/lorax_templates/scripts/post/configure_upgrades
+++ b/lorax_templates/scripts/post/configure_upgrades
@@ -1,7 +1,7 @@
 <%page args="image_repo, _image_repo_double_escaped, image_name, image_tag"/>
 if (which bootc &> /dev/null)
 then
-  bootc switch ${image_repo}/${image_name}:${image_tag}
+  bootc switch --mutate-in-place --enforce-container-sigpolicy --transport registry ${image_repo}/${image_name}:${image_tag}
 else
   sed -i 's/container-image-reference=.*/container-image-reference=ostree-image-signed:docker:\/\/${_image_repo_double_escaped}\/${image_name}:${image_tag}/' /ostree/deploy/default/deploy/*.origin
 fi
diff --git a/xorriso/gen_input.sh.in b/xorriso/gen_input.sh.in
index 00acd91..f2f678c 100644
--- a/xorriso/gen_input.sh.in
+++ b/xorriso/gen_input.sh.in
@@ -5,14 +5,22 @@ echo "-outdev $(pwd)/build/deploy.iso"
 echo "-boot_image any replay"
 echo "-joliet on"
 echo "-compliance joliet_long_names"
-if [ -f $(pwd)/sb_pubkey.der ]; then
+echo "-map $(pwd)/results/boot/grub2/grub.cfg boot/grub2/grub.cfg"
+echo "-chmod 0444 boot/grub2/grub.cfg"
+echo "-map $(pwd)/results/EFI/BOOT/grub.cfg EFI/BOOT/grub.cfg"
+echo "-chmod 0444 EFI/BOOT/grub.cfg"
+
+if [ -f $(pwd)/sb_pubkey.der ]
+then
 	echo "-map $(pwd)/sb_pubkey.der sb_pubkey.der"
 	echo "-chmod 0444 /sb_pubkey.der"
 fi
-pushd container >/dev/null
-for file in $(find ${IMAGE_NAME}-${IMAGE_TAG}); do
-	echo "-map $(pwd)/${file} ${file}"
-	echo "-chmod 0444 ${file}"
+
+pushd container > /dev/null
+for file in $(find ${IMAGE_NAME}-${IMAGE_TAG})
+do
+    echo "-map $(pwd)/${file} ${file}"
+    echo "-chmod 0444 ${file}"
 done
 popd > /dev/null
 echo "-end"