diff --git a/brunch-patches/40-disable_stateful_encryption.sh b/brunch-patches/40-disable_stateful_encryption.sh
index 4a460e33ba..05e6f34275 100755
--- a/brunch-patches/40-disable_stateful_encryption.sh
+++ b/brunch-patches/40-disable_stateful_encryption.sh
@@ -7,7 +7,7 @@ cat >/roota/usr/sbin/mount-encrypted <<'MOUNTS'
 #!/bin/bash
 #touch /test
 #echo "mount-encrypted called with args \"$@\"" >> /test
-if [ $# -eq 0 ] && [ ! -c /dev/tpm0 ]; then
+if [ $# -eq 0 ] && [ ! -c /dev/tpm0 ] && [ ! -f /mnt/stateful_partition/factory_install_reset ]; then
 	mkdir -p /mnt/stateful_partition/brunch/swtpm
 	/usr/bin/swtpm chardev --daemon --vtpm-proxy --tpm2 --tpmstate dir=/mnt/stateful_partition/brunch/swtpm --ctrl type=tcp,port=10001 --flags not-need-init
 	until [ -c /dev/tpm0 ]; do sleep 1; done
diff --git a/kernel-patches/brunch_configs b/kernel-patches/brunch_configs
index 278f484241..1cc7a0dfe1 100644
--- a/kernel-patches/brunch_configs
+++ b/kernel-patches/brunch_configs
@@ -3,9 +3,9 @@
 # CONFIG_BOOTPARAM_HARDLOCKUP_PANIC is not set
 # CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set
 # CONFIG_CMA is not set
+# CONFIG_DEBUG_ATOMIC_SLEEP is not set
 # CONFIG_DEBUG_INFO is not set
 # CONFIG_DEBUG_SPINLOCK is not set
-# CONFIG_DEBUG_ATOMIC_SLEEP is not set
 # CONFIG_DRM_AMD_SECURE_DISPLAY is not set
 # CONFIG_ERROR_ON_WARNING is not set
 # CONFIG_INPUT_EVBUG is not set
@@ -14,6 +14,7 @@
 # CONFIG_NETWORK_PHY_TIMESTAMPING is not set
 # CONFIG_NUMA is not set
 # CONFIG_PANIC_ON_OOPS is not set
+# CONFIG_RT_GROUP_SCHED is not set
 # CONFIG_SECURITY_CHROMIUMOS_NO_SYMLINK_MOUNT is not set
 # CONFIG_SECURITY_CHROMIUMOS_NO_UNPRIVILEGED_UNSAFE_MOUNTS is not set
 # CONFIG_SECURITY_CHROMIUMOS_READONLY_PROC_SELF_MEM is not set