diff --git a/kiwi-builder-image/Dockerfile b/kiwi-builder-image/Dockerfile
index 19df2bf..c12eeb4 100644
--- a/kiwi-builder-image/Dockerfile
+++ b/kiwi-builder-image/Dockerfile
@@ -1,8 +1,8 @@
-#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.2.12.0-%RELEASE%
-#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.2.12.0
+#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.2.29.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.2.29.0
 
 # Base image version, should match the tag above
-ARG KIWIVERSION="10.2.12"
+ARG KIWIVERSION="10.2.29"
 FROM registry.suse.com/bci/kiwi:${KIWIVERSION}
 ARG KIWIVERSION
 
diff --git a/kiwi-builder-image/SL-Micro.kiwi b/kiwi-builder-image/SL-Micro.kiwi
index 0cd9b02..5914935 100644
--- a/kiwi-builder-image/SL-Micro.kiwi
+++ b/kiwi-builder-image/SL-Micro.kiwi
@@ -30,16 +30,13 @@
         <profile name="x86-self_install" description="Raw disk for x86_64 - uEFI" arch="x86_64">
             <requires profile="bootloader"/>
         </profile>
-        <profile name="aarch64" description="Raw disk for aarch64 - uEFI" arch="aarch64">
-            <requires profile="bootloader"/>
-        </profile>
         <profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
             <requires profile="bootloader"/>
         </profile>
         <profile name="aarch64-rt" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
             <requires profile="bootloader"/>
         </profile>
-        <profile name="aarch64-rt-rpi" description="Raw disk for aarch64 with RT kernel on Raspberry Pi" arch="aarch64">
+        <profile name="aarch64-rt-encrypted" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
             <requires profile="bootloader"/>
         </profile>
         <profile name="aarch64-rt-self_install" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
@@ -60,6 +57,15 @@
         <profile name="rpi" description="Raw disk for Raspberry Pi" arch="aarch64">
             <requires profile="bootloader"/>
         </profile>
+        <profile name="rpi-self_install" description="Raw disk for Raspberry Pi" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="aarch64" description="Raw disk for Raspberry Pi" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="aarch64-encrypted" description="Raw disk for Raspberry Pi" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
         <profile name="x86-qcow" description="qcow2 for x86_64 - uEFI" arch="x86_64">
             <requires profile="bootloader"/>
         </profile>
@@ -90,6 +96,15 @@
         <profile name="ppc64le-4096ss-self_install" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
             <requires profile="bootloader"/>
         </profile>
+        <profile name="aarch64-64kb" description="Build 64K page size aarch64 images" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="aarch64-64kb-encrypted" description="Build 64K page size aarch64 images" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="aarch64-64kb-self_install" description="Build 64K page size aarch64 images" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
         <!-- Images (flavor + platform) -->
         <profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
             <requires profile="full"/>
@@ -154,18 +169,10 @@
             <requires profile="full"/>
             <requires profile="aarch64"/>
         </profile>
-        <profile name="Default-RPi" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
-            <requires profile="full"/>
-            <requires profile="rpi"/>
-        </profile>
         <profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
             <requires profile="container-host"/>
             <requires profile="aarch64"/>
         </profile>
-        <profile name="Base-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
-            <requires profile="container-host"/>
-            <requires profile="rpi"/>
-        </profile>
         <profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
             <requires profile="container-host"/>
             <requires profile="x86-rt"/>
@@ -179,10 +186,6 @@
             <requires profile="container-host"/>
             <requires profile="aarch64-rt"/>
         </profile>
-        <profile name="Base-RT-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
-            <requires profile="container-host"/>
-            <requires profile="aarch64-rt-rpi"/>
-        </profile>
         <profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
             <requires profile="container-host"/>
             <requires profile="aarch64-rt-self_install"/>
@@ -277,10 +280,42 @@
             <requires profile="ppc64le-4096ss-self_install"/>
             <requires profile="self_install"/>
         </profile>
+	<profile name="Default-64kb-SelfInstall" description="SL Micro with 64K page size images" arch="aarch64">
+            <requires profile="full"/>
+            <requires profile="aarch64-64kb-self_install"/>
+        </profile>
+	<profile name="Base-64kb-SelfInstall" description="SL Micro with 64K page size images" arch="aarch64">
+            <requires profile="container-host"/>
+            <requires profile="aarch64-64kb-self_install"/>
+        </profile>
+	<profile name="Default-64kb" description="SL Micro with 64K page size images" arch="aarch64">
+            <requires profile="full"/>
+            <requires profile="aarch64-64kb"/>
+        </profile>
+	<profile name="Base-64kb" description="SL Micro with 64K page size images" arch="aarch64">
+            <requires profile="container-host"/>
+            <requires profile="aarch64-64kb"/>
+        </profile>
+	<profile name="Default-64kb-encrypted" description="SL Micro with 64K page size images" arch="aarch64">
+            <requires profile="full"/>
+            <requires profile="aarch64-64kb-encrypted"/>
+        </profile>
+	<profile name="Base-64kb-encrypted" description="SL Micro with 64K page size images" arch="aarch64">
+            <requires profile="container-host"/>
+            <requires profile="aarch64-64kb-encrypted"/>
+        </profile>
+	<profile name="RaspberryPi-SelfInstall" description="SL Micro for Rapsberry Pi" arch="aarch64">
+            <requires profile="full"/>
+            <requires profile="rpi-self_install"/>
+        </profile>
+	<profile name="RaspberryPi" description="SL Micro for Raspberry Pi" arch="aarch64">
+            <requires profile="full"/>
+            <requires profile="rpi"/>
+        </profile>
     </profiles>
 
     <preferences profiles="x86-encrypted,x86-rt-encrypted">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -291,7 +326,8 @@
             initrd_system="dracut"
             filesystem="btrfs"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
+            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 rd.kiwi.oem.luks.reencrypt rd.kiwi.oem.luks.reencrypt_randompass quiet systemd.show_status=1"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -323,7 +359,7 @@
         </type>
     </preferences>
     <preferences profiles="x86,x86-rt">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -334,7 +370,8 @@
             initrd_system="dracut"
             filesystem="btrfs"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
+            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -359,7 +396,7 @@
     </preferences>
 
     <preferences profiles="x86-self_install,x86-rt-self_install">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -374,7 +411,8 @@
             installboot="install"
             install_continue_on_timeout="false"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
+            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -397,9 +435,8 @@
             </systemdisk>
         </type>
     </preferences>
-
-    <preferences profiles="rpi,aarch64-rt-rpi">
-        <version>6.1</version>
+    <preferences profiles="aarch64,aarch64-rt,aarch64-64kb">
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -414,11 +451,96 @@
             install_continue_on_timeout="false"
             fsmountoptions="noatime"
             firmware="uefi"
-            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
+            efipartsize="512"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1"
+            bootpartition="false"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="false"
+            disk_start_sector="8192"
+        >
+            <bootloader name="grub2" console="gfxterm" timeout="3" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+    <preferences profiles="aarch64-encrypted,aarch64-rt-encrypted,aarch64-64kb-encrypted">
+        <version>6.2</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            initrd_system="dracut"
+            installiso="true"
+            filesystem="btrfs"
+            installboot="install"
+            install_continue_on_timeout="false"
+            fsmountoptions="noatime"
+            firmware="uefi"
+            efipartsize="512"
+            kernelcmdline="security=selinux selinux=1 rd.kiwi.oem.luks.reencrypt rd.kiwi.oem.luks.reencrypt_randompass quiet systemd.show_status=1"
+            bootpartition="false"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="false"
+            disk_start_sector="8192"
+            luks_version="luks2"
+            luks="1234"
+	    luks_randomize="false"
+	    luks_pbkdf="pbkdf2"
+        >
+            <luksformat>
+                <option name="--cipher" value="aes-xts-plain64"/>
+            </luksformat>
+            <bootloader name="grub2" console="gfxterm" use_disk_password="true" timeout="3" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+    <preferences profiles="rpi">
+        <version>6.2</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            initrd_system="dracut"
+            installiso="true"
+            filesystem="btrfs"
+            installboot="install"
+            install_continue_on_timeout="false"
+            fsmountoptions="noatime"
+            firmware="uefi"
+            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
             bootpartition="false"
             devicepersistency="by-uuid"
             btrfs_root_is_snapshot="true"
-            efipartsize="128"
             editbootinstall="editbootinstall_rpi.sh"
             btrfs_root_is_readonly_snapshot="true"
             btrfs_quota_groups="false"
@@ -438,9 +560,8 @@
             </systemdisk>
         </type>
     </preferences>
-
-    <preferences profiles="aarch64,aarch64-rt">
-        <version>6.1</version>
+    <preferences profiles="aarch64-self_install,aarch64-rt-self_install,aarch64-64kb-self_install">
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -450,19 +571,20 @@
             image="oem"
             initrd_system="dracut"
             installiso="true"
+            installpxe="true"
             filesystem="btrfs"
             installboot="install"
             install_continue_on_timeout="false"
-            fsmountoptions="noatime"
             firmware="uefi"
-            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
+            efipartsize="512"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1"
             bootpartition="false"
+            bootkernel="custom"
             devicepersistency="by-uuid"
             btrfs_root_is_snapshot="true"
-            efipartsize="128"
             btrfs_root_is_readonly_snapshot="true"
-            btrfs_quota_groups="false"
-            disk_start_sector="4096"
+            btrfs_quota_groups="true"
+            disk_start_sector="8192"
         >
             <bootloader name="grub2" console="gfxterm" timeout="3" />
             <systemdisk>
@@ -478,8 +600,8 @@
             </systemdisk>
         </type>
     </preferences>
-    <preferences profiles="aarch64-self_install,aarch64-rt-self_install">
-        <version>6.1</version>
+    <preferences profiles="rpi-self_install">
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -494,13 +616,14 @@
             installboot="install"
             install_continue_on_timeout="false"
             firmware="uefi"
-            efipartsize="128"
-            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
+            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
             btrfs_root_is_snapshot="true"
             btrfs_root_is_readonly_snapshot="true"
+            editbootinstall="editbootinstall_rpi.sh"
             btrfs_quota_groups="true"
             disk_start_sector="4096"
         >
@@ -520,7 +643,7 @@
     </preferences>
 
     <preferences profiles="s390-kvm">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -558,7 +681,7 @@
 
 
     <preferences profiles="s390-dasd">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -596,7 +719,7 @@
 
 
     <preferences profiles="s390-fba">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -631,7 +754,7 @@
     </preferences>
 
     <preferences profiles="s390-fcp">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -670,7 +793,7 @@
     </preferences>
 
     <preferences profiles="x86-vmware">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -681,6 +804,7 @@
             filesystem="btrfs"
             format="vmdk"
             firmware="uefi"
+            efipartsize="512"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -701,11 +825,11 @@
                 <volume name="var" copy_on_write="false"/>
             </systemdisk>
             <size unit="G">24</size>
-            <machine memory="1024" HWversion="10" guestOS="suse-64"/>
+            <machine memory="1024" HWversion="17" guestOS="suse-64"/>
         </type>
     </preferences>
     <preferences profiles="x86-qcow">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -716,7 +840,8 @@
             format="qcow2"
             filesystem="btrfs"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
+            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=qemu"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -742,7 +867,7 @@
     </preferences>
 
     <preferences profiles="aarch64-qcow">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -753,8 +878,8 @@
             format="qcow2"
             filesystem="btrfs"
             firmware="uefi"
-            efipartsize="128"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
+            efipartsize="512"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=qemu"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -777,7 +902,7 @@
     </preferences>
 
     <preferences profiles="ppc64le-512ss">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -788,7 +913,7 @@
             image="oem"
             filesystem="btrfs"
             firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -810,7 +935,7 @@
         </type>
     </preferences>
     <preferences profiles="ppc64le-4096ss">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -824,7 +949,7 @@
             target_blocksize="4096"
             filesystem="btrfs"
             firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -847,7 +972,7 @@
     </preferences>
 
     <preferences profiles="ppc64le-512ss-self_install">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -860,7 +985,7 @@
             installpxe="true"
             filesystem="btrfs"
             firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=metal"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet ignition.platform.id=metal"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -887,7 +1012,7 @@
         </type>
     </preferences>
     <preferences profiles="ppc64le-4096ss-self_install">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -903,7 +1028,7 @@
             target_blocksize="4096"
             filesystem="btrfs"
             firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -936,20 +1061,17 @@
     </repository>
 
     <packages type="image" profiles="full">
-        <namedCollection name="base_transactional"/>
-        <package name="patterns-base-transactional"/>
-        <namedCollection name="salt_minion"/>
-	<package name="patterns-base-salt_minion"/>
+        <namedCollection name="transactional_base"/>
+        <package name="patterns-base-transactional_base"/>
         <namedCollection name="kvm_host"/>
-	<package name="patterns-base-kvm_host"/>
+	<package name="patterns-micro-kvm_host"/>
 	<package name="lzop"/>
         <namedCollection name="container_runtime_podman"/>
         <package name="patterns-container-runtime_podman"/>
         <namedCollection name="cockpit"/>
-        <package name="patterns-base-cockpit"/>
+        <package name="patterns-cockpit"/>
         <namedCollection name="selinux"/>
         <package name="patterns-base-selinux"/>
-        <package name="policycoreutils-python-utils"/>
         <package name="suseconnect-ng"/>
         <package name="SL-Micro-release"/>
         <package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -959,7 +1081,7 @@
 	<package name="libpwquality-tools"/>
     </packages>
 
-    <packages type="image" profiles="x86-encrypted,x86-rt-encrypted">
+    <packages type="image" profiles="x86-encrypted,x86-rt-encrypted,aarch64-encrypted,aarch64-rt-encrypted,aarch64-64kb-encrypted">
         <!-- full disk encryption stuff -->
         <package name="device-mapper"/>
         <package name="cryptsetup"/>
@@ -972,13 +1094,12 @@
     </packages>
 
     <packages type="image" profiles="container-host">
-        <namedCollection name="base_transactional"/>
-        <package name="patterns-base-transactional"/>
+        <namedCollection name="transactional_base"/>
+        <package name="patterns-base-transactional_base"/>
         <namedCollection name="container_runtime_podman"/>
         <package name="patterns-container-runtime_podman"/>
         <namedCollection name="selinux"/>
         <package name="patterns-base-selinux"/>
-        <package name="policycoreutils-python-utils"/>
         <package name="suseconnect-ng"/>
         <package name="SL-Micro-release"/>
         <package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -1002,16 +1123,16 @@
 	<package name="jeos-firstboot"/>
     </packages>
 
-    <packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow">
+    <packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow,ppc64le-512ss,ppc64le-4096ss,s390-dasd,s390-fcp">
         <package name="cloud-init"/>
         <package name="cloud-init-config-suse"/>
     </packages>
 
     <packages type="image">
-        <namedCollection name="base_transactional"/>
-        <package name="patterns-base-transactional"/>
+        <namedCollection name="transactional_base"/>
+        <package name="patterns-base-transactional_base"/>
         <namedCollection name="hardware"/>
-        <package name="patterns-base-hardware"/>
+        <package name="patterns-micro-hardware"/>
         <package name="grub2"/>
         <package name="glibc-locale-base"/>
         <package name="ca-certificates"/>
@@ -1033,6 +1154,7 @@
 	<!-- FIXME does not build without control file which is obsolete
 	<package name="live-add-yast-repos"/> -->
 	<package name="parted"/> <!-- seems missing to deploy the image -->
+	<package name="iptables"/> <!-- needed by RKE2 -->
     </packages>
 
     <packages type="image" profiles="bootloader">
@@ -1049,11 +1171,15 @@
 	    <package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
     </packages>
     <!-- rpi kernel-default-base does not provide all necessary drivers -->
-    <packages type="image" profiles="rpi,aarch64-self_install,x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
+    <packages type="image" profiles="aarch64,rpi,rpi-self_install,aarch64-self_install,x86,x86-encrypted,aarch64-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
         <package name="kernel-default"/>
         <package name="kernel-firmware-all"/>
     </packages>
-    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
+    <packages type="image" profiles="aarch64-64kb,aarch64-64kb-encrypted,aarch64-64kb-self_install">
+        <package name="kernel-64kb"/>
+        <package name="kernel-firmware-all"/>
+    </packages>
+    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-encrypted,aarch64-rt-self_install">
         <package name="kernel-rt"/>
         <package name="kernel-firmware-all"/>
 	<!-- FIXME intentionally removed from ALP code stream
@@ -1068,17 +1194,18 @@
     <packages type="image" profiles="s390-fcp">
         <package name="multipath-tools"/>
     </packages>
-    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64,aarch64-qcow,rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
+    <!-- "oem" images uses kiwi for partition/fs resize (-repart) and SelfInstall images in addition for deployment (-dump). -->
+    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,aarch64,aarch64-encrypted,aarch64-64kb-encrypted,rpi,rpi-self_install,aarch64-self_install,aarch64-64kb,aarch64-64kb-self_install,aarch64-rt,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
         <package name="dracut-kiwi-oem-repart"/>
         <package name="dracut-kiwi-oem-dump"/>
     </packages>
-    <packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
+    <packages type="image" profiles="rpi,rpi-self_install">
         <package name="raspberrypi-firmware" arch="aarch64"/>
         <package name="raspberrypi-firmware-config" arch="aarch64"/>
         <package name="raspberrypi-firmware-dt" arch="aarch64"/>
         <package name="u-boot-rpiarm64" arch="aarch64"/>
     </packages>
-    <packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install">
+    <packages type="image" profiles="aarch64,rpi,rpi-self_install,aarch64-self_install,aarch64-rt,aarch64-64kb,aarch64-rt-self_install,aarch64-encrypted,aarch64-rt-encrypted,aarchte-64kb-encrypted">
         <package name="dracut-kiwi-oem-repart"/>
         <package name="bcm43xx-firmware"/>
         <package name="wireless-regdb"/>
@@ -1104,12 +1231,12 @@
     </packages>
 
     <!-- jsc#PED-8599 -->
-    <packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096">
+    <packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096,Base-64kb-encrypted,Default-64kb-encrypted">
         <package name="usbguard"/>
     </packages>
 
     <!-- jsc#PED-8788 -->
-    <packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-self_install">
+    <packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-encrypted,aarch64-rt-self_install">
         <package name="stalld"/>
     </packages>
 </image>
diff --git a/kiwi-builder-image/SL-Micro.kiwi.4096 b/kiwi-builder-image/SL-Micro.kiwi.4096
index 4887385..b747850 100644
--- a/kiwi-builder-image/SL-Micro.kiwi.4096
+++ b/kiwi-builder-image/SL-Micro.kiwi.4096
@@ -30,16 +30,13 @@
         <profile name="x86-self_install" description="Raw disk for x86_64 - uEFI" arch="x86_64">
             <requires profile="bootloader"/>
         </profile>
-        <profile name="aarch64" description="Raw disk for aarch64 - uEFI" arch="aarch64">
-            <requires profile="bootloader"/>
-        </profile>
         <profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
             <requires profile="bootloader"/>
         </profile>
         <profile name="aarch64-rt" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
             <requires profile="bootloader"/>
         </profile>
-        <profile name="aarch64-rt-rpi" description="Raw disk for aarch64 with RT kernel on Raspberry Pi" arch="aarch64">
+        <profile name="aarch64-rt-encrypted" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
             <requires profile="bootloader"/>
         </profile>
         <profile name="aarch64-rt-self_install" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
@@ -60,6 +57,15 @@
         <profile name="rpi" description="Raw disk for Raspberry Pi" arch="aarch64">
             <requires profile="bootloader"/>
         </profile>
+        <profile name="rpi-self_install" description="Raw disk for Raspberry Pi" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="aarch64" description="Raw disk for Raspberry Pi" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="aarch64-encrypted" description="Raw disk for Raspberry Pi" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
         <profile name="x86-qcow" description="qcow2 for x86_64 - uEFI" arch="x86_64">
             <requires profile="bootloader"/>
         </profile>
@@ -90,6 +96,15 @@
         <profile name="ppc64le-4096ss-self_install" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
             <requires profile="bootloader"/>
         </profile>
+        <profile name="aarch64-64kb" description="Build 64K page size aarch64 images" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="aarch64-64kb-encrypted" description="Build 64K page size aarch64 images" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="aarch64-64kb-self_install" description="Build 64K page size aarch64 images" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
         <!-- Images (flavor + platform) -->
         <profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
             <requires profile="full"/>
@@ -154,18 +169,10 @@
             <requires profile="full"/>
             <requires profile="aarch64"/>
         </profile>
-        <profile name="Default-RPi" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
-            <requires profile="full"/>
-            <requires profile="rpi"/>
-        </profile>
         <profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
             <requires profile="container-host"/>
             <requires profile="aarch64"/>
         </profile>
-        <profile name="Base-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
-            <requires profile="container-host"/>
-            <requires profile="rpi"/>
-        </profile>
         <profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
             <requires profile="container-host"/>
             <requires profile="x86-rt"/>
@@ -179,10 +186,6 @@
             <requires profile="container-host"/>
             <requires profile="aarch64-rt"/>
         </profile>
-        <profile name="Base-RT-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
-            <requires profile="container-host"/>
-            <requires profile="aarch64-rt-rpi"/>
-        </profile>
         <profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
             <requires profile="container-host"/>
             <requires profile="aarch64-rt-self_install"/>
@@ -277,10 +280,42 @@
             <requires profile="ppc64le-4096ss-self_install"/>
             <requires profile="self_install"/>
         </profile>
+	<profile name="Default-64kb-SelfInstall" description="SL Micro with 64K page size images" arch="aarch64">
+            <requires profile="full"/>
+            <requires profile="aarch64-64kb-self_install"/>
+        </profile>
+	<profile name="Base-64kb-SelfInstall" description="SL Micro with 64K page size images" arch="aarch64">
+            <requires profile="container-host"/>
+            <requires profile="aarch64-64kb-self_install"/>
+        </profile>
+	<profile name="Default-64kb" description="SL Micro with 64K page size images" arch="aarch64">
+            <requires profile="full"/>
+            <requires profile="aarch64-64kb"/>
+        </profile>
+	<profile name="Base-64kb" description="SL Micro with 64K page size images" arch="aarch64">
+            <requires profile="container-host"/>
+            <requires profile="aarch64-64kb"/>
+        </profile>
+	<profile name="Default-64kb-encrypted" description="SL Micro with 64K page size images" arch="aarch64">
+            <requires profile="full"/>
+            <requires profile="aarch64-64kb-encrypted"/>
+        </profile>
+	<profile name="Base-64kb-encrypted" description="SL Micro with 64K page size images" arch="aarch64">
+            <requires profile="container-host"/>
+            <requires profile="aarch64-64kb-encrypted"/>
+        </profile>
+	<profile name="RaspberryPi-SelfInstall" description="SL Micro for Rapsberry Pi" arch="aarch64">
+            <requires profile="full"/>
+            <requires profile="rpi-self_install"/>
+        </profile>
+	<profile name="RaspberryPi" description="SL Micro for Raspberry Pi" arch="aarch64">
+            <requires profile="full"/>
+            <requires profile="rpi"/>
+        </profile>
     </profiles>
 
     <preferences profiles="x86-encrypted,x86-rt-encrypted">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -291,7 +326,8 @@
             initrd_system="dracut"
             filesystem="btrfs"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
+            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 rd.kiwi.oem.luks.reencrypt rd.kiwi.oem.luks.reencrypt_randompass quiet systemd.show_status=1"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -325,7 +361,7 @@
         </type>
     </preferences>
     <preferences profiles="x86,x86-rt">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -336,7 +372,8 @@
             initrd_system="dracut"
             filesystem="btrfs"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
+            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -363,7 +400,7 @@
     </preferences>
 
     <preferences profiles="x86-self_install,x86-rt-self_install">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -378,7 +415,8 @@
             installboot="install"
             install_continue_on_timeout="false"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
+            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -403,9 +441,8 @@
             </systemdisk>
         </type>
     </preferences>
-
-    <preferences profiles="rpi,aarch64-rt-rpi">
-        <version>6.1</version>
+    <preferences profiles="aarch64,aarch64-rt,aarch64-64kb">
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -420,11 +457,98 @@
             install_continue_on_timeout="false"
             fsmountoptions="noatime"
             firmware="uefi"
-            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
+            efipartsize="512"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1"
+            bootpartition="false"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="false"
+            disk_start_sector="8192"
+            target_blocksize="4096"
+        >
+            <bootloader name="grub2" console="gfxterm" timeout="3" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+    <preferences profiles="aarch64-encrypted,aarch64-rt-encrypted,aarch64-64kb-encrypted">
+        <version>6.2</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            initrd_system="dracut"
+            installiso="true"
+            filesystem="btrfs"
+            installboot="install"
+            install_continue_on_timeout="false"
+            fsmountoptions="noatime"
+            firmware="uefi"
+            efipartsize="512"
+            kernelcmdline="security=selinux selinux=1 rd.kiwi.oem.luks.reencrypt rd.kiwi.oem.luks.reencrypt_randompass quiet systemd.show_status=1"
+            bootpartition="false"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="false"
+            disk_start_sector="8192"
+            luks_version="luks2"
+            luks="1234"
+	    luks_randomize="false"
+	    luks_pbkdf="pbkdf2"
+            target_blocksize="4096"
+        >
+            <luksformat>
+                <option name="--cipher" value="aes-xts-plain64"/>
+            </luksformat>
+            <bootloader name="grub2" console="gfxterm" use_disk_password="true" timeout="3" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+    <preferences profiles="rpi">
+        <version>6.2</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            initrd_system="dracut"
+            installiso="true"
+            filesystem="btrfs"
+            installboot="install"
+            install_continue_on_timeout="false"
+            fsmountoptions="noatime"
+            firmware="uefi"
+            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
             bootpartition="false"
             devicepersistency="by-uuid"
             btrfs_root_is_snapshot="true"
-            efipartsize="128"
             editbootinstall="editbootinstall_rpi.sh"
             btrfs_root_is_readonly_snapshot="true"
             btrfs_quota_groups="false"
@@ -444,9 +568,8 @@
             </systemdisk>
         </type>
     </preferences>
-
-    <preferences profiles="aarch64,aarch64-rt">
-        <version>6.1</version>
+    <preferences profiles="aarch64-self_install,aarch64-rt-self_install,aarch64-64kb-self_install">
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -456,19 +579,21 @@
             image="oem"
             initrd_system="dracut"
             installiso="true"
+            installpxe="true"
             filesystem="btrfs"
             installboot="install"
             install_continue_on_timeout="false"
-            fsmountoptions="noatime"
             firmware="uefi"
-            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
+            efipartsize="512"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1"
             bootpartition="false"
+            bootkernel="custom"
             devicepersistency="by-uuid"
             btrfs_root_is_snapshot="true"
-            efipartsize="128"
             btrfs_root_is_readonly_snapshot="true"
-            btrfs_quota_groups="false"
-            disk_start_sector="4096"
+            btrfs_quota_groups="true"
+            disk_start_sector="8192"
+            target_blocksize="4096"
         >
             <bootloader name="grub2" console="gfxterm" timeout="3" />
             <systemdisk>
@@ -484,8 +609,8 @@
             </systemdisk>
         </type>
     </preferences>
-    <preferences profiles="aarch64-self_install,aarch64-rt-self_install">
-        <version>6.1</version>
+    <preferences profiles="rpi-self_install">
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -500,13 +625,14 @@
             installboot="install"
             install_continue_on_timeout="false"
             firmware="uefi"
-            efipartsize="128"
-            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
+            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
             btrfs_root_is_snapshot="true"
             btrfs_root_is_readonly_snapshot="true"
+            editbootinstall="editbootinstall_rpi.sh"
             btrfs_quota_groups="true"
             disk_start_sector="4096"
         >
@@ -526,7 +652,7 @@
     </preferences>
 
     <preferences profiles="s390-kvm">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -564,7 +690,7 @@
 
 
     <preferences profiles="s390-dasd">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -602,7 +728,7 @@
 
 
     <preferences profiles="s390-fba">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -637,7 +763,7 @@
     </preferences>
 
     <preferences profiles="s390-fcp">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -676,7 +802,7 @@
     </preferences>
 
     <preferences profiles="x86-vmware">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -687,6 +813,7 @@
             filesystem="btrfs"
             format="vmdk"
             firmware="uefi"
+            efipartsize="512"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -707,11 +834,11 @@
                 <volume name="var" copy_on_write="false"/>
             </systemdisk>
             <size unit="G">24</size>
-            <machine memory="1024" HWversion="10" guestOS="suse-64"/>
+            <machine memory="1024" HWversion="17" guestOS="suse-64"/>
         </type>
     </preferences>
     <preferences profiles="x86-qcow">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -722,15 +849,14 @@
             format="qcow2"
             filesystem="btrfs"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
+            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=qemu"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
             btrfs_root_is_snapshot="true"
             btrfs_root_is_readonly_snapshot="true"
             btrfs_quota_groups="true"
-            target_blocksize="4096"
-            efipartsize="200"
         >
             <bootloader name="grub2" console="gfxterm" timeout="3" />
             <systemdisk>
@@ -750,7 +876,7 @@
     </preferences>
 
     <preferences profiles="aarch64-qcow">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -761,8 +887,8 @@
             format="qcow2"
             filesystem="btrfs"
             firmware="uefi"
-            efipartsize="128"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
+            efipartsize="512"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=qemu"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -785,7 +911,7 @@
     </preferences>
 
     <preferences profiles="ppc64le-512ss">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -796,7 +922,7 @@
             image="oem"
             filesystem="btrfs"
             firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -818,7 +944,7 @@
         </type>
     </preferences>
     <preferences profiles="ppc64le-4096ss">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -832,7 +958,7 @@
             target_blocksize="4096"
             filesystem="btrfs"
             firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -855,7 +981,7 @@
     </preferences>
 
     <preferences profiles="ppc64le-512ss-self_install">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -868,7 +994,7 @@
             installpxe="true"
             filesystem="btrfs"
             firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=metal"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet ignition.platform.id=metal"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -895,7 +1021,7 @@
         </type>
     </preferences>
     <preferences profiles="ppc64le-4096ss-self_install">
-        <version>6.1</version>
+        <version>6.2</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -911,7 +1037,7 @@
             target_blocksize="4096"
             filesystem="btrfs"
             firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -944,20 +1070,17 @@
     </repository>
 
     <packages type="image" profiles="full">
-        <namedCollection name="base_transactional"/>
-        <package name="patterns-base-transactional"/>
-        <namedCollection name="salt_minion"/>
-	<package name="patterns-base-salt_minion"/>
+        <namedCollection name="transactional_base"/>
+        <package name="patterns-base-transactional_base"/>
         <namedCollection name="kvm_host"/>
-	<package name="patterns-base-kvm_host"/>
+	<package name="patterns-micro-kvm_host"/>
 	<package name="lzop"/>
         <namedCollection name="container_runtime_podman"/>
         <package name="patterns-container-runtime_podman"/>
         <namedCollection name="cockpit"/>
-        <package name="patterns-base-cockpit"/>
+        <package name="patterns-cockpit"/>
         <namedCollection name="selinux"/>
         <package name="patterns-base-selinux"/>
-        <package name="policycoreutils-python-utils"/>
         <package name="suseconnect-ng"/>
         <package name="SL-Micro-release"/>
         <package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -967,7 +1090,7 @@
 	<package name="libpwquality-tools"/>
     </packages>
 
-    <packages type="image" profiles="x86-encrypted,x86-rt-encrypted">
+    <packages type="image" profiles="x86-encrypted,x86-rt-encrypted,aarch64-encrypted,aarch64-rt-encrypted,aarch64-64kb-encrypted">
         <!-- full disk encryption stuff -->
         <package name="device-mapper"/>
         <package name="cryptsetup"/>
@@ -980,13 +1103,12 @@
     </packages>
 
     <packages type="image" profiles="container-host">
-        <namedCollection name="base_transactional"/>
-        <package name="patterns-base-transactional"/>
+        <namedCollection name="transactional_base"/>
+        <package name="patterns-base-transactional_base"/>
         <namedCollection name="container_runtime_podman"/>
         <package name="patterns-container-runtime_podman"/>
         <namedCollection name="selinux"/>
         <package name="patterns-base-selinux"/>
-        <package name="policycoreutils-python-utils"/>
         <package name="suseconnect-ng"/>
         <package name="SL-Micro-release"/>
         <package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -1010,16 +1132,16 @@
 	<package name="jeos-firstboot"/>
     </packages>
 
-    <packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow">
+    <packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow,ppc64le-512ss,ppc64le-4096ss,s390-dasd,s390-fcp">
         <package name="cloud-init"/>
         <package name="cloud-init-config-suse"/>
     </packages>
 
     <packages type="image">
-        <namedCollection name="base_transactional"/>
-        <package name="patterns-base-transactional"/>
+        <namedCollection name="transactional_base"/>
+        <package name="patterns-base-transactional_base"/>
         <namedCollection name="hardware"/>
-        <package name="patterns-base-hardware"/>
+        <package name="patterns-micro-hardware"/>
         <package name="grub2"/>
         <package name="glibc-locale-base"/>
         <package name="ca-certificates"/>
@@ -1041,6 +1163,7 @@
 	<!-- FIXME does not build without control file which is obsolete
 	<package name="live-add-yast-repos"/> -->
 	<package name="parted"/> <!-- seems missing to deploy the image -->
+	<package name="iptables"/> <!-- needed by RKE2 -->
     </packages>
 
     <packages type="image" profiles="bootloader">
@@ -1057,11 +1180,15 @@
 	    <package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
     </packages>
     <!-- rpi kernel-default-base does not provide all necessary drivers -->
-    <packages type="image" profiles="rpi,aarch64-self_install,x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
+    <packages type="image" profiles="aarch64,rpi,rpi-self_install,aarch64-self_install,x86,x86-encrypted,aarch64-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
         <package name="kernel-default"/>
         <package name="kernel-firmware-all"/>
     </packages>
-    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
+    <packages type="image" profiles="aarch64-64kb,aarch64-64kb-encrypted,aarch64-64kb-self_install">
+        <package name="kernel-64kb"/>
+        <package name="kernel-firmware-all"/>
+    </packages>
+    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-encrypted,aarch64-rt-self_install">
         <package name="kernel-rt"/>
         <package name="kernel-firmware-all"/>
 	<!-- FIXME intentionally removed from ALP code stream
@@ -1076,17 +1203,18 @@
     <packages type="image" profiles="s390-fcp">
         <package name="multipath-tools"/>
     </packages>
-    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64,aarch64-qcow,rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
+    <!-- "oem" images uses kiwi for partition/fs resize (-repart) and SelfInstall images in addition for deployment (-dump). -->
+    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,aarch64,aarch64-encrypted,aarch64-64kb-encrypted,rpi,rpi-self_install,aarch64-self_install,aarch64-64kb,aarch64-64kb-self_install,aarch64-rt,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
         <package name="dracut-kiwi-oem-repart"/>
         <package name="dracut-kiwi-oem-dump"/>
     </packages>
-    <packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
+    <packages type="image" profiles="rpi,rpi-self_install">
         <package name="raspberrypi-firmware" arch="aarch64"/>
         <package name="raspberrypi-firmware-config" arch="aarch64"/>
         <package name="raspberrypi-firmware-dt" arch="aarch64"/>
         <package name="u-boot-rpiarm64" arch="aarch64"/>
     </packages>
-    <packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install">
+    <packages type="image" profiles="aarch64,rpi,rpi-self_install,aarch64-self_install,aarch64-rt,aarch64-64kb,aarch64-rt-self_install,aarch64-encrypted,aarch64-rt-encrypted,aarchte-64kb-encrypted">
         <package name="dracut-kiwi-oem-repart"/>
         <package name="bcm43xx-firmware"/>
         <package name="wireless-regdb"/>
@@ -1112,12 +1240,12 @@
     </packages>
 
     <!-- jsc#PED-8599 -->
-    <packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096">
+    <packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096,Base-64kb-encrypted,Default-64kb-encrypted">
         <package name="usbguard"/>
     </packages>
 
     <!-- jsc#PED-8788 -->
-    <packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-self_install">
+    <packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-encrypted,aarch64-rt-self_install">
         <package name="stalld"/>
     </packages>
 </image>
diff --git a/kiwi-builder-image/build-image.sh b/kiwi-builder-image/build-image.sh
index 0eb86e5..bd95ea1 100644
--- a/kiwi-builder-image/build-image.sh
+++ b/kiwi-builder-image/build-image.sh
@@ -28,7 +28,7 @@ LARGEBLOCK=false
 usage(){
   cat <<-EOF
   =====================================
-  SUSE Linux Micro 6.1 Kiwi SDK Builder
+  SUSE Linux Micro 6.2 Kiwi SDK Builder
   =====================================
 
   Usage: ${0} [-p <profile>] [-b]
@@ -36,13 +36,12 @@ usage(){
   Profile Options (-p):
   * Default: RAW Disk Image with default packages (incl. Podman & KVM)
   * Default-SelfInstall: SelfInstall ISO with default packages
-  * Default-RPi: RAW Disk Image for Raspberry Pi (aarch64 only with MBR)
   * Base: RAW Disk Image with reduced package set (no KVM)
   * Base-SelfInstall: SelfInstall ISO with reduced packages
   * Base-RT: RAW Disk Image with reduced packages and kernel-rt
   * Base-RT-SelfInstall: SelfInstall ISO with reduced packages and kernel-rt
-  * Base-RT-RPi: RAW Disk image for Raspberry Pi with kernel-rt (aarch64 only with MBR)
-  * Base-RPi: RAW Disk Image for Raspberry Pi with reduced packages (aarch64 only with MBR)
+  * RaspberryPi: RAW Disk Image for Raspberry Pi with default packages (aarch64 only with MBR)
+  * RaspberryPi-SelfInstall: SelfInstall ISO for Raspberry Pi with default packages (aarch64 only with MBR)
 
   4096 Blocksize (-b): If specified, use a 4096 blocksize (rather than 512) when generating the image.
 
@@ -83,9 +82,15 @@ if $LARGEBLOCK; then
   mv /micro-sdk/defs/SL-Micro.kiwi.4096 /micro-sdk/defs/SL-Micro.kiwi
 fi
 
+# Create temporary directory that supports seclabel
+dir=$(mktemp -d)
+mkdir -p /tmp/output/tmp-dir
+mount -t tmpfs $dir /tmp/output/tmp-dir
+
 # Build the image
-kiwi-ng --debug --profile $PROFILE system build \
-    --description /micro-sdk/defs --target-dir /tmp/output --ignore-repos-used-for-build $REPOS
+kiwi-ng --temp-dir /tmp/output/tmp-dir --debug --profile $PROFILE \
+    system build --description /micro-sdk/defs --target-dir /tmp/output \
+    --ignore-repos-used-for-build $REPOS
 
 # Print output
 RESULT=$?
diff --git a/kiwi-builder-image/config.sh b/kiwi-builder-image/config.sh
index cc9f1b0..d56f627 100644
--- a/kiwi-builder-image/config.sh
+++ b/kiwi-builder-image/config.sh
@@ -188,7 +188,6 @@ cat >/etc/fstab.script <<"EOF"
 #!/bin/sh
 set -eux
 
-/usr/sbin/setup-fstab-for-overlayfs
 # If /var is on a different partition than /...
 if [ "$(findmnt -snT / -o SOURCE)" != "$(findmnt -snT /var -o SOURCE)" ]; then
 	# ... set options for autoexpanding /var