diff --git a/kernel/configs/fragments/common/base.conf b/kernel/configs/fragments/common/base.conf
index 8bd72a009..55289654d 100644
--- a/kernel/configs/fragments/common/base.conf
+++ b/kernel/configs/fragments/common/base.conf
@@ -21,7 +21,6 @@ CONFIG_FUTEX=y
 CONFIG_HIGH_RES_TIMERS=y
 CONFIG_GENERIC_MSI_IRQ_DOMAIN=y
 CONFIG_GENERIC_MSI_IRQ=y
-CONFIG_LEGACY_VSYSCALL_NONE=y
 CONFIG_NO_HZ=y
 CONFIG_NO_HZ_FULL=y
 CONFIG_POSIX_MQUEUE=y
@@ -32,14 +31,11 @@ CONFIG_SHMEM=y
 
 # For security...
 CONFIG_RELOCATABLE=y
-# FIXME - check if we should be setting this
-# https://github.com/kata-containers/packaging/issues/483
-#CONFIG_RANDOMIZE_BASE=y
+CONFIG_RANDOMIZE_BASE=y
 # FIXME - check if we should be setting this
 # https://github.com/kata-containers/packaging/issues/483
 # I have a feeling it effects our memory hotplug maybe?
 # PHYSICAL_ALIGN=0x1000000
-CONFIG_RETPOLINE=y
 
 # This would only affect two drivers, neither of which we have enabled.
 # The recommendation is to have it on, and you will see if in a diff if you
diff --git a/kernel/configs/fragments/x86_64/base.conf b/kernel/configs/fragments/x86_64/base.conf
index 08023e8ca..a7969c751 100644
--- a/kernel/configs/fragments/x86_64/base.conf
+++ b/kernel/configs/fragments/x86_64/base.conf
@@ -10,3 +10,7 @@ CONFIG_KVM_GUEST=y
 
 # Use the maximum number of CPUs supported by KVM (240)
 CONFIG_NR_CPUS=240
+
+# For security
+CONFIG_LEGACY_VSYSCALL_NONE=y
+CONFIG_RETPOLINE=y