diff --git a/Dockerfile.dapper b/Dockerfile.dapper
index 51a5c37..7768bbf 100644
--- a/Dockerfile.dapper
+++ b/Dockerfile.dapper
@@ -13,7 +13,7 @@ ARG HOST_ARCH=${DAPPER_HOST_ARCH}
 ARG ARCH=${HOST_ARCH}
 
 RUN apt-get update \
-    && apt-get install -y build-essential wget libncurses5-dev unzip bc curl python rsync ccache git vim libssl-dev kmod
+    && apt-get install -y build-essential wget libncurses5-dev unzip bc curl python rsync ccache git vim libssl-dev kmod gnupg2
 
 # Install dapper
 RUN curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m | sed 's/arm.*/arm/') > /usr/bin/dapper \
@@ -62,9 +62,12 @@ RUN curl -fL ${DOCKER_URL_amd64} > /usr/bin/docker && \
     chmod +x /usr/bin/docker
 
 ########## Kernel version Configuration #############################
-ENV KERNEL_TAG=4.9
-ENV KERNEL_VERSION=${KERNEL_TAG}-rancher2
-ENV KERNEL_SHA1=fa46da077c077467776cdc45a7b50d327a081ab4
-ENV KERNEL_URL=https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-${KERNEL_TAG}.tar.xz
+ENV KERNEL_TAG=4.9.1
+ENV KERNEL_VERSION=${KERNEL_TAG}-rancher
+#ENV KERNEL_SHA1=fa46da077c077467776cdc45a7b50d327a081ab4
+ENV KERNEL_URL=https://cdn.kernel.org/pub/linux/kernel/v4.x/
+ENV KERNEL_TAR=linux-${KERNEL_TAG}.tar.xz
+ENV KERNEL_SIGN=linux-${KERNEL_TAG}.tar.sign
+# for rc testing
 #ENV KERNEL_URL=https://cdn.kernel.org/pub/linux/kernel/v4.x/testing/linux-${KERNEL_TAG}.tar.xz
 
diff --git a/README.md b/README.md
index 2c6137d..e4f300b 100644
--- a/README.md
+++ b/README.md
@@ -15,9 +15,3 @@ package up the result by running
 
 You may need to adjust the expected module list files.
 
-## Notes
-
-```
-+: ${KERNEL_URL:="https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.8.1.tar.xz"}
-+: ${KERNEL_SHA1:="af418cf983819e99fb4bd0c200a10d9568a2ac52"}
-```	
diff --git a/config/kernel-config b/config/kernel-config
index b49baf5..cbad056 100644
--- a/config/kernel-config
+++ b/config/kernel-config
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.9.0 Kernel Configuration
+# Linux/x86 4.9.1 Kernel Configuration
 #
 CONFIG_64BIT=y
 CONFIG_X86_64=y
diff --git a/scripts/build-kernel b/scripts/build-kernel
index df61569..275e95e 100755
--- a/scripts/build-kernel
+++ b/scripts/build-kernel
@@ -9,7 +9,6 @@ source scripts/version
 export CCACHE_DIR="${HOME}/.kernel-ccache"
 export CC="ccache gcc"
 export PATH="/usr/lib/ccache:$PATH"
-KERNEL=$(basename ${KERNEL_URL})
 DIR=${VERSION}
 FIRMWARE=$(readlink -f scripts/firmware)
 MODULE_LIST=$(readlink -f modules.list)
diff --git a/scripts/download b/scripts/download
index 0b1c0ce..cf39adf 100755
--- a/scripts/download
+++ b/scripts/download
@@ -6,37 +6,19 @@ cd $(dirname $0)/..
 
 source scripts/build-common
 
-check()
-{
-    local hash=$1
-    local file=$2
+mkdir -p ${ARTIFACTS}
+cd ${ARTIFACTS}
 
-    if [ ! -e "$file" ]; then
-        return 1
-    fi
+if [ ! -e "${KERNEL_TAR}" ]; then
+    curl -sL ${KERNEL_URL}${KERNEL_TAR} > ${KERNEL_TAR}
+fi
+curl -sL ${KERNEL_URL}${KERNEL_SIGN} > ${KERNEL_SIGN}
 
-    CURRENT=$(sha1sum $file | awk '{print $1}')
+# grab gregkh's stable signing key 
+gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 6092693E
 
-    [ "$hash" = "$CURRENT" ]
-}
-
-download()
-{
-    mkdir -p ${ARTIFACTS}
-
-    local url=$2
-    local file=${ARTIFACTS}/$(basename $2)
-    local hash=$1
-
-    if ! check $hash $file; then
-        curl -sL $url > $file
-    fi
-
-    if ! check $hash $file; then
-        echo "ERROR: $file does not match checksum $hash, got $CURRENT" 1>&2
-        return 1
-    fi
-}
-
-# Download Kernel source
-download ${KERNEL_SHA1} ${KERNEL_URL}
+if ! xz -cd ${KERNEL_TAR} | gpg2 --verify ${KERNEL_SIGN} - ; then
+    echo "ERROR: ${KERNEL_TAR} signing error" 1>&2
+    return 1
+fi
+echo "${KERNEL_TAR} probably ok"
diff --git a/scripts/extract b/scripts/extract
index 236a80e..bf14eb5 100755
--- a/scripts/extract
+++ b/scripts/extract
@@ -6,20 +6,19 @@ cd $(dirname $0)/..
 source scripts/build-common
 source scripts/version
 
-KERNEL=$(basename ${KERNEL_URL})
 DIR=${VERSION}
 
 mkdir -p ${BUILD}
 cd ${BUILD}
 
 if [ ! -e ${DIR} ]; then
-    echo Extracting ${ARTIFACTS}/${KERNEL}
+    echo Extracting ${ARTIFACTS}/${KERNEL_TAR}
     TEMP=$(mktemp -d -p ${BUILD})
     mkdir ${TEMP}/${DIR}
     trap "rm -rf ${TEMP}" exit
 
-    ls -lah ${ARTIFACTS}/${KERNEL}
-    tar xf ${ARTIFACTS}/${KERNEL} -C ${TEMP}/${DIR} --strip-components=1
+    ls -lah ${ARTIFACTS}/${KERNEL_TAR}
+    tar xf ${ARTIFACTS}/${KERNEL_TAR} -C ${TEMP}/${DIR} --strip-components=1
     mv ${TEMP}/${DIR} ${DIR}
 fi
 
diff --git a/scripts/package-kernel b/scripts/package-kernel
index 0bcea28..2e5b9f7 100755
--- a/scripts/package-kernel
+++ b/scripts/package-kernel
@@ -25,7 +25,6 @@ done
 export CCACHE_DIR="${HOME}/.kernel-ccache"
 export CC="ccache gcc"
 export PATH="/usr/lib/ccache:$PATH"
-KERNEL=$(basename ${KERNEL_URL})
 FIRMWARE=$(readlink -f scripts/firmware)
 MODULE_LIST=$(readlink -f modules.list)
 MODULE_EXTRA_LIST=$(readlink -f modules-extra.list)