diff --git a/debian/changelog b/debian/changelog
index 07c6bb0..0f4538a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,24 @@
+live-build (1:20180925) unstable; urgency=medium
+
+  [ Raphaël Hertzog ]
+  * Handle includes.chroot files installed over symlinked directories
+
+  [ Marcel Partap ]
+  * copy keys to /etc/apt/trusted.gpg.d with appropriate extension for
+    them to not be ignored.
+
+  [ Steven Shiau ]
+  * Use gcd{x64.aa64}.efi.signed for amd64/arm64 arch.
+
+  [ Luca Boccassi ]
+  * UEFI: remove the EFI/debian/grub.cfg, not necessary anymore
+  * Build-Depend on debhelper >= 10~ to facilitate backports.
+  * Add Rules-Requires-Root: no.
+  * Bump Standards-Version to 4.2.1.
+  * lintian: override error on dependency on e2fsprogs
+
+ -- Luca Boccassi <bluca@debian.org>  Tue, 25 Sep 2018 14:28:19 +0100
+
 live-build (1:20180618kali1) kali-dev; urgency=medium
 
   * Synchronize with Debian. Remaining changes:
diff --git a/debian/control b/debian/control
index 504c6ab..b8bdd0d 100644
--- a/debian/control
+++ b/debian/control
@@ -5,10 +5,11 @@
 Uploaders: Raphaël Hertzog <hertzog@debian.org>,
  Luca Boccassi <bluca@debian.org>,
 Build-Depends:
- debhelper (>= 10),
+ debhelper (>= 10~),
  po4a,
  gettext,
-Standards-Version: 4.1.4
+Standards-Version: 4.2.1
+Rules-Requires-Root: no
 Homepage: https://debian-live.alioth.debian.org/live-build/
 Vcs-Browser: https://salsa.debian.org/live-team/live-build
 Vcs-Git: https://salsa.debian.org/live-team/live-build.git
diff --git a/debian/live-build.lintian-overrides b/debian/live-build.lintian-overrides
index 45aec4f..898c0bc 100644
--- a/debian/live-build.lintian-overrides
+++ b/debian/live-build.lintian-overrides
@@ -1 +1,2 @@
 live-build: symlink-should-be-relative
+live-build: depends-on-essential-package-without-using-version suggests: e2fsprogs
diff --git a/scripts/build/binary_grub-efi b/scripts/build/binary_grub-efi
index 946e38e..7afa07e 100755
--- a/scripts/build/binary_grub-efi
+++ b/scripts/build/binary_grub-efi
@@ -82,7 +82,7 @@
 		set +e
 		Install_package
 		set -e
-		Check_installed chroot /usr/lib/grub/${_SB_EFI_PLATFORM}-efi-signed/grub${_SB_EFI_NAME}.efi.signed \
+		Check_installed chroot /usr/lib/grub/${_SB_EFI_PLATFORM}-efi-signed/gcd${_SB_EFI_NAME}.efi.signed \
 			grub-efi-${_SB_EFI_DEB}-signed
 		_GRUB_INSTALL_STATUS="${INSTALL_STATUS}"
 		Check_installed chroot /usr/lib/shim/shim${_SB_EFI_NAME}.efi.signed \
@@ -96,7 +96,7 @@
 		fi
 	;;
 	enable)
-		Check_package chroot /usr/lib/grub/${_SB_EFI_PLATFORM}-efi-signed/grub${_SB_EFI_NAME}.efi.signed \
+		Check_package chroot /usr/lib/grub/${_SB_EFI_PLATFORM}-efi-signed/gcd${_SB_EFI_NAME}.efi.signed \
 			grub-efi-${_SB_EFI_DEB}-signed
 		Check_package chroot /usr/lib/shim/shim${_SB_EFI_NAME}.efi.signed \
 			shim-signed
@@ -174,24 +174,19 @@
 	#   and grub-efi-amd64-signed, currently in Ubuntu:
 	#    https://packages.ubuntu.com/xenial/amd64/grub-efi-amd64-signed/filelist
 	#    https://packages.ubuntu.com/bionic/arm64/grub-efi-arm64-signed/filelist
-	if [ -r ${_CHROOT_DIR}/usr/lib/grub/\$platform-signed/grub\$efi_name.efi.signed -a \
+	#    E.g., gcdx64.efi.signed is the boot loader for removable device, like CD or
+        #    USB flash drive, while grubx64.efi.signed is for hard drive.
+        #    Therefore here gcdx64.efi.signed is used for amd64 and gcdaa64.efi.signed is 
+	#    for arm64.
+	if [ -r ${_CHROOT_DIR}/usr/lib/grub/\$platform-signed/gcd\$efi_name.efi.signed -a \
 			-r ${_CHROOT_DIR}/usr/lib/shim/shim\$efi_name.efi.signed -a \
 			"${LB_UEFI_SECURE_BOOT}" != "disable" ]; then
-		mkdir -p "${_CHROOT_DIR}/grub-efi-temp/EFI/\$EFI_VENDOR"
-		cp ${_CHROOT_DIR}/usr/lib/grub/\$platform-signed/grub\$efi_name.efi.signed \
+		cp ${_CHROOT_DIR}/usr/lib/grub/\$platform-signed/gcd\$efi_name.efi.signed \
 			${_CHROOT_DIR}/grub-efi-temp/EFI/boot/grub\$efi_name.efi
 		cp ${_CHROOT_DIR}/usr/lib/shim/shim\$efi_name.efi.signed \
 			${_CHROOT_DIR}/grub-efi-temp/EFI/boot/boot\$efi_name.efi
 	fi
 }
-
-# The EFI vendor, used by Grub to set the directory in the monolithic image, depends
-# on the distro vendor set at Grub's build time. It will be added to the package metadata.
-EFI_VENDOR="\$(dpkg-query -f='\${Efi-Vendor}' -W grub-efi-${_SB_EFI_DEB}-bin)"
-# If it's missing, fallback to the previous usage of just "debian".
-if [ -z "$EFI_VENDOR" ]; then
-	EFI_VENDOR="debian"
-fi
 
 PRE_EFI_IMAGE_PATH="${PATH}"
 if [ ! -e "${LIVE_BUILD}" ] ; then
@@ -248,14 +243,6 @@
 # directories: EFI EFI/boot boot boot/grub
 size=\$((\$size + 4096 * 4))
 
-# EFI/\$EFI_VENDOR and additional grub.cfg
-if [ -d "${_CHROOT_DIR}/grub-efi-temp/EFI/\$EFI_VENDOR" ]; then
-	size=\$((\$size + 4096))
-	size=\$((\$size + \$(stat -c %s "${_CHROOT_DIR}/grub-efi-temp-cfg/grub.cfg")))
-	cp ${_CHROOT_DIR}/grub-efi-temp-cfg/grub.cfg \
-		"${_CHROOT_DIR}/grub-efi-temp/EFI/\$EFI_VENDOR"
-fi
-
 blocks=\$(((\$size / 1024 + 55) / 32 * 32 ))
 
 rm -f ${_CHROOT_DIR}/grub-efi-temp/boot/grub/efi.img
@@ -264,12 +251,6 @@
 mmd -i "${_CHROOT_DIR}/grub-efi-temp/boot/grub/efi.img" ::EFI/boot
 mcopy -o -i "${_CHROOT_DIR}/grub-efi-temp/boot/grub/efi.img" ${_CHROOT_DIR}/grub-efi-temp/EFI/boot/*.efi \
 	"::EFI/boot"
-
-if [ -d "${_CHROOT_DIR}/grub-efi-temp/EFI/\$EFI_VENDOR" ]; then
-	mmd -i "${_CHROOT_DIR}/grub-efi-temp/boot/grub/efi.img" "::EFI/\$EFI_VENDOR"
-	mcopy -o -i "${_CHROOT_DIR}/grub-efi-temp/boot/grub/efi.img" \
-		${_CHROOT_DIR}/grub-efi-temp-cfg/grub.cfg "::EFI/\$EFI_VENDOR"
-fi
 
 mmd -i "${_CHROOT_DIR}/grub-efi-temp/boot/grub/efi.img" ::boot
 mmd -i "${_CHROOT_DIR}/grub-efi-temp/boot/grub/efi.img" ::boot/grub
diff --git a/scripts/build/bootstrap_archives b/scripts/build/bootstrap_archives
index ccb1f76..e1f6c93 100755
--- a/scripts/build/bootstrap_archives
+++ b/scripts/build/bootstrap_archives
@@ -222,7 +222,12 @@
 	do
 		if [ -e "${FILE}" ]
 		then
-			cp ${FILE} chroot/etc/apt/trusted.gpg.d/$(basename ${FILE}).asc
+			if grep -q "PGP PUBLIC KEY BLOCK" "${FILE}"
+			then
+				cp ${FILE} chroot/etc/apt/trusted.gpg.d/$(basename ${FILE}).asc
+			else
+				cp ${FILE} chroot/etc/apt/trusted.gpg.d/$(basename ${FILE}).gpg
+			fi
 		fi
 	done
 fi
diff --git a/scripts/build/chroot_archives b/scripts/build/chroot_archives
index cfc3114..9ca6a78 100755
--- a/scripts/build/chroot_archives
+++ b/scripts/build/chroot_archives
@@ -353,7 +353,12 @@
 				do
 					if [ -e "${FILE}" ]
 					then
-						cp ${FILE} chroot/etc/apt/trusted.gpg.d/$(basename ${FILE}).asc
+						if grep -q "PGP PUBLIC KEY BLOCK" "${FILE}"
+						then
+							cp ${FILE} chroot/etc/apt/trusted.gpg.d/$(basename ${FILE}).asc
+						else
+							cp ${FILE} chroot/etc/apt/trusted.gpg.d/$(basename ${FILE}).gpg
+						fi
 					fi
 				done
 			fi
diff --git a/scripts/build/chroot_includes b/scripts/build/chroot_includes
index 21c0e26..6ab4e28 100755
--- a/scripts/build/chroot_includes
+++ b/scripts/build/chroot_includes
@@ -42,8 +42,12 @@
 then
 	# Copying includes
 	cd config/includes.chroot
-	find . | cpio -dmpu --no-preserve-owner "${OLDPWD}"/chroot
+	Echo_message "Creating a tarball with files from includes.chroot..."
+	tar cf "${OLDPWD}"/chroot/includes.chroot.tar .
 	cd "${OLDPWD}"
+	Echo_message "Extracting the tarball in the chroot..."
+	Chroot chroot "tar -xvf includes.chroot.tar --no-same-owner --keep-directory-symlink --overwrite"
+	rm chroot/includes.chroot.tar
 
 	# Creating stage file
 	Create_stagefile .build/includes.chroot