diff --git a/fickit-prepare.yml b/fickit-prepare.yml
index e99e696b..7acbf2f0 100644
--- a/fickit-prepare.yml
+++ b/fickit-prepare.yml
@@ -1,64 +1,92 @@
 kernel:
-  image: nemunaire/kernel:4.9.210-edfde5a675ea193ae1cadf790b69d67ca1f520c2-dirty-amd64
+  image: nemunaire/kernel:4.9.210-e1d178d56edb377b36364eb4890dc4bf430acf77-dirty-amd64
   cmdline: "console=ttyS0 console=tty0"
 
 
 init:
-  - linuxkit/init:c563953a2277eb73a89d89f70e4b6dcdcfebc2d1
-  - linuxkit/runc:83d0edb4552b1a5df1f0976f05f442829eac38fe
-  - linuxkit/getty:2eb742cd7a68e14cf50577c02f30147bc406e478
-
-
-onboot:
-  - name: net-setup
-    image: linuxkit/ip:v0.6
-    command: ["/bin/sh", "-c", "ip a add 10.10.10.5/29 dev eth0; ip link set eth0 up;" ]
-
-  - name: format
-    image: linuxkit/format:v0.6
-    command: ["/bin/sh", "-c", "cat /etc/fdisk_cmd | fdisk /dev/sda && cat /etc/fdisk_cmd | fdisk /dev/sdb && cat /etc/sfdisk_schema | sfdisk /dev/sda && cat /etc/sfdisk_schema | sfdisk /dev/sdb" ]
-    binds:
-      - /dev:/dev
-      - /etc/fdisk_cmd:/etc/fdisk_cmd:ro
-      - /etc/sfdisk_schema:/etc/sfdisk_schema:ro
-
-  - name: raid-setup
-    image: nemunaire/mdadm:18de5ca414227f38a5c0619662077ba5fa26176d
-    command: ["/bin/sh", "-c", "/sbin/mdadm --create /dev/md2 --run --level=1 --metadata=1.0 --raid-devices=2 /dev/sda1 /dev/sdb1; /sbin/mdadm --create /dev/md1 --run --level=1 --metadata=1.1 --raid-devices=2 /dev/sda2 /dev/sdb2; /sbin/mdadm --create /dev/md0 --run --level=1 --metadata=0 --raid-devices=2 /dev/sda3 /dev/sdb3;"]
-
-  - name: format
-    image: linuxkit/format:v0.6
-    command: ["/bin/sh", "-c", "mkswap /dev/md1; mkfs.ext4 /dev/md0 && sync" ]
-    binds:
-      - /dev:/dev
-
-  - name: install-syslinux
-    image: nemunaire/syslinux:4e080937962e68f9f6a962ff6890cb4c62720841
-    command: ["/bin/sh", "/root/install_syslinux", "/dev/sda" , "/dev/sdb" ]
-    binds:
-      - /dev:/dev
-      - /root/install_grub:/root/install_syslinux:ro
-      - /root/update_imgs:/root/update_imgs:ro
-
+  - nemunaire/mdadm:18de5ca414227f38a5c0619662077ba5fa26176d
+  - nemunaire/syslinux:4e080937962e68f9f6a962ff6890cb4c62720841
+  - linuxkit/format:v0.7
+  - linuxkit/dm-crypt:v0.7
+  - alpine:latest
 
 files:
+  - path: /init
+    contents: |
+      #!/bin/sh
+      mount -t devtmpfs none /dev
+      mount -t proc none /proc
+      mount -t sysfs none /sys
+
+      mdev -s
+      mdadm --auto-detect
+
+      ip a add 10.10.10.5/29 dev eth0
+      ip link set eth0 up
+
+      # Try to detect backend/frontend setup
+      if ip l | grep eth3 > /dev/null
+      then
+          DEFAULT_BOOT=1
+          echo "Detected: FRONTEND host"
+      else
+          DEFAULT_BOOT=0
+          echo "Detected: BACKEND host"
+      fi
+
+      read -p "Proceed? (y/N) " V
+      [ "$V" != "y" ] && { while true; do /bin/ash; done }
+
+
+      cat /etc/fdisk_cmd | fdisk /dev/sda &&
+        cat /etc/fdisk_cmd | fdisk /dev/sdb &&
+        cat /etc/sfdisk_schema | sfdisk /dev/sda &&
+        cat /etc/sfdisk_schema | sfdisk /dev/sdb
+
+      /sbin/mdadm --create /dev/md2 --run --level=1 --metadata=1.0 --raid-devices=2 /dev/sda1 /dev/sdb1
+      /sbin/mdadm --create /dev/md1 --run --level=1 --metadata=1.1 --raid-devices=2 /dev/sda2 /dev/sdb2
+      /sbin/mdadm --create /dev/md0 --run --level=1 --metadata=0 --raid-devices=2 /dev/sda3 /dev/sdb3
+
+      mkswap /dev/md1
+      #mkfs.ext4 -F /dev/md0
+      cryptsetup -q -s 512 luksFormat /dev/md0 /etc/dm-crypt/key
+      cryptsetup luksOpen -d /etc/dm-crypt/key /dev/md0 crypt_fic
+      mkfs.ext4 -F /dev/mapper/crypt_fic
+      sync
+
+      mkfs.vfat /dev/md2
+      mkdir -p /boot
+
+      mount /dev/md2 /boot/ && {
+          /root/install_grub ${DEFAULT_BOOT} /dev/sda /dev/sdb
+          /root/update_imgs
+        } ||
+        /bin/ash
+
+      umount /boot &&
+        sync &&
+        reboot -f
+
+      /bin/ash
+    mode: "0755"
+
   - path: root/update_imgs
     source: configs/update_imgs.sh
     mode: "0755"
+
   - path: root/install_syslinux
     contents: |
       #!/bin/sh
-      for p; do
-      mkfs.vfat ${p}
-      mkdir -p /boot
-      mount ${p} /boot/
       mkdir -p /boot/EFI/boot /boot/imgs
+
+      [ $1 == "0" ] && ONTIMEOUT="backend" || ONTIMEOUT="frontend"
+
       cd /usr/share/syslinux/efi64
       cp ldlinux.e64 menu.c32 libcom32.c32 libutil.c32 vesamenu.c32 poweroff.c32 /boot/EFI/boot
       cp syslinux.efi /boot/EFI/boot/bootx64.efi
       cat <<EOF > /boot/syslinux.cfg
       TIMEOUT 30
-      ONTIMEOUT backend
+      ONTIMEOUT ${ONTIMEOUT}
 
       MENU background         #00000000 * *
       MENU color title        * #FF22BBCC *
@@ -89,52 +117,50 @@ files:
             KERNEL poweroff.c32
       EOF
 
-      # BIOS part
-      dd bs=440 conv=notrunc count=1 if=/usr/share/syslinux/mbr.bin of=${p}
-      syslinux --install ${p}
       cp /usr/share/syslinux/libcom32.c32 /usr/share/syslinux/libutil.c32 /usr/share/syslinux/poweroff.c32 /usr/share/syslinux/vesamenu.c32 /boot/
 
-      # Write images
-      /root/update_imgs
-
+      shift
+      for p
+      do
+          # BIOS part
+          dd bs=440 conv=notrunc count=1 if=/usr/share/syslinux/mbr.bin of=${p}
+          syslinux --install ${p}
       done
     mode: "0550"
   - path: root/install_grub
     contents: |
       #!/bin/sh
-      for p; do
-      mkfs.vfat ${p}1
-      mkdir -p /boot
-      mount ${p}1 /boot/
-      mkdir -p /boot/EFI/boot /boot/imgs
-      grub-mkimage -o "/boot/EFI/boot/bootx64.efi" -p /efi/boot -O x86_64-efi fat iso9660 part_gpt part_msdos normal boot linux configfile loopback chain efifwsetup efi_gop efi_uga ls search search_label search_fs_uuid search_fs_file gfxterm gfxterm_background gfxterm_menu test all_video loadenv exfat ext2
-      grub-install --boot-directory="/boot/" --target=i386-pc "${p}"
+      mkdir -p /boot/EFI/boot /boot/grub /boot/imgs
+
       cat <<EOF > /boot/grub/grub.cfg
       set timeout=3
+      set default=$1
 
       menuentry 'FIC Backend' {
       set root=(hd0,1)
-      linux /imgs/fickit-kernel console=ttyS0 console=tty0 root=fickit-backend-squashfs.img
+      linux /imgs/fickit-kernel console=ttyS0 console=tty0 quiet root=fickit-backend-squashfs.img
       initrd /imgs/fickit-boot-initrd.img
       }
 
       menuentry 'FIC Frontend' {
       set root=(hd0,1)
-      linux /imgs/fickit-kernel console=ttyS0 console=tty0 root=fickit-frontend-squashfs.img
+      linux /imgs/fickit-kernel console=ttyS0 console=tty0 quiet root=fickit-frontend-squashfs.img
       initrd /imgs/fickit-boot-initrd.img
       }
 
       menuentry 'Update images' {
       set root=(hd0,1)
-      linux /imgs/fickit-kernel console=ttyS0 console=tty0
+      linux /imgs/fickit-kernel console=ttyS0 console=tty0 quiet
       initrd /imgs/fickit-update-initrd.img
       }
       EOF
       cp "/boot/grub/grub.cfg" "/boot/EFI/boot/grub.cfg"
 
-      # Write images
-      /root/update_imgs
-
+      shift
+      for p
+      do
+          grub-mkimage -o "/boot/EFI/boot/bootx64.efi" -p /efi/boot -O x86_64-efi fat iso9660 part_gpt part_msdos normal boot linux configfile loopback chain efifwsetup efi_gop efi_uga ls search search_label search_fs_uuid search_fs_file gfxterm gfxterm_background gfxterm_menu test all_video loadenv exfat ext2
+          grub-install --boot-directory="/boot/" --target=i386-pc "${p}"
       done
     mode: "0550"
   - path: etc/sfdisk_schema
@@ -148,3 +174,6 @@ files:
       o
       w
     mode: "0440"
+  - path: etc/dm-crypt/key
+    source: configs/dm-crypt.key
+    mode: "0440"
diff --git a/fickit-update.yml b/fickit-update.yml
index 265ef2ad..b47e2c9f 100644
--- a/fickit-update.yml
+++ b/fickit-update.yml
@@ -4,29 +4,51 @@ kernel:
 
 
 init:
-  - linuxkit/init:c563953a2277eb73a89d89f70e4b6dcdcfebc2d1
-  - linuxkit/runc:83d0edb4552b1a5df1f0976f05f442829eac38fe
-  - linuxkit/getty:2eb742cd7a68e14cf50577c02f30147bc406e478
-
-
-onboot:
-  - name: mod
-    image: linuxkit/modprobe:v0.6
-    command: ["/bin/sh", "-c", "modprobe e1000e"]
-  - name: net-setup
-    image: linuxkit/ip:v0.6
-    command: ["/bin/sh", "-c", "ip a add 10.10.10.5/29 dev eth0; ip link set eth0 up; mkdir -p /boot; ping -W 20 -c 1 10.10.10.6; for p in /dev/sda /dev/sdb; do mount ${p}1 /boot/ && /root/update_imgs; umount /boot; done && sync && reboot -f" ]
-    capabilities:
-      - CAP_SYS_ADMIN
-      - CAP_SYS_BOOT
-      - CAP_NET_RAW
-      - CAP_NET_ADMIN
-    binds:
-      - /dev:/dev
-      - /root/update_imgs:/root/update_imgs:ro
+  - nemunaire/mdadm:18de5ca414227f38a5c0619662077ba5fa26176d
+  - alpine:latest
 
 
 files:
+  - path: /init
+    contents: |
+      #!/bin/sh -x
+      mount -t devtmpfs none /dev
+      mount -t proc none /proc
+      mount -t sysfs none /sys
+
+      mdev -s
+      mdadm --auto-detect
+      mdadm --assemble /dev/md2 /dev/sd*1
+
+      ip a add 10.10.10.5/29 dev eth0
+      ip link set eth0 up
+
+      mkdir -p /boot
+
+      # Wait e1000e launched
+      if ! ping -W 2 -c 1 10.10.10.6
+      then
+         sleep 4
+      fi
+
+      while ! ping -W 10 -c 1 10.10.10.6
+      do
+        echo "Unable to contact 10.10.10.6"
+        echo "Exit the shell when connection established."
+        /bin/ash
+      done
+
+      mount /dev/md2 /boot/ &&
+        /root/update_imgs ||
+        /bin/ash
+
+      umount /boot &&
+        sync &&
+        reboot -f
+
+      /bin/ash
+    mode: "0755"
+
   - path: root/update_imgs
     source: configs/update_imgs.sh
     mode: "0755"