diff --git a/SOURCES/0026.patch b/SOURCES/0026.patch
index 9055552..433769d 100644
--- a/SOURCES/0026.patch
+++ b/SOURCES/0026.patch
@@ -112,3 +112,4 @@ index 37148b07..895ecebd 100644
  
  ACTION=="change", KERNEL=="dm-[0-9]*", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}!="1", GOTO="do_pss"
  KERNEL=="cciss[0-9]*", GOTO="do_pss"
+
diff --git a/SOURCES/0027.patch b/SOURCES/0027.patch
new file mode 100644
index 0000000..1b067dc
--- /dev/null
+++ b/SOURCES/0027.patch
@@ -0,0 +1,32 @@
+From ce722c7307e48a991d8450360a1a0183dfdb4915 Mon Sep 17 00:00:00 2001
+From: Jonathan Lebon <jonathan@jlebon.com>
+Date: Tue, 29 Oct 2019 09:35:41 -0400
+Subject: [PATCH] 01fips: fix HMAC file path resolution
+
+There is a small regression in #343: when handling the 'separate boot
+partition' case, we're checking for the kernel image in the wrong
+location: `BOOT_IMAGE` is the `/boot`-relative path to the kernel image,
+so `/boot/${BOOT_IMAGE_PATH}/${BOOT_IMAGE}` expands to e.g.
+`/boot/mysubdir1/mysubdir2/mysubdir1/mysubdir2/vmlinuz...`.
+
+We should be using `BOOT_IMAGE_NAME` here instead (and in fact, the next
+if-statement does this correctly, so it might've just been accidentally
+left out of #343).
+---
+ modules.d/01fips/fips.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh
+index beaa692b..c3dbcf74 100755
+--- a/modules.d/01fips/fips.sh
++++ b/modules.d/01fips/fips.sh
+@@ -118,7 +118,7 @@ do_fips()
+ 
+         if [ -z "$BOOT_IMAGE_NAME" ]; then
+             BOOT_IMAGE_NAME="vmlinuz-${KERNEL}"
+-        elif ! [ -e "/boot/${BOOT_IMAGE_PATH}/${BOOT_IMAGE}" ]; then
++        elif ! [ -e "/boot/${BOOT_IMAGE_PATH}/${BOOT_IMAGE_NAME}" ]; then
+             #if /boot is not a separate partition BOOT_IMAGE might start with /boot
+             BOOT_IMAGE_PATH=${BOOT_IMAGE_PATH#"/boot"}
+             #on some achitectures BOOT_IMAGE does not contain path to kernel
+
diff --git a/SOURCES/0028.patch b/SOURCES/0028.patch
new file mode 100644
index 0000000..c4791df
--- /dev/null
+++ b/SOURCES/0028.patch
@@ -0,0 +1,33 @@
+From b4ef00aebea4e201be493b4a9520de71b188f42d Mon Sep 17 00:00:00 2001
+From: Jonathan Lebon <jonathan@jlebon.com>
+Date: Tue, 29 Oct 2019 16:47:34 -0400
+Subject: [PATCH] 01fips: run sha512hmac from directory HMAC file directory
+
+That way, the HMAC file can contain a relative path instead of an
+absolute one. The issue is that right now the kernel RPM bakes the
+`/boot/vmlinuz-${kver}` path into the HMAC file which poses an issue for
+rpm-ostree systems (and any other system where the kernel isn't simply
+in the top-level `/boot`.
+
+For now, we're hacking around this in rpm-ostree:
+https://github.com/coreos/rpm-ostree/pull/1934
+
+Though I'd like to propose the same change in the kernel spec file.
+---
+ modules.d/01fips/fips.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh
+index c3dbcf74..893143d0 100755
+--- a/modules.d/01fips/fips.sh
++++ b/modules.d/01fips/fips.sh
+@@ -135,7 +135,7 @@ do_fips()
+             return 1
+         fi
+ 
+-        sha512hmac -c "${BOOT_IMAGE_HMAC}" || return 1
++        (cd "${BOOT_IMAGE_HMAC%/*}" && sha512hmac -c "${BOOT_IMAGE_HMAC}") || return 1
+     fi
+ 
+     info "All initrd crypto checks done"
+
diff --git a/SOURCES/0029.patch b/SOURCES/0029.patch
new file mode 100644
index 0000000..ad7da76
--- /dev/null
+++ b/SOURCES/0029.patch
@@ -0,0 +1,26 @@
+From d07e4025e05de0461444c196102020919cdb5c2d Mon Sep 17 00:00:00 2001
+From: Jonathan Lebon <jonathan@jlebon.com>
+Date: Tue, 29 Oct 2019 16:53:00 -0400
+Subject: [PATCH] 01fips: add / in BOOT_IMAGE_HMAC filename for clarity
+
+It's already the case the `BOOT_IMAGE_PATH` today, in the non-empty
+case, includes a trailing `/`, but let's add it to the path we build
+here too to make it more obvious.
+---
+ modules.d/01fips/fips.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh
+index 893143d0..de2755b0 100755
+--- a/modules.d/01fips/fips.sh
++++ b/modules.d/01fips/fips.sh
+@@ -129,7 +129,7 @@ do_fips()
+             fi
+         fi
+ 
+-        BOOT_IMAGE_HMAC="/boot/${BOOT_IMAGE_PATH}.${BOOT_IMAGE_NAME}.hmac"
++        BOOT_IMAGE_HMAC="/boot/${BOOT_IMAGE_PATH}/.${BOOT_IMAGE_NAME}.hmac"
+         if ! [ -e "${BOOT_IMAGE_HMAC}" ]; then
+             warn "${BOOT_IMAGE_HMAC} does not exist"
+             return 1
+
diff --git a/SOURCES/0030.patch b/SOURCES/0030.patch
new file mode 100644
index 0000000..75f35bd
--- /dev/null
+++ b/SOURCES/0030.patch
@@ -0,0 +1,33 @@
+From f3acdc517f1494301a9d8c4352a50a92bc3dbbf1 Mon Sep 17 00:00:00 2001
+From: Jonathan Lebon <jonathan@jlebon.com>
+Date: Tue, 29 Oct 2019 16:54:10 -0400
+Subject: [PATCH] 01fips: trim off GRUB boot device from BOOT_IMAGE
+
+E.g. in RHCOS, the `BOOT_IMAGE` from the cmdline is:
+
+(hd0,gpt1)/ostree/rhcos-e493371e5ee8407889029ec979955a2b86fd7e3cae5a0591b9db1cd248d966e8/vmlinuz-4.18.0-146.el8.x86_64
+
+Which of course is a GRUB thing, not an actual pathname we'll be able to
+resolve. In fact, we can simply scrap it off from the variable. Our code
+is already able to handle both cases: whether the device refers to a
+separate boot partition, or just the root filesystem with a regular
+`/boot` directory.
+---
+ modules.d/01fips/fips.sh | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh
+index de2755b0..559952ca 100755
+--- a/modules.d/01fips/fips.sh
++++ b/modules.d/01fips/fips.sh
+@@ -113,6 +113,10 @@ do_fips()
+         do_rhevh_check /run/initramfs/live/isolinux/vmlinuz0 || return 1
+     else
+         BOOT_IMAGE="$(getarg BOOT_IMAGE)"
++
++        # Trim off any leading GRUB boot device (e.g. ($root) )
++        BOOT_IMAGE="$(echo "${BOOT_IMAGE}" | sed 's/^(.*)//')"
++
+         BOOT_IMAGE_NAME="${BOOT_IMAGE##*/}"
+         BOOT_IMAGE_PATH="${BOOT_IMAGE%${BOOT_IMAGE_NAME}}"
+ 
diff --git a/SPECS/dracut.spec b/SPECS/dracut.spec
index 6545820..60f7728 100644
--- a/SPECS/dracut.spec
+++ b/SPECS/dracut.spec
@@ -9,7 +9,7 @@
 
 Name: dracut
 Version: 049
-Release: %{dist_free_release}%{?dist}
+Release: %{dist_free_release}%{?dist}.1
 
 Summary: Initramfs generator using udev
 %if 0%{?fedora} || 0%{?rhel}
@@ -54,6 +54,10 @@ Patch23: 0023.patch
 Patch24: 0024.patch
 Patch25: 0025.patch
 Patch26: 0026.patch
+Patch27: 0027.patch
+Patch28: 0028.patch
+Patch29: 0029.patch
+Patch30: 0030.patch
 
 Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
 
@@ -507,6 +511,9 @@ install -m 0755 51-dracut-rescue-postinst.sh $RPM_BUILD_ROOT%{_sysconfdir}/kerne
 %endif
 
 %changelog
+* Wed Nov 06 2019 Lukas Nykryn <lnykryn@redhat.com> - 049-27.git20190906.1
+- various fixes to adapt to RHCOS and FCOS
+
 * Fri Sep 06 2019 Lukas Nykryn <lnykryn@redhat.com> - 049-27.git20190906
 - modules.d: fix udev rules detection of multipath devices