diff --git a/Scripts/Common/Deblob.sh b/Scripts/Common/Deblob.sh
index 8db30843..e01bf36e 100755
--- a/Scripts/Common/Deblob.sh
+++ b/Scripts/Common/Deblob.sh
@@ -35,6 +35,7 @@ echo "Deblobbing..."
 	blobs=""; #Delimited using "|"
 	makes="";
 	overlay="";
+	ipcSec="";
 	kernels=""; #Delimited using " "
 	sepolicy="";
 
@@ -51,9 +52,10 @@ echo "Deblobbing..."
 	#aptX (Bluetooth Audio Compression Codec) [Qualcomm]
 	blobs=$blobs"|.*aptX.*";
 
-	#ATFWD [Qualcomm]
-	blobs=$blobs"|ATFWD-daemon|atfwd.apk";
-	sepolicy=$sepolicy" atfwd.te";
+	#AT Command Handling/Forwarding
+	blobs=$blobs"|bin[/]atd|ATFWD-daemon|atfwd.apk|port-bridge|drexe|log_serial_arm";
+	#blobs=$blobs"libqmi.so|wankit|nvm_server|mmgr";
+	sepolicy=$sepolicy" atfwd.te port-bridge.te";
 
 	#AudioFX (Audio Effects) [Qualcomm]
 	if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then
@@ -78,8 +80,10 @@ echo "Deblobbing..."
 	makes=$makes"libcnefeatureconfig";
 	sepolicy=$sepolicy" cnd.te qcneservice.te";
 
-	#Diagnostics [Qualcomm]
-	blobs=$blobs"|[/]diag[/]|diag_callback_client|diag_dci_sample|diag_klog|diag_mdlog|diag_mdlog-getlogs|diag_mdlog-wrap|diag[/]mdm|diag_qshrink4_daemon|diag_socket_log|diag_uart_log|drmdiagapp|ibdrmdiag.so|ssr_diag|test_diag";
+	#Diagnostics
+	blobs=$blobs"|[/]diag[/]|diag_callback_client|diag_dci_sample|diag_klog|diag_mdlog|diag_mdlog-getlogs|diag_mdlog-wrap|diag[/]mdm|diag_qshrink4_daemon|diag_socket_log|diag_uart_log|drmdiagapp|ibdrmdiag.so|ssr_diag|test_diag|cnss_diag";
+	blobs=$blobs"|libdiag.so|libsdm-diag.so|libDiagService.so";
+	ipcSec="4097:4294967295:2002:2950:3009:2901|4097:4294967295:3009";
 
 	#Dirac (Audio Codec + Effects) [Dirac]
 	blobs=$blobs"|libDiracAPI_SHARED.so|.*dirac.*";
@@ -99,6 +103,7 @@ echo "Deblobbing..."
 	#DPM (Data Power Management) [Qualcomm]
 	blobs=$blobs"|com.qti.dpmframework.jar|com.qti.dpmframework.xml|dpmapi.jar|dpmapi.xml|dpm.conf|dpmd|dpmserviceapp.apk|libdpmctmgr.so|libdpmfdmgr.so|libdpmframework.so|libdpmnsrm.so|libdpmtcm.so|NsrmConfiguration.xml|tcmclient.jar";
 	sepolicy=$sepolicy" dpmd.te";
+	ipcSec=$ipcSec"|47:4294967295:1001:3004|48:4294967295:1000:3004";
 
 	#DRM
 	blobs=$blobs"|lib-sec-disp.so|libSecureUILib.so|libsecureui.so|libsecureuisvc_jni.so|libsecureui_svcsock.so";
@@ -172,14 +177,17 @@ echo "Deblobbing..."
 		blobs=$blobs"|ims.apk|ims.xml|libimsmedia_jni.so";
 		blobs=$blobs"|volte_modem[/]";
 		sepolicy=$sepolicy" ims.te imscm.te imswmsproxy.te";
+		ipcSec=$ipcSec"|32:4294967295:1001";
 	fi;
 
 	#IPA (Internet Packet Accelerator) [Qualcomm]
 	#This is actually open source (excluding -diag)
-	#blobs=$blobs"|ipacm";
 	blobs=$blobs"|ipacm-diag";
-	#makes=$makes"|ipacm|IPACM_cfg.xml";
-	#kernels=$kernels" drivers/platform/msm/ipa";
+	if [ "$DOS_DEBLOBBER_REMOVE_IPA" = true ]; then
+		blobs=$blobs"|ipacm";
+		makes=$makes"|ipacm|IPACM_cfg.xml";
+		kernels=$kernels" drivers/platform/msm/ipa";
+	fi;
 
 	#IS? (DRM) [?]
 	blobs=$blobs"|isdbtmm.*";
@@ -235,6 +243,7 @@ echo "Deblobbing..."
 	#RCS (Proprietary messaging protocol)
 	blobs=$blobs"|rcsimssettings.jar|rcsimssettings.xml|rcsservice.jar|rcsservice.xml|lib-imsrcscmclient.so|lib-ims-rcscmjni.so|lib-imsrcscmservice.so|lib-imsrcscm.so|lib-imsrcs.so|lib-rcsimssjni.so|lib-rcsjni.so|RCSBootstraputil.apk|RcsImsBootstraputil.apk|uceShimService.apk"; #RCS
 	makes=$makes"|rcs_service.*";
+	ipcSec=$ipcSec"|18:4294967295:1001:3004";
 
 	#SecProtect [Qualcomm]
 	blobs=$blobs"|SecProtect.apk";
@@ -244,6 +253,7 @@ echo "Deblobbing..."
 
 	#[Sprint]
 	blobs=$blobs"|com.android.omadm.service.xml|ConnMO.apk|CQATest.apk|DCMO.apk|DiagMon.apk|DMConfigUpdate.apk|DMService.apk|GCS.apk|HiddenMenu.apk|libdmengine.so|libdmjavaplugin.so|LifetimeData.apk|SprintDM.apk|SprintHM.apk|whitelist_com.android.omadm.service.xml|LifeTimerService.apk";
+	ipcSec=$ipcSec"|238:4294967295:1001:3004";
 
 	#Thermal Throttling [Qualcomm]
 	#blobs=$blobs"|libthermalclient.so|libthermalioctl.so|thermal-engine";
@@ -281,6 +291,7 @@ echo "Deblobbing..."
 	export blobs;
 	export makes;
 	export overlay;
+	export ipcSec;
 	export kernels;
 	export sepolicy;
 #
@@ -415,9 +426,12 @@ deblobDevice() {
 	rm -f board/qcom-cne.mk product/qcom-cne.mk; #Remove CNE
 	rm -f rootdir/etc/init.qti.ims.sh rootdir/init.qti.ims.sh init.qti.ims.sh; #Remove IMS startup script
 	rm -rf IMSEnabler; #Remove IMS compatibility module
-	#rm -rf data-ipa-cfg-mgr; #Remove IPA
+	if [ "$DOS_DEBLOBBER_REMOVE_IPA" = true ]; then rm -rf data-ipa-cfg-mgr; fi; #Remove IPA
 	rm -rf libshimwvm libshims/wvm_shim.cpp; #Remove Google Widevine compatibility module
 	rm -rf board/qcom-wipower.mk product/qcom-wipower.mk; #Remove WiPower makefiles
+	if [ -f configs/sec_config ]; then
+		awk -i inplace '!/'$ipcSec'/' configs/sec_config; #Remove all IPC security exceptions from sec_config
+	fi;
 	if [ -f setup-makefiles.sh ]; then
 		awk -i inplace '!/'$blobs'/' ./*proprietary*.txt; #Remove all blob references from blob manifest
 		bash -c "cd $DOS_BUILD_BASE$devicePath && ./setup-makefiles.sh"; #Update the makefiles
diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh
index d28f2e9c..5c77b881 100644
--- a/Scripts/Common/Functions.sh
+++ b/Scripts/Common/Functions.sh
@@ -307,8 +307,8 @@ hardenDefconfig() {
 		fi;
 	done
 	#Disable supported options
-	#TODO: Disable earjack/uart debugger
-	declare -a optionsNo=("CONFIG_ACPI_CUSTOM_METHOD" "CONFIG_BINFMT_MISC" "CONFIG_COMPAT_BRK" "CONFIG_COMPAT_VDSO" "CONFIG_CP_ACCESS64" "CONFIG_DEVKMEM" "CONFIG_DEVMEM" "CONFIG_DEVPORT" "CONFIG_HIBERNATION" "CONFIG_INET_DIAG" "CONFIG_KEXEC" "CONFIG_LEGACY_PTYS" "CONFIG_MSM_BUSPM_DEV" "CONFIG_OABI_COMPAT" "CONFIG_PROC_KCORE" "CONFIG_PROC_VMCORE" "CONFIG_SECURITY_SELINUX_DISABLE" "CONFIG_SLAB_MERGE_DEFAULT" "CONFIG_WLAN_FEATURE_MEMDUMP")
+	declare -a optionsNo=("CONFIG_ACPI_CUSTOM_METHOD" "CONFIG_BINFMT_MISC" "CONFIG_COMPAT_BRK" "CONFIG_COMPAT_VDSO" "CONFIG_CP_ACCESS64" "CONFIG_DEVKMEM" "CONFIG_DEVMEM" "CONFIG_DEVPORT" "CONFIG_HIBERNATION" "CONFIG_INET_DIAG" "CONFIG_KEXEC" "CONFIG_LEGACY_PTYS" "CONFIG_MSM_BUSPM_DEV" "CONFIG_OABI_COMPAT" "CONFIG_PROC_KCORE" "CONFIG_PROC_VMCORE" "CONFIG_SECURITY_SELINUX_DISABLE" "CONFIG_SLAB_MERGE_DEFAULT" "CONFIG_WLAN_FEATURE_MEMDUMP" "CONFIG_EARJACK_DEBUGGER");
+	#if [ "$DOS_DEBLOBBER_REMOVE_IPA" = true ]; then optionsNo+=("CONFIG_MSM"); fi;
 	for option in "${optionsNo[@]}"
 	do
 		sed -i 's/'"$option"'=y/# '"$option"' is not set/' $defconfigPath &>/dev/null || true;
diff --git a/Scripts/init.sh b/Scripts/init.sh
index fd3c0766..5c324e83 100644
--- a/Scripts/init.sh
+++ b/Scripts/init.sh
@@ -27,6 +27,7 @@ export DOS_DEBLOBBER_REMOVE_AUDIOFX=true; #Set true to remove AudioFX
 export DOS_DEBLOBBER_REMOVE_GRAPHICS=false; #Set true to remove all graphics blobs and use SwiftShader CPU renderer
 export DOS_DEBLOBBER_REMOVE_FP=false; #Set true to remove all fingerprint reader blobs
 export DOS_DEBLOBBER_REMOVE_IMS=false; #Set true to remove all IMS blobs
+export DOS_DEBLOBBER_REMOVE_IPA=true; #Set true to remove all IPA blobs
 export DOS_DEBLOBBER_REMOVE_IR=false; #Set true to remove all IR blobs
 export DOS_DEBLOBBER_REPLACE_TIME=false; #Set true to replace Qualcomm Time Services with the open source Sony TimeKeep reimplementation #TODO: Needs work
 export DOS_DEFAULT_DNS_PRESET="Cloudflare"; #Sets default DNS. Options: Cloudflare, OpenNIC, DNSWATCH, Google, OpenDNS, Quad9, Quad9U, Verisign