diff --git a/Containerfile b/Containerfile
index 37d5996..7c3e2ee 100644
--- a/Containerfile
+++ b/Containerfile
@@ -39,7 +39,7 @@ FROM stagex/opensc:sx2024.09.0@sha256:5117a9d39d3b77655b29bf661d9e04eea2001a5b03
 FROM stagex/openssl:sx2024.09.0@sha256:2c1a9d8fcc6f52cb11a206f380b17d74c1079f04cbb08071a4176648b4df52c1 AS openssl
 FROM stagex/pcsc-lite:sx2024.09.0@sha256:4fe37671197ac768637e95f7395ae1a18412b3f42359d0c0aa9f4e7f684aef4e AS pcsc-lite
 FROM stagex/pcsc-tools:sx2024.09.0@sha256:05046ca5d41a09163eda26785563fd98f0cb1179030c3f4ee3243997a907bb96 AS pcsc-tools
-FROM stagex/qemu:sx2024.09.0@sha256:c9b099bc7d810a581e0e0f68061dd525d7efdb5334d119b4253249a459bd907e AS qemu
+# FROM stagex/qemu:sx2024.09.0@sha256:c9b099bc7d810a581e0e0f68061dd525d7efdb5334d119b4253249a459bd907e AS qemu
 FROM stagex/seabios:sx2024.09.0@sha256:f4e535fb1bfc2c7ae1756cdaa2404b1572f6ad195ceabba90d87ed0599fd97d7 AS seabios
 FROM stagex/sops:sx2024.09.0@sha256:c742fb1f0c5a4f9d9bc9afc37ba686b247d2b17d55d179409d33736b43c9aaa5 AS sops
 FROM stagex/swtpm:sx2024.09.0@sha256:c47fb2c4d8690936b4adef832a3f354231bb5a04206bf2fb565218034ce27792 AS swtpm
@@ -52,6 +52,81 @@ FROM stagex/xz:sx2024.09.0@sha256:b57c5e6144117bc0124855e9538e60c302cc7bf53fafb5
 FROM stagex/yq:sx2024.09.0@sha256:bd6882f0f3ea664e9de6cf732cef2fa2781fc2852f5e6502a6aea1e63eb9708b AS yq
 FROM stagex/zlib:sx2024.09.0@sha256:96b4100550760026065dac57148d99e20a03d17e5ee20d6b32cbacd61125dbb6 AS zlib
 
+FROM stagex/git as git
+FROM stagex/ca-certificates as ca-certificates
+FROM stagex/cmake as cmake
+FROM stagex/make as make
+FROM stagex/glibc as glibc
+FROM stagex/gcc as gcc
+FROM stagex/binutils as binutils
+FROM stagex/gawk as gawk
+FROM stagex/autoconf as autoconf
+FROM stagex/automake as automake
+
+## qemu
+FROM stagex/busybox AS busybox
+FROM stagex/bash AS bash
+FROM stagex/gzip AS gzip
+FROM stagex/gcc AS gcc
+FROM stagex/binutils AS binutils 
+FROM stagex/python AS python 
+FROM stagex/py-packaging AS py-packaging
+FROM stagex/py-urllib3 AS py-urllib3
+FROM stagex/make AS make
+FROM stagex/bison AS bison
+FROM stagex/meson AS meson
+FROM stagex/samurai AS samurai
+FROM stagex/libtool AS libtool
+FROM stagex/openssl AS opensll
+FROM stagex/git AS git
+FROM stagex/zlib AS zlib
+FROM stagex/libffi AS libffi
+FROM stagex/libzstd AS libzstd
+FROM stagex/ncurses AS ncurses
+FROM stagex/curl AS curl
+FROM stagex/flex AS flex
+FROM stagex/perl AS perl
+FROM stagex/pcre2 AS pcre2
+FROM stagex/autoconf AS autoconf
+FROM stagex/automake AS automake
+FROM stagex/pkgconf AS pkgconf
+FROM stagex/gettext AS gettext
+FROM stagex/m4 AS m4
+FROM stagex/argp-standalone AS argp-standalone
+FROM stagex/musl AS musl
+FROM stagex/musl-fts AS musl-fts
+FROM stagex/musl-obstack AS musl-obstack
+FROM stagex/linux-headers AS linux-headers
+FROM stagex/py-docutils AS py-docutils
+FROM stagex/py-pygments AS py-pygments
+FROM stagex/py-babel AS py-babel
+FROM stagex/py-sphinx AS py-sphinx
+FROM stagex/py-sphinx_rtd_theme AS py-sphinx_rtd_theme
+FROM stagex/py-sphinxcontrib-applehelp AS py-sphinxcontrib-applehelp
+FROM stagex/py-sphinxcontrib-devhelp AS py-sphinxcontrib-devhelp
+FROM stagex/py-sphinxcontrib-htmlhelp AS py-sphinxcontrib-htmlhelp
+FROM stagex/py-sphinxcontrib-qthelp AS py-sphinxcontrib-qthelp
+FROM stagex/py-sphinxcontrib-serializinghtml AS py-sphinxcontrib-serializinghtml
+FROM stagex/py-sphinxcontrib-jquery AS py-sphinxcontrib-jquery
+FROM stagex/py-jinja2 AS py-jinja2
+FROM stagex/py-markupsafe AS py-markupsafe
+FROM stagex/py-snowballstemmer AS py-snowballstemmer
+FROM stagex/py-imagesize AS py-imagesize
+FROM stagex/py-requests AS py-requests
+FROM stagex/py-idna AS py-idna
+FROM stagex/py-certifi AS py-certifi
+FROM stagex/py-alabaster AS py-alabaster
+FROM stagex/libaio AS libaio
+FROM stagex/libseccomp AS libseccomp
+FROM stagex/libcap-ng AS libcap-ng
+FROM stagex/libslirp AS libslirp
+FROM stagex/alsa-lib AS alsa-lib
+FROM stagex/openssh AS openssh
+FROM stagex/glib AS glib
+FROM stagex/lzo AS lzo
+FROM stagex/dtc AS dtc
+FROM stagex/numactl AS numactl
+
 FROM scratch AS base
 ARG VERSION development
 ARG GIT_TIMESTAMP null
@@ -81,7 +156,7 @@ COPY --from=libzstd . /
 COPY --from=libslirp . /
 COPY --from=seabios . /
 COPY --from=ipxe . /
-COPY --from=qemu . /
+# COPY --from=qemu . /
 COPY --from=swtpm . /
 COPY --from=openssl . /
 COPY --from=curl . /
@@ -89,6 +164,186 @@ COPY --from=libtpms . /
 COPY --from=tpm2-tss . /
 COPY --from=tpm2-tools . /
 
+## Deps for qemu-canokey
+COPY --from=git . /
+COPY --from=zlib . /
+COPY --from=curl . /
+COPY --from=ca-certificates . /
+COPY --from=openssl . /
+COPY --from=cmake . /
+COPY --from=glibc . /
+COPY --from=gcc . /
+COPY --from=binutils . /
+COPY --from=busybox . /
+COPY --from=make . / 
+COPY --from=gawk . /
+COPY --from=autoconf . /
+COPY --from=automake . /
+COPY --from=busybox . /
+COPY --from=bash . /
+
+## Build canokey-qemu
+RUN git clone https://github.com/canokeys/canokey-qemu
+RUN mkdir canokey-qemu/build
+WORKDIR canokey-qemu/build
+RUN git submodule update --init --recursive
+RUN cmake .. && make && make install
+
+## Deps for qemu
+COPY --from=busybox . /
+COPY --from=bash . /
+COPY --from=gzip . /
+COPY --from=gcc . /
+COPY --from=binutils . /
+COPY --from=python . /
+COPY --from=py-packaging . /
+COPY --from=py-urllib3 . /
+COPY --from=make . /
+COPY --from=bison . /
+COPY --from=meson . /
+COPY --from=samurai . /
+COPY --from=libtool . /
+COPY --from=openssl . /
+COPY --from=git . /
+COPY --from=zlib . /
+COPY --from=libffi . /
+COPY --from=libzstd . /
+COPY --from=ncurses . /
+COPY --from=curl . /
+COPY --from=flex . /
+COPY --from=perl . /
+COPY --from=pcre2 . /
+COPY --from=autoconf . /
+COPY --from=automake . /
+COPY --from=pkgconf . /
+COPY --from=gettext . /
+COPY --from=m4 . /
+COPY --from=argp-standalone . /
+COPY --from=musl . /
+COPY --from=musl-fts . /
+COPY --from=musl-obstack . /
+COPY --from=linux-headers . /
+COPY --from=py-docutils . /
+COPY --from=py-pygments . /
+COPY --from=py-babel . /
+COPY --from=py-sphinx . /
+COPY --from=py-sphinx_rtd_theme . /
+COPY --from=py-sphinxcontrib-applehelp . /
+COPY --from=py-sphinxcontrib-devhelp . /
+COPY --from=py-sphinxcontrib-htmlhelp . /
+COPY --from=py-sphinxcontrib-qthelp . /
+COPY --from=py-sphinxcontrib-serializinghtml . /
+COPY --from=py-sphinxcontrib-jquery . /
+COPY --from=py-jinja2 . /
+COPY --from=py-markupsafe . /
+COPY --from=py-snowballstemmer . /
+COPY --from=py-imagesize . /
+COPY --from=py-requests . /
+COPY --from=py-idna . /
+COPY --from=py-certifi . /
+COPY --from=py-alabaster . /
+COPY --from=libaio . /
+COPY --from=libseccomp . /
+COPY --from=libcap-ng . /
+COPY --from=libslirp . /
+COPY --from=alsa-lib . /
+COPY --from=openssh . /
+COPY --from=glib . /
+COPY --from=lzo . /
+COPY --from=dtc . /
+COPY --from=numactl . /
+ADD https://download.qemu.org/qemu-9.1.0.tar.xz .
+RUN tar -xvf qemu-9.1.0.tar.xz
+WORKDIR qemu-9.1.0
+RUN ls -la .
+ENV SOURCE_DATE_EPOCH=1
+ENV LDFLAGS=" \
+		-Wl,-O1 -Wl,--sort-common -Wl,--as-needed -Wl,-z,relro \
+		-Wl,-z,now -Wl,-z,pack-relative-relocs"
+ENV CFLAGS=" \
+		-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions \
+		-Wp,-D_FORTIFY_SOURCE=3 -Wformat -Werror=format-security \
+		-fstack-clash-protection -fcf-protection \
+		-fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"
+ENV CXXFLAGS="$CFLAGS -Wp,-D_GLIBCXX_ASSERTIONS"
+ENV LTOFLAGS="-flto=auto"
+ENV TARGET_LIST="x86_64-softmmu,x86_64-linux-user,i386-softmmu,i386-linux-user"
+COPY <<-EOF pc-bios/optionrom/config.mak
+		TOPSRC_DIR=/qemu-9.1.0
+		CC=gcc
+		CCAS=gcc
+		AR=ar
+		AS=as
+		LD=ld
+		NM=nm
+		OBJCOPY=objcopy
+		RANLIB=ranlib
+		STRIP=strip
+EOF
+RUN export PKG_CONFIG_PATH=/pkgconf:$PKG_CONFIG_PATH 
+RUN <<-EOF
+    set -eux
+	# rm -rf pc-bios/*.bz2
+	rm -rf \
+		pc-bios/*.bin \
+		pc-bios/*.rom \
+		pc-bios/*.img \
+		pc-bios/*.e500 \
+		pc-bios/*.dtb \
+		pc-bios/*.lid \
+		pc-bios/*.ndrv \
+		pc-bios/palcode-clipper \
+		pc-bios/openbios-*
+	make -j "$(nproc)" -C pc-bios/optionrom all
+	./configure \
+		--target-list="$TARGET_LIST" \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--localstatedir=/var \
+		--libexecdir=/usr/lib/qemu \
+		--docdir=/usr/share/doc/qemu \
+		--python=/usr/bin/python \
+		--cc=gcc \
+		--audio-drv-list=oss,alsa \
+		--enable-curses \
+        --enable-canokey \
+		--enable-modules \
+		--enable-tpm \
+		--enable-vhost-net \
+		--enable-attr \
+		--enable-linux-user \
+		--enable-slirp \
+		--enable-tcg \
+		--disable-install-blobs \
+		--disable-docs \
+		--disable-sdl \
+		--disable-gtk \
+		--disable-bpf \
+		--disable-capstone \
+		--disable-glusterfs \
+		--disable-debug-info \
+		--disable-opengl \
+		--disable-bsd-user \
+		--disable-werror \
+		--disable-libnfs \
+		--disable-libssh \
+		--disable-snappy \
+		--disable-spice \
+		--disable-usb-redir \
+		--disable-vde \
+		--disable-virglrenderer \
+		--disable-virtfs \
+		--disable-vnc \
+		--disable-vnc-jpeg \
+		--disable-xen
+	make ARFLAGS="rc" -j "$(nproc)"
+	make install
+	rm -rf /rootfs/var/run
+	strip /rootfs/usr/bin/qemu-*
+	install -vDm 644 pc-bios/optionrom/*.bin -t /rootfs/usr/share/qemu
+	install -vDm 644 pc-bios/optionrom/*.img -t /rootfs/usr/share/qemu
+EOF
+
 FROM base AS build
 
 ## Kernel
diff --git a/Makefile b/Makefile
index 86c330a..654ebd1 100644
--- a/Makefile
+++ b/Makefile
@@ -61,6 +61,7 @@ vm: out/dev-shell.digest out/airgap.iso out/sdcard.img
 			-tpmdev emulator,id=tpm0,chardev=chrtpm \
 			-device tpm-tis,tpmdev=tpm0 \
 			-usb \
+			-device canokey,file=~/.canokey-file \
 			-device sdhci-pci \
 			-device sd-card,drive=external \
 			-drive id=external,if=none,format=raw,file=out/sdcard.img \