diff --git a/create-redhat-properties-files.bash b/create-redhat-properties-files.bash
index 60264f2..7b02edf 100644
--- a/create-redhat-properties-files.bash
+++ b/create-redhat-properties-files.bash
@@ -109,16 +109,6 @@ security.provider.8=
 keystore.type=pkcs12
 EOF
 
-# /usr/lib/jvm/java-25-openjdk/conf/security/redhat/fips.properties
-# For now, this prevents an include cycle on JDKs that do not support
-# ${__redhat_fips__}.  In the future the goal is for it be overwritten
-# (based on /proc/sys/crypto/fips_enabled) at FIPS configuration time
-# (by fips-mode-setup or by grubby), at RPM install time by a
-# post-install hook, and/or during boot by a systemd oneshot service.
-install --mode 644 /dev/stdin "${VENDOR}"/fips.properties <<'EOF'
-include false/fips.properties
-EOF
-
 cat >> "${SECURITY}"/java.security <<'EOF'
 
 #
diff --git a/java-25-openjdk-portable.specfile b/java-25-openjdk-portable.specfile
index 0b18950..1d11f45 100644
--- a/java-25-openjdk-portable.specfile
+++ b/java-25-openjdk-portable.specfile
@@ -226,7 +226,7 @@
 # other targets since this target is configured to use in-tree
 # AWT dependencies: lcms, libjpeg, libpng, libharfbuzz, giflib
 # and possibly others
-%global static_libs_target static-libs-image
+%global static_libs_target static-libs-graal-image
 %else
 %global static_libs_target %{nil}
 %endif
@@ -376,7 +376,7 @@
 # Define IcedTea version used for SystemTap tapsets and desktop file
 %global icedteaver      6.0.0pre00-c848b93a8598
 # Define current Git revision for the FIPS support patches
-%global fipsver 9203d50836c
+%global fipsver df044414ef4
 # Define JDK versions
 %global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
 %global javaver         %{featurever}
@@ -391,7 +391,7 @@
 %global top_level_dir_name   %{vcstag}
 %global top_level_dir_name_backup %{top_level_dir_name}-backup
 %global buildver        8
-%global rpmrelease      1
+%global rpmrelease      2
 #%%global tagsuffix     %%{nil}
 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
 %if %is_system_jdk
@@ -430,7 +430,7 @@
 %global fullversion     %{compatiblename}-%{version}-%{release}
 # images directories from upstream build
 %global jdkimage                jdk
-%global static_libs_image       static-libs
+%global static_libs_image       static-libs-graal
 # output dir stub
 %define buildoutputdir() %{expand:build/jdk%{featurever}.build%{?1}}
 %define installoutputdir() %{expand:install/jdk%{featurever}.install%{?1}}
@@ -640,7 +640,7 @@ Source18: TestTranslations.java
 ############################################
 # Crypto policy and FIPS support patches
 # Patch is generated from the fips-25u tree at https://github.com/rh-openjdk/jdk/tree/fips-25u
-# as follows: git diff %%{vcstag} src make test > fips-21u-$(git show -s --format=%h HEAD).patch
+# as follows: git diff %%{vcstag} src make test > fips-25u-$(git show -s --format=%h HEAD).patch
 # Diff is limited to src and make subdirectories to exclude .github changes
 # Fixes currently included:
 # PR3183, RH1340845: Follow system wide crypto policy
@@ -674,7 +674,7 @@ Source18: TestTranslations.java
 # test/jdk/sun/security/pkcs11/fips/VerifyMissingAttributes.java: fixed jtreg main class
 # RH1940064: Enable XML Signature provider in FIPS mode
 # RH2173781: Avoid calling C_GetInfo() too early, before cryptoki is initialized [now part of JDK-8301553 upstream]
-# Disabled until 25: Patch1001: fips-%{featurever}u-%{fipsver}.patch
+Patch1001: fips-%{featurever}u-%{fipsver}.patch
 
 #############################################
 #
@@ -1003,8 +1003,7 @@ sh %{SOURCE12} %{top_level_dir_name}
 # rpmbuild.
 pushd %{top_level_dir_name}
 # Add crypto policy and FIPS support
-# Disabled until 25
-#%patch -P1001 -p1
+%patch -P1001 -p1
 popd # openjdk
 
 echo "Generating %{alt_java_name} man page"
@@ -1967,6 +1966,14 @@ done
 %endif
 
 %changelog
+* Tue Dec 02 2025 Severin Gehwolf <sgehwolf@redhat.com> - 1:25.0.1.0.8-2
+- Switch from static-libs-image to static-libs-graal-image to avoid large unneeded libjvm.a
+- Resolves: OPENJDK-4197
+
+* Tue Dec 02 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.1.0.8-2
+- Incorporate new FIPS patch for 25u
+- Resolves: OPENJDK-4184
+
 * Mon Nov 10 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.1.0.8-1
 - Update to jdk-25.0.1+8 (GA)
 - Update release notes to 25.0.1+8
diff --git a/java-25-openjdk.spec b/java-25-openjdk.spec
index 2ff045f..a4c98b0 100644
--- a/java-25-openjdk.spec
+++ b/java-25-openjdk.spec
@@ -349,7 +349,7 @@
 %global top_level_dir_name   %{vcstag}
 %global top_level_dir_name_backup %{top_level_dir_name}-backup
 %global buildver        8
-%global rpmrelease      5
+%global rpmrelease      6
 # Settings used by the portable build
 %global portablerelease 2
 # Portable suffix differs between RHEL and CentOS
@@ -362,7 +362,7 @@
 
 %if 0%{?almalinux}
 %ifarch riscv64
-%global portablesuffix el10
+%global portablesuffix el10å
 %else
 %global portablesuffix el9
 %endif
@@ -895,7 +895,6 @@ fi
 # are implementation details -- so leave them as not config-noreplace
 %config %{etcjavadir -- %{?1}}/conf/security/redhat/false/crypto-policies.properties
 %config %{etcjavadir -- %{?1}}/conf/security/redhat/true/crypto-policies.properties
-%config %{etcjavadir -- %{?1}}/conf/security/redhat/fips.properties
 %config %{etcjavadir -- %{?1}}/conf/security/redhat/false/fips.properties
 %config %{etcjavadir -- %{?1}}/conf/security/redhat/true/fips.properties
 %config(noreplace) %{etcjavadir -- %{?1}}/conf/management/jmxremote.access
@@ -1411,6 +1410,7 @@ Source32: create-redhat-properties-files.bash
 # test/jdk/sun/security/pkcs11/fips/VerifyMissingAttributes.java: fixed jtreg main class
 # RH1940064: Enable XML Signature provider in FIPS mode
 # RH2173781: Avoid calling C_GetInfo() too early, before cryptoki is initialized [now part of JDK-8301553 upstream]
+Patch1001: fips-%{featurever}u-%{fipsver}.patch
 
 #############################################
 #
@@ -2634,9 +2634,18 @@ exit 0
 %endif
 
 %changelog
-* Wed Dec 10 2025 Eduard Abdullin <eabdullin@almalinux.org> - 1:25.0.1.0.8-5.alma.1
+* Wed Dec 10 2025 Eduard Abdullin <eabdullin@almalinux.org> - 1:25.0.1.0.8-6.alma.1
 - Use el9 portable packages
 
+* Sat Dec 06 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.1.0.8-6
+- Sync the copy of the portable specfile with the latest update
+- Related: RHEL-133733
+- Related: RHEL-133735
+
+* Thu Dec 04 2025 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:25.0.1.0.8-6
+- Remove /usr/lib/jvm/java-25-openjdk/conf/security/redhat/fips.properties
+- Resolves: RHEL-131897
+
 * Thu Dec 04 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.1.0.8-5
 - Incorporate new FIPS patch for 25u
 - Drop static libjvm.a following adjusted build target for portable build