diff --git a/.gitignore b/.gitignore
index 50b9e29..2159b6b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -26,3 +26,6 @@
 /v7.0.0.tar.gz
 /v7.2.5.tar.gz
 /v7.3.0.tar.gz
+/v7.4.0.tar.gz
+/v7.5.0.tar.gz
+/keylime-selinux-38.1.0.tar.gz
diff --git a/e2e_tests.fmf b/e2e_tests.fmf
index b942f7f..32e076f 100644
--- a/e2e_tests.fmf
+++ b/e2e_tests.fmf
@@ -9,7 +9,7 @@ context:
 prepare:
   - how: shell
     script:
-     - dnf config-manager --set-enabled updates-testing updates-testing-modular
+     - dnf config-manager --set-enabled updates-testing
 
 discover:
     how: fmf
diff --git a/keylime.spec b/keylime.spec
index e1322a3..03e1be8 100644
--- a/keylime.spec
+++ b/keylime.spec
@@ -1,5 +1,5 @@
 %global srcname keylime
-%global policy_version 1.0.0
+%global policy_version 38.1.0
 
 # Package is actually noarch, but it has an optional dependency that is
 # arch-specific.
@@ -8,7 +8,7 @@
 %global selinuxtype targeted
 
 Name:    keylime
-Version: 7.3.0
+Version: 7.5.0
 Release: %autorelease
 Summary: Open source TPM software for Bootstrapping and Maintaining Trust
 
@@ -225,6 +225,7 @@ mkdir -p --mode=0700 %{buildroot}/%{_rundir}/%{srcname}
 mkdir -p --mode=0700 %{buildroot}/%{_sysconfdir}/%{srcname}/
 for comp in "verifier" "tenant" "registrar" "ca" "logging"; do
     mkdir -p --mode=0700  %{buildroot}/%{_sysconfdir}/%{srcname}/${comp}.conf.d
+    install -Dpm 400 config/${comp}.conf %{buildroot}/%{_sysconfdir}/%{srcname}
 done
 
 # Ship some scripts.
@@ -240,7 +241,7 @@ done
 cp -r ./templates %{buildroot}%{_datadir}/%{srcname}/templates/
 
 mkdir -p --mode=0755 %{buildroot}/%{_bindir}
-cp -a ./keylime/cmd/convert_config.py %{buildroot}/%{_bindir}/keylime_upgrade_config
+install -Dpm 755 ./keylime/cmd/convert_config.py %{buildroot}/%{_bindir}/keylime_upgrade_config
 
 %if 0%{?with_selinux}
 install -D -m 0644 %{srcname}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{srcname}.pp.bz2
@@ -267,19 +268,7 @@ install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/%{srcname}.conf
 exit 0
 
 %post base
-/usr/bin/keylime_upgrade_config
-exit 0
-
-%pre verifier
-/usr/bin/keylime_upgrade_config
-exit 0
-
-%pre registrar
-/usr/bin/keylime_upgrade_config
-exit 0
-
-%pre tenant
-/usr/bin/keylime_upgrade_config
+/usr/bin/keylime_upgrade_config --component ca --component logging >/dev/null
 exit 0
 
 %posttrans base
@@ -305,11 +294,17 @@ fi
 exit 0
 
 %post verifier
+/usr/bin/keylime_upgrade_config --component verifier >/dev/null
 %systemd_post %{srcname}_verifier.service
 
 %post registrar
+/usr/bin/keylime_upgrade_config --component registrar >/dev/null
 %systemd_post %{srcname}_registrar.service
 
+%post tenant
+/usr/bin/keylime_upgrade_config --component tenant >/dev/null
+exit 0
+
 %if 0%{?with_selinux}
 # SELinux contexts are saved so that only affected files can be
 # relabeled after the policy module installation
@@ -356,6 +351,7 @@ fi
 %files verifier
 %license LICENSE
 %attr(500,%{srcname},%{srcname}) %dir %{_sysconfdir}/%{srcname}/verifier.conf.d
+%config(noreplace) %verify(not md5 size mode mtime) %attr(400,%{srcname},%{srcname}) %{_sysconfdir}/%{srcname}/verifier.conf
 %{_bindir}/%{srcname}_verifier
 %{_bindir}/%{srcname}_ca
 %{_unitdir}/keylime_verifier.service
@@ -363,6 +359,7 @@ fi
 %files registrar
 %license LICENSE
 %attr(500,%{srcname},%{srcname}) %dir %{_sysconfdir}/%{srcname}/registrar.conf.d
+%config(noreplace) %verify(not md5 size mode mtime) %attr(400,%{srcname},%{srcname}) %{_sysconfdir}/%{srcname}/registrar.conf
 %{_bindir}/%{srcname}_registrar
 %{_unitdir}/keylime_registrar.service
 
@@ -376,6 +373,7 @@ fi
 %files tenant
 %license LICENSE
 %attr(500,%{srcname},%{srcname}) %dir %{_sysconfdir}/%{srcname}/tenant.conf.d
+%config(noreplace) %verify(not md5 size mode mtime) %attr(400,%{srcname},%{srcname}) %{_sysconfdir}/%{srcname}/tenant.conf
 %{_bindir}/%{srcname}_tenant
 
 %files -n python3-%{srcname}
@@ -397,6 +395,8 @@ fi
 %license LICENSE
 %doc README.md
 %attr(500,%{srcname},%{srcname}) %dir %{_sysconfdir}/%{srcname}/{ca,logging}.conf.d
+%config(noreplace) %verify(not md5 size mode mtime) %attr(400,%{srcname},%{srcname}) %{_sysconfdir}/%{srcname}/ca.conf
+%config(noreplace) %verify(not md5 size mode mtime) %attr(400,%{srcname},%{srcname}) %{_sysconfdir}/%{srcname}/logging.conf
 %attr(700,%{srcname},%{srcname}) %dir %{_rundir}/%{srcname}
 %attr(700,%{srcname},%{srcname}) %dir %{_sharedstatedir}/%{srcname}
 %attr(500,%{srcname},%{srcname}) %dir %{_sharedstatedir}/%{srcname}/tpm_cert_store
diff --git a/sources b/sources
index ac05c02..a8fd4aa 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (v7.3.0.tar.gz) = 6a5ee3e642015b4c09058ab84db9c1c132d94b387284cb363285fb43a875921fdf0e88ef4b67ab886ceed4e6a5a49aeef0334d42d9662d27f865287d3e9e000b
-SHA512 (keylime-selinux-1.0.0.tar.gz) = d0b4fea7407ad493b08e6f087e8f32b1a65acbee59bf6e20a0e26aaa139f56c1206c7e707898fd8a2e11468cd918f76cb6985f68b8a2faa8a2a4b7a9ba4c3674
+SHA512 (v7.5.0.tar.gz) = 3e961ede085525f393956771c522273138bc70726d8cecbfc18c03b4e9d5a405899622f96c6684ded4658ddcd0269a30a617dc2f6504233176d5335962d36946
+SHA512 (keylime-selinux-38.1.0.tar.gz) = cbb54511b14a0352e1c2679909b0dcbc00924bacf8f783b230a782d0fae6e3b0168704ea4896c273199163e04a26bcb6217cf30dc480fc300e1fdcb7e39d00a8