diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords
deleted file mode 100644
index 8c12f2bf2a..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords
+++ /dev/null
@@ -1,34 +0,0 @@
-# arm64 keywords
-# Keep these in alphabetical order.
-
-# Needed by arm64-native SDK.
-=app-crypt/rhash-1.4.2 ~arm64
-=app-emulation/open-vmdk-1.0 *
-=dev-embedded/u-boot-tools-2021.04_rc2 ~arm64
-=dev-lang/nasm-2.15.05 ~arm64
-=dev-lang/yasm-1.3.0-r1 ~arm64
-
-# Overwrite portage-stable mask - enable ding-libs for ARM64.
-=dev-libs/ding-libs-0.6.1-r1 ~arm64
-
-# Keep version the same on both arches.
-=net-firewall/conntrack-tools-1.4.6-r1 ~arm64
-=net-libs/libnetfilter_cthelper-1.0.0-r1 ~arm64
-=net-libs/libnetfilter_cttimeout-1.0.0-r1 ~arm64
-=sec-policy/selinux-base-2.20200818-r2 ~arm64
-=sec-policy/selinux-base-policy-2.20200818-r2 ~arm64
-=sec-policy/selinux-unconfined-2.20200818-r2 ~arm64
-=sec-policy/selinux-virt-2.20200818-r2 ~arm64
-=sys-apps/checkpolicy-3.1 ~arm64
-=sys-apps/kexec-tools-2.0.24 ~arm64
-=sys-apps/policycoreutils-3.1-r3 ~arm64
-=sys-apps/semodule-utils-3.1 ~arm64
-
-# Needed to force enable ipvsadm for arm64.
-=sys-cluster/ipvsadm-1.27-r1 **
-
-# Keep version the same on both arches.
-=sys-firmware/edk2-aarch64-18.02 **
-=sys-libs/libselinux-3.1-r2 ~arm64
-=sys-libs/libsemanage-3.1-r1 ~arm64
-=sys-libs/libsepol-3.1 ~arm64
diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
index 1e743a0f05..ec10ee586c 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
@@ -1,40 +1,81 @@
 # Copyright (c) 2009 The Chromium OS Authors. All rights reserved.
 # Copyright (c) 2013 The CoreOS Authors. All rights reserved.
 # Distributed under the terms of the GNU General Public License v2
+#
+# Keywords for all packages used by Flatcar.
 
 # Seems to be the only available ebuild in portage-stable right now.
 =app-crypt/adcli-0.9.2 ~amd64 ~arm64
 
+# Needed by arm64-native SDK.
+=app-crypt/efitools-1.9.2 ~arm64
+=app-crypt/rhash-1.4.2 ~arm64
+=app-emulation/open-vmdk-1.0 *
+
 # Required for addressing CVE-2022-3715.
 =app-shells/bash-5.2_p15-r2 ~amd64 ~arm64
 
 # No keyword for arm64 yet.
 =coreos-devel/fero-client-0.1.1 **
 
+# Needed by arm64-native SDK.
+=dev-embedded/u-boot-tools-2021.04_rc2 ~arm64
+=dev-lang/nasm-2.15.05 ~arm64
+
 # Accept unstable host Rust compilers.
 =dev-lang/rust-1.69.0 ~amd64 ~arm64
 
-# Keep versions on both arches in sync.
-=dev-libs/libgcrypt-1.10.1-r3 ~arm64
+# Needed by arm64-native SDK.
+=dev-lang/yasm-1.3.0-r1 ~arm64
 
-# To keep the same version on both arches.
+# Keep versions on both arches in sync.
+=dev-libs/ding-libs-0.6.1-r1 ~arm64
+=dev-libs/libgcrypt-1.10.1-r3 ~arm64
 =dev-util/bpftool-6.2.1 ~arm64
+=net-firewall/conntrack-tools-1.4.6-r1 ~arm64
 
 # Required for addressing CVE-2023-0361.
 =net-libs/gnutls-3.8.0 ~amd64 ~arm64
 
+# Keep versions on both arches in sync.
+=net-libs/libnetfilter_cthelper-1.0.0-r1 ~arm64
+=net-libs/libnetfilter_cttimeout-1.0.0-r1 ~arm64
+
 # Required for addressing CVE-2023-28319, CVE-2023-28320, CVE-2023-28321 and CVE-2023-28322.
 =net-misc/curl-8.1.0 ~amd64 ~arm64
 
+# Keep versions on both arches in sync.
+=sec-policy/selinux-base-2.20200818-r2 ~arm64
+=sec-policy/selinux-base-policy-2.20200818-r2 ~arm64
+=sec-policy/selinux-unconfined-2.20200818-r2 ~arm64
+=sec-policy/selinux-virt-2.20200818-r2 ~arm64
+=sys-apps/checkpolicy-3.1 ~arm64
+
+# Keep versions on both arches in sync.
+=sys-apps/kexec-tools-2.0.24 ~arm64
+=sys-apps/policycoreutils-3.1-r3 ~arm64
+=sys-apps/semodule-utils-3.1 ~arm64
+
+# Needed to force enable ipvsadm for arm64.
+=sys-cluster/ipvsadm-1.27-r1 **
+
+# Keep versions on both arches in sync.
+=sys-firmware/edk2-aarch64-18.02 **
+
 # FIPS support is still being tested.
 =sys-fs/cryptsetup-2.4.3-r1 ~amd64 ~arm64
 
-# To keep the same version on both arches.
+# Keep versions on both arches in sync.
 =sys-fs/multipath-tools-0.9.4-r1 ~amd64
 
 # Needed to address CVE-2023-2602 and CVE-2023-2603.
 =sys-libs/libcap-2.69 ~amd64 ~arm64
 
+# Keep versions on both arches in sync.
+=sys-libs/libselinux-3.1-r2 ~arm64
+=sys-libs/libsemanage-3.1-r1 ~arm64
+=sys-libs/libsepol-3.1 ~arm64
+
 # A dependency of app-shells/bash version that we need for security
 # fixes.
 =sys-libs/readline-8.2_p1 ~amd64 ~arm64
diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.accept_keywords
deleted file mode 100644
index 338f281b4a..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.accept_keywords
+++ /dev/null
@@ -1,2 +0,0 @@
-# Needed by arm64-native SDK.
-=app-crypt/efitools-1.9.2 ~arm64