diff --git a/Dockerfile b/Dockerfile
index d0e9912b4..c1a6f335d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -231,6 +231,7 @@ COPY --from=pkg-cni-amd64 /opt/cni/bin/firewall /opt/cni/bin/firewall
 COPY --from=pkg-cni-amd64 /opt/cni/bin/host-local /opt/cni/bin/host-local
 COPY --from=pkg-cni-amd64 /opt/cni/bin/loopback /opt/cni/bin/loopback
 COPY --from=pkg-cni-amd64 /opt/cni/bin/portmap /opt/cni/bin/portmap
+COPY --from=pkg-cni-amd64 /usr/share/spdx/cni.spdx.json /usr/share/spdx/cni.spdx.json
 
 FROM scratch AS pkg-cni-stripped-arm64
 COPY --from=pkg-cni-arm64 /opt/cni/bin/bridge /opt/cni/bin/bridge
@@ -238,6 +239,7 @@ COPY --from=pkg-cni-arm64 /opt/cni/bin/firewall /opt/cni/bin/firewall
 COPY --from=pkg-cni-arm64 /opt/cni/bin/host-local /opt/cni/bin/host-local
 COPY --from=pkg-cni-arm64 /opt/cni/bin/loopback /opt/cni/bin/loopback
 COPY --from=pkg-cni-arm64 /opt/cni/bin/portmap /opt/cni/bin/portmap
+COPY --from=pkg-cni-arm64 /usr/share/spdx/cni.spdx.json /usr/share/spdx/cni.spdx.json
 
 FROM ${PKG_TALOSCTL_CNI_BUNDLE} AS pkgs-talosctl-cni-bundle
 
@@ -311,6 +313,8 @@ ENV GOMODCACHE=/.cache/mod
 ENV PROTOTOOL_CACHE_PATH=/.cache/prototool
 ARG SOURCE_DATE_EPOCH
 ENV SOURCE_DATE_EPOCH=${SOURCE_DATE_EPOCH}
+# Go standard library is shipped with Talos, thus it must be tracked in SBOM
+COPY --link --from=tools /usr/share/spdx/golang.spdx.json /rootfs/usr/share/spdx/golang.spdx.json
 WORKDIR /src
 
 # The build-go target creates a container to build Go code with Go modules downloaded and verified.
@@ -727,8 +731,10 @@ COPY --link --exclude=usr/bin/ctr --from=pkg-containerd-amd64 / /rootfs
 COPY --link --from=pkg-dosfstools-amd64 / /rootfs
 COPY --link --from=pkg-e2fsprogs-amd64 / /rootfs
 COPY --link --exclude=usr/share --from=pkg-systemd-udevd-amd64 / /rootfs
+COPY --link --from=pkg-systemd-udevd-amd64 /usr/share/spdx/systemd.spdx.json /rootfs/usr/share/spdx/systemd.spdx.json
 COPY --link --from=pkg-libcap-amd64 / /rootfs
 COPY --link --exclude=usr/share --from=pkg-iptables-amd64 / /rootfs
+COPY --link --from=pkg-iptables-amd64 /usr/share/spdx/iptables.spdx.json /rootfs/usr/share/spdx/iptables.spdx.json
 COPY --link --from=pkg-libattr-amd64 / /rootfs
 COPY --link --from=pkg-libinih-amd64 / /rootfs
 COPY --link --from=pkg-libjson-c-amd64 / /rootfs
@@ -748,8 +754,10 @@ COPY --link --from=pkg-xfsprogs-amd64 / /rootfs
 COPY --link --from=pkg-util-linux-amd64 /usr/lib/libblkid.* /rootfs/usr/lib/
 COPY --link --from=pkg-util-linux-amd64 /usr/lib/libuuid.* /rootfs/usr/lib/
 COPY --link --from=pkg-util-linux-amd64 /usr/lib/libmount.* /rootfs/usr/lib/
+COPY --link --from=pkg-util-linux-amd64 /usr/share/spdx/util-linux.spdx.json /rootfs/usr/share/spdx/util-linux.spdx.json
 COPY --link --from=pkg-kmod-amd64 /usr/lib/libkmod.* /rootfs/usr/lib/
 COPY --link --from=pkg-kmod-amd64 /usr/bin/kmod /rootfs/usr/bin/modprobe
+COPY --link --from=pkg-kmod-amd64 usr/share/spdx/kmod.spdx.json /rootfs/usr/share/spdx/kmod.spdx.json
 COPY --link --from=modules-amd64 /usr/lib/modules /rootfs/usr/lib/modules
 COPY --link --from=machined-build-amd64 /machined /rootfs/usr/bin/init
 
@@ -804,8 +812,10 @@ COPY --link --exclude=usr/bin/ctr --from=pkg-containerd-arm64 / /rootfs
 COPY --link --from=pkg-dosfstools-arm64 / /rootfs
 COPY --link --from=pkg-e2fsprogs-arm64 / /rootfs
 COPY --link --exclude=usr/share --from=pkg-systemd-udevd-arm64 / /rootfs
+COPY --link --from=pkg-systemd-udevd-arm64 /usr/share/spdx/systemd.spdx.json /rootfs/usr/share/spdx/systemd.spdx.json
 COPY --link --from=pkg-libcap-arm64 / /rootfs
 COPY --link --exclude=usr/share --from=pkg-iptables-arm64 / /rootfs
+COPY --link --from=pkg-iptables-arm64 /usr/share/spdx/iptables.spdx.json /rootfs/usr/share/spdx/iptables.spdx.json
 COPY --link --from=pkg-libattr-arm64 / /rootfs
 COPY --link --from=pkg-libinih-arm64 / /rootfs
 COPY --link --from=pkg-libjson-c-arm64 / /rootfs
@@ -825,8 +835,10 @@ COPY --link --from=pkg-xfsprogs-arm64 / /rootfs
 COPY --link --from=pkg-util-linux-arm64 /usr/lib/libblkid.* /rootfs/usr/lib/
 COPY --link --from=pkg-util-linux-arm64 /usr/lib/libuuid.* /rootfs/usr/lib/
 COPY --link --from=pkg-util-linux-arm64 /usr/lib/libmount.* /rootfs/usr/lib/
+COPY --link --from=pkg-util-linux-arm64 /usr/share/spdx/util-linux.spdx.json /rootfs/usr/share/spdx/util-linux.spdx.json
 COPY --link --from=pkg-kmod-arm64 /usr/lib/libkmod.* /rootfs/usr/lib/
 COPY --link --from=pkg-kmod-arm64 /usr/bin/kmod /rootfs/usr/bin/modprobe
+COPY --link --from=pkg-kmod-arm64 /usr/share/spdx/kmod.spdx.json /rootfs/usr/share/spdx/kmod.spdx.json
 COPY --link --from=modules-arm64 /usr/lib/modules /rootfs/usr/lib/modules
 COPY --link --from=machined-build-arm64 /machined /rootfs/usr/bin/init
 
@@ -885,14 +897,14 @@ RUN cp go.mod go.sum /tmp/sbom-src/
 
 FROM build-sbom AS sbom-container-arm64-generate
 COPY --from=rootfs-base-arm64 /rootfs/usr/share/spdx /tmp/sbom-src/
-RUN --mount=type=cache,target=/.cache,id=talos/.cache sbom.sh /tmp/sbom-src/ "$NAME (arm64 container)" talos-container-arm64.spdx.json
+RUN --mount=type=cache,target=/.cache,id=talos/.cache sbom.sh /tmp/sbom-src/ talos-container-arm64.spdx.json
 
 FROM scratch AS sbom-container-arm64
 COPY --from=sbom-container-arm64-generate /rootfs/usr/share/spdx/talos-container-arm64.spdx.json /
 
 FROM build-sbom AS sbom-container-amd64-generate
 COPY --from=rootfs-base-amd64 /rootfs/usr/share/spdx /tmp/sbom-src/
-RUN --mount=type=cache,target=/.cache,id=talos/.cache sbom.sh /tmp/sbom-src/ "$NAME (amd64 container)" talos-container-amd64.spdx.json
+RUN --mount=type=cache,target=/.cache,id=talos/.cache sbom.sh /tmp/sbom-src/ talos-container-amd64.spdx.json
 
 FROM scratch AS sbom-container-amd64
 COPY --from=sbom-container-amd64-generate /rootfs/usr/share/spdx/talos-container-amd64.spdx.json /
@@ -900,7 +912,7 @@ COPY --from=sbom-container-amd64-generate /rootfs/usr/share/spdx/talos-container
 FROM build-sbom AS sbom-arm64-generate
 COPY --from=rootfs-base-arm64 /rootfs/usr/share/spdx /tmp/sbom-src/
 COPY --from=pkg-kernel-arm64 /usr/share/spdx/kernel.spdx.json /tmp/sbom-src/
-RUN --mount=type=cache,target=/.cache,id=talos/.cache sbom.sh /tmp/sbom-src/ "$NAME (arm64)" talos-arm64.spdx.json
+RUN --mount=type=cache,target=/.cache,id=talos/.cache sbom.sh /tmp/sbom-src/ talos-arm64.spdx.json
 
 FROM scratch AS sbom-arm64
 COPY --from=sbom-arm64-generate /rootfs/usr/share/spdx/talos-arm64.spdx.json /
@@ -908,7 +920,7 @@ COPY --from=sbom-arm64-generate /rootfs/usr/share/spdx/talos-arm64.spdx.json /
 FROM build-sbom AS sbom-amd64-generate
 COPY --from=rootfs-base-amd64 /rootfs/usr/share/spdx /tmp/sbom-src/
 COPY --from=pkg-kernel-amd64 /usr/share/spdx/kernel.spdx.json /tmp/sbom-src/
-RUN --mount=type=cache,target=/.cache,id=talos/.cache sbom.sh /tmp/sbom-src/ "$NAME (amd64)" talos-amd64.spdx.json
+RUN --mount=type=cache,target=/.cache,id=talos/.cache sbom.sh /tmp/sbom-src/ talos-amd64.spdx.json
 
 FROM scratch AS sbom-amd64
 COPY --from=sbom-amd64-generate /rootfs/usr/share/spdx/talos-amd64.spdx.json /
@@ -933,8 +945,6 @@ FROM rootfs-base-arm64 AS rootfs-squashfs-arm64
 RUN rm -rf /rootfs/usr/share/spdx/*
 COPY --from=sbom-arm64 / /rootfs/usr/share/spdx/
 ARG ZSTD_COMPRESSION_LEVEL
-RUN find /rootfs -print0 \
-    | xargs -0r touch --no-dereference --date="@${SOURCE_DATE_EPOCH}"
 COPY --from=selinux-generate /policy/file_contexts /file_contexts
 COPY ./hack/labeled-squashfs.sh /
 RUN fakeroot /labeled-squashfs.sh /rootfs /rootfs.sqsh /file_contexts ${ZSTD_COMPRESSION_LEVEL}
@@ -943,8 +953,6 @@ FROM rootfs-base-amd64 AS rootfs-squashfs-amd64
 RUN rm -rf /rootfs/usr/share/spdx/*
 COPY --from=sbom-amd64 / /rootfs/usr/share/spdx/
 ARG ZSTD_COMPRESSION_LEVEL
-RUN find /rootfs -print0 \
-    | xargs -0r touch --no-dereference --date="@${SOURCE_DATE_EPOCH}"
 COPY --from=selinux-generate /policy/file_contexts /file_contexts
 COPY ./hack/labeled-squashfs.sh /
 RUN fakeroot /labeled-squashfs.sh /rootfs /rootfs.sqsh /file_contexts ${ZSTD_COMPRESSION_LEVEL}
diff --git a/Makefile b/Makefile
index bf5965b3d..9ca4a6f95 100644
--- a/Makefile
+++ b/Makefile
@@ -25,9 +25,9 @@ DEBUG_TOOLS_SOURCE := scratch
 EMBED_TARGET ?= embed
 
 TOOLS_PREFIX ?= ghcr.io/siderolabs/tools
-TOOLS ?= v1.11.0-alpha.0-3-g1dfd14b
+TOOLS ?= v1.11.0-alpha.0-6-g4818702
 PKGS_PREFIX ?= ghcr.io/siderolabs
-PKGS ?= v1.11.0-alpha.0-43-g2537e61
+PKGS ?= v1.11.0-alpha.0-48-g8ed84c5
 
 KRES_IMAGE ?= ghcr.io/siderolabs/kres:latest
 CONFORMANCE_IMAGE ?= ghcr.io/siderolabs/conform:latest
diff --git a/go.mod b/go.mod
index bd53fe6f8..467e0ff2a 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/siderolabs/talos
 
-go 1.24.4
+go 1.24.5
 
 replace (
 	// see e.g. https://github.com/grpc/grpc-go/issues/6696
diff --git a/go.work b/go.work
index 88cb5d069..cd8015278 100644
--- a/go.work
+++ b/go.work
@@ -1,4 +1,4 @@
-go 1.24.4
+go 1.24.5
 
 use (
 	.
diff --git a/hack/release.toml b/hack/release.toml
index d9916aa1f..1f016c822 100644
--- a/hack/release.toml
+++ b/hack/release.toml
@@ -18,15 +18,19 @@ preface = """
     [notes.updates]
         title = "Component Updates"
         description = """\
-Linux: 6.12.35
+Linux: 6.12.36
 Kubernetes: 1.34.0-alpha.2
 runc: 1.3.0
 containerd: 2.1.3
 Flannel CNI plugin: 1.7.1-flannel1
 Flannel: 0.27.0
 CoreDNS: 1.12.2
+xfsprogs: 6.15.0
+systemd-udevd and systemd-boot: 257.7
+lvm2: 2.03.33
+cryptsetup: 2.8.0
 
-Talos is built with Go 1.24.4.
+Talos is built with Go 1.24.5.
 """
 
     [notes.macos-qemu]
diff --git a/hack/sbom.sh b/hack/sbom.sh
index 1a12dffd6..7abacbbd2 100755
--- a/hack/sbom.sh
+++ b/hack/sbom.sh
@@ -6,5 +6,5 @@ SYFT_FORMAT_PRETTY=1 SYFT_FORMAT_SPDX_JSON_DETERMINISTIC_UUID=1 \
 	github.com/anchore/syft/cmd/syft \
 	scan --from dir "$1" \
 	--select-catalogers "+sbom-cataloger,go" \
-	--source-name "$2" --source-version "$TAG" \
-	-o spdx-json > "/rootfs/usr/share/spdx/$3"
+	--source-name "$NAME" --source-version "$TAG" \
+	-o spdx-json > "/rootfs/usr/share/spdx/$2"
diff --git a/internal/pkg/rootfs/rootfs_test.go b/internal/pkg/rootfs/rootfs_test.go
new file mode 100644
index 000000000..d5332b04f
--- /dev/null
+++ b/internal/pkg/rootfs/rootfs_test.go
@@ -0,0 +1,30 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+package rootfs_test
+
+import (
+	"debug/buildinfo"
+	"runtime"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/siderolabs/talos/pkg/machinery/constants"
+)
+
+func TestPkgxGoVersionMatchesTalos(t *testing.T) {
+	const sampleBinaryPath = "/usr/bin/containerd"
+
+	info, err := buildinfo.ReadFile(sampleBinaryPath)
+	if err != nil {
+		t.Fatalf("failed to read build info from %s: %v", sampleBinaryPath, err)
+	}
+
+	binaryGoVersion := info.GoVersion
+	runtimeGoVersion := runtime.Version()
+
+	assert.Equal(t, runtimeGoVersion, binaryGoVersion)
+	assert.Equal(t, runtimeGoVersion, constants.GoVersion)
+}
diff --git a/pkg/machinery/constants/constants.go b/pkg/machinery/constants/constants.go
index d72c61545..fd1153282 100644
--- a/pkg/machinery/constants/constants.go
+++ b/pkg/machinery/constants/constants.go
@@ -14,7 +14,7 @@ import (
 
 const (
 	// DefaultKernelVersion is the default Linux kernel version.
-	DefaultKernelVersion = "6.12.35-talos"
+	DefaultKernelVersion = "6.12.36-talos"
 
 	// KernelParamConfig is the kernel parameter name for specifying the URL.
 	// to the config.
@@ -1103,7 +1103,7 @@ const (
 	DBusClientSocketLabel = "system_u:object_r:dbus_client_socket_t:s0"
 
 	// GoVersion is the version of Go compiler this release was built with.
-	GoVersion = "go1.24.4"
+	GoVersion = "go1.24.5"
 
 	// KubernetesTalosAPIServiceName is the name of the Kubernetes service to access Talos API.
 	KubernetesTalosAPIServiceName = "talos"
diff --git a/pkg/machinery/gendata/data/pkgs b/pkg/machinery/gendata/data/pkgs
index 9b94a86ee..a89407e0a 100644
--- a/pkg/machinery/gendata/data/pkgs
+++ b/pkg/machinery/gendata/data/pkgs
@@ -1 +1 @@
-v1.11.0-alpha.0-43-g2537e61
\ No newline at end of file
+v1.11.0-alpha.0-48-g8ed84c5
\ No newline at end of file
diff --git a/pkg/machinery/gendata/data/tools b/pkg/machinery/gendata/data/tools
index a6bac89bb..96705a835 100644
--- a/pkg/machinery/gendata/data/tools
+++ b/pkg/machinery/gendata/data/tools
@@ -1 +1 @@
-v1.11.0-alpha.0-3-g1dfd14b
\ No newline at end of file
+v1.11.0-alpha.0-6-g4818702
\ No newline at end of file
diff --git a/tools/go.mod b/tools/go.mod
index 31d549d53..dc1c0ebe1 100644
--- a/tools/go.mod
+++ b/tools/go.mod
@@ -1,6 +1,6 @@
 module github.com/siderolabs/talos/tools
 
-go 1.24.3
+go 1.24.5
 
 tool github.com/anchore/syft/cmd/syft