diff --git a/diskimage_builder/elements/bootloader/pkg-map b/diskimage_builder/elements/bootloader/pkg-map
index 5b34f1555..1cdc03040 100644
--- a/diskimage_builder/elements/bootloader/pkg-map
+++ b/diskimage_builder/elements/bootloader/pkg-map
@@ -18,7 +18,10 @@
       "dkms_package": "",
       "extlinux": "syslinux",
       "grub-pc": "grub",
-      "grub-efi": "grub"
+      "grub-efi": "grub",
+      "grub-efi-amd64": "grub",
+      "grub-efi-arm64": "grub",
+      "grub-efi-aarch64": "grub"
     },
     "suse": {
       "dkms_package": "",
diff --git a/diskimage_builder/elements/gentoo/pre-install.d/02-gentoo-02-flags b/diskimage_builder/elements/gentoo/pre-install.d/02-gentoo-02-flags
index d44b9f214..fe2a76332 100755
--- a/diskimage_builder/elements/gentoo/pre-install.d/02-gentoo-02-flags
+++ b/diskimage_builder/elements/gentoo/pre-install.d/02-gentoo-02-flags
@@ -9,9 +9,7 @@ set -o pipefail
 # get the directories in order
 mkdir -p /etc/portage/profile
 mkdir -p /etc/portage/package.accept_keywords
-if [ -f /etc/portage/package.keywords ]; then
-    mv /etc/portage/package.keywords /etc/portage/package.accept_keywords/prebuilt-1
-fi
+if [[ -f /etc/portage/package.keywords ]]; then mv /etc/portage/package.keywords /etc/portage/package.accept_keywords/prebuilt-1; fi
 mkdir -p /etc/portage/package.mask
 mkdir -p /etc/portage/package.unmask
 mkdir -p /etc/portage/package.use
@@ -21,22 +19,14 @@ echo 'dev-python/pip vanilla' >> /etc/portage/package.use/pip
 # needed to create disk images
 echo 'sys-fs/lvm2 -thin' >> /etc/portage/package.use/grub
 echo 'sys-boot/grub device-mapper' >> /etc/portage/package.use/grub
+echo 'sys-boot/grub grub_platforms_efi-64' >> /etc/portage/package.use/grub  # always enable efi-64
+if [[ 'x86_64' == "${ARCH}" ]]; then echo 'sys-boot/grub grub_platforms_pc' >> /etc/portage/package.use/grub; fi  # bios support for bios systems
 
-# needed in order to install pip packages as root
-echo '=dev-python/pip-9.0.1-r2 ~amd64' >> /etc/portage/package.accept_keywords/pip
 # needed to install static kernel
-echo '~sys-apps/debianutils-4.9.1 ~amd64' >> /etc/portage/package.accept_keywords/kernel
-echo 'sys-kernel/installkernel-gentoo ~amd64' >> /etc/portage/package.accept_keywords/kernel
-echo 'sys-kernel/gentoo-kernel-bin ~amd64' >> /etc/portage/package.accept_keywords/kernel
-
-# needed for sfdisk to work
-echo '~sys-apps/util-linux-2.35.2 ~amd64  # sfdisk growpart fix' >> /etc/portage/package.accept_keywords/util-linux
-
-if [[ "${GENTOO_PROFILE}" == *"systemd"* ]]; then
-    # systemd import-tar is broken, use a more recent (fixed) version
-    echo '~sys-apps/systemd-241 ~amd64' >> /etc/portage/package.accept_keywords/systemd
-fi
+if [[ 'x86_64' == "${ARCH}" ]]; then echo 'sys-kernel/gentoo-kernel-bin ~amd64' >> /etc/portage/package.accept_keywords/kernel; fi
+if [[ 'arm64' == "${ARCH}" ]]; then echo 'sys-kernel/gentoo-kernel-bin ~arm64' >> /etc/portage/package.accept_keywords/kernel; fi
 
+# musl only valid for amd64 for now
 if [[ "${GENTOO_PROFILE}" == *"musl"* ]]; then
     echo "dev-vcs/git -gpg" >> /etc/portage/package.use/musl  # gpg doesn't build on musl profiles
     echo "~sys-block/open-iscsi-2.0.878 ~amd64" >> /etc/portage/package.accept_keywords/musl
diff --git a/diskimage_builder/elements/gentoo/pre-install.d/02-gentoo-03-enable-overlays b/diskimage_builder/elements/gentoo/pre-install.d/02-gentoo-03-enable-overlays
index d4d18bc5d..01efae382 100755
--- a/diskimage_builder/elements/gentoo/pre-install.d/02-gentoo-03-enable-overlays
+++ b/diskimage_builder/elements/gentoo/pre-install.d/02-gentoo-03-enable-overlays
@@ -22,6 +22,8 @@ if [[ ${GENTOO_OVERLAYS} != '' ]]; then
     emerge ${GENTOO_EMERGE_DEFAULT_OPTS} --oneshot openssl openssh
     # install layman
     emerge ${GENTOO_EMERGE_DEFAULT_OPTS} --deep --ignore-built-slot-operator-deps=y layman
+    # set layman config options
+    sed -i 's/^check_official.*/check_official : No/g' /etc/layman/layman.cfg # allow unoffical repos
     # sync the initial overlay list
     layman -S
     # enable the various overlays, ignore failures (overlay my already be enabled)
diff --git a/diskimage_builder/elements/gentoo/root.d/10-gentoo-image b/diskimage_builder/elements/gentoo/root.d/10-gentoo-image
index 4bbca288a..8639a3a03 100755
--- a/diskimage_builder/elements/gentoo/root.d/10-gentoo-image
+++ b/diskimage_builder/elements/gentoo/root.d/10-gentoo-image
@@ -28,8 +28,8 @@ if [ 'amd64' = "${ARCH}" ] ; then
     ARCH='x86_64'
 fi
 
-if ! [ 'x86_64' = "${ARCH}" ] ; then
-    echo "Only x86_64 images are currently available but ARCH is set to ${ARCH}."
+if [[ 'x86_64' != "${ARCH}" ]] && [[ 'arm64' != "${ARCH}" ]]; then
+    echo "Only x86_64 or arm64 images are currently available but ARCH is set to ${ARCH}."
     exit 1
 fi
 
@@ -38,24 +38,32 @@ fi
 # default/linux/amd64/13.0/no-multilib
 # hardened/linux/amd64
 # hardened/linux/amd64/no-multilib
+# default/linux/arm64/17.0
+# default/linux/arm64/17.0/systemd
 GENTOO_PROFILE=${GENTOO_PROFILE:-'default/linux/amd64/17.1'}
 if [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1" ]]; then
-    FILENAME_BASE='gentoo-stage3'
+    FILENAME_BASE='amd64_gentoo-stage3'
     SIGNED_SOURCE_SUFFIX=''
 elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/no-multilib" ]]; then
-    FILENAME_BASE='gentoo-stage3-nomultilib'
+    FILENAME_BASE='amd64_gentoo-stage3-nomultilib'
     SIGNED_SOURCE_SUFFIX='-nomultilib'
 elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/hardened" ]]; then
-    FILENAME_BASE='gentoo-stage3-hardened'
+    FILENAME_BASE='amd64_gentoo-stage3-hardened'
     SIGNED_SOURCE_SUFFIX='-hardened'
 elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/no-multilib/hardened" ]]; then
-    FILENAME_BASE='gentoo-stage3-hardened-nomultilib'
+    FILENAME_BASE='amd64_gentoo-stage3-hardened-nomultilib'
     SIGNED_SOURCE_SUFFIX='-hardened+nomultilib'
 elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.0/musl/hardened" ]]; then
-    FILENAME_BASE='gentoo-stage3-hardened-musl'
+    FILENAME_BASE='amd64_gentoo-stage3-hardened-musl'
     SIGNED_SOURCE_SUFFIX='-musl-hardened'
 elif [[ "${GENTOO_PROFILE}" == "default/linux/amd64/17.1/systemd" ]]; then
-    FILENAME_BASE='gentoo-stage3-systemd'
+    FILENAME_BASE='amd64_gentoo-stage3-systemd'
+    SIGNED_SOURCE_SUFFIX='-systemd'
+elif [[ "${GENTOO_PROFILE}" == "default/linux/arm64/17.0" ]]; then
+    FILENAME_BASE='arm64_gentoo-stage3'
+    SIGNED_SOURCE_SUFFIX=''
+elif [[ "${GENTOO_PROFILE}" == "default/linux/arm64/17.0/systemd" ]]; then
+    FILENAME_BASE='arm64_gentoo-stage3-systemd'
     SIGNED_SOURCE_SUFFIX='-systemd'
 else
     echo 'invalid profile, please select from the following profiles'
@@ -64,17 +72,24 @@ else
     echo 'default/linux/amd64/17.1/hardened'
     echo 'default/linux/amd64/17.1/no-multilib/hardened'
     echo 'default/linux/amd64/17.1/systemd'
+    echo 'default/linux/arm64/17.0'
+    echo 'default/linux/arm64/17.0/systemd'
     exit 1
 fi
 
-DIB_CLOUD_SOURCE=${DIB_CLOUD_SOURCE:-"http://distfiles.gentoo.org/releases/amd64/autobuilds/latest-stage3-amd64${SIGNED_SOURCE_SUFFIX}.txt"}
-BASE_IMAGE_FILE=${BASE_IMAGE_FILE:-"http://distfiles.gentoo.org/releases/amd64/autobuilds/$(curl ${DIB_CLOUD_SOURCE} -s -f | tail -n 1 | cut -d\  -f 1)"}
-BASE_IMAGE_FILE_SUFFIX=${BASE_IMAGE_FILE_SUFFIX:-"$(basename ${BASE_IMAGE_FILE} | cut -d. -f 2,3)"}
+if [[ "${GENTOO_PROFILE}" == *'amd64'* ]]; then
+    ARCH_PATH='amd64'
+elif [[ "${GENTOO_PROFILE}" == *'arm64'* ]]; then
+    ARCH_PATH='arm64'
+fi
+DIB_CLOUD_SOURCE=${DIB_CLOUD_SOURCE:-"http://distfiles.gentoo.org/releases/${ARCH_PATH}/autobuilds/latest-stage3-${ARCH_PATH}${SIGNED_SOURCE_SUFFIX}.txt"}
+BASE_IMAGE_FILE=${BASE_IMAGE_FILE:-"http://distfiles.gentoo.org/releases/${ARCH_PATH}/autobuilds/$(curl "${DIB_CLOUD_SOURCE}" -s -f | tail -n 1 | cut -d\  -f 1)"}
+BASE_IMAGE_FILE_SUFFIX=${BASE_IMAGE_FILE_SUFFIX:-"$(basename "${BASE_IMAGE_FILE}" | cut -d. -f 2,3)"}
 SIGNATURE_FILE="${SIGNATURE_FILE:-${BASE_IMAGE_FILE}.DIGESTS.asc}"
 CACHED_FILE="${DIB_IMAGE_CACHE}/${FILENAME_BASE}.${BASE_IMAGE_FILE_SUFFIX}"
 CACHED_SIGNATURE_FILE="${DIB_IMAGE_CACHE}/${FILENAME_BASE}.asc"
 
-if [ -n "${DIB_OFFLINE}" -a -f "${CACHED_FILE}" ] ; then
+if [[ -n "${DIB_OFFLINE}" ]] && [[ -f "${CACHED_FILE}" ]] ; then
     echo "Not checking freshness of cached ${CACHED_FILE}"
 else
     echo 'Fetching Base Image'
@@ -87,8 +102,7 @@ else
     # https://dev.gentoo.org/~dolsen/releases/keyrings/gentoo-keys-*.tar.xz
     # http://distfiles.gentoo.org/distfiles/gentoo-keys-*.tar.xz
     # check the sig file
-    gpgv --keyring "${TMP_HOOKS_PATH}"/extra-data.d/gentoo-releng.gpg "${CACHED_SIGNATURE_FILE}"
-    if [[ "${?}" != 0 ]]; then
+    if ! gpgv --keyring "${TMP_HOOKS_PATH}"/extra-data.d/gentoo-releng.gpg "${CACHED_SIGNATURE_FILE}"; then
         echo 'invalid signature file'
         exit 1
     fi