diff --git a/kernel.spec b/kernel.spec
index 3d55915..6a0163a 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -11,7 +11,7 @@
 %define sublevel	25
 
 # Release number. Increase this before a rebuild.
-%define rpmrel		2
+%define rpmrel		3
 %define fullrpmrel	%{rpmrel}
 
 %define rpmtag		%{disttag}
@@ -869,9 +869,12 @@ echo CONFIG_INIT_ON_FREE_DEFAULT_ON=y >> %{build_dir}/.config.append
 # Here enabling only either only init_on_free or only init_on_alloc
 # makes sense; init_on_alloc is not about protecting information.
 
-# Keep Streebog crypto built-in to enable loading streebog-signed kernel modules
+# Keep GOST crypto built-in to enable loading GOST-signed kernel modules
+# and GOST keys from the kernel keyring
 sed -i '/CONFIG_CRYPTO_STREEBOG/d' .config
 echo 'CONFIG_CRYPTO_STREEBOG=y' >> %{build_dir}/.config.append
+sed -i '/CONFIG_CRYPTO_ECRDSA/d' .config
+echo 'CONFIG_CRYPTO_ECRDSA=y' >> %{build_dir}/.config.append
 %endif
 
 cat %{build_dir}/.config.append >> .config