diff --git a/bootstrap.d/13-kernel.sh b/bootstrap.d/13-kernel.sh
index 8307876..7b41b55 100644
--- a/bootstrap.d/13-kernel.sh
+++ b/bootstrap.d/13-kernel.sh
@@ -86,13 +86,12 @@ if [ "$BUILD_KERNEL" = true ] ; then
     if [ "$KERNELSRC_CONFIG" = true ] ; then
       # Load default raspberry kernel configuration
       make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
-
-	  #Switch to KERNELSRC_DIR
-	  pushd "${KERNEL_DIR}"
+      #Switch to KERNELSRC_DIR
+      pushd "${KERNEL_DIR}"
 	
-	  # GPL v2.0
-	  #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh
-	  if [ "$KERNEL_ZSWAP" = true ] && ( [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ) ; then
+      # GPL v2.0
+      #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh
+      if [ "$KERNEL_ZSWAP" = true ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
         # enable ZSWAP support for better performance during large builds etc.
         # requires activation via kernel parameter or sysfs
         # see e.g. https://askubuntu.com/a/472227 for a summary of ZSWAP (vs ZRAM etc.)
@@ -105,7 +104,7 @@ if [ "$BUILD_KERNEL" = true ] ; then
         set_kernel_config PGTABLE_MAPPING y
 	  fi
 	
-	  if [ "$KERNEL_VIRT" = true ] && ( [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ) ; then
+	  if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
        # enable basic KVM support; see e.g.
         # https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
         set_kernel_config VIRTUALIZATION y
@@ -115,7 +114,7 @@ if [ "$BUILD_KERNEL" = true ] ; then
 	  fi
 	  #See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
       # Netfilter kernel support
-	  if [ "$KERNEL_NF" = true ] && ( [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ) ; then
+	  if [ "$KERNEL_NF" = true ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
         set_kernel_config CONFIG_NETFILTER_XTABLES m
         set_kernel_config CONFIG_NF_DUP_NETDEV m
         set_kernel_config CONFIG_NF_NAT_SIP m
@@ -209,7 +208,7 @@ if [ "$BUILD_KERNEL" = true ] ; then
 	  #https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
 	  #https://github.com/torvalds/linux/blob/master/init/Kconfig#L848
 	  # Enables BPF syscall for systemd-journald
-	  if [ "$KERNEL_BPF" = true ] && ( [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ) ; then
+	  if [ "$KERNEL_BPF" = true ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
             set_kernel_config CONFIG_BPF_SYSCALL y
 	    set_kernel_config CONFIG_CGROUP_BPF y
 	  fi
@@ -238,7 +237,7 @@ if [ "$BUILD_KERNEL" = true ] ; then
             echo "CONFIG_CRYPTO_XTS=y"
             echo "CONFIG_CRYPTO_SHA512=y"
             echo "CONFIG_CRYPTO_MANAGER=y"
-          } >> ${KERNEL_DIR}/.config
+          } >> "${KERNEL_DIR}/.config"
         fi
       fi
 
@@ -269,7 +268,7 @@ if [ "$BUILD_KERNEL" = true ] ; then
     make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
 
     # Cross compile kernel modules
-    if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
+    if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
       make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
     fi
   fi
@@ -283,16 +282,16 @@ if [ "$BUILD_KERNEL" = true ] ; then
 
   # Install kernel modules
   if [ "$ENABLE_REDUCE" = true ] ; then
-    if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
+    if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
       make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
     fi
   else
-    if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
+    if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
       make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
     fi
 
     # Install kernel firmware
-    if [ "$(grep "^firmware_install:" "${KERNEL_DIR}/Makefile")" ] ; then
+    if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
       make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
     fi
   fi
@@ -360,8 +359,8 @@ if [ "$BUILD_KERNEL" = true ] ; then
     rm -fr "${KERNEL_DIR}"
   else
     # Prepare compiled kernel modules
-    if [ "$(grep "CONFIG_MODULES=y" "${KERNEL_DIR}/.config")" ] ; then
-      if [ "$(grep "^modules_prepare:" "${KERNEL_DIR}/Makefile")" ] ; then
+    if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
+      if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
         make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
       fi
 
@@ -372,29 +371,26 @@ if [ "$BUILD_KERNEL" = true ] ; then
   fi
 
 else # BUILD_KERNEL=false
-#  echo " Install precompiled kernel..."
-#  echo "error: not implemented"
-if [ "$KERNEL_ARCH" = arm64 ] && ( [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ) ; then
+  #  echo Install precompiled kernel...
+  #  echo error: not implemented
+  if [ "$KERNEL_ARCH" = arm64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
     # Create temporary directory for dl
     temp_dir=$(as_nobody mktemp -d)
 	
-	# Fetch kernel dl
-	as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL" 
-	#extract download
+    # Fetch kernel dl
+    as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL" 
+    #extract download
     tar -xJf "${temp_dir}"/kernel.tar.xz -C "${R}"
-
     # Remove temporary directory for kernel sources
     rm -fr "${temp_dir}"
-
     # Set permissions of the kernel sources
-	mkdir "${R}/boot/firmware"
-	cp -r "${R}/boot/ "${R}/boot/firmware"
+    mkdir "${R}/boot/firmware"
+    cp -r "${R}/boot/" "${R}/boot/firmware"
     chown -R root:root "${R}/boot/firmware"
-	chown -R root:root "${R}/lib"
-	
-	#Create cmdline.txt
-	touch "${BOOT_DIR}/cmdline.txt"
-fi
+    chown -R root:root "${R}/lib"
+    #Create cmdline.txt
+    touch "${BOOT_DIR}/cmdline.txt"
+  fi
 
   # Check if kernel installation was successful
   KERNEL="$(ls -1 "${R}"/boot/kernel* | sort | tail -n 1)"
@@ -403,5 +399,4 @@ fi
     cleanup
     exit 1
   fi
-  
-fi
\ No newline at end of file
+fi
diff --git a/bootstrap.d/30-security.sh b/bootstrap.d/30-security.sh
index 5fbfc7a..8ad8275 100644
--- a/bootstrap.d/30-security.sh
+++ b/bootstrap.d/30-security.sh
@@ -11,8 +11,8 @@ ENCRYPTED_USER_PASSWORD=$(mkpasswd -m sha-512 "${USER_PASSWORD}")
 
 # Setup default user
 if [ "$ENABLE_USER" = true ] ; then
-  chroot_exec adduser --gecos $USER_NAME --add_extra_groups --disabled-password $USER_NAME
-  chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" $USER_NAME
+  chroot_exec adduser --gecos "$USER_NAME" --add_extra_groups --disabled-password "$USER_NAME"
+  chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" "$USER_NAME"
 fi
 
 # Setup root password or not
diff --git a/bootstrap.d/41-uboot.sh b/bootstrap.d/41-uboot.sh
index d7e4516..1492c38 100644
--- a/bootstrap.d/41-uboot.sh
+++ b/bootstrap.d/41-uboot.sh
@@ -41,7 +41,7 @@ if [ "$ENABLE_UBOOT" = true ] ; then
 
   # Install and setup U-Boot command file
   install_readonly files/boot/uboot.mkimage "${BOOT_DIR}/uboot.mkimage"
-  printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
+  printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
 
   if [ "$ENABLE_INITRAMFS" = true ] ; then
     # Convert generated initramfs for U-Boot using mkimage
@@ -51,7 +51,7 @@ if [ "$ENABLE_UBOOT" = true ] ; then
     rm -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}"
 
     # Configure U-Boot to load generated initramfs
-    printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
+    printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
     printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
   else # ENABLE_INITRAMFS=false
     # Remove initramfs from U-Boot mkfile
@@ -68,10 +68,12 @@ if [ "$ENABLE_UBOOT" = true ] ; then
 
   if [ "$SET_ARCH" = 64 ] ; then
     echo "Setting up config.txt to boot 64bit uboot"
-
-    printf "\n# 64bit-mode" >> "${BOOT_DIR}/config.txt"
-    printf "\n# arm_control=0x200 is deprecated https://www.raspberrypi.org/documentation/configuration/config-txt/misc.md" >> "${BOOT_DIR}/config.txt"
-    printf "\narm_64bit=1" >> "${BOOT_DIR}/config.txt"
+    {
+      printf "\n# 64bit-mode"
+      printf "\n# arm_control=0x200 is deprecated https://www.raspberrypi.org/documentation/configuration/config-txt/misc.md"
+      printf "\narm_64bit=1"
+    } >> "${BOOT_DIR}/config.txt"
+    
     #in 64bit uboot booti is used instead of bootz [like in KERNEL_BIN_IMAGE=zImage (armv7)|| Image(armv8)]
     sed -i "s|bootz|booti|g" "${BOOT_DIR}/uboot.mkimage"
   fi