diff --git a/linuxkm/Kbuild b/linuxkm/Kbuild
index 42406b1b8..92de8199e 100644
--- a/linuxkm/Kbuild
+++ b/linuxkm/Kbuild
@@ -127,10 +127,11 @@ ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
     endif
     $(WOLFCRYPT_PIE_FILES): ccflags-y += $(PIE_SUPPORT_FLAGS) $(PIE_FLAGS)
     $(WOLFCRYPT_PIE_FILES): ccflags-remove-y += -pg
+    $(obj)/linuxkm/module_hooks.o: ccflags-y += $(PIE_SUPPORT_FLAGS)
     # using inline retpolines leads to "unannotated intra-function call"
     # warnings from objtool without this:
+    undefine CONFIG_OBJTOOL
     $(WOLFCRYPT_PIE_FILES): OBJECT_FILES_NON_STANDARD := y
-    $(obj)/linuxkm/module_hooks.o: ccflags-y += $(PIE_SUPPORT_FLAGS)
 endif
 
 ifdef KERNEL_EXTRA_CFLAGS_REMOVE
diff --git a/linuxkm/Makefile b/linuxkm/Makefile
index 366dcc9b7..5ce7af716 100644
--- a/linuxkm/Makefile
+++ b/linuxkm/Makefile
@@ -54,7 +54,7 @@ ifeq "$(ENABLED_LINUXKM_BENCHMARKS)" "yes"
 endif
 
 ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
-    WOLFCRYPT_PIE_FILES := linuxkm/pie_first.o $(filter wolfcrypt/src/%,$(WOLFSSL_OBJ_FILES)) linuxkm/pie_redirect_table.o linuxkm/pie_last.o
+    WOLFCRYPT_PIE_FILES := $(filter wolfcrypt/src/%,$(WOLFSSL_OBJ_FILES)) linuxkm/pie_redirect_table.o
     WOLFSSL_OBJ_FILES := $(WOLFCRYPT_PIE_FILES) $(filter-out $(WOLFCRYPT_PIE_FILES),$(WOLFSSL_OBJ_FILES))
 endif
 
diff --git a/linuxkm/include.am b/linuxkm/include.am
index 318465d00..353911615 100644
--- a/linuxkm/include.am
+++ b/linuxkm/include.am
@@ -8,9 +8,7 @@ EXTRA_DIST += m4/ax_linuxkm.m4 \
 	      linuxkm/get_thread_size.c \
 	      linuxkm/module_hooks.c \
 	      linuxkm/module_exports.c.template \
-	      linuxkm/pie_first.c \
 	      linuxkm/pie_redirect_table.c \
-	      linuxkm/pie_last.c \
 	      linuxkm/linuxkm_memory.c \
 	      linuxkm/linuxkm_wc_port.h \
 	      linuxkm/x86_vector_register_glue.c \
diff --git a/linuxkm/module_hooks.c b/linuxkm/module_hooks.c
index 06b71a90e..79e9615e2 100644
--- a/linuxkm/module_hooks.c
+++ b/linuxkm/module_hooks.c
@@ -97,7 +97,7 @@ extern const unsigned int wolfCrypt_PIE_rodata_end[];
 /* cheap portable ad-hoc hash function to confirm bitwise stability of the PIE
  * binary image.
  */
-static unsigned int hash_span(char *start, char *end) {
+static unsigned int hash_span(const u8 *start, const u8 *end) {
     unsigned int sum = 1;
     while (start < end) {
         unsigned int rotate_by;
@@ -419,24 +419,18 @@ static int wolfssl_init(void)
 #endif
 
     {
-        char *pie_text_start = (char *)wolfCrypt_PIE_first_function;
-        char *pie_text_end = (char *)wolfCrypt_PIE_last_function;
-        char *pie_rodata_start = (char *)wolfCrypt_PIE_rodata_start;
-        char *pie_rodata_end = (char *)wolfCrypt_PIE_rodata_end;
-        unsigned int text_hash, rodata_hash;
-
-        text_hash = hash_span(pie_text_start, pie_text_end);
-        rodata_hash = hash_span(pie_rodata_start, pie_rodata_end);
+        unsigned int text_hash = hash_span(__wc_text_start, __wc_text_end);
+        unsigned int rodata_hash = hash_span(__wc_rodata_start, __wc_rodata_end);
 
         /* note, "%pK" conceals the actual layout information.  "%px" exposes
          * the true module start address, which is potentially useful to an
          * attacker.
          */
         pr_info("wolfCrypt section hashes (spans): text 0x%x (%lu), rodata 0x%x (%lu), offset %c0x%lx\n",
-                text_hash, pie_text_end-pie_text_start,
-                rodata_hash, pie_rodata_end-pie_rodata_start,
-                pie_text_start < pie_rodata_start ? '+' : '-',
-                pie_text_start < pie_rodata_start ? pie_rodata_start - pie_text_start : pie_text_start - pie_rodata_start);
+                text_hash, __wc_text_end - __wc_text_start,
+                rodata_hash, __wc_rodata_end - __wc_rodata_start,
+                &__wc_text_start[0] < &__wc_rodata_start[0] ? '+' : '-',
+                &__wc_text_start[0] < &__wc_rodata_start[0] ? &__wc_rodata_start[0] - &__wc_text_start[0] : &__wc_text_start[0] - &__wc_rodata_start[0]);
         pr_info("wolfCrypt segments: text=%x-%x, rodata=%x-%x, "
                 "rwdata=%x-%x, bss=%x-%x\n",
                 (unsigned)(uintptr_t)__wc_text_start,
diff --git a/linuxkm/pie_first.c b/linuxkm/pie_first.c
deleted file mode 100644
index e636bfe66..000000000
--- a/linuxkm/pie_first.c
+++ /dev/null
@@ -1,38 +0,0 @@
-/* linuxkm/pie_first.c -- memory fenceposts for checking binary image stability
- *
- * Copyright (C) 2006-2025 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-#ifndef __PIE__
-    #error pie_first.c must be compiled -fPIE.
-#endif
-
-#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
-
-#include <wolfssl/ssl.h>
-
-int wolfCrypt_PIE_first_function(void);
-int wolfCrypt_PIE_first_function(void) {
-    return 0;
-}
-
-const unsigned int wolfCrypt_PIE_rodata_start[];
-const unsigned int wolfCrypt_PIE_rodata_start[] =
-/* random values, analogous to wolfCrypt_FIPS_ro_{start,end} */
-{ 0x8208f9ca, 0x9daf4ac9 };
diff --git a/linuxkm/pie_last.c b/linuxkm/pie_last.c
deleted file mode 100644
index 7a246d3da..000000000
--- a/linuxkm/pie_last.c
+++ /dev/null
@@ -1,38 +0,0 @@
-/* linuxkm/pie_last.c -- memory fenceposts for checking binary image stability
- *
- * Copyright (C) 2006-2025 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-#ifndef __PIE__
-    #error pie_last.c must be compiled -fPIE.
-#endif
-
-#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
-
-#include <wolfssl/ssl.h>
-
-int wolfCrypt_PIE_last_function(void);
-int wolfCrypt_PIE_last_function(void) {
-    return 1;
-}
-
-const unsigned int wolfCrypt_PIE_rodata_end[];
-const unsigned int wolfCrypt_PIE_rodata_end[] =
-/* random values, analogous to wolfCrypt_FIPS_ro_{start,end} */
-{ 0xa4aaaf71, 0x55c4b7d0 };