diff --git a/Dockerfile b/Dockerfile
index cdabba8..a885c73 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM ghcr.io/linuxserver/baseimage-selkies:debianbookworm
+FROM ghcr.io/linuxserver/baseimage-selkies:debiantrixie
 
 # set version label
 ARG BUILD_DATE
diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64
index 718f13d..174fd8f 100644
--- a/Dockerfile.aarch64
+++ b/Dockerfile.aarch64
@@ -1,4 +1,4 @@
-FROM ghcr.io/linuxserver/baseimage-selkies:arm64v8-debianbookworm
+FROM ghcr.io/linuxserver/baseimage-selkies:arm64v8-debiantrixie
 
 # set version label
 ARG BUILD_DATE
diff --git a/README.md b/README.md
index b68aad6..aacc8c0 100644
--- a/README.md
+++ b/README.md
@@ -220,8 +220,6 @@ services:
   obsidian:
     image: lscr.io/linuxserver/obsidian:latest
     container_name: obsidian
-    security_opt:
-      - seccomp:unconfined #optional
     environment:
       - PUID=1000
       - PGID=1000
@@ -231,8 +229,6 @@ services:
     ports:
       - 3000:3000
       - 3001:3001
-    devices:
-      - /dev/dri:/dev/dri #optional
     shm_size: "1gb"
     restart: unless-stopped
 ```
@@ -242,14 +238,12 @@ services:
 ```bash
 docker run -d \
   --name=obsidian \
-  --security-opt seccomp=unconfined `#optional` \
   -e PUID=1000 \
   -e PGID=1000 \
   -e TZ=Etc/UTC \
   -p 3000:3000 \
   -p 3001:3001 \
   -v /path/to/config:/config \
-  --device /dev/dri:/dev/dri `#optional` \
   --shm-size="1gb" \
   --restart unless-stopped \
   lscr.io/linuxserver/obsidian:latest
@@ -267,9 +261,7 @@ Containers are configured using parameters passed at runtime (such as those abov
 | `-e PGID=1000` | for GroupID - see below for explanation |
 | `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). |
 | `-v /config` | Users home directory in the container, stores program settings and files. |
-| `--device /dev/dri` | Add this for GL support (Linux hosts only) |
 | `--shm-size=` | This is needed for electron applications to function properly. |
-| `--security-opt seccomp=unconfined` | For Docker Engine only, many modern gui apps need this to function on older hosts as syscalls are unknown to Docker. |
 
 ## Environment variables from files (Docker secrets)
 
@@ -433,6 +425,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **21.09.25:** - Rebase to Debian Trixie.
 * **12.07.25:** - Rebase to Selkies add no sandbox to launcher, HTTPS IS NOW REQUIRED.
 * **03.04.25:** - Update chromium launch options to improve performance.
 * **18.06.24:** - Fix application init for Kasm.
diff --git a/readme-vars.yml b/readme-vars.yml
index 239d5f9..fd0505b 100644
--- a/readme-vars.yml
+++ b/readme-vars.yml
@@ -17,9 +17,6 @@ development_versions: false
 # container parameters
 common_param_env_vars_enabled: true
 param_container_name: "{{ project_name }}"
-param_usage_include_env: true
-param_env_vars:
-  - {env_var: "TZ", env_value: "Europe/London", desc: "Specify a timezone to use EG Europe/London."}
 param_usage_include_vols: true
 param_volumes:
   - {vol_path: "/config", vol_host_path: "/path/to/config", desc: "Users home directory in the container, stores program settings and files."}
@@ -29,12 +26,6 @@ param_ports:
   - {external_port: "3001", internal_port: "3001", port_desc: "Obsidian desktop gui HTTPS."}
 custom_params:
   - {name: "shm-size", name_compose: "shm_size", value: "1gb", desc: "This is needed for electron applications to function properly."}
-opt_security_opt_param: true
-opt_security_opt_param_vars:
-  - {run_var: "seccomp=unconfined", compose_var: "seccomp:unconfined", desc: "For Docker Engine only, many modern gui apps need this to function on older hosts as syscalls are unknown to Docker."}
-opt_param_device_map: true
-opt_param_devices:
-  - {device_path: "/dev/dri", device_host_path: "/dev/dri", desc: "Add this for GL support (Linux hosts only)"}
 # Selkies blurb settings
 selkies_blurb: true
 show_nvidia: true
@@ -116,6 +107,7 @@ init_diagram: |
   "obsidian:latest" <- Base Images
 # changelog
 changelogs:
+  - {date: "21.09.25:", desc: "Rebase to Debian Trixie."}
   - {date: "12.07.25:", desc: "Rebase to Selkies add no sandbox to launcher, HTTPS IS NOW REQUIRED."}
   - {date: "03.04.25:", desc: "Update chromium launch options to improve performance."}
   - {date: "18.06.24:", desc: "Fix application init for Kasm."}
diff --git a/root/usr/bin/chromium b/root/usr/bin/chromium
index cecd044..f7dd851 100755
--- a/root/usr/bin/chromium
+++ b/root/usr/bin/chromium
@@ -7,16 +7,7 @@ if ! pgrep chromium > /dev/null;then
   rm -f $HOME/.config/chromium/Singleton*
 fi
 
-# Run normally on privved containers or modified un non priv
-if grep -q 'Seccomp:.0' /proc/1/status; then
-  ${BIN} \
-  --no-first-run \
-  --password-store=basic \
-  --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' \
-  --user-data-dir \
-   "$@" > /dev/null 2>&1
-else
-  ${BIN} \
+${BIN} \
   --no-first-run \
   --no-sandbox \
   --password-store=basic \
@@ -24,4 +15,3 @@ else
   --test-type \
   --user-data-dir \
    "$@" > /dev/null 2>&1
-fi