diff --git a/debian/changelog b/debian/changelog
index aeb1824d..216a7594 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,19 @@
+livecd-rootfs (2.524) bionic; urgency=medium
+
+  * Ensure MAAS squashfsi are clean of passwords. LP: #1764991.
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com>  Thu, 19 Apr 2018 21:23:30 +0100
+
+livecd-rootfs (2.523) bionic; urgency=medium
+
+  * Allow the configuration of model assertions independent of preseeding
+    snaps.
+  * Allow non-generic model assertions to be configured.
+  * Don't include the name of the model assertion in the path we write it out
+    to (LP: #1764541).
+
+ -- Daniel Watkins <daniel.watkins@canonical.com>  Thu, 19 Apr 2018 11:44:38 -0400
+
 livecd-rootfs (2.522) bionic; urgency=medium
 
   * Remove landscape-common from minimal image, and handle restoring it in
diff --git a/live-build/functions b/live-build/functions
index f3e1df0b..3363bf2a 100644
--- a/live-build/functions
+++ b/live-build/functions
@@ -412,23 +412,29 @@ EOF
     (cd $snaps_dir; ls -1 ${SNAP_NAME}_*.snap) >> $seed_yaml
 }
 
-snap_prepare() {
-    # Configure basic snapd assertions and pre-seeds the 'core' snap
+snap_prepare_assertions() {
+    # Configure basic snapd assertions
     local CHROOT_ROOT=$1
+    # A colon-separated string of brand:model to be used for the image's model
+    # assertion
+    local CUSTOM_BRAND_MODEL=$2
 
     local seed_dir="$CHROOT_ROOT/var/lib/snapd/seed"
     local snaps_dir="$seed_dir/snaps"
     local assertions_dir="$seed_dir/assertions"
-    local model_assertion="$assertions_dir/generic-classic.model"
-    local account_key_assertion="$assertions_dir/generic.account-key"
-    local account_assertion="$assertions_dir/generic.account"
+    local model_assertion="$assertions_dir/model"
+    local account_key_assertion="$assertions_dir/account-key"
+    local account_assertion="$assertions_dir/account"
 
     mkdir -p "$assertions_dir"
     mkdir -p "$snaps_dir"
 
+    local brand="$(echo $CUSTOM_BRAND_MODEL | cut -d: -f 1)"
+    local model="$(echo $CUSTOM_BRAND_MODEL | cut -d: -f 2)"
+
     if ! [ -e "$model_assertion" ] ; then
         snap known --remote model series=16 \
-            model=generic-classic brand-id=generic \
+            model=$model brand-id=$brand \
             > "$model_assertion"
     fi
 
@@ -446,6 +452,19 @@ snap_prepare() {
         snap known --remote account account-id=$account \
             > "$account_assertion"
     fi
+}
+
+snap_prepare() {
+    # Configure basic snapd assertions and pre-seeds the 'core' snap
+    local CHROOT_ROOT=$1
+    # Optional. If set, should be a colon-separated string of brand:model to be
+    # used for the image's model assertion
+    local CUSTOM_BRAND_MODEL=${2:-generic:generic-classic}
+
+    local seed_dir="$CHROOT_ROOT/var/lib/snapd/seed"
+    local snaps_dir="$seed_dir/snaps"
+
+    snap_prepare_assertions "$CHROOT_ROOT" "$CUSTOM_BRAND_MODEL"
 
     # Download the core snap
     if ! [ -f $snaps_dir/core_[0-9]*.snap ] ; then
diff --git a/live-build/ubuntu-server/hooks/031-maas-squashfs.binary b/live-build/ubuntu-server/hooks/031-maas-squashfs.binary
index 1e46aa3d..ba348ba3 100755
--- a/live-build/ubuntu-server/hooks/031-maas-squashfs.binary
+++ b/live-build/ubuntu-server/hooks/031-maas-squashfs.binary
@@ -44,6 +44,10 @@ mount_overlay "$SQUASH_ROOT/" "$OVERLAY_RACK_ROOT/" "$RACK_ROOT/" "RACK"
 
 setup_mountpoint $RACK_ROOT
 env DEBIAN_FRONTEND=noninteractive chroot $RACK_ROOT apt-get -y install maas-rack-controller
+rm -f $RACK_ROOT/etc/maas/rackd.conf
+chroot $RACK_ROOT sh -c 'echo RESET maas/default-maas-url | debconf-communicate maas-common'
+chroot $RACK_ROOT sh -c 'echo RESET maas-rack-controller/maas-url | debconf-communicate maas-common'
+chroot $RACK_ROOT sh -c 'echo RESET maas-rack-controller/maas-url | debconf-communicate maas-rack-controller'
 teardown_mountpoint $RACK_ROOT
 
 umount "$RACK_ROOT"
@@ -53,8 +57,23 @@ umount "$RACK_ROOT"
 mount_overlay "$OVERLAY_RACK_ROOT/:$SQUASH_ROOT/" "$OVERLAY_REGION_ROOT/" "$REGION_ROOT/" "REGION"
 
 setup_mountpoint $REGION_ROOT
+
 env DEBIAN_FRONTEND=noninteractive chroot $REGION_ROOT apt-get -y install maas
-chroot $REGION_ROOT pg_ctlcluster 10 main stop
+
+# Forget how things had to be configured
+chroot $REGION_ROOT debconf -fnoninteractive -omaas-region-controller /var/lib/dpkg/info/maas-region-controller.prerm remove
+chroot $REGION_ROOT debconf -fnoninteractive -omaas-region-controller /var/lib/dpkg/info/maas-region-controller.postrm remove
+chroot $REGION_ROOT debconf -fnoninteractive -omaas-region-controller /var/lib/dpkg/info/maas-region-controller.postrm purge
+chroot $REGION_ROOT sh -c 'echo RESET maas/default-maas-url | debconf-communicate maas-common'
+chroot $REGION_ROOT sudo -u postgres psql -c 'alter role maas password null;'
+rm -f $REGION_ROOT/etc/maas/rackd.conf
+rm -f $REGION_ROOT/etc/maas/regiond.conf
+chroot $REGION_ROOT pg_ctlcluster $(/bin/ls $REGION_ROOT/var/lib/postgresql/) main stop || :
+
+# After the install, one may call the below to "reconfigure" maas-region-controller
+## debconf -fnoninteractive -omaas-region-controller /var/lib/dpkg/info/maas-region-controller.config configure
+## debconf -fnoninteractive -omaas-region-controller /var/lib/dpkg/info/maas-region-controller.postinst configure
+
 teardown_mountpoint "$REGION_ROOT"
 
 umount "$REGION_ROOT"