diff --git a/.buildkite/al2env.sh b/.buildkite/al2env.sh
index bf6c27880..bfcbfbdd4 100755
--- a/.buildkite/al2env.sh
+++ b/.buildkite/al2env.sh
@@ -7,4 +7,3 @@ bin_path=$dir/bin
 devmapper_path=$dir/devmapper
 state_path=$dir/state
 runtime_config_path=$dir/firecracker-runtime.json
-firecracker_bin=firecracker-v0.19.0
diff --git a/.buildkite/setup_al2.sh b/.buildkite/setup_al2.sh
index d5fc0ab9d..466f9fd77 100755
--- a/.buildkite/setup_al2.sh
+++ b/.buildkite/setup_al2.sh
@@ -15,10 +15,10 @@ mkdir -p $state_path
 export INSTALLROOT=$dir
 export FIRECRACKER_CONTAINERD_RUNTIME_DIR=$dir
 make
-sudo -E INSTALLROOT=$INSTALLROOT PATH=$PATH make install
 cp /var/lib/fc-ci/vmlinux.bin $dir/default-vmlinux.bin
-make image
-sudo -E PATH=$PATH make install-default-rootfs
+make image firecracker
+sudo -E INSTALLROOT=$INSTALLROOT PATH=$PATH \
+     make install install-firecracker install-default-rootfs
 
 cat << EOF > $dir/config.toml
 disabled_plugins = ["cri"]
@@ -39,7 +39,7 @@ cat << EOF > $runtime_config_path
 {
 	"cpu_template": "T2",
 	"debug": true,
-	"firecracker_binary_path": "/usr/local/bin/$firecracker_bin",
+	"firecracker_binary_path": "$bin_path/firecracker",
 	"shim_base_dir": "$dir",
 	"kernel_image_path": "$dir/default-vmlinux.bin",
 	"kernel_args": "ro console=ttyS0 noapic reboot=k panic=1 pci=off nomodules systemd.journald.forward_to_console systemd.log_color=false systemd.unit=firecracker.target init=/sbin/overlay-init",
diff --git a/Makefile b/Makefile
index 7b3e170ad..fd966d093 100644
--- a/Makefile
+++ b/Makefile
@@ -34,8 +34,8 @@ export GO_CACHE_VOLUME_NAME?=gocache
 
 FIRECRACKER_DIR=$(SUBMODULES)/firecracker
 FIRECRACKER_TARGET?=x86_64-unknown-linux-musl
-FIRECRACKER_BIN=$(FIRECRACKER_DIR)/target/$(FIRECRACKER_TARGET)/release/firecracker
-JAILER_BIN=$(FIRECRACKER_DIR)/target/$(FIRECRACKER_TARGET)/release/jailer
+FIRECRACKER_BIN=$(FIRECRACKER_DIR)/build/cargo_target/$(FIRECRACKER_TARGET)/release/firecracker
+JAILER_BIN=$(FIRECRACKER_DIR)/build/cargo_target/$(FIRECRACKER_TARGET)/release/jailer
 FIRECRACKER_BUILDER_NAME?=firecracker-builder
 CARGO_CACHE_VOLUME_NAME?=cargocache
 
diff --git a/_submodules/firecracker b/_submodules/firecracker
index 9b9030d9f..57ac9df0a 160000
--- a/_submodules/firecracker
+++ b/_submodules/firecracker
@@ -1 +1 @@
-Subproject commit 9b9030d9f4fcfd3e808166ae8ee2147a9d9249df
+Subproject commit 57ac9df0ad1260adcb1c8c53924aa4c094453ffd
diff --git a/internal/vm/vsock.go b/internal/vm/vsock.go
index a5b38e3b2..e4f73d241 100644
--- a/internal/vm/vsock.go
+++ b/internal/vm/vsock.go
@@ -14,9 +14,11 @@
 package vm
 
 import (
+	"bufio"
 	"context"
 	"fmt"
 	"net"
+	"strings"
 	"time"
 
 	"github.com/mdlayher/vsock"
@@ -184,14 +186,6 @@ func vsockConnectMsg(port uint32) string {
 	return fmt.Sprintf("CONNECT %d\n", port)
 }
 
-func vsockAckMsg(port uint32) string {
-	// The message a guest-side connection will write after accepting a connection from
-	// a host dial. This is not part of the official Firecracker vsock spec, but is
-	// recommended in order to allow the host to verify connections were established
-	// successfully: https://github.com/firecracker-microvm/firecracker/issues/1272#issuecomment-533004066
-	return fmt.Sprintf("IMALIVE %d\n", port)
-}
-
 // tryConnect attempts to dial a guest vsock listener at the provided host-side
 // unix socket and provided guest-listener port.
 func tryConnect(logger *logrus.Entry, udsPath string, port uint32) (net.Conn, error) {
@@ -215,10 +209,18 @@ func tryConnect(logger *logrus.Entry, udsPath string, port uint32) (net.Conn, er
 		return nil, vsockConnectMsgError{cause: err}
 	}
 
-	err = tryConnRead(conn, vsockAckMsg(port), vsockAckMsgTimeout)
+	line, err := tryConnReadUntil(conn, '\n', vsockAckMsgTimeout)
 	if err != nil {
 		return nil, vsockAckError{cause: err}
 	}
+
+	// The line would be "OK <assigned_hostside_port>\n", but we don't use the hostside port here.
+	// https://github.com/firecracker-microvm/firecracker/blob/master/docs/vsock.md#host-initiated-connections
+	if !strings.HasPrefix(line, "OK ") {
+		return nil, vsockAckError{
+			cause: errors.Errorf(`expected to read "OK <port>", but instead read %q`, line),
+		}
+	}
 	return conn, nil
 }
 
@@ -240,35 +242,19 @@ func tryAccept(logger *logrus.Entry, listener net.Listener, port uint32) (net.Co
 		}
 	}()
 
-	err = tryConnWrite(conn, vsockAckMsg(port), vsockAckMsgTimeout)
-	if err != nil {
-		return nil, vsockAckError{cause: err}
-	}
-
 	return conn, nil
 }
 
-// tryConnRead will try to do a read from the provided conn, returning an error if
-// the bytes read does not match what was provided or if the read does not complete
+// tryConnReadUntil will try to do a read from the provided conn until the specified
+// end character is encounteed. Returning an error if the read does not complete
 // within the provided timeout. It will reset socket deadlines to none after returning.
 // It's only intended to be used for connect/ack messages, not general purpose reads
 // after the vsock connection is established fully.
-func tryConnRead(conn net.Conn, expectedRead string, timeout time.Duration) error {
+func tryConnReadUntil(conn net.Conn, end byte, timeout time.Duration) (string, error) {
 	conn.SetDeadline(time.Now().Add(timeout))
 	defer conn.SetDeadline(time.Time{})
 
-	actualRead := make([]byte, len(expectedRead))
-	_, err := conn.Read(actualRead)
-	if err != nil {
-		return err
-	}
-
-	if expectedRead != string(actualRead) {
-		return errors.Errorf("expected to read %q, but instead read %q",
-			expectedRead, string(actualRead))
-	}
-
-	return nil
+	return bufio.NewReaderSize(conn, 32).ReadString(end)
 }
 
 // tryConnWrite will try to do a write to the provided conn, returning an error if
diff --git a/runtime/service_integ_test.go b/runtime/service_integ_test.go
index ed05ca744..257ce7880 100644
--- a/runtime/service_integ_test.go
+++ b/runtime/service_integ_test.go
@@ -734,11 +734,11 @@ func TestStubBlockDevices_Isolated(t *testing.T) {
 		}
 
 		const expectedOutput = `
-vdb  254:16   0        0B  0 | 
-vdc  254:32   0      512B  0 |  214 244 216 245 215 177 177 177
-vdd  254:48   0      512B  0 |  214 244 216 245 215 177 177 177
-vde  254:64   0      512B  0 |  214 244 216 245 215 177 177 177
-vdf  254:80   0      512B  0 |  214 244 216 245 215 177 177 177`
+vdb  254:16   0 1073741824B  0 |    0   0   0   0   0   0   0   0
+vdc  254:32   0        512B  0 |  214 244 216 245 215 177 177 177
+vdd  254:48   0        512B  0 |  214 244 216 245 215 177 177 177
+vde  254:64   0        512B  0 |  214 244 216 245 215 177 177 177
+vdf  254:80   0        512B  0 |  214 244 216 245 215 177 177 177`
 
 		parts := strings.Split(stdout.String(), "vdb")
 		require.Equal(t, strings.TrimSpace(expectedOutput), strings.TrimSpace("vdb"+parts[1]))
diff --git a/tools/docker/Dockerfile.firecracker-builder b/tools/docker/Dockerfile.firecracker-builder
index 9ec8b9225..36adda9b1 100644
--- a/tools/docker/Dockerfile.firecracker-builder
+++ b/tools/docker/Dockerfile.firecracker-builder
@@ -11,7 +11,7 @@
 # express or implied. See the License for the specific language governing
 # permissions and limitations under the License.
 
-FROM rust:1.35-stretch
+FROM rust:1.39-stretch
 
 ENV DEBIAN_FRONTEND="noninteractive"
 RUN apt-get update && apt-get install --yes --no-install-recommends \
diff --git a/tools/docker/scripts/lsblk.sh b/tools/docker/scripts/lsblk.sh
index 35533a092..3b8d95a8c 100644
--- a/tools/docker/scripts/lsblk.sh
+++ b/tools/docker/scripts/lsblk.sh
@@ -22,7 +22,7 @@ do
     # https://github.com/firecracker-microvm/firecracker-containerd/blob/2578f3df9d899aa48decb39c9f7f23fa41635ede/internal/common.go#L67
     magic=$(head -c 8 /dev/$name | od -A n -t u1)
 
-    printf "%-4s %-7s %2d %8dB %2d | %s\n" \
+    printf "%-4s %-7s %2d %10dB %2d | %s\n" \
 	   "$name" \
 	   $(cat /sys/block/$name/dev) \
 	   $(cat /sys/block/$name/removable) \