diff --git a/Cargo.lock b/Cargo.lock
index b4a6c5a42ce..12f551bb671 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2463,8 +2463,6 @@ dependencies = [
  "futures",
  "log",
  "nix 0.27.1",
- "oak_attestation",
- "oak_crypto",
  "oak_grpc_utils",
  "oak_proto_rust",
  "opentelemetry-proto",
@@ -2777,7 +2775,6 @@ dependencies = [
  "env_logger",
  "futures",
  "log",
- "oak_attestation",
  "oak_client",
  "oak_containers_launcher",
  "oak_crypto",
diff --git a/justfile b/justfile
index 0260bc85233..916b6729fd5 100644
--- a/justfile
+++ b/justfile
@@ -222,7 +222,10 @@ oak_functions_containers_container_bundle_tar:
 oak_functions_containers_launcher:
     env cargo build --release --package='oak_functions_containers_launcher'
 
-all_oak_functions_containers_binaries: stage0_bin stage1_cpio oak_containers_kernel oak_containers_system_image oak_functions_containers_container_bundle_tar oak_functions_containers_launcher
+oak_functions_launcher:
+    env cargo build --release --package='oak_functions_launcher'
+
+all_oak_functions_containers_binaries: stage0_bin stage1_cpio oak_containers_kernel oak_containers_system_image oak_functions_containers_container_bundle_tar oak_functions_containers_launcher oak_functions_launcher
 
 ensure_no_std package:
     RUSTFLAGS="-C target-feature=+sse,+sse2,+ssse3,+sse4.1,+sse4.2,+avx,+avx2,+rdrand,-soft-float" cargo build --target=x86_64-unknown-none --package='{{package}}'
diff --git a/oak_containers_hello_world_untrusted_app/src/lib.rs b/oak_containers_hello_world_untrusted_app/src/lib.rs
index e619e59b5c6..f9e72935321 100644
--- a/oak_containers_hello_world_untrusted_app/src/lib.rs
+++ b/oak_containers_hello_world_untrusted_app/src/lib.rs
@@ -27,12 +27,10 @@ mod proto {
 mod app_client;
 
 use oak_containers_launcher::{
-    proto::oak::{
-        key_provisioning::v1::{GetGroupKeysRequest, GetGroupKeysResponse},
-        session::v1::EndorsedEvidence,
-    },
+    proto::oak::key_provisioning::v1::{GetGroupKeysRequest, GetGroupKeysResponse},
     Launcher,
 };
+use oak_proto_rust::oak::session::v1::EndorsedEvidence;
 
 use crate::proto::oak::crypto::v1::{EncryptedRequest, EncryptedResponse};
 
diff --git a/oak_containers_launcher/BUILD b/oak_containers_launcher/BUILD
index 3340cf9a83d..2b35c856c80 100644
--- a/oak_containers_launcher/BUILD
+++ b/oak_containers_launcher/BUILD
@@ -32,8 +32,6 @@ rust_library(
     crate_name = "oak_containers_launcher",
     deps = [
         ":build",
-        "//oak_attestation",
-        "//oak_crypto",
         "//oak_proto_rust",
         "@oak_crates_index//:anyhow",
         "@oak_crates_index//:async-stream",
diff --git a/oak_containers_launcher/Cargo.toml b/oak_containers_launcher/Cargo.toml
index 7835fe46199..44ac25143f9 100644
--- a/oak_containers_launcher/Cargo.toml
+++ b/oak_containers_launcher/Cargo.toml
@@ -18,8 +18,6 @@ env_logger = "*"
 futures = "*"
 log = "*"
 nix = { version = "*", features = ["process"] }
-oak_attestation = { workspace = true }
-oak_crypto = { workspace = true }
 oak_proto_rust = { workspace = true }
 opentelemetry-proto = { version = "*", default-features = false, features = [
   "gen-tonic",
diff --git a/oak_containers_launcher/build.rs b/oak_containers_launcher/build.rs
index dd868ca3c45..3f671aae7b8 100644
--- a/oak_containers_launcher/build.rs
+++ b/oak_containers_launcher/build.rs
@@ -13,7 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use oak_grpc_utils::{generate_grpc_code, CodegenOptions};
+use oak_grpc_utils::{generate_grpc_code, CodegenOptions, ExternPath};
 
 fn main() -> Result<(), Box<dyn std::error::Error>> {
     #[cfg(not(feature = "bazel"))]
@@ -25,13 +25,19 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
     generate_grpc_code(
         &[
             "../proto/containers/interfaces.proto",
-            "../proto/crypto/crypto.proto",
             "../proto/key_provisioning/key_provisioning.proto",
             "../proto/containers/hostlib_key_provisioning.proto",
-            "../proto/session/messages.proto",
         ],
         &included_protos,
-        CodegenOptions { build_client: true, build_server: true, ..Default::default() },
+        CodegenOptions {
+            build_client: true,
+            build_server: true,
+            extern_paths: vec![
+                ExternPath::new(".oak.crypto.v1", "::oak_proto_rust::oak::crypto::v1"),
+                ExternPath::new(".oak.session.v1", "::oak_proto_rust::oak::session::v1"),
+                ExternPath::new(".oak.attestation.v1", "::oak_proto_rust::oak::attestation::v1"),
+            ],
+        },
     )?;
 
     Ok(())
diff --git a/oak_containers_launcher/src/lib.rs b/oak_containers_launcher/src/lib.rs
index aaa01d02e6c..15fd27bd774 100644
--- a/oak_containers_launcher/src/lib.rs
+++ b/oak_containers_launcher/src/lib.rs
@@ -23,8 +23,6 @@ pub mod proto {
                 tonic::include_proto!("oak.containers.v1");
             }
         }
-        pub use oak_attestation::proto::oak::{attestation, session};
-        pub use oak_proto_rust::oak::crypto;
         pub mod key_provisioning {
             pub mod v1 {
                 #![allow(clippy::return_self_not_must_use)]
@@ -44,8 +42,9 @@ use std::{
 
 use anyhow::Context;
 use clap::{Parser, ValueEnum};
-use oak_proto_rust::oak::attestation::v1::{
-    endorsements, Endorsements, Evidence, OakRestrictedKernelEndorsements,
+use oak_proto_rust::oak::{
+    attestation::v1::{endorsements, Endorsements, Evidence, OakRestrictedKernelEndorsements},
+    session::v1::EndorsedEvidence,
 };
 pub use qemu::Params as QemuParams;
 use tokio::{
@@ -57,11 +56,8 @@ use tokio::{
 use tokio_vsock::{VsockAddr, VsockListener, VMADDR_CID_HOST};
 use tonic::transport::Channel as TonicChannel;
 
-use crate::proto::oak::{
-    key_provisioning::v1::{
-        key_provisioning_client::KeyProvisioningClient, GetGroupKeysRequest, GetGroupKeysResponse,
-    },
-    session::v1::EndorsedEvidence,
+use crate::proto::oak::key_provisioning::v1::{
+    key_provisioning_client::KeyProvisioningClient, GetGroupKeysRequest, GetGroupKeysResponse,
 };
 pub use crate::qemu::VmType;
 
diff --git a/oak_functions_containers_launcher/Cargo.toml b/oak_functions_containers_launcher/Cargo.toml
index 95dc730f79e..3dab2b4baef 100644
--- a/oak_functions_containers_launcher/Cargo.toml
+++ b/oak_functions_containers_launcher/Cargo.toml
@@ -14,7 +14,6 @@ clap = { version = "*", features = ["derive"] }
 env_logger = "*"
 futures = "*"
 log = "*"
-oak_attestation = { workspace = true }
 oak_containers_launcher = { workspace = true }
 oak_crypto = { workspace = true }
 oak_functions_launcher = { workspace = true }
diff --git a/oak_proto_rust/build.rs b/oak_proto_rust/build.rs
index 1733b7994a5..1ed351e128c 100644
--- a/oak_proto_rust/build.rs
+++ b/oak_proto_rust/build.rs
@@ -37,6 +37,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
         "../proto/oak_functions/application_config.proto",
         "../proto/oak_functions/lookup_data.proto",
         "../proto/session/session.proto",
+        "../proto/session/messages.proto",
         "../proto/oak_functions/sdk/oak_functions_wasm.proto",
         "../proto/oak_functions/service/oak_functions.proto",
         "../proto/oak_functions/testing.proto",