1 files changed, 7 insertions, 1 deletions

diff --git a/mkosi.conf.d/10-systemd.conf b/mkosi.conf.d/10-systemd.conf
index d82a59dd03..ec0f690d4e 100644
--- a/mkosi.conf.d/10-systemd.conf
+++ b/mkosi.conf.d/10-systemd.conf
@@ -11,8 +11,12 @@ OutputDirectory=mkosi.output
 BuildDirectory=mkosi.builddir
 CacheDirectory=mkosi.cache
 
+[Validation]
+SecureBoot=yes
+# Disabled until systemd-measure can operate without a TPM device.
+SignExpectedPcr=no
+
 [Host]
-Acl=yes
 QemuMem=2G
 ExtraSearchPaths=build/
 # Make sure we don't trigger systemd-firstboot prompting for the root password.
@@ -30,3 +34,5 @@ KernelCommandLineExtra=systemd.crash_shell
                        ip=enp0s1:any
                        # Make sure sulogin works even with a locked root account.
                        SYSTEMD_SULOGIN_FORCE=1
+                       # Make sure /sysroot is mounted rw in the initrd.
+                       rw