diff --git a/UTM-Chrony.ign b/UTM-Chrony.ign
index e07f09f..395b3ac 100644
--- a/UTM-Chrony.ign
+++ b/UTM-Chrony.ign
@@ -12,6 +12,8 @@
       "nosmt=force",
       "l1d_flush=on",
       "spec_rstack_overflow=safe-ret",
+      "module.sig_enforce=1",
+      "lockdown=confidentiality",
       "random.trust_bootloader=off",
       "random.trust_cpu=off",
       "intel_iommu=on",
diff --git a/UTM-Chrony.yml b/UTM-Chrony.yml
index 326cca3..ff919eb 100644
--- a/UTM-Chrony.yml
+++ b/UTM-Chrony.yml
@@ -192,6 +192,8 @@ kernel_arguments:
     - nosmt=force
     - l1d_flush=on
     - spec_rstack_overflow=safe-ret
+    - module.sig_enforce=1
+    - lockdown=confidentiality
     - random.trust_bootloader=off
     - random.trust_cpu=off
     - intel_iommu=on
diff --git a/x86-QEMU-Docker.ign b/x86-QEMU-Docker.ign
index 673c5fc..1ce54fd 100644
--- a/x86-QEMU-Docker.ign
+++ b/x86-QEMU-Docker.ign
@@ -12,6 +12,8 @@
       "nosmt=force",
       "l1d_flush=on",
       "spec_rstack_overflow=safe-ret",
+      "module.sig_enforce=1",
+      "lockdown=confidentiality",
       "random.trust_bootloader=off",
       "random.trust_cpu=off",
       "intel_iommu=on",
diff --git a/x86-QEMU-Docker.yml b/x86-QEMU-Docker.yml
index 286ba13..3fe65ff 100644
--- a/x86-QEMU-Docker.yml
+++ b/x86-QEMU-Docker.yml
@@ -256,6 +256,8 @@ kernel_arguments:
     - nosmt=force
     - l1d_flush=on
     - spec_rstack_overflow=safe-ret
+    - module.sig_enforce=1
+    - lockdown=confidentiality
     - random.trust_bootloader=off
     - random.trust_cpu=off
     - intel_iommu=on