diff --git a/flake.nix b/flake.nix
index bf5e57f..03cf2a4 100644
--- a/flake.nix
+++ b/flake.nix
@@ -213,7 +213,7 @@
           # > Our main nixos configuration file <
           ./nixos/hosts/shodan/configuration.nix
           sops-nix.nixosModules.sops
-          #lanzaboote.nixosModules.lanzaboote
+          lanzaboote.nixosModules.lanzaboote
           disko.nixosModules.disko
           jovian.nixosModules.jovian
           home-manager.nixosModules.home-manager
diff --git a/nixos/hosts/shodan/configuration.nix b/nixos/hosts/shodan/configuration.nix
index 3b7eed4..f7e0c3e 100644
--- a/nixos/hosts/shodan/configuration.nix
+++ b/nixos/hosts/shodan/configuration.nix
@@ -207,13 +207,13 @@
   # This setting is usually set to true in configuration.nix
   # generated at installation time. So we force it to false
   # for now.
-  boot.loader.systemd-boot.enable = true;
+  boot.loader.systemd-boot.enable = lib.mkForce false;
   boot.initrd.systemd.enable = true;
 
-  #boot.lanzaboote = {
-  #  enable = true;
-  #  pkiBundle = "/etc/secureboot";
-  #};
+  boot.lanzaboote = {
+    enable = true;
+    pkiBundle = "/etc/secureboot";
+  };
   boot.loader.systemd-boot.configurationLimit = 3;
   boot.loader.timeout = 0;
   boot.loader.efi.canTouchEfiVariables = true;