diff --git a/vhdbuilder/packer/pre-install-dependencies.sh b/vhdbuilder/packer/pre-install-dependencies.sh
index 2e1b81e4c31..12ef2118e6a 100644
--- a/vhdbuilder/packer/pre-install-dependencies.sh
+++ b/vhdbuilder/packer/pre-install-dependencies.sh
@@ -122,6 +122,13 @@ if [[ ${OS} == ${MARINER_OS_NAME} ]] && [[ "${ENABLE_CGROUPV2,,}" == "true" ]];
 fi
 capture_benchmark "${SCRIPT_NAME}_enable_cgroupv2_for_azurelinux"
 
+# Remove lockdown=integrity from kernel cmdline for Azure Linux 3.0
+# The kernel has an OOT patch that auto-enables lockdown when secure boot is detected
+if isMarinerOrAzureLinux "$OS" && [[ "$OS_VERSION" == "3.0" ]]; then
+  disableKernelLockdownCmdline
+fi
+capture_benchmark "${SCRIPT_NAME}_disable_kernel_lockdown_cmdline"
+
 # shellcheck disable=SC3010
 if [[ ${UBUNTU_RELEASE//./} -ge 2204 && "${ENABLE_FIPS,,}" != "true" ]]; then
 
diff --git a/vhdbuilder/scripts/linux/mariner/tool_installs_mariner.sh b/vhdbuilder/scripts/linux/mariner/tool_installs_mariner.sh
index 4ba21baac0d..247bef28c5a 100755
--- a/vhdbuilder/scripts/linux/mariner/tool_installs_mariner.sh
+++ b/vhdbuilder/scripts/linux/mariner/tool_installs_mariner.sh
@@ -172,6 +172,15 @@ activateNfConntrack() {
     echo nf_conntrack >> /etc/modules-load.d/contrack.conf
 }
 
+# Remove lockdown=integrity from kernel cmdline for Azure Linux 3.0.
+# The AzureLinux 3.0 kernel has an OOT patch that automatically enables
+# lockdown when secure boot is detected.
+disableKernelLockdownCmdline() {
+    echo "Removing lockdown=integrity from kernel cmdline..."
+    dnf_install 120 5 25 grubby || exit $ERR_APT_INSTALL_TIMEOUT
+    grubby --update-kernel=ALL --remove-args="lockdown"
+}
+
 installFIPS() {
 
     echo "Installing FIPS..."