diff --git a/rust/lanzatool/src/install.rs b/rust/lanzatool/src/install.rs
index 4f05ea5..6d28ed0 100644
--- a/rust/lanzatool/src/install.rs
+++ b/rust/lanzatool/src/install.rs
@@ -1,4 +1,5 @@
 use std::fs;
+use std::os::unix::prelude::PermissionsExt;
 use std::path::{Path, PathBuf};
 
 use anyhow::{Context, Result};
@@ -107,5 +108,14 @@ fn copy(from: &Path, to: &Path) -> Result<()> {
     };
     fs::copy(from, to)
         .with_context(|| format!("Failed to copy from {} to {}", from.display(), to.display()))?;
+
+    // Set permission of all files copied to 0o755
+    let mut perms = fs::metadata(to)
+        .with_context(|| format!("File {} doesn't have metadata", to.display()))?
+        .permissions();
+    perms.set_mode(0o755);
+    fs::set_permissions(to, perms)
+        .with_context(|| format!("Failed to set permissions to: {}", to.display()))?;
+
     Ok(())
 }
diff --git a/rust/lanzatool/src/pe.rs b/rust/lanzatool/src/pe.rs
index 2ed8d67..f4d0bfb 100644
--- a/rust/lanzatool/src/pe.rs
+++ b/rust/lanzatool/src/pe.rs
@@ -19,7 +19,7 @@ pub fn lanzaboote_image(
     esp: &Path,
 ) -> Result<PathBuf> {
     // objcopy copies files into the PE binary. That's why we have to write the contents
-    // of some bootspec properties to disks
+    // of some bootspec properties to disk
     let kernel_cmdline_file = write_to_tmp(kernel_cmdline.join(" "))?;
     let kernel_path_file = write_to_tmp(esp_relative_path_string(esp, kernel_path))?;
     let initrd_path_file = write_to_tmp(esp_relative_path_string(esp, initrd_path))?;