diff --git a/flake.nix b/flake.nix
index d526fb1..808bd61 100644
--- a/flake.nix
+++ b/flake.nix
@@ -176,7 +176,7 @@
             virtualisation = {
               useBootLoader = true;
               useEFIBoot = true;
-              useSecureBoot = true;
+              useSecureBoot = false;
             };
 
             boot.loader.efi = {
diff --git a/nix/lanzaboote.nix b/nix/lanzaboote.nix
index 08667b2..dc27a8f 100644
--- a/nix/lanzaboote.nix
+++ b/nix/lanzaboote.nix
@@ -40,7 +40,7 @@ in
         mkdir -p /tmp/pki
         cp -r ${cfg.pkiBundle}/* /tmp/pki
         ${sbctlWithPki}/bin/sbctl enroll-keys --yes-this-might-brick-my-machine
-        ${cfg.package}/bin/lanzatool install ${cfg.publicKeyFile} ${cfg.privateKeyFile} "$@"
+        ${cfg.package}/bin/lanzatool install --pki-bundle ${cfg.pkiBundle} --public-key ${cfg.publicKeyFile} --private-key ${cfg.privateKeyFile} "$@"
       ''}/bin/bootinstall";
       # ${cfg.package}/bin/lanzatool install ${optionalString cfg.enrollKeys "--auto-enroll"} --pki-bundle ${cfg.pkiBundle}
     };