diff --git a/etc/sysctl.d/30_security-misc.conf b/etc/sysctl.d/30_security-misc.conf
index 1ebd116..d66566f 100644
--- a/etc/sysctl.d/30_security-misc.conf
+++ b/etc/sysctl.d/30_security-misc.conf
@@ -8,6 +8,10 @@ kernel.core_pattern=|/bin/false
 ## Restricts the kernel log to root only.
 kernel.dmesg_restrict=1
 
+## Prevent kernel info leaks in console during boot.
+## https://phabricator.whonix.org/T950
+kernel.printk = 3 3 3 3
+
 ## Don't allow writes to files that we don't own
 ## in world writable sticky directories, unless
 ## they are owned by the owner of the directory.