diff --git a/lib/systemd/system-preset/50-security-misc.preset b/lib/systemd/system-preset/50-security-misc.preset
index aee8b99..be35459 100644
--- a/lib/systemd/system-preset/50-security-misc.preset
+++ b/lib/systemd/system-preset/50-security-misc.preset
@@ -7,5 +7,8 @@ disable hide-hardware-info.service
 ## Disable for now until development finished / tested.
 disable permission-hardening.service
 
+## Disable for now until development finished / tested.
+disable remount-secure.service
+
 ## Disable due to pkexec issues.
 disable proc-hidepid.service
diff --git a/lib/systemd/system/remount-secure.service b/lib/systemd/system/remount-secure.service
new file mode 100644
index 0000000..ba6e017
--- /dev/null
+++ b/lib/systemd/system/remount-secure.service
@@ -0,0 +1,21 @@
+## Copyright (C) 2019 - 2023 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
+## See the file COPYING for copying conditions.
+
+[Unit]
+Description=remount /home /tmp /dev/shm /run with nosuid,nodev (default) and noexec (opt-in)
+Documentation=https://github.com/Kicksecure/security-misc
+
+DefaultDependencies=no
+Before=sysinit.target
+Requires=local-fs.target
+After=local-fs.target
+
+After=qubes-sysinit.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/bin/remount-secure
+
+[Install]
+WantedBy=sysinit.target