diff --git a/src/install/kernel.rs b/src/install/kernel.rs
index 5f87dad..bb2f967 100644
--- a/src/install/kernel.rs
+++ b/src/install/kernel.rs
@@ -8,7 +8,7 @@ use crate::{
 };
 
 /// Setup initramfs
-pub fn setup_mkinitcpio(conf: &DriveConfig) {
+pub fn setup_mkinitcpio(conf: &DriveConfig, secure_env: bool) {
     #[cfg(target_arch = "x86_64")]
     {
         print_status("Writing /etc/mkinitcpio.d/linux.preset");
@@ -38,11 +38,21 @@ pub fn setup_mkinitcpio(conf: &DriveConfig) {
     }
 
     print_status("Writing /etc/mkinitcpio.conf");
-    install_file(
-        "/mnt/etc/mkinitcpio.conf",
-        include_str!("../root/mkinitcpio.conf"),
-        0o644,
-    );
+
+    let mut mkinitcpio = String::new();
+
+    if secure_env {
+        mkinitcpio.push_str("MODULES=(tpm_tis)\n");
+    } else {
+        mkinitcpio.push_str("MODULES=()\n");
+    }
+
+    mkinitcpio.push_str("BINARIES=()\n");
+    mkinitcpio.push_str("FILES=()\n");
+    mkinitcpio.push_str("HOOKS=(systemd plymouth autodetect microcode modconf kms keyboard sd-vconsole block sd-encrypt filesystems fsck)\n");
+    mkinitcpio.push_str("COMPRESSION=\"zstd\"\n");
+
+    install_file("/mnt/etc/mkinitcpio.conf", &mkinitcpio, 0o644);
 
     arch_chroot(&["mkinitcpio", "--allpresets"], None, true);
 }
diff --git a/src/install/mod.rs b/src/install/mod.rs
index 5c3751b..8e365b4 100644
--- a/src/install/mod.rs
+++ b/src/install/mod.rs
@@ -212,7 +212,7 @@ pub fn install_mnt(conf: InstallConfig, bare: bool) {
     setup_microcode();
     setup_fstrim();
     setup_bootloader();
-    setup_mkinitcpio(&conf.drive);
+    setup_mkinitcpio(&conf.drive, conf.general.secure_boot.unwrap_or(false));
 
     if bare && has_secure_boot() {
         if conf.general.secure_boot.unwrap_or(true) {
diff --git a/src/install/user.rs b/src/install/user.rs
index 3ff7ad7..8853cb5 100644
--- a/src/install/user.rs
+++ b/src/install/user.rs
@@ -13,7 +13,11 @@ pub fn change_passwd(user: &str, pw: &str) {
 pub fn setup_users(conf: &[UserConfig]) {
     if !conf.is_empty() {
         install_pkgs(&["doas"]);
-        install_file("/mnt/etc/doas.conf", "permit persist :wheel as root", 0o644);
+        install_file(
+            "/mnt/etc/doas.conf",
+            "permit persist :wheel as root\n",
+            0o644,
+        );
     }
 
     for user in conf {
diff --git a/src/root/mkinitcpio.conf b/src/root/mkinitcpio.conf
deleted file mode 100644
index cce4662..0000000
--- a/src/root/mkinitcpio.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-MODULES=(tpm_tis)
-BINARIES=()
-FILES=()
-HOOKS=(systemd plymouth autodetect microcode modconf kms keyboard sd-vconsole block sd-encrypt filesystems fsck)
-COMPRESSION="zstd"