diff --git a/modules/nixos/services/base/default.nix b/modules/nixos/services/base/default.nix
index cdbbdef..3d60423 100644
--- a/modules/nixos/services/base/default.nix
+++ b/modules/nixos/services/base/default.nix
@@ -134,7 +134,6 @@ in
         timeout = 2;
       };
       initrd.systemd.enable = true;
-      kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
     };
 
     system.autoUpgrade = {
diff --git a/systems/x86_64-linux/sgx-nixos/default.nix b/systems/x86_64-linux/sgx-nixos/default.nix
index a8aa6ed..9fb13cb 100644
--- a/systems/x86_64-linux/sgx-nixos/default.nix
+++ b/systems/x86_64-linux/sgx-nixos/default.nix
@@ -5,6 +5,8 @@ with lib.metacfg;
   imports = [ ./hardware-configuration.nix ];
 
   boot.kernel.sysctl."net.ipv4.conf.all.route_localnet" = 1;
+  boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
+
   networking.firewall.extraCommands = ''
     iptables -t nat -A OUTPUT -o lo -p tcp --dport 8081 -j DNAT --to-destination 192.168.122.1:8081
     iptables -t nat -A POSTROUTING -j MASQUERADE
diff --git a/systems/x86_64-linux/x1/hardware-configuration.nix b/systems/x86_64-linux/x1/hardware-configuration.nix
index ce95bfa..cad1c30 100644
--- a/systems/x86_64-linux/x1/hardware-configuration.nix
+++ b/systems/x86_64-linux/x1/hardware-configuration.nix
@@ -10,6 +10,7 @@
 
   boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "uas" "usbhid" "sd_mod" ];
   boot.initrd.kernelModules = [ ];
+  boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
   boot.kernelModules = [ "kvm-intel" ];
   boot.kernelParams = [
     "lockdown=confidentiality"