diff --git a/mkosi.conf b/mkosi.conf
index 225dcfb3..e5d2c323 100644
--- a/mkosi.conf
+++ b/mkosi.conf
@@ -24,7 +24,6 @@ KernelCommandLine=
         root=dissect
         mount.usr=dissect
         rw
-        audit=0
         systemd.image_policy=esp=unprotected:xbootldr=unprotected+unused+absent:usr=signed:root=encrypted+absent:swap=encrypted+unused+absent:home=unprotected+absent:=ignore
         systemd.image_filter=usr=ParticleOS_*:usr-verity=ParticleOS_*:usr-verity-sig=ParticleOS_*:root=ParticleOS-*:swap=ParticleOS-*:home=ParticleOS-*
         ipe.enforce=0
diff --git a/mkosi.conf.d/audit.conf b/mkosi.conf.d/audit.conf
new file mode 100644
index 00000000..ae02099b
--- /dev/null
+++ b/mkosi.conf.d/audit.conf
@@ -0,0 +1,7 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Profiles=!audit
+
+[Runtime]
+KernelCommandLineExtra=audit=0
diff --git a/mkosi.extra/usr/lib/tmpfiles.d/etc.conf b/mkosi.extra/usr/lib/tmpfiles.d/etc.conf
index 9e3fcd47..2ec8960d 100644
--- a/mkosi.extra/usr/lib/tmpfiles.d/etc.conf
+++ b/mkosi.extra/usr/lib/tmpfiles.d/etc.conf
@@ -74,3 +74,5 @@ L? /etc/manpath.config
 L? /etc/wpa_supplicant/wpa_supplicant.conf
 # Make sure flatpak's XDG_DATA_DIR integration works
 L? /etc/profile.d/flatpak.sh
+# Required for audit profile
+L? /etc/audit
diff --git a/mkosi.profiles/audit/mkosi.conf.d/fedora/mkosi.conf b/mkosi.profiles/audit/mkosi.conf.d/fedora/mkosi.conf
new file mode 100644
index 00000000..f65793bd
--- /dev/null
+++ b/mkosi.profiles/audit/mkosi.conf.d/fedora/mkosi.conf
@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=fedora
+
+[Content]
+Packages=
+        audit-rules
+        audit
diff --git a/mkosi.uki-profiles/10-live.conf b/mkosi.uki-profiles/10-live.conf
index 84b6f819..3591f66e 100644
--- a/mkosi.uki-profiles/10-live.conf
+++ b/mkosi.uki-profiles/10-live.conf
@@ -17,7 +17,6 @@ Cmdline=
         systemd.journald.forward_to_console=1
         systemd.journald.max_level_console=warning
         rw
-        audit=0
         systemd.image_policy=esp=unprotected:xbootldr=unprotected+unused+absent:usr=signed:=ignore
         systemd.image_filter=usr=ParticleOS_*:usr-verity=ParticleOS_*:usr-verity-sig=ParticleOS_*
         ipe.enforce=0
diff --git a/mkosi.uki-profiles/20-ipe.conf b/mkosi.uki-profiles/20-ipe.conf
index 7881ed39..12412447 100644
--- a/mkosi.uki-profiles/20-ipe.conf
+++ b/mkosi.uki-profiles/20-ipe.conf
@@ -10,7 +10,6 @@ Cmdline=
         mount.usr=dissect
         systemd.verity_usr_options=root-hash-signature=auto
         rw
-        audit=0
         systemd.image_policy=esp=unprotected:xbootldr=unprotected+unused+absent:usr=signed:root=encrypted+absent:swap=encrypted+unused+absent:home=unprotected+absent:=ignore
         systemd.image_filter=usr=ParticleOS_*:usr-verity=ParticleOS_*:usr-verity-sig=ParticleOS_*:root=ParticleOS-*:swap=ParticleOS-*:home=ParticleOS-*
         ipe.enforce=1
diff --git a/mkosi.uki-profiles/80-storagetm.conf b/mkosi.uki-profiles/80-storagetm.conf
index 12aa9e4b..14baa9db 100644
--- a/mkosi.uki-profiles/80-storagetm.conf
+++ b/mkosi.uki-profiles/80-storagetm.conf
@@ -9,7 +9,6 @@ Cmdline=
         rd.systemd.unit=storage-target-mode.target
         ip=any
         ro
-        audit=0
         systemd.image_policy=-
         root=off
         ipe.enforce=0
diff --git a/mkosi.uki-profiles/90-factory-reset.conf b/mkosi.uki-profiles/90-factory-reset.conf
index 7b2be747..3cb419d6 100644
--- a/mkosi.uki-profiles/90-factory-reset.conf
+++ b/mkosi.uki-profiles/90-factory-reset.conf
@@ -10,7 +10,6 @@ Cmdline=
         mount.usr=dissect
         systemd.factory_reset=1
         rw
-        audit=0
         systemd.image_policy=esp=unprotected:xbootldr=unprotected+unused+absent:usr=signed:root=encrypted+absent:swap=encrypted+unused+absent:home=unprotected+absent:=ignore
         systemd.image_filter=usr=ParticleOS_*:usr-verity=ParticleOS_*:usr-verity-sig=ParticleOS_*:root=ParticleOS-*:swap=ParticleOS-*:home=ParticleOS-*
         ipe.enforce=0
diff --git a/mkosi.uki-profiles/91-factory-reset-with-tpm-clear.conf b/mkosi.uki-profiles/91-factory-reset-with-tpm-clear.conf
index 264b42fa..fbf4d8b1 100644
--- a/mkosi.uki-profiles/91-factory-reset-with-tpm-clear.conf
+++ b/mkosi.uki-profiles/91-factory-reset-with-tpm-clear.conf
@@ -8,7 +8,6 @@ Profile=
 Cmdline=
         rd.systemd.unit=factory-reset.target
         ro
-        audit=0
         systemd.image_policy=-
         root=off
         ipe.enforce=0
diff --git a/mkosi.uki-profiles/95-emergency.conf b/mkosi.uki-profiles/95-emergency.conf
index 051cca09..a1bce8b9 100644
--- a/mkosi.uki-profiles/95-emergency.conf
+++ b/mkosi.uki-profiles/95-emergency.conf
@@ -10,7 +10,6 @@ Cmdline=
         mount.usr=dissect
         systemd.unit=emergency.target
         rw
-        audit=0
         systemd.image_policy=esp=unprotected:xbootldr=unprotected+unused+absent:usr=signed:root=encrypted+absent:swap=encrypted+unused+absent:home=unprotected+absent:=ignore
         systemd.image_filter=usr=ParticleOS_*:usr-verity=ParticleOS_*:usr-verity-sig=ParticleOS_*:root=ParticleOS-*:swap=ParticleOS-*:home=ParticleOS-*
         ipe.enforce=0
diff --git a/mkosi.uki-profiles/99-debug.conf b/mkosi.uki-profiles/99-debug.conf
index 533e527e..2d40fc1f 100644
--- a/mkosi.uki-profiles/99-debug.conf
+++ b/mkosi.uki-profiles/99-debug.conf
@@ -12,7 +12,6 @@ Cmdline=
         systemd.log_level=debug
         systemd.journald.forward_to_console=1
         rw
-        audit=0
         systemd.image_policy=esp=unprotected:xbootldr=unprotected+unused+absent:usr=signed:root=encrypted+absent:swap=encrypted+unused+absent:home=unprotected+absent:=ignore
         systemd.image_filter=usr=ParticleOS_*:usr-verity=ParticleOS_*:usr-verity-sig=ParticleOS_*:root=ParticleOS-*:swap=ParticleOS-*:home=ParticleOS-*
         ipe.enforce=0