diff --git a/bootstrapvz/providers/azure/tasks/boot.py b/bootstrapvz/providers/azure/tasks/boot.py
index 6685e08..b967bef 100644
--- a/bootstrapvz/providers/azure/tasks/boot.py
+++ b/bootstrapvz/providers/azure/tasks/boot.py
@@ -33,4 +33,14 @@ class ConfigureGrub(Task):
             'earlyprintk=ttyS0,115200',
             'rootdelay=300',
             'elevator=noop',
+            'noibrs',
+            'noibpb',
+            'nopti',
+            'nospectre_v2',
+            'nospectre_v1',
+            'l1tf=off',
+            'nospec_store_bypass_disable',
+            'no_stf_barrier',
+            'mds=off',
+            'mitigations=off',
         ])
diff --git a/bootstrapvz/providers/ec2/tasks/boot.py b/bootstrapvz/providers/ec2/tasks/boot.py
index 9ef6493..b0d392b 100644
--- a/bootstrapvz/providers/ec2/tasks/boot.py
+++ b/bootstrapvz/providers/ec2/tasks/boot.py
@@ -70,6 +70,16 @@ class ConfigurePVGrub(Task):
         info.grub_config['GRUB_CMDLINE_LINUX'].extend([
             'consoleblank=0',
             'elevator=noop',
+            'noibrs',
+            'noibpb',
+            'nopti',
+            'nospectre_v2',
+            'nospectre_v1',
+            'l1tf=off',
+            'nospec_store_bypass_disable',
+            'no_stf_barrier',
+            'mds=off',
+            'mitigations=off',
         ])
 
 
diff --git a/bootstrapvz/providers/gce/tasks/boot.py b/bootstrapvz/providers/gce/tasks/boot.py
index d0f0e7b..9071f6c 100644
--- a/bootstrapvz/providers/gce/tasks/boot.py
+++ b/bootstrapvz/providers/gce/tasks/boot.py
@@ -10,8 +10,22 @@ class ConfigureGrub(Task):
 
     @classmethod
     def run(cls, info):
-        info.grub_config['GRUB_CMDLINE_LINUX'].append('console=ttyS0,38400n8')
-        info.grub_config['GRUB_CMDLINE_LINUX'].append('elevator=noop')
+        info.grub_config['GRUB_CMDLINE_LINUX'].extend([
+            'console=ttyS0,38400n8',
+            'elevator=noop',
+            'consoleblank=0',
+            'elevator=noop',
+            'noibrs',
+            'noibpb',
+            'nopti',
+            'nospectre_v2',
+            'nospectre_v1',
+            'l1tf=off',
+            'nospec_store_bypass_disable',
+            'no_stf_barrier',
+            'mds=off',
+            'mitigations=off',
+        ])
         # Enable SCSI block multiqueue on Stretch.
         from bootstrapvz.common.releases import stretch
         if info.manifest.release >= stretch:
diff --git a/bootstrapvz/providers/kvm/tasks/boot.py b/bootstrapvz/providers/kvm/tasks/boot.py
index 2aac885..3c8d1a3 100644
--- a/bootstrapvz/providers/kvm/tasks/boot.py
+++ b/bootstrapvz/providers/kvm/tasks/boot.py
@@ -18,6 +18,16 @@ class SetGrubConsolOutputDeviceToVirtual(Task):
             'console=tty0',
             'consoleblank=0',
             'elevator=noop',
+            'noibrs',
+            'noibpb',
+            'nopti',
+            'nospectre_v2',
+            'nospectre_v1',
+            'l1tf=off',
+            'nospec_store_bypass_disable',
+            'no_stf_barrier',
+            'mds=off',
+            'mitigations=off',
         ])
 
 
diff --git a/bootstrapvz/providers/virtualbox/tasks/boot.py b/bootstrapvz/providers/virtualbox/tasks/boot.py
index 7d6dac1..cd752d0 100644
--- a/bootstrapvz/providers/virtualbox/tasks/boot.py
+++ b/bootstrapvz/providers/virtualbox/tasks/boot.py
@@ -15,4 +15,14 @@ class AddVirtualConsoleGrubOutputDevice(Task):
             'console=tty0',
             'consoleblank=0',
             'elevator=noop',
+            'noibrs',
+            'noibpb',
+            'nopti',
+            'nospectre_v2',
+            'nospectre_v1',
+            'l1tf=off',
+            'nospec_store_bypass_disable',
+            'no_stf_barrier',
+            'mds=off',
+            'mitigations=off',
         ])