diff --git a/etc/default/grub.d/40_cpu_mitigations.cfg b/etc/default/grub.d/40_cpu_mitigations.cfg
index e426673..1b900c0 100644
--- a/etc/default/grub.d/40_cpu_mitigations.cfg
+++ b/etc/default/grub.d/40_cpu_mitigations.cfg
@@ -47,10 +47,12 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX spectre_v2=on"
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX spectre_bhi=on"
 
 ## Disable Speculative Store Bypass (Spectre Variant 4).
+## Unconditionally enable mitigation for both kernel and userspace.
 ##
 ## https://www.suse.com/support/kb/doc/?id=000019189
 ##
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX spec_store_bypass_disable=on"
+GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX ssbd=force-on"
 
 ## Enable mitigations for the L1TF vulnerability through disabling SMT
 ## and L1D flush runtime control.