diff --git a/lib/src/install.rs b/lib/src/install.rs
index fa97452c4..7dd910fe2 100644
--- a/lib/src/install.rs
+++ b/lib/src/install.rs
@@ -925,6 +925,38 @@ pub(crate) fn setup_tmp_mounts() -> Result<()> {
     Ok(())
 }
 
+#[context("Ensuring sys mounts")]
+pub(crate) fn setup_sys_mounts() -> Result<()> {
+    tracing::debug!("Setting up sys mounts");
+    // First of all, does efivars even exist in the host? If not, we are
+    // not dealing with an EFI system
+    let _ = rustix::fs::lstat("/proc/1/root/sys/firmware/efi/efivars")?;
+
+    // Now, let's find out if it's populated
+    let od = rustix::fs::open(
+        "/proc/1/root/sys/firmware/efi/efivars",
+        rustix::fs::OFlags::DIRECTORY,
+        rustix::fs::Mode::empty(),
+    )?;
+
+    let dir_populated = rustix::fs::Dir::read_from(od)?.next().is_some();
+    if dir_populated {
+        // This means the host has this mounted, so we should mount it too
+        tracing::debug!("mounting efivarfs");
+
+        // This looks to be a workaround for a problem elsewhere. Not sure if
+        // it's in podman, but just attempting to mount this is enough to trigger
+        // it being populated even when there is an existing mount.
+        // Given that, we will just try to mount and ignore the result.
+        let _ = Task::new_and_run(
+            "Mounting efivarfs /sys/firmware/efi/efivars",
+            "mount",
+            ["efivarfs", "-t", "efivarfs", "/sys/firmware/efi/efivars"],
+        );
+    }
+    Ok(())
+}
+
 /// Verify that we can load the manifest of the target image
 #[context("Verifying fetch")]
 async fn verify_target_fetch(imgref: &ostree_container::OstreeImageReference) -> Result<()> {
@@ -1020,6 +1052,8 @@ async fn prepare_install(
         super::cli::ensure_self_unshared_mount_namespace().await?;
     }
 
+    setup_sys_mounts()?;
+
     // Now, deal with SELinux state.
     let (override_disable_selinux, setenforce_guard) =
         reexecute_self_for_selinux_if_needed(&source, config_opts.disable_selinux)?;