diff --git a/packages/system/systemd/build.yaml b/packages/system/systemd/build.yaml
index a7c7fde..0ef5a6f 100644
--- a/packages/system/systemd/build.yaml
+++ b/packages/system/systemd/build.yaml
@@ -3,25 +3,39 @@ image: {{ .Values.image }}
 package_dir: /package
 
 prelude:
-  - dnf update -y && dnf install -y gcc meson git ninja-build gperf libpcap libcap libcap-devel cmake libmount-devel python3-jinja2 rsync diffutils python3-pyelftools
+  - dnf update -y && dnf install -y gcc meson git ninja-build gperf libpcap libcap libcap-devel cmake libmount-devel python3-jinja2 rsync diffutils python3-pyelftools openssl-devel tpm2-*
   - mkdir -p src/
   - PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && cd src/ && git clone --branch v${PACKAGE_VERSION} https://github.com/systemd/systemd.git
 
 steps:
   # Minimal systemd build, remove almost everything, we only interested in the efi boot files
-  - cd src/systemd && meson setup build -Dmode=release -Dbootloader=true -Defi=true -Dnss-resolve=disabled -Dlogind=false -Dcoredump=false -Dhomed=disabled -Dfirstboot=false -Dhostnamed=false -Dhibernate=false -Dinitrd=false -Dimportd=false -Dkernel-install=false -Dlocaled=false -Dmachined=false -Dnetworkd=false -Dnss-myhostname=false -Dnss-mymachines=false -Dnss-systemd=false -Doomd=false -Dportabled=false -Dhwdb=false -Dpstore=false -Dquotacheck=false -Drandomseed=false -Drepart=false -Dresolve=false -Drfkill=false -Dsysext=false -Danalyze=false -Dsysupdate=false -Dsysusers=false -Dstoragetm=false -Dtimedated=false -Dtimesyncd=false -Dtmpfiles=false -Duserdb=false -Dvconsole=false -Dxdg-autostart=false -Didn=false -Dpolkit=false -Dnscd=false -Dkmod=false -Ddbus=false -Dglib=false -Dbacklight=false -Dldconfig=false -Dgshadow=false -Dwheel-group=false -Dadm-group=false -Dxkbcommon=false -Dzstd=false -Dlz4=false -Dutmp=false -Dlink-udev-shared=false -Dlink-systemctl-shared=false -Dlink-networkd-shared=false -Dlink-timesyncd-shared=false -Dlink-journalctl-shared=false -Dlink-boot-shared=false -Dlink-portabled-shared=false -Dblkid=false -Denvironment-d=false -Dqrencode=false -Dpwquality=false -Dlibcurl=false -Dfdisk=false -Dlibidn2=false -Dlibiptc=false -Dopenssl=false -Ddns-over-tls=false -Didn=false -Dgnutls=false -Dp11kit=false -Dlibidn=false -Dlibidn2=false -Dgcrypt=false -Dxz=false -Dzlib=false -Dbzip2=false
+  # To get systemd-measure to build we need to set blkid, openssl and bootloader to true
+  # Set also the shared lib name with an appended kairos so we can use it everywhere without overwriting the system one
+  - PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && cd src/systemd && meson setup build -Dmode=release -Dbootloader=true -Defi=true -Dblkid=true -Dopenssl=true -Dshared-lib-tag=${PACKAGE_VERSION}-kairos -Dnss-resolve=disabled -Dlogind=false -Dcoredump=false -Dhomed=disabled -Dfirstboot=false -Dhostnamed=false -Dhibernate=false -Dinitrd=false -Dimportd=false -Dkernel-install=false -Dlocaled=false -Dmachined=false -Dnetworkd=false -Dnss-myhostname=false -Dnss-mymachines=false -Dnss-systemd=false -Doomd=false -Dportabled=false -Dhwdb=false -Dpstore=false -Dquotacheck=false -Drandomseed=false -Drepart=false -Dresolve=false -Drfkill=false -Dsysext=false -Danalyze=false -Dsysupdate=false -Dsysusers=false -Dstoragetm=false -Dtimedated=false -Dtimesyncd=false -Dtmpfiles=false -Duserdb=false -Dvconsole=false -Dxdg-autostart=false -Didn=false -Dpolkit=false -Dnscd=false -Dkmod=false -Ddbus=false -Dglib=false -Dbacklight=false -Dldconfig=false -Dgshadow=false -Dwheel-group=false -Dadm-group=false -Dxkbcommon=false -Dzstd=false -Dlz4=false -Dutmp=false -Dlink-udev-shared=false -Dlink-systemctl-shared=false -Dlink-networkd-shared=false -Dlink-timesyncd-shared=false -Dlink-journalctl-shared=false -Dlink-boot-shared=false -Dlink-portabled-shared=false -Denvironment-d=false -Dqrencode=false -Dpwquality=false -Dlibcurl=false -Dfdisk=false -Dlibidn2=false -Dlibiptc=false -Ddns-over-tls=false -Didn=false -Dgnutls=false -Dp11kit=false -Dlibidn=false -Dlibidn2=false -Dgcrypt=false -Dxz=false -Dzlib=false -Dbzip2=false
   - cd src/systemd && ninja -C build
+{{if eq .Values.name "systemd-boot"}}
   # Artifacts located at src/systemd/build/src/boot/efi/
   # change the x64 to aa64 for arm64
   - mkdir -p /package/usr/kairos/
-{{ if .Values.arch }}
-  {{ if eq .Values.arch "arm64" }}
+  {{ if .Values.arch }}
+    {{ if eq .Values.arch "arm64" }}
   - cp src/systemd/build/src/boot/efi/systemd-bootaa64.efi /package/usr/kairos/
   - cp src/systemd/build/src/boot/efi/linuxaa64.efi.stub /package/usr/kairos/
   - cp src/systemd/build/src/boot/efi/addonaa64.efi.stub /package/usr/kairos/
-  {{else}}
+    {{else}}
   - cp src/systemd/build/src/boot/efi/systemd-bootx64.efi /package/usr/kairos/
   - cp src/systemd/build/src/boot/efi/linuxx64.efi.stub /package/usr/kairos/
   - cp src/systemd/build/src/boot/efi/addonx64.efi.stub /package/usr/kairos/
+    {{end}}
   {{end}}
+{{else if eq .Values.name "systemd-ukify"}}
+  - mkdir -p /package/usr/lib/systemd/
+  - mkdir -p /package/usr/bin/
+  # ukify calls systemd-measure to measure and sign
+  - cp src/systemd/build/systemd-measure /package/usr/lib/systemd/
+  - PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && cp src/systemd/build/src/shared/libsystemd-shared-${PACKAGE_VERSION}-kairos.so /package/usr/lib/systemd/
+  # ukify is copied in two places according to upstream, I guess to maintain backwards compatibility
+  - cp src/systemd/build/ukify /package/usr/bin/
+  - cp src/systemd/build/ukify /package/usr/lib/systemd/
 {{end}}
+  - ls -ltra /package
diff --git a/packages/system/systemd/collection.yaml b/packages/system/systemd/collection.yaml
index 921ebec..eed8141 100644
--- a/packages/system/systemd/collection.yaml
+++ b/packages/system/systemd/collection.yaml
@@ -7,3 +7,11 @@ packages:
       github.repo: "systemd"
       autobump.revdeps: "true"
       github.owner: "systemd"
+  - name: "systemd-ukify"
+    category: "system"
+    version: "255+1"
+    image: "fedora:39"
+    labels:
+      github.repo: "systemd"
+      autobump.revdeps: "true"
+      github.owner: "systemd"
\ No newline at end of file