diff --git a/podvm-mkosi/mkosi.postinst b/podvm-mkosi/mkosi.postinst
index ef2bfb5d22..b09f7fd42f 100755
--- a/podvm-mkosi/mkosi.postinst
+++ b/podvm-mkosi/mkosi.postinst
@@ -12,3 +12,12 @@ mv "${BUILDROOT}/etc/issue.d" "${BUILDROOT}/usr/lib/issue.d" || true
   echo "IMAGE_VERSION=\"${IMAGE_VERSION-v0.0.0}\""
   echo "VARIANT_ID=\"${VARIANT_ID}\""
 } >> "${BUILDROOT}/etc/os-release"
+
+# mask unwanted sytemd units that measure a bunch of stuff into the vTPM
+ln -s /dev/null "${BUILDROOT}/etc/systemd/system/systemd-pcrmachine.service"
+ln -s /dev/null "${BUILDROOT}/etc/systemd/system/systemd-pcrfs-root.service"
+ln -s /dev/null "${BUILDROOT}/etc/systemd/system/systemd-pcrfs@.service"
+ln -s /dev/null "${BUILDROOT}/etc/systemd/system/systemd-pcrphase@.service"
+ln -s /dev/null "${BUILDROOT}/etc/systemd/system/systemd-pcrphase-initrd.service"
+ln -s /dev/null "${BUILDROOT}/etc/systemd/system/systemd-pcrphase-sysinit.service"
+ln -s /dev/null "${BUILDROOT}/etc/systemd/system/systemd-pcrphase.service"
diff --git a/podvm-mkosi/mkosi.presets/system/mkosi.conf.d/fedora.conf b/podvm-mkosi/mkosi.presets/system/mkosi.conf.d/fedora.conf
index e3bf7b1da6..32b07a0d57 100644
--- a/podvm-mkosi/mkosi.presets/system/mkosi.conf.d/fedora.conf
+++ b/podvm-mkosi/mkosi.presets/system/mkosi.conf.d/fedora.conf
@@ -27,3 +27,9 @@ Packages=
 
 RemoveFiles=/etc/issue
 RemoveFiles=/etc/issue.net
+
+# Remove for reproducible builds
+RemoveFiles=/var/log
+RemoveFiles=/var/cache
+RemoveFiles=/etc/pki/ca-trust/extracted/java/cacerts
+            /usr/lib/sysimage/libdnf5/transaction_history.sqlite*