diff --git a/modules/security/apparmor.nix b/modules/security/apparmor.nix
index 46bbb5374d9..ec371e55423 100644
--- a/modules/security/apparmor.nix
+++ b/modules/security/apparmor.nix
@@ -35,6 +35,11 @@ AppArmor.
 
   config = mkIf (cfg.enable) {
 
+    assertions = [ { assertion = config.boot.kernelPackages.kernel.features ? apparmor
+                               && config.boot.kernelPackages.kernel.features.apparmor;
+                     message = "AppArmor is enabled, but the kernel doesn't have AppArmor support"; }
+                 ];
+
     jobs.apparmor =
       { startOn = "startup";