diff --git a/init/main.c b/init/main.c
index 7bbce78cdccf370b3f210ac990fc425075231547..ba7da8fe83ea1dc526b312e4b2e6d81e183719eb 100644
--- a/init/main.c
+++ b/init/main.c
@@ -573,6 +573,7 @@ static int __init unknown_bootoption(char *param, char *val,
 	return 0;
 }
 
+#ifndef CONFIG_SECURITY_BOOT_INIT
 static int __init init_setup(char *str)
 {
 	unsigned int i;
@@ -601,6 +602,7 @@ static int __init rdinit_setup(char *str)
 	return 1;
 }
 __setup("rdinit=", rdinit_setup);
+#endif
 
 #ifndef CONFIG_SMP
 static const unsigned int setup_max_cpus = NR_CPUS;
diff --git a/security/Kconfig b/security/Kconfig
index 52c9af08ad35d3d31995337d4643b26c015f75ca..9a6b9a115bb935c071f5c7b8c6fa8b3fa7a18b67 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -249,5 +249,11 @@ config LSM
 
 source "security/Kconfig.hardening"
 
+config SECURITY_BOOT_INIT
+       bool "Disable init & rdinit parameters in cmdline"
+       default n
+       help
+         No support init and rdinit parameters in cmdline
+
 endmenu