diff --git a/pkg/plugins/mellanox/mellanox_plugin.go b/pkg/plugins/mellanox/mellanox_plugin.go
index 46590e5e8..a6910925f 100644
--- a/pkg/plugins/mellanox/mellanox_plugin.go
+++ b/pkg/plugins/mellanox/mellanox_plugin.go
@@ -102,7 +102,7 @@ func (p *MellanoxPlugin) OnNodeStateChange(old, new *sriovnetworkv1.SriovNetwork
 		mellanoxNicsSpec[iface.PciAddress] = iface
 	}
 
-	if utils.IsKernelLockdownMode() {
+	if utils.IsKernelLockdownMode(false) {
 		if len(mellanoxNicsSpec) > 0 {
 			glog.Info("Lockdown mode detected, failing on interface update for mellanox devices")
 			return false, false, fmt.Errorf("Mellanox device detected when in lockdown mode")
@@ -180,7 +180,7 @@ func (p *MellanoxPlugin) OnNodeStateChange(old, new *sriovnetworkv1.SriovNetwork
 
 // Apply config change
 func (p *MellanoxPlugin) Apply() error {
-	if utils.IsKernelLockdownMode() {
+	if utils.IsKernelLockdownMode(false) {
 		glog.Info("mellanox-plugin Apply() - skipping due to lockdown mode")
 		return nil
 	}
diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
index c513c9c23..c4d106c87 100644
--- a/pkg/utils/utils.go
+++ b/pkg/utils/utils.go
@@ -138,7 +138,7 @@ func DiscoverSriovDevices() ([]sriovnetworkv1.InterfaceExt, error) {
 // SyncNodeState Attempt to update the node state to match the desired state
 //
 func SyncNodeState(newState *sriovnetworkv1.SriovNetworkNodeState) error {
-	if IsKernelLockdownMode() && hasMellanoxInterfacesInSpec(newState) {
+	if IsKernelLockdownMode(true) && hasMellanoxInterfacesInSpec(newState) {
 		glog.Warningf("cannot use mellanox devices when in kernel lockdown mode")
 		return fmt.Errorf("cannot use mellanox devices when in kernel lockdown mode")
 	}
@@ -704,8 +704,12 @@ func isSwitchdev(name string) bool {
 }
 
 // IsKernelLockdownMode returns true when kernel lockdown mode is enabled
-func IsKernelLockdownMode() bool {
-	out, err := RunCommand("cat", "/host/sys/kernel/security/lockdown")
+func IsKernelLockdownMode(chroot bool) bool {
+	path := "/sys/kernel/security/lockdown"
+	if !chroot {
+		path = "/host" + path
+	}
+	out, err := RunCommand("cat", path)
 	glog.V(2).Infof("IsKernelLockdownMode(): %s, %+v", out, err)
 	if err != nil {
 		return false