diff --git a/Containerfile b/Containerfile
index 6ca98256662..6fbf2705d82 100644
--- a/Containerfile
+++ b/Containerfile
@@ -158,6 +158,7 @@ RUN wget https://raw.githubusercontent.com/ahmetb/kubectx/master/kubectx -O /usr
 # Set up services
 RUN systemctl enable docker.service && \
     systemctl enable podman.socket && \
+    systemctl enable swtpm-workaround.service && \
     systemctl enable --global bluefin-dx-user-vscode.service && \
     systemctl disable pmie.service && \
     systemctl disable pmlogger.service
diff --git a/dx/usr/lib/systemd/system/swtpm-workaround.service b/dx/usr/lib/systemd/system/swtpm-workaround.service
new file mode 100644
index 00000000000..5a93f6ebed5
--- /dev/null
+++ b/dx/usr/lib/systemd/system/swtpm-workaround.service
@@ -0,0 +1,20 @@
+[Unit]
+Description=Workaround swtpm not having the correct label
+ConditionFileIsExecutable=/usr/bin/swtpm
+After=local-fs.target
+
+[Service]
+Type=oneshot
+# Copy if it doens't exist
+ExecStartPre=/usr/bin/bash -c "[ -x /usr/local/bin/.swtpm ] || /usr/bin/cp /usr/bin/swtpm /usr/local/bin/.swtpm"
+# This is faster than using .mount unit. Also allows for the previous line/cleanup
+ExecStartPre=/usr/bin/mount --bind /usr/local/bin/.swtpm /usr/bin/swtpm
+# Fix SELinux label
+ExecStart=/usr/sbin/restorecon /usr/bin/swtpm
+# Clean-up after ourselves
+ExecStop=/usr/bin/umount /usr/bin/swtpm
+ExecStop=/usr/bin/rm /usr/local/bin/.swtpm
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file
diff --git a/dx/usr/lib/tmpfiles.d/swtpm-workaround.conf b/dx/usr/lib/tmpfiles.d/swtpm-workaround.conf
new file mode 100644
index 00000000000..bf20bf6457b
--- /dev/null
+++ b/dx/usr/lib/tmpfiles.d/swtpm-workaround.conf
@@ -0,0 +1,2 @@
+C /usr/local/bin/.swtpm - - - - /usr/bin/swtpm
+d /var/lib/swtpm-localca 0750 tss tss - -
\ No newline at end of file