diff --git a/docs/grub.texi b/docs/grub.texi
index 4ce31c2d4..5dbb02f1c 100644
--- a/docs/grub.texi
+++ b/docs/grub.texi
@@ -4139,6 +4139,10 @@ this page is to be filtered.  This syntax makes it easy to represent patterns
 that are often result of memory damage, due to physical distribution of memory
 cells.
 
+Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}).
+      This prevents removing EFI memory regions to potentially subvert the
+      security mechanisms provided by the UEFI secure boot.
+
 @node blocklist
 @subsection blocklist
 
diff --git a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c
index 64684c23d..3cae68364 100644
--- a/grub-core/mmap/mmap.c
+++ b/grub-core/mmap/mmap.c
@@ -20,6 +20,7 @@
 #include <grub/memory.h>
 #include <grub/machine/memory.h>
 #include <grub/err.h>
+#include <grub/lockdown.h>
 #include <grub/misc.h>
 #include <grub/mm.h>
 #include <grub/command.h>
@@ -534,12 +535,12 @@ static grub_command_t cmd, cmd_cut;
 
 GRUB_MOD_INIT(mmap)
 {
-  cmd = grub_register_command ("badram", grub_cmd_badram,
-			       N_("ADDR1,MASK1[,ADDR2,MASK2[,...]]"),
-			       N_("Declare memory regions as faulty (badram)."));
-  cmd_cut = grub_register_command ("cutmem", grub_cmd_cutmem,
-				   N_("FROM[K|M|G] TO[K|M|G]"),
-				   N_("Remove any memory regions in specified range."));
+  cmd = grub_register_command_lockdown ("badram", grub_cmd_badram,
+                                        N_("ADDR1,MASK1[,ADDR2,MASK2[,...]]"),
+                                        N_("Declare memory regions as faulty (badram)."));
+  cmd_cut = grub_register_command_lockdown ("cutmem", grub_cmd_cutmem,
+                                            N_("FROM[K|M|G] TO[K|M|G]"),
+                                            N_("Remove any memory regions in specified range."));
 
 }