diff --git a/kickstart/files/kickstart.cfg b/kickstart/files/kickstart.cfg
index 456066b1..3ec9e22c 100644
--- a/kickstart/files/kickstart.cfg
+++ b/kickstart/files/kickstart.cfg
@@ -1999,6 +1999,17 @@ udevadm settle --timeout=300 || report_failure_with_msg "udevadm settle failed"
 # Rescan LVM cache to avoid warnings for VGs that were recreated.
 pvscan --cache 2>/dev/null
 
+# Unverified GPG with kernel parameter instgpg!=1
+#   Verified GPG with kernel parameter instgpg=1
+if grep -q 'instgpg=1' /proc/cmdline 2>/dev/null; then
+    gpg_option=""
+else
+    # Tell LAT to enable --no-gpg-verify
+    export INSTGPG=0
+    gpg_option="--no-gpg-verify"
+    ilog "Enable LAT ${gpg_option} option to configure ostree for unverified GPG (gpg-verify=false)"
+fi
+
 # Stage the ostree_repo in /sysroot for network installations
 # of controller nodes. Doing so avoids a double ostree pull of
 # the huge ostree_repo over the network.
@@ -2057,14 +2068,14 @@ else
 
         ostree --repo=${repo} init --mode=archive
         if [ "${insturl}" = "file://NOT_SET" ] ; then
-            ilog "ostree_repo archive pull from file:///instboot/ostree_repo"
-            ostree --repo=${repo} remote add ${instbr} file:///instboot/ostree_repo
+            ilog "ostree_repo archive pull from file:///instboot/ostree_repo ${gpg_option}"
+            ostree --repo=${repo} remote add ${gpg_option} ${instbr} file:///instboot/ostree_repo
         else
-            ilog "ostree_repo archive pull from ${insturl}"
-            ostree --repo=${repo} remote add ${instbr} ${insturl}
+            ilog "ostree_repo archive pull from ${insturl} ${gpg_option}"
+            ostree --repo=${repo} remote add ${gpg_option} ${instbr} ${insturl}
         fi
 
-        ilog "Executing: ostree --repo=${repo} pull --depth=-1 --mirror ${instbr}:${instbr}"
+        ilog "Executing: ostree --repo=${repo} pull --depth=-1 --mirror ${instbr}:${instbr} ${gpg_option}"
         MAX_TRIES=3
         RETRY_WAIT=10
         for try in 1 2 3