diff --git a/arch/x86_64/src/common/Toolchain.defs b/arch/x86_64/src/common/Toolchain.defs
index cd679208260..b3f36be40f8 100644
--- a/arch/x86_64/src/common/Toolchain.defs
+++ b/arch/x86_64/src/common/Toolchain.defs
@@ -32,6 +32,10 @@ ARCHCPUFLAGS = -fPIC -fno-stack-protector -mno-red-zone -mrdrnd
 ARCHPICFLAGS = -fPIC
 ARCHWARNINGS = -Wall -Wstrict-prototypes -Wshadow -Wundef
 
+ifeq ($(CONFIG_ARCH_INTEL64_DISABLE_CET),y)
+  ARCHOPTIMIZATION += -fcf-protection=none
+endif
+
 # We have to use a cross-development toolchain under Cygwin because the native
 # Cygwin toolchains don't generate ELF binaries.
 
diff --git a/arch/x86_64/src/intel64/Kconfig b/arch/x86_64/src/intel64/Kconfig
index e8a17fde9ec..53ce634be6c 100644
--- a/arch/x86_64/src/intel64/Kconfig
+++ b/arch/x86_64/src/intel64/Kconfig
@@ -195,4 +195,13 @@ config ARCH_INTEL64_DISABLE_INT_INIT
 		controllers. This is necessary if those are already
 		initialized, i.e. Jailhouse system.
 
+config ARCH_INTEL64_DISABLE_CET
+	bool "Disable CET completely"
+	---help---
+		Intel CET (Control-flow Enforcement Technology) is a hardware
+		enhancement aimed at mitigating the Retpoline vulnerability.
+		It inserts the endbr64 instruction at the beginning of functions,
+		which may impact CPU branch prediction performance.
+
+
 endif