diff --git a/builder/tests/test_securedrop_deb_package.py b/builder/tests/test_securedrop_deb_package.py
index 46c92c99ac..0c87503b36 100644
--- a/builder/tests/test_securedrop_deb_package.py
+++ b/builder/tests/test_securedrop_deb_package.py
@@ -130,3 +130,22 @@ def test_apparmor_conditional():
 
     print(info)
     assert found, "Depends: line wasn't found"
+
+
+def test_systemd_conditional():
+    try:
+        path = [pkg for pkg in DEB_PATHS if pkg.name.startswith("securedrop-config")][0]
+    except IndexError:
+        raise RuntimeError("Unable to find securedrop-config package in build/ folder")
+    info = subprocess.check_output(["dpkg", "--info", path]).decode()
+    found = False
+    for line in info.splitlines():
+        if line.startswith(" Depends:"):
+            found = True
+            if UBUNTU_VERSION == "focal":
+                assert "systemd-hwe-hwdb" not in line, "focal has no systemd-hwe-hwdb dependency"
+            else:
+                assert "systemd-hwe-hwdb" in line, "noble has systemd-hwe-hwdb dependency"
+
+    print(info)
+    assert found, "Depends: line wasn't found"
diff --git a/securedrop/debian/control b/securedrop/debian/control
index 5e7f5b97d3..4b4fd7fe5b 100644
--- a/securedrop/debian/control
+++ b/securedrop/debian/control
@@ -15,7 +15,7 @@ Description: SecureDrop application code, dependencies, Apache configuration, sy
 
 Package: securedrop-config
 Architecture: amd64
-Depends: ${shlibs:Depends}, unattended-upgrades, update-notifier-common
+Depends: ${shlibs:Depends}, ${systemd:Depends}, unattended-upgrades, update-notifier-common
 Description: Establishes baseline system state for running SecureDrop.
  Configures apt repositories.
 
diff --git a/securedrop/debian/rules b/securedrop/debian/rules
index 6f86d0ae85..d51f6769be 100755
--- a/securedrop/debian/rules
+++ b/securedrop/debian/rules
@@ -67,8 +67,10 @@ override_dh_strip_nondeterminism:
 override_dh_gencontrol:
 ifneq ($(findstring +noble,$(DEB_VERSION)),)
 	dh_gencontrol -psecuredrop-app-code -- "-Vapparmor:Depends=apparmor (>= 4.0.1really4.0.1-0ubuntu0.24.04.3)"
+	dh_gencontrol -psecuredrop-config -- "-Vsystemd:Depends=systemd-hwe-hwdb"
 else
 	dh_gencontrol -psecuredrop-app-code -- "-Vapparmor:Depends="
+	dh_gencontrol -psecuredrop-config -- "-Vsystemd:Depends="
 endif
 	dh_gencontrol -psecuredrop-ossec-agent -- "-v3.6.0+${DEB_VERSION}"
 	dh_gencontrol -psecuredrop-ossec-server -- "-v3.6.0+${DEB_VERSION}"