diff --git a/scripts/hardened_runtime_entitlements.plist b/scripts/hardened_runtime_entitlements.plist
new file mode 100644
index 0000000..85c2a83
--- /dev/null
+++ b/scripts/hardened_runtime_entitlements.plist
@@ -0,0 +1,2 @@
+<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+<true/>
diff --git a/scripts/sign.sh b/scripts/sign.sh
index 9f96c1d..8abd765 100755
--- a/scripts/sign.sh
+++ b/scripts/sign.sh
@@ -22,7 +22,7 @@ for FILE_PATH in $FILES_TO_SIGN; do
     security unlock-keychain -p "$APPLE_TEMPKEYCHAIN_PASSWORD" "$APPLE_TEMPKEYCHAIN_NAME"
 
     # sign the binary
-    codesign -o runtime --force --timestamp -s "$APPLE_CODESIGN_IDENTITY" -v $FILE_PATH
+    codesign -o runtime --force --timestamp --entitlements ./scripts/hardened_runtime_entitlements.plist -s "$APPLE_CODESIGN_IDENTITY" -v $FILE_PATH
 
     # notarize binary
     ditto -c -k $FILE_PATH $FILE_NAME.zip # notarization require zip files