diff --git a/Kernel/Arch/aarch64/ThreadRegisters.h b/Kernel/Arch/aarch64/ThreadRegisters.h
index 64402113c0..1ae9c0c5a7 100644
--- a/Kernel/Arch/aarch64/ThreadRegisters.h
+++ b/Kernel/Arch/aarch64/ThreadRegisters.h
@@ -24,11 +24,11 @@ struct ThreadRegisters {
 
     void set_sp(FlatPtr value) { sp_el0 = value; }
 
-    void set_initial_state(bool, Memory::AddressSpace& space, FlatPtr kernel_stack_top)
+    void set_initial_state(bool is_kernel_process, Memory::AddressSpace& space, FlatPtr kernel_stack_top)
     {
         set_sp(kernel_stack_top);
         ttbr0_el1 = space.page_directory().ttbr0();
-        set_spsr_el1();
+        set_spsr_el1(is_kernel_process);
     }
 
     void set_entry_function(FlatPtr entry_ip, FlatPtr entry_data)
@@ -45,7 +45,7 @@ struct ThreadRegisters {
         TODO_AARCH64();
     }
 
-    void set_spsr_el1()
+    void set_spsr_el1(bool is_kernel_process)
     {
         Aarch64::SPSR_EL1 saved_program_status_register_el1 = {};
 
@@ -55,9 +55,7 @@ struct ThreadRegisters {
         saved_program_status_register_el1.I = 0;
         saved_program_status_register_el1.F = 0;
 
-        // Set exception origin mode to EL1h, so when the context is restored, we'll be executing in EL1 with SP_EL1
-        // FIXME: This must be EL0t when aarch64 supports userspace applications.
-        saved_program_status_register_el1.M = Aarch64::SPSR_EL1::Mode::EL1h;
+        saved_program_status_register_el1.M = is_kernel_process ? Aarch64::SPSR_EL1::Mode::EL1h : Aarch64::SPSR_EL1::Mode::EL0t;
         memcpy(&spsr_el1, &saved_program_status_register_el1, sizeof(u64));
     }
 };