diff --git a/src/freenas/usr/local/libexec/disable-rootfs-protection b/src/freenas/usr/local/libexec/disable-rootfs-protection
index ed39051ee3f31..92a64764f5164 100755
--- a/src/freenas/usr/local/libexec/disable-rootfs-protection
+++ b/src/freenas/usr/local/libexec/disable-rootfs-protection
@@ -10,6 +10,8 @@ from pathlib import Path
 from subprocess import run
 
 from middlewared.utils import ProductType
+from middlewared.utils.mount import getmntinfo
+from middlewared.utils.filesystem.stat_x import statx
 
 
 ZFS_CMD = '/usr/sbin/zfs'
@@ -34,6 +36,31 @@ def set_readwrite(entry):
     run([ZFS_CMD, 'set', 'readonly=off', entry['ds']])
 
 
+def usr_fs_check():
+    mntid = statx('/usr').stx_mnt_id
+    mntinfo = getmntinfo(mnt_id=mntid)[mntid]
+    match mntinfo['fs_type']:
+        case 'zfs':
+            return
+
+        case 'overlay':
+            if mntinfo['mount_source'] == 'sysext':
+                print((
+                    '/usr is currently provided by a readonly systemd system extension. '
+                    'This may occur if nvidia module support is enabled. System extensions '
+                    'must be disabled prior to disabling rootfs protection.'
+                ))
+            else:
+                print(f'/usr is currently provided by an unexpected overlayfs filesystem: {mntinfo}.')
+        case _:
+            print((
+                f'{mntinfo["fs_type"]}: /usr is currently provided by an unexpected filesystem type. '
+                'Unable to disable rootfs protection.'
+            ))
+
+    sys.exit(1)
+
+
 def chmod_files():
     with os.scandir('/usr/bin') as it:
         for entry in it:
@@ -85,6 +112,8 @@ if __name__ == '__main__':
         ))
         sys.exit(1)
 
+    usr_fs_check()
+
     rv = run([ZFS_CMD, 'get', '-o', 'value', '-H', 'truenas:developer', '/'], capture_output=True)
 
     # If we're already in developer-mode, skip license check