diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
index 75920fd9..e3ed2a33 100644
--- a/.github/workflows/push.yml
+++ b/.github/workflows/push.yml
@@ -93,7 +93,10 @@ jobs:
 
     - name: (macOS) Setup test dependencies
       if: matrix.os == 'macos-latest' || matrix.os == 'apple-silicon-m1'
-      run: brew install ant
+      run: |
+        brew install ant
+        codesign -dvvvv --xml --entitlements - $(which python) || true
+        codesign -dvvvv --xml --entitlements - $(which java)  || true
 
     - name: Build test classes via ant
       run: ant all
diff --git a/setup.py b/setup.py
index 3cca8c1a..7dec86e7 100644
--- a/setup.py
+++ b/setup.py
@@ -84,6 +84,27 @@ def compile_native_invocation_handler(java):
 
 compile_native_invocation_handler(JAVA)
 
+def check_python_signing():
+    import platform
+    # check for mac
+    if sys.platform != 'darwin':
+        return
+    # check for arm
+    if platform.processor() != 'arm':
+        return
+    try:
+        codesign = subprocess.check_output(
+            ['/usr/bin/codesign', '--display', '--verbose=4', '--xml', '--entitlements', '-',
+            sys.executable]
+        ).decode("utf-8")
+        assert "com.apple.security.cs.disable-executable-page-protection" in codesign, (
+                ("Python (%s) was not signed with com.apple.security.cs.disable-executable-page-protection entitlement. " % sys.executable) +
+                "You should installed a version of Python that has been codesigned with this entitlement.")
+    except:
+        assert False, (("Could not apply codesign to %s. Codesign is required for Apple Silicon. You should installed a version of " +
+            "Python installed that has been codesigned") % sys.executable)
+
+check_python_signing()
 
 # generate the config.pxi
 with open(join(dirname(__file__), 'jnius', 'config.pxi'), 'w') as fd: