I use full disk encryption where /boot is also encrypted. So basically I enter passphrase once to decrypt /boot and load kernel/initramfs by grub, and then I use keyfile embedded to initramfs to properly setup root. This all works well with current genkernel without any patches. But the problem is in genkernel's documentation. I had to read sources to understand all the procedure of luks setup in initramfs and how to provide there an embedded key. I would really prefer some doc/wiki file instead. Basically what I did 1. create initramfs overlay and configure it it genkernel.conf 2. in the overlay put key file to "/mnt/key" directory 3. pass path to the key file relative to "/mnt/key" as root_key kernel parameter 4. root_keydev can essentially have any value So please update the genkernel docs with this info. Some related links: https://help.ubuntu.com/community/Full_Disk_Encryption_Howto_2019 https://forums.gentoo.org/viewtopic-p-7263052.html Reproducible: Always