--- genkernel-4.2.5/defaults/initrd.scripts.orig	2021-11-25 12:36:36.570651030 +0100
+++ genkernel-4.2.5/defaults/initrd.scripts	2021-11-25 12:37:00.899245974 +0100
@@ -2320,37 +2320,48 @@
 }
 
 start_LUKS() {
-	# if key is set but neither ssh enabled or key device is given, find
-	# the key device
 
-	[ -n "${CRYPT_ROOT_KEY}" ] && [ -z "${CRYPT_ROOT_KEYDEV}" ] \
-		&& sleep 6 && bootstrapKey "ROOT"
+    [ -z "$1" -o "$1" == "root" ] && decrypt_root="1"
+    [ -z "$1" -o "$1" == "swap" ] && decrypt_swap="1"
 
-	if [ -n "${CRYPT_ROOT}" ]
-	then
-		openLUKS "root"
-		if [ -n "${REAL_ROOT}" ]
-		then
-			# Rescan volumes
-			start_volumes
-		else
-			REAL_ROOT="/dev/mapper/root"
-		fi
-	fi
-
-	# same for swap, but no need to sleep if root was unencrypted
-	[ -n "${CRYPT_SWAP_KEY}" ] && [ -z "${CRYPT_SWAP_KEYDEV}" ] \
-		&& { [ -z "${CRYPT_ROOT}" ] && sleep 6; bootstrapKey "SWAP"; }
-
-	if [ -n "${CRYPT_SWAP}" ]
-	then
-		openLUKS "swap"
-		if [ -z "${REAL_RESUME}" ]
-		then
-			# Resume from swap as default
-			REAL_RESUME="/dev/mapper/swap"
-		fi
-	fi
+    # if key is set but neither ssh enabled or key device is given, find
+    # the key device
+    if [ -n "$decrypt_root" ]
+    then
+
+      [ -n "${CRYPT_ROOT_KEY}" ] && [ -z "${CRYPT_ROOT_KEYDEV}" ] \
+          && sleep 6 && bootstrapKey "ROOT"
+
+      if [ -n "${CRYPT_ROOT}" ]
+      then
+          openLUKS "root"
+          if [ -n "${REAL_ROOT}" ]
+          then
+              # Rescan volumes
+              start_volumes
+          else
+              REAL_ROOT="/dev/mapper/root"
+          fi
+      fi
+
+    fi
+
+    if [ -n "$decrypt_swap" ]
+    then
+      # same for swap, but no need to sleep if root was unencrypted
+      [ -n "${CRYPT_SWAP_KEY}" ] && [ -z "${CRYPT_SWAP_KEYDEV}" ] \
+          && { [ -z "${CRYPT_ROOT}" ] && sleep 6; bootstrapKey "SWAP"; }
+
+      if [ -n "${CRYPT_SWAP}" ]
+      then
+          openLUKS "swap"
+          if [ -z "${REAL_RESUME}" ]
+          then
+              # Resume from swap as default
+              REAL_RESUME="/dev/mapper/swap"
+          fi
+      fi
+    fi
 }
 
 start_sshd() {
--- genkernel-4.2.5/defaults/linuxrc.orig	2021-11-25 12:36:41.360374423 +0100
+++ genkernel-4.2.5/defaults/linuxrc	2021-11-25 12:37:08.048833029 +0100
@@ -641,9 +641,13 @@
 # Initialize LUKS root device except for livecd's
 if [ "${CDROOT}" != '1' ]
 then
-	start_LUKS
 	if [ "${NORESUME}" != '1' ] && [ -n "${REAL_RESUME}" ]
 	then
+
+	  # Skip decrypting root which invoked start_volumes which will import
+	  # zpools that might already be imported in the resumed system.
+	  start_LUKS swap
+
 		case "${REAL_RESUME}" in
 			LABEL=*|UUID=*|PARTLABEL=*|PARTUUID=*)
 				RESUME_DEV=""
@@ -673,6 +677,9 @@
 
 		do_resume
 	fi
+
+	# If resume did not success, properly decrypt root.
+	start_LUKS root
 fi
 
 run mkdir -p "${NEW_ROOT}"