diff --git a/mkinitrd b/mkinitrd
index 300db21..27c284d 100755
--- a/mkinitrd
+++ b/mkinitrd
@@ -386,6 +386,10 @@ finddmmods() {
         ;;
     crypt)
         findmodule -dm-crypt
+        mods="$(echo $line | awk '{print $4}' | sed 's,-\([^-]\+:\)\?, ,g')"
+        for mod in mods; do
+            findmodule -$mod
+        done
         ;;
     zero)
         findmodule -dm-zero
@@ -542,6 +546,7 @@ findstoragedriver () {
         if [[ "$device" =~ ^mapper/ ]]; then
             majmin=$(get_numeric_dev dec "/dev/$device")
             sysfs=$(finddevnoinsys $majmin)
+            handlecrypt "$device"
         else
             sysfs=$(findone -type d /sys/block -name $device)
         fi
@@ -652,6 +657,31 @@ is_iscsi() {
     fi
 }
 
+handlecrypt() {
+    line=$(/sbin/dmsetup table "$(basename $1)" 2>/dev/null)
+    [ -z "$line" ] && return 1
+    type=$(echo "$line" | awk '{ print $3 }')
+    [ -z "$type" ] && return 1
+    case "$type" in
+    crypt)
+        find_base_dm_mods
+        mods="$(echo $line | awk '{print $4}' | sed 's,-\([^-]\+:\)\?, ,g')"
+        findmodule dm-crypt
+        for mod in $mods; do
+            findmodule $mod
+        done
+        slaveno=$(echo $line | awk '{print $7}')
+        slavedev=$(basename $(finddevnoinsys $slaveno))
+        cryptsetup isLuks "/dev/$slavedev" 2>/dev/null
+        if [ $? -eq 0 ]; then
+            scheme="luks"
+        fi
+        cryptodevs="$cryptodevs /dev/$slavedev:$(basename $1):$scheme"
+        findstoragedriver "$slavedev"
+        ;;
+    esac
+}
+
 handleiscsi() {
     vecho "Found iscsi component $1"
     findmodule iscsi_tcp
@@ -1373,6 +1403,13 @@ if [ -z "$nolvm" -a -n "$vg_list" ]; then
     fi
 fi
 
+if [ -n "$cryptodevs" ]; then
+    inst /sbin/cryptsetup "$MNTIMAGE"
+    if [ -f /etc/crypttab ]; then
+        inst /etc/crypttab "$MNTIMAGE"
+    fi
+fi
+
 echo -n >| $RCFILE
 cemit << EOF
 #!/bin/nash
@@ -1497,7 +1534,7 @@ EOF
 done
 unset usb_mounted
 
-if [ -z "$nolvm" -a -n "$vg_list" ]; then
+if [ -z "$nolvm" -a -n "$vg_list" -o -n "$cryptodevs" ]; then
     emit "echo Making device-mapper control node"
     emit "mkdmnod"
 fi
@@ -1530,6 +1567,19 @@ if [ -n "$raiddevices" ]; then
     done
 fi
 
+# this may need to happen in chunks (pv/mdX/sdbY)
+for crypt in $cryptodevs; do
+    cryptdev=$(echo $crypt | cut -d: -f1)
+    cryptname=$(echo $crypt | cut -d: -f2)
+    cryptscheme=$(echo $crypt | cut -d: -f3)
+    emit "echo Setting up disk encryption: $cryptdev"
+    if [ "$cryptscheme" == "luks" ]; then
+        emit "cryptsetup luksOpen $cryptdev $cryptname"
+    else
+        emit "cryptsetup create $cryptname $cryptdev"
+    fi
+done
+
 if [ -z "$nolvm" -a -n "$vg_list" ]; then
     emit "echo Scanning logical volumes"
     emit "lvm vgscan --ignorelockingfailure"