diff --git a/extensions/flash-kernel.sh b/extensions/flash-kernel.sh
index 594499c8a..f264b8654 100644
--- a/extensions/flash-kernel.sh
+++ b/extensions/flash-kernel.sh
@@ -74,8 +74,6 @@ function pre_update_initramfs__setup_flash_kernel() {
 	local chroot_target=$MOUNT
 	deploy_qemu_binary_to_chroot "${chroot_target}"
 	mount_chroot "$chroot_target/" # this already handles /boot/firmware which is required for it to work.
-	# hack, umount the chroot's /sys, otherwise flash-kernel tries to EFI flash due to the build host (!) being EFI
-	umount "$chroot_target/sys"
 
 	chroot_custom "$chroot_target" chmod -v -x "/etc/kernel/postinst.d/initramfs-tools"
 	chroot_custom "$chroot_target" chmod -v -x "/etc/initramfs/post-update.d/flash-kernel"
@@ -93,6 +91,9 @@ function pre_update_initramfs__setup_flash_kernel() {
 		exit 29
 	}
 
+	# hack, umount the chroot's /sys, otherwise flash-kernel tries to EFI flash due to the build host (!) being EFI
+	umount "$chroot_target/sys"
+
 	call_extension_method "pre_flash_kernel" <<- 'PRE_FLASH_KERNEL'
 		*run before running flash-kernel*
 		Each board might need different stuff for flash-kernel to work. Implement it here.
diff --git a/extensions/fs-cryptroot-support.sh b/extensions/fs-cryptroot-support.sh
index 9771c45ed..f22c9869d 100644
--- a/extensions/fs-cryptroot-support.sh
+++ b/extensions/fs-cryptroot-support.sh
@@ -19,33 +19,38 @@ function pre_install_kernel_debs__adjust_dropbear_configuration() {
 	# Adjust initramfs dropbear configuration
 	# Needs to be done before kernel installation, else it won't be in the initrd image
 	if [[ $CRYPTROOT_SSH_UNLOCK == yes ]]; then
+		declare dropbear_dir="${SDCARD}/etc/dropbear-initramfs"
+		declare dropbear_config="config"
+
+		if [[ -d "${SDCARD}/etc/dropbear/initramfs" ]] ; then
+			dropbear_dir="${SDCARD}/etc/dropbear/initramfs"
+			dropbear_config="dropbear.conf"
+		fi
+
 		# Set the port of the dropbear ssh daemon in the initramfs to a different one if configured
 		# this avoids the typical 'host key changed warning' - `WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!`
-		[[ -f "${SDCARD}"/etc/dropbear-initramfs/config ]] &&
-			sed -i 's/^#DROPBEAR_OPTIONS=/DROPBEAR_OPTIONS="-p '"${CRYPTROOT_SSH_UNLOCK_PORT}"'"/' \
-				"${SDCARD}"/etc/dropbear-initramfs/config
+		[[ -f "${dropbear_dir}/${dropbear_config}" ]] &&
+			sed -i 's/^#DROPBEAR_OPTIONS=/DROPBEAR_OPTIONS="-j -k -p '"${CRYPTROOT_SSH_UNLOCK_PORT}"' -s -c cryptroot-unlock"/' \
+				"${dropbear_dir}/${dropbear_config}"
 
 		# setup dropbear authorized_keys, either provided by userpatches or generated
 		if [[ -f $USERPATCHES_PATH/dropbear_authorized_keys ]]; then
-			cp "$USERPATCHES_PATH"/dropbear_authorized_keys "${SDCARD}"/etc/dropbear-initramfs/authorized_keys
+			cp "$USERPATCHES_PATH"/dropbear_authorized_keys "${dropbear_dir}"/authorized_keys
 		else
 			# generate a default ssh key for login on dropbear in initramfs
 			# this key should be changed by the user on first login
 			display_alert "Generating a new SSH key pair for dropbear (initramfs)" "" ""
 
-			# Make sure that the relevant directory exists
-			[[ -d "${SDCARD}"/etc/dropbear-initramfs ]] || mkdir "${SDCARD}"/etc/dropbear-initramfs
-
 			# Generate the SSH keys
-			ssh-keygen -t ecdsa -f "${SDCARD}"/etc/dropbear-initramfs/id_ecdsa \
+			ssh-keygen -t ecdsa -f "${dropbear_dir}"/id_ecdsa \
 				-N '' -O force-command=cryptroot-unlock -C 'AUTOGENERATED_BY_ARMBIAN_BUILD' 2>&1
 
 			# /usr/share/initramfs-tools/hooks/dropbear will automatically add 'id_ecdsa.pub' to authorized_keys file
 			# during mkinitramfs of update-initramfs
-			#cat "${SDCARD}"/etc/dropbear-initramfs/id_ecdsa.pub > "${SDCARD}"/etc/dropbear-initramfs/authorized_keys
+			#cat "${dropbear_dir}"/id_ecdsa.pub > "${SDCARD}"/etc/dropbear-initramfs/authorized_keys
 			CRYPTROOT_SSH_UNLOCK_KEY_NAME="${VENDOR}_${REVISION}_${BOARD^}_${RELEASE}_${BRANCH}_${DESKTOP_ENVIRONMENT}".key
 			# copy dropbear ssh key to image output dir for convenience
-			cp "${SDCARD}"/etc/dropbear-initramfs/id_ecdsa "${DEST}/images/${CRYPTROOT_SSH_UNLOCK_KEY_NAME}"
+			cp "${dropbear_dir}"/id_ecdsa "${DEST}/images/${CRYPTROOT_SSH_UNLOCK_KEY_NAME}"
 			display_alert "SSH private key for dropbear (initramfs) has been copied to:" \
 				"$DEST/images/$CRYPTROOT_SSH_UNLOCK_KEY_NAME" "info"
 		fi
diff --git a/lib/functions/image/initrd.sh b/lib/functions/image/initrd.sh
index af1c971de..eeb833039 100644
--- a/lib/functions/image/initrd.sh
+++ b/lib/functions/image/initrd.sh
@@ -57,7 +57,8 @@ update_initramfs() {
 
 	if [[ $CRYPTROOT_ENABLE == yes ]]; then
 		if [[ $CRYPTROOT_SSH_UNLOCK == yes ]]; then
-			initrd_files_to_hash+=( "${chroot_target}/etc/dropbear-initramfs/" )
+			[[ -d "${chroot_target}/etc/dropbear-initramfs/" ]] && initrd_files_to_hash+=( "${chroot_target}/etc/dropbear-initramfs/" )
+			[[ -d "${chroot_target}/etc/dropbear/initramfs/" ]] && initrd_files_to_hash+=( "${chroot_target}/etc/dropbear/initramfs/" )
 		fi
 	fi