diff --git a/Makefile b/Makefile
index 9848a8e8..7eadef04 100644
--- a/Makefile
+++ b/Makefile
@@ -50,7 +50,7 @@ SYSTEM_DROPINS += systemd-random-seed.service
 SYSTEM_DROPINS += tor.service tor@default.service
 SYSTEM_DROPINS += systemd-timesyncd.service
 SYSTEM_DROPINS += systemd-logind.service
-SYSTEM_DROPINS += sysinit.target
+SYSTEM_DROPINS += sysinit.target emergency.service rescue.service
 ifeq ($(ENABLE_SELINUX),1)
 SYSTEM_DROPINS += selinux-autorelabel.target selinux-autorelabel.service
 endif
diff --git a/boot/module-setup.sh b/boot/module-setup.sh
new file mode 100644
index 00000000..1278c2f5
--- /dev/null
+++ b/boot/module-setup.sh
@@ -0,0 +1,10 @@
+depends () {
+}
+
+install () {
+    if [ -h /lib ]; then
+        inst_multiple /usr/lib/systemd/system/rescue.service.d/30_qubes.conf /usr/lib/systemd/system/emergency.service.d/30_qubes.conf
+    else
+        inst_multiple /lib/systemd/system/rescue.service.d/30_qubes.conf /lib/systemd/system/emergency.service.d/30_qubes.conf
+    fi
+}
diff --git a/debian/qubes-core-agent.install b/debian/qubes-core-agent.install
index fecac009..56dacc9d 100644
--- a/debian/qubes-core-agent.install
+++ b/debian/qubes-core-agent.install
@@ -107,6 +107,8 @@ lib/systemd/system/sysinit.target.d/30_qubes.conf
 lib/systemd/system/systemd-timesyncd.service.d/30_qubes.conf
 lib/systemd/system/systemd-logind.service.d/30_qubes.conf
 lib/systemd/resolved.conf.d/30_resolved-no-mdns-or-llmnr.conf
+lib/systemd/system/rescue.service.d/30_qubes.conf
+lib/systemd/system/emergency.service.d/30_qubes.conf
 usr/lib/sysctl.d/20-qubes-core.conf
 usr/lib/systemd/user/tracker-extract-3.service.d/30_qubes.conf
 usr/lib/systemd/user/tracker-miner-fs-3.service.d/30_qubes.conf
diff --git a/rpm_spec/core-agent.spec.in b/rpm_spec/core-agent.spec.in
index b60a9afc..2011a6e0 100644
--- a/rpm_spec/core-agent.spec.in
+++ b/rpm_spec/core-agent.spec.in
@@ -521,6 +521,7 @@ sed -i \
 %endif
 
 install -D -m 0644 boot/dracut-qubes.conf $RPM_BUILD_ROOT/usr/lib/dracut/dracut.conf.d/30-qubes.conf
+install -D -m 0644 boot/module-setup.sh $RPM_BUILD_ROOT/usr/lib/dracut/modules.d/99qubes/modules-setup.sh
 install -D -m 0644 boot/grub.qubes $RPM_BUILD_ROOT/etc/default/grub.qubes
 
 %if ! %with_sysvinit
@@ -1021,6 +1022,12 @@ rm -f %{name}-%{version}
 /usr/lib/qubes/set-default-text-editor
 /usr/lib/qubes/tinyproxy-wrapper
 /usr/lib/dracut/dracut.conf.d/30-qubes.conf
+# Ensure that dracut is not a hard requirement.
+# It is only needed with in-VM initramfs, not
+# dom0-provided initramfs.
+%dir /usr/lib/dracut/modules.d/99qubes
+/usr/lib/dracut/modules.d/99qubes/module-setup.sh
+
 /usr/lib/environment.d/60-gnome-software-fix.conf
 %dir /usr/lib/qubes/init
 /usr/lib/qubes/init/bind-dirs.sh
@@ -1298,6 +1305,10 @@ The Qubes core startup configuration for SystemD init.
 %dir %_unitdir/sysinit.target.d
 %_unitdir/sysinit.target.d/30_qubes.conf
 %dir %_userunitdir/*.service.d
+%dir %_unitdir/rescue.service.d
+%dir %_unitdir/emergency.service.d
+%_unitdir/emergency.service.d/30_qubes.conf
+%_unitdir/rescue.service.d/30_qubes.conf
 %_userunitdir/tracker-extract-3.service.d/30_qubes.conf
 %_userunitdir/tracker-miner-fs-3.service.d/30_qubes.conf
 %_userunitdir/tracker-miner-fs-control-3.service.d/30_qubes.conf
diff --git a/vm-systemd/emergency.service.d/30_qubes.conf b/vm-systemd/emergency.service.d/30_qubes.conf
new file mode 100644
index 00000000..9bdc4f2b
--- /dev/null
+++ b/vm-systemd/emergency.service.d/30_qubes.conf
@@ -0,0 +1,2 @@
+[Service]
+Environment=SYSTEMD_SULOGIN_FORCE=1
diff --git a/vm-systemd/rescue.service.d/30_qubes.conf b/vm-systemd/rescue.service.d/30_qubes.conf
new file mode 100644
index 00000000..9bdc4f2b
--- /dev/null
+++ b/vm-systemd/rescue.service.d/30_qubes.conf
@@ -0,0 +1,2 @@
+[Service]
+Environment=SYSTEMD_SULOGIN_FORCE=1