diff --git a/dracut/29kcrypt/generator.sh b/dracut/29kcrypt/generator.sh
index 37cc0c3..a449e82 100755
--- a/dracut/29kcrypt/generator.sh
+++ b/dracut/29kcrypt/generator.sh
@@ -7,34 +7,35 @@ GENERATOR_DIR="$2"
 [ -z "$GENERATOR_DIR" ] && exit 1
 [ -d "$GENERATOR_DIR" ] || mkdir "$GENERATOR_DIR"
 
-if getargbool 0 rd.neednet; then
-    {
-        echo "[Unit]"
-        echo "DefaultDependencies=no"
-        echo "Description=kcrypt online mount"
-        echo "Before=cos-immutable-rootfs.service"
-        echo "After=network-online.target"
+oem_label=$(getarg rd.cos.oemlabel=)
+
+# See https://github.com/kairos-io/packages/blob/d12b12b043a71d8471454f7b4fc84c3181d2bf60/packages/system/dracut/immutable-rootfs/30cos-immutable-rootfs/cos-generator.sh#L29
+{
+    echo "[Unit]"
+    echo "DefaultDependencies=no"
+    echo "Before=cos-immutable-rootfs.service"
+    echo "Conflicts=initrd-switch-root.target"
+    if getargbool 0 rd.neednet; then
         echo "Wants=network-online.target"
-        echo "[Service]"
-        echo "Type=oneshot"
-        echo "RemainAfterExit=no"
-        echo "ExecStart=/sbin/kcrypt-mount-local"
-    } > "$GENERATOR_DIR"/kcrypt.service
-else
-    {
-        echo "[Unit]"
-        echo "DefaultDependencies=no"
+        echo "After=network-online.target"
+        echo "Description=kcrypt online mount"
+    else
         echo "Description=kcrypt mount"
-        echo "Before=cos-immutable-rootfs.service"
-        echo "[Service]"
-        echo "Type=oneshot"
-        echo "RemainAfterExit=no"
-        echo "ExecStart=/sbin/kcrypt-mount-local"
-    } > "$GENERATOR_DIR"/kcrypt.service
-fi
+    fi
+    # OEM is special as kcrypt plugins might need that in order to unlock other partitions and plugins can reside in /oem as well and kcrypt needs to find them
+    if [ -n "${oem_label}" ]; then
+        echo "After=oem.mount"
+    fi
+    echo "After=sysroot.mount"
+    echo "[Service]"
+    echo "Type=oneshot"
+    echo "RemainAfterExit=no"
+    echo "ExecStart=/usr/bin/kcrypt unlock-all"
+} > "$GENERATOR_DIR"/kcrypt.service
+
 
 if [ ! -e "$GENERATOR_DIR/initrd-fs.target.requires/kcrypt.service" ]; then
     mkdir -p "$GENERATOR_DIR"/initrd-fs.target.requires
     ln -s "$GENERATOR_DIR"/kcrypt.service \
         "$GENERATOR_DIR"/initrd-fs.target.requires/kcrypt.service
-fi
\ No newline at end of file
+fi
diff --git a/dracut/29kcrypt/module-setup.sh b/dracut/29kcrypt/module-setup.sh
index 7ff7024..1b41f96 100644
--- a/dracut/29kcrypt/module-setup.sh
+++ b/dracut/29kcrypt/module-setup.sh
@@ -27,8 +27,7 @@ install() {
 
     inst_multiple \
         kcrypt
-    inst_script "${moddir}/mount-local.sh" "/sbin/kcrypt-mount-local"
-    #inst_hook pre-trigger 10 "$moddir/mount-local.sh"
+
     inst_script "${moddir}/generator.sh" \
         "${systemdutildir}/system-generators/dracut-kcrypt-generator"
 
diff --git a/dracut/29kcrypt/mount-local.sh b/dracut/29kcrypt/mount-local.sh
deleted file mode 100755
index 8a67533..0000000
--- a/dracut/29kcrypt/mount-local.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/sh
-# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
-# ex: ts=8 sw=4 sts=4 et filetype=sh
-
-type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh
-
-PATH=/usr/sbin:/usr/bin:/sbin:/bin
-
-OEM=$(blkid -L COS_OEM)
-if [ "$OEM" != "" ]; then
-    mkdir /oem
-    mount $OEM /oem
-fi
-
-kcrypt unlock-all
-
-if [ "$OEM" != "" ]; then
-umount /oem
-fi
diff --git a/earthly.sh b/earthly.sh
new file mode 100755
index 0000000..12b82a9
--- /dev/null
+++ b/earthly.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm -t -v $(pwd):/workspace -v earthly-tmp:/tmp/earthly:rw earthly/earthly:v0.6.21 --allow-privileged $@
\ No newline at end of file
diff --git a/main.go b/main.go
index 522465e..ac1f8b8 100644
--- a/main.go
+++ b/main.go
@@ -283,26 +283,32 @@ func unlockAll() error {
 
 	partitionInfo, _, err := pi.NewPartitionInfoFromFile(pi.DefaultPartitionInfoFile)
 	if err != nil {
-		return err
+		fmt.Printf("Warning: Partition file not found '%s' \n", pi.DefaultPartitionInfoFile)
 	}
 
 	block, err := ghw.Block()
-	if err == nil {
-		for _, disk := range block.Disks {
-			for _, p := range disk.Partitions {
-				if p.Type == "crypto_LUKS" {
+	if err != nil {
+		fmt.Printf("Warning: Error reading partitions '%s \n", err.Error())
+
+		return nil
+	}
+
+	for _, disk := range block.Disks {
+		for _, p := range disk.Partitions {
+			if p.Type == "crypto_LUKS" {
+				if partitionInfo != nil {
 					p.Label = partitionInfo.LookupLabelForUUID(p.UUID)
-					fmt.Printf("Unmounted Luks found at '%s' LABEL '%s' \n", p.Name, p.Label)
-					err = multierror.Append(err, unlockDisk(p))
-					if err != nil {
-						fmt.Printf("Unlocking failed: '%s'\n", err.Error())
-					}
-					time.Sleep(10 * time.Second)
 				}
+				fmt.Printf("Unmounted Luks found at '%s' LABEL '%s' \n", p.Name, p.Label)
+				err = multierror.Append(err, unlockDisk(p))
+				if err != nil {
+					fmt.Printf("Unlocking failed: '%s'\n", err.Error())
+				}
+				time.Sleep(10 * time.Second)
 			}
 		}
 	}
-	return err
+	return nil
 }
 
 func main() {
diff --git a/pkg/bus/bus.go b/pkg/bus/bus.go
index ce2348a..b3045a5 100644
--- a/pkg/bus/bus.go
+++ b/pkg/bus/bus.go
@@ -28,7 +28,7 @@ type Bus struct {
 
 func (b *Bus) LoadProviders() {
 	wd, _ := os.Getwd()
-	b.Manager.Autoload("kcrypt-discovery", "/system/discovery", "/oem/kcrypt", "/oem/system/discovery", wd).Register()
+	b.Manager.Autoload("kcrypt-discovery", "/sysroot/system/discovery", "/system/discovery", "/oem/kcrypt", "/oem/system/discovery", wd).Register()
 }
 
 func (b *Bus) Initialize() {