diff --git a/packages/alpine/build.yaml b/packages/alpine/build.yaml
index aff3bd7..22fd513 100644
--- a/packages/alpine/build.yaml
+++ b/packages/alpine/build.yaml
@@ -10,10 +10,17 @@ copy:
       version: ">=0"
     source: "/usr/bin/immucore"
     destination: "/usr/bin/immucore"
+  - package:
+      category: "system"
+      name: "kairos-agent"
+      version: ">=0"
+    source: "/usr/bin/kairos-agent"
+    destination: "/usr/bin/kairos-agent"
 package_dir: "/package"
 prelude:
   - apk update
-  - apk add linux-rpi4 mkinitfs linux-firmware-none udev lvm2 findmnt rsync parted cryptsetup
+  # multipath-tools and cryptsetup is needed to bring modules and udev rules
+  - apk add linux-rpi4 linux-firmware-none mkinitfs eudev eudev-hwids mdadm-udev device-mapper-udev lvm2 findmnt rsync parted cryptsetup multipath-tools openrc blkid
 steps:
   - kernel=$(ls /lib/modules | head -n1) && depmod -a "${kernel}"
   - mkdir -p /package/boot
@@ -45,7 +52,8 @@ copy:
 package_dir: "/package"
 prelude:
   - apk update
-  - apk add linux-lts linux-firmware-none mkinitfs udev lvm2 findmnt rsync parted cryptsetup
+  # multipath-tools and cryptsetup is needed to bring modules and udev rules
+  - apk add linux-lts linux-firmware-none mkinitfs eudev eudev-hwids mdadm-udev device-mapper-udev lvm2 findmnt rsync parted cryptsetup multipath-tools openrc blkid
 steps:
   - kernel=$(ls /lib/modules | head -n1) && depmod -a "${kernel}"
   - mkdir -p /package/boot
diff --git a/packages/alpine/collection.yaml b/packages/alpine/collection.yaml
index be0e959..499a6b5 100644
--- a/packages/alpine/collection.yaml
+++ b/packages/alpine/collection.yaml
@@ -1,7 +1,7 @@
 packages:
   - name: "alpine"
     category: "distro-kernel"
-    version: "6.1.56-1"
+    version: "6.1.56-2"
     description: "Provides kernel and custom initrd for alpine"
     labels:
       autobump.strategy: "custom"
@@ -14,7 +14,7 @@ packages:
       package.version: "6.1.56"
   - name: "alpine-rpi"
     category: "distro-kernel"
-    version: "6.1.55-1"
+    version: "6.1.55-2"
     description: "Provides kernel and custom initrd for alpine"
     labels:
       autobump.strategy: "custom"
diff --git a/packages/alpine/files/immucore.files b/packages/alpine/files/immucore.files
index ed92eca..21628b2 100644
--- a/packages/alpine/files/immucore.files
+++ b/packages/alpine/files/immucore.files
@@ -1,13 +1,17 @@
 /usr/bin/immucore
 /usr/bin/kairos-agent
 /sbin/lvm
-/sbin/cryptsetup
+/sbin/blkid
 /bin/findmnt
 /bin/udevadm
 /sbin/udevadm
 /sbin/udevd
+/sbin/dmsetup
 /etc/udev/*
 /lib/udev/*
+/usr/lib/udev/*
 /usr/lib/libudev*
 /usr/bin/rsync
-/usr/sbin/parted
\ No newline at end of file
+/usr/sbin/parted
+/sbin/openrc
+/sbin/openrc-run
\ No newline at end of file
diff --git a/packages/alpine/files/initramfs-init b/packages/alpine/files/initramfs-init
index 6664554..f051609 100755
--- a/packages/alpine/files/initramfs-init
+++ b/packages/alpine/files/initramfs-init
@@ -160,6 +160,8 @@ eudev_start()
 		cat "$file" >> /etc/udev/rules.d/"$dest" && rm -f "$file"
 	done
 
+	udevadm hwdb --update
+
 	# Populating /dev with existing devices through uevents
 	udevadm trigger --type=subsystems --action=add
 	udevadm trigger --type=devices --action=add
@@ -238,6 +240,14 @@ is_url() {
 	esac
 }
 
+rd_break() {
+  if grep -q "rd.break=$1" /proc/cmdline; then
+    echo "initramfs emergency recovery shell launched" > "$ROOT"/dev/kmsg
+    echo "initramfs emergency recovery shell launched"
+    exec /bin/busybox sh
+  fi
+}
+
 /bin/busybox mkdir -p "$ROOT"/usr/bin \
 	"$ROOT"/usr/sbin \
 	"$ROOT"/proc \
@@ -299,9 +309,10 @@ done
 
 # hide kernel messages
 # dmesg -n 1
+rd_break pre-modprobe
 # load available drivers to get access to media
 ebegin "Loading boot drivers"
-modprobe -a ahci virtio_blk virtio_net virtio_console virtio_pci nvme overlay usb_storage libata cdrom sr_mod iso9660 loop squashfs simpledrm ext4 tpm dm_mod 2> /dev/null
+modprobe -a ahci virtio_blk virtio_net virtio_console virtio_pci nvme overlay usb_storage libata cdrom sr_mod iso9660 loop squashfs simpledrm ext4 tpm dm_mod dm_crypt 2> /dev/null
 if [ -f "$ROOT"/etc/modules ] ; then
 	sed 's/\#.*//g' < /etc/modules |
 	while read module args; do
@@ -315,17 +326,24 @@ fi
 
 eend
 
+rd_break post-modprobe
+
+rd_break pre-udev
 # persistent device names from eudev in order for immucore to mount stuff
 [ -x "/sbin/udevadm" ] && eudev_start
+rd_break post-udev
 
+rd_break pre-network
 # Mount network if we got rd.neednet=1 or netboot
 if grep -q "rd.neednet=1" /proc/cmdline || grep -q netboot /proc/cmdline ;then
   configure_ip
 fi
+rd_break post-network
 
 # Path for booting from netboot
 if grep -q netboot /proc/cmdline; then
   echo "Netbooting"
+  rd_break pre-netboot
 
   for x in $(cat /proc/cmdline); do
     # shellcheck disable=SC2039
@@ -353,10 +371,12 @@ if grep -q netboot /proc/cmdline; then
   retry 5 losetup /dev/loop0 /tmp/rootfs.squashfs
   eend $?
   sync
+  rd_break post-netboot
 fi
 
 # Path for booting from livecd
 if grep -q cdroot /proc/cmdline ;then
+  rd_break pre-livecd
   echo "Mounting LiveCD"
   sync
   # Create mountpoints
@@ -377,10 +397,12 @@ if grep -q cdroot /proc/cmdline ;then
   retry 5 losetup /dev/loop0 /media/root-ro/rootfs.squashfs
   eend $?
   sync
+  rd_break post-livecd
 fi
 
 # shared path for netboot and livecd, we expect the rootfs to be already in /dev/loop0
 if grep -q cdroot /proc/cmdline || grep -q netboot /proc/cmdline;then
+    rd_break pre-mounts
     # Mount loop device into the rootfsbase
     ebegin "Mount loop device into rootfsbase"
     retry 5 mount /dev/loop0 /run/rootfsbase
@@ -412,17 +434,24 @@ if grep -q cdroot /proc/cmdline || grep -q netboot /proc/cmdline;then
         eend $?
       fi
     done
+    rd_break post-mounts
+    # stop udevd, will be relaunched by openrc
+    udevadm control --exit
+
   	# shellcheck disable=SC2093
   	exec switch_root "$sysroot" "$INIT"
   	echo "initramfs emergency recovery shell launched"
   	exec /bin/busybox sh
 fi
 
+rd_break pre-immucore
 # Path for booting active/passive/recovery
 ebegin "Run immucore"
 immucore
 eend $?
 
+rd_break post-immucore
+
 # by now the system should be mounted in /sysroot
 if [ -f "$sysroot/etc/.default_boot_services" ]; then
 	# add some boot services by default
@@ -474,21 +503,24 @@ else
 fi
 
 
+rd_break pre-binds
 # Mount bind system mounts to sysroot to keep them going
 mkdir -p $sysroot/sys $sysroot/proc $sysroot/dev $sysroot/run
 mount -o bind /sys $sysroot/sys
 mount -o bind /proc $sysroot/proc
 mount -o bind /dev $sysroot/dev
 mount -o bind /run $sysroot/run
+rd_break post-binds
 
 # remount according default fstab from package
 if [ -z "$has_fstab" ] && [ -f "$sysroot"/etc/fstab ]; then
 	remount_fstab_entry "$sysroot"/etc/fstab
 fi
 
-
+rd_break pre-console
 # fix inittab if alternative console
 setup_inittab_console
+rd_break post-console
 
 ! [ -f "$sysroot"/etc/resolv.conf ] && [ -f /etc/resolv.conf ] && \
 	cp /etc/resolv.conf "$sysroot"/etc
@@ -499,6 +531,10 @@ if [ ! -x "${sysroot}${INIT}" ]; then
 	/bin/busybox sh
 fi
 
+rd_break pre-switch
+# stop udevd, will be relaunched by openrc
+udevadm control --exit
+
 # switch over to new root
 echo ""
 # shellcheck disable=SC2093
diff --git a/packages/alpine/files/mkinitfs.conf b/packages/alpine/files/mkinitfs.conf
index aba755d..a2b1aaf 100644
--- a/packages/alpine/files/mkinitfs.conf
+++ b/packages/alpine/files/mkinitfs.conf
@@ -1 +1 @@
-features="ata base cdrom ext4 ext2 keymap kms mmc lvm nvme raid scsi usb network dhcp virtio zfs squashfs immucore tpm"
+features="ata base cdrom ext4 ext2 keymap kms mmc lvm nvme raid scsi usb network dhcp virtio zfs squashfs immucore tpm cryptsetup kms mmc xfs"