diff --git a/src/modules/dracutlukscfg/DracutLuksCfgJob.cpp b/src/modules/dracutlukscfg/DracutLuksCfgJob.cpp
index 273ff98ae9..0b66ca6712 100644
--- a/src/modules/dracutlukscfg/DracutLuksCfgJob.cpp
+++ b/src/modules/dracutlukscfg/DracutLuksCfgJob.cpp
@@ -33,14 +33,22 @@
 const QString DracutLuksCfgJob::CONFIG_FILE = QStringLiteral( "/etc/dracut.conf.d/calamares-luks.conf" );
 
 // static
-const char *DracutLuksCfgJob::CONFIG_FILE_CONTENTS =
+const char *DracutLuksCfgJob::CONFIG_FILE_HEADER =
     "# Configuration file automatically written by the Calamares system installer\n"
     "# (This file is written once at install time and should be safe to edit.)\n"
     "# Enables support for LUKS full disk encryption with single sign on from GRUB.\n"
-    "\n"
+    "\n";
+
+// static
+const char *DracutLuksCfgJob::CONFIG_FILE_CRYPTTAB_KEYFILE_LINE =
     "# force installing /etc/crypttab even if hostonly=\"no\", install the keyfile\n"
     "install_items+=\" /etc/crypttab /crypto_keyfile.bin \"\n";
 
+// static
+const char *DracutLuksCfgJob::CONFIG_FILE_CRYPTTAB_LINE =
+    "# force installing /etc/crypttab even if hostonly=\"no\"\n"
+    "install_items+=\" /etc/crypttab \"\n";
+
 // static
 const QString DracutLuksCfgJob::CONFIG_FILE_SWAPLINE = QStringLiteral( "# enable automatic resume from swap\nadd_device+=\" /dev/disk/by-uuid/%1 \"\n" );
 
@@ -75,6 +83,21 @@ DracutLuksCfgJob::isRootEncrypted()
     return false;
 }
 
+// static
+bool
+DracutLuksCfgJob::hasUnencryptedSeparateBoot()
+{
+    const QVariantList partitions = DracutLuksCfgJob::partitions();
+    for ( const QVariant &partition : partitions )
+    {
+        QVariantMap partitionMap = partition.toMap();
+        QString mountPoint = partitionMap.value( QStringLiteral( "mountPoint" ) ).toString();
+        if ( mountPoint == QStringLiteral( "/boot" ) )
+            return !partitionMap.contains( QStringLiteral( "luksMapperName" ) );
+    }
+    return false;
+}
+
 // static
 QString
 DracutLuksCfgJob::swapOuterUuid()
@@ -126,7 +149,9 @@ DracutLuksCfgJob::exec()
             return Calamares::JobResult::error( tr( "Failed to open %1" ).arg( realConfigFilePath ) );
         }
         QTextStream outStream( &configFile );
-        outStream << CONFIG_FILE_CONTENTS;
+        outStream << CONFIG_FILE_HEADER
+                  << ( hasUnencryptedSeparateBoot() ? CONFIG_FILE_CRYPTTAB_LINE
+                                                    : CONFIG_FILE_CRYPTTAB_KEYFILE_LINE );
         const QString swapOuterUuid = DracutLuksCfgJob::swapOuterUuid();
         if ( ! swapOuterUuid.isEmpty() )
         {
diff --git a/src/modules/dracutlukscfg/DracutLuksCfgJob.h b/src/modules/dracutlukscfg/DracutLuksCfgJob.h
index bfedb85cf9..6d5eae884f 100644
--- a/src/modules/dracutlukscfg/DracutLuksCfgJob.h
+++ b/src/modules/dracutlukscfg/DracutLuksCfgJob.h
@@ -42,12 +42,15 @@ class PLUGINDLLEXPORT DracutLuksCfgJob : public Calamares::CppJob
 
 private:
     static const QString CONFIG_FILE;
-    static const char *CONFIG_FILE_CONTENTS;
+    static const char *CONFIG_FILE_HEADER;
+    static const char *CONFIG_FILE_CRYPTTAB_KEYFILE_LINE;
+    static const char *CONFIG_FILE_CRYPTTAB_LINE;
     static const QString CONFIG_FILE_SWAPLINE;
 
     static QString rootMountPoint();
     static QVariantList partitions();
     static bool isRootEncrypted();
+    static bool hasUnencryptedSeparateBoot();
     static QString swapOuterUuid();
 };