diff --git a/rootdir/Android.bp b/rootdir/Android.bp
index 65865a65b..e98733ada 100644
--- a/rootdir/Android.bp
+++ b/rootdir/Android.bp
@@ -20,7 +20,10 @@ prebuilt_etc {
     name: "init.rc",
     src: "init.rc",
     sub_dir: "init/hw",
-    required: ["platform-bootclasspath"],
+    required: [
+        "fsverity_init",
+        "platform-bootclasspath",
+    ],
 }
 
 prebuilt_etc {
diff --git a/rootdir/init.rc b/rootdir/init.rc
index dec763ac1..d2499ef38 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -629,6 +629,9 @@ on late-fs
     # HALs required before storage encryption can get unlocked (FBE)
     class_start early_hal
 
+    # Load trusted keys from dm-verity protected partitions
+    exec -- /system/bin/fsverity_init --load-verified-keys
+
 # Only enable the bootreceiver tracing instance for kernels 5.10 and above.
 on late-fs && property:ro.kernel.version=4.9
     setprop bootreceiver.enable 0