diff --git a/README.md b/README.md
index b718d6d..17d7a86 100644
--- a/README.md
+++ b/README.md
@@ -63,13 +63,13 @@ If you want to change e.g. cross-compiler -> Templates always override defaults
 
 ##### `RPI_MODEL`=2
 Specifiy the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
-`0`  = Used for Raspberry Pi 0 and Raspberry Pi 0 W
-`1`  = Used for Pi 1 model A and B
-`1P` = Used for Pi 1 model B+ and A+
-`2`  = Used for Pi 2 model B
-`3`  = Used for Pi 3 model B
-`3P` = Used for Pi 3 model B+
-`BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` or `3P` is used.
+- `0`  = Used for Raspberry Pi 0 and Raspberry Pi 0 W
+- `1`  = Used for Pi 1 model A and B
+- `1P` = Used for Pi 1 model B+ and A+
+- `2`  = Used for Pi 2 model B
+- `3`  = Used for Pi 3 model B
+- `3P` = Used for Pi 3 model B+
+- `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` or `3P` is used.
 
 ##### `RELEASE`="buster"
 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
@@ -412,6 +412,12 @@ Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
 ##### `CRYPTFS_XTSKEYSIZE`=512
 Sets key size in bits. The argument has to be a multiple of 8.
 
+##### `CRYPTFS_DROPBEAR`=false
+Enable Dropbear Initramfs support
+
+##### `CRYPTFS_DROPBEAR_PUBKEY`=""
+Provide path to dropbear Public RSA-OpenSSH Key
+
 ---
 
 #### Build settings:
diff --git a/bootstrap.d/14-fstab.sh b/bootstrap.d/14-fstab.sh
index c954ce6..dbc4ba1 100644
--- a/bootstrap.d/14-fstab.sh
+++ b/bootstrap.d/14-fstab.sh
@@ -42,9 +42,40 @@ if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then
       install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
       install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
     fi
+	
+	if [ "$CRYPTFS_DROPBEAR" = true ]; then
+		if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
+ 			install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}/dropbear-initramfs/id_rsa.pub"
+ 			cat /etc/dropbear-initramfs/id_rsa.pub >> /etc/dropbear-initramfs/authorized_keys
+ 		else
+  		  # Create key
+ 		  chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear
+			
+ 		  # Convert dropbear key to openssh key
+ 		  chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa
+			
+		  # Get Public Key Part
+		  touch /etc/dropbear-initramfs/id_rsa.pub
+ 		  chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub
+ 		  
+		  # Delete unwanted lines
+ 		  sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
+ 		  sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
+ 
+		  # Trust the new key
+ 		  touch "${ETC_DIR}"/dropbear-initramfs/authorized_keys
+ 		  cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub | chroot_exec tee -a "${ETC_DIR}"/dropbear-initramfs/authorized_keys
 
-    # Disable SSHD inside initramfs
-    printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
+          # Save Keys - convert with putty from rsa/openssh to puttkey
+          cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa
+			
+		  #Get unlock script
+ 		  install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}/initramfs-tools/hooks/crypt_unlock.sh"
+		fi
+	else
+	  # Disable SSHD inside initramfs
+	  printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
+	fi
 
     # Add cryptsetup modules to initramfs
     printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
diff --git a/files/initramfs/crypt_unlock.sh b/files/initramfs/crypt_unlock.sh
new file mode 100644
index 0000000..47b6a8b
--- /dev/null
+++ b/files/initramfs/crypt_unlock.sh
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+PREREQ="dropbear"
+
+prereqs() {
+echo "$PREREQ"
+}
+
+case "$1" in
+prereqs)
+prereqs
+exit 0
+;;
+esac
+
+. "${CONFDIR}/initramfs.conf"
+. /usr/share/initramfs-tools/hook-functions
+
+if [ "${DROPBEAR}" != "n" ] && [ -r "/etc/crypttab" ] ; then
+cat > "${DESTDIR}/bin/unlock" << EOF
+#!/bin/sh
+if PATH=/lib/unlock:/bin:/sbin /scripts/local-top/cryptroot; then
+kill \`ps | grep cryptroot | grep -v "grep" | awk '{print \$1}'\`
+# following line kill the remote shell right after the passphrase has
+# been entered.
+kill -9 \`ps | grep "\-sh" | grep -v "grep" | awk '{print \$1}'\`
+exit 0
+fi
+exit 1
+EOF
+
+chmod 755 "${DESTDIR}/bin/unlock"
+
+mkdir -p "${DESTDIR}/lib/unlock"
+cat > "${DESTDIR}/lib/unlock/plymouth" << EOF
+#!/bin/sh
+[ "\$1" == "--ping" ] && exit 1
+/bin/plymouth "\$@"
+EOF
+
+chmod 755 "${DESTDIR}/lib/unlock/plymouth"
+
+echo To unlock root-partition run "unlock" >> ${DESTDIR}/etc/motd
+
+fi
\ No newline at end of file
diff --git a/rpi23-gen-image.sh b/rpi23-gen-image.sh
index 8ddb426..2554917 100755
--- a/rpi23-gen-image.sh
+++ b/rpi23-gen-image.sh
@@ -198,6 +198,10 @@ CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
+#Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
+CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=true}
+#Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
+CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
 
 # Chroot scripts directory
 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
@@ -378,6 +382,11 @@ if [ "$ENABLE_CRYPTFS" = true ]  && [ "$BUILD_KERNEL" = true ] ; then
   REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
   APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
 
+  #If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
+  if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
+    APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
+  fi
+  
   if [ -z "$CRYPTFS_PASSWORD" ] ; then
     echo "error: no password defined (CRYPTFS_PASSWORD)!"
     exit 1
@@ -472,7 +481,7 @@ if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
   exit 1
 fi
 
-# Check if specified FBTURBOSRC_DIR directory exists
+# Check if specified NEXMON_DIR directory exists
 if [ -n "$NEXMON_DIR" ] && [ ! -d "$NEXMON_DIR" ] ; then
   echo "error: '${NEXMON_DIR}' specified directory not found (NEXMON_DIR)!"
   exit 1