diff --git a/changelog/changes/2025-04-17-systemd-crypt.md b/changelog/changes/2025-04-17-systemd-crypt.md
new file mode 100644
index 0000000000..ac341e986b
--- /dev/null
+++ b/changelog/changes/2025-04-17-systemd-crypt.md
@@ -0,0 +1 @@
+- systemd now uses OpenSSL instead of gcrypt for cryptography to reduce the size of the initrd. This change disables systemd-journal's Forward Secure Sealing feature, but it is generally not useful for Flatcar.
diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use
index 340f92278d..9e82a092a9 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use
@@ -166,3 +166,7 @@ net-dns/bind-tools gssapi
 # Flatcar can't benefit from this performance boost for several reasons, the
 # main one being the use of binary packages.
 sys-kernel/dracut -dracut-cpio
+
+# Avoid initrd bloat by using OpenSSL instead of gcrypt in systemd.
+# systemd-journal's FSS feature requires gcrypt, but Flatcar doesn't need it.
+sys-apps/systemd -gcrypt