diff --git a/build_kernel_image.sh b/build_kernel_image.sh
index df40db9231..ce94f1dcf3 100755
--- a/build_kernel_image.sh
+++ b/build_kernel_image.sh
@@ -101,10 +101,18 @@ if [[ -n "${FLAGS_rootfs_image}" && -n "${FLAGS_rootfs_hash}" ]]; then
 fi
 
 mkdir -p "${FLAGS_working_dir}"
+
+# Only let dm-verity block if rootfs verification is configured.
+dev_wait=0
+if [[ ${FLAGS_root} = "/dev/dm-0" ]]; then
+  dev_wait=1
+fi
+
 cat <<EOF > "${FLAGS_working_dir}/boot.config"
 root=${FLAGS_root}
 dm_verity.error_behavior=${FLAGS_verity_error_behavior}
 dm_verity.max_bios=${FLAGS_verity_max_ios}
+dm_verity.dev_wait=${dev_wait}
 ${verity_args}
 ${FLAGS_boot_args}
 EOF
diff --git a/create_legacy_bootloader_templates.sh b/create_legacy_bootloader_templates.sh
index 2585fed289..955da4826d 100755
--- a/create_legacy_bootloader_templates.sh
+++ b/create_legacy_bootloader_templates.sh
@@ -35,6 +35,12 @@ FLAGS "$@" || exit 1
 eval set -- "${FLAGS_ARGV}"
 set -e
 
+# Only let dm-verity block if rootfs verification is configured.
+dev_wait=0
+if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then
+  dev_wait=1
+fi
+
 # Common kernel command-line args
 common_args="quiet console=tty2 init=/sbin/init boot=local rootwait ro noresume"
 common_args="${common_args} noswap loglevel=1 ${FLAGS_boot_args}"
@@ -42,6 +48,9 @@ common_args="${common_args} noswap loglevel=1 ${FLAGS_boot_args}"
 # Common verified boot command-line args
 verity_common="dm_verity.error_behavior=${FLAGS_verity_error_behavior}"
 verity_common="${verity_common} dm_verity.max_bios=${FLAGS_verity_max_ios}"
+# Ensure that dm-verity waits for its device.
+# TODO(wad) should add a timeout that display a useful message
+verity_common="${verity_common} dm_verity.dev_wait=${dev_wait}"
 
 # Populate the x86 rootfs to support legacy and EFI bios config templates.
 # The templates are used by the installer to populate partition 12 with