diff --git a/FsCrypt.cpp b/FsCrypt.cpp
index 49e7bd0..42df78b 100644
--- a/FsCrypt.cpp
+++ b/FsCrypt.cpp
@@ -470,6 +470,8 @@ bool fscrypt_initialize_systemwide_keys() {
     return true;
 }
 
+bool fscrypt_init_user0_done;
+
 bool fscrypt_init_user0() {
     LOG(DEBUG) << "fscrypt_init_user0";
     if (fscrypt_is_native()) {
@@ -504,6 +506,7 @@ bool fscrypt_init_user0() {
         if (!try_reload_ce_keys()) return false;
     }
 
+    fscrypt_init_user0_done = true;
     return true;
 }
 
diff --git a/FsCrypt.h b/FsCrypt.h
index 2946be5..e5af487 100644
--- a/FsCrypt.h
+++ b/FsCrypt.h
@@ -22,6 +22,7 @@
 bool fscrypt_initialize_systemwide_keys();
 
 bool fscrypt_init_user0();
+extern bool fscrypt_init_user0_done;
 bool fscrypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral);
 bool fscrypt_destroy_user_key(userid_t user_id);
 bool fscrypt_add_user_key_auth(userid_t user_id, int serial, const std::string& secret);
diff --git a/main.cpp b/main.cpp
index 42789c9..b07ee68 100644
--- a/main.cpp
+++ b/main.cpp
@@ -16,6 +16,7 @@
 
 #define ATRACE_TAG ATRACE_TAG_PACKAGE_MANAGER
 
+#include "FsCrypt.h"
 #include "MetadataCrypt.h"
 #include "NetlinkManager.h"
 #include "VoldNativeService.h"
@@ -286,18 +287,24 @@ static void VoldLogger(android::base::LogId log_buffer_id, android::base::LogSev
                        const char* tag, const char* file, unsigned int line, const char* message) {
     logd_logger(log_buffer_id, severity, tag, file, line, message);
 
-    if (severity >= android::base::ERROR) {
-        static bool is_data_mounted = false;
+    if (severity >= android::base::WARNING) {
+        static bool early_boot_done = false;
 
-        // When /data fails to mount, we don't have adb to get logcat. So until /data is
-        // mounted we log errors to the kernel. This allows us to get failures via serial logs
-        // and via last dmesg/"fastboot oem dmesg" on devices that support it.
+        // If metadata encryption setup (fscrypt_mount_metadata_encrypted) or
+        // basic FBE setup (fscrypt_init_user0) fails, then the boot will fail
+        // before adb can be started, so logcat won't be available.  To allow
+        // debugging these early boot failures, log early errors and warnings to
+        // the kernel log.  This allows diagnosing failures via the serial log,
+        // or via last dmesg/"fastboot oem dmesg" on devices that support it.
         //
-        // As a very quick-and-dirty test for /data, we check whether /data/misc/vold exists.
-        if (is_data_mounted || access("/data/misc/vold", F_OK) == 0) {
-            is_data_mounted = true;
-            return;
+        // As a very quick-and-dirty test for whether /data has been mounted,
+        // check whether /data/misc/vold exists.
+        if (!early_boot_done) {
+            if (access("/data/misc/vold", F_OK) == 0 && fscrypt_init_user0_done) {
+                early_boot_done = true;
+                return;
+            }
+            android::base::KernelLogger(log_buffer_id, severity, tag, file, line, message);
         }
-        android::base::KernelLogger(log_buffer_id, severity, tag, file, line, message);
     }
 }