diff --git a/initrd/bin/kexec-seal-key b/initrd/bin/kexec-seal-key
index 5f6ab6b39..da5a187e2 100755
--- a/initrd/bin/kexec-seal-key
+++ b/initrd/bin/kexec-seal-key
@@ -84,6 +84,14 @@ cat "$KEY_DEVICES" | cut -d\  -f1 | xargs /bin/qubes-measure-luks \
 	|| die "Unable to measure the LUKS headers"
 luks_pcr=`tpm calcfuturepcr -ix 16 -if /tmp/luksDump.txt`
 
+# Librem Key loads USB modules which changes PCR5.
+# In the event Librem Key is enabled, skip verification of PCR5
+if [ -x /bin/libremkey_hotp_verification ]; then
+  pcr_5="X"
+else
+  pcr_5="0000000000000000000000000000000000000000"
+fi
+
 # Note that PCR 4 needs to be set with the "normal-boot"
 # path value, which we do not have right now since we are
 # in a recovery shell.
@@ -104,7 +112,7 @@ tpm sealfile2 \
 	-ix 2 X \
 	-ix 3 X \
 	-ix 4 0000000000000000000000000000000000000000 \
-	-ix 5 0000000000000000000000000000000000000000 \
+	-ix 5 $pcr_5 \
 	-ix 6 $luks_pcr \
 	-ix 7 X \
 || die "Unable to seal secret"