diff --git a/README.md b/README.md
index f1e7d488..2e0f81f0 100644
--- a/README.md
+++ b/README.md
@@ -161,6 +161,34 @@ sudo update-initramfs -u -k 'all'
 
 Upon reboot it will behave exactly as if using Dracut.
 
+### Unlocker: mkinitcpio
+
+When using Clevis with mkinitcpio, you will need to add the `clevis` hook
+before the `encrypt` hook in `/etc/mkinitcpio.conf`:
+
+```bash
+HOOKS=( ... clevis encrypt ... )
+```
+
+Then run
+
+```bash
+$ sudo mkinitcpio -P
+```
+
+in order to regenerate the initramfs. The device to be unlocked is configured
+on the kernel command line using the `cryptdevice` option in the same way as
+for the default `encrypt` hook:
+
+```bash
+cryptdevice=/dev/sda1:root
+```
+
+In order to use a Tang pin you will need to enable networking in the initramfs
+by adding and configuring the [`net`
+hook](https://wiki.archlinux.org/title/Mkinitcpio#Using_net) *before* the
+`clevis` hook.
+
 #### Unlocker: UDisks2
 
 Our UDisks2 unlocker runs in your desktop session. You should not need to
diff --git a/meson_options.txt b/meson_options.txt
index cd17b4d1..22eb7bc9 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -1,2 +1,3 @@
 option('user', type: 'string', value: 'clevis', description: 'Unprivileged user for secure clevis operations')
 option('group', type: 'string', value: 'clevis', description: 'Unprivileged group for secure clevis operations')
+option('mkinitcpiodir', type: 'string', description: 'mkinitcpio hooks directory')
diff --git a/src/meson.build b/src/meson.build
index c4e696f6..18d63a5a 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -2,6 +2,7 @@ subdir('bash')
 subdir('luks')
 subdir('pins')
 subdir('initramfs-tools')
+subdir('mkinitcpio')
 
 bins += join_paths(meson.current_source_dir(), 'clevis-decrypt')
 mans += join_paths(meson.current_source_dir(), 'clevis-decrypt.1')
diff --git a/src/mkinitcpio/clevis.hooks b/src/mkinitcpio/clevis.hooks
new file mode 100644
index 00000000..66f45a54
--- /dev/null
+++ b/src/mkinitcpio/clevis.hooks
@@ -0,0 +1,10 @@
+#!/usr/bin/ash
+
+run_hook() {
+    IFS=: read cryptdev cryptname cryptoptions <<EOF
+$cryptdevice
+EOF
+    if resolved=$(resolve_device "${cryptdev}" ${rootdelay}); then
+        clevis luks unlock -d "$resolved" -n "$cryptname"
+    fi
+}
diff --git a/src/mkinitcpio/clevis.install b/src/mkinitcpio/clevis.install
new file mode 100644
index 00000000..bc015e3d
--- /dev/null
+++ b/src/mkinitcpio/clevis.install
@@ -0,0 +1,63 @@
+#!/bin/bash
+
+build() {
+    local mod
+
+    add_module "dm-crypt"
+    add_module "dm-integrity"
+    if [[ $CRYPTO_MODULES ]]; then
+        for mod in $CRYPTO_MODULES; do
+            add_module "$mod"
+        done
+    else
+        add_all_modules "/crypto/"
+    fi
+
+    add_binary "cryptsetup"
+
+    map add_udev_rule \
+        '10-dm.rules' \
+        '13-dm-disk.rules' \
+        '95-dm-notify.rules' \
+        '/usr/lib/initcpio/udev/11-dm-initramfs.rules'
+
+    # cryptsetup calls pthread_create(), which dlopen()s libgcc_s.so.1
+    add_binary "/usr/lib/libgcc_s.so.1"
+
+    add_binary "clevis"
+    add_binary "clevis-decrypt"
+    add_binary "clevis-decrypt-sss"
+    add_binary "clevis-decrypt-tang"
+    add_binary "clevis-decrypt-tpm2"
+    add_binary "clevis-luks-common-functions"
+    add_binary "clevis-luks-unlock"
+
+    add_binary "bash"
+    add_binary "curl"
+    add_binary "grep"
+    add_binary "jose"
+    [ -f "/usr/bin/luksmeta" ] && add_binary "luksmeta"
+
+    if [ -f "/usr/bin/tpm2" ]; then
+        add_checked_modules '/tpm/'
+        add_binary "tpm2_createprimary"
+        add_binary "tpm2_unseal"
+        add_binary "tpm2_load"
+        add_binary "tpm2_flushcontext"
+        add_binary "/usr/lib/libtss2-tcti-device.so.0"
+    fi
+
+    add_runscript
+}
+
+help() {
+    cat <<HELPEOF
+This hook allows to unlock an encrypted root device using Clevis. Users should
+specify the device to be unlocked using 'cryptdevice=device:dmname' on the
+kernel command line, where 'device' is the path to the raw device, and 'dmname'
+is the name given to the device after unlocking, and will be available as
+/dev/mapper/dmname.
+HELPEOF
+}
+
+# vim: set ft=sh ts=4 sw=4 et:
diff --git a/src/mkinitcpio/meson.build b/src/mkinitcpio/meson.build
new file mode 100644
index 00000000..ee798caa
--- /dev/null
+++ b/src/mkinitcpio/meson.build
@@ -0,0 +1,11 @@
+mkinitcpio = find_program('mkinitcpio', required: false)
+
+if mkinitcpio.found()
+  install_data(['clevis.install', 'clevis.hooks'],
+               rename: ['install/clevis', 'hooks/clevis'],
+               install_dir: get_option('mkinitcpiodir') != '' ?
+                            get_option('mkinitcpiodir') :
+                            join_paths(get_option('sysconfdir'), 'initcpio'))
+else
+  warning('Will not install mkinitcpio hooks due to missing dependencies!')
+endif