diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index f6b3f57fc77..b8cae62818d 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -257,9 +257,13 @@
         <listitem><para>Takes a data integrity (dm-verity) root hash specified in hexadecimal. This option enables data
         integrity checks using dm-verity, if the used image contains the appropriate integrity data (see above). The
         specified hash must match the root hash of integrity data, and is usually at least 256bits (and hence 64
-        hexadecimal characters) long (in case of SHA256 for example). If this option is not specified, but a file with
-        the <filename>.roothash</filename> suffix is found next to the image file, bearing otherwise the same name the
-        root hash is read from it and automatically used.</para></listitem>
+        formatted hexadecimal characters) long (in case of SHA256 for example). If this option is not specified, but
+        the image file carries the <literal>user.verity.roothash</literal> extended file attribute (see <citerefentry
+        project='man-pages'><refentrytitle>xattr</refentrytitle><manvolnum>7</manvolnum></citerefentry>), then the root
+        hash is read from it, also as formatted hexadecimal characters. If the extended file attribute is not found (or
+        not supported by the underlying file system), but a file with the <filename>.roothash</filename> suffix is
+        found next to the image file, bearing otherwise the same name the root hash is read from it and automatically
+        used (again, as formatted hexadecimal characters).</para></listitem>
       </varlistentry>
 
       <varlistentry>
diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c
index f3cd663602c..66ddf3a8721 100644
--- a/src/shared/dissect-image.c
+++ b/src/shared/dissect-image.c
@@ -40,6 +40,7 @@
 #include "string-util.h"
 #include "strv.h"
 #include "udev-util.h"
+#include "xattr-util.h"
 
 static int probe_filesystem(const char *node, char **ret_fstype) {
 #ifdef HAVE_BLKID
@@ -1092,7 +1093,6 @@ int decrypted_image_relinquish(DecryptedImage *d) {
 int root_hash_load(const char *image, void **ret, size_t *ret_size) {
         _cleanup_free_ char *text = NULL;
         _cleanup_free_ void *k = NULL;
-        char *fn, *e, *n;
         size_t l;
         int r;
 
@@ -1107,22 +1107,30 @@ int root_hash_load(const char *image, void **ret, size_t *ret_size) {
                 return 0;
         }
 
-        fn = newa(char, strlen(image) + strlen(".roothash") + 1);
-        n = stpcpy(fn, image);
-        e = endswith(fn, ".raw");
-        if (e)
-                n = e;
+        r = getxattr_malloc(image, "user.verity.roothash", &text, true);
+        if (r < 0) {
+                char *fn, *e, *n;
 
-        strcpy(n, ".roothash");
+                if (!IN_SET(r, -ENODATA, -EOPNOTSUPP, -ENOENT))
+                        return r;
 
-        r = read_one_line_file(fn, &text);
-        if (r == -ENOENT) {
-                *ret = NULL;
-                *ret_size = 0;
-                return 0;
+                fn = newa(char, strlen(image) + strlen(".roothash") + 1);
+                n = stpcpy(fn, image);
+                e = endswith(fn, ".raw");
+                if (e)
+                        n = e;
+
+                strcpy(n, ".roothash");
+
+                r = read_one_line_file(fn, &text);
+                if (r == -ENOENT) {
+                        *ret = NULL;
+                        *ret_size = 0;
+                        return 0;
+                }
+                if (r < 0)
+                        return r;
         }
-        if (r < 0)
-                return r;
 
         r = unhexmem(text, strlen(text), &k, &l);
         if (r < 0)