diff --git a/Makefile b/Makefile
index 1224c07eae..5fbf65c506 100644
--- a/Makefile
+++ b/Makefile
@@ -207,6 +207,7 @@ endif
 	if [ -f dracut-util ]; then \
 		install -m 0755 dracut-util $(DESTDIR)$(pkglibdir)/dracut-util; \
 	fi
+	install -m 0644 -Dt $(DESTDIR)$(pkglibdir) dracut-random.cpio.gz
 ifeq ($(enable_dracut_cpio),yes)
 	install -m 0755 dracut-cpio $(DESTDIR)$(pkglibdir)/dracut-cpio
 endif
diff --git a/dracut-random.cpio.gz b/dracut-random.cpio.gz
new file mode 100644
index 0000000000..53104ced8c
Binary files /dev/null and b/dracut-random.cpio.gz differ
diff --git a/dracut.sh b/dracut.sh
index e87e31f343..c1352f907f 100755
--- a/dracut.sh
+++ b/dracut.sh
@@ -2431,9 +2431,17 @@ else
     if ! (
         umask 077
         cd "$initdir"
+        # We generate two initramfs "chunks"; the primary one with all the files first.  This is done
+        # asynchronously.
+        mkfifo ${DRACUT_TMPDIR}/main.fifo
+        mkfifo ${DRACUT_TMPDIR}/random.fifo
+        cat ${DRACUT_TMPDIR}/main.fifo ${DRACUT_TMPDIR}/random.fifo | $compress >> "${DRACUT_TMPDIR}/initramfs.img" &
         find . -print0 | sort -z \
-            | cpio ${CPIO_REPRODUCIBLE:+--reproducible} --null ${cpio_owner:+-R "$cpio_owner"} -H newc -o --quiet \
-            | $compress >> "${DRACUT_TMPDIR}/initramfs.img"
+            | cpio ${CPIO_REPRODUCIBLE:+--reproducible} --null ${cpio_owner:+-R "$cpio_owner"} -H newc -o --quiet > ${DRACUT_TMPDIR}/main.fifo
+        # Next, in order to avoid requiring privilege at initramfs generation time, which we may not have
+        # in a container image, append a pre-generated cpio blob with /dev/{u,random}.
+        zcat ${dracutsysrootdir}/${dracutbasedir}/dracut-random.cpio.gz > ${DRACUT_TMPDIR}/random.fifo
+        wait
     ); then
         dfatal "Creation of $outfile failed"
         exit 1
diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh
index 0e47c84e9a..71163f35f8 100755
--- a/modules.d/01fips/module-setup.sh
+++ b/modules.d/01fips/module-setup.sh
@@ -70,16 +70,4 @@ install() {
     inst_multiple sha512hmac rmmod insmod mount uname umount grep sed cut find sort
 
     inst_simple /etc/system-fips
-    [ -c "${initdir}"/dev/random ] || mknod "${initdir}"/dev/random c 1 8 \
-        || {
-            dfatal "Cannot create /dev/random"
-            dfatal "To create an initramfs with fips support, dracut has to run as root"
-            return 1
-        }
-    [ -c "${initdir}"/dev/urandom ] || mknod "${initdir}"/dev/urandom c 1 9 \
-        || {
-            dfatal "Cannot create /dev/urandom"
-            dfatal "To create an initramfs with fips support, dracut has to run as root"
-            return 1
-        }
 }