diff --git a/etc/rc.d/gbde b/etc/rc.d/gbde
new file mode 100644
index 000000000000..900afc7d8989
--- /dev/null
+++ b/etc/rc.d/gbde
@@ -0,0 +1,92 @@
+#!/bin/sh
+#
+# This file, originally written by Garrett A. Wollman, is in the public
+# domain.
+#
+# $FreeBSD$
+#
+
+# PROVIDE: disks
+# KEYWORD: FreeBSD
+
+. /etc/rc.subr
+
+name="gbde"
+start_precmd="find_gbde_devices start"
+stop_precmd="find_gbde_devices stop"
+start_cmd="gbde_start"
+stop_cmd="gbde_stop"
+
+find_gbde_devices()
+{
+	case "${gbde_devices-auto}" in
+	[Aa][Uu][Tt][Oo])
+		gbde_devices="";;
+	*)
+		return 0;;
+	esac
+
+	case "$1" in
+	start)	fstab="/etc/fstab";;
+	stop)	fstab=$(mktemp /tmp/mtab.XXXXXX)
+		mount -p >${fstab}
+	esac
+
+	#
+	# We can't use "mount -p | while ..." because when a shell loop
+	# is the target of a pipe it executes in a subshell, and so can't
+	# modify variables in the script.
+	#
+	while read device mountpt type options dump pass; do
+		case "$device" in
+		*.bde)
+			# Ignore swap devices
+			case "$type" in
+			swap)
+				continue;;
+			esac
+
+			case "$options" in
+			*noauto*)
+				if checkyesno gbde_autoattach_all; then
+					gbde_devices="${gbde_devices} ${device}"
+				fi
+				;;
+			*)
+				gbde_devices="${gbde_devices} ${device}"
+				;;
+			esac
+			;;
+		esac
+	done <${fstab}
+
+	case "$1" in
+	stop)	rm -f ${fstab};;
+	esac
+
+	return 0
+}
+
+gbde_start()
+{
+	for device in $gbde_devices; do
+		parentdev=${device%.bde}
+		parent=${parentdev#/dev/}
+		eval "lock=\${gbde_lock_${parent}-\"/etc/${parent}.lock\"}"
+		if [ -e $lock ]; then
+			echo "Configuring Disk Encryption for ${device}."
+			gbde attach ${parentdev} -l ${lock}
+		fi
+	done
+}
+
+gbde_stop()
+{
+	for device in $gbde_devices; do
+		umount ${device}
+		gbde detach ${device%.bde}
+	done
+}
+
+load_rc_config $name
+run_rc_command "$1"