diff --git a/build_debian.sh b/build_debian.sh
index 3c6673a53ec4..0c765fdb6424 100755
--- a/build_debian.sh
+++ b/build_debian.sh
@@ -123,6 +123,8 @@ sudo cp files/initramfs-tools/arista-convertfs $FILESYSTEM_ROOT/etc/initramfs-to
 sudo chmod +x $FILESYSTEM_ROOT/etc/initramfs-tools/scripts/init-premount/arista-convertfs
 sudo cp files/initramfs-tools/mke2fs $FILESYSTEM_ROOT/etc/initramfs-tools/hooks/mke2fs
 sudo chmod +x $FILESYSTEM_ROOT/etc/initramfs-tools/hooks/mke2fs
+sudo cp files/initramfs-tools/setfacl $FILESYSTEM_ROOT/etc/initramfs-tools/hooks/setfacl
+sudo chmod +x $FILESYSTEM_ROOT/etc/initramfs-tools/hooks/setfacl
 
 # Hook into initramfs: rename the management interfaces on arista switches
 sudo cp files/initramfs-tools/arista-net $FILESYSTEM_ROOT/etc/initramfs-tools/scripts/init-premount/arista-net
diff --git a/files/initramfs-tools/arista-convertfs.j2 b/files/initramfs-tools/arista-convertfs.j2
index cea25bd39837..dfd2fc1d7407 100644
--- a/files/initramfs-tools/arista-convertfs.j2
+++ b/files/initramfs-tools/arista-convertfs.j2
@@ -87,6 +87,9 @@ fixup_flash_permissions() {
     # this allows the sonic admin user to have read access on the flash
     local flash_mnt="$1"
     chmod o+rx "$flash_mnt"
+
+    # remove all the filesystem acls from the flash
+    setfacl -Rb "$flash_mnt"
 }
 
 # Extract kernel parameters
diff --git a/files/initramfs-tools/setfacl b/files/initramfs-tools/setfacl
new file mode 100644
index 000000000000..96564e06b245
--- /dev/null
+++ b/files/initramfs-tools/setfacl
@@ -0,0 +1,20 @@
+#!/bin/sh
+#Part of the code is revised based on initramfs-tools/hooks/fsck and initramfs-tool is under GPL v2.
+
+PREREQ=""
+
+prereqs()
+{
+    echo "$PREREQ"
+}
+
+case $1 in
+prereqs)
+    prereqs
+    exit 0
+    ;;
+esac
+
+. /usr/share/initramfs-tools/hook-functions
+
+copy_exec /usr/bin/setfacl /sbin/setfacl