zfs-load-key service fails on boot but works manually - encrypted ZFS pool with file-based key

[m4rcs]

I'm running Ubuntu 24.04 with an encrypted ZFS mirror setup using
ZFSBootMenu. I've successfully configured the root pool (zroot) with
encrypted datasets using a keystore at /etc/zfs/keys, and now I'm trying to add a second encrypted pool (data) that
should be automatically unlocked at boot using zfs-mount-generator.

Current Configuration:

• Root pool (zroot) uses org.openzfs.systemd:ignore=on to bypass systemd integration
• Data pool has keylocation=file:///etc/zfs/keys/zroot.key set
• The key file is stored on the encrypted zroot at /etc/zfs/keys/zroot.key
• zfs-mount-generator correctly creates mount units and generates the service file below

The Problem:

The zfs-load-key@data.service fails during boot with exit code 255, but manually running
systemctl start zfs-load-key@data.service after boot completes successfully.

Generated Service File:

# Automatically generated by zfs-mount-generator
[Unit]
Description=Load ZFS key for data
SourcePath=/etc/zfs/zfs-list.cache/data
Documentation=man:zfs-mount-generator(8)
DefaultDependencies=no
Wants=
After=
RequiresMountsFor='/etc/zfs/keys/zroot.key'
[Service]
Type=oneshot
RemainAfterExit=yes
# This avoids a dependency loop involving systemd-journald.socket if this
# dataset is a parent of the root filesystem.
StandardOutput=null
StandardError=null
ExecStart=/bin/sh -euc '[ "$$(/sbin/zfs get -H -o value keystatus "data")" = "unavailable" ] || exit 0;exec /sbin/zfs load-key "data"'
ExecStop=/bin/sh -euc '[ "$$(/sbin/zfs get -H -o value keystatus "data")" = "available" ] || exit 0;exec /sbin/zfs unload-key "data"'

Boot Failure:

× zfs-load-key@data.service - Load ZFS key for data
     Loaded: loaded (/etc/zfs/zfs-list.cache/data; generated)
     Active: failed (Result: exit-code) since Mon 2025-12-01 17:36:32 CET; 53min ago
       Docs: man:zfs-mount-generator(8)
   Main PID: 2002 (code=exited, status=255/EXCEPTION)
        CPU: 5ms
Dec 01 17:36:32 server systemd[1]: Starting zfs-load-key@data.service - Load ZFS key for data...
Dec 01 17:36:32 server systemd[1]: zfs-load-key@data.service: Main process exited, code=exited, status=255/EXCEPTION
Dec 01 17:36:32 server systemd[1]: zfs-load-key@data.service: Failed with result 'exit-code'.
Dec 01 17:36:32 server systemd[1]: Failed to start zfs-load-key@data.service - Load ZFS key for data.

Question:

What could cause the key loading to fail during boot but succeed when run manually afterward? The service has
RequiresMountsFor='/etc/zfs/keys/zroot.key', so the keystore should be mounted before the service runs. Is there a
timing or dependency issue I'm missing? How can I debug or resolve this?