diff --git a/bus/config-loader-expat.c b/bus/config-loader-expat.c
index f59942e3..6cbd37eb 100644
--- a/bus/config-loader-expat.c
+++ b/bus/config-loader-expat.c
@@ -203,6 +203,20 @@ bus_config_load (const DBusString      *file,
       goto failed;
     }
 
+  /* We do not need protection against hash collisions (CVE-2012-0876)
+   * because we are only parsing trusted XML; and if we let Expat block
+   * waiting for the CSPRNG to be initialized, as it does by default to
+   * defeat CVE-2012-0876, it can cause timeouts during early boot on
+   * entropy-starved embedded devices.
+   *
+   * TODO: When Expat gets a more explicit API for this than
+   * XML_SetHashSalt, check for that too, and use it preferentially.
+   * https://github.com/libexpat/libexpat/issues/91 */
+#if defined(HAVE_XML_SETHASHSALT)
+  /* Any nonzero number will do. https://xkcd.com/221/ */
+  XML_SetHashSalt (expat, 4);
+#endif
+
   if (!_dbus_string_get_dirname (file, &dirname))
     {
       dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
diff --git a/configure.ac b/configure.ac
index 9797035f..05182d1f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -935,6 +935,14 @@ AC_SUBST(DBUS_PATH_OR_ABSTRACT)
 
 PKG_CHECK_MODULES([EXPAT], [expat])
 
+save_cflags="$CFLAGS"
+save_libs="$LIBS"
+CFLAGS="$CFLAGS $EXPAT_CFLAGS"
+LIBS="$LIBS $EXPAT_LIBS"
+AC_CHECK_FUNCS([XML_SetHashSalt])
+CFLAGS="$save_cflags"
+LIBS="$save_libs"
+
 # Thread lib detection
 AC_ARG_VAR([THREAD_LIBS])
 save_libs="$LIBS"