Index: usr.sbin/bsdinstall/scripts/zfsboot
===================================================================
--- usr.sbin/bsdinstall/scripts/zfsboot
+++ usr.sbin/bsdinstall/scripts/zfsboot
@@ -1438,6 +1438,7 @@
 #
 # Loop over the main menu until we've accomplished what we came here to do
 #
+swap_encryption_at_default=1
 while :; do
 	if ! f_interactive; then
 		retval=$DIALOG_OK
@@ -1548,9 +1549,17 @@
 		# Toggle the variable referenced both by the menu and later
 		if [ "$ZFSBOOT_GELI_ENCRYPTION" ]; then
 			ZFSBOOT_GELI_ENCRYPTION=
+
+			# If swap encryption is unchanged, toggle it off.
+			[ "$swap_encryption_at_default" ] &&
+				ZFSBOOT_SWAP_ENCRYPTION=
 		else
 			ZFSBOOT_FORCE_4K_SECTORS=1
 			ZFSBOOT_GELI_ENCRYPTION=1
+
+			# If swap encryption is unchanged, toggle it on.
+			[ "$swap_encryption_at_default" ] &&
+				ZFSBOOT_SWAP_ENCRYPTION=1
 		fi
 		;;
 	?" $msg_partition_scheme")
@@ -1599,6 +1608,9 @@
 		else
 			ZFSBOOT_SWAP_ENCRYPTION=1
 		fi
+
+		# User has shown to have a preference, decouple with GELI root
+		swap_encryption_at_default=
 		;;
 	esac
 done