Grub is basically a second OS. People who say 'systemd is large and should just do one thing' and then say 'this can be solved with GRUB' blow my mind.
Sorry, didn't mean to promote grub, which sure has its own issues.
If the boot-loader is meant to decrypt the root fs however, it won't be trivial and GRUB might be the best bet. At least it isn't listening on network ports ...
