diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c
index 12114882..2ed82451 100644
--- a/lib/luks2/luks2_json_metadata.c
+++ b/lib/luks2/luks2_json_metadata.c
@@ -2923,6 +2923,18 @@ int LUKS2_deactivate(struct crypt_device *cd, const char *name, struct luks2_hdr
 		ret = 0;
 		dep = deps;
 		while (*dep) {
+			/*
+			 * FIXME: dm-integrity has now proper SUBDEV prefix so
+			 * it would be deactivated here, but due to specific
+			 * dm_remove_device(iname) above the iname device
+			 * is no longer active. This will be fixed when
+			 * we switch to SUBDEV deactivation after 2.8 release.
+			 */
+			if (iname && !strcmp(*dep, iname)) {
+				dep++;
+				continue;
+			}
+
 			log_dbg(cd, "Deactivating LUKS2 dependent device %s.", *dep);
 			r = dm_query_device(cd, *dep, DM_ACTIVE_CRYPT_KEY | DM_ACTIVE_CRYPT_KEYSIZE, &dmdc);
 			if (r < 0) {
diff --git a/lib/setup.c b/lib/setup.c
index 732d5d83..bf64c613 100644
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -3269,7 +3269,15 @@ static int _compare_device_types(struct crypt_device *cd,
 		return -EINVAL;
 	}
 
-	if (isLUKS2(cd->type) && !strncmp("INTEGRITY-", tgt->uuid, strlen("INTEGRITY-"))) {
+	/*
+	 * FIXME: The CRYPT_SUBDEV prefix should be enough but we need
+	 * to keep INTEGRITY- for dm-integrity subdevices opened with
+	 * cryptsetup version < 2.8.0. Drop the INTEGRITY condition
+	 * in next Y release.
+	 */
+	if (isLUKS2(cd->type) &&
+	    (!strncmp("INTEGRITY-", tgt->uuid, strlen("INTEGRITY-")) ||
+	     !strncmp(CRYPT_SUBDEV, tgt->uuid, strlen(CRYPT_SUBDEV)))) {
 		if (dm_uuid_cmp(tgt->uuid, src->uuid)) {
 			log_dbg(cd, "LUKS UUID mismatch.");
 			return -EINVAL;
@@ -4921,7 +4929,7 @@ static int _create_device_with_integrity(struct crypt_device *cd,
 
 	device_check = dmd->flags & CRYPT_ACTIVATE_SHARED ? DEV_OK : DEV_EXCL;
 
-	r = INTEGRITY_activate_dmd_device(cd, iname, CRYPT_INTEGRITY, dmdi, 0);
+	r = INTEGRITY_activate_dmd_device(cd, iname, CRYPT_SUBDEV, dmdi, 0);
 	if (r)
 		return r;