diff --git a/NEWS b/NEWS
index b7baf6050a..abd7d887c8 100644
--- a/NEWS
+++ b/NEWS
@@ -51,6 +51,12 @@ CHANGES WITH 257 in spe:
           too many systems, because most NVMe devices only know a namespace 1
           by default.
 
+        * Support for cgroup v1 ('legacy' and 'hybrid' hierarchies) is now
+          considered obsolete and systemd by default will ignore configuration
+          that enables them. To forcibly reenable cgroup v1 support,
+          SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 must additionally be set on the
+          kernel command line.
+
        Announcements of Future Feature Removals:
 
         * The D-Bus method org.freedesktop.systemd1.StartAuxiliaryScope() is
@@ -64,11 +70,8 @@ CHANGES WITH 257 in spe:
           will be phased out in a future release in 2025, i.e. we expect to bump
           the minimum baseline to v5.4 then too.
 
-        * Support for cgroup v1 ('legacy' and 'hybrid' hierarchies) is now
-          considered obsolete and systemd by default will refuse to boot under
-          it. To forcibly reenable cgroup v1 support,
-          SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 must be set on kernel command
-          line. The complete removal of cgroup v1 is scheduled for v258.
+        * The complete removal of support for cgroup v1 ('legacy' and 'hybrid'
+          hierarchies) is scheduled for v258.
 
         * Support for System V service scripts is deprecated and will be
           removed in v258. Please make sure to update your software
diff --git a/src/core/main.c b/src/core/main.c
index 93a1e221f7..38216fa7a6 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -3170,21 +3170,11 @@ int main(int argc, char *argv[]) {
                 }
 
                 if (!skip_setup) {
-                        /* Before we actually start deleting cgroup v1 code, make it harder to boot
-                         * in cgroupv1 mode first. See also #30852. */
-
                         r = mount_cgroup_legacy_controllers(loaded_policy);
                         if (r < 0) {
-                                if (r == -ERFKILL)
-                                        error_message = "Refusing to run under cgroup v1, SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 not specified on kernel command line";
-                                else
-                                        error_message = "Failed to mount cgroup v1 hierarchy";
+                                error_message = "Failed to mount cgroup v1 hierarchy";
                                 goto finish;
                         }
-                        if (r > 0) {
-                                log_full(LOG_CRIT, "Legacy cgroup v1 support selected. This is no longer supported. Will proceed anyway after 30s.");
-                                (void) usleep_safe(30 * USEC_PER_SEC);
-                        }
                 }
 
                 /* The efivarfs is now mounted, let's lock down the system token. */
diff --git a/src/shared/cgroup-setup.c b/src/shared/cgroup-setup.c
index d415d13d41..49d40f60d8 100644
--- a/src/shared/cgroup-setup.c
+++ b/src/shared/cgroup-setup.c
@@ -92,11 +92,14 @@ bool cg_is_unified_wanted(void) {
         if (r >= 0)
                 return (wanted = r >= CGROUP_UNIFIED_ALL);
 
-        /* If we were explicitly passed systemd.unified_cgroup_hierarchy, respect that. */
+        /* If we have explicit configuration for v1 or v2, respect that. */
+        if (cg_is_legacy_force_enabled())
+                return (wanted = false);
+
         bool b;
         r = proc_cmdline_get_bool("systemd.unified_cgroup_hierarchy", /* flags = */ 0, &b);
-        if (r > 0)
-                return (wanted = b);
+        if (r > 0 && b)
+                return (wanted = true);
 
         /* If we passed cgroup_no_v1=all with no other instructions, it seems highly unlikely that we want to
          * use hybrid or legacy hierarchy. */
@@ -106,23 +109,21 @@ bool cg_is_unified_wanted(void) {
                 return (wanted = true);
 
         /* If any controller is in use as v1, don't use unified. */
-        return (wanted = (cg_any_controller_used_for_v1() <= 0));
+        if (cg_any_controller_used_for_v1() > 0)
+                return (wanted = false);
+
+        return (wanted = true);
+
 }
 
 bool cg_is_legacy_wanted(void) {
-        static thread_local int wanted = -1;
-
-        /* If we have a cached value, return that. */
-        if (wanted >= 0)
-                return wanted;
-
         /* Check if we have cgroup v2 already mounted. */
         if (cg_unified_cached(true) == CGROUP_UNIFIED_ALL)
-                return (wanted = false);
+                return false;
 
         /* Otherwise, assume that at least partial legacy is wanted,
          * since cgroup v2 should already be mounted at this point. */
-        return (wanted = true);
+        return true;
 }
 
 bool cg_is_hybrid_wanted(void) {
@@ -151,20 +152,28 @@ bool cg_is_hybrid_wanted(void) {
         return (wanted = true);
 }
 
+bool cg_is_legacy_enabled(void) {
+        int r;
+        bool b;
+
+        r = proc_cmdline_get_bool("systemd.unified_cgroup_hierarchy", /* flags = */ 0, &b);
+        return r > 0 && !b;
+}
+
 bool cg_is_legacy_force_enabled(void) {
-        bool force;
+        int r;
+        bool b;
 
-        if (!cg_is_legacy_wanted())
+        /* Require both systemd.unified_cgroup_hierarchy=0 and SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1. */
+
+        if (!cg_is_legacy_enabled())
                 return false;
 
-        /* If in container, we have to follow host's cgroup hierarchy. */
-        if (detect_container() > 0)
-                return true;
-
-        if (proc_cmdline_get_bool("SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE", /* flags = */ 0, &force) < 0)
+        r = proc_cmdline_get_bool("SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE", /* flags = */ 0, &b);
+        if (r <= 0 || !b)
                 return false;
 
-        return force;
+        return true;
 }
 
 int cg_weight_parse(const char *s, uint64_t *ret) {
diff --git a/src/shared/cgroup-setup.h b/src/shared/cgroup-setup.h
index b8473097cf..31c4ea1ace 100644
--- a/src/shared/cgroup-setup.h
+++ b/src/shared/cgroup-setup.h
@@ -10,6 +10,7 @@
 bool cg_is_unified_wanted(void);
 bool cg_is_legacy_wanted(void);
 bool cg_is_hybrid_wanted(void);
+bool cg_is_legacy_enabled(void);
 bool cg_is_legacy_force_enabled(void);
 
 int cg_weight_parse(const char *s, uint64_t *ret);
diff --git a/src/shared/mount-setup.c b/src/shared/mount-setup.c
index ba291bd76f..d5009fb59e 100644
--- a/src/shared/mount-setup.c
+++ b/src/shared/mount-setup.c
@@ -512,12 +512,28 @@ int mount_cgroup_legacy_controllers(bool loaded_policy) {
         _cleanup_set_free_ Set *controllers = NULL;
         int r;
 
+        /* Before we actually start deleting cgroup v1 code, make it harder to boot in cgroupv1 mode first.
+         * See also #30852. */
+
+        if (detect_container() <= 0) { /* If in container, we have to follow host's cgroup hierarchy. Only
+                                        * do the deprecation checks below if we're not in a container. */
+                if (cg_is_legacy_force_enabled())
+                        log_warning("Legacy support for cgroup v1 enabled via SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1.");
+                else if (cg_is_legacy_enabled()) {
+                        log_full(LOG_CRIT,
+                                 "Legacy cgroup v1 configured. This will stop being supported soon.\n"
+                                 "Will proceed with cgroup v2 after 30 s.\n"
+                                 "Set systemd.unified_cgroup_hierarchy=1 to switch to cgroup v2 "
+                                 "or set SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 to reenable v1 temporarily.");
+                        (void) usleep_safe(30 * USEC_PER_SEC);
+
+                        return 0;
+                }
+        }
+
         if (!cg_is_legacy_wanted())
                 return 0;
 
-        if (!cg_is_legacy_force_enabled())
-                return -ERFKILL;
-
         FOREACH_ELEMENT(mp, cgroupv1_mount_table) {
                 r = mount_one(mp, loaded_policy);
                 if (r < 0)