diff --git a/roles/configuration/tasks/encryption/tpm2.yml b/roles/configuration/tasks/encryption/tpm2.yml
index 5733879..0b7a7e5 100644
--- a/roles/configuration/tasks/encryption/tpm2.yml
+++ b/roles/configuration/tasks/encryption/tpm2.yml
@@ -80,11 +80,10 @@
           host stderr={{ configuration_luks_tpm2_enroll_host.stderr | default('') }}
   rescue:
     - name: Warn about TPM2 enrollment failure
-      ansible.builtin.fail:
+      ansible.builtin.debug:
         msg: >-
           WARNING: TPM2 enrollment failed — falling back to keyfile auto-decrypt.
           The system will use a keyfile instead of TPM2 for automatic LUKS unlock.
-      ignore_errors: true
 
     - name: Fallback to keyfile auto-decrypt
       ansible.builtin.set_fact: