diff --git a/roles/configuration/tasks/encryption/dracut.yml b/roles/configuration/tasks/encryption/dracut.yml
index f0bcd53..4ea0518 100644
--- a/roles/configuration/tasks/encryption/dracut.yml
+++ b/roles/configuration/tasks/encryption/dracut.yml
@@ -14,11 +14,11 @@
       install_items+=" {{ configuration_luks_keyfile_path }} "
       {% endif %}
       {% if configuration_luks_auto_method == 'tpm2' %}
+      add_dracutmodules+=" tpm2-tss "
       install_items+=" {{ configuration_luks_tpm2_token_lib | default('') }} "
       {% endif %}
     mode: "0644"
 
-# --- Kernel cmdline: write rd.luks.* args for dracut ---
 - name: Ensure kernel cmdline directory exists
   ansible.builtin.file:
     path: /mnt/etc/kernel
@@ -58,7 +58,6 @@
     mode: "0644"
     content: "{{ _dracut_kernel_cmdline }}\n"
 
-# --- BLS entries: RedHat-specific ---
 - name: Update BLS entries with LUKS kernel cmdline
   when: os_family == 'RedHat'
   vars: