diff --git a/roles/lmn_encrypt/tasks/tpm2.yml b/roles/lmn_encrypt/tasks/tpm2.yml
index 50a989f..432ce2f 100644
--- a/roles/lmn_encrypt/tasks/tpm2.yml
+++ b/roles/lmn_encrypt/tasks/tpm2.yml
@@ -32,7 +32,7 @@
     cmd: >
       systemd-run -P --wait
       -p SetCredential=cryptenroll.passphrase:{{ encrypt_passphrase | default(encrypt_passphrase_initial) }}
-      systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 {{ encrypt_device }} --wipe-slot=tpm2
+      systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs="" {{ encrypt_device }} --wipe-slot=tpm2
   no_log: true
   when: "'tpm2' not in encrypt_slots_result.stdout"