diff --git a/system/common.nix b/system/common.nix
index d6f97ed..ac618c2 100644
--- a/system/common.nix
+++ b/system/common.nix
@@ -1,5 +1,6 @@
 {
   config,
+  options,
   pkgs,
   lib,
   username,
@@ -89,6 +90,11 @@
     kernelPackages = pkgs.linuxPackages_testing;
     # kernelPackages = pkgs.linuxPackages_latest;
 
+    # aes_generic is built-in as of linux 7.0, no longer a loadable module
+    initrd.luks.cryptoModules = lib.mkForce (
+      lib.filter (m: m != "aes_generic") options.boot.initrd.luks.cryptoModules.default
+    );
+
     lanzaboote = {
       enable = true;
       # TODO: proper secrets management so this is not stored in nix store