diff --git a/src/lib/y2storage/proposal_settings.rb b/src/lib/y2storage/proposal_settings.rb
index be6dc919a..96e8e7864 100644
--- a/src/lib/y2storage/proposal_settings.rb
+++ b/src/lib/y2storage/proposal_settings.rb
@@ -29,6 +29,7 @@
 require "y2storage/encryption_method"
 require "y2storage/equal_by_instance_variables"
 require "y2storage/proposal_space_settings"
+require "y2storage/pbkd_function"
 
 module Y2Storage
   # Class to manage settings used by the proposal (typically read from control.xml)
@@ -433,18 +434,32 @@ def load_features
 
     # Loads the default encryption settings
     #
-    # The encryption settings are not part of control.xml, but can be injected by a previous step of
-    # the installation, eg. the dialog of the Common Criteria system role
+    # The encryption settings are not part of the offical control.xml, but can be injected by a previous step of
+    # the installation, eg. the dialog of the Common Criteria system role or expert dialog
     def load_encryption
       enc = feature(:proposal, :encryption)
-
       return unless enc
-      return unless enc.respond_to?(:password)
 
-      passwd = enc.password.to_s
-      return if passwd.nil? || passwd.empty?
+      if enc.is_a?(Hash)
+        # Data comes from expert dialog
+        passwd = enc["password"]
+        self.encryption_password = passwd if !passwd.nil? && !passwd.empty?
+
+        type = enc["type"]
+        # default is luks1
+        self.encryption_method = EncryptionMethod::LUKS2 if !type.nil? && type == "luks2"
+
+        pbkdf = enc["pbkdf"]
+        self.encryption_pbkdf = Y2Storage::PbkdFunction.find(pbkdf) if !pbkdf.nil? && !pbkdf.empty?
+      else
+        # Data comes event. from Common Criteria system role ?
+        return unless enc.respond_to?(:password)
+
+        passwd = enc.password.to_s
+        return if passwd.nil? || passwd.empty?
 
-      self.encryption_password = passwd
+        self.encryption_password = passwd
+      end
     end
 
     def validated_delete_mode(mode)