I've managed to unlock my LUKS partation on boot with a FIDO2 key
My crypttab is
myvolume /dev/sda5 - fido2-device=auto
But I still keep a LUKS key slot with a password (my fido key is always on my dock, not my laptop). Now my boot sequence fails if the key is not connected because it always wants the key PIN number.
With the FIDO Pam module, I get asked the PIN+touch only if the key is connected, otherwise it falls back to just asking for the password.
QUESTION:
Is it possible to have a similar behavior when unloking LUKS from my boot sequence?
