Unlocking LUKS with FIDO2 Token Should Precede Password Prompt #1
Description
Currently, when attempting to unlock LUKS with a FIDO2 token enrolled via systemd-cryptenroll, the system prompts for a password entry before utilizing the token. The expected behavior is that the system should first attempt to unlock using the FIDO2 token if it is present. If the token authentication fails, only then should it prompt for the password.
[ 5.280427] [abroot-unlock-var] (info): using plymouth password entry
[ 11.837281] abroot : error setting up logging: mkdir /.local: read-only file system
[ 12.317105] Asking FIDO2 token for authentication.
[ 12.317128] Please confirm presence on security token to unlock.