Hi CentOS team, By the RPM spec files, (https://gitlab.com/redhat/centos-stream/rpms/systemd/-/blob/c9s/systemd.spec#L599), FIDO2 support is disabled in systemd. FIDO2 support is very useful for automatic decryption of LUKS partitions with systemd-cryptsetup. This would allow for external security keys (such as a Yubikey) to decrypt drives with no user interaction. Currently, the current systemd configuration supports only TPM and GPG. In older devices that don't support TPM, the only option for no-interaction FDE decryption is to use GPG (which still requires a key access password to be remotely secure). As far as I can tell, there is no barrier to enable FIDO2 support. Please let me know if I am mistaken. Thanks, Ersei -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_0x77DCEE512870246C.asc Type: application/pgp-keys Size: 5426 bytes Desc: OpenPGP public key URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20230120/20ee597f/attachment.bin> -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20230120/20ee597f/attachment.sig>