That article is exactly what I needed. Thank you for your help. I could not find this when I was looking online. I was going through so many steps just to get it to work when it really was just a couple steps.
For any future people trying to do this:
- Load a live usb and in that session change the the LUKS encryption to LUKS2 of your system partition. You will need your original passphrase for this. You are done with the live usb
- Back on system, run command
systemd-cryptenroll --fido2-device=auto /dev/sda5
- changing sda5 to your LUKS partition you want to unlock with your yubikey
- go to /etc/crypttab using your favorite text editor and with sudo, add this line
myvolume /dev/sda5 - fido2-device=auto
- your partition should have a name, copy that to myvolume, change sda5 to your LUKS partition. Save and quit
- run this command after done to rebuild your initramfs and apply the changes to use your yubikey
sudo dracut-rebuild
Once done reboot and you should be ask for your FIDO2 pin when your yubikey is inserted. Then touch the presence sensor on the yubikey. Then you will be signed in.
Cheers!