Following my FedoraMagazine article on use of systemd-cryptenroll with fido2 or tpm2 and some user feedback I’m wondering: can we include tpm2-tools in fedora by default and add the fido2 and tpm2-tss dracut modules by default?
If those modules were present in the initramfs by default anyone could just use FIDO2 or TPM2 to unlock their LUKS disks by using systemd-cryptenroll without further setup. Especially on Silverblue this would be a huge plus as currently you have to A) enable initramfs regen and B) add an overlay, which as I understand it is kinda discouraged because of the implicit rebuild effort introduced on updates