I just saw this blog article, and wanted to share it because I think this solution could dramatically improve the user experience of logging into fedora.
The author of this blog post and software explains that not only have they developed a PAM module to allow secure PIN authentication using TPM2, but they have also solved the problem of ensuring the GNOME keyring or kwallet is unlocked without needing the user to enter their password after login.
It’s configured with a nice little CLI app called pinutil.