Did someone get LUKS unlocking with a FIDO2 token using systemd-cryptenroll on Fedora Silberblue 36 to work? It used to work on F35 Silverblue, but since the update, it wont ask for the FIDO pin but for the usual LUKS passphrase on boot.
I activated manual initramfs generation, modified /etc/cryptsetup and added “rd.luks.options=fido2-device=auto” to the kernel arguments.
I found your question while trying to do this exact thing and finally resolved it. Hope it’s not too late to help.
By default, dracut does not include its fido2 module when building the initramfs. Thus I created /etc/dracut.conf.d/fido2.conf with contents:
add_dracutmodules+=" fido2 "
And then rpm-ostree initramfs --enable to build the initramfs.
Use lsinitrd /boot/ostree/fedora-*/initramfs-*.img (replacing the asterisks with whatever is current) to check the initramfs contents. It should show fido2 as a dracut module and usr/lib64/cryptsetup/libcryptsetup-token-systemd-fido2.so as one of the included files.