https://bugzilla.suse.com/show_bug.cgi?id=1234010 https://bugzilla.suse.com/show_bug.cgi?id=1234010#c2 --- Comment #2 from Chris Miller <chris.beaudry.miller@gmail.com> --- Once the swap partition gets decrypted swap works fine, the issue is that initial decryption of the swap partition is not happening with FIDO2. Here is my system swap status after booting with plymouth disabled and not plugging in the FIDO2 key, which avoids the issue since the system falls back to password immediately. In this case I only have to enter my password once to unlock both the root and swap partitions. (base) cbmiller@localhost:/dev> sudo swapon --show NAME TYPE SIZE USED PRIO /dev/dm-1 partition 31.3G 0B -2 /dev/zram0 partition 31.3G 139.5M 100 (base) cbmiller@localhost:/dev> sudo dmsetup info cr_swap Name: cr_swap State: ACTIVE Read Ahead: 1024 Tables present: LIVE Open count: 1 Event number: 0 Major, minor: 254, 1 Number of targets: 1 UUID: CRYPT-LUKS2-1b692ff923f54d8486ee51b3c3cb72c4-cr_swap (base) cbmiller@localhost:/dev> lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS sda 8:0 0 465.8G 0 disk └─sda1 8:1 0 465.8G 0 part /OFFLOAD sdb 8:16 0 10.9T 0 disk └─sdb1 8:17 0 10.9T 0 part /run/media/cbmiller/Chris_Backup zram0 253:0 0 31.3G 0 disk [SWAP] nvme0n1 259:0 0 931.5G 0 disk ├─nvme0n1p1 259:1 0 512M 0 part /boot/efi ├─nvme0n1p2 259:2 0 899.7G 0 part │ └─cr_root 254:0 0 899.7G 0 crypt /var │ /usr/local │ /srv │ /root │ /home │ /boot/grub2/x86_64-efi │ /opt │ /boot/grub2/i386-pc │ /.snapshots │ / └─nvme0n1p3 259:3 0 31.3G 0 part └─cr_swap 254:1 0 31.3G 0 crypt [SWAP] Here is the output from cryptenroll: (base) cbmiller@localhost:/dev> sudo systemd-cryptenroll /dev/nvme0n1p2 SLOT TYPE 0 password 1 fido2 (base) cbmiller@localhost:/dev> sudo systemd-cryptenroll /dev/nvme0n1p3 SLOT TYPE 0 password 1 fido2 -- You are receiving this mail because: You are on the CC list for the bug.