Then you could be right about not up for FIDO U2F, systemd cryptenroll, crypttab, and dracut . . . but all that has been around for awhile. F32 is not pre-systemd.
Dom0 can change it’s boot from GRUB to EFI which means systemd boot is possible.
But if Dom0 requires installation or updating, that is a problem. Update Manager asks me to update Dom0 but if that is compromised, all is lost so I don’t. FIDO U2F locking LUKS mught require networking access that bypasses even Update Manager security measures.
Probably should get a non-bio series 5 Yubikey with ykchalresp.
Do other keys like Nitro or Feitian have something like ykchalresp that can be installed in Work qube and connected to GRUB?