maybe its fixed now?

setup/arch-autosetup-cgpt-new.sh

@@ -141,7 +141,16 @@ genfstab -U /mnt >> /mnt/etc/fstab
 
 ROOT_UUID=$(blkid -s UUID -o value "$ROOT_PART")
 
-arch-chroot /mnt /bin/bash <<EOF
+
+arch-chroot /mnt /usr/bin/env \
+  HOSTNAME="$HOSTNAME" \
+  USERNAME="$USERNAME" \
+  USERPASS="$USERPASS" \
+  ENABLE_FIDO_ROOT="$ENABLE_FIDO_ROOT" \
+  ENABLE_FIDO_USER="$ENABLE_FIDO_USER" \
+  ROOT_UUID="$ROOT_UUID" \
+  /bin/bash <<'EOF'
+
 set -euo pipefail
 
 echo "en_US.UTF-8 UTF-8" > /etc/locale.gen
@@ -159,10 +168,7 @@ echo "$USERNAME:$USERPASS" | chpasswd
 
 echo "%wheel ALL=(ALL) ALL" >> /etc/sudoers
 
-############################################
 # Initramfs + GRUB for FIDO2
-############################################
-
 if [[ "$ENABLE_FIDO_ROOT" == "YES" ]]; then
     sed -i 's/^HOOKS=.*/HOOKS=(base systemd autodetect modconf block sd-encrypt filesystems keyboard fsck)/' /etc/mkinitcpio.conf
 else
@@ -177,25 +183,19 @@ else
     GRUB_CMDLINE="cryptdevice=UUID=$ROOT_UUID:cryptroot root=/dev/mapper/cryptroot"
 fi
 
-sed -i "s|GRUB_CMDLINE_LINUX=.*|GRUB_CMDLINE_LINUX=\"$GRUB_CMDLINE\"|" /etc/default/grub
+sed -i "s|^GRUB_CMDLINE_LINUX=.*|GRUB_CMDLINE_LINUX=\"$GRUB_CMDLINE\"|" /etc/default/grub
 
 grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB
 grub-mkconfig -o /boot/grub/grub.cfg
 
-############################################
 # User login FIDO2
-############################################
-
 if [[ "$ENABLE_FIDO_USER" == "YES" ]]; then
     echo "Enrolling FIDO2 for user login"
     mkdir -p /home/$USERNAME/.config/Yubico
     chown $USERNAME:$USERNAME /home/$USERNAME/.config/Yubico
-
     sudo -u "$USERNAME" bash -c "pamu2fcfg >> /home/$USERNAME/.config/Yubico/u2f_keys"
-
     echo "auth required pam_u2f.so" >> /etc/pam.d/system-auth
 fi
-
 EOF
 
 echo "Installation complete!"