so i was missing sudo, also added lots of debug info - also need to do a logfile tbh

setup/arch-auto-install-new-cgpt.sh

@@ -52,7 +52,9 @@ cryptsetup open "$ROOT_PART" cryptroot
 
 # Add multiple FIDO2 keys for LUKS
 if [[ "$FIDO_ROOT" == "YES" ]]; then
-    systemd-cryptenroll "$ROOT_PART" --fido2-device=auto
+    echo "ENROLLING FIDOKEY"
+    read
+    systemd-cryptenroll "$ROOT_PART" --fido2-device=auto --fido2-with-client-pin=no
 #    read -rp "How many FIDO2 keys for LUKS unlocking? " FIDO_LUKS_COUNT
 #    for ((i=1; i<=FIDO_LUKS_COUNT; i++)); do
 #        echo "Insert FIDO2 key #$i and touch it when prompted..."
@@ -98,7 +100,7 @@ echo
 read -rp "Enable FIDO2 authentication for user login? (YES/NO): " FIDO_USER
 
 # Install base system
-pacstrap /mnt base "$KERNEL" linux-firmware vim bash zsh git less btop fastfetch networkmanager grub cryptsetup libfido2 pam-u2f efibootmgr $GPU_PKGS
+pacstrap /mnt base "$KERNEL" linux-firmware vim bash zsh git less btop fastfetch networkmanager grub cryptsetup libfido2 pam-u2f efibootmgr sudo  $GPU_PKGS
 
 # Generate fstab
 genfstab -U /mnt >> /mnt/etc/fstab
@@ -138,6 +140,8 @@ grub-mkconfig -o /boot/grub/grub.cfg
 
 # FIDO2 for user login
 if [[ "$FIDO_USER" == "YES" ]]; then
+    echo "ENROLLING FIDOKEY"
+    read
     mkdir -p /home/$USERNAME/.config/Yubico
     read -rp "How many FIDO2 keys for user login? " FIDO_USER_COUNT
     for ((i=1; i<=FIDO_USER_COUNT; i++)); do
@@ -149,4 +153,9 @@ if [[ "$FIDO_USER" == "YES" ]]; then
 fi
 EOF
 
+echo $FIDO_USER
+echo $FIDO_ROOT
+echo $FIDO_USER_COUNT
+echo $FIDO_LUKS_COUNT
+
 echo "Installation complete! Unmount and reboot."