Systemd-cryptenroll with tpm2-pin

Althout I was able to unlock my root luks 2 partition with tpm after small fiddlings on fedora workstation and fedora silverblue, I was not able to setup a additional pin as described in arch wiki. After wiping and reenrolling the tpm2 keyslot I am promted for my password/recovery key.

So I did

sed -ie '/^luks-/s/$/,tpm2-device=auto,tpm2-pin=yes/' /etc/crypttab
systemd-cryptenroll --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=7 --tpm2-with-pin=yes /dev/nvme0n1p3