OS Encryption Question

Let me start with saying I don’t have a Librem laptop (yet). I’ve been playing around with PureOS in KVM but having a lot of issues so I thought I’d ask here.

Is it possible to unlock PureOS (LUKS?) with a keyfile on a USB device? Has anyone tried this?

The reason I’m asking is because I got this working in Fedora with LUKS and I don’t want to go back to typing a 20+ char password every time I turn my laptop on. Basically on boot it looks for a keyfile on my USB, if it’s there it unlocks LUKS and continues to boot. If my USB is not plugged in I will get prompted for a password and have to type it in.

And if someone gets your USB your laptop is completely open to them? I don’t see PureOS going down this route, but that’s just me.

They’d have to get my USB and my laptop. Much the same if they took my car keys and my car or My apartment keys.

Lost house key, change the locks. Lost USB, change the encryption key. Sounds reasonable to me and that’s why I’m doing it in my current set up.

I’ll keep poking away at getting PureOS in a VM if no one knows if this works or not. Thanks!