Based from this topic, PureOS how-to: System U2F Authentication, I thought about encrypting external storage media devices. To some degree, I was able to get almost all of the desired parameters/options in place.
I am on the next phase, MFA, if there was any support for it. The closest I got was pam-cryptsetup, found on GitHub - google/pam-cryptsetup: Automatic LUKS header updates via PAM. A few downsides. The developer is Google, and the project is discontinued/archived. The worst case scenario is its status as automatic LUKS header updates via PAM. I don’t think that MFA/U2F is taken in consideration. Google may not follow through with development.
Does anyone have an clue about U2F authentication for cryptsetup?