I wrote about how I made a dracut module for my yubikey under fedora. In the meantime it has gone a lot in the little project. To integrate my dracut module, I contacted eworm how to integrate it in his project.
Long story short, we improved the whole project, and now it works under linux with mkinitcpio and dracut (ex. archlinux and fedora). With the version 0.5.1 it also can change the challenges every boot – without generating a whole new initramfs. The trick is, to generate a additional initram, which is loaded from the bootloader. And all eventdriven (with systemd)!
So, the whole thing has still no 2FA and you have to edit your bootloader if you want to have the challenges changed on boot. Maybe its a option to implement a grub custom script.
Here are the github projects: