I /presume/ that no Linux desktop setups today actually support this workflow for user login, which is one of the things touted for Windows.
For Firefox since they advertise support for WebAuthn I /presume/ that the browser will do all the PIN prompts and so on to make this work, but again I have never seen this even _demonstrated_ let alone used in anger. The browser feature doesn't help you if the PC has booted and is at the login screen though, no browser there (yet?).
I own a device (Yubico's own "Security Key 2") which supports this workflow and I've played with it on a demo Windows setup, and though I'd probably never use it to sign into my Linux PCs I'd try it out because I'm a nerd. This device works fine as a FIDO key for my WebAuthn accounts and is enrolled at GitHub etcetera for that purpose but then so does my much cheaper Key-ID FIDO key.
Edited to add: There are a couple of replies now talking about non-FIDO flows like Smartcards or whatever. Some of Yubico's other devices can do these, but we're talking about FIDO2 like this new Yubikey, those flows aren't relevant.
> I /presume/ that no Linux desktop setups today actually support this workflow for user login,
I login to my Linux desktops with a Yubikey and its PIN. I have it configured as a OpenPGP smartcard, and to authenticate (for login, raising privileges with sudo, or unlocking the screen, etc.), I use the poldi[1] PAM module.
One thing that has been frustrating with the OpenPGP setup with the Yubikey has been the inability to re-add the stub key entries after they are deleted from the host. I do edit-card, unlock and fetch but the entry doesn't show, rendering it useless in `gpg`.
"fetch" fetches from the URL you set in the card/Yubikey. If you put the public key on an HTTP server and put the URL in the Yubikey (with the "url" command after enabling "admin" commands), you can fetch it with "fetch".
Getting the public key out from an OpenPGP smartcard otherwise is not supported by the protocol it uses. That is frustrating that it wasn't included in the procotol, but I've gotten over it.
After you've imported the public key, getting the private key stubs is a matter of checking the status of the card with `gpg --card-status`. The stubs are added then.
If you have another machine that has the public key, you can export it with `gpg --export -a $key_identity`, and import it with `gpg --import < $exported_public_key_file`.
Otherwise, if you don't hold another copy of the public key, the only option left might be to make a new keypair and be careful to not lose all copies of the public key again.
Also, if you backup the private key, you can get the public key from it by importing it somewhere.
Regarding your edit the problem here is that you assume that U2F/FIDO is some sort of a new, separate thing when in fact it can be just one 'program' or applet of your device which can support others, that are more suitable for logins. FIDO just wasn't designed for it.
Just because this or some other Yubico devices might not allow it doesn't mean others don't. AFAIK for instance Feitian ePass supports GIDS applet, which you can install on smartcards too. And yes, you can install U2F applet on smartcards also.
Is that a problem now?