FileVault and Keychain
What happens when FileVault is enabled? Does the SmartCard decrypt the machine with the PIN or do users have to enter a password to unlock and then MFA to actually log in? Obviously FV can only work with local/mobile users since decryption is required before networking/AD services can start up so how does that affect the AD integration?
Also does the login keychain still require a password?
macOS High Sierra (10.13.3)