This is a fundamental misunderstanding of how the FIDO2 standard works. It is not designed to be vendor specific and as other people in this thread point out, plenty of open-source secrets managers and hardware implement passkeys.

What we’ve seen is the typical Silicon Valley model of “embrace, extend, extinguish” so you’re right to be wary of any implementation by Google or Microsoft.

Same goes for biometrics - how you unlock the passkey isn’t specified in the standard. It is left up to the implementation. If you don’t want to use biometrics, you don’t have to.

For anyone unaware, there is a community effort to map these cameras. https://deflock.me/