Support creating image with encrypted rootfs #3
Description
It would be a huge step forward to facilitate creating images where the rootfs is a LUKS partition, with prompt for passphrase on boot.
Proposal: Add new flags:
[--cryptroot] (if set, encrypt rootfs)
[-p passphrase]
[-f passphrase-file] (-p and -f are mutually exclusive)
[--cryptroot-parameters=''] (optional extra parameters to pass to cryptsetup)
Inspiration taken from CRYPTROOT parameters in https://docs.armbian.com/Developer-Guide_Build-Options/#main-options
Enabling remote ssh unlock via dropbear/tinyssh would be a nice addition, but is not required.
It seems like this can currently be achieved as a two-step process by first building an image like normal here, and then generating an encrypted one with https://github.com/dreemurrs-embedded/archarm-mobile-fde-installer (though it seems PinePhone Pro is not yet supported there?)
There needs to be a disclaimer that encrypted images should be considered single-use (as LUKS keys would be identical across installations otherwise)