So, please indulge my asking a probably obvious questions…
When Crimson goes GA, I want to unpack the image to SD, boot, and take the encrypt option.
Q1: If I pull the card and insert it into my laptop, will it ask for my Luks password and mount the SD? Assuming Luks is installed on the laptop, of course.
Q2: If #1 is true and I clone the SD with with dd or Balena Etcher, it’s gonna work fine just like the original in the L5 or anywhere else… right?
I think the answer is yes to both, but it wouldn’t hurt to test to make sure.
My understanding is that the LUKS info about encryption keys sits like a header in the beginning of the disk, so as long as you are copying the whole disk, including that header, things should work fine.
When crimson becomes generally available, I would assume that an encrypted disk image will be an available choice, so you wouldn’t have to muck around purely in order to enable encryption.
Also, there is no need to involve an SD card in order to mess around with the encryption. You can perfectly well download the disk image onto your host computer, loop it, and open the encrypted partition, and mount it.