rjaright, I do think, due to overlays not being...great in vanilla debian, I'll pick up the raspios support and run with it.
now to see if we can bring over cryptsetup-reencrypt
Kevin Karhan 
@arrjay what pisses me off about every single distro for the #RaspberryPi is that none of them have #FeatureParity to their #Desktop parts for no good reason.
- And I mean fundamentals like a proper #Installer with #LUKS / #dmcrypt support for the / filesystem to facilitate FDE!
Something we had on @ubuntu / #Ubuntu 7.04 & @opensuse / #OpenSUSE 10.2 from day 1!
- IDK but to me that sounds like a steep feature regression!
@kkarhan HEE HEE HOO HOO oh boy I have exploded all the installers
but yeah the gearing towards "oh just dump this on an sd card" is not...always helpful
( this current mess of a project is relying on docker to write out a disk image of itself - but at least I know what went in to it better? )
bls@kkarhan @arrjay @ubuntu @opensuse Agree to the extent that it WAS a missing feature. But you can easily encrypt your rootfs on Debian and RasPiOS: https://github.com/gitbls/sdm/blob/master/Docs/Disk-Encryption.md
@bls @arrjay I KNOW how to manually encrypt stuff - that's not the point.
- My point is that this is some 3rd party afterthought and not like with #amd64-Versions of the same distros [ @ubuntu, @opensuse, #Debian ) like an option one can choose at an #installer level from a live system.
It's most likely the reason why @tails_live / @tails / #Tails didn't get a #port to #ARM64 to this day...
- It (like an actual installer) is still absent from every #Linux distro I know that works on #RaspberryPi or #ARM-based #SBC's...
XeniacAFAIK every #linux for the #raspberrypi comes as a prebuild image for your SD. In my opinion encrypting the filesystem afterwards is the only possible way. Correct me if I'm wrong.
Maybe disc encryption would be a good addition to the first run wizard.
@xeniac I know that this is the case, but it's not a technical unavoidance despite the #RaspberryPi being a non-#UEFI - #arm device.
- Even on the old, #32bit boards.
The solution in that regard would be to boot into a #live / #setup mode like with #RaspberryPiOS for #i586-based #PCs and extend it to a setup that allows creating a new custom image with #LUKS - #FDE enabled and properly encrypted.
- OFC on a #Pi0W that would mean one would've to plug in a 2nd MicroSD with a USB-Adapter but that's not the Point.
I'm not even demanding much, just a simple #TUI / #CLI setup like @ubuntu / #UbuntuServer has with basic customizations.
- I'm not even expecting it to go so far as to offer including #dropbear - #SSH in the #initramfs so one can boot into the encrypted install and unlock it remotely. Just gimme the blinking cursor at the boot asking me to enter the password for the encrypted partition...
@kkarhan @arrjay @ubuntu @opensuse @tails_live @tails Don't disagree with your points, but OTOH I can fully customize RasPiOS PRECISELY the way I want it in less than 10 minutes, and it will boot up and run with no further muss and fuss. Yes, this precludes installing the OS with certain features like rootfs encryption, but this method is really freaking sweet if you reinstall a lot like I do.
Etam