Minor fix and Enable the disk encryption for 'mvp-user-trial' profile

[vunnyso]

Description of Changes

• Removed tpm_clear command from luks-enroll-tpm-unit-script as its of no use.
• Resolve the blank display issue occurs during disk resizing.
  When running the extendpersist service, I encountered the following error:
  partResizeScript[1145]: This disk is currently in use - repartitioning is probably a bad idea.
  Therefore, we will revert to the previous method of resizing using postBootCommands. more details in PR#1232
• Enable the disk encryption for mvp-user-trial profile
  Now persist partitioning will be LUKS encrypted.

Type of Change

• New Feature
• Bug Fix
• Improvement / Refactor

Related Issues / Tickets

Checklist

• Clear summary in PR description
• Detailed and meaningful commit message(s)
• Commits are logically organized and squashed if appropriate
• Contribution guidelines followed
• Ghaf documentation updated with the commit - https://tiiuae.github.io/ghaf/
• Author has run make-checks and it passes
• All automatic GitHub Action checks pass - see actions
• Author has added reviewers and removed PR draft status

Testing Instructions

Applicable Targets

• Orin AGX aarch64
• Orin NX aarch64
• Lenovo X1 x86_64
• Dell Latitude x86_64
• System 76 x86_64

Installation Method

• Requires full re-installation
• Can be updated with nixos-rebuild ... switch
• Other:

Test Steps To Verify:

1. There will be change in file system type for persist partitioning,
   sda3 which is /swap will not be randomly encypted. It will use LUKS encryption
   sda5 which is /persist now will be changed to crypt file system.

Branch	File system snapshot
mainline
This PR

2. Monitor logs luks-enroll-tpm service, make sure it don't have any errors

   [ghaf@ghaf-host:~]$ journalctl -efu luks-enroll-tpm

3. There will no change in debug builds startup sequence.

4. There will be change in release builds startup sequence.
   a. On first boot user will be prompted to Please enter TPM2 PIN: need to enter any PIN two times to set it and then password.
   b. On subsequent boots, everytime need to enter TPM2 PIN and then password.

5. Make sure it doesn't break any Automation use cases or any CI/CD builds.

[vunnyso]

@hros-tii please review.

[hros-tii]

Looks good!

[brianmcgillion]

@milva-unikie @leivos-unikie how will this affect the automated testing setups?

[leivos-unikie]

@milva-unikie @leivos-unikie how will this affect the automated testing setups?

If that disk encryption is enabled only in release image then I think it won't affect test automation. In release image ssh connection is disabled, so we can not automatically test that anyways.

[vunnyso]

@milva-unikie @leivos-unikie how will this affect the automated testing setups?

If that disk encryption is enabled only in release image then I think it won't affect test automation. In release image ssh connection is disabled, so we can not automatically test that anyways.

Thanks @leivos-unikie for the confirmation. To clarify, disk encryption will be enabled also in debug builds, but there won't be any prompt asking for a TPM PIN as per check here

The startup sequence for debug builds will remain unchanged.

[milva-unikie]

Tested on Darter Pro (debug and release, new images)

• Both images boot succesfully
• The release image asks to create a PIN code on first boot and requires that PIN on every boot after
• No changes in the boot of the debug image
• Test-automation results look good

Also quickly checked that the lenovo-x1-carbon-gen11-debug-installer works without issues. It is included in our automated nightly tests, but not in the tests we run for every PR.