To be honest, as it is you cannot use that package as it isn't packaged in parabola (unless you somehow compile it yourself and add it to the installation image), I have a setup with LUKS2 on libreboot (which to be frank isn't libre by FSF definitions, and thus NOT ENDORSED BY PARABOLA).
Currently I don't have that laptop next to me, but will do later today/tomorrow, and can aid you with general instructions on how I did it.
You're welcome to visit #parabola on Libera IRC and I can help you with that.

Hello my dear friend ))

Thank you for your answer . I made a large and working instruction for Libreboot => https://forums.hyperbola.info/viewtopic.php?id=1010 , you can watch it at this link.

Thank you very much for your help, I tagged you!

Now I'm experimenting with Parabola. I can’t figure out how to do this if the flash chip does not have GRUB with argon2id, as in the example with Libreboot.

That is, I want to install Parabola Full disk encryption (including /boot ) Luks2+argon2id you understand))

Well, as you noted in your guide, to support FDE with /boot being encrypted you need some way to decrypt it from the boot firmware.
This means that if your boot firmware (in this case some distro of coreboot) doesn't have the ability to unlock LUKS2 with argon2id then you'll need to chainload something that has the ability to do that, this is why before adding LUKS2 support Libreboot and GNUboot and the like recommended a two-tier setup: /boot encrypted with LUKS1 (which the firmware can unlock) and then once the GRUB stored on /boot is run it can unlock the rest of the (LUKS2-encrypted) system.
So, as for the way forward for what you want to achieve: either you grab some coreboot fork/downstream that has those GRUB patches, or you do that yourself.
Alternatively you can always fall back to a similar setup with the LUKS1-encrypted /boot, I.E.: encrypt /boot with LUKS2 but not argon2id (instead something that the GRUB in your firmware can unlock) and then do use argon2id LUKS2 for the rest of the partitions, be warned though that AFAIK this will not currently work with parabola unless a version of GRUB with argon2id support is packaged for the distro.

Thanks for your answer and information. I'll think about how to implement this, perhaps for example installing "boot -Luks1" and then converting to "boot-luks2" for example:

 $ sudo cryptsetup luksDump /dev/sda1

$ sudo  cryptsetup luksConvertKey /dev/sda1 --pbkdf argon2id

As for IRC, I know that it is active, but if I write there and receive a response, then other users with a similar problem will not see the solution. It’s also very convenient when it’s saved on the forum, if you forgot you can take a look))

I tried it, it obviously doesn't work))

Device /dev/sda1 is not a valid LUKS2 device

I’ll try as you wrote to encrypt "boot-Luks2_argon2i" https://www.parabola.nu/packages/libre/x86_64/grub/ and then convert ...

In my understanding, /boot does not contain any private information, so the benefit of having it encrypted is not clear.

If the problem you are trying to solve is that you don't have your computer physically with you at all times (too inconvenient), and you want to avoid that someone modifies the boot process, you could put /boot on a USB key that you keep with you at all times (easier).

Still, even if you lock the flash, someone could unlock it with an external flasher, and put something that will modify the boot process.

Hello Avron. Thank you very much for your answer. As for placing /boot on a USB drive, yes, I have already implemented such a scheme => https://forums.hyperbola.info/viewtopic.php?id=937
My problem that I want to solve is a fully encrypted disk including the boot+Luks2+argon2id partition.

I tried this option, everything went well, but I can’t decipher it and it’s an unusual situation))

LUKS2

# cryptsetup -v  --cipher aes-xts-plain64 --hash sha512 --iter-time 10000 --key-size 512
                                --use-urandom --verify-passphrase luksFormat --type luks2 /dev/sda1

I get a response that my password is not correct, ok, I enter

# cryptomount -a

Okay, I'll try this combination.

LUKS2+PBKDF+Argon2id

# cryptsetup  -v  --cipher aes-xts-plain64  --hash sha512 --iter-time 10000  --key-size 512  --pbkdf argon2id  --use-urandom --verify-passphrase luksFormat  --type luks2 /dev/sda1

It turns out that I need to assemble Grub https://aur.archlinux.org/cgit/aur.git/tree/?h=grub-improved-luks2-git&id=1c7932d90f1f62d0fd5485c5eb8ad79fa4c2f50d that supports argon2id BEFORE INSTALLING the system

How to do it ?

How can I connect to the Internet after I change user? I want to download and install Grub which supports argon2id during installation.

I get an error

Could not resolve host: quantum-mirror.hu

.....

arch-chroot /mnt
echo "host" > /etc/hostname
echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
locale-gen
echo "LANG=en_US.UTF-8" > /etc/locale.conf

# Edit /etc/mkinitcpio.conf
HOOKS=(base udev autodetect modconf kms encrypt keyboard keymap consolefont block lvm2 filesystems fsck)
mkinitcpio -P

# Edit /etc/sudoers
%wheel ALL=(ALL) ALL

useradd -m -G wheel user
passwd user

sudo su - user
git clone https://aur.archlinux.org/paru-bin.git
cd paru-bin
makepkg -si
paru -S grub-improved-luks2-git --noconfirm

that is, after the command

# arch-chroot /mnt

Thanks to Bill's recommendation , I was able to move further in this setup, I managed to download Grub which supports argon2id (below are my commands), but unfortunately I can’t boot the system yet, I don’t understand why it doesn’t boot... I tried these options for setting up Grub

# sudo su - user

$ git clone https://aur.archlinux.org/paru-bin.git
$ cd paru-bin
$ makepkg -si
$ paru -S grub-improved-luks2-git --noconfirm 
$ exit 

# Edit /etc/default/grub
GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:lvm root=/dev/mapper/main-rootvol" 
GRUB_ENABLE_CRYPTODISK=y

I also tried not using Paru and Grub and it worked and installed without problems

# sudo su - user
$ git clone https://aur.archlinux.org/grub-improved-luks2-git.git
$ cd grub-improved-luks2-git

$ makepkg -si

# mkdir /boot/efi
# mount /dev/vda1 /boot/efi
# grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=grub /dev/sda --recheck

Everything went well, Grub was installed

in the next message I will show a screenshot of the error after loading Parabola

I run this command and get an error, I have attached a screenshot below

$ qemu-system-x86_64 -bios /usr/share/ovmf/x64/OVMF.fd  -hda parabola.qcow2  -m 2048 -smp 2 -enable-kvm

Error attached

I managed to figure out this error, here is an explanation of how to do it => https://record99.blogspot.com/2021/12/bdsdex-failed-to-load-boot0001-uefi-bhyve-sata-disk.html

Below is a screenshot I took after installation.

So, we can say that the installation was successful, but I had to use PARU (GPL-3.0 license ) https://github.com/Morganamilo/paru to build Grub 2.12 which supports argon2id.

I did not find this program in any of the Libre repositories, perhaps you know an alternative to this solution..