Just a curiosity. Theoretically FRP (factory reset protection) can use the current login password as a way of authentication after reset. But everything on the web states that you will need a Google account to take advantage of he feature.
No it doesn’t.
If I recall, their website FAQ has a big, technical section on this.
Indeed. Here is the section https://grapheneos.org/faq#anti-theft
TLDR: although it can be implemented to use a local authentication method, but that would easily cause bricking. Plus the limited thief deterrence potential it provides (Probably given the currently limited user base of graphene) hence it is low priority.
The thief would have to unlock the phone to factory reset, and therefore could change the login password before factory reseting, so local account wouldnt be sufficient would it? (I am making some assumptions, i could be wrong)
As far as I know you can factory reset the device from the boot menu. So no login is required.