[seodisparate]

Actually I have my desktop configured with an encrypted root. Turns out GRUB can actually decrypt the partition holding /boot before loading the grub.cfg. Though I have this set up on ArchLinux and had to refer to the Arch wiki a lot to get this set up properly. Definitely not that user friendly, but I can say it is a possible setup after having used it for years on my desktop now.

EDIT: To clarify, my setup requires inputting passwords twice: once for decrypting the root partition, and once to login after everything has booted. During the boot process the system needs to remount everything, so I had the encrypted partition(s) also be decrypted with a key file (typically `dd if=/dev/urandom of=keyfile bs=1M count=4`; LUKS encryption can have multiple keyfiles/passwords to decrypt) and had the key file(s) put in the initramfs so after GRUB has decrypted root and loaded /boot/grub.cfg, the booted system could decrypt and mount everything needed with the key file(s).

[lgunsch]

I have a similar setup for my Arch install. I also put my swap into the encrypted LVM partition. Nothing is on the disk unencrypted. I also had to refer to the Arch wiki a lot, and it took me 2 attempts to get it right.