I haven't tried it myself with encryption, but I can't see it making a difference. The bootloader, and initial ZFS setup will be what needs to be changed to facilitate encryption.
Hmm, how/when/where would the ‘zfs load-key’ happen?
I only know how to use the systemd-ask-password hack to decrypt non-root datasets, but can’t get my head around how that would work with fully encrypted root dataset.
Presumably it would be like FreeBSD's GELI, where early boot stuff would need to detect that it's looking at an encrypted root and know to prompt. In theory, this is relatively straightforward- with boot environments, the zpool bootfs property indicates the root dataset, so I wouldn't think you need to look too far.
[edit: this is done in our loader, so presumably you'd use grub?]
I only know how to use the systemd-ask-password hack to decrypt non-root datasets, but can’t get my head around how that would work with fully encrypted root dataset.