Hi,
not sure, but i think encrypting /boot will technicaly not work, because reading the kernel is done before anything. Also i think there is no need for encypting the kernel
Think more about encrypting swap, this contains parts of your information from memory, especialy in case of dump.
Does someone know if encrypting swap this works?