Full System with / Crypt

crypting root is harder, it uses a non crypted /boot, and an initrd image that can boot and decrypt the root partition before it is mounted (pivot_root) and the system booted
To make a root decrypting initrd image on debian: update-initramfs -v -c -k 2.6.19.1
the initrd can ask for the password and save it in /passwd on the new root, can be read from /proc/cmdline, a USB key, or somesuch

crypting root is harder, it uses a non crypted /boot, and an initrd image that can boot and decrypt the root partition before it is mounted (pivot_root) and the system booted