Comment 26 for bug 423608

(In reply to comment #17)
> How do you do that?

The standard setup for this looks like this:

sda1: /boot with initramfs (including cryptsetup and scripts)
sda2: crypto_LUKS partition which contains an LVM PV, like /dev/mapper/crypto-sda2
/dev/mapper/crypto-sda2: from that, build an VG "debian"
VG "debian" -> usually has three LVs: "home", "system", "swap"

The trick is to wrap swap, and all other partitions into a VG which is put on an encrypted PV wholesale. So during boot, the initramfs asks for a password for decrypting this PV, which also works for resuming from hibernation.