If you want to set up encrypted boot drive through Debian Installer you are only given an option to use LVM in the guided process. If you don’t want to use LVM the setup is a bit more involved so I am documenting it here.
If you want to try this in virt manager, make sure to select UEFI in VM settings.
When you get to partitioning step in the graphical installer, select Manual partitioning.
Select the disk you want to use as your boot drive.
We are going to use the entire disk for this tutorial, confirm the choice
Now select the free space and click continue. We will create the first partition of size 1 GB for EFI System Partition.
Change “Use as” to “EFI System Partition”.
Repeat the process by creating second partition for mount point /boot, use as “Reserved BIOS boot area”, size 1GB.
Repeat the process by using the remaining free space for the third partition with usage type “physical volume for encryption”.
Your partitions should now look something like this. Next go up and select option “Configure encrypted volumes”
Select a passphrase that will unlock the partition at boot time.
A new encrypted volume entry will appear.
Select the encrypted volume and configure it as an ext4 partition mounted at / (root).
Finish partitioning process.
I skipped creating a swap partition for this tutorial, you generally don’t need it in this day and age as long as RAM is aplenty.
Finally, once you complete the setup process, you will be asked to unlock your disk at boot time.
Special thanks to this reddit post.
Cen