Regarding /boot, it can be encrypted as long as your bootloader can decrypt it, for example GRUB can decrypt LUKS encrypted partitions (albeit somewhat slowly). And the only partition that really has to be unencrypted is UEFI system partition (ESP), where bootloaders are located.
Regarding /boot, it can be encrypted as long as your bootloader can decrypt it, for example GRUB can decrypt LUKS encrypted partitions (albeit somewhat slowly). And the only partition that really has to be unencrypted is UEFI system partition (ESP), where bootloaders are located.