Previously I did a tutorial on Installing Debian 8 Jessie with full disk encryption, in that tutorial I went into a lot of detail about manually partitioning the disks. If for some reason you want to manually partition your disks I would reccomend that tutorial, it will still work for Debian 9 Stretch.
However this tutorial is much more simplified I've used the grapical installer and gone with "Guided - use entire disk and set up encrypted LVM".
As I've mentioned in all my tutorials on Full Disk Encryption I say "Full" disk encryption but that's not entirely correct there is still a small partition /boot that's unencrypted. That contains your kernel, grub config and initrd and needs to be unencrypted so we can start booting and decrypt the rest of the OS.
So let's get started
Installing
Boot up your CD, USB flash drive, ISO file or install media of choice and select Graphical install.
Select your language.
Select your location.
Set your keyboard layout.
Pick a name for your computer.
Set your local domain.
I personally leave the root password blank, this disables the root account and instead sets you up with a first user that can run sudo to become root.
Enter your full name.
Pick your username (the default is usually pretty good).
Set your password.
Set your timezone.
The encryption
This is where the magic happens, actually it's quite simple, we are going to pick "Guided - use entire disk and set up encrypted LVM" and then just go with the defaults. As I said before if for some reason you want to manually partition your disks I would reccomend a previous tutorial.
Select the volume to install Debian. (This will wipe whatever you have on that disk!!)
Pick "All files in one partition (recommended for new users)".
Pick 'Yes' to write the changes to the disks.
Now the disk will be writen with random data, this is to prevent analysis of the disk. This step can be skipped by pressing cancle but it's highly reccomend you wait it out. It could take several minutes to a few hours so now is an absolutely smashing time to go and have a cup of tea.
Now set a passphrase for your disk.
Select "Finish partitioning and write changes to disk"
Pick 'Yes' to write the changes to the disks.
Continue the installation
Now we continue the installation as per normal.
Pick 'No' for any extra CDs.
Pick your country to find a local mirror .
And pick your mirror of choice, often (at least in Australia) you will find your local ISP has a mirror and this will likely be fastest for you.
Enter any proxy information (most times this will be blank)
You are given the option to opt-in to Debian's statistics collection.
Pick your software, I've gone with KDE as my desktop of choice but it's a matter of personal taste.
Install GRUB
Pick your boot disk.
and finish the installation.
Boot your system
Now when you boot up you should presented with a prompt asking for the key to decrypt sda5_crypt (your encrypted volumne)
Enter your passphrase (Note: you won't see characters as you type)
Now you can log in and enjoy your new Debian system
