how to encrypt /boot?

It is said to be very easy for openSUSE to encrypt /boot if folowing this https://en.opensuse.org/SDB:Encrypted_root_file_system](https://en.opensuse.org/SDB:Encrypted_root_file_system), my disk layout for installing openSUSE is to throw any mount points into LVM which is on top of lUKS2 disk, but also has /boot/efi outside the LUKS2 area, after finishing the installation and restart my PC and directly boot into Grub minimal bash-like.

what makes the boot failure?

Please provide technical information. Things like “… to throw any mount points into LVM …” sounds like you are playing bowling or so, but does not tell us much.

Si things like

fdisk -l
lsblk -f

and appropriate commands that provide LVM information, plus some explanatioan about what is intended to be for what will help people to help you.

Signed image used by default on UEFI does not include LUKS2 (I do not think LUKS2 as boot device is actually officially supported by SUSE). For testing you can disable secure boot in BIOS setup and disable secure boot in YaST Bootloader module. This will use dynamically created grub2 image that should include necessary LUKS2 support. If it works, open bug report on openSUSE bugzilla requesting LUKS2 addition.

I have disabled security boot in BIOS settings, but openSUSE could’t boot like before, how about reinstallation or little operations to openSUSE or convert to LUKS1?

You did just half of what I said.

Yes, but how to disable secure boot without loading openSUSE? Can GRUB minimal bash-like do that job?

You could boot into live image and chroot into openSUSE. But if this is new installation, it is probably easier to reinstall and select necessary configuration in installer or use LUK1.

So the link is not fully correct, so now I am going to reinstall OS, my hard drive is brand new, I’m going to delete the LVM and LUKS2, and can I have setup btrfs on top of LUKS1 for the reinstallation? I want to get a step by step guide to do it.