Hello!
I have experience with notebooks, desktops and servers with more or less encrypted partitions (/home alone; /home and root but not /boot; all of them). Mostly Debian, AlmaLinux, openSUSE.
But this is the first time I try my luck with a tablet, a refurbished Toshiba Portégé Z20T-C. It is a tablet with a keyboard dock (a “detachable”).
(The only tablet I could find with amd64 architecture, fanless, with apparently normal USB cameras, where I could replace the battery myself, and available cheaply as refurbished.)
So I installed the current KDE Neon (5.27) hoping for a good “touch” experience. It looks very nice!
First I tried the simple checkbox “Encrypt system”, which seems to encrypt everything. It’s GRUB asking for the password. But without the keyboard, I cannot enter it. According to this bug report Microsoft’s Surface have a BIOS/UEFI onscreen keyboard. I don’t have any such luck 
Then I tried a more manual partitioning, with only an encrypted /home partition. This time, I think it’s plymouth asking for the password. But yet again, no on-screen keyboard, no way to enter it without the keyboard dock.
On the user login screen, I note that there is a “Virtual Keyboard”.
So for the moment, I restrict myself to some kind of manual overlay encryption (FUSE, or Plasma Vaults) that I’ll unlock after login. Does anyone have a better suggestion? Did I miss some helpful documentation? Is there a configuration that would unencrypt the home directory directly at login time - systemd-homed maybe?
Thanks for reading! Cheers!