OK, now I have something that works.
First want to say that I do not really like the idea of ​​forking Pali's BootMenu, so in near future I'll done an entry for BootMenu. But I am confused by speed with which services (dbus, dsme, udev and hal) are loaded. Especially udev. It may be unacceptable for BootMenu entry...
Anyway, I wished to do this as early as mid-August, but....

Second - I've come to hate ash-scripting! %)

This script allows you to encrypt (and decrypt ) MMC-partitions but not rootfs. OpenSC-compliant smart cards are should be supported. But I tested it only with ruToken ECP(DS)...
To make your card work with OpenSC you need to format it with PKCS#15 from Linux-host either from the CryptMenu. To do so you have to read and edit /usr/lib/cryptmenu/format-card.rules
There also /etc/cryptmenu.conf have to appeared. There only two lines - auth_type and provider. You should never edit the value of auth_type! provider is what "pkcs11-data --provider" is expects.

What I've done:

• cryptmenu stuff
• I slightly altered ke-recv that it understood the encrypted partitions.
  moreover, it understands several partitions on external MMCs
• small and ugly fix of pkcs11-data, as it didn't accepted prompt-prog argument when it executed on N900... I have not yet investigated this issue so I cannot recommend you to run several programs simultaneously accessing the smart card %) at this time...

It is not in any repository except of https://github.com/metawishmaster/binaries
All sources are in the https://github.com/metawishmaster/
There also binaries and sources of packages wich give me following answer on "apt-get install $pkg_name": "Reinstallation of pkcs11-data is not possible, it cannot be downloaded." or "Package pcscd is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or
is only available from another source"
I have error-free "apt-get install" only with libltdl3, cryptsetup and i2c-tools.

Kernel with dm-mod and dm-crypt is required.
Encryption done without using of LUKS. Only "naked" cryptsetup. When using smart-card keyfile will be seeded by /dev/random. If you do not have a smart card, you still can encrypt partitions with passphrase. Hash will be calculated with 'rhash --whirlpool'. In this case 256-bit salt will be involved.

There several issues most large of them is that when I'm tryig to charge battery while encrypting I somehow put the battery in initial mode so Welcome screen appears and Date/Time are get lost.

Well, thanks for any advise, recomendation and for your attention

Interesting. I am interested in this topic, but no only for the file system encryption.

Integrating S/MIME for e-mail and certificate based authentication in browser is much more attractive.

Mail might be feasible, browser is difficult due to the closed source issues, but you can still use the vpn integrated with smart cards, too protect TLS unaware applications.

Is there any irc channel where you usually hang out?

BTW: I was think about doing this for N8x0. N9 was also an option.

No, I'm not hang out on any channel/forum (except this) :-\