Last night I played around with the device encryption on my nexus 7.
First of all, android uses dm_crypt, just like a Fedora install would. cryptsetup however is not used, android has it’s own interface to the kernel for doing things. When you encrypt your device, the entire sdcard/data device is encrypted. The only way to ‘undo’ this is to wipe everything with a factory reset. Before encrypting, you need to setup a password and that password is used for the luks volume. The encryption itself goes pretty smoothly, it reboots your device and encrypts and then boots again and prompts you for the password to unlock. You will now be prompted on every boot.
There’s a few gotchas and things to note for folks interested in doing this however:
If you are using a non stock recovery, (like ClockworkMod or the like), you will be unable to access your sdcard data from recovery. This means you cannot do nandroid backups or update from a update thats stored on sdcard. There is another recovery I found that has added unlocking encrypted partition support, but I have not yet tried it: http://teamw.in/project/twrp2
There is also a workaround for applying rom updates: Use adb to mount a tmpfs on /sdcard, copy your update over to it and then recovery can update it. This will of course only work if the update will fit.
I hope there’s encrypted unlock support added to the various recoveries out there and then there will be little reason not to encrypt your android devices, IMHO.