Problem with decrypting AES-XTS-plain partition table

[Mariusz Gliwiński]

Hello,
I'm trying to set-up stealth full root encryption  grub installation. 
Let me introduce basic idea:
* BIOS loads up grub2 from SD card `(hd1)`
* grub is reading configuration from ext4 partition 
`(hd1,2)/boot/grub/grub.cfg` on SD card and decrypts aes-xts-plain 
encrypted partition table `(hd0)` with 512 byte key located on `(hd1,2)`
* because grub already knows `(hd0)` partitioning scheme, it can decrypt 
`(hd0,1)` boot ext4 partition.
* grub is passing it's control to initrd, kernel

Keep in mind `(hd0)` is encrypted in pure aes-xts-plain *without* LUKS 
headers.

Could You help me with finding proper usage of grub prompt or `grub.cfg` 
configuration to decrypt hd0 partition table, so I can boot my system 
properly?

 - Is crypto.mod a proper module for doing this?
 - Are there any module arguments or are there any new commands to let 
grub to know that (hd0) is aes-xts-plain encrypted disk with key 
`(hd1,2)/hostname.key` ?
 - I'm not sure if crypto.mod supports xts mode, couldn't find that in 
source. If not, are there any alternatives to make reach goal, or could 
you provide me information how to make make this kind of encryption on 
other modes?

I've seen on net a lot of info about making lvm and/or LUKS and/or 
having /boot uncencrypted but it just doesn't fit my goal. Everyone is 
making use of grub-install which doesn't help me at all since I find 
manual configuration less error prone (yes, I'm sure about that). That's 
why I would prefer tips about setting everything manually.

Cheers,
Mariusz Gliwiński