As Neil has pointed out, the systemd-boot couldn't boot anything beyond firmware. The framework (ie the systemd boot loader specification) mandates a shared $boot partition must be VFAT formatted so that UEFI firmware can access it, certainly without any encryption too.