This feature is still in devlopement at this time so the final set of upstream docs links is incomplete.

the high level design for this feature is split across two upstream specs
https://specs.openstack.org/openstack/nova-specs/specs/2023.1/approved/ephemeral-storage-encryption.html covers the api/user facing changes and
https://specs.openstack.org/openstack/nova-specs/specs/2023.1/approved/ephemeral-encryption-libvirt.html cover the libvirt driver specific changes.

This feature deprecates the legacy fixed key encryption support in nova upstream
which is already unsupported downstream.
https://specs.openstack.org/openstack/nova-specs/specs/2023.1/approved/ephemeral-encryption-libvirt.html#deprecate-the-legacy-implementation-within-the-libvirt-driver

it also introduces now flavor extra specs and image properties to opt into this feature
https://specs.openstack.org/openstack/nova-specs/specs/2023.1/approved/ephemeral-storage-encryption.html#allow-ephemeral-encryption-to-be-configured-by-flavor-image-or-config

downstream we will intilaly only support the luks v1 encryption format
i.e. hw:ephemeral_encryption_format=luks or hw_ephemeral_encryption_format=luks

luks v2 requires qemu support and is currently out of scope.
plain is not intended to be supported downstream.

the specs have a number of callout/caveats such as no support for resize to/form encyped and unecypted flavours
https://specs.openstack.org/openstack/nova-specs/specs/2023.1/approved/ephemeral-storage-encryption.html#block-resize-between-flavors-with-different-hw-ephemeral-encryption-settings

theys should be captured in the topic doc and will be noted in upstream docs as part of the feature development.