How can I encrypt my SSD but still boot unattended (linux)? [closed]

Overview

encrypt the disk
- use dm-crypt and LUKS
seal the key to a TPM and use access restrictions according to well-known PCR set.
use secure boot
- Intel TXT and TBoot are capable of securely booting a Linux Kernel. You have to check whether your CPU and chipset support TXT.

Without secure boot the only way to prevent the TPM from releasing the key to everybody is to use a password - not feasible if unattended operation is required.
The disk can only be decrypted on the machine with the particular TPM.
The key is only released after a secure boot. Thus, only software approved by you may access the disk. However, you have to design a proper update strategy to be able to update the system. (If updates are a concern)
The TPM can be tricked by low cost (< 100 €) hardware attacks. This needs some skills, but is totally feasable.
The key might still be obtained by removing the RAM and reading it using a special device. But it will be wiped during a paltform reset by Intel TXT.
Backups are always a problem. If it's easy to access the precious data in the backups, all your platform protection is worth nothing. If you store the backup on the same system, it's not a backup.
Runtime behavior! If your customer can get access on the running system (SSH, HTTP, ...) then the disk will be mounted and all data accessible.