What are the approaches available for fully encrypting a disk on a remote server (say, colocated in a datacenter)? On Windows, we can just turn on Bitlocker with a TPM. Then the server can reboot, and attacking either requires taking the machine while live and dumping RAM, or breaking the TPM. On Linux, what's available?
So far, I've found an IBM "blueprint" describing how to store dm-crypt keys in the TPM. Is this the best approach?
http://publib.boulder.ibm.com/infocenter/lnxinfo/v3r0m0/topic/liaai/tpm/liaaitpm_pdf.pdf
To understand the best solution to your issue you need to clarify what you are trying to achieve. In other words, what's your threat-model? Who is your attacker? You mention that to get around the encryption would require 'taking the machine while live' (by which I assume you mean hacking it), but that is the most likely scenario for a colocated server. Disk encryption is mainly of use in the case of physical theft.
You also need to consider what data are you protecting. You mention 'fully encrypting a disk', but does this require encrypting e.g. /usr? If you're running a standard distribution there is nothing of interest there. Without knowing more about what the server will contain it's hard to make recommendation.
But to give a more concrete suggestion, consider the following hypothetical server. It contains the following:
Of those components, only the database really needs protecting, so here's how I'd approach this:
You mention TPM, but TPM doesn't help you in a number of cases, such as if an attacker gains administration privileges. TrueCrypt have rejected support for TPM for this reason.
You can also use TPM with dm-crypt:
https://github.com/shpedoikal/tpm-luks
http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#2._Setup
If integrated on the initrd ramdisk, a small-footprint SSH server allows remotely entering the password to unlock the drive.
Please note none of the above mentioned solutions adequately protects from a skilled attacker with physical access to the server.