Structure of Ubuntu's Full Disk Encryption?

Question

I'm asking about the FDE option Ubuntu provides upon installation.

I'm not familiar with how Ubuntu does it, but here's how I understand Truecrypt/Veracrypt on a Windows machine works:

There is a bootloader, a partition with some Windows files, the Windows OS itself and possibly any other user-generated partitions.

Now from what I understand Veracrypt will encrypt everything listed above, including the bootloader and create its own bootloader, which will be the ONLY non-encrypted thing on a particular disk. Once you enter the password on the boot screen it will start decrypting the Windows bootloader, then the OS itself and so on - whatever is requested.

I'm not familiar with how an Ubuntu/Linux system is partitioned and encrypted, but from what I've read I was left with the impression that not everything (i.e. the WHOLE disk with every partition on it) is encrypted by default - is that correct?

Answer 1

It has two or three partitions, An ESP - efi system partition if UEFI, a /boot partition with grub boot loader & kernel, & main install which is LVM or logical volumes.

https://help.ubuntu.com/community/ManualFullSystemEncryption/

https://wiki.ubuntu.com/Lvm

Example from this thread. This user also added volumes for "stuff" and separate /home. Default with Ubuntu is only / & swap.

https://ubuntuforums.org/showthread.php?t=2425709&p=13883277#post13883277

$ lsblk
NAME                      MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                         8:0    0 465.8G  0 disk  
├─sda2                      8:2    0   732M  0 part  /boot 
├─sda3                      8:3    0 464.6G  0 part  
│ └─sda3_crypt            253:0    0 464.6G  0 crypt 
│   ├─ubuntu--vg-root     253:1    0    25G  0 lvm   /
│   ├─ubuntu--vg-stuff    253:4    0   100G  0 lvm   /stuff
│   ├─ubuntu--vg-swap_1   253:2    0   4.1G  0 lvm   [SWAP]
│   └─ubuntu--vg-home--lv 253:3    0    75G  0 lvm   /home 
└─sda1                      8:1    0   512M  0 part  /boot/efi