When you install Red Hat Enterprise Linux 7/8 or one of their offspring, you have the option of encrypting the drive. All you click:
Other than that, I just let the installer create the default partitioning scheme, which means that the / filesystem and the swap partition will both be encrypted logical volumes. (I'll cover that in a moment.)
Before the installation can continue, I have to create a passphrase to mount the encrypted disk:
Now, whenever I reboot the system, I need to enter this passphrase:
Once the machine is up and running, I can look at the list of logical volumes. I see both the / logical volume and the swap logical volume:
[donnie@localhost etc]$ sudo lvdisplay
--- Logical volume ---
LV Path /dev/centos/swap
LV Name swap
VG Name centos
. . .
. . .
--- Logical volume ---
LV Path /dev/centos/root
LV Name root
VG Name centos
. . .
. . .
[donnie@localhost etc]$
And I can look at the list of physical volumes. Actually, there's only one physical volume in the list, and it's listed as a luks physical volume:
[donnie@localhost etc]$ sudo pvdisplay
--- Physical volume ---
PV Name /dev/mapper/luks-2d7f02c7-864f-42ce-b362-50dd830d9772
VG Name centos
PV Size <19.07 GiB / not usable 0
Allocatable yes
PE Size 4.00 MiB
Total PE 4881
Free PE 1
Allocated PE 4880
PV UUID V50E4d-jOCU-kVRn-67w9-5zwR-nbwg-4P725S
[donnie@localhost etc]$
This shows that the underlying physical volume is encrypted, which means that both the / and the swap logical volumes are also encrypted. That's a good thing because leaving the swap space unencrypted—a common mistake when setting up disk encryption manually—can lead to data leakage.