When you install Red Hat Enterprise Linux 7 or one of its offspring, you have the option of encrypting the drive. All you have to do is to click on a checkbox:
Other than that, I just let the installer create the default partitioning scheme, which means that the / filesystem and the swap partition will both be logical volumes. (I'll cover that in a moment.)
Before the installation can continue, I have to create a passphrase to mount the encrypted disk:
Now, whenever I reboot the system, I need to enter this passphrase:
Once the machine is up and running, I can look at the list of logical volumes. I see both the / logical volume and the swap logical volume:
[donnie@localhost etc]$ sudo lvdisplay
--- Logical volume ---
LV Path /dev/centos/swap
LV Name swap
VG Name centos
LV UUID tsme2v-uy87-uech-vpNp-W4E7-fHLf-3bf817
LV Write Access read/write
LV Creation host, time localhost, 2017-10-28 13:00:11 -0400
LV Status available
# open 2
LV Size 2.00 GiB
Current LE 512
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 8192
Block device 253:2
--- Logical volume ---
LV Path /dev/centos/root
LV Name root
VG Name centos
LV UUID MKXVO9-X8fo-w2FC-LnGO-GLnq-k2Xs-xI1gn0
LV Write Access read/write
LV Creation host, time localhost, 2017-10-28 13:00:12 -0400
LV Status available
# open 1
LV Size 17.06 GiB
Current LE 4368
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 8192
Block device 253:1
[donnie@localhost etc]$
And I can look at the list of physical volumes. (Actually, there's only one physical volume in the list, and it's listed as a luks physical volume.):
[donnie@localhost etc]$ sudo pvdisplay
--- Physical volume ---
PV Name /dev/mapper/luks-2d7f02c7-864f-42ce-b362-50dd830d9772
VG Name centos
PV Size <19.07 GiB / not usable 0
Allocatable yes
PE Size 4.00 MiB
Total PE 4881
Free PE 1
Allocated PE 4880
PV UUID V50E4d-jOCU-kVRn-67w9-5zwR-nbwg-4P725S
[donnie@localhost etc]$
This shows that the underlying physical volume is encrypted, which means that both the / and the swap logical volumes are also encrypted. That's a good thing, because leaving the swap space unencrypted—a common mistake when setting up disk encryption up manually—can lead to data leakage.