Lubuntu is doing FDE without LVM and I don’t remember anyone complaining about the lack of LVM. Personally I am not against the idea. But I would prefer to have the choice of using FDE with or without LVM.
Could you please elaborate on more detail, what you mean with FDE? I guess, you don’t plan to encrypt /boot as well? Or do you plan to give the user the choice of encrypting /boot?
Lubuntu is encrypting the /boot, but it has some downsides:
- keyboard layout is en_US only
- unlocking is very slow
- LUKS1 is needed
- either put the key into initramfs or enter the passphrase twice
And what about TPM? I made the experience, that on Windows 10, Bitlocker and TPM, the device was unlocked automatically at boot. I had to modify a group policy to enforce the passphrase at boot.
What is the desired behaviour in this case?