How to enable only disk password (and no user password) on boot to unlock disk?

Your mistake started when you formatted your disk as APFS encrypted before installing Mojave. Start over with APFS unencrypted for the disk, then install Mojave with FileVault selected. Only use the APFS encrypted format for disks that your are not planning to use as startup drives.

FileVault was enabled by default.

Did you uncheck the box that asked if you wanted to enable FileVault, or did it just go ahead and enable it?

Is there a way to disable FileVault without decryption?

No. You have to then encrypt the disk without using FileVault. I don't know if that is possible after installing the OS. It may be possible using diskutil in Terminal in Internet Recovery.

I think etresoft has done some digging into non-FileVault encryption and may be able to offer a suggestion if he pops in.

It sounds like everything is working as designed. The only thing I would have suggested is hacking around in fdsetup, which you have already done. I’ve never tried to remove a user.

I suggest setting up an administrator user with a very strong password, perhaps the same as the disk password. Then remove your normal user with fdsetup. That should give you the security you desire.

However, I do think you are going overboard on security. FileVault with a normal password is secure enough for anyone. I don’t know if it would meet government security standards, but then you probably shouldn’t be using a Mac for that kind of work.

I confirm that I have tried to disable FileVault in the Security settings,

That's not what I am asking.

You started this by encrypting the drive, then installing the OS.

After installing, the Setup Assistant runs asking for various config options. It asked if you wanted FileVault. Did you leave that box checked, or did you uncheck it before proceeding?

If you left it checked, then I would suggest you start over and see what happens if you install onto an encrypted drive, then do not enable FileVault in the Setup Assistant.

Or, did you uncheck it and it still ran through the FileVault setup?

What's the link to the bug report? I agree this is a (horrible) bug. Giving away usernames prior to decryption of FDE removes plausible deniability.

Apple bug reports are private. You would only have access to the RDAR number, which is useless. In cases like this, Apple uses bug reports as a was to gauge interest in a particular topic. Anyone who this this is a good idea should file their own bug report. Then, the number of bug reports closed as duplicate would be a measure of user interest. If both of you filed, then that would be 1 bug report and one duplicate. It is always possible for someone at Apple to take an interest and implement the feature regardless, but highly unlikely.

Apple really doesn’t care about things like plausible deniability. Apple offers encryption of all data and makes it easy to use. Those are Apple’s priorities. In recent machines, all data is encrypted by default. That could be what drove this change or it might be that this feature is now only possible one new machines.

1. I don’t know if it is possible to encrypt the boot volume without FileVault. This used to be possible. I used to format all of my hard drives as encrypted first - and then install the operating system - to avoid the hours-long encryption process. This did not work the most recent time I attempted that. I can’t tell you if this is a change in Mojave, APFS, or something else. I simply don’t reformat disks that often and I don’t see the need to try it anytime soon.

2. Again, I don’t know. I don’t see the need to try. I’ve already suggested a workaround. You are welcome to keep hacking on it if you want. My data simply isn’t valuable enough to worry about it. There are very few, if any, people in the world who could hack into my system with a default FileVault configuration. If I sincerely felt that such people did exist and that they were after me, I would endeavour to find out why and stop doing whatever it was that made those people interested in me.

3. Swapfiles have been encrypted for years. You can verify this with "sysctl vm.swapusage"

4. It is not possible to increase your level of security by hacking around with untested system configurations. The only logical result of that behaviour is having less security. That is assuming that you would succeed.

Again, I have to ask, what’s the big secret? This is a self-invalidating question. The fact that you are asking about this on the internet guarantees that you don’t need it. The default FileVault settings will give you the highest level of security possible. Any hacks, including the alternate user hack I mentioned, is only going to reduce your effective level of security by increasing the complexity.

Did you ever confirm that you could not disable FileVault in the Startup Assistant? It is set on by default, but you can uncheck it. Not sure what happens with an already encrypted drive, but I assume it would remain encrypted and offer you what you want.

There is no reason to encrypt the drive before installing if you plan to to use FileVault. The FileVault procedure will encrypt the drive.

There is no reason to encrypt the drive before installing if you plan to to use FileVault.

That's the point you are missing. lotlorien doesn't want to use FileVault, but does want the drive encrypted.