The problem with disk encryption on Linux isn't that it doesn't work.
It's that while there is well working reliable core tooling, all the tooling around it, especially more higher level tooling is, well, not so grate and often incomplete.
This makes it a "expert" topic even through there is no fundamental need for it being such a topic.
At least for full disk encryption (encrypted `/`), `systemd-homed` is it's own, different, can of worms ;=) (and given that it add no benefit for a single user non-server laptop system with properly done full disk encryption I didn't use it yet, so I can't give feedback)
What's missing from cryptsetup? What would you like the state of the tooling to be?
One big issue I see is that generating an initramfs is a very distro-dependent process and the glue to unlock your disk is not the most consistent. On the other hand, systemd now handles crypttab.
Like automatically on-the-fly re-doing the key encryption/KDF when the default algorithm changes and is now more secure then the one used currently.
or tooling for setting it up including TPM unlock, secure boot, hibernation etc. without needing to know all the config files and initramfs options you need to edit.
(and lockdown mode + hibernation is currently also not at all supported and some distros default enabled lockdown mode when secure boot is used leading to a lot of headaches or "hibernation doesn't work claims" from users)
Also standard schemas for desktop setups of the core system, including full disk encryption, raid(if needed), etc.
But there is no tool and too many divergend approaches leading to no standard schema.
And I mean sure, I can use a patched LTS kernel supporting both lock down and hybernation (at the cost of lockdown being slightly less secure) or disable lockdown mode. And then setup full disk encryption knowing how to evaluate the difference of FS (e.g. ZFS) encryption vs. LUKS and choose weather to do RAID=>LUKS=>LVM=>FS or LUKS=>LVM(with RAID)=>FS or LUKS=>FS(with subvolums and RAID) and maybe script some custom initrd mods to make that work well. Setup hibernation and how to setup secure boot with an efistub, systemd-boot or grub and why to do (or not do) either with custom platform keys.... and setup TPM encryption unlock and evaluate weather I want it or not etc.
But man it's sooo annoying to do that and 100% not something I can expect anyone new to Linux to be able to get that anywhere close to right for their use-case.
It's that while there is well working reliable core tooling, all the tooling around it, especially more higher level tooling is, well, not so grate and often incomplete.
This makes it a "expert" topic even through there is no fundamental need for it being such a topic.
At least for full disk encryption (encrypted `/`), `systemd-homed` is it's own, different, can of worms ;=) (and given that it add no benefit for a single user non-server laptop system with properly done full disk encryption I didn't use it yet, so I can't give feedback)