It doesn't make sense to encrypt only /home. Encrypt /var and swap at the same time. The most convenient option to use is to encrypt the entire drive with LUKS. Only the efi section remains, tk. Previously, it was impossible to boot from the encrypted partition, now cryptoboot has appeared, but has not yet deployed it. Install lvm on a fully encrypted drive. We get +1 abstraction level from lvm. It is also natural to lose speed due to this and due to encryption. This difference is not very noticeable on ssd, but a different result is possible on HDD. The above process is well described https://wiki.archlinux.org/index.php/Dm-crypt/Encr... here, there is also an overview of the main ways to encrypt a whole drive besides truecrypt/veracrypt.

As mentioned above - GnuPG. It may not go by default in some distributions (minimal option), it is installed with one command, it does not take up much space. Extremely convenient and functional program. Supports symmetric and asymmetric (even on elliptic curves) encryption, signature, compression.

If only /home is encrypted, what data can be retrieved if there is physical access?

So Linux Mint has full-disk encryption out of the box. When installing the system, check the box and indicate which partitions and everything is encrypted (if I'm not mistaken with LUKS). You can encrypt the hamster separately, and it will work transparently for you. And if you mount such a partition under a different user or to another computer, then nothing is visible there. Well, that is, it is clear that there is encrypted and that's it.

GnuPG (from GPG) - already pre-installed on most distributions. Mainly used for asymmetric encryption.
all encrypted data without the private part of the key is just garbage.