Maybe my featured article in my profile can help, which explains some needed info regarding the whole boot process, it is meant for usage with encryption 
The OP might use that info when preparing his/her setup.
(It’s up to him/her to leave out the password file to force a prompt.)
When it comes to mounting / from a volume, that’s also something the OP might choose to change into something different.
fe. I mount /@Kubuntu as / on this system.
When it comes to $ESP:
- You need one per drive if you have an external drive that you want to use on different computers.
- You can use a single one, if your other drive is internal and stays in your computer.
- You must use the same
$ESPif you want to boot from different partitions on the same drive, because the UEFI-Bios will only recognize the first$ESPper drive…
Oh PS:
You could start with installing your system on one drive without encryption:
- Then create an encrypted container on the other drive’s partition (or whole disk).
- Then create a filesystem inside that container.
- Use
rsync -vaAXto copy your system from the un-encrypted partition to the encrypted filesystem in(2).
Does this command also duplicate special files like block-device nodes?
If not use extra flags to enable that also…
- Make neccesary changes as in the tutorial i made (link above).
- Check by booting the installation on the other drive using the encrypted container.
Repeat step 4 until you are able to successfully boot this encrypted version. - When you are confident, you could repeat the steps to duplicate your system from the encrypted version into the first unencrypted drive’s version, so you end-up with two (almost) identical encrypted versions.
I explicitly say (almost) because the UUID’s + encryption keys for the containers will differ unless you take extra steps to duplicate those also…