A user password is used to generate a so-called ‘derived encryption key’ which itself encrypts another key that FileVault needs (the ‘key encryption key’). Each user password will generate such a derived key and each one of these keys can decrypt that next key in the chain. I believe that the user password, the personal recovery key and the passphrase all have the same purpose to that end.
Correct, but the user passwords *are* the passphrases in the context of the boot volume (i.e. the DEKs are derived from the passwords of the users that are authorized to unlock the disk). The recovery key is randomly generated and then used to derive yet another DEK. Then for each of these DEKs, an encrypted copy of the next-level key (KEK) is stored on the disk.
On non-boot volumes, you can have a single, user-independent DEK that is generated from a separate user-created disk password.
The system only needs one of these derived keys to start the unlocking chain and does not care about the username (that’s apparently only for cosmetics in the pre-boot login screen).
Not quite. The user name tells the boot loader which of the encrypted KEK copies to use.
A normally set up FileVault volume uses one or more login passwords and one personal recovery key for the derived keys. An encrypted CoreStorage volume uses a passphrase instead.
Correct (although technically the boot volume is a CoreStorage volume too). The Mac OS tools don't allow the creation of a separate disk password for boot volumes AFAIK. You also cannot deauthorize all users from unlocking the boot volume in Filevault, i.e. at least one user password can always unlock it.
The bottom line is that the decryption keys for the boot volume are tied to user passwords. This is why I proposed the creation of a dummy user above. You just have to make sure that the regular user account is deauthorized in Filevault, otherwise the disk can still be unlocked with that user's password.