If it boots, then you (or the thief) needs to provide credentials. When not booted, the disk is encrypted so the thief cannot overwrite the /etc/shadow file.
Yes, that's was the reason of my question: there are several mechanisms to not need to provide credentials anyway (interactively). But @yokaze has pointed to a situation where this has sense. Thanks!