When and how does FileVault decrypt a SSD on a T2 Machine
Solution 1:
No, it is not enough to simply bypass the user password prompt. That's not how it works, and it is not a less secure or less strong approach than earlier - actually it is an improvement.
The way the T2 chip works is by always encrypting the contents of the SSD. This happens no matter if FileVault is enabled or not. If File Vault is not enabled, no password is necessary to decrypt the SSD, as you would expect.
However when the user enables File Vault, the keys for decrypting the SSD are encrypted with a key based in part on the user's password. This means that the T2 can no longer decrypt the SSD on its own when booted. No matter how much "trickery" you use to bypass password prompts, it won't work, as it doesn't have the key necessary to decrypt.
As soon as the user enters his password (or a recovery key) - the T2 has the necessary information to derive the full decryption key and can thus decrypt the contents of the drive.
Note: The above is grossly simplified explanation of how FileVault and the T2 works, but is representative of how it is perceived by users.