As we know there are some ways (as single user mode) to change root password by person having physical access to the machine.
So: What will happen if someone steal my laptop, get root access and change my user password? Is my $HOME encypted with ecryptfs protected in any way for such kind of attack?
Your eCryptfs encrypted home uses a pseudo-random encryption key for it's mount passphrase, which is itself encrypted ("wrapped") with your login passphrase. This is often known as the wrapped-passphrase, and can only be decrypted ("un-wrapped") using your login passphrase.
Simply having a root user change your passphrase to a new one will not change your wrapped-passphrase, so logging in with the new passphrase will not decrypt your encrypted home.
When you change your login passphrase normally, your wrapped-passphrase is "un-wrapped" and then "re-wrapped" with your new passphrase. Since no one else knows your login passphrase, no one else can "un-wrap" your wrapped-passphrase and view your home.
If someone were to steal and return, or just gain access to your laptop, it's not outside the realm of possibility that they could install a key-logger, and record your login passphrase when you next type it in. Then they could decrypt your home files (which they could have copied earlier).
