• AWildMimicAppears
    link
    fedilink
    English
    46 months ago

    veracrypt is a thing, encrypting drives does not need TPM.

    Just boot using the good old Master Boot Record for a clean solution (The Veracrypt documentation gives a good overview). Veracrypt works with EFI too, but the EFI partition itself cannot be encrypted. You can even create a hidden OS, if you are forced to give out your password, theres still plausible deniability.

    • @[email protected]
      link
      fedilink
      English
      2
      edit-2
      6 months ago

      Thanks for the Veracrypt reminder. Adding that to my stuff to setup and document list.

      Sometimes Bitlocker really pisses me off.