• AWildMimicAppears@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    4
    ·
    5 months ago

    veracrypt is a thing, encrypting drives does not need TPM.

    Just boot using the good old Master Boot Record for a clean solution (The Veracrypt documentation gives a good overview). Veracrypt works with EFI too, but the EFI partition itself cannot be encrypted. You can even create a hidden OS, if you are forced to give out your password, theres still plausible deniability.

    • BearOfaTime@lemm.ee
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      5 months ago

      Thanks for the Veracrypt reminder. Adding that to my stuff to setup and document list.

      Sometimes Bitlocker really pisses me off.