Revamp full disk encryption section

[in-the-trees]

https://deploy-preview-2437.preview.privacyguides.dev/en/encryption/#os-full-disk-encryption

Changes in the order they appear:

• Re-wrote the introduction to the FDE section.
  • The information is the same, it just reads a bit better now.
  • Added a note that FDE and FVE are generally used interchangeably. Previously, the term "full volume encryption" was used without a precursor.
• Re-wrote the BitLocker card
  • Immediately mention it's for Windows and it's proprietary.
  • Make explicit mention of the hardware security TPM.
  • Remove "The main reason we recommend it..." because generally all info stated supports a recommendation.
  • Prominently state officially supported editions (pro, etc)
  • Tell where to actually manage and enable BitLocker
  • Information and guide on preboot authentication
    • I assume this will eventually be moved to Windows guide #1659, but it's important so might as well get the info out now
  • Improved the BitLocker on Windows Home guide
• Re-wrote FileVault card
  • Immediately mention it's for macOS and it's proprietary
  • Mention secure enclave
  • Tell where to manage and enable FileVault
  • New logo
• Re-wrote LUKS card
  • Renamed it to LUKS, that's what it's known as
  • Mention it's open-source
  • State and elaborate on how it's a standard
  • Tell where/how it can be managed (also linking to a faq)
  • New logo

Up for discussion:

• Maybe want to consider removing (or at least testing) the BitLocker on Home guide: Revamp full disk encryption section #2437 (comment)
• It would be nice if someone more knowledgeable on LUKS could add some more context to encrypted containers — perhaps explaining what they are and what they do above the admonition.

---

• I have disclosed any relevant conflicts of interest in my post.
• I agree to grant Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform, relicense, and distribute my contribution as part of this project.
• I am the sole author of this work.
• I agree to the Community Code of Conduct.

[netlify]

✅ Deploy Preview for privacyguides ready!

Name	Link
🔨 Latest commit	848b373
🔍 Latest deploy log	https://app.netlify.com/sites/privacyguides/deploys/65f5e043d7481e00088adf3f
😎 Deploy Preview	https://deploy-preview-2437.preview.privacyguides.dev
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	4 paths audited Performance: 78 (🟢 up 2 from production) Accessibility: 91 (🔴 down 1 from production) Best Practices: 98 (no change from production) SEO: 90 (no change from production) PWA: - View the detailed breakdown and full score reports

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[dngray]

Have we actually checked to see if this works? It did at one point but this indicates it might not #2407

[in-the-trees]

Good question, I did see that issue. To me it read as if it worked except they accidentally did the process on a non-boot drive since their drive letters were weird.

Which is why I added:

+ This guide assumes the drive letter of your operating system drive is "C". If it is not, replace `c:` with the correct drive letter in the following commands.

Though maybe I'm interpreting what they're saying wrong.

[dngray]

There was also a thread https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/ about it. could just check in a VM

[in-the-trees]

I went through the guide on a VM and it worked for me. I updated the instructions based on what I experienced (i.e., saving the recovery key to a .txt file didn't work for me).

[SkewedZeppelin]

maybe worth nothing: latest cryptsetup 2.7.0 adds SED support: https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.0-ReleaseNotes

so it can automatically layer both hw+sw encryption without any extra steps, might as well use it if you have it

[in-the-trees]

maybe worth nothing: latest cryptsetup 2.7.0 adds SED support

Thanks for sharing, though I'm not knowledgeable enough on LUKS/Linux to feel comfortable writing about that. If you feel it's good information to add then I would encourage you to add on to this PR @SkewedZeppelin

[github-actions]

✅ Your preview is ready!

Name	Link
🔨 Latest commit	bee4585
😎 Preview	https://bee4585211fc--glowing-salamander-8d7127.netlify.app/

[dngray]

I assume this will eventually be moved to #1659, but it's important so might as well get the info out now

Yes it will. We consolidating that PR with #2452 and then I intend to add original author as co-author. I want to get that one merged as they've worked quite hard on it.

Initially the plan was to wait until we did research on LGPO policies that would make relevant privacy improvements. I've decided against that for the time being because it will require considerable resources and can always be added later by someone with specific knowledge in that area.

The intention is then to merge this PR after the Windows one though. I think that makes logical sense to do it in that order so we don't have to move things around later and annoy the translators.

I am currently proofing/finishing up #2268 which was contributed by someone else, this makes a good first step because explains some of the hardware features available, particularly in Windows.