Goal: best security and private data protection in case of full disk/volume encryption


- There have to be an unencrypted boot loader which is always security risk if anyone gain physical access to computer and setup bootloader keylogger to log my password. Answer to this is to require some USB flash to serve as an boot loader or use USB flash with stand alone incognito operating system like Tails or Liberé Linux.


A) Use Linux + LUKS (un-encrypted boot loader and then encrypted volume). Example Google phrasse for Xubuntu: Xubuntu LUKS install


B) Use any OS and from this OS run another OS (anonymous one via Virtualbox or other virtualization). This virtualbox OS image is placed in an encrypted container, example truecryptcontianer.tc file contains WindowsXP.vhd after decrypting.


C) use Microsoft Windows 7,8+ which contains Bitlocker software which encrypts whole OS volume data (not boot loader which can be sec. issue?)