Let's start with a premise in the form of a question......What is the one primary thing almost any attack vector depends upon for success? Specific files in specific places with specific names. Now, in searching for an answer whether Full Disk Encryption can defeat attacks I got a wide range of "Yes it can.", "No it can't.", "Maybe." and the full gamut of intermediate responses. So, which is it?
If it can, why isn't that the universal response? If it can't why was it developed in the first place? This, from BitWarden, obviously biased but still valid, "The primary purpose of FDE security is to protect sensitive data on lost or stolen devices. By encrypting the entire disk, including the operating system, system files, and all data, it ensures that unauthorized individuals cannot access any information stored on the disk." Is this really true? If it is why is this not the norm.
If a sufficiently complex, entropic, cipher is used for FDE will this negate the need for any other type of mitigation? You can't effectively steal or compromise what you cannot rationally understand. You may be able to destroy it but that is all and backups can cover that contingency.
What say you.
If it can, why isn't that the universal response? If it can't why was it developed in the first place? This, from BitWarden, obviously biased but still valid, "The primary purpose of FDE security is to protect sensitive data on lost or stolen devices. By encrypting the entire disk, including the operating system, system files, and all data, it ensures that unauthorized individuals cannot access any information stored on the disk." Is this really true? If it is why is this not the norm.
If a sufficiently complex, entropic, cipher is used for FDE will this negate the need for any other type of mitigation? You can't effectively steal or compromise what you cannot rationally understand. You may be able to destroy it but that is all and backups can cover that contingency.
What say you.