[astrange]

Typical AES-XTS full disk encryption is not safe enough for the laptop case; it’s not authenticated and someone can edit encrypted files.

File-based encryption (like the one T2 and later Macs use) is safest.

[welterde]

While that is true, I cannot think of a real world scenario where it is relevant, since I don't think you can actually produce a specific plain text, but only corrupt certain sectors.

And in case it is a real issue one can use ZFS or btrfs as the file system to ensure data integrity.