[rafram]

macOS solved this (and a lot of other problems) by putting the OS on a separate read-only partition - technically an APFS volume - that doesn’t get encrypted. Microsoft’s backwards-compatibility obsession might not let them make that the default, but they could at least make it an option.

[ranger_danger]

Not encrypting the OS means it's no longer considered FDE in my opinion.

But Windows doesn't need the OS to decrypt a BitLocker volume anyway because the bootloader can do it... otherwise how could a FDE disk ever boot in the first place?

[rafram]

Why not? The macOS OS partition is signed and read-only. Unless you disable SIP (which you shouldn't), your OS partition is bit-for-bit identical to everyone else's.

[ranger_danger]

> your OS partition is bit-for-bit identical to everyone else's

Unless I want to change it... or have multiple OSes/partitions where I need the entire disk encrypted.