[ranger_danger]

Not encrypting the OS means it's no longer considered FDE in my opinion.

But Windows doesn't need the OS to decrypt a BitLocker volume anyway because the bootloader can do it... otherwise how could a FDE disk ever boot in the first place?

[rafram]

Why not? The macOS OS partition is signed and read-only. Unless you disable SIP (which you shouldn't), your OS partition is bit-for-bit identical to everyone else's.

[ranger_danger]

> your OS partition is bit-for-bit identical to everyone else's

Unless I want to change it... or have multiple OSes/partitions where I need the entire disk encrypted.