[aninhumer]

Why not both? When the emergency password is used, it could produce the decoy data, and silently erase the real data at the same time.

[gknoy]

Anyone that cares about the contents of your machine will have imaged your drive. I would not expect to be able to log into the actual machine.

[tripzilch]

Interesting, because afaik Windows for instance, refuses to load if it's not run on the same hardware configuration it was installed on. Something to do with licensing keys and DRM and such.

I suppose they image it, use the password on the actual machine, and if something goes wrong or self-destructs, they'll always have the image (it just takes a little more time to convince Windows to load).