If you run it in a VM on your Mac, you can take advantage of any host-level full-disk encryption and avoid needing Bitlocker. (Of course, you probably want to pay the $50 or so for VMware Fusion, if you're going that approach.)
I did not know that BitLocker relies on hardware encryption if the SSD has support for it. That seems like an extremely dangerous default to have, especially as the implementation is closed source in most (all?) cases.
I'm assuming OS X's FileVault is fine for full-disk encryption? It only sends your key to Apple if you choose to, and it's completely transparent from the end-user's perspective.
If you run Windows, you've already handed over root access to Microsoft. Given that, if you're not interested in encrypted volumes that work across OS's, what reason would you have to not use Bitlocker?
Would windows Bitlocker work too? My issue is that Veracrypt requires you to mount a drive, while Bitlocke provides protection over the whole drive (barring your adversaries being Microsoft and/or the NSA).
> OS X equivalent is encrypted disk images and FileVault
Calling FileVault an "equivalent" of BitLocker is too generous. BitLocker provides several important things currently lacking from OS X's built in disk encryption facilities:
* Strong encryption: If you use FileVault, you're essentially gambling that your hypothetical attacker can't break a 1024-bit RSA key. That isn't such a good bet these days.
* Trusted boot path in conjunction with a TPM; defense against the "evil maid" attack
* Support for full disk encryption, not merely encryption of home directories
* Enterprise key management and recovery, so that full disk encryption can conceivably be used within a large organization
You'll want to buy PGP or similar if you're on a Mac and you want good disk encryption. (But that still won't give you anything like BitLocker's boot path verification.)
But yeah, the whole parental controls thing is not only a moot point (didn't OS X actually have that first?), but pretty much irrelevant to security in the sense intended in this discussion...
FileVault on Macs and OpenBSD's softraid(4) on non-Macs. Almost every OS these days has some support for full-disk encryption. Not using it is irresponsible.
That sucks. I've used TrueCrypt for Windows and LUKS for Linux, but have never been a Mac guy so I haven't looked into that side of things. Google suggests that your main options are OSX's built-in FileVault to encrypt just your home directory (and optionally TC or something for additional non-system data), or PGP Whole Disk Encryption for a whopping $150. Or running a virtualized OSX within an encrypted container within a second OS, with all the extra boot time and performance hits that would entail.
I'd bet on something better coming out before too long given more interest (and laws) about encryption these days, but unless I've missed something, for now it looks like you're pretty much of out of luck for as good, complete, free solutions go.
macOS FileVault is also a good option for whole-drive encryption, as the hardware then requires the external password in order to unlock the drive to continue booting.
I mean between bitlocker and T2 I’d rather have T2. At least with bitlocker the key is in my Microsoft account so if something happened to my pc and the drive was still intact I can easily access the data again. On a T2 secured Mac, if something happened then I’m screwed.
reply