Obviously, with a state adversary, you’d be fucked.
But how about, if I want to prevent a douchbag sibling or roommate from replacing the bootloader of an encrypted laptop, with a malicious version they got from some dark web site as a “prank”? Assuming you can’t just lock the device in a safe.
With phones, they all have verified boot.
But with Windows + Veracrypt, an attacker can just replace the Veracrypt Bootloader.
Is there an alternative? Or do I just have to use Bitlocker? (again, non-state adversaries)
I use QubesOS with anti evil maid. U have a usb u carry with u (and ensure the safety of) and that verifies the PC which then proceeds to boot itself.
Does that mean you lose access to your whole computer and all your data if you lose the USB drive? That sounds like a nightmare
U can make multiple so I got a backup in a secure location.