I have a laptop with an older CPU (i7-2960XM) that is equipped with a 500GB SSD. There are 2 250GB partitions on it, one is Linux Mint Cinnamon 19.1, the other is Windows 10 1909. I want to encrypt all partitions effectively. On Windows I know the encryption, I will encrypt it with Bitlocker. What is an effective way to encrypt the Linux partition AND grub? The firmware is already encrypted.
You can create a separate partition for \ home and let Linux Mint encrypt it yourself. You will be asked for this during installation.
Why do you want to encrypt Grub's information as well?
So that you can't boot into the rescue systems.
That would be useless → encryption remains active.
And if someone else wants the data, they simply boot from USB or DVD.
Can't → encrypted BIOS.
You could also reset that if you really want to.
Or - what I would do: Just remove the plate and hang it on another computer.
You notice: There's no such thing as total security. Use encryption for a separate / home partition and you are well served.
For very paranoid contemporaries:
https://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/
https://wiki.ubuntuusers.de/LUKS/
The disk itself is TPM-secured, it only works in the laptop (at least the win partition). How do I get Linux around?