WDE is simpler. Even if you wrote the perfect operating system or bootloader that never made a mistake, you'd still fail at the goal. User A could install a keylogger or some other kind of hardware manipulation and use that to steal user B's passphrase or spy on B.
> You really do want per-user data encryption.
What kind of situation where users don't have physical access to the machine is user-segregated on-disk data encryption necessary?
> You really do want per-user data encryption.
What kind of situation where users don't have physical access to the machine is user-segregated on-disk data encryption necessary?