Sadly SteamOS doesn't support full disk encryption, which is inexcusable for an OS used on a portable device, that some also use to remote access their desktop (through Steam Link/Moonlight).
It’s not in a consumer friendly state yet, but I’ve been using my steamdeck with encryption for a month now with zero issues. I guess technically this is not “full” disk encryption since it’s just the home dir, but I only care about protecting my personal info which is all in the home dir anyway.
It doesn't need to, if your disk supports OPAL2 - just set the password in BIOS and encrypt the drive, it's fully transparent to the OS and as a bonus, there's virtually no performance hit unlike software-based encryption like LUKS.
You are relying on every single ssd to have a secure implementation of encryption which is just never going to be true.
I’m not familiar with how the process works, but if you are setting the password somewhere, it’s exposed to being extracted. You want the password to be something you type in on boot.
Unless your threat model includes state-sponsored attacks, the encryption is good enough for most people, especially considering its primary use-case (gaming). And there's nothing stopping you from using a secondary secure container if you do intend to store that level of sensitive data (eg: VeraCrypt volume for plausible deniability).
Also, the password isn't stored anywhere, you get prompted by the BIOS upon every boot to unlock the drive.
Luks can use hardware offload description via opal if configured accordingly. You are also at the vendors firmware implementation in terms of security.
I personally don't keep anything sensitive on steam deck or heck, any device related to "gaming". Modern games are nothing but spyware and even more reasons if you are pirating
