Does someone have a nice guide to do full disk encryption, and other recommendations so that we can at least be a little certain our data isn't being tampered with?
https://github.com/Drive-Trust-Alliance/sedutil
That's if you trust TCG and OPAL, and have an OPAL drive. Windows will use OPAL automatically if available for at least Pro and Enterprise and Server products, I'm not sure about Home. Apple and Linux have software implementations (typically with AES hardware support by the CPU).
Edit: Looks like it's been forked. https://github.com/sedutil/sedutil
The TCG and OPAL folks should have commissioned this work for a UEFI application, and open sourced it.