It all depends on your threat model, of course. If you trust Apple and Microsoft and just don't want thieves to read your data, then you can probably rely on OS encryption tools: as far as I know, not even governments have managed to unlock any of these methods without access to a (backup) key. If you're an activist in a totalitarian country, you should take different precautions.
On Windows 11, Bitlocker should just work. Windows 10 still requires a Pro license for encryption, but 11 should've fixed that, making it available (in most part) to all versions.
If you use Bitlocker, pay attention to where the recovery codes are stored. By default, Windows will offer to add the recovery key to your Microsoft account, theoretically giving Microsoft and various governments access to a method of decrypting your drive. You can opt out of that and store the recovery key somewhere safe instead. You should keep this key available, because you may need it even if you know your password (for example when the secure boot state gets toggled, or the boot configuration changes).
Also consider using a password in addition to the TPM key storage if you're okay with your drive not being decryptable without the recovery key outside of your computer (https://www.howtogeek.com/262720/how-to-enable-a-pre-boot-bi...). Windows likes to store the key inside your TPM (which is then exchanged without encryption in a way that someone with physical access can probably intercept), which makes it possible for Windows to boot without prompting for a key, meaning an exploit against the Windows login prompt can bypass the security Bitlocker PROVIDES. An additional password means you need to type in a password on boot,
If you distrust closed source encryption methods, Veracrypt is available for PC as an open source full disk encryption system. My understanding is that the code is reasonably safe, though you may want to Google around to make sure it's as secure as you'd like it to be.
With LUKS, your data is gone when the LUKS headers are gone; your password only serves to decrypt the real key that protects your data. You can back up the headers somewhere safe (this article shows you the commands to do so) and restore them later in case something goes terribly wrong. You'll still lose data if the data written to disk is corrupted of course, but with the headers backed up you should be reasonably safe against specifically encryption related disk corruption.
Once you have loaded the encryption keys, LUKS presents itself as just another drive, completely transparent to the underlying file system, so fixing partition corruption is similar to fixing an unencrypted drive. As far as I know, the same is true for most other operating systems as well. Many traditional file recovery tools work after simply unlocking an encrypted volume.
If you're paranoid, you can also use the fact that LUKS headers are all you need to your advantage. It's possible to configure LUKS to store the headers on a separate device (i.e. one you always carry with you and another in a secure location) so a drive can be completely unreadable without a second physical storage device, even if your adversaries know your password.
I think the simplest method of securing yourself would be to just enable drive encryption built into your OS with a sufficiently long and random password. It's probably best to use a password generator to create one. In theory attacks on bad key derivation functions are feasible, but most people's data isn't worth all the time and compute it takes to crack such a password. If you use modern tools and modern configurations (backwards compatibility can be an issue), the tools built into your OS are probably Good Enoughâ„¢ for most people.
On Windows 11, Bitlocker should just work. Windows 10 still requires a Pro license for encryption, but 11 should've fixed that, making it available (in most part) to all versions.
If you use Bitlocker, pay attention to where the recovery codes are stored. By default, Windows will offer to add the recovery key to your Microsoft account, theoretically giving Microsoft and various governments access to a method of decrypting your drive. You can opt out of that and store the recovery key somewhere safe instead. You should keep this key available, because you may need it even if you know your password (for example when the secure boot state gets toggled, or the boot configuration changes).
Also consider using a password in addition to the TPM key storage if you're okay with your drive not being decryptable without the recovery key outside of your computer (https://www.howtogeek.com/262720/how-to-enable-a-pre-boot-bi...). Windows likes to store the key inside your TPM (which is then exchanged without encryption in a way that someone with physical access can probably intercept), which makes it possible for Windows to boot without prompting for a key, meaning an exploit against the Windows login prompt can bypass the security Bitlocker PROVIDES. An additional password means you need to type in a password on boot,
If you distrust closed source encryption methods, Veracrypt is available for PC as an open source full disk encryption system. My understanding is that the code is reasonably safe, though you may want to Google around to make sure it's as secure as you'd like it to be.
With LUKS, your data is gone when the LUKS headers are gone; your password only serves to decrypt the real key that protects your data. You can back up the headers somewhere safe (this article shows you the commands to do so) and restore them later in case something goes terribly wrong. You'll still lose data if the data written to disk is corrupted of course, but with the headers backed up you should be reasonably safe against specifically encryption related disk corruption.
Once you have loaded the encryption keys, LUKS presents itself as just another drive, completely transparent to the underlying file system, so fixing partition corruption is similar to fixing an unencrypted drive. As far as I know, the same is true for most other operating systems as well. Many traditional file recovery tools work after simply unlocking an encrypted volume.
If you're paranoid, you can also use the fact that LUKS headers are all you need to your advantage. It's possible to configure LUKS to store the headers on a separate device (i.e. one you always carry with you and another in a secure location) so a drive can be completely unreadable without a second physical storage device, even if your adversaries know your password.
I think the simplest method of securing yourself would be to just enable drive encryption built into your OS with a sufficiently long and random password. It's probably best to use a password generator to create one. In theory attacks on bad key derivation functions are feasible, but most people's data isn't worth all the time and compute it takes to crack such a password. If you use modern tools and modern configurations (backwards compatibility can be an issue), the tools built into your OS are probably Good Enoughâ„¢ for most people.