"Only sadistic sysadmins whose users suffer having to enter pre-boot passwords are immune, Haken says."
What on earth is sadistic about that? Last place I worked just about every aspect of the IT was an utter shambolic disaster. One of the few examples that wasn't was the (iirc) McAfee drive encryption with pre-boot authentication. When it got installed it just worked. Every morning it just worked. Every password change, once you knew to wait an hour and log off/on before shutting down, it just worked. Why is entering your password before boot rather than after sadistic?
Even there if you didn't know the password change trick you soon learned that for one boot cycle you'll enter the old password before boot and the new one at log in. Is that, typically once a quarter, really so insufferable?