To give a bit of technical details, the hardware must have a feature to destroy encryption keys for user data whenever a new OS is installed on it; and you have to be able to install a new OS on it at all.
Like, today, many smartphones have the problem that you can’t install a new OS on them at all, because the bootloader doesn’t allow it. Meanwhile PCs have a different problem, where they do allow installing new OS, but the user data is typically not encrypted and so you can just boot linux from a USB device and read all contents on the internal disk.
The best solution might be to encrypt all userdata, store the keys in the bootloader on the device, but when a new OS is loaded/installed, the bootloader doesn’t give out the keys so the userdata can’t be decrypted.
To give a bit of technical details, the hardware must have a feature to destroy encryption keys for user data whenever a new OS is installed on it; and you have to be able to install a new OS on it at all.
Like, today, many smartphones have the problem that you can’t install a new OS on them at all, because the bootloader doesn’t allow it. Meanwhile PCs have a different problem, where they do allow installing new OS, but the user data is typically not encrypted and so you can just boot linux from a USB device and read all contents on the internal disk.
The best solution might be to encrypt all userdata, store the keys in the bootloader on the device, but when a new OS is loaded/installed, the bootloader doesn’t give out the keys so the userdata can’t be decrypted.