I only recommend full disk encryption. An encrypted volume on an unencrypted hard drive can leak info. For example, if you browse through your encrypted volume with a file manager, it can create thumbnails of photos, which may stored in a cache in the unencrypted part of the drive. Or if you open a document or some other file, many programs will add the path to that file in their "Recent Documents" or "Recently Opened" list. Someone who analyzes your hard drive can find these pointers to the contents of your encrypted volume. If you have a virtual hard disk for a VM inside the encrypted volume, presumably you'll be running it with VirtualBox or another virtualization program installed on the main OS. That means VirtualBox will be pointing to a virtual hard disk inside the encrypted volume, so anyone who looks at that will know you have a virtual hard disk in there. So, you might as well forget about the encrypted volume. A better solution is to use FDE on the virtual hard disk itself, which can be stored on an unencrypted drive. With Debian or Ubuntu, you can turn on full disk encryption during install time. That way there will be complete separation between data in the VM and the host OS.