The best option would be to add a MAC or authentication tag correctly, for example with an AE mode like CHACHA20_POLY1305, AES_256_GCM, AES_256_OCB, or one of the new CAESAR candidates, etc.
But then you'd need extra space for the MAC/authentication tag, and disk encryption often isn't placed somewhere in the driver stack where you can get away with, say, a 4080-byte logical sector for a 4096-byte physical sector. Nothing expects that. Performance problems, stuff complains, even crashes, as anyone messing with 2352 byte sectors on CD-ROMs has maybe experienced. (Has anyone tried doing it anyway in more recent years? The last time I tried to implement it was back when ckt was working on PGPdisk, and it didn't go well.)
You could put the authentication tag somewhere else, but you have to be very careful with that, and it also means seeking: you could do that better if you were a filesystem, but as a transparent block device filter, as basically all FDE is, XTS is probably about as good as you're going to get - but remember that it is helpless against malleability or historical snapshots.
But then you'd need extra space for the MAC/authentication tag, and disk encryption often isn't placed somewhere in the driver stack where you can get away with, say, a 4080-byte logical sector for a 4096-byte physical sector. Nothing expects that. Performance problems, stuff complains, even crashes, as anyone messing with 2352 byte sectors on CD-ROMs has maybe experienced. (Has anyone tried doing it anyway in more recent years? The last time I tried to implement it was back when ckt was working on PGPdisk, and it didn't go well.)
You could put the authentication tag somewhere else, but you have to be very careful with that, and it also means seeking: you could do that better if you were a filesystem, but as a transparent block device filter, as basically all FDE is, XTS is probably about as good as you're going to get - but remember that it is helpless against malleability or historical snapshots.