The way to do this is plausible deniability. There is software that allows creating an encrypted volume with two passwords, resulting in two different decrypted volumes. So you give the duress password and there is no incriminating data on there.

For example grapheneOS also has a duress pin that wipes the device.