I remember that encryption built-in to high-end mass storage devies around a decade ago didn't had a good track record. Private key could be retrieved from HDD firmware and so on. Protection by built-in HDD/SSD encryption was not reliable. With that in mind I understand Microsoft's decission to use software-based encryption. Has anything changed in regard to encryption on mass storage level?
Yes read about it, it's quite shocking to say the least. We really need a better encryption system, perhaps something that's hardware based, like a dedicated chip? Or perhaps I'm saying something stupid? Actually, I forgot that it already exists, see link. https://www.kingston.com/en/blog/data-security/how-ssd-encryption-works
