Encryption is done in drive hardware, so copying the drive is possible via hardware attacks but would be a pretty involved lab operation. Would definitely take longer and require more sophistication than many in-practice crypto exploits.
a 256-bit AES key might take eternity, but if it's derived directly from 8-char ASCII the search space is tiny. Somewhat does depend on how it's actually implemented in hardware, however.
The 8 char password does not decrypt the key; it unlocks/retrieves it. The drive will only allow a fixed number of attempts. Once past the 10 or whatever allowed attempts, an attacker needs to brute force the full encryption key. It should be a very similar scheme to what you get with a modern smartphone, such as a new iPhone. (Not one of the older iphones the FBI cracked recently, a new one with a Secure Enclave.)
What stops the attacker from just imaging the drive in its encrypted state and continuing to run attacks on the 8 char password well in excess of 10 attempts?
It does actually encrypt your data, and if it's correctly implemented, it's fine. Those drives sell for a few years now and not a single exploit is known.
You're correct, it's not going to stop someone who knows exactly what they're doing and has the time/patience/tools to brute force. But it is enough to stop casual thieves from stealing more than just hardware, which is (fortunately) my main concern.
It reminds me of how I set a boot password in the BIOS on my HP laptop. I now have forgot the admin password in order to remove that "feature". I have no idea how I can fix it. The laptop is bricked. I can't install Linux on it because it is set not to boot from USB or CD/ROM
I had a Pentium III based HP laptop that stored the password on a chip that didn't require a battery to evade such a trick. The only fix was using the backdoor password that could be generated by using the serial number of the laptop (HP required proof of ownership, but I had dumpster dived this from their offices). The backdoor password was retrieved by wiring 50 USD to a fellow in the czech republic who had the keygen tool HP support would use.
Check HP for the service manual for your laptop. This is generally a standard goal the manual will give steps for. Usually all you need is a screwdriver of the right size and a bit of guts to pull apart bits of plastic, though I find my confidence that I'm not destroying anything is greatly enhanced when I'm following the manual and have reasonable confidence all the screws are out properly.
I had the same issue with a second hand HP laptop. However, I could still log in as administrator on the Windows install, enabling me to dump the flash memory used to store the BIOS firmware and configuration, which included the password hash. Some reverse engineering later, and I was able to brute force the hash successfully. So that could be an option if the password is not stored in battery-backed memory, and you have a bit of time on your hands to get stuck into the BIOS internals.