[pasbesoin]

Pertaining to this, here are some basic questions I had a hard time finding straightforward answers to, when I last considered built-in SSD encryption a couple of years ago.

- Are the AES keys unique per device?

- Any guarantee that the manufacturer is not keeping a record of serial numbers / AES keys going out the door? (Assuming sealed manufacturer packaging and trust in same when buying.)

- There are some instructions for resetting an AES key after installation. How do I reset an SSD's AES key before installation? Can and how do I use the manufacturer's utility or other means to do so when it is e.g. plugged into an extant system via USB?

- Exact descriptions of how the firmware interacts with BIOS (or UFI, I suppose).

At the moment, I'm trusting to whole-disk software encryption. Not that I have anything particularly concerning to hide (less than most, probably). I considered using the SSD firmware encryption, but I wore out on chasing down such details. Maybe things have improved in this regard, in the meantime, but a few years ago, I didn't manage to chase down clear descriptions and instructions for these things.