[forapurpose]

Self-encrypting drives (SEDs) have this function built in:

1. Everything stored on the drive is always encrypted when at rest.

2. The drive has some sort of firmware, memory and microprocessor that stores a key and en/de-crypts data in transit to/from storage.

3. To 'erase' the drive, the SED simply erases the key.

Of course there are many potential flaws in implementation, but conceptually it's simple. And as with most drive encryption solutions, the fatal flaw is that the data is available if the computer is on or asleep, which means that for most users the security is disabled 99% of the time (but that problem doesn't apply to drive wiping).

AFAIK: Many common drives have SED functionality. Until the user "locks" the drive, the data is en/decrypted invisibly to the user and system. Locking the drive creates a passphrase and a pre-boot environment for authentication. Locking the drive requires an OS-level utility. Opal by TCG (the same people who provide the TPM spec) is the common standard.