The encryption is transparent, the key is stored on a security coprocessor if the encryption isn’t “turned on” the key simply isn’t encrypted with a KEK which is derived from your password.
Sometimes the default key is also all zeros/ones until the user has initialized the encryption function at which a random key is generated and encrypted with a KEK.
W/E you format the drive with or too or how you use it doesn’t matter, you don’t have raw access to drives anymore (sectors, clusters etc don’t mean anything anymore) with or without encryption the controller basically emulates an “ideal drive” to the OS and does it’s own thing.
Sometimes the default key is also all zeros/ones until the user has initialized the encryption function at which a random key is generated and encrypted with a KEK.
W/E you format the drive with or too or how you use it doesn’t matter, you don’t have raw access to drives anymore (sectors, clusters etc don’t mean anything anymore) with or without encryption the controller basically emulates an “ideal drive” to the OS and does it’s own thing.