[pavel_lishin]

> or a second 'secret' key known by every copy of the unlocking software!

Are you sure that each drive doesn't have its own key, tied to the serial number?

[phaer]

Wouldn't that mean that the manufacturer still has the secret key? That would make you vulnerable to government agencies,... and it is not the case if you use truecrypt or dm-crypt/luks.

[mindslight]

That would be preferable, and would have the same properties as keeping a non-passphrase-encrypted copy of your LUKS key elsewhere (possibly a central repository), but would reduce the usability of their software that can 'unlock whole fleets of drives'. And there's no guarantee that there isn't even a secret third unencryption method, companies love to have future options.