alt Hacker NewsMicrosoft quietly dropped support for encryption offload support ("OPAL") in SSD drives because the hardware vendors were doing absolute clown-shoes things like a single static hard-coded key or the key was literally empty / all zeroes!
There's levels of trust/security.
I generally trust Apple's device encryption, assume BitLocker can be popped by a well-equipped nation state attacker, and the rest I trust about as far as I can throw them.
PS: A related issue was (is?) that the comms between the CPU and the TPM chip on the motherboard isn't encrypted, signed, or in any significant way protected! Apparently it's relatively trivial to extract various keys including BitLocker encryption keys by simply clipping an oscilloscope to the TPM chip pins.
Reference: https://www.techcentral.ie/windows-bitlocker-no-longer-trust...
> OPAL
Ah, yes. Wave EMBASSY Suite, Wave Preboot, and all that other hot garbage.
Best part of Wave Systems was their horrid support organization. I loved being the tier 0 rep they contracted and trained with zero software knowledge and being a catch-and-throw for all the angry people that locked themselves out of their laptops. "Sorry, buddy, all I can do is make you a Dynamics CRM ticket."