A drive that supports Secure Instant Erase should be encrypting all data. When the SEI function is invoked (“nvme format -s 2”, “hdparm —-security-erase”) they key is thrown away and replaced with a new one. Similar implementations exist for NVMe, SATA, and SAS drives — regardless of whether they are HDD or SSD.

This puts a fair amount of trust and in the drive’s ability to really delete the old key.