| From: D. Hugh Redelmeier via talk <talk@gtalug.org> | Some disks have a feature where they have a key that encrypts every block. | The key persists in the drive. But if you want to wipe the disk, you | change this key. Then every block is nonsense until it is rewritten. | I haven't got time to look up the name for this feature. It is optional. | I think that most enterprise drives have it. The feature is called "Self-Encrypting Drive" (SED). This seems like the only way to safely allow a drive to be re-used by a someone you don't trust. <https://www.techspot.com/guides/869-self-encrypting-drives/> Note: that's an old article. The simplest way of using it makes the encryption / decryption invisible to the computer. You just have to change the key to do a "secure erase". There is a next level in which the drive requires a password when powered on. This isn't needed for Secure Erase. Apparently a lot of drives have Secure Erase but the feature is rarely advertised. Sad fact: you may only realize that you want this feature long after you bought it.