At one point, hardware-based encryption linked to TPM chips and BIOS extensions promised to make full-disk encryption both fast (almost zero overhead in reading / writing from / to the disk) and secure, and that these "self-encrypting" SSDs could be securely "erased" simply by removing the encryption key from the disk. In theory.

"Self-encrypting drives (SEDs) use hardware-based encryption which takes a more holistic approach to encrypting user data. SEDs have an onboard AES encryption chip that encrypt data before it is written and decrypts it before it is read directly from the NAND media. Hardware encryption sits between the OS installed on the drive and the system BIOS. When the drive is first encrypted, an encryption key is generated and stored on the NAND flash. When the system is first booted, a custom BIOS is loaded and will ask for a user passphrase. Once the passphrase is entered, the content of the drive is decrypted and access to the OS and user data is granted."

However, flaws in the implementation of hardware-based encryption were discovered back in 2018, which destroyed confidence in this approach, and I'm not sure if it has been recovered since. The flaws were monumental bus-sized holes, like not cryptographically linking the encryption key to the user passphrase, and by having a built-in master encryption password that was set by the manufacturer as a default for all their disks. I kid you not. And there were others, that were rather more convoluted, that could be exploited by determined hackers.

I was looking into this very topic when specifying a large number of laptops for an organisation at that time and decided, naturally enough, that this approach - while convenient - was not in the least bit secure, and implemented an alternative disk encryption strategy.