It doesn't need to, if your disk supports OPAL2 - just set the password in BIOS and encrypt the drive, it's fully transparent to the OS and as a bonus, there's virtually no performance hit unlike software-based encryption like LUKS.

You are relying on every single ssd to have a secure implementation of encryption which is just never going to be true.

I’m not familiar with how the process works, but if you are setting the password somewhere, it’s exposed to being extracted. You want the password to be something you type in on boot.

Luks can use hardware offload description via opal if configured accordingly. You are also at the vendors firmware implementation in terms of security.