My understanding is that if you are running on a Mac with a T2 processor or are running on Apple Silicon, there is an encryption key for the built-in SSD in the Secure Enclave. Erasing the drive causes that key to be regenerated, making the current data on the SSD unreadable.
If this is correct, that makes securing the internal drive on current Macs an almost trivial process, not worthy of a long discussion.
Since almost all Macs produced in the last several years fit this case, if my supposition is correct, it would be brought up quickly in the discussion, dealt with, and then more difficult cases would be discussed. Since that has not been the case, I’m curious what I am missing.
The T2 encryption binds the SSD to the T2 chip, so you can’t remove the flash media and read it on any other computer. This is highly unlikely when the flash is soldered down, but when it’s on a plugin card (e.g. a Mac Pro), it prevents the SSD from being read on another computer.
But I don’t think that key is regenerated as a part of erasing the drive, since that key is needed for accessing file system structures below the level of a volume (e.g. the partition table).
If you have a source that says otherwise, please share it.
So, the presence of a T2 does not change the rationale for using FileVault. The T2 encryption will prevent an attacker from bypassing the SSD controller, but it is completely transparent to software running on the Mac that has the T2 and its paired flash storage - which is why Target Disk mode still works on a T2 Mac without FileVault.
With respect to erasing an old Mac, what a T2 will do for you is that simple file-erase or volume-erase operations (which will be erased with TRIM on any Apple-provided SSD, including a T2) can be considered secure because there’s no way to bypass the T2’s SSD controller logic.
That’s the way I understand it as well. The encryption key used by T2 to access the SSD is not exposed to the user or macOS. This xART key is a hardware key that’s used even when no FV is involved at all. And when you do use FV2, FV2’s key is in addition to the xART key, not instead of it or related to it. The xART hardware key is there merely to prevent the hardware from being removed and read out on another system (or read out via bypass of its controller [the T2 SoC]). So on a MP for example, you first need to set up a new (socketed) internal SSD with the MP’s T2 before you can use the new disk.
But don’t take it from me. Here’s a good source on how disk encryption on Macs works covering FV1 vs. FV2 and M1/T2 vs. T1 vs. older Macs.