It doesn't need to, if your disk supports OPAL2 - just set the password in BIOS and encrypt the drive, it's fully transparent to the OS and as a bonus, there's virtually no performance hit unlike software-based encryption like LUKS.
You are relying on every single ssd to have a secure implementation of encryption which is just never going to be true.
I’m not familiar with how the process works, but if you are setting the password somewhere, it’s exposed to being extracted. You want the password to be something you type in on boot.
Unless your threat model includes state-sponsored attacks, the encryption is good enough for most people, especially considering its primary use-case (gaming). And there's nothing stopping you from using a secondary secure container if you do intend to store that level of sensitive data (eg: VeraCrypt volume for plausible deniability).
Also, the password isn't stored anywhere, you get prompted by the BIOS upon every boot to unlock the drive.
Luks can use hardware offload description via opal if configured accordingly. You are also at the vendors firmware implementation in terms of security.
