FDE doesn't have space for and can't afford (because of the random read patterns) authentication tags, so it uses modes like AES-XTS instead.
What that HMAC does is just confirming that the passphrase is the right one. Think of it as a checksum, not as authentication.
FDE doesn't have space for and can't afford (because of the random read patterns) authentication tags, so it uses modes like AES-XTS instead.
What that HMAC does is just confirming that the passphrase is the right one. Think of it as a checksum, not as authentication.