Lessons of the day:
1. Any full partition on hardware that gets seized can be accessed and decrypted over time.
2. Putting key-management inside hardware equates to asking a programmer/administrator to create something that can undo the encryption.