Does an FDE drive just cut off access to the drive?
Every Momentus FDE.2 drive always saves AES-level encrypted data to the physical media. Each drive has a unique encryption key, which means no two drives save the same data patterns given the same data. When a FDE drive is new, out of the box, the password controls are disabled. In this scenario, the drive can receive the Windows OS and user applications (including the Seagate Secure password applications) and boot just like an ordinary drive. As stated before, no two FDE drives are saving the same bit patterns to the physical media. Once the system is fully built, the next phase is to activate the password controls using specific third-party software (like that from Secude or Wave Systems). Once the Seagate Secure passwords are activated, then the user data sectors are inaccessible by firmware restriction until the password challenge is met. After the passwords are accepted, then the drive boots and runs like an ordinary drive (albeit saving AES encrypted data to the physical media).
