This is often how secure erase is implemented on SSD (though they often don't use TPMs). Encrypting data transparently on the controller, then regenerating the key on erasure request, turning the data on disk into useless bits.
Of course this comes with the risk that someone exploits the firmware and extracts the key, rendering secure erase useless, but in most cases that's good enough.
How do you be certain that ShredOS or any other component does its job? You can always physically burn the drive, but make sure you actually watch it turn to slag.
Drives which support doing this in hardware have a block just for storing the key. Because it’s not often rewritten, it doesn’t need to go in the pool of blocks that can get remapped.
Of course this comes with the risk that someone exploits the firmware and extracts the key, rendering secure erase useless, but in most cases that's good enough.