How Does Encryption Work in Intel® Optane™ Persistent Memory (PMem)?

Unable to find details on how data is encrypted or handled for security reasons.

Intel® Optane™ persistent memory uses 256-AES hardware encryption.

While in Memory Mode the Intel® Optane™ persistent memory encryption key is removed when powered down and is regenerated at each boot. This means data is no longer accessible.

In App Direct Mode data is encrypted using a key on the module. Intel® Optane™ persistent memory is locked at power loss and a passphrase is needed to unlock and access the data. The encryption key is stored in a security metadata region on the module and is only accessible by the Intel® Optane™ persistent memory controller. If repurposing or discarding the module, a secure cryptographic erase and DIMM overwrite is utilized to keep data from being accessed.

See more details in the web article The Challenge of Keeping Up with Data.