The much more obvious way to implement this would be to have a tamper-proof hardware dongle that (a) accepts, as input, a passphrase; (b) uses that passphrase to derive a key; (c) used that derived key to decrypt some data stored, e.g., in flash on the processor chip; (d) confirms the data decrypted correctly, if correct return the key, else overwrite the flash with new random data, and return that new data.

That data, would of course be the actual key used to encrypt the drive.