[...]The drive needs to encrypt the 512 bytes of user data, calculate the CRC of the encrypted data, and store that value rather than the plaintext CRC.
If we recalculate the CRC of the ciphertext, the end-to-end nature of the CRC (which is why it is there in the first place) is lost since on decrypt we need to recalculate the CRC from scratch without any tie back to the original CRC.
As is also mentioned, this end-to-end CRC is not really used by the drive. The drive has other protection measures. The drive -may- check it, but it is an optional thing to do.
If we encrypt the CRC (method tbd) then the end-to-end nature can be preserved (the drive loses the ability to check the CRC). With end-to- end preserved, we can actually check that the encryption box didn't make a mistake (a quiet but valuable feature).
