AES hardware based encryption engines on SEDs do not require software. The Encryption keys are generated at product initialization. The SSD's controller uses a random number generator to encrypt the SSD. This standard is defined by the Trusted Computing Group (TCG). Cryptoprocessors include encryption key generation as well as tamper-resistant key storage. All bits are encrypted automatically without any user management. This adds a layer of security, as the encryption key never leaves the drive. The benefit is encryption key management is not required. Hardware-based encryption cannot be corrupted like software. SEDs are also not vulnerable to viruses and other software attacks, but SEDs do not secure data-in-flight. SEDs are not intended to be a replacement for firewalls or virus protection, and do not protect from malware or ransomware. Self-encryption provides data-at-rest protection in the event of a lost or stolen computer.