Right but access to those keys will be available in an unhardened location then? Otherwise you're serving encrypted data. So if the system accessing the data and using the keys is compromised, which we can assume is the case if the data is compromised, then access to the keys is as well?
Maybe I'm being an idiot but it seems like a lot of extra complexity to protect against really only physical attacks where someone directly steals the data storage.
Aren't we legislating the wrong problem here then though? I'd argue prioritising the physical security of your drives over encrypting them is a better aim for services. As if someone can physically steal your drives they've still DOSed your system even if they cannot accesd the content.
Maybe I'm being an idiot but it seems like a lot of extra complexity to protect against really only physical attacks where someone directly steals the data storage.