Android uses similar storage encryption (and you can activate encryption for an SD card if you have sensitive data on it), the encryption key is protected by a TPM or Secure Element chip or by ARM TrustZone or equivalent, it checks that the OS is unmodified before booting and the chip only gives the key to the CPU if the user enters the correct PIN