hmm… Is there a filesystem, block device wrapper, or database that can securely erase any deleted data without wiping the whole thing? I’m imagining something like a Merkle tree but with encryption instead of hashing. Each node has the encryption keys of its children.
This is an interesting idea. Though, (encrypted) keys could end up still in SSD flash after being "overwritten"/"erased" due to wear leveling etc. Although, as an attacker you'd need to recover the entire "chain" of keys to get to a file.