I hoped "xartutil --erase-all" is the equivalent of erasing my SSD. When Disk Utility erases my FileVault SSD does it simply just delete my decryption keys? If yes, then I guess it's the equivalent of "xartutil --erase-all"??
How does Disk Utility erase a FileVault SSD? Would the additional step of getting rid of the decryption keys make the data on my SSD more unrecoverable?
Take with a huge grain of salt...
From my understanding of Macs with T chips and SSDs, APFS file system is very iOS-ish in that all files are encrypted with a unique key (which is encrypted with a system key, and that encryption is encrypted with yet a different system key) when written via the T chip (all I/O goes through the T), decrypted on read. When the xartutil command is run, as mentioned by others, the system keys, finger prints, etc. get wiped out, making the disk unreadable. Basically, you erased the drive.
Enabling FileVault merely adds an extra layer of security. Doesn't really encrypt anything. Just adds the layer of who can unlock the drive.
From what I've seen, FileVault on APFS systems works somewhat like it does on HDDs systems at boot time. There still is an encrypted file named "EncryptedRoot.plist.wipekey" buried in the Preboot "hidden" volume. That file contains the user ids of unlockers, their hashed passwords, and the encrypted recovery key. Speculation, disabling FileVault merely removes the wipekey when using APFS. When you enable FileVault on APFS, it's instant as no file encryption is happening, only add the extra layer of security.
Imo, running an erase in Disk Utility is not needed if on a Mac with T chip.
Aside: never seen any real authoritative documentation on APFS and how this all really works. In the case of Macs without a T chip, guessing turning on FileVault uses APFS single-key encryption mode (FileVault "classic") vs. multi-key on T-chip Macs.
