No. If you derive, then you can't change it without full re-encryption of potentially terabytes of data.

The user’s password would protect the disk’s key, but would not necessarily derive it, I think.

Generally the way you solve that is by having the low entropy key give access to a hardware-based key store, like TPM. Those can be made tamper proof and throttled. I.e. the key is destroyed if you try to access the store by probing it, and it is locked (temporarily) after n failed attempts.

This also allows people changing their password as you do not change the actual (strong) key used for the disk but the key used to access it.

No, it should not be possible to compute encryption key from the password. Or, to phrase differently, you derive the key from the password and the data held by the secure element.

> but it derived from the password.

No, it's not. I use a book to generate a string of numbers and I can write them on a sheet of paper. If I put that paper in a room and lock the room with a key, I need the key to access the paper, but the numbers on the paper are in no way derived from the door key.

You are incorrect in your understanding of the word derived.

What are the analogies here? If you can find the door in the book you just need the key.

In cryptographic contexts (as opposed to English in general) "X is derived from Y" usually means that Y is the only information you need.