This should be documented in 1.2.1 Release Notes
When HDFS is encrypted (TDE is enabled), DROP TABLE and DROP PARTITION have unexpected behavior when Hadoop Trash feature is enabled.
The later is enabled by setting fs.trash.interval > 0 in core-site.xml.
When Trash is enabled, the data file for the table, should be "moved" to Trash bin. If the table is inside an Encryption Zone, this "move" operation is not allowed.
There are 2 ways to deal with this:
1. use PURGE, as in DROP TABLE blah PURGE. This skips the Trash bin even if enabled.
2. set fs.trash.interval = 0. It is critical that this config change is done in core-site.xml. Setting it in hive-site.xml may lead to very strange behavior where the table metadata is deleted but the data file remains. This will lead to data corruption if a table with the same name is later created.