yeah but you can have an encrypted disk, encrypted ram, not so much.

Hi. PrivateCore has implemented encrypted RAM as part of a secure hypervisor. Our product is currently in a private beta, but you can check out our website at: http://www.privatecore.com.

We gave a talk on some of the vulnerabilities and mitigations at CanSecWest this year: http://cansecwest.com/slides/2013/PrivateCore%20CSW%202013.p...

OpenBSD will get you halfway there, it at least encrypts (if you switch it on) the virtual memory.

OpenBSD does this by default. It also now directly boots cryptodisks eliminating the need to create a /boot partition and carry it around if you're concerned about evil maid attacks, though I would imagine a camera or keyboard hardware keyloggers would defeat that pretty easily

The boot loader is still on the disk, unencrypted.

That's what removable media is for

derp, /root correction

As does OSX. Probably Windows too? There has to be a registry setting to tweak, somewhere.

If you stream the data in from disk (e.g. read 1kB, encrypt 1kB, read 1kB, encrypt 1kB) then a cold boot attack only recovers one small chunk of data. Whereas if your keys are in RAM then a cold boot attack can recover the keys which can then be used to decrypt your entire hard drive.