That's really overkill. Computers these days have enough horsepower to run file system encryption in the CPU. (If you remember 5-10 years ago, computers in those days had enough horsepower to run disk compression in the CPU, and CPU speed has increased a lot faster than disk throughput since then.) Build the system with an inactivity timeout for /home if you want. Swap space has the advantage that it doesn't need to preserve state across system reboots, so you can run an encrypted swap partition that generates a random key at boot time. If you want to get fancy about rubber-hose prevention and avoid the except-for-terrorism clause in the 5th amendment, you could do something with secret-sharing with your unindicted co-conspirators (oh, wait, they don't bother with indictments these days, do they?) so that all of you need to cooperate in a challenge-response thing to restart some of the services. Or you could hide that little 802.11 widget on the shelf that stores one of the keyfiles you need to access the secure drive. Once UWB's widely available, it'll be better for that (lower power - harder to detect.) Just make sure that your system _is_ restartable after power failures, because those are a much more likely event than cop invasions.