[zzz61831]

Personal computers have an advantage here: it is acceptable for them not to work when they are not directly used by someone. It means they can be stored in safes when not used and have all the encryption keys securely erased when not used. For example, a screen locker could stop all the processes and erase all the keys from registers and memory assuming both disk and memory encryption. And the locker itself could be triggered by some proximity sensor, RFID, camera, whatever, not just input inactivity timeout.

[close04]

Storing your personal computer in a safe when not using it is probably the very definition of "almost incompatible with any kind of personal use". And at this point you just move the weak link from the device to the safe's lock. HSM-like physical security is good for making the device tamper proof and ensuring than no data can be retrieved under any circumstances other than the one accepted "regular use" way.

Putting a regular device in a safe leaves it exposed to someone unlocking the safe and compromising the device by implanting a keylogger inside or even by putting a replacement identical device there and waiting for the user to type the boot password.

As for methods of emergency clearing sensitive data from memory while in operation, whatever method is employed will work once. The next time the attacker is ready for that particular method. For example the police might just have to completely immobilize the suspect (and their hands) and keep the laptop in the vicinity while the "dead man's switch" is bypassed.