Lol, the ven diagram of people who can move your computer while the os is running and and people who can figure out of you also have a duress password is basically a circle.
No home theif is going to take the time to move your machine while it's running so having all the drives locked should be good.
If you're using pam, some section of the drive is unlocked.
The question is does it matter if they know you have a duress module running?
You're not really obligated to give your password in the US. (Not a lawyer but that's how I understand it)
And in situations where they know are they going to beat you after youve erased your data?
If you're worried about a machine being moved while on, you're probably best to check a canary that tells it about it's environment. ARP for a specific MAC, or DNS entry that only resolves on your LAN, SSID scan, maybe just lock all drives if the LAN interface flaps.
I suppose this would be good for airport travel and more mobile situations.
No home theif is going to take the time to move your machine while it's running so having all the drives locked should be good.
If you're using pam, some section of the drive is unlocked.
The question is does it matter if they know you have a duress module running?
You're not really obligated to give your password in the US. (Not a lawyer but that's how I understand it)
And in situations where they know are they going to beat you after youve erased your data?
If you're worried about a machine being moved while on, you're probably best to check a canary that tells it about it's environment. ARP for a specific MAC, or DNS entry that only resolves on your LAN, SSID scan, maybe just lock all drives if the LAN interface flaps.
I suppose this would be good for airport travel and more mobile situations.