Is the lock screen secure?
Solution 1:
They could try to brute-force your password, you might want to set it up so accounts are locked out after too many failed attempts. You didn't ask how, but if you're interested you can read more here https://web.archive.org/web/20190831173642/http://blog.bodhizazen.com/linux/ubuntu-how-to-faillog/
Edit : including steps as requested
Open /etc/pam.d/common-auth
and add the line AT THE TOP OF THE FILE:
auth required pam_tally.so per_user magic_root onerr=fail
To set the number of attempts allowed & timeout
faillog -m 3 -l 3600
Where 3 is the number of attempts allowed and 3600 seconds (1 hour) is how long to lock out the account for.
You can omit the -l
part and the account will be locked out forever, however I would really not recommend that since your hard drive is encrypted. It would make your files very difficult to recover if you locked yourself out. If you choose to omit the lockout time, I would at least increase the number of attempts, because it's not that difficult to enter your password wrong 3 times.
Solution 2:
Any way? Yes, look up the liquid nitrogen RAM attacks. It's always a question of how secure you want to be, not being undefeatable. If an attacker needs a dewer of LN on hand to defeat you, you're fairly likely to see him coming.
Solution 3:
If the attacker has physical access to your RAM then he can get your keys. I don't see any way to prevent that.
What I suggest, if you have sensitive data that you want to protect:
Install a virtual system inside of an encrypted container.
Using VirtualBox or some other virtualization software you can save the current state of the virtual system at any time.
Write one script (open-vm) to open the container and restore the virtual system and another (close-vm) that will save the state of the virtual system and close the encrypted container.
Then just get lock screen to trigger those scripts or call them yourself when you need to. You'll need to provide the decryption password for your container every time you want to restore the container but at least you can leave your system running when you step away for a few minutes.
This also has the benefit that if an unsophisticated attacker intimidates you into opening your laptop you can do so and they still won't have access to your encrypted virtual system that they probably won't know about.
Note: Your encrypted container password should be as strong as your HDD password, under the assumption that the attacker will bypass your screen lock and have unlimited computing power to try to crack the encrypted container.
Note 2: I'm assuming that VirtualBox won't cache data in places you don't expect it to and will clear any traces of the virtual system when it's shut down. This is possibly a dubious assumption.