82649 Let's say i have full disk encryption enabled on linux. The encryption key is is in ram. Now i reboot my pc and start windows. If the reboot happens really fast, could the key remain in ram so that windows can accsess it?
I would assume that the encryption key in RAM is zeroed by the kernel when the LUKS partition is closed, I would be surprised if they didn't do that, since it is standard procedure to handle cryptographically sensitive material in that way. But by default, RAM memory in general is not zeroed, so if you reboot into Windows, Windows might be able to read files from the encrypted drive that is cached unencrypted in RAM. Windows might also see what you did while using Linux.
There are kernel options you can enable in your Linux installation to enable zero-of-free, which should cause all memory pages released back to the kernel, or released by subsystems in the kernel, to be zeroed immediately. During a clean shut down or reboot of your system, this should prevent any information leakage from happening. Tails is an example of a Linux based operating system that has enabled this by default, so you can look into what kernel options they are using. If it is Qubes OS you are running, you need to look for the corresponding Xen boot options instead.
Unfortunately, I don't know about any Linux based system other than Tails that enable this by default. It is supported, but no one seem to enable it, even if it is such an important mitigation for cold boot attacks and similar.