ANY enterprise- grade computer is vulnerable regardless of the OS installed, and this includes Linux running on an encrypted disc. Why? Common Enterprise system management tools run pre-boot environments which communicate with every chip, including ram, via system management bus. This is typically how thermal data is collected from various sensors. But the SM bus is present and active even after boot. It's easy enough to craft utilities which monitor every bit of data in and out of the computer and the contents of RAM. If you use one of these grade computers, as do I because they're typically more rugged than average consumer hardware, You would be best to disable these management features in the BIOS. And hope that setting is really honored.