Since the publication of the cold boot attack on software disk encryption 5 years ago, there has been little progress on developing countermeasures and implementing defenses in the disk encryption technologies already in wide use. Furthermore, many users of full disk encryption have physical security habits that fall outside the security models of disk encryption software and thus are more vulnerable than they realize. After examining a set of effective, easily executable, attacks on off- the-shelf disk encryption, and contextualizing them in x86 system architecture, we examine recent research on means of mitigating these attacks. By integrating AES new instructions, x86 debugging registers, encrypted RAM, IOMMU, and the TPM into a combined encryption system, the difficulty of executing a successful attack is raised significantly. We will examine the construction of this system in detail, and, at a higher level, the role of full disk encryption in assuring meaningful security in the face of physical access. Source to an experimental version of the system will be made available.