Can't edit my other reply.

Edit: I looked at your other comments to see if you had discussed Linux or Android security before (and to avoid repetitive threads). I'll reply to this post of yours here as you'll likely not see that I've replied there:

> Also linux only really has block level encryption, not file based encryption like iOS/Android. It would be trivial for LEO to access your device unless it was totally powered off and then the only protection is LUKS. Or really even if you lose your phone and someone was so inclined to they could just extract all the data if it was powered on but on the “lock screen,” as most if not all desktop (and I’d imagine linux phone) environments do not actually do any encryption or anything when the system is locked, it’s just a cosmetic lock for all intents and purposes.

With LUKS or plain dm-crypt unencrypted data never touches the storage. Small parts of the storage are decrypted in RAM, but what gets written is encrypted. FDE at the block level gives less info to the adversary than file based encryption. With detached /boot (and maybesome other stuff) (like on a USB stick), and plain dm-crypt, you can even have plausible deniability that the storage medium was just overwritten with random data. LEO can't do anything for LUKS or dm-crypt if they can't bypass the lock screen, short of a cold boot attack. That's true for file-based encryption, too. The lock screen (on Linux, at least) isn't related to disk encryption and doesn't have to be.