A running Qubes OS system is vulnerable to Cold boot attack - Wikipedia
A sucesful cold boot attack gives the adversary acess to all data on disk. full disk encryption will be useless. The attacker can read sensitive data in RAM too, so even a live OS could be vulnerable.
For instance if you leave the system unattended for a moment one adversary could keep you in check while another performs a cold boot attack. Perhaps a logical step in a world where people use full disk encryption and live OS.
A mitgiation is to glue the RAM onto the motherboard and use UEFI secure boot to prevent RAM dumps. Tails tries to prevent the attack by writing random data to RAM on shut down and there are patches for the Linux kernel, RamCrypt and TRESOR, which encrypts RAM with a key stored in CPU registers.
Any ideas on how we can defend our Qubes from the cold boot attack?