Forgive me if this is already the standard (I haven’t looked into the code), but is the swap space encryption key randomized for each boot?
Back when I used Tails I would activate the internal drive as swap space with a randomized key and it seems like a good feature to have to protect privacy across reboots, if your drive password is ever stolen, or if it’s pulled out under duress.
If it’s not already the standard, is there a place to lodge feature requests?