Install memlockd by default? (daemon to increase system reliablity during low RAM)

This sounds interesting.

When a system starts paging excessively it may be impossible for the sysadmin to login for the purpose of killing the runaway processes (sometimes the login program times out due to thrashing). Memlockd allows important system files (such as /bin/login, /bin/getty, and the admin shell) to be locked in memory so that there will be no delay in accessing executable pages. In my tests this can decrease the time required for the administrator to login on a thrashing system by a factor of more than 3.

Quote https://tails.boum.org/contribute/design/memory_erasure/:

The memlockd daemon, appropriately configured, ensures every file needed by the memory erasure process is locked into memory from boot to memory erasure time.

Related::
Is RAM Wipe possible inside Whonix? Cold Boot Attack Defense

Maybe bad news, maybe not available in Debian buster+1 (bullseye):

Yes I think it’s useful on its own for sysadmins even if not part of a comprehensive wiping implementation.

1 Like