FDE could be made to protect the data when the machine is out of range of its secure home network too.
Leaving it on, the machine would detect loss of home network fairly quickly and lock itself.
The FDE key would depend on a key server on the home network, so it could not be rebooted and unlocked just with the physical on-board devices.
If some parts of the FDE were handled on the storage itself and required a periodic end-to-end refresh with the home network key server, then even freezing main RAM (literally) to extract keys later would not work.
More generally, the FDE key could be split over a number of components on the machine, all of them requiring end-to-end periodic refresh from the home network key server, making it extremely difficult to freeze all on-board devices effectively enough to extract the whole key and decrypt the storage contents. Add RAM encryption to complete the job.
Leaving it on, the machine would detect loss of home network fairly quickly and lock itself.
The FDE key would depend on a key server on the home network, so it could not be rebooted and unlocked just with the physical on-board devices.
If some parts of the FDE were handled on the storage itself and required a periodic end-to-end refresh with the home network key server, then even freezing main RAM (literally) to extract keys later would not work.
More generally, the FDE key could be split over a number of components on the machine, all of them requiring end-to-end periodic refresh from the home network key server, making it extremely difficult to freeze all on-board devices effectively enough to extract the whole key and decrypt the storage contents. Add RAM encryption to complete the job.