There's sdmem for Linux boxes. It has a -l and -ll option that makes it reasonably fast. So a combination of a duress encrypted volume, then killing only "sensitive processes", then clearing cache via /proc/sys/vm/drop_caches, then sdmem followed by halt might be reasonable protection. Your second point, though, makes sense. It won't always be someone physically grabbing your PC.
