I haven’t had a chance to read the full paper yet, and I doubt it’s practical for me to verify the results, but a team including Ed Felten has figured out a way round on-disk encryption. The technique sounds dangerously simple to implement, and even if it isn’t totally reliable means you can’t trust on-disk encryption any more without considering the hardware platform around it. Which is perhaps not overly surprising; this is one reason I tend to avoid having nasty things like CD/DVD ROM drives in machines unless they actually need them. But now you need to go further: lock down the BIOS (ideally by flashing it with a new one) so you can’t boot off USB or similar; and somehow make it so you can’t easily remove the memory chips from the computer. I suppose if you’re prepared to spend enough money, you could simply make the entire unit unservicable, unexpandable, and pretty much impregnable.
It’ll still get broken, though. As with so many things, when it comes to security of data it really does seem like the only winning move is not to play.