I am using full disc encryption on my portable computer (running Ubuntu). The setup requires me to enter a password during the boot sequence to access fully encrypted hard drive. There is no additional encryption of my home directory or even a login for X session required (I'm the only user).
When I move around with my computer, I usually do not turn it off completely, only suspend it. This operation starts a screen lock on the X session before the PC is suspended. There are other text consoles available that do require login with my username and password (but no SSH server).
I've seen people (usually with setup that encrypts only their home directory) that wipe the disc encryption key from memory when the screen is locked. I find this solution quite drastic, since sometimes I want to leave some programs running on the background that need access to the disc or my home directory (e.g. a file downloading in a browser while I go for a lunch and lock my screen).
In case my PC would be stolen, is there a way an attacker would be able to gain access to the files on my computer without my password? Generally, the screen locking is frowned upon as a weak security measure because "it's just a screen lock", yet I failed to come up with any reasonable scenario how a potential thief would be able to gain access to my data if he would steal my suspended computer with a locked screen. He doesn't have any way to control my computer without my login password and any attempt to power it off and look at the hard drive directly would leave him with encrypted drive inaccessible without my disc encryption password.
Can anyone point out any weakness in this setup, and if you do, how to make it secure?