Preventing information leaks from ext4 filesystems

To my knowledge, if a malware can look at deleted information even with encryption enabled (as said 'encryption does not help ') , it must be a running time attack (since encryption prevent cold attack), and if it can bypass OS fs layer restriction (because you can not access a already deleted file info through normal fs api), it must gain raw disk read permission (at least some level administrator permission, for example access debugfs ). in such situation, if without encryption , malware can parse whole filesystem already, no just a filename. with encryption enabled, malware at least need to obtain encryption key (otherwise encryption still worked). and if malware can obtain encryption key (no matter from kernel, or from a bad-placed-plain-text-password), then whole system already being cracked (almostly). that means: if such malware do exist and make encryption useless, then whole os already insecure. it can leak much more than just a filename. encryption at least makes crack harder.