No, these should exist in the TPM and highly volatile memory like CPU cache. This including the decryption code. This can be achieved using mechanisms similar to what Coreboot does before RAM is initialized.
No need for the keys or decryption to touch easily intercepted and rowhammered RAM.
bigmattystyles|4 months ago