I'm lost. What is being solved with this massively complex and flawed mechanism?
It sounds like he's trying to solve two problems without solving them.
First, a computer stolen while anything is decrypted is vulnerable. How does moving encryption to the user-level solve that? Assume the user decryption keys are tossed when the computer suspends. Now what at wakeup? All of every users' processes crash or lock up until each one logs in again? That seems worse than locking up the whole system in firmware until a password is provided.
Second, give user-level encryption. Why? Protect against an admin viewing everything? An admin could intercept your decryption keys just as easily. Nothing is safe if you can't trust the admin role.