How does memory encryption keep the decryption key secure from memory without a seperate HSM?

How does memory encryption keep the decryption key secure from memory without a seperate HSM?

For example the Go package memguard.

Couldn't a devoted attacker just find the encryption key in memory? Is it that some forms of attacks can't expose all of memory but only adjacent memory/memory in a certain location?