It is not possible:
- Even though pureboot protects you quiet well it does not hinder anybody to use your boot partition to exchange data with your “air-gapped partion”.
- While running your connected OS it is possible to attack your other encrypted partition containing the “air-gapped partition”. Relevant is that LUKS stores the (one and only) encryption key in a well known place. To attack that key would be very much more efficient extracting the encrypted encryption key and only some data to check (partition headers are also well known plain text) and process it outside your computer.
- In the end there are probably a good number of alternative methods to overcome that “not-really-air-gap” we couldn’t think of yet and that will be found by your enemy the evil genius.
Depending on your use case it might be enough getting some SBC that does not contain any wireless or ethernet port or at least make sure by hardware (ethernet covered by case, case made from metal to prevent bluetooth or wifi) that it won’t be able to connect.