BitLocker - behavior in sleep mode

Jakub 46 Reputation points
2022-11-09T16:46:35.043+00:00

Dear QA Team,

I´m trying to find an answer to a specific case I encountered recently but no luck on the internet so far.

  • A laptop with TPM 2.0 (ThinkPad L15) with BitLocker enabled got stolen.
  • The BL settings were automatic - key stored in TPM, did not ask the user for PW, unless the recovery got triggered.
  • When stolen, the laptop was only in sleep mode.
  • I know a scheduled task can be set to lock drive while the device goes to sleep but it wasn´t the case of the stolen device yet.

The question is: will the BL lock the drive in case someone would put it in another computer to read the data, even though the laptop was in sleep mode and the drive thus unlocked at that time? I don´t mean any specific/targeted data theft engineering, that cannot be, most likely, avoided with an unlocked drive but more like the drive recognizes the TPM key auth doesn´t add up and lock it. (Also the scenario when someone would try to connect the drive to an already running system, if there´s any difference).

Thank you
Jakub

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,805 questions
0 comments No comments
{count} votes

Accepted answer
  1. Bagitman 581 Reputation points
    2022-11-13T14:21:55.433+00:00

    Sleep has no relevance here. When the drive is connected to another machine, the recovery key is asked for.
    When the device was not locked nor configured to automatically lock after sleep (=ask for the user password/ user PIN), the thief can of course see all data that the user logged in could see.


0 additional answers

Sort by: Most helpful