Use of Hibernation may cause slower boots and resumes when BitLocker Drive Encryption is enabled
Applies To: Windows 7, Windows Server 2008 R2
When BitLocker Drive Encryption is used to encrypt the OS volume, after the first resume from hibernation, subsequent resumes from hibernate and the next system boot may be slower. This includes resumes from hibernate, restarts, and shutdowns followed by power on. This slowdown happens because the firmware clears the system’s RAM during the boot process. Systems that do not use Hibernate will not encounter this problem.
During boot, BitLocker Drive Encryption configures the firmware to erase memory on the subsequent boot if the system is shutdown unexpectedly. During resume from hibernation BitLocker configures the firmware to erase memory on the subsequent boot irrespective of the cause for shutdown. This issue begins after the first resume from hibernation, continues across hibernate cycles, and ends after the slow boot following a shutdown or restart. As a result, on a boot following resume from hibernate, as instructed by BitLocker, the firmware clears the memory during the boot process. The delay for users while memory is cleared will vary by the physical configuration of the system and memory size.
The recommended solution to this known issue is to not use hibernate, but to use system shutdown instead. Additionally, some platform manufacturers may have implemented BIOS optimizations to improve the memory clearing performance. Please consider installing the latest BIOS update from the platform manufacturer if available.
There is a workaround, however this workaround requires making changes to a Group Policy setting that could expose a known attack vector.
Log on as an administrator.
Click Start and enter gpedit.msc into the Search Programs and Files Search box.
In the Local Computer Policy navigation pane, expand and select Administrative Templates, Windows Components, and then BitLocker Drive Encryption.
In the right pane, right click on Prevent Memory overwrite on restart and choose Edit.
Change the configuration to Enabled and then click OK to save the change.
Reboot the computer so the changes can take effect.
Changing this Group Policy setting will severely lower the data at rest protection BitLocker provides for the OS volume because it may allow an attacker to boot a powered off system to the OS login prompt, restart the system and harvest drive encryption key material from the system memory. This attack vector is especially applicable when BitLocker is configured to use the TPM-only protector and other policy configurations allow system restart or shutdown from the login prompt screen or via pressing the power button.