1007 - Risks of using Sleep mode with SEDs

  • Updated on Feb 6, 2026
  • 1 minute(s) read
  • VN
 Prev Next

Risks of Using Sleep Mode with Self-Encrypting Drives (SEDs)

Overview

Sleep mode (S3 state) is not secure for systems using either software encryption or self‑encrypting drives (SEDs). During sleep mode, memory remains active, leaving sensitive information vulnerable to potential memory attacks.

For example, if a user places their computer into sleep mode while working on a confidential document, that document may be exposed to attacks regardless of whether hardware or software encryption is in use.

Security Risks

  • Memory Attacks

    • Cached encryption and authentication keys for SEDs remain in memory during sleep mode.

    • Although such attacks are technically challenging, they remain a potential risk even against sophisticated attackers.

  • Profile Option Vulnerability

    • The SES console includes an option: “Unlock SES disk upon Windows awaken from S3 mode.”

    • If enabled, the disk unlocks automatically when Windows resumes from sleep.

    • This introduces a security vulnerability: an attacker could reboot the system from a USB stick or DVD and gain access to the unlocked drive.

Recommendation: Use hibernate mode instead of sleep mode to ensure stronger protection.

Why Hibernate Mode Is Safer

Hibernate mode provides enhanced security while still allowing users to quickly resume their work session. Key features include:

  • Writes all current memory information securely to disk and powers down the system, returning the drive to a secure data‑at‑rest state.

  • With software encryption, memory is cleared and the encryption engine stops running.

  • With SEDs, power to the drive is cut off and the drive is re‑locked.

  • Upon resuming, users must re‑authenticate at pre‑boot (or via PBConnex), which unlocks the drive and restores the memory image from before hibernation.

Recommended Mitigations

To reduce risks associated with sleep mode and SEDs:

Windows 7 Policy Change

Disable the option that allows shutdown without logging on:

  1. Click StartControl PanelPerformance and MaintenanceAdministrative Tools.

  2. Double‑click Local Security Policy.

  3. Expand Security SettingsLocal PoliciesSecurity Options.

  4. In the right pane, double‑click Shutdown: Allow system to be shut down without having to log on.

  5. Select Disable, then click OK.

Additional Options

  • Use the Intel AT S3 resume timer to force hibernation if the user does not authenticate within a set time after waking from sleep.

  • Avoid sleep mode on computers with a physical soft reset button.

  • Lock down the BIOS to prevent booting from external media (DVDs, USB drives).

  • On Lenovo systems, consider HPM (Hardware Password Manager) as a more secure alternative. It provides BIOS‑based credential caching and manages BIOS passwords.