BitLocker and DMA and Memory Resilience attacks?

win10freak · 27 Jul 2018

I an running BitLocker with fully encrypted OS drive with TPM only authentication.

I have Sleep mode disabled with a setting: Never

When not using my laptop, I power OFF my system completely.

My question is, am I still vulnerable to DMA attacks if I shutdown my laptop completely when I am finished using my laptop?

I read that DMA attacks only occur when the systems are not fully powered down , meaning there are just only Locked with the Windows Logon screen, Sleep mode, or just reboot.

PolarNettles · 27 Jul 2018

When you fully shut down your system then your memory controller and DIMMs are powered off. So, by definition, a DMA attack won't be possible since there's no memory to access and no path for devices to access memory.

win10freak · 27 Jul 2018

As long as my laptop is fully turned off I should be safe from DMA attacks?

I never leave my laptop powered ON and Sleep mode is disabled.

PolarNettles · 27 Jul 2018

Yes, that's what I said.

win10freak · 28 Jul 2018

Thank you!

Is that's the case, then I should be fine using TPM only protection WITHOUT setting the below Group Policies?

Can I just only Enable the GPO setting (Disable new DMA devices when this computer is locked) or do I need to also set the other GPO settings as well as shown below?

Computer Configuration > System > Device Installation > Device Installation Restrictions
Prevent installation of devices that match any of these Device IDs > Prevent installation of devices that match any of these Device IDs: PCI\CC_0C0A

Computer Configuration > System > Device Installation > Device Installation Restrictions
Prevent installation of devices that match any of these Device IDs > Prevent installation of devices that match any of these Device IDs: {d48179be-ec20-11d1-b6b8-00c04fa372a7}