The Bitlocker the guidance from Microsoft is to disable sleep states and use hibernate in combination with TPM + PIN for elevated security against cold boot and DMA attacks. Unfortunately this is pretty inconvenient as it results in very frequent entry of PIN and slower hibernate/wake times. I don’t regard the cold boot attacks as realistic outside of the highest security environments, but I am concerned about DMA attacks. Is hibernate required if we are using Thunderbolt 3 devices that offer UEFI DMA protection and we can disable new DMA devices being enumerated while Windows is locked using group policy?
See the section 'Attacker Countermeasures'. https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-countermeasures
