Suspending Bitlocker protection: how is the clear key "erased" afterwards?

Question

According to the Bitlocker FAQs:

Suspend keeps the data encrypted but encrypts the BitLocker volume master key with a clear key. The clear key is a cryptographic key stored unencrypted and unprotected on the disk drive. By storing this key unencrypted, the Suspend option allows for changes or upgrades to the computer without the time and cost of decrypting and re-encrypting the entire drive. After the changes are made and BitLocker is again enabled, BitLocker will reseal the encryption key to the new values of the measured components that changed as a part of the upgrade, the volume master key is changed, the protectors are updated to match and the clear key is erased."

My question is regarding that last part. Does anyone know how the clear key is "erased"?

Is it simply deleted from the file system but left physically intact on the drive? (meaning that it could be recovered by a data recovery application?)

Or is it also overwritten / destroyed / made useless in some way?

Basically I am thinking of enabling Bitlocker on an OS drive on a SSD. But I am concerned that all any thief or attacker would need to do is run a data recovery application on the drive, and then potentially recover a working clear key that was left behind following a past suspension.

Answer 1

The Bitlocker keys are stored in three locations, whose positions on the disk don’t change. Once the clear key is removed, the data set containing the remaining keys (recovery key, TPM, ...) is shrunk (and the remaining filled with 00) and written at the same place.

Also, these three data sets get updated regularly when the data is being initially encrypted, as the current position where encrypted data ends and unencrypted data starts is also recorded in these 64k of data.

If the device in question employs wear leveling or if you are able to recover data previously written at a fixed position (and overwritten since), then you can – in theory – get back the clear key. The (sparse) documentation doesn’t mention any special provisions for making sure the data gets overwritten multiple times or kept at the same sector on flash disks. Earliest Bitlocker implementations predate the widespread uses of flash disks, so that wasn’t a concern, either.

Still, data recovery on data already overwritten is something not in the reach for the average thief, as it requires specialized tooling (and disassembly of the disk). On flash drives, the chance that the clear key is found in one of the spare sectors of wear leveling is in theory there (especially since it is found 3 times), but depending on how much time has passed since, its chances can be pretty slim.

Answer 2

Clear Key is stored on Metadata when you suspend Bitlocker. Metadata for the drive is preallocated to specific sectors on the drive and are not directly within your volumes. The Clear Key is used in conjunction with several other type of keys/challenges (if TPM present) during the suspension stage.

On SSDs, when sectors do not contain any data, those sectors are erased by TRIM automatically if that function is enabled, which it is on most newer SSDs.

The key isn't left intact after suspension as the metadata occupied for those keys are erased from the SSD.

Retrieving erased metadata files from sectors to reconstruct the 256-bit Clear Key is hard work even for seasoned professionals and I've never encountered anyone with the capabilities to do so from a SSD. It would have a higher chance of recovery if it was on a Hard Drive. Even then, not everyone can do it.

Answer 3

Is it simply deleted from the file system but left physically intact on the drive? (meaning that it could be recovered by a data recovery application?)

The key is not stored as a file in the first place (or even anywhere else within the filesystem; it is stored in the BitLocker volume header that precedes it) so there is no "filename→data" indirection and the usual shortcut of "When you delete a file, its data blocks remain" does not apply. Rather, when the header is changed, directly overwriting the respective sectors is how changes are always made.

As far as the OS can see, the logical sector is the lowest layer of abstraction that's accessible from outside the disk – it "directly" holds data, and once it's overwritten, it's overwritten; even data recovery programs cannot see through to its previous contents. (They work with the same limitations as any other software.)

The old contents of that sector may still physically exist somewhere in the disk (and indeed they will if it's an SSD or an SMR HDD, which both use firmware-level translation layers to remap the same logical sector to different physical sectors every time it's written to), but accessing them would require, at least, specialized knowledge of the disk's firmware; there are no standard commands to get the "previous version" of a sector.

That is, a recovery specialist would probably be able to pull out some of the "overwritten" sectors – and would charge you for the work accordingly – but it's generally not something that could be done simply by running a program within the same OS.

(Overwriting data on CMR HDDs is simpler; the logical sector corresponds to the same physical area on the disk every time. As soon as something is overwritten, it's practically gone; there might be some trace magnetization left from the earlier data, but from what I've heard, it stopped being feasible to recover it many gigabytes ago due to the ever increasing density – even the normal data read from an HDD already has to go through a lot of signal processing to decipher it.)