diff --git a/windows/hardening/06-physical-lock.ps1 b/windows/hardening/06-physical-lock.ps1
index 6b83930..4157651 100644
--- a/windows/hardening/06-physical-lock.ps1
+++ b/windows/hardening/06-physical-lock.ps1
@@ -24,7 +24,9 @@ New-Item $fve -Force | Out-Null
 Set-ItemProperty $fve -Name DisableExternalDMAUnderLock -Type DWord -Value 1
 
 # Prefer hibernate over sleep (keys not left resident in RAM as long).
-powercfg /hibernate on 2>$null
+# Tolerate environments without hibernation support (e.g. VMs) -- native stderr
+# under ErrorActionPreference=Stop would otherwise abort the module.
+try { & powercfg /hibernate on 2>&1 | Out-Null } catch { Write-Host '   (hibernate unavailable here; skipped)' }
 # TODO-M1: set lid-close + idle -> hibernate via powercfg; deny camera/mic per-app
 #          (Device Manager disable is the stopgap; the Pocket 4 has NO hardware kill switch).
 # NOTE: SilverDuress (Stack, v1.1) provides duress-PIN / panic-wipe - installed by module 08.