Windows 10 19H1 with Retpoline Spectre V2 Mitigation

[German]Surprise in Windows 10 Insider Preview 19H1: The kernel contains the Retpoline technology to protect it from Spectre V2 attack. This is to minimize the power loss caused by this protection.


Background information about Retpoline

At the beginning of the year, the attack methods Spectre and Meltdown, which work at the CPU level, became publicly known. As a result, Intel and Microsoft released a number of Meltdown and Spectre Microcode patches. An unwelcome side effect: Some patches caused massive performance losses in the systems.

On the other hand, Google software developers had the idea to mitigate speculative side channel attacks for Spectre (and Meltdown) using special code constructs. The technique is called Retpoline and was described in this Google document. Google used the Retpoline technique to patch its own servers for the cloud.

Microsoft is using Retpoline

Now security researcher Alex Ionescu noticed while testing the current Insider Preview for Windows 10 19H1 that Retpoline is activated in the kernel. He reported this in a tweet, answered by Mehmet Iyigun.

In his tests, he recognized greatly improve performance of the new kernel in file system benchmarks on a Surface Pro 4. Mehmet Iyigun (@mamyun) from the Windows/Azure Kernel Team then confirmed on Twitter that Retpoline had been enabled by default in the Windows 10 development branch 19H1 (to be the spring update in 2019).


At Microsoft, this is combined with a technique called 'Import Optimization'. The developers aim to minimize the performance losses caused by indirect calls to kernel mode functions. The combination of these techniques reduce the performance losses caused by Spectre V2 protection to noise-level. (via)

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.