我相信您知道去年1 月披露的^(January)Spectre 和 Meltdown硬件漏洞。这些硬件漏洞允许程序窃取计算机上正在处理的数据。然后是幽灵2^{(Spectre 2)}！虽然这种情况得到了缓解，但该解决方案导致了更严重的性能下降。Retpoline就是对此的回答！在这篇文章中，我们将了解如何在Windows 10上启用^{(Windows 10)}Retpoline。

在 Windows 10 上启用 Retpoline

有趣的是，Retpoline是Google开发的一种二进制修改技术。这是为了防止“分支目标注入”，也称为“幽灵”。此解决方案可确保提高CPU性能。微软^(Microsoft)正在分阶段推出此功能。并且由于其实现的复杂性，性能优势适用于Windows 10 v1809 及更高版本。

要在Windows上手动启用Rerpoline，请确保您拥有KB4482887 更新^{(KB4482887 Update)}。

接下来，添加以下注册表配置更新：

在客户 SKU 上：^{(On Client SKUs:)}

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0x400

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 0x400

重启。

在服务器 SKU 上：^{(On Server SKUs:)}

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0x400

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 0x401

重启。

如何在 Windows 上验证Retpoline状态

要确认Retpoline是否处于活动状态，您可以使用Get-SpeculationControlSettings PowerShell cmdlet。此 PowerShell 脚本^{(This PowerShell script)}揭示了针对各种推测执行侧通道漏洞的可配置Windows缓解措施的状态。^(Windows)它包括Spectre变体 2 和Meltdown。下载脚本并执行后，这就是它的外观。

Speculation control settings for CVE-2017-5715 [branch target injection] 

Hardware support for branch target injection mitigation is present: True  
Windows OS support for branch target injection mitigation is present: True 
Windows OS support for branch target injection mitigation is enabled: True 
… 
BTIKernelRetpolineEnabled           : True 
BTIKernelImportOptimizationEnabled  : True 
...

Retpoline是Spectre Variant 2的性能优化。关键是它需要硬件和操作系统都支持分支目标注入并启用。请注意，Skylake和后续几代英特尔处理器与^(Intel)Retpoline不兼容。他们将仅在这些处理器上启用导入优化。^{(Import Optimization)}

在未来的更新中，此功能将默认启用。截至目前，它们将通过云配置被允许。Microsoft正在开发一种不再需要Retpoline的解决方案。下一代硬件应该能够解决这个问题——但在此之前，更新将修补漏洞。

How to manually enable Retpoline on Windows 10

I am sure thаt you are aware of the hardware vulnerabilities Spectrе and Meltdown whіch were revealed last year in January. These hardware vulnerabilities аllow programs to steal data that is being рrocessed on the computer. Then camе the Spectre 2! While this was mitigated, the solυtion resυlted in more substantial performance degradation. Retpoline was an answer to this! In this post, we will see how you can enable Retpoline on Windows 10.

Enable Retpoline on Windows 10

It is interesting to note that Retpoline is a binary modification technique developed by Google. It is to protect against “Branch target injection,” also referred to as “Spectre.”  This solution makes sure that CPU performance improves. Microsoft is rolling this out in phases. And because of the complexity of its implementation, the performance benefits are for Windows 10 v1809 and later releases.

To manually enable Rerpoline on Windows, make sure you have the KB4482887 Update.

Next, add the following registry configuration updates:

On Client SKUs:

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0x400

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 0x400

Reboot.

On Server SKUs:

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0x400

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 0x401

Reboot.

How to verify Retpoline status on Windows

To confirm if Retpoline is active, you can use the Get-SpeculationControlSettings PowerShell cmdlet. This PowerShell script reveals the state of configurable Windows mitigations for various speculative execution side-channel vulnerabilities. It includes Spectre variant 2 and Meltdown. Once you download the script and execute, this is how it looks.

Speculation control settings for CVE-2017-5715 [branch target injection] 

Hardware support for branch target injection mitigation is present: True  
Windows OS support for branch target injection mitigation is present: True 
Windows OS support for branch target injection mitigation is enabled: True 
… 
BTIKernelRetpolineEnabled           : True 
BTIKernelImportOptimizationEnabled  : True 
...

Retpoline is a performance optimization for Spectre Variant 2. The key is that it requires both hardware and OS support for branch target injection to be present and enabled. Do note that Skylake and later generations of Intel processors are not compatible with Retpoline. They will have only Import Optimization enabled on these processors.

In future updates, this feature will come enabled by default. As of now, they will be allowed via cloud configuration. Microsoft is working on a solution which will no longer require Retpoline. The next generation of hardware should be able to fix that- but till then the updates will patch the vulnerabilities.

Related posts

• 如何在Windows 10上禁用Feature Updates的保障措施

• 如何在Windows 10使用Network Sniffer Tool PktMon.exe

• Windows 10中Taskbar Context Menu中的Hide Toolbars option

• 如何在Windows 10上使用PIP安装NumPy

• 使用MyLauncher为Windows 10计算机启动文件

• 什么是Windows 10中的Control Flow Guard - 如何打开或关闭它

• 无法连接到Xbox Live; Windows 10中的Fix Xbox Live Networking issue

• 如何在Windows 10中禁用Automatic Driver Updates

• 如何将Secure Delete添加到Windows 10中的context menu

• Convert EPUB至MOBI - 用于Windows 10的免费转换器工具

• Install Realtek HD Audio Driver Failure，Error OxC0000374上Windows 10

• 双Monitor Tools用于Windows 10，让您可以管理多个监视器

• Picsart在Windows 10上提供Custom Stickers & Exclusive 3D Editing

• Best免费Molecular Modeling software的Windows 10

• Windows 10 Best免费Barcode Scanner software

• 创建Keyboard Shortcut以在Windows 10中打开您最喜爱的Website

• Emulate Mouse通过使用Windows 10使用Clickless Mouse来悬停Emulate Mouse

• 如何扭转Windows 10 PC上的Video

• Windows 10上的Fix Fast Battery drain使用Hybrid图形

• Windows 10 Lock Screen Make Firefox display Media Controls Lock Screen