Windows 10 1809 开启Retpoline技术
in Windows with 0 comment
Windows 10 1809 开启Retpoline技术
in Windows with 0 comment

Retpoline技术原理

retpoline是Google开发的针对Spectre变种2漏洞缓解利用技术。Spectre变种2利用CPU的间接分支预测(indirect branch predictor)功能,攻击者通过事先训练分支,让分支预测器去影响受害者进程,然后通过侧信道的方式来获取 受害者进程的信息。其实这个变种2的漏洞利用是非常困难的,Jann Horn的利用其实也是在一个老版本的kvm上,按照 Linus的说法是利用Spectre是”fairly hard”。

谷歌表示,他们给这个编程技巧,取名为Retpoline,而这种方法对计算机性能的影响“微乎其微”(如果与在过去的几天中发布的其他补丁对CPU性能影响程度进行对比的话)。

开启方法(仅适用于1809 更新到17763.348及以上版本)

注册版路径

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

插入值

FeatureSettingsOverride 
    Type: REG_DWORD
    Value: 0x400
    
FeatureSettingsOverrideMask 
    Type: REG_DWORD
    Value: 0x400

重启电脑后即可体验该技术带来的提升

验证是否启用

使用powershell运行以下命令

Install-Module -Name SpeculationControl
Set-ExecutionPolicy RemoteSigned
Import-Module SpeculationControl
Get-SpeculationControlSettings

状态如以下一致则已开启

Speculation control settings for CVE-2017-5715 [branch target injection] 

Hardware support for branch target injection mitigation is present: True  
Windows OS support for branch target injection mitigation is present: True 
Windows OS support for branch target injection mitigation is enabled: True 
… 
BTIKernelRetpolineEnabled           : True 
BTIKernelImportOptimizationEnabled  : True 
… 

相关资料

  1. https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Mitigating-Spectre-variant-2-with-Retpoline-on-Windows/ba-p/295618
  2. https://github.com/Microsoft/SpeculationControl
The article has been posted for too long and comments have been automatically closed.