The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

How to manually enable Retpoline on Windows 10

Download PC Repair Tool to quickly find & fix Windows errors automatically

I am sure that you are aware of the hardware vulnerabilities Spectre and Meltdown which were revealed last year in January. These hardware vulnerabilities allow programs to steal data that is being processed on the computer. Then came the Spectre 2! While this was mitigated, the solution resulted in more substantial performance degradation. Retpoline was an answer to this! In this post, we will see how you can enable Retpoline on Windows 10.

Enable Retpoline on Windows 10

Manually enable Retpoline on Windows

It is interesting to note that Retpoline is a binary modification technique developed by Google. It is to protect against “Branch target injection,” also referred to as “Spectre.”  This solution makes sure that CPU performance improves. Microsoft is rolling this out in phases. And because of the complexity of its implementation, the performance benefits are for Windows 10 v1809 and later releases.

To manually enable Rerpoline on Windows, make sure you have the KB4482887 Update.

Next, add the following registry configuration updates:

On Client SKUs:

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0x400
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 0x400

Reboot.

On Server SKUs:

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0x400
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 0x401

Reboot.

How to verify Retpoline status on Windows

To confirm if Retpoline is active, you can use the Get-SpeculationControlSettings PowerShell cmdlet. This PowerShell script reveals the state of configurable Windows mitigations for various speculative execution side-channel vulnerabilities. It includes Spectre variant 2 and Meltdown. Once you download the script and execute, this is how it looks.

Speculation control settings for CVE-2017-5715 [branch target injection] 

Hardware support for branch target injection mitigation is present: True  
Windows OS support for branch target injection mitigation is present: True 
Windows OS support for branch target injection mitigation is enabled: True 
… 
BTIKernelRetpolineEnabled           : True 
BTIKernelImportOptimizationEnabled  : True 
...

Retpoline is a performance optimization for Spectre Variant 2. The key is that it requires both hardware and OS support for branch target injection to be present and enabled. Do note that Skylake and later generations of Intel processors are not compatible with Retpoline. They will have only Import Optimization enabled on these processors.

In future updates, this feature will come enabled by default. As of now, they will be allowed via cloud configuration. Microsoft is working on a solution which will no longer require Retpoline. The next generation of hardware should be able to fix that- but till then the updates will patch the vulnerabilities.

78 Shares

[email protected]

Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP (2006-16) & a Windows Insider MVP (2016-2022). Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.

Share via
Facebook
Twitter
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap