Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Retpoline compiled driver always shows FALSE flag in MS portal

MathanMathan Member Posts: 2

We have compiled WDF KMDF Universal drivers by enabling /Qspectre flag. We tested the driver on Win10 RS5 64-bit client operating system using WHQL.

The client PC is up-to date with windows updates; The 'Get-SpeculationControlSettings' returns 'BTIKernelRetpolineEnabled' as 'TRUE'.
Since all the WHQL tests passed, we tried to submit logs for Microsoft signature.

Microsoft's Hardware Dev Center still does not mark the "Retpoline Compiled" as true.
Is there any tool or utility to check if a driver sys file is compiled with /Qspectre flag ?

Microsoft says they will be testing every binary that passes through their portal to check whether or not it was compiled with the Retpoline flag. How do they check for this flag ? Why is the flag still not set for our sys file even if we compiled with /Qspectre?

We have used the latest "EWDK for Windows 10, version 1903" to build our drivers.

Thanks & Regards,
Mathan

Comments

  • MathanMathan Member Posts: 2

    Hi All,

    Any feedback for the above query?

    Thanks & Regards,
    Mathan

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,631

    The 1903 WDK should enable /QSpectre by default. Beyond that, and that /QSpectre was only enabled for optimized builds... I’ve got nothing to add that could help.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • CymonCymon Member Posts: 7

    I recommend that you open a support case with HDC as they will need to look at the driver package submitted to properly diagnose the problem. One thing to note here is that if there is a single file in the package which is not compliant then the entire package is failed.
    Here is a link for more information on opening a support case: https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/hardware-dashboard-faq#how-do-i-contact-partner-center-support

  • shaun_hollingworthshaun_hollingworth Member Posts: 2
    edited November 2019

    I'm not sure if the compiler Qspectre mitigations flag and retpoline are one and the same. I've played with this for some hours in Visual Studio 2019 Professional - but it seems that the WDK currently available might not yet support retpoline. I'd welcome some advice on that, along with project settings for retpoline, as there doesn't seem to be any anywhere.

    For those who want a tool to see if retpoline is enabled in a particular driver then I think they might just need to use:
    dumpbin /loadconfig driverfilename.sys (with the Visual Studio Developer command prompt for vs2019), and this sends a lot of blurb out for a retpoline enabled driver, but near the top of the output they will find:

                       0011C500 Guard Flags
                       CF instrumented
                       FID table present
                       Export suppression info present
                       Export suppression enabled
                       Long jump target table present
                       All objects are retpoline-aware
    

    I did this with Windows 10 version 1903's volmgr.sys but you have to first copy it from \system32\drivers to another folder, as dumpbin won't open the file directly.

    Shaun.

  • shaun_hollingworthshaun_hollingworth Member Posts: 2
    edited November 2019

    I'm not sure if /Qspectre and retpoline are one and the same - or if the current WDK actually supports third party builds with retpoline. I'd welcome advice on that, and any project settings needed for retpoline operation. I've been experiementing with Visual Studio 2019 with the newest WDK without success.


    For those who want to test if their driver is retpoline enabled, it seems they can simply use Devloper Command Prompt for VS 2019 (in my case) and enter "Dumpbin /loadconfig drivename.sys" and for a retpoline enabled driver they will see a lot of text output, but near the top they will find:


    0011C500 Guard Flags
    CF instrumented
    FID table present
    Export suppression info present
    Export suppression enabled
    Long jump target table present
    All objects are retpoline-aware


    I used volmgr.sys from Windows 10 Version 1903 to test this - but the file has to be copied from the \system32\drivers folder to another folder because Dumpbin won't open it directly.


    Shaun
    PS: sorry for posting this - I've just realised that the thread is over a month old, and I shouldn't have added to it - Sincere apoligies for that.

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,631

    Super interesting post, Mr. Hollingworth. I admit it: I didn’t know about the /loadconfig switch to dumpbin. Helpful. Thanks.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 20 Apr 2020 OSR Seminar Space & ONLINE
Writing WDF Drivers 11 May 2020 OSR Seminar Space & ONLINE
Internals & Software Drivers 28 Sept 2020 Dulles, VA