Retpoline compiled driver always shows FALSE flag in MS portal

We have compiled WDF KMDF Universal drivers by enabling /Qspectre flag. We tested the driver on Win10 RS5 64-bit client operating system using WHQL.

The client PC is up-to date with windows updates; The ‘Get-SpeculationControlSettings’ returns ‘BTIKernelRetpolineEnabled’ as ‘TRUE’.
Since all the WHQL tests passed, we tried to submit logs for Microsoft signature.

Microsoft’s Hardware Dev Center still does not mark the “Retpoline Compiled” as true.
Is there any tool or utility to check if a driver sys file is compiled with /Qspectre flag ?

Microsoft says they will be testing every binary that passes through their portal to check whether or not it was compiled with the Retpoline flag. How do they check for this flag ? Why is the flag still not set for our sys file even if we compiled with /Qspectre?

We have used the latest “EWDK for Windows 10, version 1903” to build our drivers.

Thanks & Regards,
Mathan

Hi All,

Any feedback for the above query?

Thanks & Regards,
Mathan

The 1903 WDK should enable /QSpectre by default. Beyond that, and that /QSpectre was only enabled for optimized builds… I’ve got nothing to add that could help.

Peter

I recommend that you open a support case with HDC as they will need to look at the driver package submitted to properly diagnose the problem. One thing to note here is that if there is a single file in the package which is not compliant then the entire package is failed.
Here is a link for more information on opening a support case: https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/hardware-dashboard-faq#how-do-i-contact-partner-center-support

I’m not sure if the compiler Qspectre mitigations flag and retpoline are one and the same. I’ve played with this for some hours in Visual Studio 2019 Professional - but it seems that the WDK currently available might not yet support retpoline. I’d welcome some advice on that, along with project settings for retpoline, as there doesn’t seem to be any anywhere.

For those who want a tool to see if retpoline is enabled in a particular driver then I think they might just need to use:
dumpbin /loadconfig driverfilename.sys (with the Visual Studio Developer command prompt for vs2019), and this sends a lot of blurb out for a retpoline enabled driver, but near the top of the output they will find:

                   0011C500 Guard Flags
                   CF instrumented
                   FID table present
                   Export suppression info present
                   Export suppression enabled
                   Long jump target table present
                   All objects are retpoline-aware

I did this with Windows 10 version 1903’s volmgr.sys but you have to first copy it from \system32\drivers to another folder, as dumpbin won’t open the file directly.

Shaun.

I’m not sure if /Qspectre and retpoline are one and the same - or if the current WDK actually supports third party builds with retpoline. I’d welcome advice on that, and any project settings needed for retpoline operation. I’ve been experiementing with Visual Studio 2019 with the newest WDK without success.


For those who want to test if their driver is retpoline enabled, it seems they can simply use Devloper Command Prompt for VS 2019 (in my case) and enter “Dumpbin /loadconfig drivename.sys” and for a retpoline enabled driver they will see a lot of text output, but near the top they will find:


0011C500 Guard Flags
CF instrumented
FID table present
Export suppression info present
Export suppression enabled
Long jump target table present
All objects are retpoline-aware


I used volmgr.sys from Windows 10 Version 1903 to test this - but the file has to be copied from the \system32\drivers folder to another folder because Dumpbin won’t open it directly.


Shaun
PS: sorry for posting this - I’ve just realised that the thread is over a month old, and I shouldn’t have added to it - Sincere apoligies for that.

Super interesting post, Mr. Hollingworth. I admit it: I didn’t know about the /loadconfig switch to dumpbin. Helpful. Thanks.

Peter