We have compiled WDF KMDF Universal drivers by enabling /Qspectre flag. We tested the driver on Win10 RS5 64-bit client operating system using WHQL.
The client PC is up-to date with windows updates; The ‘Get-SpeculationControlSettings’ returns ‘BTIKernelRetpolineEnabled’ as ‘TRUE’.
Since all the WHQL tests passed, we tried to submit logs for Microsoft signature.
Microsoft’s Hardware Dev Center still does not mark the “Retpoline Compiled” as true.
Is there any tool or utility to check if a driver sys file is compiled with /Qspectre flag ?
Microsoft says they will be testing every binary that passes through their portal to check whether or not it was compiled with the Retpoline flag. How do they check for this flag ? Why is the flag still not set for our sys file even if we compiled with /Qspectre?
We have used the latest “EWDK for Windows 10, version 1903” to build our drivers.
The 1903 WDK should enable /QSpectre by default. Beyond that, and that /QSpectre was only enabled for optimized builds… I’ve got nothing to add that could help.
I’m not sure if the compiler Qspectre mitigations flag and retpoline are one and the same. I’ve played with this for some hours in Visual Studio 2019 Professional - but it seems that the WDK currently available might not yet support retpoline. I’d welcome some advice on that, along with project settings for retpoline, as there doesn’t seem to be any anywhere.
For those who want a tool to see if retpoline is enabled in a particular driver then I think they might just need to use:
dumpbin /loadconfig driverfilename.sys (with the Visual Studio Developer command prompt for vs2019), and this sends a lot of blurb out for a retpoline enabled driver, but near the top of the output they will find:
0011C500 Guard Flags
CF instrumented
FID table present
Export suppression info present
Export suppression enabled
Long jump target table present
All objects are retpoline-aware
I did this with Windows 10 version 1903’s volmgr.sys but you have to first copy it from \system32\drivers to another folder, as dumpbin won’t open the file directly.
I’m not sure if /Qspectre and retpoline are one and the same - or if the current WDK actually supports third party builds with retpoline. I’d welcome advice on that, and any project settings needed for retpoline operation. I’ve been experiementing with Visual Studio 2019 with the newest WDK without success.
For those who want to test if their driver is retpoline enabled, it seems they can simply use Devloper Command Prompt for VS 2019 (in my case) and enter “Dumpbin /loadconfig drivename.sys” and for a retpoline enabled driver they will see a lot of text output, but near the top they will find:
0011C500 Guard Flags
CF instrumented
FID table present
Export suppression info present
Export suppression enabled
Long jump target table present
All objects are retpoline-aware
I used volmgr.sys from Windows 10 Version 1903 to test this - but the file has to be copied from the \system32\drivers folder to another folder because Dumpbin won’t open it directly.
Shaun
PS: sorry for posting this - I’ve just realised that the thread is over a month old, and I shouldn’t have added to it - Sincere apoligies for that.