Enable Retpoline on Windows 10
It is interesting to note that Retpoline is a binary modification technique developed by Google. It is to protect against “Branch target injection,” also referred to as “Spectre.” This solution makes sure that CPU performance improves. Microsoft is rolling this out in phases. And because of the complexity of its implementation, the performance benefits are for Windows 10 v1809 and later releases. To manually enable Rerpoline on Windows, make sure you have the KB4482887 Update. Next, add the following registry configuration updates: On Client SKUs: Reboot. On Server SKUs: Reboot.
How to verify Retpoline status on Windows
To confirm if Retpoline is active, you can use the Get-SpeculationControlSettings PowerShell cmdlet. This PowerShell script reveals the state of configurable Windows mitigations for various speculative execution side-channel vulnerabilities. It includes Spectre variant 2 and Meltdown. Once you download the script and execute, this is how it looks. Retpoline is a performance optimization for Spectre Variant 2. The key is that it requires both hardware and OS support for branch target injection to be present and enabled. Do note that Skylake and later generations of Intel processors are not compatible with Retpoline. They will have only Import Optimization enabled on these processors. In future updates, this feature will come enabled by default. As of now, they will be allowed via cloud configuration. Microsoft is working on a solution which will no longer require Retpoline. The next generation of hardware should be able to fix that- but till then the updates will patch the vulnerabilities.
