Intel slowdown

Discussion in 'Microsoft Surface Book' started by gman713, Jan 4, 2018.

  1. GreyFox7

    GreyFox7 Super Moderator Staff Member

    Joined:
    Jul 27, 2014
    Messages:
    6,894
    Likes Received:
    1,385
    Trophy Points:
    113
    With the Spectre variant 2 fix disabled per Microsoft's recent new update the Passmark performance score is returned to 2045.9 as it was before the Firmware update.
     
  2. wynand32

    wynand32 Well-Known Member

    Joined:
    Jun 24, 2014
    Messages:
    1,045
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Oak Park, CA
    My Device:
    SPro3
    Awesome, thanks for the report. By the way, I ran the update but it gave zero feedback -- did yours give any kind of indication that it worked when you ran it?

    Also, I went ahead and implemented the manual registry update as well. I'm thinking it probably just duplicated whatever the update did, and I've not seen any bad effects.
     
  3. GreyFox7

    GreyFox7 Super Moderator Staff Member

    Joined:
    Jul 27, 2014
    Messages:
    6,894
    Likes Received:
    1,385
    Trophy Points:
    113
    I just ran the Powershell commands, did the registry changes, and rebooted so it would take effect.
     
  4. wynand32

    wynand32 Well-Known Member

    Joined:
    Jun 24, 2014
    Messages:
    1,045
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Oak Park, CA
    My Device:
    SPro3
    Those are actually one step, right? Running the commands creates the new registry keys... just want to make sure I did the right thing.


    Sent from my iPad using Tapatalk
     
  5. GreyFox7

    GreyFox7 Super Moderator Staff Member

    Joined:
    Jul 27, 2014
    Messages:
    6,894
    Likes Received:
    1,385
    Trophy Points:
    113
    Go to Speculation Control Validation PowerShell Script

    Download SpeculationControl.zip to a local folder.

    Extract the contents to a local folder, for example C:\ADV180002

    Run the PowerShell module to validate the protections are enabled or disabled

    Start PowerShell, then (using the example above) copy and run the following commands:

    Save the current execution policy so it can be reset

    PS> $SaveExecutionPolicy = Get-ExecutionPolicy

    PS> Set-ExecutionPolicy RemoteSigned -Scope Currentuser

    PS> CD C:\ADV180002\SpeculationControl

    PS> Import-Module .\SpeculationControl.psd1

    PS> Get-SpeculationControlSettings

    The output of this PowerShell script will resemble the following.

    Speculation control settings for CVE-2017-5715 [branch target injection]
    For more information about the output below, please refer to https://support.microsoft.com/en-in/help/4074629
    Hardware support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is present: True
    *Windows OS support for branch target injection mitigation is enabled: False
    *Windows OS support for branch target injection mitigation is disabled by system policy: True
    *Windows OS support for branch target injection mitigation is disabled by absence of hardware support: False
    Speculation control settings for CVE-2017-5754 [rogue data cache load]
    Hardware requires kernel VA shadowing: True
    Windows OS support for kernel VA shadow is present: True
    Windows OS support for kernel VA shadow is enabled: True
    Windows OS support for PCID performance optimization is enabled: True [not required for security]

    * = changed lines
    PS> # Reset the execution policy to the original state

    PS> Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser

    SORRY for the crappy editing... using the FCU OSK = Biggest POS ever.
     
    Last edited: Jan 30, 2018
  6. wynand32

    wynand32 Well-Known Member

    Joined:
    Jun 24, 2014
    Messages:
    1,045
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Oak Park, CA
    My Device:
    SPro3
    So, you just turned off CVE-2017-5715, but left CVE-2017-5754 enabled. On mine, both are disabled.

    Interestingly, I don't have the last line in CVE-2017-5754 listed (this one):
    Windows OS support for PCID performance optimization is enabled: True [not required for security]

    That must be due to the fact that I have that one disabled.

    Edit: I get it now. CVE-2017-5754 is Meltdown, and the PCID helps mitigate the performance impact of having this one enabled. I ran the script that turns off both Spectre and Meltdown, rather than the one that just turns off Spectre.
     
    Last edited: Jan 30, 2018
  7. wynand32

    wynand32 Well-Known Member

    Joined:
    Jun 24, 2014
    Messages:
    1,045
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Oak Park, CA
    My Device:
    SPro3
    Here's a nice little utility that tells your system status and also provides a good description of how everything is setup.

    GRC | InSpectre  
     
    GreyFox7 likes this.
  8. gman713

    gman713 Member

    Joined:
    Oct 29, 2013
    Messages:
    193
    Likes Received:
    17
    Trophy Points:
    18
    Do I need to do anything manual to remove it our does a MS update take care of that? I don't even know if I received the patch to begin with. All I see are cumulative updates.
     
  9. GreyFox7

    GreyFox7 Super Moderator Staff Member

    Joined:
    Jul 27, 2014
    Messages:
    6,894
    Likes Received:
    1,385
    Trophy Points:
    113
    Strangely this update is NOT automatically downloaded and run by Windows Update. Rather you have to manually download it from Microsoft Update Catalog
    Then run it. However, it runs silently, providing no positive indication or indication of any kind that it ran or didn't run or that it succeeded or failed... Absolutely nothing.

    I had seen comments to this effect so I originally opted to do the manual steps described is this article. https://support.microsoft.com/en-us...ive-execution-side-channel-vulnerabilities-in

    TL;DR
    The simpler solution is to use the InSpectre utility from Gibson Research. Download and run that then click the button to disable spectre protection if necessary. This utility will indicate the status of protections for Meltdown and Spectre and it toggles the buttons to enable or disable the protection depending on the current state.
     
    gman713 likes this.
  10. wynand32

    wynand32 Well-Known Member

    Joined:
    Jun 24, 2014
    Messages:
    1,045
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Oak Park, CA
    My Device:
    SPro3
    Just a note: I believe you have to run the utility as an administrator in order to change the settings.
     
  11. GreyFox7

    GreyFox7 Super Moderator Staff Member

    Joined:
    Jul 27, 2014
    Messages:
    6,894
    Likes Received:
    1,385
    Trophy Points:
    113
    Yes that is correct and in keeping with good design it will tell you what to do in the event you ran it without administrative permissions, even if it is a retro design from a bygone era. :)
     
  12. wynand32

    wynand32 Well-Known Member

    Joined:
    Jun 24, 2014
    Messages:
    1,045
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Oak Park, CA
    My Device:
    SPro3
    Yeah, that guy knows his stuff but he's stuck in the '90s for sure.
     

Share This Page

Search tags for this page

azs

,

best cameras

,
intel
,
news