What's new

Intel slowdown

wynand32

Well-Known Member
With the Spectre variant 2 fix disabled per Microsoft's recent new update the Passmark performance score is returned to 2045.9 as it was before the Firmware update.

Awesome, thanks for the report. By the way, I ran the update but it gave zero feedback -- did yours give any kind of indication that it worked when you ran it?

Also, I went ahead and implemented the manual registry update as well. I'm thinking it probably just duplicated whatever the update did, and I've not seen any bad effects.
 

GreyFox7

Super Moderator
Staff member
Awesome, thanks for the report. By the way, I ran the update but it gave zero feedback -- did yours give any kind of indication that it worked when you ran it?

Also, I went ahead and implemented the manual registry update as well. I'm thinking it probably just duplicated whatever the update did, and I've not seen any bad effects.
I just ran the Powershell commands, did the registry changes, and rebooted so it would take effect.
 

wynand32

Well-Known Member
I just ran the Powershell commands, did the registry changes, and rebooted so it would take effect.

Those are actually one step, right? Running the commands creates the new registry keys... just want to make sure I did the right thing.


Sent from my iPad using Tapatalk
 

GreyFox7

Super Moderator
Staff member
Those are actually one step, right? Running the commands creates the new registry keys... just want to make sure I did the right thing.


Sent from my iPad using Tapatalk

Go to Speculation Control Validation PowerShell Script

Download SpeculationControl.zip to a local folder.

Extract the contents to a local folder, for example C:\ADV180002

Run the PowerShell module to validate the protections are enabled or disabled

Start PowerShell, then (using the example above) copy and run the following commands:

Save the current execution policy so it can be reset

PS> $SaveExecutionPolicy = Get-ExecutionPolicy

PS> Set-ExecutionPolicy RemoteSigned -Scope Currentuser

PS> CD C:\ADV180002\SpeculationControl

PS> Import-Module .\SpeculationControl.psd1

PS> Get-SpeculationControlSettings

The output of this PowerShell script will resemble the following.

Speculation control settings for CVE-2017-5715 [branch target injection]
For more information about the output below, please refer to https://support.microsoft.com/en-in/help/4074629
Hardware support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is present: True
*Windows OS support for branch target injection mitigation is enabled: False
*Windows OS support for branch target injection mitigation is disabled by system policy: True
*Windows OS support for branch target injection mitigation is disabled by absence of hardware support: False
Speculation control settings for CVE-2017-5754 [rogue data cache load]
Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: True [not required for security]

* = changed lines
PS> # Reset the execution policy to the original state

PS> Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser

SORRY for the crappy editing... using the FCU OSK = Biggest POS ever.
 
Last edited:

wynand32

Well-Known Member
So, you just turned off CVE-2017-5715, but left CVE-2017-5754 enabled. On mine, both are disabled.

Interestingly, I don't have the last line in CVE-2017-5754 listed (this one):
Windows OS support for PCID performance optimization is enabled: True [not required for security]

That must be due to the fact that I have that one disabled.

Edit: I get it now. CVE-2017-5754 is Meltdown, and the PCID helps mitigate the performance impact of having this one enabled. I ran the script that turns off both Spectre and Meltdown, rather than the one that just turns off Spectre.
 
Last edited:
OP
G

gman713

Member
Do I need to do anything manual to remove it our does a MS update take care of that? I don't even know if I received the patch to begin with. All I see are cumulative updates.
 

GreyFox7

Super Moderator
Staff member
Do I need to do anything manual to remove it our does a MS update take care of that? I don't even know if I received the patch to begin with. All I see are cumulative updates.
Strangely this update is NOT automatically downloaded and run by Windows Update. Rather you have to manually download it from Microsoft Update Catalog
Then run it. However, it runs silently, providing no positive indication or indication of any kind that it ran or didn't run or that it succeeded or failed... Absolutely nothing.

I had seen comments to this effect so I originally opted to do the manual steps described is this article. https://support.microsoft.com/en-us...ive-execution-side-channel-vulnerabilities-in

TL;DR
The simpler solution is to use the InSpectre utility from Gibson Research. Download and run that then click the button to disable spectre protection if necessary. This utility will indicate the status of protections for Meltdown and Spectre and it toggles the buttons to enable or disable the protection depending on the current state.
 

wynand32

Well-Known Member
TL;DR
The simpler solution is to use the InSpectre utility from Gibson Research. Download and run that then click the button to disable spectre protection if necessary. This utility will indicate the status of protections for Meltdown and Spectre and it toggles the buttons to enable or disable the protection depending on the current state.

Just a note: I believe you have to run the utility as an administrator in order to change the settings.
 

GreyFox7

Super Moderator
Staff member
Just a note: I believe you have to run the utility as an administrator in order to change the settings.
Yes that is correct and in keeping with good design it will tell you what to do in the event you ran it without administrative permissions, even if it is a retro design from a bygone era. :)
 

wynand32

Well-Known Member
Yes that is correct and in keeping with good design it will tell you what to do in the event you ran it without administrative permissions, even if it is a retro design from a bygone era. :)

Yeah, that guy knows his stuff but he's stuck in the '90s for sure.
 
Top