Home
Microsoft

Hardware Dev Center changes that enable support for Retpoline complied binaries

 

Effective May 1 2019:  In order to support Retpoline compiled binaries on Hardware Dev Center and to protect the Windows Driver ecosystem, Microsoft will be treating Retpoline compiled binaries submitted to Hardware Dev Center differently than non-Retpoline compiled binaries.  Partners who wish to target an OS lower than RS5 x64 and Server 2019 should create a separate submission that includes non-Retpoline compiled binaries.

 

Here is what will happen on the Hardware Dev Center side with this change.

 

Hardware Dev Center will be testing every binary that passes through their portal to check to see whether or not it was compiled with the Retpoline flag.   If this flag is found, we will mark this submission as “Retpoline = True”.

 

Hardware Dev Center will inform the submitter that their submission contains Retpoline compiled binaries and that their submission distribution options will be limited.

 

Retpoline_Product.png

 

In practice, this means the following:

  1. Your Submission details will be modified such that only the X64 architectures for RS5 or Server 2019 and above remain. 
  2. Shipping Labels that a you create; both Shared and Windows Update types, will use our stripped down OS matrix in the PnP grid, meaning only >= RS5 x64 or Server 2019 choices.
  3. DUA Shell packages mirror this stripped OS matrix.
  4. Shipping Labels of these types will be unable to use the “Expand operating systems for driver distribution” option and an informational message will be displayed about why this option is disabled.Retpoline_Expand.png

     

For information on Retpoline see the following blog post: Mitigating Spectre variant 2 with Retpoline on Windows