Retpoline guard is not enabled

ID PE127 Level INFO Category Security

Description

Retpoline guard is not enabled for the kernel mode driver executable. It may make sense to enable the retpoline mitigation for some kernel mode drivers.

Mitigation

  • Retpoline is not currently documented by Microsoft. You can see some information about it in the Microsoft tech blog and on the Intel website.
  • As a device driver developer, you may need to contact Microsoft to learn if Retpoline should and could be enabled for your device driver.

Arguments

This rule has no output arguments.