Okay so you needed to retain BIOS level in order to be able to overclock for one thing, I see. Found what you mean by the
Intel uCode not being same as OS level. Shows pre-mitigation MCU is 0x24 (what I'm at) and new production MCU is 0x25. See I had gotten updated to 0x24 by OS with KB100347. Then found the BIOS update with no notes except "Released to fix Spectre." I ran the script provided by @
ddelo and results were:
This is what I was asking. OS and BIOS are both at 0x24, so is OS leaving BIOS alone in that regard? I ran the Speculation Control Script and finally got it to work without having to come to this site. I read the
"Understanding" guide but still was confused. It would say if a parameter is True then I need to apply a BIOS update or get the January update? I just wanted to know what protections I had and if UEFI or OS level. List at the end looked at descriptions and will try to take in. Here is the output:
Code:
PS C:\WINDOWS\system32> Install-Module SpeculationControl
PS C:\WINDOWS\system32> Get-ExecutionPolicy -List
Scope ExecutionPolicy
----- ---------------
MachinePolicy Undefined
UserPolicy Undefined
Process Undefined
CurrentUser RemoteSigned
LocalMachine Unrestricted
PS C:\WINDOWS\system32> Set-Location C:\Windows\System32\WindowsPowerShell\v1.0\Modules
PS C:\Windows\System32\WindowsPowerShell\v1.0\Modules> Import-Module SpeculationControl
PS C:\Windows\System32\WindowsPowerShell\v1.0\Modules> Get-SpeculationControlSettings
For more information about the output below, please refer to https://support.microsoft.com/en-in/help/4074629
Speculation control settings for CVE-2017-5715 [branch target injection]
Hardware support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: True
Speculation control settings for CVE-2017-5754 [rogue data cache load]
Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: True [not required for security]
Speculation control settings for CVE-2018-3639 [speculative store bypass]
Hardware is vulnerable to speculative store bypass: True
Hardware support for speculative store bypass disable is present: False
Windows OS support for speculative store bypass disable is present: True
Windows OS support for speculative store bypass disable is enabled system-wide: False
Speculation control settings for CVE-2018-3620 [L1 terminal fault]
Hardware is vulnerable to L1 terminal fault: True
Windows OS support for L1 terminal fault mitigation is present: True
Windows OS support for L1 terminal fault mitigation is enabled: True
BTIHardwarePresent : True
BTIWindowsSupportPresent : True
BTIWindowsSupportEnabled : True
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : False
KVAShadowRequired : True
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : True
KVAShadowPcidEnabled : True
SSBDWindowsSupportPresent : True
SSBDHardwareVulnerable : True
SSBDHardwarePresent : False
SSBDWindowsSupportEnabledSystemWide : False
L1TFHardwareVulnerable : True
L1TFWindowsSupportPresent : True
L1TFWindowsSupportEnabled : True
L1TFInvalidPteBit : 45
L1DFlushSupported : False
PS C:\WINDOWS\system32> Set-ExecutionPolicy Undefined -Scope LocalMachine
Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose
you to the security risks described in the about_Execution_Policies help topic at
https:/go.microsoft.com/fwlink/?LinkID=135170. Do you want to change the execution policy?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "N"): a
PS C:\WINDOWS\system32> Get-ExecutionPolicy -List
Scope ExecutionPolicy
----- ---------------
MachinePolicy Undefined
UserPolicy Undefined
Process Undefined
CurrentUser RemoteSigned
LocalMachine Undefined
I apologize for the wall of text. Did I return the Execution Policy to the proper default/safe setting? I am the only user of this PC but want to make sure. Liked ddelo's command better that just does it for that PowerShell session.
I also read that
INVPCID or
PCID are useful for decreasing performance impact. Should I take a look or will that be way over my head/not worth it?
I read that disabling Speculative Store Bypass could be useful for CVE-2018-3639. It seems all I have left to do is change a registry value because June and uCode updates are installed. Don't know if this will further decrease performance of it is something I should just leave alone until a new MS or Intel patch comes out?
Last, is it okay to delete these modules and scripts for PowerShell now or just leave them? There was some service called NuGet installed in PackageMangager, sure that is part of PowerShell. I installed to System32 because could not get C:\ADV1008 to work even though I extracted there. Just want to delete that one module and then get out of there.
Import-Module took forever, I kept getting an error but could actually get the speculation results still. Finally did get Import-Module to work.