Modern PC components, other than the battery and cooling fans, don’t degrade over time. (Correction: thermal compound does degrade over time.) So what caused my 7-year old first-generation Lenovo ThinkPad X1 Carbon laptop to periodically become unbearably slow and crashy?
The laptop, running Windows 10 Professional, worked just great most of the time. After a few hours of use, though, its performance would crawl to a near standstill and it would be nearly impossible to get anything done. Typing would lag behind several seconds and it could take up to a minute to open the Start menu or any programs.
This would happen seemingly at random a couple of times a week, and last for up to a couple of hours. After a lot of trial and error I found out that the performance hits would happen whenever Windows Update or Windows Security scans were running in the background. These are processor, memory, and storage intensive tasks.
I ran several performance tests involving heavy simultaneous CPU and storage I/O tests, hoping to trigger similar crippling performance issues — but the laptop would keep working admirably under these controlled conditions.
The ThinkPad has a dual-core Intel i5-3472U processor, which is one of those processor models that have been hit particularly hard by the performance penalties from the mitigations for the much publicized speculative execution processor-architecture security flaw mitigations (Spectre and Meltdown).
I also tried testing with the Meltdown and Spectre mitigations disabled. However, this didn’t give any perceived performance gains and the laptop would still periodically grind to a halt. Performance benchmarking revealed a 8–16 % performance improvement with the mitigations disabled, but this didn’t appear to be the root cause of my issues with Windows Security and Windows Update, however.
I’ve chosen to disable the Meltdown mitigations permanently as this seem to also increase the laptop’s battery life. I guess I’ll just not do any banking or anything too sensitive on this laptop from now on.
The laptop had also begun to run into blue screens of death (BSoD) whenever I used the built-in camera and when I opened Spotify or Netflix in a web browser. The slowdown and crashes were related, but I didn’t realize this at first. The camera-induced BSoD error message blamed the camera vendor’s driver without any further details. This sounds believable enough for a 7-year old laptop so I didn’t think any more of it.
The BSoDs I got with Spotify and Netflix just said “Stop Code: PAGE_FAULT_IN_NONPAGED_AREA”. This error message relates to memory-handling. I thought that perhaps the RAM had gone bad, but it passed all tests I could throw at it with flying colors.
What Spotify and Netflix on the web have in common, other than being overpriced for what they offer, is that they both use Google’s Widevine digital rights management (DRM) decryption module. This module talks directly with video drivers, memory, and other components on the laptop to ensure that no software is recording the music or video that’s being played back from these streaming services.
This pointed me to some sort of device firmware or memory issue. When Windows encounters a BSoD, it creates a MEMORRY.DMP file containing information that can be run through a debugger to learn more about the problem. However, WinDbg failed to analyze this crash because it said it was corrupted. This again pointed to an issue with the memory.
So let us recap: the issue seems to be related to system memory, but there isn’t anything wrong with the installed memory in the system. What else could have changed regarding how Windows handles memory? —and memory handling for security-critical processes and device drivers specifically.
Windows 10 April 2018 Update introduced a new feature called Hypervisor protected Code Integrity (HVCI) or just Memory Integrity for short. This new security feature protects the Windows Kernel from certain forms of memory manipulation. Just the sort of tricky memory manipulation you’d expect malware, camera drivers, and digital rights management software to be doing.
Turning off this feature immediately resolved all my performance and bluescreening problems. You can find the Off switch in the Windows Security app: Device Security: Core Isolation: Memory Integrity. Notably, if I try to turn Memory Integrity back on again I’m greeted with an error message that says:
It turns out that neither the Trusted Platform Module (TPM) or my processor meets the minimum feature requirements to run this feature. Then how, you may ask, was it enabled by default in the first place?
This feature isn’t turned on by default when you update from an earlier version of Windows to one that has this feature. However, it is turned on by default on new installations.
This is my significant other’s old laptop, and I’d reinstalled Windows 10 when I re-purposed it as a couch laptop. This is considered a new installation and the Memory Integrety feature was apparently enabled with a complete disregard for whether the device meets the minimum requirements or not! Notably, Windows itself knew the feature shouldn’t be turned on on this device but only warned me about it after I’d disabled it and tried to re-enable it.
The laptop is now in fine working condition again, without the disruptive intermittent performance degradations and blue screens of death. I hope to be able to use it for a couple of years more.
This has been a neatly packaged up and abbreviated story about a laptop that got slow and how I over the course of a few months figured out and resolved the problem. I suspect, however, that this isn’t representative of the fate that lies in store for most laptops that exhibit similar issues. Some may see a second wind and a new life running Linux or another alternate operating system. But most of these laptops will end up in a recycling center somewhere.