File tboot-Configure-IOMMU-before-executing-GETSEC-SENTER.patch of Package tboot.18210
From 4ab3384cd765def9a4ca00791341d47c35b8912a Mon Sep 17 00:00:00 2001
From: Lukasz Hawrylko <lukasz.hawrylko@intel.com>
Date: Mon, 21 Oct 2019 12:09:04 +0200
Subject: [PATCH] Configure IOMMU before executing GETSEC[SENTER]
SINIT required that following IOMMU features are disabled:
- DMA remapping (done in TBOOT)
- Queued Invalidation (done in SINIT)
- Interrupt Remapping (done in SINIT)
Signed-off-by: Lukasz Hawrylko <lukasz.hawrylko@intel.com>
---
tboot/Makefile | 2 +-
tboot/common/acpi.c | 77 +----------
tboot/common/tboot.c | 7 +-
tboot/common/vtd.c | 220 ++++++++++++++++++++++++++++++++
tboot/include/acpi.h | 3 +-
tboot/include/txt/config_regs.h | 27 ++--
tboot/include/vtd.h | 64 ++++++++++
tboot/txt/txt.c | 41 +++++-
tboot/txt/verify.c | 1 +
9 files changed, 355 insertions(+), 87 deletions(-)
create mode 100644 tboot/common/vtd.c
create mode 100644 tboot/include/vtd.h
Index: tboot-1.9.8/tboot/Makefile
===================================================================
--- tboot-1.9.8.orig/tboot/Makefile
+++ tboot-1.9.8/tboot/Makefile
@@ -13,7 +13,7 @@ TARGET := $(CURDIR)/tboot
# boot.o must be first
obj-y := common/boot.o
-obj-y += common/acpi.o common/cmdline.o common/com.o common/e820.o
+obj-y += common/acpi.o common/cmdline.o common/com.o common/e820.o common/vtd.o
obj-y += common/elf.o common/hash.o common/index.o common/integrity.o
obj-y += common/linux.o common/loader.o common/memcmp.o common/memcpy.o
obj-y += common/misc.o common/mutex.o common/paging.o common/pci_cfgreg.o
Index: tboot-1.9.8/tboot/common/acpi.c
===================================================================
--- tboot-1.9.8.orig/tboot/common/acpi.c
+++ tboot-1.9.8/tboot/common/acpi.c
@@ -53,8 +53,6 @@
#endif
static struct acpi_rsdp *rsdp;
-static struct acpi_table_header *g_dmar_table;
-static __data bool g_hide_dmar;
static void dump_gas(const char *reg_name,
const tboot_acpi_generic_address_t *reg)
@@ -216,76 +214,6 @@ static struct acpi_table_header *find_ta
return NULL;
}
-static struct acpi_dmar *get_vtd_dmar_table(void)
-{
- return (struct acpi_dmar *)find_table(DMAR_SIG);
-}
-
-bool vtd_bios_enabled(void)
-{
- return find_table(DMAR_SIG) != NULL;
-}
-
-bool save_vtd_dmar_table(void)
-{
- /* find DMAR table and save it */
- g_dmar_table = (struct acpi_table_header *)get_vtd_dmar_table();
-
- printk(TBOOT_DETA"DMAR table @ %p saved.\n", g_dmar_table);
- return true;
-}
-
-bool restore_vtd_dmar_table(void)
-{
- struct acpi_table_header *hdr;
-
- g_hide_dmar = false;
-
- /* find DMAR table first */
- hdr = (struct acpi_table_header *)get_vtd_dmar_table();
- if ( hdr != NULL ) {
- printk(TBOOT_DETA"DMAR table @ %p is still there, skip restore step.\n", hdr);
- return true;
- }
-
- /* check saved DMAR table */
- if ( g_dmar_table == NULL ) {
- printk(TBOOT_ERR"No DMAR table saved, abort restore step.\n");
- return false;
- }
-
- /* restore DMAR if needed */
- memcpy(g_dmar_table->signature, DMAR_SIG, sizeof(g_dmar_table->signature));
-
- /* need to hide DMAR table while resume from S3 */
- g_hide_dmar = true;
- printk(TBOOT_DETA"DMAR table @ %p restored.\n", hdr);
- return true;
-}
-
-bool remove_vtd_dmar_table(void)
-{
- struct acpi_table_header *hdr;
-
- /* check whether it is needed */
- if ( !g_hide_dmar ) {
- printk(TBOOT_DETA"No need to hide DMAR table.\n");
- return true;
- }
-
- /* find DMAR table */
- hdr = (struct acpi_table_header *)get_vtd_dmar_table();
- if ( hdr == NULL ) {
- printk(TBOOT_DETA"No DMAR table, skip remove step.\n");
- return true;
- }
-
- /* remove DMAR table */
- hdr->signature[0] = '\0';
- printk(TBOOT_DETA"DMAR table @ %p removed.\n", hdr);
- return true;
-}
-
static struct acpi_madt *get_apic_table(void)
{
return (struct acpi_madt *)find_table(MADT_SIG);
@@ -333,6 +261,11 @@ struct acpi_mcfg *get_acpi_mcfg_table(vo
return (struct acpi_mcfg *)find_table(MCFG_SIG);
}
+struct acpi_dmar *get_vtd_dmar_table(void)
+{
+ return (struct acpi_dmar *)find_table(DMAR_SIG);
+}
+
static bool write_to_reg(const tboot_acpi_generic_address_t *reg,
uint32_t val)
{
Index: tboot-1.9.8/tboot/common/tboot.c
===================================================================
--- tboot-1.9.8.orig/tboot/common/tboot.c
+++ tboot-1.9.8/tboot/common/tboot.c
@@ -70,6 +70,7 @@
#include <integrity.h>
#include <cmdline.h>
#include <tpm_20.h>
+#include <vtd.h>
extern void _prot_to_real(uint32_t dist_addr);
extern bool set_policy(void);
@@ -170,7 +171,7 @@ static void post_launch(void)
/* backup DMAR table */
if ( get_tboot_save_vtd() )
- save_vtd_dmar_table();
+ vtd_save_dmar_table();
if ( s3_flag )
s3_launch();
@@ -475,7 +476,7 @@ void s3_launch(void)
/* remove DMAR table if necessary */
if ( get_tboot_save_vtd() )
- remove_vtd_dmar_table();
+ vtd_remove_dmar_table();
if ( !is_launched() )
apply_policy(TB_ERR_S3_INTEGRITY);
@@ -594,7 +595,7 @@ void shutdown(void)
if ( _tboot_shared.shutdown_type == TB_SHUTDOWN_S3 ) {
/* restore DMAR table if needed */
if ( get_tboot_save_vtd() )
- restore_vtd_dmar_table();
+ vtd_restore_dmar_table();
if ( tpm->major == TPM20_VER_MAJOR ) {
tpm_fp->context_flush(tpm, tpm->cur_loc, handle2048);
tpm_fp->context_load(tpm, tpm->cur_loc, &tpm2_context_saved, &handle2048);
Index: tboot-1.9.8/tboot/common/vtd.c
===================================================================
--- /dev/null
+++ tboot-1.9.8/tboot/common/vtd.c
@@ -0,0 +1,220 @@
+/*
+ * vtd.c: VT-d support functions
+ *
+ * Copyright (c) 2019, Intel Corporation
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ * * Neither the name of the Intel Corporation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <types.h>
+#include <stdbool.h>
+#include <compiler.h>
+#include <processor.h>
+#include <printk.h>
+#include <tboot.h>
+#include <loader.h>
+#include <string.h>
+#include <acpi.h>
+#include <txt/config_regs.h>
+
+#include <vtd.h>
+
+static struct acpi_table_header *g_dmar_table;
+static __data bool g_hide_dmar;
+
+bool vtd_bios_enabled(void)
+{
+ return get_vtd_dmar_table() != NULL;
+}
+
+bool vtd_save_dmar_table(void)
+{
+ /* find DMAR table and save it */
+ g_dmar_table = (struct acpi_table_header *)get_vtd_dmar_table();
+
+ printk(TBOOT_DETA"DMAR table @ %p saved.\n", g_dmar_table);
+ return true;
+}
+
+bool vtd_restore_dmar_table(void)
+{
+ struct acpi_table_header *hdr;
+
+ g_hide_dmar = false;
+
+ /* find DMAR table first */
+ hdr = (struct acpi_table_header *)get_vtd_dmar_table();
+ if ( hdr != NULL ) {
+ printk(TBOOT_DETA"DMAR table @ %p is still there, skip restore step.\n", hdr);
+ return true;
+ }
+
+ /* check saved DMAR table */
+ if ( g_dmar_table == NULL ) {
+ printk(TBOOT_ERR"No DMAR table saved, abort restore step.\n");
+ return false;
+ }
+
+ /* restore DMAR if needed */
+ memcpy(g_dmar_table->signature, DMAR_SIG, sizeof(g_dmar_table->signature));
+
+ /* need to hide DMAR table while resume from S3 */
+ g_hide_dmar = true;
+ printk(TBOOT_DETA"DMAR table @ %p restored.\n", hdr);
+ return true;
+}
+
+bool vtd_remove_dmar_table(void)
+{
+ struct acpi_table_header *hdr;
+
+ /* check whether it is needed */
+ if ( !g_hide_dmar ) {
+ printk(TBOOT_DETA"No need to hide DMAR table.\n");
+ return true;
+ }
+
+ /* find DMAR table */
+ hdr = (struct acpi_table_header *)get_vtd_dmar_table();
+ if ( hdr == NULL ) {
+ printk(TBOOT_DETA"No DMAR table, skip remove step.\n");
+ return true;
+ }
+
+ /* remove DMAR table */
+ hdr->signature[0] = '\0';
+ printk(TBOOT_DETA"DMAR table @ %p removed.\n", hdr);
+ return true;
+}
+
+struct dmar_remapping *vtd_get_dmar_remap(uint32_t *remap_length)
+{
+ struct acpi_dmar *dmar = get_vtd_dmar_table();
+
+ if (dmar == NULL || remap_length == NULL) {
+ return NULL;
+ }
+
+ *remap_length = dmar->hdr.length - sizeof(*dmar);
+ return (struct dmar_remapping*)(dmar->table_offsets);
+}
+
+bool vtd_disable_dma_remap(struct dmar_remapping *rs)
+{
+ if (rs->type != DMAR_REMAPPING_DRHD) {
+ return false;
+ }
+
+ uint32_t timeout;
+ uint32_t gsts = read_reg32(rs->register_base_address, VTD_GSTS_OFFSET) & 0x96FFFFFF;
+
+ if (gsts & TE_STAT) {
+ /* Clear TE_STAT bit and write back to GCMD */
+ gsts &= ~TE_STAT;
+ write_reg32(rs->register_base_address, VTD_GCMD_OFFSET, gsts);
+
+ /* Wait until GSTS indicates that operation is completed */
+ timeout = VTD_OPERATION_TIMEOUT;
+ while (read_reg32(rs->register_base_address, VTD_GSTS_OFFSET) & TE_STAT) {
+ cpu_relax();
+ if (--timeout == 0) {
+ return false;
+ }
+ }
+ }
+
+ return true;
+}
+
+bool vtd_disable_qie(struct dmar_remapping *rs)
+{
+ if (rs->type != DMAR_REMAPPING_DRHD) {
+ return false;
+ }
+
+ uint32_t timeout;
+ uint32_t gsts = read_reg32(rs->register_base_address, VTD_GSTS_OFFSET) & 0x96FFFFFF;
+
+ if (gsts & QIE_STAT) {
+ /* Wait for HW to complete pending invalidation requests */
+ timeout = VTD_OPERATION_TIMEOUT;
+ while (read_reg64(rs->register_base_address, VTD_IQT_OFFSET) !=
+ read_reg64(rs->register_base_address, VTD_IQH_OFFSET)) {
+ cpu_relax();
+ if (--timeout == 0) {
+ return false;
+ }
+ }
+
+ /* Clear QIE_STAT bit and write back to GCMD */
+ gsts &= ~QIE_STAT;
+ write_reg32(rs->register_base_address, VTD_GCMD_OFFSET, gsts);
+
+ /* Wait until GSTS indicates that operation is completed */
+ timeout = VTD_OPERATION_TIMEOUT;
+ while (read_reg32(rs->register_base_address, VTD_GSTS_OFFSET) & QIE_STAT) {
+ cpu_relax();
+ if (--timeout == 0) {
+ return false;
+ }
+ }
+
+ /* Set IQT to 0 (IQH was set by HW) */
+ write_reg64(rs->register_base_address, VTD_IQT_OFFSET, 0);
+ }
+
+ return true;
+}
+
+bool vtd_disable_ire(struct dmar_remapping *rs)
+{
+ if (rs->type != DMAR_REMAPPING_DRHD) {
+ return false;
+ }
+
+ uint32_t timeout;
+ uint32_t gsts = read_reg32(rs->register_base_address, VTD_GSTS_OFFSET) & 0x96FFFFFF;
+
+ if (gsts & IRE_STAT) {
+ /* Clear IRE_STAT bit and write back to GCMD */
+ gsts &= ~IRE_STAT;
+ write_reg32(rs->register_base_address, VTD_GCMD_OFFSET, gsts);
+
+ /* Wait until GSTS indicates that operation is completed */
+ timeout = VTD_OPERATION_TIMEOUT;
+ while (read_reg32(rs->register_base_address, VTD_GSTS_OFFSET) & IRE_STAT) {
+ cpu_relax();
+ if (--timeout == 0) {
+ return false;
+ }
+ }
+ }
+
+ return true;
+}
\ No newline at end of file
Index: tboot-1.9.8/tboot/include/acpi.h
===================================================================
--- tboot-1.9.8.orig/tboot/include/acpi.h
+++ tboot-1.9.8/tboot/include/acpi.h
@@ -356,7 +356,7 @@ struct dmar_remapping {
u_int8_t reserved;
u_int16_t segment_number;
- u_int8_t register_base_address[8];
+ u_int64_t register_base_address;
struct device_scope device_scope_entry[1]; /* Device Scope starts here */
} __packed;
@@ -498,6 +498,7 @@ extern bool remove_vtd_dmar_table(void);
extern struct acpi_table_ioapic *get_acpi_ioapic_table(void);
extern struct acpi_mcfg *get_acpi_mcfg_table(void);
+extern struct acpi_dmar *get_vtd_dmar_table(void);
extern void disable_smis(void);
extern bool machine_sleep(const tboot_acpi_sleep_info_t *);
Index: tboot-1.9.8/tboot/include/txt/config_regs.h
===================================================================
--- tboot-1.9.8.orig/tboot/include/txt/config_regs.h
+++ tboot-1.9.8/tboot/include/txt/config_regs.h
@@ -190,39 +190,48 @@ typedef struct {
* fns to read/write TXT config regs
*/
-#ifndef IS_INCLUDED
-static inline uint64_t read_config_reg(uint32_t config_regs_base, uint32_t reg)
+static inline uint64_t read_reg64(uint32_t config_regs_base, uint32_t reg)
{
/* these are MMIO so make sure compiler doesn't optimize */
return *(volatile uint64_t *)(unsigned long)(config_regs_base + reg);
}
-#endif
-static inline void write_config_reg(uint32_t config_regs_base, uint32_t reg,
- uint64_t val)
+static inline uint32_t read_reg32(uint32_t config_regs_base, uint32_t reg)
+{
+ /* these are MMIO so make sure compiler doesn't optimize */
+ return *(volatile uint32_t *)(unsigned long)(config_regs_base + reg);
+}
+
+static inline void write_reg64(uint32_t config_regs_base, uint32_t reg, uint64_t val)
{
/* these are MMIO so make sure compiler doesn't optimize */
*(volatile uint64_t *)(unsigned long)(config_regs_base + reg) = val;
}
+static inline void write_reg32(uint32_t config_regs_base, uint32_t reg, uint32_t val)
+{
+ /* these are MMIO so make sure compiler doesn't optimize */
+ *(volatile uint32_t *)(unsigned long)(config_regs_base + reg) = val;
+}
+
static inline uint64_t read_pub_config_reg(uint32_t reg)
{
- return read_config_reg(TXT_PUB_CONFIG_REGS_BASE, reg);
+ return read_reg64(TXT_PUB_CONFIG_REGS_BASE, reg);
}
static inline void write_pub_config_reg(uint32_t reg, uint64_t val)
{
- write_config_reg(TXT_PUB_CONFIG_REGS_BASE, reg, val);
+ write_reg64(TXT_PUB_CONFIG_REGS_BASE, reg, val);
}
static inline uint64_t read_priv_config_reg(uint32_t reg)
{
- return read_config_reg(TXT_PRIV_CONFIG_REGS_BASE, reg);
+ return read_reg64(TXT_PRIV_CONFIG_REGS_BASE, reg);
}
static inline void write_priv_config_reg(uint32_t reg, uint64_t val)
{
- write_config_reg(TXT_PRIV_CONFIG_REGS_BASE, reg, val);
+ write_reg64(TXT_PRIV_CONFIG_REGS_BASE, reg, val);
}
#endif /* __TXT_CONFIG_REGS_H__ */
Index: tboot-1.9.8/tboot/include/vtd.h
===================================================================
--- /dev/null
+++ tboot-1.9.8/tboot/include/vtd.h
@@ -0,0 +1,64 @@
+/*
+ * vtd.c: VT-d support functions
+ *
+ * Copyright (c) 2019, Intel Corporation
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ * * Neither the name of the Intel Corporation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef __VTD_H__
+#define __VTD_H__
+
+#define VTD_OPERATION_TIMEOUT 0x10000000
+
+#define VTD_GCMD_OFFSET 0x18
+ #define TE_EN (1 << 31)
+ #define QIE_EN (1 << 26)
+ #define IRE_EN (1 << 25)
+
+#define VTD_GSTS_OFFSET 0x1C
+ #define TE_STAT (1 << 31)
+ #define QIE_STAT (1 << 26)
+ #define IRE_STAT (1 << 25)
+
+#define VTD_IQH_OFFSET 0x80
+#define VTD_IQT_OFFSET 0x88
+
+bool vtd_bios_enabled(void);
+bool vtd_save_dmar_table(void);
+bool vtd_restore_dmar_table(void);
+bool vtd_remove_dmar_table(void);
+
+struct dmar_remapping *vtd_get_dmar_remap(uint32_t *remap_length);
+bool vtd_disable_dma_remap(struct dmar_remapping *rs);
+bool vtd_disable_qie(struct dmar_remapping *rs);
+bool vtd_disable_ire(struct dmar_remapping *rs);
+
+#endif
\ No newline at end of file
Index: tboot-1.9.8/tboot/txt/txt.c
===================================================================
--- tboot-1.9.8.orig/tboot/txt/txt.c
+++ tboot-1.9.8/tboot/txt/txt.c
@@ -56,6 +56,7 @@
#include <hash.h>
#include <cmdline.h>
#include <acpi.h>
+#include <vtd.h>
#include <txt/txt.h>
#include <txt/config_regs.h>
#include <txt/mtrrs.h>
@@ -527,6 +528,42 @@ bool evtlog_append(uint8_t pcr, hash_lis
__data uint32_t g_using_da = 0;
__data acm_hdr_t *g_sinit = 0;
+static void configure_vtd(void)
+{
+ uint32_t remap_length;
+ struct dmar_remapping *dmar_remap = vtd_get_dmar_remap(&remap_length);
+
+ if (dmar_remap == NULL) {
+ printk("cannot get DMAR remapping strucutues, skiping configuration\n");
+ return;
+ } else {
+ printk("configuring DMAR remapping\n");
+ }
+
+ struct dmar_remapping *iter, *next;
+ struct dmar_remapping *end = ((void *)dmar_remap) + remap_length;
+
+ for (iter = dmar_remap; iter < end; iter = next) {
+ next = (void *)iter + iter->length;
+ if (iter->length == 0) {
+ /* Avoid looping forever on bad ACPI tables */
+ printk(" invalid 0-length structure\n");
+ break;
+ } else if (next > end) {
+ /* Avoid passing table end */
+ printk(" record passes table end\n");
+ break;
+ }
+
+ if (iter->type == DMAR_REMAPPING_DRHD) {
+ if (!vtd_disable_dma_remap(iter)) {
+ printk(" vtd_disable_dma_remap failed!\n");
+ }
+ }
+ }
+
+}
+
/*
* sets up TXT heap
*/
@@ -811,6 +848,8 @@ tb_error_t txt_launch_environment(loader
if ( mle_ptab_base == NULL )
return TB_ERR_FATAL;
+ configure_vtd();
+
/* initialize TXT heap */
txt_heap = init_txt_heap(mle_ptab_base, g_sinit, lctx);
if ( txt_heap == NULL )
@@ -867,7 +906,7 @@ bool txt_s3_launch_environment(void)
return false;
}
/* initialize event log in os_sinit_data, so that events will not */
- /* repeat when s3 */
+ /* repeat when s3 */
if ( log_type == EVTLOG_TPM12 && g_elog ) {
g_elog = (event_log_container_t *)init_event_log();
} else if ( log_type == EVTLOG_TPM2_TCG && g_elog_2_1) {
Index: tboot-1.9.8/tboot/txt/verify.c
===================================================================
--- tboot-1.9.8.orig/tboot/txt/verify.c
+++ tboot-1.9.8/tboot/txt/verify.c
@@ -53,6 +53,7 @@
#include <hash.h>
#include <integrity.h>
#include <cmdline.h>
+#include <vtd.h>
#include <txt/txt.h>
#include <txt/smx.h>
#include <txt/mtrrs.h>
