From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 24561C4361A for ; Fri, 4 Dec 2020 05:17:47 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BCACD22571 for ; Fri, 4 Dec 2020 05:17:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725379AbgLDFRb (ORCPT ); Fri, 4 Dec 2020 00:17:31 -0500 Received: from mail.kernel.org ([198.145.29.99]:47726 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725300AbgLDFRb (ORCPT ); Fri, 4 Dec 2020 00:17:31 -0500 Date: Fri, 4 Dec 2020 07:16:42 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1607059009; bh=MytoTQmK0FWpezBeB0/MIP6XIJc0eGXJUDMWPEVo7PA=; h=From:To:Cc:Subject:References:In-Reply-To:From; b=SuRTAIIUpLjq3GUyKoK3lRf2aP+PaQZ5/PHvW+PdJV9RBOUq4jqvEwmrkzGp23Mdc eHU+vvWSnsIKri9zYinMa5cNfTq7O8qk25EG7K9tHw3MNzJSWMhy4BuJvYtAWx0msc A9UW3vaU51sXDgVCz1Ez1SLfJqsEuk2sgqH6EOS58woJacVBUqlsqVrFI5mvfP6a4C YIVa8iBrmGRX2zXFu2DiXu65vG5IUZExc0SCeKhrmoiQfnToOd3WOOdrfCX8/8WDUg d7kzEaS/3nYG3eBiXmopNWZrEKe/FxTZT/2vZ+nfuQdH9kkAwpGMoyk9DRrXHv+Hwz SB1T4+ZpRwx7Q== From: Jarkko Sakkinen To: Sumit Garg Cc: Jarkko Sakkinen , Mimi Zohar , James Bottomley , David Howells , Jens Wiklander , Jonathan Corbet , James Morris , "Serge E. Hallyn" , Casey Schaufler , Janne Karhunen , Daniel Thompson , Markus Wamser , Luke Hinds , "open list:ASYMMETRIC KEYS" , linux-integrity@vger.kernel.org, "open list:SECURITY SUBSYSTEM" , Linux Doc Mailing List , Linux Kernel Mailing List , linux-arm-kernel , op-tee@lists.trustedfirmware.org Subject: Re: [PATCH v8 0/4] Introduce TEE based Trusted Keys support Message-ID: <20201204051642.GA154469@kernel.org> References: <1604419306-26105-1-git-send-email-sumit.garg@linaro.org> <20201105050736.GA702944@kernel.org> <20201106145252.GA10434@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20201106145252.GA10434@kernel.org> Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org On Fri, Nov 06, 2020 at 04:52:52PM +0200, Jarkko Sakkinen wrote: > On Fri, Nov 06, 2020 at 03:02:41PM +0530, Sumit Garg wrote: > > On Thu, 5 Nov 2020 at 10:37, Jarkko Sakkinen wrote: > > > > > > On Tue, Nov 03, 2020 at 09:31:42PM +0530, Sumit Garg wrote: > > > > Add support for TEE based trusted keys where TEE provides the functionality > > > > to seal and unseal trusted keys using hardware unique key. Also, this is > > > > an alternative in case platform doesn't possess a TPM device. > > > > > > > > This patch-set has been tested with OP-TEE based early TA which is already > > > > merged in upstream [1]. > > > > > > Is the new RPI400 computer a platform that can be used for testing > > > patch sets like this? I've been looking for a while something ARM64 > > > based with similar convenience as Intel NUC's, and on the surface > > > this new RPI product looks great for kernel testing purposes. > > > > Here [1] is the list of supported versions of Raspberry Pi in OP-TEE. > > The easiest approach would be to pick up a supported version or else > > do an OP-TEE port for an unsupported one (which should involve minimal > > effort). > > > > [1] https://optee.readthedocs.io/en/latest/building/devices/rpi3.html#what-versions-of-raspberry-pi-will-work > > > > -Sumit > > If porting is doable, then I'll just order RPI 400, and test with QEMU > up until either I port OP-TEE myself or someone else does it. > > For seldom ARM testing, RPI 400 is really convenient device with its > boxed form factor. I'm now a proud owner of Raspberry Pi 400 home computer :-) I also found instructions on how to boot a custom OS from a USB stick: https://www.raspberrypi.org/documentation/hardware/raspberrypi/bootmodes/msd.md Also, my favorite build system BuildRoot has bunch of of the shelf configs: ➜ buildroot-sgx (master) ✔ ls -1 configs | grep raspberry raspberrypi0_defconfig raspberrypi0w_defconfig raspberrypi2_defconfig raspberrypi3_64_defconfig raspberrypi3_defconfig raspberrypi3_qt5we_defconfig raspberrypi4_64_defconfig raspberrypi4_defconfig raspberrypi_defconfig I.e. I'm capable of compiling kernel and user space and boot it up with it. Further, I can select this compilation option: BR2_TARGET_OPTEE_OS: │ │ OP-TEE OS provides the secure world boot image and the trust │ application development kit of the OP-TEE project. OP-TEE OS │ also provides generic trusted application one can embedded │ into its system. │ │ http://github.com/OP-TEE/optee_os Is that what I want? If I put this all together and apply your patches, should the expectation be that I can use trusted keys? Please note that I had a few remarks about your patches (minor but need to be fixed), but this version is already solid enough for testing. /Jarkko From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jarkko Sakkinen To: op-tee@lists.trustedfirmware.org Subject: Re: [PATCH v8 0/4] Introduce TEE based Trusted Keys support Date: Fri, 04 Dec 2020 07:16:42 +0200 Message-ID: <20201204051642.GA154469@kernel.org> In-Reply-To: <20201106145252.GA10434@kernel.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2024852346379164069==" List-Id: --===============2024852346379164069== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Fri, Nov 06, 2020 at 04:52:52PM +0200, Jarkko Sakkinen wrote: > On Fri, Nov 06, 2020 at 03:02:41PM +0530, Sumit Garg wrote: > > On Thu, 5 Nov 2020 at 10:37, Jarkko Sakkinen wrote: > > > > > > On Tue, Nov 03, 2020 at 09:31:42PM +0530, Sumit Garg wrote: > > > > Add support for TEE based trusted keys where TEE provides the functio= nality > > > > to seal and unseal trusted keys using hardware unique key. Also, this= is > > > > an alternative in case platform doesn't possess a TPM device. > > > > > > > > This patch-set has been tested with OP-TEE based early TA which is al= ready > > > > merged in upstream [1]. > > > > > > Is the new RPI400 computer a platform that can be used for testing > > > patch sets like this? I've been looking for a while something ARM64 > > > based with similar convenience as Intel NUC's, and on the surface > > > this new RPI product looks great for kernel testing purposes. > >=20 > > Here [1] is the list of supported versions of Raspberry Pi in OP-TEE. > > The easiest approach would be to pick up a supported version or else > > do an OP-TEE port for an unsupported one (which should involve minimal > > effort). > >=20 > > [1] https://optee.readthedocs.io/en/latest/building/devices/rpi3.html#wha= t-versions-of-raspberry-pi-will-work > >=20 > > -Sumit >=20 > If porting is doable, then I'll just order RPI 400, and test with QEMU > up until either I port OP-TEE myself or someone else does it. >=20 > For seldom ARM testing, RPI 400 is really convenient device with its > boxed form factor. I'm now a proud owner of Raspberry Pi 400 home computer :-) I also found instructions on how to boot a custom OS from a USB stick: https://www.raspberrypi.org/documentation/hardware/raspberrypi/bootmodes/msd.= md Also, my favorite build system BuildRoot has bunch of of the shelf configs: =E2=9E=9C buildroot-sgx (master) =E2=9C=94 ls -1 configs | grep raspberry raspberrypi0_defconfig raspberrypi0w_defconfig raspberrypi2_defconfig raspberrypi3_64_defconfig raspberrypi3_defconfig raspberrypi3_qt5we_defconfig raspberrypi4_64_defconfig raspberrypi4_defconfig raspberrypi_defconfig I.e. I'm capable of compiling kernel and user space and boot it up with it. Further, I can select this compilation option: BR2_TARGET_OPTEE_OS: = = =E2=94=82 =20 = = =E2=94=82 =20 OP-TEE OS provides the secure world boot image and the trust = = =E2=94=82 =20 application development kit of the OP-TEE project. OP-TEE OS = = =E2=94=82 =20 also provides generic trusted application one can embedded = = =E2=94=82 =20 into its system. = = =E2=94=82 =20 = = =E2=94=82 =20 http://github.com/OP-TEE/optee_os =20 Is that what I want? If I put this all together and apply your patches, should the expectation be that I can use trusted keys? Please note that I had a few remarks about your patches (minor but need to be fixed), but this version is already solid enough for testing. /Jarkko --===============2024852346379164069==-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 06E58C433FE for ; Fri, 4 Dec 2020 05:19:01 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8E56122571 for ; Fri, 4 Dec 2020 05:19:00 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8E56122571 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:Message-ID: Subject:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=/zuNY84Vcf44Nhpbr8c/A5zjMyjHE3FT8x86i3z+FGI=; b=m0EwnC6dip27rlPs9atRuXl9G 510QxHjoNnsPuYPZnMYwL2tlLRyXTF971q1xWFhCKqUDmZoYbFw5+ZG3Cjf+t3hd4hwKGdyagSmAo 8CND48wkhrMYn6DkNHvfJBL7jCdJ8miJU3bLowpFvTKcvnZJkdyFNGTYyb/MIkLQW4xMde1P9Eg44 8uKS3XZwIHDNcqZnjjJKws7sYmkNPSun3ujoRuFB5jnbcGRyGrkv0ugnQuE1W0Y+uLOxzoL0/e5wa TBphUougAXezzGEqxwCim5F4r3kWJFytOvAxUcfbYYQatapJRkEljfBrsgPAJR+WASfQ1QxeLdRrM Igt3Ssjvw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kl3Sg-0007xl-88; Fri, 04 Dec 2020 05:16:54 +0000 Received: from mail.kernel.org ([198.145.29.99]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kl3Sd-0007xN-Jf for linux-arm-kernel@lists.infradead.org; Fri, 04 Dec 2020 05:16:52 +0000 Date: Fri, 4 Dec 2020 07:16:42 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1607059009; bh=MytoTQmK0FWpezBeB0/MIP6XIJc0eGXJUDMWPEVo7PA=; h=From:To:Cc:Subject:References:In-Reply-To:From; b=SuRTAIIUpLjq3GUyKoK3lRf2aP+PaQZ5/PHvW+PdJV9RBOUq4jqvEwmrkzGp23Mdc eHU+vvWSnsIKri9zYinMa5cNfTq7O8qk25EG7K9tHw3MNzJSWMhy4BuJvYtAWx0msc A9UW3vaU51sXDgVCz1Ez1SLfJqsEuk2sgqH6EOS58woJacVBUqlsqVrFI5mvfP6a4C YIVa8iBrmGRX2zXFu2DiXu65vG5IUZExc0SCeKhrmoiQfnToOd3WOOdrfCX8/8WDUg d7kzEaS/3nYG3eBiXmopNWZrEKe/FxTZT/2vZ+nfuQdH9kkAwpGMoyk9DRrXHv+Hwz SB1T4+ZpRwx7Q== From: Jarkko Sakkinen To: Sumit Garg Subject: Re: [PATCH v8 0/4] Introduce TEE based Trusted Keys support Message-ID: <20201204051642.GA154469@kernel.org> References: <1604419306-26105-1-git-send-email-sumit.garg@linaro.org> <20201105050736.GA702944@kernel.org> <20201106145252.GA10434@kernel.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20201106145252.GA10434@kernel.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201204_001651_816431_638EE8E9 X-CRM114-Status: GOOD ( 25.28 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "open list:SECURITY SUBSYSTEM" , Daniel Thompson , op-tee@lists.trustedfirmware.org, Jonathan Corbet , James Bottomley , Janne Karhunen , Linux Doc Mailing List , James Morris , Mimi Zohar , Linux Kernel Mailing List , David Howells , Luke Hinds , "open list:ASYMMETRIC KEYS" , Jarkko Sakkinen , Markus Wamser , Casey Schaufler , linux-integrity@vger.kernel.org, Jens Wiklander , linux-arm-kernel , "Serge E. Hallyn" Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org T24gRnJpLCBOb3YgMDYsIDIwMjAgYXQgMDQ6NTI6NTJQTSArMDIwMCwgSmFya2tvIFNha2tpbmVu IHdyb3RlOgo+IE9uIEZyaSwgTm92IDA2LCAyMDIwIGF0IDAzOjAyOjQxUE0gKzA1MzAsIFN1bWl0 IEdhcmcgd3JvdGU6Cj4gPiBPbiBUaHUsIDUgTm92IDIwMjAgYXQgMTA6MzcsIEphcmtrbyBTYWtr aW5lbiA8amFya2tvQGtlcm5lbC5vcmc+IHdyb3RlOgo+ID4gPgo+ID4gPiBPbiBUdWUsIE5vdiAw MywgMjAyMCBhdCAwOTozMTo0MlBNICswNTMwLCBTdW1pdCBHYXJnIHdyb3RlOgo+ID4gPiA+IEFk ZCBzdXBwb3J0IGZvciBURUUgYmFzZWQgdHJ1c3RlZCBrZXlzIHdoZXJlIFRFRSBwcm92aWRlcyB0 aGUgZnVuY3Rpb25hbGl0eQo+ID4gPiA+IHRvIHNlYWwgYW5kIHVuc2VhbCB0cnVzdGVkIGtleXMg dXNpbmcgaGFyZHdhcmUgdW5pcXVlIGtleS4gQWxzbywgdGhpcyBpcwo+ID4gPiA+IGFuIGFsdGVy bmF0aXZlIGluIGNhc2UgcGxhdGZvcm0gZG9lc24ndCBwb3NzZXNzIGEgVFBNIGRldmljZS4KPiA+ ID4gPgo+ID4gPiA+IFRoaXMgcGF0Y2gtc2V0IGhhcyBiZWVuIHRlc3RlZCB3aXRoIE9QLVRFRSBi YXNlZCBlYXJseSBUQSB3aGljaCBpcyBhbHJlYWR5Cj4gPiA+ID4gbWVyZ2VkIGluIHVwc3RyZWFt IFsxXS4KPiA+ID4KPiA+ID4gSXMgdGhlIG5ldyBSUEk0MDAgY29tcHV0ZXIgYSBwbGF0Zm9ybSB0 aGF0IGNhbiBiZSB1c2VkIGZvciB0ZXN0aW5nCj4gPiA+IHBhdGNoIHNldHMgbGlrZSB0aGlzPyBJ J3ZlIGJlZW4gbG9va2luZyBmb3IgYSB3aGlsZSBzb21ldGhpbmcgQVJNNjQKPiA+ID4gYmFzZWQg d2l0aCBzaW1pbGFyIGNvbnZlbmllbmNlIGFzIEludGVsIE5VQydzLCBhbmQgb24gdGhlIHN1cmZh Y2UKPiA+ID4gdGhpcyBuZXcgUlBJIHByb2R1Y3QgbG9va3MgZ3JlYXQgZm9yIGtlcm5lbCB0ZXN0 aW5nIHB1cnBvc2VzLgo+ID4gCj4gPiBIZXJlIFsxXSBpcyB0aGUgbGlzdCBvZiBzdXBwb3J0ZWQg dmVyc2lvbnMgb2YgUmFzcGJlcnJ5IFBpIGluIE9QLVRFRS4KPiA+IFRoZSBlYXNpZXN0IGFwcHJv YWNoIHdvdWxkIGJlIHRvIHBpY2sgdXAgYSBzdXBwb3J0ZWQgdmVyc2lvbiBvciBlbHNlCj4gPiBk byBhbiBPUC1URUUgcG9ydCBmb3IgYW4gdW5zdXBwb3J0ZWQgb25lICh3aGljaCBzaG91bGQgaW52 b2x2ZSBtaW5pbWFsCj4gPiBlZmZvcnQpLgo+ID4gCj4gPiBbMV0gaHR0cHM6Ly9vcHRlZS5yZWFk dGhlZG9jcy5pby9lbi9sYXRlc3QvYnVpbGRpbmcvZGV2aWNlcy9ycGkzLmh0bWwjd2hhdC12ZXJz aW9ucy1vZi1yYXNwYmVycnktcGktd2lsbC13b3JrCj4gPiAKPiA+IC1TdW1pdAo+IAo+IElmIHBv cnRpbmcgaXMgZG9hYmxlLCB0aGVuIEknbGwganVzdCBvcmRlciBSUEkgNDAwLCBhbmQgdGVzdCB3 aXRoIFFFTVUKPiB1cCB1bnRpbCBlaXRoZXIgSSBwb3J0IE9QLVRFRSBteXNlbGYgb3Igc29tZW9u ZSBlbHNlIGRvZXMgaXQuCj4gCj4gRm9yIHNlbGRvbSBBUk0gdGVzdGluZywgUlBJIDQwMCBpcyBy ZWFsbHkgY29udmVuaWVudCBkZXZpY2Ugd2l0aCBpdHMKPiBib3hlZCBmb3JtIGZhY3Rvci4KCkkn bSBub3cgYSBwcm91ZCBvd25lciBvZiBSYXNwYmVycnkgUGkgNDAwIGhvbWUgY29tcHV0ZXIgOi0p CgpJIGFsc28gZm91bmQgaW5zdHJ1Y3Rpb25zIG9uIGhvdyB0byBib290IGEgY3VzdG9tIE9TIGZy b20gYSBVU0Igc3RpY2s6CgpodHRwczovL3d3dy5yYXNwYmVycnlwaS5vcmcvZG9jdW1lbnRhdGlv bi9oYXJkd2FyZS9yYXNwYmVycnlwaS9ib290bW9kZXMvbXNkLm1kCgpBbHNvLCBteSBmYXZvcml0 ZSBidWlsZCBzeXN0ZW0gQnVpbGRSb290IGhhcyBidW5jaCBvZiBvZiB0aGUgc2hlbGYKY29uZmln czoKCuKenCAgYnVpbGRyb290LXNneCAobWFzdGVyKSDinJQgbHMgLTEgY29uZmlncyB8IGdyZXAg cmFzcGJlcnJ5CnJhc3BiZXJyeXBpMF9kZWZjb25maWcKcmFzcGJlcnJ5cGkwd19kZWZjb25maWcK cmFzcGJlcnJ5cGkyX2RlZmNvbmZpZwpyYXNwYmVycnlwaTNfNjRfZGVmY29uZmlnCnJhc3BiZXJy eXBpM19kZWZjb25maWcKcmFzcGJlcnJ5cGkzX3F0NXdlX2RlZmNvbmZpZwpyYXNwYmVycnlwaTRf NjRfZGVmY29uZmlnCnJhc3BiZXJyeXBpNF9kZWZjb25maWcKcmFzcGJlcnJ5cGlfZGVmY29uZmln CgpJLmUuIEknbSBjYXBhYmxlIG9mIGNvbXBpbGluZyBrZXJuZWwgYW5kIHVzZXIgc3BhY2UgYW5k IGJvb3QgaXQgdXAKd2l0aCBpdC4KCkZ1cnRoZXIsIEkgY2FuIHNlbGVjdCB0aGlzIGNvbXBpbGF0 aW9uIG9wdGlvbjoKCkJSMl9UQVJHRVRfT1BURUVfT1M6ICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIOKUgiAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIOKUgiAgCiAgIE9QLVRFRSBPUyBwcm92aWRlcyB0aGUgc2VjdXJlIHdvcmxkIGJvb3QgaW1h Z2UgYW5kIHRoZSB0cnVzdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIOKUgiAgCiAgIGFwcGxpY2F0aW9uIGRldmVsb3BtZW50IGtpdCBvZiB0aGUgT1AtVEVFIHBy b2plY3QuIE9QLVRFRSBPUyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIOKUgiAgCiAgIGFsc28gcHJvdmlkZXMgZ2VuZXJpYyB0cnVzdGVkIGFwcGxpY2F0aW9uIG9u ZSBjYW4gZW1iZWRkZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIOKUgiAgCiAgIGludG8gaXRzIHN5c3RlbS4gICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIOKUgiAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIOKUgiAgCiAgIGh0dHA6Ly9naXRodWIuY29tL09QLVRFRS9vcHRlZV9vcyAgICAgICAKCklz IHRoYXQgd2hhdCBJIHdhbnQ/IElmIEkgcHV0IHRoaXMgYWxsIHRvZ2V0aGVyIGFuZCBhcHBseSB5 b3VyIHBhdGNoZXMsCnNob3VsZCB0aGUgZXhwZWN0YXRpb24gYmUgdGhhdCBJIGNhbiB1c2UgdHJ1 c3RlZCBrZXlzPwoKUGxlYXNlIG5vdGUgdGhhdCBJIGhhZCBhIGZldyByZW1hcmtzIGFib3V0IHlv dXIgcGF0Y2hlcyAobWlub3IgYnV0IG5lZWQKdG8gYmUgZml4ZWQpLCBidXQgdGhpcyB2ZXJzaW9u IGlzIGFscmVhZHkgc29saWQgZW5vdWdoIGZvciB0ZXN0aW5nLgoKL0phcmtrbwoKX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KbGludXgtYXJtLWtlcm5lbCBt YWlsaW5nIGxpc3QKbGludXgtYXJtLWtlcm5lbEBsaXN0cy5pbmZyYWRlYWQub3JnCmh0dHA6Ly9s aXN0cy5pbmZyYWRlYWQub3JnL21haWxtYW4vbGlzdGluZm8vbGludXgtYXJtLWtlcm5lbAo=