From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-21.6 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 799AFC43381 for ; Thu, 11 Feb 2021 23:35:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 56F3164E44 for ; Thu, 11 Feb 2021 23:35:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230185AbhBKXfY (ORCPT ); Thu, 11 Feb 2021 18:35:24 -0500 Received: from mail.kernel.org ([198.145.29.99]:50246 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229681AbhBKXfT (ORCPT ); Thu, 11 Feb 2021 18:35:19 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id B771564E35; Thu, 11 Feb 2021 23:34:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1613086478; bh=OhfXqokKwEv/WjsUmDKk3QWbxzmrG20LDtIFccogKQU=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=QEWlQ9dWfLaITM25aaeTPOcs5dkq67XP+H2zJi404nv0+SEPlT0moPYzHKddONvFH Va6BYgnumryzkR6Zv65AHJL7egBs3MqgmPmtcXCmMktlDgC0OReMg0Iwq8IYICkXq8 m7MMskvvEvWUF8PYdtjYv99dY5FNBUxmKK0Ti54AEav6DVnfge6XQpeysEcyeV2lvE 7FUJuKQRHg58Q9l0sScSDkqfEdfHIqSS5g7eQIQ8SyJ+xb1cdiIhKHupqE7izt2cX+ mEsiCzGapmWIdDFhX73iIIx0aZSWlviKybGyV2lJBzo7iZZBxbSyAIQOY7m3R7hq/4 BYdpWSUOkDraw== Date: Fri, 12 Feb 2021 01:34:28 +0200 From: Jarkko Sakkinen To: Sumit Garg Cc: Jerome Forissier , "open list:SECURITY SUBSYSTEM" , Daniel Thompson , op-tee@lists.trustedfirmware.org, Jonathan Corbet , James Bottomley , Janne Karhunen , Linux Doc Mailing List , James Morris , Mimi Zohar , Linux Kernel Mailing List , David Howells , Luke Hinds , "open list:ASYMMETRIC KEYS" , Jarkko Sakkinen , Casey Schaufler , linux-integrity@vger.kernel.org, linux-arm-kernel , "Serge E. Hallyn" , dave.hansen@intel.com Subject: Re: [PATCH v8 2/4] KEYS: trusted: Introduce TEE based Trusted Keys Message-ID: References: <01000177223f74d3-1eef7685-4a19-40d2-ace6-d4cd7f35579d-000000@email.amazonses.com> <1486cfe8-bc30-1266-12bd-0049f2b64820@forissier.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org On Mon, Jan 25, 2021 at 02:47:38PM +0530, Sumit Garg wrote: > Hi Jarkko, > > On Fri, 22 Jan 2021 at 23:42, Jarkko Sakkinen wrote: > > > > On Thu, Jan 21, 2021 at 05:23:45PM +0100, Jerome Forissier wrote: > > > > > > > > > On 1/21/21 4:24 PM, Jarkko Sakkinen wrote: > > > > On Thu, Jan 21, 2021 at 05:07:42PM +0200, Jarkko Sakkinen wrote: > > > >> On Thu, Jan 21, 2021 at 09:44:07AM +0100, Jerome Forissier wrote: > > > >>> > > > >>> > > > >>> On 1/21/21 1:02 AM, Jarkko Sakkinen via OP-TEE wrote: > > > >>>> On Wed, Jan 20, 2021 at 12:53:28PM +0530, Sumit Garg wrote: > > > >>>>> On Wed, 20 Jan 2021 at 07:01, Jarkko Sakkinen wrote: > > > >>>>>> > > > >>>>>> On Tue, Jan 19, 2021 at 12:30:42PM +0200, Jarkko Sakkinen wrote: > > > >>>>>>> On Fri, Jan 15, 2021 at 11:32:31AM +0530, Sumit Garg wrote: > > > >>>>>>>> On Thu, 14 Jan 2021 at 07:35, Jarkko Sakkinen wrote: > > > >>>>>>>>> > > > >>>>>>>>> On Wed, Jan 13, 2021 at 04:47:00PM +0530, Sumit Garg wrote: > > > >>>>>>>>>> Hi Jarkko, > > > >>>>>>>>>> > > > >>>>>>>>>> On Mon, 11 Jan 2021 at 22:05, Jarkko Sakkinen wrote: > > > >>>>>>>>>>> > > > >>>>>>>>>>> On Tue, Nov 03, 2020 at 09:31:44PM +0530, Sumit Garg wrote: > > > >>>>>>>>>>>> Add support for TEE based trusted keys where TEE provides the functionality > > > >>>>>>>>>>>> to seal and unseal trusted keys using hardware unique key. > > > >>>>>>>>>>>> > > > >>>>>>>>>>>> Refer to Documentation/tee.txt for detailed information about TEE. > > > >>>>>>>>>>>> > > > >>>>>>>>>>>> Signed-off-by: Sumit Garg > > > >>>>>>>>>>> > > > >>>>>>>>>>> I haven't yet got QEMU environment working with aarch64, this produces > > > >>>>>>>>>>> just a blank screen: > > > >>>>>>>>>>> > > > >>>>>>>>>>> ./output/host/usr/bin/qemu-system-aarch64 -M virt -cpu cortex-a53 -smp 1 -kernel output/images/Image -initrd output/images/rootfs.cpio -serial stdio > > > >>>>>>>>>>> > > > >>>>>>>>>>> My BuildRoot fork for TPM and keyring testing is located over here: > > > >>>>>>>>>>> > > > >>>>>>>>>>> https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/buildroot-tpmdd.git/ > > > >>>>>>>>>>> > > > >>>>>>>>>>> The "ARM version" is at this point in aarch64 branch. Over time I will > > > >>>>>>>>>>> define tpmdd-x86_64 and tpmdd-aarch64 boards and everything will be then > > > >>>>>>>>>>> in the master branch. > > > >>>>>>>>>>> > > > >>>>>>>>>>> To create identical images you just need to > > > >>>>>>>>>>> > > > >>>>>>>>>>> $ make tpmdd_defconfig && make > > > >>>>>>>>>>> > > > >>>>>>>>>>> Can you check if you see anything obviously wrong? I'm eager to test this > > > >>>>>>>>>>> patch set, and in bigger picture I really need to have ready to run > > > >>>>>>>>>>> aarch64 environment available. > > > >>>>>>>>>> > > > >>>>>>>>>> I would rather suggest you to follow steps listed here [1] as to test > > > >>>>>>>>>> this feature on Qemu aarch64 we need to build firmwares such as TF-A, > > > >>>>>>>>>> OP-TEE, UEFI etc. which are all integrated into OP-TEE Qemu build > > > >>>>>>>>>> system [2]. And then it would be easier to migrate them to your > > > >>>>>>>>>> buildroot environment as well. > > > >>>>>>>>>> > > > >>>>>>>>>> [1] https://lists.trustedfirmware.org/pipermail/op-tee/2020-May/000027.html > > > >>>>>>>>>> [2] https://optee.readthedocs.io/en/latest/building/devices/qemu.html#qemu-v8 > > > >>>>>>>>>> > > > >>>>>>>>>> -Sumit > > > >>>>>>>>> > > > >>>>>>>>> Can you provide 'keyctl_change'? Otherwise, the steps are easy to follow. > > > >>>>>>>>> > > > >>>>>>>> > > > >>>>>>>> $ cat keyctl_change > > > >>>>>>>> diff --git a/common.mk b/common.mk > > > >>>>>>>> index aeb7b41..663e528 100644 > > > >>>>>>>> --- a/common.mk > > > >>>>>>>> +++ b/common.mk > > > >>>>>>>> @@ -229,6 +229,7 @@ BR2_PACKAGE_OPTEE_TEST_SDK ?= $(OPTEE_OS_TA_DEV_KIT_DIR) > > > >>>>>>>> BR2_PACKAGE_OPTEE_TEST_SITE ?= $(OPTEE_TEST_PATH) > > > >>>>>>>> BR2_PACKAGE_STRACE ?= y > > > >>>>>>>> BR2_TARGET_GENERIC_GETTY_PORT ?= $(if > > > >>>>>>>> $(CFG_NW_CONSOLE_UART),ttyAMA$(CFG_NW_CONSOLE_UART),ttyAMA0) > > > >>>>>>>> +BR2_PACKAGE_KEYUTILS := y > > > >>>>>>>> > > > >>>>>>>> # All BR2_* variables from the makefile or the environment are appended to > > > >>>>>>>> # ../out-br/extra.conf. All values are quoted "..." except y and n. > > > >>>>>>>> diff --git a/kconfigs/qemu.conf b/kconfigs/qemu.conf > > > >>>>>>>> index 368c18a..832ab74 100644 > > > >>>>>>>> --- a/kconfigs/qemu.conf > > > >>>>>>>> +++ b/kconfigs/qemu.conf > > > >>>>>>>> @@ -20,3 +20,5 @@ CONFIG_9P_FS=y > > > >>>>>>>> CONFIG_9P_FS_POSIX_ACL=y > > > >>>>>>>> CONFIG_HW_RANDOM=y > > > >>>>>>>> CONFIG_HW_RANDOM_VIRTIO=y > > > >>>>>>>> +CONFIG_TRUSTED_KEYS=y > > > >>>>>>>> +CONFIG_ENCRYPTED_KEYS=y > > > >>>>>>>> > > > >>>>>>>>> After I've successfully tested 2/4, I'd suggest that you roll out one more > > > >>>>>>>>> version and CC the documentation patch to Elaine and Mini, and clearly > > > >>>>>>>>> remark in the commit message that TEE is a standard, with a link to the > > > >>>>>>>>> specification. > > > >>>>>>>>> > > > >>>>>>>> > > > >>>>>>>> Sure, I will roll out the next version after your testing. > > > >>>>>>> > > > >>>>>>> Thanks, I'll try this at instant, and give my feedback. > > > >>>>>> > > > >>>>>> I bump into this: > > > >>>>>> > > > >>>>>> $ make run-only > > > >>>>>> ln -sf /home/jarkko/devel/tpm/optee/build/../out-br/images/rootfs.cpio.gz /home/jarkko/devel/tpm/optee/build/../out/bin/ > > > >>>>>> ln: failed to create symbolic link '/home/jarkko/devel/tpm/optee/build/../out/bin/': No such file or directory > > > >>>>>> make: *** [Makefile:194: run-only] Error 1 > > > >>>>>> > > > >>>>> > > > >>>>> Could you check if the following directory tree is built after > > > >>>>> executing the below command? > > > >>>>> > > > >>>>> $ make -j`nproc` > > > >>>>> CFG_IN_TREE_EARLY_TAS=trusted_keys/f04a0fe7-1f5d-4b9b-abf7-619b85b4ce8c > > > >>>>> > > > >>>>> $ tree out/bin/ > > > >>>>> out/bin/ > > > >>>>> ├── bl1.bin -> /home/sumit/build/optee/build/../trusted-firmware-a/build/qemu/release/bl1.bin > > > >>>>> ├── bl2.bin -> /home/sumit/build/optee/build/../trusted-firmware-a/build/qemu/release/bl2.bin > > > >>>>> ├── bl31.bin -> > > > >>>>> /home/sumit/build/optee/build/../trusted-firmware-a/build/qemu/release/bl31.bin > > > >>>>> ├── bl32.bin -> > > > >>>>> /home/sumit/build/optee/build/../optee_os/out/arm/core/tee-header_v2.bin > > > >>>>> ├── bl32_extra1.bin -> > > > >>>>> /home/sumit/build/optee/build/../optee_os/out/arm/core/tee-pager_v2.bin > > > >>>>> ├── bl32_extra2.bin -> > > > >>>>> /home/sumit/build/optee/build/../optee_os/out/arm/core/tee-pageable_v2.bin > > > >>>>> ├── bl33.bin -> > > > >>>>> /home/sumit/build/optee/build/../edk2/Build/ArmVirtQemuKernel-AARCH64/RELEASE_GCC49/FV/QEMU_EFI.fd > > > >>>>> ├── Image -> /home/sumit/build/optee/build/../linux/arch/arm64/boot/Image > > > >>>>> └── rootfs.cpio.gz -> > > > >>>>> /home/sumit/build/optee/build/../out-br/images/rootfs.cpio.gz > > > >>>>> > > > >>>>> 0 directories, 9 files > > > >>>>> > > > >>>>> -Sumit > > > >>>> > > > >>>> I actually spotted a build error that was unnoticed last time: > > > >>>> > > > >>>> make[2]: Entering directory '/home/jarkko/devel/tpm/optee/edk2/BaseTools/Tests' > > > >>>> /bin/sh: 1: python: not found > > > >>>> > > > >>>> I'd prefer not to install Python2. It has been EOL over a year. > > > >>> > > > >>> AFAIK, everything should build fine with Python3. On my Ubuntu 20.04 > > > >>> machine, this is accomplished by installing package "python-is-python3" > > > >>> (after uninstalling "python-is-python2" if need be). > > > >>> > > > >>> $ ls -l /usr/bin/python > > > >>> lrwxrwxrwx 1 root root 7 Apr 15 2020 /usr/bin/python -> python3 > > > >> > > > >> Right, just found about this in unrelated context :-) [*] > > > >> > > > >> Hope this will work out... > > > >> > > > >> [*] https://github.com/surge-synthesizer/surge/pull/3655 > > > > > > > > Now I get > > > > > > > > Traceback (most recent call last): > > > > File "/home/jarkko/Projects/tpm/optee/edk2/BaseTools/Tests/RunTests.py", line 36, in > > > > allTests = GetAllTestsSuite() > > > > File "/home/jarkko/Projects/tpm/optee/edk2/BaseTools/Tests/RunTests.py", line 33, in GetAllTestsSuite > > > > return unittest.TestSuite([GetCTestSuite(), GetPythonTestSuite()]) > > > > File "/home/jarkko/Projects/tpm/optee/edk2/BaseTools/Tests/RunTests.py", line 25, in GetCTestSuite > > > > import CToolsTests > > > > File "/home/jarkko/Projects/tpm/optee/edk2/BaseTools/Tests/CToolsTests.py", line 22, in > > > > import TianoCompress > > > > File "/home/jarkko/Projects/tpm/optee/edk2/BaseTools/Tests/TianoCompress.py", line 69, in > > > > TheTestSuite = TestTools.MakeTheTestSuite(locals()) > > > > File "/home/jarkko/Projects/tpm/optee/edk2/BaseTools/Tests/TestTools.py", line 43, in MakeTheTestSuite > > > > for name, item in localItems.iteritems(): > > > > AttributeError: 'dict' object has no attribute 'iteritems' > > > > > > Right. Same here after removing all traces of Python2 from my system :-/ > > > > > > A couple of fixes are needed: > > > 1. EDK2 needs to be upgraded to tag or later [1] > > > 2. The PYTHON3_ENABLE environment variable needs to be set to TRUE [2] > > > > > > [1] https://github.com/OP-TEE/manifest/pull/177 > > > [2] https://github.com/OP-TEE/build/pull/450 > > > > BTW, Is to *really* impossible to test this with plain BuildRoot. It's > > obvious that this forks BR internally. > > > > I mean even if I get this working once, this will feels like a clumsy way > > to test Aarch64 regularly. I use BuildRoot extensively for x86 testing. And > > it would be nice to be able to start doing regular ARM testing. > > The main reason to guide you towards the OP-TEE build system is that > you will be able to build all the firmwares (TF-A, OP-TEE, edk2 etc.) > from source. If you don't need to rebuild those then I have prepared a > flash firmware binary blob for your testing (attached flash.bin). So > Qemu cmdline will look like: > > $ qemu-system-aarch64 -nographic -s -machine virt,secure=on -cpu > cortex-a57 -kernel out/bin/Image -no-acpi -append > 'console=ttyAMA0,38400 keep_bootcon root=/dev/vda2' -initrd > out/bin/rootfs.cpio.gz -smp 2 -m 1024 -bios flash.bin -d unimp I spentt couple of days to try to get this running. Here's the log: ❯ ./qemu.sh NOTICE: Booting Trusted Firmware NOTICE: BL1: v2.3():v2.3 NOTICE: BL1: Built : 13:28:04, Jan 25 2021 NOTICE: BL1: Booting BL2 NOTICE: BL2: v2.3():v2.3 NOTICE: BL2: Built : 13:28:06, Jan 25 2021 NOTICE: BL1: Booting BL31 NOTICE: BL31: v2.3():v2.3 NOTICE: BL31: Built : 13:28:08, Jan 25 2021 UEFI firmware (version built at 18:49:27 on Nov 18 2019) pflash_write: Write to buffer emulation is flawed pflash_write: Write to buffer emulation is flawed EFI stub: Booting Linux Kernel... EFI stub: Using DTB from configuration table EFI stub: Exiting boot services and installing virtual address map... Booting Linux on physical CPU 0x0000000000 [0x411fd070] Linux version 5.11.0-rc5 (jarkko@suppilovahvero) (aarch64-buildroot-linux-uclibc-gcc.br_real (Buildroot 2021.02-rc1-10-ga72c90b972) 9.3.0, GNU ld (GNU Binutils) 2.35.2) #1 SMP Thu Feb 11 22:04:53 EET 2021 Machine model: linux,dummy-virt efi: EFI v2.70 by EDK II efi: SMBIOS=0x7f520000 SMBIOS 3.0=0x7f500000 MEMATTR=0x7e59b018 MEMRESERVE=0x7c143f18 Zone ranges: DMA [mem 0x0000000040000000-0x000000007fffffff] DMA32 empty Normal empty Movable zone start for each node Early memory node ranges node 0: [mem 0x0000000040000000-0x0000000041ffffff] node 0: [mem 0x0000000042200000-0x000000007be3ffff] node 0: [mem 0x000000007be40000-0x000000007c13ffff] node 0: [mem 0x000000007c140000-0x000000007f41ffff] node 0: [mem 0x000000007f420000-0x000000007f4affff] node 0: [mem 0x000000007f4b0000-0x000000007f4cffff] node 0: [mem 0x000000007f4d0000-0x000000007f5dffff] node 0: [mem 0x000000007f5e0000-0x000000007fffffff] Zeroed struct page in unavailable ranges: 864 pages Initmem setup node 0 [mem 0x0000000040000000-0x000000007fffffff] psci: probing for conduit method from DT. psci: PSCIv1.1 detected in firmware. psci: Using standard PSCI v0.2 function IDs psci: Trusted OS migration not required psci: SMC Calling Convention v1.2 percpu: Embedded 21 pages/cpu s48024 r8192 d29800 u86016 Detected PIPT I-cache on CPU0 CPU features: detected: ARM erratum 832075 CPU features: detected: Spectre-v2 CPU features: detected: ARM errata 1165522, 1319367, or 1530923 Built 1 zonelists, mobility grouping on. Total pages: 257536 Kernel command line: root=/dev/vda rw console=ttyAMA0,115200 Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes, linear) Inode-cache hash table entries: 65536 (order: 7, 524288 bytes, linear) mem auto-init: stack:off, heap alloc:off, heap free:off Memory: 1011284K/1046528K available (6592K kernel code, 804K rwdata, 1460K rodata, 1088K init, 321K bss, 35244K reserved, 0K cma-reserved) SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1 rcu: Hierarchical RCU implementation. rcu: RCU restricting CPUs from NR_CPUS=256 to nr_cpu_ids=1. rcu: RCU calculated value of scheduler-enlistment delay is 25 jiffies. rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=1 NR_IRQS: 64, nr_irqs: 64, preallocated irqs: 0 GICv2m: range[mem 0x08020000-0x08020fff], SPI[80:143] random: get_random_bytes called from start_kernel+0x340/0x53c with crng_init=0 arch_timer: cp15 timer(s) running at 62.50MHz (virt). clocksource: arch_sys_counter: mask: 0xffffffffffffff max_cycles: 0x1cd42e208c, max_idle_ns: 881590405314 ns sched_clock: 56 bits at 62MHz, resolution 16ns, wraps every 4398046511096ns Console: colour dummy device 80x25 Calibrating delay loop (skipped), value calculated using timer frequency.. 125.00 BogoMIPS (lpj=250000) pid_max: default: 32768 minimum: 301 Mount-cache hash table entries: 2048 (order: 2, 16384 bytes, linear) Mountpoint-cache hash table entries: 2048 (order: 2, 16384 bytes, linear) rcu: Hierarchical SRCU implementation. Remapping and enabling EFI services. smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 1 CPU SMP: Total of 1 processors activated. CPU features: detected: 32-bit EL0 Support CPU features: detected: CRC32 instructions CPU: All CPU(s) started at EL1 alternatives: patching kernel code devtmpfs: initialized clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns futex hash table entries: 256 (order: 2, 16384 bytes, linear) SMBIOS 3.0.0 present. DMI: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 NET: Registered protocol family 16 DMA: preallocated 128 KiB GFP_KERNEL pool for atomic allocations DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations hw-breakpoint: found 6 breakpoint and 4 watchpoint registers. ASID allocator initialised with 65536 entries Serial: AMBA PL011 UART driver 9000000.pl011: ttyAMA0 at MMIO 0x9000000 (irq = 46, base_baud = 0) is a PL011 rev1 printk: console [ttyAMA0] enabled iommu: Default domain type: Translated vgaarb: loaded SCSI subsystem initialized Registered efivars operations clocksource: Switched to clocksource arch_sys_counter NET: Registered protocol family 2 tcp_listen_portaddr_hash hash table entries: 512 (order: 1, 8192 bytes, linear) TCP established hash table entries: 8192 (order: 4, 65536 bytes, linear) TCP bind hash table entries: 8192 (order: 5, 131072 bytes, linear) TCP: Hash tables configured (established 8192 bind 8192) UDP hash table entries: 512 (order: 2, 16384 bytes, linear) UDP-Lite hash table entries: 512 (order: 2, 16384 bytes, linear) NET: Registered protocol family 1 PCI: CLS 0 bytes, default 64 hw perfevents: enabled with armv8_pmuv3 PMU driver, 5 counters available workingset: timestamp_bits=62 max_order=18 bucket_order=0 fuse: init (API version 7.33) Block layer SCSI generic (bsg) driver version 0.4 loaded (major 251) io scheduler mq-deadline registered io scheduler kyber registered pci-host-generic 4010000000.pcie: host bridge /pcie@10000000 ranges: pci-host-generic 4010000000.pcie: IO 0x003eff0000..0x003effffff -> 0x0000000000 pci-host-generic 4010000000.pcie: MEM 0x0010000000..0x003efeffff -> 0x0010000000 pci-host-generic 4010000000.pcie: MEM 0x8000000000..0xffffffffff -> 0x8000000000 pci-host-generic 4010000000.pcie: Memory resource size exceeds max for 32 bits pci-host-generic 4010000000.pcie: ECAM at [mem 0x4010000000-0x401fffffff] for [bus 00-ff] pci-host-generic 4010000000.pcie: PCI host bridge to bus 0000:00 pci_bus 0000:00: root bus resource [bus 00-ff] pci_bus 0000:00: root bus resource [io 0x0000-0xffff] pci_bus 0000:00: root bus resource [mem 0x10000000-0x3efeffff] pci_bus 0000:00: root bus resource [mem 0x8000000000-0xffffffffff] pci 0000:00:00.0: [1b36:0008] type 00 class 0x060000 pci 0000:00:01.0: [1af4:1000] type 00 class 0x020000 pci 0000:00:01.0: reg 0x10: [io 0x0080-0x009f] pci 0000:00:01.0: reg 0x14: [mem 0x10001000-0x10001fff] pci 0000:00:01.0: reg 0x20: [mem 0x8000000000-0x8000003fff 64bit pref] pci 0000:00:01.0: reg 0x30: [mem 0xfffc0000-0xffffffff pref] pci 0000:00:02.0: [1af4:1001] type 00 class 0x010000 pci 0000:00:02.0: reg 0x10: [io 0x0000-0x007f] pci 0000:00:02.0: reg 0x14: [mem 0x10000000-0x10000fff] pci 0000:00:02.0: reg 0x20: [mem 0x8000004000-0x8000007fff 64bit pref] pci 0000:00:01.0: BAR 6: assigned [mem 0x10000000-0x1003ffff pref] pci 0000:00:01.0: BAR 4: assigned [mem 0x8000000000-0x8000003fff 64bit pref] pci 0000:00:02.0: BAR 4: assigned [mem 0x8000004000-0x8000007fff 64bit pref] pci 0000:00:01.0: BAR 1: assigned [mem 0x10040000-0x10040fff] pci 0000:00:02.0: BAR 1: assigned [mem 0x10041000-0x10041fff] pci 0000:00:02.0: BAR 0: assigned [io 0x1000-0x107f] pci 0000:00:01.0: BAR 0: assigned [io 0x1080-0x109f] virtio-pci 0000:00:01.0: enabling device (0000 -> 0003) virtio-pci 0000:00:02.0: enabling device (0000 -> 0003) cacheinfo: Unable to detect cache hierarchy for CPU 0 virtio_blk virtio1: [vda] 122880 512-byte logical blocks (62.9 MB/60.0 MiB) SMCCC: SOC_ID: ARCH_FEATURES(ARCH_SOC_ID) returned error: fffffffffffffffd NET: Registered protocol family 10 Segment Routing with IPv6 sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver NET: Registered protocol family 17 NET: Registered protocol family 15 NET: Registered protocol family 40 registered taskstats version 1 EXT4-fs (vda): recovery complete EXT4-fs (vda): mounted filesystem with ordered data mode. Opts: (null). Quota mode: disabled. VFS: Mounted root (ext4 filesystem) on device 254:0. devtmpfs: mounted Freeing unused kernel memory: 1088K Run /sbin/init as init process mount: you must be root mount: you must be root mkdir: can't create directory '/dev/pts': Permission denied mkdir: can't create directory '/dev/shm': Permission denied mount: you must be root hostname: sethostname: Operation not permitted Starting syslogd: OK Starting klogd: OK Running sysctl: OK Initializing random number generator: OK Saving random seed: random: dd: uninitialized urandom read (512 bytes read) OK Starting network: ip: RTNETLINK answers: Operation not permitted ip: SIOCSIFFLAGS: Operation not permitted sed: /proc/mounts: No such file or directory Waiting for interface eth0 to appear............... timeout! run-parts: /etc/network/if-pre-up.d/wait_iface: exit status 1 FAIL can't open /dev/ttyAMA0: Permission denied can't open /dev/ttyAMA0: Permission denied can't open /dev/ttyAMA0: Permission denied can't open /dev/ttyAMA0: Permission denied And it continues... The qemu command I got did not work "as it is" and because I'm neither too proficient with qemu nor aarch64, it took a while to get something usable. This is my current qemu command: qemu-system-aarch64 -nographic -s -machine virt,secure=on -cpu cortex-a57 \ -kernel ~/Projects/tpm/buildroot/output/images/Image \ -no-acpi \ -append 'root=/dev/vda rw console=ttyAMA0,115200 ' \ -drive file=~/Projects/tpm/buildroot/output/images/rootfs.ext4,format=raw \ -smp 1 \ -monitor telnet:127.0.0.1:55555,server,nowait \ -m 1024 -bios ~/Projects/tpm/fw/aarch64-fw.bin -d unimp Then I start QEMU monitor from another terminal with: socat tcp-connect:127.0.0.1:55555 file:`tty`,raw,echo=0 So... what could be the issue with permissions? /Jarkko From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jarkko Sakkinen To: op-tee@lists.trustedfirmware.org Subject: Re: [PATCH v8 2/4] KEYS: trusted: Introduce TEE based Trusted Keys Date: Fri, 12 Feb 2021 01:34:28 +0200 Message-ID: In-Reply-To: < > MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============9138028074944108984==" List-Id: --===============9138028074944108984== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Mon, Jan 25, 2021 at 02:47:38PM +0530, Sumit Garg wrote: > Hi Jarkko, >=20 > On Fri, 22 Jan 2021 at 23:42, Jarkko Sakkinen wrote: > > > > On Thu, Jan 21, 2021 at 05:23:45PM +0100, Jerome Forissier wrote: > > > > > > > > > On 1/21/21 4:24 PM, Jarkko Sakkinen wrote: > > > > On Thu, Jan 21, 2021 at 05:07:42PM +0200, Jarkko Sakkinen wrote: > > > >> On Thu, Jan 21, 2021 at 09:44:07AM +0100, Jerome Forissier wrote: > > > >>> > > > >>> > > > >>> On 1/21/21 1:02 AM, Jarkko Sakkinen via OP-TEE wrote: > > > >>>> On Wed, Jan 20, 2021 at 12:53:28PM +0530, Sumit Garg wrote: > > > >>>>> On Wed, 20 Jan 2021 at 07:01, Jarkko Sakkinen wrote: > > > >>>>>> > > > >>>>>> On Tue, Jan 19, 2021 at 12:30:42PM +0200, Jarkko Sakkinen wrote: > > > >>>>>>> On Fri, Jan 15, 2021 at 11:32:31AM +0530, Sumit Garg wrote: > > > >>>>>>>> On Thu, 14 Jan 2021 at 07:35, Jarkko Sakkinen wrote: > > > >>>>>>>>> > > > >>>>>>>>> On Wed, Jan 13, 2021 at 04:47:00PM +0530, Sumit Garg wrote: > > > >>>>>>>>>> Hi Jarkko, > > > >>>>>>>>>> > > > >>>>>>>>>> On Mon, 11 Jan 2021 at 22:05, Jarkko Sakkinen wrote: > > > >>>>>>>>>>> > > > >>>>>>>>>>> On Tue, Nov 03, 2020 at 09:31:44PM +0530, Sumit Garg wrote: > > > >>>>>>>>>>>> Add support for TEE based trusted keys where TEE provides = the functionality > > > >>>>>>>>>>>> to seal and unseal trusted keys using hardware unique key. > > > >>>>>>>>>>>> > > > >>>>>>>>>>>> Refer to Documentation/tee.txt for detailed information ab= out TEE. > > > >>>>>>>>>>>> > > > >>>>>>>>>>>> Signed-off-by: Sumit Garg > > > >>>>>>>>>>> > > > >>>>>>>>>>> I haven't yet got QEMU environment working with aarch64, th= is produces > > > >>>>>>>>>>> just a blank screen: > > > >>>>>>>>>>> > > > >>>>>>>>>>> ./output/host/usr/bin/qemu-system-aarch64 -M virt -cpu cort= ex-a53 -smp 1 -kernel output/images/Image -initrd output/images/rootfs.cpio -= serial stdio > > > >>>>>>>>>>> > > > >>>>>>>>>>> My BuildRoot fork for TPM and keyring testing is located ov= er here: > > > >>>>>>>>>>> > > > >>>>>>>>>>> https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/buil= droot-tpmdd.git/ > > > >>>>>>>>>>> > > > >>>>>>>>>>> The "ARM version" is at this point in aarch64 branch. Over = time I will > > > >>>>>>>>>>> define tpmdd-x86_64 and tpmdd-aarch64 boards and everything= will be then > > > >>>>>>>>>>> in the master branch. > > > >>>>>>>>>>> > > > >>>>>>>>>>> To create identical images you just need to > > > >>>>>>>>>>> > > > >>>>>>>>>>> $ make tpmdd_defconfig && make > > > >>>>>>>>>>> > > > >>>>>>>>>>> Can you check if you see anything obviously wrong? I'm eage= r to test this > > > >>>>>>>>>>> patch set, and in bigger picture I really need to have read= y to run > > > >>>>>>>>>>> aarch64 environment available. > > > >>>>>>>>>> > > > >>>>>>>>>> I would rather suggest you to follow steps listed here [1] a= s to test > > > >>>>>>>>>> this feature on Qemu aarch64 we need to build firmwares such= as TF-A, > > > >>>>>>>>>> OP-TEE, UEFI etc. which are all integrated into OP-TEE Qemu = build > > > >>>>>>>>>> system [2]. And then it would be easier to migrate them to y= our > > > >>>>>>>>>> buildroot environment as well. > > > >>>>>>>>>> > > > >>>>>>>>>> [1] https://lists.trustedfirmware.org/pipermail/op-tee/2020-= May/000027.html > > > >>>>>>>>>> [2] https://optee.readthedocs.io/en/latest/building/devices/= qemu.html#qemu-v8 > > > >>>>>>>>>> > > > >>>>>>>>>> -Sumit > > > >>>>>>>>> > > > >>>>>>>>> Can you provide 'keyctl_change'? Otherwise, the steps are eas= y to follow. > > > >>>>>>>>> > > > >>>>>>>> > > > >>>>>>>> $ cat keyctl_change > > > >>>>>>>> diff --git a/common.mk b/common.mk > > > >>>>>>>> index aeb7b41..663e528 100644 > > > >>>>>>>> --- a/common.mk > > > >>>>>>>> +++ b/common.mk > > > >>>>>>>> @@ -229,6 +229,7 @@ BR2_PACKAGE_OPTEE_TEST_SDK ?=3D $(OPTEE_OS= _TA_DEV_KIT_DIR) > > > >>>>>>>> BR2_PACKAGE_OPTEE_TEST_SITE ?=3D $(OPTEE_TEST_PATH) > > > >>>>>>>> BR2_PACKAGE_STRACE ?=3D y > > > >>>>>>>> BR2_TARGET_GENERIC_GETTY_PORT ?=3D $(if > > > >>>>>>>> $(CFG_NW_CONSOLE_UART),ttyAMA$(CFG_NW_CONSOLE_UART),ttyAMA0) > > > >>>>>>>> +BR2_PACKAGE_KEYUTILS :=3D y > > > >>>>>>>> > > > >>>>>>>> # All BR2_* variables from the makefile or the environment ar= e appended to > > > >>>>>>>> # ../out-br/extra.conf. All values are quoted "..." except y = and n. > > > >>>>>>>> diff --git a/kconfigs/qemu.conf b/kconfigs/qemu.conf > > > >>>>>>>> index 368c18a..832ab74 100644 > > > >>>>>>>> --- a/kconfigs/qemu.conf > > > >>>>>>>> +++ b/kconfigs/qemu.conf > > > >>>>>>>> @@ -20,3 +20,5 @@ CONFIG_9P_FS=3Dy > > > >>>>>>>> CONFIG_9P_FS_POSIX_ACL=3Dy > > > >>>>>>>> CONFIG_HW_RANDOM=3Dy > > > >>>>>>>> CONFIG_HW_RANDOM_VIRTIO=3Dy > > > >>>>>>>> +CONFIG_TRUSTED_KEYS=3Dy > > > >>>>>>>> +CONFIG_ENCRYPTED_KEYS=3Dy > > > >>>>>>>> > > > >>>>>>>>> After I've successfully tested 2/4, I'd suggest that you roll= out one more > > > >>>>>>>>> version and CC the documentation patch to Elaine and Mini, an= d clearly > > > >>>>>>>>> remark in the commit message that TEE is a standard, with a l= ink to the > > > >>>>>>>>> specification. > > > >>>>>>>>> > > > >>>>>>>> > > > >>>>>>>> Sure, I will roll out the next version after your testing. > > > >>>>>>> > > > >>>>>>> Thanks, I'll try this at instant, and give my feedback. > > > >>>>>> > > > >>>>>> I bump into this: > > > >>>>>> > > > >>>>>> $ make run-only > > > >>>>>> ln -sf /home/jarkko/devel/tpm/optee/build/../out-br/images/rootf= s.cpio.gz /home/jarkko/devel/tpm/optee/build/../out/bin/ > > > >>>>>> ln: failed to create symbolic link '/home/jarkko/devel/tpm/optee= /build/../out/bin/': No such file or directory > > > >>>>>> make: *** [Makefile:194: run-only] Error 1 > > > >>>>>> > > > >>>>> > > > >>>>> Could you check if the following directory tree is built after > > > >>>>> executing the below command? > > > >>>>> > > > >>>>> $ make -j`nproc` > > > >>>>> CFG_IN_TREE_EARLY_TAS=3Dtrusted_keys/f04a0fe7-1f5d-4b9b-abf7-619b= 85b4ce8c > > > >>>>> > > > >>>>> $ tree out/bin/ > > > >>>>> out/bin/ > > > >>>>> =E2=94=9C=E2=94=80=E2=94=80 bl1.bin -> /home/sumit/build/optee/bu= ild/../trusted-firmware-a/build/qemu/release/bl1.bin > > > >>>>> =E2=94=9C=E2=94=80=E2=94=80 bl2.bin -> /home/sumit/build/optee/bu= ild/../trusted-firmware-a/build/qemu/release/bl2.bin > > > >>>>> =E2=94=9C=E2=94=80=E2=94=80 bl31.bin -> > > > >>>>> /home/sumit/build/optee/build/../trusted-firmware-a/build/qemu/re= lease/bl31.bin > > > >>>>> =E2=94=9C=E2=94=80=E2=94=80 bl32.bin -> > > > >>>>> /home/sumit/build/optee/build/../optee_os/out/arm/core/tee-header= _v2.bin > > > >>>>> =E2=94=9C=E2=94=80=E2=94=80 bl32_extra1.bin -> > > > >>>>> /home/sumit/build/optee/build/../optee_os/out/arm/core/tee-pager_= v2.bin > > > >>>>> =E2=94=9C=E2=94=80=E2=94=80 bl32_extra2.bin -> > > > >>>>> /home/sumit/build/optee/build/../optee_os/out/arm/core/tee-pageab= le_v2.bin > > > >>>>> =E2=94=9C=E2=94=80=E2=94=80 bl33.bin -> > > > >>>>> /home/sumit/build/optee/build/../edk2/Build/ArmVirtQemuKernel-AAR= CH64/RELEASE_GCC49/FV/QEMU_EFI.fd > > > >>>>> =E2=94=9C=E2=94=80=E2=94=80 Image -> /home/sumit/build/optee/buil= d/../linux/arch/arm64/boot/Image > > > >>>>> =E2=94=94=E2=94=80=E2=94=80 rootfs.cpio.gz -> > > > >>>>> /home/sumit/build/optee/build/../out-br/images/rootfs.cpio.gz > > > >>>>> > > > >>>>> 0 directories, 9 files > > > >>>>> > > > >>>>> -Sumit > > > >>>> > > > >>>> I actually spotted a build error that was unnoticed last time: > > > >>>> > > > >>>> make[2]: Entering directory '/home/jarkko/devel/tpm/optee/edk2/Bas= eTools/Tests' > > > >>>> /bin/sh: 1: python: not found > > > >>>> > > > >>>> I'd prefer not to install Python2. It has been EOL over a year. > > > >>> > > > >>> AFAIK, everything should build fine with Python3. On my Ubuntu 20.04 > > > >>> machine, this is accomplished by installing package "python-is-pyth= on3" > > > >>> (after uninstalling "python-is-python2" if need be). > > > >>> > > > >>> $ ls -l /usr/bin/python > > > >>> lrwxrwxrwx 1 root root 7 Apr 15 2020 /usr/bin/python -> python3 > > > >> > > > >> Right, just found about this in unrelated context :-) [*] > > > >> > > > >> Hope this will work out... > > > >> > > > >> [*] https://github.com/surge-synthesizer/surge/pull/3655 > > > > > > > > Now I get > > > > > > > > Traceback (most recent call last): > > > > File "/home/jarkko/Projects/tpm/optee/edk2/BaseTools/Tests/RunTests= .py", line 36, in > > > > allTests =3D GetAllTestsSuite() > > > > File "/home/jarkko/Projects/tpm/optee/edk2/BaseTools/Tests/RunTests= .py", line 33, in GetAllTestsSuite > > > > return unittest.TestSuite([GetCTestSuite(), GetPythonTestSuite()]) > > > > File "/home/jarkko/Projects/tpm/optee/edk2/BaseTools/Tests/RunTests= .py", line 25, in GetCTestSuite > > > > import CToolsTests > > > > File "/home/jarkko/Projects/tpm/optee/edk2/BaseTools/Tests/CToolsTe= sts.py", line 22, in > > > > import TianoCompress > > > > File "/home/jarkko/Projects/tpm/optee/edk2/BaseTools/Tests/TianoCom= press.py", line 69, in > > > > TheTestSuite =3D TestTools.MakeTheTestSuite(locals()) > > > > File "/home/jarkko/Projects/tpm/optee/edk2/BaseTools/Tests/TestTool= s.py", line 43, in MakeTheTestSuite > > > > for name, item in localItems.iteritems(): > > > > AttributeError: 'dict' object has no attribute 'iteritems' > > > > > > Right. Same here after removing all traces of Python2 from my system :-/ > > > > > > A couple of fixes are needed: > > > 1. EDK2 needs to be upgraded to tag or later [1] > > > 2. The PYTHON3_ENABLE environment variable needs to be set to TRUE [2] > > > > > > [1] https://github.com/OP-TEE/manifest/pull/177 > > > [2] https://github.com/OP-TEE/build/pull/450 > > > > BTW, Is to *really* impossible to test this with plain BuildRoot. It's > > obvious that this forks BR internally. > > > > I mean even if I get this working once, this will feels like a clumsy way > > to test Aarch64 regularly. I use BuildRoot extensively for x86 testing. A= nd > > it would be nice to be able to start doing regular ARM testing. >=20 > The main reason to guide you towards the OP-TEE build system is that > you will be able to build all the firmwares (TF-A, OP-TEE, edk2 etc.) > from source. If you don't need to rebuild those then I have prepared a > flash firmware binary blob for your testing (attached flash.bin). So > Qemu cmdline will look like: >=20 > $ qemu-system-aarch64 -nographic -s -machine virt,secure=3Don -cpu > cortex-a57 -kernel out/bin/Image -no-acpi -append > 'console=3DttyAMA0,38400 keep_bootcon root=3D/dev/vda2' -initrd > out/bin/rootfs.cpio.gz -smp 2 -m 1024 -bios flash.bin -d unimp I spentt couple of days to try to get this running. Here's the log: =E2=9D=AF ./qemu.sh NOTICE: Booting Trusted Firmware NOTICE: BL1: v2.3():v2.3 NOTICE: BL1: Built : 13:28:04, Jan 25 2021 NOTICE: BL1: Booting BL2 NOTICE: BL2: v2.3():v2.3 NOTICE: BL2: Built : 13:28:06, Jan 25 2021 NOTICE: BL1: Booting BL31 NOTICE: BL31: v2.3():v2.3 NOTICE: BL31: Built : 13:28:08, Jan 25 2021 UEFI firmware (version built at 18:49:27 on Nov 18 2019) pflash_write: Write to buffer emulation is flawed pflash_write: Write to buffer emulation is flawed EFI stub: Booting Linux Kernel... EFI stub: Using DTB from configuration table EFI stub: Exiting boot services and installing virtual address map... Booting Linux on physical CPU 0x0000000000 [0x411fd070] Linux version 5.11.0-rc5 (jarkko(a)suppilovahvero) (aarch64-buildroot-linux-u= clibc-gcc.br_real (Buildroot 2021.02-rc1-10-ga72c90b972) 9.3.0, GNU ld (GNU B= inutils) 2.35.2) #1 SMP Thu Feb 11 22:04:53 EET 2021 Machine model: linux,dummy-virt efi: EFI v2.70 by EDK II efi: SMBIOS=3D0x7f520000 SMBIOS 3.0=3D0x7f500000 MEMATTR=3D0x7e59b018 MEMRESE= RVE=3D0x7c143f18 Zone ranges: DMA [mem 0x0000000040000000-0x000000007fffffff] DMA32 empty Normal empty Movable zone start for each node Early memory node ranges node 0: [mem 0x0000000040000000-0x0000000041ffffff] node 0: [mem 0x0000000042200000-0x000000007be3ffff] node 0: [mem 0x000000007be40000-0x000000007c13ffff] node 0: [mem 0x000000007c140000-0x000000007f41ffff] node 0: [mem 0x000000007f420000-0x000000007f4affff] node 0: [mem 0x000000007f4b0000-0x000000007f4cffff] node 0: [mem 0x000000007f4d0000-0x000000007f5dffff] node 0: [mem 0x000000007f5e0000-0x000000007fffffff] Zeroed struct page in unavailable ranges: 864 pages Initmem setup node 0 [mem 0x0000000040000000-0x000000007fffffff] psci: probing for conduit method from DT. psci: PSCIv1.1 detected in firmware. psci: Using standard PSCI v0.2 function IDs psci: Trusted OS migration not required psci: SMC Calling Convention v1.2 percpu: Embedded 21 pages/cpu s48024 r8192 d29800 u86016 Detected PIPT I-cache on CPU0 CPU features: detected: ARM erratum 832075 CPU features: detected: Spectre-v2 CPU features: detected: ARM errata 1165522, 1319367, or 1530923 Built 1 zonelists, mobility grouping on. Total pages: 257536 Kernel command line: root=3D/dev/vda rw console=3DttyAMA0,115200 Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes, linear) Inode-cache hash table entries: 65536 (order: 7, 524288 bytes, linear) mem auto-init: stack:off, heap alloc:off, heap free:off Memory: 1011284K/1046528K available (6592K kernel code, 804K rwdata, 1460K ro= data, 1088K init, 321K bss, 35244K reserved, 0K cma-reserved) SLUB: HWalign=3D64, Order=3D0-3, MinObjects=3D0, CPUs=3D1, Nodes=3D1 rcu: Hierarchical RCU implementation. rcu: RCU restricting CPUs from NR_CPUS=3D256 to nr_cpu_ids=3D1. rcu: RCU calculated value of scheduler-enlistment delay is 25 jiffies. rcu: Adjusting geometry for rcu_fanout_leaf=3D16, nr_cpu_ids=3D1 NR_IRQS: 64, nr_irqs: 64, preallocated irqs: 0 GICv2m: range[mem 0x08020000-0x08020fff], SPI[80:143] random: get_random_bytes called from start_kernel+0x340/0x53c with crng_init= =3D0 arch_timer: cp15 timer(s) running at 62.50MHz (virt). clocksource: arch_sys_counter: mask: 0xffffffffffffff max_cycles: 0x1cd42e208= c, max_idle_ns: 881590405314 ns sched_clock: 56 bits at 62MHz, resolution 16ns, wraps every 4398046511096ns Console: colour dummy device 80x25 Calibrating delay loop (skipped), value calculated using timer frequency.. 12= 5.00 BogoMIPS (lpj=3D250000) pid_max: default: 32768 minimum: 301 Mount-cache hash table entries: 2048 (order: 2, 16384 bytes, linear) Mountpoint-cache hash table entries: 2048 (order: 2, 16384 bytes, linear) rcu: Hierarchical SRCU implementation. Remapping and enabling EFI services. smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 1 CPU SMP: Total of 1 processors activated. CPU features: detected: 32-bit EL0 Support CPU features: detected: CRC32 instructions CPU: All CPU(s) started at EL1 alternatives: patching kernel code devtmpfs: initialized clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7= 645041785100000 ns futex hash table entries: 256 (order: 2, 16384 bytes, linear) SMBIOS 3.0.0 present. DMI: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 NET: Registered protocol family 16 DMA: preallocated 128 KiB GFP_KERNEL pool for atomic allocations DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations hw-breakpoint: found 6 breakpoint and 4 watchpoint registers. ASID allocator initialised with 65536 entries Serial: AMBA PL011 UART driver 9000000.pl011: ttyAMA0 at MMIO 0x9000000 (irq =3D 46, base_baud =3D 0) is a P= L011 rev1 printk: console [ttyAMA0] enabled iommu: Default domain type: Translated vgaarb: loaded SCSI subsystem initialized Registered efivars operations clocksource: Switched to clocksource arch_sys_counter NET: Registered protocol family 2 tcp_listen_portaddr_hash hash table entries: 512 (order: 1, 8192 bytes, linea= r) TCP established hash table entries: 8192 (order: 4, 65536 bytes, linear) TCP bind hash table entries: 8192 (order: 5, 131072 bytes, linear) TCP: Hash tables configured (established 8192 bind 8192) UDP hash table entries: 512 (order: 2, 16384 bytes, linear) UDP-Lite hash table entries: 512 (order: 2, 16384 bytes, linear) NET: Registered protocol family 1 PCI: CLS 0 bytes, default 64 hw perfevents: enabled with armv8_pmuv3 PMU driver, 5 counters available workingset: timestamp_bits=3D62 max_order=3D18 bucket_order=3D0 fuse: init (API version 7.33) Block layer SCSI generic (bsg) driver version 0.4 loaded (major 251) io scheduler mq-deadline registered io scheduler kyber registered pci-host-generic 4010000000.pcie: host bridge /pcie(a)10000000 ranges: pci-host-generic 4010000000.pcie: IO 0x003eff0000..0x003effffff -> 0x00= 00000000 pci-host-generic 4010000000.pcie: MEM 0x0010000000..0x003efeffff -> 0x00= 10000000 pci-host-generic 4010000000.pcie: MEM 0x8000000000..0xffffffffff -> 0x80= 00000000 pci-host-generic 4010000000.pcie: Memory resource size exceeds max for 32 bits pci-host-generic 4010000000.pcie: ECAM at [mem 0x4010000000-0x401fffffff] for= [bus 00-ff] pci-host-generic 4010000000.pcie: PCI host bridge to bus 0000:00 pci_bus 0000:00: root bus resource [bus 00-ff] pci_bus 0000:00: root bus resource [io 0x0000-0xffff] pci_bus 0000:00: root bus resource [mem 0x10000000-0x3efeffff] pci_bus 0000:00: root bus resource [mem 0x8000000000-0xffffffffff] pci 0000:00:00.0: [1b36:0008] type 00 class 0x060000 pci 0000:00:01.0: [1af4:1000] type 00 class 0x020000 pci 0000:00:01.0: reg 0x10: [io 0x0080-0x009f] pci 0000:00:01.0: reg 0x14: [mem 0x10001000-0x10001fff] pci 0000:00:01.0: reg 0x20: [mem 0x8000000000-0x8000003fff 64bit pref] pci 0000:00:01.0: reg 0x30: [mem 0xfffc0000-0xffffffff pref] pci 0000:00:02.0: [1af4:1001] type 00 class 0x010000 pci 0000:00:02.0: reg 0x10: [io 0x0000-0x007f] pci 0000:00:02.0: reg 0x14: [mem 0x10000000-0x10000fff] pci 0000:00:02.0: reg 0x20: [mem 0x8000004000-0x8000007fff 64bit pref] pci 0000:00:01.0: BAR 6: assigned [mem 0x10000000-0x1003ffff pref] pci 0000:00:01.0: BAR 4: assigned [mem 0x8000000000-0x8000003fff 64bit pref] pci 0000:00:02.0: BAR 4: assigned [mem 0x8000004000-0x8000007fff 64bit pref] pci 0000:00:01.0: BAR 1: assigned [mem 0x10040000-0x10040fff] pci 0000:00:02.0: BAR 1: assigned [mem 0x10041000-0x10041fff] pci 0000:00:02.0: BAR 0: assigned [io 0x1000-0x107f] pci 0000:00:01.0: BAR 0: assigned [io 0x1080-0x109f] virtio-pci 0000:00:01.0: enabling device (0000 -> 0003) virtio-pci 0000:00:02.0: enabling device (0000 -> 0003) cacheinfo: Unable to detect cache hierarchy for CPU 0 virtio_blk virtio1: [vda] 122880 512-byte logical blocks (62.9 MB/60.0 MiB) SMCCC: SOC_ID: ARCH_FEATURES(ARCH_SOC_ID) returned error: fffffffffffffffd NET: Registered protocol family 10 Segment Routing with IPv6 sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver NET: Registered protocol family 17 NET: Registered protocol family 15 NET: Registered protocol family 40 registered taskstats version 1 EXT4-fs (vda): recovery complete EXT4-fs (vda): mounted filesystem with ordered data mode. Opts: (null). Quota= mode: disabled. VFS: Mounted root (ext4 filesystem) on device 254:0. devtmpfs: mounted Freeing unused kernel memory: 1088K Run /sbin/init as init process mount: you must be root mount: you must be root mkdir: can't create directory '/dev/pts': Permission denied mkdir: can't create directory '/dev/shm': Permission denied mount: you must be root hostname: sethostname: Operation not permitted Starting syslogd: OK Starting klogd: OK Running sysctl: OK Initializing random number generator: OK Saving random seed: random: dd: uninitialized urandom read (512 bytes read) OK Starting network: ip: RTNETLINK answers: Operation not permitted ip: SIOCSIFFLAGS: Operation not permitted sed: /proc/mounts: No such file or directory Waiting for interface eth0 to appear............... timeout! run-parts: /etc/network/if-pre-up.d/wait_iface: exit status 1 FAIL can't open /dev/ttyAMA0: Permission denied can't open /dev/ttyAMA0: Permission denied can't open /dev/ttyAMA0: Permission denied can't open /dev/ttyAMA0: Permission denied And it continues... The qemu command I got did not work "as it is" and because I'm neither too proficient with qemu nor aarch64, it took a while to get something usable. This is my current qemu command: qemu-system-aarch64 -nographic -s -machine virt,secure=3Don -cpu cortex-a57 \ -kernel ~/Projects/tpm/buildroot/output/images/Image \ -no-acpi \ -append 'root=3D/dev/vda rw console=3DttyAMA0,115200 ' \ -drive file=3D~/Projects/tpm/buildroot/output/images/root= fs.ext4,format=3Draw \ -smp 1 \ -monitor telnet:127.0.0.1:55555,server,nowait \ -m 1024 -bios ~/Projects/tpm/fw/aarch64-fw.bin -d unimp Then I start QEMU monitor from another terminal with: socat tcp-connect:127.0.0.1:55555 file:`tty`,raw,echo=3D0 So... what could be the issue with permissions? /Jarkko --===============9138028074944108984==-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.6 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 724D1C433DB for ; Thu, 11 Feb 2021 23:35:57 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 2CF9F64E30 for ; Thu, 11 Feb 2021 23:35:57 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2CF9F64E30 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:Message-ID: Subject:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=Q7KEg9JZeory7LfG88GxvTNblZ+2mqfOEvTDyDlixfc=; b=tRNiBQDXhfs9/7VO7cqoZKFvO p7i99F2GG7oVmNx49b+k58n6IamiP257iYocXScD6m5AbWoZorGqwvexSD3e4dAwgPfc9vNskiQtx vOuU8zxcsowwEciMqFfDELR06VJIe34l72O/ccAs3mh98DIOQl2yXzSKPa5KBZm6X60jeP35QKUON MTsmHJhfXnmzcV4OmucmeOoeO0UYAElgEAZ/puNIvsBHoKi2H2dwAYxgfD8q5pu5SWmMqVFJLdf5V 1cKDI9EXJ8B1cdmWYdPQmlPapNUH4VdDqpANSW81R/AuG7MKVkPyqlcSAUwA3SnsM5edYa8tqjGi1 PX57wt08Q==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1lALTu-00033F-4c; Thu, 11 Feb 2021 23:34:42 +0000 Received: from mail.kernel.org ([198.145.29.99]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1lALTr-00032o-Pf for linux-arm-kernel@lists.infradead.org; Thu, 11 Feb 2021 23:34:41 +0000 Received: by mail.kernel.org (Postfix) with ESMTPSA id B771564E35; Thu, 11 Feb 2021 23:34:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1613086478; bh=OhfXqokKwEv/WjsUmDKk3QWbxzmrG20LDtIFccogKQU=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=QEWlQ9dWfLaITM25aaeTPOcs5dkq67XP+H2zJi404nv0+SEPlT0moPYzHKddONvFH Va6BYgnumryzkR6Zv65AHJL7egBs3MqgmPmtcXCmMktlDgC0OReMg0Iwq8IYICkXq8 m7MMskvvEvWUF8PYdtjYv99dY5FNBUxmKK0Ti54AEav6DVnfge6XQpeysEcyeV2lvE 7FUJuKQRHg58Q9l0sScSDkqfEdfHIqSS5g7eQIQ8SyJ+xb1cdiIhKHupqE7izt2cX+ mEsiCzGapmWIdDFhX73iIIx0aZSWlviKybGyV2lJBzo7iZZBxbSyAIQOY7m3R7hq/4 BYdpWSUOkDraw== Date: Fri, 12 Feb 2021 01:34:28 +0200 From: Jarkko Sakkinen To: Sumit Garg Subject: Re: [PATCH v8 2/4] KEYS: trusted: Introduce TEE based Trusted Keys Message-ID: References: <01000177223f74d3-1eef7685-4a19-40d2-ace6-d4cd7f35579d-000000@email.amazonses.com> <1486cfe8-bc30-1266-12bd-0049f2b64820@forissier.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210211_183440_043162_85DDC317 X-CRM114-Status: GOOD ( 44.95 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: dave.hansen@intel.com, Daniel Thompson , Jerome Forissier , Jonathan Corbet , James Bottomley , Janne Karhunen , Linux Doc Mailing List , James Morris , Mimi Zohar , Linux Kernel Mailing List , David Howells , Casey Schaufler , "open list:SECURITY SUBSYSTEM" , op-tee@lists.trustedfirmware.org, "open list:ASYMMETRIC KEYS" , Jarkko Sakkinen , Luke Hinds , linux-integrity@vger.kernel.org, linux-arm-kernel , "Serge E. Hallyn" Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org T24gTW9uLCBKYW4gMjUsIDIwMjEgYXQgMDI6NDc6MzhQTSArMDUzMCwgU3VtaXQgR2FyZyB3cm90 ZToKPiBIaSBKYXJra28sCj4gCj4gT24gRnJpLCAyMiBKYW4gMjAyMSBhdCAyMzo0MiwgSmFya2tv IFNha2tpbmVuIDxqYXJra29Aa2VybmVsLm9yZz4gd3JvdGU6Cj4gPgo+ID4gT24gVGh1LCBKYW4g MjEsIDIwMjEgYXQgMDU6MjM6NDVQTSArMDEwMCwgSmVyb21lIEZvcmlzc2llciB3cm90ZToKPiA+ ID4KPiA+ID4KPiA+ID4gT24gMS8yMS8yMSA0OjI0IFBNLCBKYXJra28gU2Fra2luZW4gd3JvdGU6 Cj4gPiA+ID4gT24gVGh1LCBKYW4gMjEsIDIwMjEgYXQgMDU6MDc6NDJQTSArMDIwMCwgSmFya2tv IFNha2tpbmVuIHdyb3RlOgo+ID4gPiA+PiBPbiBUaHUsIEphbiAyMSwgMjAyMSBhdCAwOTo0NDow N0FNICswMTAwLCBKZXJvbWUgRm9yaXNzaWVyIHdyb3RlOgo+ID4gPiA+Pj4KPiA+ID4gPj4+Cj4g PiA+ID4+PiBPbiAxLzIxLzIxIDE6MDIgQU0sIEphcmtrbyBTYWtraW5lbiB2aWEgT1AtVEVFIHdy b3RlOgo+ID4gPiA+Pj4+IE9uIFdlZCwgSmFuIDIwLCAyMDIxIGF0IDEyOjUzOjI4UE0gKzA1MzAs IFN1bWl0IEdhcmcgd3JvdGU6Cj4gPiA+ID4+Pj4+IE9uIFdlZCwgMjAgSmFuIDIwMjEgYXQgMDc6 MDEsIEphcmtrbyBTYWtraW5lbiA8amFya2tvQGtlcm5lbC5vcmc+IHdyb3RlOgo+ID4gPiA+Pj4+ Pj4KPiA+ID4gPj4+Pj4+IE9uIFR1ZSwgSmFuIDE5LCAyMDIxIGF0IDEyOjMwOjQyUE0gKzAyMDAs IEphcmtrbyBTYWtraW5lbiB3cm90ZToKPiA+ID4gPj4+Pj4+PiBPbiBGcmksIEphbiAxNSwgMjAy MSBhdCAxMTozMjozMUFNICswNTMwLCBTdW1pdCBHYXJnIHdyb3RlOgo+ID4gPiA+Pj4+Pj4+PiBP biBUaHUsIDE0IEphbiAyMDIxIGF0IDA3OjM1LCBKYXJra28gU2Fra2luZW4gPGphcmtrb0BrZXJu ZWwub3JnPiB3cm90ZToKPiA+ID4gPj4+Pj4+Pj4+Cj4gPiA+ID4+Pj4+Pj4+PiBPbiBXZWQsIEph biAxMywgMjAyMSBhdCAwNDo0NzowMFBNICswNTMwLCBTdW1pdCBHYXJnIHdyb3RlOgo+ID4gPiA+ Pj4+Pj4+Pj4+IEhpIEphcmtrbywKPiA+ID4gPj4+Pj4+Pj4+Pgo+ID4gPiA+Pj4+Pj4+Pj4+IE9u IE1vbiwgMTEgSmFuIDIwMjEgYXQgMjI6MDUsIEphcmtrbyBTYWtraW5lbiA8amFya2tvQGtlcm5l bC5vcmc+IHdyb3RlOgo+ID4gPiA+Pj4+Pj4+Pj4+Pgo+ID4gPiA+Pj4+Pj4+Pj4+PiBPbiBUdWUs IE5vdiAwMywgMjAyMCBhdCAwOTozMTo0NFBNICswNTMwLCBTdW1pdCBHYXJnIHdyb3RlOgo+ID4g PiA+Pj4+Pj4+Pj4+Pj4gQWRkIHN1cHBvcnQgZm9yIFRFRSBiYXNlZCB0cnVzdGVkIGtleXMgd2hl cmUgVEVFIHByb3ZpZGVzIHRoZSBmdW5jdGlvbmFsaXR5Cj4gPiA+ID4+Pj4+Pj4+Pj4+PiB0byBz ZWFsIGFuZCB1bnNlYWwgdHJ1c3RlZCBrZXlzIHVzaW5nIGhhcmR3YXJlIHVuaXF1ZSBrZXkuCj4g PiA+ID4+Pj4+Pj4+Pj4+Pgo+ID4gPiA+Pj4+Pj4+Pj4+Pj4gUmVmZXIgdG8gRG9jdW1lbnRhdGlv bi90ZWUudHh0IGZvciBkZXRhaWxlZCBpbmZvcm1hdGlvbiBhYm91dCBURUUuCj4gPiA+ID4+Pj4+ Pj4+Pj4+Pgo+ID4gPiA+Pj4+Pj4+Pj4+Pj4gU2lnbmVkLW9mZi1ieTogU3VtaXQgR2FyZyA8c3Vt aXQuZ2FyZ0BsaW5hcm8ub3JnPgo+ID4gPiA+Pj4+Pj4+Pj4+Pgo+ID4gPiA+Pj4+Pj4+Pj4+PiBJ IGhhdmVuJ3QgeWV0IGdvdCBRRU1VIGVudmlyb25tZW50IHdvcmtpbmcgd2l0aCBhYXJjaDY0LCB0 aGlzIHByb2R1Y2VzCj4gPiA+ID4+Pj4+Pj4+Pj4+IGp1c3QgYSBibGFuayBzY3JlZW46Cj4gPiA+ ID4+Pj4+Pj4+Pj4+Cj4gPiA+ID4+Pj4+Pj4+Pj4+IC4vb3V0cHV0L2hvc3QvdXNyL2Jpbi9xZW11 LXN5c3RlbS1hYXJjaDY0IC1NIHZpcnQgLWNwdSBjb3J0ZXgtYTUzIC1zbXAgMSAta2VybmVsIG91 dHB1dC9pbWFnZXMvSW1hZ2UgLWluaXRyZCBvdXRwdXQvaW1hZ2VzL3Jvb3Rmcy5jcGlvIC1zZXJp YWwgc3RkaW8KPiA+ID4gPj4+Pj4+Pj4+Pj4KPiA+ID4gPj4+Pj4+Pj4+Pj4gTXkgQnVpbGRSb290 IGZvcmsgZm9yIFRQTSBhbmQga2V5cmluZyB0ZXN0aW5nIGlzIGxvY2F0ZWQgb3ZlciBoZXJlOgo+ ID4gPiA+Pj4+Pj4+Pj4+Pgo+ID4gPiA+Pj4+Pj4+Pj4+PiBodHRwczovL2dpdC5rZXJuZWwub3Jn L3B1Yi9zY20vbGludXgva2VybmVsL2dpdC9qYXJra28vYnVpbGRyb290LXRwbWRkLmdpdC8KPiA+ ID4gPj4+Pj4+Pj4+Pj4KPiA+ID4gPj4+Pj4+Pj4+Pj4gVGhlICJBUk0gdmVyc2lvbiIgaXMgYXQg dGhpcyBwb2ludCBpbiBhYXJjaDY0IGJyYW5jaC4gT3ZlciB0aW1lIEkgd2lsbAo+ID4gPiA+Pj4+ Pj4+Pj4+PiBkZWZpbmUgdHBtZGQteDg2XzY0IGFuZCB0cG1kZC1hYXJjaDY0IGJvYXJkcyBhbmQg ZXZlcnl0aGluZyB3aWxsIGJlIHRoZW4KPiA+ID4gPj4+Pj4+Pj4+Pj4gaW4gdGhlIG1hc3RlciBi cmFuY2guCj4gPiA+ID4+Pj4+Pj4+Pj4+Cj4gPiA+ID4+Pj4+Pj4+Pj4+IFRvIGNyZWF0ZSBpZGVu dGljYWwgaW1hZ2VzIHlvdSBqdXN0IG5lZWQgdG8KPiA+ID4gPj4+Pj4+Pj4+Pj4KPiA+ID4gPj4+ Pj4+Pj4+Pj4gJCBtYWtlIHRwbWRkX2RlZmNvbmZpZyAmJiBtYWtlCj4gPiA+ID4+Pj4+Pj4+Pj4+ Cj4gPiA+ID4+Pj4+Pj4+Pj4+IENhbiB5b3UgY2hlY2sgaWYgeW91IHNlZSBhbnl0aGluZyBvYnZp b3VzbHkgd3Jvbmc/IEknbSBlYWdlciB0byB0ZXN0IHRoaXMKPiA+ID4gPj4+Pj4+Pj4+Pj4gcGF0 Y2ggc2V0LCBhbmQgaW4gYmlnZ2VyIHBpY3R1cmUgSSByZWFsbHkgbmVlZCB0byBoYXZlIHJlYWR5 IHRvIHJ1bgo+ID4gPiA+Pj4+Pj4+Pj4+PiBhYXJjaDY0IGVudmlyb25tZW50IGF2YWlsYWJsZS4K PiA+ID4gPj4+Pj4+Pj4+Pgo+ID4gPiA+Pj4+Pj4+Pj4+IEkgd291bGQgcmF0aGVyIHN1Z2dlc3Qg eW91IHRvIGZvbGxvdyBzdGVwcyBsaXN0ZWQgaGVyZSBbMV0gYXMgdG8gdGVzdAo+ID4gPiA+Pj4+ Pj4+Pj4+IHRoaXMgZmVhdHVyZSBvbiBRZW11IGFhcmNoNjQgd2UgbmVlZCB0byBidWlsZCBmaXJt d2FyZXMgc3VjaCBhcyBURi1BLAo+ID4gPiA+Pj4+Pj4+Pj4+IE9QLVRFRSwgVUVGSSBldGMuIHdo aWNoIGFyZSBhbGwgaW50ZWdyYXRlZCBpbnRvIE9QLVRFRSBRZW11IGJ1aWxkCj4gPiA+ID4+Pj4+ Pj4+Pj4gc3lzdGVtIFsyXS4gQW5kIHRoZW4gaXQgd291bGQgYmUgZWFzaWVyIHRvIG1pZ3JhdGUg dGhlbSB0byB5b3VyCj4gPiA+ID4+Pj4+Pj4+Pj4gYnVpbGRyb290IGVudmlyb25tZW50IGFzIHdl bGwuCj4gPiA+ID4+Pj4+Pj4+Pj4KPiA+ID4gPj4+Pj4+Pj4+PiBbMV0gaHR0cHM6Ly9saXN0cy50 cnVzdGVkZmlybXdhcmUub3JnL3BpcGVybWFpbC9vcC10ZWUvMjAyMC1NYXkvMDAwMDI3Lmh0bWwK PiA+ID4gPj4+Pj4+Pj4+PiBbMl0gaHR0cHM6Ly9vcHRlZS5yZWFkdGhlZG9jcy5pby9lbi9sYXRl c3QvYnVpbGRpbmcvZGV2aWNlcy9xZW11Lmh0bWwjcWVtdS12OAo+ID4gPiA+Pj4+Pj4+Pj4+Cj4g PiA+ID4+Pj4+Pj4+Pj4gLVN1bWl0Cj4gPiA+ID4+Pj4+Pj4+Pgo+ID4gPiA+Pj4+Pj4+Pj4gQ2Fu IHlvdSBwcm92aWRlICdrZXljdGxfY2hhbmdlJz8gT3RoZXJ3aXNlLCB0aGUgc3RlcHMgYXJlIGVh c3kgdG8gZm9sbG93Lgo+ID4gPiA+Pj4+Pj4+Pj4KPiA+ID4gPj4+Pj4+Pj4KPiA+ID4gPj4+Pj4+ Pj4gJCBjYXQga2V5Y3RsX2NoYW5nZQo+ID4gPiA+Pj4+Pj4+PiBkaWZmIC0tZ2l0IGEvY29tbW9u Lm1rIGIvY29tbW9uLm1rCj4gPiA+ID4+Pj4+Pj4+IGluZGV4IGFlYjdiNDEuLjY2M2U1MjggMTAw NjQ0Cj4gPiA+ID4+Pj4+Pj4+IC0tLSBhL2NvbW1vbi5tawo+ID4gPiA+Pj4+Pj4+PiArKysgYi9j b21tb24ubWsKPiA+ID4gPj4+Pj4+Pj4gQEAgLTIyOSw2ICsyMjksNyBAQCBCUjJfUEFDS0FHRV9P UFRFRV9URVNUX1NESyA/PSAkKE9QVEVFX09TX1RBX0RFVl9LSVRfRElSKQo+ID4gPiA+Pj4+Pj4+ PiAgQlIyX1BBQ0tBR0VfT1BURUVfVEVTVF9TSVRFID89ICQoT1BURUVfVEVTVF9QQVRIKQo+ID4g PiA+Pj4+Pj4+PiAgQlIyX1BBQ0tBR0VfU1RSQUNFID89IHkKPiA+ID4gPj4+Pj4+Pj4gIEJSMl9U QVJHRVRfR0VORVJJQ19HRVRUWV9QT1JUID89ICQoaWYKPiA+ID4gPj4+Pj4+Pj4gJChDRkdfTldf Q09OU09MRV9VQVJUKSx0dHlBTUEkKENGR19OV19DT05TT0xFX1VBUlQpLHR0eUFNQTApCj4gPiA+ ID4+Pj4+Pj4+ICtCUjJfUEFDS0FHRV9LRVlVVElMUyA6PSB5Cj4gPiA+ID4+Pj4+Pj4+Cj4gPiA+ ID4+Pj4+Pj4+ICAjIEFsbCBCUjJfKiB2YXJpYWJsZXMgZnJvbSB0aGUgbWFrZWZpbGUgb3IgdGhl IGVudmlyb25tZW50IGFyZSBhcHBlbmRlZCB0bwo+ID4gPiA+Pj4+Pj4+PiAgIyAuLi9vdXQtYnIv ZXh0cmEuY29uZi4gQWxsIHZhbHVlcyBhcmUgcXVvdGVkICIuLi4iIGV4Y2VwdCB5IGFuZCBuLgo+ ID4gPiA+Pj4+Pj4+PiBkaWZmIC0tZ2l0IGEva2NvbmZpZ3MvcWVtdS5jb25mIGIva2NvbmZpZ3Mv cWVtdS5jb25mCj4gPiA+ID4+Pj4+Pj4+IGluZGV4IDM2OGMxOGEuLjgzMmFiNzQgMTAwNjQ0Cj4g PiA+ID4+Pj4+Pj4+IC0tLSBhL2tjb25maWdzL3FlbXUuY29uZgo+ID4gPiA+Pj4+Pj4+PiArKysg Yi9rY29uZmlncy9xZW11LmNvbmYKPiA+ID4gPj4+Pj4+Pj4gQEAgLTIwLDMgKzIwLDUgQEAgQ09O RklHXzlQX0ZTPXkKPiA+ID4gPj4+Pj4+Pj4gIENPTkZJR185UF9GU19QT1NJWF9BQ0w9eQo+ID4g PiA+Pj4+Pj4+PiAgQ09ORklHX0hXX1JBTkRPTT15Cj4gPiA+ID4+Pj4+Pj4+ICBDT05GSUdfSFdf UkFORE9NX1ZJUlRJTz15Cj4gPiA+ID4+Pj4+Pj4+ICtDT05GSUdfVFJVU1RFRF9LRVlTPXkKPiA+ ID4gPj4+Pj4+Pj4gK0NPTkZJR19FTkNSWVBURURfS0VZUz15Cj4gPiA+ID4+Pj4+Pj4+Cj4gPiA+ ID4+Pj4+Pj4+PiBBZnRlciBJJ3ZlIHN1Y2Nlc3NmdWxseSB0ZXN0ZWQgMi80LCBJJ2Qgc3VnZ2Vz dCB0aGF0IHlvdSByb2xsIG91dCBvbmUgbW9yZQo+ID4gPiA+Pj4+Pj4+Pj4gdmVyc2lvbiBhbmQg Q0MgdGhlIGRvY3VtZW50YXRpb24gcGF0Y2ggdG8gRWxhaW5lIGFuZCBNaW5pLCBhbmQgY2xlYXJs eQo+ID4gPiA+Pj4+Pj4+Pj4gcmVtYXJrIGluIHRoZSBjb21taXQgbWVzc2FnZSB0aGF0IFRFRSBp cyBhIHN0YW5kYXJkLCB3aXRoIGEgbGluayB0byB0aGUKPiA+ID4gPj4+Pj4+Pj4+IHNwZWNpZmlj YXRpb24uCj4gPiA+ID4+Pj4+Pj4+Pgo+ID4gPiA+Pj4+Pj4+Pgo+ID4gPiA+Pj4+Pj4+PiBTdXJl LCBJIHdpbGwgcm9sbCBvdXQgdGhlIG5leHQgdmVyc2lvbiBhZnRlciB5b3VyIHRlc3RpbmcuCj4g PiA+ID4+Pj4+Pj4KPiA+ID4gPj4+Pj4+PiBUaGFua3MsIEknbGwgdHJ5IHRoaXMgYXQgaW5zdGFu dCwgYW5kIGdpdmUgbXkgZmVlZGJhY2suCj4gPiA+ID4+Pj4+Pgo+ID4gPiA+Pj4+Pj4gSSBidW1w IGludG8gdGhpczoKPiA+ID4gPj4+Pj4+Cj4gPiA+ID4+Pj4+PiAkIG1ha2UgcnVuLW9ubHkKPiA+ ID4gPj4+Pj4+IGxuIC1zZiAvaG9tZS9qYXJra28vZGV2ZWwvdHBtL29wdGVlL2J1aWxkLy4uL291 dC1ici9pbWFnZXMvcm9vdGZzLmNwaW8uZ3ogL2hvbWUvamFya2tvL2RldmVsL3RwbS9vcHRlZS9i dWlsZC8uLi9vdXQvYmluLwo+ID4gPiA+Pj4+Pj4gbG46IGZhaWxlZCB0byBjcmVhdGUgc3ltYm9s aWMgbGluayAnL2hvbWUvamFya2tvL2RldmVsL3RwbS9vcHRlZS9idWlsZC8uLi9vdXQvYmluLyc6 IE5vIHN1Y2ggZmlsZSBvciBkaXJlY3RvcnkKPiA+ID4gPj4+Pj4+IG1ha2U6ICoqKiBbTWFrZWZp bGU6MTk0OiBydW4tb25seV0gRXJyb3IgMQo+ID4gPiA+Pj4+Pj4KPiA+ID4gPj4+Pj4KPiA+ID4g Pj4+Pj4gQ291bGQgeW91IGNoZWNrIGlmIHRoZSBmb2xsb3dpbmcgZGlyZWN0b3J5IHRyZWUgaXMg YnVpbHQgYWZ0ZXIKPiA+ID4gPj4+Pj4gZXhlY3V0aW5nIHRoZSBiZWxvdyBjb21tYW5kPwo+ID4g PiA+Pj4+Pgo+ID4gPiA+Pj4+PiAkIG1ha2UgLWpgbnByb2NgCj4gPiA+ID4+Pj4+IENGR19JTl9U UkVFX0VBUkxZX1RBUz10cnVzdGVkX2tleXMvZjA0YTBmZTctMWY1ZC00YjliLWFiZjctNjE5Yjg1 YjRjZThjCj4gPiA+ID4+Pj4+Cj4gPiA+ID4+Pj4+ICQgdHJlZSBvdXQvYmluLwo+ID4gPiA+Pj4+ PiBvdXQvYmluLwo+ID4gPiA+Pj4+PiDilJzilIDilIAgYmwxLmJpbiAtPiAvaG9tZS9zdW1pdC9i dWlsZC9vcHRlZS9idWlsZC8uLi90cnVzdGVkLWZpcm13YXJlLWEvYnVpbGQvcWVtdS9yZWxlYXNl L2JsMS5iaW4KPiA+ID4gPj4+Pj4g4pSc4pSA4pSAIGJsMi5iaW4gLT4gL2hvbWUvc3VtaXQvYnVp bGQvb3B0ZWUvYnVpbGQvLi4vdHJ1c3RlZC1maXJtd2FyZS1hL2J1aWxkL3FlbXUvcmVsZWFzZS9i bDIuYmluCj4gPiA+ID4+Pj4+IOKUnOKUgOKUgCBibDMxLmJpbiAtPgo+ID4gPiA+Pj4+PiAvaG9t ZS9zdW1pdC9idWlsZC9vcHRlZS9idWlsZC8uLi90cnVzdGVkLWZpcm13YXJlLWEvYnVpbGQvcWVt dS9yZWxlYXNlL2JsMzEuYmluCj4gPiA+ID4+Pj4+IOKUnOKUgOKUgCBibDMyLmJpbiAtPgo+ID4g PiA+Pj4+PiAvaG9tZS9zdW1pdC9idWlsZC9vcHRlZS9idWlsZC8uLi9vcHRlZV9vcy9vdXQvYXJt L2NvcmUvdGVlLWhlYWRlcl92Mi5iaW4KPiA+ID4gPj4+Pj4g4pSc4pSA4pSAIGJsMzJfZXh0cmEx LmJpbiAtPgo+ID4gPiA+Pj4+PiAvaG9tZS9zdW1pdC9idWlsZC9vcHRlZS9idWlsZC8uLi9vcHRl ZV9vcy9vdXQvYXJtL2NvcmUvdGVlLXBhZ2VyX3YyLmJpbgo+ID4gPiA+Pj4+PiDilJzilIDilIAg YmwzMl9leHRyYTIuYmluIC0+Cj4gPiA+ID4+Pj4+IC9ob21lL3N1bWl0L2J1aWxkL29wdGVlL2J1 aWxkLy4uL29wdGVlX29zL291dC9hcm0vY29yZS90ZWUtcGFnZWFibGVfdjIuYmluCj4gPiA+ID4+ Pj4+IOKUnOKUgOKUgCBibDMzLmJpbiAtPgo+ID4gPiA+Pj4+PiAvaG9tZS9zdW1pdC9idWlsZC9v cHRlZS9idWlsZC8uLi9lZGsyL0J1aWxkL0FybVZpcnRRZW11S2VybmVsLUFBUkNINjQvUkVMRUFT RV9HQ0M0OS9GVi9RRU1VX0VGSS5mZAo+ID4gPiA+Pj4+PiDilJzilIDilIAgSW1hZ2UgLT4gL2hv bWUvc3VtaXQvYnVpbGQvb3B0ZWUvYnVpbGQvLi4vbGludXgvYXJjaC9hcm02NC9ib290L0ltYWdl Cj4gPiA+ID4+Pj4+IOKUlOKUgOKUgCByb290ZnMuY3Bpby5neiAtPgo+ID4gPiA+Pj4+PiAvaG9t ZS9zdW1pdC9idWlsZC9vcHRlZS9idWlsZC8uLi9vdXQtYnIvaW1hZ2VzL3Jvb3Rmcy5jcGlvLmd6 Cj4gPiA+ID4+Pj4+Cj4gPiA+ID4+Pj4+IDAgZGlyZWN0b3JpZXMsIDkgZmlsZXMKPiA+ID4gPj4+ Pj4KPiA+ID4gPj4+Pj4gLVN1bWl0Cj4gPiA+ID4+Pj4KPiA+ID4gPj4+PiBJIGFjdHVhbGx5IHNw b3R0ZWQgYSBidWlsZCBlcnJvciB0aGF0IHdhcyB1bm5vdGljZWQgbGFzdCB0aW1lOgo+ID4gPiA+ Pj4+Cj4gPiA+ID4+Pj4gbWFrZVsyXTogRW50ZXJpbmcgZGlyZWN0b3J5ICcvaG9tZS9qYXJra28v ZGV2ZWwvdHBtL29wdGVlL2VkazIvQmFzZVRvb2xzL1Rlc3RzJwo+ID4gPiA+Pj4+IC9iaW4vc2g6 IDE6IHB5dGhvbjogbm90IGZvdW5kCj4gPiA+ID4+Pj4KPiA+ID4gPj4+PiBJJ2QgcHJlZmVyIG5v dCB0byBpbnN0YWxsIFB5dGhvbjIuIEl0IGhhcyBiZWVuIEVPTCBvdmVyIGEgeWVhci4KPiA+ID4g Pj4+Cj4gPiA+ID4+PiBBRkFJSywgZXZlcnl0aGluZyBzaG91bGQgYnVpbGQgZmluZSB3aXRoIFB5 dGhvbjMuIE9uIG15IFVidW50dSAyMC4wNAo+ID4gPiA+Pj4gbWFjaGluZSwgdGhpcyBpcyBhY2Nv bXBsaXNoZWQgYnkgaW5zdGFsbGluZyBwYWNrYWdlICJweXRob24taXMtcHl0aG9uMyIKPiA+ID4g Pj4+IChhZnRlciB1bmluc3RhbGxpbmcgInB5dGhvbi1pcy1weXRob24yIiBpZiBuZWVkIGJlKS4K PiA+ID4gPj4+Cj4gPiA+ID4+PiAkIGxzIC1sIC91c3IvYmluL3B5dGhvbgo+ID4gPiA+Pj4gbHJ3 eHJ3eHJ3eCAxIHJvb3Qgcm9vdCA3IEFwciAxNSAgMjAyMCAvdXNyL2Jpbi9weXRob24gLT4gcHl0 aG9uMwo+ID4gPiA+Pgo+ID4gPiA+PiBSaWdodCwganVzdCBmb3VuZCBhYm91dCB0aGlzIGluIHVu cmVsYXRlZCBjb250ZXh0IDotKSBbKl0KPiA+ID4gPj4KPiA+ID4gPj4gSG9wZSB0aGlzIHdpbGwg d29yayBvdXQuLi4KPiA+ID4gPj4KPiA+ID4gPj4gWypdIGh0dHBzOi8vZ2l0aHViLmNvbS9zdXJn ZS1zeW50aGVzaXplci9zdXJnZS9wdWxsLzM2NTUKPiA+ID4gPgo+ID4gPiA+IE5vdyBJIGdldAo+ ID4gPiA+Cj4gPiA+ID4gVHJhY2ViYWNrIChtb3N0IHJlY2VudCBjYWxsIGxhc3QpOgo+ID4gPiA+ ICAgRmlsZSAiL2hvbWUvamFya2tvL1Byb2plY3RzL3RwbS9vcHRlZS9lZGsyL0Jhc2VUb29scy9U ZXN0cy9SdW5UZXN0cy5weSIsIGxpbmUgMzYsIGluIDxtb2R1bGU+Cj4gPiA+ID4gICAgIGFsbFRl c3RzID0gR2V0QWxsVGVzdHNTdWl0ZSgpCj4gPiA+ID4gICBGaWxlICIvaG9tZS9qYXJra28vUHJv amVjdHMvdHBtL29wdGVlL2VkazIvQmFzZVRvb2xzL1Rlc3RzL1J1blRlc3RzLnB5IiwgbGluZSAz MywgaW4gR2V0QWxsVGVzdHNTdWl0ZQo+ID4gPiA+ICAgICByZXR1cm4gdW5pdHRlc3QuVGVzdFN1 aXRlKFtHZXRDVGVzdFN1aXRlKCksIEdldFB5dGhvblRlc3RTdWl0ZSgpXSkKPiA+ID4gPiAgIEZp bGUgIi9ob21lL2phcmtrby9Qcm9qZWN0cy90cG0vb3B0ZWUvZWRrMi9CYXNlVG9vbHMvVGVzdHMv UnVuVGVzdHMucHkiLCBsaW5lIDI1LCBpbiBHZXRDVGVzdFN1aXRlCj4gPiA+ID4gICAgIGltcG9y dCBDVG9vbHNUZXN0cwo+ID4gPiA+ICAgRmlsZSAiL2hvbWUvamFya2tvL1Byb2plY3RzL3RwbS9v cHRlZS9lZGsyL0Jhc2VUb29scy9UZXN0cy9DVG9vbHNUZXN0cy5weSIsIGxpbmUgMjIsIGluIDxt b2R1bGU+Cj4gPiA+ID4gICAgIGltcG9ydCBUaWFub0NvbXByZXNzCj4gPiA+ID4gICBGaWxlICIv aG9tZS9qYXJra28vUHJvamVjdHMvdHBtL29wdGVlL2VkazIvQmFzZVRvb2xzL1Rlc3RzL1RpYW5v Q29tcHJlc3MucHkiLCBsaW5lIDY5LCBpbiA8bW9kdWxlPgo+ID4gPiA+ICAgICBUaGVUZXN0U3Vp dGUgPSBUZXN0VG9vbHMuTWFrZVRoZVRlc3RTdWl0ZShsb2NhbHMoKSkKPiA+ID4gPiAgIEZpbGUg Ii9ob21lL2phcmtrby9Qcm9qZWN0cy90cG0vb3B0ZWUvZWRrMi9CYXNlVG9vbHMvVGVzdHMvVGVz dFRvb2xzLnB5IiwgbGluZSA0MywgaW4gTWFrZVRoZVRlc3RTdWl0ZQo+ID4gPiA+ICAgICBmb3Ig bmFtZSwgaXRlbSBpbiBsb2NhbEl0ZW1zLml0ZXJpdGVtcygpOgo+ID4gPiA+IEF0dHJpYnV0ZUVy cm9yOiAnZGljdCcgb2JqZWN0IGhhcyBubyBhdHRyaWJ1dGUgJ2l0ZXJpdGVtcycKPiA+ID4KPiA+ ID4gUmlnaHQuIFNhbWUgaGVyZSBhZnRlciByZW1vdmluZyBhbGwgdHJhY2VzIG9mIFB5dGhvbjIg ZnJvbSBteSBzeXN0ZW0gOi0vCj4gPiA+Cj4gPiA+IEEgY291cGxlIG9mIGZpeGVzIGFyZSBuZWVk ZWQ6Cj4gPiA+IDEuIEVESzIgbmVlZHMgdG8gYmUgdXBncmFkZWQgdG8gdGFnIG9yIGxhdGVyIFsx XQo+ID4gPiAyLiBUaGUgUFlUSE9OM19FTkFCTEUgZW52aXJvbm1lbnQgdmFyaWFibGUgbmVlZHMg dG8gYmUgc2V0IHRvIFRSVUUgWzJdCj4gPiA+Cj4gPiA+IFsxXSBodHRwczovL2dpdGh1Yi5jb20v T1AtVEVFL21hbmlmZXN0L3B1bGwvMTc3Cj4gPiA+IFsyXSBodHRwczovL2dpdGh1Yi5jb20vT1At VEVFL2J1aWxkL3B1bGwvNDUwCj4gPgo+ID4gQlRXLCBJcyB0byAqcmVhbGx5KiBpbXBvc3NpYmxl IHRvIHRlc3QgdGhpcyB3aXRoIHBsYWluIEJ1aWxkUm9vdC4gIEl0J3MKPiA+IG9idmlvdXMgdGhh dCB0aGlzIGZvcmtzIEJSIGludGVybmFsbHkuCj4gPgo+ID4gSSBtZWFuIGV2ZW4gaWYgSSBnZXQg dGhpcyB3b3JraW5nIG9uY2UsIHRoaXMgd2lsbCBmZWVscyBsaWtlIGEgY2x1bXN5IHdheQo+ID4g dG8gdGVzdCBBYXJjaDY0IHJlZ3VsYXJseS4gSSB1c2UgQnVpbGRSb290IGV4dGVuc2l2ZWx5IGZv ciB4ODYgdGVzdGluZy4gQW5kCj4gPiBpdCB3b3VsZCBiZSBuaWNlIHRvIGJlIGFibGUgdG8gc3Rh cnQgZG9pbmcgcmVndWxhciBBUk0gdGVzdGluZy4KPiAKPiBUaGUgbWFpbiByZWFzb24gdG8gZ3Vp ZGUgeW91IHRvd2FyZHMgdGhlIE9QLVRFRSBidWlsZCBzeXN0ZW0gaXMgdGhhdAo+IHlvdSB3aWxs IGJlIGFibGUgdG8gYnVpbGQgYWxsIHRoZSBmaXJtd2FyZXMgKFRGLUEsIE9QLVRFRSwgZWRrMiBl dGMuKQo+IGZyb20gc291cmNlLiBJZiB5b3UgZG9uJ3QgbmVlZCB0byByZWJ1aWxkIHRob3NlIHRo ZW4gSSBoYXZlIHByZXBhcmVkIGEKPiBmbGFzaCBmaXJtd2FyZSBiaW5hcnkgYmxvYiBmb3IgeW91 ciB0ZXN0aW5nIChhdHRhY2hlZCBmbGFzaC5iaW4pLiBTbwo+IFFlbXUgY21kbGluZSB3aWxsIGxv b2sgbGlrZToKPiAKPiAkIHFlbXUtc3lzdGVtLWFhcmNoNjQgLW5vZ3JhcGhpYyAtcyAtbWFjaGlu ZSB2aXJ0LHNlY3VyZT1vbiAtY3B1Cj4gY29ydGV4LWE1NyAta2VybmVsIG91dC9iaW4vSW1hZ2Ug LW5vLWFjcGkgLWFwcGVuZAo+ICdjb25zb2xlPXR0eUFNQTAsMzg0MDAga2VlcF9ib290Y29uIHJv b3Q9L2Rldi92ZGEyJyAtaW5pdHJkCj4gb3V0L2Jpbi9yb290ZnMuY3Bpby5neiAtc21wIDIgLW0g MTAyNCAtYmlvcyBmbGFzaC5iaW4gLWQgdW5pbXAKCkkgc3BlbnR0IGNvdXBsZSBvZiBkYXlzIHRv IHRyeSB0byBnZXQgdGhpcyBydW5uaW5nLgoKSGVyZSdzIHRoZSBsb2c6Cgrina8gLi9xZW11LnNo Ck5PVElDRTogIEJvb3RpbmcgVHJ1c3RlZCBGaXJtd2FyZQpOT1RJQ0U6ICBCTDE6IHYyLjMoKTp2 Mi4zCk5PVElDRTogIEJMMTogQnVpbHQgOiAxMzoyODowNCwgSmFuIDI1IDIwMjEKTk9USUNFOiAg QkwxOiBCb290aW5nIEJMMgpOT1RJQ0U6ICBCTDI6IHYyLjMoKTp2Mi4zCk5PVElDRTogIEJMMjog QnVpbHQgOiAxMzoyODowNiwgSmFuIDI1IDIwMjEKTk9USUNFOiAgQkwxOiBCb290aW5nIEJMMzEK Tk9USUNFOiAgQkwzMTogdjIuMygpOnYyLjMKTk9USUNFOiAgQkwzMTogQnVpbHQgOiAxMzoyODow OCwgSmFuIDI1IDIwMjEKVUVGSSBmaXJtd2FyZSAodmVyc2lvbiAgYnVpbHQgYXQgMTg6NDk6Mjcg b24gTm92IDE4IDIwMTkpCnBmbGFzaF93cml0ZTogV3JpdGUgdG8gYnVmZmVyIGVtdWxhdGlvbiBp cyBmbGF3ZWQKcGZsYXNoX3dyaXRlOiBXcml0ZSB0byBidWZmZXIgZW11bGF0aW9uIGlzIGZsYXdl ZApFRkkgc3R1YjogQm9vdGluZyBMaW51eCBLZXJuZWwuLi4KRUZJIHN0dWI6IFVzaW5nIERUQiBm cm9tIGNvbmZpZ3VyYXRpb24gdGFibGUKRUZJIHN0dWI6IEV4aXRpbmcgYm9vdCBzZXJ2aWNlcyBh bmQgaW5zdGFsbGluZyB2aXJ0dWFsIGFkZHJlc3MgbWFwLi4uCkJvb3RpbmcgTGludXggb24gcGh5 c2ljYWwgQ1BVIDB4MDAwMDAwMDAwMCBbMHg0MTFmZDA3MF0KTGludXggdmVyc2lvbiA1LjExLjAt cmM1IChqYXJra29Ac3VwcGlsb3ZhaHZlcm8pIChhYXJjaDY0LWJ1aWxkcm9vdC1saW51eC11Y2xp YmMtZ2NjLmJyX3JlYWwgKEJ1aWxkcm9vdCAyMDIxLjAyLXJjMS0xMC1nYTcyYzkwYjk3MikgOS4z LjAsIEdOVSBsZCAoR05VIEJpbnV0aWxzKSAyLjM1LjIpICMxIFNNUCBUaHUgRmViIDExIDIyOjA0 OjUzIEVFVCAyMDIxCk1hY2hpbmUgbW9kZWw6IGxpbnV4LGR1bW15LXZpcnQKZWZpOiBFRkkgdjIu NzAgYnkgRURLIElJCmVmaTogU01CSU9TPTB4N2Y1MjAwMDAgU01CSU9TIDMuMD0weDdmNTAwMDAw IE1FTUFUVFI9MHg3ZTU5YjAxOCBNRU1SRVNFUlZFPTB4N2MxNDNmMTgKWm9uZSByYW5nZXM6CiAg RE1BICAgICAgW21lbSAweDAwMDAwMDAwNDAwMDAwMDAtMHgwMDAwMDAwMDdmZmZmZmZmXQogIERN QTMyICAgIGVtcHR5CiAgTm9ybWFsICAgZW1wdHkKTW92YWJsZSB6b25lIHN0YXJ0IGZvciBlYWNo IG5vZGUKRWFybHkgbWVtb3J5IG5vZGUgcmFuZ2VzCiAgbm9kZSAgIDA6IFttZW0gMHgwMDAwMDAw MDQwMDAwMDAwLTB4MDAwMDAwMDA0MWZmZmZmZl0KICBub2RlICAgMDogW21lbSAweDAwMDAwMDAw NDIyMDAwMDAtMHgwMDAwMDAwMDdiZTNmZmZmXQogIG5vZGUgICAwOiBbbWVtIDB4MDAwMDAwMDA3 YmU0MDAwMC0weDAwMDAwMDAwN2MxM2ZmZmZdCiAgbm9kZSAgIDA6IFttZW0gMHgwMDAwMDAwMDdj MTQwMDAwLTB4MDAwMDAwMDA3ZjQxZmZmZl0KICBub2RlICAgMDogW21lbSAweDAwMDAwMDAwN2Y0 MjAwMDAtMHgwMDAwMDAwMDdmNGFmZmZmXQogIG5vZGUgICAwOiBbbWVtIDB4MDAwMDAwMDA3ZjRi MDAwMC0weDAwMDAwMDAwN2Y0Y2ZmZmZdCiAgbm9kZSAgIDA6IFttZW0gMHgwMDAwMDAwMDdmNGQw MDAwLTB4MDAwMDAwMDA3ZjVkZmZmZl0KICBub2RlICAgMDogW21lbSAweDAwMDAwMDAwN2Y1ZTAw MDAtMHgwMDAwMDAwMDdmZmZmZmZmXQpaZXJvZWQgc3RydWN0IHBhZ2UgaW4gdW5hdmFpbGFibGUg cmFuZ2VzOiA4NjQgcGFnZXMKSW5pdG1lbSBzZXR1cCBub2RlIDAgW21lbSAweDAwMDAwMDAwNDAw MDAwMDAtMHgwMDAwMDAwMDdmZmZmZmZmXQpwc2NpOiBwcm9iaW5nIGZvciBjb25kdWl0IG1ldGhv ZCBmcm9tIERULgpwc2NpOiBQU0NJdjEuMSBkZXRlY3RlZCBpbiBmaXJtd2FyZS4KcHNjaTogVXNp bmcgc3RhbmRhcmQgUFNDSSB2MC4yIGZ1bmN0aW9uIElEcwpwc2NpOiBUcnVzdGVkIE9TIG1pZ3Jh dGlvbiBub3QgcmVxdWlyZWQKcHNjaTogU01DIENhbGxpbmcgQ29udmVudGlvbiB2MS4yCnBlcmNw dTogRW1iZWRkZWQgMjEgcGFnZXMvY3B1IHM0ODAyNCByODE5MiBkMjk4MDAgdTg2MDE2CkRldGVj dGVkIFBJUFQgSS1jYWNoZSBvbiBDUFUwCkNQVSBmZWF0dXJlczogZGV0ZWN0ZWQ6IEFSTSBlcnJh dHVtIDgzMjA3NQpDUFUgZmVhdHVyZXM6IGRldGVjdGVkOiBTcGVjdHJlLXYyCkNQVSBmZWF0dXJl czogZGV0ZWN0ZWQ6IEFSTSBlcnJhdGEgMTE2NTUyMiwgMTMxOTM2Nywgb3IgMTUzMDkyMwpCdWls dCAxIHpvbmVsaXN0cywgbW9iaWxpdHkgZ3JvdXBpbmcgb24uICBUb3RhbCBwYWdlczogMjU3NTM2 Cktlcm5lbCBjb21tYW5kIGxpbmU6IHJvb3Q9L2Rldi92ZGEgcncgY29uc29sZT10dHlBTUEwLDEx NTIwMApEZW50cnkgY2FjaGUgaGFzaCB0YWJsZSBlbnRyaWVzOiAxMzEwNzIgKG9yZGVyOiA4LCAx MDQ4NTc2IGJ5dGVzLCBsaW5lYXIpCklub2RlLWNhY2hlIGhhc2ggdGFibGUgZW50cmllczogNjU1 MzYgKG9yZGVyOiA3LCA1MjQyODggYnl0ZXMsIGxpbmVhcikKbWVtIGF1dG8taW5pdDogc3RhY2s6 b2ZmLCBoZWFwIGFsbG9jOm9mZiwgaGVhcCBmcmVlOm9mZgpNZW1vcnk6IDEwMTEyODRLLzEwNDY1 MjhLIGF2YWlsYWJsZSAoNjU5Mksga2VybmVsIGNvZGUsIDgwNEsgcndkYXRhLCAxNDYwSyByb2Rh dGEsIDEwODhLIGluaXQsIDMyMUsgYnNzLCAzNTI0NEsgcmVzZXJ2ZWQsIDBLIGNtYS1yZXNlcnZl ZCkKU0xVQjogSFdhbGlnbj02NCwgT3JkZXI9MC0zLCBNaW5PYmplY3RzPTAsIENQVXM9MSwgTm9k ZXM9MQpyY3U6IEhpZXJhcmNoaWNhbCBSQ1UgaW1wbGVtZW50YXRpb24uCnJjdTogICAgUkNVIHJl c3RyaWN0aW5nIENQVXMgZnJvbSBOUl9DUFVTPTI1NiB0byBucl9jcHVfaWRzPTEuCnJjdTogUkNV IGNhbGN1bGF0ZWQgdmFsdWUgb2Ygc2NoZWR1bGVyLWVubGlzdG1lbnQgZGVsYXkgaXMgMjUgamlm Zmllcy4KcmN1OiBBZGp1c3RpbmcgZ2VvbWV0cnkgZm9yIHJjdV9mYW5vdXRfbGVhZj0xNiwgbnJf Y3B1X2lkcz0xCk5SX0lSUVM6IDY0LCBucl9pcnFzOiA2NCwgcHJlYWxsb2NhdGVkIGlycXM6IDAK R0lDdjJtOiByYW5nZVttZW0gMHgwODAyMDAwMC0weDA4MDIwZmZmXSwgU1BJWzgwOjE0M10KcmFu ZG9tOiBnZXRfcmFuZG9tX2J5dGVzIGNhbGxlZCBmcm9tIHN0YXJ0X2tlcm5lbCsweDM0MC8weDUz YyB3aXRoIGNybmdfaW5pdD0wCmFyY2hfdGltZXI6IGNwMTUgdGltZXIocykgcnVubmluZyBhdCA2 Mi41ME1IeiAodmlydCkuCmNsb2Nrc291cmNlOiBhcmNoX3N5c19jb3VudGVyOiBtYXNrOiAweGZm ZmZmZmZmZmZmZmZmIG1heF9jeWNsZXM6IDB4MWNkNDJlMjA4YywgbWF4X2lkbGVfbnM6IDg4MTU5 MDQwNTMxNCBucwpzY2hlZF9jbG9jazogNTYgYml0cyBhdCA2Mk1IeiwgcmVzb2x1dGlvbiAxNm5z LCB3cmFwcyBldmVyeSA0Mzk4MDQ2NTExMDk2bnMKQ29uc29sZTogY29sb3VyIGR1bW15IGRldmlj ZSA4MHgyNQpDYWxpYnJhdGluZyBkZWxheSBsb29wIChza2lwcGVkKSwgdmFsdWUgY2FsY3VsYXRl ZCB1c2luZyB0aW1lciBmcmVxdWVuY3kuLiAxMjUuMDAgQm9nb01JUFMgKGxwaj0yNTAwMDApCnBp ZF9tYXg6IGRlZmF1bHQ6IDMyNzY4IG1pbmltdW06IDMwMQpNb3VudC1jYWNoZSBoYXNoIHRhYmxl IGVudHJpZXM6IDIwNDggKG9yZGVyOiAyLCAxNjM4NCBieXRlcywgbGluZWFyKQpNb3VudHBvaW50 LWNhY2hlIGhhc2ggdGFibGUgZW50cmllczogMjA0OCAob3JkZXI6IDIsIDE2Mzg0IGJ5dGVzLCBs aW5lYXIpCnJjdTogSGllcmFyY2hpY2FsIFNSQ1UgaW1wbGVtZW50YXRpb24uClJlbWFwcGluZyBh bmQgZW5hYmxpbmcgRUZJIHNlcnZpY2VzLgpzbXA6IEJyaW5naW5nIHVwIHNlY29uZGFyeSBDUFVz IC4uLgpzbXA6IEJyb3VnaHQgdXAgMSBub2RlLCAxIENQVQpTTVA6IFRvdGFsIG9mIDEgcHJvY2Vz c29ycyBhY3RpdmF0ZWQuCkNQVSBmZWF0dXJlczogZGV0ZWN0ZWQ6IDMyLWJpdCBFTDAgU3VwcG9y dApDUFUgZmVhdHVyZXM6IGRldGVjdGVkOiBDUkMzMiBpbnN0cnVjdGlvbnMKQ1BVOiBBbGwgQ1BV KHMpIHN0YXJ0ZWQgYXQgRUwxCmFsdGVybmF0aXZlczogcGF0Y2hpbmcga2VybmVsIGNvZGUKZGV2 dG1wZnM6IGluaXRpYWxpemVkCmNsb2Nrc291cmNlOiBqaWZmaWVzOiBtYXNrOiAweGZmZmZmZmZm IG1heF9jeWNsZXM6IDB4ZmZmZmZmZmYsIG1heF9pZGxlX25zOiA3NjQ1MDQxNzg1MTAwMDAwIG5z CmZ1dGV4IGhhc2ggdGFibGUgZW50cmllczogMjU2IChvcmRlcjogMiwgMTYzODQgYnl0ZXMsIGxp bmVhcikKU01CSU9TIDMuMC4wIHByZXNlbnQuCkRNSTogUUVNVSBRRU1VIFZpcnR1YWwgTWFjaGlu ZSwgQklPUyAwLjAuMCAwMi8wNi8yMDE1Ck5FVDogUmVnaXN0ZXJlZCBwcm90b2NvbCBmYW1pbHkg MTYKRE1BOiBwcmVhbGxvY2F0ZWQgMTI4IEtpQiBHRlBfS0VSTkVMIHBvb2wgZm9yIGF0b21pYyBh bGxvY2F0aW9ucwpETUE6IHByZWFsbG9jYXRlZCAxMjggS2lCIEdGUF9LRVJORUx8R0ZQX0RNQSBw b29sIGZvciBhdG9taWMgYWxsb2NhdGlvbnMKRE1BOiBwcmVhbGxvY2F0ZWQgMTI4IEtpQiBHRlBf S0VSTkVMfEdGUF9ETUEzMiBwb29sIGZvciBhdG9taWMgYWxsb2NhdGlvbnMKaHctYnJlYWtwb2lu dDogZm91bmQgNiBicmVha3BvaW50IGFuZCA0IHdhdGNocG9pbnQgcmVnaXN0ZXJzLgpBU0lEIGFs bG9jYXRvciBpbml0aWFsaXNlZCB3aXRoIDY1NTM2IGVudHJpZXMKU2VyaWFsOiBBTUJBIFBMMDEx IFVBUlQgZHJpdmVyCjkwMDAwMDAucGwwMTE6IHR0eUFNQTAgYXQgTU1JTyAweDkwMDAwMDAgKGly cSA9IDQ2LCBiYXNlX2JhdWQgPSAwKSBpcyBhIFBMMDExIHJldjEKcHJpbnRrOiBjb25zb2xlIFt0 dHlBTUEwXSBlbmFibGVkCmlvbW11OiBEZWZhdWx0IGRvbWFpbiB0eXBlOiBUcmFuc2xhdGVkCnZn YWFyYjogbG9hZGVkClNDU0kgc3Vic3lzdGVtIGluaXRpYWxpemVkClJlZ2lzdGVyZWQgZWZpdmFy cyBvcGVyYXRpb25zCmNsb2Nrc291cmNlOiBTd2l0Y2hlZCB0byBjbG9ja3NvdXJjZSBhcmNoX3N5 c19jb3VudGVyCk5FVDogUmVnaXN0ZXJlZCBwcm90b2NvbCBmYW1pbHkgMgp0Y3BfbGlzdGVuX3Bv cnRhZGRyX2hhc2ggaGFzaCB0YWJsZSBlbnRyaWVzOiA1MTIgKG9yZGVyOiAxLCA4MTkyIGJ5dGVz LCBsaW5lYXIpClRDUCBlc3RhYmxpc2hlZCBoYXNoIHRhYmxlIGVudHJpZXM6IDgxOTIgKG9yZGVy OiA0LCA2NTUzNiBieXRlcywgbGluZWFyKQpUQ1AgYmluZCBoYXNoIHRhYmxlIGVudHJpZXM6IDgx OTIgKG9yZGVyOiA1LCAxMzEwNzIgYnl0ZXMsIGxpbmVhcikKVENQOiBIYXNoIHRhYmxlcyBjb25m aWd1cmVkIChlc3RhYmxpc2hlZCA4MTkyIGJpbmQgODE5MikKVURQIGhhc2ggdGFibGUgZW50cmll czogNTEyIChvcmRlcjogMiwgMTYzODQgYnl0ZXMsIGxpbmVhcikKVURQLUxpdGUgaGFzaCB0YWJs ZSBlbnRyaWVzOiA1MTIgKG9yZGVyOiAyLCAxNjM4NCBieXRlcywgbGluZWFyKQpORVQ6IFJlZ2lz dGVyZWQgcHJvdG9jb2wgZmFtaWx5IDEKUENJOiBDTFMgMCBieXRlcywgZGVmYXVsdCA2NApodyBw ZXJmZXZlbnRzOiBlbmFibGVkIHdpdGggYXJtdjhfcG11djMgUE1VIGRyaXZlciwgNSBjb3VudGVy cyBhdmFpbGFibGUKd29ya2luZ3NldDogdGltZXN0YW1wX2JpdHM9NjIgbWF4X29yZGVyPTE4IGJ1 Y2tldF9vcmRlcj0wCmZ1c2U6IGluaXQgKEFQSSB2ZXJzaW9uIDcuMzMpCkJsb2NrIGxheWVyIFND U0kgZ2VuZXJpYyAoYnNnKSBkcml2ZXIgdmVyc2lvbiAwLjQgbG9hZGVkIChtYWpvciAyNTEpCmlv IHNjaGVkdWxlciBtcS1kZWFkbGluZSByZWdpc3RlcmVkCmlvIHNjaGVkdWxlciBreWJlciByZWdp c3RlcmVkCnBjaS1ob3N0LWdlbmVyaWMgNDAxMDAwMDAwMC5wY2llOiBob3N0IGJyaWRnZSAvcGNp ZUAxMDAwMDAwMCByYW5nZXM6CnBjaS1ob3N0LWdlbmVyaWMgNDAxMDAwMDAwMC5wY2llOiAgICAg ICBJTyAweDAwM2VmZjAwMDAuLjB4MDAzZWZmZmZmZiAtPiAweDAwMDAwMDAwMDAKcGNpLWhvc3Qt Z2VuZXJpYyA0MDEwMDAwMDAwLnBjaWU6ICAgICAgTUVNIDB4MDAxMDAwMDAwMC4uMHgwMDNlZmVm ZmZmIC0+IDB4MDAxMDAwMDAwMApwY2ktaG9zdC1nZW5lcmljIDQwMTAwMDAwMDAucGNpZTogICAg ICBNRU0gMHg4MDAwMDAwMDAwLi4weGZmZmZmZmZmZmYgLT4gMHg4MDAwMDAwMDAwCnBjaS1ob3N0 LWdlbmVyaWMgNDAxMDAwMDAwMC5wY2llOiBNZW1vcnkgcmVzb3VyY2Ugc2l6ZSBleGNlZWRzIG1h eCBmb3IgMzIgYml0cwpwY2ktaG9zdC1nZW5lcmljIDQwMTAwMDAwMDAucGNpZTogRUNBTSBhdCBb bWVtIDB4NDAxMDAwMDAwMC0weDQwMWZmZmZmZmZdIGZvciBbYnVzIDAwLWZmXQpwY2ktaG9zdC1n ZW5lcmljIDQwMTAwMDAwMDAucGNpZTogUENJIGhvc3QgYnJpZGdlIHRvIGJ1cyAwMDAwOjAwCnBj aV9idXMgMDAwMDowMDogcm9vdCBidXMgcmVzb3VyY2UgW2J1cyAwMC1mZl0KcGNpX2J1cyAwMDAw OjAwOiByb290IGJ1cyByZXNvdXJjZSBbaW8gIDB4MDAwMC0weGZmZmZdCnBjaV9idXMgMDAwMDow MDogcm9vdCBidXMgcmVzb3VyY2UgW21lbSAweDEwMDAwMDAwLTB4M2VmZWZmZmZdCnBjaV9idXMg MDAwMDowMDogcm9vdCBidXMgcmVzb3VyY2UgW21lbSAweDgwMDAwMDAwMDAtMHhmZmZmZmZmZmZm XQpwY2kgMDAwMDowMDowMC4wOiBbMWIzNjowMDA4XSB0eXBlIDAwIGNsYXNzIDB4MDYwMDAwCnBj aSAwMDAwOjAwOjAxLjA6IFsxYWY0OjEwMDBdIHR5cGUgMDAgY2xhc3MgMHgwMjAwMDAKcGNpIDAw MDA6MDA6MDEuMDogcmVnIDB4MTA6IFtpbyAgMHgwMDgwLTB4MDA5Zl0KcGNpIDAwMDA6MDA6MDEu MDogcmVnIDB4MTQ6IFttZW0gMHgxMDAwMTAwMC0weDEwMDAxZmZmXQpwY2kgMDAwMDowMDowMS4w OiByZWcgMHgyMDogW21lbSAweDgwMDAwMDAwMDAtMHg4MDAwMDAzZmZmIDY0Yml0IHByZWZdCnBj aSAwMDAwOjAwOjAxLjA6IHJlZyAweDMwOiBbbWVtIDB4ZmZmYzAwMDAtMHhmZmZmZmZmZiBwcmVm XQpwY2kgMDAwMDowMDowMi4wOiBbMWFmNDoxMDAxXSB0eXBlIDAwIGNsYXNzIDB4MDEwMDAwCnBj aSAwMDAwOjAwOjAyLjA6IHJlZyAweDEwOiBbaW8gIDB4MDAwMC0weDAwN2ZdCnBjaSAwMDAwOjAw OjAyLjA6IHJlZyAweDE0OiBbbWVtIDB4MTAwMDAwMDAtMHgxMDAwMGZmZl0KcGNpIDAwMDA6MDA6 MDIuMDogcmVnIDB4MjA6IFttZW0gMHg4MDAwMDA0MDAwLTB4ODAwMDAwN2ZmZiA2NGJpdCBwcmVm XQpwY2kgMDAwMDowMDowMS4wOiBCQVIgNjogYXNzaWduZWQgW21lbSAweDEwMDAwMDAwLTB4MTAw M2ZmZmYgcHJlZl0KcGNpIDAwMDA6MDA6MDEuMDogQkFSIDQ6IGFzc2lnbmVkIFttZW0gMHg4MDAw MDAwMDAwLTB4ODAwMDAwM2ZmZiA2NGJpdCBwcmVmXQpwY2kgMDAwMDowMDowMi4wOiBCQVIgNDog YXNzaWduZWQgW21lbSAweDgwMDAwMDQwMDAtMHg4MDAwMDA3ZmZmIDY0Yml0IHByZWZdCnBjaSAw MDAwOjAwOjAxLjA6IEJBUiAxOiBhc3NpZ25lZCBbbWVtIDB4MTAwNDAwMDAtMHgxMDA0MGZmZl0K cGNpIDAwMDA6MDA6MDIuMDogQkFSIDE6IGFzc2lnbmVkIFttZW0gMHgxMDA0MTAwMC0weDEwMDQx ZmZmXQpwY2kgMDAwMDowMDowMi4wOiBCQVIgMDogYXNzaWduZWQgW2lvICAweDEwMDAtMHgxMDdm XQpwY2kgMDAwMDowMDowMS4wOiBCQVIgMDogYXNzaWduZWQgW2lvICAweDEwODAtMHgxMDlmXQp2 aXJ0aW8tcGNpIDAwMDA6MDA6MDEuMDogZW5hYmxpbmcgZGV2aWNlICgwMDAwIC0+IDAwMDMpCnZp cnRpby1wY2kgMDAwMDowMDowMi4wOiBlbmFibGluZyBkZXZpY2UgKDAwMDAgLT4gMDAwMykKY2Fj aGVpbmZvOiBVbmFibGUgdG8gZGV0ZWN0IGNhY2hlIGhpZXJhcmNoeSBmb3IgQ1BVIDAKdmlydGlv X2JsayB2aXJ0aW8xOiBbdmRhXSAxMjI4ODAgNTEyLWJ5dGUgbG9naWNhbCBibG9ja3MgKDYyLjkg TUIvNjAuMCBNaUIpClNNQ0NDOiBTT0NfSUQ6IEFSQ0hfRkVBVFVSRVMoQVJDSF9TT0NfSUQpIHJl dHVybmVkIGVycm9yOiBmZmZmZmZmZmZmZmZmZmZkCk5FVDogUmVnaXN0ZXJlZCBwcm90b2NvbCBm YW1pbHkgMTAKU2VnbWVudCBSb3V0aW5nIHdpdGggSVB2NgpzaXQ6IElQdjYsIElQdjQgYW5kIE1Q TFMgb3ZlciBJUHY0IHR1bm5lbGluZyBkcml2ZXIKTkVUOiBSZWdpc3RlcmVkIHByb3RvY29sIGZh bWlseSAxNwpORVQ6IFJlZ2lzdGVyZWQgcHJvdG9jb2wgZmFtaWx5IDE1Ck5FVDogUmVnaXN0ZXJl ZCBwcm90b2NvbCBmYW1pbHkgNDAKcmVnaXN0ZXJlZCB0YXNrc3RhdHMgdmVyc2lvbiAxCkVYVDQt ZnMgKHZkYSk6IHJlY292ZXJ5IGNvbXBsZXRlCkVYVDQtZnMgKHZkYSk6IG1vdW50ZWQgZmlsZXN5 c3RlbSB3aXRoIG9yZGVyZWQgZGF0YSBtb2RlLiBPcHRzOiAobnVsbCkuIFF1b3RhIG1vZGU6IGRp c2FibGVkLgpWRlM6IE1vdW50ZWQgcm9vdCAoZXh0NCBmaWxlc3lzdGVtKSBvbiBkZXZpY2UgMjU0 OjAuCmRldnRtcGZzOiBtb3VudGVkCkZyZWVpbmcgdW51c2VkIGtlcm5lbCBtZW1vcnk6IDEwODhL ClJ1biAvc2Jpbi9pbml0IGFzIGluaXQgcHJvY2Vzcwptb3VudDogeW91IG11c3QgYmUgcm9vdApt b3VudDogeW91IG11c3QgYmUgcm9vdApta2RpcjogY2FuJ3QgY3JlYXRlIGRpcmVjdG9yeSAnL2Rl di9wdHMnOiBQZXJtaXNzaW9uIGRlbmllZApta2RpcjogY2FuJ3QgY3JlYXRlIGRpcmVjdG9yeSAn L2Rldi9zaG0nOiBQZXJtaXNzaW9uIGRlbmllZAptb3VudDogeW91IG11c3QgYmUgcm9vdApob3N0 bmFtZTogc2V0aG9zdG5hbWU6IE9wZXJhdGlvbiBub3QgcGVybWl0dGVkClN0YXJ0aW5nIHN5c2xv Z2Q6IE9LClN0YXJ0aW5nIGtsb2dkOiBPSwpSdW5uaW5nIHN5c2N0bDogT0sKSW5pdGlhbGl6aW5n IHJhbmRvbSBudW1iZXIgZ2VuZXJhdG9yOiBPSwpTYXZpbmcgcmFuZG9tIHNlZWQ6IHJhbmRvbTog ZGQ6IHVuaW5pdGlhbGl6ZWQgdXJhbmRvbSByZWFkICg1MTIgYnl0ZXMgcmVhZCkKT0sKU3RhcnRp bmcgbmV0d29yazogaXA6IFJUTkVUTElOSyBhbnN3ZXJzOiBPcGVyYXRpb24gbm90IHBlcm1pdHRl ZAppcDogU0lPQ1NJRkZMQUdTOiBPcGVyYXRpb24gbm90IHBlcm1pdHRlZApzZWQ6IC9wcm9jL21v dW50czogTm8gc3VjaCBmaWxlIG9yIGRpcmVjdG9yeQpXYWl0aW5nIGZvciBpbnRlcmZhY2UgZXRo MCB0byBhcHBlYXIuLi4uLi4uLi4uLi4uLi4gdGltZW91dCEKcnVuLXBhcnRzOiAvZXRjL25ldHdv cmsvaWYtcHJlLXVwLmQvd2FpdF9pZmFjZTogZXhpdCBzdGF0dXMgMQpGQUlMCmNhbid0IG9wZW4g L2Rldi90dHlBTUEwOiBQZXJtaXNzaW9uIGRlbmllZApjYW4ndCBvcGVuIC9kZXYvdHR5QU1BMDog UGVybWlzc2lvbiBkZW5pZWQKY2FuJ3Qgb3BlbiAvZGV2L3R0eUFNQTA6IFBlcm1pc3Npb24gZGVu aWVkCmNhbid0IG9wZW4gL2Rldi90dHlBTUEwOiBQZXJtaXNzaW9uIGRlbmllZAoKQW5kIGl0IGNv bnRpbnVlcy4uLgoKVGhlIHFlbXUgY29tbWFuZCBJIGdvdCBkaWQgbm90IHdvcmsgImFzIGl0IGlz IiBhbmQgYmVjYXVzZSBJJ20gbmVpdGhlciB0b28KcHJvZmljaWVudCB3aXRoIHFlbXUgbm9yIGFh cmNoNjQsIGl0IHRvb2sgYSB3aGlsZSB0byBnZXQgc29tZXRoaW5nIHVzYWJsZS4KVGhpcyBpcyBt eSBjdXJyZW50IHFlbXUgY29tbWFuZDoKCnFlbXUtc3lzdGVtLWFhcmNoNjQgLW5vZ3JhcGhpYyAt cyAtbWFjaGluZSB2aXJ0LHNlY3VyZT1vbiAtY3B1IGNvcnRleC1hNTcgXAogICAgICAgICAgICAg ICAgICAgIC1rZXJuZWwgfi9Qcm9qZWN0cy90cG0vYnVpbGRyb290L291dHB1dC9pbWFnZXMvSW1h Z2UgXAoJCSAgICAtbm8tYWNwaSBcCgkJICAgIC1hcHBlbmQgJ3Jvb3Q9L2Rldi92ZGEgcncgY29u c29sZT10dHlBTUEwLDExNTIwMCAnIFwKICAgICAgICAgICAgICAgICAgICAtZHJpdmUgZmlsZT1+ L1Byb2plY3RzL3RwbS9idWlsZHJvb3Qvb3V0cHV0L2ltYWdlcy9yb290ZnMuZXh0NCxmb3JtYXQ9 cmF3IFwKICAgICAgICAgICAgICAgICAgICAtc21wIDEgXAoJCSAgICAtbW9uaXRvciB0ZWxuZXQ6 MTI3LjAuMC4xOjU1NTU1LHNlcnZlcixub3dhaXQgXAoJCSAgICAtbSAxMDI0IC1iaW9zIH4vUHJv amVjdHMvdHBtL2Z3L2FhcmNoNjQtZncuYmluIC1kIHVuaW1wCgpUaGVuIEkgc3RhcnQgUUVNVSBt b25pdG9yIGZyb20gYW5vdGhlciB0ZXJtaW5hbCB3aXRoOgoKc29jYXQgdGNwLWNvbm5lY3Q6MTI3 LjAuMC4xOjU1NTU1IGZpbGU6YHR0eWAscmF3LGVjaG89MAoKU28uLi4gd2hhdCBjb3VsZCBiZSB0 aGUgaXNzdWUgd2l0aCBwZXJtaXNzaW9ucz8KCi9KYXJra28KCl9fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fCmxpbnV4LWFybS1rZXJuZWwgbWFpbGluZyBsaXN0 CmxpbnV4LWFybS1rZXJuZWxAbGlzdHMuaW5mcmFkZWFkLm9yZwpodHRwOi8vbGlzdHMuaW5mcmFk ZWFkLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2xpbnV4LWFybS1rZXJuZWwK