Received: by 2002:a25:b794:0:0:0:0:0 with SMTP id n20csp5698235ybh; Wed, 7 Aug 2019 09:56:00 -0700 (PDT) X-Google-Smtp-Source: APXvYqwgcMC1pTf+futw7B8vPs47L/CllJSscB167CGm/hZf5edva/Y4A9vq3UbxMLISMq07YNcV X-Received: by 2002:a17:902:b415:: with SMTP id x21mr8996126plr.287.1565196959802; Wed, 07 Aug 2019 09:55:59 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1565196959; cv=pass; d=google.com; s=arc-20160816; b=SeMN38gYrA7XiasHEymt6fxh6PKY6yf8k5jG/1QDuwqTOI9q/rExtIPvRfmapyywWd rHvtCv1Byv0H5+Y2eScdgOpYlkOraSwr6tYhXN+GeP7kLFG5a+1AKQqRkCjk212bMU5s THkO0hwLA1tXnMUdg7iY8z/0uCk6HVPT0rqLW8DUGXAjfxBu7NJGxfde5OW6Imnlj8Az rPGkMtGXQC24HAm/hcznarGBRx5P6cZumz4+E6hssLXlyBcbba4bSv5fiuo179KJfHPV 4ZL3WygrDLbWDv3b6eGQ0P7aXCcgsB9CV36sP3s0LjC8LzMhZBrwGTLqN2gXd2AQOjmF 151A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-language :accept-language:in-reply-to:references:message-id:date:thread-index :thread-topic:subject:cc:to:from:dkim-signature; bh=bEoPWy2hZqOPe34Ri/ZNMVQORZQ0fJFx8eFq6pArZN0=; b=U4/+6JuItWI66ylrrsowYqTA9+9aPh3flCG5biUPCbJ2pGdtZ0hJWZ1iy9GXl3DDF8 oQRPioTYSlTHrrwC5bAybcV9ZgyyTrIu6qP7qIYQ5i8V085jO3pVYLKp0T/OmPchPDGZ 73vrEyzofBMGhchww9Ms72FdPRIDWa3u7T/AqajTocavesPYtxHYai5ADQHYUxO4Jzos doc1Hofmedf33zZjYnvhccABARqBazsnCaH9FHSS8wQ2gquFYuzDTTvelco21bM+7zEe APvDBibEjOzUnxU/W5pUh3ZhXeO8TecfpHhbsx+iHWzNf6xGaIM4d1HSUaHMMztiDBIb DydQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@fortanix.onmicrosoft.com header.s=selector2-fortanix-onmicrosoft-com header.b=VPwi3nv5; arc=pass (i=1 spf=pass spfdomain=fortanix.com dkim=pass dkdomain=fortanix.com dmarc=pass fromdomain=fortanix.com); spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=fortanix.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f10si305192pjw.89.2019.08.07.09.55.43; Wed, 07 Aug 2019 09:55:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@fortanix.onmicrosoft.com header.s=selector2-fortanix-onmicrosoft-com header.b=VPwi3nv5; arc=pass (i=1 spf=pass spfdomain=fortanix.com dkim=pass dkdomain=fortanix.com dmarc=pass fromdomain=fortanix.com); spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=fortanix.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730312AbfHGQpc (ORCPT + 99 others); Wed, 7 Aug 2019 12:45:32 -0400 Received: from mail-eopbgr710092.outbound.protection.outlook.com ([40.107.71.92]:54912 "EHLO NAM05-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729712AbfHGQp3 (ORCPT ); Wed, 7 Aug 2019 12:45:29 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=V4tPY7qM64Pa15KvSV7JiebBzmZWiqTYWvH+EsDTbeEzZpBWn33fGagKOVEh4Ha/EdTbIwA5J0zKGP7W8WAj8xRoLt+Q4u+/WjBAvAyOiyYH44CwoxjldN9awQo1HdAQA6ekkhK94tBc6JAoDEx7MeQA0O30lOu68zNXJkfBXkiekMm8F2m7f3QSq81pMZe1hO4JmC52IlnDdz3rSPDqaJsAIQSuJps6sb40nfSouehr+buyEpwAINWuVFmzlSb43LUrTb5YS8Len1zp+08FIRL+fdDjXr3B0qBad+rQKtFl+35ASSpa57Q90OswxLqGHlNM8QvsQdOWX09EFIbfWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bEoPWy2hZqOPe34Ri/ZNMVQORZQ0fJFx8eFq6pArZN0=; b=FIbBsnVnZUK/VTLxFiitXPB5SS3x1BRMyeGAWzqsrofV8fDpwaTjCF36QQOmR4nx2g3olgMpyd90GwWUS1e64sT5GgGYNkZoEuxDm0q47MgaX4tlhYOui95sgByZFHkD+Sk0mtw2BPwMla5ZsZC/2MG8xe6Er8+VZkQCGldtAVbi8iVzMz8B2xDKsM3i7KkEBCkVH89II10rQ33QoPYC199cG/KH0pCj9tITUZDi0x8GU6y7QdO1IbIXRdm/ftRjUp0ArdFUBoh0YzAJRcjqJUdmfEy2TkeXGRG8Ah6D8b+EfP4y+h4CPOedSvEH8eh84vCmHdTCebycHg44Jqzt5g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=fortanix.com; dmarc=pass action=none header.from=fortanix.com; dkim=pass header.d=fortanix.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fortanix.onmicrosoft.com; s=selector2-fortanix-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bEoPWy2hZqOPe34Ri/ZNMVQORZQ0fJFx8eFq6pArZN0=; b=VPwi3nv5mQgi+g1MPVdrg8tEoLDT/c2WdpF8J3OdNnEtTWw1vN1VcRzYibHcnt/hM0QV4lw002d7BYHzWwYjDHUsyMCreWO8lSbO4RZBcUjFMWTtTpQYSOAa8MiIfNlJK+lMGPL/qB6B8mnMlIErQlFQw7B0/zZYn5asfKzDxho= Received: from SN6PR11MB3167.namprd11.prod.outlook.com (52.135.109.144) by SN6PR11MB2990.namprd11.prod.outlook.com (52.135.124.213) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.16; Wed, 7 Aug 2019 16:45:22 +0000 Received: from SN6PR11MB3167.namprd11.prod.outlook.com ([fe80::bd32:8938:dba:9379]) by SN6PR11MB3167.namprd11.prod.outlook.com ([fe80::bd32:8938:dba:9379%5]) with mapi id 15.20.2136.018; Wed, 7 Aug 2019 16:45:22 +0000 From: Jethro Beekman To: Jarkko Sakkinen , "Ayoun, Serge" CC: "linux-kernel@vger.kernel.org" , "x86@kernel.org" , "linux-sgx@vger.kernel.org" , "akpm@linux-foundation.org" , "Hansen, Dave" , "Christopherson, Sean J" , "nhorman@redhat.com" , "npmccallum@redhat.com" , "Katz-zamir, Shay" , "Huang, Haitao" , "andriy.shevchenko@linux.intel.com" , "tglx@linutronix.de" , "Svahn, Kai" , "bp@alien8.de" , "josh@joshtriplett.org" , "luto@kernel.org" , "Huang, Kai" , "rientjes@google.com" , "Xing, Cedric" Subject: Re: [PATCH v21 16/28] x86/sgx: Add the Linux SGX Enclave Driver Thread-Topic: [PATCH v21 16/28] x86/sgx: Add the Linux SGX Enclave Driver Thread-Index: AQHVOZ3969OCNEhpdUygrX4Zp0euc6bhi0+AgA5n17qAABinAA== Date: Wed, 7 Aug 2019 16:45:22 +0000 Message-ID: <3cd0a591-8f30-93c1-41c7-4c74b6c3e5d2@fortanix.com> References: <20190713170804.2340-1-jarkko.sakkinen@linux.intel.com> <20190713170804.2340-17-jarkko.sakkinen@linux.intel.com> <88B7642769729B409B4A93D7C5E0C5E7C65ABB8D@hasmsx108.ger.corp.intel.com> <20190807151534.kxsletvhbn3lno6w@linux.intel.com> <20190807151705.su6kxgr7ou45mk3p@linux.intel.com> In-Reply-To: <20190807151705.su6kxgr7ou45mk3p@linux.intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-clientproxiedby: BN6PR10CA0022.namprd10.prod.outlook.com (2603:10b6:405:1::32) To SN6PR11MB3167.namprd11.prod.outlook.com (2603:10b6:805:c4::16) authentication-results: spf=none (sender IP is ) smtp.mailfrom=jethro@fortanix.com; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [172.58.35.210] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: f88e37da-bb6e-4a7c-c6e6-08d71b56a3c4 x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(5600148)(711020)(4605104)(1401327)(2017052603328)(49563074)(7193020);SRVR:SN6PR11MB2990; x-ms-traffictypediagnostic: SN6PR11MB2990: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7691; x-forefront-prvs: 01221E3973 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(346002)(396003)(366004)(136003)(39840400004)(376002)(199004)(189003)(102836004)(26005)(256004)(486006)(6116002)(4326008)(316002)(7416002)(3846002)(110136005)(66066001)(229853002)(186003)(76176011)(2906002)(31696002)(71190400001)(52116002)(71200400001)(31686004)(99286004)(68736007)(8676002)(476003)(81156014)(5660300002)(6486002)(25786009)(14454004)(66556008)(66476007)(66616009)(66946007)(2616005)(53936002)(36756003)(66446008)(64756008)(6246003)(305945005)(86362001)(6436002)(7736002)(6512007)(508600001)(6506007)(11346002)(386003)(81166006)(446003)(53546011)(8936002)(99936001)(54906003);DIR:OUT;SFP:1102;SCL:1;SRVR:SN6PR11MB2990;H:SN6PR11MB3167.namprd11.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; received-spf: None (protection.outlook.com: fortanix.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: liUAJTtyZecTk5Tb0gUrkE3pIpX86AmGzElfNdcogOoPlBCZi9GgBlWrqCvjFQIozmdpN87PDNKoQWg9XP6U1OROtcOR0Of4QHrvpRG4DpW8vVhPWve5tbpT6nvR126/tcqWjSajQv4/CmN4dXzDn5/sbnyA452k+IcunSNOFyzi9PpoQwAdY/awNeyAWK3swFyvyita7/MVSnzsjWe6e23ciWlfe+ykP+eaWYF5sBnf1rNOn81GSMZk7p3hEFGGIjg8ASDH7HbiyqYMBazKVBpta+tjAZwq1LirchKRn4XEobbOlut21Tes9fof6xwFx7f/tefndiFhD1FotEguJ+s2dBciQHWJUP4uiHJzXAnt5QtVHh2FpqF5g3svczuyfVdUTy6P3o56wGAM+TSqF1UjC3mkuvpOa2PhjwJmbWw= x-ms-exchange-transport-forked: True Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms070100070604050809040909" MIME-Version: 1.0 X-OriginatorOrg: fortanix.com X-MS-Exchange-CrossTenant-Network-Message-Id: f88e37da-bb6e-4a7c-c6e6-08d71b56a3c4 X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Aug 2019 16:45:22.6623 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: de7becae-4883-43e8-82c7-7dbdbb988ae6 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: jethro@fortanix.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB2990 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --------------ms070100070604050809040909 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: quoted-printable ECPM permissions are mentioned in SDM EADD instruction operation. PTE I=20 don't know. -- Jethro Beekman | Fortanix On 2019-08-07 08:17, Jarkko Sakkinen wrote: > On Wed, Aug 07, 2019 at 06:15:34PM +0300, Jarkko Sakkinen wrote: >> On Mon, Jul 29, 2019 at 11:17:57AM +0000, Ayoun, Serge wrote: >>>> + /* TCS pages need to be RW in the PTEs, but can be 0 in the EPCM. = */ >>>> + if ((secinfo.flags & SGX_SECINFO_PAGE_TYPE_MASK) =3D=3D >>>> SGX_SECINFO_TCS) >>>> + prot |=3D PROT_READ | PROT_WRITE; >>> >>> For TCS pages you add both RD and WR maximum protection bits. >>> For the enclave to be able to run, user mode will have to change the >>> "vma->vm_flags" from PROT_NONE to PROT_READ | PROT_WRITE (otherwise >>> eenter fails). This is exactly what your selftest does. >> >> Recap where the TCS requirements came from? Why does it need >> RW in PTEs and can be 0 in the EPCM? The comment should explain >> it rather leave it as a claim IMHO. >=20 > I mean after ~3 weeks of not looking into SGX (because being > on vacation etc.) I cannot remember details of this. >=20 > /Jarkko >=20 --------------ms070100070604050809040909 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC Cx8wggUxMIIEGaADAgECAhBdZC9mIseKJlmxx1xn+g00MA0GCSqGSIb3DQEBCwUAMIGXMQsw CQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxm b3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDE9MDsGA1UEAxM0Q09NT0RPIFJTQSBD bGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTAeFw0xODA5MTUwMDAw MDBaFw0xOTA5MTUyMzU5NTlaMCQxIjAgBgkqhkiG9w0BCQEWE2pldGhyb0Bmb3J0YW5peC5j b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRQDOQsroKjy2xAQCXLyqryJt4 Xwj8hcweJCzOnjILKHIoWlOQ0b9yIbFLIWBRt/9zdxlE5ZabDVHnkIyhcVgtU/BA73e78Wx2 LOObdg0wfs9U2CVRYhz2EPHFjGvkYKihItt69ye91hj1w7RKCrYC8KZGSZ/+sbkJzQdXVy32 lxmiNEt17GNRebpkJCaFnznd6C2a8tBAS2Fa/UNyFdEs4eoRoYSKswclRhbe81aVhqY2hjcd O6puyyaYp5hkmau2UPih6OpRSOhbe6Tuebceg1yvumoVX3OZtGPS1VdQ+p0bxB0RE6gNs140 ZKUhrvAJDETuGaaQD4A2/6ksLunjAgMBAAGjggHpMIIB5TAfBgNVHSMEGDAWgBSCr2yM+MX+ lmF86B89K3FIXsSLwDAdBgNVHQ4EFgQUsFUcmGtaJBU7/52LyTYHC/M+LscwDgYDVR0PAQH/ BAQDAgWgMAwGA1UdEwEB/wQCMAAwIAYDVR0lBBkwFwYIKwYBBQUHAwQGCysGAQQBsjEBAwUC MBEGCWCGSAGG+EIBAQQEAwIFIDBGBgNVHSAEPzA9MDsGDCsGAQQBsjEBAgEBATArMCkGCCsG AQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8ubmV0L0NQUzBaBgNVHR8EUzBRME+gTaBL hklodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FDbGllbnRBdXRoZW50aWNhdGlv bmFuZFNlY3VyZUVtYWlsQ0EuY3JsMIGLBggrBgEFBQcBAQR/MH0wVQYIKwYBBQUHMAKGSWh0 dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUNsaWVudEF1dGhlbnRpY2F0aW9uYW5k U2VjdXJlRW1haWxDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNv bTAeBgNVHREEFzAVgRNqZXRocm9AZm9ydGFuaXguY29tMA0GCSqGSIb3DQEBCwUAA4IBAQB6 v3tFEUSGv9+yY4wUjvcMyz3126nJrX5LkfEvrnCEpEiImECuoYvxOYNLYYynell7BQGtTaZg shMfDvwpy2isoi3w1AWAfbn6npnSKLzu0BMRvcCPWY8VPmePPizTqXoPkLwgTJfSaWkxMP1u rfL9S5NeRdkjwjHklX5IWuwwDu1hsKVZrxSSY2unCtvq67UHWz+z6rG1JQrP2YDfb98xun3y eLBNe/LFBNnGISbkT5q6D+e5c0bgzoH9nH4bsw3t8aDqJTfT3BqQdWr4pF05ODzzeOmEqeYE qGlD9hIL2AbmTZLjunAnARr6Fv7Sfqt23ptsGkmoZ9ZQNjT3TlwvMIIF5jCCA86gAwIBAgIQ apvhODv/K2ufAdXZuKdSVjANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UEBhMCR0IxGzAZBgNV BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRo b3JpdHkwHhcNMTMwMTEwMDAwMDAwWhcNMjgwMTA5MjM1OTU5WjCBlzELMAkGA1UEBhMCR0Ix GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE ChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xpZW50IEF1dGhl bnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQC+s55XrCh2dUAWxzgDmNPGGHYhUPMleQtMtaDRfTpYPpynMS6n9jR22YRq2tA9 NEjk6vW7rN/5sYFLIP1of3l0NKZ6fLWfF2VgJ5cijKYy/qlAckY1wgOkUMgzKlWlVJGyK+Ul NEQ1/5ErCsHq9x9aU/x1KwTdF/LCrT03Rl/FwFrf1XTCwa2QZYL55AqLPikFlgqOtzk06kb2 qvGlnHJvijjI03BOrNpo+kZGpcHsgyO1/u1OZTaOo8wvEU17VVeP1cHWse9tGKTDyUGg2hJZ jrqck39UIm/nKbpDSZ0JsMoIw/JtOOg0JC56VzQgBo7ictReTQE5LFLG3yQK+xS1AgMBAAGj ggE8MIIBODAfBgNVHSMEGDAWgBS7r34CPfqm8TyEjq3uOJjs2TIy1DAdBgNVHQ4EFgQUgq9s jPjF/pZhfOgfPStxSF7Ei8AwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAw EQYDVR0gBAowCDAGBgRVHSAAMEwGA1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9jcmwuY29tb2Rv Y2EuY29tL0NPTU9ET1JTQUNlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMHEGCCsGAQUFBwEB BGUwYzA7BggrBgEFBQcwAoYvaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQWRk VHJ1c3RDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTANBgkq hkiG9w0BAQwFAAOCAgEAeFyygSg0TzzuX1bOn5dW7I+iaxf28/ZJCAbU2C81zd9A/tNx4+js QgwRGiHjZrAYayZrrm78hOx7aEpkfNPQIHGG6Fvq3EzWf/Lvx7/hk6zSPwIal9v5IkDcZoFD 7f3iT7PdkHJY9B51csvU50rxpEg1OyOT8fk2zvvPBuM4qQNqbGWlnhMpIMwpWZT89RY0wpJO +2V6eXEGGHsROs3njeP9DqqqAJaBa4wBeKOdGCWn1/Jp2oY6dyNmNppI4ZNMUH4Tam85S1j6 E95u4+1Nuru84OrMIzqvISE2HN/56ebTOWlcrurffade2022O/tUU1gb4jfWCcyvB8czm12F gX/y/lRjmDbEA08QJNB2729Y+io1IYO3ztveBdvUCIYZojTq/OCR6MvnzS6X72HP0PRLRTiO SEmIDsS5N5w/8IW1Hva5hEFy6fDAfd9yI+O+IMMAj1KcL/Zo9jzJ16HO5m60ttl1Enk8MQkz /W3JlHaeI5iKFn4UJu1/cP2YHXYPiWf2JyBzsLBrGk1II+3yL8aorYew6CQvdVifC3HtwlSa m9V1niiCfOBe2C12TdKGu05LWIA3ZkFcWJGaNXOZ6Ggyh/TqvXG5v7zmEVDNXFnHn9tFpMpO UvxhcsjycBtH0dZ0WrNw6gH+HF8TIhCnH3+zzWuDN0Rk6h9KVkfKehIxggQ1MIIEMQIBATCB rDCBlzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9E TyBSU0EgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEF1kL2Yi x4omWbHHXGf6DTQwDQYJYIZIAWUDBAIBBQCgggJZMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B BwEwHAYJKoZIhvcNAQkFMQ8XDTE5MDgwNzE2NDUyOFowLwYJKoZIhvcNAQkEMSIEILekozDk RqzvR2l6fUKlNMPwP9W3dwulOmoTdPP7jd3gMGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZIAWUD BAEqMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgb0GCSsGAQQBgjcQBDGBrzCBrDCBlzEL MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2Fs Zm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0Eg Q2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEF1kL2Yix4omWbHH XGf6DTQwgb8GCyqGSIb3DQEJEAILMYGvoIGsMIGXMQswCQYDVQQGEwJHQjEbMBkGA1UECBMS R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8g Q0EgTGltaXRlZDE9MDsGA1UEAxM0Q09NT0RPIFJTQSBDbGllbnQgQXV0aGVudGljYXRpb24g YW5kIFNlY3VyZSBFbWFpbCBDQQIQXWQvZiLHiiZZscdcZ/oNNDANBgkqhkiG9w0BAQEFAASC AQAU4c/RjsopedEw9HvBaxNed3OL7udwfYJMFG72PBynP0Cl1YZoRMRF74OP9l2b8rs+AAfn AOxuSBjX9X4D5LvHIwfxvpcOM6eF2z6gxnUuAMn0i//0EbGdLSLtI8u4IHeCedAmPmUiLuh5 fatrVhiW4BHcdfejhilcdIbxbOqkQvnyq3ed2rR/0+uzLSy5q1VcAnSf1dRhrzN3TP5WNFTs D7RO21APdb7J3Ab0e0xoQN0QJjZv6kWcUmvaBlr9DQqYvmGHjI57t10ZeqA1gEA5JNXB7Vea 7Bqa2oD8X5tWAhIMl6aOJ//Q/oEJNBVHG9Y3NHsGgrGDe+PR0zkcO29uAAAAAAAA --------------ms070100070604050809040909--