Received: by 2002:a25:b794:0:0:0:0:0 with SMTP id n20csp5698235ybh;
        Wed, 7 Aug 2019 09:56:00 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwgcMC1pTf+futw7B8vPs47L/CllJSscB167CGm/hZf5edva/Y4A9vq3UbxMLISMq07YNcV
X-Received: by 2002:a17:902:b415:: with SMTP id x21mr8996126plr.287.1565196959802;
        Wed, 07 Aug 2019 09:55:59 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1565196959; cv=pass;
        d=google.com; s=arc-20160816;
        b=SeMN38gYrA7XiasHEymt6fxh6PKY6yf8k5jG/1QDuwqTOI9q/rExtIPvRfmapyywWd
         rHvtCv1Byv0H5+Y2eScdgOpYlkOraSwr6tYhXN+GeP7kLFG5a+1AKQqRkCjk212bMU5s
         THkO0hwLA1tXnMUdg7iY8z/0uCk6HVPT0rqLW8DUGXAjfxBu7NJGxfde5OW6Imnlj8Az
         rPGkMtGXQC24HAm/hcznarGBRx5P6cZumz4+E6hssLXlyBcbba4bSv5fiuo179KJfHPV
         4ZL3WygrDLbWDv3b6eGQ0P7aXCcgsB9CV36sP3s0LjC8LzMhZBrwGTLqN2gXd2AQOjmF
         151A==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:content-language
         :accept-language:in-reply-to:references:message-id:date:thread-index
         :thread-topic:subject:cc:to:from:dkim-signature;
        bh=bEoPWy2hZqOPe34Ri/ZNMVQORZQ0fJFx8eFq6pArZN0=;
        b=U4/+6JuItWI66ylrrsowYqTA9+9aPh3flCG5biUPCbJ2pGdtZ0hJWZ1iy9GXl3DDF8
         oQRPioTYSlTHrrwC5bAybcV9ZgyyTrIu6qP7qIYQ5i8V085jO3pVYLKp0T/OmPchPDGZ
         73vrEyzofBMGhchww9Ms72FdPRIDWa3u7T/AqajTocavesPYtxHYai5ADQHYUxO4Jzos
         doc1Hofmedf33zZjYnvhccABARqBazsnCaH9FHSS8wQ2gquFYuzDTTvelco21bM+7zEe
         APvDBibEjOzUnxU/W5pUh3ZhXeO8TecfpHhbsx+iHWzNf6xGaIM4d1HSUaHMMztiDBIb
         DydQ==
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@fortanix.onmicrosoft.com header.s=selector2-fortanix-onmicrosoft-com header.b=VPwi3nv5;
       arc=pass (i=1 spf=pass spfdomain=fortanix.com dkim=pass dkdomain=fortanix.com dmarc=pass fromdomain=fortanix.com);
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=fortanix.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f10si305192pjw.89.2019.08.07.09.55.43;
        Wed, 07 Aug 2019 09:55:59 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@fortanix.onmicrosoft.com header.s=selector2-fortanix-onmicrosoft-com header.b=VPwi3nv5;
       arc=pass (i=1 spf=pass spfdomain=fortanix.com dkim=pass dkdomain=fortanix.com dmarc=pass fromdomain=fortanix.com);
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=fortanix.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730312AbfHGQpc (ORCPT <rfc822;justmaker@gmail.com> + 99 others);
        Wed, 7 Aug 2019 12:45:32 -0400
Received: from mail-eopbgr710092.outbound.protection.outlook.com ([40.107.71.92]:54912
        "EHLO NAM05-BY2-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1729712AbfHGQp3 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 7 Aug 2019 12:45:29 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=V4tPY7qM64Pa15KvSV7JiebBzmZWiqTYWvH+EsDTbeEzZpBWn33fGagKOVEh4Ha/EdTbIwA5J0zKGP7W8WAj8xRoLt+Q4u+/WjBAvAyOiyYH44CwoxjldN9awQo1HdAQA6ekkhK94tBc6JAoDEx7MeQA0O30lOu68zNXJkfBXkiekMm8F2m7f3QSq81pMZe1hO4JmC52IlnDdz3rSPDqaJsAIQSuJps6sb40nfSouehr+buyEpwAINWuVFmzlSb43LUrTb5YS8Len1zp+08FIRL+fdDjXr3B0qBad+rQKtFl+35ASSpa57Q90OswxLqGHlNM8QvsQdOWX09EFIbfWQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=bEoPWy2hZqOPe34Ri/ZNMVQORZQ0fJFx8eFq6pArZN0=;
 b=FIbBsnVnZUK/VTLxFiitXPB5SS3x1BRMyeGAWzqsrofV8fDpwaTjCF36QQOmR4nx2g3olgMpyd90GwWUS1e64sT5GgGYNkZoEuxDm0q47MgaX4tlhYOui95sgByZFHkD+Sk0mtw2BPwMla5ZsZC/2MG8xe6Er8+VZkQCGldtAVbi8iVzMz8B2xDKsM3i7KkEBCkVH89II10rQ33QoPYC199cG/KH0pCj9tITUZDi0x8GU6y7QdO1IbIXRdm/ftRjUp0ArdFUBoh0YzAJRcjqJUdmfEy2TkeXGRG8Ah6D8b+EfP4y+h4CPOedSvEH8eh84vCmHdTCebycHg44Jqzt5g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=fortanix.com; dmarc=pass action=none header.from=fortanix.com;
 dkim=pass header.d=fortanix.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=fortanix.onmicrosoft.com; s=selector2-fortanix-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=bEoPWy2hZqOPe34Ri/ZNMVQORZQ0fJFx8eFq6pArZN0=;
 b=VPwi3nv5mQgi+g1MPVdrg8tEoLDT/c2WdpF8J3OdNnEtTWw1vN1VcRzYibHcnt/hM0QV4lw002d7BYHzWwYjDHUsyMCreWO8lSbO4RZBcUjFMWTtTpQYSOAa8MiIfNlJK+lMGPL/qB6B8mnMlIErQlFQw7B0/zZYn5asfKzDxho=
Received: from SN6PR11MB3167.namprd11.prod.outlook.com (52.135.109.144) by
 SN6PR11MB2990.namprd11.prod.outlook.com (52.135.124.213) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2157.16; Wed, 7 Aug 2019 16:45:22 +0000
Received: from SN6PR11MB3167.namprd11.prod.outlook.com
 ([fe80::bd32:8938:dba:9379]) by SN6PR11MB3167.namprd11.prod.outlook.com
 ([fe80::bd32:8938:dba:9379%5]) with mapi id 15.20.2136.018; Wed, 7 Aug 2019
 16:45:22 +0000
From:   Jethro Beekman <jethro@fortanix.com>
To:     Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
        "Ayoun, Serge" <serge.ayoun@intel.com>
CC:     "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "x86@kernel.org" <x86@kernel.org>,
        "linux-sgx@vger.kernel.org" <linux-sgx@vger.kernel.org>,
        "akpm@linux-foundation.org" <akpm@linux-foundation.org>,
        "Hansen, Dave" <dave.hansen@intel.com>,
        "Christopherson, Sean J" <sean.j.christopherson@intel.com>,
        "nhorman@redhat.com" <nhorman@redhat.com>,
        "npmccallum@redhat.com" <npmccallum@redhat.com>,
        "Katz-zamir, Shay" <shay.katz-zamir@intel.com>,
        "Huang, Haitao" <haitao.huang@intel.com>,
        "andriy.shevchenko@linux.intel.com" 
        <andriy.shevchenko@linux.intel.com>,
        "tglx@linutronix.de" <tglx@linutronix.de>,
        "Svahn, Kai" <kai.svahn@intel.com>, "bp@alien8.de" <bp@alien8.de>,
        "josh@joshtriplett.org" <josh@joshtriplett.org>,
        "luto@kernel.org" <luto@kernel.org>,
        "Huang, Kai" <kai.huang@intel.com>,
        "rientjes@google.com" <rientjes@google.com>,
        "Xing, Cedric" <cedric.xing@intel.com>
Subject: Re: [PATCH v21 16/28] x86/sgx: Add the Linux SGX Enclave Driver
Thread-Topic: [PATCH v21 16/28] x86/sgx: Add the Linux SGX Enclave Driver
Thread-Index: AQHVOZ3969OCNEhpdUygrX4Zp0euc6bhi0+AgA5n17qAABinAA==
Date:   Wed, 7 Aug 2019 16:45:22 +0000
Message-ID: <3cd0a591-8f30-93c1-41c7-4c74b6c3e5d2@fortanix.com>
References: <20190713170804.2340-1-jarkko.sakkinen@linux.intel.com>
 <20190713170804.2340-17-jarkko.sakkinen@linux.intel.com>
 <88B7642769729B409B4A93D7C5E0C5E7C65ABB8D@hasmsx108.ger.corp.intel.com>
 <20190807151534.kxsletvhbn3lno6w@linux.intel.com>
 <20190807151705.su6kxgr7ou45mk3p@linux.intel.com>
In-Reply-To: <20190807151705.su6kxgr7ou45mk3p@linux.intel.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
x-clientproxiedby: BN6PR10CA0022.namprd10.prod.outlook.com
 (2603:10b6:405:1::32) To SN6PR11MB3167.namprd11.prod.outlook.com
 (2603:10b6:805:c4::16)
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=jethro@fortanix.com; 
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [172.58.35.210]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f88e37da-bb6e-4a7c-c6e6-08d71b56a3c4
x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(5600148)(711020)(4605104)(1401327)(2017052603328)(49563074)(7193020);SRVR:SN6PR11MB2990;
x-ms-traffictypediagnostic: SN6PR11MB2990:
x-microsoft-antispam-prvs: <SN6PR11MB2990329E716C1F9B3F548A28AAD40@SN6PR11MB2990.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-forefront-prvs: 01221E3973
x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(346002)(396003)(366004)(136003)(39840400004)(376002)(199004)(189003)(102836004)(26005)(256004)(486006)(6116002)(4326008)(316002)(7416002)(3846002)(110136005)(66066001)(229853002)(186003)(76176011)(2906002)(31696002)(71190400001)(52116002)(71200400001)(31686004)(99286004)(68736007)(8676002)(476003)(81156014)(5660300002)(6486002)(25786009)(14454004)(66556008)(66476007)(66616009)(66946007)(2616005)(53936002)(36756003)(66446008)(64756008)(6246003)(305945005)(86362001)(6436002)(7736002)(6512007)(508600001)(6506007)(11346002)(386003)(81166006)(446003)(53546011)(8936002)(99936001)(54906003);DIR:OUT;SFP:1102;SCL:1;SRVR:SN6PR11MB2990;H:SN6PR11MB3167.namprd11.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1;
received-spf: None (protection.outlook.com: fortanix.com does not designate
 permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: liUAJTtyZecTk5Tb0gUrkE3pIpX86AmGzElfNdcogOoPlBCZi9GgBlWrqCvjFQIozmdpN87PDNKoQWg9XP6U1OROtcOR0Of4QHrvpRG4DpW8vVhPWve5tbpT6nvR126/tcqWjSajQv4/CmN4dXzDn5/sbnyA452k+IcunSNOFyzi9PpoQwAdY/awNeyAWK3swFyvyita7/MVSnzsjWe6e23ciWlfe+ykP+eaWYF5sBnf1rNOn81GSMZk7p3hEFGGIjg8ASDH7HbiyqYMBazKVBpta+tjAZwq1LirchKRn4XEobbOlut21Tes9fof6xwFx7f/tefndiFhD1FotEguJ+s2dBciQHWJUP4uiHJzXAnt5QtVHh2FpqF5g3svczuyfVdUTy6P3o56wGAM+TSqF1UjC3mkuvpOa2PhjwJmbWw=
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms070100070604050809040909"
MIME-Version: 1.0
X-OriginatorOrg: fortanix.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f88e37da-bb6e-4a7c-c6e6-08d71b56a3c4
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Aug 2019 16:45:22.6623
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: de7becae-4883-43e8-82c7-7dbdbb988ae6
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: jethro@fortanix.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB2990
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

--------------ms070100070604050809040909
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

ECPM permissions are mentioned in SDM EADD instruction operation. PTE I=20
don't know.

--
Jethro Beekman | Fortanix

On 2019-08-07 08:17, Jarkko Sakkinen wrote:
> On Wed, Aug 07, 2019 at 06:15:34PM +0300, Jarkko Sakkinen wrote:
>> On Mon, Jul 29, 2019 at 11:17:57AM +0000, Ayoun, Serge wrote:
>>>> +	/* TCS pages need to be RW in the PTEs, but can be 0 in the EPCM. =
*/
>>>> +	if ((secinfo.flags & SGX_SECINFO_PAGE_TYPE_MASK) =3D=3D
>>>> SGX_SECINFO_TCS)
>>>> +		prot |=3D PROT_READ | PROT_WRITE;
>>>
>>> For TCS pages you add both RD and WR maximum protection bits.
>>> For the enclave to be able to run, user mode will have to change the
>>> "vma->vm_flags" from PROT_NONE to PROT_READ | PROT_WRITE (otherwise
>>> eenter fails).  This is exactly what your selftest  does.
>>
>> Recap where the TCS requirements came from? Why does it need
>> RW in PTEs and can be 0 in the EPCM? The comment should explain
>> it rather leave it as a claim IMHO.
>=20
> I mean after ~3 weeks of not looking into SGX (because being
> on vacation etc.) I cannot remember details of this.
>=20
> /Jarkko
>=20


--------------ms070100070604050809040909
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC
Cx8wggUxMIIEGaADAgECAhBdZC9mIseKJlmxx1xn+g00MA0GCSqGSIb3DQEBCwUAMIGXMQsw
CQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxm
b3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDE9MDsGA1UEAxM0Q09NT0RPIFJTQSBD
bGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTAeFw0xODA5MTUwMDAw
MDBaFw0xOTA5MTUyMzU5NTlaMCQxIjAgBgkqhkiG9w0BCQEWE2pldGhyb0Bmb3J0YW5peC5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRQDOQsroKjy2xAQCXLyqryJt4
Xwj8hcweJCzOnjILKHIoWlOQ0b9yIbFLIWBRt/9zdxlE5ZabDVHnkIyhcVgtU/BA73e78Wx2
LOObdg0wfs9U2CVRYhz2EPHFjGvkYKihItt69ye91hj1w7RKCrYC8KZGSZ/+sbkJzQdXVy32
lxmiNEt17GNRebpkJCaFnznd6C2a8tBAS2Fa/UNyFdEs4eoRoYSKswclRhbe81aVhqY2hjcd
O6puyyaYp5hkmau2UPih6OpRSOhbe6Tuebceg1yvumoVX3OZtGPS1VdQ+p0bxB0RE6gNs140
ZKUhrvAJDETuGaaQD4A2/6ksLunjAgMBAAGjggHpMIIB5TAfBgNVHSMEGDAWgBSCr2yM+MX+
lmF86B89K3FIXsSLwDAdBgNVHQ4EFgQUsFUcmGtaJBU7/52LyTYHC/M+LscwDgYDVR0PAQH/
BAQDAgWgMAwGA1UdEwEB/wQCMAAwIAYDVR0lBBkwFwYIKwYBBQUHAwQGCysGAQQBsjEBAwUC
MBEGCWCGSAGG+EIBAQQEAwIFIDBGBgNVHSAEPzA9MDsGDCsGAQQBsjEBAgEBATArMCkGCCsG
AQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8ubmV0L0NQUzBaBgNVHR8EUzBRME+gTaBL
hklodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FDbGllbnRBdXRoZW50aWNhdGlv
bmFuZFNlY3VyZUVtYWlsQ0EuY3JsMIGLBggrBgEFBQcBAQR/MH0wVQYIKwYBBQUHMAKGSWh0
dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUNsaWVudEF1dGhlbnRpY2F0aW9uYW5k
U2VjdXJlRW1haWxDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNv
bTAeBgNVHREEFzAVgRNqZXRocm9AZm9ydGFuaXguY29tMA0GCSqGSIb3DQEBCwUAA4IBAQB6
v3tFEUSGv9+yY4wUjvcMyz3126nJrX5LkfEvrnCEpEiImECuoYvxOYNLYYynell7BQGtTaZg
shMfDvwpy2isoi3w1AWAfbn6npnSKLzu0BMRvcCPWY8VPmePPizTqXoPkLwgTJfSaWkxMP1u
rfL9S5NeRdkjwjHklX5IWuwwDu1hsKVZrxSSY2unCtvq67UHWz+z6rG1JQrP2YDfb98xun3y
eLBNe/LFBNnGISbkT5q6D+e5c0bgzoH9nH4bsw3t8aDqJTfT3BqQdWr4pF05ODzzeOmEqeYE
qGlD9hIL2AbmTZLjunAnARr6Fv7Sfqt23ptsGkmoZ9ZQNjT3TlwvMIIF5jCCA86gAwIBAgIQ
apvhODv/K2ufAdXZuKdSVjANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UEBhMCR0IxGzAZBgNV
BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N
T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkwHhcNMTMwMTEwMDAwMDAwWhcNMjgwMTA5MjM1OTU5WjCBlzELMAkGA1UEBhMCR0Ix
GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
ChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xpZW50IEF1dGhl
bnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC+s55XrCh2dUAWxzgDmNPGGHYhUPMleQtMtaDRfTpYPpynMS6n9jR22YRq2tA9
NEjk6vW7rN/5sYFLIP1of3l0NKZ6fLWfF2VgJ5cijKYy/qlAckY1wgOkUMgzKlWlVJGyK+Ul
NEQ1/5ErCsHq9x9aU/x1KwTdF/LCrT03Rl/FwFrf1XTCwa2QZYL55AqLPikFlgqOtzk06kb2
qvGlnHJvijjI03BOrNpo+kZGpcHsgyO1/u1OZTaOo8wvEU17VVeP1cHWse9tGKTDyUGg2hJZ
jrqck39UIm/nKbpDSZ0JsMoIw/JtOOg0JC56VzQgBo7ictReTQE5LFLG3yQK+xS1AgMBAAGj
ggE8MIIBODAfBgNVHSMEGDAWgBS7r34CPfqm8TyEjq3uOJjs2TIy1DAdBgNVHQ4EFgQUgq9s
jPjF/pZhfOgfPStxSF7Ei8AwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAw
EQYDVR0gBAowCDAGBgRVHSAAMEwGA1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9jcmwuY29tb2Rv
Y2EuY29tL0NPTU9ET1JTQUNlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMHEGCCsGAQUFBwEB
BGUwYzA7BggrBgEFBQcwAoYvaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQWRk
VHJ1c3RDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTANBgkq
hkiG9w0BAQwFAAOCAgEAeFyygSg0TzzuX1bOn5dW7I+iaxf28/ZJCAbU2C81zd9A/tNx4+js
QgwRGiHjZrAYayZrrm78hOx7aEpkfNPQIHGG6Fvq3EzWf/Lvx7/hk6zSPwIal9v5IkDcZoFD
7f3iT7PdkHJY9B51csvU50rxpEg1OyOT8fk2zvvPBuM4qQNqbGWlnhMpIMwpWZT89RY0wpJO
+2V6eXEGGHsROs3njeP9DqqqAJaBa4wBeKOdGCWn1/Jp2oY6dyNmNppI4ZNMUH4Tam85S1j6
E95u4+1Nuru84OrMIzqvISE2HN/56ebTOWlcrurffade2022O/tUU1gb4jfWCcyvB8czm12F
gX/y/lRjmDbEA08QJNB2729Y+io1IYO3ztveBdvUCIYZojTq/OCR6MvnzS6X72HP0PRLRTiO
SEmIDsS5N5w/8IW1Hva5hEFy6fDAfd9yI+O+IMMAj1KcL/Zo9jzJ16HO5m60ttl1Enk8MQkz
/W3JlHaeI5iKFn4UJu1/cP2YHXYPiWf2JyBzsLBrGk1II+3yL8aorYew6CQvdVifC3HtwlSa
m9V1niiCfOBe2C12TdKGu05LWIA3ZkFcWJGaNXOZ6Ggyh/TqvXG5v7zmEVDNXFnHn9tFpMpO
UvxhcsjycBtH0dZ0WrNw6gH+HF8TIhCnH3+zzWuDN0Rk6h9KVkfKehIxggQ1MIIEMQIBATCB
rDCBlzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9E
TyBSU0EgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEF1kL2Yi
x4omWbHHXGf6DTQwDQYJYIZIAWUDBAIBBQCgggJZMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B
BwEwHAYJKoZIhvcNAQkFMQ8XDTE5MDgwNzE2NDUyOFowLwYJKoZIhvcNAQkEMSIEILekozDk
RqzvR2l6fUKlNMPwP9W3dwulOmoTdPP7jd3gMGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZIAWUD
BAEqMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN
AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgb0GCSsGAQQBgjcQBDGBrzCBrDCBlzEL
MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2Fs
Zm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0Eg
Q2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEF1kL2Yix4omWbHH
XGf6DTQwgb8GCyqGSIb3DQEJEAILMYGvoIGsMIGXMQswCQYDVQQGEwJHQjEbMBkGA1UECBMS
R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8g
Q0EgTGltaXRlZDE9MDsGA1UEAxM0Q09NT0RPIFJTQSBDbGllbnQgQXV0aGVudGljYXRpb24g
YW5kIFNlY3VyZSBFbWFpbCBDQQIQXWQvZiLHiiZZscdcZ/oNNDANBgkqhkiG9w0BAQEFAASC
AQAU4c/RjsopedEw9HvBaxNed3OL7udwfYJMFG72PBynP0Cl1YZoRMRF74OP9l2b8rs+AAfn
AOxuSBjX9X4D5LvHIwfxvpcOM6eF2z6gxnUuAMn0i//0EbGdLSLtI8u4IHeCedAmPmUiLuh5
fatrVhiW4BHcdfejhilcdIbxbOqkQvnyq3ed2rR/0+uzLSy5q1VcAnSf1dRhrzN3TP5WNFTs
D7RO21APdb7J3Ab0e0xoQN0QJjZv6kWcUmvaBlr9DQqYvmGHjI57t10ZeqA1gEA5JNXB7Vea
7Bqa2oD8X5tWAhIMl6aOJ//Q/oEJNBVHG9Y3NHsGgrGDe+PR0zkcO29uAAAAAAAA

--------------ms070100070604050809040909--