Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp2112335pxp; Fri, 18 Mar 2022 03:36:45 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwqU7osrRSAQPFmTxqcoywhz9Cv0yRnd795hSnPbHWboxq8e+melE1Jxw3ux2q5l5ClCnWO X-Received: by 2002:a17:906:6144:b0:6cf:bb2e:a2e1 with SMTP id p4-20020a170906614400b006cfbb2ea2e1mr8320114ejl.299.1647599805349; Fri, 18 Mar 2022 03:36:45 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1647599805; cv=pass; d=google.com; s=arc-20160816; b=d/b5Ppy42OTsiMWkcVsBT9gRxAKKQbejSzLaoJnEO2jHdlt7xRZWVlGN2XPgCJhDea ooDYJctTun/M+Jin8A8VqCJrjWJKojpiM3RGNCJkfZUqpkSl/UJmChztVNIRRDpSH0Nv z6JUCYJRjMrU+z5AOJVGCBKvaXmcJ5Fq/LquvspOW1M6qYiqrT3+kSjnVrqhEJt/EuJU bBc2N+vBsVUbv/dmztB1aAjQ3qdM4Ele/96vbWaxGv8TSGOiFop7rD+rb7DFyHivlWHE N21ggrV2l4y1cO1WNZlT9pw8enV9BdYt77eZhuE5j07GL1NkEv/RZKT5ZmX0KW+90oWP Gw4Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:in-reply-to:from:references:cc:to :content-language:subject:user-agent:date:message-id:dkim-signature; bh=KKOSOcatYmpNU9nFsqGWpUjmJ6AmfqBwIYhf5rBTYpE=; b=pk/zFb3vjNdSK7x3cvgrVs+qjEvsNE5EPLCcSNtuq7jAuBQquP16bU0HGli6uksFVf OwwGkjCEbR33h94YjpQp2KA/tjtnQ6dqC+CcwT7eNqmu3ISZqY6NgHnb5SOFpAvNleWD 3HMgFT23E5TWj6CKoqUJequXSeprIIQ9CnpmFifuJuh78bi1gyTGOMY9ICkxi9N1LabS a1eCc7sz+Qg4qn5lcEtuxk4m41/AiXtBsf80KMmGUIgjUbmt056/H8hGppjNqu+GBfEb WCJBBIcjXPUcUCENVAZ475o5HBcX7tsxCAFP9zzCVQw4XEdSgYqOLd1B5e9gTGnnzPo3 MZRw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@fortanix.com header.s=selector1 header.b=CoblLBnm; arc=pass (i=1 spf=pass spfdomain=fortanix.com dkim=pass dkdomain=fortanix.com dmarc=pass fromdomain=fortanix.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=fortanix.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 3-20020a170906208300b006df76385c58si1034384ejq.248.2022.03.18.03.36.18; Fri, 18 Mar 2022 03:36:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@fortanix.com header.s=selector1 header.b=CoblLBnm; arc=pass (i=1 spf=pass spfdomain=fortanix.com dkim=pass dkdomain=fortanix.com dmarc=pass fromdomain=fortanix.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=fortanix.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234260AbiCRJHw (ORCPT + 99 others); Fri, 18 Mar 2022 05:07:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46030 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234256AbiCRJHv (ORCPT ); Fri, 18 Mar 2022 05:07:51 -0400 Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam07on2130.outbound.protection.outlook.com [40.107.212.130]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 693591877D7; Fri, 18 Mar 2022 02:06:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Sq5WQ7f6VgrJRLv/Ews8wyPjP7OURJqom+SfFgsYCZ8zyd2kP4TldUx1OWHC6iHcFRRkESXFlsJgI+u1QUE0F5VMIrZh05+DwX5ExwbLAZCSKwqMHsy3dF+/nqNTDr5usv107Oe+1yFCVD5UNDbW2JtoHAlbFwKaPmMiw3TVCWCay4p0DxjA+vbfr0XkrMM9XbXl67eue4gD9Sl3ZxJ1Osyz8aXIoZ85evZlQetCSwmYJajQZrPr0XhHvLOSfGCqSwluVAl1fa/IXGiTAvmZQxid2X37YTYziSOZg5SJnf+89dq0Yb8vCSJAja/s0hKZY/07EDIm8gnqopg06BOrBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KKOSOcatYmpNU9nFsqGWpUjmJ6AmfqBwIYhf5rBTYpE=; b=Xmz1ID0gnYJ6bGF0dHiIMKLMDjp16cd+ZHz5gqd6Tkp+IVA46RViIASN0t0JWp9mAaXlunPmFWgxESO4CaT0tCdnTu82CO6OAM7VMuTKO3+4eLgFyQ/j5PYQu4xVwgfzTnSOHDD3gOoR09t+Jrmm/S0GHIsZ2DQRqNvMh9qAbvZgPoE6x32m7BUTEaKQOuHTXHJ62I5ofa3idDecQBsawtfE5WhLe+F6bw8yhYljFa6YWqpcMGb671YNtGT3XRNwEiIshPBajm8det88aryAOt3wxRRhSIO7NdwA4AYr1gy5LJkFwbH7wa4QjsN4M0OzOyHt7xW8IhtJH22HIJFVyA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=fortanix.com; dmarc=pass action=none header.from=fortanix.com; dkim=pass header.d=fortanix.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fortanix.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KKOSOcatYmpNU9nFsqGWpUjmJ6AmfqBwIYhf5rBTYpE=; b=CoblLBnmUWAqu2f+CbkyZNUT76WqGZfF0DByculvS7VZDMYZy1IkKkuR4C89Ojd6yFW3eigCroE8TkuipF8AZnOxa7BzpvWsjNdfZ18yoimOTgViVN/2Dw7sNigqJaMpHOEm8XpClswnIXs4qhj+ZLwJQoAnXGv8HW0tqbBEaAo= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=fortanix.com; Received: from PH0PR11MB5626.namprd11.prod.outlook.com (2603:10b6:510:ee::15) by CH0PR11MB5426.namprd11.prod.outlook.com (2603:10b6:610:d1::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.14; Fri, 18 Mar 2022 09:06:32 +0000 Received: from PH0PR11MB5626.namprd11.prod.outlook.com ([fe80::919c:b806:f259:e276]) by PH0PR11MB5626.namprd11.prod.outlook.com ([fe80::919c:b806:f259:e276%5]) with mapi id 15.20.5081.018; Fri, 18 Mar 2022 09:06:32 +0000 Message-ID: <4198920d-298c-6565-5d97-9d0a8fcc8441@fortanix.com> Date: Fri, 18 Mar 2022 10:06:25 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 Subject: Re: [RFC PATCH v2 09/10] x86/cpu: Call ENCLS[EUPDATESVN] procedure in microcode update Content-Language: en-US To: Dave Hansen , Cathy Zhang , linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org Cc: ashok.raj@intel.com References: <20220315010300.10199-1-cathy.zhang@intel.com> <20220315010300.10199-10-cathy.zhang@intel.com> <53e7d3a3-a576-7ef1-fa2d-d170fa1172a1@fortanix.com> From: Jethro Beekman In-Reply-To: Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms020204040904070104010800" X-ClientProxiedBy: AM4PR0701CA0005.eurprd07.prod.outlook.com (2603:10a6:200:42::15) To PH0PR11MB5626.namprd11.prod.outlook.com (2603:10b6:510:ee::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: aad8bf6a-5581-4c10-c134-08da08be9849 X-MS-TrafficTypeDiagnostic: CH0PR11MB5426:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Mly6R2c203j1y3SywrNxlwiM2+eQKo2tNTiFDtuEsbH8CaD8fdoalEeahiQS09FNmYbSPTjemPG7+KQspXtppLgUFIayvQz146oMXpqr9R4O7M2qYJWhhawZFk6UApQRjYgN3SxDDWPW6tAltYKjPE4pbtYr6S4iE6CE/XRCP6otitCfSAbRlvX6yMKbXRRByVszeT9gPU9GLo+yXyRSGatSU7LfExffiP774vHh3b0r2nifY+KnP4zBzUsMcPPPh7tfUDwS57XvbPiiPw6Hgup+RQOfKOGM6GQf+bOQkQ3tzcG6P54zrSiKKzedgHChw9b+cz1m861ogpCTR0ZlKhmA55M/NceOnePk/u9oow1pti/hkucVEXPDPwHNGcaG/0fNFMrZZGgDVntiL34lgpWldT9CRk+jq7HMArwVcxt+J7i67nTv2sUncJwANDdPt9nE2JQ5bme57qljLhpbPZYksPQJoZuUuvVvZa2plENi+WNI1GTYJR8PICDw+0klUKygU5XjZH/RNgBIGcLR2JCFLDiv7xxyWUjZZWQdPfINhmU6/SfFXQJ5ul8LZjVSL5c+yPoC/+jid2QN2EV1LfPMKiybZ9+zjhj4wt2ucuk8Y4Dk9/tApA3HpuM/swY9BHNplR8XtxigniIR9IC1PSA3LwHi8R0JQqhV9Zu73eMhDuQswbGPrYmGhPC68liWOLcodGOGTgKn7Gu+eUE+5FhYZ6R8qOli60e1Z1rDcDAbcwhptPnY73+1IT95icPc/bdm4jnNSP/bYATCqUDDSg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5626.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(4636009)(366004)(38350700002)(38100700002)(15650500001)(186003)(26005)(6506007)(33964004)(52116002)(53546011)(2616005)(6512007)(2906002)(83380400001)(66476007)(66556008)(66946007)(8676002)(31696002)(86362001)(110136005)(4326008)(8936002)(36756003)(316002)(31686004)(5660300002)(235185007)(508600001)(6486002)(6666004)(45980500001)(43740500002);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?V0JNWXhPNkdKSDZsN0N5ZVU4VHdzZk9EWUxzaTh4SGZHNjVkdzlpbUxEcXVL?= =?utf-8?B?K3RTRnpQc3lwQ0d6QzR2SlRqdzBLOGR3NWlvUzZDV1RhZlJrME9QNk90RC93?= =?utf-8?B?VW9hSXVWbUpIV2wvRlM3cjdWd1VWeVlmNWdoVEVVK3dFa0Vyb2kzeTBsMEFT?= =?utf-8?B?Rndycnd3R1oyVlYvTFl5NDF4YWpHWG5zR0dVdkgwT2VEamh5NzFqd1JsQXFD?= =?utf-8?B?MDRubjVNb2xTRTJPaStTNzlFQ3cwa1MwVllwYU5IVkNucm5ZdGFQWE1hMW80?= =?utf-8?B?cGRvRkFvRFkyNElXNUVIUk53RUtGeUhwSlhvdjR2Ly9tOFhqM2pHZnhQNWho?= =?utf-8?B?WFluSWV4RTczSGFRZzlSa1lXcnpsNjhaY25rR3ZRWDczTURQT2RtQWdWK0V0?= =?utf-8?B?aVlnS0lxdUpzUlRyNkpjb1FEWFNqRUxmQk5XcW9hWUw2MGFKOC9vWTYyVERs?= =?utf-8?B?bGJNQU9HRTBrK05xQ1BWRHVvZ1ZhelRTWDdKdWhzWE5NSDZsYVp2OWdwWXMz?= =?utf-8?B?bE5MbjVGYzhlalUrR2dPSVY5bEhmSk1yYkNnOUU5cFE5MjRSSVQ4a0NTeVBu?= =?utf-8?B?M0UraVJuandKZE8waU5sdFRpakk2a244UVhtT2orUDZjSnNLQVNxNHIvdW9o?= =?utf-8?B?cTRkemlGRmUvM0xIUmo0dmplUXhNN1dITzB3ems4Y3ZsWG13aWR4ckZacEtR?= =?utf-8?B?YXRnSk1RS2dpNVFtRThPdkxJdTNJOUNKQkQ4RWs4c2RwdXNwQjF4clcrck5t?= =?utf-8?B?OE1wWXRPd3kzeDg2b1JiazNFNnFqSWdUVzkrNzN2L3dFZDNxWFAvMmU2Yjc2?= =?utf-8?B?RlA0ZmhUNEhVUHdTRGlOOUplSUFPWEdsWlpwN1IzUGt4VVU4QUJTQ2VzUHRv?= =?utf-8?B?dEQ4Q3krendMUC9Ba2ZFbVVBRDhvRGtUQzNocUV5cXFIVUNGZmVDYkJTMDRn?= =?utf-8?B?ei9SQnUwd241UlN0UWpyb09Hd3lLQ25xVnM4MW5uY0lkN0hneWc0UDBKeGlL?= =?utf-8?B?QlBvcjdvdU00U0tZTGJPK016N01GYlBheU13aFRYM2tHYnNpOWJPMFA1VXAv?= =?utf-8?B?cjcvbkpIV29TZFpUcFdXVmJvRU1haHZaNFNOUzNONUVFNXpDYnRZME1JM0kx?= =?utf-8?B?Ky8zZS9vR1ZUN2NiYmdnQ1NQQVpQRktsc1IzVDZGNjVjN3lHN2NsR3dnN01K?= =?utf-8?B?b04yZGVUa01VdUdzazRrMXZ1RnZ6V0JRazIzdStLZ2UwdnBJR2lUeVp3YTh0?= =?utf-8?B?d1lOaWRxdzVUcC9hYkdJQmRLbjFzcy9LdDV3NmNmWDJkaW5KOUQ1S0RMVjgy?= =?utf-8?B?VmRxT1oxZmJxTVNnQWRVcDlNVFlHeHNaWkZnL01uTlJxMUprK1FBVmJBczd5?= =?utf-8?B?bUlrcU1taUV5SWgxMG9YTXIrMHdzQWZXQVJBQ2lVbVYxK0V5V2haczhkUzJl?= =?utf-8?B?WjI3ekxrUklBUmxpdmIzQlB4TFMyNk8xalVqaStTKzduUjZBVVYwajA4VDNj?= =?utf-8?B?bGhZTFkvMm10alJSaGhmSUc2UTREQXg2SVV6RzQzR2xjVlQ0QWdjdDJva3dI?= =?utf-8?B?UEFKdFR6MTYzVDVOa0hLNmgxWlpsRWFZTzdIckhBZjlmcVIyUTVKZzlHd3VT?= =?utf-8?B?TlowRnZYWE0rQmIyRUM5eDdkMVc3M01PVVJDT3JuYnNhcmZoZDl6Uk9qc2gy?= =?utf-8?B?dGZiLytFSTR0d25ubE1yWHIrUk5FQWo3SDZsZWh4bTBiRDRCeWJ2MlV6OFJx?= =?utf-8?B?ZFRuTTlCUERJVXJZeTFoa1AvK0xJdVVwTjhhUGdEU0htd0xWV2doN1Q1M25p?= =?utf-8?B?RTR4V1Irc2luVkJ4d0NtYy9OdWVMT2poZEVHUlhJek12YytIalBwU3VMTHFX?= =?utf-8?B?VGdMTnVRVHQrSVJoaGxGa3pzRklaNDFRL3hpSTUwNHFDS3FsOTgxbGU0Q2Jv?= =?utf-8?B?Uzh2QW9zaXNMSk9ZZnJoYW1Ba3hBUXZsWW9IUXd0SzJQMTUweisxVHQyRGRo?= =?utf-8?B?V2JERWphU3R3PT0=?= X-OriginatorOrg: fortanix.com X-MS-Exchange-CrossTenant-Network-Message-Id: aad8bf6a-5581-4c10-c134-08da08be9849 X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5626.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Mar 2022 09:06:31.9387 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: de7becae-4883-43e8-82c7-7dbdbb988ae6 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Rta8kzdS77l7Dphs9Pk6AlrIuWGl8bC9Wv0bEByTzKDhKxy6VE++cVBQDUAhFmbNJ+lE0XS4f0sN8jz78bY49g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR11MB5426 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --------------ms020204040904070104010800 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On 2022-03-16 16:47, Dave Hansen wrote: > On 3/16/22 03:24, Jethro Beekman wrote: >>> Doing this automatically and unconditionally during a microcode >>> update seems undesirable. This requires the userland tooling that >>> is coordinating the microcode update to be aware of any SGX >>> enclaves that are running and possibly coordinate sequencing with >>> the processes containing those enclaves. This coupling does not >>> exist today. >> Also, a microcode update may not affect SGX security at all and doing >> the EUPDATESVN procedure may not be required for this particular >> update. This case is called out specifically in the EUPDATESVN >> documentation. > > I don't think Intel provides the metadata for the kernel to tell if an > update requires an EUPDATESVN procedure or not. If this is inconvenient > for you, I'd suggest reporting this to the folks at Intel who can fix > it. It doesn't seem like something which they are motivated to fix. Whether or not metadata is currently made available is orthogonal to creating a mechanism by which userspace can indidate that a particular microcode update shouldn't trigger the EUPDATESVN procedure. -- Jethro Beekman | Fortanix --------------ms020204040904070104010800 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC DVUwggXgMIIDyKADAgECAhAorKRKpFwMN77KaahISgU8MA0GCSqGSIb3DQEBCwUAMIGBMQsw CQYDVQQGEwJJVDEQMA4GA1UECAwHQmVyZ2FtbzEZMBcGA1UEBwwQUG9udGUgU2FuIFBpZXRy bzEXMBUGA1UECgwOQWN0YWxpcyBTLnAuQS4xLDAqBgNVBAMMI0FjdGFsaXMgQ2xpZW50IEF1 dGhlbnRpY2F0aW9uIENBIEczMB4XDTIxMDkyMDA4MjgxMloXDTIyMDkyMDA4MjgxMlowHjEc MBoGA1UEAwwTamV0aHJvQGZvcnRhbml4LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAN7ILCRnCqfq7ADD69ye2hNX9tiR29nMKgMVdUSx3FOQPEgohsmmuQOPiXlXirfk s+jxVb/rkOboY9+nmWNauFXlKHflIe0jbFSFCuY8AxzVFKQllY2sa3t8KEsL5OvKoeNZ98NZ BgmaxbDsKQVjnqFMWuHe2EV6TfnmZFg25hkKTjvg6uzIxs4zd+zIQPhGUlpd3Ezbu2G8kiCE X8DI58eXN6xyQffN2N1rTgMME4V38Eub7nsgS31UU0PuGNHKLIKq1PwuU/BThviOaCP7Urce 0YHsWR+zGDkFU3Nhdj7cs7wsnrLTEIHHUwummCUZcangMad3dWWeIOM1iVQOsz8CAwEAAaOC AbQwggGwMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUvpepqoS/gL8QU30JMvnhLjIbz3cw fgYIKwYBBQUHAQEEcjBwMDsGCCsGAQUFBzAChi9odHRwOi8vY2FjZXJ0LmFjdGFsaXMuaXQv Y2VydHMvYWN0YWxpcy1hdXRjbGlnMzAxBggrBgEFBQcwAYYlaHR0cDovL29jc3AwOS5hY3Rh bGlzLml0L1ZBL0FVVEhDTC1HMzAeBgNVHREEFzAVgRNqZXRocm9AZm9ydGFuaXguY29tMEcG A1UdIARAMD4wPAYGK4EfARgBMDIwMAYIKwYBBQUHAgEWJGh0dHBzOi8vd3d3LmFjdGFsaXMu aXQvYXJlYS1kb3dubG9hZDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwSAYDVR0f BEEwPzA9oDugOYY3aHR0cDovL2NybDA5LmFjdGFsaXMuaXQvUmVwb3NpdG9yeS9BVVRIQ0wt RzMvZ2V0TGFzdENSTDAdBgNVHQ4EFgQUwInkh2YOl18URVO4DXuERsHxbzEwDgYDVR0PAQH/ BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4ICAQAi4cE7xYH7vsY3NNSxzLlm7K4xnomElL2pd2lq 0o0jp29kJxC5km9d/boVh3SfLLbPfubQRShERrOZl0CwHHZlCn7EF48jdcyDkqMSRzgeKjra JhkWaxWhXvLc6AwV/de3hX5XD6xCZhC5CWSFaFJI4X6GLHyXzYT3bNPqjrks2Mmd1uQT5Fnt Xj1rmTDJAK3AtBzcWkmWpKC7oqqzPLjqTMicWu7LKsGR3WS9DVf/UQXKh6I76fQ9sOXm7/Ll U6CyRs2G4oq6tAsAAeiA4EUWg/0Q1zFYZ+6tRbYWC7Itl5+CQpKiPo1cLWrsSpzK4mpkf+8f ZL23s8TlTliRTlLv2XLI8Gxl03qMhyR2dFWiI0Ldlx8Zp2Mc0hmAjZP7Tc+W8BFUR3pZIswY dslI2uBpXFxFX2+T0K3lXOxqhvSRfXbIoJ+ulFEgDImTJnrBFRizHAX/8rwrxyxpJBhWTSY0 tbXRRSoxe1D0RAqcGf57+sh5CxSUuNgZ6n4ypdBt2SI6a/X/oIIwKJvbM5+aASsaLB24xYI3 AgiPb7nopSi1n2zn+XHw0TnzW8iC5wXUmY1GFMoq6aseE5nCE1wUZWt/bVrpO0XW/r9kkG6O 2tCmgbv8vHQT7gLfMgGQYAmKA6Ehniyjbi1evBYcpt9ly7xx/mIfACNwKLvxC3ksTMkNqTCC B20wggVVoAMCAQICEBcQPt49ihy1ygZRk+fKQ2swDQYJKoZIhvcNAQELBQAwazELMAkGA1UE BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1ODUy MDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENBMB4XDTIwMDcw NjA4NDU0N1oXDTMwMDkyMjExMjIwMlowgYExCzAJBgNVBAYTAklUMRAwDgYDVQQIDAdCZXJn YW1vMRkwFwYDVQQHDBBQb250ZSBTYW4gUGlldHJvMRcwFQYDVQQKDA5BY3RhbGlzIFMucC5B LjEsMCoGA1UEAwwjQWN0YWxpcyBDbGllbnQgQXV0aGVudGljYXRpb24gQ0EgRzMwggIiMA0G CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDt5oeWocGktu3CQlX3Pw8PImBfE+CmQ4iGSZF5 HBsvGlAP3EYB7va6OobMUWHvxA+ACHEpWq0YfNh6rRUlULOGcIpEFtVf4nAiEvdQtiFQBmtW JSn3naoMHqpMvmwZ4lL0Xr1U9JHmTqkU3DuYcNNO3S+hYWDZpWQbeSGibNVeiJ4kY6JDh0fv qloK1BsuS3n2OgArPYGfAYtDjCvT2d+6Ym3kArHZjEcrZeBI+yVVnjPwbTSCKax8DtS2NP/C J6RjpnRvuSwusRy84OdwdB71VKs1EDXj1ITcCWRZpkz+OhV6L8Zh+P0rmOSJF6KdHiaozfnc URx4s54GFJNRGkx1DnCxcuL0NJMYG42/hrDYOjNv+oGWSEZO/CT3aaLSMB5wTbZKfcD1R+tT anXD+5Gz5Mi15DTE7QH8naZjZxqqhyxL1KyuIgaVDxvQtPSjo5vTsoa09rn+Ui8ybHnvYO/a /68OIQIHLGbUd2COnwm0TiZ3Jg/oYGxwnJPvU1nDXNcecWTIJvFF5qD2ppJH3HgJVVePUEOY 1E4Kp3k0B8hdRdhMV5n+O6RCKCTFcZaESF8sELgdrqnCLPP1+rX7DA8pxZoX0/9Jk64EOsbf QyLIJlrrob2YS0Xlku6HisZ8qrHLhnkzF5y7O34xmatIp8oZ5c54QP+K5flnTYzWjuIxLwID AQABo4IB9DCCAfAwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRS2Ig6yJ94Zu2J83s4 cJTJAgI20DBBBggrBgEFBQcBAQQ1MDMwMQYIKwYBBQUHMAGGJWh0dHA6Ly9vY3NwMDUuYWN0 YWxpcy5pdC9WQS9BVVRILVJPT1QwRQYDVR0gBD4wPDA6BgRVHSAAMDIwMAYIKwYBBQUHAgEW JGh0dHBzOi8vd3d3LmFjdGFsaXMuaXQvYXJlYS1kb3dubG9hZDAdBgNVHSUEFjAUBggrBgEF BQcDAgYIKwYBBQUHAwQwgeMGA1UdHwSB2zCB2DCBlqCBk6CBkIaBjWxkYXA6Ly9sZGFwMDUu YWN0YWxpcy5pdC9jbiUzZEFjdGFsaXMlMjBBdXRoZW50aWNhdGlvbiUyMFJvb3QlMjBDQSxv JTNkQWN0YWxpcyUyMFMucC5BLiUyZjAzMzU4NTIwOTY3LGMlM2RJVD9jZXJ0aWZpY2F0ZVJl dm9jYXRpb25MaXN0O2JpbmFyeTA9oDugOYY3aHR0cDovL2NybDA1LmFjdGFsaXMuaXQvUmVw b3NpdG9yeS9BVVRILVJPT1QvZ2V0TGFzdENSTDAdBgNVHQ4EFgQUvpepqoS/gL8QU30JMvnh LjIbz3cwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAmm+cbWQ10sxID6edV 94SAhc1CwzthHFfHpuYS30gisWUfWpgp43Dg1XzG2in3VGV7XrzCCGZh4JM/XQWp+4oxmyV4 2Qjz9vc8GRksgo6X2nYObPYZzQjda9wxsCB38i4G3H33w8lf9sFvl0xm4ZXZ2s2bF/PdqvrK 0ZgvF51+MoIPnli/wJBw3p72xbk5Sb1MneSO3tZ293WFzDmz7tuGU0PfytYUkG7O6annGqbU 1I6CA6QVKUqeFLPodSODAFqJ3pimKD0vX9MuuSa0QinH7CkiPtZMD0mpwwzIsnSs3qOOl60t IZQOTc0I6lCe1LLhrz7Q75J6nNL9N5zVwZ1I3o2Lb8Dt7BA13VFuZvZIzapUGV83R7pmSVaj 1Bik1nJ/R393e6mwppsT140KDVLh4Oenywmp2VpBDuEj9RgICAO0sibv8n379LbO7ARa0kw9 y9pggFzN2PAX25b7w0n9m78kpv3z3vW65rs6wl7E8VEHNfv8+cnb81dxN3C51KElz+l31zch FTurD5HFEpyEhzO/fMS5AkweRJIzwozxNs7OL/S/SVTpJLJL1ukZ1lnHHX0d3xCzRy/5HqfK 3uiG22LPB5+RjNDobPAjAz2BKMfkF/+v0pzn8mqqkopQaJzEAbLbMpgQYHRCjvrUxxwjJyUF b2Z+40UNtMF4MTK7zTGCA/MwggPvAgEBMIGWMIGBMQswCQYDVQQGEwJJVDEQMA4GA1UECAwH QmVyZ2FtbzEZMBcGA1UEBwwQUG9udGUgU2FuIFBpZXRybzEXMBUGA1UECgwOQWN0YWxpcyBT LnAuQS4xLDAqBgNVBAMMI0FjdGFsaXMgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIENBIEczAhAo rKRKpFwMN77KaahISgU8MA0GCWCGSAFlAwQCAQUAoIICLTAYBgkqhkiG9w0BCQMxCwYJKoZI hvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMjAzMTgwOTA2MjVaMC8GCSqGSIb3DQEJBDEiBCC3 FFG2ZiZLsVuLksB1xrELspPRCX6YEWBwSlOi1+yCVDBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCG SAFlAwQBKjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqG SIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGnBgkrBgEEAYI3EAQxgZkwgZYw gYExCzAJBgNVBAYTAklUMRAwDgYDVQQIDAdCZXJnYW1vMRkwFwYDVQQHDBBQb250ZSBTYW4g UGlldHJvMRcwFQYDVQQKDA5BY3RhbGlzIFMucC5BLjEsMCoGA1UEAwwjQWN0YWxpcyBDbGll bnQgQXV0aGVudGljYXRpb24gQ0EgRzMCECispEqkXAw3vsppqEhKBTwwgakGCyqGSIb3DQEJ EAILMYGZoIGWMIGBMQswCQYDVQQGEwJJVDEQMA4GA1UECAwHQmVyZ2FtbzEZMBcGA1UEBwwQ UG9udGUgU2FuIFBpZXRybzEXMBUGA1UECgwOQWN0YWxpcyBTLnAuQS4xLDAqBgNVBAMMI0Fj dGFsaXMgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIENBIEczAhAorKRKpFwMN77KaahISgU8MA0G CSqGSIb3DQEBAQUABIIBAG4rItSJrFejLpjcdggbr+CNXjQxoSVlOqxxdD2kJprBDUJFWDet 1y/1rVAe51KWKQqQs81pBnhNirBJDjLGFMqtfge6/L9X+CAGH2TN8H6C2PnrBjkhhfHHLDCk HyCLi5zs69fui1g2ZpdbqMnyJi2Jh0LPI6hMtaHFoS7m8aumhuk2/wbruDJ0m4h4i7qiPo0/ 8d3fznXGIkz49jsIwfc/5ejd6p5YLaa1akTnw6LRUQ2EWSQ82hSUArWBx5AwkHKet98JGkAt +UmTBaEzCVg08Ds02/A1ucAT60a9fiq2v61YEx/b/nb5QA7chmA6NOL2BK9ZQhVqKQRZ32ch 1CkAAAAAAAA= --------------ms020204040904070104010800--