From mboxrd@z Thu Jan 1 00:00:00 1970 Content-Type: multipart/mixed; boundary="===============1429876318108497068==" MIME-Version: 1.0 From: Oliver, Dario N Subject: [tpm2] Problem with tpm2_unseal after reboot Date: Fri, 07 Dec 2018 22:36:02 +0000 Message-ID: <20A6FE0AC912764FB8B5BC5A1A7CB92B2F9FEDD3@fmsmsx101.amr.corp.intel.com> List-ID: To: tpm2@lists.01.org --===============1429876318108497068== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Hello! I am currently having problems to unseal a secret from the tpm. I hope that you can detect the issue in my instructions below :) The versions that I am using are the following: 1. Tpm2-tss 2.0.0 2. Tpm2-abrmd 2.0.0 3. Tpm2-tools 3.1.0 The platform I am using is a Compulab Fitlet2 device (Intel Atom x5-E3950 = Apollo Lake), with Fedora 28 and Linux kernel 4.19.x. In this case, the device support firmware tpm, and it is enabled in the BIO= S (fTPM) So, after installing the tpm2 stack from github releases, I am sealing a se= cret with the following commands: # Create a random secret to be saved in the TPM tpm2_getrandom 32 --output key.bin # I use a pcr policy on sha1 banks 0 and 1, this gets the pcr state tpm2_pcrlist --sel-list sha1:0,1 --output pcr_state.bin # Create a policy with those PCR tpm2_createpolicy --policy-pcr --set-list sha1:0,1 \ --pcr-input-file pcr_state.bin --policy-file policy.bin # Create a primary object with endorsement hierarchy tpm2_createprimary --hierarchy e --halg sha1 --kalg rsa --context primary.c= ontext # Create an object to be loaded in the TPM tpm2_create --halg sha256 --kalg keyedhash --pubfile key.pub --privfile key= .priv \ --context-parent primary.context --policy-file policy.bin \ --object-attributes "fixedtpm|fixedparent|noda|adminwithpolicy" = --in-file key.bin # Load the object in the TPM tpm2_load --context-parent primary.context --pubfile key.pub --privfile key= .priv \ --context load.context # Persist the object in the TPM tpm2_evictcontrol --auth o --context load.context --persistent 0x81010002 # Check if the object is persisted, looks good tpm2_listpersistent persistent-handle[0]:0x81010002 key-alg:keyedhash hash-alg:sha256 object-at= tr:fixedtpm|fixedparent|noda|adminwithpolicy # Unseal the object, works! tpm2_unseal --item 0x81010002 --set-list sha1:0,1 > compare_key.bin # Compare original and unsealed objects, the match :) diff compare_key.bin key.bin ############## # After this initial setup, I reboot the device, and try to unseal the secr= et again ############## # After reboot, open a terminal an do tpm2_unseal --item 0x81010002 --set-list sha1:0,1 > compare_disk_key.bin ERROR: Sys_Unseal failed. Error Code: 0x99d ERROR: Unseal failed! ERROR: Unable to run tpm2_unseal # Use tpm2_rc_decode to decode the error message 0x99d, it is a policy chec= k error! tpm2_rc_decode 0x99d error layer hex: 0x0 identifier: TSS2_TPM_RC_LAYER description: Error produced by the TPM format 1 error code hex: 0x1d identifier: TPM2_RC_POLICY_FAIL description: a policy check failed session hex: 0x100 identifier: TPM2_RC_1 description: (null) ############### # I checked the PCR 0,1, and they have the same values as at the moment to = seal the object. # So I don't understand why I am having a "TPM2_RC_POLICY_FAIL" error. # I tried the same process several times, and each time I end up in the sam= e error state. ############### Is there something I am missing here? Is something additional I need to do to satisfy the policy to unseal the da= ta? Any help is appreciated! Thank you in advance. --===============1429876318108497068== Content-Type: text/html MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.html" PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+CjxoZWFkPgo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNv bnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD11cy1hc2NpaSI+CjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPgo8c3R5bGU+ PCEtLQovKiBGb250IERlZmluaXRpb25zICovCkBmb250LWZhY2UKCXtmb250LWZhbWlseTpXaW5n ZGluZ3M7CglwYW5vc2UtMTo1IDAgMCAwIDAgMCAwIDAgMCAwO30KQGZvbnQtZmFjZQoJe2ZvbnQt ZmFtaWx5OiJDYW1icmlhIE1hdGgiOwoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9CkBm b250LWZhY2UKCXtmb250LWZhbWlseTpDYWxpYnJpOwoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQg MyAyIDQ7fQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLwpwLk1zb05vcm1hbCwgbGkuTXNvTm9ybWFs LCBkaXYuTXNvTm9ybWFsCgl7bWFyZ2luOjBjbTsKCW1hcmdpbi1ib3R0b206LjAwMDFwdDsKCWZv bnQtc2l6ZToxMS4wcHQ7Cglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9CmE6bGlu aywgc3Bhbi5Nc29IeXBlcmxpbmsKCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7Cgljb2xvcjojMDU2 M0MxOwoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9CmE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBl cmxpbmtGb2xsb3dlZAoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsKCWNvbG9yOiM5NTRGNzI7Cgl0 ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30KcC5Nc29MaXN0UGFyYWdyYXBoLCBsaS5Nc29MaXN0 UGFyYWdyYXBoLCBkaXYuTXNvTGlzdFBhcmFncmFwaAoJe21zby1zdHlsZS1wcmlvcml0eTozNDsK CW1hcmdpbi10b3A6MGNtOwoJbWFyZ2luLXJpZ2h0OjBjbTsKCW1hcmdpbi1ib3R0b206MGNtOwoJ bWFyZ2luLWxlZnQ6MzYuMHB0OwoJbWFyZ2luLWJvdHRvbTouMDAwMXB0OwoJZm9udC1zaXplOjEx LjBwdDsKCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30Kc3Bhbi5FbWFpbFN0eWxl MTgKCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbDsKCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5z LXNlcmlmOwoJY29sb3I6d2luZG93dGV4dDt9CnNwYW4uRW1haWxTdHlsZTE5Cgl7bXNvLXN0eWxl LXR5cGU6cGVyc29uYWwtcmVwbHk7Cglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsK CWNvbG9yOiMxRjQ5N0Q7fQouTXNvQ2hwRGVmYXVsdAoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1v bmx5OwoJZm9udC1zaXplOjEwLjBwdDt9CkBwYWdlIFdvcmRTZWN0aW9uMQoJe3NpemU6NjEyLjBw dCA3OTIuMHB0OwoJbWFyZ2luOjcyLjBwdCA3Mi4wcHQgNzIuMHB0IDcyLjBwdDt9CmRpdi5Xb3Jk U2VjdGlvbjEKCXtwYWdlOldvcmRTZWN0aW9uMTt9Ci8qIExpc3QgRGVmaW5pdGlvbnMgKi8KQGxp c3QgbDAKCXttc28tbGlzdC1pZDo0NjUzOTM2MjI7Cgltc28tbGlzdC10eXBlOmh5YnJpZDsKCW1z by1saXN0LXRlbXBsYXRlLWlkczotMTY3NDU0MTI3NCA2NzY5ODcwMyA2NzY5ODcxMyA2NzY5ODcx NSA2NzY5ODcwMyA2NzY5ODcxMyA2NzY5ODcxNSA2NzY5ODcwMyA2NzY5ODcxMyA2NzY5ODcxNTt9 CkBsaXN0IGwwOmxldmVsMQoJe21zby1sZXZlbC10YWItc3RvcDpub25lOwoJbXNvLWxldmVsLW51 bWJlci1wb3NpdGlvbjpsZWZ0OwoJdGV4dC1pbmRlbnQ6LTE4LjBwdDt9CkBsaXN0IGwwOmxldmVs MgoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmFscGhhLWxvd2VyOwoJbXNvLWxldmVsLXRhYi1z dG9wOm5vbmU7Cgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7Cgl0ZXh0LWluZGVudDot MTguMHB0O30KQGxpc3QgbDA6bGV2ZWwzCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6cm9tYW4t bG93ZXI7Cgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsKCW1zby1sZXZlbC1udW1iZXItcG9zaXRp b246cmlnaHQ7Cgl0ZXh0LWluZGVudDotOS4wcHQ7fQpAbGlzdCBsMDpsZXZlbDQKCXttc28tbGV2 ZWwtdGFiLXN0b3A6bm9uZTsKCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsKCXRleHQt aW5kZW50Oi0xOC4wcHQ7fQpAbGlzdCBsMDpsZXZlbDUKCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1h dDphbHBoYS1sb3dlcjsKCW1zby1sZXZlbC10YWItc3RvcDpub25lOwoJbXNvLWxldmVsLW51bWJl ci1wb3NpdGlvbjpsZWZ0OwoJdGV4dC1pbmRlbnQ6LTE4LjBwdDt9CkBsaXN0IGwwOmxldmVsNgoJ e21zby1sZXZlbC1udW1iZXItZm9ybWF0OnJvbWFuLWxvd2VyOwoJbXNvLWxldmVsLXRhYi1zdG9w Om5vbmU7Cgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOnJpZ2h0OwoJdGV4dC1pbmRlbnQ6LTku MHB0O30KQGxpc3QgbDA6bGV2ZWw3Cgl7bXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7Cgltc28tbGV2 ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7Cgl0ZXh0LWluZGVudDotMTguMHB0O30KQGxpc3QgbDA6 bGV2ZWw4Cgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YWxwaGEtbG93ZXI7Cgltc28tbGV2ZWwt dGFiLXN0b3A6bm9uZTsKCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsKCXRleHQtaW5k ZW50Oi0xOC4wcHQ7fQpAbGlzdCBsMDpsZXZlbDkKCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpy b21hbi1sb3dlcjsKCW1zby1sZXZlbC10YWItc3RvcDpub25lOwoJbXNvLWxldmVsLW51bWJlci1w b3NpdGlvbjpyaWdodDsKCXRleHQtaW5kZW50Oi05LjBwdDt9Cm9sCgl7bWFyZ2luLWJvdHRvbTow Y207fQp1bAoJe21hcmdpbi1ib3R0b206MGNtO30KLS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28g OV0+PHhtbD4KPG86c2hhcGVkZWZhdWx0cyB2OmV4dD0iZWRpdCIgc3BpZG1heD0iMTAyNiIgLz4K PC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+CjxvOnNoYXBlbGF5b3V0 IHY6ZXh0PSJlZGl0Ij4KPG86aWRtYXAgdjpleHQ9ImVkaXQiIGRhdGE9IjEiIC8+CjwvbzpzaGFw ZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4KPC9oZWFkPgo8Ym9keSBsYW5nPSJFTi1VUyIgbGlu az0iIzA1NjNDMSIgdmxpbms9IiM5NTRGNzIiPgo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEiPgo8 cCBjbGFzcz0iTXNvTm9ybWFsIj5IZWxsbyE8bzpwPjwvbzpwPjwvcD4KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+CjxwIGNsYXNzPSJNc29Ob3JtYWwiPkkgYW0gY3Vy cmVudGx5IGhhdmluZyBwcm9ibGVtcyB0byB1bnNlYWwgYSBzZWNyZXQgZnJvbSB0aGUgdHBtLgo8 bzpwPjwvbzpwPjwvcD4KPHAgY2xhc3M9Ik1zb05vcm1hbCI+SSBob3BlIHRoYXQgeW91IGNhbiBk ZXRlY3QgdGhlIGlzc3VlIGluIG15IGluc3RydWN0aW9ucyBiZWxvdwo8c3BhbiBzdHlsZT0iZm9u dC1mYW1pbHk6V2luZ2RpbmdzIj5KPC9zcGFuPjxvOnA+PC9vOnA+PC9wPgo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4KPHAgY2xhc3M9Ik1zb05vcm1hbCI+VGhlIHZl cnNpb25zIHRoYXQgSSBhbSB1c2luZyBhcmUgdGhlIGZvbGxvd2luZzo8bzpwPjwvbzpwPjwvcD4K PHAgY2xhc3M9Ik1zb0xpc3RQYXJhZ3JhcGgiIHN0eWxlPSJ0ZXh0LWluZGVudDotMTguMHB0O21z by1saXN0OmwwIGxldmVsMSBsZm8yIj48IVtpZiAhc3VwcG9ydExpc3RzXT48c3BhbiBzdHlsZT0i bXNvLWxpc3Q6SWdub3JlIj4xLjxzcGFuIHN0eWxlPSJmb250OjcuMHB0ICZxdW90O1RpbWVzIE5l dyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Cjwvc3Bh bj48L3NwYW4+PCFbZW5kaWZdPlRwbTItdHNzIDIuMC4wPG86cD48L286cD48L3A+CjxwIGNsYXNz PSJNc29MaXN0UGFyYWdyYXBoIiBzdHlsZT0idGV4dC1pbmRlbnQ6LTE4LjBwdDttc28tbGlzdDps MCBsZXZlbDEgbGZvMiI+PCFbaWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5bGU9Im1zby1saXN0 Oklnbm9yZSI+Mi48c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAmcXVvdDtUaW1lcyBOZXcgUm9tYW4m cXVvdDsiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOwo8L3NwYW4+PC9zcGFu PjwhW2VuZGlmXT5UcG0yLWFicm1kIDIuMC4wPG86cD48L286cD48L3A+CjxwIGNsYXNzPSJNc29M aXN0UGFyYWdyYXBoIiBzdHlsZT0idGV4dC1pbmRlbnQ6LTE4LjBwdDttc28tbGlzdDpsMCBsZXZl bDEgbGZvMiI+PCFbaWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5bGU9Im1zby1saXN0Oklnbm9y ZSI+My48c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAmcXVvdDtUaW1lcyBOZXcgUm9tYW4mcXVvdDsi PiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOwo8L3NwYW4+PC9zcGFuPjwhW2Vu ZGlmXT5UcG0yLXRvb2xzIDMuMS4wPG86cD48L286cD48L3A+CjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxvOnA+Jm5ic3A7PC9vOnA+PC9wPgo8cCBjbGFzcz0iTXNvTm9ybWFsIj5UaGUgcGxhdGZvcm0g SSBhbSB1c2luZyBpcyBhIENvbXB1bGFiIEZpdGxldDIgZGV2aWNlIChJbnRlbCBBdG9tJm5ic3A7 IHg1LUUzOTUwIEFwb2xsbyBMYWtlKSwgd2l0aCBGZWRvcmEgMjggYW5kIExpbnV4IGtlcm5lbCA0 LjE5LnguPG86cD48L286cD48L3A+CjxwIGNsYXNzPSJNc29Ob3JtYWwiPkluIHRoaXMgY2FzZSwg dGhlIGRldmljZSBzdXBwb3J0IGZpcm13YXJlIHRwbSwgYW5kIGl0IGlzIGVuYWJsZWQgaW4gdGhl IEJJT1MgKGZUUE0pPG86cD48L286cD48L3A+CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5i c3A7PC9vOnA+PC9wPgo8cCBjbGFzcz0iTXNvTm9ybWFsIj5TbywgYWZ0ZXIgaW5zdGFsbGluZyB0 aGUgdHBtMiBzdGFjayBmcm9tIGdpdGh1YiByZWxlYXNlcywgSSBhbSBzZWFsaW5nIGEgc2VjcmV0 IHdpdGggdGhlIGZvbGxvd2luZyBjb21tYW5kczo8bzpwPjwvbzpwPjwvcD4KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+CjxwIGNsYXNzPSJNc29Ob3JtYWwiPiMgQ3Jl YXRlIGEgcmFuZG9tIHNlY3JldCB0byBiZSBzYXZlZCBpbiB0aGUgVFBNPG86cD48L286cD48L3A+ CjxwIGNsYXNzPSJNc29Ob3JtYWwiPnRwbTJfZ2V0cmFuZG9tIDMyIC0tb3V0cHV0IGtleS5iaW48 bzpwPjwvbzpwPjwvcD4KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+ CjxwIGNsYXNzPSJNc29Ob3JtYWwiPiMgSSB1c2UgYSBwY3IgcG9saWN5IG9uIHNoYTEgYmFua3Mg MCBhbmQgMSwgdGhpcyBnZXRzIHRoZSBwY3Igc3RhdGU8bzpwPjwvbzpwPjwvcD4KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+dHBtMl9wY3JsaXN0IC0tc2VsLWxpc3Qgc2hhMTowLDEgLS1vdXRwdXQgcGNy X3N0YXRlLmJpbjxvOnA+PC9vOnA+PC9wPgo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNw OzwvbzpwPjwvcD4KPHAgY2xhc3M9Ik1zb05vcm1hbCI+IyBDcmVhdGUgYSBwb2xpY3kgd2l0aCB0 aG9zZSBQQ1I8bzpwPjwvbzpwPjwvcD4KPHAgY2xhc3M9Ik1zb05vcm1hbCI+dHBtMl9jcmVhdGVw b2xpY3kgLS1wb2xpY3ktcGNyIC0tc2V0LWxpc3Qgc2hhMTowLDEgXDxvOnA+PC9vOnA+PC9wPgo8 cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsgLS1wY3ItaW5wdXQtZmlsZSBwY3Jfc3RhdGUuYmluPG86cD48L286cD48L3A+Cjxw IGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyAmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDstLXBvbGljeS1maWxlIHBvbGljeS5iaW48bzpwPjwvbzpwPjwvcD4KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+CjxwIGNsYXNzPSJNc29Ob3JtYWwiPiMg Q3JlYXRlIGEgcHJpbWFyeSBvYmplY3Qgd2l0aCBlbmRvcnNlbWVudCBoaWVyYXJjaHk8bzpwPjwv bzpwPjwvcD4KPHAgY2xhc3M9Ik1zb05vcm1hbCI+dHBtMl9jcmVhdGVwcmltYXJ5IC0taGllcmFy Y2h5IGUgLS1oYWxnIHNoYTEgLS1rYWxnIHJzYSAtLWNvbnRleHQgcHJpbWFyeS5jb250ZXh0PG86 cD48L286cD48L3A+CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPgo8 cCBjbGFzcz0iTXNvTm9ybWFsIj4jIENyZWF0ZSBhbiBvYmplY3QgdG8gYmUgbG9hZGVkIGluIHRo ZSBUUE08bzpwPjwvbzpwPjwvcD4KPHAgY2xhc3M9Ik1zb05vcm1hbCI+dHBtMl9jcmVhdGUgLS1o YWxnIHNoYTI1NiAtLWthbGcga2V5ZWRoYXNoIC0tcHViZmlsZSBrZXkucHViIC0tcHJpdmZpbGUg a2V5LnByaXYgXDxvOnA+PC9vOnA+PC9wPgo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsg LS1jb250ZXh0LXBhcmVudCBwcmltYXJ5LmNvbnRleHQgLS1wb2xpY3ktZmlsZSBwb2xpY3kuYmlu IFw8bzpwPjwvbzpwPjwvcD4KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7ICZuYnNwOyAmbmJz cDsgJm5ic3A7ICZuYnNwOyZuYnNwOyAtLW9iamVjdC1hdHRyaWJ1dGVzICZxdW90O2ZpeGVkdHBt fGZpeGVkcGFyZW50fG5vZGF8YWRtaW53aXRocG9saWN5JnF1b3Q7IC0taW4tZmlsZSBrZXkuYmlu PG86cD48L286cD48L3A+CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9w Pgo8cCBjbGFzcz0iTXNvTm9ybWFsIj4jIExvYWQgdGhlIG9iamVjdCBpbiB0aGUgVFBNPG86cD48 L286cD48L3A+CjxwIGNsYXNzPSJNc29Ob3JtYWwiPnRwbTJfbG9hZCAtLWNvbnRleHQtcGFyZW50 IHByaW1hcnkuY29udGV4dCAtLXB1YmZpbGUga2V5LnB1YiAtLXByaXZmaWxlIGtleS5wcml2IFw8 bzpwPjwvbzpwPjwvcD4KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IC0tY29udGV4dCBsb2FkLmNvbnRleHQ8 bzpwPjwvbzpwPjwvcD4KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+ CjxwIGNsYXNzPSJNc29Ob3JtYWwiPiMgUGVyc2lzdCB0aGUgb2JqZWN0IGluIHRoZSBUUE08bzpw PjwvbzpwPjwvcD4KPHAgY2xhc3M9Ik1zb05vcm1hbCI+dHBtMl9ldmljdGNvbnRyb2wgLS1hdXRo IG8gLS1jb250ZXh0IGxvYWQuY29udGV4dCAtLXBlcnNpc3RlbnQgMHg4MTAxMDAwMjxvOnA+PC9v OnA+PC9wPgo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4KPHAgY2xh c3M9Ik1zb05vcm1hbCI+IyBDaGVjayBpZiB0aGUgb2JqZWN0IGlzIHBlcnNpc3RlZCwgbG9va3Mg Z29vZDxvOnA+PC9vOnA+PC9wPgo8cCBjbGFzcz0iTXNvTm9ybWFsIj50cG0yX2xpc3RwZXJzaXN0 ZW50PG86cD48L286cD48L3A+CjxwIGNsYXNzPSJNc29Ob3JtYWwiPnBlcnNpc3RlbnQtaGFuZGxl WzBdOjB4ODEwMTAwMDIga2V5LWFsZzprZXllZGhhc2ggaGFzaC1hbGc6c2hhMjU2IG9iamVjdC1h dHRyOmZpeGVkdHBtfGZpeGVkcGFyZW50fG5vZGF8YWRtaW53aXRocG9saWN5PG86cD48L286cD48 L3A+CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPgo8cCBjbGFzcz0i TXNvTm9ybWFsIj4jIFVuc2VhbCB0aGUgb2JqZWN0LCB3b3JrcyE8bzpwPjwvbzpwPjwvcD4KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+dHBtMl91bnNlYWwgLS1pdGVtIDB4ODEwMTAwMDIgLS1zZXQtbGlz dCBzaGExOjAsMSAmZ3Q7IGNvbXBhcmVfa2V5LmJpbjxvOnA+PC9vOnA+PC9wPgo8cCBjbGFzcz0i TXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4KPHAgY2xhc3M9Ik1zb05vcm1hbCI+IyBD b21wYXJlIG9yaWdpbmFsIGFuZCB1bnNlYWxlZCBvYmplY3RzLCB0aGUgbWF0Y2ggPHNwYW4gc3R5 bGU9ImZvbnQtZmFtaWx5OldpbmdkaW5ncyI+Cko8L3NwYW4+PG86cD48L286cD48L3A+CjxwIGNs YXNzPSJNc29Ob3JtYWwiPmRpZmYgY29tcGFyZV9rZXkuYmluIGtleS5iaW48bzpwPjwvbzpwPjwv cD4KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+CjxwIGNsYXNzPSJN c29Ob3JtYWwiPiMjIyMjIyMjIyMjIyMjPG86cD48L286cD48L3A+CjxwIGNsYXNzPSJNc29Ob3Jt YWwiPiMgQWZ0ZXIgdGhpcyBpbml0aWFsIHNldHVwLCBJIHJlYm9vdCB0aGUgZGV2aWNlLCBhbmQg dHJ5IHRvIHVuc2VhbCB0aGUgc2VjcmV0IGFnYWluPG86cD48L286cD48L3A+CjxwIGNsYXNzPSJN c29Ob3JtYWwiPiMjIyMjIyMjIyMjIyMjPG86cD48L286cD48L3A+CjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPgo8cCBjbGFzcz0iTXNvTm9ybWFsIj4jIEFmdGVyIHJl Ym9vdCwgb3BlbiBhIHRlcm1pbmFsIGFuIGRvPG86cD48L286cD48L3A+CjxwIGNsYXNzPSJNc29O b3JtYWwiPnRwbTJfdW5zZWFsIC0taXRlbSAweDgxMDEwMDAyIC0tc2V0LWxpc3Qgc2hhMTowLDEg Jmd0OyBjb21wYXJlX2Rpc2tfa2V5LmJpbjxvOnA+PC9vOnA+PC9wPgo8cCBjbGFzcz0iTXNvTm9y bWFsIj5FUlJPUjogU3lzX1Vuc2VhbCBmYWlsZWQuIEVycm9yIENvZGU6IDB4OTlkPG86cD48L286 cD48L3A+CjxwIGNsYXNzPSJNc29Ob3JtYWwiPkVSUk9SOiBVbnNlYWwgZmFpbGVkITxvOnA+PC9v OnA+PC9wPgo8cCBjbGFzcz0iTXNvTm9ybWFsIj5FUlJPUjogVW5hYmxlIHRvIHJ1biB0cG0yX3Vu c2VhbDxvOnA+PC9vOnA+PC9wPgo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpw PjwvcD4KPHAgY2xhc3M9Ik1zb05vcm1hbCI+IyBVc2UgdHBtMl9yY19kZWNvZGUgdG8gZGVjb2Rl IHRoZSBlcnJvciBtZXNzYWdlIDB4OTlkLCBpdCBpcyBhIHBvbGljeSBjaGVjayBlcnJvciE8bzpw PjwvbzpwPjwvcD4KPHAgY2xhc3M9Ik1zb05vcm1hbCI+dHBtMl9yY19kZWNvZGUgMHg5OWQ8bzpw PjwvbzpwPjwvcD4KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ZXJyb3IgbGF5ZXI8bzpwPjwvbzpwPjwv cD4KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7IGhleDogMHgwPG86cD48 L286cD48L3A+CjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOyZuYnNwOyZuYnNwOyBpZGVudGlm aWVyOiBUU1MyX1RQTV9SQ19MQVlFUjxvOnA+PC9vOnA+PC9wPgo8cCBjbGFzcz0iTXNvTm9ybWFs Ij4mbmJzcDsmbmJzcDsmbmJzcDsgZGVzY3JpcHRpb246IEVycm9yIHByb2R1Y2VkIGJ5IHRoZSBU UE08bzpwPjwvbzpwPjwvcD4KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Zm9ybWF0IDEgZXJyb3IgY29k ZTxvOnA+PC9vOnA+PC9wPgo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDsmbmJzcDsmbmJzcDsg aGV4OiAweDFkPG86cD48L286cD48L3A+CjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOyZuYnNw OyZuYnNwOyBpZGVudGlmaWVyOiBUUE0yX1JDX1BPTElDWV9GQUlMPG86cD48L286cD48L3A+Cjxw IGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOyZuYnNwOyZuYnNwOyBkZXNjcmlwdGlvbjogYSBwb2xp Y3kgY2hlY2sgZmFpbGVkPG86cD48L286cD48L3A+CjxwIGNsYXNzPSJNc29Ob3JtYWwiPnNlc3Np b248bzpwPjwvbzpwPjwvcD4KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7 IGhleDogMHgxMDA8bzpwPjwvbzpwPjwvcD4KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7Jm5i c3A7Jm5ic3A7IGlkZW50aWZpZXI6IFRQTTJfUkNfMTxvOnA+PC9vOnA+PC9wPgo8cCBjbGFzcz0i TXNvTm9ybWFsIj4mbmJzcDsmbmJzcDsmbmJzcDsgZGVzY3JpcHRpb246IChudWxsKTxvOnA+PC9v OnA+PC9wPgo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4KPHAgY2xh c3M9Ik1zb05vcm1hbCI+IyMjIyMjIyMjIyMjIyMjPG86cD48L286cD48L3A+CjxwIGNsYXNzPSJN c29Ob3JtYWwiPiMgSSBjaGVja2VkIHRoZSBQQ1IgMCwxLCBhbmQgdGhleSBoYXZlIHRoZSBzYW1l IHZhbHVlcyBhcyBhdCB0aGUgbW9tZW50IHRvIHNlYWwgdGhlIG9iamVjdC48bzpwPjwvbzpwPjwv cD4KPHAgY2xhc3M9Ik1zb05vcm1hbCI+IyBTbyBJIGRvbiYjODIxNzt0IHVuZGVyc3RhbmQgd2h5 IEkgYW0gaGF2aW5nIGEgJiM4MjIwO1RQTTJfUkNfUE9MSUNZX0ZBSUwmIzgyMjE7IGVycm9yLjxv OnA+PC9vOnA+PC9wPgo8cCBjbGFzcz0iTXNvTm9ybWFsIj4jIEkgdHJpZWQgdGhlIHNhbWUgcHJv Y2VzcyBzZXZlcmFsIHRpbWVzLCBhbmQgZWFjaCB0aW1lIEkgZW5kIHVwIGluIHRoZSBzYW1lIGVy cm9yIHN0YXRlLjxvOnA+PC9vOnA+PC9wPgo8cCBjbGFzcz0iTXNvTm9ybWFsIj4jIyMjIyMjIyMj IyMjIyM8bzpwPjwvbzpwPjwvcD4KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286 cD48L3A+CjxwIGNsYXNzPSJNc29Ob3JtYWwiPklzIHRoZXJlIHNvbWV0aGluZyBJIGFtIG1pc3Np bmcgaGVyZT8gPG86cD48L286cD48L3A+CjxwIGNsYXNzPSJNc29Ob3JtYWwiPklzIHNvbWV0aGlu ZyBhZGRpdGlvbmFsIEkgbmVlZCB0byBkbyB0byBzYXRpc2Z5IHRoZSBwb2xpY3kgdG8gdW5zZWFs IHRoZSBkYXRhPwo8bzpwPjwvbzpwPjwvcD4KPHAgY2xhc3M9Ik1zb05vcm1hbCI+QW55IGhlbHAg aXMgYXBwcmVjaWF0ZWQhPG86cD48L286cD48L3A+CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+ Jm5ic3A7PC9vOnA+PC9wPgo8cCBjbGFzcz0iTXNvTm9ybWFsIj5UaGFuayB5b3UgaW4gYWR2YW5j ZS48bzpwPjwvbzpwPjwvcD4KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48 L3A+CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPgo8cCBjbGFzcz0i TXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4KPC9kaXY+CjwvYm9keT4KPC9odG1sPgo= --===============1429876318108497068==--