Merge "Debian: efitools: add initial version"

This commit is contained in:
Zuul 2022-10-17 17:50:46 +00:00 committed by Gerrit Code Review
commit 9ad77012d2
19 changed files with 578 additions and 0 deletions

@ -0,0 +1,33 @@
From 7092736065bf9a0ce96b2ac1d4168bbaa13a16f5 Mon Sep 17 00:00:00 2001
From: Li Zhou <li.zhou@windriver.com>
Date: Fri, 19 Aug 2022 10:08:12 +0800
Subject: [PATCH 1/2] efitools: prepare keys
Copy uefi keys (example keys) to the proper path for building.
Replace the DB.crt (example key) with tis-boot.crt (public key
in use for verifying signed shim image).
Signed-off-by: Li Zhou <li.zhou@windriver.com>
---
debian/rules | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/debian/rules b/debian/rules
index 89115b3..c20cd9a 100755
--- a/debian/rules
+++ b/debian/rules
@@ -4,6 +4,11 @@
# Uncomment this to turn on verbose mode.
export DH_VERBOSE=1
+override_dh_auto_build:
+ cp uefi_sb_keys/* ./
+ mv tis-boot.crt DB.crt
+ dh_auto_build
+
override_dh_auto_install:
dh_auto_install -- EFIDIR="debian/efitools/usr/lib/efitools/${DEB_TARGET_MULTIARCH}"
--
2.17.1

@ -0,0 +1,41 @@
From f97a150fbf94be75381d90396ac7be5b2edf95d2 Mon Sep 17 00:00:00 2001
From: Li Zhou <li.zhou@windriver.com>
Date: Tue, 23 Aug 2022 14:51:09 +0800
Subject: [PATCH 2/2] efitools: append Microsoft KEK/DB to built-in certs
While BIOS of Dell PowerEdge host enables EFI secure feature,
it uses Microsoft KEK and DB to verify NICs and disks. If one removes
the existing Microsoft certs and uses LockDown.efi to insert self
defined certs, the NICs and disks are missing. So append one Microsoft
KEK and one Microsoft DB to built-in certs for LockDown.efi.
Reference:
https://www.rodsbooks.com/efi-bootloaders/controlling-sb.html#multiple
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
[lz: Porting the patch from yocto to debian rules]
Signed-off-by: Li Zhou <li.zhou@windriver.com>
---
debian/rules | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/debian/rules b/debian/rules
index c20cd9a..78bca19 100755
--- a/debian/rules
+++ b/debian/rules
@@ -8,6 +8,13 @@ override_dh_auto_build:
cp uefi_sb_keys/* ./
mv tis-boot.crt DB.crt
dh_auto_build
+ cp -f DB.esl DB-orig.esl
+ cat DB-orig.esl ms-uefi.esl > DB.esl
+ cp -f KEK.esl KEK-orig.esl
+ cat KEK-orig.esl ms-kek.esl > KEK.esl
+ rm DB-orig.esl KEK-orig.esl
+ rm LockDown*efi LockDown.so LockDown.o
+ dh_auto_build
override_dh_auto_install:
dh_auto_install -- EFIDIR="debian/efitools/usr/lib/efitools/${DEB_TARGET_MULTIARCH}"
--
2.17.1

@ -0,0 +1,2 @@
0001-efitools-prepare-keys.patch
0002-efitools-append-Microsoft-KEK-DB-to-built-in-certs.patch

@ -0,0 +1,14 @@
---
debver: 1.9.2-1
debname: efitools
dl_path:
name: efitools-debian-1.9.2-1.tar.gz
url: "https://salsa.debian.org/efi-team/efitools/-/archive/debian/\
1.9.2-1/efitools-debian-1.9.2-1.tar.gz"
md5sum: e81aa4822cfcbca81074c9cb07951e75
sha256sum: 69f02c5b588b666075ed4d390655cf3bfe7f7e2daae643423cd052e081e1368a
src_files:
- debian/uefi_sb_keys
revision:
dist: $STX_DIST
PKG_GITREVCOUNT: true

@ -0,0 +1,46 @@
From 54d6a97ca89dea6b93a6a2a9290cd2d6b0122b2e Mon Sep 17 00:00:00 2001
From: Lans Zhang <jia.zhang@windriver.com>
Date: Fri, 25 Mar 2016 10:52:34 +0800
Subject: [PATCH 1/5] LockDown: add system warm reset
Upstream-Status: Pending
Run system warm reset after the key provision success.
In addition, BIOS would stop at its setup screen. The end user can thus
enable UEFI secure boot immediately.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
[lz: Adapt git log and do some minor wording cleanups.]
Signed-off-by: Li Zhou <li.zhou@windriver.com>
---
LockDown.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/LockDown.c b/LockDown.c
index 29df9de..3a2b476 100644
--- a/LockDown.c
+++ b/LockDown.c
@@ -99,5 +99,20 @@ efi_main (EFI_HANDLE image, EFI_SYSTEM_TABLE *systab)
}
Print(L"Platform %s set to boot securely\n", SecureBoot ? L"is" : L"is not");
+ /* Reset system to go back to the real UEFI secure boot flow.
+ * If SecureBoot is still false, the user needs to turn on
+ * UEFI secure boot in BIOS setup.
+ */
+ Print(L"Prepare to execute system warm reset after 3 seconds ...\n");
+ if (!SecureBoot)
+ Print(L"After warm reset, enter BIOS setup to enable UEFI Secure Boot.\n");
+
+ BS->Stall(3000000);
+
+ if (!SecureBoot)
+ SETOSIndicationsAndReboot(EFI_OS_INDICATIONS_BOOT_TO_FW_UI);
+ else
+ RT->ResetSystem(EfiResetWarm, EFI_SUCCESS, 0, NULL);
+
return EFI_SUCCESS;
}
--
2.17.1

@ -0,0 +1,95 @@
From f7d36914894dda2c30e73e257d25339021e4e344 Mon Sep 17 00:00:00 2001
From: Lans Zhang <jia.zhang@windriver.com>
Date: Tue, 17 Jan 2017 12:48:27 +0800
Subject: [PATCH 2/5] LockDown: show the error message with 3-sec timeout
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
Signed-off-by: Li Zhou <li.zhou@windriver.com>
---
LockDown.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/LockDown.c b/LockDown.c
index 3a2b476..090d48f 100644
--- a/LockDown.c
+++ b/LockDown.c
@@ -26,12 +26,12 @@ efi_main (EFI_HANDLE image, EFI_SYSTEM_TABLE *systab)
if (efi_status != EFI_SUCCESS) {
Print(L"No SetupMode variable ... is platform secure boot enabled?\n");
- return EFI_SUCCESS;
+ goto out;
}
if (!SetupMode) {
Print(L"Platform is not in Setup Mode, cannot install Keys\n");
- return EFI_SUCCESS;
+ goto out;
}
Print(L"Platform is in Setup Mode\n");
@@ -44,7 +44,7 @@ efi_main (EFI_HANDLE image, EFI_SYSTEM_TABLE *systab)
KEK_auth_len, KEK_auth);
if (efi_status != EFI_SUCCESS) {
Print(L"Failed to enroll KEK: %d\n", efi_status);
- return efi_status;
+ goto out;
}
Print(L"Created KEK Cert\n");
efi_status = RT->SetVariable(L"db", &SIG_DB,
@@ -55,7 +55,7 @@ efi_main (EFI_HANDLE image, EFI_SYSTEM_TABLE *systab)
DB_auth_len, DB_auth);
if (efi_status != EFI_SUCCESS) {
Print(L"Failed to enroll db: %d\n", efi_status);
- return efi_status;
+ goto out;
}
Print(L"Created db Cert\n");
#if 0
@@ -64,7 +64,7 @@ efi_main (EFI_HANDLE image, EFI_SYSTEM_TABLE *systab)
efi_status = SetSecureVariable(L"dbx", DB_cer, DB_cer_len, SIG_DB, 0);
if (efi_status != EFI_SUCCESS) {
Print(L"Failed to enroll dbx: %d\n", efi_status);
- return efi_status;
+ goto out;
}
#endif
/* PK must be updated with a signed copy of itself */
@@ -78,14 +78,14 @@ efi_main (EFI_HANDLE image, EFI_SYSTEM_TABLE *systab)
if (efi_status != EFI_SUCCESS) {
Print(L"Failed to enroll PK: %d\n", efi_status);
- return efi_status;
+ goto out;
}
Print(L"Created PK Cert\n");
/* enrolling the PK should put us in SetupMode; check this */
efi_status = RT->GetVariable(L"SetupMode", &GV_GUID, NULL, &DataSize, &SetupMode);
if (efi_status != EFI_SUCCESS) {
Print(L"Failed to get SetupMode variable: %d\n", efi_status);
- return efi_status;
+ goto out;
}
Print(L"Platform is in %s Mode\n", SetupMode ? L"Setup" : L"User");
@@ -95,7 +95,7 @@ efi_main (EFI_HANDLE image, EFI_SYSTEM_TABLE *systab)
if (efi_status != EFI_SUCCESS) {
Print(L"Failed to get SecureBoot variable: %d\n", efi_status);
- return efi_status;
+ goto out;
}
Print(L"Platform %s set to boot securely\n", SecureBoot ? L"is" : L"is not");
@@ -115,4 +115,8 @@ efi_main (EFI_HANDLE image, EFI_SYSTEM_TABLE *systab)
RT->ResetSystem(EfiResetWarm, EFI_SUCCESS, 0, NULL);
return EFI_SUCCESS;
+
+out:
+ BS->Stall(3000000);
+ return efi_status;
}
--
2.17.1

@ -0,0 +1,33 @@
From 35157f9762530271cabc78e645f02dc34b0c025c Mon Sep 17 00:00:00 2001
From: Yunguo Wei <yunguo.wei@windriver.com>
Date: Tue, 17 Jan 2017 17:24:51 +0800
Subject: [PATCH 3/5] Makefile: do not build signed efi image
Signed-off-by: Yunguo Wei <yunguo.wei@windriver.com>
---
Makefile | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/Makefile b/Makefile
index fc061a6..8e7a926 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,4 @@
-EFIFILES = HelloWorld.efi LockDown.efi Loader.efi ReadVars.efi UpdateVars.efi \
- KeyTool.efi HashTool.efi SetNull.efi ShimReplace.efi
+EFIFILES = LockDown.efi
BINARIES = cert-to-efi-sig-list sig-list-to-certs sign-efi-sig-list \
hash-to-efi-sig-list efi-readvar efi-updatevar cert-to-efi-hash-list \
flash-var
@@ -30,7 +29,7 @@ include Make.rules
EFISIGNED = $(patsubst %.efi,%-signed.efi,$(EFIFILES))
-all: $(EFISIGNED) $(BINARIES) $(MANPAGES) noPK.auth $(KEYAUTH) \
+all: $(EFIFILES) $(BINARIES) $(MANPAGES) noPK.auth $(KEYAUTH) \
$(KEYUPDATEAUTH) $(KEYBLACKLISTAUTH) $(KEYHASHBLACKLISTAUTH)
--
2.17.1

@ -0,0 +1,49 @@
From d3d22b8a9e415d343e58a2502cb4865e65ad21e1 Mon Sep 17 00:00:00 2001
From: Lans Zhang <jia.zhang@windriver.com>
Date: Wed, 15 Feb 2017 14:52:07 +0800
Subject: [PATCH 4/5] LockDown: disable the entrance into BIOS setup
Disable the entrance into BIOS setup to re-enable secure boot.
In most cases, this step is not necessary.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
[lz: Adapt git log and do some minor wording cleanups.]
Signed-off-by: Li Zhou <li.zhou@windriver.com>
---
LockDown.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/LockDown.c b/LockDown.c
index 090d48f..c8b89bd 100644
--- a/LockDown.c
+++ b/LockDown.c
@@ -19,6 +19,11 @@ efi_main (EFI_HANDLE image, EFI_SYSTEM_TABLE *systab)
EFI_STATUS efi_status;
UINT8 SecureBoot, SetupMode;
UINTN DataSize = sizeof(SetupMode);
+ /* This controls whether it is required to enter BIOS setup in
+ * order to re-enable UEFI secure boot. This operation is unnecessary
+ * in most cases.
+ */
+ UINTN NeedSetAttempt = 0;
InitializeLib(image, systab);
@@ -104,12 +109,12 @@ efi_main (EFI_HANDLE image, EFI_SYSTEM_TABLE *systab)
* UEFI secure boot in BIOS setup.
*/
Print(L"Prepare to execute system warm reset after 3 seconds ...\n");
- if (!SecureBoot)
+ if (NeedSetAttempt && !SecureBoot)
Print(L"After warm reset, enter BIOS setup to enable UEFI Secure Boot.\n");
BS->Stall(3000000);
- if (!SecureBoot)
+ if (NeedSetAttempt && !SecureBoot)
SETOSIndicationsAndReboot(EFI_OS_INDICATIONS_BOOT_TO_FW_UI);
else
RT->ResetSystem(EfiResetWarm, EFI_SUCCESS, 0, NULL);
--
2.17.1

@ -0,0 +1,30 @@
From 7946f6515c1607337f6c45e1deffc7603b462f99 Mon Sep 17 00:00:00 2001
From: Li Zhou <li.zhou@windriver.com>
Date: Fri, 19 Aug 2022 15:55:33 +0800
Subject: [PATCH 5/5] do not remove ms-uefi.esl ms-kek.esl
Keep them for Microsoft Cert appending
Upstream-Status: Inappropriate [OE specific]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Li Zhou <li.zhou@windriver.com>
---
Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/Makefile b/Makefile
index 8e7a926..e390c30 100644
--- a/Makefile
+++ b/Makefile
@@ -53,6 +53,7 @@ lib/asn1/libasn1.a lib/asn1/libasn1-efi.a: FORCE
.SUFFIXES: .crt
.KEEP: PK.crt KEK.crt DB.crt PK.key KEK.key DB.key PK.esl DB.esl KEK.esl \
+ ms-uefi.esl ms-kek.esl \
$(EFIFILES)
LockDown.o: PK.h KEK.h DB.h
--
2.17.1

@ -0,0 +1,5 @@
0001-LockDown-add-system-warm-reset.patch
0002-LockDown-show-the-error-message-with-3-sec-timeout.patch
0003-Makefile-do-not-build-signed-efi-image.patch
0004-LockDown-disable-the-entrance-into-BIOS-setup.patch
0005-do-not-remove-ms-uefi.esl-ms-kek.esl.patch

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDBTCCAe2gAwIBAgIJAI0bLNOM0aWNMA0GCSqGSIb3DQEBCwUAMBkxFzAVBgNV
BAMMDkRCIENlcnRpZmljYXRlMB4XDTE3MDgxNDA3MDYwM1oXDTI3MDgxMjA3MDYw
M1owGTEXMBUGA1UEAwwOREIgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+g3ENj4IetsbFa7JjBCENIxhrL4OilIyk/nknlsSQL0lG
MgR7JZrpG7gdm0+vSNARloniDcveCl49PgzXKpu0LEovnDHn8lPaQN46jCBOw28D
n2S71XARTWSLDpYWwr9FsxLeT/yyGVi5fnPpneKzf6aZ56WLzS/tggQ2UhwzNXqU
KVAcmPdn0RADbDJRWiB4PrqX0bWNrHyuPka1trX9lYWTgk/WTlhy7+8lcRdqikD6
2madBvnMNiRYoAfw3s2R8bLcom+YBDXfqfc47NgAeh6Q/zWUhNWlddGz1pShhHUn
yEqCsOqGOelWxtliUmk8TBRrnBJYQN03BW204etZAgMBAAGjUDBOMB0GA1UdDgQW
BBR7zQZjndyd5y4J+1Otdy3Ez8WsBzAfBgNVHSMEGDAWgBR7zQZjndyd5y4J+1Ot
dy3Ez8WsBzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBmEwENJJI/
PZsB22GoSEAuJGWQ0RUregnrSYi5NiewC+bknwmo1cdPrfl9zFoMaKS23xWIvZuw
56DewI9qO6c/blWrxIixjWI2fCPuMTHd0vWsbU5m5eIZ7i3v2LWz3r95n8o4IIg3
OF1V4ddSp/2/xndeJKqib8j/YLnjKKT+fahCJtbb6+uP3oZS/Ao+q5RDVQy9UiDr
nBCTWPdE+hQbo0xYF5PQeArUVFbagm1qK3rfpehO8FYaInacZC/Jw9TehcwttFRJ
FGePC/VEDDC6tb9IZNHoHbrRc3wrQb6lm1Mxzq3sqAKrOu2VT2ToHAEbK1xV+3pt
6dbvq/7f66dx
-----END CERTIFICATE-----

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+g3ENj4IetsbF
a7JjBCENIxhrL4OilIyk/nknlsSQL0lGMgR7JZrpG7gdm0+vSNARloniDcveCl49
PgzXKpu0LEovnDHn8lPaQN46jCBOw28Dn2S71XARTWSLDpYWwr9FsxLeT/yyGVi5
fnPpneKzf6aZ56WLzS/tggQ2UhwzNXqUKVAcmPdn0RADbDJRWiB4PrqX0bWNrHyu
Pka1trX9lYWTgk/WTlhy7+8lcRdqikD62madBvnMNiRYoAfw3s2R8bLcom+YBDXf
qfc47NgAeh6Q/zWUhNWlddGz1pShhHUnyEqCsOqGOelWxtliUmk8TBRrnBJYQN03
BW204etZAgMBAAECggEAXBJ4O76Ee0WIUPcYkmP3eTrh3UNsUdGLG15kvS5PNwOz
XPplUgK9mDUuSRi7bRI6hJWFc7uJMHlATEbFu+M6ttvEyrepItjpj4xUGmWIY6ht
6YlKDME9VQ9bLR1SihN6jzvZPZnYnVZEm/kyGdCVNHzXzn+2cRcsN5PjZ0FNoa07
skI72YHxX8tk+xmCTrfmugzGt43jygmxOVZkt6JGgSWK6Degp/fXmpf8z7e5DxVV
sj/Zhm1SmadAGKJzcv96+qnkcyUhqBb/VdyFyvb9WU29bD+HLEWycTWHXGINRvCm
fkbLjgceIqLCt3/Le/OfVWmQxB27EyJizgaWpPe0AQKBgQDvjbiuUA0iZJxDi1s3
mxij/4vl6TwMnWcq6/Oour8+xVBRhYOq/Y61duRIRLXLUBj0Q7P0SB7xn+SVq2lL
TJWU10PjyjaM4FdtnMH8OSACP4S021L7KiDEhrh4oia+bkaUJKRoOqWx2DP2xM4T
1C8su3mU5BrfnNdyf8MEJd2XgQKBgQDLl9Bm3OIAZuo9FG2gd8q1enkAcD8qUTWj
E+NrCRhYNikPLw5n8IP1T3Hs/RjjL0jOwngwDVo26jp5uClLe1cVW852LeXF0gbo
aC8qqppv/dP0BOQCxtD/kMDBEYvOqL8+1eptFdI84GtGsyeeWT6Je0dGJ09JX10N
DSqH66P/2QKBgQDIrDvtKfoWuZl9q5u6NR6rI0OaUYuQNbta5VW0HtxeRQRHhkUK
VGXb9cC+GXEA5BRDawOwu0nQt1TRXEpUXc9gZAPnKloQIU6b8BlApMn/mB4fMyuM
Y3oXp5OY2p0CIXbWWuuutJJhLPA65BqN2c2690GeTIeGkuiYbhZ7vwymAQKBgQCH
dq3to06k4dU9atg+izZPZfwY9Jayu3Iq3dLVpymRmAfd2HuHYRsMIB43h3gFwbJ6
EB8UKe4618KstoKTfK/GwF0xePyHkWWTQa8Qfo9fsM5UcOSdjFgHk/MNA3W4vcLy
NjdS+c/3PYNjeVUFIXBg3avg28r/kPpC8t23rmxikQKBgFT1y2xdxa7il4pB8H+K
KuDTkQddjhnZif8SyNuirvk9WCTnQnLcF+Fhs5OyW86k8gbUlYrXikV5XqHAa/db
Gh3ffLGggdiuG80caLuBcWN0ovsZdAE5IhvH/HGA9wsDmAWgvnb+Zl+DNyjGxYJb
zDeJtd1uv51/28q5xSXURAsx
-----END PRIVATE KEY-----

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDBzCCAe+gAwIBAgIJANEYnLFAMnAlMA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV
BAMMD0tFSyBDZXJ0aWZpY2F0ZTAeFw0xNzA4MTQwNzA2MDNaFw0yNzA4MTIwNzA2
MDNaMBoxGDAWBgNVBAMMD0tFSyBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBANj3djm8TJoMQp0ciMs0zt5JRAf2tU7HmE5kt3qMkNcv
f1SoEvcOp3Wys6he9ZEEcHVedQvmEtF98vSh/93CtHGURyEYXwun2wGqr/POh8Pq
y4H0pnXcldbyL7cR/V3gcj7x39n+Tdfhsvns9Rvh4YIdRUlx2gOeJHAH766h1MUJ
IS5K5uxso4J4Vkil9uwdDdQ3tXcEMYjhhLdEPcHz/+hR8ydSYT8Z+E2oRHqUqvDc
6hachPmVAPParxngu7CpEa6231H/W9HNPg0kxKQ2QuDREM9g1vhU9Z04VjZoPBNs
3Pzd0eMtmKWFxwwgAKoiJzIkY4mtsXEW3bt5vYgFFRECAwEAAaNQME4wHQYDVR0O
BBYEFGfd5E5+TJIAksK2XmhMoBCBEVy7MB8GA1UdIwQYMBaAFGfd5E5+TJIAksK2
XmhMoBCBEVy7MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFnUF9pS
iu9uMGMo27WZ9b02RfNa0NGc+ykjMyArQGSJzetxlYrqqcGTnUp1awUZkE7Wcait
DpmhzF+DZIqmaBLNaTRCKd2b7JsGmv9zHn+mxJb8g19BNJqMyUQB58+s2boGHPfU
KlN84NtK6mBww9rgAVzvT166OxbaIZ81EXrlOi4CW+eIasAUP2lftGIOW6SKHNHi
mZH0TaCfB3EXPeuJdawEDsk8J0N9rJ/wql4EpTwh2BhTrTas3K/Qf0qlHVq/GUpz
DtZhPfaRjBRH9JdYyPSSbk2Nc5bHEvFpezgc6+1/K4uE1U2Vd6xuQ10ozQxZvyee
Ai4vXOcgFdN/5P4=
-----END CERTIFICATE-----

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDY93Y5vEyaDEKd
HIjLNM7eSUQH9rVOx5hOZLd6jJDXL39UqBL3Dqd1srOoXvWRBHB1XnUL5hLRffL0
of/dwrRxlEchGF8Lp9sBqq/zzofD6suB9KZ13JXW8i+3Ef1d4HI+8d/Z/k3X4bL5
7PUb4eGCHUVJcdoDniRwB++uodTFCSEuSubsbKOCeFZIpfbsHQ3UN7V3BDGI4YS3
RD3B8//oUfMnUmE/GfhNqER6lKrw3OoWnIT5lQDz2q8Z4LuwqRGutt9R/1vRzT4N
JMSkNkLg0RDPYNb4VPWdOFY2aDwTbNz83dHjLZilhccMIACqIicyJGOJrbFxFt27
eb2IBRURAgMBAAECggEAHFJ5WWIOMdHF5FJ0POqA0p2Hxu5ajpUZeapGFTZCNgTa
P0fNafi8vW19bE4xCiQlNf0FlG8NJ9GkJHD9QIqJGYZ8noJa7d+UhCwu2cmtCVMe
C7HPBPWtjaiBuAkeJOIGp9bVHNTIfpTU0zEucdxTnrOJduPozK4ZHZK7o/U2HB4u
aPgmaao7GyOOEm3P/OP71rOOce+cqdd/YwwJ8aHgMb1bl49Qhd03BkAWM86J3oBR
0d/JvqahKDu2TFygC5dH9RrE2dEqckdIfLsdbbY8tGxEsWGbfNIWXUIMVDPAN34Q
u6GrY+bpniF9hApB1YH1q6WGLfW1gX40n+TLjGIBPQKBgQDzyawL1oq+gev+Wf+7
+NjDLt0BGVie2uHXkVnV+HOyNfoNvlB/uOLpnsf6a18lqGXkwJAOQJ2Whs3a9x0h
5idorW3Kep/rkGB7zkF8S1IAdZxKdMR2TevamCk9UZgFSShTpQIQ7+n66gpgkev4
p6EYckQnA6Ihe3c7xvpiqwa4mwKBgQDj1dYViFo501+C0Fb6n1xUJCkWDZeBhQcm
iJeixvaJ2v5agV5IqsKYrcP/X0sirqZZ3Z3Bm/V59e0u3PvJLyk/io4eEf5TwS23
Q1vAf1L3QoKiN1nzQCnAOE51cPmdyAPVgkdUdWUGlbb1rYec44n4On+tQ0m7A5tR
722BygFVwwKBgGtPapwLZCdXqTndA+UKNOA10LKbJZdHYgIxyQmWw9a+S8Og8m5G
RBvx+LUSbl91MOTwnninmLaZwCOSgxBY7x/0t09Ziut2MgJNWCYOQZpSKunbXF93
DUq7j+ud7vzkpwuqpq4t7SC1xLudf/GEWDUal0VVJBj48BMwEyc7gUnhAoGAFZFc
ntU1lVvJIt0OHtOPLffuW8QVn5E0SBWOJT6ogAxXH8I3ZrGjkkiA0V/4AOR/ouoz
0OwupMj/FvycaUMpqHY5VedmKA+VgE/EE8j51aZaL3kF7t0YFrY91yhGuQUCN+gJ
UJl8Ys8xbrhqqhNwMCt5grFn/Wgt/+emei7hSXkCgYBTh+Eu1c/YaFxwGUXPrltA
p7JGgT7BP3dmYdivZWq49tdwSEvFzfX7z1zyu/qTDSYj1xGskqoOl78HaYuUxuGg
Fw8dUOU5nyQYfSc3iu54zCEsSs9I3+iMxjvcOYnAzzYl6lGDlaAWfsuk7XWEgT2A
WC6NH6QxuP8Amdpq8lyPWg==
-----END PRIVATE KEY-----

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDBTCCAe2gAwIBAgIJAMhCGK1rqfOxMA0GCSqGSIb3DQEBCwUAMBkxFzAVBgNV
BAMMDlBLIENlcnRpZmljYXRlMB4XDTE3MDgxNDA3MDYwM1oXDTI3MDgxMjA3MDYw
M1owGTEXMBUGA1UEAwwOUEsgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjNl1enfgWg05myL5r2xaDfPSzRFUgnwUwLaR8L0V4lUOm
/TsnESNuf8BEvt4oC53fnK56MQQ8THFKxCMSbvVqZ9rVZpzldfpTqOfQbQZKM1zk
Omx69MO6clNfMeuZfLCmunept9N/6d65jNUYdpF6yitmlzVjhr3HXoHwn7eRX4dx
XWNG3s35LVwvMe4CP9juGaR4D6RTV2DS8mGr32zBhclPOzGZjpw0ZO7D2apwIWpi
Fu9048IIYCrQfzcNpM+AVtCjIFR9NR4K89LplQHIleGEsHE63yMmT2GMUCc+BI97
EsK0a70zxgRrTyOAP8358EyyK3LqPefqpsW1iyi7AgMBAAGjUDBOMB0GA1UdDgQW
BBSVggNE952zQm2SBUL+odEOo1VJmTAfBgNVHSMEGDAWgBSVggNE952zQm2SBUL+
odEOo1VJmTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBuwyMzSenn
1yMkMMT0C0pbWKl6VY5sCwOX/OZ+UpvaXyGUsD6J8cAn/9+t6qseQhd/GlKl2k8D
oGw4ItKHU5vMZcCY5H7Iqp57w+0kZJ544vk1vXjy5RhtoZXHStgr/Sfj/Tk4f1DQ
Yi3uHHS2YxmlMVpD5hT7AHUfTmdel9PFMQw61Lja6r3NchZhgkRQNeDihKyCvK7s
ckJ/lXcaUZ1jWl4g68nkZh6p/VgStjN9tekv75O9mF40VVZfLk91zAGjGkv3zIUC
tnX+YlbRwBPQtaHuEm+AXxCrHEQvi0QYhE9iA91h3GeQlNn3JmiKhJ7CRu8uo7r4
dj3IfaewIPA7
-----END CERTIFICATE-----

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCjNl1enfgWg05m
yL5r2xaDfPSzRFUgnwUwLaR8L0V4lUOm/TsnESNuf8BEvt4oC53fnK56MQQ8THFK
xCMSbvVqZ9rVZpzldfpTqOfQbQZKM1zkOmx69MO6clNfMeuZfLCmunept9N/6d65
jNUYdpF6yitmlzVjhr3HXoHwn7eRX4dxXWNG3s35LVwvMe4CP9juGaR4D6RTV2DS
8mGr32zBhclPOzGZjpw0ZO7D2apwIWpiFu9048IIYCrQfzcNpM+AVtCjIFR9NR4K
89LplQHIleGEsHE63yMmT2GMUCc+BI97EsK0a70zxgRrTyOAP8358EyyK3LqPefq
psW1iyi7AgMBAAECggEBAJwP/dPdZT3RrIQn670iLzLnpuxLqMKai9F3s1JzuRAG
Wjww5AEFKEYerfCOOcs84GbTYRrCB/TIe4QsbATSSKTITb3Ecr4Ow6B/X7oypdMJ
rgclvlkL9qQvcX0TNN79FcU3g/irJ/el3yy5d4H+zjkFW96rM4fJbWpX+hPmBRdh
JC5pt803+B8kosWkQdXTrjOIY3KLWwsE/UZi1T8tOqKWITQJo9huPkA8xe0s9Pg6
ZjK7lODLBclVvebxPgF5oOMDsdP/zI1iX2FVAIitkEgcLgHJVuQTg9cMGOPFx5BF
03i9XvVn1/oRoK3JGv0ME4RnOZSbrGRaEXDwydN7T+ECgYEAzHNft8yPHSir4TZn
7tAgGQlP98EjPa+zqQ/fUKiqnmcLhWbPBcHBLtFf9ewo8mAK1ul9gObiexWLkLGs
7kKFCLHxjmk3B0I17h+3RMC2sw6azaM5R1jD9MIIldkURMmFf3jIlaud1v7hvM0O
RSKNaH1OkMrlgzzfG3swOUJQmzMCgYEAzF0xD2WPRk9hF/ifFq1I/Cci6jNOB49W
EOs7JsUeQ9W9YphI6KJBAn4oL3P58uRv1bgsYFQksWoNrLir8ge1WUn19Z1UPZAr
HaKNT6RODH2/WBg96VtJUbnYJ1z+YZv2HO6ao2T0LfupDvF16ktEu3xHBOwMNYAh
JXaJoZ5F/FkCgYB+a2joceickyWU4NtrY+41DPkRra9o2VgyVco0SdcWk4kgN+4T
FTerB3Ra0GiRVqndMguUxS+OBEiEdBkGSsOQGNfQw2ZvapWGZL4iGTffiExYk3E7
mLuygLhmUBCkaCfQJpOBWNkEtB5JbFJClZby4WjPR2abu+wJRicPgN3u2QKBgAwm
HhyENRhA78y1AwAeHRCgYvr5QdJBOySWV1XesgXmVvPdibgKrUKwrULk6h7+ZYeX
A0xWtDe3zkhOUip5OtasBusrBy8Buw5v82agpeMoNo/OISAWRS2OlsMATD8RPnhJ
1vePsNRq+Ynh4Nik0Nk0ciRgw/kKPO41Ncld11tBAoGBAMR5T7zKRWTs75G0jeo2
MKODpVNJu8sGgy/AZDuSweNzHAidlZDZB6g7rCXvxpjwAN6B/3EjWbbIxN1hAaws
KrF/PuYhoLQE07jWCT4SnrrOfU6zlb1sEMBN5E4gKaFKB+z7TatLlhfknQc3RIS9
azMzcv5iYJ/XJEDg2W9pII0L
-----END PRIVATE KEY-----

@ -0,0 +1,35 @@
-----BEGIN CERTIFICATE-----
MIIGEDCCA/igAwIBAgIKYQjTxAAAAAAABDANBgkqhkiG9w0BAQsFADCBkTELMAkG
A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx
HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE7MDkGA1UEAxMyTWljcm9z
b2Z0IENvcnBvcmF0aW9uIFRoaXJkIFBhcnR5IE1hcmtldHBsYWNlIFJvb3QwHhcN
MTEwNjI3MjEyMjQ1WhcNMjYwNjI3MjEzMjQ1WjCBgTELMAkGA1UEBhMCVVMxEzAR
BgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1p
Y3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiTWljcm9zb2Z0IENvcnBvcmF0
aW9uIFVFRkkgQ0EgMjAxMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AKUIbEzHRQlqSwykwId/BnUMQwFUZOAWfwftkn0LsnO/DArGSkVhoMUWLZbT9Sug
+01Jm0GAkDy5VP3mvNGdxKQYin9BilxZg2gyu4xHye5xvCFPmop8/0Q/jY8ysiZI
rnW17slMHkoZfuSCmh14d00MsL32D9MW07z6K6VROF31+7rbeALb/+wKG5bVg7gZ
E+m2wHtAe+EfKCfJ+u9WXhzmfpR+wPBEsnk55dqyYotNvzhw4mgkFMkzpAg31Vhp
XtN87cEEUwjnTrAqh2MIYW9jFVnqsit51wxhZ4pb/V6th3+6hmdPcVgSIgQiIs6L
71RxAM5QNVh2lQjuarGiAdUCAwEAAaOCAXYwggFyMBIGCSsGAQQBgjcVAQQFAgMB
AAEwIwYJKwYBBAGCNxUCBBYEFPjBa7d/d1NK8yU3HU6hJnsPIHCAMB0GA1UdDgQW
BBQTrb9DCb2CcJyM1U8xbtUimIob1DAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMA
QTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRFZlJD
4X5YEb/WTp4jVQg7OiJqqDBcBgNVHR8EVTBTMFGgT6BNhktodHRwOi8vY3JsLm1p
Y3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNDb3JUaGlQYXJNYXJSb29f
MjAxMC0xMC0wNS5jcmwwYAYIKwYBBQUHAQEEVDBSMFAGCCsGAQUFBzAChkRodHRw
Oi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY0NvclRoaVBhck1hclJv
b18yMDEwLTEwLTA1LmNydDANBgkqhkiG9w0BAQsFAAOCAgEANQhC/zDMzvd2DK0Q
aFg1KUYydid87xJBJ0IbSqptgThIWRNV8+lYNKYWC4KqXa2C2oCDQQaPtB3yA7nz
Gl0b8VCQ+bNVhEIoHCC9sq5RFMXArJeVIRyQ2w/8d56Vc5GIyr29UrkFUA3fV56g
Ye0N5W0l2UAPF0DIzqNKwk2vmhIdCFSPvce8uSs9SSsfMvxqIWlPm8h+QjT8NgYX
i48gQMCzmiV1J83JA6P2XdHnNlR6uVC10xLRB7+7dN/cHo+A1e0Y9C8UFmsv3maM
sCPlx4TY7erBM4KtVksYLfFolQfNz/By8K673YaFmCwhTDMr8A9K8GiHtZJVMnWh
aoJqPKMlEaTtrdcErsvYQFmghNGVTGKRIhp0HYw9Rw5EpuSwmzQ1sfq2U6gsgeyk
BXHInbi66BtEZuRHVA6OVn+znxaYsobQaD6QI7UvXo9QhY3GjYJfQaH0Lg3gmdJs
deS2abUhhvoH0fbiTdHarSx3Ux4lMjfHbFJylYaw8TVhahn1sjuBUFamMi3+oon5
QoYnGFWhgspam/gwmFQUpkeWJS/IJuRBlBpcAj/lluOFWzw+P7tHFnJV4iUisdl7
5wMGKqP3HpBGwwAN1hmJ4w41J2IDcRWm79AnoKBZN2D4OJS44Hhw+LpMhoeU9uCu
AkXuZcK2o35pFnUHkpv1prxZg1g=
-----END CERTIFICATE-----

@ -0,0 +1,34 @@
-----BEGIN CERTIFICATE-----
MIIF6DCCA9CgAwIBAgIKYQrRiAAAAAAAAzANBgkqhkiG9w0BAQsFADCBkTELMAkG
A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx
HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE7MDkGA1UEAxMyTWljcm9z
b2Z0IENvcnBvcmF0aW9uIFRoaXJkIFBhcnR5IE1hcmtldHBsYWNlIFJvb3QwHhcN
MTEwNjI0MjA0MTI5WhcNMjYwNjI0MjA1MTI5WjCBgDELMAkGA1UEBhMCVVMxEzAR
BgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1p
Y3Jvc29mdCBDb3Jwb3JhdGlvbjEqMCgGA1UEAxMhTWljcm9zb2Z0IENvcnBvcmF0
aW9uIEtFSyBDQSAyMDExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
xOi1ir+tVyawJsPq5/tXekQCXQcN2krldCrmsA/sbevsf7njWmMyfBEXTw7jC6c4
FZOOxvXghLGamyzn9beR1gnh4sAEqKwwHN9I8wZQmmSnUX/IhU+PIIbO/i/hn/+C
wO3pzc70U2piOgtDueIl/f4F+dTEFKsR4iOJjXC3pB1N7K7lnPoWwtfBy9ToxC/l
me4kiwPsjfKL6sNK+0MREgt+tUeSbNzmBInr9TME6xABKnHl+YMTPP8lCS9odkb/
uk++3K1xKliq+w7SeT3km2U7zCkqn/xyWaLrrpLv9jUTgMYC7ORfzJ12ze9jksGv
eUCEeYd/41Ko6J17B2mPFQIDAQABo4IBTzCCAUswEAYJKwYBBAGCNxUBBAMCAQAw
HQYDVR0OBBYEFGL8Q82gPqTLZxLSW9lVrHvMtopfMBkGCSsGAQQBgjcUAgQMHgoA
UwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQY
MBaAFEVmUkPhflgRv9ZOniNVCDs6ImqoMFwGA1UdHwRVMFMwUaBPoE2GS2h0dHA6
Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY0NvclRoaVBh
ck1hclJvb18yMDEwLTEwLTA1LmNybDBgBggrBgEFBQcBAQRUMFIwUAYIKwYBBQUH
MAKGRGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljQ29yVGhp
UGFyTWFyUm9vXzIwMTAtMTAtMDUuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQDUhIj1
FJQYAsoqPPsqkhwM16DR8ehSZqjuorV1epAAqi2kdlrqebe5N2pRexBk9uFk8gJn
vveoG3i9us6IWGQM1lfIGaNfBdbbxtBpzkhLMrfrXdIw9cD1uLp4B6Mr/pvbNFaE
7ILKrkElcJxr6f6QD9eWH+XnlB+yKgyNS/8oKRB799d8pdF2uQXIee0PkJKcwv7f
b35sD3vUwUXdNFGWOQ/lXlbYGAWW9AemQrOgd/0IGfJxVsyfhiOkh8um/Vh+1Gln
FZF+gfJ/E+UNi4o8h4Tr4869Q+WtLYSTjmorWnxE+lKqgcgtHLvgUt8AEfiaPcFg
sOEztaOI0WUZChrnrHykwYKHTjixLw3FFIdv/Y0uvDm25+bD4OTNJ4TvlELvKYuQ
RkE7gRtn2PlDWWXLDbz9AJJP9HU7p6kk/FBBQHngLU8Kaid2blLtlml7rw/3hwXQ
RcKtUxSBH/swBKo3NmHaSmkbNNho7dYCz2yUDNPPbCJ5rbHwvAOiRmCpxAfCIYLx
/fLoeTJgv9ispSIUS8rB2EvrfT9XNbLmT3W0sGADIlOukXkd1ptBHxWGVHCy3g01
D3ywNHK6l2A78HnrorIcXaIWuIfF6Rv2tZclbzif45H6inmYw2kOt6McIAWX+MoU
rgDXxPPAFBB1azSgG7WZYPNcsMVXTjbSMoS/ng==
-----END CERTIFICATE-----

@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDOjCCAiICCQCndPpvXmatAzANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJD
QTEQMA4GA1UECAwHT250YXJpbzEPMA0GA1UEBwwGT3R0YXdhMR8wHQYDVQQKDBZX
aW5kIFJpdmVyIFN5c3RlbXMgSW5jMQwwCgYDVQQDDANUaVMwHhcNMTYxMjAxMTc1
OTMwWhcNMjYxMTI5MTc1OTMwWjBfMQswCQYDVQQGEwJDQTEQMA4GA1UECAwHT250
YXJpbzEPMA0GA1UEBwwGT3R0YXdhMR8wHQYDVQQKDBZXaW5kIFJpdmVyIFN5c3Rl
bXMgSW5jMQwwCgYDVQQDDANUaVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDGBF2js8+W952j9b9bPQKme51pepk9zV56dHWlYHwHT6OxRwnIUaa6z4Hb
qGBBfKc6VqYY5K/PmDb41TXgIwmjDgxn8Nz4Vr8odKz8IsPUl5PzRN1LFKx7S+Bl
s7LiOw8ZEGYT68VdYp+hwGhas7r2/jFd8K7od/fcmQkPUQyqeZAA+F9gcQNuXlh8
wFID0d3ek4jmiCj4AcOHCiFeg/gz21dKHdpl0/WQ3NiDASghuvE22lZGz6SrQGFX
xhC3UFkDQ83MlT1vS4ESfNS7o8Cq5Itnhe8MgI6nfPQrp3pgRNSGu8YU9HSCX5SD
d/rwaOpVzQtsmI1hj7BouTuwVrhNAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAAkZ
Mwub8wHuY7hfpw+q3YjksYQvWVErgH3I5Bs6GQpGhat1t1XnFrD17vrif9ri7sbd
beaISeyk5YCdTJCejXEbpL6GBppaSghtP9wAKtKLzlAz6Ta1GhSzKSVXdHl/JUVG
7n7gwiP3Sik2ZRVEdKZiODrVb7c8ga1SaiT/dexyKf+Qt3LmMe6QRKGXgsQVSgoI
0O1WTzpAJRZa1Z6lMOlzpho7rYdAlSIA0tydxx8rOykIPHRItnW/p79WsoQp646F
cS1ZaZ5XXRtgaO6AAZ+BKJGnie/xl1sNYah7quASYGwADzUpnN4QeiS92YN26eis
a16FUsgrac0uAQa55IQ=
-----END CERTIFICATE-----