pax_global_header00006660000000000000000000000064151555526420014524gustar00rootroot0000000000000052 comment=3f60fa969b9dbaa4acd6fd7a0cf273ce4ac28b6c golang-github-google-go-eventlog-0.0.2/000077500000000000000000000000001515555264200177505ustar00rootroot00000000000000golang-github-google-go-eventlog-0.0.2/.github/000077500000000000000000000000001515555264200213105ustar00rootroot00000000000000golang-github-google-go-eventlog-0.0.2/.github/workflows/000077500000000000000000000000001515555264200233455ustar00rootroot00000000000000golang-github-google-go-eventlog-0.0.2/.github/workflows/ci.yml000066400000000000000000000076251515555264200244750ustar00rootroot00000000000000# Copyright 2024 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may not # use this file except in compliance with the License. You may obtain a copy of # the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations under # the License. name: CI on: push: tags: - v* branches: - main pull_request: jobs: build: strategy: matrix: go-version: [1.20.x] # TODO: Get this working on windows-latest os: [ubuntu-latest] architecture: [x32, x64] include: - os: macos-latest architecture: arm64 go-version: 1.20.x - os: macos-14-large architecture: x64 go-version: 1.20.x name: Generate/Build/Test (${{ matrix.os }}, ${{ matrix.architecture }}, Go ${{ matrix.go-version }}) runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v3 - uses: actions/setup-go@v4 with: go-version: ${{ matrix.go-version }} architecture: ${{ matrix.architecture }} - name: Install Protoc uses: arduino/setup-protoc@v1 with: repo-token: ${{ secrets.GITHUB_TOKEN }} version: "3.20.1" - name: Install protoc-gen-go run: go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.34.2 - name: Check Protobuf Generation run: | go generate ./... git diff -G'^[^/]' --exit-code - name: Install Linux 64-bit packages run: sudo apt-get -y install libssl-dev if: runner.os == 'Linux' && matrix.architecture == 'x64' - name: Install Linux 32-bit packages run: sudo dpkg --add-architecture i386; sudo apt-get update; sudo apt-get -y install libssl-dev:i386 libgcc-s1:i386 gcc-multilib if: runner.os == 'Linux' && matrix.architecture == 'x32' - name: Install Mac packages run: | brew install openssl if: runner.os == 'macOS' - name: Install Windows packages run: choco install openssl if: runner.os == 'Windows' - name: Build all modules run: go build -v ./... - name: Test all modules run: go test -v ./... lint: strategy: matrix: go-version: [1.21.x] os: [ubuntu-latest] dir: ["./"] name: Lint ${{ matrix.dir }} (${{ matrix.os }}, Go ${{ matrix.go-version }}) runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v3 - uses: actions/setup-go@v2 with: go-version: ${{ matrix.go-version }} - name: Run golangci-lint uses: golangci/golangci-lint-action@v3.2.0 with: version: latest working-directory: ${{ matrix.dir }} args: > -D errcheck -E stylecheck -E goimports -E misspell -E revive -E gofmt -E goimports --exclude-use-default=false --max-same-issues=0 --max-issues-per-linter=0 --timeout 2m lintc: strategy: matrix: go-version: [1.21.x] os: [ubuntu-latest] name: Lint CGO (${{ matrix.os }}, Go ${{ matrix.go-version }}) runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v3 - uses: actions/setup-go@v2 with: go-version: ${{ matrix.go-version }} - name: Install Linux packages run: sudo apt-get -y install libssl-dev - name: Check for CGO Warnings (gcc) run: CGO_CFLAGS=-Werror CC=gcc go build ./... - name: Check for CGO Warnings (clang) run: CGO_CFLAGS=-Werror CC=clang go build ./... golang-github-google-go-eventlog-0.0.2/.gitignore000066400000000000000000000001221515555264200217330ustar00rootroot00000000000000*.test *.test.exe *.pkg.tar.xz .vscode* *.code-workspace main go.work go.work.sum golang-github-google-go-eventlog-0.0.2/CONTRIBUTING.md000066400000000000000000000023131515555264200222000ustar00rootroot00000000000000# How to Contribute We'd love to accept your patches and contributions to this project. There are just a few small guidelines you need to follow. ## Contributor License Agreement Contributions to this project must be accompanied by a Contributor License Agreement. You (or your employer) retain the copyright to your contribution; this simply gives us permission to use and redistribute your contributions as part of the project. Head over to to see your current agreements on file or to sign a new one. You generally only need to submit a CLA once, so if you've already submitted one (even if it was for a different project), you probably don't need to do it again. ## Code reviews All submissions, including submissions by project members, require review. We use GitHub pull requests for this purpose. Consult [GitHub Help](https://help.github.com/articles/about-pull-requests/) for more information on using pull requests. ## Community Guidelines This project follows [Google's Open Source Community Guidelines](https://opensource.google.com/conduct/). ## Releasing a new version See [`RELEASING.md`](RELEASING.md) for instructions on how to cut a new version of go-tpm-tools. golang-github-google-go-eventlog-0.0.2/LICENSE000066400000000000000000000261361515555264200207650ustar00rootroot00000000000000 Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. golang-github-google-go-eventlog-0.0.2/README.md000066400000000000000000000105551515555264200212350ustar00rootroot00000000000000# Go Event Log Go Event Log is a library for handling various event logs for use in Measured Boot protocols. It is a companion for technologies that provide measurement registers and an event log, such as TPM PCRs and the TCG PC Client event log. Packages: - `ccel` - `cel` - `legacy` - `tpmeventlog` - `proto` - `register` - `wellknown` # Terminology Event log parsing is the process of resolving event log events against the registers in the Root of Trust for Measurement and extracting useful information from the verified events. At a high level, we can break it down into Quote Verification, Event Log Replay, and Event Parsing. ## Measured Boot To ensure the integrity of the event log, measurement registers contain the final digest of a chain of measurements. These registers are typically located on tamper-proof storage on a root-of-trust, like a TPM. With measurement registers, a verifier can detect changes to an event log through a mechanism called event log replay. On TPMs, measurement registers are called platform configuration registers, or PCRs. Typically, these measurement registers are not directly writable. They usually expose an Extend command that takes the existing value in the MR, concatenates it with the new event hash, and then hashes the concatenated value. MRnew = hash(MRold || hash(measured data)) Since hash functions are one way, replicating the same MR values without the same measurements is difficult. This is a good property: only the same boot configuration should yield the same MR values. However, in the same vein, MRs are difficult to use to craft a machine policy since any small change in the input or in measurement order yields wildly different MR values. ## Quote Verification A measured boot root of trust can issue a report of the measurement registers, often called a quote or attestation report. This quote is typically a digitally-signed digest of measurement registers. A verifier then checks that the digest of measurement registers are signed by a trustworthy key, the Root of Trust for Reporting (RTR). This RTR, aka attestation key, is typically a certified key that signs a report of the measurement registers. This certification is known as an Endorsement in the [IETF RATS Architecture](https://datatracker.ietf.org/doc/rfc9334/). NOTE: This library does not support quote verification. Integrating code is expected to first verify a quote before using the facilities for event log replay and parsing. ## Event Log Replay Event log replay involves deserializing a raw event log and using the events to recalculate all of the measurement registers. Each event contains a digest and a measurement register index. The verifier will create simulated measurement registers and, for each event, extend the event digest into its corresponding simulated register. At the end, the verifier compares the simulated register values against the actual quoted measurement register values from the first step. Technology-specific logic in this repo includes deserializing a raw event log binary. For example, there will be different logic to parse a TCG PC Client event log, a Canonical Event Log, and a Confidential Computing Event Log (CCEL). Furthermore, different technologies use different types/number of measurement registers. ## Event Parsing Event parsing is the process of pulling information from the events. The verifier uses the output to make verification decisions against the appraisal policy, endorsements, and reference values. Since parsing events securely often requires examining state transitions from other events, this is also somewhat technology specific. For example, the ExitBootServices transition is measured in PCR5 on TPMs and RTMR0 on Intel TDX. Some examples of useful measurement information: * Firmware * Secure Boot configuration * Bootloaders * GRUB is supported by this library * Kernel * Command line * Initramfs * Integrity Measurement Architecture * Not supported ## Reference Measurements This library does not vend reference measurements or any specific Reference Integrity Manifests (RIMs). It is the responsibility of integrators to supply or fetch appropriate reference measurements. # Disclaimers This repo is part of a larger [go-attestation](https://github.com/google/go-attestation) migration. Expect pre-release commits and even v0.* releases to have plenty of breaking changes. This is not an officially supported Google product. golang-github-google-go-eventlog-0.0.2/ccel/000077500000000000000000000000001515555264200206565ustar00rootroot00000000000000golang-github-google-go-eventlog-0.0.2/ccel/README.md000066400000000000000000000003011515555264200221270ustar00rootroot00000000000000# Confidential Compute Event Log (CCEL) See https://uefi.org/specs/ACPI/6.5/05_ACPI_Software_Programming_Model.html#cc-event-log-acpi-table. Not to be confused with Canonical Event Log (CEL).golang-github-google-go-eventlog-0.0.2/ccel/cceventlog.go000066400000000000000000000056611515555264200233460ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. // Package ccel implements event log parsing and replay for the Confidential Computing event log. // It only supports the CCEL based on the TCG crypto-agile event log (including // the "Spec ID Event03" signature). package ccel import ( "encoding/binary" "fmt" ) /* MrIndex = 0; if (PCRIndex == 0) { MrIndex = CC_MR_INDEX_0_MRTD; } else if ((PCRIndex == 1) || (PCRIndex == 7)) { MrIndex = CC_MR_INDEX_1_RTMR0; } else if ((PCRIndex >= 2) && (PCRIndex <= 6)) { MrIndex = CC_MR_INDEX_2_RTMR1; } else if ((PCRIndex >= 8) && (PCRIndex <= 15)) { MrIndex = CC_MR_INDEX_3_RTMR2; } */ // Defined in Guest Hypervisor Communication Interface (GHCI) for Intel TDX 1.0. // https://www.intel.com/content/www/us/en/content-details/726790/guest-host-communication-interface-ghci-for-intel-trust-domain-extensions-intel-tdx.html const ( // See Section 4.3.3 CC-Event Log CCELACPITableSig = "CCEL" CCELACPITableMinSize = 56 ) // CCType describes the Confidential Computing type for the Confidential // Computing event log. type CCType uint8 // Known CC types. // See https://uefi.org/specs/ACPI/6.5/05_ACPI_Software_Programming_Model.html#cc-event-log-acpi-table. const ( Reserved = iota SEV TDX ) // CCACPITable represents the confidential computing (CC) event log ACPI table. type CCACPITable struct { Length uint32 CCType } func parseCCELACPITable(acpiTableFile []byte) (CCACPITable, error) { if len(acpiTableFile) < CCELACPITableMinSize { return CCACPITable{}, fmt.Errorf("received a smaller CCEL ACPI Table size (%v) than expected (%v)", len(acpiTableFile), CCELACPITableMinSize) } sig := acpiTableFile[0:4] if CCELACPITableSig != string(sig) { return CCACPITable{}, fmt.Errorf("received an invalid signature (%v) for CCEL ACPI Table size (%v)", string(sig), len(acpiTableFile)) } tableLenBytes := acpiTableFile[4:8] tableLen := binary.LittleEndian.Uint32(tableLenBytes) if tableLen != uint32(len(acpiTableFile)) { return CCACPITable{}, fmt.Errorf("received mismatch CCEL ACPI table length: got %v, expected %v", tableLen, uint32(len(acpiTableFile))) } ccType := acpiTableFile[36] if ccType > 2 { return CCACPITable{}, fmt.Errorf("received unknown CC type: %d", ccType) } logAreaMinLenBytes := acpiTableFile[40:48] laml := binary.LittleEndian.Uint32(logAreaMinLenBytes) return CCACPITable{ Length: laml, CCType: CCType(ccType), }, nil } golang-github-google-go-eventlog-0.0.2/ccel/cceventlog_test.go000066400000000000000000000114401515555264200243750ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. package ccel import ( "os" "strconv" "testing" "github.com/google/go-cmp/cmp" "github.com/google/go-eventlog/register" "github.com/google/go-eventlog/tcg" ) type eventLog struct { fname string mrs []register.MR } var COS113TDXUnpadded = eventLog{ fname: "../testdata/eventlogs/ccel/cos-113-intel-tdx-dupe-separator-unpadded.bin", mrs: []register.MR{ register.RTMR{ Index: 0, Digest: []byte("\xa4\xde-\xf2>\x96\x11)\x91#\xbaCY\xc4*^W\x8b\x0f\x84\x88\xbf\x1b\xba\x8e\xf5`m\x9e\xa5\xd8\x1c\x97\xc0d\xb4\x82\xa5\xea\xc57\xd1f\xbd\x0f\x0fu-"), }, register.RTMR{ Index: 1, Digest: []byte("\x0e\xe96l\x92\x8aw\t/U\xe9\xe1\x14\xc79A\x81\xfd&F\x99\x15_\r\xf7}#Wv\x18\xd5\xf6PV\x8a\x17\xd3y5Z\a\xbd\x84nU/N "), }, register.RTMR{ Index: 2, Digest: []byte("IihM\xc8s\x81\xfc;14\x17l\x8d\x88\x06\xea\xf0\xa9\x01\x85\x9f_pϮ\x8d\x17qKF\xc1\n\x8d\xe2\x19\x04\x8c\x9f\xc0\x9f\x11\xf3\x81\xa6\xfb\xe7\xc1"), }, }, } var COS113TDXPadded = eventLog{ fname: "../testdata/eventlogs/ccel/cos-113-intel-tdx-dupe-separator.bin", mrs: []register.MR{ register.RTMR{ Index: 0, Digest: []byte("\xa4\xde-\xf2>\x96\x11)\x91#\xbaCY\xc4*^W\x8b\x0f\x84\x88\xbf\x1b\xba\x8e\xf5`m\x9e\xa5\xd8\x1c\x97\xc0d\xb4\x82\xa5\xea\xc57\xd1f\xbd\x0f\x0fu-"), }, register.RTMR{ Index: 1, Digest: []byte("\x0e\xe96l\x92\x8aw\t/U\xe9\xe1\x14\xc79A\x81\xfd&F\x99\x15_\r\xf7}#Wv\x18\xd5\xf6PV\x8a\x17\xd3y5Z\a\xbd\x84nU/N "), }, register.RTMR{ Index: 2, Digest: []byte("IihM\xc8s\x81\xfc;14\x17l\x8d\x88\x06\xea\xf0\xa9\x01\x85\x9f_pϮ\x8d\x17qKF\xc1\n\x8d\xe2\x19\x04\x8c\x9f\xc0\x9f\x11\xf3\x81\xa6\xfb\xe7\xc1"), }, }, } var IntelTestCCEL = eventLog{ fname: "../testdata/eventlogs/ccel/CCEL.data.bin", mrs: []register.MR{ register.RTMR{ Index: 0, Digest: []byte("\x80\x83\xcdh\x98\xccR\xa9\x021\xcd\xf9\xc0S+\xf9Q<@F\\oq\xe5l\xbe2\xee,\x11\xa9\xdf\xc00)|\xa3\xca\x0fbG}m\x1fa\r?\xdb"), }, register.RTMR{ Index: 1, Digest: []byte("\x80\x83\xcdh\x98\xccR\xa9\x021\xcd\xf9\xc0S+\xf9Q<@F\\oq\xe5l\xbe2\xee,\x11\xa9\xdf\xc00)|\xa3\xca\x0fbG}m\x1fa\r?\xdb"), }, register.RTMR{ Index: 2, Digest: []byte("\x80\x83\xcdh\x98\xccR\xa9\x021\xcd\xf9\xc0S+\xf9Q<@F\\oq\xe5l\xbe2\xee,\x11\xa9\xdf\xc00)|\xa3\xca\x0fbG}m\x1fa\r?\xdb"), }, }, } func TestParseAndReplay(t *testing.T) { tests := []struct { el eventLog allowPadding bool wantErr bool }{ { el: COS113TDXUnpadded, allowPadding: true, wantErr: false, }, { el: COS113TDXUnpadded, allowPadding: false, wantErr: false, }, { el: COS113TDXPadded, allowPadding: true, wantErr: false, }, { el: COS113TDXPadded, allowPadding: false, wantErr: true, }, } for _, tt := range tests { t.Run(tt.el.fname+"_allowPadding_"+strconv.FormatBool(tt.allowPadding), func(t *testing.T) { elBytes, err := os.ReadFile(tt.el.fname) if err != nil { t.Fatal(err) } _, err = tcg.ParseAndReplay(elBytes, tt.el.mrs, tcg.ParseOpts{AllowPadding: tt.allowPadding}, ) if (err != nil) != tt.wantErr { t.Errorf("tcg.ParseAndReplay() = %v, wantErr = %v", err, tt.wantErr) } }) } } func TestParseCCACPITable(t *testing.T) { tableBytes, err := os.ReadFile("../testdata/eventlogs/ccel/CCEL.bin") if err != nil { t.Fatal(err) } tests := []struct { name string table []byte wantErr bool wantTable CCACPITable }{ { name: "Happy Path", table: tableBytes, wantErr: false, wantTable: CCACPITable{65536, TDX}, }, { name: "Bad signature", table: []byte{'A', 'B', 'C', 'D', 56, 1, 2, 3, 4}, wantErr: true, wantTable: CCACPITable{}, }, { name: "Bad length", table: []byte{'C', 'C', 'E', 'L', 48, 0, 0, 0}, wantErr: true, wantTable: CCACPITable{}, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { acpiTable, err := parseCCELACPITable(tt.table) if (err != nil) != tt.wantErr { t.Errorf("parseCCELACPITable() = %v, wantErr %v", err, tt.wantErr) } else { if diff := cmp.Diff(acpiTable, tt.wantTable); diff != "" { t.Errorf("parseCCELACPITable() = %v, want = %v", acpiTable, tt.wantTable) } } }) } } golang-github-google-go-eventlog-0.0.2/ccel/replay.go000066400000000000000000000045101515555264200225010ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. package ccel import ( "fmt" "github.com/google/go-eventlog/extract" pb "github.com/google/go-eventlog/proto/state" "github.com/google/go-eventlog/register" "github.com/google/go-eventlog/tcg" ) // ReplayAndExtract parses a Confidential Computing event log and // replays the parsed event log against the RTMR bank specified by hash. // // It then extracts event info from the verified log into a FirmwareLogState. // It returns an error on failing to replay the events against the RTMR bank or // on failing to parse malformed events. // // The returned FirmwareLogState may be a partial FirmwareLogState. // In the case of a partially filled state, err will be non-nil. // Callers can look for individual errors using `errors.Is`. // // It is the caller's responsibility to ensure that the passed RTMR values can be // trusted. Users can establish trust in RTMR values by either calling // client.ReadRTMRs() themselves or by verifying the values via a RTMR quote. func ReplayAndExtract(acpiTableFile []byte, rawEventLog []byte, rtmrBank register.RTMRBank, opts extract.Opts) (*pb.FirmwareLogState, error) { table, err := parseCCELACPITable(acpiTableFile) if err != nil { return nil, fmt.Errorf("failed to parse CCEL ACPI Table file: %v", err) } if table.CCType != TDX { return nil, fmt.Errorf("only TDX Confidential Computing event logs are supported: received %v", table.CCType) } cryptoHash, err := rtmrBank.CryptoHash() if err != nil { return &pb.FirmwareLogState{}, err } // CCELs have trailing padding at the end of the event log. events, err := tcg.ParseAndReplay(rawEventLog, rtmrBank.MRs(), tcg.ParseOpts{AllowPadding: true}) if err != nil { return nil, err } return extract.FirmwareLogState(events, cryptoHash, extract.RTMRRegisterConfig, opts) } golang-github-google-go-eventlog-0.0.2/ccel/replay_test.go000066400000000000000000000057231515555264200235470ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. package ccel import ( "os" "strings" "testing" "github.com/google/go-eventlog/extract" "github.com/google/go-eventlog/register" ) func TestReplayAndExtract(t *testing.T) { elBytes, err := os.ReadFile("../testdata/eventlogs/ccel/cos-113-intel-tdx.bin") if err != nil { t.Fatal(err) } tableBytes, err := os.ReadFile("../testdata/eventlogs/ccel/cos-113-intel-tdx.table.bin") if err != nil { t.Fatal(err) } rtmr0 := []byte("?\xa2\xf6\x1f9[\x7f_\xee\xfbN\xc2\xdfa)\x7f\x10\x9aث\xcdd\x10\xc1\xb7\xdf`\xf2\x1f7\xb1\x92\x97\xfc5\xe5D\x03\x9c~\x1e\xde\xceu*\xfd\x17\xf6") rtmr1 := []byte("\xf6-\xbc\a+\xd5\xd3\xf3C\x8b{5Úr\x7fZ\xea/\xfc$s\xf47#\x95?S\r\xafbPO\nyD\xaab\xc4\x1a\x86\xe8\xa8x±\"\xc1") rtmr2 := []byte("IihM\xc8s\x81\xfc;14\x17l\x8d\x88\x06\xea\xf0\xa9\x01\x85\x9f_pϮ\x8d\x17qKF\xc1\n\x8d\xe2\x19\x04\x8c\x9f\xc0\x9f\x11\xf3\x81\xa6\xfb\xe7\xc1") bank := register.RTMRBank{RTMRs: []register.RTMR{ {Index: 0, Digest: rtmr0}, {Index: 1, Digest: rtmr1}, {Index: 2, Digest: rtmr2}, }} _, err = ReplayAndExtract(tableBytes, elBytes, bank, extract.Opts{Loader: extract.GRUB}) if err != nil { t.Errorf("failed to ReplayAndExtract from CCEL: %v", err) } } func TestReplayAndExtractFailDuplicateSeparator(t *testing.T) { badELWithUEFIBug, err := os.ReadFile("../testdata/eventlogs/ccel/cos-113-intel-tdx-dupe-separator.bin") if err != nil { t.Fatal(err) } tableBytes, err := os.ReadFile("../testdata/eventlogs/ccel/CCEL.bin") if err != nil { t.Fatal(err) } rtmr0 := []byte("\xa4\xde-\xf2>\x96\x11)\x91#\xbaCY\xc4*^W\x8b\x0f\x84\x88\xbf\x1b\xba\x8e\xf5`m\x9e\xa5\xd8\x1c\x97\xc0d\xb4\x82\xa5\xea\xc57\xd1f\xbd\x0f\x0fu-") rtmr1 := []byte("\x0e\xe96l\x92\x8aw\t/U\xe9\xe1\x14\xc79A\x81\xfd&F\x99\x15_\r\xf7}#Wv\x18\xd5\xf6PV\x8a\x17\xd3y5Z\a\xbd\x84nU/N ") rtmr2 := []byte("IihM\xc8s\x81\xfc;14\x17l\x8d\x88\x06\xea\xf0\xa9\x01\x85\x9f_pϮ\x8d\x17qKF\xc1\n\x8d\xe2\x19\x04\x8c\x9f\xc0\x9f\x11\xf3\x81\xa6\xfb\xe7\xc1") bank := register.RTMRBank{RTMRs: []register.RTMR{ // {Index: 0, Digest: zeroes}, {Index: 0, Digest: rtmr0}, {Index: 1, Digest: rtmr1}, {Index: 2, Digest: rtmr2}, }} _, err = ReplayAndExtract(tableBytes, badELWithUEFIBug, bank, extract.Opts{Loader: extract.GRUB}) if err == nil || !strings.Contains(err.Error(), "duplicate separator at event") { t.Errorf("ReplayAndExtract(badELWithUEFIBug): got %v, expected error with duplicate separator message", err) } } golang-github-google-go-eventlog-0.0.2/cel/000077500000000000000000000000001515555264200205135ustar00rootroot00000000000000golang-github-google-go-eventlog-0.0.2/cel/README.md000066400000000000000000000002611515555264200217710ustar00rootroot00000000000000# Canonical Event Log Format (CEL) See https://trustedcomputinggroup.org/resource/canonical-event-log-format/. Not to be confused with Confidential Computing Event Log (CCEL).golang-github-google-go-eventlog-0.0.2/cel/canonical_eventlog.go000066400000000000000000000335551515555264200247070ustar00rootroot00000000000000// Package cel contains some basic operations of Canonical Eventlog. // Based on Canonical EventLog Spec (Draft) Version: TCG_IWG_CEL_v1_r0p37. package cel import ( "bytes" "crypto" "encoding/binary" "fmt" "io" "github.com/google/go-eventlog/register" "github.com/google/go-tpm/legacy/tpm2" ) // TopLevelEventType represents the CEL spec's known CELR data types for TPMS_CEL_EVENT. type TopLevelEventType uint8 // MRType represents the type of measurement register used in the CEL for field // CEL_PCR_NVindex TLV. type MRType TopLevelEventType const ( // CEL spec 5.1 recnumTypeValue TopLevelEventType = 0 // PCRType indicates a PCR event index PCRType MRType = 1 // NV Indexes are unsupported. _ MRType = 2 // CCMRType indicates a RTMR event index CCMRType MRType = 108 digestsTypeValue TopLevelEventType = 3 tlvTypeFieldLength int = 1 tlvLengthFieldLength int = 4 recnumValueLength uint32 = 8 // support up to 2^64 records regIndexValueLength uint32 = 1 // support up to 256 registers ) // MRExtender extends an implementation-specific measurement register at the // specified bank and index with the supplied digest. type MRExtender func(crypto.Hash, int, []byte) error // TLV definition according to CEL spec TCG_IWG_CEL_v1_r0p37, page 16. // Length is implicitly defined by len(Value), using uint32 big-endian // when encoding. type TLV struct { Type uint8 Value []byte } // MarshalBinary marshals a TLV to a byte slice. func (t TLV) MarshalBinary() (data []byte, err error) { buf := make([]byte, len(t.Value)+tlvTypeFieldLength+tlvLengthFieldLength) buf[0] = t.Type binary.BigEndian.PutUint32(buf[tlvTypeFieldLength:], uint32(len(t.Value))) copy(buf[tlvTypeFieldLength+tlvLengthFieldLength:], t.Value) return buf, nil } // UnmarshalBinary unmarshal a byte slice to a TLV. func (t *TLV) UnmarshalBinary(data []byte) error { valueLength := binary.BigEndian.Uint32(data[tlvTypeFieldLength : tlvTypeFieldLength+tlvLengthFieldLength]) if valueLength != uint32(len(data[tlvTypeFieldLength+tlvLengthFieldLength:])) { return fmt.Errorf("TLV Length doesn't match the size of its Value") } t.Type = data[0] t.Value = data[tlvTypeFieldLength+tlvLengthFieldLength:] return nil } // unmarshalFirstTLV reads and parse the first TLV from the bytes buffer. The function will // return io.EOF if the buf ends unexpectedly or cannot fill the TLV. func unmarshalFirstTLV(buf *bytes.Buffer) (tlv TLV, err error) { typeByte, err := buf.ReadByte() if err != nil { return tlv, err } var data []byte data = append(data, typeByte) // get the length lengthBytes := make([]byte, tlvLengthFieldLength) bytesRead, err := buf.Read(lengthBytes) if err != nil { return TLV{}, err } if bytesRead != tlvLengthFieldLength { return TLV{}, io.EOF } valueLength := binary.BigEndian.Uint32(lengthBytes) data = append(data, lengthBytes...) valueBytes := make([]byte, valueLength) bytesRead, err = buf.Read(valueBytes) if err != nil { return TLV{}, err } if uint32(bytesRead) != valueLength { return TLV{}, io.EOF } data = append(data, valueBytes...) if err = (&tlv).UnmarshalBinary(data); err != nil { return TLV{}, err } return tlv, nil } // Record represents a Canonical Eventlog Record. type Record struct { RecNum uint64 // Generic Measurement Register index number, register type // is determined by IndexType Index uint8 IndexType uint8 Digests map[crypto.Hash][]byte Content TLV } // Content is a interface for the content in CELR. type Content interface { GenerateDigest(crypto.Hash) ([]byte, error) TLV() (TLV, error) } // CEL represents a Canonical Event Log, which contains a list of Records. type CEL interface { // Records returns all the records in the CEL. Records() []Record // AppendEvent appends a new record to the CEL. AppendEvent(Content, []crypto.Hash, int, MRExtender) error // EncodeCEL returns the TLV encoding of the CEL. EncodeCEL(*bytes.Buffer) error // Replay verifies the contents of the event log with the given MR bank. Replay(register.MRBank) error // MRType returns the measurement register type used in the CEL. MRType() MRType } // eventLog represents a Canonical Event Log, which contains a list of Records. type eventLog struct { Recs []Record Type MRType } // NewPCR returns a CEL with events measured in TPM PCRs. func NewPCR() CEL { return &eventLog{Type: PCRType} } // NewConfComputeMR returns a CEL with events measured in confidential // computing measurement registers. func NewConfComputeMR() CEL { return &eventLog{Type: CCMRType} } // generateDigestMap computes hashes with the given hash algos and the given event func generateDigestMap(hashAlgos []crypto.Hash, event Content) (map[crypto.Hash][]byte, error) { digestsMap := make(map[crypto.Hash][]byte) for _, hashAlgo := range hashAlgos { digest, err := event.GenerateDigest(hashAlgo) if err != nil { return digestsMap, err } digestsMap[hashAlgo] = digest } return digestsMap, nil } // AppendEvent appends a new MR record to the CEL. func (c *eventLog) AppendEvent(event Content, bankAlgos []crypto.Hash, mrIndex int, extender MRExtender) error { if len(bankAlgos) == 0 || mrIndex < 0 { return fmt.Errorf("failed to append event with banks %v, measurement register index %v", bankAlgos, mrIndex) } if err := supportedMRType(c.Type); err != nil { return err } digestMap, err := generateDigestMap(bankAlgos, event) if err != nil { return err } for bank, dgst := range digestMap { if err := extender(bank, mrIndex, dgst); err != nil { return fmt.Errorf("failed to extend event to MR%d on bank %v: %v", mrIndex, bank, err) } } eventTlv, err := event.TLV() if err != nil { return err } celrPCR := Record{ RecNum: uint64(len(c.Recs)), Index: uint8(mrIndex), Digests: digestMap, Content: eventTlv, IndexType: uint8(c.Type), } c.Recs = append(c.Recs, celrPCR) return nil } func supportedMRType(mrType MRType) error { if mrType != PCRType && mrType != CCMRType { return fmt.Errorf("received unknown type of measurement register: %d", mrType) } return nil } func createRecNumField(recNum uint64) TLV { value := make([]byte, recnumValueLength) binary.BigEndian.PutUint64(value, recNum) return TLV{uint8(recnumTypeValue), value} } // UnmarshalRecNum takes in a TLV with its type equals to the recnum type value (0), and // return its record number. func unmarshalRecNum(tlv TLV) (uint64, error) { if tlv.Type != uint8(recnumTypeValue) { return 0, fmt.Errorf("type of the TLV [%d] indicates it is not a recnum field [%d]", tlv.Type, recnumTypeValue) } if uint32(len(tlv.Value)) != recnumValueLength { return 0, fmt.Errorf( "length of the value of the TLV [%d] doesn't match the defined length [%d] of value for recnum", len(tlv.Value), recnumValueLength) } return binary.BigEndian.Uint64(tlv.Value), nil } func createIndexField(indexType uint8, indexNum uint8) TLV { return TLV{indexType, []byte{indexNum}} } // unmarshalIndex takes in a TLV with its type equals to the PCR or CCMR type value, and // return its index number. func unmarshalIndex(tlv TLV) (indexType uint8, pcrNum uint8, err error) { if tlv.Type != uint8(PCRType) && tlv.Type != uint8(CCMRType) { return 0, 0, fmt.Errorf("type of the TLV [%d] indicates it is not a PCR [%d] or a CCMR [%d] field ", tlv.Type, uint8(PCRType), uint8(CCMRType)) } if uint32(len(tlv.Value)) != regIndexValueLength { return 0, 0, fmt.Errorf( "length of the value of the TLV [%d] doesn't match the defined length [%d] of value for a register index field", len(tlv.Value), regIndexValueLength) } return tlv.Type, tlv.Value[0], nil } func createDigestField(digestMap map[crypto.Hash][]byte) (TLV, error) { var buf bytes.Buffer for hashAlgo, hash := range digestMap { if len(hash) != hashAlgo.Size() { return TLV{}, fmt.Errorf("digest length [%d] doesn't match the expected length [%d] for the hash algorithm", len(hash), hashAlgo.Size()) } tpmHashAlg, err := tpm2.HashToAlgorithm(hashAlgo) if err != nil { return TLV{}, err } singleDigestTLV := TLV{uint8(tpmHashAlg), hash} d, err := singleDigestTLV.MarshalBinary() if err != nil { return TLV{}, err } _, err = buf.Write(d) if err != nil { return TLV{}, err } } return TLV{uint8(digestsTypeValue), buf.Bytes()}, nil } // UnmarshalDigests takes in a TLV with its type equals to the digests type value (3), and // return its digests content in a map, the key is its TPM hash algorithm. func unmarshalDigests(tlv TLV) (digestsMap map[crypto.Hash][]byte, err error) { if tlv.Type != uint8(digestsTypeValue) { return nil, fmt.Errorf("type of the TLV indicates it doesn't contain digests") } buf := bytes.NewBuffer(tlv.Value) digestsMap = make(map[crypto.Hash][]byte) for buf.Len() > 0 { digestTLV, err := unmarshalFirstTLV(buf) if err == io.EOF { return nil, fmt.Errorf("buffer ends unexpectedly") } else if err != nil { return nil, err } hashAlg, err := tpm2.Algorithm(digestTLV.Type).Hash() if err != nil { return nil, err } digestsMap[hashAlg] = digestTLV.Value } return digestsMap, nil } // EncodeCELR encodes the CELR to bytes according to the CEL spec and write them // to the bytes byffer. func (r *Record) EncodeCELR(buf *bytes.Buffer) error { recnumField, err := createRecNumField(r.RecNum).MarshalBinary() if err != nil { return err } indexField, err := createIndexField(r.IndexType, r.Index).MarshalBinary() if err != nil { return err } digests, err := createDigestField(r.Digests) if err != nil { return err } digestsField, err := digests.MarshalBinary() if err != nil { return err } eventField, err := r.Content.MarshalBinary() if err != nil { return err } _, err = buf.Write(recnumField) if err != nil { return err } _, err = buf.Write(indexField) if err != nil { return err } _, err = buf.Write(digestsField) if err != nil { return err } _, err = buf.Write(eventField) if err != nil { return err } return nil } // EncodeCEL encodes the CEL to bytes according to the CEL spec and write them // to the bytes buffer. func (c *eventLog) EncodeCEL(buf *bytes.Buffer) error { for _, record := range c.Recs { if err := record.EncodeCELR(buf); err != nil { return err } } return nil } // DecodeToCEL will read the buf for CEL, will return err if the buffer // is not complete. func DecodeToCEL(buf *bytes.Buffer) (CEL, error) { var cel eventLog for buf.Len() > 0 { celr, err := decodeToCELR(buf) if err == io.EOF { return &eventLog{}, fmt.Errorf("buffer ends unexpectedly") } if err != nil { return &eventLog{}, err } cel.Recs = append(cel.Recs, celr) } if len(cel.Recs) > 1 { zeroMRType := MRType(cel.Recs[0].IndexType) for _, rec := range cel.Recs { mrType := MRType(rec.IndexType) if err := supportedMRType(mrType); err != nil { return &eventLog{}, fmt.Errorf("bad record %v: %v", rec.RecNum, err) } if mrType != zeroMRType { return &eventLog{}, fmt.Errorf("bad record %v: found differing MR types in the CEL: got %v, expected %v", rec.RecNum, mrType, zeroMRType) } } cel.Type = zeroMRType } return &cel, nil } // decodeToCELR will read the buf for the next CELR, will return err if // failed to unmarshal a correct CELR TLV from the buffer. func decodeToCELR(buf *bytes.Buffer) (r Record, err error) { recnum, err := unmarshalFirstTLV(buf) if err != nil { return Record{}, err } r.RecNum, err = unmarshalRecNum(recnum) if err != nil { return Record{}, err } regIndex, err := unmarshalFirstTLV(buf) if err != nil { return Record{}, err } r.IndexType, r.Index, err = unmarshalIndex(regIndex) if err != nil { return Record{}, err } digests, err := unmarshalFirstTLV(buf) if err != nil { return Record{}, err } r.Digests, err = unmarshalDigests(digests) if err != nil { return Record{}, err } r.Content, err = unmarshalFirstTLV(buf) if err != nil { return Record{}, err } return r, nil } // Replay takes the digests from a Canonical Event Log and carries out the // extend sequence for each register (PCR, RTMR) in the log. It then compares // the final digests against a bank of register values to see if they match. // make sure CEL has only one indexType event func (c *eventLog) Replay(regs register.MRBank) error { cryptoHash, err := regs.CryptoHash() if err != nil { return err } replayed := make(map[uint8][]byte) for _, record := range c.Recs { if _, ok := replayed[record.Index]; !ok { replayed[record.Index] = make([]byte, cryptoHash.Size()) } hasher := cryptoHash.New() digestsMap := record.Digests digest, ok := digestsMap[cryptoHash] if !ok { return fmt.Errorf("the CEL record did not contain a %v digest", cryptoHash) } hasher.Write(replayed[record.Index]) hasher.Write(digest) replayed[record.Index] = hasher.Sum(nil) } // to a map for easy matching registers := make(map[int][]byte) for _, r := range regs.MRs() { registers[r.Idx()] = r.Dgst() } var failedReplayRegs []uint8 for replayReg, replayDigest := range replayed { bankDigest, ok := registers[int(replayReg)] if !ok { return fmt.Errorf("the CEL contains record(s) for register %d without a matching register in the given bank to verify", replayReg) } if !bytes.Equal(bankDigest, replayDigest) { failedReplayRegs = append(failedReplayRegs, replayReg) } } if len(failedReplayRegs) == 0 { return nil } return fmt.Errorf("CEL replay failed for these registers in bank %v: %v", cryptoHash, failedReplayRegs) } func (c *eventLog) Records() []Record { return c.Recs } func (c *eventLog) MRType() MRType { return c.Type } // VerifyDigests checks the digest generated by the given record's content to make sure they are equal to // the digests in the digestMap. func VerifyDigests(c Content, digestMap map[crypto.Hash][]byte) error { for hash, digest := range digestMap { generatedDigest, err := c.GenerateDigest(hash) if err != nil { return err } if !bytes.Equal(generatedDigest, digest) { return fmt.Errorf("CEL record content digest verification failed for %s", hash) } } return nil } golang-github-google-go-eventlog-0.0.2/cel/canonical_eventlog_test.go000066400000000000000000000166251515555264200257450ustar00rootroot00000000000000package cel import ( "bytes" "crypto" "crypto/rand" "fmt" "reflect" "testing" "github.com/google/go-eventlog/register" ) var measuredHashes = []crypto.Hash{crypto.SHA1, crypto.SHA256} func TestCELEncodingDecoding(t *testing.T) { rot, err := register.CreateFakeRot(measuredHashes, 24) if err != nil { t.Fatal(err) } tests := []MRType{PCRType, CCMRType} for _, tc := range tests { t.Run(fmt.Sprintf("MRType %v", tc), func(t *testing.T) { cel := eventLog{Type: tc} fakeEvent1 := FakeTlv{FakeEvent1, []byte("docker.io/bazel/experimental/test:latest")} appendFakeMREventOrFatal(t, &cel, rot, 16, measuredHashes, fakeEvent1) fakeEvent2 := FakeTlv{FakeEvent2, []byte("sha256:781d8dfdd92118436bd914442c8339e653b83f6bf3c1a7a98efcfb7c4fed7483")} appendFakeMREventOrFatal(t, &cel, rot, 23, measuredHashes, fakeEvent2) var buf bytes.Buffer if err := cel.EncodeCEL(&buf); err != nil { t.Fatal(err) } decodedcel, err := DecodeToCEL(&buf) if err != nil { t.Fatal(err) } if decodedcel.MRType() != tc { t.Errorf("decoded CEL MR type: got %v, want %v", decodedcel.MRType(), tc) } if len(decodedcel.Records()) != 2 { t.Errorf("should have two records") } if decodedcel.Records()[0].RecNum != 0 { t.Errorf("recnum mismatch") } if decodedcel.Records()[1].RecNum != 1 { t.Errorf("recnum mismatch") } if decodedcel.Records()[0].IndexType != uint8(tc) { t.Errorf("index type mismatch") } if decodedcel.Records()[0].Index != uint8(16) { t.Errorf("pcr value mismatch") } if decodedcel.Records()[1].IndexType != uint8(tc) { t.Errorf("index type mismatch") } if decodedcel.Records()[1].Index != uint8(23) { t.Errorf("pcr value mismatch") } if !reflect.DeepEqual(decodedcel.Records(), cel.Records()) { t.Errorf("decoded CEL doesn't equal to the original one") } }) } } func TestCELAppendDifferentMRTypes(t *testing.T) { rot, err := register.CreateFakeRot(measuredHashes, 24) if err != nil { t.Fatal(err) } tests := []MRType{PCRType, CCMRType} for _, tc := range tests { t.Run(fmt.Sprintf("MRType %v", tc), func(t *testing.T) { el := eventLog{Type: tc} event := FakeTlv{FakeEvent1, []byte("hellothere")} appendFakeMREventOrFatal(t, &el, rot, 8, measuredHashes, event) appendFakeMREventOrFatal(t, &el, rot, 8, measuredHashes, event) appendFakeMREventOrFatal(t, &el, rot, 8, measuredHashes, event) appendFakeMREventOrFatal(t, &el, rot, 8, measuredHashes, event) appendFakeMREventOrFatal(t, &el, rot, 8, measuredHashes, event) for _, rec := range el.Records() { if rec.IndexType != uint8(tc) { t.Errorf("AppendEvent(): got Index Type %v, want type %v", rec.IndexType, tc) } } }) } } func TestCELMeasureAndReplay(t *testing.T) { rot, err := register.CreateFakeRot(measuredHashes, 24) if err != nil { t.Fatal(err) } cel := NewPCR() event := FakeTlv{FakeEvent1, []byte("docker.io/bazel/experimental/test:latest")} someEvent2 := make([]byte, 10) rand.Read(someEvent2) FakeEvent2 := FakeTlv{FakeEvent2, someEvent2} appendFakeMREventOrFatal(t, cel, rot, 12, measuredHashes, event) appendFakeMREventOrFatal(t, cel, rot, 12, measuredHashes, FakeEvent2) appendFakeMREventOrFatal(t, cel, rot, 18, measuredHashes, FakeEvent2) appendFakeMREventOrFatal(t, cel, rot, 18, measuredHashes, event) appendFakeMREventOrFatal(t, cel, rot, 18, measuredHashes, event) replay(t, cel, rot, measuredHashes, []int{12, 18}, true /*shouldSucceed*/) // Supersets should pass. replay(t, cel, rot, measuredHashes, []int{0, 12, 13, 14, 18, 19, 22, 23}, true /*shouldSucceed*/) } func TestCELReplayFailTamperedDigest(t *testing.T) { rot, err := register.CreateFakeRot(measuredHashes, 24) if err != nil { t.Fatal(err) } cel := NewPCR() event := FakeTlv{FakeEvent1, []byte("docker.io/bazel/experimental/test:latest")} someEvent2 := make([]byte, 10) rand.Read(someEvent2) FakeEvent2 := FakeTlv{FakeEvent2, someEvent2} appendFakeMREventOrFatal(t, cel, rot, 2, measuredHashes, event) appendFakeMREventOrFatal(t, cel, rot, 2, measuredHashes, FakeEvent2) appendFakeMREventOrFatal(t, cel, rot, 3, measuredHashes, FakeEvent2) appendFakeMREventOrFatal(t, cel, rot, 3, measuredHashes, event) appendFakeMREventOrFatal(t, cel, rot, 3, measuredHashes, event) modifiedRecord := cel.Records()[3] for hash := range modifiedRecord.Digests { newDigest := make([]byte, hash.Size()) rand.Read(newDigest) modifiedRecord.Digests[hash] = newDigest } replay(t, cel, rot, measuredHashes, []int{2, 3}, false /*shouldSucceed*/) } func TestCELReplayEmpty(t *testing.T) { rot, err := register.CreateFakeRot(measuredHashes, 24) if err != nil { t.Fatal(err) } cel := NewPCR() replay(t, cel, rot, []crypto.Hash{crypto.SHA1, crypto.SHA256}, []int{12, 13}, true /*shouldSucceed*/) } func TestCELReplayFailMissingMRsInBank(t *testing.T) { rot, err := register.CreateFakeRot(measuredHashes, 24) if err != nil { t.Fatal(err) } cel := &eventLog{Type: PCRType} someEvent := make([]byte, 10) someEvent2 := make([]byte, 10) rand.Read(someEvent2) appendFakeMREventOrFatal(t, cel, rot, 7, measuredHashes, FakeTlv{FakeEvent1, someEvent}) appendFakeMREventOrFatal(t, cel, rot, 8, measuredHashes, FakeTlv{FakeEvent2, someEvent2}) replay(t, cel, rot, measuredHashes, []int{7}, false /*shouldSucceed*/) replay(t, cel, rot, measuredHashes, []int{8}, false /*shouldSucceed*/) } func TestDecodeCELFailBadMRTypes(t *testing.T) { rot, err := register.CreateFakeRot(measuredHashes, 24) if err != nil { t.Fatal(err) } cel := &eventLog{} someEvent := make([]byte, 10) if err := cel.AppendEvent(FakeTlv{FakeEvent1, someEvent}, measuredHashes, 7, fakeRotExtender(rot)); err == nil { t.Errorf("AppendEvent(UnsetMR): got %v, expect err", err) } } func TestCELAppendFailBadMRType(t *testing.T) { rot, err := register.CreateFakeRot(measuredHashes, 24) if err != nil { t.Fatal(err) } tests := []struct { mrT MRType expectErr bool }{ {mrT: PCRType, expectErr: false}, {mrT: CCMRType, expectErr: false}, {mrT: 0, expectErr: true}, {mrT: 2, expectErr: true}, {mrT: 4, expectErr: true}, {mrT: 100, expectErr: true}, {mrT: 100, expectErr: true}, {mrT: 255, expectErr: true}, } for _, tc := range tests { t.Run(fmt.Sprintf("MRType %v", tc.mrT), func(t *testing.T) { cel := &eventLog{Type: tc.mrT} someEvent := make([]byte, 10) if err := cel.AppendEvent(FakeTlv{FakeEvent1, someEvent}, measuredHashes, 7, fakeRotExtender(rot)); (err != nil) != tc.expectErr { t.Errorf("AppendEvent(MRType %v): got %v, expectErr %v", tc.mrT, err, tc.expectErr) } }) } } func replay(t *testing.T, cel CEL, rot register.FakeROT, measuredHashes []crypto.Hash, mrs []int, shouldSucceed bool) { for _, hash := range measuredHashes { bank, err := rot.ReadMRs(hash, mrs) if err != nil { t.Fatal(err) } if err := cel.Replay(bank); shouldSucceed && err != nil { t.Errorf("failed to replay CEL on %v bank: %v", hash, err) } } } func appendFakeMREventOrFatal(t *testing.T, cel CEL, fakeROT register.FakeROT, mrIndex int, banks []crypto.Hash, event Content) { if err := cel.AppendEvent(event, banks, mrIndex, fakeRotExtender(fakeROT)); err != nil { t.Fatalf("failed to append PCR event: %v", err) } } func fakeRotExtender(rot register.FakeROT) MRExtender { return func(bank crypto.Hash, mrIdx int, digest []byte) error { return rot.ExtendMR(register.FakeMR{ Index: mrIdx, Digest: digest, DigestAlg: bank, }) } } golang-github-google-go-eventlog-0.0.2/cel/fake_tlv.go000066400000000000000000000035101515555264200226340ustar00rootroot00000000000000package cel import ( "crypto" "fmt" ) const ( // FakeEventType indicates the CELR event is a Fake content type. FakeEventType uint8 = 222 // FakeEventMR is the PCR which should be used for FakeEventType events. FakeEventMR = 23 ) // FakeType represent a Fake content type in a CEL record content. type FakeType uint8 // Type for Fake nested events const ( FakeEvent1 FakeType = iota FakeEvent2 ) // FakeTlv is a specific TLV created for testing. type FakeTlv struct { EventType FakeType EventContent []byte } // TLV returns the TLV representation of the fake TLV. func (f FakeTlv) TLV() (TLV, error) { data, err := TLV{uint8(f.EventType), f.EventContent}.MarshalBinary() if err != nil { return TLV{}, err } return TLV{ Type: FakeEventType, Value: data, }, nil } // GenerateDigest generates the digest for the given fake TLV. The whole TLV struct will // be marshaled to bytes and feed into the hash algo. func (f FakeTlv) GenerateDigest(hashAlgo crypto.Hash) ([]byte, error) { contentTLV, err := f.TLV() if err != nil { return nil, err } b, err := contentTLV.MarshalBinary() if err != nil { return nil, err } hash := hashAlgo.New() if _, err = hash.Write(b); err != nil { return nil, err } return hash.Sum(nil), nil } // ParseToFakeTlv constructs a FakeTlv from a TLV. It will check for the correct fake event // type, and unmarshal the nested event. func (t TLV) ParseToFakeTlv() (FakeTlv, error) { if !t.IsFakeTLV() { return FakeTlv{}, fmt.Errorf("TLV type %v is not a Fake event", t.Type) } nestedEvent := TLV{} err := nestedEvent.UnmarshalBinary(t.Value) if err != nil { return FakeTlv{}, err } return FakeTlv{FakeType(nestedEvent.Type), nestedEvent.Value}, nil } // IsFakeTLV check whether a TLV is a Fake TLV by its Type value. func (t TLV) IsFakeTLV() bool { return t.Type == FakeEventType } golang-github-google-go-eventlog-0.0.2/extract/000077500000000000000000000000001515555264200214225ustar00rootroot00000000000000golang-github-google-go-eventlog-0.0.2/extract/extract.go000066400000000000000000000333011515555264200234230ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. // Package extract has tools for extracting boot and runtime information from measurements. package extract import ( "bytes" "crypto" "crypto/x509" "errors" "fmt" pb "github.com/google/go-eventlog/proto/state" "github.com/google/go-eventlog/tcg" "github.com/google/go-eventlog/wellknown" "github.com/google/go-tpm/legacy/tpm2" ) var ( newGrubKernelCmdlinePrefix = []byte("kernel_cmdline: ") oldGrubKernelCmdlinePrefix = []byte("grub_kernel_cmdline ") // See https://www.gnu.org/software/grub/manual/grub/grub.html#Measured-Boot. validPrefixes = [][]byte{[]byte("grub_cmd: "), newGrubKernelCmdlinePrefix, []byte("module_cmdline: "), // Older style prefixes: // https://src.fedoraproject.org/rpms/grub2/blob/c789522f7cfa19a10cd716a1db24dab5499c6e5c/f/0224-Rework-TPM-measurements.patch oldGrubKernelCmdlinePrefix, []byte("grub_cmd ")} ) // Bootloader refers to the second-stage bootloader that loads and transfers // execution to the OS kernel. type Bootloader int const ( // UnsupportedLoader refers to a second-stage bootloader that is of an // unsupported type. VerifyAttestation will not parse the PC Client Event // Log for bootloader events. UnsupportedLoader Bootloader = iota // GRUB (https://www.gnu.org/software/grub/). GRUB ) // Opts gives options for extracting information from an event log. type Opts struct { Loader Bootloader } // FirmwareLogState extracts event info from a verified TCG PC Client event // log into a FirmwareLogState. // It returns an error on failing to parse malformed events. // // The returned FirmwareLogState may be a partial FirmwareLogState. // In the case of a partially filled state, err will be non-nil. // Callers can look for individual errors using `errors.Is`. // // It is the caller's responsibility to ensure that the passed events have // been replayed (e.g., using `tcg.ParseAndReplay`) against a verified measurement // register bank. func FirmwareLogState(events []tcg.Event, hash crypto.Hash, registerCfg registerConfig, opts Opts) (*pb.FirmwareLogState, error) { var joined error tcgHash, err := tpm2.HashToAlgorithm(hash) if err != nil { return nil, err } platform, err := registerCfg.PlatformExtracter(hash, events) if err != nil { joined = errors.Join(joined, err) } sbState, err := SecureBootState(events, registerCfg) if err != nil { joined = errors.Join(joined, err) } efiState, err := EfiState(hash, events, registerCfg) if err != nil { joined = errors.Join(joined, err) } var grub *pb.GrubState var kernel *pb.LinuxKernelState if opts.Loader == GRUB { grub, err = registerCfg.GRUBExtracter(hash, events) if err != nil { joined = errors.Join(joined, err) } kernel, err = LinuxKernelStateFromGRUB(grub) if err != nil { joined = errors.Join(joined, err) } } return &pb.FirmwareLogState{ Platform: platform, SecureBoot: sbState, Efi: efiState, RawEvents: tcg.ConvertToPbEvents(hash, events), Hash: pb.HashAlgo(tcgHash), Grub: grub, LinuxKernel: kernel, }, joined } func contains(set [][]byte, value []byte) bool { for _, setItem := range set { if bytes.Equal(value, setItem) { return true } } return false } type separatorInfo struct { separatorData [][]byte separatorDigests [][]byte } // getSeparatorInfo is used to return the valid event data and their corresponding // digests. This is useful for events like separators, where the data is known // ahead of time. func getSeparatorInfo(hash crypto.Hash) *separatorInfo { hasher := hash.New() // From the PC Client Firmware Profile spec, on the separator event: // The event field MUST contain the hex value 00000000h or FFFFFFFFh. sepData := [][]byte{{0, 0, 0, 0}, {0xff, 0xff, 0xff, 0xff}} sepDigests := make([][]byte, 0, len(sepData)) for _, value := range sepData { hasher.Write(value) sepDigests = append(sepDigests, hasher.Sum(nil)) } return &separatorInfo{separatorData: sepData, separatorDigests: sepDigests} } // checkIfValidSeparator returns true if both the separator event's type and // digest match the expected event data. // If the event type is Separator, but the data is invalid, it returns false // and an error. // checkIfValidSeparator returns false and a nil error on other event types. func checkIfValidSeparator(event tcg.Event, sepInfo *separatorInfo) (bool, error) { evtType := event.UntrustedType() index := event.MRIndex() if (evtType != tcg.Separator) && !contains(sepInfo.separatorDigests, event.ReplayedDigest()) { return false, nil } // To make sure we have a valid event, we check any event (e.g., separator) // that claims to be of the event type or "looks like" the event to prevent // certain vulnerabilities in event parsing. For more info see: // https://github.com/google/go-attestation/blob/master/docs/event-log-disclosure.md if evtType != tcg.Separator { return false, fmt.Errorf("MR%d event contains separator data but non-separator type %d", index, evtType) } if !event.DigestVerified() { return false, fmt.Errorf("unverified separator digest for MR%d", index) } if !contains(sepInfo.separatorData, event.RawData()) { return false, fmt.Errorf("invalid separator data for MR%d", index) } return true, nil } func convertToPbDatabase(certs []x509.Certificate, hashes [][]byte) *pb.Database { protoCerts := make([]*pb.Certificate, 0, len(certs)) for _, cert := range certs { wkEnum, err := matchWellKnown(cert) var pbCert pb.Certificate if err == nil { pbCert.Representation = &pb.Certificate_WellKnown{WellKnown: wkEnum} } else { pbCert.Representation = &pb.Certificate_Der{Der: cert.Raw} } protoCerts = append(protoCerts, &pbCert) } return &pb.Database{ Certs: protoCerts, Hashes: hashes, } } func matchWellKnown(cert x509.Certificate) (pb.WellKnownCertificate, error) { if bytes.Equal(wellknown.WindowsProductionPCA2011Cert, cert.Raw) { return pb.WellKnownCertificate_MS_WINDOWS_PROD_PCA_2011, nil } if bytes.Equal(wellknown.MicrosoftUEFICA2011Cert, cert.Raw) { return pb.WellKnownCertificate_MS_THIRD_PARTY_UEFI_CA_2011, nil } return pb.WellKnownCertificate_UNKNOWN, errors.New("failed to find matching well known certificate") } // SecureBootState extracts Secure Boot information from a UEFI TCG2 // firmware event log. func SecureBootState(replayEvents []tcg.Event, registerCfg registerConfig) (*pb.SecureBootState, error) { attestSbState, err := ParseSecurebootState(replayEvents, registerCfg) if err != nil { return nil, fmt.Errorf("failed to parse SecureBootState: %v", err) } if len(attestSbState.PreSeparatorAuthority) != 0 { return nil, fmt.Errorf("event log contained %v pre-separator authorities, which are not expected or supported", len(attestSbState.PreSeparatorAuthority)) } return &pb.SecureBootState{ Enabled: attestSbState.Enabled, Db: convertToPbDatabase(attestSbState.PermittedKeys, attestSbState.PermittedHashes), Dbx: convertToPbDatabase(attestSbState.ForbiddenKeys, attestSbState.ForbiddenHashes), Authority: convertToPbDatabase(attestSbState.PostSeparatorAuthority, nil), }, nil } // PlatformState extracts platform information from a UEFI TCG2 firmware // event log. func PlatformState(hash crypto.Hash, events []tcg.Event) (*pb.PlatformState, error) { // We pre-compute the separator and EFI Action event hash. // We check if these events have been modified, since the event type is // untrusted. sepInfo := getSeparatorInfo(hash) var versionString []byte var nonHostInfo []byte for _, event := range events { index := event.MRIndex() if index != 0 { continue } evtType := event.UntrustedType() isSeparator, err := checkIfValidSeparator(event, sepInfo) if err != nil { return nil, err } if isSeparator { // Don't trust any PCR0 events after the separator break } if evtType == tcg.SCRTMVersion { if !event.DigestVerified() { return nil, fmt.Errorf("invalid SCRTM version event for PCR%d", index) } versionString = event.RawData() } if evtType == tcg.NonhostInfo { if !event.DigestVerified() { return nil, fmt.Errorf("invalid Non-Host info event for PCR%d", index) } nonHostInfo = event.RawData() } } state := &pb.PlatformState{} if gceVersion, err := wellknown.ConvertSCRTMVersionToGCEFirmwareVersion(versionString); err == nil { state.Firmware = &pb.PlatformState_GceVersion{GceVersion: gceVersion} } else { state.Firmware = &pb.PlatformState_ScrtmVersionId{ScrtmVersionId: versionString} } if tech, err := wellknown.ParseGCENonHostInfo(nonHostInfo); err == nil { state.Technology = tech } return state, nil } // EfiState extracts EFI app information from a UEFI TCG2 firmware // event log. func EfiState(hash crypto.Hash, events []tcg.Event, registerCfg registerConfig) (*pb.EfiState, error) { // We pre-compute various event digests, and check if those event type have // been modified. We only trust events that come before the // ExitBootServices() request. separatorInfo := getSeparatorInfo(hash) hasher := hash.New() hasher.Write([]byte(tcg.CallingEFIApplication)) callingEFIAppDigest := hasher.Sum(nil) hasher.Reset() hasher.Write([]byte(tcg.ExitBootServicesInvocation)) exitBootSvcDigest := hasher.Sum(nil) var efiAppStates []*pb.EfiApp var seenSeparator4 bool var seenSeparator5 bool var seenCallingEfiApp bool var seenExitBootServices bool for _, event := range events { index := event.MRIndex() // MRs corresponding to EFI apps and the Exit Boot Services event. if index != registerCfg.EFIAppIdx && index != registerCfg.ExitBootServicesIdx { continue } evtType := event.UntrustedType() // Switch statements won't work since duplicate cases will get triggered like an if, else-if, else. // Process Calling EFI Application event. // See https://github.com/golang/go/commit/2d9378c7f6dfbbe82d1bbd806093c2dfe57d7e17 // PCRs use different indexes, but RTMRs do not. if index == registerCfg.EFIAppIdx { if bytes.Equal(callingEFIAppDigest, event.ReplayedDigest()) { if evtType != tcg.EFIAction { return nil, fmt.Errorf("%s%d contains CallingEFIApp event but non EFIAction type: %d", registerCfg.Name, index, evtType) } if !event.DigestVerified() { return nil, fmt.Errorf("unverified CallingEFIApp digest for %s%d", registerCfg.Name, index) } // We don't support calling more than one boot device. if seenCallingEfiApp { return nil, fmt.Errorf("found duplicate CallingEFIApp event in %s%d", registerCfg.Name, index) } if seenSeparator4 { return nil, fmt.Errorf("found CallingEFIApp event in %s%d after separator event", registerCfg.Name, index) } seenCallingEfiApp = true } if evtType == tcg.EFIBootServicesApplication { if !seenCallingEfiApp { return nil, fmt.Errorf("found EFIBootServicesApplication in %s%d before CallingEFIApp event", registerCfg.Name, index) } efiAppStates = append(efiAppStates, &pb.EfiApp{Digest: event.ReplayedDigest()}) } isSeparator, err := checkIfValidSeparator(event, separatorInfo) if err != nil { return nil, err } if isSeparator { if seenSeparator4 { return nil, fmt.Errorf("found duplicate Separator event in %s%d", registerCfg.Name, registerCfg.EFIAppIdx) } seenSeparator4 = true } } if index == registerCfg.ExitBootServicesIdx { // Process ExitBootServices event. if bytes.Equal(exitBootSvcDigest, event.ReplayedDigest()) { if evtType != tcg.EFIAction { return nil, fmt.Errorf("%s%d contains ExitBootServices event but non EFIAction type: %d", registerCfg.Name, index, evtType) } if !event.DigestVerified() { return nil, fmt.Errorf("unverified ExitBootServices digest for %s%d", registerCfg.Name, index) } // Don't process any events after Boot Manager has requested // ExitBootServices(). seenExitBootServices = true break } isSeparator, err := checkIfValidSeparator(event, separatorInfo) if err != nil { return nil, err } if isSeparator { if seenSeparator5 { return nil, fmt.Errorf("found duplicate Separator event in %s%d", registerCfg.Name, registerCfg.ExitBootServicesIdx) } seenSeparator5 = true } } } // Only write EFI digests if we see an ExitBootServices invocation. // Otherwise, software further down the bootchain could extend bad // PCR4/RTMR2 measurements. if seenExitBootServices { return &pb.EfiState{Apps: efiAppStates}, nil } return nil, nil } // LinuxKernelStateFromGRUB extracts the kernel command line from GrubState. func LinuxKernelStateFromGRUB(grub *pb.GrubState) (*pb.LinuxKernelState, error) { var cmdline string seen := false for _, command := range grub.GetCommands() { // GRUB config is always in UTF-8: https://www.gnu.org/software/grub/manual/grub/html_node/Internationalisation.html. cmdBytes := []byte(command) suffixAt := getGrubKernelCmdlineSuffix(cmdBytes) if suffixAt == -1 { continue } if seen { return nil, fmt.Errorf("more than one kernel commandline in GRUB commands") } seen = true cmdline = command[suffixAt:] } return &pb.LinuxKernelState{CommandLine: cmdline}, nil } func getGrubKernelCmdlineSuffix(grubCmd []byte) int { for _, prefix := range [][]byte{oldGrubKernelCmdlinePrefix, newGrubKernelCmdlinePrefix} { if bytes.HasPrefix(grubCmd, prefix) { return len(prefix) } } return -1 } golang-github-google-go-eventlog-0.0.2/extract/extract_test.go000066400000000000000000000211741515555264200244670ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. package extract import ( "crypto" "crypto/rand" "encoding/hex" "math/big" "os" "strings" "testing" "github.com/google/go-eventlog/internal/testutil" pb "github.com/google/go-eventlog/proto/state" "github.com/google/go-eventlog/register" "github.com/google/go-eventlog/tcg" "github.com/google/go-eventlog/testdata" ) func TestExtractFirmwareLogStateRTMR(t *testing.T) { tests := []struct { name string mutate func([]tcg.Event) expectErr bool }{ { name: "Happy Path", mutate: func(_ []tcg.Event) {}, }, { name: "Nil Digests", mutate: func(evts []tcg.Event) { for i := range evts { evts[i].Digest = nil } }, expectErr: true, }, { name: "Bad Digests", mutate: func(evts []tcg.Event) { for i := range evts { b := make([]byte, len(evts[i].Digest)) if _, err := rand.Read(b); err != nil { t.Fatal(err) } evts[i].Digest = b } }, expectErr: true, }, { name: "Nil Data", mutate: func(evts []tcg.Event) { for i := range evts { evts[i].Data = nil } }, expectErr: true, }, { name: "Bad Data", mutate: func(evts []tcg.Event) { for i := range evts { b := make([]byte, len(evts[i].Data)) if _, err := rand.Read(b); err != nil { t.Fatal(err) } evts[i].Data = b } }, expectErr: true, }, { name: "Zero Index", mutate: func(evts []tcg.Event) { for i := range evts { evts[i].Index = 0 } }, expectErr: true, }, { name: "Rand Index", mutate: func(evts []tcg.Event) { for i := range evts { bigInt, err := rand.Int(rand.Reader, big.NewInt(25)) if err != nil { t.Fatal(err) } evts[i].Index = int(bigInt.Int64()) } }, expectErr: true, }, { name: "Zero Type", mutate: func(evts []tcg.Event) { for i := range evts { evts[i].Type = 0 } }, expectErr: true, }, { name: "More Separators", mutate: func(evts []tcg.Event) { for i := range evts { evts[i].Type = tcg.Separator } }, expectErr: true, }, { name: "More EFIAction", mutate: func(evts []tcg.Event) { for i := range evts { evts[i].Type = tcg.EFIAction } }, expectErr: true, }, { name: "More IPL", mutate: func(evts []tcg.Event) { for i := range evts { evts[i].Type = tcg.Ipl } }, expectErr: true, }, } for _, tc := range tests { t.Run(tc.name, func(t *testing.T) { evts := getCCELEvents(t) tc.mutate(evts) _, err := FirmwareLogState(evts, crypto.SHA384, RTMRRegisterConfig, Opts{Loader: GRUB}) if (err != nil) != tc.expectErr { t.Errorf("ExtractFirmwareLogState(%v) = got %v, wantErr: %v", tc.name, err, tc.expectErr) } }) } } func TestExtractFirmwareLogStateRTMRNilEvents(t *testing.T) { _, err := FirmwareLogState(nil, crypto.SHA384, RTMRRegisterConfig, Opts{Loader: GRUB}) if err == nil || !strings.Contains(err.Error(), "no GRUB measurements found") { t.Errorf("ExtractFirmwareLogState(nil): got %v, expected error no GRUB measurements found", err) } } func getCCELEvents(t *testing.T) []tcg.Event { elBytes, err := os.ReadFile("../testdata/eventlogs/ccel/cos-113-intel-tdx.bin") if err != nil { t.Fatal(err) } rtmr0 := []byte("?\xa2\xf6\x1f9[\x7f_\xee\xfbN\xc2\xdfa)\x7f\x10\x9aث\xcdd\x10\xc1\xb7\xdf`\xf2\x1f7\xb1\x92\x97\xfc5\xe5D\x03\x9c~\x1e\xde\xceu*\xfd\x17\xf6") rtmr1 := []byte("\xf6-\xbc\a+\xd5\xd3\xf3C\x8b{5Úr\x7fZ\xea/\xfc$s\xf47#\x95?S\r\xafbPO\nyD\xaab\xc4\x1a\x86\xe8\xa8x±\"\xc1") rtmr2 := []byte("IihM\xc8s\x81\xfc;14\x17l\x8d\x88\x06\xea\xf0\xa9\x01\x85\x9f_pϮ\x8d\x17qKF\xc1\n\x8d\xe2\x19\x04\x8c\x9f\xc0\x9f\x11\xf3\x81\xa6\xfb\xe7\xc1") mrs := []register.MR{ register.RTMR{Index: 0, Digest: rtmr0}, register.RTMR{Index: 1, Digest: rtmr1}, register.RTMR{Index: 2, Digest: rtmr2}, } events, err := tcg.ParseAndReplay(elBytes, mrs, tcg.ParseOpts{AllowPadding: true}) if err != nil { t.Fatal(err) } return events } func TestExtractFirmwareLogStateTPM(t *testing.T) { tests := []struct { name string mutate func([]tcg.Event) expectErr bool }{ { name: "Happy Path", mutate: func(_ []tcg.Event) {}, }, { name: "Nil Digests", mutate: func(evts []tcg.Event) { for i := range evts { evts[i].Digest = nil } }, expectErr: true, }, { name: "Bad Digests", mutate: func(evts []tcg.Event) { for i := range evts { b := make([]byte, len(evts[i].Digest)) if _, err := rand.Read(b); err != nil { t.Fatal(err) } evts[i].Digest = b } }, expectErr: true, }, { name: "Nil Data", mutate: func(evts []tcg.Event) { for i := range evts { evts[i].Data = nil } }, expectErr: true, }, { name: "Bad Data", mutate: func(evts []tcg.Event) { for i := range evts { b := make([]byte, len(evts[i].Data)) if _, err := rand.Read(b); err != nil { t.Fatal(err) } evts[i].Data = b } }, expectErr: true, }, { name: "Zero Index", mutate: func(evts []tcg.Event) { for i := range evts { evts[i].Index = 0 } }, expectErr: true, }, { name: "Rand Index", mutate: func(evts []tcg.Event) { for i := range evts { bigInt, err := rand.Int(rand.Reader, big.NewInt(25)) if err != nil { t.Fatal(err) } evts[i].Index = int(bigInt.Int64()) } }, expectErr: true, }, { name: "Zero Type", mutate: func(evts []tcg.Event) { for i := range evts { evts[i].Type = 0 } }, expectErr: true, }, { name: "More Separators", mutate: func(evts []tcg.Event) { for i := range evts { evts[i].Type = tcg.Separator } }, expectErr: true, }, { name: "More EFIAction", mutate: func(evts []tcg.Event) { for i := range evts { evts[i].Type = tcg.EFIAction } }, expectErr: true, }, { name: "More IPL", mutate: func(evts []tcg.Event) { for i := range evts { evts[i].Type = tcg.Ipl } }, expectErr: true, }, } for _, tc := range tests { t.Run(tc.name, func(t *testing.T) { hash, evts := getTPMELEvents(t) tc.mutate(evts) _, err := FirmwareLogState(evts, hash, TPMRegisterConfig, Opts{Loader: GRUB}) if (err != nil) != tc.expectErr { t.Errorf("ExtractFirmwareLogState(%v) = got %v, wantErr: %v", tc.name, err, tc.expectErr) } }) } } func TestExtractFirmwareLogStateTPMNilEvents(t *testing.T) { _, err := FirmwareLogState(nil, crypto.SHA384, TPMRegisterConfig, Opts{Loader: GRUB}) if err == nil || !strings.Contains(err.Error(), "no GRUB measurements found") { t.Errorf("ExtractFirmwareLogState(nil): got %v, expected error no GRUB measurements found", err) } } func getTPMELEvents(t *testing.T) (crypto.Hash, []tcg.Event) { log := testdata.Ubuntu2404AmdSevSnpEventLog bank := testutil.MakePCRBank(pb.HashAlgo_SHA256, map[uint32][]byte{ 0: decodeHex("50597a27846e91d025eef597abbc89f72bff9af849094db97b0684d8bc4c515e"), 1: decodeHex("57344e1cc8c6619413df33013a7cd67915459f967395af41db21c1fa7ca9c307"), 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 4: decodeHex("abe8b3fa6aecb36c2fd93c6f6edde661c21b353d007410a2739d69bfa7e1b9be"), 5: decodeHex("0b0e1903aeb1bff649b82dba2cdcf5c4ffb75027e54f151ab00b3b989f16a300"), 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 7: decodeHex("33ad69850fb2c7f30b4f8b4bc10ed93fc954dc07fa726e84f50f3d192dc1c140"), 8: decodeHex("6932a3f71dc55ad3c1a6ac2196eeac26a1b7164b6bbfa106625d94088ec3ecc3"), 9: decodeHex("ce08798b283c7a0ddc5e9ad1d602304b945b741fc60c20e254eafa0f4782512b"), 14: decodeHex("306f9d8b94f17d93dc6e7cf8f5c79d652eb4c6c4d13de2dddc24af416e13ecaf"), }) cryptoHash, err := bank.CryptoHash() if err != nil { t.Fatal(err) } events, err := tcg.ParseAndReplay(log, bank.MRs(), tcg.ParseOpts{}) if err != nil { t.Fatal(err) } return cryptoHash, events } func decodeHex(hexStr string) []byte { bytes, err := hex.DecodeString(hexStr) if err != nil { panic(err) } return bytes } golang-github-google-go-eventlog-0.0.2/extract/pcr.go000066400000000000000000000050231515555264200225350ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. package extract import ( "bytes" "crypto" "encoding/hex" "errors" "fmt" pb "github.com/google/go-eventlog/proto/state" "github.com/google/go-eventlog/tcg" ) // GrubStateFromTPMLog extracts GRUB commands from PCR8 and GRUB files from 9. func GrubStateFromTPMLog(hash crypto.Hash, events []tcg.Event) (*pb.GrubState, error) { var files []*pb.GrubFile var commands []string for eventNum, event := range events { index := event.MRIndex() if index != 8 && index != 9 { continue } // Skip parsing EV_EVENT_TAG event since it likely comes from Linux. if event.UntrustedType() == tcg.EventTag { continue } if event.UntrustedType() != tcg.Ipl { return nil, fmt.Errorf("invalid event type for PCR%d, expected EV_IPL", index) } if index == 9 { files = append(files, &pb.GrubFile{Digest: event.ReplayedDigest(), UntrustedFilename: event.RawData()}) } else if index == 8 { hasher := hash.New() suffixAt := -1 rawData := event.RawData() for _, prefix := range validPrefixes { if bytes.HasPrefix(rawData, prefix) { suffixAt = len(prefix) break } } if suffixAt == -1 { return nil, fmt.Errorf("invalid prefix seen for PCR%d event: %s", index, rawData) } hasher.Write(rawData[suffixAt : len(rawData)-1]) if !bytes.Equal(event.ReplayedDigest(), hasher.Sum(nil)) { // Older GRUBs measure "grub_cmd " with the null terminator. // However, "grub_kernel_cmdline " measurements also ignore the null terminator. hasher.Reset() hasher.Write(rawData[suffixAt:]) if !bytes.Equal(event.ReplayedDigest(), hasher.Sum(nil)) { return nil, fmt.Errorf("invalid digest seen for GRUB event %d: %s", eventNum, hex.EncodeToString(event.ReplayedDigest())) } } hasher.Reset() commands = append(commands, string(rawData)) } } if len(files) == 0 && len(commands) == 0 { return nil, errors.New("no GRUB measurements found") } return &pb.GrubState{Files: files, Commands: commands}, nil } golang-github-google-go-eventlog-0.0.2/extract/registerconfig.go000066400000000000000000000066111515555264200247670ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. package extract import ( "crypto" pb "github.com/google/go-eventlog/proto/state" "github.com/google/go-eventlog/tcg" ) // registerConfig contains the measurement register technology-specific indexes // expected to contain the events corresponding to various states, like EFI // and Secure Boot states. // This uses the event log-encoded index, e.g., PCR or CC MR (not RTMR). type registerConfig struct { Name string FirmwareDriverIdx uint32 SecureBootIdx uint32 EFIAppIdx uint32 ExitBootServicesIdx uint32 GRUBCmdIdx uint32 GRUBFileIdx uint32 GRUBExtracter func(crypto.Hash, []tcg.Event) (*pb.GrubState, error) PlatformExtracter func(crypto.Hash, []tcg.Event) (*pb.PlatformState, error) AdditionalSecureBootIdxEvents map[tcg.EventType]bool } // TPMRegisterConfig configures the expected indexes and event types for // TPM-based event logs. var TPMRegisterConfig = registerConfig{ Name: "PCR", FirmwareDriverIdx: 2, SecureBootIdx: 7, EFIAppIdx: 4, ExitBootServicesIdx: 5, GRUBCmdIdx: 8, GRUBFileIdx: 9, GRUBExtracter: GrubStateFromTPMLog, PlatformExtracter: PlatformState, // AdditionalSecureBootIdxEvents is empty since // eventparse.ParseSecurebootState encodes all the current allowable types // for PCR 7. } // RTMRRegisterConfig configures the expected indexes and event types for // RTMR-based event logs. var RTMRRegisterConfig = registerConfig{ Name: "RTMR", // CCMR2=RTMR[1]=PCR[2] FirmwareDriverIdx: 2, // CCMR1=RTMR[0]=PCR[7] SecureBootIdx: 1, // CCMR2=RTMR[1]=PCR[4] EFIAppIdx: 2, /// CCMR2=RTMR[1]=PCR[5] ExitBootServicesIdx: 2, // CCMR3=RTMR[2]=PCR[8] GRUBCmdIdx: 3, // CCMR3=RTMR[2]=PCR[9] GRUBFileIdx: 3, GRUBExtracter: GrubStateFromRTMRLog, PlatformExtracter: func(_ crypto.Hash, _ []tcg.Event) (*pb.PlatformState, error) { return &pb.PlatformState{Technology: pb.GCEConfidentialTechnology_INTEL_TDX}, nil }, // RTMR[0] maps to both PCR[1] and PCR[7]. // Pulled from "Table 27 Events" in // "TCG PC Client Platform Firmware Profile Specification" AdditionalSecureBootIdxEvents: map[tcg.EventType]bool{ tcg.CPUMicrocode: true, tcg.PlatformConfigFlags: true, tcg.TableOfDevices: true, tcg.NonhostConfig: true, tcg.EFIVariableDriverConfig: true, tcg.EFIVariableBoot: true, tcg.EFIAction: true, tcg.EFIHandoffTables2: true, tcg.EFIVariableBoot2: true, // https://github.com/tianocore/edk2/blob/a29a9cce5f9afa32560d966e501247246ec96ef6/OvmfPkg/IntelTdx/TdxHelperLib/TdxMeasurementHob.c#L245 // The following is not spec-compliant for PCR 1 or 7. The spec says [0, 2, 4]. tcg.EFIPlatformFirmwareBlob2: true, }, } golang-github-google-go-eventlog-0.0.2/extract/rtmr.go000066400000000000000000000043471515555264200227450ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. package extract import ( "bytes" "crypto" "encoding/hex" "errors" "fmt" pb "github.com/google/go-eventlog/proto/state" "github.com/google/go-eventlog/tcg" ) // GrubStateFromRTMRLog extracts GRUB commands from RTMR2. func GrubStateFromRTMRLog(hash crypto.Hash, events []tcg.Event) (*pb.GrubState, error) { var commands []string for eventNum, event := range events { ccMRIndex := event.MRIndex() if ccMRIndex != 3 { continue } // Skip parsing EV_EVENT_TAG event since it likely comes from Linux. if event.UntrustedType() == tcg.EventTag { continue } if event.UntrustedType() != tcg.Ipl { return nil, fmt.Errorf("invalid event type %v for PCR%d, expected EV_IPL", event.UntrustedType().String(), ccMRIndex) } hasher := hash.New() suffixAt := -1 rawData := event.RawData() for _, prefix := range validPrefixes { if bytes.HasPrefix(rawData, prefix) { suffixAt = len(prefix) break } } if suffixAt == -1 { continue } hasher.Write(rawData[suffixAt : len(rawData)-1]) if !bytes.Equal(event.ReplayedDigest(), hasher.Sum(nil)) { // Older GRUBs measure "grub_cmd " with the null terminator. // However, "grub_kernel_cmdline " measurements also ignore the null terminator. hasher.Reset() hasher.Write(rawData[suffixAt:]) if !bytes.Equal(event.ReplayedDigest(), hasher.Sum(nil)) { return nil, fmt.Errorf("invalid digest seen for GRUB event %d: %s", eventNum, hex.EncodeToString(event.ReplayedDigest())) } } hasher.Reset() commands = append(commands, string(rawData)) } if len(commands) == 0 { return nil, errors.New("no GRUB measurements found") } return &pb.GrubState{Commands: commands}, nil } golang-github-google-go-eventlog-0.0.2/extract/secureboot.go000066400000000000000000000271701515555264200241320ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. package extract import ( "bytes" "crypto/x509" "errors" "fmt" "github.com/google/go-eventlog/tcg" ) // SecurebootState describes the secure boot status of a machine, as determined // by processing its event log. type SecurebootState struct { Enabled bool // PlatformKeys enumerates keys which can sign a key exchange key. PlatformKeys []x509.Certificate // PlatformKeys enumerates key hashes which can sign a key exchange key. PlatformKeyHashes [][]byte // ExchangeKeys enumerates keys which can sign a database of permitted or // forbidden keys. ExchangeKeys []x509.Certificate // ExchangeKeyHashes enumerates key hashes which can sign a database or // permitted or forbidden keys. ExchangeKeyHashes [][]byte // PermittedKeys enumerates keys which may sign binaries to run. PermittedKeys []x509.Certificate // PermittedHashes enumerates hashes which permit binaries to run. PermittedHashes [][]byte // ForbiddenKeys enumerates keys which must not permit a binary to run. ForbiddenKeys []x509.Certificate // ForbiddenKeys enumerates hashes which must not permit a binary to run. ForbiddenHashes [][]byte // PreSeparatorAuthority describes the use of a secure-boot key to authorize // the execution of a binary before the separator. PreSeparatorAuthority []x509.Certificate // PostSeparatorAuthority describes the use of a secure-boot key to authorize // the execution of a binary after the separator. PostSeparatorAuthority []x509.Certificate // DriverLoadSourceHints describes the origin of boot services drivers. // This data is not tamper-proof and must only be used as a hint. DriverLoadSourceHints []DriverLoadSource // DMAProtectionDisabled is true if the platform reports during boot that // DMA protection is supported but disabled. // // See: https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-kernel-dma-protection DMAProtectionDisabled bool } // DriverLoadSource describes the logical origin of a boot services driver. type DriverLoadSource uint8 // Known sources for loaded drivers. const ( UnknownSource DriverLoadSource = iota PciMmioSource ) // ParseSecurebootStateLegacy parses a series of events to determine the // configuration of secure boot on a device. An error is returned if // the state cannot be determined, or if the event log is structured // in such a way that it may have been tampered post-execution of // platform firmware. // ParseSecurebootStateLegacy assumes events are sourced from a TPM event // log. It is meant for use with go-attestation. func ParseSecurebootStateLegacy(events []tcg.Event) (*SecurebootState, error) { // This algorithm verifies the following: // - All events in PCR 7 have event types which are expected in PCR 7. // - All events are parsable according to their event type. // - All events have digests values corresponding to their data/event type. // - No unverifiable events were present. // - All variables are specified before the separator and never duplicated. // - The SecureBoot variable has a value of 0 or 1. // - If SecureBoot was 1 (enabled), authority events were present indicating // keys were used to perform verification. // - If SecureBoot was 1 (enabled), platform + exchange + database keys // were specified. // - No UEFI debugger was attached. return ParseSecurebootState(events, TPMRegisterConfig) } // ParseSecurebootState parses a series of events to determine the // configuration of secure boot on a device. An error is returned if // the state cannot be determined, or if the event log is structured // in such a way that it may have been tampered post-execution of // platform firmware. func ParseSecurebootState(events []tcg.Event, registerCfg registerConfig) (*SecurebootState, error) { var ( out SecurebootState seenSeparator7 bool seenSeparator2 bool seenAuthority bool seenVars = map[string]bool{} driverSources [][]tcg.EFIDevicePathElement ) for _, e := range events { if e.MRIndex() != registerCfg.SecureBootIdx && e.MRIndex() != registerCfg.FirmwareDriverIdx { continue } et, err := tcg.UntrustedParseEventType(uint32(e.UntrustedType())) if err != nil { return nil, fmt.Errorf("unrecognised event type: %v", err) } digestVerify := DigestEquals(e, e.RawData()) switch e.MRIndex() { case registerCfg.SecureBootIdx: switch et { case tcg.Separator: if seenSeparator7 { return nil, fmt.Errorf("duplicate separator at event %d", e.Num()) } seenSeparator7 = true if !bytes.Equal(e.RawData(), []byte{0, 0, 0, 0}) { return nil, fmt.Errorf("invalid separator data at event %d: %v", e.Num(), e.RawData()) } if digestVerify != nil { return nil, fmt.Errorf("invalid separator digest at event %d: %v", e.Num(), digestVerify) } case tcg.EFIAction: switch string(e.RawData()) { case "UEFI Debug Mode": return nil, errors.New("a UEFI debugger was present during boot") case "DMA Protection Disabled": if digestVerify != nil { return nil, fmt.Errorf("invalid digest for EFI Action 'DMA Protection Disabled' on event %d: %v", e.Num(), digestVerify) } out.DMAProtectionDisabled = true default: return nil, fmt.Errorf("event %d: unexpected EFI action event", e.Num()) } case tcg.EFIVariableDriverConfig: v, err := tcg.ParseUEFIVariableData(bytes.NewReader(e.RawData())) if err != nil { return nil, fmt.Errorf("failed parsing EFI variable at event %d: %v", e.Num(), err) } if _, seenBefore := seenVars[v.VarName()]; seenBefore { return nil, fmt.Errorf("duplicate EFI variable %q at event %d", v.VarName(), e.Num()) } seenVars[v.VarName()] = true if seenSeparator7 { return nil, fmt.Errorf("event %d: variable %q specified after separator", e.Num(), v.VarName()) } if digestVerify != nil { return nil, fmt.Errorf("invalid digest for variable %q on event %d: %v", v.VarName(), e.Num(), digestVerify) } switch v.VarName() { case "SecureBoot": if len(v.VariableData) != 1 { return nil, fmt.Errorf("event %d: SecureBoot data len is %d, expected 1", e.Num(), len(v.VariableData)) } out.Enabled = v.VariableData[0] == 1 case "PK": if out.PlatformKeys, out.PlatformKeyHashes, err = v.SignatureData(); err != nil { return nil, fmt.Errorf("event %d: failed parsing platform keys: %v", e.Num(), err) } case "KEK": if out.ExchangeKeys, out.ExchangeKeyHashes, err = v.SignatureData(); err != nil { return nil, fmt.Errorf("event %d: failed parsing key exchange keys: %v", e.Num(), err) } case "db": if out.PermittedKeys, out.PermittedHashes, err = v.SignatureData(); err != nil { return nil, fmt.Errorf("event %d: failed parsing signature database: %v", e.Num(), err) } case "dbx": if out.ForbiddenKeys, out.ForbiddenHashes, err = v.SignatureData(); err != nil { return nil, fmt.Errorf("event %d: failed parsing forbidden signature database: %v", e.Num(), err) } } case tcg.EFIVariableAuthority: v, err := tcg.ParseUEFIVariableData(bytes.NewReader(e.RawData())) if err != nil { return nil, fmt.Errorf("failed parsing UEFI variable data: %v", err) } a, err := tcg.ParseUEFIVariableAuthority(v) if err != nil { // Workaround for: https://github.com/google/go-attestation/issues/157 if err == tcg.ErrSigMissingGUID { // Versions of shim which do not carry // https://github.com/rhboot/shim/commit/8a27a4809a6a2b40fb6a4049071bf96d6ad71b50 // have an erroneous additional byte in the event, which breaks digest // verification. If verification failed, we try removing the last byte. if digestVerify != nil && len(e.RawData()) > 0 { digestVerify = DigestEquals(e, e.RawData()[:len(e.RawData())-1]) } } else { return nil, fmt.Errorf("failed parsing EFI variable authority at event %d: %v", e.Num(), err) } } seenAuthority = true if digestVerify != nil { return nil, fmt.Errorf("invalid digest for authority on event %d: %v", e.Num(), digestVerify) } if !seenSeparator7 { out.PreSeparatorAuthority = append(out.PreSeparatorAuthority, a.Certs...) } else { out.PostSeparatorAuthority = append(out.PostSeparatorAuthority, a.Certs...) } default: if _, ok := registerCfg.AdditionalSecureBootIdxEvents[et]; ok { continue } return nil, fmt.Errorf("unexpected event type in MR%d: %v", e.MRIndex(), et) } case registerCfg.FirmwareDriverIdx: switch et { case tcg.Separator: if seenSeparator2 { return nil, fmt.Errorf("duplicate separator at event %d", e.Num()) } seenSeparator2 = true if !bytes.Equal(e.RawData(), []byte{0, 0, 0, 0}) { return nil, fmt.Errorf("invalid separator data at event %d: %v", e.Num(), e.RawData()) } if digestVerify != nil { return nil, fmt.Errorf("invalid separator digest at event %d: %v", e.Num(), digestVerify) } case tcg.EFIBootServicesDriver: if !seenSeparator2 { imgLoad, err := tcg.ParseEFIImageLoad(bytes.NewReader(e.RawData())) if err != nil { return nil, fmt.Errorf("failed parsing EFI image load at boot services driver event %d: %v", e.Num(), err) } dp, err := imgLoad.DevicePath() if err != nil { return nil, fmt.Errorf("failed to parse device path for driver load event %d: %v", e.Num(), err) } driverSources = append(driverSources, dp) } } } } // Compute driver source hints based on the EFI device path observed in // EFI Boot-services driver-load events. sourceLoop: for _, source := range driverSources { // We consider a driver to have originated from PCI-MMIO if any number // of elements in the device path [1] were PCI devices, and are followed by // an element representing a "relative offset range" read. // In the wild, we have typically observed 4-tuple device paths for such // devices: ACPI device -> PCI device -> PCI device -> relative offset. // // [1]: See section 9 of the UEFI specification v2.6 or greater. var seenPCI bool for _, e := range source { // subtype 0x1 corresponds to a PCI device (See: 9.3.2.1) if e.Type == tcg.HardwareDevice && e.Subtype == 0x1 { seenPCI = true } // subtype 0x8 corresponds to "relative offset range" (See: 9.3.6.8) if seenPCI && e.Type == tcg.MediaDevice && e.Subtype == 0x8 { out.DriverLoadSourceHints = append(out.DriverLoadSourceHints, PciMmioSource) continue sourceLoop } } out.DriverLoadSourceHints = append(out.DriverLoadSourceHints, UnknownSource) } if !out.Enabled { return &out, nil } if !seenAuthority { return nil, errors.New("secure boot was enabled but no key was used") } if len(out.PlatformKeys) == 0 && len(out.PlatformKeyHashes) == 0 { return nil, errors.New("secure boot was enabled but no platform keys were known") } if len(out.ExchangeKeys) == 0 && len(out.ExchangeKeyHashes) == 0 { return nil, errors.New("secure boot was enabled but no key exchange keys were known") } if len(out.PermittedKeys) == 0 && len(out.PermittedHashes) == 0 { return nil, errors.New("secure boot was enabled but no keys or hashes were permitted") } return &out, nil } golang-github-google-go-eventlog-0.0.2/extract/secureboot_test.go000066400000000000000000000322351515555264200251670ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. package extract_test import ( "crypto" "encoding/base64" "encoding/json" "os" "testing" "github.com/google/go-eventlog/extract" "github.com/google/go-eventlog/internal/testutil" "github.com/google/go-eventlog/proto/state" "github.com/google/go-eventlog/register" "github.com/google/go-eventlog/tcg" ) func TestSecureBoot(t *testing.T) { data, err := os.ReadFile("../testdata/legacydata/windows_gcp_shielded_vm.json") if err != nil { t.Fatalf("reading test data: %v", err) } var dump testutil.Dump if err := json.Unmarshal(data, &dump); err != nil { t.Fatalf("parsing test data: %v", err) } el, err := tcg.ParseEventLog(dump.Log.Raw, tcg.ParseOpts{}) if err != nil { t.Fatalf("parsing event log: %v", err) } logBank := register.PCRBank{ TCGHashAlgo: state.HashAlgo(dump.Log.PCRAlg), PCRs: dump.Log.PCRs} events, err := el.Verify(logBank.MRs()) if err != nil { t.Fatalf("validating event log: %v", err) } sbState, err := extract.ParseSecurebootState(events, extract.TPMRegisterConfig) if err != nil { t.Fatalf("ExtractSecurebootState() failed: %v", err) } if got, want := sbState.Enabled, true; got != want { t.Errorf("secureboot.Enabled = %v, want %v", got, want) } } // See: https://github.com/google/go-attestation/issues/157 func TestSecureBootBug157(t *testing.T) { raw, err := os.ReadFile("../testdata/legacydata/sb_cert_eventlog") if err != nil { t.Fatalf("reading test data: %v", err) } elr, err := tcg.ParseEventLog(raw, tcg.ParseOpts{}) if err != nil { t.Fatalf("parsing event log: %v", err) } pcrs := []register.PCR{ {Index: '\x00', Digest: []byte("Q\xc3#\xde\f\fiOF\x01\xcd\xd0+\xebX\xff\x13b\x9ft"), DigestAlg: crypto.SHA1}, {Index: '\x01', Digest: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), DigestAlg: crypto.SHA1}, {Index: '\x02', Digest: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), DigestAlg: crypto.SHA1}, {Index: '\x03', Digest: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), DigestAlg: crypto.SHA1}, {Index: '\x04', Digest: []byte("\xb7q\x00\x8d\x17<\x02+\xc1oKM\x1a\u007f\x8b\x99\xed\x88\xee\xb1"), DigestAlg: crypto.SHA1}, {Index: '\x05', Digest: []byte("\xd79j\xc6\xe8\x87\xda\"ޠ;@\x95/p\xb8\xdbҩ\x96"), DigestAlg: crypto.SHA1}, {Index: '\x06', Digest: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), DigestAlg: crypto.SHA1}, {Index: '\a', Digest: []byte("E\xa8b\x1d4\xa5}\xf2\xb2\xe7\xf1L\x92\xb9\x9a\xc8\xde}X\x05"), DigestAlg: crypto.SHA1}, {Index: '\b', Digest: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), DigestAlg: crypto.SHA1}, {Index: '\t', Digest: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), DigestAlg: crypto.SHA1}, {Index: '\n', Digest: []byte("\x82\x84\x10>\x06\xd4\x01\"\xbcd\xa0䡉\x1a\xf9\xec\xd4\\\xf6"), DigestAlg: crypto.SHA1}, {Index: '\v', Digest: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), DigestAlg: crypto.SHA1}, {Index: '\f', Digest: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), DigestAlg: crypto.SHA1}, {Index: '\r', Digest: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), DigestAlg: crypto.SHA1}, {Index: '\x0e', Digest: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), DigestAlg: crypto.SHA1}, {Index: '\x0f', Digest: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), DigestAlg: crypto.SHA1}, {Index: '\x10', Digest: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), DigestAlg: crypto.SHA1}, {Index: '\x11', Digest: []byte("\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"), DigestAlg: crypto.SHA1}, {Index: '\x12', Digest: []byte("\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"), DigestAlg: crypto.SHA1}, {Index: '\x13', Digest: []byte("\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"), DigestAlg: crypto.SHA1}, {Index: '\x14', Digest: []byte("\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"), DigestAlg: crypto.SHA1}, {Index: '\x15', Digest: []byte("\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"), DigestAlg: crypto.SHA1}, {Index: '\x16', Digest: []byte("\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"), DigestAlg: crypto.SHA1}, {Index: '\x17', Digest: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), DigestAlg: crypto.SHA1}, {Index: '\x00', Digest: []byte("\xfc\xec\xb5j\xcc08b\xb3\x0e\xb3Bę\v\xebP\xb5ૉr$I\xc2٧?7\xb0\x19\xfe"), DigestAlg: crypto.SHA256}, {Index: '\x01', Digest: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), DigestAlg: crypto.SHA256}, {Index: '\x02', Digest: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), DigestAlg: crypto.SHA256}, {Index: '\x03', Digest: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), DigestAlg: crypto.SHA256}, {Index: '\x04', Digest: []byte("\xa9)h\x80oy_\xa3D5\xd9\xf1\x18\x13hL\xa1\xe7\x05`w\xf7\x00\xbaI\xf2o\x99b\xf8m\x89"), DigestAlg: crypto.SHA256}, {Index: '\x05', Digest: []byte("̆\x18\xb7y2\xb4\xef\xda\x12\xccX\xba\xd9>\xcdѕ\x9d\xea)\xe5\xabyE%\xa6\x19\xf5\xba\xab\xee"), DigestAlg: crypto.SHA256}, {Index: '\x06', Digest: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), DigestAlg: crypto.SHA256}, {Index: '\a', Digest: []byte("Q\xb3\x04\x88\xc9\xe6%]\x82+\xdc\x1b ٩,2\xbd\xe6\xc3\xe7\xbc\x02\xbc\xdd2\x82^\xb5\xef\x06\x9a"), DigestAlg: crypto.SHA256}, {Index: '\b', Digest: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), DigestAlg: crypto.SHA256}, {Index: '\t', Digest: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), DigestAlg: crypto.SHA256}, {Index: '\n', Digest: []byte("\xc3l\x9a\xb1\x10\x9b\xa0\x8a?dX!\x18\xf8G\x1a]i[\xc9#\xa0\xa2\xbd\x04]\xb1K\x97OB9"), DigestAlg: crypto.SHA256}, {Index: '\v', Digest: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), DigestAlg: crypto.SHA256}, {Index: '\f', Digest: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), DigestAlg: crypto.SHA256}, {Index: '\r', Digest: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), DigestAlg: crypto.SHA256}, {Index: '\x0e', Digest: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), DigestAlg: crypto.SHA256}, {Index: '\x0f', Digest: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), DigestAlg: crypto.SHA256}, {Index: '\x10', Digest: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), DigestAlg: crypto.SHA256}, {Index: '\x11', Digest: []byte("\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"), DigestAlg: crypto.SHA256}, {Index: '\x12', Digest: []byte("\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"), DigestAlg: crypto.SHA256}, {Index: '\x13', Digest: []byte("\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"), DigestAlg: crypto.SHA256}, {Index: '\x14', Digest: []byte("\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"), DigestAlg: crypto.SHA256}, {Index: '\x15', Digest: []byte("\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"), DigestAlg: crypto.SHA256}, {Index: '\x16', Digest: []byte("\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"), DigestAlg: crypto.SHA256}, {Index: '\x17', Digest: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), DigestAlg: crypto.SHA256}, } events, err := elr.Verify(register.PCRBank{TCGHashAlgo: state.HashAlgo_SHA1, PCRs: pcrs}.MRs()) if err != nil { t.Fatalf("failed to verify log: %v", err) } sbs, err := extract.ParseSecurebootState(events, extract.TPMRegisterConfig) if err != nil { t.Fatalf("failed parsing secureboot state: %v", err) } if got, want := len(sbs.PostSeparatorAuthority), 3; got != want { t.Errorf("len(sbs.PostSeparatorAuthority) = %d, want %d", got, want) } } func b64MustDecode(input string) []byte { b, err := base64.StdEncoding.DecodeString(input) if err != nil { panic(err) } return b } func TestSecureBootOptionRom(t *testing.T) { raw, err := os.ReadFile("../testdata/legacydata/option_rom_eventlog") if err != nil { t.Fatalf("reading test data: %v", err) } elr, err := tcg.ParseEventLog(raw, tcg.ParseOpts{}) if err != nil { t.Fatalf("parsing event log: %v", err) } pcrs := []register.PCR{ {Index: '\x00', Digest: b64MustDecode("AVGK7ch6DvUF0nJh74NYCefaAIY="), DigestAlg: crypto.SHA1}, {Index: '\x01', Digest: b64MustDecode("vr/0wIpmd0c6tgTO3vuC+FDN6IM="), DigestAlg: crypto.SHA1}, {Index: '\x02', Digest: b64MustDecode("NmoxoMB1No8OEIVzM+ou1uigD9M="), DigestAlg: crypto.SHA1}, {Index: '\x03', Digest: b64MustDecode("sqg7Dr8vg3Qpmlsr38MeqVWtcjY="), DigestAlg: crypto.SHA1}, {Index: '\x04', Digest: b64MustDecode("OfOIw5WekEaUcm9MAVttzq4GgKE="), DigestAlg: crypto.SHA1}, {Index: '\x05', Digest: b64MustDecode("cjoFIM9/KXhUh0K9FUFwayRGRZ4="), DigestAlg: crypto.SHA1}, {Index: '\x06', Digest: b64MustDecode("sqg7Dr8vg3Qpmlsr38MeqVWtcjY="), DigestAlg: crypto.SHA1}, {Index: '\x07', Digest: b64MustDecode("IN59+6a838ytrX4+sJnJHU2Xxa0="), DigestAlg: crypto.SHA1}, } events, err := elr.Verify(register.PCRBank{TCGHashAlgo: state.HashAlgo_SHA1, PCRs: pcrs}.MRs()) if err != nil { t.Errorf("failed to verify log: %v", err) } sbs, err := extract.ParseSecurebootState(events, extract.TPMRegisterConfig) if err != nil { t.Errorf("failed parsing secureboot state: %v", err) } if got, want := len(sbs.PostSeparatorAuthority), 2; got != want { t.Errorf("len(sbs.PostSeparatorAuthority) = %d, want %d", got, want) } if got, want := len(sbs.DriverLoadSourceHints), 1; got != want { t.Fatalf("len(sbs.DriverLoadSourceHints) = %d, want %d", got, want) } if got, want := sbs.DriverLoadSourceHints[0], extract.PciMmioSource; got != want { t.Errorf("sbs.DriverLoadSourceHints[0] = %v, want %v", got, want) } } func TestSecureBootEventLogUbuntu(t *testing.T) { data, err := os.ReadFile("../testdata/legacydata/ubuntu_2104_shielded_vm_no_secure_boot_eventlog") if err != nil { t.Fatalf("reading test data: %v", err) } el, err := tcg.ParseEventLog(data, tcg.ParseOpts{}) if err != nil { t.Fatalf("parsing event log: %v", err) } evts := el.Events(register.HashSHA256) if err != nil { t.Fatalf("verifying event log: %v", err) } _, err = extract.ParseSecurebootState(evts, extract.TPMRegisterConfig) if err != nil { t.Errorf("parsing sb state: %v", err) } } func TestSecureBootEventLogFedora36(t *testing.T) { data, err := os.ReadFile("../testdata/legacydata/coreos_36_shielded_vm_no_secure_boot_eventlog") if err != nil { t.Fatalf("reading test data: %v", err) } el, err := tcg.ParseEventLog(data, tcg.ParseOpts{}) if err != nil { t.Fatalf("parsing event log: %v", err) } evts := el.Events(register.HashSHA256) if err != nil { t.Fatalf("verifying event log: %v", err) } _, err = extract.ParseSecurebootState(evts, extract.TPMRegisterConfig) if err != nil { t.Errorf("parsing sb state: %v", err) } } golang-github-google-go-eventlog-0.0.2/extract/util.go000066400000000000000000000026661515555264200227400ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. package extract import ( "bytes" "crypto" "crypto/sha1" "crypto/sha256" "errors" "fmt" "github.com/google/go-eventlog/tcg" ) // DigestEquals returns an error if the Event digest does not match the slice. func DigestEquals(e tcg.Event, b []byte) error { digest := e.ReplayedDigest() if len(digest) == 0 { return errors.New("no digests present") } switch len(digest) { case crypto.SHA384.Size(): hasher := crypto.SHA384.New() hasher.Write(b) if bytes.Equal(hasher.Sum(nil), digest) { return nil } case crypto.SHA256.Size(): s := sha256.Sum256(b) if bytes.Equal(s[:], digest) { return nil } case crypto.SHA1.Size(): s := sha1.Sum(b) if bytes.Equal(s[:], digest) { return nil } default: return fmt.Errorf("cannot compare hash of length %d", len(digest)) } return fmt.Errorf("digest (len %d) does not match", len(digest)) } golang-github-google-go-eventlog-0.0.2/go.mod000066400000000000000000000003171515555264200210570ustar00rootroot00000000000000module github.com/google/go-eventlog go 1.20 require ( github.com/google/go-cmp v0.6.0 github.com/google/go-tpm v0.9.0 google.golang.org/protobuf v1.34.2 ) require golang.org/x/sys v0.19.0 // indirect golang-github-google-go-eventlog-0.0.2/go.sum000066400000000000000000000012241515555264200211020ustar00rootroot00000000000000github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-tpm v0.9.0 h1:sQF6YqWMi+SCXpsmS3fd21oPy/vSddwZry4JnmltHVk= github.com/google/go-tpm v0.9.0/go.mod h1:FkNVkc6C+IsvDI9Jw1OveJmxGZUUaKxtrpOS47QWKfU= golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= golang-github-google-go-eventlog-0.0.2/internal/000077500000000000000000000000001515555264200215645ustar00rootroot00000000000000golang-github-google-go-eventlog-0.0.2/internal/testutil/000077500000000000000000000000001515555264200234415ustar00rootroot00000000000000golang-github-google-go-eventlog-0.0.2/internal/testutil/dump.go000066400000000000000000000017251515555264200247420ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. // Package testutil includes utilities for event log tests. package testutil import ( "github.com/google/go-eventlog/register" "github.com/google/go-tpm/legacy/tpm2" ) // Dump describes the layout of serialized information from the dump command. type Dump struct { Log struct { PCRs []register.PCR PCRAlg tpm2.Algorithm Raw []byte // The measured boot log in binary form. } } golang-github-google-go-eventlog-0.0.2/internal/testutil/testutil.go000066400000000000000000000023641515555264200256520ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. package testutil import ( pb "github.com/google/go-eventlog/proto/state" "github.com/google/go-eventlog/register" ) // MakePCRBank takes a hash and a map of index to digest and creates the // corresponding PCRBank. func MakePCRBank(hashAlgo pb.HashAlgo, pcrIdxToDigest map[uint32][]byte) register.PCRBank { pcrs := make([]register.PCR, 0, len(pcrIdxToDigest)) digestAlg, err := hashAlgo.CryptoHash() if err != nil { panic(err) } for pcrIdx, digest := range pcrIdxToDigest { pcrs = append(pcrs, register.PCR{ Index: int(pcrIdx), Digest: digest, DigestAlg: digestAlg, }) } return register.PCRBank{ TCGHashAlgo: hashAlgo, PCRs: pcrs, } } golang-github-google-go-eventlog-0.0.2/legacy/000077500000000000000000000000001515555264200212145ustar00rootroot00000000000000golang-github-google-go-eventlog-0.0.2/legacy/legacyevent.go000066400000000000000000000036651515555264200240630ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. // Package legacy contains the legacy API adaptors for use by go-attestation. package legacy import "github.com/google/go-eventlog/tcg" // Event is a single event from a TCG event log. This reports descrete items such // as BIOS measurements or EFI states. // // There are many pitfalls for using event log events correctly to determine the // state of a machine[1]. In general it's much safer to only rely on the raw PCR // values and use the event log for debugging. // // [1] https://github.com/google/go-attestation/blob/master/docs/event-log-disclosure.md type Event struct { // Sequence gives the order of the event in the event log. Sequence int // Index of the PCR that this event was replayed against. Index int // Untrusted type of the event. This value is not verified by event log replays // and can be tampered with. It should NOT be used without additional context, // and unrecognized event types should result in errors. Type tcg.EventType // Data of the event. For certain kinds of events, this must match the event // digest to be valid. Data []byte // Digest is the verified digest of the event data. While an event can have // multiple for different hash values, this is the one that was matched to the // PCR value. Digest []byte // TODO(ericchiang): Provide examples or links for which event types must // match their data to their digest. } golang-github-google-go-eventlog-0.0.2/legacy/secureboot.go.bak000066400000000000000000000255341515555264200244620ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. package legacy import ( "bytes" "crypto/x509" "errors" "fmt" "github.com/google/go-eventlog/tcg" "github.com/google/go-eventlog/tpmeventlog" ) // SecurebootState describes the secure boot status of a machine, as determined // by processing its event log. type SecurebootState struct { Enabled bool // PlatformKeys enumerates keys which can sign a key exchange key. PlatformKeys []x509.Certificate // PlatformKeys enumerates key hashes which can sign a key exchange key. PlatformKeyHashes [][]byte // ExchangeKeys enumerates keys which can sign a database of permitted or // forbidden keys. ExchangeKeys []x509.Certificate // ExchangeKeyHashes enumerates key hashes which can sign a database or // permitted or forbidden keys. ExchangeKeyHashes [][]byte // PermittedKeys enumerates keys which may sign binaries to run. PermittedKeys []x509.Certificate // PermittedHashes enumerates hashes which permit binaries to run. PermittedHashes [][]byte // ForbiddenKeys enumerates keys which must not permit a binary to run. ForbiddenKeys []x509.Certificate // ForbiddenKeys enumerates hashes which must not permit a binary to run. ForbiddenHashes [][]byte // PreSeparatorAuthority describes the use of a secure-boot key to authorize // the execution of a binary before the separator. PreSeparatorAuthority []x509.Certificate // PostSeparatorAuthority describes the use of a secure-boot key to authorize // the execution of a binary after the separator. PostSeparatorAuthority []x509.Certificate // DriverLoadSourceHints describes the origin of boot services drivers. // This data is not tamper-proof and must only be used as a hint. DriverLoadSourceHints []DriverLoadSource // DMAProtectionDisabled is true if the platform reports during boot that // DMA protection is supported but disabled. // // See: https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-kernel-dma-protection DMAProtectionDisabled bool } // DriverLoadSource describes the logical origin of a boot services driver. type DriverLoadSource uint8 const ( UnknownSource DriverLoadSource = iota PciMmioSource ) // ParseSecurebootState parses a series of events to determine the // configuration of secure boot on a device. An error is returned if // the state cannot be determined, or if the event log is structured // in such a way that it may have been tampered post-execution of // platform firmware. func ParseSecurebootState(events []tpmeventlog.Event) (*SecurebootState, error) { // This algorithm verifies the following: // - All events in PCR 7 have event types which are expected in PCR 7. // - All events are parsable according to their event type. // - All events have digests values corresponding to their data/event type. // - No unverifiable events were present. // - All variables are specified before the separator and never duplicated. // - The SecureBoot variable has a value of 0 or 1. // - If SecureBoot was 1 (enabled), authority events were present indicating // keys were used to perform verification. // - If SecureBoot was 1 (enabled), platform + exchange + database keys // were specified. // - No UEFI debugger was attached. var ( out SecurebootState seenSeparator7 bool seenSeparator2 bool seenAuthority bool seenVars = map[string]bool{} driverSources [][]tcg.EFIDevicePathElement ) for _, e := range events { if e.Index != 7 && e.Index != 2 { continue } et, err := tcg.UntrustedParseEventType(uint32(e.Type)) if err != nil { return nil, fmt.Errorf("unrecognised event type: %v", err) } digestVerify := DigestEquals(&e, e.Data) switch e.Index { case 7: switch et { case tcg.Separator: if seenSeparator7 { return nil, fmt.Errorf("duplicate separator at event %d", e.Sequence) } seenSeparator7 = true if !bytes.Equal(e.Data, []byte{0, 0, 0, 0}) { return nil, fmt.Errorf("invalid separator data at event %d: %v", e.Sequence, e.Data) } if digestVerify != nil { return nil, fmt.Errorf("invalid separator digest at event %d: %v", e.Sequence, digestVerify) } case tcg.EFIAction: switch string(e.Data) { case "UEFI Debug Mode": return nil, errors.New("a UEFI debugger was present during boot") case "DMA Protection Disabled": if digestVerify != nil { return nil, fmt.Errorf("invalid digest for EFI Action 'DMA Protection Disabled' on event %d: %v", e.Sequence, digestVerify) } out.DMAProtectionDisabled = true default: return nil, fmt.Errorf("event %d: unexpected EFI action event", e.Sequence) } case tcg.EFIVariableDriverConfig: v, err := tcg.ParseUEFIVariableData(bytes.NewReader(e.Data)) if err != nil { return nil, fmt.Errorf("failed parsing EFI variable at event %d: %v", e.Sequence, err) } if _, seenBefore := seenVars[v.VarName()]; seenBefore { return nil, fmt.Errorf("duplicate EFI variable %q at event %d", v.VarName(), e.Sequence) } seenVars[v.VarName()] = true if seenSeparator7 { return nil, fmt.Errorf("event %d: variable %q specified after separator", e.Sequence, v.VarName()) } if digestVerify != nil { return nil, fmt.Errorf("invalid digest for variable %q on event %d: %v", v.VarName(), e.Sequence, digestVerify) } switch v.VarName() { case "SecureBoot": if len(v.VariableData) != 1 { return nil, fmt.Errorf("event %d: SecureBoot data len is %d, expected 1", e.Sequence, len(v.VariableData)) } out.Enabled = v.VariableData[0] == 1 case "PK": if out.PlatformKeys, out.PlatformKeyHashes, err = v.SignatureData(); err != nil { return nil, fmt.Errorf("event %d: failed parsing platform keys: %v", e.Sequence, err) } case "KEK": if out.ExchangeKeys, out.ExchangeKeyHashes, err = v.SignatureData(); err != nil { return nil, fmt.Errorf("event %d: failed parsing key exchange keys: %v", e.Sequence, err) } case "db": if out.PermittedKeys, out.PermittedHashes, err = v.SignatureData(); err != nil { return nil, fmt.Errorf("event %d: failed parsing signature database: %v", e.Sequence, err) } case "dbx": if out.ForbiddenKeys, out.ForbiddenHashes, err = v.SignatureData(); err != nil { return nil, fmt.Errorf("event %d: failed parsing forbidden signature database: %v", e.Sequence, err) } } case tcg.EFIVariableAuthority: v, err := tcg.ParseUEFIVariableData(bytes.NewReader(e.Data)) if err != nil { return nil, fmt.Errorf("failed parsing UEFI variable data: %v", err) } a, err := tcg.ParseUEFIVariableAuthority(v) if err != nil { // Workaround for: https://github.com/google/go-attestation/issues/157 if err == tcg.ErrSigMissingGUID { // Versions of shim which do not carry // https://github.com/rhboot/shim/commit/8a27a4809a6a2b40fb6a4049071bf96d6ad71b50 // have an erroneous additional byte in the event, which breaks digest // verification. If verification failed, we try removing the last byte. if digestVerify != nil && len(e.Data) > 0 { digestVerify = DigestEquals(&e, e.Data[:len(e.Data)-1]) } } else { return nil, fmt.Errorf("failed parsing EFI variable authority at event %d: %v", e.Sequence, err) } } seenAuthority = true if digestVerify != nil { return nil, fmt.Errorf("invalid digest for authority on event %d: %v", e.Sequence, digestVerify) } if !seenSeparator7 { out.PreSeparatorAuthority = append(out.PreSeparatorAuthority, a.Certs...) } else { out.PostSeparatorAuthority = append(out.PostSeparatorAuthority, a.Certs...) } default: return nil, fmt.Errorf("unexpected event type in PCR7: %v", et) } case 2: switch et { case tcg.Separator: if seenSeparator2 { return nil, fmt.Errorf("duplicate separator at event %d", e.Sequence) } seenSeparator2 = true if !bytes.Equal(e.Data, []byte{0, 0, 0, 0}) { return nil, fmt.Errorf("invalid separator data at event %d: %v", e.Sequence, e.Data) } if digestVerify != nil { return nil, fmt.Errorf("invalid separator digest at event %d: %v", e.Sequence, digestVerify) } case tcg.EFIBootServicesDriver: if !seenSeparator2 { imgLoad, err := tcg.ParseEFIImageLoad(bytes.NewReader(e.Data)) if err != nil { return nil, fmt.Errorf("failed parsing EFI image load at boot services driver event %d: %v", e.Sequence, err) } dp, err := imgLoad.DevicePath() if err != nil { return nil, fmt.Errorf("failed to parse device path for driver load event %d: %v", e.Sequence, err) } driverSources = append(driverSources, dp) } } } } // Compute driver source hints based on the EFI device path observed in // EFI Boot-services driver-load events. sourceLoop: for _, source := range driverSources { // We consider a driver to have originated from PCI-MMIO if any number // of elements in the device path [1] were PCI devices, and are followed by // an element representing a "relative offset range" read. // In the wild, we have typically observed 4-tuple device paths for such // devices: ACPI device -> PCI device -> PCI device -> relative offset. // // [1]: See section 9 of the UEFI specification v2.6 or greater. var seenPCI bool for _, e := range source { // subtype 0x1 corresponds to a PCI device (See: 9.3.2.1) if e.Type == tcg.HardwareDevice && e.Subtype == 0x1 { seenPCI = true } // subtype 0x8 corresponds to "relative offset range" (See: 9.3.6.8) if seenPCI && e.Type == tcg.MediaDevice && e.Subtype == 0x8 { out.DriverLoadSourceHints = append(out.DriverLoadSourceHints, PciMmioSource) continue sourceLoop } } out.DriverLoadSourceHints = append(out.DriverLoadSourceHints, UnknownSource) } if !out.Enabled { return &out, nil } if !seenAuthority { return nil, errors.New("secure boot was enabled but no key was used") } if len(out.PlatformKeys) == 0 && len(out.PlatformKeyHashes) == 0 { return nil, errors.New("secure boot was enabled but no platform keys were known") } if len(out.ExchangeKeys) == 0 && len(out.ExchangeKeyHashes) == 0 { return nil, errors.New("secure boot was enabled but no key exchange keys were known") } if len(out.PermittedKeys) == 0 && len(out.PermittedHashes) == 0 { return nil, errors.New("secure boot was enabled but no keys or hashes were permitted") } return &out, nil } golang-github-google-go-eventlog-0.0.2/proto/000077500000000000000000000000001515555264200211135ustar00rootroot00000000000000golang-github-google-go-eventlog-0.0.2/proto/doc.go000066400000000000000000000031761515555264200222160ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. // Package proto contains protocol buffers that are exchanged between the client // and server. // // # Generating Protocol Buffer Code // // Anytime the Protocol Buffer definitions change, the generated Go code must be // regenerated. This can be done with "go generate". Just run: // // go generate ./... // // Upstream documentation: // https://developers.google.com/protocol-buffers/docs/reference/go-generated // // # Code Generation Dependencies // // To generate the Go code, your system must have "protoc" installed. See: // https://github.com/protocolbuffers/protobuf#protocol-compiler-installation // // The "protoc-gen-go" tool must also be installed. To install it, run: // // go install google.golang.org/protobuf/cmd/protoc-gen-go // // If you see a 'protoc-gen-go: program not found or is not executable' error // for the 'go generate' command, run the following: // // echo 'export PATH=$PATH:$GOPATH/bin' >> $HOME/.bashrc // source $HOME/.bashrc package proto //go:generate protoc --go_out=. --go_opt=module=github.com/google/go-eventlog/proto state.proto golang-github-google-go-eventlog-0.0.2/proto/state.proto000066400000000000000000000144311515555264200233230ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. syntax = "proto3"; package state; option go_package = "github.com/google/go-eventlog/proto/state"; // Information uniquely identifying a GCE instance. Can be used to create an // instance URL, which can then be used with GCE APIs. Formatted like: // https://www.googleapis.com/compute/v1/projects/{project_id}/zones/{zone}/instances/{instance_name} message GCEInstanceInfo { string zone = 1; string project_id = 2; uint64 project_number = 3; string instance_name = 4; uint64 instance_id = 5; } // Type of hardware technology used to protect this instance enum GCEConfidentialTechnology { NONE = 0; AMD_SEV = 1; AMD_SEV_ES = 2; INTEL_TDX = 3; AMD_SEV_SNP = 4; } // The platform/firmware state for this instance message PlatformState { oneof firmware { // Raw S-CRTM version identifier (EV_S_CRTM_VERSION) bytes scrtm_version_id = 1; // Virtual GCE firmware version (parsed from S-CRTM version id) uint32 gce_version = 2; } // Set to NONE on non-GCE instances or non-Confidential Shielded GCE instances GCEConfidentialTechnology technology = 3; // Only set for GCE instances. // Included for backcompat. go-eventlog should NOT set this field. GCEInstanceInfo instance_info = 4; } message GrubFile { // The digest of the file (pulled from the raw event digest). bytes digest = 1; // The event data. This is not measured, so it is untrusted. bytes untrusted_filename = 2; } message GrubState { // All GRUB-read and measured files, including grub.cfg. repeated GrubFile files = 1; // A list of executed GRUB commands and command lines passed to the kernel // and kernel modules. repeated string commands = 2; } // The state of the Linux kernel. // At the moment, parsing LinuxKernelState relies on parsing the GrubState. // To do so, use ExtractOpts{Loader: GRUB} when calling ParseMachineState. message LinuxKernelState { // The kernel command line. string command_line = 1; } // A parsed event from the source firmware event log. This can be from either // the firmware TPM event log, the Confidential Computing event log, or any // other TCG-like event log used by firmware to record its measurements. message Event { // The register this event was extended into. Can be PCR, RTMR, etc. // Named pcr_index for backcompat reasons. uint32 pcr_index = 1; // The type of this event. Note that this value is not verified, so it should // only be used as a hint during event parsing. uint32 untrusted_type = 2; // The raw data associated to this event. The meaning of this data is // specific to the type of the event. bytes data = 3; // The event digest actually extended into the TPM. This is often the hash of // the data field, but in some cases it may have a type-specific calculation. bytes digest = 4; // This is true if hash(data) == digest. bool digest_verified = 5; } // Common, publicly-listed certificates by different vendors. enum WellKnownCertificate { UNKNOWN = 0; // Microsoft certs: // https://go.microsoft.com/fwlink/p/?linkid=321192 MS_WINDOWS_PROD_PCA_2011 = 1; // https://go.microsoft.com/fwlink/p/?linkid=321194 MS_THIRD_PARTY_UEFI_CA_2011 = 2; } message Certificate { // The representation of the certificate. If the certificate matches a // well-known certificate above, representation should contain the value in // the enum. Otherwise, it will contain the raw DER. oneof representation { // DER representation of the certificate. bytes der = 1; WellKnownCertificate well_known = 2; } } // A Secure Boot database containing lists of hashes and certificates, // as defined by section 32.4.1 Signature Database in the UEFI spec. message Database { repeated Certificate certs = 1; repeated bytes hashes = 2; } // The Secure Boot state for this instance. message SecureBootState { // Whether Secure Boot is enabled. bool enabled = 1; // The Secure Boot signature (allowed) database. Database db = 2; // The Secure Boot revoked signature (forbidden) database. Database dbx = 3; // Authority events post-separator. Pre-separator authorities // are currently not supported. Database authority = 4; } message EfiApp { // The PE/COFF digest of the EFI application (pulled from the raw event digest). bytes digest = 1; } // The verified state of EFI Applications. Policy usage on this machine state // should check the entire set of EFI App digests matches, not a subset. message EfiState { // UEFI's OS Loader code is required to measure attempts to load and execute // UEFI applications. // UEFI applications are typically bootloaders such as shim and GRUB. // These run and are measured using the UEFI LoadImage() service. repeated EfiApp apps = 1; } // Enum values come from the TCG Algorithm Registry - v1.27 - Table 3. enum HashAlgo { HASH_INVALID = 0x0000; SHA1 = 0x0004; SHA256 = 0x000B; SHA384 = 0x000C; SHA512 = 0x000D; } // The verified state of a booted machine, obtained from a UEFI event log. // The state is extracted from either EFI_TCG2_PROTOCOL or // EFI_CC_MEASUREMENT_PROTOCOL. Both of these follow the TCG-defined format // in https://trustedcomputinggroup.org/resource/tcg-efi-protocol-specification/ // The TCG2-related (TPM) logs are structured using TCG_PCR_EVENT (SHA1 format) // or TCG_PCR_EVENT2 (Crypto Agile format). // The CC logs are structured using CC_EVENT. message FirmwareLogState { reserved 7; PlatformState platform = 1; SecureBootState secure_boot = 2; // The complete parsed Firmware Event Log, including those events used to // create this MachineState. repeated Event raw_events = 3; // The hash algorithm used to calculate event digests to verify a log entry. HashAlgo hash = 4; GrubState grub = 5; LinuxKernelState linux_kernel = 6; EfiState efi = 8; } golang-github-google-go-eventlog-0.0.2/proto/state/000077500000000000000000000000001515555264200222335ustar00rootroot00000000000000golang-github-google-go-eventlog-0.0.2/proto/state/state.pb.go000066400000000000000000001342501515555264200243070ustar00rootroot00000000000000// Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.34.2 // protoc v3.21.12 // source: state.proto package state import ( protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" ) const ( // Verify that this generated code is sufficiently up-to-date. _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) // Verify that runtime/protoimpl is sufficiently up-to-date. _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) ) // Type of hardware technology used to protect this instance type GCEConfidentialTechnology int32 const ( GCEConfidentialTechnology_NONE GCEConfidentialTechnology = 0 GCEConfidentialTechnology_AMD_SEV GCEConfidentialTechnology = 1 GCEConfidentialTechnology_AMD_SEV_ES GCEConfidentialTechnology = 2 GCEConfidentialTechnology_INTEL_TDX GCEConfidentialTechnology = 3 GCEConfidentialTechnology_AMD_SEV_SNP GCEConfidentialTechnology = 4 ) // Enum value maps for GCEConfidentialTechnology. var ( GCEConfidentialTechnology_name = map[int32]string{ 0: "NONE", 1: "AMD_SEV", 2: "AMD_SEV_ES", 3: "INTEL_TDX", 4: "AMD_SEV_SNP", } GCEConfidentialTechnology_value = map[string]int32{ "NONE": 0, "AMD_SEV": 1, "AMD_SEV_ES": 2, "INTEL_TDX": 3, "AMD_SEV_SNP": 4, } ) func (x GCEConfidentialTechnology) Enum() *GCEConfidentialTechnology { p := new(GCEConfidentialTechnology) *p = x return p } func (x GCEConfidentialTechnology) String() string { return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) } func (GCEConfidentialTechnology) Descriptor() protoreflect.EnumDescriptor { return file_state_proto_enumTypes[0].Descriptor() } func (GCEConfidentialTechnology) Type() protoreflect.EnumType { return &file_state_proto_enumTypes[0] } func (x GCEConfidentialTechnology) Number() protoreflect.EnumNumber { return protoreflect.EnumNumber(x) } // Deprecated: Use GCEConfidentialTechnology.Descriptor instead. func (GCEConfidentialTechnology) EnumDescriptor() ([]byte, []int) { return file_state_proto_rawDescGZIP(), []int{0} } // Common, publicly-listed certificates by different vendors. type WellKnownCertificate int32 const ( WellKnownCertificate_UNKNOWN WellKnownCertificate = 0 // Microsoft certs: // https://go.microsoft.com/fwlink/p/?linkid=321192 WellKnownCertificate_MS_WINDOWS_PROD_PCA_2011 WellKnownCertificate = 1 // https://go.microsoft.com/fwlink/p/?linkid=321194 WellKnownCertificate_MS_THIRD_PARTY_UEFI_CA_2011 WellKnownCertificate = 2 ) // Enum value maps for WellKnownCertificate. var ( WellKnownCertificate_name = map[int32]string{ 0: "UNKNOWN", 1: "MS_WINDOWS_PROD_PCA_2011", 2: "MS_THIRD_PARTY_UEFI_CA_2011", } WellKnownCertificate_value = map[string]int32{ "UNKNOWN": 0, "MS_WINDOWS_PROD_PCA_2011": 1, "MS_THIRD_PARTY_UEFI_CA_2011": 2, } ) func (x WellKnownCertificate) Enum() *WellKnownCertificate { p := new(WellKnownCertificate) *p = x return p } func (x WellKnownCertificate) String() string { return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) } func (WellKnownCertificate) Descriptor() protoreflect.EnumDescriptor { return file_state_proto_enumTypes[1].Descriptor() } func (WellKnownCertificate) Type() protoreflect.EnumType { return &file_state_proto_enumTypes[1] } func (x WellKnownCertificate) Number() protoreflect.EnumNumber { return protoreflect.EnumNumber(x) } // Deprecated: Use WellKnownCertificate.Descriptor instead. func (WellKnownCertificate) EnumDescriptor() ([]byte, []int) { return file_state_proto_rawDescGZIP(), []int{1} } // Enum values come from the TCG Algorithm Registry - v1.27 - Table 3. type HashAlgo int32 const ( HashAlgo_HASH_INVALID HashAlgo = 0 HashAlgo_SHA1 HashAlgo = 4 HashAlgo_SHA256 HashAlgo = 11 HashAlgo_SHA384 HashAlgo = 12 HashAlgo_SHA512 HashAlgo = 13 ) // Enum value maps for HashAlgo. var ( HashAlgo_name = map[int32]string{ 0: "HASH_INVALID", 4: "SHA1", 11: "SHA256", 12: "SHA384", 13: "SHA512", } HashAlgo_value = map[string]int32{ "HASH_INVALID": 0, "SHA1": 4, "SHA256": 11, "SHA384": 12, "SHA512": 13, } ) func (x HashAlgo) Enum() *HashAlgo { p := new(HashAlgo) *p = x return p } func (x HashAlgo) String() string { return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) } func (HashAlgo) Descriptor() protoreflect.EnumDescriptor { return file_state_proto_enumTypes[2].Descriptor() } func (HashAlgo) Type() protoreflect.EnumType { return &file_state_proto_enumTypes[2] } func (x HashAlgo) Number() protoreflect.EnumNumber { return protoreflect.EnumNumber(x) } // Deprecated: Use HashAlgo.Descriptor instead. func (HashAlgo) EnumDescriptor() ([]byte, []int) { return file_state_proto_rawDescGZIP(), []int{2} } // Information uniquely identifying a GCE instance. Can be used to create an // instance URL, which can then be used with GCE APIs. Formatted like: // // https://www.googleapis.com/compute/v1/projects/{project_id}/zones/{zone}/instances/{instance_name} type GCEInstanceInfo struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields Zone string `protobuf:"bytes,1,opt,name=zone,proto3" json:"zone,omitempty"` ProjectId string `protobuf:"bytes,2,opt,name=project_id,json=projectId,proto3" json:"project_id,omitempty"` ProjectNumber uint64 `protobuf:"varint,3,opt,name=project_number,json=projectNumber,proto3" json:"project_number,omitempty"` InstanceName string `protobuf:"bytes,4,opt,name=instance_name,json=instanceName,proto3" json:"instance_name,omitempty"` InstanceId uint64 `protobuf:"varint,5,opt,name=instance_id,json=instanceId,proto3" json:"instance_id,omitempty"` } func (x *GCEInstanceInfo) Reset() { *x = GCEInstanceInfo{} if protoimpl.UnsafeEnabled { mi := &file_state_proto_msgTypes[0] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *GCEInstanceInfo) String() string { return protoimpl.X.MessageStringOf(x) } func (*GCEInstanceInfo) ProtoMessage() {} func (x *GCEInstanceInfo) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[0] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use GCEInstanceInfo.ProtoReflect.Descriptor instead. func (*GCEInstanceInfo) Descriptor() ([]byte, []int) { return file_state_proto_rawDescGZIP(), []int{0} } func (x *GCEInstanceInfo) GetZone() string { if x != nil { return x.Zone } return "" } func (x *GCEInstanceInfo) GetProjectId() string { if x != nil { return x.ProjectId } return "" } func (x *GCEInstanceInfo) GetProjectNumber() uint64 { if x != nil { return x.ProjectNumber } return 0 } func (x *GCEInstanceInfo) GetInstanceName() string { if x != nil { return x.InstanceName } return "" } func (x *GCEInstanceInfo) GetInstanceId() uint64 { if x != nil { return x.InstanceId } return 0 } // The platform/firmware state for this instance type PlatformState struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // Types that are assignable to Firmware: // // *PlatformState_ScrtmVersionId // *PlatformState_GceVersion Firmware isPlatformState_Firmware `protobuf_oneof:"firmware"` // Set to NONE on non-GCE instances or non-Confidential Shielded GCE instances Technology GCEConfidentialTechnology `protobuf:"varint,3,opt,name=technology,proto3,enum=state.GCEConfidentialTechnology" json:"technology,omitempty"` // Only set for GCE instances. // Included for backcompat. go-eventlog should NOT set this field. InstanceInfo *GCEInstanceInfo `protobuf:"bytes,4,opt,name=instance_info,json=instanceInfo,proto3" json:"instance_info,omitempty"` } func (x *PlatformState) Reset() { *x = PlatformState{} if protoimpl.UnsafeEnabled { mi := &file_state_proto_msgTypes[1] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *PlatformState) String() string { return protoimpl.X.MessageStringOf(x) } func (*PlatformState) ProtoMessage() {} func (x *PlatformState) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[1] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use PlatformState.ProtoReflect.Descriptor instead. func (*PlatformState) Descriptor() ([]byte, []int) { return file_state_proto_rawDescGZIP(), []int{1} } func (m *PlatformState) GetFirmware() isPlatformState_Firmware { if m != nil { return m.Firmware } return nil } func (x *PlatformState) GetScrtmVersionId() []byte { if x, ok := x.GetFirmware().(*PlatformState_ScrtmVersionId); ok { return x.ScrtmVersionId } return nil } func (x *PlatformState) GetGceVersion() uint32 { if x, ok := x.GetFirmware().(*PlatformState_GceVersion); ok { return x.GceVersion } return 0 } func (x *PlatformState) GetTechnology() GCEConfidentialTechnology { if x != nil { return x.Technology } return GCEConfidentialTechnology_NONE } func (x *PlatformState) GetInstanceInfo() *GCEInstanceInfo { if x != nil { return x.InstanceInfo } return nil } type isPlatformState_Firmware interface { isPlatformState_Firmware() } type PlatformState_ScrtmVersionId struct { // Raw S-CRTM version identifier (EV_S_CRTM_VERSION) ScrtmVersionId []byte `protobuf:"bytes,1,opt,name=scrtm_version_id,json=scrtmVersionId,proto3,oneof"` } type PlatformState_GceVersion struct { // Virtual GCE firmware version (parsed from S-CRTM version id) GceVersion uint32 `protobuf:"varint,2,opt,name=gce_version,json=gceVersion,proto3,oneof"` } func (*PlatformState_ScrtmVersionId) isPlatformState_Firmware() {} func (*PlatformState_GceVersion) isPlatformState_Firmware() {} type GrubFile struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // The digest of the file (pulled from the raw event digest). Digest []byte `protobuf:"bytes,1,opt,name=digest,proto3" json:"digest,omitempty"` // The event data. This is not measured, so it is untrusted. UntrustedFilename []byte `protobuf:"bytes,2,opt,name=untrusted_filename,json=untrustedFilename,proto3" json:"untrusted_filename,omitempty"` } func (x *GrubFile) Reset() { *x = GrubFile{} if protoimpl.UnsafeEnabled { mi := &file_state_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *GrubFile) String() string { return protoimpl.X.MessageStringOf(x) } func (*GrubFile) ProtoMessage() {} func (x *GrubFile) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[2] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use GrubFile.ProtoReflect.Descriptor instead. func (*GrubFile) Descriptor() ([]byte, []int) { return file_state_proto_rawDescGZIP(), []int{2} } func (x *GrubFile) GetDigest() []byte { if x != nil { return x.Digest } return nil } func (x *GrubFile) GetUntrustedFilename() []byte { if x != nil { return x.UntrustedFilename } return nil } type GrubState struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // All GRUB-read and measured files, including grub.cfg. Files []*GrubFile `protobuf:"bytes,1,rep,name=files,proto3" json:"files,omitempty"` // A list of executed GRUB commands and command lines passed to the kernel // and kernel modules. Commands []string `protobuf:"bytes,2,rep,name=commands,proto3" json:"commands,omitempty"` } func (x *GrubState) Reset() { *x = GrubState{} if protoimpl.UnsafeEnabled { mi := &file_state_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *GrubState) String() string { return protoimpl.X.MessageStringOf(x) } func (*GrubState) ProtoMessage() {} func (x *GrubState) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[3] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use GrubState.ProtoReflect.Descriptor instead. func (*GrubState) Descriptor() ([]byte, []int) { return file_state_proto_rawDescGZIP(), []int{3} } func (x *GrubState) GetFiles() []*GrubFile { if x != nil { return x.Files } return nil } func (x *GrubState) GetCommands() []string { if x != nil { return x.Commands } return nil } // The state of the Linux kernel. // At the moment, parsing LinuxKernelState relies on parsing the GrubState. // To do so, use ExtractOpts{Loader: GRUB} when calling ParseMachineState. type LinuxKernelState struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // The kernel command line. CommandLine string `protobuf:"bytes,1,opt,name=command_line,json=commandLine,proto3" json:"command_line,omitempty"` } func (x *LinuxKernelState) Reset() { *x = LinuxKernelState{} if protoimpl.UnsafeEnabled { mi := &file_state_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *LinuxKernelState) String() string { return protoimpl.X.MessageStringOf(x) } func (*LinuxKernelState) ProtoMessage() {} func (x *LinuxKernelState) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[4] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use LinuxKernelState.ProtoReflect.Descriptor instead. func (*LinuxKernelState) Descriptor() ([]byte, []int) { return file_state_proto_rawDescGZIP(), []int{4} } func (x *LinuxKernelState) GetCommandLine() string { if x != nil { return x.CommandLine } return "" } // A parsed event from the source firmware event log. This can be from either // the firmware TPM event log, the Confidential Computing event log, or any // other TCG-like event log used by firmware to record its measurements. type Event struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // The register this event was extended into. Can be PCR, RTMR, etc. // Named pcr_index for backcompat reasons. PcrIndex uint32 `protobuf:"varint,1,opt,name=pcr_index,json=pcrIndex,proto3" json:"pcr_index,omitempty"` // The type of this event. Note that this value is not verified, so it should // only be used as a hint during event parsing. UntrustedType uint32 `protobuf:"varint,2,opt,name=untrusted_type,json=untrustedType,proto3" json:"untrusted_type,omitempty"` // The raw data associated to this event. The meaning of this data is // specific to the type of the event. Data []byte `protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"` // The event digest actually extended into the TPM. This is often the hash of // the data field, but in some cases it may have a type-specific calculation. Digest []byte `protobuf:"bytes,4,opt,name=digest,proto3" json:"digest,omitempty"` // This is true if hash(data) == digest. DigestVerified bool `protobuf:"varint,5,opt,name=digest_verified,json=digestVerified,proto3" json:"digest_verified,omitempty"` } func (x *Event) Reset() { *x = Event{} if protoimpl.UnsafeEnabled { mi := &file_state_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *Event) String() string { return protoimpl.X.MessageStringOf(x) } func (*Event) ProtoMessage() {} func (x *Event) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[5] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use Event.ProtoReflect.Descriptor instead. func (*Event) Descriptor() ([]byte, []int) { return file_state_proto_rawDescGZIP(), []int{5} } func (x *Event) GetPcrIndex() uint32 { if x != nil { return x.PcrIndex } return 0 } func (x *Event) GetUntrustedType() uint32 { if x != nil { return x.UntrustedType } return 0 } func (x *Event) GetData() []byte { if x != nil { return x.Data } return nil } func (x *Event) GetDigest() []byte { if x != nil { return x.Digest } return nil } func (x *Event) GetDigestVerified() bool { if x != nil { return x.DigestVerified } return false } type Certificate struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // The representation of the certificate. If the certificate matches a // well-known certificate above, representation should contain the value in // the enum. Otherwise, it will contain the raw DER. // // Types that are assignable to Representation: // // *Certificate_Der // *Certificate_WellKnown Representation isCertificate_Representation `protobuf_oneof:"representation"` } func (x *Certificate) Reset() { *x = Certificate{} if protoimpl.UnsafeEnabled { mi := &file_state_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *Certificate) String() string { return protoimpl.X.MessageStringOf(x) } func (*Certificate) ProtoMessage() {} func (x *Certificate) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[6] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use Certificate.ProtoReflect.Descriptor instead. func (*Certificate) Descriptor() ([]byte, []int) { return file_state_proto_rawDescGZIP(), []int{6} } func (m *Certificate) GetRepresentation() isCertificate_Representation { if m != nil { return m.Representation } return nil } func (x *Certificate) GetDer() []byte { if x, ok := x.GetRepresentation().(*Certificate_Der); ok { return x.Der } return nil } func (x *Certificate) GetWellKnown() WellKnownCertificate { if x, ok := x.GetRepresentation().(*Certificate_WellKnown); ok { return x.WellKnown } return WellKnownCertificate_UNKNOWN } type isCertificate_Representation interface { isCertificate_Representation() } type Certificate_Der struct { // DER representation of the certificate. Der []byte `protobuf:"bytes,1,opt,name=der,proto3,oneof"` } type Certificate_WellKnown struct { WellKnown WellKnownCertificate `protobuf:"varint,2,opt,name=well_known,json=wellKnown,proto3,enum=state.WellKnownCertificate,oneof"` } func (*Certificate_Der) isCertificate_Representation() {} func (*Certificate_WellKnown) isCertificate_Representation() {} // A Secure Boot database containing lists of hashes and certificates, // as defined by section 32.4.1 Signature Database in the UEFI spec. type Database struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields Certs []*Certificate `protobuf:"bytes,1,rep,name=certs,proto3" json:"certs,omitempty"` Hashes [][]byte `protobuf:"bytes,2,rep,name=hashes,proto3" json:"hashes,omitempty"` } func (x *Database) Reset() { *x = Database{} if protoimpl.UnsafeEnabled { mi := &file_state_proto_msgTypes[7] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *Database) String() string { return protoimpl.X.MessageStringOf(x) } func (*Database) ProtoMessage() {} func (x *Database) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[7] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use Database.ProtoReflect.Descriptor instead. func (*Database) Descriptor() ([]byte, []int) { return file_state_proto_rawDescGZIP(), []int{7} } func (x *Database) GetCerts() []*Certificate { if x != nil { return x.Certs } return nil } func (x *Database) GetHashes() [][]byte { if x != nil { return x.Hashes } return nil } // The Secure Boot state for this instance. type SecureBootState struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // Whether Secure Boot is enabled. Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"` // The Secure Boot signature (allowed) database. Db *Database `protobuf:"bytes,2,opt,name=db,proto3" json:"db,omitempty"` // The Secure Boot revoked signature (forbidden) database. Dbx *Database `protobuf:"bytes,3,opt,name=dbx,proto3" json:"dbx,omitempty"` // Authority events post-separator. Pre-separator authorities // are currently not supported. Authority *Database `protobuf:"bytes,4,opt,name=authority,proto3" json:"authority,omitempty"` } func (x *SecureBootState) Reset() { *x = SecureBootState{} if protoimpl.UnsafeEnabled { mi := &file_state_proto_msgTypes[8] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *SecureBootState) String() string { return protoimpl.X.MessageStringOf(x) } func (*SecureBootState) ProtoMessage() {} func (x *SecureBootState) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[8] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use SecureBootState.ProtoReflect.Descriptor instead. func (*SecureBootState) Descriptor() ([]byte, []int) { return file_state_proto_rawDescGZIP(), []int{8} } func (x *SecureBootState) GetEnabled() bool { if x != nil { return x.Enabled } return false } func (x *SecureBootState) GetDb() *Database { if x != nil { return x.Db } return nil } func (x *SecureBootState) GetDbx() *Database { if x != nil { return x.Dbx } return nil } func (x *SecureBootState) GetAuthority() *Database { if x != nil { return x.Authority } return nil } type EfiApp struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // The PE/COFF digest of the EFI application (pulled from the raw event digest). Digest []byte `protobuf:"bytes,1,opt,name=digest,proto3" json:"digest,omitempty"` } func (x *EfiApp) Reset() { *x = EfiApp{} if protoimpl.UnsafeEnabled { mi := &file_state_proto_msgTypes[9] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *EfiApp) String() string { return protoimpl.X.MessageStringOf(x) } func (*EfiApp) ProtoMessage() {} func (x *EfiApp) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[9] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use EfiApp.ProtoReflect.Descriptor instead. func (*EfiApp) Descriptor() ([]byte, []int) { return file_state_proto_rawDescGZIP(), []int{9} } func (x *EfiApp) GetDigest() []byte { if x != nil { return x.Digest } return nil } // The verified state of EFI Applications. Policy usage on this machine state // should check the entire set of EFI App digests matches, not a subset. type EfiState struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // UEFI's OS Loader code is required to measure attempts to load and execute // UEFI applications. // UEFI applications are typically bootloaders such as shim and GRUB. // These run and are measured using the UEFI LoadImage() service. Apps []*EfiApp `protobuf:"bytes,1,rep,name=apps,proto3" json:"apps,omitempty"` } func (x *EfiState) Reset() { *x = EfiState{} if protoimpl.UnsafeEnabled { mi := &file_state_proto_msgTypes[10] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *EfiState) String() string { return protoimpl.X.MessageStringOf(x) } func (*EfiState) ProtoMessage() {} func (x *EfiState) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[10] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use EfiState.ProtoReflect.Descriptor instead. func (*EfiState) Descriptor() ([]byte, []int) { return file_state_proto_rawDescGZIP(), []int{10} } func (x *EfiState) GetApps() []*EfiApp { if x != nil { return x.Apps } return nil } // The verified state of a booted machine, obtained from a UEFI event log. // The state is extracted from either EFI_TCG2_PROTOCOL or // EFI_CC_MEASUREMENT_PROTOCOL. Both of these follow the TCG-defined format // in https://trustedcomputinggroup.org/resource/tcg-efi-protocol-specification/ // The TCG2-related (TPM) logs are structured using TCG_PCR_EVENT (SHA1 format) // or TCG_PCR_EVENT2 (Crypto Agile format). // The CC logs are structured using CC_EVENT. type FirmwareLogState struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields Platform *PlatformState `protobuf:"bytes,1,opt,name=platform,proto3" json:"platform,omitempty"` SecureBoot *SecureBootState `protobuf:"bytes,2,opt,name=secure_boot,json=secureBoot,proto3" json:"secure_boot,omitempty"` // The complete parsed Firmware Event Log, including those events used to // create this MachineState. RawEvents []*Event `protobuf:"bytes,3,rep,name=raw_events,json=rawEvents,proto3" json:"raw_events,omitempty"` // The hash algorithm used to calculate event digests to verify a log entry. Hash HashAlgo `protobuf:"varint,4,opt,name=hash,proto3,enum=state.HashAlgo" json:"hash,omitempty"` Grub *GrubState `protobuf:"bytes,5,opt,name=grub,proto3" json:"grub,omitempty"` LinuxKernel *LinuxKernelState `protobuf:"bytes,6,opt,name=linux_kernel,json=linuxKernel,proto3" json:"linux_kernel,omitempty"` Efi *EfiState `protobuf:"bytes,8,opt,name=efi,proto3" json:"efi,omitempty"` } func (x *FirmwareLogState) Reset() { *x = FirmwareLogState{} if protoimpl.UnsafeEnabled { mi := &file_state_proto_msgTypes[11] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *FirmwareLogState) String() string { return protoimpl.X.MessageStringOf(x) } func (*FirmwareLogState) ProtoMessage() {} func (x *FirmwareLogState) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[11] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use FirmwareLogState.ProtoReflect.Descriptor instead. func (*FirmwareLogState) Descriptor() ([]byte, []int) { return file_state_proto_rawDescGZIP(), []int{11} } func (x *FirmwareLogState) GetPlatform() *PlatformState { if x != nil { return x.Platform } return nil } func (x *FirmwareLogState) GetSecureBoot() *SecureBootState { if x != nil { return x.SecureBoot } return nil } func (x *FirmwareLogState) GetRawEvents() []*Event { if x != nil { return x.RawEvents } return nil } func (x *FirmwareLogState) GetHash() HashAlgo { if x != nil { return x.Hash } return HashAlgo_HASH_INVALID } func (x *FirmwareLogState) GetGrub() *GrubState { if x != nil { return x.Grub } return nil } func (x *FirmwareLogState) GetLinuxKernel() *LinuxKernelState { if x != nil { return x.LinuxKernel } return nil } func (x *FirmwareLogState) GetEfi() *EfiState { if x != nil { return x.Efi } return nil } var File_state_proto protoreflect.FileDescriptor var file_state_proto_rawDesc = []byte{ 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x22, 0xb1, 0x01, 0x0a, 0x0f, 0x47, 0x43, 0x45, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x7a, 0x6f, 0x6e, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x7a, 0x6f, 0x6e, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x23, 0x0a, 0x0d, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0a, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x64, 0x22, 0xe9, 0x01, 0x0a, 0x0d, 0x50, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x2a, 0x0a, 0x10, 0x73, 0x63, 0x72, 0x74, 0x6d, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x0e, 0x73, 0x63, 0x72, 0x74, 0x6d, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x12, 0x21, 0x0a, 0x0b, 0x67, 0x63, 0x65, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x48, 0x00, 0x52, 0x0a, 0x67, 0x63, 0x65, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x40, 0x0a, 0x0a, 0x74, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x20, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x47, 0x43, 0x45, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x52, 0x0a, 0x74, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x12, 0x3b, 0x0a, 0x0d, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x47, 0x43, 0x45, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0c, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x42, 0x0a, 0x0a, 0x08, 0x66, 0x69, 0x72, 0x6d, 0x77, 0x61, 0x72, 0x65, 0x22, 0x51, 0x0a, 0x08, 0x47, 0x72, 0x75, 0x62, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x2d, 0x0a, 0x12, 0x75, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x11, 0x75, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x46, 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x4e, 0x0a, 0x09, 0x47, 0x72, 0x75, 0x62, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x25, 0x0a, 0x05, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x47, 0x72, 0x75, 0x62, 0x46, 0x69, 0x6c, 0x65, 0x52, 0x05, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x73, 0x22, 0x35, 0x0a, 0x10, 0x4c, 0x69, 0x6e, 0x75, 0x78, 0x4b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x5f, 0x6c, 0x69, 0x6e, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x4c, 0x69, 0x6e, 0x65, 0x22, 0xa0, 0x01, 0x0a, 0x05, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x63, 0x72, 0x5f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x70, 0x63, 0x72, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x25, 0x0a, 0x0e, 0x75, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0d, 0x75, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x54, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x27, 0x0a, 0x0f, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x22, 0x71, 0x0a, 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x03, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x03, 0x64, 0x65, 0x72, 0x12, 0x3c, 0x0a, 0x0a, 0x77, 0x65, 0x6c, 0x6c, 0x5f, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1b, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x57, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x48, 0x00, 0x52, 0x09, 0x77, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x42, 0x10, 0x0a, 0x0e, 0x72, 0x65, 0x70, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x4c, 0x0a, 0x08, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x12, 0x28, 0x0a, 0x05, 0x63, 0x65, 0x72, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x05, 0x63, 0x65, 0x72, 0x74, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x68, 0x61, 0x73, 0x68, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x06, 0x68, 0x61, 0x73, 0x68, 0x65, 0x73, 0x22, 0x9e, 0x01, 0x0a, 0x0f, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x42, 0x6f, 0x6f, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x1f, 0x0a, 0x02, 0x64, 0x62, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x52, 0x02, 0x64, 0x62, 0x12, 0x21, 0x0a, 0x03, 0x64, 0x62, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x52, 0x03, 0x64, 0x62, 0x78, 0x12, 0x2d, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x52, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x22, 0x20, 0x0a, 0x06, 0x45, 0x66, 0x69, 0x41, 0x70, 0x70, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x22, 0x2d, 0x0a, 0x08, 0x45, 0x66, 0x69, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x21, 0x0a, 0x04, 0x61, 0x70, 0x70, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x45, 0x66, 0x69, 0x41, 0x70, 0x70, 0x52, 0x04, 0x61, 0x70, 0x70, 0x73, 0x22, 0xda, 0x02, 0x0a, 0x10, 0x46, 0x69, 0x72, 0x6d, 0x77, 0x61, 0x72, 0x65, 0x4c, 0x6f, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x30, 0x0a, 0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x50, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x12, 0x37, 0x0a, 0x0b, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x5f, 0x62, 0x6f, 0x6f, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x42, 0x6f, 0x6f, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0a, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x42, 0x6f, 0x6f, 0x74, 0x12, 0x2b, 0x0a, 0x0a, 0x72, 0x61, 0x77, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x52, 0x09, 0x72, 0x61, 0x77, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x23, 0x0a, 0x04, 0x68, 0x61, 0x73, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0f, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x52, 0x04, 0x68, 0x61, 0x73, 0x68, 0x12, 0x24, 0x0a, 0x04, 0x67, 0x72, 0x75, 0x62, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x47, 0x72, 0x75, 0x62, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x04, 0x67, 0x72, 0x75, 0x62, 0x12, 0x3a, 0x0a, 0x0c, 0x6c, 0x69, 0x6e, 0x75, 0x78, 0x5f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x69, 0x6e, 0x75, 0x78, 0x4b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0b, 0x6c, 0x69, 0x6e, 0x75, 0x78, 0x4b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x12, 0x21, 0x0a, 0x03, 0x65, 0x66, 0x69, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x45, 0x66, 0x69, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x03, 0x65, 0x66, 0x69, 0x4a, 0x04, 0x08, 0x07, 0x10, 0x08, 0x2a, 0x62, 0x0a, 0x19, 0x47, 0x43, 0x45, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x41, 0x4d, 0x44, 0x5f, 0x53, 0x45, 0x56, 0x10, 0x01, 0x12, 0x0e, 0x0a, 0x0a, 0x41, 0x4d, 0x44, 0x5f, 0x53, 0x45, 0x56, 0x5f, 0x45, 0x53, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, 0x49, 0x4e, 0x54, 0x45, 0x4c, 0x5f, 0x54, 0x44, 0x58, 0x10, 0x03, 0x12, 0x0f, 0x0a, 0x0b, 0x41, 0x4d, 0x44, 0x5f, 0x53, 0x45, 0x56, 0x5f, 0x53, 0x4e, 0x50, 0x10, 0x04, 0x2a, 0x62, 0x0a, 0x14, 0x57, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x1c, 0x0a, 0x18, 0x4d, 0x53, 0x5f, 0x57, 0x49, 0x4e, 0x44, 0x4f, 0x57, 0x53, 0x5f, 0x50, 0x52, 0x4f, 0x44, 0x5f, 0x50, 0x43, 0x41, 0x5f, 0x32, 0x30, 0x31, 0x31, 0x10, 0x01, 0x12, 0x1f, 0x0a, 0x1b, 0x4d, 0x53, 0x5f, 0x54, 0x48, 0x49, 0x52, 0x44, 0x5f, 0x50, 0x41, 0x52, 0x54, 0x59, 0x5f, 0x55, 0x45, 0x46, 0x49, 0x5f, 0x43, 0x41, 0x5f, 0x32, 0x30, 0x31, 0x31, 0x10, 0x02, 0x2a, 0x4a, 0x0a, 0x08, 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x12, 0x10, 0x0a, 0x0c, 0x48, 0x41, 0x53, 0x48, 0x5f, 0x49, 0x4e, 0x56, 0x41, 0x4c, 0x49, 0x44, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x53, 0x48, 0x41, 0x31, 0x10, 0x04, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x0b, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x0c, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x10, 0x0d, 0x42, 0x2b, 0x5a, 0x29, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x67, 0x6f, 0x2d, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x6c, 0x6f, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( file_state_proto_rawDescOnce sync.Once file_state_proto_rawDescData = file_state_proto_rawDesc ) func file_state_proto_rawDescGZIP() []byte { file_state_proto_rawDescOnce.Do(func() { file_state_proto_rawDescData = protoimpl.X.CompressGZIP(file_state_proto_rawDescData) }) return file_state_proto_rawDescData } var file_state_proto_enumTypes = make([]protoimpl.EnumInfo, 3) var file_state_proto_msgTypes = make([]protoimpl.MessageInfo, 12) var file_state_proto_goTypes = []any{ (GCEConfidentialTechnology)(0), // 0: state.GCEConfidentialTechnology (WellKnownCertificate)(0), // 1: state.WellKnownCertificate (HashAlgo)(0), // 2: state.HashAlgo (*GCEInstanceInfo)(nil), // 3: state.GCEInstanceInfo (*PlatformState)(nil), // 4: state.PlatformState (*GrubFile)(nil), // 5: state.GrubFile (*GrubState)(nil), // 6: state.GrubState (*LinuxKernelState)(nil), // 7: state.LinuxKernelState (*Event)(nil), // 8: state.Event (*Certificate)(nil), // 9: state.Certificate (*Database)(nil), // 10: state.Database (*SecureBootState)(nil), // 11: state.SecureBootState (*EfiApp)(nil), // 12: state.EfiApp (*EfiState)(nil), // 13: state.EfiState (*FirmwareLogState)(nil), // 14: state.FirmwareLogState } var file_state_proto_depIdxs = []int32{ 0, // 0: state.PlatformState.technology:type_name -> state.GCEConfidentialTechnology 3, // 1: state.PlatformState.instance_info:type_name -> state.GCEInstanceInfo 5, // 2: state.GrubState.files:type_name -> state.GrubFile 1, // 3: state.Certificate.well_known:type_name -> state.WellKnownCertificate 9, // 4: state.Database.certs:type_name -> state.Certificate 10, // 5: state.SecureBootState.db:type_name -> state.Database 10, // 6: state.SecureBootState.dbx:type_name -> state.Database 10, // 7: state.SecureBootState.authority:type_name -> state.Database 12, // 8: state.EfiState.apps:type_name -> state.EfiApp 4, // 9: state.FirmwareLogState.platform:type_name -> state.PlatformState 11, // 10: state.FirmwareLogState.secure_boot:type_name -> state.SecureBootState 8, // 11: state.FirmwareLogState.raw_events:type_name -> state.Event 2, // 12: state.FirmwareLogState.hash:type_name -> state.HashAlgo 6, // 13: state.FirmwareLogState.grub:type_name -> state.GrubState 7, // 14: state.FirmwareLogState.linux_kernel:type_name -> state.LinuxKernelState 13, // 15: state.FirmwareLogState.efi:type_name -> state.EfiState 16, // [16:16] is the sub-list for method output_type 16, // [16:16] is the sub-list for method input_type 16, // [16:16] is the sub-list for extension type_name 16, // [16:16] is the sub-list for extension extendee 0, // [0:16] is the sub-list for field type_name } func init() { file_state_proto_init() } func file_state_proto_init() { if File_state_proto != nil { return } if !protoimpl.UnsafeEnabled { file_state_proto_msgTypes[0].Exporter = func(v any, i int) any { switch v := v.(*GCEInstanceInfo); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_state_proto_msgTypes[1].Exporter = func(v any, i int) any { switch v := v.(*PlatformState); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_state_proto_msgTypes[2].Exporter = func(v any, i int) any { switch v := v.(*GrubFile); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_state_proto_msgTypes[3].Exporter = func(v any, i int) any { switch v := v.(*GrubState); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_state_proto_msgTypes[4].Exporter = func(v any, i int) any { switch v := v.(*LinuxKernelState); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_state_proto_msgTypes[5].Exporter = func(v any, i int) any { switch v := v.(*Event); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_state_proto_msgTypes[6].Exporter = func(v any, i int) any { switch v := v.(*Certificate); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_state_proto_msgTypes[7].Exporter = func(v any, i int) any { switch v := v.(*Database); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_state_proto_msgTypes[8].Exporter = func(v any, i int) any { switch v := v.(*SecureBootState); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_state_proto_msgTypes[9].Exporter = func(v any, i int) any { switch v := v.(*EfiApp); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_state_proto_msgTypes[10].Exporter = func(v any, i int) any { switch v := v.(*EfiState); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_state_proto_msgTypes[11].Exporter = func(v any, i int) any { switch v := v.(*FirmwareLogState); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } } file_state_proto_msgTypes[1].OneofWrappers = []any{ (*PlatformState_ScrtmVersionId)(nil), (*PlatformState_GceVersion)(nil), } file_state_proto_msgTypes[6].OneofWrappers = []any{ (*Certificate_Der)(nil), (*Certificate_WellKnown)(nil), } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_state_proto_rawDesc, NumEnums: 3, NumMessages: 12, NumExtensions: 0, NumServices: 0, }, GoTypes: file_state_proto_goTypes, DependencyIndexes: file_state_proto_depIdxs, EnumInfos: file_state_proto_enumTypes, MessageInfos: file_state_proto_msgTypes, }.Build() File_state_proto = out.File file_state_proto_rawDesc = nil file_state_proto_goTypes = nil file_state_proto_depIdxs = nil } golang-github-google-go-eventlog-0.0.2/proto/state/state_extension.go000066400000000000000000000020401515555264200257720ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. // Package state contains the definitions and utilities related to extracting // information from an event log. package state import ( "crypto" "github.com/google/go-tpm/legacy/tpm2" ) // CryptoHash converts the TCG registry hash identifier to a crypto.Hash. func (ha HashAlgo) CryptoHash() (crypto.Hash, error) { tcgHash := tpm2.Algorithm(uint16(ha)) cryptoHash, err := tcgHash.Hash() if err != nil { return crypto.Hash(0), err } return cryptoHash, nil } golang-github-google-go-eventlog-0.0.2/register/000077500000000000000000000000001515555264200215745ustar00rootroot00000000000000golang-github-google-go-eventlog-0.0.2/register/fake_mr.go000066400000000000000000000030221515555264200235240ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. package register import ( "crypto" ) // FakeMRBank is a bank of FakeMRs that all correspond to the same hash algorithm. type FakeMRBank struct { Hash crypto.Hash FakeMRs []FakeMR } // CryptoHash returns the crypto.Hash algorithm related to the FakeMR bank. func (f FakeMRBank) CryptoHash() (crypto.Hash, error) { return f.Hash, nil } // MRs returns a slice of MR from the PCR implementation. func (f FakeMRBank) MRs() []MR { mrs := make([]MR, len(f.FakeMRs)) for i, v := range f.FakeMRs { mrs[i] = v } return mrs } // FakeMR encapsulates the value of a FakeMR at a point in time. type FakeMR struct { Index int Digest []byte DigestAlg crypto.Hash } // Idx gives the FakeMR index. func (f FakeMR) Idx() int { return f.Index } // Dgst gives the FakeMR digest. func (f FakeMR) Dgst() []byte { return f.Digest } // DgstAlg gives the FakeMR digest algorithm as a crypto.Hash. func (f FakeMR) DgstAlg() crypto.Hash { return f.DigestAlg } golang-github-google-go-eventlog-0.0.2/register/fake_rot.go000066400000000000000000000063671515555264200237310ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. package register import ( "crypto" "fmt" ) // FakeROT implements a fake root-of-trust for measurement for test. type FakeROT struct { fakeMRBanks map[crypto.Hash]map[int][]byte } // CreateFakeRot creates a fake root-of-trust with banks corresponding to the // given hash algorithms, each of size numIdxs. func CreateFakeRot(hashes []crypto.Hash, numIdxs int) (FakeROT, error) { if len(hashes) == 0 || numIdxs <= 0 { return FakeROT{}, fmt.Errorf("hashes (%v) or numIdxs (%v) was empty", hashes, numIdxs) } fakeMRBanks := make(map[crypto.Hash]map[int][]byte) for _, hash := range hashes { fakeBank := make(map[int][]byte) for idx := 0; idx < numIdxs; idx++ { zeroesMR := make([]byte, hash.Size()) fakeBank[idx] = zeroesMR } fakeMRBanks[hash] = fakeBank } return FakeROT{fakeMRBanks: fakeMRBanks}, nil } // Digest returns the current digest for the given measurement register indicated by FakeMR. func (f FakeROT) Digest(mr FakeMR) ([]byte, error) { hash := mr.DigestAlg idx := mr.Index bank, ok := f.fakeMRBanks[hash] if !ok { return nil, fmt.Errorf("bank %v not present in fake root of trust", hash) } dgst, ok := bank[idx] if !ok { return nil, fmt.Errorf("MR index %v in bank %v not present in fake root of trust", idx, hash) } if len(dgst) != hash.Size() { return nil, fmt.Errorf("MR index %v in bank %v contained invalid size %v, expected %v", idx, hash, len(dgst), hash.Size()) } return dgst, nil } // ReadMRs returns the MRs given by the hash algo and MR index selection. func (f FakeROT) ReadMRs(hash crypto.Hash, mrSelection []int) (FakeMRBank, error) { bank, ok := f.fakeMRBanks[hash] if !ok { return FakeMRBank{}, fmt.Errorf("bank %v not present in fake root of trust", hash) } fakeMRs := make([]FakeMR, 0, len(bank)) for _, mrIdx := range mrSelection { dgst, ok := bank[mrIdx] if !ok { return FakeMRBank{}, fmt.Errorf("index %v not present in bank %v", mrIdx, hash) } fakeMRs = append(fakeMRs, FakeMR{ Index: mrIdx, Digest: dgst, DigestAlg: hash, }) } return FakeMRBank{Hash: hash, FakeMRs: fakeMRs}, nil } // ExtendMR extends the FakeROT's internal MRs corresponding to the bank, index // with the digest specified in mr. func (f FakeROT) ExtendMR(mr FakeMR) error { hash := mr.DigestAlg digest := mr.Digest idx := mr.Index if len(digest) != mr.DigestAlg.Size() { return fmt.Errorf("invalid digest size %v for algo %v, expected %v", len(digest), hash, hash.Size()) } mrDigest, err := f.Digest(mr) if err != nil { return fmt.Errorf("failed to extend index %v in bank %v: %v", idx, hash, err) } hasher := hash.New() hasher.Write(mrDigest) hasher.Write(digest) f.fakeMRBanks[hash][idx] = hasher.Sum(nil) return nil } golang-github-google-go-eventlog-0.0.2/register/measurement_register.go000066400000000000000000000017071515555264200263610ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. package register import ( "crypto" ) // MRBank is a generic interface for a collection of measurement registers // associated with the same hash algorithm. type MRBank interface { CryptoHash() (crypto.Hash, error) MRs() []MR } // MR provides a generic interface for measurement registers to implement. type MR interface { Idx() int Dgst() []byte DgstAlg() crypto.Hash } golang-github-google-go-eventlog-0.0.2/register/pcr.go000066400000000000000000000075431515555264200227200ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. // Package register contains measurement register-specific implementations. package register import ( "crypto" "fmt" pb "github.com/google/go-eventlog/proto/state" "github.com/google/go-tpm/legacy/tpm2" ) // PCRBank is a bank of PCRs that all correspond to the same hash algorithm. type PCRBank struct { TCGHashAlgo pb.HashAlgo PCRs []PCR } // CryptoHash returns the crypto.Hash algorithm related to the PCR bank. func (b PCRBank) CryptoHash() (crypto.Hash, error) { cryptoHash, err := b.TCGHashAlgo.CryptoHash() if err != nil { return crypto.Hash(0), fmt.Errorf("received a bad PCR bank of type %s: %v", b.TCGHashAlgo, err) } var invalidPCRs []int for _, pcr := range b.PCRs { if pcr.DgstAlg() != cryptoHash { invalidPCRs = append(invalidPCRs, pcr.Idx()) } } if len(invalidPCRs) != 0 { return crypto.Hash(0), fmt.Errorf("found an invalid hash algorithm in PCRs %v for bank of algorithm type %s", invalidPCRs, b.TCGHashAlgo.String()) } return cryptoHash, nil } // MRs returns a slice of MR from the PCR implementation. func (b PCRBank) MRs() []MR { mrs := make([]MR, len(b.PCRs)) for i, v := range b.PCRs { mrs[i] = v } return mrs } // PCR encapsulates the value of a PCR at a point in time. type PCR struct { Index int Digest []byte DigestAlg crypto.Hash // quoteVerified is true if the PCR was verified against a quote. // NOT for use in go-eventlog. // Included for backcompat with the go-attestation API. quoteVerified bool } // Idx gives the PCR index. func (p PCR) Idx() int { return p.Index } // Dgst gives the PCR digest. func (p PCR) Dgst() []byte { return p.Digest } // DgstAlg gives the PCR digest algorithm as a crypto.Hash. func (p PCR) DgstAlg() crypto.Hash { return p.DigestAlg } // SetQuoteVerified sets that the quote verified is true. // NOT for use in go-eventlog. // Included for backcompat with the go-attestation API. func (p *PCR) SetQuoteVerified() { p.quoteVerified = true } // QuoteVerified returns true if the value of this PCR was previously // verified against a Quote, in a call to AKPublic.Verify or AKPublic.VerifyAll. // NOT for use in go-eventlog. // Included for backcompat with the go-attestation API. func (p *PCR) QuoteVerified() bool { return p.quoteVerified } // HashAlg identifies a hashing Algorithm. // Included for backcompat with the go-attestation API. type HashAlg uint8 // Valid hash algorithms. var ( HashSHA1 = HashAlg(tpm2.AlgSHA1) HashSHA256 = HashAlg(tpm2.AlgSHA256) HashSHA384 = HashAlg(tpm2.AlgSHA384) ) // CryptoHash turns the hash algo into a crypto.Hash func (a HashAlg) CryptoHash() crypto.Hash { switch a { case HashSHA1: return crypto.SHA1 case HashSHA256: return crypto.SHA256 case HashSHA384: return crypto.SHA384 } return 0 } // GoTPMAlg returns the go-tpm definition of this crypto.Hash, based on the // TCG Algorithm Registry. func (a HashAlg) GoTPMAlg() tpm2.Algorithm { switch a { case HashSHA1: return tpm2.AlgSHA1 case HashSHA256: return tpm2.AlgSHA256 case HashSHA384: return tpm2.AlgSHA384 } return 0 } // String returns a human-friendly representation of the hash algorithm. func (a HashAlg) String() string { switch a { case HashSHA1: return "SHA1" case HashSHA256: return "SHA256" case HashSHA384: return "SHA384" } return fmt.Sprintf("HashAlg<%d>", int(a)) } golang-github-google-go-eventlog-0.0.2/register/rtmr.go000066400000000000000000000040541515555264200231120ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. package register import ( "crypto" ) /* RTMR0 => PCR1,7 RTMR1 => PCR2-6 RTMR2 => PCR8-15 RTMR3 => N/A (for userspace) */ // RTMRBank is a bank of RTMRs that all correspond to the SHA-384 algorithm. type RTMRBank struct { RTMRs []RTMR } // CryptoHash returns the crypto.Hash algorithm related to the RTMR bank. func (b RTMRBank) CryptoHash() (crypto.Hash, error) { return crypto.SHA384, nil } // MRs returns a slice of MR from the RTMR implementation. func (b RTMRBank) MRs() []MR { mrs := make([]MR, len(b.RTMRs)) for i, v := range b.RTMRs { mrs[i] = v } return mrs } // RTMR encapsulates the value of a TDX runtime measurement register at a point // in time. The given RTMR must always have a SHA-384 digest. type RTMR struct { // The RTMR Index, not the CC MR Index. e.g., for RTMR[1], put 1, not 2. Index int Digest []byte } // Idx gives the CC Measurement Register index. // This value is the one used in Confidential Computing event logs. // Confusingly, MRTD uses CC Measurement Register Index 0, so RTMR0 uses 1. // RTMR1 uses 2, and so on. // https://cdrdv2-public.intel.com/726792/TDX%20Guest-Hypervisor%20Communication%20Interface_1.5_348552_004%20-%2020230317.pdf // https://github.com/cc-api/cc-trusted-vmsdk/issues/50 func (r RTMR) Idx() int { return r.Index + 1 } // Dgst gives the RTMR digest. func (r RTMR) Dgst() []byte { return r.Digest } // DgstAlg gives the RTMR digest algorithm as a crypto.Hash. func (r RTMR) DgstAlg() crypto.Hash { return crypto.SHA384 } golang-github-google-go-eventlog-0.0.2/tcg/000077500000000000000000000000001515555264200205255ustar00rootroot00000000000000golang-github-google-go-eventlog-0.0.2/tcg/eventlog_test.go000066400000000000000000000243651515555264200237500ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. package tcg import ( "bytes" "encoding/base64" "encoding/json" "os" "testing" "github.com/google/go-eventlog/internal/testutil" "github.com/google/go-eventlog/register" "github.com/google/go-tpm/legacy/tpm2" ) func TestParseEventLogWindows(t *testing.T) { testParseEventLog(t, "../testdata/legacydata/windows_gcp_shielded_vm.json") } func TestParseEventLogLinux(t *testing.T) { testParseEventLog(t, "../testdata/legacydata/linux_tpm12.json") } func testParseEventLog(t *testing.T, testdata string) { data, err := os.ReadFile(testdata) if err != nil { t.Fatalf("reading test data: %v", err) } var dump testutil.Dump if err := json.Unmarshal(data, &dump); err != nil { t.Fatalf("parsing test data: %v", err) } if _, err := ParseEventLog(dump.Log.Raw, ParseOpts{}); err != nil { t.Fatalf("parsing event log: %v", err) } } func TestParseCryptoAgileEventLog(t *testing.T) { data, err := os.ReadFile("../testdata/legacydata/crypto_agile_eventlog") if err != nil { t.Fatalf("reading test data: %v", err) } if _, err := ParseEventLog(data, ParseOpts{}); err != nil { t.Fatalf("parsing event log: %v", err) } } func TestEventLogLinux(t *testing.T) { testEventLog(t, "../testdata/legacydata/linux_tpm12.json") } func TestEventLog(t *testing.T) { testEventLog(t, "../testdata/legacydata/windows_gcp_shielded_vm.json") } func testEventLog(t *testing.T, testdata string) { data, err := os.ReadFile(testdata) if err != nil { t.Fatalf("reading test data: %v", err) } var dump testutil.Dump if err := json.Unmarshal(data, &dump); err != nil { t.Fatalf("parsing test data: %v", err) } el, err := ParseEventLog(dump.Log.Raw, ParseOpts{}) if err != nil { t.Fatalf("parsing event log: %v", err) } events, err := el.Verify(convertToMRs(dump.Log.PCRs)) if err != nil { t.Fatalf("validating event log: %v", err) } for i, e := range events { if e.sequence != i { t.Errorf("event out of order: events[%d].sequence = %d, want %d", i, e.sequence, i) } } } func convertToMRs(pcrs []register.PCR) []register.MR { mrs := make([]register.MR, len(pcrs)) for i, v := range pcrs { mrs[i] = v } return mrs } func TestParseEventLogEventSizeTooLarge(t *testing.T) { data := []byte{ // PCR index 0x30, 0x34, 0x39, 0x33, // type 0x36, 0x30, 0x30, 0x32, // Digest 0x31, 0x39, 0x36, 0x33, 0x39, 0x34, 0x34, 0x37, 0x39, 0x32, 0x31, 0x32, 0x32, 0x37, 0x39, 0x30, 0x34, 0x30, 0x31, 0x6d, // Event size (3.183 GB) 0xbd, 0xbf, 0xef, 0x47, // "event data" 0x00, 0x00, 0x00, 0x00, } // If this doesn't panic, the test passed // TODO(ericchiang): use errors.As once go-attestation switches to Go 1.13. _, err := ParseEventLog(data, ParseOpts{}) if err == nil { t.Fatalf("expected parsing invalid event log to fail") } } func TestParseEventLogEventSizeZero(t *testing.T) { data := []byte{ // PCR index 0x4, 0x0, 0x0, 0x0, // type 0xd, 0x0, 0x0, 0x0, // Digest 0x94, 0x2d, 0xb7, 0x4a, 0xa7, 0x37, 0x5b, 0x23, 0xea, 0x23, 0x58, 0xeb, 0x3b, 0x31, 0x59, 0x88, 0x60, 0xf6, 0x90, 0x59, // Event size (0 B) 0x0, 0x0, 0x0, 0x0, // no "event data" } if _, err := parseRawEvent(bytes.NewBuffer(data), nil); err != nil { t.Fatalf("parsing event log: %v", err) } } func TestParseEventLog2EventSizeZero(t *testing.T) { data := []byte{ // PCR index 0x0, 0x0, 0x0, 0x0, // type 0x7, 0x0, 0x0, 0x0, // number of digests 0x1, 0x0, 0x0, 0x0, // algorithm 0xb, 0x0, // Digest 0xc8, 0xe3, 0x88, 0xb4, 0x79, 0x12, 0x86, 0x0c, 0x66, 0xa1, 0x5d, 0xad, 0xc4, 0x34, 0xf5, 0xdf, 0x73, 0x6c, 0x3a, 0xb4, 0xbe, 0x52, 0x07, 0x08, 0xdf, 0xac, 0x48, 0x2d, 0x71, 0xce, 0xa0, 0x73, // Event size (0 B) 0x0, 0x0, 0x0, 0x0, // no "event data" } specID := &specIDEvent{ algs: []specAlgSize{ {ID: uint16(tpm2.AlgSHA256), Size: 32}, }, } if _, err := parseRawEvent2(bytes.NewBuffer(data), specID); err != nil { t.Fatalf("parsing event log: %v", err) } } func TestParseShortNoAction(t *testing.T) { // https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientSpecPlat_TPM_2p0_1p04_pub.pdf#page=110 // says: "For EV_NO_ACTION events other than the EFI Specification ID event // (Section 9.4.5.1) the log will ...". Thus it is concluded other // than "EFI Specification ID" events are also valid as NO_ACTION events. // // Currently we just assume that such events will have Data shorter than // "EFI Specification ID" field. data, err := os.ReadFile("../testdata/legacydata/short_no_action_eventlog") if err != nil { t.Fatalf("reading test data: %v", err) } if _, err := ParseEventLog(data, ParseOpts{}); err != nil { t.Fatalf("parsing event log: %v", err) } } func TestParseSpecIDEvent(t *testing.T) { tests := []struct { name string data []byte want []uint16 wantErr bool }{ { name: "sha1", data: append( []byte("Spec ID Event03"), 0x0, 0x0, 0x0, 0x0, 0x0, // platform class 0x0, // version minor 0x2, // version major 0x0, // errata 0x8, // uintn size 0x1, 0x0, 0x0, 0x0, // num algs 0x04, 0x0, // SHA1 0x14, 0x0, // size 0x2, // vendor info size 0x0, 0x0, ), want: []uint16{0x0004}, }, { name: "sha1_and_sha256", data: append( []byte("Spec ID Event03"), 0x0, 0x0, 0x0, 0x0, 0x0, // platform class 0x0, // version minor 0x2, // version major 0x0, // errata 0x8, // uintn size 0x2, 0x0, 0x0, 0x0, // num algs 0x04, 0x0, // SHA1 0x14, 0x0, // size 0x0B, 0x0, // SHA256 0x20, 0x0, // size 0x2, // vendor info size 0x0, 0x0, ), want: []uint16{0x0004, 0x000B}, }, { name: "invalid_version", data: append( []byte("Spec ID Event03"), 0x0, 0x0, 0x0, 0x0, 0x0, // platform class 0x2, // version minor 0x1, // version major 0x0, // errata 0x8, // uintn size 0x2, 0x0, 0x0, 0x0, // num algs 0x04, 0x0, // SHA1 0x14, 0x0, // size 0x0B, 0x0, // SHA256 0x20, 0x0, // size 0x2, // vendor info size 0x0, 0x0, ), wantErr: true, }, { name: "malicious_number_of_algs", data: append( []byte("Spec ID Event03"), 0x0, 0x0, 0x0, 0x0, 0x0, // platform class 0x0, // version minor 0x2, // version major 0x0, // errata 0x8, // uintn size 0xff, 0xff, 0xff, 0xff, // num algs 0x04, 0x0, // SHA1 0x14, 0x0, // size 0x2, // vendor info size 0x0, 0x0, ), wantErr: true, }, } for _, test := range tests { t.Run(test.name, func(t *testing.T) { spec, err := parseSpecIDEvent(test.data) var algs []uint16 if (err != nil) != test.wantErr { t.Fatalf("parsing spec, wantErr=%t, got=%v", test.wantErr, err) } if err != nil { return } algsEq := func(want, got []uint16) bool { if len(got) != len(want) { return false } for i, alg := range got { if want[i] != alg { return false } } return true } for _, alg := range spec.algs { algs = append(algs, alg.ID) } if !algsEq(test.want, algs) { t.Errorf("algorithms, got=%x, want=%x", spec.algs, test.want) } }) } } func TestEBSVerifyWorkaround(t *testing.T) { pcr5 := []register.MR{ register.PCR{ Index: 5, Digest: []byte{ 0x31, 0x24, 0x58, 0x08, 0xd6, 0xd3, 0x58, 0x49, 0xbc, 0x39, 0x4f, 0x63, 0x43, 0xf2, 0xb3, 0xff, 0x90, 0x8e, 0xd5, 0xe3, }, DigestAlg: register.HashSHA1.CryptoHash(), }, register.PCR{ Index: 5, Digest: []byte{ 0x6c, 0xae, 0xa1, 0x23, 0xfa, 0x61, 0x11, 0x30, 0x5e, 0xe6, 0x24, 0xe4, 0x52, 0xe2, 0x69, 0xad, 0x14, 0xac, 0x52, 0x2a, 0xb8, 0xbf, 0x0c, 0x88, 0xe1, 0x16, 0x16, 0xde, 0x4c, 0x22, 0x2f, 0x7d, }, DigestAlg: register.HashSHA256.CryptoHash(), }, } elr, err := os.ReadFile("../testdata/legacydata/ebs_event_missing_eventlog") if err != nil { t.Fatal(err) } el, err := ParseEventLog(elr, ParseOpts{}) if err != nil { t.Fatalf("ParseEventLog() failed: %v", err) } if _, err := el.Verify(pcr5); err != nil { t.Errorf("Verify() failed: %v", err) } } func TestAppendEvents(t *testing.T) { base, err := os.ReadFile("../testdata/legacydata/ubuntu_2104_shielded_vm_no_secure_boot_eventlog") if err != nil { t.Fatalf("reading test data: %v", err) } extraLog, err := base64.StdEncoding.DecodeString(`AAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACUAAABTcGVjIElEIEV2ZW50MDMAAAAAAAACAAEC AAAABAAUAAsAIAAACAAAAAYAAAACAAAABACX3UqVWDMNeg2Hkxyy6Q35wO4yBwsAVXbW4fKD8+xm Kv75L4ecBpvSR4d6bz+A7z1prUcKPuMrAQAACAISpgJpbWFfaGFzaD1zaGEyNTYgYXBwYXJtb3I9 MSBwY2k9bm9hZXIsbm9hdHMgcHJpbnRrLmRldmttc2c9b24gc2xhYl9ub21lcmdlIGNvbnNvbGU9 dHR5UzAsMTE1MjAwbjggY29uc29sZT10dHkwIGdsaW51eC1ib290LWltYWdlPTIwMjExMDI3LjAy LjAzIHF1aWV0IHNwbGFzaCBwbHltb3V0aC5pZ25vcmUtc2VyaWFsLWNvbnNvbGVzIGxzbT1sb2Nr ZG93bix5YW1hLGxvYWRwaW4sc2FmZXNldGlkLGludGVncml0eSxhcHBhcm1vcixzZWxpbnV4LHNt YWNrLHRvbW95byxicGYgcGFuaWM9MzAgaTkxNS5lbmFibGVfcHNyPTA=`) if err != nil { t.Fatal(err) } combined, err := AppendEvents(base, extraLog) if err != nil { t.Fatalf("CombineEventLogs() failed: %v", err) } // Make sure the combined log parses successfully and has one more // event than the base log. parsedBase, err := ParseEventLog(base, ParseOpts{}) if err != nil { t.Fatal(err) } parsed, err := ParseEventLog(combined, ParseOpts{}) if err != nil { t.Fatalf("ParseEventLog(combined_log) failed: %v", err) } if got, want := len(parsed.rawEvents), len(parsedBase.rawEvents)+1; got != want { t.Errorf("unexpected number of events in combined log: got %d, want %d", got, want) for i, e := range parsed.rawEvents { t.Logf("logs[%d] = %+v", i, e) } } } golang-github-google-go-eventlog-0.0.2/tcg/eventlog_workarounds.go000066400000000000000000000046051515555264200253420ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. package tcg type elWorkaround struct { id string affectedPCR int apply func(e *EventLog) error } // inject3 appends two new events into the event log. func inject3(e *EventLog, pcr int, data1, data2, data3 string) error { if err := inject(e, pcr, data1); err != nil { return err } if err := inject(e, pcr, data2); err != nil { return err } return inject(e, pcr, data3) } // inject2 appends two new events into the event log. func inject2(e *EventLog, pcr int, data1, data2 string) error { if err := inject(e, pcr, data1); err != nil { return err } return inject(e, pcr, data2) } // inject appends a new event into the event log. func inject(e *EventLog, pcr int, data string) error { evt := rawEvent{ data: []byte(data), index: pcr, sequence: e.rawEvents[len(e.rawEvents)-1].sequence + 1, } for _, alg := range e.Algs { h := alg.CryptoHash().New() h.Write([]byte(data)) evt.digests = append(evt.digests, digest{hash: alg.CryptoHash(), data: h.Sum(nil)}) } e.rawEvents = append(e.rawEvents, evt) return nil } const ( ebsInvocation = "Exit Boot Services Invocation" ebsSuccess = "Exit Boot Services Returned with Success" ebsFailure = "Exit Boot Services Returned with Failure" ) // EventlogWorkarounds fix known event log issues/bugs. var EventlogWorkarounds = []elWorkaround{ { id: "EBS Invocation + Success", affectedPCR: 5, apply: func(e *EventLog) error { return inject2(e, 5, ebsInvocation, ebsSuccess) }, }, { id: "EBS Invocation + Failure", affectedPCR: 5, apply: func(e *EventLog) error { return inject2(e, 5, ebsInvocation, ebsFailure) }, }, { id: "EBS Invocation + Failure + Success", affectedPCR: 5, apply: func(e *EventLog) error { return inject3(e, 5, ebsInvocation, ebsFailure, ebsSuccess) }, }, } golang-github-google-go-eventlog-0.0.2/tcg/events.go000066400000000000000000000546001515555264200223650ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. package tcg import ( "bytes" "crypto/x509" "encoding/binary" "errors" "fmt" "io" "unicode/utf16" ) const ( // maxNameLen is the maximum accepted byte length for a name field. // This value should be larger than any reasonable value. maxNameLen = 2048 // maxDataLen is the maximum size in bytes of a variable data field. // This value should be larger than any reasonable value. maxDataLen = 1024 * 1024 // 1 Megabyte. ) // GUIDs representing the contents of an UEFI_SIGNATURE_LIST. var ( hashSHA256SigGUID = efiGUID{0xc1c41626, 0x504c, 0x4092, [8]byte{0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28}} hashSHA1SigGUID = efiGUID{0x826ca512, 0xcf10, 0x4ac9, [8]byte{0xb1, 0x87, 0xbe, 0x01, 0x49, 0x66, 0x31, 0xbd}} hashSHA224SigGUID = efiGUID{0x0b6e5233, 0xa65c, 0x44c9, [8]byte{0x94, 0x07, 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd}} hashSHA384SigGUID = efiGUID{0xff3e5307, 0x9fd0, 0x48c9, [8]byte{0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x01}} hashSHA512SigGUID = efiGUID{0x093e0fae, 0xa6c4, 0x4f50, [8]byte{0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a}} keyRSA2048SigGUID = efiGUID{0x3c5766e8, 0x269c, 0x4e34, [8]byte{0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6}} certRSA2048SHA256SigGUID = efiGUID{0xe2b36190, 0x879b, 0x4a3d, [8]byte{0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84}} certRSA2048SHA1SigGUID = efiGUID{0x67f8444f, 0x8743, 0x48f1, [8]byte{0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80}} certX509SigGUID = efiGUID{0xa5c059a1, 0x94e4, 0x4aa7, [8]byte{0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72}} certHashSHA256SigGUID = efiGUID{0x3bd2a492, 0x96c0, 0x4079, [8]byte{0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed}} certHashSHA384SigGUID = efiGUID{0x7076876e, 0x80c2, 0x4ee6, [8]byte{0xaa, 0xd2, 0x28, 0xb3, 0x49, 0xa6, 0x86, 0x5b}} certHashSHA512SigGUID = efiGUID{0x446dbf63, 0x2502, 0x4cda, [8]byte{0xbc, 0xfa, 0x24, 0x65, 0xd2, 0xb0, 0xfe, 0x9d}} ) var ( // https://github.com/rhboot/shim/blob/20e4d9486fcae54ee44d2323ae342ffe68c920e6/lib/guid.c#L36 // GUID used by the shim. shimLockGUID = efiGUID{0x605dab50, 0xe046, 0x4300, [8]byte{0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23}} // "SbatLevel" encoded as UCS-2. shimSbatVarName = []uint16{0x53, 0x62, 0x61, 0x74, 0x4c, 0x65, 0x76, 0x65, 0x6c} // "MokListTrusted" encoded as UCS-2. shimMokListTrustedVarName = []uint16{0x4d, 0x6f, 0x6b, 0x4c, 0x69, 0x73, 0x74, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64} ) // EventType describes the type of event signalled in the event log. // https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientSpecPlat_TPM_2p0_1p04_pub.pdf#page=103 type EventType uint32 // BIOS Events (TCG PC Client Specific Implementation Specification for Conventional BIOS 1.21) const ( PrebootCert EventType = 0x00000000 PostCode EventType = 0x00000001 unused EventType = 0x00000002 NoAction EventType = 0x00000003 Separator EventType = 0x00000004 Action EventType = 0x00000005 EventTag EventType = 0x00000006 SCRTMContents EventType = 0x00000007 SCRTMVersion EventType = 0x00000008 CPUMicrocode EventType = 0x00000009 PlatformConfigFlags EventType = 0x0000000A TableOfDevices EventType = 0x0000000B CompactHash EventType = 0x0000000C Ipl EventType = 0x0000000D IplPartitionData EventType = 0x0000000E NonhostCode EventType = 0x0000000F NonhostConfig EventType = 0x00000010 NonhostInfo EventType = 0x00000011 OmitBootDeviceEvents EventType = 0x00000012 ) // EFI Events (TCG EFI Platform Specification Version 1.22) const ( EFIEventBase EventType = 0x80000000 EFIVariableDriverConfig EventType = 0x80000001 EFIVariableBoot EventType = 0x80000002 EFIBootServicesApplication EventType = 0x80000003 EFIBootServicesDriver EventType = 0x80000004 EFIRuntimeServicesDriver EventType = 0x80000005 EFIGPTEvent EventType = 0x80000006 EFIAction EventType = 0x80000007 EFIPlatformFirmwareBlob EventType = 0x80000008 EFIHandoffTables EventType = 0x80000009 EFIPlatformFirmwareBlob2 EventType = 0x8000000A EFIHandoffTables2 EventType = 0x8000000B EFIVariableBoot2 EventType = 0x8000000C EFIHCRTMEvent EventType = 0x80000010 EFIVariableAuthority EventType = 0x800000E0 ) // EventTypeNames maps an EventType to its name. var EventTypeNames = map[EventType]string{ PrebootCert: "Preboot Cert", PostCode: "POST Code", unused: "Unused", NoAction: "No Action", Separator: "Separator", Action: "Action", EventTag: "Event Tag", SCRTMContents: "S-CRTM Contents", SCRTMVersion: "S-CRTM Version", CPUMicrocode: "CPU Microcode", PlatformConfigFlags: "Platform Config Flags", TableOfDevices: "Table of Devices", CompactHash: "Compact Hash", Ipl: "IPL", IplPartitionData: "IPL Partition Data", NonhostCode: "Non-Host Code", NonhostConfig: "Non-HostConfig", NonhostInfo: "Non-Host Info", OmitBootDeviceEvents: "Omit Boot Device Events", EFIEventBase: "EFI Event Base", EFIVariableDriverConfig: "EFI Variable Driver Config", EFIVariableBoot: "EFI Variable Boot", EFIBootServicesApplication: "EFI Boot Services Application", EFIBootServicesDriver: "EFI Boot Services Driver", EFIRuntimeServicesDriver: "EFI Runtime Services Driver", EFIGPTEvent: "EFI GPT Event", EFIAction: "EFI Action", EFIPlatformFirmwareBlob: "EFI Platform Firmware Blob", EFIHandoffTables: "EFI Handoff Tables", EFIPlatformFirmwareBlob2: "EFI Platform Firmware Blob 2", EFIHandoffTables2: "EFI Handoff Tables 2", EFIVariableBoot2: "EFI Variable Boot2", EFIHCRTMEvent: "EFI H-CRTM Event", EFIVariableAuthority: "EFI Variable Authority", } var eventTypeStrings = map[uint32]string{ 0x00000000: "EV_PREBOOT_CERT", 0x00000001: "EV_POST_CODE", 0x00000002: "EV_UNUSED", 0x00000003: "EV_NO_ACTION", 0x00000004: "EV_SEPARATOR", 0x00000005: "EV_ACTION", 0x00000006: "EV_EVENT_TAG", 0x00000007: "EV_S_CRTM_CONTENTS", 0x00000008: "EV_S_CRTM_VERSION", 0x00000009: "EV_CPU_MICROCODE", 0x0000000A: "EV_PLATFORM_CONFIG_FLAGS", 0x0000000B: "EV_TABLE_OF_DEVICES", 0x0000000C: "EV_COMPACT_HASH", 0x0000000D: "EV_IPL", 0x0000000E: "EV_IPL_PARTITION_DATA", 0x0000000F: "EV_NONHOST_CODE", 0x00000010: "EV_NONHOST_CONFIG", 0x00000011: "EV_NONHOST_INFO", 0x00000012: "EV_OMIT_BOOT_DEVICE_EVENTS", 0x80000000: "EV_EFI_EVENT_BASE", 0x80000001: "EV_EFI_VARIABLE_DRIVER_CONFIG", 0x80000002: "EV_EFI_VARIABLE_BOOT", 0x80000003: "EV_EFI_BOOT_SERVICES_APPLICATION", 0x80000004: "EV_EFI_BOOT_SERVICES_DRIVER", 0x80000005: "EV_EFI_RUNTIME_SERVICES_DRIVER", 0x80000006: "EV_EFI_GPT_EVENT", 0x80000007: "EV_EFI_ACTION", 0x80000008: "EV_EFI_PLATFORM_FIRMWARE_BLOB", 0x80000009: "EV_EFI_HANDOFF_TABLES", 0x8000000A: "EV_EFI_PLATFORM_FIRMWARE_BLOB2", 0x8000000B: "EV_EFI_HANDOFF_TABLES2", 0x8000000C: "EV_EFI_VARIABLE_BOOT2", 0x80000010: "EV_EFI_HCRTM_EVENT", 0x800000E0: "EV_EFI_VARIABLE_AUTHORITY", } // KnownName returns an event type's readable name if it exists. func (e EventType) KnownName() (string, bool) { name, ok := EventTypeNames[e] return name, ok } // String returns an event type's readable name or the hex-formatted string. func (e EventType) String() string { if s, ok := e.KnownName(); ok { return s } return fmt.Sprintf("EventType(0x%08x)", uint32(e)) } // TCGString returns an event type's string as it appears in the TCG spec. func (e EventType) TCGString() string { tcgStr, ok := eventTypeStrings[uint32(e)] if ok { return tcgStr } return fmt.Sprintf("EventType(0x%08x)", uint32(e)) } // UntrustedParseEventType returns the event type indicated by // the provided value. func UntrustedParseEventType(et uint32) (EventType, error) { // "The value associated with a UEFI specific platform event type MUST be in // the range between 0x80000000 and 0x800000FF, inclusive." if (et < 0x80000000 && et > 0x800000FF) || (et <= 0x0 && et > 0x12) { return EventType(0), fmt.Errorf("event type not between [0x0, 0x12] or [0x80000000, 0x800000FF]: got %#x", et) } if _, ok := EventTypeNames[EventType(et)]; !ok { return EventType(0), fmt.Errorf("unknown event type %#x", et) } return EventType(et), nil } // Constant events used with type "EV_EFI_ACTION". // Taken from TCG PC Client Platform Firmware Profile Specification, // Table 17 EV_EFI_ACTION Strings. const ( // Measured when Boot Manager attempts to execute code from a Boot Option. CallingEFIApplication string = "Calling EFI Application from Boot Option" ExitBootServicesInvocation string = "Exit Boot Services Invocation" ) // EFIDeviceType describes the type of a device specified by a device path. type EFIDeviceType uint8 // "Device Path Protocol" type values. // // Section 9.3.2 of the UEFI specification, accessible at: // https://uefi.org/sites/default/files/resources/UEFI%20Spec%202_6.pdf const ( HardwareDevice EFIDeviceType = 0x01 ACPIDevice EFIDeviceType = 0x02 MessagingDevice EFIDeviceType = 0x03 MediaDevice EFIDeviceType = 0x04 BBSDevice EFIDeviceType = 0x05 EndDeviceArrayMarker EFIDeviceType = 0x7f ) // ErrSigMissingGUID is returned if an EFI_SIGNATURE_DATA structure was parsed // successfully, however was missing the SignatureOwner GUID. This case is // handled specially as a workaround for a bug relating to authority events. var ErrSigMissingGUID = errors.New("signature data was missing owner GUID") // TaggedEventData represents the TCG_PCClientTaggedEventStruct structure, // as defined by 11.3.2.1 in the "TCG PC Client Specific Implementation // Specification for Conventional BIOS", version 1.21. type TaggedEventData struct { ID uint32 Data []byte } // ParseTaggedEventData parses a TCG_PCClientTaggedEventStruct structure. func ParseTaggedEventData(d []byte) (*TaggedEventData, error) { var ( r = bytes.NewReader(d) header struct { ID uint32 DataLen uint32 } ) if err := binary.Read(r, binary.LittleEndian, &header); err != nil { return nil, fmt.Errorf("reading header: %w", err) } if int(header.DataLen) > len(d) { return nil, fmt.Errorf("tagged event len (%d bytes) larger than data length (%d bytes)", header.DataLen, len(d)) } out := TaggedEventData{ ID: header.ID, Data: make([]byte, header.DataLen), } return &out, binary.Read(r, binary.LittleEndian, &out.Data) } // efiGUID represents the EFI_GUID type. // See section "2.3.1 Data Types" in the specification for more information. // type efiGUID [16]byte type efiGUID struct { Data1 uint32 Data2 uint16 Data3 uint16 Data4 [8]byte } func (d efiGUID) String() string { var u [8]byte binary.BigEndian.PutUint32(u[:4], d.Data1) binary.BigEndian.PutUint16(u[4:6], d.Data2) binary.BigEndian.PutUint16(u[6:8], d.Data3) return fmt.Sprintf("%x-%x-%x-%x-%x", u[:4], u[4:6], u[6:8], d.Data4[:2], d.Data4[2:]) } // UEFIVariableDataHeader represents the leading fixed-size fields // within UEFI_VARIABLE_DATA. type UEFIVariableDataHeader struct { VariableName efiGUID UnicodeNameLength uint64 // uintN VariableDataLength uint64 // uintN } // UEFIVariableData represents the UEFI_VARIABLE_DATA structure. type UEFIVariableData struct { Header UEFIVariableDataHeader UnicodeName []uint16 VariableData []byte // []int8 } // ParseUEFIVariableData parses the data section of an event structured as // a UEFI variable. // // https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_Specific_Platform_Profile_for_TPM_2p0_1p04_PUBLIC.pdf#page=100 func ParseUEFIVariableData(r io.Reader) (ret UEFIVariableData, err error) { err = binary.Read(r, binary.LittleEndian, &ret.Header) if err != nil { return } if ret.Header.UnicodeNameLength > maxNameLen { return UEFIVariableData{}, fmt.Errorf("unicode name too long: %d > %d", ret.Header.UnicodeNameLength, maxNameLen) } ret.UnicodeName = make([]uint16, ret.Header.UnicodeNameLength) for i := 0; uint64(i) < ret.Header.UnicodeNameLength; i++ { err = binary.Read(r, binary.LittleEndian, &ret.UnicodeName[i]) if err != nil { return } } if ret.Header.VariableDataLength > maxDataLen { return UEFIVariableData{}, fmt.Errorf("variable data too long: %d > %d", ret.Header.VariableDataLength, maxDataLen) } ret.VariableData = make([]byte, ret.Header.VariableDataLength) _, err = io.ReadFull(r, ret.VariableData) return } // VarName returns the UEFI variable name. func (v *UEFIVariableData) VarName() string { return string(utf16.Decode(v.UnicodeName)) } // SignatureData parses a UEFI variable for signature data. func (v *UEFIVariableData) SignatureData() (certs []x509.Certificate, hashes [][]byte, err error) { return parseEfiSignatureList(v.VariableData) } // UEFIVariableAuthority describes the contents of a UEFI variable authority // event. type UEFIVariableAuthority struct { Certs []x509.Certificate } // ParseUEFIVariableAuthority parses the data section of an event structured as // a UEFI variable authority. // // https://uefi.org/sites/default/files/resources/UEFI_Spec_2_8_final.pdf#page=1789 func ParseUEFIVariableAuthority(v UEFIVariableData) (UEFIVariableAuthority, error) { if v.Header.VariableName == shimLockGUID && ( // Skip parsing new SBAT section logged by shim. // See https://github.com/rhboot/shim/blob/main/SBAT.md for more. unicodeNameEquals(v, shimSbatVarName) || //https://github.com/rhboot/shim/blob/20e4d9486fcae54ee44d2323ae342ffe68c920e6/include/sbat.h#L9-L12 // Skip parsing new MokListTrusted section logged by shim. // See https://github.com/rhboot/shim/blob/main/MokVars.txt for more. unicodeNameEquals(v, shimMokListTrustedVarName)) { //https://github.com/rhboot/shim/blob/4e513405b4f1641710115780d19dcec130c5208f/mok.c#L169-L182 return UEFIVariableAuthority{}, nil } certs, err := parseEfiSignature(v.VariableData) return UEFIVariableAuthority{Certs: certs}, err } func unicodeNameEquals(v UEFIVariableData, comp []uint16) bool { if len(v.UnicodeName) != len(comp) { return false } for i, v := range v.UnicodeName { if v != comp[i] { return false } } return true } // efiSignatureData represents the EFI_SIGNATURE_DATA type. // See section "31.4.1 Signature Database" in the specification for more information. type efiSignatureData struct { SignatureOwner efiGUID SignatureData []byte // []int8 } // efiSignatureList represents the EFI_SIGNATURE_LIST type. // See section "31.4.1 Signature Database" in the specification for more information. type efiSignatureListHeader struct { SignatureType efiGUID SignatureListSize uint32 SignatureHeaderSize uint32 SignatureSize uint32 } type efiSignatureList struct { Header efiSignatureListHeader SignatureData []byte Signatures []byte } // parseEfiSignatureList parses a EFI_SIGNATURE_LIST structure. // The structure and related GUIDs are defined at: // https://uefi.org/sites/default/files/resources/UEFI_Spec_2_8_final.pdf#page=1790 func parseEfiSignatureList(b []byte) ([]x509.Certificate, [][]byte, error) { if len(b) < 28 { // Being passed an empty signature list here appears to be valid return nil, nil, nil } signatures := efiSignatureList{} buf := bytes.NewReader(b) certificates := []x509.Certificate{} hashes := [][]byte{} for buf.Len() > 0 { err := binary.Read(buf, binary.LittleEndian, &signatures.Header) if err != nil { return nil, nil, err } if signatures.Header.SignatureHeaderSize > maxDataLen { return nil, nil, fmt.Errorf("signature header too large: %d > %d", signatures.Header.SignatureHeaderSize, maxDataLen) } if signatures.Header.SignatureListSize > maxDataLen { return nil, nil, fmt.Errorf("signature list too large: %d > %d", signatures.Header.SignatureListSize, maxDataLen) } signatureType := signatures.Header.SignatureType switch signatureType { case certX509SigGUID: // X509 certificate for sigOffset := 0; uint32(sigOffset) < signatures.Header.SignatureListSize-28; { signature := efiSignatureData{} signature.SignatureData = make([]byte, signatures.Header.SignatureSize-16) err := binary.Read(buf, binary.LittleEndian, &signature.SignatureOwner) if err != nil { return nil, nil, err } err = binary.Read(buf, binary.LittleEndian, &signature.SignatureData) if err != nil { return nil, nil, err } cert, err := x509.ParseCertificate(signature.SignatureData) if err != nil { return nil, nil, err } sigOffset += int(signatures.Header.SignatureSize) certificates = append(certificates, *cert) } case hashSHA256SigGUID: // SHA256 for sigOffset := 0; uint32(sigOffset) < signatures.Header.SignatureListSize-28; { signature := efiSignatureData{} signature.SignatureData = make([]byte, signatures.Header.SignatureSize-16) err := binary.Read(buf, binary.LittleEndian, &signature.SignatureOwner) if err != nil { return nil, nil, err } err = binary.Read(buf, binary.LittleEndian, &signature.SignatureData) if err != nil { return nil, nil, err } hashes = append(hashes, signature.SignatureData) sigOffset += int(signatures.Header.SignatureSize) } case keyRSA2048SigGUID: err = errors.New("unhandled RSA2048 key") case certRSA2048SHA256SigGUID: err = errors.New("unhandled RSA2048-SHA256 key") case hashSHA1SigGUID: err = errors.New("unhandled SHA1 hash") case certRSA2048SHA1SigGUID: err = errors.New("unhandled RSA2048-SHA1 key") case hashSHA224SigGUID: err = errors.New("unhandled SHA224 hash") case hashSHA384SigGUID: err = errors.New("unhandled SHA384 hash") case hashSHA512SigGUID: err = errors.New("unhandled SHA512 hash") case certHashSHA256SigGUID: err = errors.New("unhandled X509-SHA256 hash metadata") case certHashSHA384SigGUID: err = errors.New("unhandled X509-SHA384 hash metadata") case certHashSHA512SigGUID: err = errors.New("unhandled X509-SHA512 hash metadata") default: err = fmt.Errorf("unhandled signature type %s", signatureType) } if err != nil { return nil, nil, err } } return certificates, hashes, nil } // EFISignatureData represents the EFI_SIGNATURE_DATA type. // See section "31.4.1 Signature Database" in the specification // for more information. type EFISignatureData struct { SignatureOwner efiGUID SignatureData []byte // []int8 } func parseEfiSignature(b []byte) ([]x509.Certificate, error) { certificates := []x509.Certificate{} if len(b) < 16 { return nil, fmt.Errorf("invalid signature: buffer smaller than header (%d < %d)", len(b), 16) } buf := bytes.NewReader(b) signature := EFISignatureData{} signature.SignatureData = make([]byte, len(b)-16) if err := binary.Read(buf, binary.LittleEndian, &signature.SignatureOwner); err != nil { return certificates, err } if err := binary.Read(buf, binary.LittleEndian, &signature.SignatureData); err != nil { return certificates, err } cert, err := x509.ParseCertificate(signature.SignatureData) if err == nil { certificates = append(certificates, *cert) } else { // A bug in shim may cause an event to be missing the SignatureOwner GUID. // We handle this, but signal back to the caller using ErrSigMissingGUID. var err2 error cert, err2 = x509.ParseCertificate(b) if err2 == nil { certificates = append(certificates, *cert) err = ErrSigMissingGUID } } return certificates, err } // EFIDevicePathElement describes an EFI_DEVICE_PATH. type EFIDevicePathElement struct { Type EFIDeviceType Subtype uint8 Data []byte } // EFIImageLoad describes an EFI_IMAGE_LOAD_EVENT structure. type EFIImageLoad struct { Header EFIImageLoadHeader DevPathData []byte } // EFIImageLoadHeader is the header of an EFI_IMAGE_LOAD_EVENT structure. type EFIImageLoadHeader struct { LoadAddr uint64 Length uint64 LinkAddr uint64 DevicePathLen uint64 } func parseDevicePathElement(r io.Reader) (EFIDevicePathElement, error) { var ( out EFIDevicePathElement dataLen uint16 ) if err := binary.Read(r, binary.LittleEndian, &out.Type); err != nil { return EFIDevicePathElement{}, fmt.Errorf("reading type: %v", err) } if err := binary.Read(r, binary.LittleEndian, &out.Subtype); err != nil { return EFIDevicePathElement{}, fmt.Errorf("reading subtype: %v", err) } if err := binary.Read(r, binary.LittleEndian, &dataLen); err != nil { return EFIDevicePathElement{}, fmt.Errorf("reading data len: %v", err) } if dataLen > maxNameLen { return EFIDevicePathElement{}, fmt.Errorf("device path data too long: %d > %d", dataLen, maxNameLen) } if dataLen < 4 { return EFIDevicePathElement{}, fmt.Errorf("device path data too short: %d < %d", dataLen, 4) } out.Data = make([]byte, dataLen-4) if err := binary.Read(r, binary.LittleEndian, &out.Data); err != nil { return EFIDevicePathElement{}, fmt.Errorf("reading data: %v", err) } return out, nil } // DevicePath returns the device path of an EFI_IMAGE_LOAD_EVENT. func (h *EFIImageLoad) DevicePath() ([]EFIDevicePathElement, error) { var ( r = bytes.NewReader(h.DevPathData) out []EFIDevicePathElement ) for r.Len() > 0 { e, err := parseDevicePathElement(r) if err != nil { return nil, err } if e.Type == EndDeviceArrayMarker { return out, nil } out = append(out, e) } return out, nil } // ParseEFIImageLoad parses an EFI_IMAGE_LOAD_EVENT structure. // // https://trustedcomputinggroup.org/wp-content/uploads/TCG_EFI_Platform_1_22_Final_-v15.pdf#page=17 func ParseEFIImageLoad(r io.Reader) (ret EFIImageLoad, err error) { err = binary.Read(r, binary.LittleEndian, &ret.Header) if err != nil { return } if ret.Header.DevicePathLen > maxNameLen { return EFIImageLoad{}, fmt.Errorf("device path structure too long: %d > %d", ret.Header.DevicePathLen, maxNameLen) } ret.DevPathData = make([]byte, ret.Header.DevicePathLen) err = binary.Read(r, binary.LittleEndian, &ret.DevPathData) return } golang-github-google-go-eventlog-0.0.2/tcg/pfpformat.go000066400000000000000000000516351515555264200230640ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. // Package tcg exposes utilities and constants that correspond to TCG specs // including TPM 2.0 and the PC Client Platform Firmware Profile. package tcg import ( "bytes" "crypto" "encoding/binary" "errors" "fmt" "io" "sort" "strings" pb "github.com/google/go-eventlog/proto/state" "github.com/google/go-eventlog/register" "github.com/google/go-tpm/legacy/tpm2" ) type digestVerified int // Verified statuses. const ( UNKNOWN digestVerified = iota VERIFIED UNVERIFIED ) // Event is a single event from a TCG event log. This reports descrete items such // as BIOS measurements or EFI states. // // There are many pitfalls for using event log events correctly to determine the // state of a machine[1]. In general it's much safer to only rely on the raw PCR // values and use the event log for debugging. // // [1] https://github.com/google/go-attestation/blob/master/docs/event-log-disclosure.md type Event struct { // sequence gives the order of the event in the event log. sequence int // Index of the PCR that this event was replayed against. Index int // Untrusted type of the event. This value is not verified by event log replays // and can be tampered with. It should NOT be used without additional context, // and unrecognized event types should result in errors. Type EventType // Data of the event. For certain kinds of events, this must match the event // digest to be valid. Data []byte // Digest is the verified digest of the event data. While an event can have // multiple for different hash values, this is the one that was matched to the // PCR value. Digest []byte hash crypto.Hash digestVerified digestVerified // TODO(ericchiang): Provide examples or links for which event types must // match their data to their digest. } // Num is the event number. func (e Event) Num() uint32 { return uint32(e.sequence) } // MRIndex is the event measurement register index. func (e Event) MRIndex() uint32 { return uint32(e.Index) } // UntrustedType gives the unmeasured event type. func (e Event) UntrustedType() EventType { tcgEvent := EventType(e.Type) if _, ok := tcgEvent.KnownName(); !ok { panic("library cannot convert between tpmeventlog EventType and tcg EventType for event " + e.UntrustedType().String()) } return tcgEvent } // RawData gives the event data. func (e Event) RawData() []byte { return e.Data } // ReplayedDigest gives the event's digest func (e Event) ReplayedDigest() []byte { return e.Digest } // DigestVerified returns whether the event's data matches its digest. // This must not be used before calling EventLog.Verify. func (e Event) DigestVerified() bool { if e.digestVerified != UNKNOWN { return e.digestVerified == VERIFIED } hasher := e.hash.New() hasher.Write(e.Data) digest := hasher.Sum(nil) if bytes.Equal(digest, e.Digest) { e.digestVerified = VERIFIED } else { e.digestVerified = UNVERIFIED } return e.digestVerified == VERIFIED } // ConvertToPbEvents returns the state.proto Events from the GenericEvents. func ConvertToPbEvents(hash crypto.Hash, events []Event) []*pb.Event { pbEvents := make([]*pb.Event, len(events)) for i, event := range events { hasher := hash.New() hasher.Write(event.RawData()) digest := hasher.Sum(nil) pbEvents[i] = &pb.Event{ PcrIndex: event.MRIndex(), UntrustedType: uint32(event.UntrustedType()), Data: event.RawData(), Digest: event.ReplayedDigest(), DigestVerified: bytes.Equal(digest, event.ReplayedDigest()), } } return pbEvents } // ReplayError describes the parsed events that failed to verify against // a particular PCR. type ReplayError struct { Events []Event // InvalidMRs reports the set of MRs where the event log replay failed. InvalidMRs []int } // Error returns a human-friendly description of replay failures. func (e ReplayError) Error() string { return fmt.Sprintf("event log failed to verify: the following registers failed to replay: %v", e.InvalidMRs) } func (e ReplayError) affected(mr int) bool { for _, m := range e.InvalidMRs { if m == mr { return true } } return false } // ParseOpts gives options for parsing the event log. type ParseOpts struct { AllowPadding bool } // ParseAndReplay takes a raw TCG measurement log, parses it, and replays it // against the given measurement registers. func ParseAndReplay(rawEventLog []byte, mrs []register.MR, parseOpts ParseOpts) ([]Event, error) { // Similar to parseCanonicalEventLog, just return an empty array of events for an empty log if len(rawEventLog) == 0 { return nil, nil } eventLog, err := ParseEventLog(rawEventLog, parseOpts) if err != nil { return nil, fmt.Errorf("failed to parse event log: %v", err) } events, err := eventLog.Verify(mrs) if err != nil { return nil, fmt.Errorf("failed to replay event log: %v", err) } return events, nil } // ParseEventLog parses an unverified measurement log. func ParseEventLog(measurementLog []byte, parseOpts ParseOpts) (*EventLog, error) { var specID *specIDEvent r := bytes.NewBuffer(measurementLog) parseFn := parseRawEvent var el EventLog e, err := parseFn(r, specID) if err != nil { return nil, fmt.Errorf("parse first event: %v", err) } if e.typ == eventTypeNoAction && len(e.data) >= binary.Size(specIDEventHeader{}) { specID, err = parseSpecIDEvent(e.data) if err != nil { return nil, fmt.Errorf("failed to parse spec ID event: %v", err) } for _, alg := range specID.algs { switch tpm2.Algorithm(alg.ID) { case tpm2.AlgSHA1: el.Algs = append(el.Algs, register.HashSHA1) case tpm2.AlgSHA256: el.Algs = append(el.Algs, register.HashSHA256) case tpm2.AlgSHA384: el.Algs = append(el.Algs, register.HashSHA384) } } if len(el.Algs) == 0 { return nil, fmt.Errorf("measurement log didn't use sha1, sha256, or sha384 digests") } // Switch to parsing crypto agile events. Don't include this in the // replayed events since it intentionally doesn't extend the PCRs. // // Note that this doesn't actually guarantee that events have SHA256 // digests. parseFn = parseRawEvent2 el.specIDEvent = specID } else { el.Algs = []register.HashAlg{register.HashSHA1} el.rawEvents = append(el.rawEvents, e) } sequence := 1 for r.Len() != 0 { e, err := parseFn(r, specID) if err == errEventLogPadding && parseOpts.AllowPadding { break } if err != nil { return nil, err } e.sequence = sequence sequence++ el.rawEvents = append(el.rawEvents, e) } return &el, nil } // EventLog is a parsed measurement log. This contains unverified data representing // boot events that must be replayed against PCR values to determine authenticity. type EventLog struct { // Algs holds the set of algorithms that the event log uses. Algs []register.HashAlg rawEvents []rawEvent specIDEvent *specIDEvent } func (e *EventLog) clone() *EventLog { out := EventLog{ Algs: make([]register.HashAlg, len(e.Algs)), rawEvents: make([]rawEvent, len(e.rawEvents)), } copy(out.Algs, e.Algs) copy(out.rawEvents, e.rawEvents) if e.specIDEvent != nil { dupe := *e.specIDEvent out.specIDEvent = &dupe } return &out } // Events returns events that have not been replayed against the PCR values and // are therefore unverified. The returned events contain the digest that matches // the provided hash algorithm, or are empty if that event didn't contain a // digest for that hash. // // This method is insecure and should only be used for debugging. func (e *EventLog) Events(hash register.HashAlg) []Event { var events []Event for _, re := range e.rawEvents { ev := Event{ Index: re.index, Type: re.typ, Data: re.data, } for _, digest := range re.digests { if hash.CryptoHash() != digest.hash { continue } ev.Digest = digest.data break } events = append(events, ev) } return events } // Verify replays the event log against a TPM's PCR values, returning the // events which could be matched to a provided PCR value. // // PCRs provide no security guarantees unless they're attested to have been // generated by a TPM. Verify does not perform these checks. // // An error is returned if the replayed digest for events with a given PCR // index do not match any provided value for that PCR index. func (e *EventLog) Verify(mrs []register.MR) ([]Event, error) { events, err := e.verify(mrs) // If there were any issues replaying the PCRs, try each of the workarounds // in turn. // TODO(jsonp): Allow workarounds to be combined. if rErr, isReplayErr := err.(ReplayError); isReplayErr { for _, wkrd := range EventlogWorkarounds { if !rErr.affected(wkrd.affectedPCR) { continue } el := e.clone() if err := wkrd.apply(el); err != nil { return nil, fmt.Errorf("failed applying workaround %q: %v", wkrd.id, err) } if events, err := el.verify(mrs); err == nil { return events, nil } } } return events, err } func (e *EventLog) verify(mrs []register.MR) ([]Event, error) { events, err := replayEvents(e.rawEvents, mrs) if err != nil { if _, isReplayErr := err.(ReplayError); isReplayErr { return nil, err } return nil, fmt.Errorf("registers failed to replay: %v", err) } return events, nil } func extend(pcr register.MR, replay []byte, e rawEvent, locality byte) (pcrDigest []byte, eventDigest []byte, err error) { h := pcr.DgstAlg() for _, digest := range e.digests { if digest.hash != pcr.DgstAlg() { continue } if len(digest.data) != len(pcr.Dgst()) { return nil, nil, fmt.Errorf("digest data length (%d) doesn't match PCR digest length (%d)", len(digest.data), len(pcr.Dgst())) } hash := h.New() if len(replay) != 0 { hash.Write(replay) } else { b := make([]byte, h.Size()) b[h.Size()-1] = locality hash.Write(b) } hash.Write(digest.data) return hash.Sum(nil), digest.data, nil } return nil, nil, fmt.Errorf("no event digest matches pcr algorithm: %v", pcr.DgstAlg()) } // replayPCR replays the event log for a specific PCR, using pcr and // event digests with the algorithm in pcr. An error is returned if the // replayed values do not match the final PCR digest, or any event tagged // with that PCR does not possess an event digest with the specified algorithm. func replayPCR(rawEvents []rawEvent, mr register.MR) ([]Event, bool) { var ( replay []byte outEvents []Event locality byte ) mrIdx := mr.Idx() for _, e := range rawEvents { if e.index != mrIdx { continue } // If TXT is enabled then the first event for PCR0 // should be a StartupLocality event. The final byte // of this event indicates the locality from which // TPM2_Startup() was issued. The initial value of // PCR0 is equal to the locality. if e.typ == eventTypeNoAction { if mr.Idx() == 0 && len(e.data) == 17 && strings.HasPrefix(string(e.data), "StartupLocality") { locality = e.data[len(e.data)-1] } continue } replayValue, digest, err := extend(mr, replay, e, locality) if err != nil { return nil, false } replay = replayValue outEvents = append(outEvents, Event{ sequence: e.sequence, Data: e.data, Digest: digest, Index: mrIdx, Type: e.typ, hash: mr.DgstAlg(), }) } if len(outEvents) > 0 && !bytes.Equal(replay, mr.Dgst()) { return nil, false } return outEvents, true } type pcrReplayResult struct { events []Event successful bool } func replayEvents(rawEvents []rawEvent, mrs []register.MR) ([]Event, error) { var ( invalidReplays []int verifiedEvents []Event allPCRReplays = map[int][]pcrReplayResult{} ) // Replay the event log for every PCR and digest algorithm combination. for _, mr := range mrs { events, ok := replayPCR(rawEvents, mr) allPCRReplays[mr.Idx()] = append(allPCRReplays[mr.Idx()], pcrReplayResult{events, ok}) } // Record PCR indices which do not have any successful replay. Record the // events for a successful replay. pcrLoop: for i, replaysForPCR := range allPCRReplays { for _, replay := range replaysForPCR { if replay.successful { // We consider the PCR verified at this stage: The replay of values with // one digest algorithm matched a provided value. // As such, we save the PCR's events, and proceed to the next PCR. verifiedEvents = append(verifiedEvents, replay.events...) continue pcrLoop } } invalidReplays = append(invalidReplays, i) } if len(invalidReplays) > 0 { events := make([]Event, 0, len(rawEvents)) for _, e := range rawEvents { events = append(events, Event{ sequence: e.sequence, Index: e.index, Type: e.typ, Data: e.data, }) } return nil, ReplayError{ Events: events, InvalidMRs: invalidReplays, } } sort.Slice(verifiedEvents, func(i int, j int) bool { return verifiedEvents[i].sequence < verifiedEvents[j].sequence }) return verifiedEvents, nil } // EV_NO_ACTION is a special event type that indicates information to the parser // instead of holding a measurement. For TPM 2.0, this event type is used to signal // switching from SHA1 format to a variable length digest. // // https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientSpecPlat_TPM_2p0_1p04_pub.pdf#page=110 const eventTypeNoAction = 0x03 type specIDEvent struct { algs []specAlgSize } type specAlgSize struct { ID uint16 Size uint16 } // Expected values for various Spec ID Event fields. // https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf#page=19 var wantSignature = [16]byte{0x53, 0x70, 0x65, 0x63, 0x20, 0x49, 0x44, 0x20, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x30, 0x33, 0x00} // "Spec ID Event03\0" const ( wantMajor = 2 wantMinor = 0 wantErrata = 0 ) type specIDEventHeader struct { Signature [16]byte PlatformClass uint32 VersionMinor uint8 VersionMajor uint8 Errata uint8 UintnSize uint8 NumAlgs uint32 } // parseSpecIDEvent parses a TCG_EfiSpecIDEventStruct structure from the reader. // // https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf#page=18 func parseSpecIDEvent(b []byte) (*specIDEvent, error) { r := bytes.NewReader(b) var header specIDEventHeader if err := binary.Read(r, binary.LittleEndian, &header); err != nil { return nil, fmt.Errorf("reading event header: %w: %X", err, b) } if header.Signature != wantSignature { return nil, fmt.Errorf("invalid spec id signature: %x", header.Signature) } if header.VersionMajor != wantMajor { return nil, fmt.Errorf("invalid spec major version, got %02x, wanted %02x", header.VersionMajor, wantMajor) } if header.VersionMinor != wantMinor { return nil, fmt.Errorf("invalid spec minor version, got %02x, wanted %02x", header.VersionMajor, wantMinor) } // TODO(ericchiang): Check errata? Or do we expect that to change in ways // we're okay with? specAlg := specAlgSize{} e := specIDEvent{} for i := 0; i < int(header.NumAlgs); i++ { if err := binary.Read(r, binary.LittleEndian, &specAlg); err != nil { return nil, fmt.Errorf("reading algorithm: %v", err) } e.algs = append(e.algs, specAlg) } var vendorInfoSize uint8 if err := binary.Read(r, binary.LittleEndian, &vendorInfoSize); err != nil { return nil, fmt.Errorf("reading vender info size: %v", err) } if r.Len() != int(vendorInfoSize) { return nil, fmt.Errorf("reading vendor info, expected %d remaining bytes, got %d", vendorInfoSize, r.Len()) } return &e, nil } type digest struct { hash crypto.Hash data []byte } type rawEvent struct { sequence int index int typ EventType data []byte digests []digest } type eventSizeErr struct { eventSize uint32 logSize int } func (e *eventSizeErr) Error() string { return fmt.Sprintf("event data size (%d bytes) is greater than remaining measurement log (%d bytes)", e.eventSize, e.logSize) } // AppendEvents takes a series of TPM 2.0 event logs and combines // them into a single sequence of events with a single header. // // Additional logs must not use a digest algorithm which was not // present in the original log. func AppendEvents(base []byte, additional ...[]byte) ([]byte, error) { baseLog, err := ParseEventLog(base, ParseOpts{}) if err != nil { return nil, fmt.Errorf("base: %v", err) } if baseLog.specIDEvent == nil { return nil, errors.New("tpm 1.2 event logs cannot be combined") } outBuff := make([]byte, len(base)) copy(outBuff, base) out := bytes.NewBuffer(outBuff) for i, l := range additional { log, err := ParseEventLog(l, ParseOpts{}) if err != nil { return nil, fmt.Errorf("log %d: %v", i, err) } if log.specIDEvent == nil { return nil, fmt.Errorf("log %d: cannot use tpm 1.2 event log as a source", i) } algCheck: for _, alg := range log.specIDEvent.algs { for _, baseAlg := range baseLog.specIDEvent.algs { if baseAlg == alg { continue algCheck } } return nil, fmt.Errorf("log %d: cannot use digest (%+v) not present in base log", i, alg) } for x, e := range log.rawEvents { // Serialize header (PCR index, event type, number of digests) binary.Write(out, binary.LittleEndian, rawEvent2Header{ PCRIndex: uint32(e.index), Type: uint32(e.typ), }) binary.Write(out, binary.LittleEndian, uint32(len(e.digests))) // Serialize digests for _, d := range e.digests { var algID uint16 switch d.hash { case crypto.SHA384: algID = uint16(register.HashSHA384) case crypto.SHA256: algID = uint16(register.HashSHA256) case crypto.SHA1: algID = uint16(register.HashSHA1) default: return nil, fmt.Errorf("log %d: event %d: unhandled hash function %v", i, x, d.hash) } binary.Write(out, binary.LittleEndian, algID) out.Write(d.data) } // Serialize event data binary.Write(out, binary.LittleEndian, uint32(len(e.data))) out.Write(e.data) } } return out.Bytes(), nil } // SHA1 event log format. See "5.1 SHA1 Event Log Entry Format" // https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf#page=15 type rawEventHeader struct { PCRIndex uint32 Type uint32 Digest [20]byte EventSize uint32 } func parseRawEvent(r *bytes.Buffer, _ *specIDEvent) (event rawEvent, err error) { var h rawEventHeader if err = binary.Read(r, binary.LittleEndian, &h); err != nil { return event, fmt.Errorf("header deserialization error: %w", err) } if h.EventSize > uint32(r.Len()) { return event, &eventSizeErr{h.EventSize, r.Len()} } data := make([]byte, int(h.EventSize)) if _, err := io.ReadFull(r, data); err != nil { return event, fmt.Errorf("reading data error: %w", err) } digests := []digest{{hash: crypto.SHA1, data: h.Digest[:]}} return rawEvent{ typ: EventType(h.Type), data: data, index: int(h.PCRIndex), digests: digests, }, nil } // Crypto Agile event log format. See "5.2 Crypto Agile Log Entry Format" // https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf#page=15 type rawEvent2Header struct { PCRIndex uint32 Type uint32 } func parseRawEvent2(r *bytes.Buffer, specID *specIDEvent) (event rawEvent, err error) { var h rawEvent2Header if err = binary.Read(r, binary.LittleEndian, &h); err != nil { return event, err } if h.PCRIndex == 0xFFFFFFFF { return event, errEventLogPadding } event.typ = EventType(h.Type) event.index = int(h.PCRIndex) // parse the event digests var numDigests uint32 if err := binary.Read(r, binary.LittleEndian, &numDigests); err != nil { return event, err } for i := 0; i < int(numDigests); i++ { var algID uint16 if err := binary.Read(r, binary.LittleEndian, &algID); err != nil { return event, err } var digest digest for _, alg := range specID.algs { if alg.ID != algID { continue } if r.Len() < int(alg.Size) { return event, fmt.Errorf("reading digest: %v", io.ErrUnexpectedEOF) } digest.data = make([]byte, alg.Size) digest.hash = register.HashAlg(alg.ID).CryptoHash() } if len(digest.data) == 0 { digest.data = make([]byte, 8) digest.data[0] = 0 return event, fmt.Errorf("unknown algorithm ID %x", algID) } if _, err := io.ReadFull(r, digest.data); err != nil { return event, err } event.digests = append(event.digests, digest) } // parse event data var eventSize uint32 if err = binary.Read(r, binary.LittleEndian, &eventSize); err != nil { return event, err } if eventSize > uint32(r.Len()) { return event, &eventSizeErr{eventSize, r.Len()} } event.data = make([]byte, int(eventSize)) if _, err := io.ReadFull(r, event.data); err != nil { return event, err } return event, err } var errEventLogPadding = errors.New("reached padding before event log EOF") golang-github-google-go-eventlog-0.0.2/testdata/000077500000000000000000000000001515555264200215615ustar00rootroot00000000000000golang-github-google-go-eventlog-0.0.2/testdata/eventlog_data.go000066400000000000000000000101571515555264200247300ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. // Package testdata contains event logs and event log-related info for testing. package testdata import _ "embed" // Necessary to use go:embed // Raw binary TCG Event Logs var ( //go:embed eventlogs/tpm/arch-linux-workstation.bin ArchLinuxWorkstationEventLog []byte //go:embed eventlogs/tpm/debian-10.bin Debian10EventLog []byte //go:embed eventlogs/tpm/glinux-alex.bin GlinuxAlexEventLog []byte //go:embed eventlogs/tpm/rhel8-uefi.bin Rhel8EventLog []byte //go:embed eventlogs/tpm/ubuntu-1804-amd-sev.bin Ubuntu1804AmdSevEventLog []byte //go:embed eventlogs/tpm/ubuntu-2104-no-dbx.bin Ubuntu2104NoDbxEventLog []byte //go:embed eventlogs/tpm/ubuntu-2104-no-secure-boot.bin Ubuntu2104NoSecureBootEventLog []byte //go:embed eventlogs/tpm/ubuntu-2404-amd-sevsnp.bin Ubuntu2404AmdSevSnpEventLog []byte //go:embed eventlogs/tpm/cos-85-amd-sev.bin Cos85AmdSevEventLog []byte //go:embed eventlogs/tpm/cos-93-amd-sev.bin Cos93AmdSevEventLog []byte //go:embed eventlogs/tpm/cos-101-amd-sev.bin Cos101AmdSevEventLog []byte ) // Kernel command lines from event logs. var ( Cos85AmdSevCmdline = "/syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 \"dm=1 vroot none ro 1,0 4077568 verity payload=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashtree=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashstart=4077568 alg=sha256 root_hexdigest=795872ee03859c10dfcc4d67b4b96c85094b340c2d8784783abc2fa12a6ed671 salt=40eb77fb9093cbff56a6f9c2214c4f7554817d079513b7c77de4953d6b8ffc16\"\x00" Cos93AmdSevCmdline = "/syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 console=tty1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 \"dm=1 vroot none ro 1,0 4077568 verity payload=PARTUUID=05CDEDEA-42C6-2248-B6B3-AB4CE3EA7501 hashtree=PARTUUID=05CDEDEA-42C6-2248-B6B3-AB4CE3EA7501 hashstart=4077568 alg=sha256 root_hexdigest=8db95edb446a7311634fc8409e6eab39c66886c4db16aeeef166bbd8fe4ff357 salt=3ec6b6fef69119253b9a5f79a5bb06bc7b12f177063b2466a04f08976375af44\"\x00" Cos101AmdSevCmdline = "/syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 console=tty1 console=ttyS0 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 \"dm=1 vroot none ro 1,0 4077568 verity payload=PARTUUID=1D70214B-9AB3-E542-8372-3CCD786534FA hashtree=PARTUUID=1D70214B-9AB3-E542-8372-3CCD786534FA hashstart=4077568 alg=sha256 root_hexdigest=48d436350a7e83bde985cd3f7e79fa443557743b42243803ce31104ca4719c5d salt=b323b014b6f463172fca758a1c5a6745a2c8e5872be0e175e2f4b40c8295b2ab\"\x00" Ubuntu2404AmdSevSnpCmdline = "/vmlinuz-6.8.0-1010-gcp root=PARTUUID=8270f3c9-b4e4-4345-80ee-5a62db7ebf3f ro console=ttyS0,115200 panic=-1\x00" ) golang-github-google-go-eventlog-0.0.2/testdata/eventlogs/000077500000000000000000000000001515555264200235675ustar00rootroot00000000000000golang-github-google-go-eventlog-0.0.2/testdata/eventlogs/ccel/000077500000000000000000000000001515555264200244755ustar00rootroot00000000000000golang-github-google-go-eventlog-0.0.2/testdata/eventlogs/ccel/CCEL.bin000066400000000000000000000000701515555264200256720ustar00rootroot00000000000000CCEL8INTEL EDK2  d}golang-github-google-go-eventlog-0.0.2/testdata/eventlogs/ccel/CCEL_unpadded.data.bin000066400000000000000000000037521515555264200304600ustar00rootroot00000000000000!Spec ID Event03 0  . 5Z'̢\G8d:YZs˽dApt?* TdxTableNbtVB6  4K ! t6I}iߢX=A* }G1U_Vg:)Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)@ Ϥrb{mVi*X{Ecn ϯ@GK^ַ325aʓ + SecureBoot o.<io^>i0V3V쥶Ki!a*X%$aʓ +PK  u}ia\:WْƷ@ǿ׼XDޭ&aʓ +KEK Oc764Icsgj `.HV8Z>V'$˲:=Egeodb nꙪ#B>m QPO aӛ֩^h j&˲:=Egeodbx 9CA,'ư~ a6)+Wes~ٮAXq`᭟  y}P*wi֋:Cfj: )kOJaQe#gD.J`z 7*r(JDÞkernel W Aa(;h䵓YEheΣ$"a$` |4aʓ + BootOrder #Ra/4Fv bִvKVҎzgŏҩt˜naʓ +>Boot0000 ,UiAppɽ|4O>e!,FvEnf#1 wڲ1+NWMZ!gz!*ځ x@4k 8 Cq(Calling EFI Application from Boot Option 9CA,'ư~ a6)+Wes~ٮAXq`᭟ >nӳ|(X?$y>FL2YCe8?`LOADED_IMAGE::LoadOptions !K yu`4Hwt?*Sb$T@|K)]ڽevwExit Boot Services Invocation .]0m @ l& @i^dUJe,Ѐ# t(Exit Boot Services Returned with Successcos-113-intel-tdx-dupe-separator-unpadded.bin000066400000000000000000000432651515555264200346310ustar00rootroot00000000000000golang-github-google-go-eventlog-0.0.2/testdata/eventlogs/ccel!Spec ID Event03 0  Eڦ ޡyto?Ю> ^# B1g{"D!* TdxTableNbtVB6  ڐh{tqI&.bVk5 5+7?:)Fv(48DB5E17-707C-472D-91CD-1613E7EF51B0) Ϥrb{mVi*X{Ecn ϯ@GK^ַ325aʓ + SecureBoot z q,W1WuusC*k+&a̦Tmaʓ +IPKY䔧J\+rI-҈G[G00`a^JiUR^0  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI Platform Key v100 200806194844Z 300804194844Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI Platform Key v100"0  *H 0 I y-Gw|ΛF?H`;&=PjlMĻ3 9&tiAaz(o6<;'HdUF-?2<}a {U}Cbͭ(_6H/̾hOF;\_j$ϝO)`TdQ#$9U t\󎎔/i ݊<tͥ Q7uRTcާq {?=l\8 h2XI[ k0i0U00)U" 4J~ڕl0#K$vP0+U#$0" 4J~ڕl0#K$vP0  *H  ;>fŽ;izFdLe0x &:kybn <-z\ٛ6tiHi79)hoH;jz?>DXӷ `𭧰Hml2׏2xvAR֒>Ef j= 1xu#AOB`0?R- <3:V׾Vxam13c(m8#ytkk` a%B-vKhiKd{iЃ)N>TD-\'xfDjWxaʓ +RKEKY䔧J\+rR6҈G[G0"0 Uyi')P30  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1"0 UUEFI Key Exchange Key v100 200806194850Z 300804194850Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1"0 UUEFI Key Exchange Key v100"0  *H 0 d"x:Wf=#ZDk\*yhe\+Am䒡0Dc@Wr'd+L,>3&w$pbeZUBr ՘ilL~$s3qS00ZSp Aލ_PKjtT-Kk0i0U00)U" KNqXJ[`gG_M ~YKZ'$0+U#$0" KNqXJ[`gG_M ~YKZ'$0  *H  wwYUY98+9=zm_:-|nʎ2B)?7vRxb< \Ӥ!-HR*lEYDx rZC!0Vl!}w0ؒ>˦н6R 3Zף͑ݑ bs){% [W8`?<W+ʚCM컱HSD6RMm2 Orp0);Pc4[ ͛mZ$r?x˲:=EgeomdbxY䔧J\+r|҈G[G0h0P 0  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v10 181208011941Z 281205011941Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v10"0  *H 0 g8?"N&HΟeu%Px06wwks׋& SI)Mm#w(/ )gMbMM[shV`HE'uZt$T(5Gŗ7*l;;g1*/9UvyX+L[X"^*ð.Rwu![hW&<isYL@_e "]]*Y5ܔMIJgWq=5hufÿuio2 C^ 00Uۚgd3F2Z8>0U#0ۚgd3F2Z8>01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v1 0 U00  *H  'k7))5FgG5T**l࿰~"S  :e9c-E~dN\S`wWv:F & · {-PۊGM.sW遂 q]2s[}aeTD#W`*!=hl8=䲃GP^ekݸ.~*΍(n1gP̊x~cy-~^~1otίľQa8Y䔧J\+r҈G[G00q [0  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v10 181208011940Z 281205011940Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v10"0  *H 0 aQ|68pe$3YNj\lyH,c(]iެ :Gl@_yi'w_qǟߧ]dE6ozOE҉A߻ ;cgW$_jA/>bdys+y~q"ok(b#OVڙ]ܐY9&m.-ЈQ]S NF_@$0p;frp3e"Z{00UZd̗t][;A0U#0Zd̗t][;A01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v1 [0 U00  *H  Zw489+^2%.a/.ZhÉLL0t7_2U,&+q$'P)6/R -D5Q͎;-Hłhi˧gX$_]ő.Gwy*Nqp+S)U0;b`r { C2CGZVt T O:IP0N0US1+اɛ4jo0U#0S1+اɛ4jo0 U00  *H  8Z:uA)( g^Q FfzZZj)SHЭOFP-4;-5IHTϛGjwoZCh^!+B:ImӉj*~-'o!c܌S@[a./ݦpL/f{b? rRC t7D5j&9Ѳ? lot [QIG`OBSTeN˴vYY䔧J\+r҈G[G00Ѡ q9c0  *H  01 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS1!0U UEFI Key Exchange Key v10  180427150637Z22180310150637Z01 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS1!0U UEFI Key Exchange Key v10"0  *H 0 !1YS##3湰AI婑'eP-DȣU$n1D9}@5T1UeħpلHƀPOd;/$󴼆R:vp7 <=&rިSsni5铍@~Y$O%AVp\đ]a#T~j?Ms-D~3 GcDScR{?\F^tГtBS d==sGP0N0UNiܓG4@hsIWjc/JENt/F(ٌҨsA<]}%NQyE8btKl1ÍϑVnI,!P"42JɆkZYⓨ<܍ɫp:y_/[/!igdcZ v@}˚/`ti5(m 9CA,'ư~ a6)+Wes~ٮAXq`᭟  -}(^$w`2eXB~0+qP| L ACPI DATA  P ]G @^0Sp1yw绨B ر`uyZ ACPI DATA   Bl[¤@UkqsTeUܖ k{!ҐuF ACPI DATA r^¨P$ګ6l6aMTHE3/2O6aʓ + BootOrder S3Ǯ04;<+~BՆơ$zi mKaʓ +`Boot0001&UEFI nvme_card-pd A NYMR,Y #Ra/4Fv bִvKVҎzgŏҩt˜naʓ +>Boot0000 ,UiAppɽ|4O>e!,FvEnf#1 wڲ1+NWMZ!gz!*ځ x@4k 8 Cq(Calling EFI Application from Boot Option 9CA,'ư~ a6)+Wes~ٮAXq`᭟ D@ԀTsӎCÊg.PK[AAF/} ?dEFI PART\V]?"?n^J<1Z)` =rGy=iG}_%-ڳDn8)LЄ?STATE]*:2OA%2 0c_E %PwPKERN-A<~;G<<߹I;DτROOT-A]*:2OA%2 6sBCЙG7OKERN-B<~;G<<엸MDMDROOT-B]*:2OA%2 :`1H<@@@@KERN-C<~;G<;X[B탤EFI-SYSTEM Zlܜ,T&#A[\2 p A * X[B탤0\EFI\BOOT\BOOTX64.EFI  %q3JW#!DGBHx}r h: cLvwaMokList  %q3JW#!DGBHx}r h: cLvwa MokListX C┍cD.j~qeA.prxt` V&MS.݇)8DP]`FC=݋# SbatLevelsbat,1,2021030218  ) .dceŸT~m<<$rkM"YM![x=P]`FC=݋#MokListTrusted  ,}_ϫw { 2p h2~ oE$#tU cl}AMokListTrusted L `puoNVv &E=)?\ W <8\EFI\BOOT\grub-lakitu.efi  M]7M;p@uܒ,*!o"=eB >IX/efi/boot/grub.cfg  6.p)e7Tnn ;q{te"bfgrub_cmd: defaultA=2  AYNu`h5F$futcSCwar "grub_cmd: gptpriority hd0 4 prioB  Fya~EFa\f'>eu \S r3Msp)~*grub_cmd: [ 1 -lt 0 ]  81g\(bNīM)*ȫhmo& bgrub_cmd: set default=2  Tm4e3&0HlDAmբg70z%@"grub_cmd: set timeout=0  uHUaĤdlk7 <m=oyRnʕgrub_cmd: menuentry local image A { linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 i915.modeset=1 cros_efi root=PARTUUID=F981B9DF-D3B0-A349-9594-C1B5B28A3BEE }  W]0>Fڧ݁Pc)3hFVj,rgrub_cmd: menuentry local image B { linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 i915.modeset=1 cros_efi root=PARTUUID=BF7FB897-9FA3-B84D-8644-93B2144DB391 }  1k5hT 1> ^%,)!)WrwB%!-grub_cmd: menuentry verified image A { linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm-mod.create="vroot,,,ro,0 4077568 verity 0 PARTUUID=F981B9DF-D3B0-A349-9594-C1B5B28A3BEE PARTUUID=F981B9DF-D3B0-A349-9594-C1B5B28A3BEE 4096 4096 509696 509696 sha256 2a0357a89582144472ca882632611094c66babdb6486d5d7b49597638bf52b12 5d0efafbace0a8274f4875002856103d582a438bd0c479f9d379deae00e66fa0" }  |Kd7 ١G{`GЄrY/W2grub_cmd: menuentry verified image B { linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm-mod.create="vroot,,,ro,0 4077568 verity 0 PARTUUID=BF7FB897-9FA3-B84D-8644-93B2144DB391 PARTUUID=BF7FB897-9FA3-B84D-8644-93B2144DB391 4096 4096 509696 509696 sha256 2a0357a89582144472ca882632611094c66babdb6486d5d7b49597638bf52b12 5d0efafbace0a8274f4875002856103d582a438bd0c479f9d379deae00e66fa0" }  ܮSsaF?^, 󶞣}Uime3͉R4grub_cmd: menuentry Alternate USB Boot { linux (hd0,3)/boot/vmlinuz init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 root=PARTUUID=F981B9DF-D3B0-A349-9594-C1B5B28A3BEE i915.modeset=1 cros_efi }  "`E4N AdBh .c~᫈;pc"%grub_cmd: setparams verified image A  0ɀ^*(юՒܩVߓq?.FAɅgeH[*Czgrub_cmd: linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm-mod.create=vroot,,,ro,0 4077568 verity 0 PARTUUID=F981B9DF-D3B0-A349-9594-C1B5B28A3BEE PARTUUID=F981B9DF-D3B0-A349-9594-C1B5B28A3BEE 4096 4096 509696 509696 sha256 2a0357a89582144472ca882632611094c66babdb6486d5d7b49597638bf52b12 5d0efafbace0a8274f4875002856103d582a438bd0c479f9d379deae00e66fa0  #r!(B塸c+c-Kc.PM9d{OZ/syslinux/vmlinuz.A  řyj:%k+71;m-enukernel_cmdline: /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 "dm-mod.create=vroot,,,ro,0 4077568 verity 0 PARTUUID=F981B9DF-D3B0-A349-9594-C1B5B28A3BEE PARTUUID=F981B9DF-D3B0-A349-9594-C1B5B28A3BEE 4096 4096 509696 509696 sha256 2a0357a89582144472ca882632611094c66babdb6486d5d7b49597638bf52b12 5d0efafbace0a8274f4875002856103d582a438bd0c479f9d379deae00e66fa0" !K yu`4Hwt?*Sb$T@|K)]ڽevwExit Boot Services Invocation .]0m @ l& @i^dUJe,Ѐ# t(Exit Boot Services Returned with Successgolang-github-google-go-eventlog-0.0.2/testdata/eventlogs/ccel/cos-113-intel-tdx-dupe-separator.bin000066400000000000000000010000001515555264200331030ustar00rootroot00000000000000!Spec ID Event03 0  Eڦ ޡyto?Ю> ^# B1g{"D!* TdxTableNbtVB6  ڐh{tqI&.bVk5 5+7?:)Fv(48DB5E17-707C-472D-91CD-1613E7EF51B0) Ϥrb{mVi*X{Ecn ϯ@GK^ַ325aʓ + SecureBoot z q,W1WuusC*k+&a̦Tmaʓ +IPKY䔧J\+rI-҈G[G00`a^JiUR^0  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI Platform Key v100 200806194844Z 300804194844Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI Platform Key v100"0  *H 0 I y-Gw|ΛF?H`;&=PjlMĻ3 9&tiAaz(o6<;'HdUF-?2<}a {U}Cbͭ(_6H/̾hOF;\_j$ϝO)`TdQ#$9U t\󎎔/i ݊<tͥ Q7uRTcާq {?=l\8 h2XI[ k0i0U00)U" 4J~ڕl0#K$vP0+U#$0" 4J~ڕl0#K$vP0  *H  ;>fŽ;izFdLe0x &:kybn <-z\ٛ6tiHi79)hoH;jz?>DXӷ `𭧰Hml2׏2xvAR֒>Ef j= 1xu#AOB`0?R- <3:V׾Vxam13c(m8#ytkk` a%B-vKhiKd{iЃ)N>TD-\'xfDjWxaʓ +RKEKY䔧J\+rR6҈G[G0"0 Uyi')P30  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1"0 UUEFI Key Exchange Key v100 200806194850Z 300804194850Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1"0 UUEFI Key Exchange Key v100"0  *H 0 d"x:Wf=#ZDk\*yhe\+Am䒡0Dc@Wr'd+L,>3&w$pbeZUBr ՘ilL~$s3qS00ZSp Aލ_PKjtT-Kk0i0U00)U" KNqXJ[`gG_M ~YKZ'$0+U#$0" KNqXJ[`gG_M ~YKZ'$0  *H  wwYUY98+9=zm_:-|nʎ2B)?7vRxb< \Ӥ!-HR*lEYDx rZC!0Vl!}w0ؒ>˦н6R 3Zף͑ݑ bs){% [W8`?<W+ʚCM컱HSD6RMm2 Orp0);Pc4[ ͛mZ$r?x˲:=EgeomdbxY䔧J\+r|҈G[G0h0P 0  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v10 181208011941Z 281205011941Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v10"0  *H 0 g8?"N&HΟeu%Px06wwks׋& SI)Mm#w(/ )gMbMM[shV`HE'uZt$T(5Gŗ7*l;;g1*/9UvyX+L[X"^*ð.Rwu![hW&<isYL@_e "]]*Y5ܔMIJgWq=5hufÿuio2 C^ 00Uۚgd3F2Z8>0U#0ۚgd3F2Z8>01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v1 0 U00  *H  'k7))5FgG5T**l࿰~"S  :e9c-E~dN\S`wWv:F & · {-PۊGM.sW遂 q]2s[}aeTD#W`*!=hl8=䲃GP^ekݸ.~*΍(n1gP̊x~cy-~^~1otίľQa8Y䔧J\+r҈G[G00q [0  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v10 181208011940Z 281205011940Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v10"0  *H 0 aQ|68pe$3YNj\lyH,c(]iެ :Gl@_yi'w_qǟߧ]dE6ozOE҉A߻ ;cgW$_jA/>bdys+y~q"ok(b#OVڙ]ܐY9&m.-ЈQ]S NF_@$0p;frp3e"Z{00UZd̗t][;A0U#0Zd̗t][;A01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v1 [0 U00  *H  Zw489+^2%.a/.ZhÉLL0t7_2U,&+q$'P)6/R -D5Q͎;-Hłhi˧gX$_]ő.Gwy*Nqp+S)U0;b`r { C2CGZVt T O:IP0N0US1+اɛ4jo0U#0S1+اɛ4jo0 U00  *H  8Z:uA)( g^Q FfzZZj)SHЭOFP-4;-5IHTϛGjwoZCh^!+B:ImӉj*~-'o!c܌S@[a./ݦpL/f{b? rRC t7D5j&9Ѳ? lot [QIG`OBSTeN˴vYY䔧J\+r҈G[G00Ѡ q9c0  *H  01 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS1!0U UEFI Key Exchange Key v10  180427150637Z22180310150637Z01 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS1!0U UEFI Key Exchange Key v10"0  *H 0 !1YS##3湰AI婑'eP-DȣU$n1D9}@5T1UeħpلHƀPOd;/$󴼆R:vp7 <=&rިSsni5铍@~Y$O%AVp\đ]a#T~j?Ms-D~3 GcDScR{?\F^tГtBS d==sGP0N0UNiܓG4@hsIWjc/JENt/F(ٌҨsA<]}%NQyE8btKl1ÍϑVnI,!P"42JɆkZYⓨ<܍ɫp:y_/[/!igdcZ v@}˚/`ti5(m 9CA,'ư~ a6)+Wes~ٮAXq`᭟  -}(^$w`2eXB~0+qP| L ACPI DATA  P ]G @^0Sp1yw绨B ر`uyZ ACPI DATA   Bl[¤@UkqsTeUܖ k{!ҐuF ACPI DATA r^¨P$ګ6l6aMTHE3/2O6aʓ + BootOrder S3Ǯ04;<+~BՆơ$zi mKaʓ +`Boot0001&UEFI nvme_card-pd A NYMR,Y #Ra/4Fv bִvKVҎzgŏҩt˜naʓ +>Boot0000 ,UiAppɽ|4O>e!,FvEnf#1 wڲ1+NWMZ!gz!*ځ x@4k 8 Cq(Calling EFI Application from Boot Option 9CA,'ư~ a6)+Wes~ٮAXq`᭟ D@ԀTsӎCÊg.PK[AAF/} ?dEFI PART\V]?"?n^J<1Z)` =rGy=iG}_%-ڳDn8)LЄ?STATE]*:2OA%2 0c_E %PwPKERN-A<~;G<<߹I;DτROOT-A]*:2OA%2 6sBCЙG7OKERN-B<~;G<<엸MDMDROOT-B]*:2OA%2 :`1H<@@@@KERN-C<~;G<;X[B탤EFI-SYSTEM Zlܜ,T&#A[\2 p A * X[B탤0\EFI\BOOT\BOOTX64.EFI  %q3JW#!DGBHx}r h: cLvwaMokList  %q3JW#!DGBHx}r h: cLvwa MokListX C┍cD.j~qeA.prxt` V&MS.݇)8DP]`FC=݋# SbatLevelsbat,1,2021030218  ) .dceŸT~m<<$rkM"YM![x=P]`FC=݋#MokListTrusted  ,}_ϫw { 2p h2~ oE$#tU cl}AMokListTrusted L `puoNVv &E=)?\ W <8\EFI\BOOT\grub-lakitu.efi  M]7M;p@uܒ,*!o"=eB >IX/efi/boot/grub.cfg  6.p)e7Tnn ;q{te"bfgrub_cmd: defaultA=2  AYNu`h5F$futcSCwar "grub_cmd: gptpriority hd0 4 prioB  Fya~EFa\f'>eu \S r3Msp)~*grub_cmd: [ 1 -lt 0 ]  81g\(bNīM)*ȫhmo& bgrub_cmd: set default=2  Tm4e3&0HlDAmբg70z%@"grub_cmd: set timeout=0  uHUaĤdlk7 <m=oyRnʕgrub_cmd: menuentry local image A { linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 i915.modeset=1 cros_efi root=PARTUUID=F981B9DF-D3B0-A349-9594-C1B5B28A3BEE }  W]0>Fڧ݁Pc)3hFVj,rgrub_cmd: menuentry local image B { linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 i915.modeset=1 cros_efi root=PARTUUID=BF7FB897-9FA3-B84D-8644-93B2144DB391 }  1k5hT 1> ^%,)!)WrwB%!-grub_cmd: menuentry verified image A { linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm-mod.create="vroot,,,ro,0 4077568 verity 0 PARTUUID=F981B9DF-D3B0-A349-9594-C1B5B28A3BEE PARTUUID=F981B9DF-D3B0-A349-9594-C1B5B28A3BEE 4096 4096 509696 509696 sha256 2a0357a89582144472ca882632611094c66babdb6486d5d7b49597638bf52b12 5d0efafbace0a8274f4875002856103d582a438bd0c479f9d379deae00e66fa0" }  |Kd7 ١G{`GЄrY/W2grub_cmd: menuentry verified image B { linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm-mod.create="vroot,,,ro,0 4077568 verity 0 PARTUUID=BF7FB897-9FA3-B84D-8644-93B2144DB391 PARTUUID=BF7FB897-9FA3-B84D-8644-93B2144DB391 4096 4096 509696 509696 sha256 2a0357a89582144472ca882632611094c66babdb6486d5d7b49597638bf52b12 5d0efafbace0a8274f4875002856103d582a438bd0c479f9d379deae00e66fa0" }  ܮSsaF?^, 󶞣}Uime3͉R4grub_cmd: menuentry Alternate USB Boot { linux (hd0,3)/boot/vmlinuz init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 root=PARTUUID=F981B9DF-D3B0-A349-9594-C1B5B28A3BEE i915.modeset=1 cros_efi }  "`E4N AdBh .c~᫈;pc"%grub_cmd: setparams verified image A  0ɀ^*(юՒܩVߓq?.FAɅgeH[*Czgrub_cmd: linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm-mod.create=vroot,,,ro,0 4077568 verity 0 PARTUUID=F981B9DF-D3B0-A349-9594-C1B5B28A3BEE PARTUUID=F981B9DF-D3B0-A349-9594-C1B5B28A3BEE 4096 4096 509696 509696 sha256 2a0357a89582144472ca882632611094c66babdb6486d5d7b49597638bf52b12 5d0efafbace0a8274f4875002856103d582a438bd0c479f9d379deae00e66fa0  #r!(B塸c+c-Kc.PM9d{OZ/syslinux/vmlinuz.A  řyj:%k+71;m-enukernel_cmdline: /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 "dm-mod.create=vroot,,,ro,0 4077568 verity 0 PARTUUID=F981B9DF-D3B0-A349-9594-C1B5B28A3BEE PARTUUID=F981B9DF-D3B0-A349-9594-C1B5B28A3BEE 4096 4096 509696 509696 sha256 2a0357a89582144472ca882632611094c66babdb6486d5d7b49597638bf52b12 5d0efafbace0a8274f4875002856103d582a438bd0c479f9d379deae00e66fa0" !K yu`4Hwt?*Sb$T@|K)]ڽevwExit Boot Services Invocation .]0m @ l& @i^dUJe,Ѐ# t(Exit Boot Services Returned with Successgolang-github-google-go-eventlog-0.0.2/testdata/eventlogs/ccel/cos-113-intel-tdx.bin000066400000000000000000010000001515555264200301520ustar00rootroot00000000000000!Spec ID Event03 0  Eڦ ޡyto?Ю> ^# B1g{"D!* TdxTableNbtVB6  X"xI `&V$aB&,=3ao6@:)Fv(48DB5E17-707C-472D-91CD-1613E7EF51B0) Ϥrb{mVi*X{Ecn ϯ@GK^ַ325aʓ + SecureBoot z q,W1WuusC*k+&a̦Tmaʓ +IPKY䔧J\+rI-҈G[G00`a^JiUR^0  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI Platform Key v100 200806194844Z 300804194844Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI Platform Key v100"0  *H 0 I y-Gw|ΛF?H`;&=PjlMĻ3 9&tiAaz(o6<;'HdUF-?2<}a {U}Cbͭ(_6H/̾hOF;\_j$ϝO)`TdQ#$9U t\󎎔/i ݊<tͥ Q7uRTcާq {?=l\8 h2XI[ k0i0U00)U" 4J~ڕl0#K$vP0+U#$0" 4J~ڕl0#K$vP0  *H  ;>fŽ;izFdLe0x &:kybn <-z\ٛ6tiHi79)hoH;jz?>DXӷ `𭧰Hml2׏2xvAR֒>Ef j= 1xu#AOB`0?R- <3:V׾Vxam13c(m8#ytkk` a%B-vKhiKd{iЃ)N>TD-\'xfDjWxaʓ +RKEKY䔧J\+rR6҈G[G0"0 Uyi')P30  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1"0 UUEFI Key Exchange Key v100 200806194850Z 300804194850Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1"0 UUEFI Key Exchange Key v100"0  *H 0 d"x:Wf=#ZDk\*yhe\+Am䒡0Dc@Wr'd+L,>3&w$pbeZUBr ՘ilL~$s3qS00ZSp Aލ_PKjtT-Kk0i0U00)U" KNqXJ[`gG_M ~YKZ'$0+U#$0" KNqXJ[`gG_M ~YKZ'$0  *H  wwYUY98+9=zm_:-|nʎ2B)?7vRxb< \Ӥ!-HR*lEYDx rZC!0Vl!}w0ؒ>˦н6R 3Zף͑ݑ bs){% [W8`?<W+ʚCM컱HSD6RMm2 Orp0);Pc4[ ͛mZ$r?x˲:=EgeomdbxY䔧J\+r|҈G[G0h0P 0  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v10 181208011941Z 281205011941Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v10"0  *H 0 g8?"N&HΟeu%Px06wwks׋& SI)Mm#w(/ )gMbMM[shV`HE'uZt$T(5Gŗ7*l;;g1*/9UvyX+L[X"^*ð.Rwu![hW&<isYL@_e "]]*Y5ܔMIJgWq=5hufÿuio2 C^ 00Uۚgd3F2Z8>0U#0ۚgd3F2Z8>01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v1 0 U00  *H  'k7))5FgG5T**l࿰~"S  :e9c-E~dN\S`wWv:F & · {-PۊGM.sW遂 q]2s[}aeTD#W`*!=hl8=䲃GP^ekݸ.~*΍(n1gP̊x~cy-~^~1otίľQa8Y䔧J\+r҈G[G00q [0  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v10 181208011940Z 281205011940Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v10"0  *H 0 aQ|68pe$3YNj\lyH,c(]iެ :Gl@_yi'w_qǟߧ]dE6ozOE҉A߻ ;cgW$_jA/>bdys+y~q"ok(b#OVڙ]ܐY9&m.-ЈQ]S NF_@$0p;frp3e"Z{00UZd̗t][;A0U#0Zd̗t][;A01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v1 [0 U00  *H  Zw489+^2%.a/.ZhÉLL0t7_2U,&+q$'P)6/R -D5Q͎;-Hłhi˧gX$_]ő.Gwy*Nqp+S)U0;b`r { C2CGZVt T O:IP0N0US1+اɛ4jo0U#0S1+اɛ4jo0 U00  *H  8Z:uA)( g^Q FfzZZj)SHЭOFP-4;-5IHTϛGjwoZCh^!+B:ImӉj*~-'o!c܌S@[a./ݦpL/f{b? rRC t7D5j&9Ѳ? lot [QIG`OBSTeN˴vYY䔧J\+r҈G[G00Ѡ q9c0  *H  01 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS1!0U UEFI Key Exchange Key v10  180427150637Z22180310150637Z01 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS1!0U UEFI Key Exchange Key v10"0  *H 0 !1YS##3湰AI婑'eP-DȣU$n1D9}@5T1UeħpلHƀPOd;/$󴼆R:vp7 <=&rިSsni5铍@~Y$O%AVp\đ]a#T~j?Ms-D~3 GcDScR{?\F^tГtBS d==sGP0N0UNiܓG4@hsIWjc/JENt/F(ٌҨsA<]}%NQyE8btKl1ÍϑVnI,!P"42JɆkZYⓨ<܍ɫp:y_/[/!igdcZ v@}˚/`ti5(m 9CA,'ư~ a6)+Wes~ٮAXq`᭟  -}(^$w`2eXB~0+qP| L ACPI DATA  P ]G @^0Sp1yw绨B ر`uyZ ACPI DATA   Bl[¤@UkqsTeUܖ k{!ҐuF ACPI DATA r^¨P$ګ6l6aMTHE3/2O6aʓ + BootOrder S3Ǯ04;<+~BՆơ$zi mKaʓ +`Boot0001&UEFI nvme_card-pd A NYMR,Y #Ra/4Fv bִvKVҎzgŏҩt˜naʓ +>Boot0000 ,UiAppɽ|4O>e!,FvEnf#1 wڲ1+NWMZ!gz!*ځ x@4k 8 Cq(Calling EFI Application from Boot Option 9CA,'ư~ a6)+Wes~ٮAXq`᭟ D@ԀTsӎCÊg.PK[AAF/} ?dEFI PART\V]?"?n^J<1Z)` =rGy=iG}_%-ڳDn8)LЄ?STATE]*:2OA%2 0c_E %PwPKERN-A<~;G<<߹I;DτROOT-A]*:2OA%2 6sBCЙG7OKERN-B<~;G<<엸MDMDROOT-B]*:2OA%2 :`1H<@@@@KERN-C<~;G<;X[B탤EFI-SYSTEM Zlܜ,T&#A[\2  A * X[B탤0\EFI\BOOT\BOOTX64.EFI  %q3JW#!DGBHx}r h: cLvwaMokList  %q3JW#!DGBHx}r h: cLvwa MokListX C┍cD.j~qeA.prxt` V&MS.݇)8DP]`FC=݋# SbatLevelsbat,1,2021030218  ) .dceŸT~m<<$rkM"YM![x=P]`FC=݋#MokListTrusted  ,}_ϫw { 2p h2~ oE$#tU cl}AMokListTrusted L `puoNVv &E=)?\pW <8\EFI\BOOT\grub-lakitu.efi  M]7M;p@uܒ,*!o"=eB >IX/efi/boot/grub.cfg  6.p)e7Tnn ;q{te"bfgrub_cmd: defaultA=2  AYNu`h5F$futcSCwar "grub_cmd: gptpriority hd0 4 prioB  Fya~EFa\f'>eu \S r3Msp)~*grub_cmd: [ 1 -lt 0 ]  81g\(bNīM)*ȫhmo& bgrub_cmd: set default=2  Tm4e3&0HlDAmբg70z%@"grub_cmd: set timeout=0  uHUaĤdlk7 <m=oyRnʕgrub_cmd: menuentry local image A { linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 i915.modeset=1 cros_efi root=PARTUUID=F981B9DF-D3B0-A349-9594-C1B5B28A3BEE }  W]0>Fڧ݁Pc)3hFVj,rgrub_cmd: menuentry local image B { linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 i915.modeset=1 cros_efi root=PARTUUID=BF7FB897-9FA3-B84D-8644-93B2144DB391 }  1k5hT 1> ^%,)!)WrwB%!-grub_cmd: menuentry verified image A { linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm-mod.create="vroot,,,ro,0 4077568 verity 0 PARTUUID=F981B9DF-D3B0-A349-9594-C1B5B28A3BEE PARTUUID=F981B9DF-D3B0-A349-9594-C1B5B28A3BEE 4096 4096 509696 509696 sha256 2a0357a89582144472ca882632611094c66babdb6486d5d7b49597638bf52b12 5d0efafbace0a8274f4875002856103d582a438bd0c479f9d379deae00e66fa0" }  |Kd7 ١G{`GЄrY/W2grub_cmd: menuentry verified image B { linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm-mod.create="vroot,,,ro,0 4077568 verity 0 PARTUUID=BF7FB897-9FA3-B84D-8644-93B2144DB391 PARTUUID=BF7FB897-9FA3-B84D-8644-93B2144DB391 4096 4096 509696 509696 sha256 2a0357a89582144472ca882632611094c66babdb6486d5d7b49597638bf52b12 5d0efafbace0a8274f4875002856103d582a438bd0c479f9d379deae00e66fa0" }  ܮSsaF?^, 󶞣}Uime3͉R4grub_cmd: menuentry Alternate USB Boot { linux (hd0,3)/boot/vmlinuz init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 root=PARTUUID=F981B9DF-D3B0-A349-9594-C1B5B28A3BEE i915.modeset=1 cros_efi }  "`E4N AdBh .c~᫈;pc"%grub_cmd: setparams verified image A  0ɀ^*(юՒܩVߓq?.FAɅgeH[*Czgrub_cmd: linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm-mod.create=vroot,,,ro,0 4077568 verity 0 PARTUUID=F981B9DF-D3B0-A349-9594-C1B5B28A3BEE PARTUUID=F981B9DF-D3B0-A349-9594-C1B5B28A3BEE 4096 4096 509696 509696 sha256 2a0357a89582144472ca882632611094c66babdb6486d5d7b49597638bf52b12 5d0efafbace0a8274f4875002856103d582a438bd0c479f9d379deae00e66fa0  #r!(B塸c+c-Kc.PM9d{OZ/syslinux/vmlinuz.A  řyj:%k+71;m-enukernel_cmdline: /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 "dm-mod.create=vroot,,,ro,0 4077568 verity 0 PARTUUID=F981B9DF-D3B0-A349-9594-C1B5B28A3BEE PARTUUID=F981B9DF-D3B0-A349-9594-C1B5B28A3BEE 4096 4096 509696 509696 sha256 2a0357a89582144472ca882632611094c66babdb6486d5d7b49597638bf52b12 5d0efafbace0a8274f4875002856103d582a438bd0c479f9d379deae00e66fa0" !K yu`4Hwt?*Sb$T@|K)]ڽevwExit Boot Services Invocation .]0m @ l& @i^dUJe,Ѐ# t(Exit Boot Services Returned with Successgolang-github-google-go-eventlog-0.0.2/testdata/eventlogs/ccel/cos-113-intel-tdx.table.bin000066400000000000000000000000701515555264200312460ustar00rootroot00000000000000CCEL8iINTEL EDK2  ۾golang-github-google-go-eventlog-0.0.2/testdata/eventlogs/ccel/event_log.bin000066400000000000000000002000001515555264200271410ustar00rootroot00000000000000!Spec ID Event03 0  (wA=Bc"h @wkTZ6g<<[f* TdxTableNbtVB6  Zoǝ]L_P^DЋ/N86_z4tp::)Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX) Ϥrb{mVi*X{Ecn ϯ@GK^ַ325aʓ + SecureBoot o.<io^>i0V3V쥶Ki!a*X%$aʓ +PK  u}ia\:WْƷ@ǿ׼XDޭ&aʓ +KEK Oc764Icsgj `.HV8Z>V'$˲:=Egeodb nꙪ#B>m QPO aӛ֩^h j&˲:=Egeodbx 9CA,'ư~ a6)+Wes~ٮAXq`᭟ ǜ@[M͵A~ck<~nE({;"4),4B ACPI DATA  Q nqw˃KL>W@'^To,Wep*kernel  %(g5)?n5"FFKavaRo)aJk}etc/table-loader  d*Sת3V[8S&LqEuH9zf(c(e^%8etc/acpi/rsdp  Ƈ-FE2~}TPN<sCktkc8etc/acpi/tables Z*yc+E+᨝VHhv[k={ C{Jw|*r(JDÞkernel  kXqD5_w_3Boot0000 ,UiAppɽ|4O>e!,FvEnf#1 wڲ1+NWMZ!gz!*ځ x@4k 8 Cq(Calling EFI Application from Boot Option 9CA,'ư~ a6)+Wes~ٮAXq`᭟ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ !K yu`4Hwt?*Sb$T@|K)]ڽevwExit Boot Services Invocation .]0m @ l& @i^dUJe,Ѐ# t(Exit Boot Services Returned with Successgolang-github-google-go-eventlog-0.0.2/testdata/eventlogs/tpm/000077500000000000000000000000001515555264200243675ustar00rootroot00000000000000golang-github-google-go-eventlog-0.0.2/testdata/eventlogs/tpm/arch-linux-workstation.bin000066400000000000000000000363331515555264200315250ustar00rootroot00000000000000%Spec ID Event03 /&xAD睮3 r @ CV ?kꊴ}(=+nUkT U@N:kOpfQ[3$ p,dXҥ{({{xY5/ *?U9 Bh[# Μㆵ. 0-kVOfu%c4aʓ + SecureBootǏ+6p1֩y{ ZWɸKm8 x)˿7AI4gf`aʓ +<PKY䔧J\+r< 8N1{ 0 0 {2Y0  *H  010U Joe Richey (PK)0  180923013156Z21180830013156Z010U Joe Richey (PK)0"0  *H 0 Q_CT,r]'&5~y=~_ۏ,DSl)!]O F\XB `Ͱ{rx!a B%^1g/"EB@c'H}1٩T;mON_06U؀k RPX?(`ɧzqa sZM&(&5{20ׯ,XQK  F1}&t wCY/u,c#|"_d#S0Q0ULM(kp  0U#0LM(kp  0U00  *H  &#ʃxiBw+;!E{v "JIk.‚Q3I.k!Ied1,G8:bG^I2*hcxA9xCϻ0*B ߜXw'>U W 3{5|ϕ"1IJȭ&c#a /r3QPa80aie_/={NJ+EsL aDg(T" RY%49\,]) 0`mYM2!VTśS| aʓ +V KEKY䔧J\+r>"8N1{ 00 G0  *H  010U Joe Richey (KEK)0  180923013219Z21180830013219Z010U Joe Richey (KEK)0"0  *H 0 <\bQl} Բ[]*e{l,үT[?hkb#i}LtPeiMZRCadu`Ḯ ޏ[ : z@yC_Bg2:+|D_JDuFyʎ1v9.;η3%IHbwT|NxHx7؟abwKnbyCOq=D% {Ff59%" 1Ǐڶo"O9Wmm44|N P5FLlPO5ۼ g:k=GVYJ"뺵Q ,ȡd@WaK0z.Q88~<BDY䔧J\+rwY2M`(xK00Р a ш0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110"0  *H 0 赊W&&WzD] Jt*mZc2|O 8, 0HPdQȅO /Sjb: C%#pM/$JC ~Gl3*q<% /hvFOܭq*Xy=e;)*rY뮒5_̝vcy@yR{iO0K0 +70UbC͠>g[U{̶_0 +7  SubCA0 U0U00U#0EfRC~XN#U;:"j0\UU0S0QOMKhttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *H  Ԅ*<* נRfuz-vZy7jQ{ddgxΈXd W_iHK2]0x+4VʮA%pkז* K(){|vyo~l{E4Q9^VBwqV̟#˦X~ig~ <νC-j+Z|DR-R=`3e |N8/ o.9'B)FA;gCYe Ou;$PA@y-O j'vnRi{E­S076aJi4hl l"yF`!y2`ج"KK}?W5Ou`"Sy֛ATp 5|4r`;y뢲]%o8yi uk4`\WN62]c}$%ǹ!M fRURj?-ǐNӻ=êݥS˲:=Egeo/dbY䔧J\+r< 8N1{ 0 0 ؿŦ0  *H  010U Joe Richey (DB)0  180923013231Z21180830013231Z010U Joe Richey (DB)0"0  *H 0 G` T&]3 cg-7p}fL_hQ:b?v|`QՍp8J⿽\ Vf5: NaS`^3kUϼ{I艧WP|DrJs@?IFŅ}92~xˍ5$-Y3sHVv N'.iܝmI=^e]YO@Fʒ! I&^9S" MP"[vth /S0Q0U4#A=!#0K_0U#04#A=!#0K_0U00  *H  ,xC7fnES@/Q>z!n=w-'f_7573| cSIи): w Wc2Q"xH"eM@ -@Ll?[)ևkbr+'u(rswIQ=a6j4nr~Ac?Ǣ1<Sɰ%}"]ՑM,xJw'6Y䔧J\+rwY2M`(xK00 avV0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100 111019184142Z 261019185142Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110"0  *H 0  . i!i33T ҋ8-|byJ?5 pk6u1ݍp7tF([`#,GgQ'rɹ;S5|'# oFnhttp://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0  *H  |qQyn9>\` QfG=*hwLb{Ǻz4KbzJ7-W|=ܸZij:ni!7ށugӓW^)9-Es[zFX^gl5?$5 uVx,Јߺ~,c#!xlX6+̤-@EΊ\k>p* j_Gc 26*pZBYqKW~!<ŹE ŕ]b֠c uw}=EWo3wbY~Y䔧J\+r@$wY2M`(xK00 a0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110"0  *H 0 lLE jK u CTd} s JEa-+MIA#/^Pƍ_A. lui!Mڭ,wS%27lRr5aj;PV2-B'UZ0TG%/&A\?[<>?GrU%"{*F 5'bq'Y7`8xpLEe¶~iuYX&LP@A6C(L0QH&_J^%QQ:l pXBE%sў*&LP@A6C(L0QH&_J^ ~ZPtPQzISJ--[?!&LP@A6C(L0QH&_J^Okq Ր.|̾>Z&LP@A6C(L0QH&_J^`fH' |a.aY5\ӡ eM&LP@A6C(L0QH&_J^r_ Z} !F98A{&=&LP@A6C(L0QH&_J^'ʒM|9rh)]!wsDƛX䵡1&LP@A6C(L0QH&_J^}ti)3Qʘ~qiLd*&LP@A6C(L0QH&_J^Hy*sz!*LS`de%L&LP@A6C(L0QH&_J^I> 3V6Z q8J?(cBp`qjc3 DJMʚȗV'ÅϹ +e[˲:=Egeodbx&LP@A6C(0wY2M`(xKi1 ORm@`MAe wY2M`(xK/֒r($E4[$k;}nzwY2M`(xKء- *o.s >d,NgyjwY2M`(xK63M. xbdYWC&`HXšvwY2M`(xK세Kle qR0! b h2۲ '%'߶=IҕrLwY2M`(xK^T`< k覃R8wY2M`(xKƨXdoy(#g+69ОwY2M`(xK _NQxmЁ%orxRYe&wY2M`(xK Cڬz0eu1{ 될ctwY2M`(xK 9v-6=cqZ9ϰF\`lk׽wY2M`(xK o)o3}rK H:*?OwY2M`(xK !Hʃ62u> [1R*[wY2M`(xKoN0;t􀠀Ѐ+ot!hwY2M`(xKN: [CƦ@O4=9bgΔ.#ڒ wY2M`(xK34)bퟗ>H-.ImTdwY2M`(xK+&B.6_K 'lKzoD/ki9wY2M`(xK+,'R*]IZ+R]fbUwY2M`(xK,s3%mԤ<[UYPPR}wY2M`(xK.pgsQpW2.#ӹ+Q}wY2M`(xK0f(Tw0W(JF}8zTiv^uҍwY2M`(xK6Awz/^g4g^Ù^i5 ҽwY2M`(xK8A!6\ !`9MlN g`b[wY2M`(xK?Λ>TR^·mt:syqUpj>swY2M`(xKCʃc| C-/&zKuwY2M`(xKGa':k,Zmk6!h,*Z߽wY2M`(xKQ1s>!"Ty 0a5wY2M`(xKZIU9[.B,/gg6A+\wY2M`(xKkxA{^`Gr̴/fwY2M`(xKlTGYQ&l+585rѓ.wY2M`(xKo(qկ.{˫d|eͶ& :x^wY2M`(xKqo"I~TFb$ whٿcuwY2M`(xKrk>Tj0=ppq-ĝ,#wY2M`(xKrg]V;ݼ2ت^/m(ؽwY2M`(xKx'6,q}䱿CqZH[ʤKŽwY2M`(xKeӇk)T̕SϪȣ;3佚wY2M`(xK;δCΝч͛YA=Xo+V7W_gwY2M`(xKZ~OG q"8b:ߒ=wY2M`(xKHY jagznFdr!YEwY2M`(xK4͐e;=<5P_{c!wY2M`(xK se(Q$Q?eYW5)@νwY2M`(xK5g+6~OIia]JlrMBwY2M`(xK,";VB\GYG8DoYwY2M`(xKn=)t=J2@ؽwY2M`(xKcOx,7`XbfnmwY2M`(xKϲ2.KmH],qgrRY\u"6wY2M`(xKaJ~UәnE AR'[wY2M`(xKU =HZ7?=|cwY2M`(xKw ^; b x  S^ˇ k/wY2M`(xK<9"`tFu7̔ܭZ˦G/4q9脽wY2M`(xK;S> #Aryę-æ6wY2M`(xKQ3@HΈrRjRç`IwY2M`(xKdW[x.V4Rk DxYuN-dEwY2M`(xKEȮu ϻH7R}ddMؑ<͊$MigߎixE (QsC>RRs ?a/@W-=HwRI$^X39P]O -X OըTFDd1T` 4 A PixE (QsC>RRs ?a/@W-=HwRI$ixE (QsC>RRs ?a/@W-=HwRI$ixE (QsC>RRs ?a/@W-=HwRI$ixE (QsC>RRs ?a/@W-=HwRI$ixE (QsC>RRs ?a/@W-=HwRI$ixE (QsC>RRs ?a/@W-=HwRI$ixE (QsC>RRs ?a/@W-=HwRI$ldtQ*p Ʒƣ|r ]V""]kEFI PART\m2"2iTF-aZ>y.(s*K>;FPDK=& EFI System;Mt?$÷=DI=Z0NY$Linux RAID=rGy=iG}UC3L7kp`$2Linux filesystem5ڹ1-(7w ft,:7GfAH32:8֎8aʓ + BootOrderqLi^cQ󟎂 oy,e/S}N9EVkOlObaʓ +Boot0000tLinux Boot Manager*FPDK=& F\EFI\SYSTEMD\SYSTEMD-BOOTX64.EFI9מT [Ds==! e=RQSe EW?GP Qxeaʓ +xBoot0003^UEFI OS*FPDK=& 0\EFI\BOOT\BOOTX64.EFIBOrA@N#m6Kү Bl_6W3ۏ7D̨'& baʓ +Boot0002 Linux Boot Manageru♠u7K8^l*0GlCLA3)6F\EFI\SYSTEMD\SYSTEMD-BOOTX64.EFI)T-6`7x5  [J{/0V2N92;@y A  *FPDK=& F\EFI\SYSTEMD\SYSTEMD-BOOTX64.EFI`sEAEá>^F؋A$ {Pωla"f7BڔE~Qnʈpt A  *FPDK=& *\vmlinuz-linux-lts ӫ*h:Vɑi 6-VB j$H WU;ern]iF( g,8%4Ͻ'+ވ(3mIVc<P, GCE NonHostInfoM@AIMɐSC'} K(EںU+b}4vv1A@ ,S^aư1E@6|2jR+1\h *5aʓ + SecureBoottC!5˒TŒ7 bUROt#pmvt( z q,W1WuusC*k+&a̦Tmaʓ +IPKY䔧J\+rI-҈G[G00`a^JiUR^0  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI Platform Key v100 200806194844Z 300804194844Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI Platform Key v100"0  *H 0 I y-Gw|ΛF?H`;&=PjlMĻ3 9&tiAaz(o6<;'HdUF-?2<}a {U}Cbͭ(_6H/̾hOF;\_j$ϝO)`TdQ#$9U t\󎎔/i ݊<tͥ Q7uRTcާq {?=l\8 h2XI[ k0i0U00)U" 4J~ڕl0#K$vP0+U#$0" 4J~ڕl0#K$vP0  *H  ;>fŽ;izFdLe0x &:kybn <-z\ٛ6tiHi79)hoH;jz?>DXӷ `𭧰Hml2׏2xvAR֒>Ef j= 1xu#AOB`0?R- <3:V׾Vxam13c(m8#ytkk`pR~P}>B"mS MmwmkeUpAxUQdP a%B-vKhiKd{iЃ)N>TD-\'xfDjWxaʓ +RKEKY䔧J\+rR6҈G[G0"0 Uyi')P30  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1"0 UUEFI Key Exchange Key v100 200806194850Z 300804194850Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1"0 UUEFI Key Exchange Key v100"0  *H 0 d"x:Wf=#ZDk\*yhe\+Am䒡0Dc@Wr'd+L,>3&w$pbeZUBr ՘ilL~$s3qS00ZSp Aލ_PKjtT-Kk0i0U00)U" KNqXJ[`gG_M ~YKZ'$0+U#$0" KNqXJ[`gG_M ~YKZ'$0  *H  wwYUY98+9=zm_:-|nʎ2B)?7vRxb< \Ӥ!-HR*lEYDx rZC!0Vl!}w0ؒ>˦н6R 3Zף͑ݑ bs){% [W8`?<W+ʚCM컱HSD6RMm2fq _B7 Mw 9OCHGCdJ2'& Orp0);Pc4[ ͛mZ$r?x˲:=EgeomdbxY䔧J\+r|҈G[G0h0P 0  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v10 181208011941Z 281205011941Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v10"0  *H 0 g8?"N&HΟeu%Px06wwks׋& SI)Mm#w(/ )gMbMM[shV`HE'uZt$T(5Gŗ7*l;;g1*/9UvyX+L[X"^*ð.Rwu![hW&<isYL@_e "]]*Y5ܔMIJgWq=5hufÿuio2 C^ 00Uۚgd3F2Z8>0U#0ۚgd3F2Z8>01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v1 0 U00  *H  'k7))5FgG5T**l࿰~"S  :e9c-E~dN\S`wWv:F & · {-PۊGM.sW遂 q]2s[}aeTD#W`*!=hl8=䲃GP^ekݸ.~*΍(n1gP̊x~cy-~^~1otίľQa8Y䔧J\+r҈G[G00q [0  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v10 181208011940Z 281205011940Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v10"0  *H 0 aQ|68pe$3YNj\lyH,c(]iެ :Gl@_yi'w_qǟߧ]dE6ozOE҉A߻ ;cgW$_jA/>bdys+y~q"ok(b#OVڙ]ܐY9&m.-ЈQ]S NF_@$0p;frp3e"Z{00UZd̗t][;A0U#0Zd̗t][;A01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v1 [0 U00  *H  Zw489+^2%.a/.ZhÉLL0t7_2U,&+q$'P)6/R -D5Q͎;-Hłhi˧gX$_]ő.Gwy*Nqp+S)U0;b`r { C2CGZVt T O:IP0N0US1+اɛ4jo0U#0S1+اɛ4jo0 U00  *H  8Z:uA)( g^Q FfzZZj)SHЭOFP-4;-5IHTϛGjwoZCh^!+B:ImӉj*~-'o!c܌S@[a./ݦpL/f{b? rRC t7D5j&9Ѳ? lot [QIG`OBSTeN˴vYY䔧J\+r҈G[G00Ѡ q9c0  *H  01 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS1!0U UEFI Key Exchange Key v10  180427150637Z22180310150637Z01 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS1!0U UEFI Key Exchange Key v10"0  *H 0 !1YS##3湰AI婑'eP-DȣU$n1D9}@5T1UeħpلHƀPOd;/$󴼆R:vp7 <=&rިSsni5铍@~Y$O%AVp\đ]a#T~j?Ms-D~3 GcDScR{?\F^tГtBS d==sGP0N0UNiܓG4@hsIWjc/JENt/F(ٌҨsA<]}%NQyE8btKl1ÍϑVnI,!P"42JɆkZYⓨ<܍ɫp:y_/[/!igdcZ v@}˚/`ti5(mixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟?[_ֱz<- ks K{-;"O91GR,Ou;iP R-FG6KW! c;Xn*;έTs+O|\3+6aʓ + BootOrder"۠5(޶Kt+ 10` äJTF.l _6* #Ra/4Fv bִvKVҎzgŏҩt˜naʓ +>Boot0000 ,UiAppɽ|4O>e!,FvEnf#15y{f0^Q Pͽɓ +Y ǻxX(9 'kv\I S3Ǯ04;<+~BՆơ$zi mKaʓ +`Boot0001&UEFI nvme_card-pd A NYMR,YE1A'S&7V =grNu*,L_rPo*ƝV3 wڲ1+NWMZ!gz!*ځ x@4k 8 Cq(Calling EFI Application from Boot OptionixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟\r\sDF֖E7 >gjލl5=_.>1[ƀM SHW(ne]e= כ9UwD @;Yc'WEE˲:=Egeo!db҈G[G0 0F#`b)2Bb0  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100 200806194855Z 300804194855Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100"0  *H 0 ̑TEg"^5G+ q5GeI󘍕9pI?쬅D =T3d̄;ɑm䒡0Dc@Wr'd+L,>3&w$pbeZUBr ՘ilL~$s3qS00ZSp Aލ_PKjtT-Kk0i0U00)U" KNqXJ[`gG_M ~YKZ'$0+U#$0" KNqXJ[`gG_M ~YKZ'$0  *H  wwYUY98+9=zm_:-|nʎ2B)?7vRxb< \Ӥ!-HR*lEYDx rZC!0Vl!}w0ؒ>˦н6R 3Zף͑ݑ bs){% [W8`?<W+ʚCM컱HSD6RMm2f-th(g P e]WAa oѧ:\2K-G ֙Wk*7MJRN2֢Il_O`MN]Lbn0dEFI PART\a "{ n*FbgTay =rGy=iG}tgK25XЄl STATE]*:2OA%2 FXFMPKERN-A<~;G<DROOT-B]*:2OA%2 n@λ@@@@KERN-C<~;G<<\j&ŘF;u8[A@A@ROOT-C=rGy=iG}AfH}POEM=u .HC7Q^mE=mnB@B@reserved=u .HC7Q^36DXqC@C@reservedHah!IdontNeedEFIAǴ]p@?@RWFW(s*K>;c;<FQEFI-SYSTEMA—~cTشH\0R Ǭ]DDJԧޠ /w(В rWeߓڨ(.*p H8cwmu^_ÖRǠॼ  A * c;<FQ0\EFI\BOOT\BOOTX64.EFI R_ LK,v?I+ :PX8\J{T.^6nS|Yð %q3JW#!DGBHx}r h: cLvwaMokList R_ LK,v?I+ :PX8\J{T.^6nS|Yð %q3JW#!DGBHx}r h: cLvwa MokListX]9/:@u& .Uey^/I̧6i=AM C┍cD.j~qeA.prxt` V&MS.݇)8DP]`FC=݋# SbatLevelsbat,1,2021030218  A;Q&h`+x}". Ӵ}*J\ -x n>=Gkv [89Ǿ;L@ dc=&䌻ms ij)u\ <8\EFI\BOOT\grub-lakitu.efi\r\sDF֖E7 >gjލl5=_.>1[ƀM SHW(ne]e= כ9UwD @;Yc'WEE˲:=Egeo!db҈G[G0 0F#`b)2Bb0  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100 200806194855Z 300804194855Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100"0  *H 0 ̑TEg"^5G+ q5GeI󘍕9pI?쬅D =T3d̄;ɑm䒡0Dc@Wr'd+L,>3&w$pbeZUBr ՘ilL~$s3qS00ZSp Aލ_PKjtT-Kk0i0U00)U" KNqXJ[`gG_M ~YKZ'$0+U#$0" KNqXJ[`gG_M ~YKZ'$0  *H  wwYUY98+9=zm_:-|nʎ2B)?7vRxb< \Ӥ!-HR*lEYDx rZC!0Vl!}w0ؒ>˦н6R 3Zף͑ݑ bs){% [W8`?<W+ʚCM컱HSD6RMm2 MKKhȪS # }JB;wC/b%>jigI@nW 0h9 \i؅+ BEz@R9I~l</efi/boot/grub.cfg QXvוfG[#-w /=AT E pSӹ 6.p)e7Tnn ;q{te"bfgrub_cmd: defaultA=2 җz-`B D ?M 2"GzҗH*ΚM[YL g AYNu`h5F$futcSCwar "grub_cmd: gptpriority hd0 4 prioB h> μGt;&@ oެ95Qayw`{D4 R^!򅊄[=Kzl+Hkj^^;Lxڪgrub_cmd: [ 15 -lt 0 ] )k' dQJ=qg I]$8*a} Z3Ts]zx9 81g\(bNīM)*ȫhmo& bgrub_cmd: set default=2 ODR>cwӋ6l" ӧq׃)1LGcԉMTu3K@ Tm4e3&0HlDAmբg70z%@"grub_cmd: set timeout=0 `3+{`lΞbf ! uM6Rcťq"oDbMz$ %lmҤube 6ŏIYvf^+q^kZΊS|grub_cmd: menuentry local image A { linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 console=tty1 console=ttyS0 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 i915.modeset=1 cros_efi root=PARTUUID=1D70214B-9AB3-E542-8372-3CCD786534FA } j߱G ~<T `,ct/(F{;YI]I}Vd*c =]oi:V;Gg\jfm^ୃUi:5grub_cmd: menuentry local image B { linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 console=tty1 console=ttyS0 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 i915.modeset=1 cros_efi root=PARTUUID=8689A5EF-69A0-244E-888B-8B35475B113E } ,U0c$8e 3O)BXGi{$~Mb` ꐭ+'qҪ c~ N0̒bXQ"$`grub_cmd: menuentry verified image A { linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 console=tty1 console=ttyS0 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm="1 vroot none ro 1,0 4077568 verity payload=PARTUUID=1D70214B-9AB3-E542-8372-3CCD786534FA hashtree=PARTUUID=1D70214B-9AB3-E542-8372-3CCD786534FA hashstart=4077568 alg=sha256 root_hexdigest=48d436350a7e83bde985cd3f7e79fa443557743b42243803ce31104ca4719c5d salt=b323b014b6f463172fca758a1c5a6745a2c8e5872be0e175e2f4b40c8295b2ab" } sӣI)?0O r6$KGPzvz9|l9,  R'p'a d8 /sl)Ŷܼ ' vT8ƨ0BDUѨG7OisxƯꁆ[-{ j$H WU;ern]iF( g,8%4Ͻ'+ވ(3mIVc<P, GCE NonHostInfoM@AIMɐSC'} K(EںU+b}4vv1A@ ,S^aư1E@6|2jR+1\h *5aʓ + SecureBoottC!5˒TŒ7 bUROt#pmvt( z q,W1WuusC*k+&a̦Tmaʓ +IPKY䔧J\+rI-҈G[G00`a^JiUR^0  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI Platform Key v100 200806194844Z 300804194844Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI Platform Key v100"0  *H 0 I y-Gw|ΛF?H`;&=PjlMĻ3 9&tiAaz(o6<;'HdUF-?2<}a {U}Cbͭ(_6H/̾hOF;\_j$ϝO)`TdQ#$9U t\󎎔/i ݊<tͥ Q7uRTcާq {?=l\8 h2XI[ k0i0U00)U" 4J~ڕl0#K$vP0+U#$0" 4J~ڕl0#K$vP0  *H  ;>fŽ;izFdLe0x &:kybn <-z\ٛ6tiHi79)hoH;jz?>DXӷ `𭧰Hml2׏2xvAR֒>Ef j= 1xu#AOB`0?R- <3:V׾Vxam13c(m8#ytkk`pR~P}>B"mS MmwmkeUpAxUQdP a%B-vKhiKd{iЃ)N>TD-\'xfDjWxaʓ +RKEKY䔧J\+rR6҈G[G0"0 Uyi')P30  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1"0 UUEFI Key Exchange Key v100 200806194850Z 300804194850Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1"0 UUEFI Key Exchange Key v100"0  *H 0 d"x:Wf=#ZDk\*yhe\+Am䒡0Dc@Wr'd+L,>3&w$pbeZUBr ՘ilL~$s3qS00ZSp Aލ_PKjtT-Kk0i0U00)U" KNqXJ[`gG_M ~YKZ'$0+U#$0" KNqXJ[`gG_M ~YKZ'$0  *H  wwYUY98+9=zm_:-|nʎ2B)?7vRxb< \Ӥ!-HR*lEYDx rZC!0Vl!}w0ؒ>˦н6R 3Zף͑ݑ bs){% [W8`?<W+ʚCM컱HSD6RMm2fq _B7 Mw 9OCHGCdJ2'& Orp0);Pc4[ ͛mZ$r?x˲:=EgeomdbxY䔧J\+r|҈G[G0h0P 0  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v10 181208011941Z 281205011941Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v10"0  *H 0 g8?"N&HΟeu%Px06wwks׋& SI)Mm#w(/ )gMbMM[shV`HE'uZt$T(5Gŗ7*l;;g1*/9UvyX+L[X"^*ð.Rwu![hW&<isYL@_e "]]*Y5ܔMIJgWq=5hufÿuio2 C^ 00Uۚgd3F2Z8>0U#0ۚgd3F2Z8>01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v1 0 U00  *H  'k7))5FgG5T**l࿰~"S  :e9c-E~dN\S`wWv:F & · {-PۊGM.sW遂 q]2s[}aeTD#W`*!=hl8=䲃GP^ekݸ.~*΍(n1gP̊x~cy-~^~1otίľQa8Y䔧J\+r҈G[G00q [0  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v10 181208011940Z 281205011940Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v10"0  *H 0 aQ|68pe$3YNj\lyH,c(]iެ :Gl@_yi'w_qǟߧ]dE6ozOE҉A߻ ;cgW$_jA/>bdys+y~q"ok(b#OVڙ]ܐY9&m.-ЈQ]S NF_@$0p;frp3e"Z{00UZd̗t][;A0U#0Zd̗t][;A01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v1 [0 U00  *H  Zw489+^2%.a/.ZhÉLL0t7_2U,&+q$'P)6/R -D5Q͎;-Hłhi˧gX$_]ő.Gwy*Nqp+S)U0;b`r { C2CGZVt T O:IP0N0US1+اɛ4jo0U#0S1+اɛ4jo0 U00  *H  8Z:uA)( g^Q FfzZZj)SHЭOFP-4;-5IHTϛGjwoZCh^!+B:ImӉj*~-'o!c܌S@[a./ݦpL/f{b? rRC t7D5j&9Ѳ? lot [QIG`OBSTeN˴vYY䔧J\+r҈G[G00Ѡ q9c0  *H  01 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS1!0U UEFI Key Exchange Key v10  180427150637Z22180310150637Z01 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS1!0U UEFI Key Exchange Key v10"0  *H 0 !1YS##3湰AI婑'eP-DȣU$n1D9}@5T1UeħpلHƀPOd;/$󴼆R:vp7 <=&rިSsni5铍@~Y$O%AVp\đ]a#T~j?Ms-D~3 GcDScR{?\F^tГtBS d==sGP0N0UNiܓG4@hsIWjc/JENt/F(ٌҨsA<]}%NQyE8btKl1ÍϑVnI,!P"42JɆkZYⓨ<܍ɫp:y_/[/!igdcZ v@}˚/`ti5(mixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟?[_ֱz<- ks K{-;"O91GR,Ou;iP R-FG6KW! c;Xn*;έTs+O|\3+6aʓ + BootOrder"۠5(޶Kt+ 10` äJTF.l _6* #Ra/4Fv bִvKVҎzgŏҩt˜naʓ +>Boot0000 ,UiAppɽ|4O>e!,FvEnf#15y{f0^Q Pͽɓ +Y ǻxX(9 'kv\I S3Ǯ04;<+~BՆơ$zi mKaʓ +`Boot0001&UEFI nvme_card-pd A NYMR,YE1A'S&7V =grNu*,L_rPo*ƝV3 wڲ1+NWMZ!gz!*ځ x@4k 8 Cq(Calling EFI Application from Boot OptionixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟\r\sDF֖E7 >gjލl5=_.>1[ƀM SHW(ne]e= כ9UwD @;Yc'WEE˲:=Egeo!db҈G[G0 0F#`b)2Bb0  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100 200806194855Z 300804194855Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100"0  *H 0 ̑TEg"^5G+ q5GeI󘍕9pI?쬅D =T3d̄;ɑm䒡0Dc@Wr'd+L,>3&w$pbeZUBr ՘ilL~$s3qS00ZSp Aލ_PKjtT-Kk0i0U00)U" KNqXJ[`gG_M ~YKZ'$0+U#$0" KNqXJ[`gG_M ~YKZ'$0  *H  wwYUY98+9=zm_:-|nʎ2B)?7vRxb< \Ӥ!-HR*lEYDx rZC!0Vl!}w0ؒ>˦н6R 3Zף͑ݑ bs){% [W8`?<W+ʚCM컱HSD6RMm2|,=Ly-Y Vlߩ,iV>d%` Q Rr}fۨZ\"fD?[_KdEFI PART\? "{ 預*jM/8"̓q6B =rGy=iG}g|@OpЄl STATE]*:2OA%2 S6HS =PKERN-A<~;G<<Ύ#OF=DτROOT-A]*:2OA%2 N-p1BĽ?iOKERN-B<~;G<<(D #%3CDROOT-B]*:2OA%2 $u]F(PT@@@@KERN-C<~;G<;z"őI0xZEFI-SYSTEM]Y dQ>QD ۨ֟$DSjfƴ$R# w8]^PN>UKgٍq-|˴ٲln1::jʠ  A * z"őI0xZ0\EFI\BOOT\BOOTX64.EFIH?QRt}7 ?d%0$.RzI}}N|fB ƛΰk+RhNq@(F6m䒡0Dc@Wr'd+L,>3&w$pbeZUBr ՘ilL~$s3qS00ZSp Aލ_PKjtT-Kk0i0U00)U" KNqXJ[`gG_M ~YKZ'$0+U#$0" KNqXJ[`gG_M ~YKZ'$0  *H  wwYUY98+9=zm_:-|nʎ2B)?7vRxb< \Ӥ!-HR*lEYDx rZC!0Vl!}w0ؒ>˦н6R 3Zף͑ݑ bs){% [W8`?<W+ʚCM컱HSD6RMm2 5cT5y N) NmAUlr,g|X"o^ n&mSp#Ű鿆gv֫EEVND2е܆޺eIQ(hd0,gpt12)/efi/boot/grub.cfg QXvוfG[#-w /=AT E pSӹ 6.p)e7Tnn ;q{te"bfgrub_cmd: defaultA=2 җz-`B D ?M 2"GzҗH*ΚM[YL g AYNu`h5F$futcSCwar "grub_cmd: gptpriority hd0 4 prioB h> μGt;&@ oެ95Qayw`{D4 R^!򅊄[=Kzl+Hkj^^;Lxڪgrub_cmd: [ 15 -lt 0 ] )k' dQJ=qg I]$8*a} Z3Ts]zx9 81g\(bNīM)*ȫhmo& bgrub_cmd: set default=2 ODR>cwӋ6l" ӧq׃)1LGcԉMTu3K@ Tm4e3&0HlDAmբg70z%@"grub_cmd: set timeout=0 5Lf|2<[Kf mAAnqbe> b_L~,GHw*/N2%;$. %]e'hDgrub_cmd: menuentry local image A { linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 i915.modeset=1 cros_efi root=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 } .q]+N>.e zcNTŔ#D3zHMx\w dTʀ+Պ>91Q K+~J&&֭*}Fl[grub_cmd: menuentry local image B { linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 i915.modeset=1 cros_efi root=PARTUUID=F5FE28E7-7FE9-9C44-A50B-2325853343D8 } iEa}ߕxT 7 9G^Z( XLLA ؈D@[?0I_rʗ?=:kLo'-ADgrub_cmd: menuentry verified image A { linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm="1 vroot none ro 1,0 4077568 verity payload=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashtree=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashstart=4077568 alg=sha256 root_hexdigest=795872ee03859c10dfcc4d67b4b96c85094b340c2d8784783abc2fa12a6ed671 salt=40eb77fb9093cbff56a6f9c2214c4f7554817d079513b7c77de4953d6b8ffc16" } iGq6,B ؉-Hq YpWs= iCbF侐\O=O+NkA5^b!eo5Dgrub_cmd: menuentry verified image B { linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm="1 vroot none ro 1,0 4077568 verity payload=PARTUUID=F5FE28E7-7FE9-9C44-A50B-2325853343D8 hashtree=PARTUUID=F5FE28E7-7FE9-9C44-A50B-2325853343D8 hashstart=4077568 alg=sha256 root_hexdigest=795872ee03859c10dfcc4d67b4b96c85094b340c2d8784783abc2fa12a6ed671 salt=40eb77fb9093cbff56a6f9c2214c4f7554817d079513b7c77de4953d6b8ffc16" } 9QTa@aS kꡄх8k4>HFō$ٹHI'O yb^܈ǼސWSǝQ>ݣ^keqcl-wgrub_cmd: menuentry Alternate USB Boot { linux (hd0,3)/boot/vmlinuz init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 root=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 i915.modeset=1 cros_efi } bY /H @a=yY8ӌasAyR#z "`E4N AdBh .c~᫈;pc"%grub_cmd: setparams verified image A Y+]q&yV!\vF&/pE9Z%IE[^ eOYOY˦<C㪃 ڨN )u|0Eygrub_cmd: linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm=1 vroot none ro 1,0 4077568 verity payload=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashtree=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashstart=4077568 alg=sha256 root_hexdigest=795872ee03859c10dfcc4d67b4b96c85094b340c2d8784783abc2fa12a6ed671 salt=40eb77fb9093cbff56a6f9c2214c4f7554817d079513b7c77de4953d6b8ffc16 70nefYzB"jc smf=P/llum䒡0Dc@Wr'd+L,>3&w$pbeZUBr ՘ilL~$s3qS00ZSp Aލ_PKjtT-Kk0i0U00)U" KNqXJ[`gG_M ~YKZ'$0+U#$0" KNqXJ[`gG_M ~YKZ'$0  *H  wwYUY98+9=zm_:-|nʎ2B)?7vRxb< \Ӥ!-HR*lEYDx rZC!0Vl!}w0ؒ>˦н6R 3Zף͑ݑ bs){% [W8`?<W+ʚCM컱HSD6RMm2 9/⁡~S3P]l ~dVGoOP$sGw&Jcd _؈MhZ$ f<4k1VuѡH zkernel_cmdline: /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 "dm=1 vroot none ro 1,0 4077568 verity payload=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashtree=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashstart=4077568 alg=sha256 root_hexdigest=795872ee03859c10dfcc4d67b4b96c85094b340c2d8784783abc2fa12a6ed671 salt=40eb77fb9093cbff56a6f9c2214c4f7554817d079513b7c77de4953d6b8ffc16"D:k{VO.9<գJ =k{5j:#cROZ^ !K yu`4Hwt?*Sb$T@|K)]ڽevwExit Boot Services InvocationGUEx׿6~.H OuBrꃛ+t|~^a\@/D .]0m @ l& @i^dUJe,Ѐ# t(Exit Boot Services Returned with Successgolang-github-google-go-eventlog-0.0.2/testdata/eventlogs/tpm/cos-93-amd-sev.bin000066400000000000000000000571361515555264200274440ustar00rootroot00000000000000)Spec ID Event03 0?pۯfU@6GL  2᥌M5}P;[jZy m.Bϒ4I9?71a!ߊΦae c0GCE Virtual Firmware v1+lcan> j$H WU;ern]iF( g,8%4Ͻ'+ވ(3mIVc<P, GCE NonHostInfoM@AIMɐSC'} K(EںU+b}4vv1A@ ,S^aư1E@6|2jR+1\h *5aʓ + SecureBoottC!5˒TŒ7 bUROt#pmvt( z q,W1WuusC*k+&a̦Tmaʓ +IPKY䔧J\+rI-҈G[G00`a^JiUR^0  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI Platform Key v100 200806194844Z 300804194844Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI Platform Key v100"0  *H 0 I y-Gw|ΛF?H`;&=PjlMĻ3 9&tiAaz(o6<;'HdUF-?2<}a {U}Cbͭ(_6H/̾hOF;\_j$ϝO)`TdQ#$9U t\󎎔/i ݊<tͥ Q7uRTcާq {?=l\8 h2XI[ k0i0U00)U" 4J~ڕl0#K$vP0+U#$0" 4J~ڕl0#K$vP0  *H  ;>fŽ;izFdLe0x &:kybn <-z\ٛ6tiHi79)hoH;jz?>DXӷ `𭧰Hml2׏2xvAR֒>Ef j= 1xu#AOB`0?R- <3:V׾Vxam13c(m8#ytkk`pR~P}>B"mS MmwmkeUpAxUQdP a%B-vKhiKd{iЃ)N>TD-\'xfDjWxaʓ +RKEKY䔧J\+rR6҈G[G0"0 Uyi')P30  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1"0 UUEFI Key Exchange Key v100 200806194850Z 300804194850Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1"0 UUEFI Key Exchange Key v100"0  *H 0 d"x:Wf=#ZDk\*yhe\+Am䒡0Dc@Wr'd+L,>3&w$pbeZUBr ՘ilL~$s3qS00ZSp Aލ_PKjtT-Kk0i0U00)U" KNqXJ[`gG_M ~YKZ'$0+U#$0" KNqXJ[`gG_M ~YKZ'$0  *H  wwYUY98+9=zm_:-|nʎ2B)?7vRxb< \Ӥ!-HR*lEYDx rZC!0Vl!}w0ؒ>˦н6R 3Zף͑ݑ bs){% [W8`?<W+ʚCM컱HSD6RMm2fq _B7 Mw 9OCHGCdJ2'& Orp0);Pc4[ ͛mZ$r?x˲:=EgeomdbxY䔧J\+r|҈G[G0h0P 0  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v10 181208011941Z 281205011941Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v10"0  *H 0 g8?"N&HΟeu%Px06wwks׋& SI)Mm#w(/ )gMbMM[shV`HE'uZt$T(5Gŗ7*l;;g1*/9UvyX+L[X"^*ð.Rwu![hW&<isYL@_e "]]*Y5ܔMIJgWq=5hufÿuio2 C^ 00Uۚgd3F2Z8>0U#0ۚgd3F2Z8>01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v1 0 U00  *H  'k7))5FgG5T**l࿰~"S  :e9c-E~dN\S`wWv:F & · {-PۊGM.sW遂 q]2s[}aeTD#W`*!=hl8=䲃GP^ekݸ.~*΍(n1gP̊x~cy-~^~1otίľQa8Y䔧J\+r҈G[G00q [0  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v10 181208011940Z 281205011940Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v10"0  *H 0 aQ|68pe$3YNj\lyH,c(]iެ :Gl@_yi'w_qǟߧ]dE6ozOE҉A߻ ;cgW$_jA/>bdys+y~q"ok(b#OVڙ]ܐY9&m.-ЈQ]S NF_@$0p;frp3e"Z{00UZd̗t][;A0U#0Zd̗t][;A01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v1 [0 U00  *H  Zw489+^2%.a/.ZhÉLL0t7_2U,&+q$'P)6/R -D5Q͎;-Hłhi˧gX$_]ő.Gwy*Nqp+S)U0;b`r { C2CGZVt T O:IP0N0US1+اɛ4jo0U#0S1+اɛ4jo0 U00  *H  8Z:uA)( g^Q FfzZZj)SHЭOFP-4;-5IHTϛGjwoZCh^!+B:ImӉj*~-'o!c܌S@[a./ݦpL/f{b? rRC t7D5j&9Ѳ? lot [QIG`OBSTeN˴vYY䔧J\+r҈G[G00Ѡ q9c0  *H  01 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS1!0U UEFI Key Exchange Key v10  180427150637Z22180310150637Z01 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS1!0U UEFI Key Exchange Key v10"0  *H 0 !1YS##3湰AI婑'eP-DȣU$n1D9}@5T1UeħpلHƀPOd;/$󴼆R:vp7 <=&rިSsni5铍@~Y$O%AVp\đ]a#T~j?Ms-D~3 GcDScR{?\F^tГtBS d==sGP0N0UNiܓG4@hsIWjc/JENt/F(ٌҨsA<]}%NQyE8btKl1ÍϑVnI,!P"42JɆkZYⓨ<܍ɫp:y_/[/!igdcZ v@}˚/`ti5(mixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟?[_ֱz<- ks K{-;"O91GR,Ou;iP R-FG6KW! c;Xn*;έTs+O|\3+6aʓ + BootOrder"۠5(޶Kt+ 10` äJTF.l _6* #Ra/4Fv bִvKVҎzgŏҩt˜naʓ +>Boot0000 ,UiAppɽ|4O>e!,FvEnf#15y{f0^Q Pͽɓ +Y ǻxX(9 'kv\I S3Ǯ04;<+~BՆơ$zi mKaʓ +`Boot0001&UEFI nvme_card-pd A NYMR,YE1A'S&7V =grNu*,L_rPo*ƝV3 wڲ1+NWMZ!gz!*ځ x@4k 8 Cq(Calling EFI Application from Boot OptionixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟\r\sDF֖E7 >gjލl5=_.>1[ƀM SHW(ne]e= כ9UwD @;Yc'WEE˲:=Egeo!db҈G[G0 0F#`b)2Bb0  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100 200806194855Z 300804194855Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100"0  *H 0 ̑TEg"^5G+ q5GeI󘍕9pI?쬅D =T3d̄;ɑm䒡0Dc@Wr'd+L,>3&w$pbeZUBr ՘ilL~$s3qS00ZSp Aލ_PKjtT-Kk0i0U00)U" KNqXJ[`gG_M ~YKZ'$0+U#$0" KNqXJ[`gG_M ~YKZ'$0  *H  wwYUY98+9=zm_:-|nʎ2B)?7vRxb< \Ӥ!-HR*lEYDx rZC!0Vl!}w0ؒ>˦н6R 3Zף͑ݑ bs){% [W8`?<W+ʚCM컱HSD6RMm2i6Vy`Mv ]R&NjͭY\< >B۠ϦЛE`aL|70Ip q!hW]kWQdEFI PART\[^Q "{ !]IL$mD[S's =rGy=iG}9җ9@a@IKUЄl STATE]*:2OA%2 +KӄPKERN-A<~;G<<BH"LuDτROOT-A]*:2OA%2 jT >@D:aOKERN-B<~;G<< dKq+nS$DROOT-B]*:2OA%2 4r9@ (~@@@@KERN-C<~;G<<59>Bl~p4TA@A@ROOT-C=rGy=iG}OKDIM$(YPOEM=u .HC7Q^'dIؑAlqTB@B@reserved=u .HC7Q^iH%HՍ/UC@C@reservedHah!IdontNeedEFIM7DfF̯K2<@?@RWFW(s*K>;V-A} /*L EFI-SYSTEMՂ€?P)gk 'Ub+Sd&Djb> AUOVeD;1w@sIݐ3s@ Yvu0Э% A * V-A} /*L 0\EFI\BOOT\BOOTX64.EFIjB)ԺUAZ# &;?V@hL.r yNbR ; >܎Añ1iD*b_i wmܴCf) \!e6] ZڷDSV́U_;mR@ ?%VSe&O[X-ƅ=1: J^I+ l;˲:=Egeodb0 0F#`b)2Bb0  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100 200806194855Z 300804194855Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100"0  *H 0 ̑TEg"^5G+ q5GeI󘍕9pI?쬅D =T3d̄;ɑm䒡0Dc@Wr'd+L,>3&w$pbeZUBr ՘ilL~$s3qS00ZSp Aލ_PKjtT-Kk0i0U00)U" KNqXJ[`gG_M ~YKZ'$0+U#$0" KNqXJ[`gG_M ~YKZ'$0  *H  wwYUY98+9=zm_:-|nʎ2B)?7vRxb< \Ӥ!-HR*lEYDx rZC!0Vl!}w0ؒ>˦н6R 3Zף͑ݑ bs){% [W8`?<W+ʚCM컱HSD6RMm2 ~ b"3 fΫ?cS\Tqsb&[(s|u b n$℻rl8I`!A.&0봵"/efi/boot/grub.cfg QXvוfG[#-w /=AT E pSӹ 6.p)e7Tnn ;q{te"bfgrub_cmd: defaultA=2 җz-`B D ?M 2"GzҗH*ΚM[YL g AYNu`h5F$futcSCwar "grub_cmd: gptpriority hd0 4 prioB h> μGt;&@ oެ95Qayw`{D4 R^!򅊄[=Kzl+Hkj^^;Lxڪgrub_cmd: [ 15 -lt 0 ] )k' dQJ=qg I]$8*a} Z3Ts]zx9 81g\(bNīM)*ȫhmo& bgrub_cmd: set default=2 ODR>cwӋ6l" ӧq׃)1LGcԉMTu3K@ Tm4e3&0HlDAmբg70z%@"grub_cmd: set timeout=0 ޴:СBf.zGo\b >!K\%E[ɬ) 3`^#g6z*o_^tCV2C. C=ʐ#grub_cmd: menuentry local image A { linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 console=tty1 i915.modeset=1 cros_efi root=PARTUUID=05CDEDEA-42C6-2248-B6B3-AB4CE3EA7501 } Pw~`ϩ{;t r1<*E{@pYIOW#x +)[<ȥ( ntMLr;"#q_@[v+VrHgrub_cmd: menuentry local image B { linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 console=tty1 i915.modeset=1 cros_efi root=PARTUUID=64C4E20D-151F-714B-942B-8B6E02A65324 } k4Kaui9Kgrub_cmd: menuentry verified image A { linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 console=tty1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm="1 vroot none ro 1,0 4077568 verity payload=PARTUUID=05CDEDEA-42C6-2248-B6B3-AB4CE3EA7501 hashtree=PARTUUID=05CDEDEA-42C6-2248-B6B3-AB4CE3EA7501 hashstart=4077568 alg=sha256 root_hexdigest=8db95edb446a7311634fc8409e6eab39c66886c4db16aeeef166bbd8fe4ff357 salt=3ec6b6fef69119253b9a5f79a5bb06bc7b12f177063b2466a04f08976375af44" } -m,1`Hn˚| R]]m..-%K|+C r r-0?jʌB î[PQ IKgrub_cmd: menuentry verified image B { linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 console=tty1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm="1 vroot none ro 1,0 4077568 verity payload=PARTUUID=64C4E20D-151F-714B-942B-8B6E02A65324 hashtree=PARTUUID=64C4E20D-151F-714B-942B-8B6E02A65324 hashstart=4077568 alg=sha256 root_hexdigest=8db95edb446a7311634fc8409e6eab39c66886c4db16aeeef166bbd8fe4ff357 salt=3ec6b6fef69119253b9a5f79a5bb06bc7b12f177063b2466a04f08976375af44" } G?o q j -]71kc:1 7RL x,ۭ MaWWw<|x9+9:Z*DѦgrub_cmd: menuentry Alternate USB Boot { linux (hd0,3)/boot/vmlinuz init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 console=tty1 root=PARTUUID=05CDEDEA-42C6-2248-B6B3-AB4CE3EA7501 i915.modeset=1 cros_efi } bY /H @a=yY8ӌasAyR#z "`E4N AdBh .c~᫈;pc"%grub_cmd: setparams verified image A !ٷm "nY &{ |x`Ј5^п j|&<9.1W6.$LH.h}Ҥle7 grub_cmd: linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 console=tty1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm=1 vroot none ro 1,0 4077568 verity payload=PARTUUID=05CDEDEA-42C6-2248-B6B3-AB4CE3EA7501 hashtree=PARTUUID=05CDEDEA-42C6-2248-B6B3-AB4CE3EA7501 hashstart=4077568 alg=sha256 root_hexdigest=8db95edb446a7311634fc8409e6eab39c66886c4db16aeeef166bbd8fe4ff357 salt=3ec6b6fef69119253b9a5f79a5bb06bc7b12f177063b2466a04f08976375af44 >`'#>pT%Bȿ s^[&e&w!>@^| <$l ܵޚ,Ra  !(&G5O,//syslinux/vmlinuz.A"CoxͮƑ! YL7~ff؛q8y;z  l d&6%*| fúLd w|h+AGdQ$?k)௅౅\!e6] ZڷDSV́U_;mR@ ?%VSe&O[X-ƅ=1: J^I+ l;˲:=Egeodb0 0F#`b)2Bb0  *H  01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100 200806194855Z 300804194855Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100"0  *H 0 ̑TEg"^5G+ q5GeI󘍕9pI?쬅D =T3d̄;ɑm䒡0Dc@Wr'd+L,>3&w$pbeZUBr ՘ilL~$s3qS00ZSp Aލ_PKjtT-Kk0i0U00)U" KNqXJ[`gG_M ~YKZ'$0+U#$0" KNqXJ[`gG_M ~YKZ'$0  *H  wwYUY98+9=zm_:-|nʎ2B)?7vRxb< \Ӥ!-HR*lEYDx rZC!0Vl!}w0ؒ>˦н6R 3Zף͑ݑ bs){% [W8`?<W+ʚCM컱HSD6RMm2 4=PBJaʓ +&PKY䔧J\+r& ҈G[G00ޠ Jg]0  *H  010 U newpk0 180821215115Z 180920215115Z010 U newpk0"0  *H 0 ̹|mkcb |,E΅RRH|C& 6ioТ#o4OkpBi!}u1 P#;V G0]c9ᖡ=&Ӣlȗ겕<:Q?%K>QՑg歌j'?NlV*Y` yө|WQa7}nRCH<ͼ9G F6ܒJF#XKS0Q0UPB/ۗ'(t1F^`0U#0PB/ۗ'(t1F^`0U00  *H  R?罰$2I{4;v`=ki[,׼}Yõ.l1#60g::+b!`,.(nfpX(gil'X%Pp`nTJmE[4&M<$.yȬ|8GCk3PWsJs{K ǃ 6Zi@ ,/==p5¹>qƭ$?}`ozuLQhX38%*KEg3%?CD nPyB.Ztvi>aʓ +KEKY䔧J\+r҈G[G00Р a ш0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110"0  *H 0 赊W&&WzD] Jt*mZc2|O 8, 0HPdQȅO /Sjb: C%#pM/$JC ~Gl3*q<% /hvFOܭq*Xy=e;)*rY뮒5_̝vcy@yR{iO0K0 +70UbC͠>g[U{̶_0 +7  SubCA0 U0U00U#0EfRC~XN#U;:"j0\UU0S0QOMKhttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *H  Ԅ*<* נRfuz-vZy7jQ{ddgxΈXd W_iHK2]0x+4VʮA%pkז* K(){|vyo~l{E4Q9^VBwqV̟#˦X~ig~ <νC-j+Z|DR-R=`3e |N8/ o.9'B)FA;gCYe Ou;$PA@y-O j'vnRi{E­S076aJi4hl l"yF`!y2`ج"KK}?W5Ou`"Sy֛ATp 5|4r`;y뢲]%o8yi uk4`\WN62 'a`"rk ˲:=EgeoG dbY䔧J\+r@$҈G[G00 a0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110"0  *H 0 lLE jK u CTd} s JEa-+MIA#/^Pƍ_A. lui!Mڭ,wS%27lRr5aj;PV2-B'UZ0TG%/&A\?[<>?GrU%"{*F 5'bq'Y7`8xpLEe¶~iuYXY䔧J\+r҈G[G00 avV0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100 111019184142Z 261019185142Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110"0  *H 0  . i!i33T ҋ8-|byJ?5 pk6u1ݍp7tF([`#,GgQ'rɹ;S5|'# oFnhttp://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0  *H  |qQyn9>\` QfG=*hwLb{Ǻz4KbzJ7-W|=ܸZij:ni!7ށugӓW^)9-Es[zFX^gl5?$5 uVx,Јߺ~,c#!xlX6+̤-@EΊ\k>p* j_Gc 26*pZBYqKW~!<ŹE ŕ]b֠c uw}=EWo3wbY~^fQߛ|^.˲:=Egeo.dbxY䔧J\+rP4wY2M`(xK0 00  *H  01 0 UGB10U Isle of Man10U Douglas10U Canonical Ltd.1402U +Canonical Ltd. Master Certificate Authority0 120412113908Z 420411113908Z01 0 UGB10U Isle of Man10U Canonical Ltd.10U Secure Boot1+0)U "Canonical Ltd. Secure Boot Signing0"0  *H 0 _b dbKҟa+]8ιCCwO pF mm^ҷf mA cO|R̠1]FoUsvi!O"[-ە4(K!LʻyZg\xE=mY&WN,N7MG;| o鍣ξݔ00 U00U%0+ +7 0, `HB OpenSSL Generated Certificate0UaH* Z rPڐ30U#0 *#eZ&4Zc0  *H  ) J%}jyg%%Z^Z\ˍ#se"kIgɣbN\@܇aB"*\NR+89]Ve_+O&x]2E%G 7iv~4;gN%^_@1# % UG^[3ݳ1Z\]}> Y}; >o!9Y䔧J\+rwY2M`(xK00p 9\zP0  *H  0A10U Toliman10 U Cisco10UVirtual UEFI Root CA0  180403174734Z20990403161930Z0?10 U Cisco10U Antares10U Virtual UEFI SubCA0"0  *H 0 M!+ w1\W>ae~"O/KhLQgFBKj)g@gEҨW sUWďPIHfx+GUH%m".a.MX~x['} s연^u?xq/΃S10N#| T:^y^NͪނqNII鰫*GS0'|f o~=>ԢjY//=(BR=$@ve9070 `HB0U%0  +7 0 U0  *H  W`L)}k\l?iHudJ &!V]>uM=~B@qylqbǘ' / ɟ%ͻUuA1N]¬F՝G2Dt0WV~)ۛSҽ/ju&Ed(yWzd,NgyjwY2M`(xK세Kle qR0! b h2۲ '%'߶=IҕrLwY2M`(xKoN0;t􀠀Ѐ+ot!hwY2M`(xKN: [CƦ@O4=9bgΔ.#ڒ wY2M`(xK+&B.6_K 'lKzoD/ki9wY2M`(xK.pgsQpW2.#ӹ+Q}wY2M`(xK?Λ>TR^·mt:syqUpj>swY2M`(xKGa':k,Zmk6!h,*Z߽wY2M`(xKqo"I~TFb$ whٿcuwY2M`(xK;δCΝч͛YA=Xo+V7W_gwY2M`(xKHY jagznFdr!YEwY2M`(xK se(Q )$졺wY2M`(xK*xtUq *{F 2xnMwY2M`(xKᝮ.o(Xw#5yD=<wY2M`(xK9(K_3,w@ۦcJɱwY2M`(xK2 Edf(|zB3}) wY2M`(xK_ˣ>XGj( &q!}I/wY2M`(xKKheݐBOЮ2p>` wY2M`(xK4 qTzDUHwY2M`(xK5nU T5L5`[-UwY2M`(xK4kW3$ke^6**pIwY2M`(xKcWÔ. fD[WK`wY2M`(xKYVDc0wF*!Y[YswY2M`(xKۯm=[8S0J~ ͼX"1lwY2M`(xKebr.^^lnO{+.k콚wY2M`(xK[$=q==ݍKzq&W8_-ȆwY2M`(xK&yeAF 5Vw kĄ0tlwY2M`(xKmSco##o=WKׇ?wY2M`(xK !|~_N6p8 <#ʑC wY2M`(xKA7ǐvqos}:-M0_wY2M`(xK!jd@U@V풕a7XH.񷽚wY2M`(xKn [G{LӨ̤ X$׺wY2M`(xKLzAǃHBvo4Pс;wY2M`(xK-t6b) \\6BwY2M`(xKwOܑ蟣\N4Le2,ȷ? JiIze*UBw+ܑwY2M`(xK{Tc^wѬ҃?JW`<,ywY2M`(xK9]WQxWn!|Y_j%wY2M`(xKϧq+!oT(g-l~swY2M`(xK>'˳D8#'_\Y:7fۘL^Cz?kwY2M`(xKhF2Ǿf>ݓE-}ICwY2M`(xKK1ZUqH=s-M.!-1^нwY2M`(xK :U)7KZO&kRp촪%8wY2M`(xK~LԯcNhUyQ9q0(U+kwY2M`(xKh1!gKp,_]p-HwY2M`(xK<䰱rGoWY{'NĽwY2M`(xKWq*䉳tvͩa)بhҶc91]wY2M`(xK:(L} ,^L0J䕭ŌE< wY2M`(xKISylQ ~+d4ut彚wY2M`(xKu^i*1ËgVpwY2M`(xKSR)1B<I̧rRäY wY2M`(xK?>B~CS%+~^r n'mCwY2M`(xKr.#VrAJPΦj5!zwY2M`(xK\Xj7Eph(|A˛_RzUwY2M`(xKN5Lch'IW+)4%OSrTIwY2M`(xKJ)^ 7 kώd !1wY2M`(xK~q4Tao[ׄq*O4x*8pwY2M`(xK[nOe#X|,_gv*wY2M`(xK"M ?bQj~,lpwY2M`(xK (@%gq8R-(Gn5;AwY2M`(xK  s~oYlIP/KwY2M`(xK u pt$mOǴ>Yj53 kOur^wY2M`(xK QאoēIv]Bk,jrS2㧽wY2M`(xKQ0[Yec@i*.IQwY2M`(xKw0/I?%+o4j0/ wY2M`(xKqZD"3 K1L)]mwY2M`(xKs(x#bU߮T+r)ָwY2M`(xKXڋ3_:4?]W<+ wY2M`(xK^E4 5=eS|퓽wY2M`(xK' cj} [9f'NGwY2M`(xK)̤TN0DŽi\k"{[(@꽚wY2M`(xK+"kĤU.{\KH6ĘwY2M`(xK-ώp#E=h0پLwY2M`(xK1*[P0̓>T/GwY2M`(xK22mϬ^˝,\;"Ϝn`ǘԧwY2M`(xK4 +X3+V0 ֹ'IX%wY2M`(xK6. (1o aS.uPwY2M`(xK6z1僈1,FGjl決 z^wY2M`(xK7ei[B{5;!7褛o Yjxj4wY2M`(xK8mi\-EvxQUv7;ywY2M`(xK:Ot+3=藾BUwY2M`(xK:lEp YBb-Q.s5wY2M`(xK;45igA QLiOsYwY2M`(xK>9&ZաAgdz<=C!]D7A-(wY2M`(xK@ mY :0WY/B_wY2M`(xKAm[4{x+_ up\MGy=ĘwY2M`(xKAw2NeW2 DkQ%wwY2M`(xKEkMa[:tz]ZH)A A/]wY2M`(xKFg% ktͱdXsoW]ou]gwY2M`(xKGc@y1Q[./]=2wY2M`(xKW:R"vͯ1툉Td%St zӕwY2M`(xKX"q!mc~:e3?EƼ߽wY2M`(xK]˻J}KhRYpo"A̭wY2M`(xKaģwYp4ռn:ߺ t M⋈GGNwY2M`(xKm2WƤpu_AP0.ZG|wY2M`(xKpE 9Ui %2N 9X4ԉ-QwY2M`(xKro|뒘Ʈt϶]Af wY2M`(xKxd!sԨ(dqV 5zXbK7u wY2M`(xKx3ҿQg=>}QqV'whm#wY2M`(xKxʫ > ,#9LJnS1wY2M`(xKI̳ 2;zUD\1I^`pP'wY2M`(xKH#leYM+. P(4wY2M`(xKMx962̑Zt.0עfYG,+kfwY2M`(xKIW!cH#22hXe) pwY2M`(xK iYevFK*R$ԡHϭwY2M`(xKczl` rvիWȟ`-⽚wY2M`(xKejI;8$&2HWH [s 2SwY2M`(xK[Ƅ9čcvM/;wjwY2M`(xKpx|a:霚]Xf~,Չgz|LrwY2M`(xK-5hLHZkCbD|9d{wY2M`(xKTU豉AKl@ko>h݆1wY2M`(xKOvk֨_BMHv 8wY2M`(xK%0_9~uck6 WsnkЋuwY2M`(xKܷ/^t':@<y~"PwY2M`(xK? 2ī4:E %!j,wY2M`(xKxĽT5Y.¥{j50d/wY2M`(xK$B9os!slwY2M`(xK;GN[3SIHkvXg[wY2M`(xKֵ{E|{V)fZ=G:KQwY2M`(xK?Y ,%hy?nwy^m|"SuwY2M`(xK3c~mVɊS/ mIwY2M`(xKu2\fOJ7/5SHfwY2M`(xK&Wup*)\ŽwY2M`(xKC](*|sG[wk|v?iwY2M`(xKf;Mhn$poLgf DpwY2M`(xKFY~_ronr{h 8\BjwY2M`(xKP[k 9eNu^ƛwY2M`(xK- ^@!l,y ԽwY2M`(xKƝd9gBR~j<'on4"wY2M`(xK4 tĥnAܨ8rPykwY2M`(xK̎n!,zZ~m xGwY2M`(xKC.<~p%з yA(wY2M`(xKؚlHTKg f HKpNBwY2M`(xKf'g4$R;is"*M wY2M`(xK5` 2LiȖCkFUwY2M`(xKR(ÕiwwY2M`(xKߑO U|s,YE.NwY2M`(xKQ0Fj",aW_F彚wY2M`(xKmq!ꈄ(E2ooNS~T61wY2M`(xK㘑œ΂fo[+ШǿwY2M`(xKoy-O22٧o{aơ>;ȽwY2M`(xKM[kFGywhIGf wY2M`(xKfIa Oj);#(~.rwY2M`(xKU*y6b;1 To rgwY2M`(xKQ; TJh‘şB ܲ> Z~ =wY2M`(xKm5TiA @h)Y\,d*JwY2M`(xKa@?|ةpY}2ߏkwI_wY2M`(xKmq;`O, !ޮg%B[}:1[wßTixE (QsC>RRs?[_ֱz<-6aʓ + BootOrder"۠5(޶Kt+naʓ +>Boot0000 ,UiAppɽ|4O>e!,FvEnf#1A+{7aʓ +lBoot0001UEFI Google PersistentDisk  A NYMR,YE1A'S&7V(Calling EFI Application from Boot OptionixE (QsC>RRsixE (QsC>RRsixE (QsC>RRsixE (QsC>RRsixE (QsC>RRsixE (QsC>RRsixE (QsC>RRs Vw`:˖+KY\H˲:=Egeo$db҈G[G00 a0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110"0  *H 0 lLE jK u CTd} s JEa-+MIA#/^Pƍ_A. lui!Mڭ,wS%27lRr5aj;PV2-B'UZ0TG%/&A\?[<>?GrU%"{*F 5'bq'Y7`8xpLEe¶~iuYX0KW+q*ڲ3EFI PART\YQC??Yd@)4BXZ>e=rGy=iG} LBG`d?Hah!IdontNeedEFI[L-Ca.v(s*K>;+p4\Bl#S} G&6yۈ=z٭֡ _3ܽ/x A * +p4\Bl#S}0\EFI\BOOT\BOOTX64.EFI?#r5f_,I.b)+,1.KP]`FC=݋#Shim00TկH2|40  *H  0 10UDebian Secure Boot CA0 160816180918Z 460809180918Z0 10UDebian Secure Boot CA0"0  *H 0 ԋ.ʂ7JBz)ndfa k5%)CK=M&Ch$؆Q8CkTPK_5P| 6H{^,xI5!fՊ+f/H삏_q$9P r(P!a fN&6 c+(VdUAG ϋY&& +y1japNflbWeGJިb̃W<U&ri.M`$-2Ol^_b0Hfd}6D 4=.í‘7z_;gĤ5r+LQד Y)DM>`N%?Zkmzc@%k!",.5`K[_8F rb\ֳ}%9N`v{nd!V9A}ϽL?+ل̓k!)FFgolang-github-google-go-eventlog-0.0.2/testdata/eventlogs/tpm/glinux-alex.bin000066400000000000000000000370111515555264200273200ustar00rootroot00000000000000%Spec ID Event03  StartupLocality2W8k  (@Γб}EXQ,=Y542fyFIT Type 0x02 Measured S-CRTM?uUua;H#U M%w+^of$)oJ;FIT Type 0x07 Measured S-CRTMixE (QsC>RRs ?a/@W-=HwRI$FIT Type 0x2D Measured S-CRTM/&xAD睮3 r @ CV ?kꊴ}(=+nUkT U@N:bQ9G[zmlpI bm\ػXt%0 o0h?CT9WMBGZ'CHO;B Z'DVb շ{M5aʓ + SecureBoot.pf<_ >k"U)/=%o '3ɺrFaʓ +"PKY䔧J\+r" p!}RVC=/00ڠPjehE?0  *H  010 ULENOVO0 161208071822Z 361208071821Z010 ULENOVO0"0  *H 0 4uӰ1!O336 :go `6l]:e9/*v6XVhy)hd>dAk$~Dd9y, 9椣$ʲo؊Ig]H1 E{Xþ P{8-i ȧH2tX0IYHAߖ^yK(Q*?͍!sydAN߬F0D0BU;09a`*u##010 ULENOVOPjehE?0  *H  ~xJ doJ A%*i[{\z;12ƒGN՗#c`9IhZ69np 6wj5G򬙊$ *(aʓ +KEKY䔧J\+rwY2M`(xK00Р a ш0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110"0  *H 0 赊W&&WzD] Jt*mZc2|O 8, 0HPdQȅO /Sjb: C%#pM/$JC ~Gl3*q<% /hvFOܭq*Xy=e;)*rY뮒5_̝vcy@yR{iO0K0 +70UbC͠>g[U{̶_0 +7  SubCA0 U0U00U#0EfRC~XN#U;:"j0\UU0S0QOMKhttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *H  Ԅ*<* נRfuz-vZy7jQ{ddgxΈXd W_iHK2]0x+4VʮA%pkז* K(){|vyo~l{E4Q9^VBwqV̟#˦X~ig~ <νC-j+Z|DR-R=`3e |N8/ o.9'B)FA;gCYe Ou;$PA@y-O j'vnRi{E­S076aJi4hl l"yF`!y2`ج"KK}?W5Ou`"Sy֛ATp 5|4r`;y뢲]%o8yi uk4`\WN62Y\weoHu mc(QM= r4,(5PXc˲:=Egeo?dbY䔧J\+rQH&_J^00k Hb4u4# M0  *H  0U1 0 UUS10U North Carolina10 U Lenovo10U Lenovo UEFI CA 20140 140124161424Z 340119161424Z0U1 0 UUS10U North Carolina10 U Lenovo10U Lenovo UEFI CA 20140"0  *H 0 ;pJ*ɱEe'< c >(|-PҊ"ٴ1T{e0'AQ`g,Wwg&jӞSgY=? Ԏad!g@ys?期'&/[\-8-B0Fn#1~`wXykk Uߞ6&$ݤJ[J.DGb ¹'0Q+k؛2 j(Sb=hK b}Π*?4˽gJD,ZܡY䔧J\+rE)QH&_J^00 pu^z0  *H  0d1 0 UUS10UNorth Carolina10U Morrisville10 U Lenovo10U  ThinkStation0 130730131326Z 330725131326Z0d1 0 UUS10UNorth Carolina10U Morrisville10 U Lenovo10U  ThinkStation0"0  *H 0 ݿwU*`wyY7Tѹ )O r%[?ҬY=XY&ڻ_E'4xt@ؐNDRX p[堡L[z ?0Fӿ.U S~}ØЕh ;V&-S? \À  Ġ3~J@YL-w̳ L π X>{ u*&~cD0I)s8n)NŢ00Uۈb^忌]0U#0ۈb^忌]hf0d1 0 UUS10UNorth Carolina10U Morrisville10 U Lenovo10U  ThinkStation pu^z0 U00  *H  Zh[(R{8 :SJ!ڧ55/AXwi,2%Kj[DOЭjt0(%|bb|[TF·ܪJq+L( |N {DkSோb%~~nj{7 s,ɼ'XFanpx AJl4xy¤֚A <јjWh6݉xNڒ| }gq?Y{\AY䔧J\+r@$wY2M`(xK00 a0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110"0  *H 0 lLE jK u CTd} s JEa-+MIA#/^Pƍ_A. lui!Mڭ,wS%27lRr5aj;PV2-B'UZ0TG%/&A\?[<>?GrU%"{*F 5'bq'Y7`8xpLEe¶~iuYXY䔧J\+rwY2M`(xK00 avV0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100 111019184142Z 261019185142Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110"0  *H 0  . i!i33T ҋ8-|byJ?5 pk6u1ݍp7tF([`#,GgQ'rɹ;S5|'# oFnhttp://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0  *H  |qQyn9>\` QfG=*hwLb{Ǻz4KbzJ7-W|=ܸZij:ni!7ށugӓW^)9-Es[zFX^gl5?$5 uVx,Јߺ~,c#!xlX6+̤-@EΊ\k>p* j_Gc 26*pZBYqKW~!<ŹE ŕ]b֠c uw}=EWo3wbY~Bp`qjc3 DJMʚȗV'ÅϹ +e[˲:=Egeodbx&LP@A6C(0wY2M`(xKi1 ORm@`MAe wY2M`(xK/֒r($E4[$k;}nzwY2M`(xKء- *o.s >d,NgyjwY2M`(xK63M. xbdYWC&`HXšvwY2M`(xK세Kle qR0! b h2۲ '%'߶=IҕrLwY2M`(xK^T`< k覃R8wY2M`(xKƨXdoy(#g+69ОwY2M`(xK _NQxmЁ%orxRYe&wY2M`(xK Cڬz0eu1{ 될ctwY2M`(xK 9v-6=cqZ9ϰF\`lk׽wY2M`(xK o)o3}rK H:*?OwY2M`(xK !Hʃ62u> [1R*[wY2M`(xKoN0;t􀠀Ѐ+ot!hwY2M`(xKN: [CƦ@O4=9bgΔ.#ڒ wY2M`(xK34)bퟗ>H-.ImTdwY2M`(xK+&B.6_K 'lKzoD/ki9wY2M`(xK+,'R*]IZ+R]fbUwY2M`(xK,s3%mԤ<[UYPPR}wY2M`(xK.pgsQpW2.#ӹ+Q}wY2M`(xK0f(Tw0W(JF}8zTiv^uҍwY2M`(xK6Awz/^g4g^Ù^i5 ҽwY2M`(xK8A!6\ !`9MlN g`b[wY2M`(xK?Λ>TR^·mt:syqUpj>swY2M`(xKCʃc| C-/&zKuwY2M`(xKGa':k,Zmk6!h,*Z߽wY2M`(xKQ1s>!"Ty 0a5wY2M`(xKZIU9[.B,/gg6A+\wY2M`(xKkxA{^`Gr̴/fwY2M`(xKlTGYQ&l+585rѓ.wY2M`(xKo(qկ.{˫d|eͶ& :x^wY2M`(xKqo"I~TFb$ whٿcuwY2M`(xKrk>Tj0=ppq-ĝ,#wY2M`(xKrg]V;ݼ2ت^/m(ؽwY2M`(xKx'6,q}䱿CqZH[ʤKŽwY2M`(xKeӇk)T̕SϪȣ;3佚wY2M`(xK;δCΝч͛YA=Xo+V7W_gwY2M`(xKZ~OG q"8b:ߒ=wY2M`(xKHY jagznFdr!YEwY2M`(xK4͐e;=<5P_{c!wY2M`(xK se(Q$Q?eYW5)@νwY2M`(xK5g+6~OIia]JlrMBwY2M`(xK,";VB\GYG8DoYwY2M`(xKn=)t=J2@ؽwY2M`(xKcOx,7`XbfnmwY2M`(xKϲ2.KmH],qgrRY\u"6wY2M`(xKaJ~UәnE AR'[wY2M`(xKU =HZ7?=|cwY2M`(xKw ^; b x  S^ˇ k/wY2M`(xK<9"`tFu7̔ܭZ˦G/4q9脽wY2M`(xK;S> #Aryę-æ6wY2M`(xKQ3@HΈrRjRç`IwY2M`(xKdW[x.V4Rk DxYuN-dEwY2M`(xKEȮu ϻH7R}ddMؑ<͊$MigߎixE (QsC>RRs ?a/@W-=HwRI$S-l(D.XC 蘟ZY 8"B5oBiOb5qkgHdT_4 A PixE (QsC>RRs ?a/@W-=HwRI$ixE (QsC>RRs ?a/@W-=HwRI$ixE (QsC>RRs ?a/@W-=HwRI$ixE (QsC>RRs ?a/@W-=HwRI$ixE (QsC>RRs ?a/@W-=HwRI$ixE (QsC>RRs ?a/@W-=HwRI$ixE (QsC>RRs ?a/@W-=HwRI$6@ P{ eâw! g&ůZ \ {'9NU3cdEFI PART\$'Np;";DkRVGF43%|[ XTHah!IdontNeedEFIG۰Cv:%(s*K>;f@OK+xg=EFI System Partition=rGy=iG}"j-D"=&=z=rGy=iG}>{hF]&? z;kb ^c [fz>װbA5AJ~%>RQ%<aʓ + BootOrderTYl$g%u !I'@,@t.!aʓ +vBoot0001bdebian*=f@OK+xg4\EFI\DEBIAN\GRUBX64.EFI.JP1[Ń|[ !<b͆>3Od>:|aʓ +LBoot0002UEFI: PXE IPv4 Intel(R) Ethernet Connection (2) I219-LM A  % xGd-;AMQLPXE IPv4 Intel(R) Ethernet Connection (2) I219-LMBOUy2ސޫU6i)Vg p!ncp N=`Zaʓ +mBoot0003UEFI: PXE IPv6 Intel(R) Ethernet Connection (2) I219-LM A  % <@xGd-;AMQLPXE IPv6 Intel(R) Ethernet Connection (2) I219-LMBO_wloR_Dli~A>S ʏI/[ͯOa߳w3xaaʓ +\Boot0006 0Generic Usb Deviceu♠u7K8^lu♠u7K8^leW]~3 Q-+So.SQ[?V>/Uy#SռJaʓ +RBoot0007 0CD/DVD Deviceu♠u7K8^lu♠u7K8^l &Ia6@h伣)^ vҷ+hGl oljǎڵǁ䟪6^  A %8n*=f@OK+xg4\EFI\DEBIAN\GRUBX64.EFIgolang-github-google-go-eventlog-0.0.2/testdata/eventlogs/tpm/rhel8-uefi.bin000066400000000000000000001023621515555264200270350ustar00rootroot00000000000000)Spec ID Event03 0?pۯfU@6GL  2᥌M5}P;[jZy m.Bϒ4I9?71a!ߊΦae c0GCE Virtual Firmware v1Bq@U'r7i~ {tޣL鴗UɭR=ZN/h'o M'+{F (?^UɈ?,پߎH /Px^ GCE NonHostInfoM@AIMɐSC'} K(EںU+b}4vv1A@ ,S^aư1E@6|2jR+1\h *5aʓ + SecureBootZ>4=PB ۻfXe̘Jx[ArD cU<w ӥUZS:jC{* EhJaʓ +&PKY䔧J\+r& ҈G[G00ޠ Jg]0  *H  010 U newpk0 180821215115Z 180920215115Z010 U newpk0"0  *H 0 ̹|mkcb |,E΅RRH|C& 6ioТ#o4OkpBi!}u1 P#;V G0]c9ᖡ=&Ӣlȗ겕<:Q?%K>QՑg歌j'?NlV*Y` yө|WQa7}nRCH<ͼ9G F6ܒJF#XKS0Q0UPB/ۗ'(t1F^`0U#0PB/ۗ'(t1F^`0U00  *H  R?罰$2I{4;v`=ki[,׼}Yõ.l1#60g::+b!`,.(nfpX(gil'X%Pp`nTJmE[4&M<$.yȬ|8GCk3PWsJs{K ǃ 6Zi@ ,/==p5¹>qƭ$?}`ozuLQhX38%*KEg3%?CD nPyB.Ztvi b&G[d}-.fb {l"ZfWV @y΋V=ڑ WBB7B)C#(4~2x>aʓ +KEKY䔧J\+r҈G[G00Р a ш0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110"0  *H 0 赊W&&WzD] Jt*mZc2|O 8, 0HPdQȅO /Sjb: C%#pM/$JC ~Gl3*q<% /hvFOܭq*Xy=e;)*rY뮒5_̝vcy@yR{iO0K0 +70UbC͠>g[U{̶_0 +7  SubCA0 U0U00U#0EfRC~XN#U;:"j0\UU0S0QOMKhttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *H  Ԅ*<* נRfuz-vZy7jQ{ddgxΈXd W_iHK2]0x+4VʮA%pkז* K(){|vyo~l{E4Q9^VBwqV̟#˦X~ig~ <νC-j+Z|DR-R=`3e |N8/ o.9'B)FA;gCYe Ou;$PA@y-O j'vnRi{E­S076aJi4hl l"yF`!y2`ج"KK}?W5Ou`"Sy֛ATp 5|4r`;y뢲]%o8yi uk4`\WN62 'a`"r b8ÄbtņT)!%A$62̯Z 5 b[|<((yw6bB:؛Ȧ(!7k ˲:=EgeoG dbY䔧J\+r@$҈G[G00 a0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110"0  *H 0 lLE jK u CTd} s JEa-+MIA#/^Pƍ_A. lui!Mڭ,wS%27lRr5aj;PV2-B'UZ0TG%/&A\?[<>?GrU%"{*F 5'bq'Y7`8xpLEe¶~iuYXY䔧J\+r҈G[G00 avV0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100 111019184142Z 261019185142Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110"0  *H 0  . i!i33T ҋ8-|byJ?5 pk6u1ݍp7tF([`#,GgQ'rɹ;S5|'# oFnhttp://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0  *H  |qQyn9>\` QfG=*hwLb{Ǻz4KbzJ7-W|=ܸZij:ni!7ށugӓW^)9-Es[zFX^gl5?$5 uVx,Јߺ~,c#!xlX6+̤-@EΊ\k>p* j_Gc 26*pZBYqKW~!<ŹE ŕ]b֠c uw}=EWo3wbY~^fQߛ|^ kVs@{ "^Q_:@ɼ B%-JAxN|zKx, c6ߗ.˭.˲:=Egeo.dbxY䔧J\+rP4wY2M`(xK0 00  *H  01 0 UGB10U Isle of Man10U Douglas10U Canonical Ltd.1402U +Canonical Ltd. Master Certificate Authority0 120412113908Z 420411113908Z01 0 UGB10U Isle of Man10U Canonical Ltd.10U Secure Boot1+0)U "Canonical Ltd. Secure Boot Signing0"0  *H 0 _b dbKҟa+]8ιCCwO pF mm^ҷf mA cO|R̠1]FoUsvi!O"[-ە4(K!LʻyZg\xE=mY&WN,N7MG;| o鍣ξݔ00 U00U%0+ +7 0, `HB OpenSSL Generated Certificate0UaH* Z rPڐ30U#0 *#eZ&4Zc0  *H  ) J%}jyg%%Z^Z\ˍ#se"kIgɣbN\@܇aB"*\NR+89]Ve_+O&x]2E%G 7iv~4;gN%^_@1# % UG^[3ݳ1Z\]}> Y}; >o!9Y䔧J\+rwY2M`(xK00p 9\zP0  *H  0A10U Toliman10 U Cisco10UVirtual UEFI Root CA0  180403174734Z20990403161930Z0?10 U Cisco10U Antares10U Virtual UEFI SubCA0"0  *H 0 M!+ w1\W>ae~"O/KhLQgFBKj)g@gEҨW sUWďPIHfx+GUH%m".a.MX~x['} s연^u?xq/΃S10N#| T:^y^NͪނqNII鰫*GS0'|f o~=>ԢjY//=(BR=$@ve9070 `HB0U%0  +7 0 U0  *H  W`L)}k\l?iHudJ &!V]>uM=~B@qylqbǘ' / ɟ%ͻUuA1N]¬F՝G2Dt0WV~)ۛSҽ/ju&Ed(yWzd,NgyjwY2M`(xK세Kle qR0! b h2۲ '%'߶=IҕrLwY2M`(xKoN0;t􀠀Ѐ+ot!hwY2M`(xKN: [CƦ@O4=9bgΔ.#ڒ wY2M`(xK+&B.6_K 'lKzoD/ki9wY2M`(xK.pgsQpW2.#ӹ+Q}wY2M`(xK?Λ>TR^·mt:syqUpj>swY2M`(xKGa':k,Zmk6!h,*Z߽wY2M`(xKqo"I~TFb$ whٿcuwY2M`(xK;δCΝч͛YA=Xo+V7W_gwY2M`(xKHY jagznFdr!YEwY2M`(xK se(Q )$졺wY2M`(xK*xtUq *{F 2xnMwY2M`(xKᝮ.o(Xw#5yD=<wY2M`(xK9(K_3,w@ۦcJɱwY2M`(xK2 Edf(|zB3}) wY2M`(xK_ˣ>XGj( &q!}I/wY2M`(xKKheݐBOЮ2p>` wY2M`(xK4 qTzDUHwY2M`(xK5nU T5L5`[-UwY2M`(xK4kW3$ke^6**pIwY2M`(xKcWÔ. fD[WK`wY2M`(xKYVDc0wF*!Y[YswY2M`(xKۯm=[8S0J~ ͼX"1lwY2M`(xKebr.^^lnO{+.k콚wY2M`(xK[$=q==ݍKzq&W8_-ȆwY2M`(xK&yeAF 5Vw kĄ0tlwY2M`(xKmSco##o=WKׇ?wY2M`(xK !|~_N6p8 <#ʑC wY2M`(xKA7ǐvqos}:-M0_wY2M`(xK!jd@U@V풕a7XH.񷽚wY2M`(xKn [G{LӨ̤ X$׺wY2M`(xKLzAǃHBvo4Pс;wY2M`(xK-t6b) \\6BwY2M`(xKwOܑ蟣\N4Le2,ȷ? JiIze*UBw+ܑwY2M`(xK{Tc^wѬ҃?JW`<,ywY2M`(xK9]WQxWn!|Y_j%wY2M`(xKϧq+!oT(g-l~swY2M`(xK>'˳D8#'_\Y:7fۘL^Cz?kwY2M`(xKhF2Ǿf>ݓE-}ICwY2M`(xKK1ZUqH=s-M.!-1^нwY2M`(xK :U)7KZO&kRp촪%8wY2M`(xK~LԯcNhUyQ9q0(U+kwY2M`(xKh1!gKp,_]p-HwY2M`(xK<䰱rGoWY{'NĽwY2M`(xKWq*䉳tvͩa)بhҶc91]wY2M`(xK:(L} ,^L0J䕭ŌE< wY2M`(xKISylQ ~+d4ut彚wY2M`(xKu^i*1ËgVpwY2M`(xKSR)1B<I̧rRäY wY2M`(xK?>B~CS%+~^r n'mCwY2M`(xKr.#VrAJPΦj5!zwY2M`(xK\Xj7Eph(|A˛_RzUwY2M`(xKN5Lch'IW+)4%OSrTIwY2M`(xKJ)^ 7 kώd !1wY2M`(xK~q4Tao[ׄq*O4x*8pwY2M`(xK[nOe#X|,_gv*wY2M`(xK"M ?bQj~,lpwY2M`(xK (@%gq8R-(Gn5;AwY2M`(xK  s~oYlIP/KwY2M`(xK u pt$mOǴ>Yj53 kOur^wY2M`(xK QאoēIv]Bk,jrS2㧽wY2M`(xKQ0[Yec@i*.IQwY2M`(xKw0/I?%+o4j0/ wY2M`(xKqZD"3 K1L)]mwY2M`(xKs(x#bU߮T+r)ָwY2M`(xKXڋ3_:4?]W<+ wY2M`(xK^E4 5=eS|퓽wY2M`(xK' cj} [9f'NGwY2M`(xK)̤TN0DŽi\k"{[(@꽚wY2M`(xK+"kĤU.{\KH6ĘwY2M`(xK-ώp#E=h0پLwY2M`(xK1*[P0̓>T/GwY2M`(xK22mϬ^˝,\;"Ϝn`ǘԧwY2M`(xK4 +X3+V0 ֹ'IX%wY2M`(xK6. (1o aS.uPwY2M`(xK6z1僈1,FGjl決 z^wY2M`(xK7ei[B{5;!7褛o Yjxj4wY2M`(xK8mi\-EvxQUv7;ywY2M`(xK:Ot+3=藾BUwY2M`(xK:lEp YBb-Q.s5wY2M`(xK;45igA QLiOsYwY2M`(xK>9&ZաAgdz<=C!]D7A-(wY2M`(xK@ mY :0WY/B_wY2M`(xKAm[4{x+_ up\MGy=ĘwY2M`(xKAw2NeW2 DkQ%wwY2M`(xKEkMa[:tz]ZH)A A/]wY2M`(xKFg% ktͱdXsoW]ou]gwY2M`(xKGc@y1Q[./]=2wY2M`(xKW:R"vͯ1툉Td%St zӕwY2M`(xKX"q!mc~:e3?EƼ߽wY2M`(xK]˻J}KhRYpo"A̭wY2M`(xKaģwYp4ռn:ߺ t M⋈GGNwY2M`(xKm2WƤpu_AP0.ZG|wY2M`(xKpE 9Ui %2N 9X4ԉ-QwY2M`(xKro|뒘Ʈt϶]Af wY2M`(xKxd!sԨ(dqV 5zXbK7u wY2M`(xKx3ҿQg=>}QqV'whm#wY2M`(xKxʫ > ,#9LJnS1wY2M`(xKI̳ 2;zUD\1I^`pP'wY2M`(xKH#leYM+. P(4wY2M`(xKMx962̑Zt.0עfYG,+kfwY2M`(xKIW!cH#22hXe) pwY2M`(xK iYevFK*R$ԡHϭwY2M`(xKczl` rvիWȟ`-⽚wY2M`(xKejI;8$&2HWH [s 2SwY2M`(xK[Ƅ9čcvM/;wjwY2M`(xKpx|a:霚]Xf~,Չgz|LrwY2M`(xK-5hLHZkCbD|9d{wY2M`(xKTU豉AKl@ko>h݆1wY2M`(xKOvk֨_BMHv 8wY2M`(xK%0_9~uck6 WsnkЋuwY2M`(xKܷ/^t':@<y~"PwY2M`(xK? 2ī4:E %!j,wY2M`(xKxĽT5Y.¥{j50d/wY2M`(xK$B9os!slwY2M`(xK;GN[3SIHkvXg[wY2M`(xKֵ{E|{V)fZ=G:KQwY2M`(xK?Y ,%hy?nwy^m|"SuwY2M`(xK3c~mVɊS/ mIwY2M`(xKu2\fOJ7/5SHfwY2M`(xK&Wup*)\ŽwY2M`(xKC](*|sG[wk|v?iwY2M`(xKf;Mhn$poLgf DpwY2M`(xKFY~_ronr{h 8\BjwY2M`(xKP[k 9eNu^ƛwY2M`(xK- ^@!l,y ԽwY2M`(xKƝd9gBR~j<'on4"wY2M`(xK4 tĥnAܨ8rPykwY2M`(xK̎n!,zZ~m xGwY2M`(xKC.<~p%з yA(wY2M`(xKؚlHTKg f HKpNBwY2M`(xKf'g4$R;is"*M wY2M`(xK5` 2LiȖCkFUwY2M`(xKR(ÕiwwY2M`(xKߑO U|s,YE.NwY2M`(xKQ0Fj",aW_F彚wY2M`(xKmq!ꈄ(E2ooNS~T61wY2M`(xK㘑œ΂fo[+ШǿwY2M`(xKoy-O22٧o{aơ>;ȽwY2M`(xKM[kFGywhIGf wY2M`(xKfIa Oj);#(~.rwY2M`(xKU*y6b;1 To rgwY2M`(xKQ; TJh‘şB ܲ> Z~ =wY2M`(xKm5TiA @h)Y\,d*JwY2M`(xKa@?|ةpY}2ߏkwI_wY2M`(xKmq;`O, !ޮg%B[}:1[wßTixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟7ػz'1!.G` wB6duVj ߤji^r ;b k0*8v̧jD C:q$ژ-8aʓ + BootOrderSiQ3 Hss SCͯEQ?#b 4 ?kقK + x9͆XWb:--8$aʓ +Boot0002bRed Hat Enterprise Linux*@L7r0&F&x@4\EFI\redhat\shimx64.efi"۠5(޶Kt+ 10` äJTF.l _6* #Ra/4Fv bִvKVҎzgŏҩt˜naʓ +>Boot0000 ,UiAppɽ|4O>e!,FvEnf#1A+{7 ex,hE |0fe*%|6 oo6Y?W:9qMtNDrG([ C(nm /Kaʓ +lBoot0001UEFI Google PersistentDisk  A NYMR,YE1A'S&7V =grNu*,L_rPo*ƝV3 wڲ1+NWMZ!gz!*ځ x@4k 8 Cq(Calling EFI Application from Boot OptionixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ Vw`:˖+KY\ 1.7Dw "7بZIem [2} ,nrݎIv)a(}D&-CouYCH˲:=Egeo$db҈G[G00 a0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110"0  *H 0 lLE jK u CTd} s JEa-+MIA#/^Pƍ_A. lui!Mڭ,wS%27lRr5aj;PV2-B'UZ0TG%/&A\?[<>?GrU%"{*F 5'bq'Y7`8xpLEe¶~iuYX(03FqőЪ}P ha;}GNsYmh/tTܽ Ql_yWzx_Y5m3֦&C6}dEFI PART\R+"*;L7r0&F&x@GEFI System Partition=rGy=iG}aLxFL(>H;N sNGo @)sxL:Z MD8vxDT fޚ!Y)G  M ,djbݟ1_f7}Jyl޽H| A *@L7r0&F&x@4\EFI\redhat\shimx64.efi C qҭRCu( iݾZD.V2cfKg{?ԭ.\~[ GB]jU'wh QؠɧQ!Np* äyVMokList R_ LK,v?I+ :PX8\J{T.^6nS|Yð %q3JW#!DGBHx}r h: cLvwa MokListXO`֬vx47Ry h1rʪ)4ԥ¶ 1tFXN= ٞ!5 XŨ^\ɯT.d'XY0Mml;qJ mQ2K)&Rix0DDuwTn""] :9  oAP_ Y.n>tf%]!g~BL݈s}?wd Џ1​Xuɉ ̀ "2G,4lϡ~W/=!A: TO6~ƉI~C|??j$eMvNNT`}Oxgrub_cmd set pager=1  m":ϒFk. \u_xiuV xlZz Ь-^7WOOަ;*Qoʶ;K ,sU3 .grub_cmd [ -f (hd0,gpt1)/EFI/redhat/grubenv ] 'ٹL^n*eut 2xg7,x6撚jV|X@~6y(tH %VIPESF8RsX㢯cL0vC٦DC?+%3grub_cmd load_env -f (hd0,gpt1)/EFI/redhat/grubenv Kv;BhӽO G\ QHQxwe6[2ѷ?d l!Qu,,FEǫ&7Pu-q VrӝQK&.jGgrub_cmd [ ] n7#E-f =/ *aI18D[}}힙ٯ+ɪI3 qǖwW w^ ͱdY_**ձL^Sgrub_cmd set default=40dbec753972719b80322b2d180ca1c2-4.18.0-240.22.1.el8_3.x86_64 > 8O-C~\PnV !݆@NiĖԝD"ؾ*lJ* c3l`+)BC0SQ=s_ljcgrub_cmd [ xy = xy ] ~b)_+mߖʇ]c k]8R QD7C:d+Uxg`r Uj'FcOm*g9R UAgDS6 ~߫Չ1/,-"grub_cmd menuentry_id_option=--id  3.C zsP Z9ʂI<&^* lB3+Lsar|0AQ };$grub_cmd export menuentry_id_option Kv;BhӽO G\ QHQxwe6[2ѷ?d l!Qu,,FEǫ&7Pu-q VrӝQK&.jGgrub_cmd [ ] AXm%rrrA@ix 糚Wjt-Vgy hnoB QRM#5qm4pry`=wu2grub_cmd serial --speed=38400 #E=e e : t*-+x#/D0X +eh`0fWڧ @5N>'grub_cmd terminal_input serial console )Q --ٸ|P-v;. k1 r 8O-C~\PnV !݆@NiĖԝD"ؾ*lJ* c3l`+)BC0SQ=s_ljcgrub_cmd [ xy = xy ] ^6(Q#Dk ^@pg,(Le/n'Zc, [a P·Xi{{[Ҍ0hZ&ڤ grub_cmd set timeout_style=menu 6Jș@|,Fx ,3Hr*lsj k RfA p|Z N.j\czډ@p&grub_cmd set timeout=0 yZ3vN_.H  SuU2)DdƄŴ  ϻ6h 9 6V;sJ=ǟv,~v;m\'e[Ojgrub_cmd set tuned_params= iRVYc8K2 ;o! FQ:1K :tA5 څN/O9Ъ MB!'k&]Fgrub_cmd set tuned_initrd= ͂|UvnƌHz JkQÖ)[b| J n|5 jbݑ'Kn~4 J`t$l_ ʕ@$/grub_cmd [ -f (hd0,gpt1)/EFI/redhat/user.cfg ] 71x* ^E6ˉ _vmN,9qWwCS / /Jžx cdZ穧SL 1grub_cmd insmod increment ܧpN?R R]jm8k\Fq% y ytY&k`KV &`9Y^*W(QqHPB Y+pTs]?vR)ٗ{?#mygrub_cmd insmod xfs Ry:($fzB -6W/ENFлS2=0! KYyL7BƩ[./kIđB2\ V@,qgrub_cmd set root=hd1,gpt2 > 8O-C~\PnV !݆@NiĖԝD"ؾ*lJ* c3l`+)BC0SQ=s_ljcgrub_cmd [ xy = xy ] Six(zh۳f]# Rl^m8 c&WVhW'$ stOXm+R"ԸSFa>^!W(\Igrub_cmd search --no-floppy --fs-uuid --set=root --hint-bios=hd1,gpt2 --hint-efi=hd1,gpt2 --hint-baremetal=ahci1,gpt2 f3948fb4-cce7-4193-940a-c50052e93bf3 *M%3_0Vz OF)fy<EQc՟KZ,!& ٥lW&N\lQLg52k|.Qc-(;ګ// ܢ:grub_cmd insmod part_gpt 9E:@AV ] 38è3 9sjj(Y) gtre1)n CM<& i_&0Ts-z<grub_cmd insmod fat 4 ν/p }f|a 4u ~ {v}J$w2D!\~ 8O-C~\PnV !݆@NiĖԝD"ؾ*lJ* c3l`+)BC0SQ=s_ljcgrub_cmd [ xy = xy ] y4 f8 RZA^]Wy /\z`i i _.Q9|^w7sTOp7\Bgrub_cmd search --no-floppy --fs-uuid --set=boot --hint-bios=hd1,gpt1 --hint-efi=hd1,gpt1 --hint-baremetal=ahci1,gpt1 E94E-DE2D :?'!aNCP},1 ӗ!cY*k xfE vi-#YAb669A$+o(;-oVPMJgrub_cmd [ -z root=UUID=f3948fb4-cce7-4193-940a-c50052e93bf3 ro net.ifnames=0 biosdevname=0 scsi_mod.use_blk_mq=Y crashkernel=auto console=ttyS0,38400n8 ] M}N3<_N B$d/)Ωw0~0 OicMqk /h)'D+QavtIfmgrub_cmd insmod blscfg ~JI%~Zq\i GQ7xޡUiߥ}ط p/ap! BbKQa|8f̹}iCJދ=e-Tgrub_cmd blscfg ԛqcu*čA#b M,${f_ s ENFmNE7Jje޲`XǾ/r޷_*3#grub_cmd [ = 1 -o = 1 ] ,5S,3S V Di騤_.YuGOޘ>U ́2}kk= ڑlQ7! ؼ!ċ DE=,]:grub_cmd set menu_hide_ok=0 `[bM@ ,Q e\'Hrmse;e~Zp 2"Htf[`ũZC |mA(pJ_grub_cmd [ = 1 ] `[bM@ ,Q e\'Hrmse;e~Zp 2"Htf[`ũZC |mA(pJ_grub_cmd [ = 1 ] Ӗ \} <cK {1Gfz?fGT1 )T- LK}}(KĖ6F z{bW+1"fnLyu~g!grub_cmd set boot_success=0  Xg#LTk]Ni BDM:f5W#,GD% 5Oaʏf*L4A5޽@j*^6z2grub_cmd save_env boot_success boot_indeterminate * 0?E-H c>XvO!W؄@)( դ\M3KwVdXdƝ"eAh܁@grub_cmd menuentry System setup --id uefi-firmware { fwsetup } Kqֺ|8͠, }j򙋏Xx@H2?p%l KXȈmqiWme2,Y)QwiniPx^1grub_cmd [ -f (hd0,gpt1)/EFI/redhat/custom.cfg ] _ mOч*] . 16/@Dk87J&Y! y6ʁ[d,U&IjԀCa{?8ι_̽Mgrub_cmd [ -z (hd0,gpt1)/EFI/redhat -a -f (hd0,gpt1)/EFI/redhat/custom.cfg ] WK$#>20`O Wkۚ]`iI_á6`-?JJt zeo 6ϓy|ˆB96!`? h): grub_cmd load_video > 8O-C~\PnV !݆@NiĖԝD"ؾ*lJ* c3l`+)BC0SQ=s_ljcgrub_cmd [ xy = xy ] {BpH^hO| !Ҙ]#NZkAQc>X>⤊N /ne&}PَgU3kɜpHbf^ rz[}cTgrub_cmd insmod all_video  ߭5Iƥ ȑ ]]#]I'L1GWF _pT?Dg׎5") 0]Cn~ BDt/grub_cmd set gfx_payload=keep ErP$K6ދ$ UܻMO Ev)qӉ $ L1S u^C߯uhϣwVRgrub_cmd insmod gzio M>L}ylܵܒ l}N!vJ;p7(oy|p i &-S$OSi~ˬ_٦PV9qH5NpR(grub_cmd linux (hd0,gpt2)/boot/vmlinuz-4.18.0-240.22.1.el8_3.x86_64 root=UUID=f3948fb4-cce7-4193-940a-c50052e93bf3 ro net.ifnames=0 biosdevname=0 scsi_mod.use_blk_mq=Y crashkernel=auto console=ttyS0,38400n8 BY9kP#xN} *5t^2XMq R?BdA b %KV $-oE6f q(96ÊI!!Ki+hYxgrub_linuxefi Kernel_;6<5|l`O  8/9#_ښ ᤅ$Ւ1 jn D;2:Oxݧ}=uO:Yd@GqaBf Z:(>p BhdWBJV>t>ʚ e~'g>cCwd:O 쪖xbJOuPٞ%ъ!=ꚉ` 6i&grub_kernel_cmdline (hd0,gpt2)/boot/vmlinuz-4.18.0-240.22.1.el8_3.x86_64 root=UUID=f3948fb4-cce7-4193-940a-c50052e93bf3 ro net.ifnames=0 biosdevname=0 scsi_mod.use_blk_mq=Y crashkernel=auto console=ttyS0,38400n8 v5YZs\x45 I֍ɘJ 0T ^P Z P&hoyD +ޘ,j8T11=43LpZKgrub_cmd initrd (hd0,gpt2)/boot/initramfs-4.18.0-240.22.1.el8_3.x86_64.img ZMNDsYb, ԛ|RسCIxi_ _ *R"O9 j_kpQ XHo#mം:grub_linuxefi InitrdD:k{VO.9<գJ =k{5j:#cROZ^ !K yu`4Hwt?*Sb$T@|K)]ڽevwExit Boot Services InvocationGUEx׿6~.H OuBrꃛ+t|~^a\@/D .]0m @ l& @i^dUJe,Ѐ# t(Exit Boot Services Returned with Successgolang-github-google-go-eventlog-0.0.2/testdata/eventlogs/tpm/ubuntu-1804-amd-sev.bin000066400000000000000000000626351515555264200303430ustar00rootroot00000000000000)Spec ID Event03 0?pۯfU@6GL  2᥌M5}P;[jZy m.Bϒ4I9?71a!ߊΦae c0GCE Virtual Firmware v1+lcan> j$H WU;ern]iF( g,8%4Ͻ'+ވ(3mIVc<P, GCE NonHostInfoWMBGZ'CHO;B Z'DVb շ{M Ϥrb{mVi*X{Ecn ϯ@GK^ַ325aʓ + SecureBootZ>4=PB ۻfXe̘Jx[ArD cU<w ӥUZS:jC{* EhJaʓ +&PKY䔧J\+r& ҈G[G00ޠ Jg]0  *H  010 U newpk0 180821215115Z 180920215115Z010 U newpk0"0  *H 0 ̹|mkcb |,E΅RRH|C& 6ioТ#o4OkpBi!}u1 P#;V G0]c9ᖡ=&Ӣlȗ겕<:Q?%K>QՑg歌j'?NlV*Y` yө|WQa7}nRCH<ͼ9G F6ܒJF#XKS0Q0UPB/ۗ'(t1F^`0U#0PB/ۗ'(t1F^`0U00  *H  R?罰$2I{4;v`=ki[,׼}Yõ.l1#60g::+b!`,.(nfpX(gil'X%Pp`nTJmE[4&M<$.yȬ|8GCk3PWsJs{K ǃ 6Zi@ ,/==p5¹>qƭ$?}`ozuLQhX38%*KEg3%?CD nPyB.Ztvi b&G[d}-.fb {l"ZfWV @y΋V=ڑ WBB7B)C#(4~2x>aʓ +KEKY䔧J\+r҈G[G00Р a ш0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110"0  *H 0 赊W&&WzD] Jt*mZc2|O 8, 0HPdQȅO /Sjb: C%#pM/$JC ~Gl3*q<% /hvFOܭq*Xy=e;)*rY뮒5_̝vcy@yR{iO0K0 +70UbC͠>g[U{̶_0 +7  SubCA0 U0U00U#0EfRC~XN#U;:"j0\UU0S0QOMKhttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *H  Ԅ*<* נRfuz-vZy7jQ{ddgxΈXd W_iHK2]0x+4VʮA%pkז* K(){|vyo~l{E4Q9^VBwqV̟#˦X~ig~ <νC-j+Z|DR-R=`3e |N8/ o.9'B)FA;gCYe Ou;$PA@y-O j'vnRi{E­S076aJi4hl l"yF`!y2`ج"KK}?W5Ou`"Sy֛ATp 5|4r`;y뢲]%o8yi uk4`\WN62 'a`"r b8ÄbtņT)!%A$62̯Z 5 b[|<((yw6bB:؛Ȧ(!7k ˲:=EgeoG dbY䔧J\+r@$҈G[G00 a0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110"0  *H 0 lLE jK u CTd} s JEa-+MIA#/^Pƍ_A. lui!Mڭ,wS%27lRr5aj;PV2-B'UZ0TG%/&A\?[<>?GrU%"{*F 5'bq'Y7`8xpLEe¶~iuYXY䔧J\+r҈G[G00 avV0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100 111019184142Z 261019185142Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110"0  *H 0  . i!i33T ҋ8-|byJ?5 pk6u1ݍp7tF([`#,GgQ'rɹ;S5|'# oFnhttp://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0  *H  |qQyn9>\` QfG=*hwLb{Ǻz4KbzJ7-W|=ܸZij:ni!7ށugӓW^)9-Es[zFX^gl5?$5 uVx,Јߺ~,c#!xlX6+̤-@EΊ\k>p* j_Gc 26*pZBYqKW~!<ŹE ŕ]b֠c uw}=EWo3wbY~Bp`qjc3 DJMʚȗV'ÅϹ +e[ )>o~{-<Ä( TMIՀ0/!f$a˲:=Egeodbx&LP@A6C(0wY2M`(xKi1 ORm@`MAe wY2M`(xK/֒r($E4[$k;}nzwY2M`(xKء- *o.s >d,NgyjwY2M`(xK63M. xbdYWC&`HXšvwY2M`(xK세Kle qR0! b h2۲ '%'߶=IҕrLwY2M`(xK^T`< k覃R8wY2M`(xKƨXdoy(#g+69ОwY2M`(xK _NQxmЁ%orxRYe&wY2M`(xK Cڬz0eu1{ 될ctwY2M`(xK 9v-6=cqZ9ϰF\`lk׽wY2M`(xK o)o3}rK H:*?OwY2M`(xK !Hʃ62u> [1R*[wY2M`(xKoN0;t􀠀Ѐ+ot!hwY2M`(xKN: [CƦ@O4=9bgΔ.#ڒ wY2M`(xK34)bퟗ>H-.ImTdwY2M`(xK+&B.6_K 'lKzoD/ki9wY2M`(xK+,'R*]IZ+R]fbUwY2M`(xK,s3%mԤ<[UYPPR}wY2M`(xK.pgsQpW2.#ӹ+Q}wY2M`(xK0f(Tw0W(JF}8zTiv^uҍwY2M`(xK6Awz/^g4g^Ù^i5 ҽwY2M`(xK8A!6\ !`9MlN g`b[wY2M`(xK?Λ>TR^·mt:syqUpj>swY2M`(xKCʃc| C-/&zKuwY2M`(xKGa':k,Zmk6!h,*Z߽wY2M`(xKQ1s>!"Ty 0a5wY2M`(xKZIU9[.B,/gg6A+\wY2M`(xKkxA{^`Gr̴/fwY2M`(xKlTGYQ&l+585rѓ.wY2M`(xKo(qկ.{˫d|eͶ& :x^wY2M`(xKqo"I~TFb$ whٿcuwY2M`(xKrk>Tj0=ppq-ĝ,#wY2M`(xKrg]V;ݼ2ت^/m(ؽwY2M`(xKx'6,q}䱿CqZH[ʤKŽwY2M`(xKeӇk)T̕SϪȣ;3佚wY2M`(xK;δCΝч͛YA=Xo+V7W_gwY2M`(xKZ~OG q"8b:ߒ=wY2M`(xKHY jagznFdr!YEwY2M`(xK4͐e;=<5P_{c!wY2M`(xK se(Q$Q?eYW5)@νwY2M`(xK5g+6~OIia]JlrMBwY2M`(xK,";VB\GYG8DoYwY2M`(xKn=)t=J2@ؽwY2M`(xKcOx,7`XbfnmwY2M`(xKϲ2.KmH],qgrRY\u"6wY2M`(xKaJ~UәnE AR'[wY2M`(xKU =HZ7?=|cwY2M`(xKw ^; b x  S^ˇ k/wY2M`(xK<9"`tFu7̔ܭZ˦G/4q9脽wY2M`(xK;S> #Aryę-æ6wY2M`(xKQ3@HΈrRjRç`IwY2M`(xKdW[x.V4Rk DxYuN-dEwY2M`(xKEȮu ϻH7R}ddMؑ<͊$MigߎixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟7ػz'1!.G` wB6duVj ߤji^r ;b k0*8v̧jD C:q$ژ-8aʓ + BootOrder&(iAJO^.d:3~#ځ kgVZ9'2W`gYQ!r68="  TIw X4ŸO5NaĆ"AY=gr« OǦaʓ +vBoot0002bubuntu*(P$GQZZՖ4\EFI\ubuntu\shimx64.efi"۠5(޶Kt+ 10` äJTF.l _6* #Ra/4Fv bִvKVҎzgŏҩt˜naʓ +>Boot0000 ,UiAppɽ|4O>e!,FvEnf#15y{f0^Q Pͽɓ +Y ǻxX(9 'kv\I S3Ǯ04;<+~BՆơ$zi mKaʓ +`Boot0001&UEFI nvme_card-pd A NYMR,YE1A'S&7V =grNu*,L_rPo*ƝV3 wڲ1+NWMZ!gz!*ځ x@4k 8 Cq(Calling EFI Application from Boot OptionixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟Z9oKЙ鲢f _0d JJ2ʌI#9cΰa 0#X"(jK.' o8odC\%E\ EFI PART\Kmb_F"_FNbS*aVFhPn)v=rGy=iG}c0,Ixh/Vx_FHah!IdontNeedEFI9bӖD4q'(s*K>;$GQZZՖ(w!8Xȝt&S},96 .j-Tm$;*YOg +ps} i~HE4P{S}yuuiӔPS\0xx A *(P$GQZZՖ4\EFI\ubuntu\shimx64.efiL|Z]@Ða!Y&zL2 _qK*N$P2S[ $9ZFyH=‘`# )mAξIzNkz|( Ȓo[ P 4!?x T RzmՊ44k<>L Fz b0CJA]  z mi;. (hd0,gpt15)/EFI/ubuntu/grub.cfg Vk3 }װo V ]DS=/*@u8 u3cjK(J-mzHus U[8tuΗCgrub_cmd: search.fs_uuid 06e1e1ff-449b-426c-b154-7ae1cc646a2d root ؼ9(=AAvA]Մ gE`~|{}+SIF2@T )# =ذS9v<yـC }*v&8!e*grub_cmd: set prefix=(hd0,gpt1)/boot/grub ~}W, Ӷ6: Q7%| ~ F/Iew 1n`[ˍ:YwG3*t@ekeN kUZ,(hd0,gpt1)/boot/grub/x86_64-efi/command.lst e\z1N!Gbb 2] ~ 1~GU9zECܡlW s|>mWow(c tiTCKvpas٦2t\`9'(hd0,gpt1)/boot/grub/x86_64-efi/fs.lst ҁ9R2: vo8I'{ 6>w'.uC Aej`;Ntw]^͇ 6CLkVrTA*fX68+(hd0,gpt1)/boot/grub/x86_64-efi/crypto.lst f&K Ӕ(ꔓ F/6-`Bj1JZjCb%ߜ $Mk6Ŗ:'kX{Ȯ#FT\-(hd0,gpt1)/boot/grub/x86_64-efi/terminal.lst h.2jD+ M>wmtvO2W-T3q84~m} SGUĶr[Kc~eP JF߶VG7ם3grub_cmd: configfile (hd0,gpt1)/boot/grub/grub.cfg W:I~!r¥S\_ u ) +'<5w voh_dz1 ~xYz8K ~˟i=ȕpX L}aS=!3,(hd0,gpt1)/boot/grub/grub.cfg >\.+/mA s/3 ~+4ƨ6(-fVDo s V͆Gqo6Jzlhtf0S*u.grub_cmd: [ -s (hd0,gpt1)/boot/grub/grubenv ] ~U1dZBD^nM .B4QQ5k{߆V? d7>wƷPe>Qd;AIԊ6vU](hd0,gpt1)/boot/grub/grubenv wƷPe>Qd;AIԊ6vU](hd0,gpt1)/boot/grub/grubenv q #|A2Hǰ ΁$ G3DmynD: e ".%p/ru:TUMfVg?t'\%xΏHQgrub_cmd: [ ] u@ E+0≯>k :@&u}6\uo2>uѼX k$/rƦ.XXDdFg0nی%-_9G@grub_cmd: set default=0 g?go複 Eh6X1-dZ40/B7R!]iY 62wBn{=xyځ;,S,WJgrub_cmd: [ xy = xy ] R e*'~C# }MKbFc,!!%\46U a?Q@|T]RU2DÐ;)a龬f#grub_cmd: menuentry_id_option=--id bHY x̽/A J7 ;y}L^2+RGkPm^ -9{=d*m ;(xnk <۷h%grub_cmd: export menuentry_id_option q #|A2Hǰ ΁$ G3DmynD: e ".%p/ru:TUMfVg?t'\%xΏHQgrub_cmd: [ ] }r╉anJ $(ЛK%_]Vw$=_ \LLFTŲِgoSiS°%{:.*!grub_cmd: terminal_input console ^ G4 RU@ 0J#'wl"j }T" "F[  ]^z&u拣iL"grub_cmd: terminal_output console E+ (]8 NCac(] Z9`{, sz8+ a[<%Ȝ?}dw`/aHj9SDV{Smmgrub_cmd: [ = 1 ] g?go複 Eh6X1-dZ40/B7R!]iY 62wBn{=xyځ;,S,WJgrub_cmd: [ xy = xy ] Xy^;k9֍۩XG aʥOK?7Zt$NNގ ` _ vͧo.KE%WF.7zKH}DeB܊V#grub_cmd: set timeout_style=hidden 1BaYm'O" rC'oLrn#8)M E+Lv@@ekUhZl grub_cmd: set timeout=0.1  WTZZ]P&'-cg |ڕVrE䀞e)} i|`}8kkQw}R%'anBLWԲuR}ba,grub_cmd: set menu_color_normal=white/black ԥT ُ$:e7 oyĻL MɄ ;F>^DBF4* NĦ8ilE=9"dx. \f),LņMp4grub_cmd: set menu_color_highlight=black/light-gray B2 K2f 1J,^sI07A zZyo/N!9xIjXvfυwτ,Sgrub_cmd: [ != 1 ] ),ΐҎ6T 6 ]NR؂wǨS-GC遇t |qvk8sK}'հ'=*0ۤc 7 uI_E>7grub_cmd: [ -e (hd0,gpt1)/boot/grub/gfxblacklist.txt ] ӷzd}i`E 6]nd6,耏|OԬf 2Q TH,ݨFFY grub_cmd: export linux_gfx_mode )\QŎH_' I iqdB"`ղ hb$OG J#K6&y8Igrub_cmd: menuentry Ubuntu --class ubuntu --class gnu-linux --class gnu --class os --id gnulinux-simple-06e1e1ff-449b-426c-b154-7ae1cc646a2d { recordfail load_video gfxmode $linux_gfx_mode insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root 06e1e1ff-449b-426c-b154-7ae1cc646a2d else search --no-floppy --fs-uuid --set=root 06e1e1ff-449b-426c-b154-7ae1cc646a2d fi linux /boot/vmlinuz-5.4.0-1046-gcp root=LABEL=cloudimg-rootfs ro console=ttyS0 initrd /boot/initrd.img-5.4.0-1046-gcp } Ao|?q IY q87yv ʩ+A w(Rɫ KbkDz|-k2K:QIDO͈SZݥ&h*K+-grub_cmd: submenu Advanced options for Ubuntu --id gnulinux-advanced-06e1e1ff-449b-426c-b154-7ae1cc646a2d { menuentry 'Ubuntu, with Linux 5.4.0-1046-gcp' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.4.0-1046-gcp-advanced-06e1e1ff-449b-426c-b154-7ae1cc646a2d' { recordfail load_video gfxmode $linux_gfx_mode insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root 06e1e1ff-449b-426c-b154-7ae1cc646a2d else search --no-floppy --fs-uuid --set=root 06e1e1ff-449b-426c-b154-7ae1cc646a2d fi echo 'Loading Linux 5.4.0-1046-gcp ...' linux /boot/vmlinuz-5.4.0-1046-gcp root=LABEL=cloudimg-rootfs ro console=ttyS0 echo 'Loading initial ramdisk ...' initrd /boot/initrd.img-5.4.0-1046-gcp } menuentry 'Ubuntu, with Linux 5.4.0-1046-gcp (recovery mode)' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.4.0-1046-gcp-recovery-06e1e1ff-449b-426c-b154-7ae1cc646a2d' { recordfail load_video insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root 06e1e1ff-449b-426c-b154-7ae1cc646a2d else search --no-floppy --fs-uuid --set=root 06e1e1ff-449b-426c-b154-7ae1cc646a2d fi echo 'Loading Linux 5.4.0-1046-gcp ...' linux /boot/vmlinuz-5.4.0-1046-gcp root=LABEL=cloudimg-rootfs ro recovery nomodeset dis_ucode_ldr echo 'Loading initial ramdisk ...' initrd /boot/initrd.img-5.4.0-1046-gcp } } '?\.\7aBם t0 p!1fB655r ؖa!V>3Ljf 4.cANH+1grub_cmd: [ -f (hd0,gpt1)/boot/grub/custom.cfg ] 2mBW^Qùz GWX1osy #rz5 EHazaWm4,'%d%LX+ تIkl2;Lgrub_cmd: [ -z (hd0,gpt1)/boot/grub -a -f (hd0,gpt1)/boot/grub/custom.cfg ] jejH; ]fx ,Ea-_J {"Ф~6G&((Kٮt_ cmi*J`grub_cmd: setparams Ubuntu fF8魧) ~~(nNe@:8'{ gL. x%cAsk: Ws}(mf@K grub_cmd: recordfail p6b 6hDt d[׆HIf Pu Y@ SϘ3髭:C$v]/Ca& F $ lgrub_cmd: set recordfail=1 UF>4>cQ ϤgouGzf3>4ٳ`Y JɜwEqH4Rk(&|,b<%6/bfgrub_cmd: [ -z ] ^|ē|GSQi ,w;[f!cëp4MK_@ .G4sHPM*|Dݜ*7d|w8>pgrub_cmd: save_env recordfail f G$)SD v&ؾtBu6J>:;S<ךk e qjgrub_cmd: gfxmode keep .gmݛ \fW2{w wϜIyga>?똢o |^  $-nfDxrB"c#ѳX|grub_cmd: set gfxpayload=keep RAߥy] _BKU ]^j5lN;f DY $Xʳ^ iwe \)vgrub_cmd: [ keep = keep ] 0zF+=гDM)0p4ݱ yv[&:s$2w7Jjl3 L) lFtRgbT nǔė *aS$\=&9b^)iVg)W^6ͣХM$ïJXFiY4 k+âOgrub_cmd: insmod part_gpt ?\V/ 2 8҆ z eY ; 1 Bو[$,6wJ♯E; irºSgrub_cmd: insmod ext2 g?go複 Eh6X1-dZ40/B7R!]iY 62wBn{=xyځ;,S,WJgrub_cmd: [ xy = xy ] ',3BzAO B v`"?F&jֆg/^ut{-k2 O5[>9-Sq|ͣxK#^Jc]~FtS˱Wgrub_cmd: search --no-floppy --fs-uuid --set=root 06e1e1ff-449b-426c-b154-7ae1cc646a2d um9 --՘[g>0 "P\sv,rar} !_j,R|u'2Vajg\y1Po%iR\8UYgrub_cmd: linux /boot/vmlinuz-5.4.0-1046-gcp root=LABEL=cloudimg-rootfs ro console=ttyS0 K݂Rֈ$t01 Ȏms(&۔)J]\K ɗGz9 ѝIIIo#~0~CKݴ^ۗ# 5e/boot/vmlinuz-5.4.0-1046-gcp vw $Ui 9183*;L ( ?ٺY^Ub\x&=]CH3RYEYkernel_cmdline: /boot/vmlinuz-5.4.0-1046-gcp root=LABEL=cloudimg-rootfs ro console=ttyS0 u4U[a w2 (q_¢*品a I(`ćgP᷁ 75δ ej)F %2EYeل1P|^'ھ[1grub_cmd: initrd /boot/initrd.img-5.4.0-1046-gcp uh'gZ5 ?5,z5|Jm'58폟8ƪ gg<S# ix zr^x; /boot/initrd.img-5.4.0-1046-gcpD:k{VO.9<գJ =k{5j:#cROZ^ !K yu`4Hwt?*Sb$T@|K)]ڽevwExit Boot Services InvocationGUEx׿6~.H OuBrꃛ+t|~^a\@/D .]0m @ l& @i^dUJe,Ѐ# t(Exit Boot Services Returned with Successgolang-github-google-go-eventlog-0.0.2/testdata/eventlogs/tpm/ubuntu-2104-no-dbx.bin000066400000000000000000001020401515555264200301510ustar00rootroot00000000000000)Spec ID Event03 0?pۯfU@6GL  2᥌M5}P;[jZy m.Bϒ4I9?71a!ߊΦae c0GCE Virtual Firmware v1Bq@U'r7i~ {tޣL鴗UɭR=ZN/h'o M'+{F (?^UɈ?,پߎH /Px^ GCE NonHostInfoWMBGZ'CHO;B Z'DVb շ{M Ϥrb{mVi*X{Ecn ϯ@GK^ַ325aʓ + SecureBootZ>4=PB ۻfXe̘Jx[ArD cU<w ӥUZS:jC{* EhJaʓ +&PKY䔧J\+r& ҈G[G00ޠ Jg]0  *H  010 U newpk0 180821215115Z 180920215115Z010 U newpk0"0  *H 0 ̹|mkcb |,E΅RRH|C& 6ioТ#o4OkpBi!}u1 P#;V G0]c9ᖡ=&Ӣlȗ겕<:Q?%K>QՑg歌j'?NlV*Y` yө|WQa7}nRCH<ͼ9G F6ܒJF#XKS0Q0UPB/ۗ'(t1F^`0U#0PB/ۗ'(t1F^`0U00  *H  R?罰$2I{4;v`=ki[,׼}Yõ.l1#60g::+b!`,.(nfpX(gil'X%Pp`nTJmE[4&M<$.yȬ|8GCk3PWsJs{K ǃ 6Zi@ ,/==p5¹>qƭ$?}`ozuLQhX38%*KEg3%?CD nPyB.Ztvi b&G[d}-.fb {l"ZfWV @y΋V=ڑ WBB7B)C#(4~2x>aʓ +KEKY䔧J\+r҈G[G00Р a ш0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110"0  *H 0 赊W&&WzD] Jt*mZc2|O 8, 0HPdQȅO /Sjb: C%#pM/$JC ~Gl3*q<% /hvFOܭq*Xy=e;)*rY뮒5_̝vcy@yR{iO0K0 +70UbC͠>g[U{̶_0 +7  SubCA0 U0U00U#0EfRC~XN#U;:"j0\UU0S0QOMKhttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *H  Ԅ*<* נRfuz-vZy7jQ{ddgxΈXd W_iHK2]0x+4VʮA%pkז* K(){|vyo~l{E4Q9^VBwqV̟#˦X~ig~ <νC-j+Z|DR-R=`3e |N8/ o.9'B)FA;gCYe Ou;$PA@y-O j'vnRi{E­S076aJi4hl l"yF`!y2`ج"KK}?W5Ou`"Sy֛ATp 5|4r`;y뢲]%o8yi uk4`\WN62 'a`"r b8ÄbtņT)!%A$62̯Z 5 b[|<((yw6bB:؛Ȧ(!7k ˲:=EgeoG dbY䔧J\+r@$҈G[G00 a0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110"0  *H 0 lLE jK u CTd} s JEa-+MIA#/^Pƍ_A. lui!Mڭ,wS%27lRr5aj;PV2-B'UZ0TG%/&A\?[<>?GrU%"{*F 5'bq'Y7`8xpLEe¶~iuYXY䔧J\+r҈G[G00 avV0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100 111019184142Z 261019185142Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110"0  *H 0  . i!i33T ҋ8-|byJ?5 pk6u1ݍp7tF([`#,GgQ'rɹ;S5|'# oFnhttp://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0  *H  |qQyn9>\` QfG=*hwLb{Ǻz4KbzJ7-W|=ܸZij:ni!7ށugӓW^)9-Es[zFX^gl5?$5 uVx,Јߺ~,c#!xlX6+̤-@EΊ\k>p* j_Gc 26*pZBYqKW~!<ŹE ŕ]b֠c uw}=EWo3wbY~sD$ Ls;^ u;jJN 6qT<+ގ~K nꙪ#B>m QPO aӛ֩^h j&˲:=EgeodbxixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟p$=Ҵ I APǠ᫡OwG"1@vԊFQU ulc%CD0mlʞ9l0{au9:aʓ + BootOrderxͮCZGr\ OR(gN}4;- SuҦ# 7ی 8å>T|d< $DN-ba1Uaʓ +vBoot0003bubuntu*(P@n%iBo!4\EFI\ubuntu\shimx64.efi"۠5(޶Kt+ 10` äJTF.l _6* #Ra/4Fv bִvKVҎzgŏҩt˜naʓ +>Boot0000 ,UiAppɽ|4O>e!,FvEnf#1A+{7 ex,hE |0fe*%|6 oo6Y?W:9qMtNDrG([ C(nm /Kaʓ +lBoot0001UEFI Google PersistentDisk  A NYMR,Y1=^t :f4,aZョZ9 |ׇdz,xEx}3Q'csD[gD]4Kiaʓ +SBoot0002!VirtScsi(0,3,0) DiskVirtScsi(0,3,0) DiskE1A'S&7V =grNu*,L_rPo*ƝV3 wڲ1+NWMZ!gz!*ځ x@4k 8 Cq(Calling EFI Application from Boot OptionixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟PPȱV!~ ל*n -i_XW܆zP;@n%iBo!(w` :NU;N#d ٜB'7u[ Lu6! ؁hV%\miVY4"PDm)3$.TtyPZ@޽| A *(P@n%iBo!4\EFI\ubuntu\shimx64.efi h`ݚڒ?) /kVGd̦t^͗t8<}&J 3We_ e |ǁ%O4ZM5r=_5 E< {Q6a,m u$r9Z>|rJ+T*G8My% (hd0,gpt15)/EFI/ubuntu/grub.cfg N+RK h$\5p`>j !2㸗kd`/3g%%E |;J( p!5WiilæK%0fӆbHCgrub_cmd: search.fs_uuid c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a root ؼ9(=AAvA]Մ gE`~|{}+SIF2@T )# =ذS9v<yـC }*v&8!e*grub_cmd: set prefix=(hd0,gpt1)/boot/grub ~}W, Ӷ6: Q7%| ~ F/Iew 1n`[ˍ:YwG3*t@ekeN kUZ,(hd0,gpt1)/boot/grub/x86_64-efi/command.lst e\z1N!Gbb 2] ~ 1~GU9zECܡlW s|>mWow(c tiTCKvpas٦2t\`9'(hd0,gpt1)/boot/grub/x86_64-efi/fs.lst ҁ9R2: vo8I'{ 6>w'.uC Aej`;Ntw]^͇ 6CLkVrTA*fX68+(hd0,gpt1)/boot/grub/x86_64-efi/crypto.lst f&K Ӕ(ꔓ F/6-`Bj1JZjCb%ߜ $Mk6Ŗ:'kX{Ȯ#FT\-(hd0,gpt1)/boot/grub/x86_64-efi/terminal.lst h.2jD+ M>wmtvO2W-T3q84~m} SGUĶr[Kc~eP JF߶VG7ם3grub_cmd: configfile (hd0,gpt1)/boot/grub/grub.cfg 5l}5inQV `yi (JV#DžK>- S vI{o}4RNkYH蹞%ͣi ١(hd0,gpt1)/boot/grub/grub.cfg >\.+/mA s/3 ~+4ƨ6(-fVDo s V͆Gqo6Jzlhtf0S*u.grub_cmd: [ -s (hd0,gpt1)/boot/grub/grubenv ] ȕC !*Cݽ]2Fgrub_cmd: [ = 2 ] E+ (]8 NCac(] Z9`{, sz8+ a[<%Ȝ?}dw`/aHj9SDV{Smmgrub_cmd: [ = 1 ] q #|A2Hǰ ΁$ G3DmynD: e ".%p/ru:TUMfVg?t'\%xΏHQgrub_cmd: [ ] u@ E+0≯>k :@&u}6\uo2>uѼX k$/rƦ.XXDdFg0nی%-_9G@grub_cmd: set default=0 g?go複 Eh6X1-dZ40/B7R!]iY 62wBn{=xyځ;,S,WJgrub_cmd: [ xy = xy ] R e*'~C# }MKbFc,!!%\46U a?Q@|T]RU2DÐ;)a龬f#grub_cmd: menuentry_id_option=--id bHY x̽/A J7 ;y}L^2+RGkPm^ -9{=d*m ;(xnk <۷h%grub_cmd: export menuentry_id_option q #|A2Hǰ ΁$ G3DmynD: e ".%p/ru:TUMfVg?t'\%xΏHQgrub_cmd: [ ] }r╉anJ $(ЛK%_]Vw$=_ \LLFTŲِgoSiS°%{:.*!grub_cmd: terminal_input console ^ G4 RU@ 0J#'wl"j }T" "F[  ]^z&u拣iL"grub_cmd: terminal_output console E+ (]8 NCac(] Z9`{, sz8+ a[<%Ȝ?}dw`/aHj9SDV{Smmgrub_cmd: [ = 1 ] g?go複 Eh6X1-dZ40/B7R!]iY 62wBn{=xyځ;,S,WJgrub_cmd: [ xy = xy ] Xy^;k9֍۩XG aʥOK?7Zt$NNގ ` _ vͧo.KE%WF.7zKH}DeB܊V#grub_cmd: set timeout_style=hidden 1BaYm'O" rC'oLrn#8)M E+Lv@@ekUhZl grub_cmd: set timeout=0.1 UF>4>cQ ϤgouGzf3>4ٳ`Y Jɜ^DBF4* NĦ8ilE=9"dx. \f),LņMp4grub_cmd: set menu_color_highlight=black/light-gray ~h.l6|ȡ ؒEqscCW}6ge2f LE Ҁfrϫ)j$dq WK?@JSE.}<grub_cmd: set partuuid=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f B2 K2f 1J,^sI07A zZyo/N!9xIjXvfυwτ,Sgrub_cmd: [ != 1 ] ),ΐҎ6T 6 ]NR؂wǨS-GC遇t |qvk8sK}'հ'=*0ۤc 7 uI_E>7grub_cmd: [ -e (hd0,gpt1)/boot/grub/gfxblacklist.txt ] ӷzd}i`E 6]nd6,耏|OԬf 2Q TH,ݨFFY grub_cmd: export linux_gfx_mode dÃu\BBGb W}4`2Stsl9twbY > SM(`8aAea. 26-mgrub_cmd: menuentry Ubuntu --class ubuntu --class gnu-linux --class gnu --class os --id gnulinux-simple-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a { recordfail load_video gfxmode $linux_gfx_mode insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 set root='hd0,gpt1' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a else search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a fi if [ "${initrdfail}" = 1 ]; then echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.' linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 initrd /boot/initrd.img-5.11.0-1008-gcp else echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.' linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1 fi initrdfail } md Q T EOݞO SV$v 3d&lI`@/7@0cB 0'D~5EY쨵]Y˸a^i7ǕX# a@k5]Ngrub_cmd: submenu Advanced options for Ubuntu --id gnulinux-advanced-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a { menuentry 'Ubuntu, with Linux 5.11.0-1008-gcp' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.11.0-1008-gcp-advanced-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' { recordfail load_video gfxmode $linux_gfx_mode insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 set root='hd0,gpt1' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a else search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a fi echo 'Loading Linux 5.11.0-1008-gcp ...' if [ "${initrdfail}" = 1 ]; then echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.' linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 echo 'Loading initial ramdisk ...' initrd /boot/initrd.img-5.11.0-1008-gcp else echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.' linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1 fi initrdfail } menuentry 'Ubuntu, with Linux 5.11.0-1008-gcp (recovery mode)' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.11.0-1008-gcp-recovery-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' { recordfail load_video insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 set root='hd0,gpt1' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a else search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a fi echo 'Loading Linux 5.11.0-1008-gcp ...' if [ "${initrdfail}" = 1 ]; then echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.' linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro recovery nomodeset dis_ucode_ldr scsi_mod.use_blk_mq=Y ima_hash=sha256 echo 'Loading initial ramdisk ...' initrd /boot/initrd.img-5.11.0-1008-gcp else echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.' linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro recovery nomodeset dis_ucode_ldr scsi_mod.use_blk_mq=Y ima_hash=sha256 panic=-1 fi initrdfail } menuentry 'Ubuntu, with Linux 5.11.0-1007-gcp' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.11.0-1007-gcp-advanced-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' { recordfail load_video gfxmode $linux_gfx_mode insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 set root='hd0,gpt1' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a else search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a fi echo 'Loading Linux 5.11.0-1007-gcp ...' if [ "${initrdfail}" = 1 ]; then echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.' linux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 echo 'Loading initial ramdisk ...' initrd /boot/initrd.img-5.11.0-1007-gcp else echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.' linux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1 fi initrdfail } menuentry 'Ubuntu, with Linux 5.11.0-1007-gcp (recovery mode)' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.11.0-1007-gcp-recovery-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' { recordfail load_video insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 set root='hd0,gpt1' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a else search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a fi echo 'Loading Linux 5.11.0-1007-gcp ...' if [ "${initrdfail}" = 1 ]; then echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.' linux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro recovery nomodeset dis_ucode_ldr scsi_mod.use_blk_mq=Y ima_hash=sha256 echo 'Loading initial ramdisk ...' initrd /boot/initrd.img-5.11.0-1007-gcp else echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.' linux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro recovery nomodeset dis_ucode_ldr scsi_mod.use_blk_mq=Y ima_hash=sha256 panic=-1 fi initrdfail } } ]e.@ݧZ [ ^@^%!2ͳ&H5+vꔄ9, t͔UyAGN IA]φ`00 ̸xYgrub_cmd: menuentry Ubuntu 21.04 (21.04) (on /dev/sda1) --class ubuntu --class gnu-linux --class gnu --class os --id osprober-gnulinux-simple-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a { insmod part_gpt insmod ext2 set root='hd0,gpt1' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a else search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a fi linux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1 initrd /boot/initrd.img-5.11.0-1007-gcp } ӯePV45 B$e&uT?AXFGaAQO N*O ¯R⽪ eVReT# $S `G grub_cmd: submenu Advanced options for Ubuntu 21.04 (21.04) (on /dev/sda1) --id osprober-gnulinux-advanced-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a { menuentry 'Ubuntu (on /dev/sda1)' --class gnu-linux --class gnu --class os $menuentry_id_option 'osprober-gnulinux-/boot/vmlinuz-5.11.0-1007-gcp--c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' { insmod part_gpt insmod ext2 set root='hd0,gpt1' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a else search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a fi linux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1 initrd /boot/initrd.img-5.11.0-1007-gcp } menuentry 'Ubuntu, with Linux 5.11.0-1007-gcp (on /dev/sda1)' --class gnu-linux --class gnu --class os $menuentry_id_option 'osprober-gnulinux-/boot/vmlinuz-5.11.0-1007-gcp--c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' { insmod part_gpt insmod ext2 set root='hd0,gpt1' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a else search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a fi linux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1 initrd /boot/initrd.img-5.11.0-1007-gcp } menuentry 'Ubuntu, with Linux 5.11.0-1007-gcp (recovery mode) (on /dev/sda1)' --class gnu-linux --class gnu --class os $menuentry_id_option 'osprober-gnulinux-/boot/vmlinuz-5.11.0-1007-gcp-root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro recovery nomodeset dis_ucode_ldr scsi_mod.use_blk_mq=Y ima_hash=sha256 panic=-1-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' { insmod part_gpt insmod ext2 set root='hd0,gpt1' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a else search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a fi linux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro recovery nomodeset dis_ucode_ldr scsi_mod.use_blk_mq=Y ima_hash=sha256 panic=-1 initrd /boot/initrd.img-5.11.0-1007-gcp } }  +#LAnN V.JuםXE tQ/} %ؼߴ s( XD%TXV:nCijr)&!grub_cmd: set timeout_style=menu tJGuDToxnZ_T "sL`:uF1wwD+h iN$O!/]%* Z *I'd4Ի";:grub_cmd: [ 0.1 = 0 ] =F Mc" ql5v To hdPN}>Y :Wzf3Ljf 4.cANH+1grub_cmd: [ -f (hd0,gpt1)/boot/grub/custom.cfg ] 2mBW^Qùz GWX1osy #rz5 EHazaWm4,'%d%LX+ تIkl2;Lgrub_cmd: [ -z (hd0,gpt1)/boot/grub -a -f (hd0,gpt1)/boot/grub/custom.cfg ] jejH; ]fx ,Ea-_J {"Ф~6G&((Kٮt_ cmi*J`grub_cmd: setparams Ubuntu fF8魧) ~~(nNe@:8'{ gL. x%cAsk: Ws}(mf@K grub_cmd: recordfail p6b 6hDt d[׆HIf Pu Y@ SϘ3髭:C$v]/Ca& F $ lgrub_cmd: set recordfail=1 UF>4>cQ ϤgouGzf3>4ٳ`Y JɜwEqH4Rk(&|,b<%6/bfgrub_cmd: [ -z ] ^|ē|GSQi ,w;[f!cëp4MK_@ .G4sHPM*|Dݜ*7d|w8>pgrub_cmd: save_env recordfail f G$)SD v&ؾtBu6J>:;S<ךk e qjgrub_cmd: gfxmode keep .gmݛ \fW2{w wϜIyga>?똢o |^  $-nfDxrB"c#ѳX|grub_cmd: set gfxpayload=keep RAߥy] _BKU ]^j5lN;f DY $Xʳ^ iwe \)vgrub_cmd: [ keep = keep ] n*~ k ;6oaq"|s( aYi*&5'<S hG^I/Az$W&grub_cmd: set vt_handoff=vt.handoff=7 Ph lFtRgbT nǔė *aS$\=&9b^)iVg)W^6ͣХM$ïJXFiY4 k+âOgrub_cmd: insmod part_gpt ?\V/ 2 8҆ z eY ; 1 Bو[$,6wJ♯E; irºSgrub_cmd: insmod ext2 񼳍, M~n0 ͼsYO!*/XL2b<AR-grub_cmd: set root=hd0,gpt1 g?go複 Eh6X1-dZ40/B7R!]iY 62wBn{=xyځ;,S,WJgrub_cmd: [ xy = xy ] iOaz7 Ln?=BzNf_ AyF T7f D٭Q%mZj.-ęVlZihJȆf.]grub_cmd: search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a E+ (]8 NCac(] Z9`{, sz8+ a[<%Ȝ?}dw`/aHj9SDV{Smmgrub_cmd: [ = 1 ] T -@eOc~R ѻs6 ϬX4kLJ"ul= !dF|~؏v))c-@02{?= E(p_QDgrub_cmd: echo GRUB_FORCE_PARTUUID set, attempting initrdless boot. "RĨ3-b8>O {5.H:eؙ52HŽ7cfGz* \*_ud6W4 +g\Xȫ\grub_cmd: linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1 U]<|U/'$rYV< 89n ?8J7翧z2l\  PnM@8$y$*xhL&fG)@!"{C/boot/vmlinuz-5.11.0-1008-gcp ZtXO[ V °dTkc s +YmL ,TN$h ˋm\$@^?9 flRmġELkernel_cmdline: /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1 iD?2 vlmp4K&5] ^P = suc*k1ڀ Gs8>BrB>}4+~(3ӕgrub_cmd: initrdfail UF>4>cQ ϤgouGzf3>4ٳ`Y JɜwEqH4Rk(&|,b<%6/bfgrub_cmd: [ -z ] p& 49ܷ=K{ k,@sȡ4G;> 葓Rl_ 2 }/R Gx2_/O'N"grub_cmd: set initrdfail=1 z8gؕTqa- $6T}l&12YxHiHx L&"m/7|m@f;V913'Qrgrub_cmd: [ -n ] P–{fiDj/+b X9;w9j7ZGd P &%`, >`ɸ*0#?X&=ىUJ4dG grub_cmd: save_env initrdfailD:k{VO.9<գJ =k{5j:#cROZ^ !K yu`4Hwt?*Sb$T@|K)]ڽevwExit Boot Services InvocationGUEx׿6~.H OuBrꃛ+t|~^a\@/D .]0m @ l& @i^dUJe,Ѐ# t(Exit Boot Services Returned with Successgolang-github-google-go-eventlog-0.0.2/testdata/eventlogs/tpm/ubuntu-2104-no-secure-boot.bin000066400000000000000000001125741515555264200316400ustar00rootroot00000000000000)Spec ID Event03 0?pۯfU@6GL  2᥌M5}P;[jZy m.Bϒ4I9?71a!ߊΦae c0GCE Virtual Firmware v1Bq@U'r7i~ {tޣL鴗UɭR=ZN/h'o M'+{F (?^UɈ?,پߎH /Px^ GCE NonHostInfoWMBGZ'CHO;B Z'DVb շ{M Ϥrb{mVi*X{Ecn ϯ@GK^ַ325aʓ + SecureBootZ>4=PB ۻfXe̘Jx[ArD cU<w ӥUZS:jC{* EhJaʓ +&PKY䔧J\+r& ҈G[G00ޠ Jg]0  *H  010 U newpk0 180821215115Z 180920215115Z010 U newpk0"0  *H 0 ̹|mkcb |,E΅RRH|C& 6ioТ#o4OkpBi!}u1 P#;V G0]c9ᖡ=&Ӣlȗ겕<:Q?%K>QՑg歌j'?NlV*Y` yө|WQa7}nRCH<ͼ9G F6ܒJF#XKS0Q0UPB/ۗ'(t1F^`0U#0PB/ۗ'(t1F^`0U00  *H  R?罰$2I{4;v`=ki[,׼}Yõ.l1#60g::+b!`,.(nfpX(gil'X%Pp`nTJmE[4&M<$.yȬ|8GCk3PWsJs{K ǃ 6Zi@ ,/==p5¹>qƭ$?}`ozuLQhX38%*KEg3%?CD nPyB.Ztvi b&G[d}-.fb {l"ZfWV @y΋V=ڑ WBB7B)C#(4~2x>aʓ +KEKY䔧J\+r҈G[G00Р a ш0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110"0  *H 0 赊W&&WzD] Jt*mZc2|O 8, 0HPdQȅO /Sjb: C%#pM/$JC ~Gl3*q<% /hvFOܭq*Xy=e;)*rY뮒5_̝vcy@yR{iO0K0 +70UbC͠>g[U{̶_0 +7  SubCA0 U0U00U#0EfRC~XN#U;:"j0\UU0S0QOMKhttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *H  Ԅ*<* נRfuz-vZy7jQ{ddgxΈXd W_iHK2]0x+4VʮA%pkז* K(){|vyo~l{E4Q9^VBwqV̟#˦X~ig~ <νC-j+Z|DR-R=`3e |N8/ o.9'B)FA;gCYe Ou;$PA@y-O j'vnRi{E­S076aJi4hl l"yF`!y2`ج"KK}?W5Ou`"Sy֛ATp 5|4r`;y뢲]%o8yi uk4`\WN62 'a`"r b8ÄbtņT)!%A$62̯Z 5 b[|<((yw6bB:؛Ȧ(!7k ˲:=EgeoG dbY䔧J\+r@$҈G[G00 a0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110"0  *H 0 lLE jK u CTd} s JEa-+MIA#/^Pƍ_A. lui!Mڭ,wS%27lRr5aj;PV2-B'UZ0TG%/&A\?[<>?GrU%"{*F 5'bq'Y7`8xpLEe¶~iuYXY䔧J\+r҈G[G00 avV0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100 111019184142Z 261019185142Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110"0  *H 0  . i!i33T ҋ8-|byJ?5 pk6u1ݍp7tF([`#,GgQ'rɹ;S5|'# oFnhttp://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0  *H  |qQyn9>\` QfG=*hwLb{Ǻz4KbzJ7-W|=ܸZij:ni!7ށugӓW^)9-Es[zFX^gl5?$5 uVx,Јߺ~,c#!xlX6+̤-@EΊ\k>p* j_Gc 26*pZBYqKW~!<ŹE ŕ]b֠c uw}=EWo3wbY~^fQߛ|^ kVs@{ "^Q_:@ɼ B%-JAxN|zKx, c6ߗ.˭.˲:=Egeo.dbxY䔧J\+rP4wY2M`(xK0 00  *H  01 0 UGB10U Isle of Man10U Douglas10U Canonical Ltd.1402U +Canonical Ltd. Master Certificate Authority0 120412113908Z 420411113908Z01 0 UGB10U Isle of Man10U Canonical Ltd.10U Secure Boot1+0)U "Canonical Ltd. Secure Boot Signing0"0  *H 0 _b dbKҟa+]8ιCCwO pF mm^ҷf mA cO|R̠1]FoUsvi!O"[-ە4(K!LʻyZg\xE=mY&WN,N7MG;| o鍣ξݔ00 U00U%0+ +7 0, `HB OpenSSL Generated Certificate0UaH* Z rPڐ30U#0 *#eZ&4Zc0  *H  ) J%}jyg%%Z^Z\ˍ#se"kIgɣbN\@܇aB"*\NR+89]Ve_+O&x]2E%G 7iv~4;gN%^_@1# % UG^[3ݳ1Z\]}> Y}; >o!9Y䔧J\+rwY2M`(xK00p 9\zP0  *H  0A10U Toliman10 U Cisco10UVirtual UEFI Root CA0  180403174734Z20990403161930Z0?10 U Cisco10U Antares10U Virtual UEFI SubCA0"0  *H 0 M!+ w1\W>ae~"O/KhLQgFBKj)g@gEҨW sUWďPIHfx+GUH%m".a.MX~x['} s연^u?xq/΃S10N#| T:^y^NͪނqNII鰫*GS0'|f o~=>ԢjY//=(BR=$@ve9070 `HB0U%0  +7 0 U0  *H  W`L)}k\l?iHudJ &!V]>uM=~B@qylqbǘ' / ɟ%ͻUuA1N]¬F՝G2Dt0WV~)ۛSҽ/ju&Ed(yWzd,NgyjwY2M`(xK세Kle qR0! b h2۲ '%'߶=IҕrLwY2M`(xKoN0;t􀠀Ѐ+ot!hwY2M`(xKN: [CƦ@O4=9bgΔ.#ڒ wY2M`(xK+&B.6_K 'lKzoD/ki9wY2M`(xK.pgsQpW2.#ӹ+Q}wY2M`(xK?Λ>TR^·mt:syqUpj>swY2M`(xKGa':k,Zmk6!h,*Z߽wY2M`(xKqo"I~TFb$ whٿcuwY2M`(xK;δCΝч͛YA=Xo+V7W_gwY2M`(xKHY jagznFdr!YEwY2M`(xK se(Q )$졺wY2M`(xK*xtUq *{F 2xnMwY2M`(xKᝮ.o(Xw#5yD=<wY2M`(xK9(K_3,w@ۦcJɱwY2M`(xK2 Edf(|zB3}) wY2M`(xK_ˣ>XGj( &q!}I/wY2M`(xKKheݐBOЮ2p>` wY2M`(xK4 qTzDUHwY2M`(xK5nU T5L5`[-UwY2M`(xK4kW3$ke^6**pIwY2M`(xKcWÔ. fD[WK`wY2M`(xKYVDc0wF*!Y[YswY2M`(xKۯm=[8S0J~ ͼX"1lwY2M`(xKebr.^^lnO{+.k콚wY2M`(xK[$=q==ݍKzq&W8_-ȆwY2M`(xK&yeAF 5Vw kĄ0tlwY2M`(xKmSco##o=WKׇ?wY2M`(xK !|~_N6p8 <#ʑC wY2M`(xKA7ǐvqos}:-M0_wY2M`(xK!jd@U@V풕a7XH.񷽚wY2M`(xKn [G{LӨ̤ X$׺wY2M`(xKLzAǃHBvo4Pс;wY2M`(xK-t6b) \\6BwY2M`(xKwOܑ蟣\N4Le2,ȷ? JiIze*UBw+ܑwY2M`(xK{Tc^wѬ҃?JW`<,ywY2M`(xK9]WQxWn!|Y_j%wY2M`(xKϧq+!oT(g-l~swY2M`(xK>'˳D8#'_\Y:7fۘL^Cz?kwY2M`(xKhF2Ǿf>ݓE-}ICwY2M`(xKK1ZUqH=s-M.!-1^нwY2M`(xK :U)7KZO&kRp촪%8wY2M`(xK~LԯcNhUyQ9q0(U+kwY2M`(xKh1!gKp,_]p-HwY2M`(xK<䰱rGoWY{'NĽwY2M`(xKWq*䉳tvͩa)بhҶc91]wY2M`(xK:(L} ,^L0J䕭ŌE< wY2M`(xKISylQ ~+d4ut彚wY2M`(xKu^i*1ËgVpwY2M`(xKSR)1B<I̧rRäY wY2M`(xK?>B~CS%+~^r n'mCwY2M`(xKr.#VrAJPΦj5!zwY2M`(xK\Xj7Eph(|A˛_RzUwY2M`(xKN5Lch'IW+)4%OSrTIwY2M`(xKJ)^ 7 kώd !1wY2M`(xK~q4Tao[ׄq*O4x*8pwY2M`(xK[nOe#X|,_gv*wY2M`(xK"M ?bQj~,lpwY2M`(xK (@%gq8R-(Gn5;AwY2M`(xK  s~oYlIP/KwY2M`(xK u pt$mOǴ>Yj53 kOur^wY2M`(xK QאoēIv]Bk,jrS2㧽wY2M`(xKQ0[Yec@i*.IQwY2M`(xKw0/I?%+o4j0/ wY2M`(xKqZD"3 K1L)]mwY2M`(xKs(x#bU߮T+r)ָwY2M`(xKXڋ3_:4?]W<+ wY2M`(xK^E4 5=eS|퓽wY2M`(xK' cj} [9f'NGwY2M`(xK)̤TN0DŽi\k"{[(@꽚wY2M`(xK+"kĤU.{\KH6ĘwY2M`(xK-ώp#E=h0پLwY2M`(xK1*[P0̓>T/GwY2M`(xK22mϬ^˝,\;"Ϝn`ǘԧwY2M`(xK4 +X3+V0 ֹ'IX%wY2M`(xK6. (1o aS.uPwY2M`(xK6z1僈1,FGjl決 z^wY2M`(xK7ei[B{5;!7褛o Yjxj4wY2M`(xK8mi\-EvxQUv7;ywY2M`(xK:Ot+3=藾BUwY2M`(xK:lEp YBb-Q.s5wY2M`(xK;45igA QLiOsYwY2M`(xK>9&ZաAgdz<=C!]D7A-(wY2M`(xK@ mY :0WY/B_wY2M`(xKAm[4{x+_ up\MGy=ĘwY2M`(xKAw2NeW2 DkQ%wwY2M`(xKEkMa[:tz]ZH)A A/]wY2M`(xKFg% ktͱdXsoW]ou]gwY2M`(xKGc@y1Q[./]=2wY2M`(xKW:R"vͯ1툉Td%St zӕwY2M`(xKX"q!mc~:e3?EƼ߽wY2M`(xK]˻J}KhRYpo"A̭wY2M`(xKaģwYp4ռn:ߺ t M⋈GGNwY2M`(xKm2WƤpu_AP0.ZG|wY2M`(xKpE 9Ui %2N 9X4ԉ-QwY2M`(xKro|뒘Ʈt϶]Af wY2M`(xKxd!sԨ(dqV 5zXbK7u wY2M`(xKx3ҿQg=>}QqV'whm#wY2M`(xKxʫ > ,#9LJnS1wY2M`(xKI̳ 2;zUD\1I^`pP'wY2M`(xKH#leYM+. P(4wY2M`(xKMx962̑Zt.0עfYG,+kfwY2M`(xKIW!cH#22hXe) pwY2M`(xK iYevFK*R$ԡHϭwY2M`(xKczl` rvիWȟ`-⽚wY2M`(xKejI;8$&2HWH [s 2SwY2M`(xK[Ƅ9čcvM/;wjwY2M`(xKpx|a:霚]Xf~,Չgz|LrwY2M`(xK-5hLHZkCbD|9d{wY2M`(xKTU豉AKl@ko>h݆1wY2M`(xKOvk֨_BMHv 8wY2M`(xK%0_9~uck6 WsnkЋuwY2M`(xKܷ/^t':@<y~"PwY2M`(xK? 2ī4:E %!j,wY2M`(xKxĽT5Y.¥{j50d/wY2M`(xK$B9os!slwY2M`(xK;GN[3SIHkvXg[wY2M`(xKֵ{E|{V)fZ=G:KQwY2M`(xK?Y ,%hy?nwy^m|"SuwY2M`(xK3c~mVɊS/ mIwY2M`(xKu2\fOJ7/5SHfwY2M`(xK&Wup*)\ŽwY2M`(xKC](*|sG[wk|v?iwY2M`(xKf;Mhn$poLgf DpwY2M`(xKFY~_ronr{h 8\BjwY2M`(xKP[k 9eNu^ƛwY2M`(xK- ^@!l,y ԽwY2M`(xKƝd9gBR~j<'on4"wY2M`(xK4 tĥnAܨ8rPykwY2M`(xK̎n!,zZ~m xGwY2M`(xKC.<~p%з yA(wY2M`(xKؚlHTKg f HKpNBwY2M`(xKf'g4$R;is"*M wY2M`(xK5` 2LiȖCkFUwY2M`(xKR(ÕiwwY2M`(xKߑO U|s,YE.NwY2M`(xKQ0Fj",aW_F彚wY2M`(xKmq!ꈄ(E2ooNS~T61wY2M`(xK㘑œ΂fo[+ШǿwY2M`(xKoy-O22٧o{aơ>;ȽwY2M`(xKM[kFGywhIGf wY2M`(xKfIa Oj);#(~.rwY2M`(xKU*y6b;1 To rgwY2M`(xKQ; TJh‘şB ܲ> Z~ =wY2M`(xKm5TiA @h)Y\,d*JwY2M`(xKa@?|ةpY}2ߏkwI_wY2M`(xKmq;`O, !ޮg%B[}:1[wßTixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟p$=Ҵ I APǠ᫡OwG"1@vԊFQU ulc%CD0mlʞ9l0{au9:aʓ + BootOrder/B3ȮZv-how }>2?4Uk6vf *'B"2;QTH-Xj }%࿆XEAzhaʓ +vBoot0003bubuntu*(PaNLD9q% \4\EFI\ubuntu\shimx64.efi"۠5(޶Kt+ 10` äJTF.l _6* #Ra/4Fv bִvKVҎzgŏҩt˜naʓ +>Boot0000 ,UiAppɽ|4O>e!,FvEnf#1A+{7 ex,hE |0fe*%|6 oo6Y?W:9qMtNDrG([ C(nm /Kaʓ +lBoot0001UEFI Google PersistentDisk  A NYMR,Y1=^t :f4,aZョZ9 |ׇdz,xEx}3Q'csD[gD]4Kiaʓ +SBoot0002!VirtScsi(0,3,0) DiskVirtScsi(0,3,0) DiskE1A'S&7V =grNu*,L_rPo*ƝV3 wڲ1+NWMZ!gz!*ځ x@4k 8 Cq(Calling EFI Application from Boot OptionixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟U{)nc tŀ ;7OT?yq!T*ha 90ꄁ 8m,*eFf彏PKzo m])EFI PART\ f_F"_F͕ @xen=rGy=iG}䮦CdM2P<x_FHah!IdontNeedEFIbH9>l}'(s*K>;aNLD9q% \(w"@-G!@k+J; be20ф3tnŮ|ۗ=X & OIڏYe#M.ضñFVӰxEGQwxύUx7o_!@޽А| A *(PaNLD9q% \4\EFI\ubuntu\shimx64.efi h`ݚڒ?) /kVGd̦t^͗t8<}&J 3We_ e |ǁ%O4ZmWow(c tiTCKvpas٦2t\`9'(hd0,gpt1)/boot/grub/x86_64-efi/fs.lst ҁ9R2: vo8I'{ 6>w'.uC Aej`;Ntw]^͇ 6CLkVrTA*fX68+(hd0,gpt1)/boot/grub/x86_64-efi/crypto.lst f&K Ӕ(ꔓ F/6-`Bj1JZjCb%ߜ $Mk6Ŗ:'kX{Ȯ#FT\-(hd0,gpt1)/boot/grub/x86_64-efi/terminal.lst h.2jD+ M>wmtvO2W-T3q84~m} SGUĶr[Kc~eP JF߶VG7ם3grub_cmd: configfile (hd0,gpt1)/boot/grub/grub.cfg l36AjQyչz UUּdqjW7ڢleӆ!? 膸fҜʢܳou }}5A_dҵ_; (hd0,gpt1)/boot/grub/grub.cfg >\.+/mA s/3 ~+4ƨ6(-fVDo s V͆Gqo6Jzlhtf0S*u.grub_cmd: [ -s (hd0,gpt1)/boot/grub/grubenv ] ~U1dZBD^nM .B4QQ5k{߆V? d7>wƷPe>Qd;AIԊ6vU](hd0,gpt1)/boot/grub/grubenv wƷPe>Qd;AIԊ6vU](hd0,gpt1)/boot/grub/grubenv @hC^ ҹ)j/U'}4{~AV - `Gdml,x@kHtj>!*Cݽ]2Fgrub_cmd: [ = 2 ] E+ (]8 NCac(] Z9`{, sz8+ a[<%Ȝ?}dw`/aHj9SDV{Smmgrub_cmd: [ = 1 ] q #|A2Hǰ ΁$ G3DmynD: e ".%p/ru:TUMfVg?t'\%xΏHQgrub_cmd: [ ] u@ E+0≯>k :@&u}6\uo2>uѼX k$/rƦ.XXDdFg0nی%-_9G@grub_cmd: set default=0 g?go複 Eh6X1-dZ40/B7R!]iY 62wBn{=xyځ;,S,WJgrub_cmd: [ xy = xy ] R e*'~C# }MKbFc,!!%\46U a?Q@|T]RU2DÐ;)a龬f#grub_cmd: menuentry_id_option=--id bHY x̽/A J7 ;y}L^2+RGkPm^ -9{=d*m ;(xnk <۷h%grub_cmd: export menuentry_id_option q #|A2Hǰ ΁$ G3DmynD: e ".%p/ru:TUMfVg?t'\%xΏHQgrub_cmd: [ ] }r╉anJ $(ЛK%_]Vw$=_ \LLFTŲِgoSiS°%{:.*!grub_cmd: terminal_input console ^ G4 RU@ 0J#'wl"j }T" "F[  ]^z&u拣iL"grub_cmd: terminal_output console E+ (]8 NCac(] Z9`{, sz8+ a[<%Ȝ?}dw`/aHj9SDV{Smmgrub_cmd: [ = 1 ] g?go複 Eh6X1-dZ40/B7R!]iY 62wBn{=xyځ;,S,WJgrub_cmd: [ xy = xy ] Xy^;k9֍۩XG aʥOK?7Zt$NNގ ` _ vͧo.KE%WF.7zKH}DeB܊V#grub_cmd: set timeout_style=hidden 1BaYm'O" rC'oLrn#8)M E+Lv@@ekUhZl grub_cmd: set timeout=0.1 UF>4>cQ ϤgouGzf3>4ٳ`Y Jɜ^DBF4* NĦ8ilE=9"dx. \f),LņMp4grub_cmd: set menu_color_highlight=black/light-gray 틭,@ry ( "fʁ(+Mug LcQ >ۑ48Ul:#@ahU,Qp1Q/"rfD*<grub_cmd: set partuuid=6443a6ae-e5e9-4df7-9a06-d1329e50f33c B2 K2f 1J,^sI07A zZyo/N!9xIjXvfυwτ,Sgrub_cmd: [ != 1 ] ),ΐҎ6T 6 ]NR؂wǨS-GC遇t |qvk8sK}'հ'=*0ۤc 7 uI_E>7grub_cmd: [ -e (hd0,gpt1)/boot/grub/gfxblacklist.txt ] ӷzd}i`E 6]nd6,耏|OԬf 2Q TH,ݨFFY grub_cmd: export linux_gfx_mode UHAIZUc0l@Ox: grub_cmd: submenu Advanced options for Ubuntu --id gnulinux-advanced-fadc363a-fae5-4b46-9bf5-303a0043410b { menuentry 'Ubuntu, with Linux 5.11.0-1006-gcp' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.11.0-1006-gcp-advanced-fadc363a-fae5-4b46-9bf5-303a0043410b' { recordfail load_video gfxmode $linux_gfx_mode insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root fadc363a-fae5-4b46-9bf5-303a0043410b else search --no-floppy --fs-uuid --set=root fadc363a-fae5-4b46-9bf5-303a0043410b fi echo 'Loading Linux 5.11.0-1006-gcp ...' if [ "${initrdfail}" = 1 ]; then echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.' linux /boot/vmlinuz-5.11.0-1006-gcp root=PARTUUID=6443a6ae-e5e9-4df7-9a06-d1329e50f33c ro console=ttyS0 echo 'Loading initial ramdisk ...' initrd /boot/initrd.img-5.11.0-1006-gcp else echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.' linux /boot/vmlinuz-5.11.0-1006-gcp root=PARTUUID=6443a6ae-e5e9-4df7-9a06-d1329e50f33c ro console=ttyS0 panic=-1 fi initrdfail } menuentry 'Ubuntu, with Linux 5.11.0-1006-gcp (recovery mode)' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.11.0-1006-gcp-recovery-fadc363a-fae5-4b46-9bf5-303a0043410b' { recordfail load_video insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root fadc363a-fae5-4b46-9bf5-303a0043410b else search --no-floppy --fs-uuid --set=root fadc363a-fae5-4b46-9bf5-303a0043410b fi echo 'Loading Linux 5.11.0-1006-gcp ...' if [ "${initrdfail}" = 1 ]; then echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.' linux /boot/vmlinuz-5.11.0-1006-gcp root=PARTUUID=6443a6ae-e5e9-4df7-9a06-d1329e50f33c ro recovery nomodeset dis_ucode_ldr echo 'Loading initial ramdisk ...' initrd /boot/initrd.img-5.11.0-1006-gcp else echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.' linux /boot/vmlinuz-5.11.0-1006-gcp root=PARTUUID=6443a6ae-e5e9-4df7-9a06-d1329e50f33c ro recovery nomodeset dis_ucode_ldr panic=-1 fi initrdfail } } '?\.\7aBם t0 p!1fB655r ؖa!V>3Ljf 4.cANH+1grub_cmd: [ -f (hd0,gpt1)/boot/grub/custom.cfg ] 2mBW^Qùz GWX1osy #rz5 EHazaWm4,'%d%LX+ تIkl2;Lgrub_cmd: [ -z (hd0,gpt1)/boot/grub -a -f (hd0,gpt1)/boot/grub/custom.cfg ] jejH; ]fx ,Ea-_J {"Ф~6G&((Kٮt_ cmi*J`grub_cmd: setparams Ubuntu fF8魧) ~~(nNe@:8'{ gL. x%cAsk: Ws}(mf@K grub_cmd: recordfail p6b 6hDt d[׆HIf Pu Y@ SϘ3髭:C$v]/Ca& F $ lgrub_cmd: set recordfail=1 UF>4>cQ ϤgouGzf3>4ٳ`Y JɜwEqH4Rk(&|,b<%6/bfgrub_cmd: [ -z ] ^|ē|GSQi ,w;[f!cëp4MK_@ .G4sHPM*|Dݜ*7d|w8>pgrub_cmd: save_env recordfail f G$)SD v&ؾtBu6J>:;S<ךk e qjgrub_cmd: gfxmode keep .gmݛ \fW2{w wϜIyga>?똢o |^  $-nfDxrB"c#ѳX|grub_cmd: set gfxpayload=keep RAߥy] _BKU ]^j5lN;f DY $Xʳ^ iwe \)vgrub_cmd: [ keep = keep ] n*~ k ;6oaq"|s( aYi*&5'<S hG^I/Az$W&grub_cmd: set vt_handoff=vt.handoff=7 Ph lFtRgbT nǔė *aS$\=&9b^)iVg)W^6ͣХM$ïJXFiY4 k+âOgrub_cmd: insmod part_gpt ?\V/ 2 8҆ z eY ; 1 Bو[$,6wJ♯E; irºSgrub_cmd: insmod ext2 g?go複 Eh6X1-dZ40/B7R!]iY 62wBn{=xyځ;,S,WJgrub_cmd: [ xy = xy ] D7=t~;7& yi4aN9}X.te9I0en ˆvE.шUG4@Quԓ,{[ѧ㥳&wC1Wgrub_cmd: search --no-floppy --fs-uuid --set=root fadc363a-fae5-4b46-9bf5-303a0043410b E+ (]8 NCac(] Z9`{, sz8+ a[<%Ȝ?}dw`/aHj9SDV{Smmgrub_cmd: [ = 1 ] T -@eOc~R ѻs6 ϬX4kLJ"ul= !dF|~؏v))c-@02{?= E(p_QDgrub_cmd: echo GRUB_FORCE_PARTUUID set, attempting initrdless boot. !2 B % Jog m`ٹysbx 2 9yQkpmOѐ}d\Z=Lg']1>)t{grub_cmd: linux /boot/vmlinuz-5.11.0-1006-gcp root=PARTUUID=6443a6ae-e5e9-4df7-9a06-d1329e50f33c ro console=ttyS0 panic=-1 }.2>nIi& G嘷DAr}'gyc -ZJ#m,7M"7sztܸ-BEQ/boot/vmlinuz-5.11.0-1006-gcp 'u`d]f svFe/$ NB /Qp=ȉ tnGef^XzPj΅Zx)7{Ziv4{kernel_cmdline: /boot/vmlinuz-5.11.0-1006-gcp root=PARTUUID=6443a6ae-e5e9-4df7-9a06-d1329e50f33c ro console=ttyS0 panic=-1 iD?2 vlmp4K&5] ^P = suc*k1ڀ Gs8>BrB>}4+~(3ӕgrub_cmd: initrdfail UF>4>cQ ϤgouGzf3>4ٳ`Y JɜwEqH4Rk(&|,b<%6/bfgrub_cmd: [ -z ] p& 49ܷ=K{ k,@sȡ4G;> 葓Rl_ 2 }/R Gx2_/O'N"grub_cmd: set initrdfail=1 z8gؕTqa- $6T}l&12YxHiHx L&"m/7|m@f;V913'Qrgrub_cmd: [ -n ] P–{fiDj/+b X9;w9j7ZGd P &%`, >`ɸ*0#?X&=ىUJ4dG grub_cmd: save_env initrdfailD:k{VO.9<գJ =k{5j:#cROZ^ !K yu`4Hwt?*Sb$T@|K)]ڽevwExit Boot Services InvocationGUEx׿6~.H OuBrꃛ+t|~^a\@/D .]0m @ l& @i^dUJe,Ѐ# t(Exit Boot Services Returned with Successgolang-github-google-go-eventlog-0.0.2/testdata/eventlogs/tpm/ubuntu-2404-amd-sevsnp.bin000066400000000000000000001303641515555264200310540ustar00rootroot00000000000000)Spec ID Event03 0@1)oܭ̩j [Ώ_m 7kţ] !@ TP͜Fb/3m8}psx3i$*ή0GCE Virtual Firmware v2IS airE&a} AuGwWH4 )&+W RG]YE  P_7?O6a:;w?;]Gm GCE NonHostInfoWMBGZ'CHO;B Z'DVb շ{M Ϥrb{mVi*X{Ecn ϯ@GK^ַ325aʓ + SecureBootZ>4=PB ۻfXe̘Jx[ArD cU<w ӥUZS:jC{* EhJaʓ +&PKY䔧J\+r& ҈G[G00ޠ Jg]0  *H  010 U newpk0 180821215115Z 180920215115Z010 U newpk0"0  *H 0 ̹|mkcb |,E΅RRH|C& 6ioТ#o4OkpBi!}u1 P#;V G0]c9ᖡ=&Ӣlȗ겕<:Q?%K>QՑg歌j'?NlV*Y` yө|WQa7}nRCH<ͼ9G F6ܒJF#XKS0Q0UPB/ۗ'(t1F^`0U#0PB/ۗ'(t1F^`0U00  *H  R?罰$2I{4;v`=ki[,׼}Yõ.l1#60g::+b!`,.(nfpX(gil'X%Pp`nTJmE[4&M<$.yȬ|8GCk3PWsJs{K ǃ 6Zi@ ,/==p5¹>qƭ$?}`ozuLQhX38%*KEg3%?CD nPyB.Ztvi b&G[d}-.fb {l"ZfWV @y΋V=ڑ WBB7B)C#(4~2x>aʓ +KEKY䔧J\+r҈G[G00Р a ш0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110"0  *H 0 赊W&&WzD] Jt*mZc2|O 8, 0HPdQȅO /Sjb: C%#pM/$JC ~Gl3*q<% /hvFOܭq*Xy=e;)*rY뮒5_̝vcy@yR{iO0K0 +70UbC͠>g[U{̶_0 +7  SubCA0 U0U00U#0EfRC~XN#U;:"j0\UU0S0QOMKhttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *H  Ԅ*<* נRfuz-vZy7jQ{ddgxΈXd W_iHK2]0x+4VʮA%pkז* K(){|vyo~l{E4Q9^VBwqV̟#˦X~ig~ <νC-j+Z|DR-R=`3e |N8/ o.9'B)FA;gCYe Ou;$PA@y-O j'vnRi{E­S076aJi4hl l"yF`!y2`ج"KK}?W5Ou`"Sy֛ATp 5|4r`;y뢲]%o8yi uk4`\WN62 'a`"r b8ÄbtņT)!%A$62̯Z 5 b[|<((yw6bB:؛Ȧ(!7k ˲:=EgeoG dbY䔧J\+r@$҈G[G00 a0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110"0  *H 0 lLE jK u CTd} s JEa-+MIA#/^Pƍ_A. lui!Mڭ,wS%27lRr5aj;PV2-B'UZ0TG%/&A\?[<>?GrU%"{*F 5'bq'Y7`8xpLEe¶~iuYXY䔧J\+r҈G[G00 avV0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100 111019184142Z 261019185142Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110"0  *H 0  . i!i33T ҋ8-|byJ?5 pk6u1ݍp7tF([`#,GgQ'rɹ;S5|'# oFnhttp://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0  *H  |qQyn9>\` QfG=*hwLb{Ǻz4KbzJ7-W|=ܸZij:ni!7ށugӓW^)9-Es[zFX^gl5?$5 uVx,Јߺ~,c#!xlX6+̤-@EΊ\k>p* j_Gc 26*pZBYqKW~!<ŹE ŕ]b֠c uw}=EWo3wbY~rY٘83~ 0`]ǡ]1?{pí O%o`6u\U3F= ĵ5@|pPE˲:=EgeoEdbx&LP@A6C(E0wY2M`(xKi1 ORm@`MAe wY2M`(xK/֒r($E4[$k;}nzwY2M`(xKء- *o.s >d,NgyjwY2M`(xK세Kle qR0! b h2۲ '%'߶=IҕrLwY2M`(xKoN0;t􀠀Ѐ+ot!hwY2M`(xKN: [CƦ@O4=9bgΔ.#ڒ wY2M`(xK+&B.6_K 'lKzoD/ki9wY2M`(xK.pgsQpW2.#ӹ+Q}wY2M`(xK?Λ>TR^·mt:syqUpj>swY2M`(xKGa':k,Zmk6!h,*Z߽wY2M`(xKqo"I~TFb$ whٿcuwY2M`(xK;δCΝч͛YA=Xo+V7W_gwY2M`(xKHY jagznFdr!YEwY2M`(xK se(Q )$졺wY2M`(xK*xtUq *{F 2xnMwY2M`(xKᝮ.o(Xw#5yD=<wY2M`(xK9(K_3,w@ۦcJɱwY2M`(xK2 Edf(|zB3}) wY2M`(xK_ˣ>XGj( &q!}I/wY2M`(xKKheݐBOЮ2p>` wY2M`(xK4 qTzDUHwY2M`(xK5nU T5L5`[-UwY2M`(xK4kW3$ke^6**pIwY2M`(xKcWÔ. fD[WK`wY2M`(xKYVDc0wF*!Y[YswY2M`(xKۯm=[8S0J~ ͼX"1lwY2M`(xKebr.^^lnO{+.k콚wY2M`(xK[$=q==ݍKzq&W8_-ȆwY2M`(xK&yeAF 5Vw kĄ0tlwY2M`(xKmSco##o=WKׇ?wY2M`(xK !|~_N6p8 <#ʑC wY2M`(xKA7ǐvqos}:-M0_wY2M`(xK!jd@U@V풕a7XH.񷽚wY2M`(xKn [G{LӨ̤ X$׺wY2M`(xKLzAǃHBvo4Pс;wY2M`(xK-t6b) \\6BwY2M`(xKwOܑ蟣\N4Le2,ȷ? JiIze*UBw+ܑwY2M`(xK{Tc^wѬ҃?JW`<,ywY2M`(xK9]WQxWn!|Y_j%wY2M`(xKϧq+!oT(g-l~swY2M`(xK>'˳D8#'_\Y:7fۘL^Cz?kwY2M`(xKhF2Ǿf>ݓE-}ICwY2M`(xKK1ZUqH=s-M.!-1^нwY2M`(xK :U)7KZO&kRp촪%8wY2M`(xK<䰱rGoWY{'NĽwY2M`(xKWq*䉳tvͩa)بhҶc91]wY2M`(xK:(L} ,^L0J䕭ŌE< wY2M`(xKISylQ ~+d4ut彚wY2M`(xKu^i*1ËgVpwY2M`(xKSR)1B<I̧rRäY wY2M`(xK-5hLHZkCbD|9d{wY2M`(xK?>B~CS%+~^r n'mCwY2M`(xKr.#VrAJPΦj5!zwY2M`(xK\Xj7Eph(|A˛_RzUwY2M`(xKJ)^ 7 kώd !1wY2M`(xK~q4Tao[ׄq*O4x*8pwY2M`(xK[nOe#X|,_gv*wY2M`(xK"M ?bQj~,lpwY2M`(xK (@%gq8R-(Gn5;AwY2M`(xK  s~oYlIP/KwY2M`(xK u pt$mOǴ>Yj53 kOur^wY2M`(xK QאoēIv]Bk,jrS2㧽wY2M`(xKQ0[Yec@i*.IQwY2M`(xKw0/I?%+o4j0/ wY2M`(xKqZD"3 K1L)]mwY2M`(xKs(x#bU߮T+r)ָwY2M`(xKXڋ3_:4?]W<+ wY2M`(xK^E4 5=eS|퓽wY2M`(xK' cj} [9f'NGwY2M`(xK)̤TN0DŽi\k"{[(@꽚wY2M`(xK+"kĤU.{\KH6ĘwY2M`(xK-ώp#E=h0پLwY2M`(xK1*[P0̓>T/GwY2M`(xK22mϬ^˝,\;"Ϝn`ǘԧwY2M`(xK4 +X3+V0 ֹ'IX%wY2M`(xK6. (1o aS.uPwY2M`(xK6z1僈1,FGjl決 z^wY2M`(xK7ei[B{5;!7褛o Yjxj4wY2M`(xK8mi\-EvxQUv7;ywY2M`(xK:Ot+3=藾BUwY2M`(xK:lEp YBb-Q.s5wY2M`(xK;45igA QLiOsYwY2M`(xK>9&ZաAgdz<=C!]D7A-(wY2M`(xK@ mY :0WY/B_wY2M`(xKAm[4{x+_ up\MGy=ĘwY2M`(xKAw2NeW2 DkQ%wwY2M`(xKEkMa[:tz]ZH)A A/]wY2M`(xKFg% ktͱdXsoW]ou]gwY2M`(xKGc@y1Q[./]=2wY2M`(xKW:R"vͯ1툉Td%St zӕwY2M`(xKX"q!mc~:e3?EƼ߽wY2M`(xK]˻J}KhRYpo"A̭wY2M`(xKaģwYp4ռn:ߺ t M⋈GGNwY2M`(xKm2WƤpu_AP0.ZG|wY2M`(xKpE 9Ui %2N 9X4ԉ-QwY2M`(xKro|뒘Ʈt϶]Af wY2M`(xKxd!sԨ(dqV 5zXbK7u wY2M`(xKx3ҿQg=>}QqV'whm#wY2M`(xKxʫ > ,#9LJnS1wY2M`(xKI̳ 2;zUD\1I^`pP'wY2M`(xKH#leYM+. P(4wY2M`(xKMx962̑Zt.0עfYG,+kfwY2M`(xKIW!cH#22hXe) pwY2M`(xK iYevFK*R$ԡHϭwY2M`(xKczl` rvիWȟ`-⽚wY2M`(xKejI;8$&2HWH [s 2SwY2M`(xK[Ƅ9čcvM/;wjwY2M`(xKpx|a:霚]Xf~,Չgz|LrwY2M`(xKTU豉AKl@ko>h݆1wY2M`(xKOvk֨_BMHv 8wY2M`(xK%0_9~uck6 WsnkЋuwY2M`(xKܷ/^t':@<y~"PwY2M`(xK? 2ī4:E %!j,wY2M`(xKxĽT5Y.¥{j50d/wY2M`(xK$B9os!slwY2M`(xK;GN[3SIHkvXg[wY2M`(xKֵ{E|{V)fZ=G:KQwY2M`(xK?Y ,%hy?nwy^m|"SuwY2M`(xK3c~mVɊS/ mIwY2M`(xKu2\fOJ7/5SHfwY2M`(xK&Wup*)\ŽwY2M`(xKC](*|sG[wk|v?iwY2M`(xKf;Mhn$poLgf DpwY2M`(xKFY~_ronr{h 8\BjwY2M`(xKP[k 9eNu^ƛwY2M`(xK- ^@!l,y ԽwY2M`(xKƝd9gBR~j<'on4"wY2M`(xK4 tĥnAܨ8rPykwY2M`(xK̎n!,zZ~m xGwY2M`(xKC.<~p%з yA(wY2M`(xKؚlHTKg f HKpNBwY2M`(xKf'g4$R;is"*M wY2M`(xK5` 2LiȖCkFUwY2M`(xKR(ÕiwwY2M`(xKߑO U|s,YE.NwY2M`(xKQ0Fj",aW_F彚wY2M`(xKmq!ꈄ(E2ooNS~T61wY2M`(xK㘑œ΂fo[+ШǿwY2M`(xKoy-O22٧o{aơ>;ȽwY2M`(xKM[kFGywhIGf wY2M`(xKfIa Oj);#(~.rwY2M`(xKU*y6b;1 To rgwY2M`(xKQ; TJh‘şB ܲ> Z~ =wY2M`(xKm5TiA @h)Y\,d*JwY2M`(xKa@?|ةpY}2ߏkwI_wY2M`(xKmq;`O, !ޮg%B[}:1[wßTwY2M`(xK ;9(4NgSJwY2M`(xKB|LYHHMj~QNo\נ ̽wY2M`(xK(x.l=_N\ND+>wY2M`(xK.j-Tm$;*YOgwY2M`(xK@)sxL:Z MD8vxDT罚wY2M`(xKO FڴG&6$ߣzwY2M`(xK\*4zC%jBO5ME:wY2M`(xK׭~R3vp/KeIMlXڽwY2M`(xKQS+K˵}99wY2M`(xKl]8S4uӚWerua,2FZS)wY2M`(xK˙K@lUf5U&tdE,#a^PwY2M`(xKlMޓ oUo7'=wY2M`(xKݠ}b-Tp7j>k0'IkwY2M`(xK%rr]Jzζ'?bwY2M`(xK#mL|z9et0{%(:wY2M`(xKe}rU,-c[fdwY2M`(xKnJI\ !byMѲJK_9wY2M`(xK$Z64Lf$O3wv_.wY2M`(xK#.BONu cw'Pp$ߊwY2M`(xKrbf/ nTns} Mx wY2M`(xK܊.￉0Y˳ՏwY2M`(xKYNH!Ucꅻ"LḿwY2M`(xKGxgdK. ;-_!waz,/WwY2M`(xK7$rO/ Qh[FwY2M`(xK `V^U<_HiDL wY2M`(xKL Q,*J Ldؘ wY2M`(xK[$5=ٲlٸ&""5wY2M`(xKLW >!f>-# X3#6ؽwY2M`(xK` V ϱvnhhTJh(@߽wY2M`(xKHXMe %#c\a #UʽwY2M`(xKy@d`}GGJ""pgwY2M`(xK[䢦WJFL)ҝ{@8qW2YLwY2M`(xKs64ळdKQȠH')8Q>>3`wY2M`(xKfЀ>%P琂G̛QphڻzwY2M`(xK(ASJ~\={&r/{xS콚wY2M`(xKUrn](ד;icu սwY2M`(xKęVtI8Dc+Z% OٻX#wY2M`(xKe]Z@{i64iUwY2M`(xKJo.[e7r‘֭齚wY2M`(xKjFTGR8x)H8t~ 3'dwY2M`(xK,JRFCr?j1J(]; L"ŽwY2M`(xK!}}|3n::6**wY2M`(xK% ຆ mFD0Ջ,J)T[wY2M`(xK9Z7_b,Ʃ?v Ɂ'wY2M`(xK;0#˷e9_D\˚{c?wY2M`(xK?ܣL&sZD|: 9TwY2M`(xKEWĎE "9/xoM7(yܽwY2M`(xKZNtW5 g.NxquP2[wY2M`(xK^+u`fhvq [8?wY2M`(xKM0-Ew5<N/wY2M`(xKANk,($(էk~~SD#`wY2M`(xK#>pL$cg(lK wY2M`(xKʊ|K!Ū#PD]vi\ ̵cwY2M`(xKʤE TP=|9|*zMZBwY2M`(xK)~5éQpjwҚ&-8%mwfjwY2M`(xKuDWqrNu*//)4޽wY2M`(xK\aR>IteJv t2彚wY2M`(xK۴$ˊ^F &Eh`'ů+r'iwY2M`(xKG6IwR&KeS"wY2M`(xK7%&".GtU/O |Dg.xm΋AwY2M`(xK%89/U7J^EU\3Y%ӽwY2M`(xKv:(fN|XrI:%὚wY2M`(xKEfCcr qI)ղ#A$F#~lwY2M`(xKdJ>yҗ 0~Y) ;]TN{wY2M`(xK= &{6~T͵(ĎwY2M`(xK8`oKXe;.Oq!)u;o4wY2M`(xKGwl*ʔonՌ3wY2M`(xKRM#dKl-j:1#f ]n,ٽwY2M`(xKWi/¸ ; Dur%o_N03wY2M`(xKx6F[hܺx{Qy*A$ʽwY2M`(xKzd .Rj[v4;%v8wY2M`(xK%W 1ŷs\e[@TF>?ܽwY2M`(xKS2PWz jbb!BdT>PwY2M`(xKتA̻0 WRf-# )wY2M`(xK5pN2*lLD cZ&}wY2M`(xK%A>WDf&ONx2GwY2M`(xK$\S\0܀~'9i;νwY2M`(xK>Wɢ1)}hCjVwY2M`(xKΌD2)`xT~1nw=f׾^ H彚wY2M`(xK7iV'ʺʿNT!% wY2M`(xK|դ ,lFerW?f}^tnսwY2M`(xK0b5æDs` 7!G/ewY2M`(xKebZ=";eBꢹ('>wY2M`(xK#ηu!,rS%dW"JT+{&ԽwY2M`(xK(R里s3_?NӓSc"\ȽwY2M`(xKE'RuQR:wY2M`(xKP ϝh0dނԷ X8@d'#5wY2M`(xKzVNWOъ[X ,es+wY2M`(xK0\z_ u 0guϛN@ =wY2M`(xKIH'0&3eos1ٽwY2M`(xKyڟ'hA-RQ+Rf9[@UwY2M`(xKDJ;Tӓ<4(޽wY2M`(xKT|WiKk5?j8"xwY2M`(xK]鑬oV(I 0('}\' wY2M`(xKռad$ x^_9'<^?K7wY2M`(xKڙC'qt }? eavr>:Q 8ՂAs CygwY2M`(xK %j\=dBk2c'b瞀\wY2M`(xK xg[ f (%=xwwY2M`(xKD!+ k1c E7;zHeѴwY2M`(xKۢG<$c|ԒPVQ#}wY2M`(xK?:,|A0srfa3;4b-zzwY2M`(xK#ֿ0^R9# pXaU[wY2M`(xK&LWeq ̰:oO RGнwY2M`(xK&l)8Kï#(ΰkAkýwY2M`(xK+Q"e{SK1|N"b>>MwY2M`(xK2igm+p芉40 wswY2M`(xK3$P~\Sr'km!ϵ_wY2M`(xK;vbz0?<'$ 3SU{lɽwY2M`(xKT )o/Dس8I]Q1wY2M`(xKXh Sv=,_juI?Sғpy< -wY2M`(xKZG/9'J`]j]U#wY2M`(xK^g$ h 0%[a&gJwY2M`(xKaS\GaH̝z] i(Պ:_*wY2M`(xKiANxb%Q &-:c>*)wY2M`(xKlo Fh;})m DvƝ)n폎/wY2M`(xKlbTӊ[=QdzH| &;ҺwY2M`(xKsj]ȅ2b #/-4W~sJνwY2M`(xKt mȡіՙ)G}rnwY2M`(xK|sr qHy IDm7S࢒J1#_xwY2M`(xK)+΍{`rjwT\{?5wY2M`(xK.-:Ir l!WA(Y ʽwY2M`(xK]'fH, Js#|#R88Jrh=wY2M`(xK0\_|V!MzۏcA#O<#5z-6_wY2M`(xK\&Bt-<*%FpwY2M`(xKX+F]wYNw\4ȁK0 wY2M`(xKXSkzFC,rD`OwY2M`(xKUJջ=\mO[ x+ jr4t]wY2M`(xK+q9Q$h;~Q4gsn`/wY2M`(xKs1廾m}%RfRϽwY2M`(xK}<_뭯CV l>"EnNwwY2M`(xKpR%:b56Iy8Mov72K wY2M`(xKsp- :/v7p>wY2M`(xKjќ#k#<?aLk7Ӈs2 wY2M`(xKR("Ta{ɇ\5;OvW}wY2M`(xKTwFEu+)\6sQEHwY2M`(xKlU]6*pkv$hqk\)\A" wY2M`(xKkTIZiwBߏEt67=wY2M`(xKmMg?|o]qsⷄ0"ĽwY2M`(xK˕*[VY#2gSDlDb㇩wY2M`(xK|nb'5#0{4awY2M`(xK {~ g4;uUwHl%&wY2M`(xKe•!̈́b UCf a ĢvwY2M`(xK)Oao-rSՁ"?MXDpwY2M`(xKxc TxW: }A#y:B8BwY2M`(xK .'Su\9Wd0Yv3-wY2M`(xK{P_7C*.>08,SF 5IwY2M`(xKҨ;BOJn'h{o"e(snp^wY2M`(xKExٷrK҈ԢnȃfwY2M`(xK聆f MZB]&cHX2t!wY2M`(xK!UM;-<җ}bg8hdV wY2M`(xKO^qYſqu\4_aRRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ gD[gL2-D$ KP uF"NQ\P$j$,BYN !u#c /bt>2qFn s <ƖŠcΨ\]'+xEx8>Biq5 ACPI DATAH`\D:>]LLG v\ז#i{'1o*W7 M } %@QmmDkaWO~wG3+*|)a8aʓ + BootOrderKwXNg+N Tx ϓQ(*#|rM1$g% D@S %VK&I8zEzKo)eVC`)aʓ +Boot0002Ubuntu A *(P$^C,jC-4\EFI\ubuntu\shimx64.efi5y{f0^Q Pͽɓ +Y ǻxX(9 'kv\I S3Ǯ04;<+~BՆơ$zi mKaʓ +`Boot0001&UEFI nvme_card-pd A NYMR,Y"۠5(޶Kt+ 10` äJTF.l _6* #Ra/4Fv bִvKVҎzgŏҩt˜naʓ +>Boot0000 ,UiAppɽ|4O>e!,FvEnf#1E1A'S&7V =grNu*,L_rPo*ƝV3 wڲ1+NWMZ!gz!*ځ x@4k 8 Cq(Calling EFI Application from Boot OptionixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟4WOz[uS?kB 5]91rl%1@L|T bY.(Ѽ6z+*Ŏf!]+"#>9E*#mYdEFI PART\K,?"?H:@HÜO=rGy=iG}pECZb~? ?Hah!IdontNeedEFI8-Oue'(s*K>;$^C,jC-(wYbBRuoqrܶ.hCvDx ~zQqujn9^ rMMawl{(8TN$NY΀ F7\GOPi@HD4 pG A *(P$^C,jC-4\EFI\ubuntu\shimx64.efi h`ݚڒ?) /kVGd̦t^͗t8<}&J 3We_ e |ǁ%O4Zh gJ:[{] P0 (% \ zsVzp?*_y;q>UQ&|ŌxwHo (hd0,gpt15)/EFI/ubuntu/grub.cfg Fhs)/h./nS3>h gJ:[{] P0 (% \ zsVzp?*_y;q>UQ&|ŌxwHo (hd0,gpt15)/EFI/ubuntu/grub.cfg w6b VcP S||]6I,U$> ǡ w+'m~)t=6ү f FZS{7>thݤ|8jkpg<((hd0,gpt16)/grub/x86_64-efi/command.lst e\z1N!Gbb 2] ~ 1~GU9zECܡlW s|>mWow(c tiTCKvpas٦2t\`9#(hd0,gpt16)/grub/x86_64-efi/fs.lst ҁ9R2: vo8I'{ 6>w'.uC Aej`;Ntw]^͇ 6CLkVrTA*fX68'(hd0,gpt16)/grub/x86_64-efi/crypto.lst f&K Ӕ(ꔓ F/6-`Bj1JZjCb%ߜ $Mk6Ŗ:'kX{Ȯ#FT\)(hd0,gpt16)/grub/x86_64-efi/terminal.lst T/2&݇_޷WάC {qjb}0 g+lЬ+vɒ=@Fkg 5lrH&|% ͵ݪ'@.0S4.z_@-UOjn}/grub_cmd: configfile (hd0,gpt16)/grub/grub.cfg HCB4:BN5pSa ޖVӝ(DМl/PN/I1* #  m7?e]r%rqhe:i`~]Z(hd0,gpt16)/grub/grub.cfg ]8^/-dѧi j~Oދ#(JsP?N@QRڇ WHoQ^p&ncے̼=J-_)%,#+{ڿh*grub_cmd: [ -s (hd0,gpt16)/grub/grubenv ] Gs|=i}a]Šb A"d^s>Bƣd&q K t0 ;R֐1(7Ȍ_^rdr[3.b)c7E(hd0,gpt16)/grub/grubenv Bƣd&q K t0 ;R֐1(7Ȍ_^rdr[3.b)c7E(hd0,gpt16)/grub/grubenv @hC^ ҹ)j/U'}4{~AV - `Gdml,x@kHtj>!*Cݽ]2Fgrub_cmd: [ = 2 ] E+ (]8 NCac(] Z9`{, sz8+ a[<%Ȝ?}dw`/aHj9SDV{Smmgrub_cmd: [ = 1 ] q #|A2Hǰ ΁$ G3DmynD: e ".%p/ru:TUMfVg?t'\%xΏHQgrub_cmd: [ ] u@ E+0≯>k :@&u}6\uo2>uѼX k$/rƦ.XXDdFg0nی%-_9G@grub_cmd: set default=0 g?go複 Eh6X1-dZ40/B7R!]iY 62wBn{=xyځ;,S,WJgrub_cmd: [ xy = xy ] R e*'~C# }MKbFc,!!%\46U a?Q@|T]RU2DÐ;)a龬f#grub_cmd: menuentry_id_option=--id bHY x̽/A J7 ;y}L^2+RGkPm^ -9{=d*m ;(xnk <۷h%grub_cmd: export menuentry_id_option q #|A2Hǰ ΁$ G3DmynD: e ".%p/ru:TUMfVg?t'\%xΏHQgrub_cmd: [ ] }r╉anJ $(ЛK%_]Vw$=_ \LLFTŲِgoSiS°%{:.*!grub_cmd: terminal_input console ^ G4 RU@ 0J#'wl"j }T" "F[  ]^z&u拣iL"grub_cmd: terminal_output console E+ (]8 NCac(] Z9`{, sz8+ a[<%Ȝ?}dw`/aHj9SDV{Smmgrub_cmd: [ = 1 ] g?go複 Eh6X1-dZ40/B7R!]iY 62wBn{=xyځ;,S,WJgrub_cmd: [ xy = xy ] Xy^;k9֍۩XG aʥOK?7Zt$NNގ ` _ vͧo.KE%WF.7zKH}DeB܊V#grub_cmd: set timeout_style=hidden 1BaYm'O" rC'oLrn#8)M E+Lv@@ekUhZl grub_cmd: set timeout=0.1 UF>4>cQ ϤgouGzf3>4ٳ`Y JɜLK o4C SF J”!vbE({z)Jc3grub_cmd: unset initrdless_boot_fallback_triggered Px@y:lk 澘Lu9B\UO(s f&lblx$p̢jX&ƪNV+wIzחj6grub_cmd: save_env initrdless_boot_fallback_triggered  WTZZ]P&'-cg |ڕVrE䀞e)} i|`}8kkQw}R%'anBLWԲuR}ba,grub_cmd: set menu_color_normal=white/black ԥT ُ$:e7 oyĻL MɄ ;F>^DBF4* NĦ8ilE=9"dx. \f),LņMp4grub_cmd: set menu_color_highlight=black/light-gray >7Vd>#r% ,erOϭVpkhLP*"` |"F罽ob ZlT6 NM͹\:e><grub_cmd: set partuuid=8270f3c9-b4e4-4345-80ee-5a62db7ebf3f B2 K2f 1J,^sI07A zZyo/N!9xIjXvfυwτ,Sgrub_cmd: [ != 1 ] oP_8ғJ PI-\*%"DZ# hw3'/MLxJgӪuS.xbyq ^3grub_cmd: [ -e (hd0,gpt16)/grub/gfxblacklist.txt ] 8T'D$ ՘l,67CQ+J?[U GHo˺ٺ!9L~1'nȹt~Ry֭g&Scgrub_cmd: [ efi != pc ] hz'<^(6MbMԏ} IauBDL:Zq ;q  oDk=3U=dm\q#۪dQ p:k"grub_cmd: set linux_gfx_mode=keep DNYנa_%b& "A%N2p$WY>ӷzd}i`E 6]nd6,耏|OԬf 2Q TH,ݨFFY grub_cmd: export linux_gfx_mode #slgT@/+?[ Fzmf+`ҎUONc G遫\oˈiX hF> RK]6HzZ7Lgrub_cmd: menuentry Ubuntu --class ubuntu --class gnu-linux --class gnu --class os --id gnulinux-simple-3ac66944-8849-48de-97e9-3c12eb5de1aa { recordfail load_video gfxmode $linux_gfx_mode insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 search --no-floppy --fs-uuid --set=root 94f07b36-6512-4b02-849a-286e93dcebf7 if [ "${initrdfail}" = 1 ]; then echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.' linux /vmlinuz-6.8.0-1010-gcp root=PARTUUID=8270f3c9-b4e4-4345-80ee-5a62db7ebf3f ro console=ttyS0,115200 initrd /initrd.img-6.8.0-1010-gcp else echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.' linux /vmlinuz-6.8.0-1010-gcp root=PARTUUID=8270f3c9-b4e4-4345-80ee-5a62db7ebf3f ro console=ttyS0,115200 panic=-1 fi initrdfail } v! (a?_[\{ D݂_ i' x( 5oF&q\M ՖJ҆r<[?S gFgrub_cmd: submenu Advanced options for Ubuntu --id gnulinux-advanced-3ac66944-8849-48de-97e9-3c12eb5de1aa { menuentry 'Ubuntu, with Linux 6.8.0-1010-gcp' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-6.8.0-1010-gcp-advanced-3ac66944-8849-48de-97e9-3c12eb5de1aa' { recordfail load_video gfxmode $linux_gfx_mode insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 search --no-floppy --fs-uuid --set=root 94f07b36-6512-4b02-849a-286e93dcebf7 echo 'Loading Linux 6.8.0-1010-gcp ...' if [ "${initrdfail}" = 1 ]; then echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.' linux /vmlinuz-6.8.0-1010-gcp root=PARTUUID=8270f3c9-b4e4-4345-80ee-5a62db7ebf3f ro console=ttyS0,115200 echo 'Loading initial ramdisk ...' initrd /initrd.img-6.8.0-1010-gcp else echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.' linux /vmlinuz-6.8.0-1010-gcp root=PARTUUID=8270f3c9-b4e4-4345-80ee-5a62db7ebf3f ro console=ttyS0,115200 panic=-1 fi initrdfail } menuentry 'Ubuntu, with Linux 6.8.0-1010-gcp (recovery mode)' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-6.8.0-1010-gcp-recovery-3ac66944-8849-48de-97e9-3c12eb5de1aa' { recordfail load_video insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 search --no-floppy --fs-uuid --set=root 94f07b36-6512-4b02-849a-286e93dcebf7 echo 'Loading Linux 6.8.0-1010-gcp ...' if [ "${initrdfail}" = 1 ]; then echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.' linux /vmlinuz-6.8.0-1010-gcp root=PARTUUID=8270f3c9-b4e4-4345-80ee-5a62db7ebf3f ro recovery nomodeset dis_ucode_ldr echo 'Loading initial ramdisk ...' initrd /initrd.img-6.8.0-1010-gcp else echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.' linux /vmlinuz-6.8.0-1010-gcp root=PARTUUID=8270f3c9-b4e4-4345-80ee-5a62db7ebf3f ro recovery nomodeset dis_ucode_ldr panic=-1 fi initrdfail } } .9& <pBi]fAx ]H~(WmH>V8>F$gMgv {n}ф/grub_cmd: insmod bli &޿j'V81. n5VKxV8>F$g:~sqJad m$\㒠˒5BYf.ku?nJc-:grub_cmd: [ 0 = 0 ] QKz|X\7T sg3zPjl{#5n;̨w<^ \ > ^ϩp`f8ڎC{b&iΪXCe2,qOgrub_cmd: menuentry UEFI Firmware Settings --id uefi-firmware { fwsetup } q=S|aRM>m Cy-׮Lnj/tK'#Q,.O ~dA: KA?Չ]BXk:eibզ8-grub_cmd: [ -f (hd0,gpt16)/grub/custom.cfg ] Njmu2.P+ oUa,EhR %p,e| wK_8bP/a < ͍toO7Dgrub_cmd: [ -z (hd0,gpt16)/grub -a -f (hd0,gpt16)/grub/custom.cfg ] jejH; ]fx ,Ea-_J {"Ф~6G&((Kٮt_ cmi*J`grub_cmd: setparams Ubuntu fF8魧) ~~(nNe@:8'{ gL. x%cAsk: Ws}(mf@K grub_cmd: recordfail p6b 6hDt d[׆HIf Pu Y@ SϘ3髭:C$v]/Ca& F $ lgrub_cmd: set recordfail=1 UF>4>cQ ϤgouGzf3>4ٳ`Y JɜwEqH4Rk(&|,b<%6/bfgrub_cmd: [ -z ] ^|ē|GSQi ,w;[f!cëp4MK_@ .G4sHPM*|Dݜ*7d|w8>pgrub_cmd: save_env recordfail f G$)SD v&ؾtBu6J>:;S<ךk e qjgrub_cmd: gfxmode keep .gmݛ \fW2{w wϜIyga>?똢o |^  $-nfDxrB"c#ѳX|grub_cmd: set gfxpayload=keep RAߥy] _BKU ]^j5lN;f DY $Xʳ^ iwe \)vgrub_cmd: [ keep = keep ] n*~ k ;6oaq"|s( aYi*&5'<S hG^I/Az$W&grub_cmd: set vt_handoff=vt.handoff=7 Ph lFtRgbT nǔė *aS$\=&9b^)iVg)W^6ͣХM$ïJXFiY4 k+âOgrub_cmd: insmod part_gpt ?\V/ 2 8҆ z eY ; 1 Bو[$,6wJ♯E; irºSgrub_cmd: insmod ext2 3i1b3TBrB>}4+~(3ӕgrub_cmd: initrdfail UF>4>cQ ϤgouGzf3>4ٳ`Y JɜwEqH4Rk(&|,b<%6/bfgrub_cmd: [ -z ] p& 49ܷ=K{ k,@sȡ4G;> 葓Rl_ 2 }/R Gx2_/O'N"grub_cmd: set initrdfail=1 z8gؕTqa- $6T}l&12YxHiHx L&"m/7|m@f;V913'Qrgrub_cmd: [ -n ] P–{fiDj/+b X9;w9j7ZGd P &%`, >`ɸ*0#?X&=ىUJ4dG grub_cmd: save_env initrdfail xYi֒sc`\y h,<3} H{7|'5r kX P4? u׋x.4|}VkOpWȻ"";LOADED_IMAGE::LoadOptionsL_͗6OVڄ #2ꞑɄ]K$]]3ݕ$A_O t>DΉmk5#aG3 3XǜATI 'd_;n(Exit Boot Services Returned with FailureD:k{VO.9<գJ =k{5j:#cROZ^ !K yu`4Hwt?*Sb$T@|K)]ڽevwExit Boot Services InvocationGUEx׿6~.H OuBrꃛ+t|~^a\@/D .]0m @ l& @i^dUJe,Ѐ# t(Exit Boot Services Returned with Successgolang-github-google-go-eventlog-0.0.2/testdata/legacydata/000077500000000000000000000000001515555264200236575ustar00rootroot00000000000000coreos_36_shielded_vm_no_secure_boot_eventlog000066400000000000000000000745271515555264200346770ustar00rootroot00000000000000golang-github-google-go-eventlog-0.0.2/testdata/legacydata)Spec ID Event03 0?pۯfU@6GL  2᥌M5}P;[jZy m.Bϒ4I9?71a!ߊΦae c0GCE Virtual Firmware v1+lcan> j$H WU;ern]iF( g,8%4Ͻ'+ވ(3mIVc<P, GCE NonHostInfoWMBGZ'CHO;B Z'DVb շ{M Ϥrb{mVi*X{Ecn ϯ@GK^ַ325aʓ + SecureBootZ>4=PB ۻfXe̘Jx[ArD cU<w ӥUZS:jC{* EhJaʓ +&PKY䔧J\+r& ҈G[G00ޠ Jg]0  *H  010 U newpk0 180821215115Z 180920215115Z010 U newpk0"0  *H 0 ̹|mkcb |,E΅RRH|C& 6ioТ#o4OkpBi!}u1 P#;V G0]c9ᖡ=&Ӣlȗ겕<:Q?%K>QՑg歌j'?NlV*Y` yө|WQa7}nRCH<ͼ9G F6ܒJF#XKS0Q0UPB/ۗ'(t1F^`0U#0PB/ۗ'(t1F^`0U00  *H  R?罰$2I{4;v`=ki[,׼}Yõ.l1#60g::+b!`,.(nfpX(gil'X%Pp`nTJmE[4&M<$.yȬ|8GCk3PWsJs{K ǃ 6Zi@ ,/==p5¹>qƭ$?}`ozuLQhX38%*KEg3%?CD nPyB.Ztvi b&G[d}-.fb {l"ZfWV @y΋V=ڑ WBB7B)C#(4~2x>aʓ +KEKY䔧J\+r҈G[G00Р a ш0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110"0  *H 0 赊W&&WzD] Jt*mZc2|O 8, 0HPdQȅO /Sjb: C%#pM/$JC ~Gl3*q<% /hvFOܭq*Xy=e;)*rY뮒5_̝vcy@yR{iO0K0 +70UbC͠>g[U{̶_0 +7  SubCA0 U0U00U#0EfRC~XN#U;:"j0\UU0S0QOMKhttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *H  Ԅ*<* נRfuz-vZy7jQ{ddgxΈXd W_iHK2]0x+4VʮA%pkז* K(){|vyo~l{E4Q9^VBwqV̟#˦X~ig~ <νC-j+Z|DR-R=`3e |N8/ o.9'B)FA;gCYe Ou;$PA@y-O j'vnRi{E­S076aJi4hl l"yF`!y2`ج"KK}?W5Ou`"Sy֛ATp 5|4r`;y뢲]%o8yi uk4`\WN62 'a`"r b8ÄbtņT)!%A$62̯Z 5 b[|<((yw6bB:؛Ȧ(!7k ˲:=EgeoG dbY䔧J\+r@$҈G[G00 a0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110"0  *H 0 lLE jK u CTd} s JEa-+MIA#/^Pƍ_A. lui!Mڭ,wS%27lRr5aj;PV2-B'UZ0TG%/&A\?[<>?GrU%"{*F 5'bq'Y7`8xpLEe¶~iuYXY䔧J\+r҈G[G00 avV0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100 111019184142Z 261019185142Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110"0  *H 0  . i!i33T ҋ8-|byJ?5 pk6u1ݍp7tF([`#,GgQ'rɹ;S5|'# oFnhttp://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0  *H  |qQyn9>\` QfG=*hwLb{Ǻz4KbzJ7-W|=ܸZij:ni!7ށugӓW^)9-Es[zFX^gl5?$5 uVx,Јߺ~,c#!xlX6+̤-@EΊ\k>p* j_Gc 26*pZBYqKW~!<ŹE ŕ]b֠c uw}=EWo3wbY~^fQߛ|^ kVs@{ "^Q_:@ɼ B%-JAxN|zKx, c6ߗ.˭.˲:=Egeo.dbxY䔧J\+rP4wY2M`(xK0 00  *H  01 0 UGB10U Isle of Man10U Douglas10U Canonical Ltd.1402U +Canonical Ltd. Master Certificate Authority0 120412113908Z 420411113908Z01 0 UGB10U Isle of Man10U Canonical Ltd.10U Secure Boot1+0)U "Canonical Ltd. Secure Boot Signing0"0  *H 0 _b dbKҟa+]8ιCCwO pF mm^ҷf mA cO|R̠1]FoUsvi!O"[-ە4(K!LʻyZg\xE=mY&WN,N7MG;| o鍣ξݔ00 U00U%0+ +7 0, `HB OpenSSL Generated Certificate0UaH* Z rPڐ30U#0 *#eZ&4Zc0  *H  ) J%}jyg%%Z^Z\ˍ#se"kIgɣbN\@܇aB"*\NR+89]Ve_+O&x]2E%G 7iv~4;gN%^_@1# % UG^[3ݳ1Z\]}> Y}; >o!9Y䔧J\+rwY2M`(xK00p 9\zP0  *H  0A10U Toliman10 U Cisco10UVirtual UEFI Root CA0  180403174734Z20990403161930Z0?10 U Cisco10U Antares10U Virtual UEFI SubCA0"0  *H 0 M!+ w1\W>ae~"O/KhLQgFBKj)g@gEҨW sUWďPIHfx+GUH%m".a.MX~x['} s연^u?xq/΃S10N#| T:^y^NͪނqNII鰫*GS0'|f o~=>ԢjY//=(BR=$@ve9070 `HB0U%0  +7 0 U0  *H  W`L)}k\l?iHudJ &!V]>uM=~B@qylqbǘ' / ɟ%ͻUuA1N]¬F՝G2Dt0WV~)ۛSҽ/ju&Ed(yWzd,NgyjwY2M`(xK세Kle qR0! b h2۲ '%'߶=IҕrLwY2M`(xKoN0;t􀠀Ѐ+ot!hwY2M`(xKN: [CƦ@O4=9bgΔ.#ڒ wY2M`(xK+&B.6_K 'lKzoD/ki9wY2M`(xK.pgsQpW2.#ӹ+Q}wY2M`(xK?Λ>TR^·mt:syqUpj>swY2M`(xKGa':k,Zmk6!h,*Z߽wY2M`(xKqo"I~TFb$ whٿcuwY2M`(xK;δCΝч͛YA=Xo+V7W_gwY2M`(xKHY jagznFdr!YEwY2M`(xK se(Q )$졺wY2M`(xK*xtUq *{F 2xnMwY2M`(xKᝮ.o(Xw#5yD=<wY2M`(xK9(K_3,w@ۦcJɱwY2M`(xK2 Edf(|zB3}) wY2M`(xK_ˣ>XGj( &q!}I/wY2M`(xKKheݐBOЮ2p>` wY2M`(xK4 qTzDUHwY2M`(xK5nU T5L5`[-UwY2M`(xK4kW3$ke^6**pIwY2M`(xKcWÔ. fD[WK`wY2M`(xKYVDc0wF*!Y[YswY2M`(xKۯm=[8S0J~ ͼX"1lwY2M`(xKebr.^^lnO{+.k콚wY2M`(xK[$=q==ݍKzq&W8_-ȆwY2M`(xK&yeAF 5Vw kĄ0tlwY2M`(xKmSco##o=WKׇ?wY2M`(xK !|~_N6p8 <#ʑC wY2M`(xKA7ǐvqos}:-M0_wY2M`(xK!jd@U@V풕a7XH.񷽚wY2M`(xKn [G{LӨ̤ X$׺wY2M`(xKLzAǃHBvo4Pс;wY2M`(xK-t6b) \\6BwY2M`(xKwOܑ蟣\N4Le2,ȷ? JiIze*UBw+ܑwY2M`(xK{Tc^wѬ҃?JW`<,ywY2M`(xK9]WQxWn!|Y_j%wY2M`(xKϧq+!oT(g-l~swY2M`(xK>'˳D8#'_\Y:7fۘL^Cz?kwY2M`(xKhF2Ǿf>ݓE-}ICwY2M`(xKK1ZUqH=s-M.!-1^нwY2M`(xK :U)7KZO&kRp촪%8wY2M`(xK~LԯcNhUyQ9q0(U+kwY2M`(xKh1!gKp,_]p-HwY2M`(xK<䰱rGoWY{'NĽwY2M`(xKWq*䉳tvͩa)بhҶc91]wY2M`(xK:(L} ,^L0J䕭ŌE< wY2M`(xKISylQ ~+d4ut彚wY2M`(xKu^i*1ËgVpwY2M`(xKSR)1B<I̧rRäY wY2M`(xK?>B~CS%+~^r n'mCwY2M`(xKr.#VrAJPΦj5!zwY2M`(xK\Xj7Eph(|A˛_RzUwY2M`(xKN5Lch'IW+)4%OSrTIwY2M`(xKJ)^ 7 kώd !1wY2M`(xK~q4Tao[ׄq*O4x*8pwY2M`(xK[nOe#X|,_gv*wY2M`(xK"M ?bQj~,lpwY2M`(xK (@%gq8R-(Gn5;AwY2M`(xK  s~oYlIP/KwY2M`(xK u pt$mOǴ>Yj53 kOur^wY2M`(xK QאoēIv]Bk,jrS2㧽wY2M`(xKQ0[Yec@i*.IQwY2M`(xKw0/I?%+o4j0/ wY2M`(xKqZD"3 K1L)]mwY2M`(xKs(x#bU߮T+r)ָwY2M`(xKXڋ3_:4?]W<+ wY2M`(xK^E4 5=eS|퓽wY2M`(xK' cj} [9f'NGwY2M`(xK)̤TN0DŽi\k"{[(@꽚wY2M`(xK+"kĤU.{\KH6ĘwY2M`(xK-ώp#E=h0پLwY2M`(xK1*[P0̓>T/GwY2M`(xK22mϬ^˝,\;"Ϝn`ǘԧwY2M`(xK4 +X3+V0 ֹ'IX%wY2M`(xK6. (1o aS.uPwY2M`(xK6z1僈1,FGjl決 z^wY2M`(xK7ei[B{5;!7褛o Yjxj4wY2M`(xK8mi\-EvxQUv7;ywY2M`(xK:Ot+3=藾BUwY2M`(xK:lEp YBb-Q.s5wY2M`(xK;45igA QLiOsYwY2M`(xK>9&ZաAgdz<=C!]D7A-(wY2M`(xK@ mY :0WY/B_wY2M`(xKAm[4{x+_ up\MGy=ĘwY2M`(xKAw2NeW2 DkQ%wwY2M`(xKEkMa[:tz]ZH)A A/]wY2M`(xKFg% ktͱdXsoW]ou]gwY2M`(xKGc@y1Q[./]=2wY2M`(xKW:R"vͯ1툉Td%St zӕwY2M`(xKX"q!mc~:e3?EƼ߽wY2M`(xK]˻J}KhRYpo"A̭wY2M`(xKaģwYp4ռn:ߺ t M⋈GGNwY2M`(xKm2WƤpu_AP0.ZG|wY2M`(xKpE 9Ui %2N 9X4ԉ-QwY2M`(xKro|뒘Ʈt϶]Af wY2M`(xKxd!sԨ(dqV 5zXbK7u wY2M`(xKx3ҿQg=>}QqV'whm#wY2M`(xKxʫ > ,#9LJnS1wY2M`(xKI̳ 2;zUD\1I^`pP'wY2M`(xKH#leYM+. P(4wY2M`(xKMx962̑Zt.0עfYG,+kfwY2M`(xKIW!cH#22hXe) pwY2M`(xK iYevFK*R$ԡHϭwY2M`(xKczl` rvիWȟ`-⽚wY2M`(xKejI;8$&2HWH [s 2SwY2M`(xK[Ƅ9čcvM/;wjwY2M`(xKpx|a:霚]Xf~,Չgz|LrwY2M`(xK-5hLHZkCbD|9d{wY2M`(xKTU豉AKl@ko>h݆1wY2M`(xKOvk֨_BMHv 8wY2M`(xK%0_9~uck6 WsnkЋuwY2M`(xKܷ/^t':@<y~"PwY2M`(xK? 2ī4:E %!j,wY2M`(xKxĽT5Y.¥{j50d/wY2M`(xK$B9os!slwY2M`(xK;GN[3SIHkvXg[wY2M`(xKֵ{E|{V)fZ=G:KQwY2M`(xK?Y ,%hy?nwy^m|"SuwY2M`(xK3c~mVɊS/ mIwY2M`(xKu2\fOJ7/5SHfwY2M`(xK&Wup*)\ŽwY2M`(xKC](*|sG[wk|v?iwY2M`(xKf;Mhn$poLgf DpwY2M`(xKFY~_ronr{h 8\BjwY2M`(xKP[k 9eNu^ƛwY2M`(xK- ^@!l,y ԽwY2M`(xKƝd9gBR~j<'on4"wY2M`(xK4 tĥnAܨ8rPykwY2M`(xK̎n!,zZ~m xGwY2M`(xKC.<~p%з yA(wY2M`(xKؚlHTKg f HKpNBwY2M`(xKf'g4$R;is"*M wY2M`(xK5` 2LiȖCkFUwY2M`(xKR(ÕiwwY2M`(xKߑO U|s,YE.NwY2M`(xKQ0Fj",aW_F彚wY2M`(xKmq!ꈄ(E2ooNS~T61wY2M`(xK㘑œ΂fo[+ШǿwY2M`(xKoy-O22٧o{aơ>;ȽwY2M`(xKM[kFGywhIGf wY2M`(xKfIa Oj);#(~.rwY2M`(xKU*y6b;1 To rgwY2M`(xKQ; TJh‘şB ܲ> Z~ =wY2M`(xKm5TiA @h)Y\,d*JwY2M`(xKa@?|ةpY}2ߏkwI_wY2M`(xKmq;`O, !ޮg%B[}:1[wßTixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟7ػz'1!.G` wB6duVj ߤji^r ;b k0*8v̧jD C:q$ژ-8aʓ + BootOrderBPF>.-b8& \hHhd.fD c7"Z 7'N5ڀlک:Bu ۢfSB~Y@qߦaʓ +vBoot0002bFedora*ٹ" ;G&=(4\EFI\fedora\shimx64.efi"۠5(޶Kt+ 10` äJTF.l _6* #Ra/4Fv bִvKVҎzgŏҩt˜naʓ +>Boot0000 ,UiAppɽ|4O>e!,FvEnf#15y{f0^Q Pͽɓ +Y ǻxX(9 'kv\I S3Ǯ04;<+~BՆơ$zi mKaʓ +`Boot0001&UEFI nvme_card-pd A NYMR,YE1A'S&7V =grNu*,L_rPo*ƝV3 wڲ1+NWMZ!gz!*ځ x@4k 8 Cq(Calling EFI Application from Boot OptionixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟t z~ ,a 潨 39L|lLuF͑zc %keucbیV4B8F^dEFI PART\z1?"?@k9Hah!IdontNeedEFImpG`BIOS-BOOT(s*K>;ٹ" ;G&=(EFI-SYSTEM=rGy=iG}}"MLp{0boot=rGy=iG}䧱«EzeIroot1{O:q;K3a2P -x؀u{[RJ8B"硍  3x|U]V2$Tcxb[9:KW֛%tʤۤr A *ٹ" ;G&=(4\EFI\fedora\shimx64.efi )-A;8YC!0ow ȪF[IF dxD.h獋Re P?7ЅyS#' <uX}*~$ 7Yu7|4vMokList R_ LK,v?I+ :PX8\J{T.^6nS|Yð %q3JW#!DGBHx}r h: cLvwa MokListX]9/:@u& .Uey^/I̧6i=AM C┍cD.j~qeA.prxt` V&MS.݇)8DP]`FC=݋# SbatLevelsbat,1,2021030218 >z􊵮5\ _bH_Rˎu &n+ ) .dceŸT~m<<$rkM"YM![x=P]`FC=݋#MokListTrusted E0FtS4qyA K/4ET;.ҷ` 1Å^E|Cx2|Q._ Uٓ ~HZ3J=.qvd&Bo Kgrub_cmd: set pager=1 PI BqһjL 1= 2vW4=?3 ,/oҐʪm-Ϸ8|a _fGQ+8f` @@z8w\CDY ~)= IBƣd&q K t0 ;R֐1(7Ȍ_^rdr[3.b)c7E(hd0,gpt3)/grub2/grubenv g?go複 Eh6X1-dZ40/B7R!]iY 62wBn{=xyځ;,S,WJgrub_cmd: [ xy = xy ] R e*'~C# }MKbFc,!!%\46U a?Q@|T]RU2DÐ;)a龬f#grub_cmd: menuentry_id_option=--id 7 ZWQw"!a$fX "r, 3v3J_^#B %́C 1D-(zq6l/% / ƒ܈i grub_cmd: serial --speed=115200 hAWFǚ}߄Q .2$~ or9$S̯ I L㦁_*\Q1R#r &i^ֆ(grub_cmd: terminal_input serial console qUy@QT6+ 0 uzhISBh0N\9 /3%}vxC!0*G?Y 7?෇1tƦ)grub_cmd: terminal_output serial console g?go複 Eh6X1-dZ40/B7R!]iY 62wBn{=xyځ;,S,WJgrub_cmd: [ xy = xy ]  +#LAnN V.JuםXE tQ/} %ؼߴ s( XD%TXV:nCijr)&!grub_cmd: set timeout_style=menu  B(p䮱?d1_ *!Uy XHyE:U Z ?5 = WxU /qv*D2 N1"grub_cmd: set ignition_firstboot= a=:^-L(Dԯ@|2 ͳ<^Lr&gz%grub_cmd: [ -f /ignition.firstboot ] tR a< N*Eq}P fPs=؏{Ě>5EV "F+v`,ASS zA 6)grub_cmd: set ignition_network_kcmdline= %, uFC|bF d ps\@h|R V 6_^F ~s'bSE_ow.\ljlIdY%grub_cmd: source /ignition.firstboot 9^kK 2U` Bșo$'AdLxRU 8`Q8L2~j!CL ǿc'N޿oeH[/ignition.firstboot L".f'-$QA0 j}O,SKճ|iTVd8% lLJp_m_~1~uG,ަ9GHY#5yP5grub_cmd: set ignition_firstboot=ignition.firstboot  93VO$&ft* QjD{dfFwtzp$m{d k';ݹP.iNGb1eg+v!LB\ 6-\Ͼ+grub_cmd: [ -f (hd0,gpt3)/grub2/user.cfg ] gu㉍f ? W|B"ETL=Dž ИXOO$^BIT,H{Q ~=_ÇpoFw+Rc^pgrub_cmd: blscfg ~{Bc,ti j>Ƥc8k)3'CY7e6юV Wn+T!mH:uP5@G{_TർJp7(hd0,gpt3)/loader/entries//ostree-1-fedora-coreos.conf f G$)SD v&ؾtBu6J>:;S?똢o |^  $-nfDxrB"c#ѳX|grub_cmd: set gfxpayload=keep Ph lFtRgbT nǔė *aS$\=&9b^)iVg)Ww νqXqTg 8d .vc,TħC> gbDEX :u?6<52?FZnVCsC>Xz(hd0,gpt3)/ostree/fedora-coreos-28f8e018c4312083b210ce13c9fdab9dcb7883a0200802dca4eeddc1030eb715/vmlinuz-5.18.13-200.fc36.x86_64 J+r-~{}i ͂!7ٽ=aErݤ.:3# {VGy:ג aHoܱ,KH_m`_kernel_cmdline: (hd0,gpt3)/ostree/fedora-coreos-28f8e018c4312083b210ce13c9fdab9dcb7883a0200802dca4eeddc1030eb715/vmlinuz-5.18.13-200.fc36.x86_64 mitigations=auto,nosmt console=tty0 console=ttyS0,115200n8 ignition.firstboot ostree=/ostree/boot.1/fedora-coreos/28f8e018c4312083b210ce13c9fdab9dcb7883a0200802dca4eeddc1030eb715/0 ignition.platform.id=gcp .Փ}|IG'I \.3%KQh{ V;J/JɝFHqP~'ux yjv(grub_cmd: initrd (hd0,gpt3)/ostree/fedora-coreos-28f8e018c4312083b210ce13c9fdab9dcb7883a0200802dca4eeddc1030eb715/initramfs-5.18.13-200.fc36.x86_64.img E^ca&: D ='箽R!]BGC _ܡO,Ǽ)[}䇝=rPpz+ieR3G(hd0,gpt3)/ostree/fedora-coreos-28f8e018c4312083b210ce13c9fdab9dcb7883a0200802dca4eeddc1030eb715/initramfs-5.18.13-200.fc36.x86_64.imgD:k{VO.9<գJ =k{5j:#cROZ^ !K yu`4Hwt?*Sb$T@|K)]ڽevwExit Boot Services InvocationGUEx׿6~.H OuBrꃛ+t|~^a\@/D .]0m @ l& @i^dUJe,Ѐ# t(Exit Boot Services Returned with Successgolang-github-google-go-eventlog-0.0.2/testdata/legacydata/crypto_agile_eventlog000066400000000000000000000333501515555264200301720ustar00rootroot00000000000000!Spec ID Event03  'W&z^rڨ_(Ao{Boot Guard Measured S-CRTM r @ CV ?kꊴ}(=+nUkT U@N: yEEn. F(CN Μㆵ. 0-kVOfu%c4aʓ + SecureBoot xhBTuP8xYӮv2ͦ\%{5kaʓ +GPKY䔧J\+rG+3̿%!Bm#x00 9=0  *H  0"1 0U Intel(R) Desktop Boards0 130202000949Z 230131000949Z0"1 0U Intel(R) Desktop Boards0"0  *H 0 2wM1A_69ѓβENeB,eՖ^"]-R#}U{*']3jR9ԁ!7ܩZM[lTht*\%iQ[5ϦXls3  P0N0UvVZ <90U#0vVZ <90 U00  *H  8! [-wڕҼ̝| 6',Ґ29>NFB-84$.βQy@,Սp.c#AI_Z03WN/c]i >ח,nʨ˺J8Fo.mUoz}4>7;RE Ό=6/弟_kcԱiCˮi : =Ұ買o%,>$^ ?3}7Bn# WY㋴Bرqy cxI7h'#pXQ;.*>aʓ +KEKY䔧J\+rwY2M`(xK00Р a ш0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110"0  *H 0 赊W&&WzD] Jt*mZc2|O 8, 0HPdQȅO /Sjb: C%#pM/$JC ~Gl3*q<% /hvFOܭq*Xy=e;)*rY뮒5_̝vcy@yR{iO0K0 +70UbC͠>g[U{̶_0 +7  SubCA0 U0U00U#0EfRC~XN#U;:"j0\UU0S0QOMKhttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *H  Ԅ*<* נRfuz-vZy7jQ{ddgxΈXd W_iHK2]0x+4VʮA%pkז* K(){|vyo~l{E4Q9^VBwqV̟#˦X~ig~ <νC-j+Z|DR-R=`3e |N8/ o.9'B)FA;gCYe Ou;$PA@y-O j'vnRi{E­S076aJi4hl l"yF`!y2`ج"KK}?W5Ou`"Sy֛ATp 5|4r`;y뢲]%o8yi uk4`\WN62 YvUD7]틶|x׌Q˲:=EgeodbY䔧J\+r@$wY2M`(xK00 a0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110"0  *H 0 lLE jK u CTd} s JEa-+MIA#/^Pƍ_A. lui!Mڭ,wS%27lRr5aj;PV2-B'UZ0TG%/&A\?[<>?GrU%"{*F 5'bq'Y7`8xpLEe¶~iuYXY䔧J\+rwY2M`(xK00 avV0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100 111019184142Z 261019185142Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110"0  *H 0  . i!i33T ҋ8-|byJ?5 pk6u1ݍp7tF([`#,GgQ'rɹ;S5|'# oFnhttp://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0  *H  |qQyn9>\` QfG=*hwLb{Ǻz4KbzJ7-W|=ܸZij:ni!7ށugӓW^)9-Es[zFX^gl5?$5 uVx,Јߺ~,c#!xlX6+̤-@EΊ\k>p* j_Gc 26*pZBYqKW~!<ŹE ŕ]b֠c uw}=EWo3wbY~Y䔧J\+rdH[JEjh040hBbԛOx0  *H  0'1%0#UCISD FW Update - Certificate0 170830042121Z 391231235959Z0'1%0#UCISD FW Update - Certificate0"0  *H 0 kR!]lt􆰪t[u:dwj{;z^;)#E)H֞lc aSJYPnNbv6D\C%/$LjhQE3Nn"؄7@bmj\0Z0XUQ0OC![P q5jܡ)0'1%0#UCISD FW Update - CertificatehBbԛOx0  *H  ]?*׻1%_oSXs^3 lv6q~tg.1A=ꮅ({NWYs $U4h 3~&VO~vԙ\(Q'NӼ>L5=/1rVR|%=n$ ; mX%.9=!\|iu+pb:7󐱈k|; 3[ A{.TP/Y s YGxM:" w-ޢo\& 𱹪  DJMʚȗV'ÅϹ +e[˲:=Egeodbx&LP@A6C(0wY2M`(xKi1 ORm@`MAe wY2M`(xK/֒r($E4[$k;}nzwY2M`(xKء- *o.s >d,NgyjwY2M`(xK63M. xbdYWC&`HXšvwY2M`(xK세Kle qR0! b h2۲ '%'߶=IҕrLwY2M`(xK^T`< k覃R8wY2M`(xKƨXdoy(#g+69ОwY2M`(xK _NQxmЁ%orxRYe&wY2M`(xK Cڬz0eu1{ 될ctwY2M`(xK 9v-6=cqZ9ϰF\`lk׽wY2M`(xK o)o3}rK H:*?OwY2M`(xK !Hʃ62u> [1R*[wY2M`(xKoN0;t􀠀Ѐ+ot!hwY2M`(xKN: [CƦ@O4=9bgΔ.#ڒ wY2M`(xK34)bퟗ>H-.ImTdwY2M`(xK+&B.6_K 'lKzoD/ki9wY2M`(xK+,'R*]IZ+R]fbUwY2M`(xK,s3%mԤ<[UYPPR}wY2M`(xK.pgsQpW2.#ӹ+Q}wY2M`(xK0f(Tw0W(JF}8zTiv^uҍwY2M`(xK6Awz/^g4g^Ù^i5 ҽwY2M`(xK8A!6\ !`9MlN g`b[wY2M`(xK?Λ>TR^·mt:syqUpj>swY2M`(xKCʃc| C-/&zKuwY2M`(xKGa':k,Zmk6!h,*Z߽wY2M`(xKQ1s>!"Ty 0a5wY2M`(xKZIU9[.B,/gg6A+\wY2M`(xKkxA{^`Gr̴/fwY2M`(xKlTGYQ&l+585rѓ.wY2M`(xKo(qկ.{˫d|eͶ& :x^wY2M`(xKqo"I~TFb$ whٿcuwY2M`(xKrk>Tj0=ppq-ĝ,#wY2M`(xKrg]V;ݼ2ت^/m(ؽwY2M`(xKx'6,q}䱿CqZH[ʤKŽwY2M`(xKeӇk)T̕SϪȣ;3佚wY2M`(xK;δCΝч͛YA=Xo+V7W_gwY2M`(xKZ~OG q"8b:ߒ=wY2M`(xKHY jagznFdr!YEwY2M`(xK4͐e;=<5P_{c!wY2M`(xK se(Q$Q?eYW5)@νwY2M`(xK5g+6~OIia]JlrMBwY2M`(xK,";VB\GYG8DoYwY2M`(xKn=)t=J2@ؽwY2M`(xKcOx,7`XbfnmwY2M`(xKϲ2.KmH],qgrRY\u"6wY2M`(xKaJ~UәnE AR'[wY2M`(xKU =HZ7?=|cwY2M`(xKw ^; b x  S^ˇ k/wY2M`(xK<9"`tFu7̔ܭZ˦G/4q9脽wY2M`(xK;S> #Aryę-æ6wY2M`(xKQ3@HΈrRjRç`IwY2M`(xKdW[x.V4Rk DxYuN-dEwY2M`(xKEȮu ϻH7R}ddMؑ<͊$Migߎ ?a/@W-=HwRI$ ?a/@W-=HwRI$ ?a/@W-=HwRI$ ?a/@W-=HwRI$ ?a/@W-=HwRI$ ?a/@W-=HwRI$ ?a/@W-=HwRI$ ?a/@W-=HwRI$ BXzI&4L?Z>́|,EFI PART\(vmpt"mpt:tLW%;r(s*K>;9#BkO>& GEFI System Partition3Dh&0*Dٕ,HG&yD<#*=(nIv~IPpS H&'R)=rGy=iG}I3|I}2V(R)>L=rGy=iG}U0 KD؊5>L+o JimyTz7`g>aʓ + BootOrder ֐OV`"fqsiW 6aʓ +VBoot0005UEFI : Built-in EFI Shell\#P&ۛBHGfLBO )( r/>i~mc\`aʓ +vBoot0002bCentOS*@9#BkO>& 4\EFI\centos\shimx64.efi :f/lpNu caʓ +Boot0001 zubuntuu♠u7K8^l*@9u-FTm4\EFI\ubuntu\shimx64.efi %O<*b5gn5Nl:)aʓ +Boot0004 tshellu♠u7K8^l*@TzuABOO.\EFI\shell\Shell.efi  kA#)4 ,ZV _U@aʓ +Boot0003 zFedorau♠u7K8^l*@TzuABOO4\EFI\fedora\shimx64.efi nݶoynd!7'F2A 2staʓ +DBoot0000 Windows Boot Manageru♠u7K8^l* PI H8"F\EFI\Microsoft\Boot\bootmgfw.efiWINDOWSxBCDOBJECT={9dea862c-5cdd-4e70-acc1-f32b344d4795} ֬߷ΤMAi)VD}f8p \#P&ۛBHGfL (qϡbYS4"!4i![& \EFI\centosgrubx64.efigolang-github-google-go-eventlog-0.0.2/testdata/legacydata/ebs_event_missing_eventlog000066400000000000000000000377211515555264200312220ustar00rootroot00000000000000q\G Uų;M602.Ga$^44~0b4lrע aHH7$[2td_'֌i噑HʪQ\ vdɄ+.IiK~PJf٪1+phUo09/I[nReZP:"%xh?ZAAPЧ>Ο`8ҏwn?[1jVlJB塭=cC>37"TӾז9w)X>sI98I׆ׂ -(_҃G1ؙ00 U00kUd0b0`^\Zhttp://onsitecrl.verisign.com/HewlettPackardCompanyDeSPrintingDeviceCSIDTemp/LatestCRL.crl0U0U 00 + 00+0Hewlett Packard Company, 2, Authority to bind Hewlett-Packard Company does not correspond with use or possession of this certificate. Issued to facilitate communication with HP.0;+/0-0++0http://onsite-ocsp.verisign.com0U`%Av<^͔O:ѧê.0U#0 _F 0U% 0 +0  *H  ms#@ > ߳ha&SHlē"rFpiՍ.Q2☡6bg1k.]'}* `&o`[Kך2L-RҐ)A!* },pV<M?RX;JTMlx1{dU b7L:bR6wYL׍k͆9z鶁)bjLD~AĴWΎaGbX5ܤj #[,je>S aʓ + KEKY䔧J\+r1k۪O*z 2v00s1uuqUn7Rm@0  *H  0k1 0 UUS1 0U Hewlett-Packard Company1:08U1Hewlett-Packard Printing Device Infrastructure CA0 120808000000Z 320808235959Z01 0U Hewlett-Packard Company1+0)U "Long Lived CodeSigning Certificate1:08U1Hewlett-Packard UEFI Secure Boot Key Exchange Key0"0  *H 0 i4j`^ P$ ܵCL~)',Y?:uJ)yk[ޙI퀧/¡4'?R,y~g̔dӰ@ઐQ HSIQ\f,WA̬ofh)#!oɶ-X[0;IGf\JjAȡY䔧J\+rwY2M`(xK00Р a ш0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110"0  *H 0 赊W&&WzD] Jt*mZc2|O 8, 0HPdQȅO /Sjb: C%#pM/$JC ~Gl3*q<% /hvFOܭq*Xy=e;)*rY뮒5_̝vcy@yR{iO0K0 +70UbC͠>g[U{̶_0 +7  SubCA0 U0U00U#0EfRC~XN#U;:"j0\UU0S0QOMKhttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *H  Ԅ*<* נRfuz-vZy7jQ{ddgxΈXd W_iHK2]0x+4VʮA%pkז* K(){|vyo~l{E4Q9^VBwqV̟#˦X~ig~ <νC-j+Z|DR-R=`3e |N8/ o.9'B)FA;gCYe Ou;$PA@y-O j'vnRi{E­S076aJi4hl l"yF`!y2`ج"KK}?W5Ou`"Sy֛ATp 5|4r`;y뢲]%o8yi uk4`\WN62y"W߃ (']˲:=EgeodbY䔧J\+r1k۪O*z 2v0x0`Vt9 GShsmm0  *H  0k1 0 UUS1 0U Hewlett-Packard Company1:08U1Hewlett-Packard Printing Device Infrastructure CA0 130823000000Z 330823235959Z0y1 0U Hewlett-Packard Company1+0)U "Long Lived CodeSigning Certificate1(0&UHP UEFI Secure Boot 2013 DB key0"0  *H 0 GdYWol ߗ;6CꚫMO%6K/}؊9afs8.h>dRk(uo4y$?:2q"`v1(r:QC*+j9'gy:AyƔk۔D<5GרӍ?m4lhX#'j6⚘ᒦn)쓝5Y~]ٺgvzQ4_22Ar"i$A"ˬsZY()TϾFw͓VڲNɖmr7nP(ZAJ~ n6TTa 4`@Y䔧J\+r1k۪O*z 2v00iSk['0  *H  0k1 0 UUS1 0U Hewlett-Packard Company1:08U1Hewlett-Packard Printing Device Infrastructure CA0 120823000000Z 320823235959Z01 0U Hewlett-Packard Company1+0)U "Long Lived CodeSigning Certificate100.U'Hewlett-Packard UEFI Secure Boot DB Key0"0  *H 0 Vi bss゘µkw'3a+m>zN  hj;}O`ID!_Lx<[[iux<QS5rw5~OhF-7f#Q&-w҃Z6|,+VK Ϥ-hI7m}Ӆ?LDE/ 5Cד1f;ԆUHjP]>*m00 U00kUd0b0`^\Zhttp://onsitecrl.verisign.com/HewlettPackardCompanyDeSPrintingDeviceCSIDTemp/LatestCRL.crl0U0U 00 + 00+0Hewlett Packard Company, 2, Authority to bind Hewlett-Packard Company does not correspond with use or possession of this certificate. Issued to facilitate communication with HP.0;+/0-0++0http://onsite-ocsp.verisign.com0U :‹<C/jH]Ǹ)0U#0 _F 0U% 0 +0  *H  gީȬu_8r/Χ9|O6!ꤠ]S@t+hi$񑂷?`=<6={q#lܮ KKu^URڷi(ֶ9Ұ?4Cʨ)8&L !KyCC A4_'weȸM^O ,~CSWg:Is,UA$3$z?^ gM?p0W6)wΐۗ Ev-"鳼ls|Y䔧J\+rwY2M`(xK00 avV0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100 111019184142Z 261019185142Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110"0  *H 0  . i!i33T ҋ8-|byJ?5 pk6u1ݍp7tF([`#,GgQ'rɹ;S5|'# oFnhttp://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0  *H  |qQyn9>\` QfG=*hwLb{Ǻz4KbzJ7-W|=ܸZij:ni!7ށugӓW^)9-Es[zFX^gl5?$5 uVx,Јߺ~,c#!xlX6+̤-@EΊ\k>p* j_Gc 26*pZBYqKW~!<ŹE ŕ]b֠c uw}=EWo3wbY~Y䔧J\+r@$wY2M`(xK00 a0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110"0  *H 0 lLE jK u CTd} s JEa-+MIA#/^Pƍ_A. lui!Mڭ,wS%27lRr5aj;PV2-B'UZ0TG%/&A\?[<>?GrU%"{*F 5'bq'Y7`8xpLEe¶~iuYXfg}B0,g!$bu˲:=Egeodbx&LP@A6C(L0n4 zDx ,x?78v&LP@A6C(0wY2M`(xKi1 ORm@`MAe wY2M`(xK/֒r($E4[$k;}nzwY2M`(xKء- *o.s >d,NgyjwY2M`(xK63M. xbdYWC&`HXšvwY2M`(xK세Kle qR0! b h2۲ '%'߶=IҕrLixE (QsC>RRs%9s!_H>Ú) ACPI DATAF9XTrL ACPI DATA9BNӄj`Taʓ + "BootOrder  J=rB.£I1Eaʓ +~Boot0012bdebian*ȷ9H=K)4\EFI\debian\grubx64.efiISPH͗@  H \raʓ +BBoot000CUSB:  A NYMR,Y ISPHJڣWPUB̀aʓ +PBoot000D CDROM:  A  NYMR,Y ISPHbPkP{$90tOX maʓ +=Boot000EUSB:   A  ISPH fAV椆{aʓ +KBoot000F)CDROM:   A   ISPH8~m P̢8GqUbaʓ +vBoot000A6MTFDDAK512MBF-1AN1ZABHA MTFDDAK512MBF-1AN1ZABHA A ISPH4ltch$#0䘣aʓ +sBoot000B5IBA GE Slot 00C8 v1550IBA GE Slot 00C8 v1550 A ISPHh  ^BԄaʓ +TBoot0000,Startup Menu5{3hNWҬC=EPwWISPH,%a`Z|{aʓ +bBoot0001,System Information5{3hNWҬC=EPwWISPHc˱E 6JIaʓ +RBoot0002,Bios Setup5{3hNWҬC=EPwWISPH@!9?΍>'0aʓ +|Boot0003,3rd Party Option ROM Management5{3hNWҬC=EPwWISPH&ja>Laʓ +bBoot0004,System Diagnostics5{3hNWҬC=EPwWISPHA';ԨDhaʓ +bBoot0005,System Diagnostics5{3hNWҬC=EPwWISPHdTЃW3ل;^aʓ +bBoot0006,System Diagnostics5{3hNWҬC=EPwWISPHdEBJQG *\aaʓ +bBoot0007,System Diagnostics5{3hNWҬC=EPwWISPHXk(!u,ؕeEaʓ +PBoot0008,Boot Menu5{3hNWҬC=EPwWISPHXrSA[1VEN/aʓ +VBoot0010,Network Boot5{3hNWҬC=EPwWISPHE1A'S&7V(Calling EFI Application from Boot OptionixE (QsC>RRsixE (QsC>RRsixE (QsC>RRsixE (QsC>RRsixE (QsC>RRsixE (QsC>RRsixE (QsC>RRs\ԱQ_Íّ֧jU:dEFI PART\w6 ;";fZM5THah!IdontNeedEFIgbDŏM(s*K>;ȷ9H=K)EFI System Partition(s*K>;y@%j&)_=rGy=iG}nܮ`LVqM=;S ԜTnV A 1N>;*ȷ9H=K)4\EFI\debian\grubx64.efigolang-github-google-go-eventlog-0.0.2/testdata/legacydata/linux_tpm12.json000066400000000000000000000521051515555264200267370ustar00rootroot00000000000000{"Static":{"TPMVersion":1,"EKPem":"LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJDZ0tDQVFFQWxpeWp3c1o3ZU5WMVkxRGVSMUtrL0JIdHFhcnRhREZQTXh5S05tWXdSbHZiTDJ1UXBObGIKT2MwaXpWVlZaelJORTY2T2pmcUZCT045K3d5ZUdsQXZGMW5LdWtxM3BLTlBFMVNwUm80eUUvbWZVdW14d1pPUgpzWnlNZXZPelNhbVQxaWdhMHZ0c1Q4TktvVGdRQTFjQUNLNXNYeGpDRDRjMmxYb1dtV3dlRWJMc3N6andualBVCkNNU1pWWnZlQ2RLM1NtL05WamhVdnRab1JodTc3NEZXOUl1NUhZaFVQWXFRNWVBaEVtMlFQT1NQOE10MmJIWTcKM3UzYlkwd0pvNVlxRzNaRkJQYjJLaUxlY3hacFZYY0k5VHNxbmlLcW5XLzJkdlhMRyt5WHVxVTBpVkhiSTZZTQozTjdTUmVGODhNMXBaQTZXSTI5emNtQThHN0NXL3NVWW1RSURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K"},"AK":{"Public":"AAAAAQABAAIAAAAMAAAIAAAAAAIAAAAAAAABAJt+7mczx4uRZR3Y2MUSBBBipAK588vhMHYMI4tDGwXBF+4Ri7spbIrYoRykafNupO57w+sS0GwpAotbkm7LLWXjNkioFVxige6uKsh+gqlNOy98tou9y4kgQFHmJbchxmz9o9Mo2Oi/MLC9thq/iYt5b2nmiNILnQZS+YGg1lPIoBxOhkVEoTSzpAFV1CstJJRhqkKlPmeR9fm1lnJeUapN0BD0WZ0PSWYmS/iUno1OnDp/mrqIrX28HPIaU3hDNVnQvgRmtl+e35VpoqXpW58Ej5jnLaipJsG7PWVd33JTu5ezTk3OG3C4zjgrHq4eTszV7F1BPUwq4Zmb2e6FsxU=","UseTCSDActivationFormat":true,"CreateData":null,"CreateAttestation":null,"CreateSignature":null},"Quote":{"Nonce":"","Alg":4,"Quote":"AQEAAFFVT1TUe8hZBOBgoRyPd07c7+kmB3KYG9o5o+5ea0sNMlW/75VgGJCv2AcJ","Signature":"AYWsgkmbV1kr65B4tHA3dYN4LD2+FaZQz8mq80Bu+M+yqBxGdGsELKC0TSLfXRXTbmA8fQAH7X++tM2M9z5PaIWtqULfGfkn/ao8dhFE0T/gm2c47/BgG7oyxtdnSlzFaQwQQzdprkHq6bBZDMA7AhcUXKfnxIllh9DsHGgPSrrOT44mwAnmpf/3eNDQ++2b+Sy01csAXtkVCB4tRyOgf48KpS0uEQ647bYsjCJatMOAXx+YV3XB7c9Drj4hsORsOpXaaFOTpN5HOAmIQqsS0tJKM78i1Sbp1/E/WlqLjffTwoeP2OJlsT85Xkmss0vhy9xBLcHV1oe0X5PUziZfjg=="},"Log":{"PCRs":[{"Index":11,"Digest":"AAAAAAAAAAAAAAAAAAAAAAAAAAA=","DigestAlg":3},{"Index":0,"Digest":"g1hNOUmsEYL7BJe1mz33M2uGSPo=","DigestAlg":3},{"Index":2,"Digest":"sqg7Dr8vg3Qpmlsr38MeqVWtcjY=","DigestAlg":3},{"Index":15,"Digest":"AAAAAAAAAAAAAAAAAAAAAAAAAAA=","DigestAlg":3},{"Index":22,"Digest":"//////////////////////////8=","DigestAlg":3},{"Index":1,"Digest":"DaB6FWt2viN2iGOSkoJNPmDLm0w=","DigestAlg":3},{"Index":19,"Digest":"//////////////////////////8=","DigestAlg":3},{"Index":18,"Digest":"//////////////////////////8=","DigestAlg":3},{"Index":23,"Digest":"AAAAAAAAAAAAAAAAAAAAAAAAAAA=","DigestAlg":3},{"Index":8,"Digest":"AAAAAAAAAAAAAAAAAAAAAAAAAAA=","DigestAlg":3},{"Index":4,"Digest":"krsrnniakXVjtxmHfpilZCyBCp8=","DigestAlg":3},{"Index":5,"Digest":"wkFtAPfMHl/BdtCt4He+zj8ksXM=","DigestAlg":3},{"Index":6,"Digest":"sqg7Dr8vg3Qpmlsr38MeqVWtcjY=","DigestAlg":3},{"Index":21,"Digest":"//////////////////////////8=","DigestAlg":3},{"Index":7,"Digest":"mhb64z08eV0diLoORWo98L745Yc=","DigestAlg":3},{"Index":13,"Digest":"AAAAAAAAAAAAAAAAAAAAAAAAAAA=","DigestAlg":3},{"Index":14,"Digest":"AAAAAAAAAAAAAAAAAAAAAAAAAAA=","DigestAlg":3},{"Index":16,"Digest":"AAAAAAAAAAAAAAAAAAAAAAAAAAA=","DigestAlg":3},{"Index":17,"Digest":"//////////////////////////8=","DigestAlg":3},{"Index":12,"Digest":"AAAAAAAAAAAAAAAAAAAAAAAAAAA=","DigestAlg":3},{"Index":3,"Digest":"sqg7Dr8vg3Qpmlsr38MeqVWtcjY=","DigestAlg":3},{"Index":9,"Digest":"AAAAAAAAAAAAAAAAAAAAAAAAAAA=","DigestAlg":3},{"Index":20,"Digest":"//////////////////////////8=","DigestAlg":3},{"Index":10,"Digest":"RoMGhc7O9bCOMFX7dG5X04Hj4/k=","DigestAlg":3}],"PCRAlg":0,"Raw":"AAAAAAgAAAC7va1/L/95GKVDzGR9dv/TNKoRSRQAAABOADEARgBFAFQANAAzAFcAIAAAAAAAAAAIAACAfecr2ongo5AVJMqqkOPTB9EI7dwQAAAAAAD+/wAAAAAAAAIAAAAAAAAAAAAIAACARX5S8IyvH6Yq1DxbchWNw3XrtPQQAAAAAADs/wAAAAAAABIAAAAAAAAAAAAIAACAt7GkWX/M/F+PJaxRJW9G8QgQ5NIQAAAAAADd/wAAAAAAAAMAAAAAAAAAAAAIAACA8UVzlAyD5GSD02YWU0/nw7PxcFgQAAAAAACZ/wAAAAAAAEQAAAAAAAAAAAABAAAAjNqsYED0qOH8Uc0ucplKxHffUPcJAAAAQUNQSSBEQVRBBwAAAAEAAIBbqTydsM/5P1K1IddCDkP27aJ4TzUAAABh3+SLypPSEaoNAOCYAyuMCgAAAAAAAAABAAAAAAAAAFMAZQBjAHUAcgBlAEIAbwBvAHQAAAcAAAABAACAlFK8Osx3VgwMitIk1EMjevXD7SD7AwAAYd/ki8qT0hGqDQDgmAMrjAIAAAAAAAAA1wMAAAAAAABQAEsAoVnApeSUp0qHtasVXCvwctcDAAAAAAAAuwMAAJZOwjzHIthBiGOOOdzcws8wggOnMIICj6ADAgECAgkA67UT1Gux3G4wDQYJKoZIhvcNAQELBQAwajELMAkGA1UEBhMCSlAxETAPBgNVBAgMCEthbmFnYXdhMREwDwYDVQQHDAhZb2tvaGFtYTEUMBIGA1UECgwLTGVub3ZvIEx0ZC4xHzAdBgNVBAMMFkxlbm92byBMdGQuIFBLIENBIDIwMTIwHhcNMTIwNjI5MTAzNDM2WhcNMzIwNjI0MTAzNDM2WjBqMQswCQYDVQQGEwJKUDERMA8GA1UECAwIS2FuYWdhd2ExETAPBgNVBAcMCFlva29oYW1hMRQwEgYDVQQKDAtMZW5vdm8gTHRkLjEfMB0GA1UEAwwWTGVub3ZvIEx0ZC4gUEsgQ0EgMjAxMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALacXWJj09F3UmaZX9giEoZxGx6uFDoYS/8MVP378r5aSdShp1Ief2xLx2AKzsK8fasTtmbpEsN8dfPewPMyGbhe8pzLWJhm2XMU6JtvKrJkNBY/B5u4GfosydYGVU53tSHlc2wCpUCx9LIxh9NTJPgsqm1Cqly0u6XszgUpxUKTWhzU56vfXoNwh3eoWXgz1MrxRmrAnpwEPwOeE1IPChM825RrXUwUCXMXGgs65uyhRR06paqa9N60sxXxB8jW+uCoMJm3jqPQ/zvyyfmIizG2ov0KTfT/KK7Ftdo+QpMmmpq9qg5UWP6HryCgd8w94ZZS8phOMhQusujtOwF62JMCAwEAAaNQME4wHQYDVR0OBBYEFP9330sXTHGLdPkXnew0PY0ZDpRIMB8GA1UdIwQYMBaAFP9330sXTHGLdPkXnew0PY0ZDpRIMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHBlr6+QJa1V1pGl5t+RoInvjzJLte7G1Y67E45DXT1yTjpPJqZnsChWz2oc6jDuCGEtfUKM+t7W7tU7lAwoYd9PT/D+IdumzXiKDwcoX9XdtdeTcpjJbmWI8qW3qcN1DmUSvNUy1F3OwtFlXrlsTqgAB7ooeDCKDHC1VFhQtSIjPt9hT+CR7mAbR4Ry9+pppSjKT/U6txgOPr+HMYcKENnFNKsAfRAH6brC7UGpQcC/6p6C+1SdhbmBNl8B8ZwaubhcsRbJ6UyAEnhBeQfo+W0R7SyIjj0NvWwjF2Ac1kcb9itRtLaCUXzJXtJgJVk8eWUzHzqQgCPKwZgubhSOkXYHAAAAAQAAgAanIQoat9JprfKt4MzTFDZsEgcyFwoAAGHf5IvKk9IRqg0A4JgDK4wDAAAAAAAAAPEJAAAAAAAASwBFAEsAoVnApeSUp0qHtasVXCvwctkDAAAAAAAAvQMAALbHrH9/EpxOnF0ID5iZQ0UwggOpMIICkaADAgECAgkAlVJDgopaZS4wDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCSlAxETAPBgNVBAgMCEthbmFnYXdhMREwDwYDVQQHDAhZb2tvaGFtYTEUMBIGA1UECgwLTGVub3ZvIEx0ZC4xIDAeBgNVBAMMF0xlbm92byBMdGQuIEtFSyBDQSAyMDEyMB4XDTEyMDYyOTEwMzUzNFoXDTMyMDYyNDEwMzUzNFowazELMAkGA1UEBhMCSlAxETAPBgNVBAgMCEthbmFnYXdhMREwDwYDVQQHDAhZb2tvaGFtYTEUMBIGA1UECgwLTGVub3ZvIEx0ZC4xIDAeBgNVBAMMF0xlbm92byBMdGQuIEtFSyBDQSAyMDEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5qU6IuY/NFCMSxrr10Xvald7Dx4/wiT6urFwQ3nbrQGeLhbh4Gb7jLWBD9cghJTHOxjCbIAhVhBVmK5OkTRgN5hBeQ3pSzk8t1TBUDlQ/gfPnSLECSTSN2xkwGQzN26H0vBiG46zazD4yfbNTah5Aiz/nqVs/ZOFc2ugQhlsx+vHs8RBrYOUjwHXCk7vdLEGIU+JN41qyluS+jxcw8gGCd3FAs5fd1Fs6W3/hotEPQeW1dMyF1GtT3yDtq3hIbOlcM/30ret38akC8nO6oTryp/hWvnY+WjZseApUc2QpIbnoOcJDNfEoN2LTLzviT+MdmT+KBVhUAeLv0brCmG6ZQIDAQABo1AwTjAdBgNVHQ4EFgQUgI75wXmWQN5BRsgOfEu0gkY+fdQwHwYDVR0jBBgwFoAUgI75wXmWQN5BRsgOfEu0gkY+fdQwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAkPwYHBtt8AI7g0QkuGmryN8tIqpV2qfwiFvbQaEDTUqd+XIsjRqdrFOJCIJw9PiTVrdoul8uPuW4hEuNuKSGoah6q/xlUnGuAmZJ1IW77ZUoBY06XLt/QBPSQikBiJK+ogu6atM0rzz7apn/Li++Bnobizb8G3sIrvYCgi7kgzh7VrojUvpv8GSlCjfyXZ8iCVu/XWyA/otzfYQW82r7GkpbhjRzIgqncx4oTPh2EMhcjP1sEpAAhbHiOmbvaRZGnhJFfuwLMVfMPgZf3ktyXnTLvN7jxap6p4IRqrllmPJAyqd0VG0aoFxJJoTfLr2jVx0TUYxfu+YafIKkV3yLv6FZwKXklKdKh7WrFVwr8HIYBgAAAAAAAPwFAAC9mvp3WQMyTb1gKPTnj3hLMIIF6DCCA9CgAwIBAgIKYQrRiAAAAAAAAzANBgkqhkiG9w0BAQsFADCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE7MDkGA1UEAxMyTWljcm9zb2Z0IENvcnBvcmF0aW9uIFRoaXJkIFBhcnR5IE1hcmtldHBsYWNlIFJvb3QwHhcNMTEwNjI0MjA0MTI5WhcNMjYwNjI0MjA1MTI5WjCBgDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEqMCgGA1UEAxMhTWljcm9zb2Z0IENvcnBvcmF0aW9uIEtFSyBDQSAyMDExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOi1ir+tVyawJsPq5/tXekQCXQcN2krldCrmsA/sbevsf7njWmMyfBEXTw7jC6c4FZOOxvXghLGamyzn9beR1gnh4sAEqKwwHN9I8wZQmmSnUX/IhU+PIIbO/i/hn/+CwO3pzc70U2piOgtDueIl/f4F+dTEFKsR4iOJjXC3pB1N7K7lnPoWwtfBy9ToxC/lme4kiwPsjfKL6sNK+0MREgt+tUeSbNzmBInr9TME6xABKnHl+YMTPP8lCS9odkb/uk++3K1xKliq+w7SeT3km2U7zCkqn/xyWaLrrpLv9jUTgMYC7ORfzJ12ze9jksGveUCEeYd/41Ko6J17B2mPFQIDAQABo4IBTzCCAUswEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFGL8Q82gPqTLZxLSW9lVrHvMtopfMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFEVmUkPhflgRv9ZOniNVCDs6ImqoMFwGA1UdHwRVMFMwUaBPoE2GS2h0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY0NvclRoaVBhck1hclJvb18yMDEwLTEwLTA1LmNybDBgBggrBgEFBQcBAQRUMFIwUAYIKwYBBQUHMAKGRGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljQ29yVGhpUGFyTWFyUm9vXzIwMTAtMTAtMDUuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQDUhIj1FJQYAsoqPPsqkhwM16DR8ehSZqjuorV1epAAqi2kdlrqebe5N2pRexBk9uFk8gJnvveoG3i9us6IWGQM1lfIGaNfBdbbxtBpzkhLMrfrXdIw9cD1uLp4B6Mr/pvbNFaE7ILKrkElcJxr6f6QD9eWH+XnlB+yKgyNS/8oKRB799d8pdF2uQXIee0PkJKcwv7fb35sD3vUwUXdNFGWOQ/lXlbYGAWW9AemQrOgd/0IGfJxVsyfhiOkh8um/Vh+1GlnFZF+gfJ/E+UNi4o8h4Tr4869Q+WtLYSTjmorWnxE+lKqgcgtHLvgUt8AEfiaPcFgsOEztaOI0WUZChrnrHykwYKHTjixLw3FFIdv/Y0uvDm25+bD4OTNJ4TvlELvKYuQRkE7gRtn2PlDWWXLDbz9AJJP9HU7p6kk/FBBQHngLU8Kaid2blLtlml7rw/3hwXQRcKtUxSBH/swBKo3NmHaSmkbNNho7dYCz2yUDNPPbCJ5rbHwvAOiRmCpxAfCIYLx/fLoeTJgv9ispSIUS8rB2EvrfT9XNbLmT3W0sGADIlOukXkd1ptBHxWGVHCy3g01D3ywNHK6l2A78HnrorIcXaIWuIfF6Rv2tZclbzif45H6inmYw2kOt6McIAWX+MoUrgDXxPPAFBB1azSgG7WZYPNcsMVXTjbSMoS/ngcAAAABAACApg692GV5w/n1qMwsTYrMy/ipGZP8EwAAy7IZ1zo9lkWjvNrQDmdlbwIAAAAAAAAA2BMAAAAAAABkAGIAoVnApeSUp0qHtasVXCvwct4DAAAAAAAAwgMAALbHrH9/EpxOnF0ID5iZQ0UwggOuMIIClqADAgECAgwJRWN62MIg32HqUkQwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCSlAxETAPBgNVBAgMCEthbmFnYXdhMREwDwYDVQQHDAhZb2tvaGFtYTEUMBIGA1UECgwLTGVub3ZvIEx0ZC4xITAfBgNVBAMMGExlbm92byBMdGQuIFJvb3QgQ0EgMjAxMjAeFw0xMjA2MjkxMDQ3MzFaFw0zMjA2MjQxMDQ3MzFaMGwxCzAJBgNVBAYTAkpQMREwDwYDVQQIDAhLYW5hZ2F3YTERMA8GA1UEBwwIWW9rb2hhbWExFDASBgNVBAoMC0xlbm92byBMdGQuMSEwHwYDVQQDDBhUaGlua1BhZCBQcm9kdWN0IENBIDIwMTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXVjfbqMNwZ45f7mRnehYEcU9MyeuJLukkPuvH5KR0V+3SX/Oln5KK459Z45iuZrktAfx1R7u4cbCx5mR/HnQW1gpMHSmU4WFBNzdeF9DeN2pL5DB5YjPNoNo+tmKgaUMnGr5RoXNhE8e1kwt6uSUfuAzj/hRbBf+EWKI7wJ7oiiZJuXQAD18eEqNqi3PeWTWkNLNicBbNc4d8CbB3h5HnmfflvBBS2tdXJwVUfpRizDNSG1p7NxAUR0QuE4rWYqUi6TJUZgJtjV/zgs9IsCFfysqISoZa8fYtC8UkKCpJkAOgyNw5j01B04/LK7nFz4xu+TQsEx/cxsHb+Pi1Y8r/AgMBAAGjUDBOMB0GA1UdDgQWBBSDix9UwVUEY/RfmHAGQPEQaSZZSTAfBgNVHSMEGDAWgBTvgZH2zRcWQQpoUG5UfnDNkgVhazAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCr5E7O+sI59eHrPJM1qKiclTYYxI6Yvkf9KL9CKIsiSZs4I0OjaQVYi/xH94HFhzwl9rvbCCS2n82/bRjXIhRAARhzXx95RMx0/cj5qUtbO6OAxCjmQhUm66Bz7Muag8EoAOknutDmJoOKQS8JLfRlqoskv9jAjhK4AXdh+JthMAB4kFsjbCazFLMkr0+moq5DVIs81gxbglCycydwJ0xrQFjW5yRqMZ5TDehYUEJg37eJ2skxAODzD4jG0ZzzZ/HISzYX2gTG+MQFibOPvwwnVd/82tSrNJoOLWMa4lCtxVxR7r6s10p9TdxR4SVNjsxGXHHSRhv54tbgUGSKjkDAoVnApeSUp0qHtasVXCvwcrMDAAAAAAAAlwMAALbHrH9/EpxOnF0ID5iZQ0UwggODMIICa6ADAgECAg8DCUhikDR1koc0lYcjCU0wDQYJKoZIhvcNAQELBQAwVTELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMQ8wDQYDVQQKDAZMZW5vdm8xHDAaBgNVBAMME0xlbm92byBVRUZJIENBIDIwMTQwHhcNMTQwMTI0MTYxNDI0WhcNMzQwMTE5MTYxNDI0WjBVMQswCQYDVQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExDzANBgNVBAoMBkxlbm92bzEcMBoGA1UEAwwTTGVub3ZvIFVFRkkgQ0EgMjAxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALw7g7hwsIuTSsgqrxfJsZkfRWUTJzwMY98H/fAJPih85eotUJ7SiiLZtOYxVL57Ze2qMBvLJzx6U+FNjB+9Nqq/n3TDqqPoX8ZDaTmYhPELTonKXyReOxlFnn6frWOHsGAjFHX4ym8u4sTPO8maoO+wvJlWwzJHjN3RHg7X1hJjcf5QErFC8ApiisxiGmYbnASXsAPTyyWHDEvsL4nZkG1jh7FfRnQE5X7R6pWv6F75b46v6CrEjgNajEEsDrI2W4y8wQdJhckmmgUz2WfG2KVuUvyj9RCxPIiK+bBDYNAJQBiLuq5cJWbOADsQMK7wFsmGyLIgVxHVzqOsInH5pOMCAwEAAaNQME4wHQYDVR0OBBYEFEuRpocy6u/dLI///GsCfsNEnpyPMB8GA1UdIwQYMBaAFEuBx1CsHqUfy1/6GBt0MsstaGKOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAVTW9cuaeCg+kcUP+WXKnU+QRjKw1FgZxwILP/zhqwZV+d3B2fbJsCfatOeU4fECIdn6K1ZGOs9spLIGD/pgX9/IMTUjpSaGmFkIWf08xmDvxzpQBzpefxzmD/jy8rD5pyfHQYnF54m/M0vo1vqXOiSLcGGOC1CFOwwRpN/4tDOboHuoQAjMa5+YHdYg3mX42v+2GsbBQrGVYHhnhas7N+eNiYk8t2km0quklvqSi7mRBb98EdiECDCubGEJ+DDMPtRK9Zr2JsyC2rkB6soiwHFU7AfYpQ9aEv0CWJ99fvOoOyJ6x4qP6+/NMu9sLG3Gs8FZxb4yMvzSkT/LIVandyhWcCl5JSnSoe1qxVcK/ByQAYAAAAAAAAkBgAAvZr6d1kDMk29YCj05494SzCCBhAwggP4oAMCAQICCmEI08QAAAAAAAQwDQYJKoZIhvcNAQELBQAwgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xOzA5BgNVBAMTMk1pY3Jvc29mdCBDb3Jwb3JhdGlvbiBUaGlyZCBQYXJ0eSBNYXJrZXRwbGFjZSBSb290MB4XDTExMDYyNzIxMjI0NVoXDTI2MDYyNzIxMzI0NVowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKzApBgNVBAMTIk1pY3Jvc29mdCBDb3Jwb3JhdGlvbiBVRUZJIENBIDIwMTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClCGxMx0UJaksMpMCHfwZ1DEMBVGTgFn8H7ZJ9C7JzvwwKxkpFYaDFFi2W0/UroPtNSZtBgJA8uVT95rzRncSkGIp/QYpcWYNoMruMR8nucbwhT5qKfP9EP42PMrImSK51te7JTB5KGX7kgpodeHdNDLC99g/TFtO8+iulUThd9fu623gC2//sChuW1YO4GRPptsB7QHvhHygnyfrvVl4c5n6UfsDwRLJ5OeXasmKLTb84cOJoJBTJM6QIN9VYaV7TfO3BBFMI506wKodjCGFvYxVZ6rIredcMYWeKW/1erYd/uoZnT3FYEiIEIiLOi+9UcQDOUDVYdpUI7mqxogHVAgMBAAGjggF2MIIBcjASBgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQBgjcVAgQWBBT4wWu3f3dTSvMlNx1OoSZ7DyBwgDAdBgNVHQ4EFgQUE62/Qwm9gnCcjNVPMW7VIpiKG9QwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAURWZSQ+F+WBG/1k6eI1UIOzoiaqgwXAYDVR0fBFUwUzBRoE+gTYZLaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljQ29yVGhpUGFyTWFyUm9vXzIwMTAtMTAtMDUuY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNDb3JUaGlQYXJNYXJSb29fMjAxMC0xMC0wNS5jcnQwDQYJKoZIhvcNAQELBQADggIBADUIQv8wzM73dgytEGhYNSlGMnYnfO8SQSdCG0qqbYE4SFkTVfPpWDSmFguCql2tgtqAg0EGj7Qd8gO58xpdG/FQkPmzVYRCKBwgvbKuURTFwKyXlSEckNsP/HeelXORiMq9vVK5BVAN31eeoGHtDeVtJdlADxdAyM6jSsJNr5oSHQhUj73HvLkrPUkrHzL8aiFpT5vIfkI0/DYGF4uPIEDAs5oldSfNyQOj9l3R5zZUerlQtdMS0Qe/u3Tf3B6PgNXtGPQvFBZrL95mjLAj5ceE2O3qwTOCrVZLGC3xaJUHzc/wcvCuu92GhZgsIUwzK/APSvBoh7WSVTJ1oWqCajyjJRGk7a3XBK7L2EBZoITRlUxikSIadB2MPUcORKbksJs0NbH6tlOoLIHspAVxyJ24uugbRGbkR1QOjlZ/s58WmLKG0Gg+kCO1L16PUIWNxo2CX0Gh9C4N4JnSbHXktmm1IYb6B9H24k3R2q0sd1MeJTI3x2xScpWGsPE1YWoZ9bI7gVBWpjIt/qKJ+UKGJxhVoYLKWpv4MJhUFKZHliUvyCbkQZQaXAI/5ZbjhVs8Pj+7RxZyVeIlIrHZe+cDBiqj9x6QRsMADdYZieMONSdiA3EVpu/QJ6CgWTdg+DiUuOB4cPi6TIaHlPbgrgJF7mXCtqN+aRZ1B5Kb9aa8WYNYoVnApeSUp0qHtasVXCvwcgcGAAAAAAAA6wUAAL2a+ndZAzJNvWAo9OePeEswggXXMIIDv6ADAgECAgphB3ZWAAAAAAAIMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTIwMAYDVQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxMDAeFw0xMTEwMTkxODQxNDJaFw0yNjEwMTkxODUxNDJaMIGEMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS4wLAYDVQQDEyVNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Qy7ouQuCePnxfeWabwAIb1pMzPvrQTLVIDuBoO7xSCE2ffSi/M4sKukrS18YnkF/+NKPwQ1IHDjxOdr4JzANnXpijHdjXDl3De1dEaWKFuHYCMsv9xHpWf3USeecusHpsm5HjtTNXzl0+wnuYcc/rnJIwlvqEaRwW6WPEHTy6M/XQJqTexpHyUoXDb//UMVCpTgGbTP38IS4sJbJ+4neDCLWyoJayKJU2AWLMBoHVO67EnznWGMhWgJc0RdfaJUK9159xXPNV1sHCtczrycI4tvbrUm2TYTw0/WJ665MjtBkizhx8136KpUTvdcCwSHZbRDGKiy4G0Zd+xaJPpIAwIDAQABo4IBQzCCAT8wEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFKkpAjmOFsSXeM2Q+Z5PmuF8Va9TMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNX2VsuP6KJcYmjRPZSQW9fOmhjEMFYGA1UdHwRPME0wS6BJoEeGRWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNybDBaBggrBgEFBQcBAQROMEwwSgYIKwYBBQUHMAKGPmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQAU/HxxUaV5wm6y7zk+vDxSD24rPxATc/6oaNBIpjRNipYFJu4xRpBhedb/OC5Fa/TA5Si42h2PitsJ1xrHTAo2ZmqM7BvXBJCoGBekm7niQDI2dsTBWsa/5ATA6hbTrMNo72Ks3VRsUDBYput8/pSnTo707HyGc1fCUiFzNFrzo4pWyATaBwnt+IvjzvR+jq7w9guKCPs/yR1yf1O4675j4OM9MWWwgeXyrM0WpJ89qLGbwkLQkIRfVB3/ieq6HUeQb7BzTkGfQJ9f5aEqshGRc4ohKPDO3nM5Xz6rXGDs3wMQqNMJ6fT2loW2f1GIZkcZjaKwEj2BKmgFd7uRTGJ7tsEHx7p6hzQDDktiepnpyvzOSjfJLaRXfBz+Pdy4D1r61sSzAoUCOuqz2W7kaSE33oHR9nUZBWfTk1deKRs5yO4t4c3kRXNb0NLOeqsWGYJGWNBenYGzZ69sNfK85T8k4jWiCnUG9hhWmdR4LNEFG+vQiAGdqhDxBd+6fixjtwabIyHE+Xhs4lgXBjYrkRIDzKTZ8i26+ZSdQO0YRfHOilxrPqsD03AYKgpq4F9H0dVjCjLyr9c2HypwWuVCWQhxS1e6foOB8CE89BzBxbmQkw6IRZOG6bEgmb6Yy8WVpF1i1qBjCCC9dRB3fT3zRbmfl5/LV4BvM6kEz3ekYhxZfgcAAAABAACAr/T1LD2H1aNj0LEnSpDwymvl26iyAgAAy7IZ1zo9lkWjvNrQDmdlbwMAAAAAAAAAjAIAAAAAAABkAGIAeAAmFsTBTFCSQKypQfk2k0MojAIAAAAAAAAwAAAAvZr6d1kDMk29YCj05494S4C02Wkxvw0C/ZGmHhnRTx2kUuZtskCMqGBNQR+SZZ8KvZr6d1kDMk29YCj05494S/Uvg6P6nPvWkg9yKCTb5ANFNNJbhQckazuVfaxuG856vZr6d1kDMk29YCj05494S8XZ2KGG4sgtCa+qKm9/LnOHDT5k9yxOCO9neWqEDw+9vZr6d1kDMk29YCj05494SzYzhNFNHy4LeBViZITEWa1XoxjvQ5YmYEjQWMWhm792vZr6d1kDMk29YCj05494SxrshLhLbGWlEiCpvnGBllIwIQ1i1tM8SJmcaylaKwoGvZr6d1kDMk29YCj05494S+bKaOlBRmKa8D9pwvhua+9i+TCzfG+8yHi3jfmMAzTlvZr6d1kDMk29YCj05494S8OpmkYNpGSgV8NYbYPO9fSuCLcQOXntiTJ0LfDtUwxmvZr6d1kDMk29YCj05494S1j7lBrvlaJZQ7P7XyUQoN8/5ExYyV4KuASHKXVoq5dxvZr6d1kDMk29YCj05494S1ORw6L7ESECpqoe3CWud+GfXW8JzQnuslCZIr/NWZLqvZr6d1kDMk29YCj05494S9YmFX4danGLwSSrjaJ8u2UHLKA6e2slfb3LvWD2XvPRvZr6d1kDMk29YCj05494S9Bj7Cj2frpT8WQtv33/M8ajKt2Gn2AT/hYuLDLxy+VtvZr6d1kDMk29YCj05494SynG61K0PDqhiyzY7W6oYHzvPPrhuv4RZXVc8uYUhEpEvZr6d1kDMk29YCj05494S5D75w5p1jNAjT4XDGgy27LSCeAnJSfftj1J0pVypvRMBwAAAAQAAACQacp450UKKFFzQxs+UsXCUpnkcwQAAAAAAAAAAQAAAAEAAIBZxQiHLyO0L8W2/DwlzXwqxuvaJCoBAAC3xk0q9UHdRbRvLdM0wc9lDAAAAAAAAADyAAAAAAAAAEwAZQBuAG8AdgBvAEMAbwBuAGYAaQBnAAEBAQEBAQEAAQEAAAAAAAEAAAEAAQEAAQEBAAAAAQABAQAAAQABAAEAAAEBAQEAAQEAAAABAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAEAAIC0ceBr7DyZ57RXsmeok330dBF7stMAAACPgMGiTw3JTKYZ0eZB051JFAAAAAAAAACLAAAAAAAAAEwAZQBuAG8AdgBvAFMAZQBjAHUAcgBpAHQAeQBDAG8AbgBmAGkAZwABAAEAAQEAAAEAAAAAAAAAAAABAAEBAQEBAQEBAQEBAQEBAQEBAAAAAAEBAAEAAQABAAAAAAABAgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQAAAAkAAIABWqBCZk7avFQoi6Z5UgdgIyqCkSAAAAABAAAAAAAAADEtneuILdMRmhYAkCc/wU0AAMDXAAAAAAUAAAACAACAtow+JUbUZAHg7PwoaFLv6sM9YwJKAAAAYd/ki8qT0hGqDQDgmAMrjAkAAAAAAAAAGAAAAAAAAABCAG8AbwB0AE8AcgBkAGUAcgAAAAEAEAARABIAEwAXABgAGQAaABsAHAAFAAAAAgAAgJG5xG/Ob5tWNferchgZSrPJhEp7pgAAAGHf5IvKk9IRqg0A4JgDK4wIAAAAAAAAAHYAAAAAAAAAQgBvAG8AdAAwADAAMAAwAAEAAABiAGQAZQBiAGkAYQBuAAAABAEqAAIAAAAAEAAAAAAAAACgBwAAAAAAb7tqbF3Qn0qubxRFQsyu/gICBAQ0AFwARQBGAEkAXABkAGUAYgBpAGEAbgBcAGcAcgB1AGIAeAA2ADQALgBlAGYAaQAAAH//BAAFAAAAAgAAgELMq0TxWfK1ARLHYaxH4v/wkA25ogAAAGHf5IvKk9IRqg0A4JgDK4wIAAAAAAAAAHIAAAAAAAAAQgBvAG8AdAAwADAAMAAxAAEAAABiAHMAaABpAG0AAAAEASoAAgAAAAAQAAAAAAAAAKAHAAAAAABvu2psXdCfSq5vFEVCzK7+AgIEBDQAXABFAEYASQBcAGQAZQBiAGkAYQBuAFwAcwBoAGkAbQB4ADYANAAuAGUAZgBpAAAAf/8EAAUAAAACAACAHCznx7QNH2nT6pEK9+8NGui74ipaAAAAYd/ki8qT0hGqDQDgmAMrjAgAAAAAAAAAKgAAAAAAAABCAG8AbwB0ADAAMAAxADAAAAEAABgAUwBlAHQAdQBwAAAABAYUAGaLHHJsQoZOjpk0V8RqsLl//wQABQAAAAIAAIB+6h8zpRCkbUwyLJVw2gUmrKL8PGIAAABh3+SLypPSEaoNAOCYAyuMCAAAAAAAAAAyAAAAAAAAAEIAbwBvAHQAMAAwADEAMQAAAQAAGABCAG8AbwB0ACAATQBlAG4AdQAAAAQGFAAtdmoSWFfKT4UxIBp/V/hQf/8EAAUAAAACAACAeufucDBQ2xAChWk3nJ01qzeudAuAAAAAYd/ki8qT0hGqDQDgmAMrjAgAAAAAAAAAUAAAAAAAAABCAG8AbwB0ADAAMAAxADIAAAEAABgARABpAGEAZwBuAG8AcwB0AGkAYwAgAFMAcABsAGEAcwBoACAAUwBjAHIAZQBlAG4AAAAEBhQAptnYp7Bq60qtnRY+WaejgH//BAAFAAAAAgAAgH1u3DACNuLC+Q4uv4Y+2Wg1G9EadAAAAGHf5IvKk9IRqg0A4JgDK4wIAAAAAAAAAEQAAAAAAAAAQgBvAG8AdAAwADAAMQAzAAABAAAYAEwAZQBuAG8AdgBvACAARABpAGEAZwBuAG8AcwB0AGkAYwBzAAAABAYUAFthfj9FDYBPiNwmsjSVhWB//wQABQAAAAIAAIDsSx+D+9oJqz3hN23X8DhVtVIBGGwAAABh3+SLypPSEaoNAOCYAyuMCAAAAAAAAAA8AAAAAAAAAEIAbwBvAHQAMAAwADEANwABAAAAKABVAFMAQgAgAEMARAAAAAMKJADSOHi8gg9gTYMWwGjuedJbhnASlqpaeEi2bNSd07pqVX//BAAFAAAAAgAAgE1UznTDZTJm8qwcaxaJrCGUBL4SbgAAAGHf5IvKk9IRqg0A4JgDK4wIAAAAAAAAAD4AAAAAAAAAQgBvAG8AdAAwADAAMQA4AAEAAAAoAFUAUwBCACAARgBEAEQAAAADCiQA0jh4vIIPYE2DFsBo7nnSW2/wFaKIMLVDqLhkEAlGHkl//wQABQAAAAIAAICeJidDZkjysdE5Twm92Vr7rbjGF2sAAABh3+SLypPSEaoNAOCYAyuMCAAAAAAAAAA7AAAAAAAAAEIAbwBvAHQAMAAwADEAOQABAAAAKQBOAFYATQBlADAAAAADCiUA0jh4vIIPYE2DFsBo7nnSWwAcGZky2UxOrpqgtumOuKQAf/8EAAUAAAACAACA9mi9+Ga5h0KR7XOfL/TK31SWWApxAAAAYd/ki8qT0hGqDQDgmAMrjAgAAAAAAAAAQQAAAAAAAABCAG8AbwB0ADAAMAAxAEEAAQAAACkAQQBUAEEAIABIAEQARAAwAAAAAwolANI4eLyCD2BNgxbAaO550luRr2JZVkSfQae5H0+JKrD2AH//BAAFAAAAAgAAgBjXAWqjgAQXN4/OheqhEmeRbhRTbgAAAGHf5IvKk9IRqg0A4JgDK4wIAAAAAAAAAD4AAAAAAAAAQgBvAG8AdAAwADAAMQBCAAEAAAAoAFUAUwBCACAASABEAEQAAAADCiQA0jh4vIIPYE2DFsBo7nnSWzPoIaqvM7xHib1Bn4jFCAN//wQABQAAAAIAAIDPyKkH5UcUPLOQOU9bKQ8KmLCKVW4AAABh3+SLypPSEaoNAOCYAyuMCAAAAAAAAAA+AAAAAAAAAEIAbwBvAHQAMAAwADEAQwABAAAAKABQAEMASQAgAEwAQQBOAAAAAwokANI4eLyCD2BNgxbAaO550lt4qEqvKyr8Tqec9cyPPTgDf/8EAAUAAAAHAACAzQ/bRTGm7EG+J1O6BCY31uX38lYoAAAAQ2FsbGluZyBFRkkgQXBwbGljYXRpb24gZnJvbSBCb290IE9wdGlvbgAAAAAEAAAAkGnKeOdFCihRc0MbPlLFwlKZ5HMEAAAAAAAAAAEAAAAEAAAAkGnKeOdFCihRc0MbPlLFwlKZ5HMEAAAAAAAAAAIAAAAEAAAAkGnKeOdFCihRc0MbPlLFwlKZ5HMEAAAAAAAAAAMAAAAEAAAAkGnKeOdFCihRc0MbPlLFwlKZ5HMEAAAAAAAAAAQAAAAEAAAAkGnKeOdFCihRc0MbPlLFwlKZ5HMEAAAAAAAAAAUAAAAEAAAAkGnKeOdFCihRc0MbPlLFwlKZ5HMEAAAAAAAAAAYAAAAEAAAAkGnKeOdFCihRc0MbPlLFwlKZ5HMEAAAAAAAAAAUAAAAGAACAyALuOpQnLlUuTCKpLuf0Un6dBZpkAgAARUZJIFBBUlQAAAEAXAAAAA5qglIAAAAAAQAAAAAAAACvwucOAAAAACIAAAAAAAAAjsLnDgAAAAArftUYRi1JQb4w4gEAJAu8AgAAAAAAAACAAAAAgAAAACE72rUEAAAAAAAAAEhhaCFJZG9udE5lZWRFRkkdY7v/cWHNRJEN9351xNsuAAgAAAAAAAD/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKHMqwR/40hG6SwCgyT7JO2+7amxd0J9Krm8URULMrv4AEAAAAAAAAP+vBwAAAAAAAAAAAAAAAABFAEYASQAgAFMAeQBzAHQAZQBtACAAUABhAHIAdABpAHQAaQBvAG4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAocyrBH/jSEbpLAKDJPsk7mCVBhgqqy0WGFjZT6Sc2ZwCwBwAAAAAA/+8WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAK89xg+DhHJHjnk9adhHfeQf95tfdXBdSKvLGon/APH/APAWAAAAAAD/v+cOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAMAAIAhT6dwxzAO1DAvRVXyfqbMlHCqk54AAAAYIDfRAAAAAADcAQAAAAAAAAAAAAAAAAB+AAAAAAAAAAIBDADQQQMKAAAAAAEBBgAAFwMSCgABAAAAAAAEASoAAgAAAAAQAAAAAAAAAKAHAAAAAABvu2psXdCfSq5vFEVCzK7+AgIEBDQAXABFAEYASQBcAGQAZQBiAGkAYQBuAFwAZwByAHUAYgB4ADYANAAuAGUAZgBpAAAAf/8EAAUAAAAHAACARDpre4K3r1ZPLjk82dWjiLf6SpgdAAAARXhpdCBCb290IFNlcnZpY2VzIEludm9jYXRpb24FAAAABwAAgEdVRd3JeNe/0Db6zH4umH9IGJ8NKAAAAEV4aXQgQm9vdCBTZXJ2aWNlcyBSZXR1cm5lZCB3aXRoIFN1Y2Nlc3M="}} golang-github-google-go-eventlog-0.0.2/testdata/legacydata/option_rom_eventlog000066400000000000000000002161611515555264200277010ustar00rootroot00000000000000'k@ !N{gg}`,glhkNj_M@AIMɐSC'}5aʓ + SecureBoot.= }aʓ +PKY䔧J\+r1k۪O*z 2v00ojI20  *H  0k1 0 UUS1 0U Hewlett-Packard Company1:08U1Hewlett-Packard Printing Device Infrastructure CA0 120808000000Z 320808235959Z01 0U Hewlett-Packard Company1+0)U "Long Lived CodeSigning Certificate1604U-Hewlett-Packard UEFI Secure Boot Platform Key0"0  *H 0 bYEPdT `[Y%87eK =0ǖd_QKOz~ 1&!UQd =vUOܵ2oɬor@ɰ\χVg$nJ))W(@R"z=V, RN)# ߴb8 PoGu\wC-s0=oxD {XlG1ؙ00 U00kUd0b0`^\Zhttp://onsitecrl.verisign.com/HewlettPackardCompanyDeSPrintingDeviceCSIDTemp/LatestCRL.crl0U0U 00 + 00+0Hewlett Packard Company, 2, Authority to bind Hewlett-Packard Company does not correspond with use or possession of this certificate. Issued to facilitate communication with HP.0;+/0-0++0http://onsite-ocsp.verisign.com0U`%Av<^͔O:ѧê.0U#0 _F 0U% 0 +0  *H  ms#@ > ߳ha&SHlē"rFpiՍ.Q2☡6bg1k.]'}* `&o`[Kך2L-RҐ)A!* },pV<M?RX;JTMlx1{dU b7L:bR6wYL׍k͆9z鶁)bjLD~AĴWΎaGbX5ܤj #[,je>S aʓ + KEKY䔧J\+r1k۪O*z 2v00s1uuqUn7Rm@0  *H  0k1 0 UUS1 0U Hewlett-Packard Company1:08U1Hewlett-Packard Printing Device Infrastructure CA0 120808000000Z 320808235959Z01 0U Hewlett-Packard Company1+0)U "Long Lived CodeSigning Certificate1:08U1Hewlett-Packard UEFI Secure Boot Key Exchange Key0"0  *H 0 i4j`^ P$ ܵCL~)',Y?:uJ)yk[ޙI퀧/¡4'?R,y~g̔dӰ@ઐQ HSIQ\f,WA̬ofh)#!oɶ-X[0;IGf\JjAȡY䔧J\+rwY2M`(xK00Р a ш0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110"0  *H 0 赊W&&WzD] Jt*mZc2|O 8, 0HPdQȅO /Sjb: C%#pM/$JC ~Gl3*q<% /hvFOܭq*Xy=e;)*rY뮒5_̝vcy@yR{iO0K0 +70UbC͠>g[U{̶_0 +7  SubCA0 U0U00U#0EfRC~XN#U;:"j0\UU0S0QOMKhttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *H  Ԅ*<* נRfuz-vZy7jQ{ddgxΈXd W_iHK2]0x+4VʮA%pkז* K(){|vyo~l{E4Q9^VBwqV̟#˦X~ig~ <νC-j+Z|DR-R=`3e |N8/ o.9'B)FA;gCYe Ou;$PA@y-O j'vnRi{E­S076aJi4hl l"yF`!y2`ج"KK}?W5Ou`"Sy֛ATp 5|4r`;y뢲]%o8yi uk4`\WN62 稢G28Œj˲:=EgeodbY䔧J\+r1k۪O*z 2v00iSk['0  *H  0k1 0 UUS1 0U Hewlett-Packard Company1:08U1Hewlett-Packard Printing Device Infrastructure CA0 120823000000Z 320823235959Z01 0U Hewlett-Packard Company1+0)U "Long Lived CodeSigning Certificate100.U'Hewlett-Packard UEFI Secure Boot DB Key0"0  *H 0 Vi bss゘µkw'3a+m>zN  hj;}O`ID!_Lx<[[iux<QS5rw5~OhF-7f#Q&-w҃Z6|,+VK Ϥ-hI7m}Ӆ?LDE/ 5Cד1f;ԆUHjP]>*m00 U00kUd0b0`^\Zhttp://onsitecrl.verisign.com/HewlettPackardCompanyDeSPrintingDeviceCSIDTemp/LatestCRL.crl0U0U 00 + 00+0Hewlett Packard Company, 2, Authority to bind Hewlett-Packard Company does not correspond with use or possession of this certificate. Issued to facilitate communication with HP.0;+/0-0++0http://onsite-ocsp.verisign.com0U :‹<C/jH]Ǹ)0U#0 _F 0U% 0 +0  *H  gީȬu_8r/Χ9|O6!ꤠ]S@t+hi$񑂷?`=<6={q#lܮ KKu^URڷi(ֶ9Ұ?4Cʨ)8&L !KyCC A4_'weȸM^O ,~CSWg:Is,UA$3$z?^ gM?p0W6)wΐۗ Ev-"鳼ls|Y䔧J\+rwY2M`(xK00 avV0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100 111019184142Z 261019185142Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110"0  *H 0  . i!i33T ҋ8-|byJ?5 pk6u1ݍp7tF([`#,GgQ'rɹ;S5|'# oFnhttp://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0  *H  |qQyn9>\` QfG=*hwLb{Ǻz4KbzJ7-W|=ܸZij:ni!7ށugӓW^)9-Es[zFX^gl5?$5 uVx,Јߺ~,c#!xlX6+̤-@EΊ\k>p* j_Gc 26*pZBYqKW~!<ŹE ŕ]b֠c uw}=EWo3wbY~Y䔧J\+r@$wY2M`(xK00 a0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110"0  *H 0 lLE jK u CTd} s JEa-+MIA#/^Pƍ_A. lui!Mڭ,wS%27lRr5aj;PV2-B'UZ0TG%/&A\?[<>?GrU%"{*F 5'bq'Y7`8xpLEe¶~iuYXVP`!! /˲:=Egeodbx&LP@A6C(L0n4 zDx ,x?78v&LP@A6C(0wY2M`(xKi1 ORm@`MAe wY2M`(xK/֒r($E4[$k;}nzwY2M`(xKء- *o.s >d,NgyjwY2M`(xK63M. xbdYWC&`HXšvwY2M`(xK세Kle qR0! b h2۲ '%'߶=IҕrL&LP@A6C( 0wY2M`(xK^T`< k覃R8wY2M`(xKƨXdoy(#g+69ОwY2M`(xK _NQxmЁ%orxRYe&wY2M`(xK Cڬz0eu1{ 될ctwY2M`(xK 9v-6=cqZ9ϰF\`lk׽wY2M`(xK o)o3}rK H:*?OwY2M`(xK !Hʃ62u> [1R*[wY2M`(xKoN0;t􀠀Ѐ+ot!hwY2M`(xKN: [CƦ@O4=9bgΔ.#ڒ wY2M`(xK34)bퟗ>H-.ImTdwY2M`(xK+&B.6_K 'lKzoD/ki9wY2M`(xK+,'R*]IZ+R]fbUwY2M`(xK,s3%mԤ<[UYPPR}wY2M`(xK.pgsQpW2.#ӹ+Q}wY2M`(xK0f(Tw0W(JF}8zTiv^uҍwY2M`(xK6Awz/^g4g^Ù^i5 ҽwY2M`(xK8A!6\ !`9MlN g`b[wY2M`(xK?Λ>TR^·mt:syqUpj>swY2M`(xKCʃc| C-/&zKuwY2M`(xKGa':k,Zmk6!h,*Z߽wY2M`(xKQ1s>!"Ty 0a5wY2M`(xKZIU9[.B,/gg6A+\wY2M`(xKkxA{^`Gr̴/fwY2M`(xKlTGYQ&l+585rѓ.wY2M`(xKo(qկ.{˫d|eͶ& :x^wY2M`(xKqo"I~TFb$ whٿcuwY2M`(xKrk>Tj0=ppq-ĝ,#wY2M`(xKrg]V;ݼ2ت^/m(ؽwY2M`(xKx'6,q}䱿CqZH[ʤKŽwY2M`(xKeӇk)T̕SϪȣ;3佚wY2M`(xK;δCΝч͛YA=Xo+V7W_gwY2M`(xKZ~OG q"8b:ߒ=wY2M`(xKHY jagznFdr!YEwY2M`(xK4͐e;=<5P_{c!wY2M`(xK se(Q$Q?eYW5)@νwY2M`(xK5g+6~OIia]JlrMBwY2M`(xK,";VB\GYG8DoYwY2M`(xKn=)t=J2@ؽwY2M`(xKcOx,7`XbfnmwY2M`(xKϲ2.KmH],qgrRY\u"6wY2M`(xKaJ~UәnE AR'[wY2M`(xKU =HZ7?=|cwY2M`(xKw ^; b x  S^ˇ k/wY2M`(xK<9"`tFu7̔ܭZ˦G/4q9脽wY2M`(xK;S> #Aryę-æ6wY2M`(xKQ3@HΈrRjRç`IwY2M`(xKdW[x.V4Rk DxYuN-dEwY2M`(xKEȮu ϻH7R}ddMؑ<͊$MigߎixE (QsC>RRs w96 Ems28Load microcode revision 000000A1 for processor 000306F2Wt@QrQ]I= ACPI DATAXfL g A'H˲:=Egeo$dbwY2M`(xK00 a0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110"0  *H 0 lLE jK u CTd} s JEa-+MIA#/^Pƍ_A. lui!Mڭ,wS%27lRr5aj;PV2-B'UZ0TG%/&A\?[<>?GrU%"{*F 5'bq'Y7`8xpLEe¶~iuYX;TZ#jPp8׽T@4 A T30xl~ȭ2Zaʓ + (BootOrder  hn4H'@PJXPdaʓ +4Boot0013tWindows Boot Manager*h g8x AEtp#LF\EFI\Microsoft\Boot\bootmgfw.efiWINDOWSxBCDOBJECT={9dea862c-5cdd-4e70-acc1-f32b344d4795}9ISPH͗@  H \raʓ +BBoot000CUSB:  A NYMR,Y ISPHJڣWPUB̀aʓ +PBoot000D CDROM:  A  NYMR,Y ISPHʵJ[ѐʡS/5aʓ +Boot0009wIPV6 Network - Intel(R) Ethernet Connection (2) I218-LM A  %J>| <@NYMR,YISPHJ#X'ɣa30jaʓ +Boot0011VIPV4 Network - Intel(R) Ethernet Connection (2) I218-LM A  %J>| NYMR,YISPHbPkP{$90tOX maʓ +=Boot000EUSB:   A  ISPH fAV椆{aʓ +KBoot000F)CDROM:   A   ISPH:, .O^#GXE'aʓ +hBoot000A(MTFDDAK512MBF-1AN1ZABHAHarddisk1 A ISPH1Ox>E_ؤdp?aʓ +eBoot000B'IBA GE Slot 00C8 v1550Network1 A ISPHh  ^BԄaʓ +TBoot0000,Startup Menu5{3hNWҬC=EPwWISPH,%a`Z|{aʓ +bBoot0001,System Information5{3hNWҬC=EPwWISPHc˱E 6JIaʓ +RBoot0002,Bios Setup5{3hNWҬC=EPwWISPH@!9?΍>'0aʓ +|Boot0003,3rd Party Option ROM Management5{3hNWҬC=EPwWISPH&ja>Laʓ +bBoot0004,System Diagnostics5{3hNWҬC=EPwWISPHA';ԨDhaʓ +bBoot0005,System Diagnostics5{3hNWҬC=EPwWISPHdTЃW3ل;^aʓ +bBoot0006,System Diagnostics5{3hNWҬC=EPwWISPHdEBJQG *\aaʓ +bBoot0007,System Diagnostics5{3hNWҬC=EPwWISPHXk(!u,ؕeEaʓ +PBoot0008,Boot Menu5{3hNWҬC=EPwWISPHXrSA[1VEN/aʓ +VBoot0010,Network Boot5{3hNWҬC=EPwWISPHSOzU0F\aʓ +TBoot0012,HP Recovery5{3hNWҬC=EPwWISPHE1A'S&7V(Calling EFI Application from Boot OptionixE (QsC>RRsixE (QsC>RRsixE (QsC>RRsixE (QsC>RRsixE (QsC>RRsixE (QsC>RRsixE (QsC>RRs$=PN'!˲:=EgeodbwY2M`(xK00 avV0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100 111019184142Z 261019185142Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110"0  *H 0  . i!i33T ҋ8-|byJ?5 pk6u1ݍp7tF([`#,GgQ'rɹ;S5|'# oFnhttp://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0  *H  |qQyn9>\` QfG=*hwLb{Ǻz4KbzJ7-W|=ܸZij:ni!7ށugӓW^)9-Es[zFX^gl5?$5 uVx,Јߺ~,c#!xlX6+̤-@EΊ\k>p* j_Gc 26*pZBYqKW~!<ŹE ŕ]b֠c uw}=EWo3wbY~WWU&4usQP~(3EFI PART\YBe;";X(IvUGv'@Mjy֬WV"ѡIؠJ@g Basic data partition(s*K>;g8x AEtp#Lh EFI system partition\ M}-;dK;u+D\Microsoft reserved partition3Dh&ǐ)@Tf{s;Basic data partition@Mjy֬"1.Jp?;;L59SxC/I8O A  *h g8x AEtp#LF\EFI\Microsoft\Boot\bootmgfw.efi T?Wrr=;6 .eC' S;`Th^ڂr@(T @8 PwE?᡾8W&j`5@8 Ԋל1aCvPo4,.3,u]1  !  x9kn=LEOO=ML@  ! )4 t'ƯCRkn՛Sx @T<\WINDOWS\system32\winload.efi  Ԋל1aCvPo4,.3,u]1 LMicrosoft Windows Production PCA 2011$Microsoft Windows3f\f 4B" 6oox@ @bV\EFI\Microsoft\Boot\en-US\bootmgfw.efi.MUI   PwE?᡾8W&j LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR`44^'CkZ=.&0"0  *H 0  . i!i33T ҋ8-|byJ?5 pk6u1ݍp7tF([`#,GgQ'rɹ;S5|'# oFn$@8 ]<tUxF7vM;x@!  \WINDOWS\system32\hvloader.dll  sqʁ:|r67j'#+ LMicrosoft Windows Production PCA 2011$Microsoft Windows3f\f 4B" 6oox@@F:\WINDOWS\system32\hvix64.exe  :r;}Wz*΍IZn^>$ LMicrosoft Windows Production PCA 2011$Microsoft Windows3f\f 4B" 6oox@@\P\WINDOWS\system32\en-US\winload.efi.MUIp  ~i])xEk^gF LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR`44^'CkZ=.&0"0  *H 0  . i!i33T ҋ8-|byJ?5 pk6u1ݍp7tF([`#,GgQ'rɹ;S5|'# oFn ! Gs/|2keljC@8 x?So ĀlPPRͷ,+|Z%F@8 5}MVqo: :}vUM@8 K<,0`*$Wc[s!ڽP@8 ? kA;HlyzRM{G6 W@8 hp66NtJNYD28bY@8 6Du.yG @o UI;Z@8 $o}-4keX8t@8 &tk)@x{=&b@8 1)#ViBF漆Lr"6T> VP@8 {<ɞ XS‰uBF3-ߊ&@8 |τUZ^ H N{A6p}u@8 tXf|XX";+x"8ڿw@8 tl>2`i.8QhU\SEx@8 ??0ε_1 k̨ ISz@8 J5`ע8NSi^u[@8 o> ضxlL]gǩf}@8 ;[?gEJ g6d@8 79 F?7f/7r@8  :eaJT\W7)S@8 vkZ>b]XȦR0Lp[-dkTF= @8 .!32#P>. uɋ>" @8 AO s3R&6)|O<}@8 Ugot1EЉuʎ%`t!j!?{@8 0ɲсKb-O6* X&zߒ>@8 .޽raA]Kέ>LL݅|MK4@8 7i!N(>Df;/L_YahuC@8 Ul&g(Ws{v#eZg %p#@8 +7ppF/خ`8QEnr@e%@8 at/+٭^"&@8 #1v4 0KNͤ\\4b8(@8 ZPBWOmIzr-'8aa*@8 HlFEoFgu% v  ',@8 =>E?;^I3$"o*9lZ1@8 񖋎 $6=~~eYb#B)|u5@8 O5JI$YR}$$ҟ"y7@8 $ɼ "7: X&-݂LT70D;@8 ;Gݓ4iB[9iy|cZ<@8 Hptj=5ʐ(@rnc>@8 ߘtΒWMLYf1@ޤ"rI@8 K5DޫrJ6~ȓ Dp᛫.J@8 SIՋ| ddHmz^XL@8 |^LZXOJj*zyNQ@8 +{gZP.AWO-eZSX@8 wv#Z@8 rjϐ&%ö@4`c\@8 WZj{iMO'7-7]@8 SJT ,E#Pv `Fh}=ywQb?Wa@8 3 7ux}\M{(muld@8 MߎK$TMlLt ׇo@,0aAuU]rQ*r@,0aAuU]rQ*@8 !ΦO~ABQ'yz UXWo@8 vgP G^gD|3p@8 VX'Cޗߣ?#))9PK@8 .3c`Zx&9nϓ<@8 Swwj~W[C 4\2ߧLeQ@8 NWbA>x[8kTIDdy@8 tfv?Bz'%:ֳ@8 XǙį1cnM`u"܉Qf|03@8 mK7SiKiɇvH >@8 0PUcH昺F˵{'-*@8 ŤhMB rOe7ϴhN3@8 N[ׅTn:_niD 5@8 Fl>7Ѭ-MyVb1L5]\=@8 j(KDŁSԐҜ|Si+@@8 TVa6"&ڸ*t w:A[lVK@8 ((sVO:/9/Eu/xy0&Hn*|L@8 A& (lŊIX@ Gd@8 DVXݠH6"Oxzpn@8 6Ϲ&-:3OU9Ol,U6r@8 7ݔբ$(E;woýY0K@8 F /,7VN-}/KG0Ygه@8 ' ۛWT=VnWCw@8 Is6fVz^ԛ 8= @8 /ZG@%xzȪ3PfjkL@8 FZ@O%4 'Fd>e6 6]@8 2Þk iӧ%u(pC7ԍG)Fb@8 Bn?sb;L@8 םU.DCKvtd¡wG;@8 bk >ZŤ-\BY&HM@8 -/dU]Z-[Mp@8 [TsSn/(ԴniVnJ R@8 1)#ViBF漆Lr"6T> VP \WINDOWS "$%&     (@F "Windows Defender }[b`*4.֘ ,CRCi RȘv'w!C @ \WINDOWS "$%&     (.ps vޡJ .v[0 W9e啽݂B>x .fBps xű6ƞ :1G S)EUw.8|@ZN\WINDOWS\System32\drivers\fileinfo.sys  vgP G^gD|3p LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR@VJ\WINDOWS\System32\drivers\volume.sys  2Þk iӧ%u(pC7ԍG)Fb LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR@ZN\WINDOWS\System32\drivers\cmimcext.sys  MZ0y`|rAw7^i{ LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR@ZN\WINDOWS\system32\drivers\vmbkmclr.sys  Is6fVz^ԛ 8=  LMicrosoft Windows Production PCA 2011$Microsoft Windows32AYmM2 8^Ymt>6k@RF\WINDOWS\System32\drivers\CLFS.SYS  K<,0`*$Wc[s!ڽ LMicrosoft Windows Production PCA 2011$Microsoft Windows3f\f 4B" 6oox@@H<\WINDOWS\system32\BOOTVID.dll  hp66NtJNYD28b LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR@VJ\WINDOWS\System32\drivers\pciide.sys  $ɼ "7: X&-݂LT70D LMicrosoft Windows Production PCA 2011$Microsoft Windows3eQ\e h`S71Wz+@RF\WINDOWS\System32\Drivers\Ntfs.sys)  NWbA>x[8kTIDdy LMicrosoft Windows Production PCA 2011$Microsoft Windows3eQ\e h`S71Wz+@XL\WINDOWS\System32\Drivers\ksecpkg.sys   DVXݠH6"Oxzp LMicrosoft Windows Production PCA 2011$Microsoft Windows3f\f 4B" 6oox@@XL\WINDOWS\System32\drivers\USBPORT.SYS  N[ׅTn:_niD LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR@\P\WINDOWS\System32\drivers\werkernel.sys  f4lQ5As7`7'N LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR@VJ\WINDOWS\system32\drivers\LXCORE.SYS@  79 F?7f/7r LMicrosoft Windows Production PCA 2011$Microsoft Windows3f\f 4B" 6oox@@PD\WINDOWS\system32\drivers\CEA.sys  񖋎 $6=~~eYb#B)|u LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR@VJ\WINDOWS\System32\drivers\WMILIB.SYS  vkZ>b]XȦR0Lp[-dkTF= LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR@N\WINDOWS\System32\drivers\intelpep.sys  7i!N(>Df;/L_YahuC @Microsoft Code Signing PCA 2010nMicrosoft Windows Hardware Abstraction Layer Publisher3/g Hxĵ) @RF\WINDOWS\System32\drivers\disk.sys  ݹC.WJ }_7>?sb;L LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR@RF\WINDOWS\system32\securekernel.exe@  -/dU]Z-[M LMicrosoft Windows Production PCA 2011$Microsoft Windows3f\f 4B" 6oox@@ZN\WINDOWS\System32\drivers\fwpkclnt.sys  7ݔբ$(E;woýY0K LMicrosoft Windows Production PCA 2011$Microsoft Windows3f\f 4B" 6oox@@PD\WINDOWS\System32\drivers\cng.sys   1)#ViBF漆Lr"6T> VP LMicrosoft Windows Production PCA 2011$Microsoft Windows3f\f 4B" 6oox@@PD\WINDOWS\System32\drivers\cng.sys   1)#ViBF漆Lr"6T> VP LMicrosoft Windows Production PCA 2011$Microsoft Windows3f\f 4B" 6oox@@ZN\WINDOWS\System32\drivers\stornvme.sysp  MߎK$TMlLt ׇ LMicrosoft Windows Production PCA 2011$Microsoft Windows3eQ\e h`S71Wz+@\WINDOWS\System32\DriverStore\FileRepository\urschipidea.inf_amd64_86da23c455846f41\urschipidea.sys  mK7SiKiɇvH > LMicrosoft Windows Production PCA 2011$Microsoft Windows32AYmM2 8^Ymt>6k@b\WINDOWS\system32\drivers\CrowdStrike\CSBoot.sys  .޽raA]Kέ>LL݅|MK4 @Microsoft Code Signing PCA 2010lMicrosoft Windows Early Launch Anti-malware Publisher3h ܒh uFZo D =z@VJ\WINDOWS\System32\drivers\clipsp.sysP  6Du.yG @o UI; LMicrosoft Windows Production PCA 2011$Microsoft Windows3eQ\e h`S71Wz+@TH\WINDOWS\System32\drivers\sdbus.sys  SIՋ| ddHmz^X LMicrosoft Windows Production PCA 2011$Microsoft Windows32AYmM2 8^Ymt>6k@VJ\WINDOWS\System32\Drivers\Fs_Rec.sys  TVa6"&ڸ*t w:A[lV LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR@bV\WINDOWS\system32\drivers\VmsProxyHNic.sys  /ZG@%xzȪ3PfjkL LMicrosoft Windows Production PCA 2011$Microsoft Windows3eQ\e h`S71Wz+@h\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys  +7ppF/خ`8QEnr@e @Microsoft Code Signing PCA 2010nMicrosoft Windows Hardware Abstraction Layer Publisher3?X=X3? f,HQEzs2@j^\WINDOWS\system32\drivers\SleepStudyHelper.sys  tXf|XX";+x"8ڿ LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR@^R\WINDOWS\system32\drivers\urscx01000.sys  +{gZP.AWO-eZS LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR@>2\WINDOWS\system32\CI.dll   &tk)@x{=&b LMicrosoft Windows Production PCA 2011$Microsoft Windows3eQ\e h`S71Wz+@PD\WINDOWS\System32\drivers\pcw.sysP  at/+٭^" LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR@RF\WINDOWS\system32\drivers\ndis.sys  ((sVO:/9/Eu/xy0&Hn*| LMicrosoft Windows Production PCA 2011$Microsoft Windows3f\f 4B" 6oox@@`T\WINDOWS\system32\drivers\WppRecorder.sys  tl>2`i.8QhU\SE LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR@`T\WINDOWS\system32\drivers\wd\WdFilter.sys  .3c`Zx&9nϓ< LMicrosoft Windows Production PCA 2011$Microsoft Windows3eQ\e h`S71Wz+@PD\WINDOWS\System32\Drivers\Wof.sys  VX'Cޗߣ?#))9PK LMicrosoft Windows Production PCA 2011$Microsoft Windows32AYmM2 8^Ymt>6k@ZN\WINDOWS\System32\drivers\rdyboost.sys  I(rӡMfG0T"X`ksŴ LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR@TH\WINDOWS\System32\drivers\atapi.sys  rjϐ&%ö@4`c LMicrosoft Windows Production PCA 2011$Microsoft Windows3eQ\e h`S71Wz+@VJ\WINDOWS\System32\DRIVERS\fvevol.sys   FZ@O%4 'Fd>e6 6] LMicrosoft Windows Production PCA 2011$Microsoft Windows3eQ\e h`S71Wz+@ZN\WINDOWS\System32\drivers\CLASSPNP.SYS  םU.DCKvtd¡wG; LMicrosoft Windows Production PCA 2011$Microsoft Windows32AYmM2 8^Ymt>6k@XL\WINDOWS\System32\drivers\partmgr.sys  O5JI$YR}$$ҟ"y LMicrosoft Windows Production PCA 2011$Microsoft Windows32AYmM2 8^Ymt>6k@VJ\WINDOWS\system32\drivers\WDFLDR.SYS0  |τUZ^ H N{A6p} LMicrosoft Windows Production PCA 2011$Microsoft Windows32AYmM2 8^Ymt>6k@\P\WINDOWS\System32\drivers\spaceport.sysP   Hptj=5ʐ(@rnc LMicrosoft Windows Production PCA 2011$Microsoft Windows3f\f 4B" 6oox@@VJ\WINDOWS\System32\drivers\ksecdd.sys  3> ! Gs/|2kelj LMicrosoft Windows Production PCA 2011$Microsoft Windows3f\f 4B" 6oox@@L\WINDOWS\System32\drivers\iaStorB.sys` 0aAuU]rQ* FIntel External Basic Issuing CA 3BpIntel Corporation  Non-Volatile Memory Solutions Group3^;nˢ U ڬku1"IF9@L\WINDOWS\System32\drivers\iaStorA.sys` 0aAuU]rQ* FIntel External Basic Issuing CA 3BpIntel Corporation  Non-Volatile Memory Solutions Group3^;nˢ U ڬku1"IF9@>2\WINDOWS\system32\kd.dll  Jl{)#ObD fg LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR@NB\WINDOWS\System32\drivers\tm.sysp  5}MVqo: :}vU LMicrosoft Windows Production PCA 2011$Microsoft Windows32AYmM2 8^Ymt>6k@ZN\WINDOWS\System32\drivers\uaspstor.sys  3gcAb&[@ 'c_C LMicrosoft Windows Production PCA 2011$Microsoft Windows32AYmM2 8^Ymt>6k@TH\WINDOWS\System32\drivers\msrpc.sys  x?So ĀlPPRͷ,+|Z% LMicrosoft Windows Production PCA 2011$Microsoft Windows3eQ\e h`S71Wz+@TH\WINDOWS\System32\drivers\tcpip.sys.  6Ϲ&-:3OU9Ol,U6 LMicrosoft Windows Production PCA 2011$Microsoft Windows3eQ\e h`S71Wz+@XL\WINDOWS\System32\drivers\PCIIDEX.SYS0  ;Gݓ4iB[9iy|cZ LMicrosoft Windows Production PCA 2011$Microsoft Windows3eQ\e h`S71Wz+@XL\WINDOWS\System32\drivers\usbccgp.sys0  tfv?Bz'%:ֳ LMicrosoft Windows Production PCA 2011$Microsoft Windows3eQ\e h`S71Wz+@VJ\WINDOWS\System32\drivers\FLTMGR.SYS  $o}-4keX8 ضxlL]gǩf LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR@B6\WINDOWS\system32\skci.dll  [TsSn/(ԴniVnJ R LMicrosoft Windows Production PCA 2011$Microsoft Windows3eQ\e h`S71Wz+@ZN\WINDOWS\System32\drivers\intelide.sys  ߘtΒWMLYf1@ޤ"r LMicrosoft Windows Production PCA 2011$Microsoft Windows3eQ\e h`S71Wz+@TH\WINDOWS\system32\drivers\NETIO.SYS@   A& (lŊIX@ G LMicrosoft Windows Production PCA 2011$Microsoft Windows3eQ\e h`S71Wz+@XL\WINDOWS\System32\drivers\UsbHub3.sys   j(KDŁSԐҜ|Si+ LMicrosoft Windows Production PCA 2011$Microsoft Windows3f\f 4B" 6oox@@ZN\WINDOWS\System32\drivers\hwpolicy.sys  Wůegp/p\)[#/i8 LMicrosoft Windows Production PCA 2011$Microsoft Windows32AYmM2 8^Ymt>6k@ZN\WINDOWS\System32\drivers\storahci.sys  SJT ,E#Pv `Fh}=ywQb?W LMicrosoft Windows Production PCA 2011$Microsoft Windows3eQ\e h`S71Wz+@ZN\WINDOWS\system32\drivers\Wdf01000.sysP   {<ɞ XS‰uBF3-ߊ& LMicrosoft Windows Production PCA 2011$Microsoft Windows32AYmM2 8^Ymt>6k@ZN\WINDOWS\system32\drivers\ucx01000.sys  HlFEoFgu% v  ' LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR@PD\WINDOWS\system32\drivers\pdc.sys0  =>E?;^I3$"o*9lZ LMicrosoft Windows Production PCA 2011$Microsoft Windows32AYmM2 8^Ymt>6k@h\\WINDOWS\boot\resources\en-US\bootres.dll.mui0  bk >ZŤ-\BY&HM LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR@XL\WINDOWS\System32\drivers\USBXHCI.SYS  ^M4XYw 5dw^’ LMicrosoft Windows Production PCA 2011$Microsoft Windows3f\f 4B" 6oox@@`T\WINDOWS\System32\drivers\EhStorClass.sys  !ΦO~ABQ'yz UXWo LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR@ZN\WINDOWS\System32\drivers\storport.sys   3 7ux}\M{(mul LMicrosoft Windows Production PCA 2011$Microsoft Windows32AYmM2 8^Ymt>6k@VJ\WINDOWS\System32\drivers\usbhub.sys  0PUcH昺F˵{'- LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR@VJ\WINDOWS\System32\drivers\volmgr.sys  K5DޫrJ6~ȓ Dp᛫. LMicrosoft Windows Production PCA 2011$Microsoft Windows3f\f 4B" 6oox@@J>\WINDOWS\system32\ntoskrnl.exeP  bChGbekMcm*79o tr LMicrosoft Windows Production PCA 2011$Microsoft Windows3eQ\e h`S71Wz+@WJ\WINDOWS\system32\DRIVERS\Parity.sys  Swwj~W[C 4\2ߧLeQ PSymantec Class 3 SHA256 Code Signing CA$Carbon Black, Inc.SG.S [ Mfk6357@ZN\WINDOWS\system32\drivers\mssecflt.sys  J5`ע8NSi^u[ LMicrosoft Windows Production PCA 2011$Microsoft Windows3f\f 4B" 6oox@@PD\WINDOWS\System32\drivers\pci.sys  AO s3R&6)|O<} LMicrosoft Windows Production PCA 2011$Microsoft Windows3eQ\e h`S71Wz+@ZN\WINDOWS\System32\drivers\msisadrv.sys  .!32#P>. uɋ>" LMicrosoft Windows Production PCA 2011$Microsoft Windows32AYmM2 8^Ymt>6k@XL\WINDOWS\System32\drivers\storufs.sys0  $]!y1 b;F7l LMicrosoft Windows Production PCA 2011$Microsoft Windows3eQ\e h`S71Wz+@PD\WINDOWS\System32\drivers\tpm.sys  Ugot1EЉuʎ%`t!j!?{ LMicrosoft Windows Production PCA 2011$Microsoft Windows3f\f 4B" 6oox@@ZN\WINDOWS\System32\drivers\vdrvroot.sys0  #1v4 0KNͤ\\4b8 LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR@XL\WINDOWS\System32\drivers\ntosext.sys  hZ@=@|wTnS:~ 覓> LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR@P\WINDOWS\system32\drivers\wd\WdBoot.sys  0ɲсKb-O6* X&zߒ> @Microsoft Code Signing PCA 2010lMicrosoft Windows Early Launch Anti-malware Publisher3 r."i Đ1ȭ;{A_7><@XL\WINDOWS\System32\drivers\volsnap.sys  Bn6k@ZN\WINDOWS\system32\drivers\VmsProxy.sys  ' ۛWT=VnWCw LMicrosoft Windows Production PCA 2011$Microsoft Windows3eQ\e h`S71Wz+@RF\WINDOWS\System32\drivers\ACPI.sys    :eaJT\W7)S LMicrosoft Windows Production PCA 2011$Microsoft Windows3eQ\e h`S71Wz+@qb\WINDOWS\system32\DRIVERS\CSFirmwareAnalysis.sys  ZPBWOmIzr-'8aa RDigiCert SHA2 Assured ID Code Signing CA$CrowdStrike, Inc. $--E|( H^XMϑSS@VJ\WINDOWS\System32\Drivers\acpiex.sysP  ??0ε_1 k̨ IS LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR@RF\WINDOWS\system32\drivers\lxss.sys  ;[?gEJ g6d LMicrosoft Windows Production PCA 2011$Microsoft Windows3f\f 4B" 6oox@@k\\WINDOWS\System32\drivers\CSDeviceControl.sys`  Fl>7Ѭ-MyVb1L5]\ RDigiCert SHA2 Assured ID Code Signing CA$CrowdStrike, Inc. $--E|( H^XMϑSS@XL\WINDOWS\System32\drivers\USBSTOR.SYSP  p]]: PH\Q0ų LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR@XL\WINDOWS\System32\drivers\volmgrx.sys0  |^LZXOJj*zyN LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR@@4\WINDOWS\system32\hal.dll@   Z{s))ټHG7š tnC+'k LMicrosoft Windows Production PCA 2011$Microsoft Windows32AYmM2 8^Ymt>6k@^\WINDOWS\system32\drivers\WindowsTrustedRT.sysp  Ul&g(Ws{v#eZg %p @Microsoft Code Signing PCA 2010nMicrosoft Windows Hardware Abstraction Layer Publisher3?X=X3? f,HQEzs2@RF\WINDOWS\system32\ApiSetSchema.dll   )a$'<'l9N LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR@ZN\WINDOWS\System32\drivers\mountmgr.sys  wv# LMicrosoft Windows Production PCA 2011$Microsoft Windows32AYmM2 8^Ymt>6k@PD\WINDOWS\System32\Drivers\mup.sys`  Ξc|sf#3X_ П '; f+ LMicrosoft Windows Production PCA 2011$Microsoft Windows3f\f 4B" 6oox@@D8\WINDOWS\system32\PSHED.dll  ? kA;HlyzRM{G6 LMicrosoft Windows Production PCA 2011$Microsoft Windows3"y= Gc.BGIض5lR/7\_j3Z(:@&0"0  *H 0 lMHJ#*n ֋hq0嗬 nCmsסԣXma¾Qj$o'2|FXaj()sv* b;ˌE@O{鶪3dCor&+QPR $ &^1*ǝoji~&0"0  *H 0  . i!i33T ҋ8-|byJ?5 pk6u1ݍp7tF([`#,GgQ'rɹ;S5|'# oFnp|˒;1 WJt+l~t96 Nj gN %#d>RŎ,QsbsA8js ds<3%&0"0  *H 0 ,hQ`qGXM#bjZQ wh6/!Pڞ_'N — p\ N ΑrT.ΣDR?A3 Iڨan99WBCL Iڨan99WBCLIڨan99WBCLD:k{VO.9<գJExit Boot Services InvocationGUEx׿6~.H (Exit Boot Services Returned with Success+Q y̷-w EWindows AIKn:.(Iu l[P6QUT2BB Mi*/0(IFX (wtpm61!mc^Íwil|N~k "4R?A5^ZҀi{rq8_(":K`ZL"14$,r-S* z_i,a u}pUoKVC T- l_ԥ-׾>^?P-Py03 rvæ/;jVt.+?ʏot^P+43U֍~O (ESJWAgolang-github-google-go-eventlog-0.0.2/testdata/legacydata/sb_cert_eventlog000066400000000000000000000450031515555264200271300ustar00rootroot00000000000000)Spec ID Event03 0#ܧ)>23EP) ${0Wڣ]Ÿ~A xc W Aa(;h䵓YEheΣ$"a$` |M@AIMɐSC'} K(EںU+b}4vv1A@ ,S^aư1E@6|2jR+1\h *5aʓ + SecureBootZ>4=PB ۻfXe̘Jx[ArD cU<w ӥUZS:jC{* EhJaʓ +&PKY䔧J\+r& ҈G[G00ޠ Jg]0  *H  010 U newpk0 180821215115Z 180920215115Z010 U newpk0"0  *H 0 ̹|mkcb |,E΅RRH|C& 6ioТ#o4OkpBi!}u1 P#;V G0]c9ᖡ=&Ӣlȗ겕<:Q?%K>QՑg歌j'?NlV*Y` yө|WQa7}nRCH<ͼ9G F6ܒJF#XKS0Q0UPB/ۗ'(t1F^`0U#0PB/ۗ'(t1F^`0U00  *H  R?罰$2I{4;v`=ki[,׼}Yõ.l1#60g::+b!`,.(nfpX(gil'X%Pp`nTJmE[4&M<$.yȬ|8GCk3PWsJs{K ǃ 6Zi@ ,/==p5¹>qƭ$?}`ozuLQhX38%*KEg3%?CD nPyB.Ztvi b&G[d}-.fb {l"ZfWV @y΋V=ڑ WBB7B)C#(4~2x>aʓ +KEKY䔧J\+r҈G[G00Р a ш0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110"0  *H 0 赊W&&WzD] Jt*mZc2|O 8, 0HPdQȅO /Sjb: C%#pM/$JC ~Gl3*q<% /hvFOܭq*Xy=e;)*rY뮒5_̝vcy@yR{iO0K0 +70UbC͠>g[U{̶_0 +7  SubCA0 U0U00U#0EfRC~XN#U;:"j0\UU0S0QOMKhttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *H  Ԅ*<* נRfuz-vZy7jQ{ddgxΈXd W_iHK2]0x+4VʮA%pkז* K(){|vyo~l{E4Q9^VBwqV̟#˦X~ig~ <νC-j+Z|DR-R=`3e |N8/ o.9'B)FA;gCYe Ou;$PA@y-O j'vnRi{E­S076aJi4hl l"yF`!y2`ج"KK}?W5Ou`"Sy֛ATp 5|4r`;y뢲]%o8yi uk4`\WN62ļYp'7BCsT EOiM("ͨjs\Gx '/qkI7ƠPA:nņ#Ol]O߷˲:=EgeodbY䔧J\+r@$҈G[G00 a0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110"0  *H 0 lLE jK u CTd} s JEa-+MIA#/^Pƍ_A. lui!Mڭ,wS%27lRr5aj;PV2-B'UZ0TG%/&A\?[<>?GrU%"{*F 5'bq'Y7`8xpLEe¶~iuYXY䔧J\+r҈G[G00ՠ(:%DDXkC90  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100 100623215724Z 350623220401Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100"0  *H 0 (NPhA{뮶"De4iLp@{y 9=vZٵ.<m$TVPtY ńvho(x\PDc_,!B1(6Pb֫q[ $շ˷!bܡ]7Fc*~j"W@oE1E!@&rO<~X^cbx $j'_?J03"R\%FYCb-DFxa~0 A*"f9ENj /R c3#g֧Ppc,ZCn)n!!A&…2lKL?]嵝wÜUt8PB$0ZR4s3zA`# HE\Q.w6p㍀hv]pR"f>/wHL7Q#'׸NpDvxϚfQ0O0 U0U00UVˏ\bh=[Κ0 +70  *H  qC1V2q[57&>O m[;depfZQgmyV{䄹+@&4Gi׶ѿagĵ`C6I ʭ'e [*Є3 X7urlu*f"0V@0@w׋Ӳw SMyq0g,"AzBYyUoڃf@ h#[.&WŸib2|{+3*chbGzE:iBGV{p6sM3#& *?D܃'aY+Oŋ 12BavZ=fEq$ԺA4]-%HmK} atW&iLj$R$\ ڞ_[Ԃ P%@:3nÄ U%95]e1 )dz62.ܕZϋ!1L` #"6doPa@Yq3i|s8d iY䔧J\+r҈G[G00 avV0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100 111019184142Z 261019185142Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110"0  *H 0  . i!i33T ҋ8-|byJ?5 pk6u1ݍp7tF([`#,GgQ'rɹ;S5|'# oFnhttp://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0  *H  |qQyn9>\` QfG=*hwLb{Ǻz4KbzJ7-W|=ܸZij:ni!7ށugӓW^)9-Es[zFX^gl5?$5 uVx,Јߺ~,c#!xlX6+̤-@EΊ\k>p* j_Gc 26*pZBYqKW~!<ŹE ŕ]b֠c uw}=EWo3wbY~Y䔧J\+r/҈G[G003PHqB8sӴ=0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 101005220228Z 351005220933Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0"0  *H 0 ^@-h$Y H;R%:uakΝߟ(36ڃ2ȡYJ` j \".9zhqn2'g zI0 {N"1mIm&A[K/~0yhJw<3U^eޯ^t&XVHirg8N_+;ËUTdsSVΒ'[}VW zY#elm^n2xPI(Vk )y5gbc|max4L*mzU뇓M(t OYfQ>>[$xO_4ĜTHdDB;j h$*"Ky:YN#?vNhU**dAF$[vEQ]@No~{-<Ä( TMIՀ0/!f$a˲:=Egeodbx&LP@A6C(0wY2M`(xKi1 ORm@`MAe wY2M`(xK/֒r($E4[$k;}nzwY2M`(xKء- *o.s >d,NgyjwY2M`(xK63M. xbdYWC&`HXšvwY2M`(xK세Kle qR0! b h2۲ '%'߶=IҕrLwY2M`(xK^T`< k覃R8wY2M`(xKƨXdoy(#g+69ОwY2M`(xK _NQxmЁ%orxRYe&wY2M`(xK Cڬz0eu1{ 될ctwY2M`(xK 9v-6=cqZ9ϰF\`lk׽wY2M`(xK o)o3}rK H:*?OwY2M`(xK !Hʃ62u> [1R*[wY2M`(xKoN0;t􀠀Ѐ+ot!hwY2M`(xKN: [CƦ@O4=9bgΔ.#ڒ wY2M`(xK34)bퟗ>H-.ImTdwY2M`(xK+&B.6_K 'lKzoD/ki9wY2M`(xK+,'R*]IZ+R]fbUwY2M`(xK,s3%mԤ<[UYPPR}wY2M`(xK.pgsQpW2.#ӹ+Q}wY2M`(xK0f(Tw0W(JF}8zTiv^uҍwY2M`(xK6Awz/^g4g^Ù^i5 ҽwY2M`(xK8A!6\ !`9MlN g`b[wY2M`(xK?Λ>TR^·mt:syqUpj>swY2M`(xKCʃc| C-/&zKuwY2M`(xKGa':k,Zmk6!h,*Z߽wY2M`(xKQ1s>!"Ty 0a5wY2M`(xKZIU9[.B,/gg6A+\wY2M`(xKkxA{^`Gr̴/fwY2M`(xKlTGYQ&l+585rѓ.wY2M`(xKo(qկ.{˫d|eͶ& :x^wY2M`(xKqo"I~TFb$ whٿcuwY2M`(xKrk>Tj0=ppq-ĝ,#wY2M`(xKrg]V;ݼ2ت^/m(ؽwY2M`(xKx'6,q}䱿CqZH[ʤKŽwY2M`(xKeӇk)T̕SϪȣ;3佚wY2M`(xK;δCΝч͛YA=Xo+V7W_gwY2M`(xKZ~OG q"8b:ߒ=wY2M`(xKHY jagznFdr!YEwY2M`(xK4͐e;=<5P_{c!wY2M`(xK se(Q$Q?eYW5)@νwY2M`(xK5g+6~OIia]JlrMBwY2M`(xK,";VB\GYG8DoYwY2M`(xKn=)t=J2@ؽwY2M`(xKcOx,7`XbfnmwY2M`(xKϲ2.KmH],qgrRY\u"6wY2M`(xKaJ~UәnE AR'[wY2M`(xKU =HZ7?=|cwY2M`(xKw ^; b x  S^ˇ k/wY2M`(xK<9"`tFu7̔ܭZ˦G/4q9脽wY2M`(xK;S> #Aryę-æ6wY2M`(xKQ3@HΈrRjRç`IwY2M`(xKdW[x.V4Rk DxYuN-dEwY2M`(xKEȮu ϻH7R}ddMؑ<͊$MigߎixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ Vw`:˖+KY\ 1.7Dw "7بZIem [2} ,nrݎIv)a(}D&-CouYCH˲:=Egeo$db҈G[G00 a0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110"0  *H 0 lLE jK u CTd} s JEa-+MIA#/^Pƍ_A. lui!Mڭ,wS%27lRr5aj;PV2-B'UZ0TG%/&A\?[<>?GrU%"{*F 5'bq'Y7`8xpLEe¶~iuYXCAZXAa+ ?^mb &LStp"7hGd8 xj  Hp2i5X~nIU{2ISx? xɑبmEFI PART\l ?"?ϴ[&OSo==rGy=iG}|A"x?Hah!IdontNeedEFIW=JOyf;'(s*K>;*'I':LE(w90J_4gs+> LW >!f>-# X3#6 ߻⅔G+E Do-&Ϻ`*MC`# Z ^x A *(P*'I':LE0\EFI\BOOT\BOOTX64.EFIi[o՞V^W>TEH 8{mehEH@@}lJF3 ^v a<b4CrG_4r;WGRJ22jl)tx]zD('Rfl pܠ@>.g+C00U *#eZ&4Zc0U#0 *#eZ&4Zc0U00 U0CU<0:08642http://www.canonical.com/secure-boot-master-ca.crl0  *H  ?}v+zmRPGwҮW2:UVv Qۚ\?sڔj8m9qtv>V#5UG[AL b s^ֵz~>~f[9HQS1S;upLF=hG}QĚϣ]풻3Qs fm'wBj WfKJ٦Kp ]FV1Y(kW#WݍQ+Ǭ)5!^ xMA "\B3.r]\UFmS]m~)]zD('Rfl pܠ@>.g+C00U *#eZ&4Zc0U#0 *#eZ&4Zc0U00 U0CU<0:08642http://www.canonical.com/secure-boot-master-ca.crl0  *H  ?}v+zmRPGwҮW2:UVv Qۚ\?sڔj8m9qtv>V#5UG[AL b s^ֵz~>~f[9HQS1S;upLF=hG}QĚϣ]풻3Qs fm'wBj golang-github-google-go-eventlog-0.0.2/testdata/legacydata/short_no_action_eventlog000066400000000000000000000000611515555264200306720ustar00rootroot00000000000000StartupLocalityubuntu_2104_shielded_vm_no_secure_boot_eventlog000066400000000000000000001125741515555264200350600ustar00rootroot00000000000000golang-github-google-go-eventlog-0.0.2/testdata/legacydata)Spec ID Event03 0?pۯfU@6GL  2᥌M5}P;[jZy m.Bϒ4I9?71a!ߊΦae c0GCE Virtual Firmware v1Bq@U'r7i~ {tޣL鴗UɭR=ZN/h'o M'+{F (?^UɈ?,پߎH /Px^ GCE NonHostInfoWMBGZ'CHO;B Z'DVb շ{M Ϥrb{mVi*X{Ecn ϯ@GK^ַ325aʓ + SecureBootZ>4=PB ۻfXe̘Jx[ArD cU<w ӥUZS:jC{* EhJaʓ +&PKY䔧J\+r& ҈G[G00ޠ Jg]0  *H  010 U newpk0 180821215115Z 180920215115Z010 U newpk0"0  *H 0 ̹|mkcb |,E΅RRH|C& 6ioТ#o4OkpBi!}u1 P#;V G0]c9ᖡ=&Ӣlȗ겕<:Q?%K>QՑg歌j'?NlV*Y` yө|WQa7}nRCH<ͼ9G F6ܒJF#XKS0Q0UPB/ۗ'(t1F^`0U#0PB/ۗ'(t1F^`0U00  *H  R?罰$2I{4;v`=ki[,׼}Yõ.l1#60g::+b!`,.(nfpX(gil'X%Pp`nTJmE[4&M<$.yȬ|8GCk3PWsJs{K ǃ 6Zi@ ,/==p5¹>qƭ$?}`ozuLQhX38%*KEg3%?CD nPyB.Ztvi b&G[d}-.fb {l"ZfWV @y΋V=ڑ WBB7B)C#(4~2x>aʓ +KEKY䔧J\+r҈G[G00Р a ш0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110"0  *H 0 赊W&&WzD] Jt*mZc2|O 8, 0HPdQȅO /Sjb: C%#pM/$JC ~Gl3*q<% /hvFOܭq*Xy=e;)*rY뮒5_̝vcy@yR{iO0K0 +70UbC͠>g[U{̶_0 +7  SubCA0 U0U00U#0EfRC~XN#U;:"j0\UU0S0QOMKhttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *H  Ԅ*<* נRfuz-vZy7jQ{ddgxΈXd W_iHK2]0x+4VʮA%pkז* K(){|vyo~l{E4Q9^VBwqV̟#˦X~ig~ <νC-j+Z|DR-R=`3e |N8/ o.9'B)FA;gCYe Ou;$PA@y-O j'vnRi{E­S076aJi4hl l"yF`!y2`ج"KK}?W5Ou`"Sy֛ATp 5|4r`;y뢲]%o8yi uk4`\WN62 'a`"r b8ÄbtņT)!%A$62̯Z 5 b[|<((yw6bB:؛Ȧ(!7k ˲:=EgeoG dbY䔧J\+r@$҈G[G00 a0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110"0  *H 0 lLE jK u CTd} s JEa-+MIA#/^Pƍ_A. lui!Mڭ,wS%27lRr5aj;PV2-B'UZ0TG%/&A\?[<>?GrU%"{*F 5'bq'Y7`8xpLEe¶~iuYXY䔧J\+r҈G[G00 avV0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100 111019184142Z 261019185142Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110"0  *H 0  . i!i33T ҋ8-|byJ?5 pk6u1ݍp7tF([`#,GgQ'rɹ;S5|'# oFnhttp://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0  *H  |qQyn9>\` QfG=*hwLb{Ǻz4KbzJ7-W|=ܸZij:ni!7ށugӓW^)9-Es[zFX^gl5?$5 uVx,Јߺ~,c#!xlX6+̤-@EΊ\k>p* j_Gc 26*pZBYqKW~!<ŹE ŕ]b֠c uw}=EWo3wbY~^fQߛ|^ kVs@{ "^Q_:@ɼ B%-JAxN|zKx, c6ߗ.˭.˲:=Egeo.dbxY䔧J\+rP4wY2M`(xK0 00  *H  01 0 UGB10U Isle of Man10U Douglas10U Canonical Ltd.1402U +Canonical Ltd. Master Certificate Authority0 120412113908Z 420411113908Z01 0 UGB10U Isle of Man10U Canonical Ltd.10U Secure Boot1+0)U "Canonical Ltd. Secure Boot Signing0"0  *H 0 _b dbKҟa+]8ιCCwO pF mm^ҷf mA cO|R̠1]FoUsvi!O"[-ە4(K!LʻyZg\xE=mY&WN,N7MG;| o鍣ξݔ00 U00U%0+ +7 0, `HB OpenSSL Generated Certificate0UaH* Z rPڐ30U#0 *#eZ&4Zc0  *H  ) J%}jyg%%Z^Z\ˍ#se"kIgɣbN\@܇aB"*\NR+89]Ve_+O&x]2E%G 7iv~4;gN%^_@1# % UG^[3ݳ1Z\]}> Y}; >o!9Y䔧J\+rwY2M`(xK00p 9\zP0  *H  0A10U Toliman10 U Cisco10UVirtual UEFI Root CA0  180403174734Z20990403161930Z0?10 U Cisco10U Antares10U Virtual UEFI SubCA0"0  *H 0 M!+ w1\W>ae~"O/KhLQgFBKj)g@gEҨW sUWďPIHfx+GUH%m".a.MX~x['} s연^u?xq/΃S10N#| T:^y^NͪނqNII鰫*GS0'|f o~=>ԢjY//=(BR=$@ve9070 `HB0U%0  +7 0 U0  *H  W`L)}k\l?iHudJ &!V]>uM=~B@qylqbǘ' / ɟ%ͻUuA1N]¬F՝G2Dt0WV~)ۛSҽ/ju&Ed(yWzd,NgyjwY2M`(xK세Kle qR0! b h2۲ '%'߶=IҕrLwY2M`(xKoN0;t􀠀Ѐ+ot!hwY2M`(xKN: [CƦ@O4=9bgΔ.#ڒ wY2M`(xK+&B.6_K 'lKzoD/ki9wY2M`(xK.pgsQpW2.#ӹ+Q}wY2M`(xK?Λ>TR^·mt:syqUpj>swY2M`(xKGa':k,Zmk6!h,*Z߽wY2M`(xKqo"I~TFb$ whٿcuwY2M`(xK;δCΝч͛YA=Xo+V7W_gwY2M`(xKHY jagznFdr!YEwY2M`(xK se(Q )$졺wY2M`(xK*xtUq *{F 2xnMwY2M`(xKᝮ.o(Xw#5yD=<wY2M`(xK9(K_3,w@ۦcJɱwY2M`(xK2 Edf(|zB3}) wY2M`(xK_ˣ>XGj( &q!}I/wY2M`(xKKheݐBOЮ2p>` wY2M`(xK4 qTzDUHwY2M`(xK5nU T5L5`[-UwY2M`(xK4kW3$ke^6**pIwY2M`(xKcWÔ. fD[WK`wY2M`(xKYVDc0wF*!Y[YswY2M`(xKۯm=[8S0J~ ͼX"1lwY2M`(xKebr.^^lnO{+.k콚wY2M`(xK[$=q==ݍKzq&W8_-ȆwY2M`(xK&yeAF 5Vw kĄ0tlwY2M`(xKmSco##o=WKׇ?wY2M`(xK !|~_N6p8 <#ʑC wY2M`(xKA7ǐvqos}:-M0_wY2M`(xK!jd@U@V풕a7XH.񷽚wY2M`(xKn [G{LӨ̤ X$׺wY2M`(xKLzAǃHBvo4Pс;wY2M`(xK-t6b) \\6BwY2M`(xKwOܑ蟣\N4Le2,ȷ? JiIze*UBw+ܑwY2M`(xK{Tc^wѬ҃?JW`<,ywY2M`(xK9]WQxWn!|Y_j%wY2M`(xKϧq+!oT(g-l~swY2M`(xK>'˳D8#'_\Y:7fۘL^Cz?kwY2M`(xKhF2Ǿf>ݓE-}ICwY2M`(xKK1ZUqH=s-M.!-1^нwY2M`(xK :U)7KZO&kRp촪%8wY2M`(xK~LԯcNhUyQ9q0(U+kwY2M`(xKh1!gKp,_]p-HwY2M`(xK<䰱rGoWY{'NĽwY2M`(xKWq*䉳tvͩa)بhҶc91]wY2M`(xK:(L} ,^L0J䕭ŌE< wY2M`(xKISylQ ~+d4ut彚wY2M`(xKu^i*1ËgVpwY2M`(xKSR)1B<I̧rRäY wY2M`(xK?>B~CS%+~^r n'mCwY2M`(xKr.#VrAJPΦj5!zwY2M`(xK\Xj7Eph(|A˛_RzUwY2M`(xKN5Lch'IW+)4%OSrTIwY2M`(xKJ)^ 7 kώd !1wY2M`(xK~q4Tao[ׄq*O4x*8pwY2M`(xK[nOe#X|,_gv*wY2M`(xK"M ?bQj~,lpwY2M`(xK (@%gq8R-(Gn5;AwY2M`(xK  s~oYlIP/KwY2M`(xK u pt$mOǴ>Yj53 kOur^wY2M`(xK QאoēIv]Bk,jrS2㧽wY2M`(xKQ0[Yec@i*.IQwY2M`(xKw0/I?%+o4j0/ wY2M`(xKqZD"3 K1L)]mwY2M`(xKs(x#bU߮T+r)ָwY2M`(xKXڋ3_:4?]W<+ wY2M`(xK^E4 5=eS|퓽wY2M`(xK' cj} [9f'NGwY2M`(xK)̤TN0DŽi\k"{[(@꽚wY2M`(xK+"kĤU.{\KH6ĘwY2M`(xK-ώp#E=h0پLwY2M`(xK1*[P0̓>T/GwY2M`(xK22mϬ^˝,\;"Ϝn`ǘԧwY2M`(xK4 +X3+V0 ֹ'IX%wY2M`(xK6. (1o aS.uPwY2M`(xK6z1僈1,FGjl決 z^wY2M`(xK7ei[B{5;!7褛o Yjxj4wY2M`(xK8mi\-EvxQUv7;ywY2M`(xK:Ot+3=藾BUwY2M`(xK:lEp YBb-Q.s5wY2M`(xK;45igA QLiOsYwY2M`(xK>9&ZաAgdz<=C!]D7A-(wY2M`(xK@ mY :0WY/B_wY2M`(xKAm[4{x+_ up\MGy=ĘwY2M`(xKAw2NeW2 DkQ%wwY2M`(xKEkMa[:tz]ZH)A A/]wY2M`(xKFg% ktͱdXsoW]ou]gwY2M`(xKGc@y1Q[./]=2wY2M`(xKW:R"vͯ1툉Td%St zӕwY2M`(xKX"q!mc~:e3?EƼ߽wY2M`(xK]˻J}KhRYpo"A̭wY2M`(xKaģwYp4ռn:ߺ t M⋈GGNwY2M`(xKm2WƤpu_AP0.ZG|wY2M`(xKpE 9Ui %2N 9X4ԉ-QwY2M`(xKro|뒘Ʈt϶]Af wY2M`(xKxd!sԨ(dqV 5zXbK7u wY2M`(xKx3ҿQg=>}QqV'whm#wY2M`(xKxʫ > ,#9LJnS1wY2M`(xKI̳ 2;zUD\1I^`pP'wY2M`(xKH#leYM+. P(4wY2M`(xKMx962̑Zt.0עfYG,+kfwY2M`(xKIW!cH#22hXe) pwY2M`(xK iYevFK*R$ԡHϭwY2M`(xKczl` rvիWȟ`-⽚wY2M`(xKejI;8$&2HWH [s 2SwY2M`(xK[Ƅ9čcvM/;wjwY2M`(xKpx|a:霚]Xf~,Չgz|LrwY2M`(xK-5hLHZkCbD|9d{wY2M`(xKTU豉AKl@ko>h݆1wY2M`(xKOvk֨_BMHv 8wY2M`(xK%0_9~uck6 WsnkЋuwY2M`(xKܷ/^t':@<y~"PwY2M`(xK? 2ī4:E %!j,wY2M`(xKxĽT5Y.¥{j50d/wY2M`(xK$B9os!slwY2M`(xK;GN[3SIHkvXg[wY2M`(xKֵ{E|{V)fZ=G:KQwY2M`(xK?Y ,%hy?nwy^m|"SuwY2M`(xK3c~mVɊS/ mIwY2M`(xKu2\fOJ7/5SHfwY2M`(xK&Wup*)\ŽwY2M`(xKC](*|sG[wk|v?iwY2M`(xKf;Mhn$poLgf DpwY2M`(xKFY~_ronr{h 8\BjwY2M`(xKP[k 9eNu^ƛwY2M`(xK- ^@!l,y ԽwY2M`(xKƝd9gBR~j<'on4"wY2M`(xK4 tĥnAܨ8rPykwY2M`(xK̎n!,zZ~m xGwY2M`(xKC.<~p%з yA(wY2M`(xKؚlHTKg f HKpNBwY2M`(xKf'g4$R;is"*M wY2M`(xK5` 2LiȖCkFUwY2M`(xKR(ÕiwwY2M`(xKߑO U|s,YE.NwY2M`(xKQ0Fj",aW_F彚wY2M`(xKmq!ꈄ(E2ooNS~T61wY2M`(xK㘑œ΂fo[+ШǿwY2M`(xKoy-O22٧o{aơ>;ȽwY2M`(xKM[kFGywhIGf wY2M`(xKfIa Oj);#(~.rwY2M`(xKU*y6b;1 To rgwY2M`(xKQ; TJh‘şB ܲ> Z~ =wY2M`(xKm5TiA @h)Y\,d*JwY2M`(xKa@?|ةpY}2ߏkwI_wY2M`(xKmq;`O, !ޮg%B[}:1[wßTixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟p$=Ҵ I APǠ᫡OwG"1@vԊFQU ulc%CD0mlʞ9l0{au9:aʓ + BootOrder/B3ȮZv-how }>2?4Uk6vf *'B"2;QTH-Xj }%࿆XEAzhaʓ +vBoot0003bubuntu*(PaNLD9q% \4\EFI\ubuntu\shimx64.efi"۠5(޶Kt+ 10` äJTF.l _6* #Ra/4Fv bִvKVҎzgŏҩt˜naʓ +>Boot0000 ,UiAppɽ|4O>e!,FvEnf#1A+{7 ex,hE |0fe*%|6 oo6Y?W:9qMtNDrG([ C(nm /Kaʓ +lBoot0001UEFI Google PersistentDisk  A NYMR,Y1=^t :f4,aZョZ9 |ׇdz,xEx}3Q'csD[gD]4Kiaʓ +SBoot0002!VirtScsi(0,3,0) DiskVirtScsi(0,3,0) DiskE1A'S&7V =grNu*,L_rPo*ƝV3 wڲ1+NWMZ!gz!*ځ x@4k 8 Cq(Calling EFI Application from Boot OptionixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟ixE (QsC>RRs ?a/@W-=HwRI$ 9CA,'ư~ a6)+Wes~ٮAXq`᭟U{)nc tŀ ;7OT?yq!T*ha 90ꄁ 8m,*eFf彏PKzo m])EFI PART\ f_F"_F͕ @xen=rGy=iG}䮦CdM2P<x_FHah!IdontNeedEFIbH9>l}'(s*K>;aNLD9q% \(w"@-G!@k+J; be20ф3tnŮ|ۗ=X & OIڏYe#M.ضñFVӰxEGQwxύUx7o_!@޽А| A *(PaNLD9q% \4\EFI\ubuntu\shimx64.efi h`ݚڒ?) /kVGd̦t^͗t8<}&J 3We_ e |ǁ%O4ZmWow(c tiTCKvpas٦2t\`9'(hd0,gpt1)/boot/grub/x86_64-efi/fs.lst ҁ9R2: vo8I'{ 6>w'.uC Aej`;Ntw]^͇ 6CLkVrTA*fX68+(hd0,gpt1)/boot/grub/x86_64-efi/crypto.lst f&K Ӕ(ꔓ F/6-`Bj1JZjCb%ߜ $Mk6Ŗ:'kX{Ȯ#FT\-(hd0,gpt1)/boot/grub/x86_64-efi/terminal.lst h.2jD+ M>wmtvO2W-T3q84~m} SGUĶr[Kc~eP JF߶VG7ם3grub_cmd: configfile (hd0,gpt1)/boot/grub/grub.cfg l36AjQyչz UUּdqjW7ڢleӆ!? 膸fҜʢܳou }}5A_dҵ_; (hd0,gpt1)/boot/grub/grub.cfg >\.+/mA s/3 ~+4ƨ6(-fVDo s V͆Gqo6Jzlhtf0S*u.grub_cmd: [ -s (hd0,gpt1)/boot/grub/grubenv ] ~U1dZBD^nM .B4QQ5k{߆V? d7>wƷPe>Qd;AIԊ6vU](hd0,gpt1)/boot/grub/grubenv wƷPe>Qd;AIԊ6vU](hd0,gpt1)/boot/grub/grubenv @hC^ ҹ)j/U'}4{~AV - `Gdml,x@kHtj>!*Cݽ]2Fgrub_cmd: [ = 2 ] E+ (]8 NCac(] Z9`{, sz8+ a[<%Ȝ?}dw`/aHj9SDV{Smmgrub_cmd: [ = 1 ] q #|A2Hǰ ΁$ G3DmynD: e ".%p/ru:TUMfVg?t'\%xΏHQgrub_cmd: [ ] u@ E+0≯>k :@&u}6\uo2>uѼX k$/rƦ.XXDdFg0nی%-_9G@grub_cmd: set default=0 g?go複 Eh6X1-dZ40/B7R!]iY 62wBn{=xyځ;,S,WJgrub_cmd: [ xy = xy ] R e*'~C# }MKbFc,!!%\46U a?Q@|T]RU2DÐ;)a龬f#grub_cmd: menuentry_id_option=--id bHY x̽/A J7 ;y}L^2+RGkPm^ -9{=d*m ;(xnk <۷h%grub_cmd: export menuentry_id_option q #|A2Hǰ ΁$ G3DmynD: e ".%p/ru:TUMfVg?t'\%xΏHQgrub_cmd: [ ] }r╉anJ $(ЛK%_]Vw$=_ \LLFTŲِgoSiS°%{:.*!grub_cmd: terminal_input console ^ G4 RU@ 0J#'wl"j }T" "F[  ]^z&u拣iL"grub_cmd: terminal_output console E+ (]8 NCac(] Z9`{, sz8+ a[<%Ȝ?}dw`/aHj9SDV{Smmgrub_cmd: [ = 1 ] g?go複 Eh6X1-dZ40/B7R!]iY 62wBn{=xyځ;,S,WJgrub_cmd: [ xy = xy ] Xy^;k9֍۩XG aʥOK?7Zt$NNގ ` _ vͧo.KE%WF.7zKH}DeB܊V#grub_cmd: set timeout_style=hidden 1BaYm'O" rC'oLrn#8)M E+Lv@@ekUhZl grub_cmd: set timeout=0.1 UF>4>cQ ϤgouGzf3>4ٳ`Y Jɜ^DBF4* NĦ8ilE=9"dx. \f),LņMp4grub_cmd: set menu_color_highlight=black/light-gray 틭,@ry ( "fʁ(+Mug LcQ >ۑ48Ul:#@ahU,Qp1Q/"rfD*<grub_cmd: set partuuid=6443a6ae-e5e9-4df7-9a06-d1329e50f33c B2 K2f 1J,^sI07A zZyo/N!9xIjXvfυwτ,Sgrub_cmd: [ != 1 ] ),ΐҎ6T 6 ]NR؂wǨS-GC遇t |qvk8sK}'հ'=*0ۤc 7 uI_E>7grub_cmd: [ -e (hd0,gpt1)/boot/grub/gfxblacklist.txt ] ӷzd}i`E 6]nd6,耏|OԬf 2Q TH,ݨFFY grub_cmd: export linux_gfx_mode UHAIZUc0l@Ox: grub_cmd: submenu Advanced options for Ubuntu --id gnulinux-advanced-fadc363a-fae5-4b46-9bf5-303a0043410b { menuentry 'Ubuntu, with Linux 5.11.0-1006-gcp' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.11.0-1006-gcp-advanced-fadc363a-fae5-4b46-9bf5-303a0043410b' { recordfail load_video gfxmode $linux_gfx_mode insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root fadc363a-fae5-4b46-9bf5-303a0043410b else search --no-floppy --fs-uuid --set=root fadc363a-fae5-4b46-9bf5-303a0043410b fi echo 'Loading Linux 5.11.0-1006-gcp ...' if [ "${initrdfail}" = 1 ]; then echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.' linux /boot/vmlinuz-5.11.0-1006-gcp root=PARTUUID=6443a6ae-e5e9-4df7-9a06-d1329e50f33c ro console=ttyS0 echo 'Loading initial ramdisk ...' initrd /boot/initrd.img-5.11.0-1006-gcp else echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.' linux /boot/vmlinuz-5.11.0-1006-gcp root=PARTUUID=6443a6ae-e5e9-4df7-9a06-d1329e50f33c ro console=ttyS0 panic=-1 fi initrdfail } menuentry 'Ubuntu, with Linux 5.11.0-1006-gcp (recovery mode)' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.11.0-1006-gcp-recovery-fadc363a-fae5-4b46-9bf5-303a0043410b' { recordfail load_video insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root fadc363a-fae5-4b46-9bf5-303a0043410b else search --no-floppy --fs-uuid --set=root fadc363a-fae5-4b46-9bf5-303a0043410b fi echo 'Loading Linux 5.11.0-1006-gcp ...' if [ "${initrdfail}" = 1 ]; then echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.' linux /boot/vmlinuz-5.11.0-1006-gcp root=PARTUUID=6443a6ae-e5e9-4df7-9a06-d1329e50f33c ro recovery nomodeset dis_ucode_ldr echo 'Loading initial ramdisk ...' initrd /boot/initrd.img-5.11.0-1006-gcp else echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.' linux /boot/vmlinuz-5.11.0-1006-gcp root=PARTUUID=6443a6ae-e5e9-4df7-9a06-d1329e50f33c ro recovery nomodeset dis_ucode_ldr panic=-1 fi initrdfail } } '?\.\7aBם t0 p!1fB655r ؖa!V>3Ljf 4.cANH+1grub_cmd: [ -f (hd0,gpt1)/boot/grub/custom.cfg ] 2mBW^Qùz GWX1osy #rz5 EHazaWm4,'%d%LX+ تIkl2;Lgrub_cmd: [ -z (hd0,gpt1)/boot/grub -a -f (hd0,gpt1)/boot/grub/custom.cfg ] jejH; ]fx ,Ea-_J {"Ф~6G&((Kٮt_ cmi*J`grub_cmd: setparams Ubuntu fF8魧) ~~(nNe@:8'{ gL. x%cAsk: Ws}(mf@K grub_cmd: recordfail p6b 6hDt d[׆HIf Pu Y@ SϘ3髭:C$v]/Ca& F $ lgrub_cmd: set recordfail=1 UF>4>cQ ϤgouGzf3>4ٳ`Y JɜwEqH4Rk(&|,b<%6/bfgrub_cmd: [ -z ] ^|ē|GSQi ,w;[f!cëp4MK_@ .G4sHPM*|Dݜ*7d|w8>pgrub_cmd: save_env recordfail f G$)SD v&ؾtBu6J>:;S<ךk e qjgrub_cmd: gfxmode keep .gmݛ \fW2{w wϜIyga>?똢o |^  $-nfDxrB"c#ѳX|grub_cmd: set gfxpayload=keep RAߥy] _BKU ]^j5lN;f DY $Xʳ^ iwe \)vgrub_cmd: [ keep = keep ] n*~ k ;6oaq"|s( aYi*&5'<S hG^I/Az$W&grub_cmd: set vt_handoff=vt.handoff=7 Ph lFtRgbT nǔė *aS$\=&9b^)iVg)W^6ͣХM$ïJXFiY4 k+âOgrub_cmd: insmod part_gpt ?\V/ 2 8҆ z eY ; 1 Bو[$,6wJ♯E; irºSgrub_cmd: insmod ext2 g?go複 Eh6X1-dZ40/B7R!]iY 62wBn{=xyځ;,S,WJgrub_cmd: [ xy = xy ] D7=t~;7& yi4aN9}X.te9I0en ˆvE.шUG4@Quԓ,{[ѧ㥳&wC1Wgrub_cmd: search --no-floppy --fs-uuid --set=root fadc363a-fae5-4b46-9bf5-303a0043410b E+ (]8 NCac(] Z9`{, sz8+ a[<%Ȝ?}dw`/aHj9SDV{Smmgrub_cmd: [ = 1 ] T -@eOc~R ѻs6 ϬX4kLJ"ul= !dF|~؏v))c-@02{?= E(p_QDgrub_cmd: echo GRUB_FORCE_PARTUUID set, attempting initrdless boot. !2 B % Jog m`ٹysbx 2 9yQkpmOѐ}d\Z=Lg']1>)t{grub_cmd: linux /boot/vmlinuz-5.11.0-1006-gcp root=PARTUUID=6443a6ae-e5e9-4df7-9a06-d1329e50f33c ro console=ttyS0 panic=-1 }.2>nIi& G嘷DAr}'gyc -ZJ#m,7M"7sztܸ-BEQ/boot/vmlinuz-5.11.0-1006-gcp 'u`d]f svFe/$ NB /Qp=ȉ tnGef^XzPj΅Zx)7{Ziv4{kernel_cmdline: /boot/vmlinuz-5.11.0-1006-gcp root=PARTUUID=6443a6ae-e5e9-4df7-9a06-d1329e50f33c ro console=ttyS0 panic=-1 iD?2 vlmp4K&5] ^P = suc*k1ڀ Gs8>BrB>}4+~(3ӕgrub_cmd: initrdfail UF>4>cQ ϤgouGzf3>4ٳ`Y JɜwEqH4Rk(&|,b<%6/bfgrub_cmd: [ -z ] p& 49ܷ=K{ k,@sȡ4G;> 葓Rl_ 2 }/R Gx2_/O'N"grub_cmd: set initrdfail=1 z8gؕTqa- $6T}l&12YxHiHx L&"m/7|m@f;V913'Qrgrub_cmd: [ -n ] P–{fiDj/+b X9;w9j7ZGd P &%`, >`ɸ*0#?X&=ىUJ4dG grub_cmd: save_env initrdfailD:k{VO.9<գJ =k{5j:#cROZ^ !K yu`4Hwt?*Sb$T@|K)]ڽevwExit Boot Services InvocationGUEx׿6~.H OuBrꃛ+t|~^a\@/D .]0m @ l& @i^dUJe,Ѐ# t(Exit Boot Services Returned with Successgolang-github-google-go-eventlog-0.0.2/testdata/legacydata/windows_gcp_shielded_vm.json000066400000000000000000001674321515555264200314550ustar00rootroot00000000000000{"Static":{"TPMVersion":2,"EKPem":null},"AK":{"Public":"AAEACwAFBHIAIJ3/y/NsODrmmfuYaNxty4nXFTiEvigDkiwSQVi/rSKuABAAFAAECAAAAAAAAQDGp8kViXRjbtQShAo1UlsWVsnLJXYCnnsgbdCRN6KDBJPLtv5+vCqAS9Yk2I9t92UsPY1CJoVOAX85/WrNv6PnE1feQ0F9/VEyxYHFA2RAuKkWjNBgGGOYskKKI/2L+R+A1s5mNBmkpjyx6WDm2xGyBbQQP28oVdpBcLbohihowYvUwGnLh7g0sRN51S1KDrh1rP4sfKHFEn9r0aGlhrsOEbEAwQtB6XfLm1IBLQLVciRS5/HjM3EiH3doqZy2FpcE6G7nGKxAwk2H8MnEL7dOsdhXBBH1obLSUB7DYKnMhFaJuf2uAB0gPCjFt+Elou+g7MlMoJ38RPIG7HE1uQ2b","UseTCSDActivationFormat":false,"CreateData":"AAAAAAAg47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFUBAAsAIgALE74YF3O3QIzm9WkS7PEgSTqNLPwhzCsCz8IGGhBTvSsAIgALhnEUd3MQr47yE795W7oTqJErIscsuOaZC4CaoEMp+JAAAA==","CreateAttestation":"/1RDR4AaACIAC61Cfn/Igh90x8aWRkH5+gU3chItS5SmzDo/z8zdVbWtAAAAAAAAAJyC5z5NueQxBjbaAUHkNW35ZuA1ACIAC0zpsVH3UInXTBXavp1SDP+vvK/V1DvgqtLi2I1UcX4uACADNgYgV1PHcDwJirgW+Zzx2Hi4RVCXRuwqYXG8Ncj5dA==","CreateSignature":"ABQABAEAXvzxtf81ORJufzKz6Xa7OD8+o9BmTR4pPwgv/K6rzW4JQlEG23bxyOn2OPKdwOcqouAEe2tAZlKaqAhpwinOjIlAJy+XDF6t4KW/9WySswfYEIXlA1ftX8oIjij3hE25R0ARCK+peXUI5Fm/fzJKj/ldjGHOV4RwDJ03HsV7bF+tGPumTPN9vzf/Ccb6nUfvLqOOHVx0A9LvLON9d3imsHLxNgk634PEfw22RjXSC8O4zuqPXiMoTGY6qhEL3x0gCkrdzGKz4q72jyVYSXkbkPRlbyyVjiT94r7MSWC7G8RbNqE2KmWdCh6fZ/lo0ZADjypOthEwZUP9NmZ7omcDKA=="},"Quote":{"Nonce":"","Alg":4,"Quote":"/1RDR4AYACIAC61Cfn/Igh90x8aWRkH5+gU3chItS5SmzDo/z8zdVbWtAAAAAAAAAJyDEz5NueQxBjbaAUHkNW35ZuA1AAAAAQAEA////wAUphDye8aHzpBiQyh9gycGA2559uE=","Signature":"ABQABAEAkcDC54zyAEZkCOfLiKrZouPp7fvLHIBxIPY4yNR2tgG76Swp4M2PxU9JzWA/hcGyebceehMQYwOr2ID3Fk8FSKg0PQDLXwltQuBcWwcl7T9YXDwwgZpZJl8zoV0/fs4WMZH3dmCQb0+fPwlI6n9W4+niX4TEhwWN+TYVHM7ChnrTwxl2cHw727sjl+iVIXSXSt6s6CxqaO3FPYuhTJrNQQe9215lIX/lEcogP5miki5Yx+Lk6c+s96p4J3lU24yq97F/GUJbVVeVHjasaNw2ABkj0qzIM+1wVupRdvQTJHIzpdW59QpgW4YWJpNjvTHZIYRVyahb6ZhtL5WgoTSroQ=="},"Log":{"PCRs":[{"Index":21,"Digest":"//////////////////////////8=","DigestAlg":3},{"Index":14,"Digest":"J1pon51fgkSkuZn6vmAMWBa+VRE=","DigestAlg":3},{"Index":20,"Digest":"//////////////////////////8=","DigestAlg":3},{"Index":9,"Digest":"AAAAAAAAAAAAAAAAAAAAAAAAAAA=","DigestAlg":3},{"Index":23,"Digest":"AAAAAAAAAAAAAAAAAAAAAAAAAAA=","DigestAlg":3},{"Index":22,"Digest":"//////////////////////////8=","DigestAlg":3},{"Index":3,"Digest":"AAAAAAAAAAAAAAAAAAAAAAAAAAA=","DigestAlg":3},{"Index":13,"Digest":"OD3nn73eYpYgXir+RIAODAU/yC8=","DigestAlg":3},{"Index":4,"Digest":"DKS0pHhL9O7Zw1Vquh2sVYWllRo=","DigestAlg":3},{"Index":19,"Digest":"//////////////////////////8=","DigestAlg":3},{"Index":2,"Digest":"AAAAAAAAAAAAAAAAAAAAAAAAAAA=","DigestAlg":3},{"Index":15,"Digest":"AAAAAAAAAAAAAAAAAAAAAAAAAAA=","DigestAlg":3},{"Index":8,"Digest":"AAAAAAAAAAAAAAAAAAAAAAAAAAA=","DigestAlg":3},{"Index":7,"Digest":"hZpYdyZrXJCWE0aAkaczgKU4Z4Y=","DigestAlg":3},{"Index":0,"Digest":"UcMj3gwMaU9GAc3QK+tY/xNin3Q=","DigestAlg":3},{"Index":12,"Digest":"dfPha27wtFUoLtj7vfzD2pq9JB0=","DigestAlg":3},{"Index":10,"Digest":"AAAAAAAAAAAAAAAAAAAAAAAAAAA=","DigestAlg":3},{"Index":5,"Digest":"KwIil9Tx4BAcjJhr4inI3QNQUU0=","DigestAlg":3},{"Index":1,"Digest":"AAAAAAAAAAAAAAAAAAAAAAAAAAA=","DigestAlg":3},{"Index":16,"Digest":"AAAAAAAAAAAAAAAAAAAAAAAAAAA=","DigestAlg":3},{"Index":6,"Digest":"AAAAAAAAAAAAAAAAAAAAAAAAAAA=","DigestAlg":3},{"Index":11,"Digest":"67mN92YTKA8g3DgiEUOp5yc5lIY=","DigestAlg":3},{"Index":18,"Digest":"//////////////////////////8=","DigestAlg":3},{"Index":17,"Digest":"//////////////////////////8=","DigestAlg":3}],"PCRAlg":0,"Raw":"AAAAAAgAAAAUifkjxNynKReLPjIzRYVQ2N3fKQIAAAAAAAcAAAABAACA1P3R8U1AQUlN64/JkMRTQ9InfQg1AAAAYd/ki8qT0hGqDQDgmAMrjAoAAAAAAAAAAQAAAAAAAABTAGUAYwB1AHIAZQBCAG8AbwB0AAEHAAAAAQAAgFq9lBKr8z40p5s9GpPTUOdC2OzYSgMAAGHf5IvKk9IRqg0A4JgDK4wCAAAAAAAAACYDAAAAAAAAUABLAKFZwKXklKdKh7WrFVwr8HImAwAAAAAAAAoDAADS+oHSiI2kR5eSW6pHuxuJMIIC9jCCAd6gAwIBAgIJANVKFOhng13qMA0GCSqGSIb3DQEBCwUAMBAxDjAMBgNVBAMMBW5ld3BrMB4XDTE4MDgyMTIxNTExNVoXDTE4MDkyMDIxNTExNVowEDEOMAwGA1UEAwwFbmV3cGswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMudUIfPhta2PqFwLJYvQLk8n+kOOdfCxFzoUBUlJIfPtDJr8NpYmw8t0Txzbof2mVqoxv0KIjbzTCT7Gea8b6FRu4lMGcjnCHkULOaSEPk33adZ+/MRcgUMHvgCP7vjtW4wrXR+qdMK/UXakDY4mi/DnhlqGHwz0DJrLTomzsyJfXztoY6rKVPLMEBwfOAorP2jpREIg/JbBLPszd+drbUdWRFpodoQe9iOLxErTxswCSt+Nn5q2MatwnPx3c1E5swRa9795WKtoTWWAJedOpfFeN/VGQYTedf33kt26V8FKbQ57cSDwdzbw5nxKj6EcNRrg23JKzlajOSuNGI1hLAgMBAAGjUzBRMB0GA1UdDgQWBBSYUIQDQvMv25eCJyiXdDFGXmDLxTAfBgNVHSMEGDAWgBSYUIQDQvMv25eCJyiXdDFGXmDLxTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCKoR5SET8Xque9sCSri60ysEn9ezTLO4B2YD2O3MpracJblOi4E5yMLNe8rH2CWcO1EcQuomwWpeyYHfADMSM2+Mswg2c6Oh8rYiEXYCy69S75KG7KZnBYKIZnj2mEbAAnWCWcUBQF6XC4YG5UhUqvCG2PRRumWzT8Jk0cPIHhuyQueeAT0cisfNl/OEcRQ4EZazNQV+NznqZ/h93D4kr8c3tLBwmHx4MJNlrqaYdAhAwslIAvPa49y3DEAzXCuT5xCLKjxq3YJD99YKsYb6Duehuaz3Wf6EyrzVGHaFgzstkBvAQCEDglKphLHUX7ZzObJZw/rBukQ0TMzdPIC27hBwAAAAEAAIDwUBx5tgfMQukULuhadNnCdmnA4j4GAABh3+SLypPSEaoNAOCYAyuMAwAAAAAAAAAYBgAAAAAAAEsARQBLAKFZwKXklKdKh7WrFVwr8HIYBgAAAAAAAPwFAADS+oHSiI2kR5eSW6pHuxuJMIIF6DCCA9CgAwIBAgIKYQrRiAAAAAAAAzANBgkqhkiG9w0BAQsFADCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE7MDkGA1UEAxMyTWljcm9zb2Z0IENvcnBvcmF0aW9uIFRoaXJkIFBhcnR5IE1hcmtldHBsYWNlIFJvb3QwHhcNMTEwNjI0MjA0MTI5WhcNMjYwNjI0MjA1MTI5WjCBgDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEqMCgGA1UEAxMhTWljcm9zb2Z0IENvcnBvcmF0aW9uIEtFSyBDQSAyMDExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOi1ir+tVyawJsPq5/tXekQCXQcN2krldCrmsA/sbevsf7njWmMyfBEXTw7jC6c4FZOOxvXghLGamyzn9beR1gnh4sAEqKwwHN9I8wZQmmSnUX/IhU+PIIbO/i/hn/+CwO3pzc70U2piOgtDueIl/f4F+dTEFKsR4iOJjXC3pB1N7K7lnPoWwtfBy9ToxC/lme4kiwPsjfKL6sNK+0MREgt+tUeSbNzmBInr9TME6xABKnHl+YMTPP8lCS9odkb/uk++3K1xKliq+w7SeT3km2U7zCkqn/xyWaLrrpLv9jUTgMYC7ORfzJ12ze9jksGveUCEeYd/41Ko6J17B2mPFQIDAQABo4IBTzCCAUswEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFGL8Q82gPqTLZxLSW9lVrHvMtopfMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFEVmUkPhflgRv9ZOniNVCDs6ImqoMFwGA1UdHwRVMFMwUaBPoE2GS2h0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY0NvclRoaVBhck1hclJvb18yMDEwLTEwLTA1LmNybDBgBggrBgEFBQcBAQRUMFIwUAYIKwYBBQUHMAKGRGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljQ29yVGhpUGFyTWFyUm9vXzIwMTAtMTAtMDUuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQDUhIj1FJQYAsoqPPsqkhwM16DR8ehSZqjuorV1epAAqi2kdlrqebe5N2pRexBk9uFk8gJnvveoG3i9us6IWGQM1lfIGaNfBdbbxtBpzkhLMrfrXdIw9cD1uLp4B6Mr/pvbNFaE7ILKrkElcJxr6f6QD9eWH+XnlB+yKgyNS/8oKRB799d8pdF2uQXIee0PkJKcwv7fb35sD3vUwUXdNFGWOQ/lXlbYGAWW9AemQrOgd/0IGfJxVsyfhiOkh8um/Vh+1GlnFZF+gfJ/E+UNi4o8h4Tr4869Q+WtLYSTjmorWnxE+lKqgcgtHLvgUt8AEfiaPcFgsOEztaOI0WUZChrnrHykwYKHTjixLw3FFIdv/Y0uvDm25+bD4OTNJ4TvlELvKYuQRkE7gRtn2PlDWWXLDbz9AJJP9HU7p6kk/FBBQHngLU8Kaid2blLtlml7rw/3hwXQRcKtUxSBH/swBKo3NmHaSmkbNNho7dYCz2yUDNPPbCJ5rbHwvAOiRmCpxAfCIYLx/fLoeTJgv9ispSIUS8rB2EvrfT9XNbLmT3W0sGADIlOukXkd1ptBHxWGVHCy3g01D3ywNHK6l2A78HnrorIcXaIWuIfF6Rv2tZclbzif45H6inmYw2kOt6McIAWX+MoUrgDXxPPAFBB1azSgG7WZYPNcsMVXTjbSMoS/ngcAAAABAACAoORmEfaQarPAZ02JcbDk2epQTOSIEgAAy7IZ1zo9lkWjvNrQDmdlbwIAAAAAAAAAZBIAAAAAAABkAGIAoVnApeSUp0qHtasVXCvwckAGAAAAAAAAJAYAANL6gdKIjaRHl5Jbqke7G4kwggYQMIID+KADAgECAgphCNPEAAAAAAAEMA0GCSqGSIb3DQEBCwUAMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTswOQYDVQQDEzJNaWNyb3NvZnQgQ29ycG9yYXRpb24gVGhpcmQgUGFydHkgTWFya2V0cGxhY2UgUm9vdDAeFw0xMTA2MjcyMTIyNDVaFw0yNjA2MjcyMTMyNDVaMIGBMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSswKQYDVQQDEyJNaWNyb3NvZnQgQ29ycG9yYXRpb24gVUVGSSBDQSAyMDExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQhsTMdFCWpLDKTAh38GdQxDAVRk4BZ/B+2SfQuyc78MCsZKRWGgxRYtltP1K6D7TUmbQYCQPLlU/ea80Z3EpBiKf0GKXFmDaDK7jEfJ7nG8IU+ainz/RD+NjzKyJkiudbXuyUweShl+5IKaHXh3TQywvfYP0xbTvPorpVE4XfX7utt4Atv/7AobltWDuBkT6bbAe0B74R8oJ8n671ZeHOZ+lH7A8ESyeTnl2rJii02/OHDiaCQUyTOkCDfVWGle03ztwQRTCOdOsCqHYwhhb2MVWeqyK3nXDGFnilv9Xq2Hf7qGZ09xWBIiBCIizovvVHEAzlA1WHaVCO5qsaIB1QIDAQABo4IBdjCCAXIwEgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3FQIEFgQU+MFrt393U0rzJTcdTqEmew8gcIAwHQYDVR0OBBYEFBOtv0MJvYJwnIzVTzFu1SKYihvUMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFEVmUkPhflgRv9ZOniNVCDs6ImqoMFwGA1UdHwRVMFMwUaBPoE2GS2h0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY0NvclRoaVBhck1hclJvb18yMDEwLTEwLTA1LmNybDBgBggrBgEFBQcBAQRUMFIwUAYIKwYBBQUHMAKGRGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljQ29yVGhpUGFyTWFyUm9vXzIwMTAtMTAtMDUuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQA1CEL/MMzO93YMrRBoWDUpRjJ2J3zvEkEnQhtKqm2BOEhZE1Xz6Vg0phYLgqpdrYLagINBBo+0HfIDufMaXRvxUJD5s1WEQigcIL2yrlEUxcCsl5UhHJDbD/x3npVzkYjKvb1SuQVQDd9XnqBh7Q3lbSXZQA8XQMjOo0rCTa+aEh0IVI+9x7y5Kz1JKx8y/GohaU+byH5CNPw2BheLjyBAwLOaJXUnzckDo/Zd0ec2VHq5ULXTEtEHv7t039wej4DV7Rj0LxQWay/eZoywI+XHhNjt6sEzgq1WSxgt8WiVB83P8HLwrrvdhoWYLCFMMyvwD0rwaIe1klUydaFqgmo8oyURpO2t1wSuy9hAWaCE0ZVMYpEiGnQdjD1HDkSm5LCbNDWx+rZTqCyB7KQFcciduLroG0Rm5EdUDo5Wf7OfFpiyhtBoPpAjtS9ej1CFjcaNgl9BofQuDeCZ0mx15LZptSGG+gfR9uJN0dqtLHdTHiUyN8dsUnKVhrDxNWFqGfWyO4FQVqYyLf6iiflChicYVaGCylqb+DCYVBSmR5YlL8gm5EGUGlwCP+WW44VbPD4/u0cWclXiJSKx2XvnAwYqo/cekEbDAA3WGYnjDjUnYgNxFabv0CegoFk3YPg4lLjgeHD4ukyGh5T24K4CRe5lwrajfmkWdQeSm/WmvFmDWKFZwKXklKdKh7WrFVwr8HIdBgAAAAAAAAEGAADS+oHSiI2kR5eSW6pHuxuJMIIF7TCCA9WgAwIBAgIQKMw6Jb+6RKxEmptYa0M5qjANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTAwHhcNMTAwNjIzMjE1NzI0WhcNMzUwNjIzMjIwNDAxWjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC5CJ4o5OTsBk5QaLNBxXvrrraOr4G6IkQfZTRpTL5wQBfyFnvief2G7Q059BuorZKQHss9do9a2bWREC48BY2KbSRU5x/tVq2DtFCcFaUXdIhZIPwIxYR202jUbyh4zly481CQRP/jY1++oZoslhUE1gf+HoQh4EIxEcQoNpTPUKRinsnWq3EAslsM5pbUCiSW9f/G1bcb18u3IWKvEtyhXTfjGvsaRpjAm8DnYx8qCJMCfh5qjvKfGInkIoWisYRXQP/1DthvnO3iRTEBzRfpf7CBReOqIUAmoXKqp088AQV+7oNYsV4GY5likXiCtw2TDCRqtBvbJ+xflQQ/k0ow9ZcYs6f5GaeTMx0ByNsiUlzXJclG+aL7h1lDvptisY0thkQaRqx4YX4wCfquicRBKiJmA5E5RZzHiwyoyg0v+1LqDPdjMyOd/rAfrWfWp1ADxgRwY7UssYZaQ7f7rvluKW4hIUEmBozJw+6wwoWTobmF2eYybEtMP9Zdo+W1nXfDnMBVt3QA47g4q4OXUOGaQiQdxsCjMNEaWshSNPdz8ccYHzOteuzLQWDzI5QgwkhFrFxRxi6AwuJ3Fb2Fh+02nZaR7gC1o3Dsn+ONgGiDdrqvXXBSIhbiZvu6s8XC9z4vd6bK3sGmxkhMwzdRI9Mn17hOcJbwoUR2r3jPmuFmEwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU1fZWy4/oolxiaNE9lJBb186aGMQwEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQELBQADggIBAKylloy/u66m9tdxh0MxVoj9HDJxWzW31PCR8q834hTx8wImBT4WFH8UurhP+4mysufUCcxtuVs7ZGVwZrfysVrfGgLz9VG4Z215879We+SEuSsem0CcJjT5RxiYadgc17bRv49hwmfEte9gQ44QGzZJ5CDKrafBsSdlCfjN9Vsq0IQz8+8f8vWcC1iTN6B1oN5y3mx1KmYi9YwGMFafQLkwqkB3FYLXi+zA07K9g8V3DB6urxlToE15cZ8PrzDOZ/nWLMwiQXoH8pdCGM5ZeRBV3m8Q5Ljag2ZAFgloI1uXLiaaArtXjMW4umliMoCJnqH9wJJ8eyszGYQqY8UAaGL6n0eNmXpFOqfp7e5pQrXzgZtHVhB7/HA2hBhz6u/5l02eMyPdJgu6Krc/RNyDJ/+9YVkrEbfKT9vFiwwcMa4y+Pi5Qvd/3GGadrFaBOERPWZFtxhxvskkhdbz1LpBNF0SLSW5jaYTSG1LsAd9mZMJYYF0VyaKq2nj5NnHiMwk2OxSJFwevJEU4pbe6wrant1fs1vb1ILsxiBQhyVAOvvH7s3+M+Vuw4QJVQMlOcDpNV1lMaj2v6AJzSnHszYyLtyV84PBWs+LjfbqsyH4pO0eMQ62TBGrYAukEiMiF6M2ZIKRBBLgq28ey1AFYbRA/1mGcdHVM2l8qXOKONdkDPFpoVnApeSUp0qHtasVXCvwcgcGAAAAAAAA6wUAANL6gdKIjaRHl5Jbqke7G4kwggXXMIIDv6ADAgECAgphB3ZWAAAAAAAIMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTIwMAYDVQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxMDAeFw0xMTEwMTkxODQxNDJaFw0yNjEwMTkxODUxNDJaMIGEMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS4wLAYDVQQDEyVNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Qy7ouQuCePnxfeWabwAIb1pMzPvrQTLVIDuBoO7xSCE2ffSi/M4sKukrS18YnkF/+NKPwQ1IHDjxOdr4JzANnXpijHdjXDl3De1dEaWKFuHYCMsv9xHpWf3USeecusHpsm5HjtTNXzl0+wnuYcc/rnJIwlvqEaRwW6WPEHTy6M/XQJqTexpHyUoXDb//UMVCpTgGbTP38IS4sJbJ+4neDCLWyoJayKJU2AWLMBoHVO67EnznWGMhWgJc0RdfaJUK9159xXPNV1sHCtczrycI4tvbrUm2TYTw0/WJ665MjtBkizhx8136KpUTvdcCwSHZbRDGKiy4G0Zd+xaJPpIAwIDAQABo4IBQzCCAT8wEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFKkpAjmOFsSXeM2Q+Z5PmuF8Va9TMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNX2VsuP6KJcYmjRPZSQW9fOmhjEMFYGA1UdHwRPME0wS6BJoEeGRWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNybDBaBggrBgEFBQcBAQROMEwwSgYIKwYBBQUHMAKGPmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQAU/HxxUaV5wm6y7zk+vDxSD24rPxATc/6oaNBIpjRNipYFJu4xRpBhedb/OC5Fa/TA5Si42h2PitsJ1xrHTAo2ZmqM7BvXBJCoGBekm7niQDI2dsTBWsa/5ATA6hbTrMNo72Ks3VRsUDBYput8/pSnTo707HyGc1fCUiFzNFrzo4pWyATaBwnt+IvjzvR+jq7w9guKCPs/yR1yf1O4675j4OM9MWWwgeXyrM0WpJ89qLGbwkLQkIRfVB3/ieq6HUeQb7BzTkGfQJ9f5aEqshGRc4ohKPDO3nM5Xz6rXGDs3wMQqNMJ6fT2loW2f1GIZkcZjaKwEj2BKmgFd7uRTGJ7tsEHx7p6hzQDDktiepnpyvzOSjfJLaRXfBz+Pdy4D1r61sSzAoUCOuqz2W7kaSE33oHR9nUZBWfTk1deKRs5yO4t4c3kRXNb0NLOeqsWGYJGWNBenYGzZ69sNfK85T8k4jWiCnUG9hhWmdR4LNEFG+vQiAGdqhDxBd+6fixjtwabIyHE+Xhs4lgXBjYrkRIDzKTZ8i26+ZSdQO0YRfHOilxrPqsD03AYKgpq4F9H0dVjCjLyr9c2HypwWuVCWQhxS1e6foOB8CE89BzBxbmQkw6IRZOG6bEgmb6Yy8WVpF1i1qBjCCC9dRB3fT3zRbmfl5/LV4BvM6kEz3ekYhxZfgcAAAABAACAngS2g7Gt50Jw3GCD3XFqzGOjMxCyDgAAy7IZ1zo9lkWjvNrQDmdlbwMAAAAAAAAAjA4AAAAAAABkAGIAeAAmFsTBTFCSQKypQfk2k0MojA4AAAAAAAAwAAAAvZr6d1kDMk29YCj05494S4C02Wkxvw0C/ZGmHhnRTx2kUuZtskCMqGBNQR+SZZ8KvZr6d1kDMk29YCj05494S/Uvg6P6nPvWkg9yKCTb5ANFNNJbhQckazuVfaxuG856vZr6d1kDMk29YCj05494S8XZ2KGG4sgtCa+qKm9/LnOHDT5k9yxOCO9neWqEDw+9vZr6d1kDMk29YCj05494SzYzhNFNHy4LeBViZITEWa1XoxjvQ5YmYEjQWMWhm792vZr6d1kDMk29YCj05494SxrshLhLbGWlEiCpvnGBllIwIQ1i1tM8SJmcaylaKwoGvZr6d1kDMk29YCj05494S+bKaOlBRmKa8D9pwvhua+9i+TCzfG+8yHi3jfmMAzTlvZr6d1kDMk29YCj05494S8OpmkYNpGSgV8NYbYPO9fSuCLcQOXntiTJ0LfDtUwxmvZr6d1kDMk29YCj05494S1j7lBrvlaJZQ7P7XyUQoN8/5ExYyV4KuASHKXVoq5dxvZr6d1kDMk29YCj05494S1ORw6L7ESECpqoe3CWud+GfXW8JzQnuslCZIr/NWZLqvZr6d1kDMk29YCj05494S9YmFX4danGLwSSrjaJ8u2UHLKA6e2slfb3LvWD2XvPRvZr6d1kDMk29YCj05494S9Bj7Cj2frpT8WQtv33/M8ajKt2Gn2AT/hYuLDLxy+VtvZr6d1kDMk29YCj05494SynG61K0PDqhiyzY7W6oYHzvPPrhuv4RZXVc8uYUhEpEvZr6d1kDMk29YCj05494S5D75w5p1jNAjT4XDGgy27LSCeAnJSfftj1J0pVypvRMvZr6d1kDMk29YCj05494Swde6gYFiVSLoGCy/u0Q2jwgx/6bF80Ca5TopoO4EVI4vZr6d1kDMk29YCj05494SwfmxqhYZG+x78Z5A/4osRYBHyNn/pLmvis2mZ7/OdCevZr6d1kDMk29YCj05494SwnfX05REgjseLltEtCBJf22A4aN459vcpJ4UlmbZZwmvZr6d1kDMk29YCj05494Swu7Q5LarHq4mzCkrGV1Mbl7+qsE+QsNr+X5tuuQoGN0vZr6d1kDMk29YCj05494SwwYkzl2LfM2qz3QBqRj33FaOc+w9JJGXGAObGvXvYmMvZr6d1kDMk29YCj05494Sw0NvspvKeygbzMafXLkiEsSCX+zSJg6KhSg1z9PEBQPvZr6d1kDMk29YCj05494Sw3J8/uZliFIw8qDNjJ1jT7U/I0LAAe5WzHmUo8qzVv8vZr6d1kDMk29YCj05494SxBvrOrP7P1OMDt09ICggJji0IArk2+Ox3TOIfMWhmicvZr6d1kDMk29YCj05494SxdOOgtbQ8amB7vTQE8FNB49zzliZ86U+LUOLiOp2pIMvZr6d1kDMk29YCj05494SxgzNCn/BWLtn5cDPhFI3O7lLb4uSW1UELXP1shk0tEPvZr6d1kDMk29YCj05494SyuZzyZCLpL+Nl+/S8MNJwhsnuFLem//RPsva5ABaZk5vZr6d1kDMk29YCj05494Syu/LKe48dkfJ+5StvsqXdBJuForm1KcXWZiBoEEsFX4vZr6d1kDMk29YCj05494Syxz2TMlum3L5YnUpMY8W5NVWe+S+/BQ7VDE4ghSBvF9vZr6d1kDMk29YCj05494Sy5wkWeGpvdzUR+nGB+rDx1wtVfGMi6pI7Ko07krUa99vZr6d1kDMk29YCj05494SzBmKPpUdzBXKLpKRn3n0Dh6VPVp03afzl517InSjRWTvZr6d1kDMk29YCj05494SzYI7br1rQ9BpBShd3q/L69eZwM0Z17DmV5pNYKeDKrSvZr6d1kDMk29YCj05494SzhB0iE2jRWD11wKAuYhYDlNbE4KZ2C29ge5A2K8hVsCvZr6d1kDMk29YCj05494Sz/Om5/fPvCdVFKw+V7kgcK38G10OnN5cVWOcBNqzj5zvZr6d1kDMk29YCj05494S0OX2sqDnn9jB3y1DJLfQ7wtL7Ko9Z8m/HoOS9TZdRaSvZr6d1kDMk29YCj05494S0fMCGEn4gaahuA6a+8s1BD4xVpta9s2IWjDGyzjKlrfvZr6d1kDMk29YCj05494S1GIMf5zgrUU0D4VxiEii4q2VHm9DL+jxcHQ9I2cMGE1vZr6d1kDMk29YCj05494S1rpSeqIVeuT5DnbxlvaLkKFLC/fZ4n6FGc248NBDytcvZr6d1kDMk29YCj05494S2sdE4B45EGKpo3re7NeBmCSz0ee64zkzRLn0HLMtC9mvZr6d1kDMk29YCj05494S2yIVEeN1Vnik1G4JsBsuL/vK5StNTg1h3LRk/gu0coRvZr6d1kDMk29YCj05494S28UKP9xydsO1a8fLnu/y6tkfMJl3fWyk822JvUKOnhevZr6d1kDMk29YCj05494S3HykG/SIkl+VKNGYqskl/zIECB3D/UTaOnj2b/L/WN1vZr6d1kDMk29YCj05494S3JrPrZUBGow8/g9m5bOA/Zw6agG0XCKA3HmLcSdLCPBvZr6d1kDMk29YCj05494S3LgvRhnz12dVqsVit873byCvzKo2KodjF4vbfKUKNbYvZr6d1kDMk29YCj05494S3gnr5k2LPrwcX2t5LG/4EOK0XHBWt3CSLdb+MqkS7LFvZr6d1kDMk29YCj05494S4GouWW7hNOHa5QpqVSBzJVTGM+qFBLYCMijO/0z//DkvZr6d1kDMk29YCj05494S4LbO8609ghDzp2Xw9GHzZtZQc096BAOWG8r2lY3V19nvZr6d1kDMk29YCj05494S4lal4X2F8odftRPwaFHC3Hz8SI4Ytn/ncw64t+SFj2vvZr6d1kDMk29YCj05494S4rWSFnxlbX1ja+qlAtqYWes1nqIbo9Gk2QXciHFWUW5vZr6d1kDMk29YCj05494S4v0NLSeAMz3FQKizZAIZcsB7Ds9oDw1vlBf33vVY/UhvZr6d1kDMk29YCj05494S42OoonP5wocB6tzZcso7lHt0zzyUG3oiPut1g6/gEgcvZr6d1kDMk29YCj05494S5mY02PEkb4WvXS6ELlNkpEAFhFzb9ymQ6NmZLwPMVpCvZr6d1kDMk29YCj05494S55KaRcxYWguVf3o/vVg64jsH/7crwQAH2bAyvcHsrc0vZr6d1kDMk29YCj05494S6a1FR82VdOirw1HJ1l5a+SkIA5UlafYaXVMSEiFdAinvZr6d1kDMk29YCj05494S6fzL1CNTrD+rZoIfvlO0boK7F3m9+9v8KYrk77fXUWNvZr6d1kDMk29YCj05494S61oJuGUbSbT6vNoXIjZfYXeO03LPQ7iroHHBWDRPFcgvZr6d1kDMk29YCj05494S67rrjFRJxJz7ZWqLmcROe0xqYVnMDozIpj4Nwmp1VqhvZr6d1kDMk29YCj05494S6/iAwr7fSzaE/n6MzoC409nUa/sEbAQ281EH99MQAKzvZr6d1kDMk29YCj05494S7VPHuY2Yx+taAWNOwk3AxrBuQzLFwYqORzKaK/b5A1VvZr6d1kDMk29YCj05494S7jweNmDokrEMyFjk4g1FM2TLDOvGOfdcIhMgjX0J1c2vZr6d1kDMk29YCj05494S7l6CIkFnANf8dVLbbU7Ebl2ZmjZ+VUkfAKLKDfXoEzZvZr6d1kDMk29YCj05494S7yHpmjoGWZInLUI7oBRg8Geas0kzxd5nKBi0uOE2g6nvZr6d1kDMk29YCj05494S8QJvaxHda3Y25KqIrW3GPuMlKFGLB/ppBa5XYoziML8vZr6d1kDMk29YCj05494S8YXwaix7iqBHCi1qBtMg9fJi1sMJygdYQIH6+aSwpZ/vZr6d1kDMk29YCj05494S8kPM2YXuOf5g5dUE8mX8Qtz6yZ/2KEMueO9v8Znq9uLvZr6d1kDMk29YCj05494S8trhYtA06CYdlgVtZLBUUpJYE+v1ggZ2ojXp26XeP73vZr6d1kDMk29YCj05494S847+r5Z1nzorI39Shb3xD75wiRRP7xlWVfXNfop9UDOvZr6d1kDMk29YCj05494S9jL65c19WcrNn5Pls3HSWlhXRcHSulsck1CzgIW+PP6vZr6d1kDMk29YCj05494S+ksIus7VkLWXB7CyvJH0llHOO67f7OEGkSVb1nisNH6vZr6d1kDMk29YCj05494S/3dbj0p6oTHdD2tShvbxwC1/sGzkfkyQJCGrMcd1tvYvZr6d1kDMk29YCj05494S/5jqE94LMnT/PLM+fwR+9A3YIeHWNJihe0SZpvcbm0BvZr6d1kDMk29YCj05494S/7PsjLRLplLbUhdLHFncoqlUlmErVymHnUWIh8HmhQ2vZr6d1kDMk29YCj05494S8oXHWFKjX4SHJOUjND+VdOZgfnRGqluA0UKQVInwsZbvZr6d1kDMk29YCj05494S1W5mw3lPbz+SFqpxzfPP7YW7z2R+rWZqnyrGe2nY7W6vZr6d1kDMk29YCj05494S3fdGQ+jDYj/XjsBGgrmHmIJeAwTC1Ney4fm8IiKC2svvZr6d1kDMk29YCj05494S8g8sTkirZn1YHRGdd03zJTcrVofy6ZHL+40EXHZOeiEvZr6d1kDMk29YCj05494SzsCh1M+DMPQ7BqoI8vwqUGq2HIVedHEmYAt0cOmNripvZr6d1kDMk29YCj05494S5Oa7vT1+lHiM0DD8uSQSM6IclJq/fdSw6fzo/K8n2BJvZr6d1kDMk29YCj05494S2RXW9kSeJouFK1W9jQfUq9r+Az5RAB4WXXp8E4tZNdFvZr6d1kDMk29YCj05494S0XHyK51Cs+7SPw3Un1kEt1kTa7YkTzNiiTJTYVpZ9+OBwAAAAQAAACQacp450UKKFFzQxs+UsXCUpnkcwQAAAAAAAAABwAAAOAAAIC4k95Kg/B4tC3AibS9bMeqWxKMBSUGAADLshnXOj2WRaO82tAOZ2VvAgAAAAAAAAABBgAAAAAAAGQAYgDS+oHSiI2kR5eSW6pHuxuJMIIF7TCCA9WgAwIBAgIQKMw6Jb+6RKxEmptYa0M5qjANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTAwHhcNMTAwNjIzMjE1NzI0WhcNMzUwNjIzMjIwNDAxWjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC5CJ4o5OTsBk5QaLNBxXvrrraOr4G6IkQfZTRpTL5wQBfyFnvief2G7Q059BuorZKQHss9do9a2bWREC48BY2KbSRU5x/tVq2DtFCcFaUXdIhZIPwIxYR202jUbyh4zly481CQRP/jY1++oZoslhUE1gf+HoQh4EIxEcQoNpTPUKRinsnWq3EAslsM5pbUCiSW9f/G1bcb18u3IWKvEtyhXTfjGvsaRpjAm8DnYx8qCJMCfh5qjvKfGInkIoWisYRXQP/1DthvnO3iRTEBzRfpf7CBReOqIUAmoXKqp088AQV+7oNYsV4GY5likXiCtw2TDCRqtBvbJ+xflQQ/k0ow9ZcYs6f5GaeTMx0ByNsiUlzXJclG+aL7h1lDvptisY0thkQaRqx4YX4wCfquicRBKiJmA5E5RZzHiwyoyg0v+1LqDPdjMyOd/rAfrWfWp1ADxgRwY7UssYZaQ7f7rvluKW4hIUEmBozJw+6wwoWTobmF2eYybEtMP9Zdo+W1nXfDnMBVt3QA47g4q4OXUOGaQiQdxsCjMNEaWshSNPdz8ccYHzOteuzLQWDzI5QgwkhFrFxRxi6AwuJ3Fb2Fh+02nZaR7gC1o3Dsn+ONgGiDdrqvXXBSIhbiZvu6s8XC9z4vd6bK3sGmxkhMwzdRI9Mn17hOcJbwoUR2r3jPmuFmEwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU1fZWy4/oolxiaNE9lJBb186aGMQwEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQELBQADggIBAKylloy/u66m9tdxh0MxVoj9HDJxWzW31PCR8q834hTx8wImBT4WFH8UurhP+4mysufUCcxtuVs7ZGVwZrfysVrfGgLz9VG4Z215879We+SEuSsem0CcJjT5RxiYadgc17bRv49hwmfEte9gQ44QGzZJ5CDKrafBsSdlCfjN9Vsq0IQz8+8f8vWcC1iTN6B1oN5y3mx1KmYi9YwGMFafQLkwqkB3FYLXi+zA07K9g8V3DB6urxlToE15cZ8PrzDOZ/nWLMwiQXoH8pdCGM5ZeRBV3m8Q5Ljag2ZAFgloI1uXLiaaArtXjMW4umliMoCJnqH9wJJ8eyszGYQqY8UAaGL6n0eNmXpFOqfp7e5pQrXzgZtHVhB7/HA2hBhz6u/5l02eMyPdJgu6Krc/RNyDJ/+9YVkrEbfKT9vFiwwcMa4y+Pi5Qvd/3GGadrFaBOERPWZFtxhxvskkhdbz1LpBNF0SLSW5jaYTSG1LsAd9mZMJYYF0VyaKq2nj5NnHiMwk2OxSJFwevJEU4pbe6wrant1fs1vb1ILsxiBQhyVAOvvH7s3+M+Vuw4QJVQMlOcDpNV1lMaj2v6AJzSnHszYyLtyV84PBWs+LjfbqsyH4pO0eMQ62TBGrYAukEiMiF6M2ZIKRBBLgq28ey1AFYbRA/1mGcdHVM2l8qXOKONdkDPFpBQAAAAYAAIBsHsrfEqGVgugNZsd3P1IcQZOv6eQBAABFRkkgUEFSVAAAAQBcAAAA8qvOHQAAAAABAAAAAAAAAP//PwYAAAAAIgAAAAAAAADe/z8GAAAAADu8m1bWDJNGjbzPHf10emgCAAAAAAAAAIAAAACAAAAAc/Q9UwMAAAAAAAAAFuPJ41wLuE2Bffkt8AIVrvl3OU9Xq7NDpnZjYVGjoqUiAAAAAAAAAP9/AAAAAAAAAAAAAAAAAABNAGkAYwByAG8AcwBvAGYAdAAgAHIAZQBzAGUAcgB2AGUAZAAgAHAAYQByAHQAaQB0AGkAbwBuAAAAAAAAAAAAAAAAAAAAAAAocyrBH/jSEbpLAKDJPsk7hkdFftg+i0eCglozEr2M6wCAAAAAAAAA/58DAAAAAAAAAAAAAAAAAEUARgBJACAAcwB5AHMAdABlAG0AIABwAGEAcgB0AGkAdABpAG8AbgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKKg0OvluTNEh8BotrcmmcfPH2a0BwjlRqP2hb3nol87AKADAAAAAAD/9z8GAAAAAAAAAAAAAAAAQgBhAHMAaQBjACAAZABhAHQAYQAgAHAAYQByAHQAaQB0AGkAbwBuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAMAAIBXo+QLrmrlqxQnxq/yKqTwbhWO9K4AAAAYgD6+AAAAADh7FgAAAAAAAAAAEAAAAACOAAAAAAAAAAIBDADQQQMKAAAAAAEBBgAAAwMCCAABAAAABAEqAAIAAAAAgAAAAAAAAAAgAwAAAAAAhkdFftg+i0eCglozEr2M6wICBARGAFwARQBGAEkAXABNAGkAYwByAG8AcwBvAGYAdABcAEIAbwBvAHQAXABiAG8AbwB0AG0AZwBmAHcALgBlAGYAaQAAAH//BAALAAAADAAAAFSXsJEbP1dycj3vOzYKLmVDJ8GbBAAAABAAAAAMAAAABgAAAHS4SAw8grPnb/cqCds3gjDGc4j9uAAAAAEAAUCwAAAAAgACAAgAAAAEAAAAAAAAAAMAAUA4AAAABAAHACAAAABE4eoyskoEiDLu2j1lh0OmiDaqouMcouDuTiTssvdGGQcABwAIAAAAAABKAQAAAAAJAAIABAAAAAEAAAAKAAIABAAAAAAAAAADAAIABAAAAAEAAAABAAQAAQAAAAADAAUAAQAAAAAhAAUAAQAAAAACAAUAAQAAAAEFAAIABAAAAAAAAAALAAIABAAAACUCAMANAAAABgAAAMorxDuVVahRv3Z4dkk2aPiS73MZKgIAAAEAAUAiAgAACQACAAQAAAABAAAACgACAAQAAAAAAAAAAQAEAAEAAAAAAwAFAAEAAAAAIQAFAAEAAAAAAgAFAAEAAAABBQACAAQAAAAAAAAACwACAAQAAAAlAgDAKQAFADQAAAABAAAAFAAAAAsAIAAAAAAAAAAAAMhgDcXtVzo5VH0Ru4L80DkN09gF4jzREyDt6QLRRtSbAgAEAC4AAACAoZqtcHPTASAAAAALAHbeoeVK2gwudlvbMAmaVzllrOWVvZrw3YJCnD7zeAzzAwABQFQBAAABAAcAPAAAAFwAVwBpAG4AZABvAHcAcwBcAHMAeQBzAHQAZQBtADMAMgBcAHcAaQBuAGwAbwBhAGQALgBlAGYAaQAAAAIABwAIAAAAABAeAAAAAAADAAcABAAAAAyAAAAEAAcAIAAAAETh6jKySgSIMu7aPWWHQ6aINqqi4xyi4O5OJOyy90YZCgAHAAEAAAABBQAHAEwAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAIABQAHIAbwBkAHUAYwB0AGkAbwBuACAAUABDAEEAIAAyADAAMQAxAAAACAAHACQAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAAAAGAAcAEwAAADMAAAIyQftZmW3MTf8AAAAAAjIJAAcAFAAAAP+CvDjh2l5ZbfN0xT42F/fto2sGCwAHAAQAAAABAAAADgAAAAYAAAAB/WCnGTQ0sl7ohwgn/UNrElqgPS4BAAACAAYAJgEAADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN0Mu6LkLgnj58X3lmm8ACG9aTMz760Ey1SA7gaDu8UghNn30ovzOLCrpK0tfGJ5Bf/jSj8ENSBw48Tna+CcwDZ16Yox3Y1w5dw3tXRGlihbh2AjLL/cR6Vn91EnnnLrB6bJuR47UzV85dPsJ7mHHP65ySMJb6hGkcFuljxB08ujP10Cak3saR8lKFw2//1DFQqU4Bm0z9/CEuLCWyfuJ3gwi1sqCWsiiVNgFizAaB1TuuxJ851hjIVoCXNEXX2iVCvdefcVzzVdbBwrXM68nCOLb261Jtk2E8NP1ieuuTI7QZIs4cfNd+iqVE73XAsEh2W0QxiosuBtGXfsWiT6SAMCAwEAAQwAAAAGAAAA9FuTYpL29krWOYGaE2gFJIa/x9EXEQAAAQABQA8RAAAJAAIABAAAAAEAAAAKAAIABAAAAAAAAAADAAFAOAAAAAQABwAgAAAATQz/d8ul0ucuivlD8sD/nEer7yvu3TNoRgvqF86qB68HAAcACAAAAAAQgQIAAAAAAwABQDgAAAAEAAcAIAAAAM7OzYiW8fqZd8panJkDyIwgnvwt1bP0MNQ8Epu2YsahBwAHAAgAAAAAMCgDAAAAAAMAAUA4AAAABAAHACAAAADWVXlKiLr+pJiulVYqacXOCCBBp01l8QU3X6bK3bU1agcABwAIAAAAAABAAwAAAAADAAFAOAAAAAQABwAgAAAAaSij/2eqoys8yiQ8R97T9Q82Cklr7SLspfxouBkF+nMHAAcACAAAAAAAQAMAAAAAAwABQDgAAAAEAAcAIAAAAKxPSxv5kSS/tq8JAaL5DEOuo9Ku3PyM8DQ8P0Y+QnwPBwAHAAgAAAAAwEADAAAAAAMAAUA4AAAABAAHACAAAACe9u3aNNb8lewJX9GUM/omwPu2XK+pIbYjVXApmqMXIwcABwAIAAAAALBZAwAAAAADAAFAOAAAAAQABwAgAAAAttKPTMkWEFjhRaoiVYx3Eigv0Bb5POoQAw09dnsw9U0HAAcACAAAAADQWgMAAAAAAwABQDgAAAAEAAcAIAAAANUJGREcV2vy4Wn2D9fwYMNCIsE4Oiy3vd5Pr+yWMmTYBwAHAAgAAAAAkF0DAAAAAAMAAUA4AAAABAAHACAAAADpQOHvFKZmnubuXrEcaNPlkUvSY1sURDFaOzIS05yccwcABwAIAAAAAMBjAwAAAAADAAFAOAAAAAQABwAgAAAA9EPEfe+K42yhuc3YY3CNn5OoxYFdoBPpWulqz3hqezgHAAcACAAAAABAZgMAAAAAAwABQDgAAAAEAAcAIAAAAOyYAZCHm/SUbApLur7Td98KQ9c3nV+MrvwyRXo7lYBUBwAHAAgAAAAA8GwDAAAAAAMAAUA4AAAABAAHACAAAAB6EqF7fNftP3FFV4KenWnwhClMoGwDBICFL4OJh6KQNgcABwAIAAAAAIBuAwAAAAADAAFAOAAAAAQABwAgAAAAofrHbmJwXDrpPN+4rCBa9YHOUEbICdXczL/HjLmZFkgHAAcACAAAAABAbwMAAAAAAwABQDgAAAAEAAcAIAAAAJZ6cKcvWFSX7CphWeNGhehcBU1bUZk6q6/zYrUv5Y3JBwAHAAgAAAAA8H8DAAAAAAMAAUA4AAAABAAHACAAAAB5dJO0gxVcCkd6gcJynCjnnaN5xtW90TFLdvWV/Y8vUgcABwAIAAAAAACHAwAAAAADAAFAOAAAAAQABwAgAAAAvSFzyY4UWr0VUdpr2rQx4OK5BtBGOwZ5poqzM9Z/szIHAAcACAAAAADwhwMAAAAAAwABQDgAAAAEAAcAIAAAAEQo0dPxgmmVDJDduMkmM5MNKQxnO5BqqKHjhwDGUVl6BwAHAAgAAAAAwIgDAAAAAAMAAUA4AAAABAAHACAAAACmd74PpxArP8/c6SCy54+IS+5A5jSXsFZqnd7G5Zw8qwcABwAIAAAAAACWAwAAAAADAAFAOAAAAAQABwAgAAAAwhXBiUUWQ+OjE4uIaNuge8hzqgLSQUXHUtISHKbR4WkHAAcACAAAAACQoQMAAAAAAwABQDgAAAAEAAcAIAAAAO2kD0qZjHZ4ePDTS5slTHiIMBnKZ3os9TW1zXhIXm5lBwAHAAgAAAAAsK4DAAAAAAMAAUA4AAAABAAHACAAAACh3dqtcjREikJlEVEjKOtmR8NLMJea58JYaG6kbEqG7wcABwAIAAAAAPCvAwAAAAADAAFAOAAAAAQABwAgAAAAx2ByBnWfY4FwwpEk5FyWNkOD+eqDxfwJ83R3fHSc7DYHAAcACAAAAADwsAMAAAAAAwABQDgAAAAEAAcAIAAAAKE9f1EBrh8LogbaCG2w+PwGAQCtcyB3VgSAJpV6NXrFBwAHAAgAAAAAALIDAAAAAAMAAUA4AAAABAAHACAAAADgwGyl6ye6cBbNSd8F5ASQ8tRVPS8h1NpCNc3UMKaKjgcABwAIAAAAAFC0AwAAAAADAAFAOAAAAAQABwAgAAAAqS1Xc/uGu5+vdtjeDa0+8j6aG/Q4huljzPxDlEedaf0HAAcACAAAAABwuQMAAAAAAwABQDgAAAAEAAcAIAAAALQSEvWcEDfzzv4tM157jSPs33GbA9wBmbkRUWrnJI51BwAHAAgAAAAAAIAEAAAAAAMAAUA4AAAABAAHACAAAAD204dO7gyLV8EqKYej0WCKhC/KU4rry0drkcV5vRIF5gcABwAIAAAAACC7AwAAAAADAAFAOAAAAAQABwAgAAAAMuk3DntZkN6tGrpRh7jz9wseGfcOURYoY0URMBSCIZgHAAcACAAAAADwuwMAAAAAAwABQDgAAAAEAAcAIAAAAJ3Y1OGMNpn4AdpU35Txf+M2wlnkx/i7QLYscVZKHFOBBwAHAAgAAAAAkIwEAAAAAAMAAUA4AAAABAAHACAAAAB3YcLFQck+FCrKOjIl6ng1UwAsQGn1mvflZzpJQPZjsQcABwAIAAAAAFCTBAAAAAADAAFAOAAAAAQABwAgAAAAW0+HeI9vhFyIWvKrfLOIp4bOh1ml7BdC6/7Vm6PG39IHAAcACAAAAACwvAMAAAAAAwABQDgAAAAEAAcAIAAAAGZKlMxYJK7TtYK2iomYKbz6rXZBHfL6WoSnb/i/HiReBwAHAAgAAAAAwL0DAAAAAAMAAUA4AAAABAAHACAAAAB4BtfV0PSCdv6T2aQYfX48OLrufo1k2Km0rV8m0O1KgwcABwAIAAAAAGCXBAAAAAADAAFAOAAAAAQABwAgAAAA6feXcIZEonQGSzPONIWEO9GF3ok3CfPfvjEnFIWbJIsHAAcACAAAAAAwvwMAAAAAAwABQDgAAAAEAAcAIAAAAOoyYSkiV7QbHCXnlL0zZ0l8OcnAexx1IX7iyhtZHjMQBwAHAAgAAAAAoJsEAAAAAAMAAUA4AAAABAAHACAAAAD+Pj9L0NKN/HQ9yg4s4YDM7nFChKGBx/qcEMZ57LObvAcABwAIAAAAAPCcBAAAAAADAAFAOAAAAAQABwAgAAAA1ClUkt3m+0t8cUUdXU+5aznBsUODdqrxXitWwtVofAAHAAcACAAAAADAngQAAAAAAwABQDgAAAAEAAcAIAAAAJAWio2oFnzkVAmV5nDxOOA6bDhrTXrzPZEJEF3ha+b+BwAHAAgAAAAAIKgEAAAAAAMAAUA4AAAABAAHACAAAACmDddtcG7HG2awzVEyJrfuklnVRoyY0dpmF8Ar0SxPXQcABwAIAAAAAGC9BAAAAAADAAFAOAAAAAQABwAgAAAA32X9UZLpNE8YDZJTVYGX+xpX6oxi2Gmq0tFBrFvqKnUHAAcACAAAAACQvgQAAAAAAwABQDgAAAAEAAcAIAAAAJdeLXI+QnlvkVz0r9gk2bp34Awx5LYhBkkollsUeti6BwAHAAgAAAAAgMEEAAAAAAMAAUA4AAAABAAHACAAAADdyhnQX2kr1ob7ad7QiLInnsr8mHqNGKSwp4SXEz9y2AcABwAIAAAAACDDBAAAAAADAAFAOAAAAAQABwAgAAAA2LgdHzNnSUPZTg0murGAaw05SgGnll3thzvUd+Y2JXYHAAcACAAAAAAgxgQAAAAAAwABQDgAAAAEAAcAIAAAAPpHO3Xdphfhd6XaOCuMIe8wIUdlb0gxl0fgvO9RvlZnBwAHAAgAAAAAcNAEAAAAAAMAAUA4AAAABAAHACAAAAAr7dFYlBC2+hPILzXbc1AltqFgWVkidQJIdx9avQ/uWAcABwAIAAAAABDSBAAAAAADAAFAOAAAAAQABwAgAAAAfYnPxIrhCXdhtkpEpYi6cRNgtbWv54DhwtXzM+EBzYgHAAcACAAAAABQ2AQAAAAAAwABQDgAAAAEAAcAIAAAAA/c59cZNveURefSyEy+uXyUjTcw4Lg5FmsKTmJcLUVHBwAHAAgAAAAAUNoEAAAAAAMAAUA4AAAABAAHACAAAACt2OZhmMJv4YTJxXs8PJBaPDE5S0+lOnLyNnfNH5UnaQcABwAIAAAAALDbBAAAAAADAAFAOAAAAAQABwAgAAAAu4PDVZct+raQB+qs8lLWESIsv8j1QqOttVvB/sDI2+YHAAcACAAAAACA5QQAAAAAAwABQDgAAAAEAAcAIAAAAHDS0qQFM0axAr2JAT5p+4tnYaYDrEapokGrfzlBnJ33BwAHAAgAAAAAUOcEAAAAAAMAAUA4AAAABAAHACAAAACP85i73dsvbu3/tJoffxOwQrbksdRApUzeD2GC+QLXngcABwAIAAAAAEDrBAAAAAADAAFAOAAAAAQABwAgAAAAvSwyVNnfFV3W05y72UbyucO7zvT/GaqbYOx4XWbDjXMHAAcACAAAAAAAQAUAAAAAAwABQDgAAAAEAAcAIAAAAOgq+JSmkkaFiNWUB9VzLbz8ydJbFkEOAJ3HnSmOkkWSBwAHAAgAAAAA4PAEAAAAAAMAAUA4AAAABAAHACAAAAAFWjapkhuYzAQELKlSScfsplVTaGja/Ox1CJR+vl5x9AcABwAIAAAAAMDxBAAAAAADAAFAOAAAAAQABwAgAAAAv1Xjl9rvBsDMdpu1w8cbtH5Jcmmr+sIKkPUfs/WEsyIHAAcACAAAAADgaAUAAAAAAwABQDgAAAAEAAcAIAAAAIQSjqJ56C8ggVDupT22lzPYgiqIX6tV5fnYWAOKkRBlBwAHAAgAAAAA8PQEAAAAAAMAAUA4AAAABAAHACAAAAAsY2AxjETqIu7AFbFCMzPq84WzY2N66S4AWEMQhDu+5AcABwAIAAAAAID8BAAAAAADAAFAOAAAAAQABwAgAAAA0ZFkcldnHDnM/xLyq3sq0KlBh/7Eaiy39D2EdbKnW8MHAAcACAAAAACglgUAAAAAAwABQDgAAAAEAAcAIAAAANjdIUuMmSyrv2cmzy0Eso8ftu3FiNqFVAEWXH1WYhSgBwAHAAgAAAAAYJcFAAAAAAMAAUA4AAAABAAHACAAAACPdXMBROiIfW21tzw6/4VvWSQDF4ZALm/WS6BQnr0GEwcABwAIAAAAAECeBQAAAAADAAFAOAAAAAQABwAgAAAAfxT0+E+4tsfDTkYbajSvGujSnZW+qJBWVjJz+KCpnsgHAAcACAAAAACgoAUAAAAAAwABQDgAAAAEAAcAIAAAAOwTCvlYzvqqs2NnMVtfr/5Vp6DJQIxIxfkKO6mRSZvjBwAHAAgAAAAAoKEFAAAAAAMAAUA4AAAABAAHACAAAACWobodW1bdx0SfQU51CiVe1DgZ+S5Z0VCdZFLfZZS2ugcABwAIAAAAAHCjBQAAAAABAAUAAQAAAAAIAAUABAAAAAQAAQAJAAUAEgAAAFwAVwBpAG4AZABvAHcAcwAAAAQABQAIAAAAAQAAAAAAAAAFAAUAAQAAAAAGAAUAAQAAAAAKAAUACAAAAAAAAAAAAAAAEgAFAAgAAAAAAAAAAAAAACIABQABAAAAACQABQABAAAAACUABQABAAAAACYABQABAAAAAA4ABQAEAAAAAQAAABQABQAEAAAAAAAAAAIAAUBGAAAAAQAJACIAAABXAGkAbgBkAG8AdwBzACAARABlAGYAZQBuAGQAZQByAAAABAAJABQAAAAGfVudxWJ/l9zz/v9gKjQu1pjSzAEABAABAAAAAAMABQABAAAAACEABQABAAAAAAIABQABAAAAAQUAAgAEAAAAAAAAAAsAAgAEAAAAJQIAwA0AAAAGAAAA2PEcY2ph9U08PM6bjn2onxQDPAIbWQAAAQABQBNZAAAJAAIABAAAAAEAAAAKAAIABAAAAAAAAAABAAUAAQAAAAAIAAUABAAAAAQAAQAJAAUAEgAAAFwAVwBpAG4AZABvAHcAcwAAAAQABQAIAAAAAQAAAAAAAAAFAAUAAQAAAAAGAAUAAQAAAAAKAAUACAAAAAAAAAAAAAAAEgAFAAgAAAAAAAAAAAAAACIABQABAAAAACQABQABAAAAACUABQABAAAAACYABQABAAAAAA4ABQAEAAAAAQAAABQABQAEAAAAAAAAAAEABAABAAAAAAMABQABAAAAACEABQABAAAAAAIABQABAAAAAQUAAgAEAAAAAAAAAAsAAgAEAAAAJQIAwCkABQA0AAAAAQAAABQAAAALACAAAAAAAAAAAADIYA3F7Vc6OVR9EbuC/NA5DdPYBeI80RMg7ekC0UbUmwIABAAuAAAAgKGarXBz0wEgAAAACwB23qHlStoMLnZb2zAJmlc5Zazllb2a8N2CQpw+83gM8xMABQAuAAAAgGZCpXBz0wEgAAAACwAbqxl4xbESmRQ2Hcaepgk6MUcgU9LGKUVVHrJ3Ljh83gMAAUBWAQAAAQAHAEoAAABcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABkAHIAaQB2AGUAcgBzAFwARgBMAFQATQBHAFIALgBTAFkAUwAAAAIABwAIAAAAAAAHAAAAAAADAAcABAAAAAyAAAAEAAcAIAAAAJZ6cKcvWFSX7CphWeNGhehcBU1bUZk6q6/zYrUv5Y3JCgAHAAEAAAABBQAHAEwAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAIABQAHIAbwBkAHUAYwB0AGkAbwBuACAAUABDAEEAIAAyADAAMQAxAAAACAAHACQAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAAAAGAAcAEwAAADMAAAHEIrL3m3k9rLIAAAAAAcQJAAcAFAAAAK6cGuVHY4Iu7EJHSYPYtjURbIRSAwABQEABAAABAAcANAAAAFwAVwBpAG4AZABvAHcAcwBcAHMAeQBzAHQAZQBtADMAMgBcAGgAYQBsAC4AZABsAGwAAAACAAcACAAAAADACQAAAAAAAwAHAAQAAAAMgAAABAAHACAAAADOzs2IlvH6mXfKWpyZA8iMIJ78LdWz9DDUPBKbtmLGoQoABwABAAAAAQUABwBMAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzACAAUAByAG8AZAB1AGMAdABpAG8AbgAgAFAAQwBBACAAMgAwADEAMQAAAAgABwAkAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzAAAABgAHABMAAAAzAAACMkH7WZltzE3/AAAAAAIyCQAHABQAAAD/grw44dpeWW3zdMU+Nhf37aNrBgMAAUBYAQAAAQAHAEwAAABcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABkAHIAaQB2AGUAcgBzAFwAbgB0AG8AcwBlAHgAdAAuAHMAeQBzAAAAAgAHAAgAAAAAwAAAAAAAAAMABwAEAAAADIAAAAQABwAgAAAAvSFzyY4UWr0VUdpr2rQx4OK5BtBGOwZ5poqzM9Z/szIKAAcAAQAAAAEFAAcATAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAgAFAAcgBvAGQAdQBjAHQAaQBvAG4AIABQAEMAQQAgADIAMAAxADEAAAAIAAcAJAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAAAAYABwATAAAAMwAAAcQisvebeT2ssgAAAAABxAkABwAUAAAArpwa5Udjgi7sQkdJg9i2NRFshFIDAAFAVAEAAAEABwBIAAAAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAZAByAGkAdgBlAHIAcwBcAG0AcwByAHAAYwAuAHMAeQBzAAAAAgAHAAgAAAAAIAYAAAAAAAMABwAEAAAADIAAAAQABwAgAAAA1QkZERxXa/LhafYP1/Bgw0IiwTg6LLe93k+v7JYyZNgKAAcAAQAAAAEFAAcATAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAgAFAAcgBvAGQAdQBjAHQAaQBvAG4AIABQAEMAQQAgADIAMAAxADEAAAAIAAcAJAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAAAAYABwATAAAAMwAAAjJB+1mZbcxN/wAAAAACMgkABwAUAAAA/4K8OOHaXllt83TFPjYX9+2jawYDAAFAUgEAAAEABwBGAAAAXABXAGkAbgBkAG8AdwBzAFwAcwB5AHMAdABlAG0AMwAyAFwAQQBwAGkAUwBlAHQAUwBjAGgAZQBtAGEALgBkAGwAbAAAAAIABwAIAAAAANABAAAAAAADAAcABAAAAAyAAAAEAAcAIAAAANZVeUqIuv6kmK6VVippxc4IIEGnTWXxBTdfpsrdtTVqCgAHAAEAAAABBQAHAEwAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAIABQAHIAbwBkAHUAYwB0AGkAbwBuACAAUABDAEEAIAAyADAAMQAxAAAACAAHACQAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAAAAGAAcAEwAAADMAAAHEIrL3m3k9rLIAAAAAAcQJAAcAFAAAAK6cGuVHY4Iu7EJHSYPYtjURbIRSAwABQFoBAAABAAcATgAAAFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGQAcgBpAHYAZQByAHMAXABtAHMAaQBzAGEAZAByAHYALgBzAHkAcwAAAAIABwAIAAAAALAAAAAAAAADAAcABAAAAAyAAAAEAAcAIAAAADLpNw57WZDerRq6UYe48/cLHhn3DlEWKGNFETAUgiGYCgAHAAEAAAABBQAHAEwAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAIABQAHIAbwBkAHUAYwB0AGkAbwBuACAAUABDAEEAIAAyADAAMQAxAAAACAAHACQAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAAAAGAAcAEwAAADMAAAHEIrL3m3k9rLIAAAAAAcQJAAcAFAAAAK6cGuVHY4Iu7EJHSYPYtjURbIRSAwABQFABAAABAAcARAAAAFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGQAcgBpAHYAZQByAHMAXABwAGMAaQAuAHMAeQBzAAAAAgAHAAgAAAAAsAYAAAAAAAMABwAEAAAADIAAAAQABwAgAAAAndjU4Yw2mfgB2lTflPF/4zbCWeTH+LtAtixxVkocU4EKAAcAAQAAAAEFAAcATAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAgAFAAcgBvAGQAdQBjAHQAaQBvAG4AIABQAEMAQQAgADIAMAAxADEAAAAIAAcAJAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAAAAYABwATAAAAMwAAAcQisvebeT2ssgAAAAABxAkABwAUAAAArpwa5Udjgi7sQkdJg9i2NRFshFIDAAFAWAEAAAEABwBMAAAAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAZAByAGkAdgBlAHIAcwBcAHYAbwBsAG0AZwByAHgALgBzAHkAcwAAAAIABwAIAAAAADAGAAAAAAADAAcABAAAAAyAAAAEAAcAIAAAACvt0ViUELb6E8gvNdtzUCW2oWBZWSJ1Akh3H1q9D+5YCgAHAAEAAAABBQAHAEwAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAIABQAHIAbwBkAHUAYwB0AGkAbwBuACAAUABDAEEAIAAyADAAMQAxAAAACAAHACQAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAAAAGAAcAEwAAADMAAAHEIrL3m3k9rLIAAAAAAcQJAAcAFAAAAK6cGuVHY4Iu7EJHSYPYtjURbIRSAwABQFYBAAABAAcASgAAAFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGQAcgBpAHYAZQByAHMAXABXAE0ASQBMAEkAQgAuAFMAWQBTAAAAAgAHAAgAAAAAwAAAAAAAAAMABwAEAAAADIAAAAQABwAgAAAA9tOHTu4Mi1fBKimHo9FgioQvylOK68tHa5HFeb0SBeYKAAcAAQAAAAEFAAcATAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAgAFAAcgBvAGQAdQBjAHQAaQBvAG4AIABQAEMAQQAgADIAMAAxADEAAAAIAAcAJAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAAAAYABwATAAAAMwAAAcQisvebeT2ssgAAAAABxAkABwAUAAAArpwa5Udjgi7sQkdJg9i2NRFshFIDAAFAUgEAAAEABwBGAAAAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAZAByAGkAdgBlAHIAcwBcAEMATABGAFMALgBTAFkAUwAAAAIABwAIAAAAAKAGAAAAAAADAAcABAAAAAyAAAAEAAcAIAAAAPRDxH3viuNsobnN2GNwjZ+TqMWBXaAT6Vrpas94ans4CgAHAAEAAAABBQAHAEwAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAIABQAHIAbwBkAHUAYwB0AGkAbwBuACAAUABDAEEAIAAyADAAMQAxAAAACAAHACQAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAAAAGAAcAEwAAADMAAAHEIrL3m3k9rLIAAAAAAcQJAAcAFAAAAK6cGuVHY4Iu7EJHSYPYtjURbIRSAwABQFYBAAABAAcASgAAAFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGQAcgBpAHYAZQByAHMAXABrAHMAZQBjAGQAZAAuAHMAeQBzAAAAAgAHAAgAAAAAsAIAAAAAAAMABwAEAAAADIAAAAQABwAgAAAAttKPTMkWEFjhRaoiVYx3Eigv0Bb5POoQAw09dnsw9U0KAAcAAQAAAAEFAAcATAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAgAFAAcgBvAGQAdQBjAHQAaQBvAG4AIABQAEMAQQAgADIAMAAxADEAAAAIAAcAJAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAAAAYABwATAAAAMwAAAcQisvebeT2ssgAAAAABxAkABwAUAAAArpwa5Udjgi7sQkdJg9i2NRFshFIDAAFAUAEAAAEABwBEAAAAXABXAGkAbgBkAG8AdwBzAFwAcwB5AHMAdABlAG0AMwAyAFwAZAByAGkAdgBlAHIAcwBcAHAAZABjAC4AcwB5AHMAAAACAAcACAAAAADgAgAAAAAAAwAHAAQAAAAMgAAABAAHACAAAADfZf1Rkuk0TxgNklNVgZf7GlfqjGLYaarS0UGsW+oqdQoABwABAAAAAQUABwBMAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzACAAUAByAG8AZAB1AGMAdABpAG8AbgAgAFAAQwBBACAAMgAwADEAMQAAAAgABwAkAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzAAAABgAHABMAAAAzAAABxCKy95t5PayyAAAAAAHECQAHABQAAACunBrlR2OCLuxCR0mD2LY1EWyEUgMAAUBaAQAAAQAHAE4AAABcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABkAHIAaQB2AGUAcgBzAFwAdgBkAHIAdgByAG8AbwB0AC4AcwB5AHMAAAACAAcACAAAAAAgAQAAAAAAAwAHAAQAAAAMgAAABAAHACAAAACmDddtcG7HG2awzVEyJrfuklnVRoyY0dpmF8Ar0SxPXQoABwABAAAAAQUABwBMAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzACAAUAByAG8AZAB1AGMAdABpAG8AbgAgAFAAQwBBACAAMgAwADEAMQAAAAgABwAkAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzAAAABgAHABMAAAAzAAABxCKy95t5PayyAAAAAAHECQAHABQAAACunBrlR2OCLuxCR0mD2LY1EWyEUgMAAUBaAQAAAQAHAE4AAABcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABkAHIAaQB2AGUAcgBzAFwAQwBMAEEAUwBTAFAATgBQAC4AUwBZAFMAAAACAAcACAAAAADwBgAAAAAAAwAHAAQAAAAMgAAABAAHACAAAACWobodW1bdx0SfQU51CiVe1DgZ+S5Z0VCdZFLfZZS2ugoABwABAAAAAQUABwBMAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzACAAUAByAG8AZAB1AGMAdABpAG8AbgAgAFAAQwBBACAAMgAwADEAMQAAAAgABwAkAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzAAAABgAHABMAAAAzAAABxCKy95t5PayyAAAAAAHECQAHABQAAACunBrlR2OCLuxCR0mD2LY1EWyEUgMAAUBYAQAAAQAHAEwAAABcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABkAHIAaQB2AGUAcgBzAFwAcABhAHIAdABtAGcAcgAuAHMAeQBzAAAAAgAHAAgAAAAA8AIAAAAAAAMABwAEAAAADIAAAAQABwAgAAAA3coZ0F9pK9aG+2ne0IiyJ57K/Jh6jRiksKeElxM/ctgKAAcAAQAAAAEFAAcATAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAgAFAAcgBvAGQAdQBjAHQAaQBvAG4AIABQAEMAQQAgADIAMAAxADEAAAAIAAcAJAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAAAAYABwATAAAAMwAAAcQisvebeT2ssgAAAAABxAkABwAUAAAArpwa5Udjgi7sQkdJg9i2NRFshFIDAAFAXAEAAAEABwBQAAAAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAZAByAGkAdgBlAHIAcwBcAHcAZQByAGsAZQByAG4AZQBsAC4AcwB5AHMAAAACAAcACAAAAAAQAQAAAAAAAwAHAAQAAAAMgAAABAAHACAAAACe9u3aNNb8lewJX9GUM/omwPu2XK+pIbYjVXApmqMXIwoABwABAAAAAQUABwBMAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzACAAUAByAG8AZAB1AGMAdABpAG8AbgAgAFAAQwBBACAAMgAwADEAMQAAAAgABwAkAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzAAAABgAHABMAAAAzAAABxCKy95t5PayyAAAAAAHECQAHABQAAACunBrlR2OCLuxCR0mD2LY1EWyEUgMAAUCoAQAAAQAHAF4AAABcAFcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABkAHIAaQB2AGUAcgBzAFwAVwBpAG4AZABvAHcAcwBUAHIAdQBzAHQAZQBkAFIAVAAuAHMAeQBzAAAAAgAHAAgAAAAAYAEAAAAAAAMABwAEAAAADIAAAAQABwAgAAAAZkqUzFgkrtO1graKiZgpvPqtdkEd8vpahKdv+L8eJF4KAAcAAQAAAAEFAAcAQAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAQwBvAGQAZQAgAFMAaQBnAG4AaQBuAGcAIABQAEMAQQAgADIAMAAxADAAAAAIAAcAbgAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAgAEgAYQByAGQAdwBhAHIAZQAgAEEAYgBzAHQAcgBhAGMAdABpAG8AbgAgAEwAYQB5AGUAcgAgAFAAdQBiAGwAaQBzAGgAZQByAAAABgAHABMAAAAzAAACP1g9FgcF91gzAAAAAAI/CQAHABQAAAAQ32bVLEhRRfwZodh6/3P3k90y1QMAAUBaAQAAAQAHAE4AAABcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABkAHIAaQB2AGUAcgBzAFwAcwB0AG8AcgBwAG8AcgB0AC4AcwB5AHMAAAACAAcACAAAAADACQAAAAAAAwAHAAQAAAAMgAAABAAHACAAAACt2OZhmMJv4YTJxXs8PJBaPDE5S0+lOnLyNnfNH5UnaQoABwABAAAAAQUABwBMAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzACAAUAByAG8AZAB1AGMAdABpAG8AbgAgAFAAQwBBACAAMgAwADEAMQAAAAgABwAkAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzAAAABgAHABMAAAAzAAABxCKy95t5PayyAAAAAAHECQAHABQAAACunBrlR2OCLuxCR0mD2LY1EWyEUgMAAUBSAQAAAQAHAEYAAABcAFcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABEAFIASQBWAEUAUgBTAFwATgBEAEkAUwAuAFMAWQBTAAAAAgAHAAgAAAAAMBUAAAAAAAMABwAEAAAADIAAAAQABwAgAAAAkBaKjagWfORUCZXmcPE44DpsOGtNevM9kQkQXeFr5v4KAAcAAQAAAAEFAAcATAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAgAFAAcgBvAGQAdQBjAHQAaQBvAG4AIABQAEMAQQAgADIAMAAxADEAAAAIAAcAJAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAAAAYABwATAAAAMwAAAcQisvebeT2ssgAAAAABxAkABwAUAAAArpwa5Udjgi7sQkdJg9i2NRFshFIDAAFATgEAAAEABwBCAAAAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAZAByAGkAdgBlAHIAcwBcAHQAbQAuAHMAeQBzAAAAAgAHAAgAAAAAcAIAAAAAAAMABwAEAAAADIAAAAQABwAgAAAA6UDh7xSmZp7m7l6xHGjT5ZFL0mNbFEQxWjsyEtOcnHMKAAcAAQAAAAEFAAcATAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAgAFAAcgBvAGQAdQBjAHQAaQBvAG4AIABQAEMAQQAgADIAMAAxADEAAAAIAAcAJAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAAAAYABwATAAAAMwAAAcQisvebeT2ssgAAAAABxAkABwAUAAAArpwa5Udjgi7sQkdJg9i2NRFshFIDAAFAUAEAAAEABwBEAAAAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAZAByAGkAdgBlAHIAcwBcAHQAcABtAC4AcwB5AHMAAAACAAcACAAAAAAABAAAAAAAAwAHAAQAAAAMgAAABAAHACAAAAB3YcLFQck+FCrKOjIl6ng1UwAsQGn1mvflZzpJQPZjsQoABwABAAAAAQUABwBMAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzACAAUAByAG8AZAB1AGMAdABpAG8AbgAgAFAAQwBBACAAMgAwADEAMQAAAAgABwAkAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzAAAABgAHABMAAAAzAAACMkH7WZltzE3/AAAAAAIyCQAHABQAAAD/grw44dpeWW3zdMU+Nhf37aNrBgMAAUBcAQAAAQAHAFAAAABcAFcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABkAHIAaQB2AGUAcgBzAFwAUwBnAHIAbQBBAGcAZQBuAHQALgBzAHkAcwAAAAIABwAIAAAAAKABAAAAAAADAAcABAAAAAyAAAAEAAcAIAAAAKktV3P7hrufr3bY3g2tPvI+mhv0OIbpY8z8Q5RHnWn9CgAHAAEAAAABBQAHAEwAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAIABQAHIAbwBkAHUAYwB0AGkAbwBuACAAUABDAEEAIAAyADAAMQAxAAAACAAHACQAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAAAAGAAcAEwAAADMAAAHEIrL3m3k9rLIAAAAAAcQJAAcAFAAAAK6cGuVHY4Iu7EJHSYPYtjURbIRSAwABQFYBAAABAAcASgAAAFwAVwBpAG4AZABvAHcAcwBcAHMAeQBzAHQAZQBtADMAMgBcAEQAUgBJAFYARQBSAFMAXABzAGEAYwBkAHIAdgAuAHMAeQBzAAAAAgAHAAgAAAAAwAEAAAAAAAMABwAEAAAADIAAAAQABwAgAAAA/j4/S9DSjfx0PcoOLOGAzO5xQoShgcf6nBDGeeyzm7wKAAcAAQAAAAEFAAcATAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAgAFAAcgBvAGQAdQBjAHQAaQBvAG4AIABQAEMAQQAgADIAMAAxADEAAAAIAAcAJAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAAAAYABwATAAAAMwAAAcQisvebeT2ssgAAAAABxAkABwAUAAAArpwa5Udjgi7sQkdJg9i2NRFshFIDAAFAWgEAAAEABwBOAAAAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAZAByAGkAdgBlAHIAcwBcAGYAdwBwAGsAYwBsAG4AdAAuAHMAeQBzAAAAAgAHAAgAAAAAgAcAAAAAAAMABwAEAAAADIAAAAQABwAgAAAAhBKOonnoLyCBUO6lPbaXM9iCKohfq1Xl+dhYA4qREGUKAAcAAQAAAAEFAAcATAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAgAFAAcgBvAGQAdQBjAHQAaQBvAG4AIABQAEMAQQAgADIAMAAxADEAAAAIAAcAJAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAAAAYABwATAAAAMwAAAcQisvebeT2ssgAAAAABxAkABwAUAAAArpwa5Udjgi7sQkdJg9i2NRFshFIDAAFAPgEAAAEABwAyAAAAXABXAGkAbgBkAG8AdwBzAFwAcwB5AHMAdABlAG0AMwAyAFwAawBkAC4AZABsAGwAAAACAAcACAAAAACwAAAAAAAAAwAHAAQAAAAMgAAABAAHACAAAABpKKP/Z6qjKzzKJDxH3tP1DzYKSWvtIuyl/Gi4GQX6cwoABwABAAAAAQUABwBMAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzACAAUAByAG8AZAB1AGMAdABpAG8AbgAgAFAAQwBBACAAMgAwADEAMQAAAAgABwAkAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzAAAABgAHABMAAAAzAAABxCKy95t5PayyAAAAAAHECQAHABQAAACunBrlR2OCLuxCR0mD2LY1EWyEUgMAAUBUAQAAAQAHAEgAAABcAFcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABEAFIASQBWAEUAUgBTAFwATgBFAFQASQBPAC4AUwBZAFMAAAACAAcACAAAAABQCQAAAAAAAwAHAAQAAAAMgAAABAAHACAAAADUKVSS3eb7S3xxRR1dT7lrOcGxQ4N2qvFeK1bC1Wh8AAoABwABAAAAAQUABwBMAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzACAAUAByAG8AZAB1AGMAdABpAG8AbgAgAFAAQwBBACAAMgAwADEAMQAAAAgABwAkAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzAAAABgAHABMAAAAzAAABxCKy95t5PayyAAAAAAHECQAHABQAAACunBrlR2OCLuxCR0mD2LY1EWyEUgMAAUCYAQAAAQAHAE4AAABcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABkAHIAaQB2AGUAcgBzAFwAaQBuAHQAZQBsAHAAZQBwAC4AcwB5AHMAAAACAAcACAAAAAAwBAAAAAAAAwAHAAQAAAAMgAAABAAHACAAAAB4BtfV0PSCdv6T2aQYfX48OLrufo1k2Km0rV8m0O1KgwoABwABAAAAAQUABwBAAAAATQBpAGMAcgBvAHMAbwBmAHQAIABDAG8AZABlACAAUwBpAGcAbgBpAG4AZwAgAFAAQwBBACAAMgAwADEAMAAAAAgABwBuAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzACAASABhAHIAZAB3AGEAcgBlACAAQQBiAHMAdAByAGEAYwB0AGkAbwBuACAATABhAHkAZQByACAAUAB1AGIAbABpAHMAaABlAHIAAAAGAAcAEwAAADMAAAI/WD0WBwX3WDMAAAAAAj8JAAcAFAAAABDfZtUsSFFF/Bmh2Hr/c/eT3TLVAwABQFABAAABAAcARAAAAFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAEQAcgBpAHYAZQByAHMAXABXAG8AZgAuAHMAeQBzAAAAAgAHAAgAAAAA4AMAAAAAAAMABwAEAAAADIAAAAQABwAgAAAAcNLSpAUzRrECvYkBPmn7i2dhpgOsRqmiQat/OUGcnfcKAAcAAQAAAAEFAAcATAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAgAFAAcgBvAGQAdQBjAHQAaQBvAG4AIABQAEMAQQAgADIAMAAxADEAAAAIAAcAJAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAAAAYABwATAAAAMwAAAcQisvebeT2ssgAAAAABxAkABwAUAAAArpwa5Udjgi7sQkdJg9i2NRFshFIDAAFAUAEAAAEABwBEAAAAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwARAByAGkAdgBlAHIAcwBcAG0AdQBwAC4AcwB5AHMAAAACAAcACAAAAABQAgAAAAAAAwAHAAQAAAAMgAAABAAHACAAAACPdXMBROiIfW21tzw6/4VvWSQDF4ZALm/WS6BQnr0GEwoABwABAAAAAQUABwBMAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzACAAUAByAG8AZAB1AGMAdABpAG8AbgAgAFAAQwBBACAAMgAwADEAMQAAAAgABwAkAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzAAAABgAHABMAAAAzAAABxCKy95t5PayyAAAAAAHECQAHABQAAACunBrlR2OCLuxCR0mD2LY1EWyEUgMAAUBaAQAAAQAHAE4AAABcAFcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABkAHIAaQB2AGUAcgBzAFwAVwBkAGYAMAAxADAAMAAwAC4AcwB5AHMAAAACAAcACAAAAAAQDQAAAAAAAwAHAAQAAAAMgAAABAAHACAAAADCFcGJRRZD46MTi4ho26B7yHOqAtJBRcdS0hIcptHhaQoABwABAAAAAQUABwBMAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzACAAUAByAG8AZAB1AGMAdABpAG8AbgAgAFAAQwBBACAAMgAwADEAMQAAAAgABwAkAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzAAAABgAHABMAAAAzAAABxCKy95t5PayyAAAAAAHECQAHABQAAACunBrlR2OCLuxCR0mD2LY1EWyEUgMAAUBWAQAAAQAHAEoAAABcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABEAHIAaQB2AGUAcgBzAFwARgBzAF8AUgBlAGMALgBzAHkAcwAAAAIABwAIAAAAANAAAAAAAAADAAcABAAAAAyAAAAEAAcAIAAAAOgq+JSmkkaFiNWUB9VzLbz8ydJbFkEOAJ3HnSmOkkWSCgAHAAEAAAABBQAHAEwAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAIABQAHIAbwBkAHUAYwB0AGkAbwBuACAAUABDAEEAIAAyADAAMQAxAAAACAAHACQAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAAAAGAAcAEwAAADMAAAHEIrL3m3k9rLIAAAAAAcQJAAcAFAAAAK6cGuVHY4Iu7EJHSYPYtjURbIRSAwABQFoBAAABAAcATgAAAFwAVwBpAG4AZABvAHcAcwBcAHMAeQBzAHQAZQBtADMAMgBcAGQAcgBpAHYAZQByAHMAXABtAHMAcwBlAGMAZgBsAHQALgBzAHkAcwAAAAIABwAIAAAAABAFAAAAAAADAAcABAAAAAyAAAAEAAcAIAAAAODAbKXrJ7pwFs1J3wXkBJDy1FU9LyHU2kI1zdQwpoqOCgAHAAEAAAABBQAHAEwAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAIABQAHIAbwBkAHUAYwB0AGkAbwBuACAAUABDAEEAIAAyADAAMQAxAAAACAAHACQAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAAAAGAAcAEwAAADMAAAIyQftZmW3MTf8AAAAAAjIJAAcAFAAAAP+CvDjh2l5ZbfN0xT42F/fto2sGAwABQFIBAAABAAcARgAAAFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGQAcgBpAHYAZQByAHMAXABkAGkAcwBrAC4AcwB5AHMAAAACAAcACAAAAADAAQAAAAAAAwAHAAQAAAAMgAAABAAHACAAAADsEwr5WM76qrNjZzFbX6/+VaegyUCMSMX5CjupkUmb4woABwABAAAAAQUABwBMAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzACAAUAByAG8AZAB1AGMAdABpAG8AbgAgAFAAQwBBACAAMgAwADEAMQAAAAgABwAkAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzAAAABgAHABMAAAAzAAABxCKy95t5PayyAAAAAAHECQAHABQAAACunBrlR2OCLuxCR0mD2LY1EWyEUgMAAUBQAQAAAQAHAEQAAABcAFcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABkAHIAaQB2AGUAcgBzAFwAQwBFAEEALgBzAHkAcwAAAAIABwAIAAAAAJABAAAAAAADAAcABAAAAAyAAAAEAAcAIAAAAJdeLXI+QnlvkVz0r9gk2bp34Awx5LYhBkkollsUeti6CgAHAAEAAAABBQAHAEwAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAIABQAHIAbwBkAHUAYwB0AGkAbwBuACAAUABDAEEAIAAyADAAMQAxAAAACAAHACQAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAAAAGAAcAEwAAADMAAAHEIrL3m3k9rLIAAAAAAcQJAAcAFAAAAK6cGuVHY4Iu7EJHSYPYtjURbIRSAwABQFYBAAABAAcASgAAAFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGQAcgBpAHYAZQByAHMAXABjAGwAaQBwAHMAcAAuAHMAeQBzAAAAAgAHAAgAAAAAoBAAAAAAAAMABwAEAAAADIAAAAQABwAgAAAAofrHbmJwXDrpPN+4rCBa9YHOUEbICdXczL/HjLmZFkgKAAcAAQAAAAEFAAcATAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAgAFAAcgBvAGQAdQBjAHQAaQBvAG4AIABQAEMAQQAgADIAMAAxADEAAAAIAAcAJAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAAAAYABwATAAAAMwAAAcQisvebeT2ssgAAAAABxAkABwAUAAAArpwa5Udjgi7sQkdJg9i2NRFshFIDAAFASAEAAAEABwA8AAAAXABXAGkAbgBkAG8AdwBzAFwAcwB5AHMAdABlAG0AMwAyAFwAQgBPAE8AVABWAEkARAAuAGQAbABsAAAAAgAHAAgAAAAAsAAAAAAAAAMABwAEAAAADIAAAAQABwAgAAAAehKhe3zX7T9xRVeCnp1p8IQpTKBsAwSAhS+DiYeikDYKAAcAAQAAAAEFAAcATAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAgAFAAcgBvAGQAdQBjAHQAaQBvAG4AIABQAEMAQQAgADIAMAAxADEAAAAIAAcAJAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAAAAYABwATAAAAMwAAAcQisvebeT2ssgAAAAABxAkABwAUAAAArpwa5Udjgi7sQkdJg9i2NRFshFIDAAFAUAEAAAEABwBEAAAAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAZAByAGkAdgBlAHIAcwBcAHAAYwB3AC4AcwB5AHMAAAACAAcACAAAAABAAQAAAAAAAwAHAAQAAAAMgAAABAAHACAAAADqMmEpIle0Gxwl55S9M2dJfDnJwHscdSF+4sobWR4zEAoABwABAAAAAQUABwBMAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzACAAUAByAG8AZAB1AGMAdABpAG8AbgAgAFAAQwBBACAAMgAwADEAMQAAAAgABwAkAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzAAAABgAHABMAAAAzAAABxCKy95t5PayyAAAAAAHECQAHABQAAACunBrlR2OCLuxCR0mD2LY1EWyEUgMAAUBWAQAAAQAHAEoAAABcAFcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABkAHIAaQB2AGUAcgBzAFwAVwBEAEYATABEAFIALgBTAFkAUwAAAAIABwAIAAAAADABAAAAAAADAAcABAAAAAyAAAAEAAcAIAAAAO2kD0qZjHZ4ePDTS5slTHiIMBnKZ3os9TW1zXhIXm5lCgAHAAEAAAABBQAHAEwAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAIABQAHIAbwBkAHUAYwB0AGkAbwBuACAAUABDAEEAIAAyADAAMQAxAAAACAAHACQAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAAAAGAAcAEwAAADMAAAHEIrL3m3k9rLIAAAAAAcQJAAcAFAAAAK6cGuVHY4Iu7EJHSYPYtjURbIRSAwABQEoBAAABAAcAPgAAAFwAVwBpAG4AZABvAHcAcwBcAHMAeQBzAHQAZQBtADMAMgBcAG4AdABvAHMAawByAG4AbAAuAGUAeABlAAAAAgAHAAgAAAAAEKcAAAAAAAMABwAEAAAADIAAAAQABwAgAAAATQz/d8ul0ucuivlD8sD/nEer7yvu3TNoRgvqF86qB68KAAcAAQAAAAEFAAcATAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAgAFAAcgBvAGQAdQBjAHQAaQBvAG4AIABQAEMAQQAgADIAMAAxADEAAAAIAAcAJAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAAAAYABwATAAAAMwAAAjJB+1mZbcxN/wAAAAACMgkABwAUAAAA/4K8OOHaXllt83TFPjYX9+2jawYDAAFAYAEAAAEABwBUAAAAXABXAGkAbgBkAG8AdwBzAFwAcwB5AHMAdABlAG0AMwAyAFwAZAByAGkAdgBlAHIAcwBcAHcAZABcAFcAZABGAGkAbAB0AGUAcgAuAHMAeQBzAAAAAgAHAAgAAAAAkAUAAAAAAAMABwAEAAAADIAAAAQABwAgAAAAj/OYu93bL27t/7SaH38TsEK25LHUQKVM3g9hgvkC154KAAcAAQAAAAEFAAcATAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAgAFAAcgBvAGQAdQBjAHQAaQBvAG4AIABQAEMAQQAgADIAMAAxADEAAAAIAAcAJAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAAAAYABwATAAAAMwAAAjEyNMuvqKuaTQAAAAACMQkABwAUAAAADdbU1PRsDHwmcZYsTTYdYH43CUADAAFAVAEAAAEABwBIAAAAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAZAByAGkAdgBlAHIAcwBcAHQAYwBwAGkAcAAuAHMAeQBzAAAAAgAHAAgAAAAAsC0AAAAAAAMABwAEAAAADIAAAAQABwAgAAAAv1Xjl9rvBsDMdpu1w8cbtH5Jcmmr+sIKkPUfs/WEsyIKAAcAAQAAAAEFAAcATAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAgAFAAcgBvAGQAdQBjAHQAaQBvAG4AIABQAEMAQQAgADIAMAAxADEAAAAIAAcAJAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAAAAYABwATAAAAMwAAAjJB+1mZbcxN/wAAAAACMgkABwAUAAAA/4K8OOHaXllt83TFPjYX9+2jawYDAAFAXAEAAAEABwBQAAAAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAZAByAGkAdgBlAHIAcwBcAHMAcABhAGMAZQBwAG8AcgB0AC4AcwB5AHMAAAACAAcACAAAAABACgAAAAAAAwAHAAQAAAAMgAAABAAHACAAAADYuB0fM2dJQ9lODSa6sYBrDTlKAaeWXe2HO9R35jYldgoABwABAAAAAQUABwBMAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzACAAUAByAG8AZAB1AGMAdABpAG8AbgAgAFAAQwBBACAAMgAwADEAMQAAAAgABwAkAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzAAAABgAHABMAAAAzAAACMkH7WZltzE3/AAAAAAIyCQAHABQAAAD/grw44dpeWW3zdMU+Nhf37aNrBgMAAUBgAQAAAQAHAFQAAABcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABkAHIAaQB2AGUAcgBzAFwARQBoAFMAdABvAHIAQwBsAGEAcwBzAC4AcwB5AHMAAAACAAcACAAAAADAAQAAAAAAAwAHAAQAAAAMgAAABAAHACAAAAC7g8NVly36tpAH6qzyUtYRIiy/yPVCo621W8H+wMjb5goABwABAAAAAQUABwBMAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzACAAUAByAG8AZAB1AGMAdABpAG8AbgAgAFAAQwBBACAAMgAwADEAMQAAAAgABwAkAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzAAAABgAHABMAAAAzAAABxCKy95t5PayyAAAAAAHECQAHABQAAACunBrlR2OCLuxCR0mD2LY1EWyEUgMAAUBEAQAAAQAHADgAAABcAFcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABQAFMASABFAEQALgBkAGwAbAAAAAIABwAIAAAAAIABAAAAAAADAAcABAAAAAyAAAAEAAcAIAAAAOyYAZCHm/SUbApLur7Td98KQ9c3nV+MrvwyRXo7lYBUCgAHAAEAAAABBQAHAEwAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAIABQAHIAbwBkAHUAYwB0AGkAbwBuACAAUABDAEEAIAAyADAAMQAxAAAACAAHACQAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAAAAGAAcAEwAAADMAAAHEIrL3m3k9rLIAAAAAAcQJAAcAFAAAAK6cGuVHY4Iu7EJHSYPYtjURbIRSAwABQFoBAAABAAcATgAAAFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGQAcgBpAHYAZQByAHMAXABtAG8AdQBuAHQAbQBnAHIALgBzAHkAcwAAAAIABwAIAAAAAPABAAAAAAADAAcABAAAAAyAAAAEAAcAIAAAAH2Jz8SK4Ql3YbZKRKWIunETYLW1r+eA4cLV8zPhAc2ICgAHAAEAAAABBQAHAEwAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAIABQAHIAbwBkAHUAYwB0AGkAbwBuACAAUABDAEEAIAAyADAAMQAxAAAACAAHACQAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAAAAGAAcAEwAAADMAAAHEIrL3m3k9rLIAAAAAAcQJAAcAFAAAAK6cGuVHY4Iu7EJHSYPYtjURbIRSAwABQFYBAAABAAcASgAAAFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGQAcgBpAHYAZQByAHMAXAB2AG8AbAB1AG0AZQAuAHMAeQBzAAAAAgAHAAgAAAAAsAAAAAAAAAMABwAEAAAADIAAAAQABwAgAAAA0ZFkcldnHDnM/xLyq3sq0KlBh/7Eaiy39D2EdbKnW8MKAAcAAQAAAAEFAAcATAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAgAFAAcgBvAGQAdQBjAHQAaQBvAG4AIABQAEMAQQAgADIAMAAxADEAAAAIAAcAJAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAAAAYABwATAAAAMwAAAcQisvebeT2ssgAAAAABxAkABwAUAAAArpwa5Udjgi7sQkdJg9i2NRFshFIDAAFArgEAAAEABwBMAAAAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAZAByAGkAdgBlAHIAcwBcAHYAaQBvAHMAYwBzAGkALgBzAHkAcwAAAAIABwAIAAAAAFABAAAAAAADAAcABAAAAAyAAAAEAAcAIAAAAA/c59cZNveURefSyEy+uXyUjTcw4Lg5FmsKTmJcLUVHCgAHAAEAAAABBQAHAGAAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAIABUAGgAaQByAGQAIABQAGEAcgB0AHkAIABDAG8AbQBwAG8AbgBlAG4AdAAgAEMAQQAgADIAMAAxADQAAAAIAAcAZgAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAgAEgAYQByAGQAdwBhAHIAZQAgAEMAbwBtAHAAYQB0AGkAYgBpAGwAaQB0AHkAIABQAHUAYgBsAGkAcwBoAGUAcgAAAAYABwATAAAAMwAAACU6JzhpCjRRwQAAAAAAJQkABwAUAAAAJinoaq5uucmtzBxUjWAaUP2WknoDAAFAUgEAAAEABwBGAAAAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAZAByAGkAdgBlAHIAcwBcAEEAQwBQAEkALgBzAHkAcwAAAAIABwAIAAAAAIAMAAAAAAADAAcABAAAAAyAAAAEAAcAIAAAALQSEvWcEDfzzv4tM157jSPs33GbA9wBmbkRUWrnJI51CgAHAAEAAAABBQAHAEwAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAIABQAHIAbwBkAHUAYwB0AGkAbwBuACAAUABDAEEAIAAyADAAMQAxAAAACAAHACQAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAAAAGAAcAEwAAADMAAAHEIrL3m3k9rLIAAAAAAcQJAAcAFAAAAK6cGuVHY4Iu7EJHSYPYtjURbIRSAwABQFYBAAABAAcASgAAAFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGQAcgBpAHYAZQByAHMAXAB2AG8AbABtAGcAcgAuAHMAeQBzAAAAAgAHAAgAAAAAkAEAAAAAAAMABwAEAAAADIAAAAQABwAgAAAA+kc7dd2mF+F3pdo4K4wh7zAhR2VvSDGXR+C871G+VmcKAAcAAQAAAAEFAAcATAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAgAFAAcgBvAGQAdQBjAHQAaQBvAG4AIABQAEMAQQAgADIAMAAxADEAAAAIAAcAJAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAAAAYABwATAAAAMwAAAcQisvebeT2ssgAAAAABxAkABwAUAAAArpwa5Udjgi7sQkdJg9i2NRFshFIDAAFAmAEAAAEABwBQAAAAXABXAGkAbgBkAG8AdwBzAFwAcwB5AHMAdABlAG0AMwAyAFwAZAByAGkAdgBlAHIAcwBcAHcAZABcAFcAZABCAG8AbwB0AC4AcwB5AHMAAAACAAcACAAAAAAAAQAAAAAAAwAHAAQAAAAMgAAABAAHACAAAABbT4d4j2+EXIha8qt8s4inhs6HWaXsF0Lr/tWbo8bf0goABwABAAAAAQUABwBAAAAATQBpAGMAcgBvAHMAbwBmAHQAIABDAG8AZABlACAAUwBpAGcAbgBpAG4AZwAgAFAAQwBBACAAMgAwADEAMAAAAAgABwBsAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzACAARQBhAHIAbAB5ACAATABhAHUAbgBjAGgAIABBAG4AdABpAC0AbQBhAGwAdwBhAHIAZQAgAFAAdQBiAGwAaQBzAGgAZQByAAAABgAHABMAAAAzAAACs6zfDIqOuPybAAAAAAKzCQAHABQAAADatRJAlLF8K81BTPg3VCN0m5j/WQMAAUBWAQAAAQAHAEoAAABcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABEAHIAaQB2AGUAcgBzAFwAYQBjAHAAaQBlAHgALgBzAHkAcwAAAAIABwAIAAAAAEACAAAAAAADAAcABAAAAAyAAAAEAAcAIAAAAKE9f1EBrh8LogbaCG2w+PwGAQCtcyB3VgSAJpV6NXrFCgAHAAEAAAABBQAHAEwAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAIABQAHIAbwBkAHUAYwB0AGkAbwBuACAAUABDAEEAIAAyADAAMQAxAAAACAAHACQAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAAAAGAAcAEwAAADMAAAHEIrL3m3k9rLIAAAAAAcQJAAcAFAAAAK6cGuVHY4Iu7EJHSYPYtjURbIRSAwABQFABAAABAAcARAAAAFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGQAcgBpAHYAZQByAHMAXABjAG4AZwAuAHMAeQBzAAAAAgAHAAgAAAAAgAsAAAAAAAMABwAEAAAADIAAAAQABwAgAAAApne+D6cQKz/P3OkgsuePiEvuQOY0l7BWap3exuWcPKsKAAcAAQAAAAEFAAcATAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAgAFAAcgBvAGQAdQBjAHQAaQBvAG4AIABQAEMAQQAgADIAMAAxADEAAAAIAAcAJAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAAAAYABwATAAAAMwAAAjJB+1mZbcxN/wAAAAACMgkABwAUAAAA/4K8OOHaXllt83TFPjYX9+2jawYDAAFAUgEAAAEABwBGAAAAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwARAByAGkAdgBlAHIAcwBcAE4AdABmAHMALgBzAHkAcwAAAAIABwAIAAAAANAoAAAAAAADAAcABAAAAAyAAAAEAAcAIAAAAL0sMlTZ3xVd1tOcu9lG8rnDu870/xmqm2DseF1mw41zCgAHAAEAAAABBQAHAEwAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAIABQAHIAbwBkAHUAYwB0AGkAbwBuACAAUABDAEEAIAAyADAAMQAxAAAACAAHACQAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAAAAGAAcAEwAAADMAAAHEIrL3m3k9rLIAAAAAAcQJAAcAFAAAAK6cGuVHY4Iu7EJHSYPYtjURbIRSAwABQFgBAAABAAcATAAAAFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGQAcgBpAHYAZQByAHMAXAB2AG8AbABzAG4AYQBwAC4AcwB5AHMAAAACAAcACAAAAADQBgAAAAAAAwAHAAQAAAAMgAAABAAHACAAAADY3SFLjJksq79nJs8tBLKPH7btxYjahVQBFlx9VmIUoAoABwABAAAAAQUABwBMAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzACAAUAByAG8AZAB1AGMAdABpAG8AbgAgAFAAQwBBACAAMgAwADEAMQAAAAgABwAkAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzAAAABgAHABMAAAAzAAABxCKy95t5PayyAAAAAAHECQAHABQAAACunBrlR2OCLuxCR0mD2LY1EWyEUgMAAUBaAQAAAQAHAE4AAABcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABkAHIAaQB2AGUAcgBzAFwAaAB3AHAAbwBsAGkAYwB5AC4AcwB5AHMAAAACAAcACAAAAADwAAAAAAAAAwAHAAQAAAAMgAAABAAHACAAAAB/FPT4T7i2x8NORhtqNK8a6NKdlb6okFZWMnP4oKmeyAoABwABAAAAAQUABwBMAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzACAAUAByAG8AZAB1AGMAdABpAG8AbgAgAFAAQwBBACAAMgAwADEAMQAAAAgABwAkAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzAAAABgAHABMAAAAzAAABxCKy95t5PayyAAAAAAHECQAHABQAAACunBrlR2OCLuxCR0mD2LY1EWyEUgMAAUA+AQAAAQAHADIAAABcAFcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABDAEkALgBkAGwAbAAAAAIABwAIAAAAADANAAAAAAADAAcABAAAAAyAAAAEAAcAIAAAAEQo0dPxgmmVDJDduMkmM5MNKQxnO5BqqKHjhwDGUVl6CgAHAAEAAAABBQAHAEwAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAIABQAHIAbwBkAHUAYwB0AGkAbwBuACAAUABDAEEAIAAyADAAMQAxAAAACAAHACQAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAAAAGAAcAEwAAADMAAAIyQftZmW3MTf8AAAAAAjIJAAcAFAAAAP+CvDjh2l5ZbfN0xT42F/fto2sGAwABQGABAAABAAcAVAAAAFwAVwBpAG4AZABvAHcAcwBcAHMAeQBzAHQAZQBtADMAMgBcAGQAcgBpAHYAZQByAHMAXABXAHAAcABSAGUAYwBvAHIAZABlAHIALgBzAHkAcwAAAAIABwAIAAAAAAABAAAAAAADAAcABAAAAAyAAAAEAAcAIAAAAMdgcgZ1n2OBcMKRJORcljZDg/nqg8X8CfN0d3x0nOw2CgAHAAEAAAABBQAHAEwAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAIABQAHIAbwBkAHUAYwB0AGkAbwBuACAAUABDAEEAIAAyADAAMQAxAAAACAAHACQAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAAAAGAAcAEwAAADMAAAHEIrL3m3k9rLIAAAAAAcQJAAcAFAAAAK6cGuVHY4Iu7EJHSYPYtjURbIRSAwABQLIBAAABAAcAaAAAAFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGQAcgBpAHYAZQByAHMAXABXAGkAbgBkAG8AdwBzAFQAcgB1AHMAdABlAGQAUgBUAFAAcgBvAHgAeQAuAHMAeQBzAAAAAgAHAAgAAAAAsAAAAAAAAAMABwAEAAAADIAAAAQABwAgAAAA6feXcIZEonQGSzPONIWEO9GF3ok3CfPfvjEnFIWbJIsKAAcAAQAAAAEFAAcAQAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAQwBvAGQAZQAgAFMAaQBnAG4AaQBuAGcAIABQAEMAQQAgADIAMAAxADAAAAAIAAcAbgAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAgAEgAYQByAGQAdwBhAHIAZQAgAEEAYgBzAHQAcgBhAGMAdABpAG8AbgAgAEwAYQB5AGUAcgAgAFAAdQBiAGwAaQBzAGgAZQByAAAABgAHABMAAAAzAAACP1g9FgcF91gzAAAAAAI/CQAHABQAAAAQ32bVLEhRRfwZodh6/3P3k90y1QMAAUBkAQAAAQAHAFgAAABcAFcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABtAGMAdQBwAGQAYQB0AGUAXwBHAGUAbgB1AGkAbgBlAEkAbgB0AGUAbAAuAGQAbABsAAAAAgAHAAgAAAAA4BgAAAAAAAMABwAEAAAADIAAAAQABwAgAAAArE9LG/mRJL+2rwkBovkMQ66j0q7c/IzwNDw/Rj5CfA8KAAcAAQAAAAEFAAcATAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAgAFAAcgBvAGQAdQBjAHQAaQBvAG4AIABQAEMAQQAgADIAMAAxADEAAAAIAAcAJAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAAAAYABwATAAAAMwAAAcQisvebeT2ssgAAAAABxAkABwAUAAAArpwa5Udjgi7sQkdJg9i2NRFshFIDAAFAWgEAAAEABwBOAAAAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAZAByAGkAdgBlAHIAcwBcAGMAbQBpAG0AYwBlAHgAdAAuAHMAeQBzAAAAAgAHAAgAAAAA4AAAAAAAAAMABwAEAAAADIAAAAQABwAgAAAAeXSTtIMVXApHeoHCcpwo552jecbVvdExS3b1lf2PL1IKAAcAAQAAAAEFAAcATAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAgAFAAcgBvAGQAdQBjAHQAaQBvAG4AIABQAEMAQQAgADIAMAAxADEAAAAIAAcAJAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAAAAYABwATAAAAMwAAAcQisvebeT2ssgAAAAABxAkABwAUAAAArpwa5Udjgi7sQkdJg9i2NRFshFIDAAFAagEAAAEABwBeAAAAXABXAGkAbgBkAG8AdwBzAFwAcwB5AHMAdABlAG0AMwAyAFwAZAByAGkAdgBlAHIAcwBcAFMAbABlAGUAcABTAHQAdQBkAHkASABlAGwAcABlAHIALgBzAHkAcwAAAAIABwAIAAAAAPAAAAAAAAADAAcABAAAAAyAAAAEAAcAIAAAAKHd2q1yNESKQmURUSMo62ZHw0swl5rnwlhobqRsSobvCgAHAAEAAAABBQAHAEwAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAIABQAHIAbwBkAHUAYwB0AGkAbwBuACAAUABDAEEAIAAyADAAMQAxAAAACAAHACQAAABNAGkAYwByAG8AcwBvAGYAdAAgAFcAaQBuAGQAbwB3AHMAAAAGAAcAEwAAADMAAAHEIrL3m3k9rLIAAAAAAcQJAAcAFAAAAK6cGuVHY4Iu7EJHSYPYtjURbIRSAwABQFgBAAABAAcATAAAAFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAHQAZQBtADMAMgBcAGQAcgBpAHYAZQByAHMAXAB3AGYAcABsAHcAZgBzAC4AcwB5AHMAAAACAAcACAAAAAAAAwAAAAAAAwAHAAQAAAAMgAAABAAHACAAAAAsY2AxjETqIu7AFbFCMzPq84WzY2N66S4AWEMQhDu+5AoABwABAAAAAQUABwBMAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzACAAUAByAG8AZAB1AGMAdABpAG8AbgAgAFAAQwBBACAAMgAwADEAMQAAAAgABwAkAAAATQBpAGMAcgBvAHMAbwBmAHQAIABXAGkAbgBkAG8AdwBzAAAABgAHABMAAAAzAAABxCKy95t5PayyAAAAAAHECQAHABQAAACunBrlR2OCLuxCR0mD2LY1EWyEUgMAAUBYAQAAAQAHAEwAAABcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAzADIAXABEAHIAaQB2AGUAcgBzAFwAawBzAGUAYwBwAGsAZwAuAHMAeQBzAAAAAgAHAAgAAAAAIAMAAAAAAAMABwAEAAAADIAAAAQABwAgAAAABVo2qZIbmMwEBCypUknH7KZVU2ho2vzsdQiUfr5ecfQKAAcAAQAAAAEFAAcATAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAgAFAAcgBvAGQAdQBjAHQAaQBvAG4AIABQAEMAQQAgADIAMAAxADEAAAAIAAcAJAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAAAAYABwATAAAAMwAAAcQisvebeT2ssgAAAAABxAkABwAUAAAArpwa5Udjgi7sQkdJg9i2NRFshFIOAAAABgAAAOTqe0Czv5tXGDteheWEWft25EmwkgQAAAEAAUCKBAAAAgAGACYCAAAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDLXx6rUfTTfWEt0hmavSX9l1x1zcwjsJlV8rmAAzZqb4DGDLW6PCdFBAYVa60O3n5HrjgDc2s9KBMNJCwvORhIp0ZeCKnEU2DJjDCjxn1jIUbgCJMvuJWXbyn/ediOlznIM6NXHjByFO63en//Wds10HXpybJynVbBy7cst8ebHi9rneBJOhv0OdO9qAunaZlbExxOZwk3rqCoJmVaun+tu0nKiQZnIsXokhsZjwJxH1vBdCQGrOh6KKlog6RCvC8kfoHxfydkj3BnaMNy+2nX5fAOLCIz5BvHG9clTS/8dvsxfPKYn44faplgq7/xMg/K/TNInVlcWK3iPSl4KDB0yDVO8u+WGFrbYKi+5/2arPnAPeN9TkrPC2XfIaRx5CIig/JTYFKOUYE6NaDq6fzBdeCFwgZDLJMO07dir1InNXM/2xGkSfm7498/ldn51JPocNmsWwgMSTFzX8ZTLJsJdUhEM0mZdzAiEYHUEFZWLiTcjMSbtBWjYYrYxO/lzUT7rXToA6JtacCTp3a/Ftl5UbKoEJAB3Ic2PlGrcdnRTpWO5thb86k1cIcJO4xV8NVzNXEU/msOVhWzazS/dAXuoDtt+G4xEuJH9Evnt0kN62XLoSOEpHtb8eL9ZGnOsx8bW59o8HUieG+oOcvw/uSmZ7kLRnH+en51Ez5X4VZQnQIDAQABAgAGACYBAAAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdDLui5C4J4+fF95ZpvAAhvWkzM++tBMtUgO4Gg7vFIITZ99KL8ziwq6StLXxieQX/40o/BDUgcOPE52vgnMA2demKMd2NcOXcN7V0RpYoW4dgIyy/3EelZ/dRJ55y6wemybkeO1M1fOXT7Ce5hxz+uckjCW+oRpHBbpY8QdPLoz9dAmpN7GkfJShcNv/9QxUKlOAZtM/fwhLiwlsn7id4MItbKglrIolTYBYswGgdU7rsSfOdYYyFaAlzRF19olQr3Xn3Fc81XWwcK1zOvJwji29utSbZNhPDT9YnrrkyO0GSLOHHzXfoqlRO91wLBIdltEMYqLLgbRl37Fok+kgDAgMBAAECAAYAJgEAADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkOZFB5Z7XE4/0JAEyelKz3VmjqRNjPxVhPqaV2fG1FutM5krSkHvn5ZYLkF9KP/UScCOhlk84sVYS/fQjjLiuoQSsYt6JLbklMaxUH3tHSwokecZTNtX9LtK8I2MyI1msXlDqTziY/7Ob+NJhX1R1dSfayKi7VhbtZP/iQtCuDdMorsztG4/BGScEXZlTJHL0dxFViV3L4Z7klIDTeXaallV6rKIDN1bKe5QO1Y9OyFMjByIomCll/B+z/Du2AEjVMEqa+Ulv1ptrgiwtId9aFR9UQucboqu6Lai0FXGDGtCpbnCMcX0XjGhQebzfLGTOAaolNo2pmY3iT1TDPlR8CAwEAAQsAAAAMAAAAOkByzGt34mOdT9yRyR78Ebw+M8MEAAAA//8AAAwAAAAEAAAAnX9Jk4jaqOfX8eOZYW455YkdOZ0EAAAAV0JDTA0AAAAEAAAAnX9Jk4jaqOfX8eOZYW455YkdOZ0EAAAAV0JDTA4AAAAEAAAAnX9Jk4jaqOfX8eOZYW455YkdOZ0EAAAAV0JDTA=="}} golang-github-google-go-eventlog-0.0.2/tpmeventlog/000077500000000000000000000000001515555264200223145ustar00rootroot00000000000000golang-github-google-go-eventlog-0.0.2/tpmeventlog/replay.go000066400000000000000000000041341515555264200241410ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. // Package tpmeventlog implements event log parsing and replay for the PC Client // TPM PCR_based event log. // It supports both the SHA-1 only and crypto agile log formats. package tpmeventlog import ( "github.com/google/go-eventlog/extract" pb "github.com/google/go-eventlog/proto/state" "github.com/google/go-eventlog/register" "github.com/google/go-eventlog/tcg" ) // ReplayAndExtract parses a PC Client event log and replays the parsed // event log against the PCR bank specified by hash. // // It then extracts event info from the verified log into a FirmwareLogState. // It returns an error on failing to replay the events against the PCR bank or // on failing to parse malformed events. // // The returned FirmwareLogState may be a partial FirmwareLogState. // In the case of a partially filled state, err will be non-nil. // Callers can look for individual errors using `errors.Is`. // // It is the caller's responsibility to ensure that the passed PCR values can be // trusted. Users can establish trust in PCR values by either calling // client.ReadPCRs() themselves or by verifying the values via a PCR quote. func ReplayAndExtract(rawEventLog []byte, pcrBank register.PCRBank, opts extract.Opts) (*pb.FirmwareLogState, error) { cryptoHash, err := pcrBank.CryptoHash() if err != nil { return &pb.FirmwareLogState{}, err } events, err := tcg.ParseAndReplay(rawEventLog, pcrBank.MRs(), tcg.ParseOpts{}) if err != nil { return nil, err } return extract.FirmwareLogState(events, cryptoHash, extract.TPMRegisterConfig, opts) } golang-github-google-go-eventlog-0.0.2/tpmeventlog/replay_test.go000066400000000000000000001056011515555264200252010ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. package tpmeventlog import ( "bytes" "crypto" "encoding/hex" "fmt" "strings" "testing" "github.com/google/go-cmp/cmp" "github.com/google/go-eventlog/extract" "github.com/google/go-eventlog/internal/testutil" pb "github.com/google/go-eventlog/proto/state" "github.com/google/go-eventlog/register" "github.com/google/go-eventlog/testdata" "github.com/google/go-eventlog/wellknown" "google.golang.org/protobuf/testing/protocmp" ) type eventLog struct { RawLog []byte Banks []register.PCRBank ExpectedEFIAppDigests map[pb.HashAlgo][]string } // The Arch Linux event log has two known failures due to our parser's strict checks. var archLinuxKnownParsingFailures = []string{ "SecureBoot data len is 0, expected 1", "found EFIBootServicesApplication in PCR4 before CallingEFIApp event", } // Agile Event Log from a RHEL 8 GCE instance with Secure Boot enabled var Rhel8GCE = eventLog{ RawLog: testdata.Rhel8EventLog, Banks: []register.PCRBank{ testutil.MakePCRBank(pb.HashAlgo_SHA1, map[uint32][]byte{ 0: decodeHex("0f2d3a2a1adaa479aeeca8f5df76aadc41b862ea"), 1: decodeHex("5cc549378bafaa92e965c7e9c287925cfff33abd"), 2: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 4: decodeHex("7fbe2df30156ca4934109f48d850ab327110f8fa"), 5: decodeHex("3258daa13f4cccf245c170481c76e2a4602e5a7b"), 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 7: decodeHex("d7a632f8990b2171e987041b0a3c69fc1b2a4f27"), 8: decodeHex("15aab2077008f8325e7c61ee39fedd7118aad5d7"), 9: decodeHex("25de9455ef4e8180b76bbb9bb54a82f9a73abb0a"), 14: decodeHex("1f5149668c40524e01be9cbc3ad527645943f148"), }), testutil.MakePCRBank(pb.HashAlgo_SHA256, map[uint32][]byte{ 0: decodeHex("24af52a4f429b71a3184a6d64cddad17e54ea030e2aa6576bf3a5a3d8bd3328f"), 1: decodeHex("454220afaa80c83c3839f6cccd8b3c88bf4f562316a9dda1121c578c9e005a53"), 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 4: decodeHex("758a3d35f1b0ff5b135dacd07db0c8132c0ac665d944090d4bf96e66447a245c"), 5: decodeHex("53d0ee36163219201e686167bbb71ec505b3ba2917b9d9183ed84aad26cfeb89"), 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 7: decodeHex("5fd54361d580eb7592adb8deb236ff35444ceeac7148f24b3de63c041f12b3da"), 8: decodeHex("25c3874041ebd4e9a21b6ed71b624a7bfa99907a8dcea7f129a4c64cbaf5829a"), 9: decodeHex("d43b2f61eb18b4791812ff5f20ab20e4ef621ba683370bedf5dbdf518b3a8078"), 14: decodeHex("d8f57ebcc1a23cc46832696e1a657f720e1be8f5b405bb7204682114e363b455"), }), }, ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ pb.HashAlgo_SHA1: { "95f400d9003b4e8c0cb4734efcf547e36fc4100c", "4f60d11ad6ac9a76837834f1371bc9521d018779", "075f3bc8c7363c35a87ce56c604fa9201a97f79d", }, pb.HashAlgo_SHA256: { "40d6cae02973789080cf4c3a9ad11b5a0a4d8bba4438ab96e276cc784454dee7", "e8a268c431da72caaae407f729f602b9dbf5d1d43492d4a51cc2b688a08586e3", "e4c0382f98feaebfd43923a85fd6da9a20e1a48524a4d5928c31850ca1a96a6e", }, pb.HashAlgo_SHA384: { "66de9a210659294720af06838309fc1f4d0de82c646a62c1dd9f068cd331d2e05fd666377dbc11e84a796ce00108ab19", "c1d031b07446588fa50f4eec3d8520d99ed01f21350b9c581e13f4c5a8c712cb5e3cbecc41ccab74465543439f7eb1e6", "d844e63b32a73aadde4f78dda7cb7df73d75114f3a5964401847eb716142a06607ea95efee20f51283e85afca8da3afd", }, }, } // Agile Event Log from a Ubuntu 18.04 GCE instance with Secure Boot and // Confidential Computing enabled. var UbuntuAmdSevGCE = eventLog{ RawLog: testdata.Ubuntu1804AmdSevEventLog, Banks: []register.PCRBank{ testutil.MakePCRBank(pb.HashAlgo_SHA1, map[uint32][]byte{ 0: decodeHex("c032c3b51dbb6f96b047421512fd4b4dfde496f3"), 1: decodeHex("35f38e5ce90728b02a0f66d836eef53d287e69bf"), 2: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 4: decodeHex("41c68947aeee8a59110c7989a9b7a55df547f003"), 5: decodeHex("baee22b5cce9029300f909add54d75d5d7475cfd"), 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 7: decodeHex("6530ed2dcba68801c78ca08753f239118bead7c8"), 8: decodeHex("4e5533d878287970f3ef8d374fb140d93bcb2c37"), 9: decodeHex("1b79f2140a84462cb13d1a0c1904daefd24d7938"), }), testutil.MakePCRBank(pb.HashAlgo_SHA256, map[uint32][]byte{ 0: decodeHex("0f35c214608d93c7a6e68ae7359b4a8be5a0e99eea9107ece427c4dea4e439cf"), 1: decodeHex("add81cbc06b154716ac7bd5999c84cbc520184d57c58102657d270274508d9ce"), 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 4: decodeHex("b4b94e840fc9352e20bdb5b456b4c242af0fb146755b6935d8eda000ea368a31"), 5: decodeHex("0b75168095fd6464ff1f9943b762ec009a3ae84c5e76cf67361e16b9db30d28e"), 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 7: decodeHex("61af3f499f1a86be54458fd30d193fa913a7e23ca3103fa3d0abaefd3cd4f9b8"), 8: decodeHex("c324da9d0c54252c37af697cdd58b066f2bb0f4a69752d27623bc738d02e9486"), 9: decodeHex("2d334f1eeb9a16dabaccaa746ff1c0dce2e9aeb3f3a4a314e5e1e61b01e940d0"), }), }, ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ pb.HashAlgo_SHA1: { "21e79438580ec89df674dfe12653d77d132c3936", "9a4c7c895a5d40c3906121ff59c6fe267a4c32e0", }, pb.HashAlgo_SHA256: { "2ea4cb6a1f1eb1d3dce82d54fde26ded243ba3e18de7c6d211902a594fe56788", "835f940e97bac2f7c171819b1fcc4bebe72a1c4ea7d7245088ef32d253085bb3", }, pb.HashAlgo_SHA384: { "9b2baf7073fd9b7df3091b69ae7e48453450ae7b5311b37de11b79da75f175b8b2ed69f7d39406501653b35cbe90a030", "b0a19b24395a4690eea97916483dc291a38c6023df20aa296d85064194cebe9097f6b5e8490fd57a4e6b01167a8c9c7c", }, }, } // Agile Event Log from a Ubuntu 21.04 GCE instance without a DBX and with Secure Boot disabled var Ubuntu2104NoDbxGCE = eventLog{ RawLog: testdata.Ubuntu2104NoDbxEventLog, Banks: []register.PCRBank{ testutil.MakePCRBank(pb.HashAlgo_SHA1, map[uint32][]byte{ 0: decodeHex("0f2d3a2a1adaa479aeeca8f5df76aadc41b862ea"), 1: decodeHex("36c6b7436c37243c5f6744b73ced4df1287cd16a"), 2: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 4: decodeHex("8d9868b66afcf4039eaf8ef5228556d9f313659f"), 5: decodeHex("b0eaa45a496e0d933f63e97fd2362192dd48e369"), 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 7: decodeHex("777795cbdeca679f7749d8d09fc12941dcc9912a"), 8: decodeHex("5dfae5320ea06ddd1c62d296844a9b4b32b49972"), 9: decodeHex("f53869ab9015b5ad736e5f00e44fdfee2fdfde27"), 14: decodeHex("cd3734d2bdfcfba9e443ac02c03c812ffcceb255"), }), testutil.MakePCRBank(pb.HashAlgo_SHA256, map[uint32][]byte{ 0: decodeHex("24af52a4f429b71a3184a6d64cddad17e54ea030e2aa6576bf3a5a3d8bd3328f"), 1: decodeHex("f7dab5fda6b082e0ec1a12c43dd996ee409111422cda752a784620313039db19"), 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 4: decodeHex("295aeaeacad1d507930bab18418f905eeda633ea67b2ab94c5e5fd3a4d47ac58"), 5: decodeHex("e4f1359accfe48b19af7d38e98a3f373116b55b7f7a6f58f826f409a91d9fd28"), 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 7: decodeHex("ca37324eeffabd318d30a20f15bf27ce25dc33e2c9856279ff6c2ced58b02efa"), 8: decodeHex("2f2559cae74bb441d75afea5edb78d9a645db9f4bf8dea84bab0861ce6032e18"), 9: decodeHex("9f27883322aaaf043662c27542d9685790c687ea554e4e2ae30f0e099a2e4889"), 14: decodeHex("8351c65483c5419079e8c96758dd2130bee075d71fea226f68ec4eb5bfc71983"), }), }, ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ pb.HashAlgo_SHA1: { "92e6ec17937f600b9ec7f23adf4ea5553b4e2364", "4f9604e61091095594c206c8a404afe187a92586", }, pb.HashAlgo_SHA256: { "d99c93fcb042dbe52707bbde371c75fcf081dd5b0c88a195d44cc57536f6f521", "b0a836fec2faf4a9bea0e1a5f1945bc86ddc03ac98ce0ae172ed9b1e536d7595", }, pb.HashAlgo_SHA384: { "d8811e9c08119168b156255c6d695614d1593422bc5044186d29c1aaaa86fff0a633f324ac1ac1122e547479ce50a75a", "bbcdda8a6d872385b10802434eb8de1ac7b92dbaddf18bc1d7ea24fcc71b45291db5cc7b930a29c93405d6aecdb70683", }, }, } // Agile Event Log from a Ubuntu 21.04 GCE instance with Secure Boot disabled var Ubuntu2104NoSecureBootGCE = eventLog{ RawLog: testdata.Ubuntu2104NoSecureBootEventLog, Banks: []register.PCRBank{ testutil.MakePCRBank(pb.HashAlgo_SHA1, map[uint32][]byte{ 0: decodeHex("0f2d3a2a1adaa479aeeca8f5df76aadc41b862ea"), 1: decodeHex("f5310dfcfcec5571cbf730064d526906c9cea2f0"), 2: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 4: decodeHex("e53d909941dcbc699b273fc4c0d817a41c6ab975"), 5: decodeHex("9e2af4bac1432830594b1ae90c68c52a20a9700e"), 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 7: decodeHex("ede7204673f41ac2592b0d3b4cd429b43f39dc61"), 8: decodeHex("bda59abe1c7d18e0b85edfcb4381f10d4dcc88f7"), 9: decodeHex("39fd49224476f4d7eea26a53e264c9c33e47649c"), 14: decodeHex("cd3734d2bdfcfba9e443ac02c03c812ffcceb255"), }), testutil.MakePCRBank(pb.HashAlgo_SHA256, map[uint32][]byte{ 0: decodeHex("24af52a4f429b71a3184a6d64cddad17e54ea030e2aa6576bf3a5a3d8bd3328f"), 1: decodeHex("45ed8540f34db53220ef197e5fb8a3835b2095454349e445f397f13d91c509a5"), 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 4: decodeHex("ebc7ae25d0347868250995c9a8fff16bf79e048453262d0ef2756e213c76181c"), 5: decodeHex("47715f9f2c10769da6ee23be5633fd88e247caf162f4eeb0b6f8482ccfeadfb5"), 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 7: decodeHex("0d8847bc5eca06452df10e2f214363845c7ac11d47525a5474e225e72ce25dfe"), 8: decodeHex("b9a324947de94ec2fd4b04483ecfcb37dfdd520a7c0ecf73c77bf2595549c84f"), 9: decodeHex("adb87be3efd96cc3a2f66b8aa7564f9727563ef494a95d571a3f38ff4afb25dd"), 14: decodeHex("8351c65483c5419079e8c96758dd2130bee075d71fea226f68ec4eb5bfc71983"), }), }, ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ pb.HashAlgo_SHA1: { "22df40d6e32d4721f1b2406b2b4a3bb0ca10ead5", "4f9604e61091095594c206c8a404afe187a92586", }, pb.HashAlgo_SHA256: { "6265b732b005b3f330bcd1843374e5ec6ec5aef27cdb97a23daeb8580abbf526", "b0a836fec2faf4a9bea0e1a5f1945bc86ddc03ac98ce0ae172ed9b1e536d7595", }, pb.HashAlgo_SHA384: { "4f491210da8f59f09cd16523b44db22e83d8b611c3b14656d3b078dd451347ab195177fc78cf8d5578376f1f5f9bb821", "bbcdda8a6d872385b10802434eb8de1ac7b92dbaddf18bc1d7ea24fcc71b45291db5cc7b930a29c93405d6aecdb70683", }, }, } // Agile Event Log from a Ubuntu 24.04 GCE AMD_SEVSNP instance with Secure Boot disabled var Ubuntu2404AmdSevSnp = eventLog{ RawLog: testdata.Ubuntu2404AmdSevSnpEventLog, Banks: []register.PCRBank{ testutil.MakePCRBank(pb.HashAlgo_SHA1, map[uint32][]byte{ 0: decodeHex("8124f09f069c7d2d9acf5ce4eab928a7103a0bb2"), 1: decodeHex("f00d6bbdea9ba55996f237a7f95f2b328a44e3f2"), 2: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 4: decodeHex("175f4319fd7ac683bf49f2e7b837630e4fa8603f"), 5: decodeHex("f65b39c7aec83294f796c1ea4acc987f80914efe"), 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 7: decodeHex("7067b17aa6b3de0d22d17a59dce1e17e649cb56a"), 8: decodeHex("5f4a1177c33521b0e48d855cf770520f8ab744de"), 9: decodeHex("c6ee69063ab752df6c4ab99a80b12f3e5c432535"), 14: decodeHex("a482a15e112717d6a915b989a0ea6140a507e3e6"), }), testutil.MakePCRBank(pb.HashAlgo_SHA256, map[uint32][]byte{ 0: decodeHex("50597a27846e91d025eef597abbc89f72bff9af849094db97b0684d8bc4c515e"), 1: decodeHex("57344e1cc8c6619413df33013a7cd67915459f967395af41db21c1fa7ca9c307"), 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 4: decodeHex("abe8b3fa6aecb36c2fd93c6f6edde661c21b353d007410a2739d69bfa7e1b9be"), 5: decodeHex("0b0e1903aeb1bff649b82dba2cdcf5c4ffb75027e54f151ab00b3b989f16a300"), 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 7: decodeHex("33ad69850fb2c7f30b4f8b4bc10ed93fc954dc07fa726e84f50f3d192dc1c140"), 8: decodeHex("6932a3f71dc55ad3c1a6ac2196eeac26a1b7164b6bbfa106625d94088ec3ecc3"), 9: decodeHex("ce08798b283c7a0ddc5e9ad1d602304b945b741fc60c20e254eafa0f4782512b"), 14: decodeHex("306f9d8b94f17d93dc6e7cf8f5c79d652eb4c6c4d13de2dddc24af416e13ecaf"), }), }, ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ pb.HashAlgo_SHA1: { "7eac7a5171a01cf975bb6ac1b0eb6eb79a391d5e", "ec49599026c979912d8f18cfd4b260516a4d4ac1", }, pb.HashAlgo_SHA256: { "724de6844dd0fe618ba5776c7bca0728be38a6544e24e44ef259b987b7abce80", "5e8cb75acdf8e09e5fc14cc2d6ce0c2288af208976d97309851c661e91ec1e03", }, pb.HashAlgo_SHA384: { "4637fb5cd30847e5f09ae24f8a50ce1611c4d21afd0ecb69c8ec40bc82dc11bc48abda1f8044fe340bfb70b29606eb47", "c051991523ea083f466f13c2a2d11d77254f6110bc8ae3714f345cef8f33cde26082b49dda0f56ef324a62a10b556d1e", }, }, } // Agile Event Log from Alex's gLinux laptop with secure boot disabled var GlinuxNoSecureBootLaptop = eventLog{ RawLog: testdata.GlinuxAlexEventLog, Banks: []register.PCRBank{ testutil.MakePCRBank(pb.HashAlgo_SHA1, map[uint32][]byte{ 0: decodeHex("29d236609a5f9cc6912af44ba5f57b13a17c8a84"), 1: decodeHex("db16852a369b2503d6cc6c0007501c837dbe1170"), 2: decodeHex("0c8ef58d40b8cd1fe15f6b45fc1b385dd251eec0"), 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 4: decodeHex("c56cddf3dcf59a473a239efd17b130391e24b0df"), 5: decodeHex("23606963a2813421f5b6e76e32a337ff8940e413"), 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 7: decodeHex("9221b8fc57b60cb7de507dc016f88d4600cde9c5"), }), testutil.MakePCRBank(pb.HashAlgo_SHA256, map[uint32][]byte{ 0: decodeHex("0e5ea849d7647a1ac1becc096fee4df98f00f8015f934afadaab0b8aa20b38a5"), 1: decodeHex("9750400838980c9419764b9cf19c975c0e159c18ebe21cb897c6e834a8d8d433"), 2: decodeHex("970096d49105b0404999173e49c3f6b8597b9c4c5ff6a9e364b55ce01037578e"), 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 4: decodeHex("ddb124ca9013f1e42f98537f7f381e47c5e6caa988cf2b4088f452c5a8dd912d"), 5: decodeHex("fb58603615cfec59c0428e71913d30d45f38e4280380cc814135a7659c246b13"), 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 7: decodeHex("9d1be46302bc4f5055c90a0376d9142e397ca8744f387c9824170f1bc855fde5"), }), }, } // Agile Event Log from an Arch Linux worksation with systemd-boot and Secure Boot Disabled var ArchLinuxWorkstation = eventLog{ RawLog: testdata.ArchLinuxWorkstationEventLog, Banks: []register.PCRBank{ testutil.MakePCRBank(pb.HashAlgo_SHA1, map[uint32][]byte{ 0: decodeHex("a0487b0d95387d4a30560edf5f041307bf4a1dcc"), 1: decodeHex("56b71c334a5b67d3b7b3343e3241dff5a1ad87bf"), 2: decodeHex("01098a68e44e4fbd0af3b9a836b1b79e78c4f6f5"), 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 4: decodeHex("4c8b6f359b5e5cb9d09e825009a98e1281165b01"), 5: decodeHex("0dfa5ca60508ac5214515b20ed3e66289514fcb6"), 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 7: decodeHex("029c700c2fa2bc83cbf3ce4ee501ad4d984ec5ae"), 8: decodeHex("aa99fc93faa0777f42da6e1ae77a0653b5005619"), }), testutil.MakePCRBank(pb.HashAlgo_SHA256, map[uint32][]byte{ 0: decodeHex("758b773d94feabf52ef5a4c00a7ad2c80d8d6e6d9d58756150be9bc973da9087"), 1: decodeHex("bfda688a5d320123fddb3fc70b746bc17647e2e7f2f96e130d429542bf4622d5"), 2: decodeHex("65dee4a48cde677aa89fa83c5c35e883fda658f743853e3ebad504ca6702f7c5"), 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 4: decodeHex("925d453d3dfef4ac0c72c957402163d45fa95d05e6d53f047263a3a60b598325"), 5: decodeHex("202522f005ef625588bb7c9e21335ba96a63c5086306138885b3bb2c381730ca"), 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 7: decodeHex("3b4a4db44b7a872524055364e62e897ae678e0d47ab0809f65c3a4ed77f66ab9"), 8: decodeHex("47591b43af431963eaeb5238a5c42eda1eb0014c27f7de7ae483066a2d2a2e61"), }), }, } // Legacy Event Log from a Debian 10 GCE instance with Secure Boot enabled var Debian10GCE = eventLog{ RawLog: testdata.Debian10EventLog, Banks: []register.PCRBank{ testutil.MakePCRBank(pb.HashAlgo_SHA1, map[uint32][]byte{ 0: decodeHex("0f2d3a2a1adaa479aeeca8f5df76aadc41b862ea"), 1: decodeHex("b1676439cac1531683990fefe2218a43239d6fe8"), 2: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 4: decodeHex("1eb30816474a3f144e99b24e4ad480b2e51fd9e1"), 5: decodeHex("019079179dbc0eb5992c500dcf8a095910ac590d"), 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 7: decodeHex("9e6c57e850f371c2a7fe02bca552149363952318"), }), }, // We shouldn't use these digests, as this Debian firmware does not measure // ExitBootService events, which means an attacker could extend additional // events after UEFI hands off the event log. ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ pb.HashAlgo_SHA1: { "47263679db883d7ad9adbc93d6a1fbf8095f0133", "3fae23b18d72350207661af3875f2c492e97621c", "89b08941b47dcfbd4c8b3f2bc0fad984cd836b21", }, }, } // Agile Event Log from a Ubuntu 21.04 GCE instance with Secure Boot disabled var COS85AmdSev = eventLog{ RawLog: testdata.Cos85AmdSevEventLog, Banks: []register.PCRBank{ testutil.MakePCRBank(pb.HashAlgo_SHA1, map[uint32][]byte{ 0: decodeHex("c032c3b51dbb6f96b047421512fd4b4dfde496f3"), 1: decodeHex("e3e9e1d9deacd95b289bbbd3a1717a57af7d211b"), 2: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 4: decodeHex("6168c9ce88a8658920f2cf2f9012d3c6bbfab79b"), 5: decodeHex("fb6b3a15b220a74b0c4f73416919476702e930e2"), 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 7: decodeHex("42e669233f0e826df5093abfd6998c020df2de88"), 8: decodeHex("72778b0ba3c491db25eb7c8368cb1fb51f0ce458"), 9: decodeHex("08bd04f0dbadf591510340d94a0019c0ddcb779f"), }), testutil.MakePCRBank(pb.HashAlgo_SHA256, map[uint32][]byte{ 0: decodeHex("0f35c214608d93c7a6e68ae7359b4a8be5a0e99eea9107ece427c4dea4e439cf"), 1: decodeHex("6eb40f5b6bfafcb9914d486ce59404acd24bc13a6a3c45cda3b44c9d7053d638"), 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 4: decodeHex("d690bdac2aa8b73a1d718cb91990df07d0747b07ea57b3b2d0f0d511f0d90491"), 5: decodeHex("e9e0b32564b6f8215b1bd43954d9f910682d39c3b18abd4737ac3b797cf269e0"), 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 7: decodeHex("3365d7fa2b024c852913c06e04ffbfa6ea5289f743bbf1a76f7ffdf21ed84793"), 8: decodeHex("9e9b6511ae6ad443aae4c7bf998ffffbcd271c874f1efab9d692f129eb6e6c18"), 9: decodeHex("f4f2d92d6d54f6c41f2706fd98091317642e0680a7902c72893d41e3464a93b7"), }), }, ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ pb.HashAlgo_SHA1: { "bfeec15d9359fe0aa8b5fb6451d1f73e5144c6d3", "860848ad3f129051f1e252749011cf7f7df837ee", "91cd5aa9c3e407237e8aeb122d4ab94494034a90", }, pb.HashAlgo_SHA256: { "dba8d69ffb244496ac8ab2950695d3da539d6ac5ec660fc6b4bdde245284cf23", "f7bad83f87940312e4642530a9a6242e88529dc37a497d7d4e7c1c070566d542", "6f6afb3caed004e727200a0c310731bd8ab4cd391b2d95cedf67d08e1e8e5e7e", }, pb.HashAlgo_SHA384: { "778bd7d6385d8ca0da5e504e3e554b67d98d9a712d957cb4cbb4d9b2e66ca96e31ddc18680af02b03a3a8a1b08da6aca", "d014c8c69b17ceb0f46be22b928f52684e717f40288246a61dadba00b1368c883cdde4e98762cc6788d94d0bcbd3f7ca", "ff8ff1db8fc98d02d944a90c58103b1b2ad3ba893ba4f302a006a572951491622341bb9387de20dd072cb8b6b3583cd0", }, }, } var COS93AmdSev = eventLog{ RawLog: testdata.Cos93AmdSevEventLog, Banks: []register.PCRBank{ testutil.MakePCRBank(pb.HashAlgo_SHA1, map[uint32][]byte{ 0: decodeHex("c032c3b51dbb6f96b047421512fd4b4dfde496f3"), 1: decodeHex("e3e9e1d9deacd95b289bbbd3a1717a57af7d211b"), 2: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 4: decodeHex("1e4b998edfb4d62fb88337a66b3af8be26159498"), 5: decodeHex("3421f02e05d71fe4bd002cbe22e68c230397821d"), 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 7: decodeHex("42e669233f0e826df5093abfd6998c020df2de88"), 8: decodeHex("ec84952e0c5c96cd4404122131b8f86d5ac7df7d"), 9: decodeHex("7a406f847075a86a55aa184cfe3fcef7eaff40a7"), }), testutil.MakePCRBank(pb.HashAlgo_SHA256, map[uint32][]byte{ 0: decodeHex("0f35c214608d93c7a6e68ae7359b4a8be5a0e99eea9107ece427c4dea4e439cf"), 1: decodeHex("6eb40f5b6bfafcb9914d486ce59404acd24bc13a6a3c45cda3b44c9d7053d638"), 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 4: decodeHex("871e8343044ae4c87b402dcb94b5e49715b1b8dc1b19c43ba0801422fabb39d4"), 5: decodeHex("74be59dc8066011eade913db9a3db7978f93852c04816cba9427dd59b87042cc"), 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 7: decodeHex("3365d7fa2b024c852913c06e04ffbfa6ea5289f743bbf1a76f7ffdf21ed84793"), 8: decodeHex("ba18b7028111f1f193967cad3c23b5050f73061c0f119182ac0f42efd6a9159e"), 9: decodeHex("0b1e4f9ca7bc8535c4c33f0025969d7abea008aa51dcd7f7c2d1068470e4bce4"), }), }, ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ pb.HashAlgo_SHA1: { "d582c2803fd716f09e50c82967079ff593e1bc6b", "e3de6a97421ba8f329d4ba55e39df80013415a23", "03221584436f78e488cdaec3c691b7a18ff2f621", }, pb.HashAlgo_SHA256: { "27cce48e55b3bfb6eb6206a4cc2b53a497846496a6264495006ab28dffa5623e", "e3e226fb8c8e3b3fdb56c706a0fbfda080f34068aef5a1889c1bfa95f04c2e72", "dc0aca594caee03705bcfa817e7f666692d89b713815f4793b7abbc2a0e00b6c", }, pb.HashAlgo_SHA384: { "da419d9c92eb55b6e14f5665d81644fa163b908b1b1e317740f7a605f1734994dd90f4ea3373400c59fd7683751e30ef", "794e6206fe520d3b0bcbfd3e14b0dc8e41f6a8c3b131faef69442a11625fde690a1b77c46dcddcb443a8d3c1e3ea669c", "64b218ab263625b49da1172a9ab37cedbcd20d668beac1c3baac4cae640a1a7f77a07c05682b4147ec649c51243f6bbf", }, }, } var COS101AmdSev = eventLog{ RawLog: testdata.Cos101AmdSevEventLog, Banks: []register.PCRBank{ testutil.MakePCRBank(pb.HashAlgo_SHA1, map[uint32][]byte{ 0: decodeHex("c032c3b51dbb6f96b047421512fd4b4dfde496f3"), 1: decodeHex("e3e9e1d9deacd95b289bbbd3a1717a57af7d211b"), 2: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 4: decodeHex("1ebe08ea6c45e0dfbd2aad903d2e0d3ab69fd7ad"), 5: decodeHex("1c7ca47e5c09a78a747b0e0f051cc8cad6431400"), 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 7: decodeHex("6847f752ad1795c279f289e1eecf0040cd53c1d4"), 8: decodeHex("a243d82bd1fa01ae487b7ba77dd73ebb7a17800a"), 9: decodeHex("fbbb8a8f120369810e7e161504556f0080afadac"), 14: decodeHex("1ba610b2d80967338649a8f88f45810448814bfc"), }), testutil.MakePCRBank(pb.HashAlgo_SHA256, map[uint32][]byte{ 0: decodeHex("0f35c214608d93c7a6e68ae7359b4a8be5a0e99eea9107ece427c4dea4e439cf"), 1: decodeHex("6eb40f5b6bfafcb9914d486ce59404acd24bc13a6a3c45cda3b44c9d7053d638"), 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 4: decodeHex("6d9f1a1d461cf77517e8d4c488c53f338a71c5a8e2b81ab7011c14f72cbc9a80"), 5: decodeHex("d1a1ab23a5c3d98fbacff3891bad42d8e9257d61e1f683f42c6c9fa949bf96c5"), 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 7: decodeHex("2bc6edaa921f953cec0ffb28dad4f87114886603d6a782036502d28e69d97a48"), 8: decodeHex("ebb7c847c4ade99849bcffca236d32331224a530087a7ae4cb9f7db4c2e571b5"), 9: decodeHex("b5ad662e5eb9165825ee39ad66e851a67a193e0b87b27858f25ac58afa72ac57"), 14: decodeHex("d0d95459205afae879514db7b85630f5d6b8272ed8c731bf92933dbc9fe99969"), }), }, ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ pb.HashAlgo_SHA1: { "dc41c297c4ed857e9b6354cad8b448995c3052ea", "06ae09413b5107bb26aa68602ba4fe787d22f82e", "f894ac3a351baa3a5ce4dd8d6f497eb616723461", "f894ac3a351baa3a5ce4dd8d6f497eb616723461", }, pb.HashAlgo_SHA256: { "c7ac5d44444affd8d4a7c5d3dea0ce20a71e05812fc18777a428d092f78ae3ff", "c5d3b47de11a9a2a4a15ef5cb7202d7800a10609c0dcecc46e3e963d476b76ce", "af4161084115c9d5c1872f4473fe974b535e3a9a767688293720ac2cc6f7f9a3", "af4161084115c9d5c1872f4473fe974b535e3a9a767688293720ac2cc6f7f9a3", }, pb.HashAlgo_SHA384: { "72bf185794a865eb14fcdf93a2daa8ed281c932e2a7009d8489c38056389b3f3776d755ec703c95fb9c396f79dbd52c7", "5b38df39c7beec3bfd9c4cbd40c217bcbee190d1fa099a64c5f063d20efc3def26e48cbbd86d730c8eb4696a29759490", "968f2f6cb5bae537adfca30942803ddcda773bae368c042258e8818788265cd0e119936c9fcdb782785154a6705c5143", "968f2f6cb5bae537adfca30942803ddcda773bae368c042258e8818788265cd0e119936c9fcdb782785154a6705c5143", }, }, } func TestParseEventLogs(t *testing.T) { sbatErrorStr := "asn1: structure error: tags don't match (16 vs {class:0 tag:24 length:10 isCompound:true})" logs := []struct { eventLog name string extract.Bootloader // This field handles known issues with event log parsing or bad event // logs. // Set to nil when the event log has no known issues. knownErrs []string }{ {Debian10GCE, "Debian10GCE", extract.UnsupportedLoader, nil}, {Rhel8GCE, "Rhel8GCE", extract.GRUB, nil}, {UbuntuAmdSevGCE, "UbuntuAmdSevGCE", extract.GRUB, nil}, // TODO: remove once the fix is pulled in // https://github.com/google/go-attestation/pull/222 {Ubuntu2104NoDbxGCE, "Ubuntu2104NoDbxGCE", extract.GRUB, []string{sbatErrorStr}}, {Ubuntu2104NoSecureBootGCE, "Ubuntu2104NoSecureBootGCE", extract.GRUB, []string{sbatErrorStr}}, {Ubuntu2404AmdSevSnp, "Ubuntu2404AmdSevSnp", extract.GRUB, nil}, // This event log has a SecureBoot variable length of 0. {ArchLinuxWorkstation, "ArchLinuxWorkstation", extract.UnsupportedLoader, archLinuxKnownParsingFailures}, {COS85AmdSev, "COS85AmdSev", extract.GRUB, nil}, {COS93AmdSev, "COS93AmdSev", extract.GRUB, nil}, {COS101AmdSev, "COS101AmdSev", extract.GRUB, nil}, } for _, log := range logs { rawLog := log.RawLog for _, bank := range log.Banks { hashName := pb.HashAlgo_name[int32(bank.TCGHashAlgo)] subtestName := fmt.Sprintf("%s-%s", log.name, hashName) t.Run(subtestName, func(t *testing.T) { if _, err := ReplayAndExtract(rawLog, bank, extract.Opts{Loader: log.Bootloader}); err != nil { for _, knownErr := range log.knownErrs { if !strings.Contains(err.Error(), knownErr) { t.Errorf("failed to extract log state: %v", err) } } } }) } } } func TestParseMachineStateReplayFail(t *testing.T) { pcrMap := make(map[uint32][]byte) pcrMap[0] = []byte{0, 0, 0, 0} badPCRBank := testutil.MakePCRBank(pb.HashAlgo_SHA1, pcrMap) _, err := ReplayAndExtract(Debian10GCE.RawLog, badPCRBank, extract.Opts{}) if err == nil { t.Errorf("ParseMachineState should fail to replay the event log") } } func TestEmptyEventlog(t *testing.T) { emptyLog := []byte{} emptyState := &pb.FirmwareLogState{ Hash: pb.HashAlgo_SHA1, Platform: &pb.PlatformState{Firmware: &pb.PlatformState_ScrtmVersionId{}}, SecureBoot: &pb.SecureBootState{}, } emptyBank := register.PCRBank{TCGHashAlgo: pb.HashAlgo_SHA1} // SHA-1 PCR data consisting of all zero digests (i.e. the reset state) zeroDigest := make([]byte, crypto.SHA1.Size()) zeroPCRs := make(map[uint32][]byte) for i := uint32(0); i < 24; i++ { zeroPCRs[i] = zeroDigest } zeroBank := testutil.MakePCRBank(pb.HashAlgo_SHA1, zeroPCRs) realBank := UbuntuAmdSevGCE.Banks[0] cases := []struct { name string bank register.PCRBank }{ {"Empty", emptyBank}, {"AllZero", zeroBank}, {"Real", realBank}, } for _, c := range cases { t.Run(c.name, func(t *testing.T) { state, err := ReplayAndExtract(emptyLog, c.bank, extract.Opts{}) if err != nil { t.Errorf("parsing empty eventlog: %v", err) } if diff := cmp.Diff(state, emptyState, protocmp.Transform(), protocmp.IgnoreEmptyMessages()); diff != "" { t.Errorf("unexpected non-empty MachineState:\n%v", diff) } }) } } func TestParseSecureBootState(t *testing.T) { for _, bank := range UbuntuAmdSevGCE.Banks { msState, err := ReplayAndExtract(UbuntuAmdSevGCE.RawLog, bank, extract.Opts{}) if err != nil { t.Errorf("failed to parse and replay log: %v", err) } containsWinProdPCA := false contains3PUEFI := false if len(msState.GetSecureBoot().GetDb().GetHashes()) != 0 { t.Error("found hashes in db") } for _, cert := range msState.GetSecureBoot().GetDb().GetCerts() { switch c := cert.GetRepresentation().(type) { case *pb.Certificate_WellKnown: if c.WellKnown == pb.WellKnownCertificate_UNKNOWN { t.Error(("found WellKnownCertificate_UNKNOWN in db")) } if c.WellKnown == pb.WellKnownCertificate_MS_THIRD_PARTY_UEFI_CA_2011 { contains3PUEFI = true } else if c.WellKnown == pb.WellKnownCertificate_MS_WINDOWS_PROD_PCA_2011 { containsWinProdPCA = true } } } if !contains3PUEFI || !containsWinProdPCA { t.Error("expected to see both WinProdPCA and ThirdPartyUEFI certs") } } } func TestParseLinuxKernelState(t *testing.T) { logs := []struct { eventLog name string expectedCmdline string }{ {COS85AmdSev, "COS85AmdSev", testdata.Cos85AmdSevCmdline}, {COS93AmdSev, "COS93AmdSev", testdata.Cos93AmdSevCmdline}, {COS101AmdSev, "COS101AmdSev", testdata.Cos101AmdSevCmdline}, {Ubuntu2404AmdSevSnp, "Ubuntu2404AmdSevSnp", testdata.Ubuntu2404AmdSevSnpCmdline}, } for _, log := range logs { for _, bank := range log.Banks { hashName := pb.HashAlgo_name[int32(bank.TCGHashAlgo)] subtestName := fmt.Sprintf("%s-%s", log.name, hashName) t.Run(subtestName, func(t *testing.T) { msState, err := ReplayAndExtract(log.RawLog, bank, extract.Opts{Loader: extract.GRUB}) if err != nil { t.Errorf("failed to parse and replay log: %v", err) } if msState.LinuxKernel == nil || len(msState.LinuxKernel.CommandLine) == 0 { t.Errorf("expected %s to have a LinuxKernelState", log.name) } if msState.LinuxKernel.CommandLine != log.expectedCmdline { t.Errorf("kernel command line for log %s:\n'%s'\n did not match expected cmdline:\n'%s'", log.name, msState.LinuxKernel.CommandLine, log.expectedCmdline) } }) } } } func TestParseGRUBState(t *testing.T) { logs := []struct { eventLog name string }{ {COS85AmdSev, "COS85AmdSev"}, {COS93AmdSev, "COS93AmdSev"}, {COS101AmdSev, "COS101AmdSev"}, {Ubuntu2404AmdSevSnp, "Ubuntu2404AmdSevSnp"}, } for _, log := range logs { for _, bank := range log.Banks { hashName := pb.HashAlgo_name[int32(bank.TCGHashAlgo)] subtestName := fmt.Sprintf("%s-%s", log.name, hashName) t.Run(subtestName, func(t *testing.T) { msState, err := ReplayAndExtract(log.RawLog, bank, extract.Opts{Loader: extract.GRUB}) if err != nil { t.Errorf("failed to parse and replay log: %v", err) } if len(msState.Grub.GetCommands()) == 0 { t.Errorf("expected COS85 to run GRUB commands!") } if strings.HasPrefix(subtestName, "COS") && len(msState.Grub.GetFiles()) != 2 { t.Errorf("expected COS85 to read two files (GRUB.cfg and kernel)!") } // check the absence of EV_EVENT_TAG in the GRUB files. for _, f := range msState.Grub.GetFiles() { if bytes.Equal(f.GetUntrustedFilename(), decodeHex(wellknown.EventTagLoadedImageHex)) { t.Error("EV_EVENT_TAG should not be in the GRUB files") } } }) } } } func TestParseGRUBStateFail(t *testing.T) { // No GRUB measurements for this event log. eventlog := GlinuxNoSecureBootLaptop for _, bank := range eventlog.Banks { hashName := pb.HashAlgo_name[int32(bank.TCGHashAlgo)] subtestName := fmt.Sprintf("GlinuxNoSecureBootLaptop-%s", hashName) t.Run(subtestName, func(t *testing.T) { _, err := ReplayAndExtract(eventlog.RawLog, bank, extract.Opts{Loader: extract.GRUB}) if err == nil { t.Error("expected error when parsing GRUB state") } if !strings.Contains(err.Error(), "no GRUB measurements found") { t.Errorf("expected err (%v) to contain no GRUB measurements error", err) } }) } } func TestParseEfiState(t *testing.T) { logs := []struct { eventLog name string }{ {Rhel8GCE, "Rhel8GCE"}, {UbuntuAmdSevGCE, "UbuntuAmdSevGCE"}, {Ubuntu2104NoSecureBootGCE, "Ubuntu2104NoSecureBootGCE"}, {COS85AmdSev, "COS85AmdSev"}, {COS93AmdSev, "COS93AmdSev"}, {COS101AmdSev, "COS101AmdSev"}, } for _, log := range logs { for _, bank := range log.Banks { hashName := pb.HashAlgo_name[int32(bank.TCGHashAlgo)] subtestName := fmt.Sprintf("%s-%s", log.name, hashName) t.Run(subtestName, func(t *testing.T) { msState, err := ReplayAndExtract(log.RawLog, bank, extract.Opts{}) if err != nil { t.Errorf("parsePCClientEventLog(%v, %v) got err = %v, want nil", log.name, bank.TCGHashAlgo.String(), err) } if msState.GetEfi() == nil { t.Error("msState.GetEfi() returned nil, want EFI state") } efiApps := msState.GetEfi().GetApps() if len(efiApps) == 0 { t.Error("msState.GetEfi().GetApps() returned empty, want non-zero length") } expectedDigestStrs := log.ExpectedEFIAppDigests[bank.TCGHashAlgo] if len(expectedDigestStrs) == 0 { t.Fatalf("%v log used to test EFIState, but it has no expected EFI App digests", log.name) } expectedDigests := make([][]byte, 0, len(expectedDigestStrs)) for _, digestStr := range log.ExpectedEFIAppDigests[bank.TCGHashAlgo] { expectedDigests = append(expectedDigests, decodeHex(digestStr)) } gotDigests := make([][]byte, 0, len(efiApps)) for _, app := range efiApps { gotDigests = append(gotDigests, app.GetDigest()) } if !cmp.Equal(gotDigests, expectedDigests) { t.Errorf("msState.GetEfi().GetApps() digests got %v, want %v", gotDigests, expectedDigests) } }) } } } func decodeHex(hexStr string) []byte { bytes, err := hex.DecodeString(hexStr) if err != nil { panic(err) } return bytes } golang-github-google-go-eventlog-0.0.2/tpmeventlog/tpmeventlog_fuzz.go000066400000000000000000000016121515555264200262650ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. //go:build gofuzz // +build gofuzz package tpmeventlog // FuzzParseEventLog is an exported entrypoint for fuzzers to test the eventlog // parser. This method should not be used for any other purpose. func FuzzParseEventLog(data []byte) int { _, err := ParseEventLog(data) if err != nil { return 0 } return 1 } golang-github-google-go-eventlog-0.0.2/wellknown/000077500000000000000000000000001515555264200217705ustar00rootroot00000000000000golang-github-google-go-eventlog-0.0.2/wellknown/policy_constants.go000066400000000000000000000140661515555264200257210ustar00rootroot00000000000000// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of // the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the // License for the specific language governing permissions and limitations under // the License. // Package wellknown provides events, event data, other constants, and helper // functions for parsing event information and enforcing policy decisions. package wellknown import ( "bytes" "crypto/x509" _ "embed" // Necessary to use go:embed "errors" "fmt" "strconv" pb "github.com/google/go-eventlog/proto/state" ) // Expected TCG Event Log Event Types. // // Taken from TCG PC Client Platform Firmware Profile Specification, // Table 14 Events. const ( NoAction uint32 = 0x00000003 Separator uint32 = 0x00000004 SCRTMVersion uint32 = 0x00000008 IPL uint32 = 0x0000000D NonhostInfo uint32 = 0x00000011 EFIBootServicesApplication uint32 = 0x80000003 EFIAction uint32 = 0x80000007 ) // EventTagLoadedImageHex used with type "EV_EVENT_TAG". // This corresponds to a TLV struct of type LOAD_OPTIONS_EVENT_TAG_ID (0x8F3B22ED, reversed endian), length 0x1a (26), value `LOADED_IMAGE::LoadOptions\n`. const EventTagLoadedImageHex = "ed223b8f1a0000004c4f414445445f494d4147453a3a4c6f61644f7074696f6e7300" var ( // GCENonHostInfoSignature identifies the GCE Non-Host info event, which // indicates if memory encryption is enabled. This event is 32-bytes consisting // of the below signature (16 bytes), followed by a byte indicating whether // it is a confidential vm, followed by 15 reserved bytes. GCENonHostInfoSignature = []byte("GCE NonHostInfo\x00") // GceVirtualFirmwarePrefix is the little-endian UCS-2 encoded string // "GCE Virtual Firmware v" without a null terminator. All GCE firmware // versions are UCS-2 encoded, start with this prefix, contain the firmware // version encoded as an integer, and end with a null terminator. GceVirtualFirmwarePrefix = []byte{0x47, 0x00, 0x43, 0x00, 0x45, 0x00, 0x20, 0x00, 0x56, 0x00, 0x69, 0x00, 0x72, 0x00, 0x74, 0x00, 0x75, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x20, 0x00, 0x46, 0x00, 0x69, 0x00, 0x72, 0x00, 0x6d, 0x00, 0x77, 0x00, 0x61, 0x00, 0x72, 0x00, 0x65, 0x00, 0x20, 0x00, 0x76, 0x00} ) // Standard Secure Boot certificates (DER encoded) var ( //go:embed secure-boot/GcePk.crt GceDefaultPKCert []byte //go:embed secure-boot/MicCorKEKCA2011_2011-06-24.crt MicrosoftKEKCA2011Cert []byte //go:embed secure-boot/MicWinProPCA2011_2011-10-19.crt WindowsProductionPCA2011Cert []byte //go:embed secure-boot/MicCorUEFCA2011_2011-06-27.crt MicrosoftUEFICA2011Cert []byte ) // Revoked Signing certificates (DER encoded) var ( //go:embed secure-boot/canonical-boothole.crt RevokedCanonicalBootholeCert []byte //go:embed secure-boot/debian-boothole.crt RevokedDebianBootholeCert []byte //go:embed secure-boot/cisco-boothole.crt RevokedCiscoCert []byte ) // Certificates corresponding to the known CA certs for GCE. var ( GceEKRoots []*x509.Certificate GceEKIntermediates []*x509.Certificate ) // ConvertSCRTMVersionToGCEFirmwareVersion attempts to parse the Firmware // Version of a GCE VM from the bytes of the version string of the SCRTM. This // data should come from a valid and verified EV_S_CRTM_VERSION event. func ConvertSCRTMVersionToGCEFirmwareVersion(version []byte) (uint32, error) { prefixLen := len(GceVirtualFirmwarePrefix) if (len(version) <= prefixLen) || (len(version)%2 != 0) { return 0, fmt.Errorf("length of GCE version (%d) is invalid", len(version)) } if !bytes.Equal(version[:prefixLen], GceVirtualFirmwarePrefix) { return 0, errors.New("prefix for GCE version is missing") } asciiVersion := []byte{} for i, b := range version[prefixLen:] { // Skip the UCS-2 null bytes and the null terminator if b == '\x00' { continue } // All odd bytes in our UCS-2 string should be Null if i%2 != 0 { return 0, errors.New("invalid UCS-2 in the version string") } asciiVersion = append(asciiVersion, b) } versionNum, err := strconv.Atoi(string(asciiVersion)) if err != nil { return 0, fmt.Errorf("when parsing GCE firmware version: %w", err) } return uint32(versionNum), nil } // ConvertGCEFirmwareVersionToSCRTMVersion creates the corresponding SCRTM // version string from a numerical GCE firmware version. The returned string // is UCS2 encoded with a null terminator. A version of 0 corresponds to an // empty string (representing old GCE VMs that just used an empty string). func ConvertGCEFirmwareVersionToSCRTMVersion(version uint32) []byte { if version == 0 { return []byte{} } versionString := GceVirtualFirmwarePrefix for _, b := range []byte(strconv.Itoa(int(version))) { // Convert ACSII to little-endian UCS-2 versionString = append(versionString, b, 0) } // Add the null terminator return append(versionString, 0, 0) } // ParseGCENonHostInfo attempts to parse the Confidential VM // technology used by a GCE VM from the GCE Non-Host info event. This data // should come from a valid and verified EV_NONHOST_INFO event. func ParseGCENonHostInfo(nonHostInfo []byte) (pb.GCEConfidentialTechnology, error) { prefixLen := len(GCENonHostInfoSignature) if len(nonHostInfo) < (prefixLen + 1) { return pb.GCEConfidentialTechnology_NONE, fmt.Errorf("length of GCE Non-Host info (%d) is too short", len(nonHostInfo)) } if !bytes.Equal(nonHostInfo[:prefixLen], GCENonHostInfoSignature) { return pb.GCEConfidentialTechnology_NONE, errors.New("prefix for GCE Non-Host info is missing") } tech := nonHostInfo[prefixLen] if tech > byte(pb.GCEConfidentialTechnology_AMD_SEV_SNP) { return pb.GCEConfidentialTechnology_NONE, fmt.Errorf("unknown GCE Confidential Technology: %d", tech) } return pb.GCEConfidentialTechnology(tech), nil } golang-github-google-go-eventlog-0.0.2/wellknown/secure-boot/000077500000000000000000000000001515555264200242175ustar00rootroot00000000000000golang-github-google-go-eventlog-0.0.2/wellknown/secure-boot/GcePk.crt000066400000000000000000000013721515555264200257250ustar00rootroot0000000000000000ޠ Jg]0  *H  010 U newpk0 180821215115Z 180920215115Z010 U newpk0"0  *H 0 ̹|mkcb |,E΅RRH|C& 6ioТ#o4OkpBi!}u1 P#;V G0]c9ᖡ=&Ӣlȗ겕<:Q?%K>QՑg歌j'?NlV*Y` yө|WQa7}nRCH<ͼ9G F6ܒJF#XKS0Q0UPB/ۗ'(t1F^`0U#0PB/ۗ'(t1F^`0U00  *H  R?罰$2I{4;v`=ki[,׼}Yõ.l1#60g::+b!`,.(nfpX(gil'X%Pp`nTJmE[4&M<$.yȬ|8GCk3PWsJs{K ǃ 6Zi@ ,/==p5¹>qƭ$?}`ozuLQhX38%*KEg3%?CD ngolang-github-google-go-eventlog-0.0.2/wellknown/secure-boot/MicCorKEKCA2011_2011-06-24.crt000066400000000000000000000027541515555264200302710ustar00rootroot0000000000000000Р a ш0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110"0  *H 0 赊W&&WzD] Jt*mZc2|O 8, 0HPdQȅO /Sjb: C%#pM/$JC ~Gl3*q<% /hvFOܭq*Xy=e;)*rY뮒5_̝vcy@yR{iO0K0 +70UbC͠>g[U{̶_0 +7  SubCA0 U0U00U#0EfRC~XN#U;:"j0\UU0S0QOMKhttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *H  Ԅ*<* נRfuz-vZy7jQ{ddgxΈXd W_iHK2]0x+4VʮA%pkז* K(){|vyo~l{E4Q9^VBwqV̟#˦X~ig~ <νC-j+Z|DR-R=`3e |N8/ o.9'B)FA;gCYe Ou;$PA@y-O j'vnRi{E­S076aJi4hl l"yF`!y2`ج"KK}?W5Ou`"Sy֛ATp 5|4r`;y뢲]%o8yi uk4`\WN62golang-github-google-go-eventlog-0.0.2/wellknown/secure-boot/MicCorUEFCA2011_2011-06-27.crt000066400000000000000000000030241515555264200302700ustar00rootroot0000000000000000 a0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110"0  *H 0 lLE jK u CTd} s JEa-+MIA#/^Pƍ_A. lui!Mڭ,wS%27lRr5aj;PV2-B'UZ0TG%/&A\?[<>?GrU%"{*F 5'bq'Y7`8xpLEe¶~iuYXgolang-github-google-go-eventlog-0.0.2/wellknown/secure-boot/MicWinProPCA2011_2011-10-19.crt000066400000000000000000000027331515555264200305450ustar00rootroot0000000000000000 avV0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100 111019184142Z 261019185142Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110"0  *H 0  . i!i33T ҋ8-|byJ?5 pk6u1ݍp7tF([`#,GgQ'rɹ;S5|'# oFnhttp://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0  *H  |qQyn9>\` QfG=*hwLb{Ǻz4KbzJ7-W|=ܸZij:ni!7ށugӓW^)9-Es[zFX^gl5?$5 uVx,Јߺ~,c#!xlX6+̤-@EΊ\k>p* j_Gc 26*pZBYqKW~!<ŹE ŕ]b֠c uw}=EWo3wbY~golang-github-google-go-eventlog-0.0.2/wellknown/secure-boot/canonical-boothole.crt000066400000000000000000000020441515555264200304710ustar00rootroot000000000000000 00  *H  01 0 UGB10U Isle of Man10U Douglas10U Canonical Ltd.1402U +Canonical Ltd. Master Certificate Authority0 120412113908Z 420411113908Z01 0 UGB10U Isle of Man10U Canonical Ltd.10U Secure Boot1+0)U "Canonical Ltd. Secure Boot Signing0"0  *H 0 _b dbKҟa+]8ιCCwO pF mm^ҷf mA cO|R̠1]FoUsvi!O"[-ە4(K!LʻyZg\xE=mY&WN,N7MG;| o鍣ξݔ00 U00U%0+ +7 0, `HB OpenSSL Generated Certificate0UaH* Z rPڐ30U#0 *#eZ&4Zc0  *H  ) J%}jyg%%Z^Z\ˍ#se"kIgɣbN\@܇aB"*\NR+89]Ve_+O&x]2E%G 7iv~4;gN%^_@1# % UG^[3ݳ1Z\]}> Y}; >o!9golang-github-google-go-eventlog-0.0.2/wellknown/secure-boot/cisco-boothole.crt000066400000000000000000000022141515555264200276410ustar00rootroot0000000000000000p 9\zP0  *H  0A10U Toliman10 U Cisco10UVirtual UEFI Root CA0  180403174734Z20990403161930Z0?10 U Cisco10U Antares10U Virtual UEFI SubCA0"0  *H 0 M!+ w1\W>ae~"O/KhLQgFBKj)g@gEҨW sUWďPIHfx+GUHg[U{̶_0SUL0J0HFDBhttp://www.microsoft.com/pkiops/crl/MicCorKEKCA2011_2011-06-24.crl0`+T0R0P+0Dhttp://www.microsoft.com/pkiops/certs/MicCorKEKCA2011_2011-06-24.crt0 U00  *H  R+ %N3bxl(qcꐛ̀s;2xZCSK1z08Dù*^uͶei'd)&0Bj7=lO G-q${~;d5~a߬"Ebr3~\ p;9^ڦ=Lw3_U߸:ʵ "'5QB[y "z T*2)˫$_^-¤qU6!) gҟ#00Р a ш0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110"0  *H 0 赊W&&WzD] Jt*mZc2|O 8, 0HPdQȅO /Sjb: C%#pM/$JC ~Gl3*q<% /hvFOܭq*Xy=e;)*rY뮒5_̝vcy@yR{iO0K0 +70UbC͠>g[U{̶_0 +7  SubCA0 U0U00U#0EfRC~XN#U;:"j0\UU0S0QOMKhttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *H  Ԅ*<* נRfuz-vZy7jQ{ddgxΈXd W_iHK2]0x+4VʮA%pkז* K(){|vyo~l{E4Q9^VBwqV̟#˦X~ig~ <νC-j+Z|DR-R=`3e |N8/ o.9'B)FA;gCYe Ou;$PA@y-O j'vnRi{E­S076aJi4hl l"yF`!y2`ج"KK}?W5Ou`"Sy֛ATp 5|4r`;y뢲]%o8yi uk4`\WN6210001 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20113 jɸ 0  `He0  *H X~LG%vt&r80\h{+jˍ̽x.tΊ4Fk@^qQ/C`,l.#4! 0e, ߑS1#rs& m 6l^хPCϥ)aw`7sF+/kj6ơeYT"{&/8N.BOy*T T 8vQZd+;B#jWkoJ*ϭv&LP@A6C(0wY2M`(xKi1 ORm@`MAe wY2M`(xK/֒r($E4[$k;}nzwY2M`(xKء- *o.s >d,NgyjwY2M`(xK63M. xbdYWC&`HXšvwY2M`(xK세Kle qR0! b h2۲ '%'߶=IҕrLgolang-github-google-go-eventlog-0.0.2/wellknown/secure-boot/dbxupdate_x64-2020-10-12.bin000066400000000000000000000356611515555264200304240ustar00rootroot00000000000000 үJhI4}7Ve0 10  `He0  *H  003 .ĉ 0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110 200304184048Z 210303184048Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation100.U'Microsoft Windows UEFI Key Exchange Key0"0  *H 0 <%V;j2,PA TW7p5m0?+g$.z#$lG^]Dɏ,=R[>> \y3/TBLY] T _. .r,|>d;TMh5c.΍$̗ ΢^Q -Xj"8^`!7&c_lH#blLh3[D(jPp'0~/|mG$x]];>ogGq0m0U% 0  +7O0UjYB56i0Zq0PUI0GE0C1)0'U  Microsoft Operations Puerto Rico10U 229961+4583790U#0bC͠>g[U{̶_0SUL0J0HFDBhttp://www.microsoft.com/pkiops/crl/MicCorKEKCA2011_2011-06-24.crl0`+T0R0P+0Dhttp://www.microsoft.com/pkiops/certs/MicCorKEKCA2011_2011-06-24.crt0 U00  *H  {+/~~LKoE{ u8/Ses4 c) 3 Qp (xw6iBWHS)25H+KJ2r4,"xwaz/B@-:1*t8}V?mلg׉TvrB]RaEVT:*;J~ˤ_2 Ns;gX\|S^t,ٺ!\n&-*C00Р a ш0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110"0  *H 0 赊W&&WzD] Jt*mZc2|O 8, 0HPdQȅO /Sjb: C%#pM/$JC ~Gl3*q<% /hvFOܭq*Xy=e;)*rY뮒5_̝vcy@yR{iO0K0 +70UbC͠>g[U{̶_0 +7  SubCA0 U0U00U#0EfRC~XN#U;:"j0\UU0S0QOMKhttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *H  Ԅ*<* נRfuz-vZy7jQ{ddgxΈXd W_iHK2]0x+4VʮA%pkז* K(){|vyo~l{E4Q9^VBwqV̟#˦X~ig~ <νC-j+Z|DR-R=`3e |N8/ o.9'B)FA;gCYe Ou;$PA@y-O j'vnRi{E­S076aJi4hl l"yF`!y2`ج"KK}?W5Ou`"Sy֛ATp 5|4r`;y뢲]%o8yi uk4`\WN6210001 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20113 .ĉ 0  `He0  *H 4C;Dk5lwM)_/=AM0so v\gNƞziq, 'Q!&G? *fp^,FؓҐ/ϋ2M?8ݔ00 U00U%0+ +7 0, `HB OpenSSL Generated Certificate0UaH* Z rPڐ30U#0 *#eZ&4Zc0  *H  ) J%}jyg%%Z^Z\ˍ#se"kIgɣbN\@܇aB"*\NR+89]Ve_+O&x]2E%G 7iv~4;gN%^_@1# % UG^[3ݳ1Z\]}> Y}; >o!9Y䔧J\+rwY2M`(xK00p 9\zP0  *H  0A10U Toliman10 U Cisco10UVirtual UEFI Root CA0  180403174734Z20990403161930Z0?10 U Cisco10U Antares10U Virtual UEFI SubCA0"0  *H 0 M!+ w1\W>ae~"O/KhLQgFBKj)g@gEҨW sUWďPIHfx+GUH%m".a.MX~x['} s연^u?xq/΃S10N#| T:^y^NͪނqNII鰫*GS0'|f o~=>ԢjY//=(BR=$@ve9070 `HB0U%0  +7 0 U0  *H  W`L)}k\l?iHudJ &!V]>uM=~B@qylqbǘ' / ɟ%ͻUuA1N]¬F՝G2Dt0WV~)ۛSҽ/ju&Ed(yWzd,NgyjwY2M`(xK세Kle qR0! b h2۲ '%'߶=IҕrLwY2M`(xKoN0;t􀠀Ѐ+ot!hwY2M`(xKN: [CƦ@O4=9bgΔ.#ڒ wY2M`(xK+&B.6_K 'lKzoD/ki9wY2M`(xK.pgsQpW2.#ӹ+Q}wY2M`(xK?Λ>TR^·mt:syqUpj>swY2M`(xKGa':k,Zmk6!h,*Z߽wY2M`(xKqo"I~TFb$ whٿcuwY2M`(xK;δCΝч͛YA=Xo+V7W_gwY2M`(xKHY jagznFdr!YEwY2M`(xK se(Q )$졺wY2M`(xK*xtUq *{F 2xnMwY2M`(xKᝮ.o(Xw#5yD=<wY2M`(xK9(K_3,w@ۦcJɱwY2M`(xK2 Edf(|zB3}) wY2M`(xK_ˣ>XGj( &q!}I/wY2M`(xKKheݐBOЮ2p>` wY2M`(xK4 qTzDUHwY2M`(xK5nU T5L5`[-UwY2M`(xK4kW3$ke^6**pIwY2M`(xKcWÔ. fD[WK`wY2M`(xKYVDc0wF*!Y[YswY2M`(xKۯm=[8S0J~ ͼX"1lwY2M`(xKebr.^^lnO{+.k콚wY2M`(xK[$=q==ݍKzq&W8_-ȆwY2M`(xK&yeAF 5Vw kĄ0tlwY2M`(xKmSco##o=WKׇ?wY2M`(xK !|~_N6p8 <#ʑC wY2M`(xKA7ǐvqos}:-M0_wY2M`(xK!jd@U@V풕a7XH.񷽚wY2M`(xKn [G{LӨ̤ X$׺wY2M`(xKLzAǃHBvo4Pс;wY2M`(xK-t6b) \\6BwY2M`(xKwOܑ蟣\N4Le2,ȷ? JiIze*UBw+ܑwY2M`(xK{Tc^wѬ҃?JW`<,ywY2M`(xK9]WQxWn!|Y_j%wY2M`(xKϧq+!oT(g-l~swY2M`(xK>'˳D8#'_\Y:7fۘL^Cz?kwY2M`(xKhF2Ǿf>ݓE-}ICwY2M`(xKK1ZUqH=s-M.!-1^нwY2M`(xK :U)7KZO&kRp촪%8wY2M`(xK~LԯcNhUyQ9q0(U+kwY2M`(xKh1!gKp,_]p-HwY2M`(xK<䰱rGoWY{'NĽwY2M`(xKWq*䉳tvͩa)بhҶc91]wY2M`(xK:(L} ,^L0J䕭ŌE< wY2M`(xKISylQ ~+d4ut彚wY2M`(xKu^i*1ËgVpwY2M`(xKSR)1B<I̧rRäY wY2M`(xK?>B~CS%+~^r n'mCwY2M`(xKr.#VrAJPΦj5!zwY2M`(xK\Xj7Eph(|A˛_RzUwY2M`(xKN5Lch'IW+)4%OSrTIwY2M`(xKJ)^ 7 kώd !1wY2M`(xK~q4Tao[ׄq*O4x*8pwY2M`(xK[nOe#X|,_gv*wY2M`(xK"M ?bQj~,lpwY2M`(xK (@%gq8R-(Gn5;AwY2M`(xK  s~oYlIP/KwY2M`(xK u pt$mOǴ>Yj53 kOur^wY2M`(xK QאoēIv]Bk,jrS2㧽wY2M`(xKQ0[Yec@i*.IQwY2M`(xKw0/I?%+o4j0/ wY2M`(xKqZD"3 K1L)]mwY2M`(xKs(x#bU߮T+r)ָwY2M`(xKXڋ3_:4?]W<+ wY2M`(xK^E4 5=eS|퓽wY2M`(xK' cj} [9f'NGwY2M`(xK)̤TN0DŽi\k"{[(@꽚wY2M`(xK+"kĤU.{\KH6ĘwY2M`(xK-ώp#E=h0پLwY2M`(xK1*[P0̓>T/GwY2M`(xK22mϬ^˝,\;"Ϝn`ǘԧwY2M`(xK4 +X3+V0 ֹ'IX%wY2M`(xK6. (1o aS.uPwY2M`(xK6z1僈1,FGjl決 z^wY2M`(xK7ei[B{5;!7褛o Yjxj4wY2M`(xK8mi\-EvxQUv7;ywY2M`(xK:Ot+3=藾BUwY2M`(xK:lEp YBb-Q.s5wY2M`(xK;45igA QLiOsYwY2M`(xK>9&ZաAgdz<=C!]D7A-(wY2M`(xK@ mY :0WY/B_wY2M`(xKAm[4{x+_ up\MGy=ĘwY2M`(xKAw2NeW2 DkQ%wwY2M`(xKEkMa[:tz]ZH)A A/]wY2M`(xKFg% ktͱdXsoW]ou]gwY2M`(xKGc@y1Q[./]=2wY2M`(xKW:R"vͯ1툉Td%St zӕwY2M`(xKX"q!mc~:e3?EƼ߽wY2M`(xK]˻J}KhRYpo"A̭wY2M`(xKaģwYp4ռn:ߺ t M⋈GGNwY2M`(xKm2WƤpu_AP0.ZG|wY2M`(xKpE 9Ui %2N 9X4ԉ-QwY2M`(xKro|뒘Ʈt϶]Af wY2M`(xKxd!sԨ(dqV 5zXbK7u wY2M`(xKx3ҿQg=>}QqV'whm#wY2M`(xKxʫ > ,#9LJnS1wY2M`(xKI̳ 2;zUD\1I^`pP'wY2M`(xKH#leYM+. P(4wY2M`(xKMx962̑Zt.0עfYG,+kfwY2M`(xKIW!cH#22hXe) pwY2M`(xK iYevFK*R$ԡHϭwY2M`(xKczl` rvիWȟ`-⽚wY2M`(xKejI;8$&2HWH [s 2SwY2M`(xK[Ƅ9čcvM/;wjwY2M`(xKpx|a:霚]Xf~,Չgz|LrwY2M`(xK-5hLHZkCbD|9d{wY2M`(xKTU豉AKl@ko>h݆1wY2M`(xKOvk֨_BMHv 8wY2M`(xK%0_9~uck6 WsnkЋuwY2M`(xKܷ/^t':@<y~"PwY2M`(xK? 2ī4:E %!j,wY2M`(xKxĽT5Y.¥{j50d/wY2M`(xK$B9os!slwY2M`(xK;GN[3SIHkvXg[wY2M`(xKֵ{E|{V)fZ=G:KQwY2M`(xK?Y ,%hy?nwy^m|"SuwY2M`(xK3c~mVɊS/ mIwY2M`(xKu2\fOJ7/5SHfwY2M`(xK&Wup*)\ŽwY2M`(xKC](*|sG[wk|v?iwY2M`(xKf;Mhn$poLgf DpwY2M`(xKFY~_ronr{h 8\BjwY2M`(xKP[k 9eNu^ƛwY2M`(xK- ^@!l,y ԽwY2M`(xKƝd9gBR~j<'on4"wY2M`(xK4 tĥnAܨ8rPykwY2M`(xK̎n!,zZ~m xGwY2M`(xKC.<~p%з yA(wY2M`(xKؚlHTKg f HKpNBwY2M`(xKf'g4$R;is"*M wY2M`(xK5` 2LiȖCkFUwY2M`(xKR(ÕiwwY2M`(xKߑO U|s,YE.NwY2M`(xKQ0Fj",aW_F彚wY2M`(xKmq!ꈄ(E2ooNS~T61wY2M`(xK㘑œ΂fo[+ШǿwY2M`(xKoy-O22٧o{aơ>;ȽwY2M`(xKM[kFGywhIGf wY2M`(xKfIa Oj);#(~.rwY2M`(xKU*y6b;1 To rgwY2M`(xKQ; TJh‘şB ܲ> Z~ =wY2M`(xKm5TiA @h)Y\,d*JwY2M`(xKa@?|ةpY}2ߏkwI_wY2M`(xKmq;`O, !ޮg%B[}:1[wßTgolang-github-google-go-eventlog-0.0.2/wellknown/secure-boot/dbxupdate_x64-2021-04-29.bin000066400000000000000000000322751515555264200304360ustar00rootroot00000000000000 үJhI4}7Ve0 10  `He0  *H  003#껹#0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110 201215212643Z 211202212643Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation100.U'Microsoft Windows UEFI Key Exchange Key0"0  *H 0 xB)6 μ۠wt9c`uoԁzɢ6(X@G 3+qg>f;(ʔws ן)=dpf/c;mRG>NzҊ ?YEObP*_ <ƽ$?R ֠ȁ7p\v;)mN$6ċo26\`=HQLϺ E]_ 'x@WOhBe\%P\|lq0m0U% 0  +7O0U,G:-Ouw/Ed0PUI0GE0C1)0'U  Microsoft Operations Puerto Rico10U 229961+4630030U#0bC͠>g[U{̶_0SUL0J0HFDBhttp://www.microsoft.com/pkiops/crl/MicCorKEKCA2011_2011-06-24.crl0`+T0R0P+0Dhttp://www.microsoft.com/pkiops/certs/MicCorKEKCA2011_2011-06-24.crt0 U00  *H  $MbCD wUwԡXxoPyѮa{lCK6SiJeƖs1 E!"1-% zCіҘ4m۾I l׷ĩ֮eaIy~L?`Ńa3/ǖI9"PBIa^ܛnbG>,Z5 8yݼj}%YD c({CY6T,v+· /Bes00Р a ш0  *H  01 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110"0  *H 0 赊W&&WzD] Jt*mZc2|O 8, 0HPdQȅO /Sjb: C%#pM/$JC ~Gl3*q<% /hvFOܭq*Xy=e;)*rY뮒5_̝vcy@yR{iO0K0 +70UbC͠>g[U{̶_0 +7  SubCA0 U0U00U#0EfRC~XN#U;:"j0\UU0S0QOMKhttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *H  Ԅ*<* נRfuz-vZy7jQ{ddgxΈXd W_iHK2]0x+4VʮA%pkז* K(){|vyo~l{E4Q9^VBwqV̟#˦X~ig~ <νC-j+Z|DR-R=`3e |N8/ o.9'B)FA;gCYe Ou;$PA@y-O j'vnRi{E­S076aJi4hl l"yF`!y2`ج"KK}?W5Ou`"Sy֛ATp 5|4r`;y뢲]%o8yi uk4`\WN6210001 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20113#껹#0  `He0  *H }ʓA?=&vnd0ʤ{pdž^x^>n0I ˙ӛhLN۞]qSΎz)a%}t, 0xBĩ3i(q{JJHGrL^V6觜ƾ}_CҿTT(]˘o1颥 ||&_5 c'm}<)u*J褏|֖ג*4t ykI{/ &LP@A6C('0wY2M`(xKi1 ORm@`MAe wY2M`(xK/֒r($E4[$k;}nzwY2M`(xKء- *o.s >d,NgyjwY2M`(xK세Kle qR0! b h2۲ '%'߶=IҕrLwY2M`(xKoN0;t􀠀Ѐ+ot!hwY2M`(xKN: [CƦ@O4=9bgΔ.#ڒ wY2M`(xK+&B.6_K 'lKzoD/ki9wY2M`(xK.pgsQpW2.#ӹ+Q}wY2M`(xK?Λ>TR^·mt:syqUpj>swY2M`(xKGa':k,Zmk6!h,*Z߽wY2M`(xKqo"I~TFb$ whٿcuwY2M`(xK;δCΝч͛YA=Xo+V7W_gwY2M`(xKHY jagznFdr!YEwY2M`(xK se(Q )$졺wY2M`(xK*xtUq *{F 2xnMwY2M`(xKᝮ.o(Xw#5yD=<wY2M`(xK9(K_3,w@ۦcJɱwY2M`(xK2 Edf(|zB3}) wY2M`(xK_ˣ>XGj( &q!}I/wY2M`(xKKheݐBOЮ2p>` wY2M`(xK4 qTzDUHwY2M`(xK5nU T5L5`[-UwY2M`(xK4kW3$ke^6**pIwY2M`(xKcWÔ. fD[WK`wY2M`(xKYVDc0wF*!Y[YswY2M`(xKۯm=[8S0J~ ͼX"1lwY2M`(xKebr.^^lnO{+.k콚wY2M`(xK[$=q==ݍKzq&W8_-ȆwY2M`(xK&yeAF 5Vw kĄ0tlwY2M`(xKmSco##o=WKׇ?wY2M`(xK !|~_N6p8 <#ʑC wY2M`(xKA7ǐvqos}:-M0_wY2M`(xK!jd@U@V풕a7XH.񷽚wY2M`(xKn [G{LӨ̤ X$׺wY2M`(xKLzAǃHBvo4Pс;wY2M`(xK-t6b) \\6BwY2M`(xKwOܑ蟣\N4Le2,ȷ? JiIze*UBw+ܑwY2M`(xK{Tc^wѬ҃?JW`<,ywY2M`(xK9]WQxWn!|Y_j%wY2M`(xKϧq+!oT(g-l~swY2M`(xK>'˳D8#'_\Y:7fۘL^Cz?kwY2M`(xKhF2Ǿf>ݓE-}ICwY2M`(xKK1ZUqH=s-M.!-1^нwY2M`(xK :U)7KZO&kRp촪%8wY2M`(xK<䰱rGoWY{'NĽwY2M`(xKWq*䉳tvͩa)بhҶc91]wY2M`(xK:(L} ,^L0J䕭ŌE< wY2M`(xKISylQ ~+d4ut彚wY2M`(xKu^i*1ËgVpwY2M`(xKSR)1B<I̧rRäY wY2M`(xK-5hLHZkCbD|9d{wY2M`(xK?>B~CS%+~^r n'mCwY2M`(xKr.#VrAJPΦj5!zwY2M`(xK\Xj7Eph(|A˛_RzUwY2M`(xKJ)^ 7 kώd !1wY2M`(xK~q4Tao[ׄq*O4x*8pwY2M`(xK[nOe#X|,_gv*wY2M`(xK"M ?bQj~,lpwY2M`(xK (@%gq8R-(Gn5;AwY2M`(xK  s~oYlIP/KwY2M`(xK u pt$mOǴ>Yj53 kOur^wY2M`(xK QאoēIv]Bk,jrS2㧽wY2M`(xKQ0[Yec@i*.IQwY2M`(xKw0/I?%+o4j0/ wY2M`(xKqZD"3 K1L)]mwY2M`(xKs(x#bU߮T+r)ָwY2M`(xKXڋ3_:4?]W<+ wY2M`(xK^E4 5=eS|퓽wY2M`(xK' cj} [9f'NGwY2M`(xK)̤TN0DŽi\k"{[(@꽚wY2M`(xK+"kĤU.{\KH6ĘwY2M`(xK-ώp#E=h0پLwY2M`(xK1*[P0̓>T/GwY2M`(xK22mϬ^˝,\;"Ϝn`ǘԧwY2M`(xK4 +X3+V0 ֹ'IX%wY2M`(xK6. (1o aS.uPwY2M`(xK6z1僈1,FGjl決 z^wY2M`(xK7ei[B{5;!7褛o Yjxj4wY2M`(xK8mi\-EvxQUv7;ywY2M`(xK:Ot+3=藾BUwY2M`(xK:lEp YBb-Q.s5wY2M`(xK;45igA QLiOsYwY2M`(xK>9&ZաAgdz<=C!]D7A-(wY2M`(xK@ mY :0WY/B_wY2M`(xKAm[4{x+_ up\MGy=ĘwY2M`(xKAw2NeW2 DkQ%wwY2M`(xKEkMa[:tz]ZH)A A/]wY2M`(xKFg% ktͱdXsoW]ou]gwY2M`(xKGc@y1Q[./]=2wY2M`(xKW:R"vͯ1툉Td%St zӕwY2M`(xKX"q!mc~:e3?EƼ߽wY2M`(xK]˻J}KhRYpo"A̭wY2M`(xKaģwYp4ռn:ߺ t M⋈GGNwY2M`(xKm2WƤpu_AP0.ZG|wY2M`(xKpE 9Ui %2N 9X4ԉ-QwY2M`(xKro|뒘Ʈt϶]Af wY2M`(xKxd!sԨ(dqV 5zXbK7u wY2M`(xKx3ҿQg=>}QqV'whm#wY2M`(xKxʫ > ,#9LJnS1wY2M`(xKI̳ 2;zUD\1I^`pP'wY2M`(xKH#leYM+. P(4wY2M`(xKMx962̑Zt.0עfYG,+kfwY2M`(xKIW!cH#22hXe) pwY2M`(xK iYevFK*R$ԡHϭwY2M`(xKczl` rvիWȟ`-⽚wY2M`(xKejI;8$&2HWH [s 2SwY2M`(xK[Ƅ9čcvM/;wjwY2M`(xKpx|a:霚]Xf~,Չgz|LrwY2M`(xKTU豉AKl@ko>h݆1wY2M`(xKOvk֨_BMHv 8wY2M`(xK%0_9~uck6 WsnkЋuwY2M`(xKܷ/^t':@<y~"PwY2M`(xK? 2ī4:E %!j,wY2M`(xKxĽT5Y.¥{j50d/wY2M`(xK$B9os!slwY2M`(xK;GN[3SIHkvXg[wY2M`(xKֵ{E|{V)fZ=G:KQwY2M`(xK?Y ,%hy?nwy^m|"SuwY2M`(xK3c~mVɊS/ mIwY2M`(xKu2\fOJ7/5SHfwY2M`(xK&Wup*)\ŽwY2M`(xKC](*|sG[wk|v?iwY2M`(xKf;Mhn$poLgf DpwY2M`(xKFY~_ronr{h 8\BjwY2M`(xKP[k 9eNu^ƛwY2M`(xK- ^@!l,y ԽwY2M`(xKƝd9gBR~j<'on4"wY2M`(xK4 tĥnAܨ8rPykwY2M`(xK̎n!,zZ~m xGwY2M`(xKC.<~p%з yA(wY2M`(xKؚlHTKg f HKpNBwY2M`(xKf'g4$R;is"*M wY2M`(xK5` 2LiȖCkFUwY2M`(xKR(ÕiwwY2M`(xKߑO U|s,YE.NwY2M`(xKQ0Fj",aW_F彚wY2M`(xKmq!ꈄ(E2ooNS~T61wY2M`(xK㘑œ΂fo[+ШǿwY2M`(xKoy-O22٧o{aơ>;ȽwY2M`(xKM[kFGywhIGf wY2M`(xKfIa Oj);#(~.rwY2M`(xKU*y6b;1 To rgwY2M`(xKQ; TJh‘şB ܲ> Z~ =wY2M`(xKm5TiA @h)Y\,d*JwY2M`(xKa@?|ةpY}2ߏkwI_wY2M`(xKmq;`O, !ޮg%B[}:1[wßTwY2M`(xK ;9(4NgSJwY2M`(xKB|LYHHMj~QNo\נ ̽wY2M`(xK(x.l=_N\ND+>wY2M`(xK.j-Tm$;*YOgwY2M`(xK@)sxL:Z MD8vxDT罚wY2M`(xKO FڴG&6$ߣzwY2M`(xK\*4zC%jBO5ME:wY2M`(xK׭~R3vp/KeIMlXڽwY2M`(xKQS+K˵}99wY2M`(xKl]8S4uӚWerua,2FZS)wY2M`(xK˙K@lUf5U&tdE,#a^PwY2M`(xKlMޓ oUo7'=wY2M`(xKݠ}b-Tp7j>k0'IkwY2M`(xK%rr]Jzζ'?bwY2M`(xK#mL|z9et0{%(:wY2M`(xKe}rU,-c[fdwY2M`(xKnJI\ !byMѲJK_9wY2M`(xK$Z64Lf$O3wv_.wY2M`(xK#.BONu cw'Pp$ߊwY2M`(xKrbf/ nTns} Mx wY2M`(xK܊.￉0Y˳ՏwY2M`(xKYNH!Ucꅻ"LḿwY2M`(xKGxgdK. ;-_!waz,/WwY2M`(xK7$rO/ Qh[FwY2M`(xK `V^U<_HiDL wY2M`(xKL Q,*J Ldؘ wY2M`(xK[$5=ٲlٸ&""5wY2M`(xKLW >!f>-# X3#6ؽwY2M`(xK` V ϱvnhhTJh(@߽wY2M`(xKHXMe %#c\a #UʽwY2M`(xKy@d`}GGJ""pggolang-github-google-go-eventlog-0.0.2/wellknown/secure-boot/debian-boothole.crt000066400000000000000000000014001515555264200277570ustar00rootroot0000000000000000F0  *H  0 10UDebian Secure Boot CA0 160816182250Z 260816182250Z0$1"0 UDebian Secure Boot Signer0"0  *H 0 уe/Z`dž| e[;?rKP3 +_A ϕH튲7N`ͲJ8DnTۨ%m".a.MX~x['} s연^u?xq/΃S10N#| T:^y^NͪނqNII鰫*GS0'|f o~=>ԢjY//=(BR=$@ve9070 `HB0U%0  +7 0 U0  *H  W`L)}k\l?iHudJ &!V]>uM=~B@qylqbǘ' / ɟ%ͻUuA1N]¬F՝G2Dt0WV~)ۛSҽ/ju&Ed(yWz