pool/shim
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Update shim-install to limit the scope of the 'removable'

Browse Source 
SL-Micro to the image booting with TPM2 unsealing (bsc#1210382)
  * 769e41d Limit the removable option to encrypted SL-Micro

OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=216
This commit is contained in:
Gary Ching-Pang Lin 2024-10-15 02:08:00 +00:00 committed by Git OBS Bridge
commit b85a3305e7
35 changed files with 5143 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

25
SIGNATURE_UPDATE.txt Normal file
View File

@ -0,0 +1,25 @@
==== openSUSE ====
For openSUSE, the devel project of shim is devel:openSUSE:Factory. ALWAYS
use the latest Leap to build shim-opensuse.efi for UEFI CA. Tumbleweed
shares the same binary with Leap, so do the older Leap releases.
The steps to udpate signature-opensuse.asc:
1) Branch devel:openSUSE:Factory/shim.
2) Add the latest Leap, e.g. 42.2, to the build target.
3) Build shim-opensuse.efi against the latest Leap.
4) Strip the signature from shim-opensuse.efi with strip_signature.sh.
5) Send shim-opensuse.efi to UEFI CA to request a new signature.
6) Extract the signature from the signed shim.efi with extract_signature.sh
7) Update signature-opensuse.asc.
==== SLES ===
Since there is no devel project for shim in SLES, just build shim-sles.efi with
the latest SLES and then send it to UEFI CA for a new signature.
The steps to update signature-sles.asc:
1) Branch shim from the latest SLES and apply the update/fix.
2) Build shim-sles.efi against the latest SLES.
3) Strip the signature from shim-sles.efi with strip_signature.sh.
4) Send shim-sles.efi to UEFI CA to request a new signature.
5) Extract the signature from the signed shim.efi with extract_signature.sh
6) Update signature-sles.asc.

29
SLES-UEFI-CA-Certificate.crt Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjEtMCsGA1UEAwwkU1VT
RSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IENBMQswCQYDVQQGEwJERTES
MBAGA1UEBwwJTnVyZW1iZXJnMSEwHwYDVQQKDBhTVVNFIExpbnV4IFByb2R1Y3Rz
IEdtYkgxEzARBgNVBAsMCkJ1aWxkIFRlYW0xHDAaBgkqhkiG9w0BCQEWDWJ1aWxk
QHN1c2UuZGUwHhcNMTMwNDE4MTQzMzQxWhcNMzUwMzE0MTQzMzQxWjCBpjEtMCsG
A1UEAwwkU1VTRSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IENBMQswCQYD
VQQGEwJERTESMBAGA1UEBwwJTnVyZW1iZXJnMSEwHwYDVQQKDBhTVVNFIExpbnV4
IFByb2R1Y3RzIEdtYkgxEzARBgNVBAsMCkJ1aWxkIFRlYW0xHDAaBgkqhkiG9w0B
CQEWDWJ1aWxkQHN1c2UuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDN/avXKoT4gcM2NVA1LMfsBPH01sxgS8gTs3SbvfbEP2M+ZlHyfj9ufHZ7cZ1p
ISoVm6ql5VbIeZgSNc17Y4y4Nynud1C8t2SP/iZK5YMYHGxdtIfv1zPE+Bo/KZqE
WgHg2YFtMXdiKfXBZRTfSh37t0pGO/OQi6K4JioKw55UtQNggePZWDXtsAviT2vv
abqLR9+kxdrQ0iWqhWM+LwXbTGkCpg41s8KucLD/JYAxxw05dKPApFDNnz+Ft2L7
e5JtyB4S0u4PlvQBMNHt4hDs0rK4oeHFLbOxHvjF+nloneWhkg9eT0VCfpAYVYz+
whMxuCHerDCdmeFrRGEMQz11AgMBAAGjggEaMIIBFjAPBgNVHRMBAf8EBTADAQH/
MB0GA1UdDgQWBBTsqw1CxFbPdwQ2uXOZOGKWXocmLzCB0wYDVR0jBIHLMIHIgBTs
qw1CxFbPdwQ2uXOZOGKWXocmL6GBrKSBqTCBpjEtMCsGA1UEAwwkU1VTRSBMaW51
eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IENBMQswCQYDVQQGEwJERTESMBAGA1UE
BwwJTnVyZW1iZXJnMSEwHwYDVQQKDBhTVVNFIExpbnV4IFByb2R1Y3RzIEdtYkgx
EzARBgNVBAsMCkJ1aWxkIFRlYW0xHDAaBgkqhkiG9w0BCQEWDWJ1aWxkQHN1c2Uu
ZGWCAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQASviyFhVqU
Wc1JUQgXwdljJynTnp0/FQOZJBSe7XdBGPmy91+3ITqrXgyqo/218KISiQl53Qlw
pq+cIiGRAia1D7p7wbg7wsg+Trt0zZFXes30wfYq5pjfWadEBAgNCffkBz10TSjL
jQrVwW5N+yUJMoq+r843TzV56Huy6LBOVhI5yTz7X7i2rSJYfyQWM8oeHLj8Yl5M
rOB9gyTumxB4mOLmSqwKzJiUB0ppGPohdLUSSEKDdo6KSH/GjR7M7uBicwnzwJD3
SVfT9nx9HKF2nXZlHvs5ViQQru3qP1tc6i0eXEnPTYW2+zkZcN0e5iHyozEZHsO0
rvc1p6G0YWtO
-----END CERTIFICATE-----

14
attach_signature.sh Normal file
View File

@ -0,0 +1,14 @@
#!/bin/bash
# attach ascii armored signature to a PE binary
set -e
sig="$1"
infile="$2"
if [ -z "$sig" -o ! -e "$sig" -o -z "$infile" -o ! -e "$infile" ]; then
echo "USAGE: $0 sig.asc file.efi"
exit 1
fi
outfile="${infile%.efi}-signed.efi"
pesign -m "$sig" -i "$infile" -o "$outfile"

15
extract_signature.sh Normal file
View File

@ -0,0 +1,15 @@
#!/bin/bash
# extract ascii armored signature from a PE binary
set -e
infile="$1"
if [ -z "$infile" -o ! -e "$infile" ]; then
echo "USAGE: $0 file.efi"
exit 1
fi
# wtf?
(pesign -h -P -i "$infile";
perl $(dirname $0)/timestamp.pl "$infile";
pesign -a -f -e /dev/stdout -i "$infile")|cat

22
generate-vendor-dbx.sh Normal file
View File

@ -0,0 +1,22 @@
#!/bin/bash
set -e
# random UUID for SUSE
owner=353f0911-0788-451c-aaf7-31688391e8fd
: > vendor-dbx-opensuse.esl
: > vendor-dbx-sles.esl
# vendor dbx file with all certs for testing environment
: > vendor-dbx.esl
for cert in "$@"; do
esl="${cert##*/}"
esl="${cert%.crt}.esl"
cert-to-efi-sig-list -g "$owner" "$cert" "$esl"
case "$cert" in
*openSUSE*) cat "$esl" >> "vendor-dbx-opensuse.esl" ;;
*SLES*) cat "$esl" >> "vendor-dbx-sles.esl" ;;
esac
cat "$esl" >> "vendor-dbx.esl"
done

26
openSUSE-UEFI-CA-Certificate.crt Normal file
View File

@ -0,0 +1,26 @@
-----BEGIN CERTIFICATE-----
MIIEdDCCA1ygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgTEgMB4GA1UEAwwXb3Bl
blNVU0UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJl
bWJlcmcxGTAXBgNVBAoMEG9wZW5TVVNFIFByb2plY3QxITAfBgkqhkiG9w0BCQEW
EmJ1aWxkQG9wZW5zdXNlLm9yZzAeFw0xMzA4MjYxNjEyMDdaFw0zNTA3MjIxNjEy
MDdaMIGBMSAwHgYDVQQDDBdvcGVuU1VTRSBTZWN1cmUgQm9vdCBDQTELMAkGA1UE
BhMCREUxEjAQBgNVBAcMCU51cmVtYmVyZzEZMBcGA1UECgwQb3BlblNVU0UgUHJv
amVjdDEhMB8GCSqGSIb3DQEJARYSYnVpbGRAb3BlbnN1c2Uub3JnMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3t9hknqk/oPRfTtoDrGn8E6Sk/xHPnAt
Tojcmp76M7Sm2w4jwQ2owdVlBIQE/zpIGE85MuTKTvkEnp8PzSBdYaunANil/yt/
vuhHwy9bAsi73o4a6UbThu//iJmQ6xCJuIs/PqgHxlV6btNf/IM8PRbtJsUTc5Kx
cB4ilcgAbCV2RvGi2dCwmGgPpy2xDWeJypRK6hLFkVV2f2x6LvkYiZ/49CRD1TVq
ywAOLu1L4l0J2BuXcJmeWm+mgaidqVh2fWlxgtO6OpZDm/DaFcZO6cgVuenLx+Rx
zuoQG2vEKnABqVK0F94AUs995P0PTQMYspAo1G/Erla8NmBJRotrCwIDAQABo4H0
MIHxMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGhCYA3iLExHfpW+I9/qlRPl
lxdiMIGuBgNVHSMEgaYwgaOAFGhCYA3iLExHfpW+I9/qlRPllxdioYGHpIGEMIGB
MSAwHgYDVQQDDBdvcGVuU1VTRSBTZWN1cmUgQm9vdCBDQTELMAkGA1UEBhMCREUx
EjAQBgNVBAcMCU51cmVtYmVyZzEZMBcGA1UECgwQb3BlblNVU0UgUHJvamVjdDEh
MB8GCSqGSIb3DQEJARYSYnVpbGRAb3BlbnN1c2Uub3JnggEBMA4GA1UdDwEB/wQE
AwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAiqOJwo7Z+YIL8zPO6RkXF6NlgM0zrgZR
Vim2OId79J38KI6q4FMSDjpgxwbYOmF2O3cI9JSkjHxHOpnYhJsXzCBiLuJ25MY2
DSbpLlM1Cvs6NZNFw5OCwQvzCOlXH1k3qdBsafto6n87r9P3WSeO1MeWc/QMCvc+
5K9sjMd6bwl59EEf428R+z5ssaB75JK3yvky9d7DsHN947OCXc3sYdz+DD7Gteds
LV2Sc//tqmqpm2aeXjptcLAxwM7fLyEQaAyH83egMzEKDxX27jKIxZpTcc0NGqEo
idC/9lasSzs2BisBxevl3HKDPZSsKIMT+8FdJ5wT9jJf9h9Ktz5Tig==
-----END CERTIFICATE-----

26
remove_build_id.patch Normal file
View File

@ -0,0 +1,26 @@
Index: shim-15.8/gnu-efi/Make.defaults
===================================================================
--- shim-15.8.orig/gnu-efi/Make.defaults
+++ shim-15.8/gnu-efi/Make.defaults
@@ -205,7 +205,7 @@ endif
ASFLAGS += $(ARCH3264)
LDFLAGS += -nostdlib --warn-common --no-undefined --fatal-warnings \
- --build-id=sha1 --no-warn-rwx-segments
+ --no-warn-rwx-segments
ifneq ($(ARCH),arm)
export LIBGCC=$(shell $(CC) $(CFLAGS) $(ARCH3264) -print-libgcc-file-name)
Index: shim-15.8/Make.defaults
===================================================================
--- shim-15.8.orig/Make.defaults
+++ shim-15.8/Make.defaults
@@ -192,7 +192,7 @@ ifneq ($(origin SBAT_AUTOMATIC_DATE), un
DEFINES += -DSBAT_AUTOMATIC_DATE=$(SBAT_AUTOMATIC_DATE)
endif
-LDFLAGS = --hash-style=sysv -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(LOCAL_EFI_PATH) -L$(LIBDIR) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) --build-id=sha1 $(ARCH_LDFLAGS) --no-undefined
+LDFLAGS = --hash-style=sysv -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(LOCAL_EFI_PATH) -L$(LIBDIR) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) $(ARCH_LDFLAGS) --no-undefined
ifneq ($(DEBUG),)
export DEBUG

34
revoked-SLES-UEFI-SIGN-Certificate-2013-01.crt Normal file
View File

@ -0,0 +1,34 @@
-----BEGIN CERTIFICATE-----
MIIF/DCCA+SgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjEtMCsGA1UEAwwkU1VT
RSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IENBMQswCQYDVQQGEwJERTES
MBAGA1UEBwwJTnVyZW1iZXJnMSEwHwYDVQQKDBhTVVNFIExpbnV4IFByb2R1Y3Rz
IEdtYkgxEzARBgNVBAsMCkJ1aWxkIFRlYW0xHDAaBgkqhkiG9w0BCQEWDWJ1aWxk
QHN1c2UuZGUwHhcNMTMwMTIyMTQ1ODUxWhcNMjIxMjAxMTQ1ODUxWjCBqzEyMDAG
A1UEAwwpU1VTRSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IFNpZ25rZXkx
CzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxITAfBgNVBAoMGFNVU0Ug
TGludXggUHJvZHVjdHMgR21iSDETMBEGA1UECwwKQnVpbGQgVGVhbTEcMBoGCSqG
SIb3DQEJARYNYnVpbGRAc3VzZS5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAOVY/g3+3Bsa1JZ2hfU+7Fy28h0CKF0Sjqy8J4m9a8yKFoY6rb4hG9MK
o4wnCJfPab9flWXRk4PFiouI+0nmLJX74U0sq8nKw3Ijl0UojuthXc6CeZH4hIF5
HDoVhig3SfkUxdT1zZVF4mcYZ3Pf+UlROJ7JpY4sEhtYMY/DJW5qv2HwrzSw427V
R1upA18U7ddMF5fKoN8vjKVihUFSNK/Up0tOWalxfcG5s9ugjbJgZULsjfcs2+8t
og46QBjTaR7CtpmPbsaOJb1Z6BGDXsHV5GmaZG00TS0BwRn8mAQ1ske1eIpcqmBN
q5Mlh6BVaufBot0nXJp9Vnnuib4napkCAwEAAaOCASwwggEoMAwGA1UdEwEB/wQC
MAAwHQYDVR0OBBYEFD+wd7bOvG/yUi4cFIxXx3fHiOPnMIHTBgNVHSMEgcswgciA
FD1NQM+ThTkCSxz8WhLe3+ixfnVfoYGspIGpMIGmMS0wKwYDVQQDDCRTVVNFIExp
bnV4IEVudGVycHJpc2UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYTAkRFMRIwEAYD
VQQHDAlOdXJlbWJlcmcxITAfBgNVBAoMGFNVU0UgTGludXggUHJvZHVjdHMgR21i
SDETMBEGA1UECwwKQnVpbGQgVGVhbTEcMBoGCSqGSIb3DQEJARYNYnVpbGRAc3Vz
ZS5kZYIBATAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJ
KoZIhvcNAQELBQADggIBAFs0xW7Uzi3a52ho92ninU9yy1doEodWf8f37zmq3Kxf
v/y+mFCFuMw5zps4xyK1xfDBmVZ6f5GMolfkPnioYzKujqTgFCmKDZXjXIgHEej5
h+xzCalIYT3XT+JsmKvvZKcFMV9/py7+okEhekyFdak6WbxinisyEh6a7I+edNzB
2/dPkbIS7x2UmlFzXvAYTCwOqMwCuOWsICK/NRrPlCEdkPJFq2HU11umtZ+U4eCM
bJcCY2pqIVLxrDgRIMoUeJ7N2XIcfKlP8cHn9eHVWRd+n/v3nlJRvBjlw2d9oTm2
EB0vfpp01ihr6yvkckLwWHdrRcmiy6OmtTScAEwpMGPmBcFiHIb1nxhPbKqqw9Xb
t/y8tLRf6HvuhaApJhj3/ZBNLTLRSHk4O4DO4p3GpupPTvfxkx9cg/TxcF0kabPF
+dwu5cbRZpvBmkQ947aul0y+3QRHgIhmyqdZzC2OuL6Sl74zZc3BgsQsBFeIN4gz
YBsXtzyEVFsmSSj2ci+9JM8HCfeL0Ux7TeyoN5jAW5F7c8BSBBSSafZYUtq3DZHR
8ILtz5L7cCLkZY3da5a/csVz3zicnrAG8uiU91Jy6hVh+Y83vARz6hp8O/tX4o00
9ff5zunFUwyN3/krDEoX6dXMcSh8UftjzvFOYCUfF+cDt9eV8Ix0dcfP/cenyv/t
-----END CERTIFICATE-----

29
revoked-SLES-UEFI-SIGN-Certificate-2013-04.crt Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjEtMCsGA1UEAwwkU1VT
RSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IENBMQswCQYDVQQGEwJERTES
MBAGA1UEBwwJTnVyZW1iZXJnMSEwHwYDVQQKDBhTVVNFIExpbnV4IFByb2R1Y3Rz
IEdtYkgxEzARBgNVBAsMCkJ1aWxkIFRlYW0xHDAaBgkqhkiG9w0BCQEWDWJ1aWxk
QHN1c2UuZGUwHhcNMTMwNDE4MTQzNDM0WhcNMjMwMjI1MTQzNDM0WjCBqzEyMDAG
A1UEAwwpU1VTRSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IFNpZ25rZXkx
CzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxITAfBgNVBAoMGFNVU0Ug
TGludXggUHJvZHVjdHMgR21iSDETMBEGA1UECwwKQnVpbGQgVGVhbTEcMBoGCSqG
SIb3DQEJARYNYnVpbGRAc3VzZS5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAOVY/g3+3Bsa1JZ2hfU+7Fy28h0CKF0Sjqy8J4m9a8yKFoY6rb4hG9MK
o4wnCJfPab9flWXRk4PFiouI+0nmLJX74U0sq8nKw3Ijl0UojuthXc6CeZH4hIF5
HDoVhig3SfkUxdT1zZVF4mcYZ3Pf+UlROJ7JpY4sEhtYMY/DJW5qv2HwrzSw427V
R1upA18U7ddMF5fKoN8vjKVihUFSNK/Up0tOWalxfcG5s9ugjbJgZULsjfcs2+8t
og46QBjTaR7CtpmPbsaOJb1Z6BGDXsHV5GmaZG00TS0BwRn8mAQ1ske1eIpcqmBN
q5Mlh6BVaufBot0nXJp9Vnnuib4napkCAwEAAaOCASwwggEoMAwGA1UdEwEB/wQC
MAAwHQYDVR0OBBYEFD+wd7bOvG/yUi4cFIxXx3fHiOPnMIHTBgNVHSMEgcswgciA
FOyrDULEVs93BDa5c5k4YpZehyYvoYGspIGpMIGmMS0wKwYDVQQDDCRTVVNFIExp
bnV4IEVudGVycHJpc2UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYTAkRFMRIwEAYD
VQQHDAlOdXJlbWJlcmcxITAfBgNVBAoMGFNVU0UgTGludXggUHJvZHVjdHMgR21i
SDETMBEGA1UECwwKQnVpbGQgVGVhbTEcMBoGCSqGSIb3DQEJARYNYnVpbGRAc3Vz
ZS5kZYIBATAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJ
KoZIhvcNAQELBQADggEBAFEYo0sWgMCODHZEHWcoltp5RMcVj2DAYfw2NePbPqxW
AmIgpMU0yG01JPbwJZu6dcuNeYoytgfDrSRLuloKm0JR8oR3+G7/oxbKQCxtMubB
Qdflq7PIz73b/JSGiV5Pi77f9oAHijgnKEZrz4obs6sFp2gvuMvJ4w9jteCaofpq
IDNhu7i2KFx4rC6FYF/p6V9xnVwOnZS1G56cJALfP/7kOD4k3TVSMiE2FCS3wLwR
RI7VE0I/3oJHsi8CR++CT1BI02PI+EWgRcuW8jOzJ3+tYa77HCKpXNyIi7/L5QAK
N5ZinPyv68tae+GHkL5U2FxLY365gABSXqXUA9mTquU=
-----END CERTIFICATE-----

29
revoked-SLES-UEFI-SIGN-Certificate-2016-02.crt Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjEtMCsGA1UEAwwkU1VT
RSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IENBMQswCQYDVQQGEwJERTES
MBAGA1UEBwwJTnVyZW1iZXJnMSEwHwYDVQQKDBhTVVNFIExpbnV4IFByb2R1Y3Rz
IEdtYkgxEzARBgNVBAsMCkJ1aWxkIFRlYW0xHDAaBgkqhkiG9w0BCQEWDWJ1aWxk
QHN1c2UuZGUwHhcNMTYwMjI0MTUzMDI3WhcNMjYwMTAyMTUzMDI3WjCBqzEyMDAG
A1UEAwwpU1VTRSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IFNpZ25rZXkx
CzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxITAfBgNVBAoMGFNVU0Ug
TGludXggUHJvZHVjdHMgR21iSDETMBEGA1UECwwKQnVpbGQgVGVhbTEcMBoGCSqG
SIb3DQEJARYNYnVpbGRAc3VzZS5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAOVY/g3+3Bsa1JZ2hfU+7Fy28h0CKF0Sjqy8J4m9a8yKFoY6rb4hG9MK
o4wnCJfPab9flWXRk4PFiouI+0nmLJX74U0sq8nKw3Ijl0UojuthXc6CeZH4hIF5
HDoVhig3SfkUxdT1zZVF4mcYZ3Pf+UlROJ7JpY4sEhtYMY/DJW5qv2HwrzSw427V
R1upA18U7ddMF5fKoN8vjKVihUFSNK/Up0tOWalxfcG5s9ugjbJgZULsjfcs2+8t
og46QBjTaR7CtpmPbsaOJb1Z6BGDXsHV5GmaZG00TS0BwRn8mAQ1ske1eIpcqmBN
q5Mlh6BVaufBot0nXJp9Vnnuib4napkCAwEAAaOCASwwggEoMAwGA1UdEwEB/wQC
MAAwHQYDVR0OBBYEFD+wd7bOvG/yUi4cFIxXx3fHiOPnMIHTBgNVHSMEgcswgciA
FOyrDULEVs93BDa5c5k4YpZehyYvoYGspIGpMIGmMS0wKwYDVQQDDCRTVVNFIExp
bnV4IEVudGVycHJpc2UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYTAkRFMRIwEAYD
VQQHDAlOdXJlbWJlcmcxITAfBgNVBAoMGFNVU0UgTGludXggUHJvZHVjdHMgR21i
SDETMBEGA1UECwwKQnVpbGQgVGVhbTEcMBoGCSqGSIb3DQEJARYNYnVpbGRAc3Vz
ZS5kZYIBATAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJ
KoZIhvcNAQELBQADggEBAKMaX+dWtp9Y9SW1XvV3xc/sAURe1uZfEBcd7g+yu9ff
q/n9pbWW4gz9LtuIudi/CmltNlKHEQnB/RSgAd4VB28g7GeJNKVTn+5z7evgWUOz
tEB0tHgTfVCx6dYoIsNxT9atIVHREDPXef/s2TARKfpd77BG+X0+ZsvQe8NuooP1
B+qwl1rXR+cw46Q7dgM5XG418OPZsqHhk/AyC4/slHx65rQ//PBsgSANx8bBUr5Z
nDzy1X/0aZqB56/e2sscuhjs7IcXNftztewsNB7w4XtmOuVZpj2obAhbWshPaMLY
4PSS6JTVT/vhDJUJknm4XqbE16d0dSZPn8y1t6Ua0PM=
-----END CERTIFICATE-----

29
revoked-SLES-UEFI-SIGN-Certificate-2020-07.crt Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIJAO2HhbeP/BJ0MA0GCSqGSIb3DQEBCwUAMIGmMS0wKwYD
VQQDDCRTVVNFIExpbnV4IEVudGVycHJpc2UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNV
BAYTAkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxITAfBgNVBAoMGFNVU0UgTGludXgg
UHJvZHVjdHMgR21iSDETMBEGA1UECwwKQnVpbGQgVGVhbTEcMBoGCSqGSIb3DQEJ
ARYNYnVpbGRAc3VzZS5kZTAeFw0yMDA3MjMxNDA3MThaFw0yNDA3MjIxNDA3MTha
MIGrMTIwMAYDVQQDDClTVVNFIExpbnV4IEVudGVycHJpc2UgU2VjdXJlIEJvb3Qg
U2lnbmtleTELMAkGA1UEBhMCREUxEjAQBgNVBAcMCU51cmVtYmVyZzEhMB8GA1UE
CgwYU1VTRSBMaW51eCBQcm9kdWN0cyBHbWJIMRMwEQYDVQQLDApCdWlsZCBUZWFt
MRwwGgYJKoZIhvcNAQkBFg1idWlsZEBzdXNlLmRlMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAwrRYIcn7XQ2/nQfdCUM7EUzIfYB5Lra03/q9nggEfUke
N5O9qmA9uFWTvgdq2Nh8hia16TawyHMFyUd/PsdU2/pVydC6+OGDxE1sRJvu0pzP
3wvr+QQXnDjBYon+AGkuw/K8baUInl/1He2idCIB7pH3tGjj6jcorK70yZHU5Hl1
UwuQXlfQpG3zEJy1yZ7fg3RxAQ/716BOy1CceK0qCLi/qgR8w5GE92Xg1CHZe62u
I+9EmhXBbY2UcsfxRGEtdCU55L0R/MtHztfVHZw9Vazw8rCCvBjwPOxxjUx5It5N
yG0JaYXgAXqRXE88Gwo9VlEWNOKrC0vUUfxA63IZ0wIDAQABo4IBLDCCASgwDAYD
VR0TAQH/BAIwADAdBgNVHQ4EFgQUSrDGl8kQcydsJ97/PCIPsAfh3mEwgdMGA1Ud
IwSByzCByIAU7KsNQsRWz3cENrlzmThill6HJi+hgaykgakwgaYxLTArBgNVBAMM
JFNVU0UgTGludXggRW50ZXJwcmlzZSBTZWN1cmUgQm9vdCBDQTELMAkGA1UEBhMC
REUxEjAQBgNVBAcMCU51cmVtYmVyZzEhMB8GA1UECgwYU1VTRSBMaW51eCBQcm9k
dWN0cyBHbWJIMRMwEQYDVQQLDApCdWlsZCBUZWFtMRwwGgYJKoZIhvcNAQkBFg1i
dWlsZEBzdXNlLmRlggEBMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEF
BQcDAzANBgkqhkiG9w0BAQsFAAOCAQEAazJCs7IIjYUma9ZT1NLJZ7QSy/d6oAaW
E6JI1u3LHancnU3kXH19U7z1mni74OQdlsbIyfddR+AIvIu1RrepQ6BHNVrXO90J
LxvORpholbgeXk/FdIHWFu6AhL2jg8UM4Jxq/P3FxckGj25LxCPgd5C/L5ITufhf
1yPQ3CDxqfUiqlfdrQCROJ21sErLoYXoZim5pd1kT5vimyVrdaLM7eTq6G5LbKZ3
/TqRXPpVzwZGXXeZvM5s55kGKqNTUIZ2Cft5g9CBkRZujJ5gLGToxUHYbb6Fj5UT
Xr5Yh68j1IgvhQz+abALb/87Z3r2V+BWh1icc0rnCli1ulmZMd0H8A==
-----END CERTIFICATE-----

29
revoked-SLES-UEFI-SIGN-Certificate-2021-05.crt Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIJAO2HhbeP/BJ+MA0GCSqGSIb3DQEBCwUAMIGmMS0wKwYD
VQQDDCRTVVNFIExpbnV4IEVudGVycHJpc2UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNV
BAYTAkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxITAfBgNVBAoMGFNVU0UgTGludXgg
UHJvZHVjdHMgR21iSDETMBEGA1UECwwKQnVpbGQgVGVhbTEcMBoGCSqGSIb3DQEJ
ARYNYnVpbGRAc3VzZS5kZTAeFw0yMTAzMDgxMDE1MDhaFw0zMDEyMzExMDE1MDha
MIGrMTIwMAYDVQQDDClTVVNFIExpbnV4IEVudGVycHJpc2UgU2VjdXJlIEJvb3Qg
U2lnbmtleTELMAkGA1UEBhMCREUxEjAQBgNVBAcMCU51cmVtYmVyZzEhMB8GA1UE
CgwYU1VTRSBMaW51eCBQcm9kdWN0cyBHbWJIMRMwEQYDVQQLDApCdWlsZCBUZWFt
MRwwGgYJKoZIhvcNAQkBFg1idWlsZEBzdXNlLmRlMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAtvApQ4qgxDibOpYufFyQG3HDsQvwjPfrQHdYqkcKDZvz
hKFJSpAu4gulkuKnOeMO1+ecpOC9f0G6mbIwYCsM/GKBCUKRQZPOB5eSeGU+NJaI
XV6IimhfYi3MXmheVrP64Xd6pvcn/iplk2IPLbbdjIeiSImg1xtfnrcaWa+tzOMu
MAQfF4wUlVnFF4Pnh0goS2sv2Lj3fVQ4XV7d8bsB9gwdWSQQMwbSb5SXoiLZOIrZ
iI/n6DD5UL8Yap+2f5sBXA1MtonX91MSUu68Vh7l/9UXEntkx5byOdRAKxndIpnP
QQazhXtQoFskPtVzKs+8jIemDOosn7cTkBgOEP49iQIDAQABo4IBLDCCASgwDAYD
VR0TAQH/BAIwADAdBgNVHQ4EFgQUWiQESdKf0NinoYfm/A4muV0aqHswgdMGA1Ud
IwSByzCByIAU7KsNQsRWz3cENrlzmThill6HJi+hgaykgakwgaYxLTArBgNVBAMM
JFNVU0UgTGludXggRW50ZXJwcmlzZSBTZWN1cmUgQm9vdCBDQTELMAkGA1UEBhMC
REUxEjAQBgNVBAcMCU51cmVtYmVyZzEhMB8GA1UECgwYU1VTRSBMaW51eCBQcm9k
dWN0cyBHbWJIMRMwEQYDVQQLDApCdWlsZCBUZWFtMRwwGgYJKoZIhvcNAQkBFg1i
dWlsZEBzdXNlLmRlggEBMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEF
BQcDAzANBgkqhkiG9w0BAQsFAAOCAQEAqFI4lVQf3heh0TWrZwc0ej30p1EhVJms
NxCy/mtn6IDkRzmzAe9F/Tx5B6Kytjtj2WvU2mOhjDW61Tdvk2UBqlapTbT0X2oF
Co4ww8gm2uDyY3nCEM0jdPj8XnA+T+raxwcw6NosK3J6g+bEWjkX0lWryl1jgxuA
q3zup4t2rl792z+nAUAmCSrsYeQQxnKIeCvZCYMGgixSoYrv2SxD8hTFC8XW606v
ITVb9fxaYF1cCjCLjhkQpnegViT0mV5QcPW/IIjqKla1N9sH26buFwcJIHXQRB4h
1boVtIqiQZOe4BjGRTvRILGOa/WXn8UhQvMc39bCr1SxMRvpCV7zKw==
-----END CERTIFICATE-----

32
revoked-openSUSE-UEFI-SIGN-Certificate-2013-01.crt Normal file
View File

@ -0,0 +1,32 @@
-----BEGIN CERTIFICATE-----
MIIFjTCCA3WgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgTEgMB4GA1UEAwwXb3Bl
blNVU0UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJl
bWJlcmcxGTAXBgNVBAoMEG9wZW5TVVNFIFByb2plY3QxITAfBgkqhkiG9w0BCQEW
EmJ1aWxkQG9wZW5zdXNlLm9yZzAeFw0xMzAxMjgxNTEwMjhaFw0yMjEyMDcxNTEw
MjhaMIGGMSUwIwYDVQQDDBxvcGVuU1VTRSBTZWN1cmUgQm9vdCBTaWdua2V5MQsw
CQYDVQQGEwJERTESMBAGA1UEBwwJTnVyZW1iZXJnMRkwFwYDVQQKDBBvcGVuU1VT
RSBQcm9qZWN0MSEwHwYJKoZIhvcNAQkBFhJidWlsZEBvcGVuc3VzZS5vcmcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLNeCcz9j3S+vjlCzyEXczhpwo
HRneRWkhXqCUSgu1QS5nAWuRdjqFZipji4cr6JSKEm4lE7AHPygrdiU+KbJVQuc7
RCQdt5kyy0TStIjLqU+nswa+XKruKwQJquxYY1rIYsfZaEP7vQ6S/0zsAkS8lcmf
0b4h+PSybVoK1U2YZczBjO/f8p/aRQV2+RrAi9UcBfLAuEqwEt9DytULGEazA77N
p9cBgPHFyu7ZOh9KM31QAavXOkhuYllzYh447zIx7lgYfVkFivt91A1enUeb2K+2
EZ885xOE5ADsCpeJIpDzFObfwXUHrSQ42OCP9rnA20XjboFcHinQeK5sp0sfAgMB
AAGjggEHMIIBAzAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQDMvqcvw2IvyGSSw3o
KgmlTV3vyDCBrgYDVR0jBIGmMIGjgBSZDSa38E3ZzmTn0Y79aHtKXeKGpaGBh6SB
hDCBgTEgMB4GA1UEAwwXb3BlblNVU0UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYT
AkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxGTAXBgNVBAoMEG9wZW5TVVNFIFByb2pl
Y3QxITAfBgkqhkiG9w0BCQEWEmJ1aWxkQG9wZW5zdXNlLm9yZ4IBATAOBgNVHQ8B
Af8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggIB
AK25J4ntAoU8yF37KEUEFnh0WElBVYinTCB3VVNq0nJbcLq2Ak/yPb4/hVJGvUQx
M2EgafGBfjA6sVvqvZEqbn0bQnSTJqjlwAUpzVB9ll3vanT0SwwmRdbHtFLfkmfc
6sv7dUsizScXeth2C7vf2rxqJKBIdCs7EkUWibKm34y59wJYqsZT/jLeFraLi/+R
NWeiWY9AlyXm5QzNqEr3qqhVQohKI0gRUwJS0dx3xSMFd8td+q+22iYuNMx2Dk3A
D9HenFMZiSw4r+8R5mm8Dn6DJEB7Y5mJhR1zZk7Q3gVhwjeR/sdrIF9K8tSkyIHt
T4f+qNF1vBfQ9+8zHqQ/X2o2Cky/eyW9rx3V/fYLOXzOdbxIy5nDOd5gbXIDoZNV
cJn/af+MgMrUI7vqDZ1A1UmwKSAJRZjIJCX+2mjrAtQl9W7h8qZt2Hgq/4zCCNSH
v4gGoDtYEtcvs1kqS56/XQRyZikDfEUkBE1hXOW4hepuS9Zs6LihGpKSffqQH0Oy
gvCaWjLNzErjx5Hl9pTvH2qkLLX6P1i/YubW+3E6AuDks9u6eF78GkKb6ALsczQf
jHf22C1rl9y3Ex+9q3vKzeo9HtIBv/FEyt+GEzdCXdf4Lmjmf1l1uBX6+EJFAVsG
UPxqiJZLOo8dEbWIDzoxE8vXjZTNFBA9mkYmipdZwGaV
-----END CERTIFICATE-----

27
revoked-openSUSE-UEFI-SIGN-Certificate-2013-08.crt Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIEjTCCA3WgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgTEgMB4GA1UEAwwXb3Bl
blNVU0UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJl
bWJlcmcxGTAXBgNVBAoMEG9wZW5TVVNFIFByb2plY3QxITAfBgkqhkiG9w0BCQEW
EmJ1aWxkQG9wZW5zdXNlLm9yZzAeFw0xMzA4MjYxNjE4MzdaFw0yMzA3MDUxNjE4
MzdaMIGGMSUwIwYDVQQDDBxvcGVuU1VTRSBTZWN1cmUgQm9vdCBTaWdua2V5MQsw
CQYDVQQGEwJERTESMBAGA1UEBwwJTnVyZW1iZXJnMRkwFwYDVQQKDBBvcGVuU1VT
RSBQcm9qZWN0MSEwHwYJKoZIhvcNAQkBFhJidWlsZEBvcGVuc3VzZS5vcmcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLNeCcz9j3S+vjlCzyEXczhpwo
HRneRWkhXqCUSgu1QS5nAWuRdjqFZipji4cr6JSKEm4lE7AHPygrdiU+KbJVQuc7
RCQdt5kyy0TStIjLqU+nswa+XKruKwQJquxYY1rIYsfZaEP7vQ6S/0zsAkS8lcmf
0b4h+PSybVoK1U2YZczBjO/f8p/aRQV2+RrAi9UcBfLAuEqwEt9DytULGEazA77N
p9cBgPHFyu7ZOh9KM31QAavXOkhuYllzYh447zIx7lgYfVkFivt91A1enUeb2K+2
EZ885xOE5ADsCpeJIpDzFObfwXUHrSQ42OCP9rnA20XjboFcHinQeK5sp0sfAgMB
AAGjggEHMIIBAzAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQDMvqcvw2IvyGSSw3o
KgmlTV3vyDCBrgYDVR0jBIGmMIGjgBRoQmAN4ixMR36VviPf6pUT5ZcXYqGBh6SB
hDCBgTEgMB4GA1UEAwwXb3BlblNVU0UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYT
AkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxGTAXBgNVBAoMEG9wZW5TVVNFIFByb2pl
Y3QxITAfBgkqhkiG9w0BCQEWEmJ1aWxkQG9wZW5zdXNlLm9yZ4IBATAOBgNVHQ8B
Af8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggEB
AI3sxNvPFB/+Cjj9GVCvNbaOGFV+5X6Dd7ZMJat0xI93GS+FvUOO1i53iCpnfSld
gE+2chifX2W3u6RyiJTTfwke4EVU4GWjFy78WwwszCih0byVa/YSQguvPuMjvQY6
mw+exom0ri68328yWb1oCDaPOhI9Fr51hj50yUWWBbmpu2YPi5blN6CBE+9B2cbp
HVDPxoUWjYJ9leK951nfSu0E1+cLNYDpZ39h4dBHNvU1a3AueVKIXyEYaiwy0VDS
8CQJluUCE4eLlt/cbJqMs0/iY7nRnbVOOyZUYTYxq7ACvDrMyStkfdR4KLDzvLWo
8Gu+1aY2qw6wZ+TKiiRRYjQ=
-----END CERTIFICATE-----

27
revoked-openSUSE-UEFI-SIGN-Certificate-2020-01.crt Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIElTCCA32gAwIBAgIJAPq+2L9Aml5gMA0GCSqGSIb3DQEBCwUAMIGBMSAwHgYD
VQQDDBdvcGVuU1VTRSBTZWN1cmUgQm9vdCBDQTELMAkGA1UEBhMCREUxEjAQBgNV
BAcMCU51cmVtYmVyZzEZMBcGA1UECgwQb3BlblNVU0UgUHJvamVjdDEhMB8GCSqG
SIb3DQEJARYSYnVpbGRAb3BlbnN1c2Uub3JnMB4XDTIwMDEwODE2MjU1NFoXDTI5
MTExNjE2MjU1NFowgYYxJTAjBgNVBAMMHG9wZW5TVVNFIFNlY3VyZSBCb290IFNp
Z25rZXkxCzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxGTAXBgNVBAoM
EG9wZW5TVVNFIFByb2plY3QxITAfBgkqhkiG9w0BCQEWEmJ1aWxkQG9wZW5zdXNl
Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMs14JzP2PdL6+OU
LPIRdzOGnCgdGd5FaSFeoJRKC7VBLmcBa5F2OoVmKmOLhyvolIoSbiUTsAc/KCt2
JT4pslVC5ztEJB23mTLLRNK0iMupT6ezBr5cqu4rBAmq7FhjWshix9loQ/u9DpL/
TOwCRLyVyZ/RviH49LJtWgrVTZhlzMGM79/yn9pFBXb5GsCL1RwF8sC4SrAS30PK
1QsYRrMDvs2n1wGA8cXK7tk6H0ozfVABq9c6SG5iWXNiHjjvMjHuWBh9WQWK+33U
DV6dR5vYr7YRnzznE4TkAOwKl4kikPMU5t/BdQetJDjY4I/2ucDbReNugVweKdB4
rmynSx8CAwEAAaOCAQcwggEDMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFAMy+py/
DYi/IZJLDegqCaVNXe/IMIGuBgNVHSMEgaYwgaOAFGhCYA3iLExHfpW+I9/qlRPl
lxdioYGHpIGEMIGBMSAwHgYDVQQDDBdvcGVuU1VTRSBTZWN1cmUgQm9vdCBDQTEL
MAkGA1UEBhMCREUxEjAQBgNVBAcMCU51cmVtYmVyZzEZMBcGA1UECgwQb3BlblNV
U0UgUHJvamVjdDEhMB8GCSqGSIb3DQEJARYSYnVpbGRAb3BlbnN1c2Uub3JnggEB
MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzANBgkqhkiG9w0B
AQsFAAOCAQEAUWNziRn2X/uOcFWaCkKqIVa0xlk8joaztllVkRLoDpv97O6p087k
OOfqNsv1gUgIHqQvZ9Z2woQcpd2gUa0uj5yqpqSGp0eSEtBOOKApVuybplTDSyC3
6ENwF5BKMJ8ysURsIx6ZGCq1PbaruA28sG/XFrhxjezLwN9mcmLd6nCd4xmPuH78
IsHPP6c6VzrFtNN3yP5ZIs9bIzDHTf2qGXvVYhLBrNuTczTwUzeSfKG+qpP/dO1I
EGtd7tTFPTqNwXkWq3oat9TVYMdPLRWWZ2zzE65k0rdSSJTgc/1Z4WSKb55J6FMP
8MJRwgi62+9JF6hsBy7WuBE8cWvtIwbyYA==
-----END CERTIFICATE-----

27
revoked-openSUSE-UEFI-SIGN-Certificate-2020-07.crt Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIElTCCA32gAwIBAgIJAPq+2L9Aml5jMA0GCSqGSIb3DQEBCwUAMIGBMSAwHgYD
VQQDDBdvcGVuU1VTRSBTZWN1cmUgQm9vdCBDQTELMAkGA1UEBhMCREUxEjAQBgNV
BAcMCU51cmVtYmVyZzEZMBcGA1UECgwQb3BlblNVU0UgUHJvamVjdDEhMB8GCSqG
SIb3DQEJARYSYnVpbGRAb3BlbnN1c2Uub3JnMB4XDTIwMDgwMzEyMzUzOVoXDTMw
MDYxMjEyMzUzOVowgYYxJTAjBgNVBAMMHG9wZW5TVVNFIFNlY3VyZSBCb290IFNp
Z25rZXkxCzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxGTAXBgNVBAoM
EG9wZW5TVVNFIFByb2plY3QxITAfBgkqhkiG9w0BCQEWEmJ1aWxkQG9wZW5zdXNl
Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKVKfWLm7OvwYpDO
4s0qzbUDWG2GTlxFOkZe4XaFsjxAnmuXZTVm1SJ3N12zSdRH60YMqcns7yuISYQz
0K79shGDOfktO8iqxSE0JdUvhEFnJUECaXYAq+ioiSwkm7QQWhHAUE3htshJeMt4
SK4dTGmTQNQBKCZ3xQTTHi1sOl8wYt0QdhkucqvgDUyPaxHrI4LV1OV9R3XjGclG
ZD6QEkXLhVcir2yLIA9G1qPZDXpNbrdfSx3GDEnSsD+GS0D/k5oe32w1KGMnEM/S
fYrY1nsP6/k0hVO1KH9WJWV/DUoyO/4U75C6swg7SVTxyigT3s92/UV4N9Es5kZv
aHhsuncCAwEAAaOCAQcwggEDMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMi9x6wa
HYWWYhf9k+v8FPSiALgUMIGuBgNVHSMEgaYwgaOAFGhCYA3iLExHfpW+I9/qlRPl
lxdioYGHpIGEMIGBMSAwHgYDVQQDDBdvcGVuU1VTRSBTZWN1cmUgQm9vdCBDQTEL
MAkGA1UEBhMCREUxEjAQBgNVBAcMCU51cmVtYmVyZzEZMBcGA1UECgwQb3BlblNV
U0UgUHJvamVjdDEhMB8GCSqGSIb3DQEJARYSYnVpbGRAb3BlbnN1c2Uub3JnggEB
MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzANBgkqhkiG9w0B
AQsFAAOCAQEAS1NWAHYBV1uaK7wE6c+Xz8t4c2hgTkFR4E0iVZ+2aTz8OFzztQZq
CyZ9QYgSpApmvwmgFEQog6UUzw2f19W7qhIskDHfhBmK2uQtazHZ/Pd8oXyHrbgK
TVh7GDc9OjrZe2wg03Q0N/KVUHD5lKYXY4rfAqKdc1XKfo7t8GIu+TnWDLXWVI40
oDIXwSmg+JOZFXpf9cxZ2zENZnsaH0KTKNk6bNq8wjum4W54Tgk7UbDE6roJp5C3
7cUt/j+dL00gyFK66PFR1wXflZFtKixxVbMOLa13ZldsuNs0ye6whPqIKZ9ev4M4
rjWQD5k14Ui+48/MDJt4Nc2Sm1LYrdXJMw==
-----END CERTIFICATE-----

27
revoked-openSUSE-UEFI-SIGN-Certificate-2021-05.crt Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIElTCCA32gAwIBAgIJAPq+2L9Aml5kMA0GCSqGSIb3DQEBCwUAMIGBMSAwHgYD
VQQDDBdvcGVuU1VTRSBTZWN1cmUgQm9vdCBDQTELMAkGA1UEBhMCREUxEjAQBgNV
BAcMCU51cmVtYmVyZzEZMBcGA1UECgwQb3BlblNVU0UgUHJvamVjdDEhMB8GCSqG
SIb3DQEJARYSYnVpbGRAb3BlbnN1c2Uub3JnMB4XDTIxMDMwMjEzMDE1NFoXDTMx
MDEwOTEzMDE1NFowgYYxJTAjBgNVBAMMHG9wZW5TVVNFIFNlY3VyZSBCb290IFNp
Z25rZXkxCzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxGTAXBgNVBAoM
EG9wZW5TVVNFIFByb2plY3QxITAfBgkqhkiG9w0BCQEWEmJ1aWxkQG9wZW5zdXNl
Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPLI9AESuA0aqXLg
RwX7lU1td6HhC3Oj+kwKJJvF/kwA+1viW/1cC4vS9muigFHe3b4CPwZ9WRxb5Wyi
3nxP1fjYwFmygBnqWvzMTxGZBFuhcQQpSPDbjWOEiFspVZbvkBF7t0cu1EcpKaHl
+pPqVdWrh11mk7bSjnYGAZ0BFHQ3bnhCuH1+p4PIMLAFZIRQ9suW9t5caOoHK6pi
fisOYy+WR3a/2AFTCZIdZIueVpvPHhGgjEDoE0wnoAg5lKDn+SAUS7JiWy/hdT2U
c/OjH1onXi99kTWDOMwQA+g2d7JAPtLuepcKpiUbFaR+7KJYWhkfit6WYz40sC6Q
PMAHIj8CAwEAAaOCAQcwggEDMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJ3fQ9nx
oCcnP1LGwHdZCO4BZxMlMIGuBgNVHSMEgaYwgaOAFGhCYA3iLExHfpW+I9/qlRPl
lxdioYGHpIGEMIGBMSAwHgYDVQQDDBdvcGVuU1VTRSBTZWN1cmUgQm9vdCBDQTEL
MAkGA1UEBhMCREUxEjAQBgNVBAcMCU51cmVtYmVyZzEZMBcGA1UECgwQb3BlblNV
U0UgUHJvamVjdDEhMB8GCSqGSIb3DQEJARYSYnVpbGRAb3BlbnN1c2Uub3JnggEB
MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzANBgkqhkiG9w0B
AQsFAAOCAQEAnjK7rL3T/Fu443EQSB3cV2V84pQcOcQf3dCSx8VT14ZTgkp1RGM4
qr4V8foA7Fyr9UE+x2zEMzcVy2eZ2aihO/qaQ/JGZi8cp1pjq0nNMUQjgXF0YGyn
Qanjb/48V5eOF9Z1h/wQ0HISTdkwsvGUS0leHT3LjXWNRL9QBp1Qi5A5IE5t8vpX
OxAvHNTsKsx6x2p8R3yVLX7rY84xvBJCqHDY9tYDQ2VbVX7CEw5x9FffobYpY/s1
lCV/fhOThm/q/p9Pr3hydxKP4PoxxwBtII/p0zJTMWEEfOsK/zAS3v8Ltlz83gTk
WX+2oXpj/WRFsYWIEXTPwEm4MwYWxw5rMw==
-----END CERTIFICATE-----

3
shim-15.8.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a79f0a9b89f3681ab384865b1a46ab3f79d88b11b4ca59aa040ab03fffae80a9
size 2315201

61
shim-arch-independent-names.patch Normal file
View File

@ -0,0 +1,61 @@
From 71ca8f761fb5434ef65895345d96ccf063da7d66 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Tue, 22 Aug 2017 12:43:36 +0800
Subject: [PATCH] Make the names of EFI binaries arch-independent
Since we only build the 64-bit binaries, we don't have the issue of the
mixed architecture binaries in the same directory. Besides, we will use
the same install script for x86_64 and AArch64. It's easier to maintain
the script with the same names.
Signed-off-by: Gary Lin <glin@suse.com>
---
fallback.c | 2 +-
shim.c | 2 +-
shim.h | 4 ++--
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/fallback.c b/fallback.c
index fc81c5e4..44b2d464 100644
--- a/fallback.c
+++ b/fallback.c
@@ -1058,7 +1058,7 @@ debug_hook(void)
x = 1;
console_print(L"add-symbol-file "DEBUGDIR
- L"fb" EFI_ARCH L".efi.debug %p -s .data %p\n",
+ L"fallback.efi.debug %p -s .data %p\n",
&_etext, &_edata);
}
diff --git a/shim.c b/shim.c
index 765c9254..6751a2bc 100644
--- a/shim.c
+++ b/shim.c
@@ -1811,7 +1811,7 @@ debug_hook(void)
FreePool(data);
console_print(L"add-symbol-file "DEBUGDIR
- L"shim" EFI_ARCH L".efi.debug 0x%08x -s .data 0x%08x\n",
+ L"shim.efi.debug 0x%08x -s .data 0x%08x\n",
&_text, &_data);
console_print(L"Pausing for debugger attachment.\n");
diff --git a/shim.h b/shim.h
index 0a6c8cfa..b9c3c4d8 100644
--- a/shim.h
+++ b/shim.h
@@ -105,8 +105,8 @@
#define DEBUGSRC L"/usr/src/debug/shim-" VERSIONSTR "." EFI_ARCH
#endif
-#define FALLBACK L"\\fb" EFI_ARCH L".efi"
-#define MOK_MANAGER L"\\mm" EFI_ARCH L".efi"
+#define FALLBACK L"\\fallback.efi"
+#define MOK_MANAGER L"\\MokManager.efi"
#if defined(VENDOR_DB_FILE)
# define vendor_authorized vendor_db
--
2.29.2

696
shim-bsc1177315-verify-eku-codesign.patch Normal file
View File

@ -0,0 +1,696 @@
From 6ff890bf0af9d37acc6ea8ad64f597060e8bb143 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Wed, 14 Oct 2020 14:31:12 +0800
Subject: [PATCH] Enforce EKU CodeSign extension check
Per NIAP OS_PP, the signer certificate of the UEFI image has to contain
"CodeSign" extension in its Extended Key Usage(EKU).
This commit borrows VerifyEKUsInPkcs7Signature() from edk2 and enforces
the CodeSign check in Pkcs7Verify().
+ Also merged the buffer use-after-free fix (*)
(*) https://bugzilla.tianocore.org/show_bug.cgi?id=2459
Signed-off-by: Gary Lin <glin@suse.com>
---
Cryptlib/InternalCryptLib.h | 32 ++
Cryptlib/Library/BaseCryptLib.h | 40 +++
Cryptlib/Makefile | 1 +
Cryptlib/Pk/CryptPkcs7Verify.c | 10 +
Cryptlib/Pk/CryptPkcs7VerifyEku.c | 516 ++++++++++++++++++++++++++++++
5 files changed, 599 insertions(+)
create mode 100644 Cryptlib/Pk/CryptPkcs7VerifyEku.c
diff --git a/Cryptlib/InternalCryptLib.h b/Cryptlib/InternalCryptLib.h
index e9a4c20..8c9a2a4 100644
--- a/Cryptlib/InternalCryptLib.h
+++ b/Cryptlib/InternalCryptLib.h
@@ -30,5 +30,37 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define OBJ_length(o) ((o)->length)
#endif
+/**
+ Check input P7Data is a wrapped ContentInfo structure or not. If not construct
+ a new structure to wrap P7Data.
+
+ Caution: This function may receive untrusted input.
+ UEFI Authenticated Variable is external input, so this function will do basic
+ check for PKCS#7 data structure.
+
+ @param[in] P7Data Pointer to the PKCS#7 message to verify.
+ @param[in] P7Length Length of the PKCS#7 message in bytes.
+ @param[out] WrapFlag If TRUE P7Data is a ContentInfo structure, otherwise
+ return FALSE.
+ @param[out] WrapData If return status of this function is TRUE:
+ 1) when WrapFlag is TRUE, pointer to P7Data.
+ 2) when WrapFlag is FALSE, pointer to a new ContentInfo
+ structure. It's caller's responsibility to free this
+ buffer.
+ @param[out] WrapDataSize Length of ContentInfo structure in bytes.
+
+ @retval TRUE The operation is finished successfully.
+ @retval FALSE The operation is failed due to lack of resources.
+
+**/
+BOOLEAN
+WrapPkcs7Data (
+ IN CONST UINT8 *P7Data,
+ IN UINTN P7Length,
+ OUT BOOLEAN *WrapFlag,
+ OUT UINT8 **WrapData,
+ OUT UINTN *WrapDataSize
+ );
+
#endif
diff --git a/Cryptlib/Library/BaseCryptLib.h b/Cryptlib/Library/BaseCryptLib.h
index 2df8bd2..ed482d3 100644
--- a/Cryptlib/Library/BaseCryptLib.h
+++ b/Cryptlib/Library/BaseCryptLib.h
@@ -2403,6 +2403,46 @@ Pkcs7Verify (
IN UINTN DataLength
);
+/**
+ This function receives a PKCS#7 formatted signature blob,
+ looks for the EKU SEQUENCE blob, and if found then looks
+ for all the required EKUs. This function was created so that
+ the Surface team can cut down on the number of Certificate
+ Authorities (CA's) by checking EKU's on leaf signers for
+ a specific product. This prevents one product's certificate
+ from signing another product's firmware or unlock blobs.
+
+ Note that this function does not validate the certificate chain.
+ That needs to be done before using this function.
+
+ @param[in] Pkcs7Signature The PKCS#7 signed information content block. An array
+ containing the content block with both the signature,
+ the signer's certificate, and any necessary intermediate
+ certificates.
+ @param[in] Pkcs7SignatureSize Number of bytes in Pkcs7Signature.
+ @param[in] RequiredEKUs Array of null-terminated strings listing OIDs of
+ required EKUs that must be present in the signature.
+ @param[in] RequiredEKUsSize Number of elements in the RequiredEKUs string array.
+ @param[in] RequireAllPresent If this is TRUE, then all of the specified EKU's
+ must be present in the leaf signer. If it is
+ FALSE, then we will succeed if we find any
+ of the specified EKU's.
+
+ @retval EFI_SUCCESS The required EKUs were found in the signature.
+ @retval EFI_INVALID_PARAMETER A parameter was invalid.
+ @retval EFI_NOT_FOUND One or more EKU's were not found in the signature.
+
+**/
+EFI_STATUS
+EFIAPI
+VerifyEKUsInPkcs7Signature (
+ IN CONST UINT8 *Pkcs7Signature,
+ IN CONST UINT32 SignatureSize,
+ IN CONST CHAR8 *RequiredEKUs[],
+ IN CONST UINT32 RequiredEKUsSize,
+ IN BOOLEAN RequireAllPresent
+ );
+
/**
Extracts the attached content from a PKCS#7 signed data if existed. The input signed
data could be wrapped in a ContentInfo structure.
diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile
index 18a33b1..a1d8b02 100644
--- a/Cryptlib/Makefile
+++ b/Cryptlib/Makefile
@@ -41,6 +41,7 @@ OBJS = Hash/CryptMd4Null.o \
Pk/CryptRsaExtNull.o \
Pk/CryptPkcs7SignNull.o \
Pk/CryptPkcs7Verify.o \
+ Pk/CryptPkcs7VerifyEku.o \
Pk/CryptDhNull.o \
Pk/CryptTs.o \
Pk/CryptX509.o \
diff --git a/Cryptlib/Pk/CryptPkcs7Verify.c b/Cryptlib/Pk/CryptPkcs7Verify.c
index 09895d8..da15be2 100644
--- a/Cryptlib/Pk/CryptPkcs7Verify.c
+++ b/Cryptlib/Pk/CryptPkcs7Verify.c
@@ -29,6 +29,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <openssl/pkcs7.h>
UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 };
+/* EKU CodeSign */
+CHAR8 mOidCodeSign[] = "1.3.6.1.5.5.7.3.3";
#if 1
#if OPENSSL_VERSION_NUMBER < 0x10100000L
@@ -846,6 +848,8 @@ Pkcs7Verify (
CONST UINT8 *Temp;
UINTN SignedDataSize;
BOOLEAN Wrapped;
+ CONST CHAR8 *Ekus[1];
+ EFI_STATUS EFI_Status;
//
// Check input parameters.
@@ -859,6 +863,7 @@ Pkcs7Verify (
DataBio = NULL;
Cert = NULL;
CertStore = NULL;
+ Ekus[0] = mOidCodeSign;
//
// Register & Initialize necessary digest algorithms for PKCS#7 Handling
@@ -958,6 +963,11 @@ Pkcs7Verify (
//
X509_STORE_set_purpose (CertStore, X509_PURPOSE_ANY);
+ EFI_Status = VerifyEKUsInPkcs7Signature(P7Data, P7Length, Ekus, 1, TRUE);
+ if (EFI_Status != EFI_SUCCESS) {
+ goto _Exit;
+ }
+
//
// Verifies the PKCS#7 signedData structure
//
diff --git a/Cryptlib/Pk/CryptPkcs7VerifyEku.c b/Cryptlib/Pk/CryptPkcs7VerifyEku.c
new file mode 100644
index 0000000..2c172e2
--- /dev/null
+++ b/Cryptlib/Pk/CryptPkcs7VerifyEku.c
@@ -0,0 +1,516 @@
+/** @file
+ This module verifies that Enhanced Key Usages (EKU's) are present within
+ a PKCS7 signature blob using OpenSSL.
+
+ Copyright (C) Microsoft Corporation. All Rights Reserved.
+ Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Base.h>
+#include "InternalCryptLib.h"
+#include <openssl/x509v3.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/bn.h>
+#include <openssl/x509_vfy.h>
+#include <openssl/pem.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+
+/**
+ This function will return the leaf signer certificate in a chain. This is
+ required because certificate chains are not guaranteed to have the
+ certificates in the order that they were issued.
+
+ A typical certificate chain looks like this:
+
+
+ ----------------------------
+ | Root |
+ ----------------------------
+ ^
+ |
+ ----------------------------
+ | Policy CA | <-- Typical Trust Anchor.
+ ----------------------------
+ ^
+ |
+ ----------------------------
+ | Issuing CA |
+ ----------------------------
+ ^
+ |
+ -----------------------------
+ / End-Entity (leaf) signer / <-- Bottom certificate.
+ ----------------------------- EKU: "1.3.6.1.4.1.311.76.9.21.1"
+ (Firmware Signing)
+
+
+ @param[in] CertChain Certificate chain.
+
+ @param[out] SignerCert Last certificate in the chain. For PKCS7 signatures,
+ this will be the end-entity (leaf) signer cert.
+
+ @retval EFI_SUCCESS The required EKUs were found in the signature.
+ @retval EFI_INVALID_PARAMETER A parameter was invalid.
+ @retval EFI_NOT_FOUND The number of signers found was not 1.
+
+**/
+EFI_STATUS
+GetSignerCertificate (
+ IN CONST PKCS7 *CertChain,
+ OUT X509 **SignerCert
+ )
+{
+ EFI_STATUS Status;
+ STACK_OF(X509) *Signers;
+ INT32 NumberSigners;
+
+ Status = EFI_SUCCESS;
+ Signers = NULL;
+ NumberSigners = 0;
+
+ if (CertChain == NULL || SignerCert == NULL) {
+ Status = EFI_INVALID_PARAMETER;
+ goto Exit;
+ }
+
+ //
+ // Get the signers from the chain.
+ //
+ Signers = PKCS7_get0_signers ((PKCS7*) CertChain, NULL, PKCS7_BINARY);
+ if (Signers == NULL) {
+ //
+ // Fail to get signers form PKCS7
+ //
+ Status = EFI_INVALID_PARAMETER;
+ goto Exit;
+ }
+
+ //
+ // There should only be one signer in the PKCS7 stack.
+ //
+ NumberSigners = sk_X509_num (Signers);
+ if (NumberSigners != 1) {
+ //
+ // The number of singers should have been 1
+ //
+ Status = EFI_NOT_FOUND;
+ goto Exit;
+ }
+
+ *SignerCert = sk_X509_value (Signers, 0);
+
+Exit:
+ //
+ // Release Resources
+ //
+ if (Signers != NULL) {
+ sk_X509_free (Signers);
+ }
+
+ return Status;
+}
+
+
+/**
+ Determines if the specified EKU represented in ASN1 form is present
+ in a given certificate.
+
+ @param[in] Cert The certificate to check.
+
+ @param[in] Asn1ToFind The EKU to look for.
+
+ @retval EFI_SUCCESS We successfully identified the signing type.
+ @retval EFI_INVALID_PARAMETER A parameter was invalid.
+ @retval EFI_NOT_FOUND One or more EKU's were not found in the signature.
+
+**/
+EFI_STATUS
+IsEkuInCertificate (
+ IN CONST X509 *Cert,
+ IN ASN1_OBJECT *Asn1ToFind
+ )
+{
+ EFI_STATUS Status;
+ X509 *ClonedCert;
+ X509_EXTENSION *Extension;
+ EXTENDED_KEY_USAGE *Eku;
+ INT32 ExtensionIndex;
+ INTN NumExtensions;
+ ASN1_OBJECT *Asn1InCert;
+ INTN Index;
+
+ Status = EFI_NOT_FOUND;
+ ClonedCert = NULL;
+ Extension = NULL;
+ Eku = NULL;
+ ExtensionIndex = -1;
+ NumExtensions = 0;
+ Asn1InCert = NULL;
+
+ if (Cert == NULL || Asn1ToFind == NULL) {
+ Status = EFI_INVALID_PARAMETER;
+ goto Exit;
+ }
+
+ //
+ // Clone the certificate. This is required because the Extension API's
+ // only work once per instance of an X509 object.
+ //
+ ClonedCert = X509_dup ((X509*)Cert);
+ if (ClonedCert == NULL) {
+ //
+ // Fail to duplicate cert.
+ //
+ Status = EFI_INVALID_PARAMETER;
+ goto Exit;
+ }
+
+ //
+ // Look for the extended key usage.
+ //
+ ExtensionIndex = X509_get_ext_by_NID (ClonedCert, NID_ext_key_usage, -1);
+
+ if (ExtensionIndex < 0) {
+ //
+ // Fail to find 'NID_ext_key_usage' in Cert.
+ //
+ goto Exit;
+ }
+
+ Extension = X509_get_ext (ClonedCert, ExtensionIndex);
+ if (Extension == NULL) {
+ //
+ // Fail to get Extension form cert.
+ //
+ goto Exit;
+ }
+
+ Eku = (EXTENDED_KEY_USAGE*)X509V3_EXT_d2i (Extension);
+ if (Eku == NULL) {
+ //
+ // Fail to get Eku from extension.
+ //
+ goto Exit;
+ }
+
+ NumExtensions = sk_ASN1_OBJECT_num (Eku);
+
+ //
+ // Now loop through the extensions, looking for the specified Eku.
+ //
+ for (Index = 0; Index < NumExtensions; Index++) {
+ Asn1InCert = sk_ASN1_OBJECT_value (Eku, (INT32)Index);
+ if (Asn1InCert == NULL) {
+ //
+ // Fail to get ASN object from Eku.
+ //
+ goto Exit;
+ }
+
+ if (OBJ_cmp(Asn1InCert, Asn1ToFind) == 0) {
+ //
+ // Found Eku in certificate.
+ //
+ Status = EFI_SUCCESS;
+ goto Exit;
+ }
+ }
+
+Exit:
+
+ //
+ // Release Resources
+ //
+ if (ClonedCert != NULL) {
+ X509_free (ClonedCert);
+ }
+
+ if (Eku != NULL) {
+ sk_ASN1_OBJECT_pop_free (Eku, ASN1_OBJECT_free);
+ }
+
+ return Status;
+}
+
+
+/**
+ Determines if the specified EKUs are present in a signing certificate.
+
+ @param[in] SignerCert The certificate to check.
+ @param[in] RequiredEKUs The EKUs to look for.
+ @param[in] RequiredEKUsSize The number of EKUs
+ @param[in] RequireAllPresent If TRUE, then all the specified EKUs
+ must be present in the certificate.
+
+ @retval EFI_SUCCESS We successfully identified the signing type.
+ @retval EFI_INVALID_PARAMETER A parameter was invalid.
+ @retval EFI_NOT_FOUND One or more EKU's were not found in the signature.
+**/
+EFI_STATUS
+CheckEKUs(
+ IN CONST X509 *SignerCert,
+ IN CONST CHAR8 *RequiredEKUs[],
+ IN CONST UINT32 RequiredEKUsSize,
+ IN BOOLEAN RequireAllPresent
+ )
+{
+ EFI_STATUS Status;
+ ASN1_OBJECT *Asn1ToFind;
+ UINT32 NumEkusFound;
+ UINT32 Index;
+
+ Status = EFI_NOT_FOUND;
+ Asn1ToFind = NULL;
+ NumEkusFound = 0;
+
+ if (SignerCert == NULL || RequiredEKUs == NULL || RequiredEKUsSize == 0) {
+ Status = EFI_INVALID_PARAMETER;
+ goto Exit;
+ }
+
+ for (Index = 0; Index < RequiredEKUsSize; Index++) {
+ //
+ // Finding required EKU in cert.
+ //
+ if (Asn1ToFind != NULL) {
+ ASN1_OBJECT_free(Asn1ToFind);
+ Asn1ToFind = NULL;
+ }
+
+ Asn1ToFind = OBJ_txt2obj (RequiredEKUs[Index], 0);
+ if (Asn1ToFind == NULL) {
+ //
+ // Fail to convert required EKU to ASN1.
+ //
+ Status = EFI_INVALID_PARAMETER;
+ goto Exit;
+ }
+
+ Status = IsEkuInCertificate (SignerCert, Asn1ToFind);
+ if (Status == EFI_SUCCESS) {
+ NumEkusFound++;
+ if (!RequireAllPresent) {
+ //
+ // Found at least one, so we are done.
+ //
+ goto Exit;
+ }
+ } else {
+ //
+ // Fail to find Eku in cert
+ break;
+ }
+ }
+
+Exit:
+
+ if (Asn1ToFind != NULL) {
+ ASN1_OBJECT_free(Asn1ToFind);
+ }
+
+ if (RequireAllPresent &&
+ NumEkusFound == RequiredEKUsSize) {
+ //
+ // Found all required EKUs in certificate.
+ //
+ Status = EFI_SUCCESS;
+ }
+
+ return Status;
+}
+
+/**
+ This function receives a PKCS#7 formatted signature blob,
+ looks for the EKU SEQUENCE blob, and if found then looks
+ for all the required EKUs. This function was created so that
+ the Surface team can cut down on the number of Certificate
+ Authorities (CA's) by checking EKU's on leaf signers for
+ a specific product. This prevents one product's certificate
+ from signing another product's firmware or unlock blobs.
+
+ Note that this function does not validate the certificate chain.
+ That needs to be done before using this function.
+
+ @param[in] Pkcs7Signature The PKCS#7 signed information content block. An array
+ containing the content block with both the signature,
+ the signer's certificate, and any necessary intermediate
+ certificates.
+ @param[in] Pkcs7SignatureSize Number of bytes in Pkcs7Signature.
+ @param[in] RequiredEKUs Array of null-terminated strings listing OIDs of
+ required EKUs that must be present in the signature.
+ @param[in] RequiredEKUsSize Number of elements in the RequiredEKUs string array.
+ @param[in] RequireAllPresent If this is TRUE, then all of the specified EKU's
+ must be present in the leaf signer. If it is
+ FALSE, then we will succeed if we find any
+ of the specified EKU's.
+
+ @retval EFI_SUCCESS The required EKUs were found in the signature.
+ @retval EFI_INVALID_PARAMETER A parameter was invalid.
+ @retval EFI_NOT_FOUND One or more EKU's were not found in the signature.
+
+**/
+EFI_STATUS
+EFIAPI
+VerifyEKUsInPkcs7Signature (
+ IN CONST UINT8 *Pkcs7Signature,
+ IN CONST UINT32 SignatureSize,
+ IN CONST CHAR8 *RequiredEKUs[],
+ IN CONST UINT32 RequiredEKUsSize,
+ IN BOOLEAN RequireAllPresent
+ )
+{
+ EFI_STATUS Status;
+ PKCS7 *Pkcs7;
+ STACK_OF(X509) *CertChain;
+ INT32 SignatureType;
+ INT32 NumberCertsInSignature;
+ X509 *SignerCert;
+ UINT8 *SignedData;
+ UINT8 *Temp;
+ UINTN SignedDataSize;
+ BOOLEAN IsWrapped;
+ BOOLEAN Ok;
+
+ Status = EFI_SUCCESS;
+ Pkcs7 = NULL;
+ CertChain = NULL;
+ SignatureType = 0;
+ NumberCertsInSignature = 0;
+ SignerCert = NULL;
+ SignedData = NULL;
+ SignedDataSize = 0;
+ IsWrapped = FALSE;
+ Ok = FALSE;
+
+ //
+ //Validate the input parameters.
+ //
+ if (Pkcs7Signature == NULL ||
+ SignatureSize == 0 ||
+ RequiredEKUs == NULL ||
+ RequiredEKUsSize == 0) {
+ Status = EFI_INVALID_PARAMETER;
+ goto Exit;
+ }
+
+ if (RequiredEKUsSize == 1) {
+ RequireAllPresent = TRUE;
+ }
+
+ //
+ // Wrap the PKCS7 data if needed.
+ //
+ Ok = WrapPkcs7Data (Pkcs7Signature,
+ SignatureSize,
+ &IsWrapped,
+ &SignedData,
+ &SignedDataSize);
+ if (!Ok) {
+ //
+ // Fail to Wrap the PKCS7 data.
+ //
+ Status = EFI_INVALID_PARAMETER;
+ goto Exit;
+ }
+
+ Temp = SignedData;
+
+ //
+ // Create the PKCS7 object.
+ //
+ Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **)&Temp, (INT32)SignedDataSize);
+ if (Pkcs7 == NULL) {
+ //
+ // Fail to read PKCS7 data.
+ //
+ Status = EFI_INVALID_PARAMETER;
+ goto Exit;
+ }
+
+ //
+ // Get the certificate chain.
+ //
+ SignatureType = OBJ_obj2nid (Pkcs7->type);
+ switch (SignatureType) {
+ case NID_pkcs7_signed:
+ if (Pkcs7->d.sign != NULL) {
+ CertChain = Pkcs7->d.sign->cert;
+ }
+ break;
+ case NID_pkcs7_signedAndEnveloped:
+ if (Pkcs7->d.signed_and_enveloped != NULL) {
+ CertChain = Pkcs7->d.signed_and_enveloped->cert;
+ }
+ break;
+ default:
+ break;
+ }
+
+ //
+ // Ensure we have a certificate stack
+ //
+ if (CertChain == NULL) {
+ //
+ // Fail to get the certificate stack from signature.
+ //
+ Status = EFI_INVALID_PARAMETER;
+ goto Exit;
+ }
+
+ //
+ // Find out how many certificates were in the PKCS7 signature.
+ //
+ NumberCertsInSignature = sk_X509_num (CertChain);
+
+ if (NumberCertsInSignature == 0) {
+ //
+ // Fail to find any certificates in signature.
+ //
+ Status = EFI_INVALID_PARAMETER;
+ goto Exit;
+ }
+
+ //
+ // Get the leaf signer.
+ //
+ Status = GetSignerCertificate (Pkcs7, &SignerCert);
+ if (Status != EFI_SUCCESS || SignerCert == NULL) {
+ //
+ // Fail to get the end-entity leaf signer certificate.
+ //
+ Status = EFI_INVALID_PARAMETER;
+ goto Exit;
+ }
+
+ Status = CheckEKUs (SignerCert, RequiredEKUs, RequiredEKUsSize, RequireAllPresent);
+ if (Status != EFI_SUCCESS) {
+ goto Exit;
+ }
+
+Exit:
+
+ //
+ // Release Resources
+ //
+ // If the signature was not wrapped, then the call to WrapData() will allocate
+ // the data and add a header to it
+ //
+ if (!IsWrapped && SignedData) {
+ free (SignedData);
+ }
+
+ if (Pkcs7 != NULL) {
+ PKCS7_free (Pkcs7);
+ }
+
+ return Status;
+}
+
--
2.29.2

54
shim-change-debug-file-path.patch Normal file
View File

@ -0,0 +1,54 @@
From ac7e88b1f2219ec2b09c9596e6f7d5911e5f6ffd Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Thu, 4 Jan 2018 12:28:37 +0800
Subject: [PATCH] Use our own debug path
Signed-off-by: Gary Lin <glin@suse.com>
---
Make.defaults | 2 +-
fallback.c | 2 +-
shim.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/Make.defaults b/Make.defaults
index bef3cb51..d88367e3 100644
--- a/Make.defaults
+++ b/Make.defaults
@@ -167,7 +167,7 @@ BOOTEFINAME ?= BOOT$(ARCH_SUFFIX_UPPER).EFI
BOOTCSVNAME ?= BOOT$(ARCH_SUFFIX_UPPER).CSV
DEFINES += -DEFI_ARCH='L"$(ARCH_SUFFIX)"' \
- -DDEBUGDIR='L"/usr/lib/debug/usr/share/shim/$(ARCH_SUFFIX)-$(VERSION)$(DASHRELEASE)/"'
+ -DDEBUGDIR=L\"/usr/lib/debug/usr/share/efi/"$(ARCH)/"\"
ifneq ($(origin VENDOR_DB_FILE), undefined)
DEFINES += -DVENDOR_DB_FILE=\"$(VENDOR_DB_FILE)\"
diff --git a/fallback.c b/fallback.c
index 44b2d464..8e0de901 100644
--- a/fallback.c
+++ b/fallback.c
@@ -1058,7 +1058,7 @@ debug_hook(void)
x = 1;
console_print(L"add-symbol-file "DEBUGDIR
- L"fallback.efi.debug %p -s .data %p\n",
+ L"fallback.debug %p -s .data %p\n",
&_etext, &_edata);
}
diff --git a/shim.c b/shim.c
index 1d539855..f8d2ba5f 100644
--- a/shim.c
+++ b/shim.c
@@ -1818,7 +1818,7 @@ debug_hook(void)
FreePool(data);
console_print(L"add-symbol-file "DEBUGDIR
- L"shim.efi.debug 0x%08x -s .data 0x%08x\n",
+ L"shim.debug 0x%08x -s .data 0x%08x\n",
&_text, &_data);
console_print(L"Pausing for debugger attachment.\n");
--
2.29.2

36
shim-disable-export-vendor-dbx.patch Normal file
View File

@ -0,0 +1,36 @@
From 41da21f1f9d4af213f9f235a864772b99ce85fc7 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Fri, 18 Jun 2021 17:54:46 +0800
Subject: [PATCH] Disable exporting vendor-dbx to MokListXRT
As the vendor-dbx grows, it caused some problems when writing such
a large variable. Some firmwares lie the avaiable space(*1) , and
some even crash(*2) for no good reason after the writing of
MokListXRT. Both shim and kernel don't rely on MokListXRT to block
anything, so we just stop exporting vendor-dbx to MokListXRT to
avoid the potential hassles.
(*1) https://bugzilla.suse.com/show_bug.cgi?id=1185261
(*2) https://github.com/rhboot/shim/pull/369#issuecomment-855275115
Signed-off-by: Gary Lin <glin@suse.com>
---
mok.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/mok.c b/mok.c
index beac0ff6..a687a92b 100644
--- a/mok.c
+++ b/mok.c
@@ -194,8 +194,6 @@ struct mok_state_variable mok_state_variables[] = {
EFI_VARIABLE_NON_VOLATILE,
.no_attr = EFI_VARIABLE_RUNTIME_ACCESS,
.categorize_addend = categorize_deauthorized,
- .addend = &vendor_deauthorized,
- .addend_size = &vendor_deauthorized_size,
.flags = MOK_MIRROR_KEYDB |
MOK_MIRROR_DELETE_FIRST |
MOK_VARIABLE_LOG,
--
2.31.1

541
shim-install Normal file
View File

@ -0,0 +1,541 @@
#! /bin/bash -e
arch=`uname -m`
rootdir=
bootdir=
efidir=
install_device=
efibootdir=
ca_string=
no_nvram=no
removable=no
clean=no
sysconfdir="/etc"
libdir="/usr/lib64" # Beware, this is arch dependent!
datadir="/usr/share"
source_dir="${datadir}/efi/${arch}"
efibootmgr="/usr/sbin/efibootmgr"
grub_probe="/usr/sbin/grub2-probe"
grub_mkrelpath="/usr/bin/grub2-mkrelpath"
no_grub_install=no
grub_install="/usr/sbin/grub2-install"
grub_install_target=
self="`basename $0`"
grub_cfg="/boot/grub2/grub.cfg"
update_boot=no
def_grub_efi="${source_dir}/grub.efi"
def_boot_efi=
[ ! -r /usr/etc/default/shim ] || . /usr/etc/default/shim
[ ! -r /etc/default/shim ] || . /etc/default/shim
if [ -z "$def_shim_efi" -o ! -e ${source_dir}/${def_shim_efi} ] ; then
def_shim_efi="shim.efi"
fi
source_shim_efi="${source_dir}/${def_shim_efi}"
if [ x${arch} = xx86_64 ] ; then
grub_install_target="x86_64-efi"
def_boot_efi="bootx64.efi"
elif [ x${arch} = xaarch64 ] ; then
grub_install_target="arm64-efi"
def_boot_efi="bootaa64.efi"
else
echo "Unsupported architecture: ${arch}"
exit 1
fi
if [ ! -d "${source_dir}" -o ! -e "${def_grub_efi}" ] ; then
# for outdated packages fall back to previous behavior
source_dir="$libdir/efi"
def_grub_efi="${source_dir}/grub.efi"
fi
# Get GRUB_DISTRIBUTOR.
if test -f "${sysconfdir}/default/grub" ; then
. "${sysconfdir}/default/grub"
fi
if [ x"${GRUB_DISTRIBUTOR}" = x ] && [ -f "${sysconfdir}/os-release" ] ; then
. "${sysconfdir}/os-release"
GRUB_DISTRIBUTOR="${NAME} ${VERSION}"
OS_ID="${ID}"
fi
bootloader_id="$(echo "$GRUB_DISTRIBUTOR" | tr 'A-Z' 'a-z' | cut -d' ' -f1)"
if test -z "$bootloader_id"; then
bootloader_id=grub
fi
efi_distributor="$bootloader_id"
bootloader_id="${bootloader_id}-secureboot"
case "$bootloader_id" in
"sle"*)
ca_string='SUSE Linux Enterprise Secure Boot CA1';;
"opensuse"*)
ca_string='openSUSE Secure Boot CA1';;
*) ca_string="";;
esac
case "$OS_ID" in
"opensuse-leap")
ca_string='SUSE Linux Enterprise Secure Boot CA1';;
esac
# bsc#1230316 Check if the system is encrypted SL-Micro
is_encrypted_slm () {
if test "$GRUB_DISTRIBUTOR" = "SL Micro" && test -n "$GRUB_TPM2_SEALED_KEY" ; then
# return true
return 0
fi
# return false
return 1
}
# bsc#1230316 For encrypted SL-Micro, always install shim/grub2 with the "removable" way
if is_encrypted_slm; then
removable=yes
fi
is_azure () {
local bios_vendor;
local product_name;
local sys_vendor;
local sysfs_dmi_id="/sys/class/dmi/id"
if test -e "${sysfs_dmi_id}/bios_vendor"; then
bios_vendor=$(cat "${sysfs_dmi_id}/bios_vendor")
fi
if test -e "${sysfs_dmi_id}/product_name"; then
product_name=$(cat "${sysfs_dmi_id}/product_name")
fi
if test -e "${sysfs_dmi_id}/sys_vendor"; then
sys_vendor=$(cat "${sysfs_dmi_id}/sys_vendor")
fi
if test "x${bios_vendor}" != "xMicrosoft Corporation"; then
# return false
return 1
fi
if test "x${product_name}" != "xVirtual Machine"; then
# return false
return 1
fi
if test "x${sys_vendor}" != "xMicrosoft Corporation"; then
# return false
return 1
fi
# return true
return 0
}
usage () {
echo "Usage: $self [OPTION] [INSTALL_DEVICE]"
echo
echo "Install Secure Boot Loaders on your drive."
echo
echo "--directory=DIR use images from DIR."
echo "--grub-probe=FILE use FILE as grub-probe."
echo "--removable the installation device is removable."
echo "--no-nvram don't update the NVRAM variable."
echo "--bootloader-id=ID the ID of bootloader."
echo "--efi-directory=DIR use DIR as the EFI System Partition root."
echo "--config-file=FILE use FILE as config file, default is $grub_cfg."
echo "--clean remove all installed files and configs."
echo "--suse-enable-tpm install grub.efi with TPM support."
echo "--no-grub-install Do not run grub2-install."
echo
echo "INSTALL_DEVICE must be system device filename."
}
argument () {
opt="$1"
shift
if test $# -eq 0; then
echo "$0: option requires an argument -- \`$opt'" 1>&2
exit 1
fi
echo "$1"
}
# Check the arguments.
while test $# -gt 0
do
option=$1
shift
case "$option" in
-h | --help)
usage
exit 0 ;;
--root-directory)
rootdir="`argument $option "$@"`"; shift;;
--root-directory=*)
rootdir="`echo "$option" | sed 's/--root-directory=//'`" ;;
--efi-directory)
efidir="`argument $option "$@"`"; shift;;
--efi-directory=*)
efidir="`echo "$option" | sed 's/--efi-directory=//'`" ;;
--directory | -d)
source_dir="`argument $option "$@"`"; shift;;
--directory=*)
source_dir="`echo "$option" | sed 's/--directory=//'`" ;;
--bootloader-id)
bootloader_id="`argument $option "$@"`"; shift;;
--bootloader-id=*)
bootloader_id="`echo "$option" | sed 's/--bootloader-id=//'`" ;;
--grub-probe)
grub_probe="`argument "$option" "$@"`"; shift;;
--grub-probe=*)
grub_probe="`echo "$option" | sed 's/--grub-probe=//'`" ;;
--config-file)
grub_cfg="`argument "$option" "$@"`"; shift;;
--config-file=*)
grub_cfg="`echo "$option" | sed 's/--config-file=//'`" ;;
--removable)
no_nvram=yes
removable=yes ;;
--no-nvram)
no_nvram=yes ;;
--suse-enable-tpm)
# bsc#1174320 shim-install uses wrong paths for EFI files
# There are 3 possible locations of grub-tpm.efi and we will check them
# one by one.
if [ -e "${source_dir}/grub-tpm.efi" ]; then
source_grub_efi="${source_dir}/grub-tpm.efi"
elif [ -e "${datadir}/grub2/${grub_install_target}/grub-tpm.efi" ] ; then
source_grub_efi="${datadir}/grub2/${grub_install_target}/grub-tpm.efi"
else
source_grub_efi="/usr/lib/grub2/${grub_install_target}/grub-tpm.efi"
fi
;;
--clean)
clean=yes ;;
--no-grub-install)
no_grub_install=yes ;;
-*)
echo "Unrecognized option \`$option'" 1>&2
usage
exit 1
;;
*)
if test "x$install_device" != x; then
echo "More than one install device?" 1>&2
usage
exit 1
fi
install_device="${option}" ;;
esac
done
if test -n "$efidir"; then
efi_fs=`"$grub_probe" --target=fs "${efidir}"`
if test "x$efi_fs" = xfat; then :; else
echo "$efidir doesn't look like an EFI partition." 1>&2
efidir=
fi
fi
if [ -z "$bootdir" ]; then
bootdir="/boot"
if [ -n "$rootdir" ] ; then
# Initialize bootdir if rootdir was initialized.
bootdir="${rootdir}/boot"
fi
fi
# Find the EFI System Partition.
if test -n "$efidir"; then
install_device="`"$grub_probe" --target=device --device-map= "${efidir}"`"
else
if test -d "${bootdir}/efi"; then
install_device="`"$grub_probe" --target=device --device-map= "${bootdir}/efi"`"
# Is it a mount point?
if test "x$install_device" != "x`"$grub_probe" --target=device --device-map= "${bootdir}"`"; then
efidir="${bootdir}/efi"
fi
elif test -d "${bootdir}/EFI"; then
install_device="`"$grub_probe" --target=device --device-map= "${bootdir}/EFI"`"
# Is it a mount point?
if test "x$install_device" != "x`"$grub_probe" --target=device --device-map= "${bootdir}"`"; then
efidir="${bootdir}/EFI"
fi
elif test -n "$rootdir" && test "x$rootdir" != "x/"; then
# The EFI System Partition may have been given directly using
# --root-directory.
install_device="`"$grub_probe" --target=device --device-map= "${rootdir}"`"
# Is it a mount point?
if test "x$install_device" != "x`"$grub_probe" --target=device --device-map= "${rootdir}/.."`"; then
efidir="${rootdir}"
fi
fi
if test -n "$efidir"; then
efi_fs=`"$grub_probe" --target=fs "${efidir}"`
if test "x$efi_fs" = xfat; then :; else
echo "$efidir doesn't look like an EFI partition." 1>&2
efidir=
fi
fi
fi
if test -n "$efidir"; then
efi_file=shim.efi
efibootdir="$efidir/EFI/boot"
mkdir -p "$efibootdir" || exit 1
if test "$removable" = "yes" ; then
efidir="$efibootdir"
else
efidir="$efidir/EFI/$efi_distributor"
mkdir -p "$efidir" || exit 1
fi
else
echo "No valid EFI partition" 1>&2
exit 1;
fi
if test "$removable" = "no" -a -f "$efibootdir/$def_boot_efi"; then
if test -n "$ca_string" && (grep -q "$ca_string" "$efibootdir/$def_boot_efi"); then
update_boot=yes
fi
else
update_boot=yes
fi
if test "$clean" = "yes"; then
rm -f "${efidir}/shim.efi"
rm -f "${efidir}/MokManager.efi"
rm -f "${efidir}/grub.efi"
rm -f "${efidir}/grub.cfg"
rm -f "${efidir}/boot.csv"
if test "$update_boot" = "yes"; then
rm -f "${efibootdir}/${def_boot_efi}"
rm -f "${efibootdir}/fallback.efi"
# bsc#1175626, bsc#1175656 also clean up MokManager
rm -f "${efibootdir}/MokManager.efi"
fi
if test "$no_nvram" = no && test -n "$bootloader_id"; then
# Delete old entries from the same distributor.
for bootnum in `$efibootmgr | grep '^Boot[0-9]' | \
fgrep -i " $bootloader_id" | cut -b5-8`; do
$efibootmgr -b "$bootnum" -B
done
fi
exit 0
fi
cp "${source_dir}/MokManager.efi" "${efidir}"
if test -n "$source_grub_efi" && ! test -f "$source_grub_efi"; then
echo "File $source_grub_efi doesn't exist, fallback to default one" 1>&2
source_grub_efi=""
fi
if test -z "$source_grub_efi"; then
source_grub_efi="$def_grub_efi"
fi
echo "copying $source_grub_efi to ${efidir}/grub.efi"
cp "$source_grub_efi" "${efidir}/grub.efi"
if test "$efidir" != "$efibootdir" ; then
cp "${source_shim_efi}" "${efidir}/shim.efi"
if test -n "$bootloader_id"; then
echo "shim.efi,${bootloader_id}" | iconv -f ascii -t ucs2 > "${efidir}/boot.csv"
fi
fi
if test "$update_boot" = "yes"; then
cp "$source_shim_efi" "${efibootdir}/${def_boot_efi}"
if test "$removable" = "no"; then
cp "${source_dir}/fallback.efi" "${efibootdir}"
# bsc#1175626, bsc#1175656 Since shim 15, loading MokManager becomes
# mandatory if a MOK request exists. Copy MokManager to \EFI\boot so
# that boot*.efi can load MokManager to process the request instead
# of shutting down the system immediately.
cp "${source_dir}/MokManager.efi" "${efibootdir}"
fi
fi
prepare_cryptodisk () {
uuid="$1"
if [ "x$GRUB_CRYPTODISK_PASSWORD" != x ]; then
echo "cryptomount -u $uuid -p \"$GRUB_CRYPTODISK_PASSWORD\""
return
fi
if [ "x$GRUB_TPM2_SEALED_KEY" = x ]; then
echo "cryptomount -u $uuid"
return
fi
tpm_sealed_key="${GRUB_TPM2_SEALED_KEY}"
declare -g TPM_PCR_SNAPSHOT_TAKEN
if [ -z "$TPM_PCR_SNAPSHOT_TAKEN" ]; then
TPM_PCR_SNAPSHOT_TAKEN=1
# Check if tpm_record_pcrs is available and set the command to
# grub.cfg.
if grep -q "tpm_record_pcrs" ${datadir}/grub2/${arch}-efi/command.lst ; then
echo "tpm_record_pcrs 0-9"
fi
fi
tpm_srk_alg="${GRUB_TPM2_SRK_ALG}"
if [ -z "$tpm_srk_alg" ]; then
tpm_srk_alg="RSA"
fi
cat <<EOF
tpm2_key_protector_init -a $tpm_srk_alg -T \$prefix/$tpm_sealed_key
if ! cryptomount -u $uuid --protector tpm2; then
cryptomount -u $uuid
fi
EOF
}
make_grubcfg () {
grub_cfg_dirname=`dirname $grub_cfg`
grub_cfg_basename=`basename $grub_cfg`
cfg_fs_uuid=`"$grub_probe" --target=fs_uuid "$grub_cfg_dirname"`
# bsc#1153953 - Leap 42.3 boot error snapshot missing
# We have to check btrfs is used as root file system to enable relative path
# lookup for file to be on par with other utility which also accounts for it.
GRUB_FS="$(stat -f --printf=%T / || echo unknown)"
if test "x$SUSE_BTRFS_SNAPSHOT_BOOTING" = "xtrue" &&
[ "x${GRUB_FS}" = "xbtrfs" ] ; then
cat <<EOF
set btrfs_relative_path="yes"
EOF
if ${grub_mkrelpath} --usage | grep -q -e '--relative'; then
grub_mkrelpath="${grub_mkrelpath} -r"
fi
fi
if [ x$GRUB_ENABLE_CRYPTODISK = xy ]; then
for uuid in `"${grub_probe}" --target=cryptodisk_uuid --device-map= "${grub_cfg_dirname}"`; do
prepare_cryptodisk "$uuid"
done
fi
hints="`"${grub_probe}" --target=hints_string "${grub_cfg_dirname}" 2> /dev/null`"
if [ "x$hints" != x ]; then
echo "if [ x\$feature_platform_search_hint = xy ]; then"
echo " search --no-floppy --fs-uuid --set=root ${hints} ${cfg_fs_uuid}"
echo "else"
echo " search --no-floppy --fs-uuid --set=root ${cfg_fs_uuid}"
echo "fi"
else
echo "search --no-floppy --fs-uuid --set=root ${cfg_fs_uuid}"
fi
cat <<EOF
set prefix=(\${root})`${grub_mkrelpath} ${grub_cfg_dirname}`
source "\${prefix}/${grub_cfg_basename}"
EOF
}
# bnc#889765 GRUB shows broken letters at boot
# invoke grub_install to initialize /boot/grub2 directory with files needed by grub.cfg
# bsc#1118363 shim-install didn't specify the target for grub2-install
# set the target explicitly for some special cases
if test "$no_grub_install" != "yes"; then
${grub_install} --target=${grub_install_target} --no-nvram
fi
# Making sure grub.cfg not overwritten by grub-install above
make_grubcfg > "${efidir}/grub.cfg"
if test "$no_nvram" = no && test -n "$bootloader_id"; then
modprobe -q efivars 2>/dev/null || true
# Delete old entries from the same distributor.
for bootnum in `$efibootmgr | grep '^Boot[0-9]' | \
fgrep -i " $bootloader_id" | cut -b5-8`; do
$efibootmgr -b "$bootnum" -B
done
# bsc#1230316 Skip the creation of the boot option for encrypted SL-Micro to make
# the system always boot from the default boot path (\EFI\BOOT\boot<arch>.efi)
if ! is_encrypted_slm; then
efidir_drive="$("$grub_probe" --target=drive --device-map= "$efidir")"
efidir_disk="$("$grub_probe" --target=disk --device-map= "$efidir")"
if test -z "$efidir_drive" || test -z "$efidir_disk"; then
echo "Can't find GRUB drive for $efidir; unable to create EFI Boot Manager entry." >&2
# bsc#1119762 If the MD device is partitioned, we just need to create one
# boot entry since the partitions are nested partitions and the mirrored
# partitions share the same UUID.
elif [[ "$efidir_drive" == \(mduuid/* && "$efidir_drive" != \(mduuid/*,* ]]; then
eval $(mdadm --detail --export "$efidir_disk" |
perl -ne 'print if m{^MD_LEVEL=}; push( @D, $1) if (m{^MD_DEVICE_\S+_DEV=(\S+)$});
sub END() {print "MD_DEVS=\"", join( " ", @D), "\"\n";};')
if [ "$MD_LEVEL" != "raid1" ]; then
echo "GRUB drive for $efidir not on RAID1; unable to create EFI Boot Manager entry." >&2
fi
for mddev in $MD_DEVS; do
efidir_drive="$("$grub_probe" --target=drive --device-map= -d "$mddev")"
efidir_disk="$("$grub_probe" --target=disk --device-map= -d "$mddev")"
efidir_part="$(echo "$efidir_drive" | sed 's/^([^,]*,[^0-9]*//; s/[^0-9].*//')"
efidir_d=${mddev#/dev/}
$efibootmgr -c -d "$efidir_disk" -p "$efidir_part" -w \
-L "$bootloader_id ($efidir_d)" -l "\\EFI\\$efi_distributor\\$efi_file"
done
else
efidir_part="$(echo "$efidir_drive" | sed 's/^([^,]*,[^0-9]*//; s/[^0-9].*//')"
$efibootmgr -c -d "$efidir_disk" -p "$efidir_part" -w \
-L "$bootloader_id" -l "\\EFI\\$efi_distributor\\$efi_file"
fi
fi
fi
# bsc#1185464 bsc#1185961
# The Azure firmware sometimes doesn't respect the boot option created by
# either efibootmgr or fallback.efi so we have to remove fallback.efi to
# avoid the endless reset loop.
if is_azure; then
# Skip the workaround if we don't own \EFI\Boot or the removable
# option is used
if test "$update_boot" = "yes" && test "$removable" = "no"; then
# Remove fallback.efi which could cause the reset loop in Azure
rm -f "${efibootdir}/fallback.efi"
# Remove the older grub binary and config
rm -f "${efibootdir}/grub.efi"
rm -f "${efibootdir}/grub.cfg"
# Install new grub binary and config file to \EFI\Boot as
# the "removable" option
cp "${efidir}/grub.cfg" "${efibootdir}/grub.cfg"
cp "${efidir}/grub.efi" "${efibootdir}/grub.efi"
fi
fi

1883
shim.changes Normal file
View File

File diff suppressed because it is too large Load Diff

379
shim.spec Normal file
View File

@ -0,0 +1,379 @@
#
# spec file for package shim
#
# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
# needssslcertforbuild
%undefine _debuginfo_subpackages
%undefine _build_create_debug
%ifarch aarch64
%define grubplatform arm64-efi
%else
%define grubplatform %{_target_cpu}-efi
%endif
%if %{defined sle_version} && 0%{?sle_version} <= 150000
%define sysefidir /usr/lib64/efi
%else
%define sysefibasedir %{_datadir}/efi
%define sysefidir %{sysefibasedir}/%{_target_cpu}
%if "%{grubplatform}" == "x86_64-efi" && 0%{?suse_version} < 1600
# provide compatibility sym-link for residual kiwi, etc.
%define shim_lib64_share_compat 1
%endif
%endif
%if 0%{?suse_version} >= 1600
%define shim_use_fde_tpm_helper 1
%endif
Name: shim
Version: 15.8
Release: 0
Summary: UEFI shim loader
License: BSD-2-Clause
Group: System/Boot
URL: https://github.com/rhboot/shim
Source: %{name}-%{version}.tar.bz2
# run "extract_signature.sh shim.efi" where shim.efi is the binary
# with the signature from the UEFI signing service.
# Note: For signature requesting, check SIGNATURE_UPDATE.txt
Source1: signature-opensuse.x86_64.asc
Source2: openSUSE-UEFI-CA-Certificate.crt
Source3: shim-install
Source4: SLES-UEFI-CA-Certificate.crt
Source5: extract_signature.sh
Source6: attach_signature.sh
Source7: show_hash.sh
Source8: show_signatures.sh
Source9: timestamp.pl
Source10: strip_signature.sh
Source11: signature-sles.x86_64.asc
Source12: signature-opensuse.aarch64.asc
Source13: signature-sles.aarch64.asc
Source14: generate-vendor-dbx.sh
# revoked certificates for dbx
Source50: revoked-openSUSE-UEFI-SIGN-Certificate-2013-01.crt
Source51: revoked-openSUSE-UEFI-SIGN-Certificate-2013-08.crt
Source52: revoked-openSUSE-UEFI-SIGN-Certificate-2020-01.crt
Source53: revoked-openSUSE-UEFI-SIGN-Certificate-2020-07.crt
Source54: revoked-openSUSE-UEFI-SIGN-Certificate-2021-05.crt
Source55: revoked-SLES-UEFI-SIGN-Certificate-2013-01.crt
Source56: revoked-SLES-UEFI-SIGN-Certificate-2013-04.crt
Source57: revoked-SLES-UEFI-SIGN-Certificate-2016-02.crt
Source58: revoked-SLES-UEFI-SIGN-Certificate-2020-07.crt
Source59: revoked-SLES-UEFI-SIGN-Certificate-2021-05.crt
###
Source99: SIGNATURE_UPDATE.txt
# PATCH-FIX-SUSE shim-arch-independent-names.patch glin@suse.com -- Use the Arch-independent names
Patch1: shim-arch-independent-names.patch
# PATCH-FIX-OPENSUSE shim-change-debug-file-path.patch glin@suse.com -- Change the default debug file path
Patch2: shim-change-debug-file-path.patch
# PATCH-FIX-SUSE shim-bsc1177315-verify-eku-codesign.patch bsc#1177315 glin@suse.com -- Verify CodeSign in the signer's EKU
Patch3: shim-bsc1177315-verify-eku-codesign.patch
# PATCH-FIX-SUSE remove_build_id.patch -- Remove the build ID to make the binary reproducible when building with AArch64 container
Patch4: remove_build_id.patch
# PATCH-FIX-SUSE shim-disable-export-vendor-dbx.patch bsc#1185261 glin@suse.com -- Disable exporting vendor-dbx to MokListXRT
Patch5: shim-disable-export-vendor-dbx.patch
BuildRequires: dos2unix
BuildRequires: efitools
BuildRequires: mozilla-nss-tools
BuildRequires: openssl >= 0.9.8
BuildRequires: pesign
BuildRequires: pesign-obs-integration
%if 0%{?shim_use_fde_tpm_helper:1}
BuildRequires: fde-tpm-helper-rpm-macros
%endif
%if 0%{?suse_version} > 1320
BuildRequires: update-bootloader-rpm-macros
%endif
%if 0%{?update_bootloader_requires:1}
%update_bootloader_requires
%else
Requires: perl-Bootloader
%endif
%if 0%{?fde_tpm_update_requires:1}
%fde_tpm_update_requires
%endif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
# For shim-install script grub is needed but we also want to use
# shim for systemd-boot where shim-install is not actually used.
# Requires: grub2-%{grubplatform}
Requires: mokutil
ExclusiveArch: x86_64 aarch64
%description
shim is a trivial EFI application that, when run, attempts to open and
execute another application.
%package -n shim-debuginfo
Summary: UEFI shim loader - debug symbols
Group: Development/Debug
%description -n shim-debuginfo
The debug symbols of UEFI shim loader
%package -n shim-debugsource
Summary: UEFI shim loader - debug source
Group: Development/Debug
%description -n shim-debugsource
The source code of UEFI shim loader
%prep
%autosetup -p1
%build
# generate the vendor SBAT metadata
%if 0%{?is_opensuse} == 1 || 0%{?sle_version} == 0
distro_id="opensuse"
distro_name="The openSUSE project"
%else
distro_id="sle"
distro_name="SUSE Linux Enterprise"
%endif
distro_sbat=1
sbat="shim.${distro_id},${distro_sbat},${distro_name},%{name},%{version},mail:security@suse.de"
echo "${sbat}" > data/sbat.vendor.csv
# generate dbx files based on revoked certs
bash %{_sourcedir}/generate-vendor-dbx.sh %{_sourcedir}/revoked-*.crt
ls -al *.esl
# first, build MokManager and fallback as they don't depend on a
# specific certificate
make RELEASE=0 \
MMSTEM=MokManager FBSTEM=fallback \
MokManager.efi.debug fallback.efi.debug \
MokManager.efi fallback.efi
# make sure all object files gets rebuilt
rm -f *.o
# now build variants of shim that embed different certificates
default=''
suffixes=(opensuse sles)
# check whether the project cert is a known one. If it is we build
# just one shim that embeds this specific cert. If it's a devel
# project we build all variants to simplify testing.
if test -e %{_sourcedir}/_projectcert.crt ; then
prjsubject=$(openssl x509 -in %{_sourcedir}/_projectcert.crt -noout -subject_hash)
prjissuer=$(openssl x509 -in %{_sourcedir}/_projectcert.crt -noout -issuer_hash)
opensusesubject=$(openssl x509 -in %{SOURCE2} -noout -subject_hash)
slessubject=$(openssl x509 -in %{SOURCE4} -noout -subject_hash)
if test "$prjissuer" = "$opensusesubject" ; then
suffixes=(opensuse)
elif test "$prjissuer" = "$slessubject" ; then
suffixes=(sles)
elif test "$prjsubject" = "$prjissuer" ; then
suffixes=(devel opensuse sles)
fi
fi
for suffix in "${suffixes[@]}"; do
if test "$suffix" = "opensuse"; then
cert=%{SOURCE2}
verify='openSUSE Secure Boot CA1'
vendor_dbx='vendor-dbx-opensuse.esl'
%ifarch x86_64
signature=%{SOURCE1}
%else
# AArch64 signature
# Disable AArch64 signature attachment temporarily
# until we get a real one.
# Now, we got a real one. So enable it again.
signature=%{SOURCE12}
%endif
elif test "$suffix" = "sles"; then
cert=%{SOURCE4}
verify='SUSE Linux Enterprise Secure Boot CA1'
vendor_dbx='vendor-dbx-opensuse.esl'
%ifarch x86_64
signature=%{SOURCE11}
%else
# AArch64 signature
signature=%{SOURCE13}
%endif
elif test "$suffix" = "devel"; then
cert=%{_sourcedir}/_projectcert.crt
verify=`openssl x509 -in "$cert" -noout -email`
vendor_dbx='vendor-dbx.esl'
signature=''
test -e "$cert" || continue
else
echo "invalid suffix"
false
fi
openssl x509 -in $cert -outform DER -out shim-$suffix.der
make RELEASE=0 SHIMSTEM=shim \
VENDOR_CERT_FILE=shim-$suffix.der ENABLE_HTTPBOOT=1 \
DEFAULT_LOADER="\\\\\\\\grub.efi" \
VENDOR_DBX_FILE=$vendor_dbx \
shim.efi.debug shim.efi
#
# assert correct certificate embedded
grep -q "$verify" shim.efi
# make VENDOR_CERT_FILE=cert.der VENDOR_DBX_FILE=dbx
chmod 755 %{SOURCE9}
# alternative: verify signature
#sbverify --cert MicCorThiParMarRoo_2010-10-05.pem shim-signed.efi
if test -n "$signature"; then
head -1 "$signature" > hash1
cp shim.efi shim.efi.bak
# pe header contains timestamp and checksum. we need to
# restore that
%{SOURCE9} --set-from-file "$signature" shim.efi
pesign -h -P -i shim.efi > hash2
cat hash1 hash2
if ! cmp -s hash1 hash2; then
echo "ERROR: $suffix binary changed, need to request new signature!"
%if %{defined shim_enforce_ms_signature} && 0%{?shim_enforce_ms_signature} > 0
# compare suffix (sles, opensuse) with distro_id (sle, opensuse)
# when hash mismatch and distro_id match with suffix, stop building
if test "$suffix" = "$distro_id" || test "$suffix" = "${distro_id}s"; then
false
fi
%endif
mv shim.efi.bak shim-$suffix.efi
rm shim.efi
else
# attach signature
pesign -m "$signature" -i shim.efi -o shim-$suffix.efi
rm -f shim.efi
fi
else
mv shim.efi shim-$suffix.efi
fi
mv shim.efi.debug shim-$suffix.debug
# remove the build cert if exists
rm -f shim_cert.h shim.cer shim.crt
# make sure all object files gets rebuilt
rm -f *.o
done
ln -s shim-${suffixes[0]}.efi shim.efi
mv shim-${suffixes[0]}.debug shim.debug
# Collect the source for debugsource
mkdir ../source
find . \( -name "*.c" -o -name "*.h" \) -type f -exec cp --parents -a {} ../source/ \;
mv ../source .
%install
export BRP_PESIGN_FILES='%{sysefidir}/shim*.efi %{sysefidir}/MokManager.efi %{sysefidir}/fallback.efi'
install -d %{buildroot}/%{sysefidir}
cp -a shim*.efi %{buildroot}/%{sysefidir}
install -m 444 shim-*.der %{buildroot}/%{sysefidir}
install -m 644 MokManager.efi %{buildroot}/%{sysefidir}/MokManager.efi
install -m 644 fallback.efi %{buildroot}/%{sysefidir}/fallback.efi
install -d %{buildroot}/%{_sbindir}
install -m 755 %{SOURCE3} %{buildroot}/%{_sbindir}/
# install SUSE certificate
install -d %{buildroot}/%{_sysconfdir}/uefi/certs/
for file in shim-*.der; do
filename=$(echo "$file" | cut -f 1 -d '.')
fpr=$(openssl x509 -sha1 -fingerprint -inform DER -noout -in $file | cut -c 18- | cut -d ":" -f 1,2,3,4 | sed 's/://g')
install -m 644 $file %{buildroot}/%{_sysconfdir}/uefi/certs/${fpr}-${filename}.crt
done
%if %{defined shim_lib64_share_compat}
[ "%{sysefidir}" != "/usr/lib64/efi" ] || exit 1
# provide compatibility sym-link for residual "consumers"
install -d %{buildroot}/usr/lib64/efi
ln -srf %{buildroot}/%{sysefidir}/*.efi %{buildroot}/usr/lib64/efi/
%endif
# install the debug symbols
install -d %{buildroot}/usr/lib/debug/%{sysefidir}
install -m 644 shim.debug %{buildroot}/usr/lib/debug/%{sysefidir}
install -m 644 MokManager.efi.debug %{buildroot}/usr/lib/debug/%{sysefidir}/MokManager.debug
install -m 644 fallback.efi.debug %{buildroot}/usr/lib/debug/%{sysefidir}/fallback.debug
# install the debug source
install -d %{buildroot}/usr/src/debug/%{name}-%{version}
cp -r source/* %{buildroot}/usr/src/debug/%{name}-%{version}
%clean
%{?buildroot:%__rm -rf "%{buildroot}"}
%post
%if 0%{?fde_tpm_update_post:1}
%fde_tpm_update_post shim
%endif
%if 0%{?update_bootloader_check_type_reinit_post:1}
%update_bootloader_check_type_reinit_post grub2-efi
%else
/sbin/update-bootloader --reinit || true
%endif
# copy from kernel-scriptlets/cert-script
is_efi () {
local msg rc=0
# The below statement fails if mokutil isn't installed or UEFI is unsupported.
# It doesn't fail if UEFI is available but secure boot is off.
msg="$(mokutil --sb-state 2>&1)" || rc=$?
return $rc
}
# run mokutil for setting sbat policy to latest mode
EFIVARFS=/sys/firmware/efi/efivars
SBAT_POLICY="$EFIVARFS/SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23"
if is_efi; then
if [ -w $EFIVARFS ] && \
[ ! -f "$SBAT_POLICY" ] && \
mokutil -h | grep -q "set-sbat-policy"; \
then
# Only apply CA check on the kernel package certs (bsc#1173115)
mokutil --set-sbat-policy latest
fi
fi
%if %{defined update_bootloader_posttrans}
%posttrans
%{?update_bootloader_posttrans}
%{?fde_tpm_update_posttrans}
%endif
%files
%defattr(-,root,root)
%doc COPYRIGHT
%dir %{?sysefibasedir}
%dir %{sysefidir}
%{sysefidir}/shim.efi
%{sysefidir}/shim-*.efi
%{sysefidir}/shim-*.der
%{sysefidir}/MokManager.efi
%{sysefidir}/fallback.efi
%{_sbindir}/shim-install
%dir %{_sysconfdir}/uefi/
%dir %{_sysconfdir}/uefi/certs/
%{_sysconfdir}/uefi/certs/*.crt
%if %{defined shim_lib64_share_compat}
# provide compatibility sym-link for previous kiwi, etc.
%dir /usr/lib64/efi
/usr/lib64/efi/*.efi
%endif
%files -n shim-debuginfo
%defattr(-,root,root,-)
/usr/lib/debug%{sysefidir}/shim.debug
/usr/lib/debug%{sysefidir}/MokManager.debug
/usr/lib/debug%{sysefidir}/fallback.debug
%files -n shim-debugsource
%defattr(-,root,root,-)
%dir /usr/src/debug/%{name}-%{version}
/usr/src/debug/%{name}-%{version}/*
%changelog

12
show_hash.sh Normal file
View File

@ -0,0 +1,12 @@
#!/bin/bash
# show hash of PE binary
set -e
infile="$1"
if [ -z "$infile" -o ! -e "$infile" ]; then
echo "USAGE: $0 file.efi"
exit 1
fi
pesign -h -P -i "$infile"

12
show_signatures.sh Normal file
View File

@ -0,0 +1,12 @@
#!/bin/bash
# show signatures on a PE binary
set -e
infile="$1"
if [ -z "$infile" -o ! -e "$infile" ]; then
echo "USAGE: $0 file.efi"
exit 1
fi
pesign -S -i "$infile"

210
signature-opensuse.aarch64.asc Normal file
View File

@ -0,0 +1,210 @@
hash: 15854cd77be6b61bb6d22b4d448fe9b2d5d06dfa67d8161b6497e10af5b1bfb3
# 1970-01-01 00:00:00
timestamp: 0
linker: 2902
checksum: e2b1
-----BEGIN AUTHENTICODE SIGNATURE-----
MIIl/AYJKoZIhvcNAQcCoIIl7TCCJekCAQExDzANBglghkgBZQMEAgEFADBcBgor
BgEEAYI3AgEEoE4wTDAXBgorBgEEAYI3AgEPMAkDAQCgBKICgAAwMTANBglghkgB
ZQMEAgEFAAQgFYVM13vmthu20itNRI/pstXQbfpn2BYbZJfhCvWxv7OgggszMIIF
GzCCBAOgAwIBAgITMwAAAF4N6/Cb7d174QABAAAAXjANBgkqhkiG9w0BAQsFADCB
gTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl
ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMi
TWljcm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMTAeFw0yMzEwMTkxOTUz
MjNaFw0yNDEwMTYxOTUzMjNaMIGGMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz
aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv
cnBvcmF0aW9uMTAwLgYDVQQDEydNaWNyb3NvZnQgV2luZG93cyBVRUZJIERyaXZl
ciBQdWJsaXNoZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzpvyW
cc7Gs+Ea6UCnwbKrckBd4Q7X4TqLmyMXmzQ0qR3SXfpXij+zVEgVsEiZu/q2EpK0
yMFaXzI2XRxUEh4OUvEr/YxnOIf4RC2LBhrMtGgxRgtsquEcYqpmpwD0/55+CAGt
Ro1lBKt6xjNg94JoiTyO06zfNsSU8XbAWKH/D6yNhmJy2sx8LCOzQ84FrnUw8WX5
qrYMxn098IVb7OWiT77OZDfQAacxPmjCl1Mu0B97JbkSXJQjC9i6bojYQiyj644u
l/AZ0PNQnsskHt3wRCWbt6JeJoBvZ1AfyB18YZlSTErrsLWMMdskxjDxaPQZ89np
hh8x1pp4s+rRydvnAgMBAAGjggGDMIIBfzAfBgNVHSUEGDAWBgorBgEEAYI3UAIB
BggrBgEFBQcDAzAdBgNVHQ4EFgQUlfB5rBZSx3/3mPyB55Q8ze/1EU8wVAYDVR0R
BE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJhdGlvbnMg
TGltaXRlZDEWMBQGA1UEBRMNMjI5OTExKzUwMTY1NzAfBgNVHSMEGDAWgBQTrb9D
Cb2CcJyM1U8xbtUimIob1DBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vd3d3Lm1p
Y3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb3JVRUZDQTIwMTFfMjAxMS0wNi0y
Ny5jcmwlMjAwYAYIKwYBBQUHAQEEVDBSMFAGCCsGAQUFBzAChkRodHRwOi8vd3d3
Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY0NvclVFRkNBMjAxMV8yMDEx
LTA2LTI3LmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAbF+I8
wqogC0dVERcDh9mPeIvBJ0MJAYE7RraCaQHgjl8vQi8X1yB8o/xzzP7vTJWxdHLx
uuVLIZMGW922OtA5zth05/mwOwYJClf5IEpj7lAYYDAFYLy4Q7amg0s13bFnpwJx
h4pNfvoZYaGpQw5HOTTz8fAZW5U61Kcbvy5sjbfKWJMxyD6GP1B8CkWHXsc5OdxU
y+GvmwuguWtgW7MNFOTxxccPocRo7/KKhTL68jZysOPdEyCbLnuiICwowAK2GHCh
cdxsOKwu/Lqb+rbJEv+Tj8aFNyuymDw6CYl/cfwbBrlh7EWB9Tr2bp8HRCYgZDC7
/3VMVGyApvwRUC4VMIIGEDCCA/igAwIBAgIKYQjTxAAAAAAABDANBgkqhkiG9w0B
AQsFADCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNV
BAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE7MDkG
A1UEAxMyTWljcm9zb2Z0IENvcnBvcmF0aW9uIFRoaXJkIFBhcnR5IE1hcmtldHBs
YWNlIFJvb3QwHhcNMTEwNjI3MjEyMjQ1WhcNMjYwNjI3MjEzMjQ1WjCBgTELMAkG
A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx
HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiTWljcm9z
b2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKUIbEzHRQlqSwykwId/BnUMQwFUZOAWfwftkn0LsnO/DArG
SkVhoMUWLZbT9Sug+01Jm0GAkDy5VP3mvNGdxKQYin9BilxZg2gyu4xHye5xvCFP
mop8/0Q/jY8ysiZIrnW17slMHkoZfuSCmh14d00MsL32D9MW07z6K6VROF31+7rb
eALb/+wKG5bVg7gZE+m2wHtAe+EfKCfJ+u9WXhzmfpR+wPBEsnk55dqyYotNvzhw
4mgkFMkzpAg31VhpXtN87cEEUwjnTrAqh2MIYW9jFVnqsit51wxhZ4pb/V6th3+6
hmdPcVgSIgQiIs6L71RxAM5QNVh2lQjuarGiAdUCAwEAAaOCAXYwggFyMBIGCSsG
AQQBgjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUCBBYEFPjBa7d/d1NK8yU3HU6hJnsP
IHCAMB0GA1UdDgQWBBQTrb9DCb2CcJyM1U8xbtUimIob1DAZBgkrBgEEAYI3FAIE
DB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNV
HSMEGDAWgBRFZlJD4X5YEb/WTp4jVQg7OiJqqDBcBgNVHR8EVTBTMFGgT6BNhkto
dHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNDb3JU
aGlQYXJNYXJSb29fMjAxMC0xMC0wNS5jcmwwYAYIKwYBBQUHAQEEVDBSMFAGCCsG
AQUFBzAChkRodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY0Nv
clRoaVBhck1hclJvb18yMDEwLTEwLTA1LmNydDANBgkqhkiG9w0BAQsFAAOCAgEA
NQhC/zDMzvd2DK0QaFg1KUYydid87xJBJ0IbSqptgThIWRNV8+lYNKYWC4KqXa2C
2oCDQQaPtB3yA7nzGl0b8VCQ+bNVhEIoHCC9sq5RFMXArJeVIRyQ2w/8d56Vc5GI
yr29UrkFUA3fV56gYe0N5W0l2UAPF0DIzqNKwk2vmhIdCFSPvce8uSs9SSsfMvxq
IWlPm8h+QjT8NgYXi48gQMCzmiV1J83JA6P2XdHnNlR6uVC10xLRB7+7dN/cHo+A
1e0Y9C8UFmsv3maMsCPlx4TY7erBM4KtVksYLfFolQfNz/By8K673YaFmCwhTDMr
8A9K8GiHtZJVMnWhaoJqPKMlEaTtrdcErsvYQFmghNGVTGKRIhp0HYw9Rw5EpuSw
mzQ1sfq2U6gsgeykBXHInbi66BtEZuRHVA6OVn+znxaYsobQaD6QI7UvXo9QhY3G
jYJfQaH0Lg3gmdJsdeS2abUhhvoH0fbiTdHarSx3Ux4lMjfHbFJylYaw8TVhahn1
sjuBUFamMi3+oon5QoYnGFWhgspam/gwmFQUpkeWJS/IJuRBlBpcAj/lluOFWzw+
P7tHFnJV4iUisdl75wMGKqP3HpBGwwAN1hmJ4w41J2IDcRWm79AnoKBZN2D4OJS4
4Hhw+LpMhoeU9uCuAkXuZcK2o35pFnUHkpv1prxZg1gxgho8MIIaOAIBATCBmTCB
gTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl
ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMi
TWljcm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMQITMwAAAF4N6/Cb7d17
4QABAAAAXjANBglghkgBZQMEAgEFAKCB3DAZBgkqhkiG9w0BCQMxDAYKKwYBBAGC
NwIBBDAcBgorBgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkqhkiG9w0BCQQx
IgQgdd6O5OEsvX0UU4vyeSu44XBSQRO/CoXFU+Q16f3KizEwcAYKKwYBBAGCNwIB
DDFiMGCgMoAwAFMAVQBTAEUAIABMAGkAbgB1AHgAIABQAHIAbwBkAHUAYwB0AHMA
IABHAG0AYgBIoSqAKGh0dHBzOi8vd3d3Lm1pY3Jvc29mdC5jb20vZW4tdXMvd2lu
ZG93cyAwDQYJKoZIhvcNAQEBBQAEggEANynVV3RYU3XrN2kuW5q48FQdL6+9XreN
YTq+i6An7ocXv4UjRtYxwYbtU7SMy/qrFYwAT9cj4HVREs34FNvXeYejGxDyxxD6
0pgVKcaQ3w+3EtszP0a8l7ahRZzDbPwxOmzPzLlK6dB7t9WUBFPEHN4j2kap7p1x
B7hdYcY7R8EH9svUpkGBAJ4/5uzmin+NUx80qXRIgsXqNScyVewef5FPgoANbD6x
QQ3UHeMNbA1ByThJoLG1Fiui2/FespBytRlyrU+ACJ+b5Q1evQBW4M6JD8j3vvvx
ZCRv4QhRUcqDgtN4n34V8bEyVyg2uCDc2W4YKs6hHyEQed1mb9pubqGCF5QwgheQ
BgorBgEEAYI3AwMBMYIXgDCCF3wGCSqGSIb3DQEHAqCCF20wghdpAgEDMQ8wDQYJ
YIZIAWUDBAIBBQAwggFSBgsqhkiG9w0BCRABBKCCAUEEggE9MIIBOQIBAQYKKwYB
BAGEWQoDATAxMA0GCWCGSAFlAwQCAQUABCBH+zcM3Y8L8q9zybET5lorN3TWvV09
WbQ2Z9foWEPK+AIGZkYjrOQ7GBMyMDI0MDYwNDIzMjMwOC43MjRaMASAAgH0oIHR
pIHOMIHLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE
BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYD
VQQLExxNaWNyb3NvZnQgQW1lcmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hp
ZWxkIFRTUyBFU046N0YwMC0wNUUwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBU
aW1lLVN0YW1wIFNlcnZpY2WgghHqMIIHIDCCBQigAwIBAgITMwAAAfAqfB1ZO+Yf
rQABAAAB8DANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMK
V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0
IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0Eg
MjAxMDAeFw0yMzEyMDYxODQ1NTFaFw0yNTAzMDUxODQ1NTFaMIHLMQswCQYDVQQG
EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG
A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQg
QW1lcmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046N0Yw
MC0wNUUwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZp
Y2UwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC1Hi1Tozh3O0czE8xf
RnrymlJNCaGWommPy0eINf+4EJr7rf8tSzlgE8Il4Zj48T5fTTOAh6nITRf2lK7+
upcnZ/xg0AKoDYpBQOWrL9ObFShylIHfr/DQ4PsRX8GRtInuJsMkwSg63bfB4Q2U
ikMEP/CtZHi8xW5XtAKp95cs3mvUCMvIAA83Jr/UyADACJXVU4maYisczUz7J111
eD1KrG9mQ+ITgnRR/X2xTDMCz+io8ZZFHGwEZg+c3vmPp87m4OqOKWyhcqMUupPv
eO/gQC9Rv4szLNGDaoePeK6IU0JqcGjXqxbcEoS/s1hCgPd7Ux6YWeWrUXaxbb+J
osgOazUgUGs1aqpnLjz0YKfUqn8i5TbmR1dqElR4QA+OZfeVhpTonrM4sE/MlJ1J
LpR2FwAIHUeMfotXNQiytYfRBUOJHFeJYEflZgVk0Xx/4kZBdzgFQPOWfVd2NozX
lC2epGtUjaluA2osOvQHZzGOoKTvWUPX99MssGObO0xJHd0DygP/JAVp+bRGJqa2
u7AqLm2+tAT26yI5veccDmNZsg3vDh1HcpCJa9QpRW/MD3a+AF2ygV1sRnGVUVG3
VODX3BhGT8TMU/GiUy3h7ClXOxmZ+weCuIOzCkTDbK5OlAS8qSPpgp+XGlOLEPaM
31Mgf6YTppAaeP0ophx345ohtwIDAQABo4IBSTCCAUUwHQYDVR0OBBYEFNCCsqdX
Ry/MmjZGVTAvx7YFWpslMB8GA1UdIwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1Gely
MF8GA1UdHwRYMFYwVKBSoFCGTmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lv
cHMvY3JsL01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNy
bDBsBggrBgEFBQcBAQRgMF4wXAYIKwYBBQUHMAKGUGh0dHA6Ly93d3cubWljcm9z
b2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBD
QSUyMDIwMTAoMSkuY3J0MAwGA1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYB
BQUHAwgwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4ICAQA4IvSbnr4j
EPgo5W4xj3/+0dCGwsz863QGZ2mB9Z4SwtGGLMvwfsRUs3NIlPD/LsWAxdVYHklA
zwLTwQ5M+PRdy92DGftyEOGMHfut7Gq8L3RUcvrvr0AL/NNtfEpbAEkCFzseextY
5s3hzj3rX2wvoBZm2ythwcLeZmMgHQCmjZp/20fHWJgrjPYjse6RDJtUTlvUsjr+
878/t+vrQEIqlmebCeEi+VQVxc7wF0LuMTw/gCWdcqHoqL52JotxKzY8jZSQ7ccN
HhC4eHGFRpaKeiSQ0GXtlbGIbP4kW1O3JzlKjfwG62NCSvfmM1iPD90XYiFm7/8m
gR16AmqefDsfjBCWwf3qheIMfgZzWqeEz8laFmM8DdkXjuOCQE/2L0TxhrjUtdMk
ATfXdZjYRlscBDyr8zGMlprFC7LcxqCXlhxhtd2CM+mpcTc8RB2D3Eor0UdoP36Q
9r4XWCVV/2Kn0AXtvWxvIfyOFm5aLl0eEzkhfv/XmUlBeOCElS7jdddWpBlQjJuH
HUHjOVGXlrJT7X4hicF1o23x5U+j7qPKBceryP2/1oxfmHc6uBXlXBKukV/QCZBV
AiBMYJhnktakWHpo9uIeSnYT6Qx7wf2RauYHIER8SLRmblMzPOs+JHQzrvh7xStx
310LOp+0DaOXs8xjZvhpn+WuZij5RmZijDCCB3EwggVZoAMCAQICEzMAAAAVxedr
ngKbSZkAAAAAABUwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYD
VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy
b3NvZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRp
ZmljYXRlIEF1dGhvcml0eSAyMDEwMB4XDTIxMDkzMDE4MjIyNVoXDTMwMDkzMDE4
MzIyNVowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNV
BAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQG
A1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwggIiMA0GCSqGSIb3
DQEBAQUAA4ICDwAwggIKAoICAQDk4aZM57RyIQt5osvXJHm9DtWC0/3unAcH0qls
TnXIyjVX9gF/bErg4r25PhdgM/9cT8dm95VTcVrifkpa/rg2Z4VGIwy1jRPPdzLA
EBjoYH1qUoNEt6aORmsHFPPFdvWGUNzBRMhxXFExN6AKOG6N7dcP2CZTfDlhAnrE
qv1yaa8dq6z2Nr41JmTamDu6GnszrYBbfowQHJ1S/rboYiXcag/PXfT+jlPP1uyF
Vk3v3byNpOORj7I5LFGc6XBpDco2LXCOMcg1KL3jtIckw+DJj361VI/c+gVVmG1o
O5pGve2krnopN6zL64NF50ZuyjLVwIYwXE8s4mKyzbnijYjklqwBSru+cakXW2dg
3viSkR4dPf0gz3N9QZpGdc3EXzTdEonW/aUgfX782Z5F37ZyL9t9X4C626p+Nuw2
TPYrbqgSUei/BQOj0XOmTTd0lBw0gg/wEPK3Rxjtp+iZfD9M269ewvPV2HM9Q07B
MzlMjgK8QmguEOqEUUbi0b1qGFphAXPKZ6Je1yh2AuIzGHLXpyDwwvoSCtdjbwzJ
NmSLW6CmgyFdXzB0kZSU2LlQ+QuJYfM2BjUYhEfb3BvR/bLUHMVr9lxSUV0S2yW6
r1AFemzFER1y7435UsSFF5PAPBXbGjfHCBUYP3irRbb1Hode2o+eFnJpxq57t7c+
auIurQIDAQABo4IB3TCCAdkwEgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3
FQIEFgQUKqdS/mTEmr6CkTxGNSnPEP8vBO4wHQYDVR0OBBYEFJ+nFV0AXmJdg/Tl
0mWnG1M1GelyMFwGA1UdIARVMFMwUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUH
AgEWM2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0
b3J5Lmh0bTATBgNVHSUEDDAKBggrBgEFBQcDCDAZBgkrBgEEAYI3FAIEDB4KAFMA
dQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAW
gBTV9lbLj+iiXGJo0T2UkFvXzpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8v
Y3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRf
MjAxMC0wNi0yMy5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRw
Oi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEw
LTA2LTIzLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAnVV9/Cqt4SwfZwExJFvhnnJL
/Klv6lwUtj5OR2R4sQaTlz0xM7U518JxNj/aZGx80HU5bbsPMeTCj/ts0aGUGCLu
6WZnOlNN3Zi6th542DYunKmCVgADsAW+iehp4LoJ7nvfam++Kctu2D9IdQHZGN5t
ggz1bSNU5HhTdSRXud2f8449xvNo32X2pFaq95W2KFUn0CS9QKC/GbYSEhFdPSfg
QJY4rPf5KYnDvBewVIVCs/wMnosZiefwC2qBwoEZQhlSdYo2wh3DYXMuLGt7bj8s
CXgU6ZGyqVvfSaN0DLzskYDSPeZKPmY7T7uG+jIa2Zb0j/aRAfbOxnT99kxybxCr
dTDFNLB62FD+CljdQDzHVG2dY3RILLFORy3BFARxv2T5JL5zbcqOCb2zAVdJVGTZ
c9d/HltEAY5aGZFrDZ+kKNxnGSgkujhLmm77IVRrakURR6nxt67I6IleT53S0Ex2
tVdUCbFpAUR+fKFhbHP+CrvsQWY9af3LwUFJfn6Tvsv4O+S3Fb+0zj6lMVGEvL8C
wYKiexcdFYmNcP7ntdAoGokLjzbaukz5m/8K6TT4JDVnK+ANuOaMmdbhIurwJ0I9
JZTmdHRbatGePu1+oDEzfbzL6Xu/OHBE0ZDxyKs6ijoIYn/ZcGNTTY3ugm2lBRDB
cQZqELQdVTNYs6FwZvKhggNNMIICNQIBATCB+aGB0aSBzjCByzELMAkGA1UEBhMC
VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV
BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFt
ZXJpY2EgT3BlcmF0aW9uczEnMCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOjdGMDAt
MDVFMC1EOTQ3MSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNl
oiMKAQEwBwYFKw4DAhoDFQDCKAZKKv5lsdC2yoMGKYiQy79p/6CBgzCBgKR+MHwx
CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt
b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1p
Y3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMA0GCSqGSIb3DQEBCwUAAgUA6gmt
WzAiGA8yMDI0MDYwNDE1MTIyN1oYDzIwMjQwNjA1MTUxMjI3WjB0MDoGCisGAQQB
hFkKBAExLDAqMAoCBQDqCa1bAgEAMAcCAQACAiULMAcCAQACAhPVMAoCBQDqCv7b
AgEAMDYGCisGAQQBhFkKBAIxKDAmMAwGCisGAQQBhFkKAwKgCjAIAgEAAgMHoSCh
CjAIAgEAAgMBhqAwDQYJKoZIhvcNAQELBQADggEBAHolMT4L9I0SutF3YnhwNYu2
YXSXlO/SBw+kSGfZhsd2dAMl/EwPJX6NOt40bMi38USPjMpVJYBat6ct4JqeWnMl
lulwgq/KAfBwFAaETmoV48HmxyfO99F1u5YRUvemd9+U7W0MPeXjkaDz25qpfhha
tU14R7nLfXtDLSGxaVeQLyR8ouW+XTuyUuEObm9kHRZ2msZWIOUH0mQE8rQJNxAW
Ehv4dVBJKvO6k8TbPNV6r5mBm1QXi1l6vDohjKyGNHyykorqXd8wmdiaouPXTuGF
iq4thVMWSCYThT85O8p/l7laCjm+GQ4ks1qCzABczTL/2LEp9u2e4Q/TUmH63n8x
ggQNMIIECQIBATCBkzB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv
bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0
aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAA
AfAqfB1ZO+YfrQABAAAB8DANBglghkgBZQMEAgEFAKCCAUowGgYJKoZIhvcNAQkD
MQ0GCyqGSIb3DQEJEAEEMC8GCSqGSIb3DQEJBDEiBCCytUxVcGL6Gu6+Fd5gOmD8
Z/fWSBbY6FqGCJZeKQR2wTCB+gYLKoZIhvcNAQkQAi8xgeowgecwgeQwgb0EIFwB
mqOlcv3kU7mAB5sWR74QFAiS6mb+CM6asnFAZUuLMIGYMIGApH4wfDELMAkGA1UE
BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc
BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0
IFRpbWUtU3RhbXAgUENBIDIwMTACEzMAAAHwKnwdWTvmH60AAQAAAfAwIgQgRo6b
vZCcjM/SRxVihFUomVuIknAPbYj/yyQL+Bp0NeswDQYJKoZIhvcNAQELBQAEggIA
paEygUmyjWVAYjiGQU+zKcghm+zdl5BLreyE6+hbSaJDyuCIBZ0YSlfXbr3z5cJx
Ug/dw1qlobSkToQ7TunKq2gQRROZxjxB2yIVyL+O5DgV9KDikgNCJrrOERrC1de8
ovDpqlChsBjotatUtkrNynrV298WcYll8KWAAP0EE+BGc9oVFCTE9WXvidcc19y4
1NijUGEdV4c+t2pjY3vehramPT8aDcHBFGx1WKEZsjjNtNDnvWeyLCZ42MjAzD1l
2ITVRLVdEXx9n0TH5VHRCaHT85f2IIj3mbKCSmkxZdl2T7H2VD8NJvJhEWgIpDIj
sbRU4tatbNyByU/bPcPepXH37q9IxhCG9lNDgbauZcxLqHlp9LwXFFZriG23ok9j
uYoOLoPeFO3P6lI6sSsc9z7T86APzmg1L/GZP3wJUAkSGOLVyszWJtRyB1cPvfxN
JzLTqyLO2JkcJ4KyXAWXZK3Feeg+QPXinDkVwE22W2K3mS7V9S1MDlyoLjkYK5dG
jMvc6fyO+8NOujjsLCaLHsyQdWDgTsFbjbW07beBbwrIZykc2lT/2n+5iN6fHjHd
gThwqZ6wGvnyGr7zFIwJ6GqrTCd0kd4mIxSWD6daciTLy9J22sAywF77FjPOs5sF
5jUQbZ2ovnImA2QW96pcdlUT+bZTu2PhTFfQ/X+NX+g=
-----END AUTHENTICODE SIGNATURE-----

208
signature-opensuse.x86_64.asc Normal file
View File

@ -0,0 +1,208 @@
hash: 211669e51a5e8c2315afe7a978740a972d721116ab81cbe384f993301ecde884
# 1970-01-01 00:00:00
timestamp: 0
linker: 2902
checksum: 8a95
-----BEGIN AUTHENTICODE SIGNATURE-----
MIIlkQYJKoZIhvcNAQcCoIIlgjCCJX4CAQExDzANBglghkgBZQMEAgEFADBcBgor
BgEEAYI3AgEEoE4wTDAXBgorBgEEAYI3AgEPMAkDAQCgBKICgAAwMTANBglghkgB
ZQMEAgEFAAQgIRZp5RpejCMVr+epeHQKly1yERargcvjhPmTMB7N6ISgggszMIIF
GzCCBAOgAwIBAgITMwAAAF4N6/Cb7d174QABAAAAXjANBgkqhkiG9w0BAQsFADCB
gTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl
ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMi
TWljcm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMTAeFw0yMzEwMTkxOTUz
MjNaFw0yNDEwMTYxOTUzMjNaMIGGMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz
aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv
cnBvcmF0aW9uMTAwLgYDVQQDEydNaWNyb3NvZnQgV2luZG93cyBVRUZJIERyaXZl
ciBQdWJsaXNoZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzpvyW
cc7Gs+Ea6UCnwbKrckBd4Q7X4TqLmyMXmzQ0qR3SXfpXij+zVEgVsEiZu/q2EpK0
yMFaXzI2XRxUEh4OUvEr/YxnOIf4RC2LBhrMtGgxRgtsquEcYqpmpwD0/55+CAGt
Ro1lBKt6xjNg94JoiTyO06zfNsSU8XbAWKH/D6yNhmJy2sx8LCOzQ84FrnUw8WX5
qrYMxn098IVb7OWiT77OZDfQAacxPmjCl1Mu0B97JbkSXJQjC9i6bojYQiyj644u
l/AZ0PNQnsskHt3wRCWbt6JeJoBvZ1AfyB18YZlSTErrsLWMMdskxjDxaPQZ89np
hh8x1pp4s+rRydvnAgMBAAGjggGDMIIBfzAfBgNVHSUEGDAWBgorBgEEAYI3UAIB
BggrBgEFBQcDAzAdBgNVHQ4EFgQUlfB5rBZSx3/3mPyB55Q8ze/1EU8wVAYDVR0R
BE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJhdGlvbnMg
TGltaXRlZDEWMBQGA1UEBRMNMjI5OTExKzUwMTY1NzAfBgNVHSMEGDAWgBQTrb9D
Cb2CcJyM1U8xbtUimIob1DBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vd3d3Lm1p
Y3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb3JVRUZDQTIwMTFfMjAxMS0wNi0y
Ny5jcmwlMjAwYAYIKwYBBQUHAQEEVDBSMFAGCCsGAQUFBzAChkRodHRwOi8vd3d3
Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY0NvclVFRkNBMjAxMV8yMDEx
LTA2LTI3LmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAbF+I8
wqogC0dVERcDh9mPeIvBJ0MJAYE7RraCaQHgjl8vQi8X1yB8o/xzzP7vTJWxdHLx
uuVLIZMGW922OtA5zth05/mwOwYJClf5IEpj7lAYYDAFYLy4Q7amg0s13bFnpwJx
h4pNfvoZYaGpQw5HOTTz8fAZW5U61Kcbvy5sjbfKWJMxyD6GP1B8CkWHXsc5OdxU
y+GvmwuguWtgW7MNFOTxxccPocRo7/KKhTL68jZysOPdEyCbLnuiICwowAK2GHCh
cdxsOKwu/Lqb+rbJEv+Tj8aFNyuymDw6CYl/cfwbBrlh7EWB9Tr2bp8HRCYgZDC7
/3VMVGyApvwRUC4VMIIGEDCCA/igAwIBAgIKYQjTxAAAAAAABDANBgkqhkiG9w0B
AQsFADCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNV
BAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE7MDkG
A1UEAxMyTWljcm9zb2Z0IENvcnBvcmF0aW9uIFRoaXJkIFBhcnR5IE1hcmtldHBs
YWNlIFJvb3QwHhcNMTEwNjI3MjEyMjQ1WhcNMjYwNjI3MjEzMjQ1WjCBgTELMAkG
A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx
HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiTWljcm9z
b2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKUIbEzHRQlqSwykwId/BnUMQwFUZOAWfwftkn0LsnO/DArG
SkVhoMUWLZbT9Sug+01Jm0GAkDy5VP3mvNGdxKQYin9BilxZg2gyu4xHye5xvCFP
mop8/0Q/jY8ysiZIrnW17slMHkoZfuSCmh14d00MsL32D9MW07z6K6VROF31+7rb
eALb/+wKG5bVg7gZE+m2wHtAe+EfKCfJ+u9WXhzmfpR+wPBEsnk55dqyYotNvzhw
4mgkFMkzpAg31VhpXtN87cEEUwjnTrAqh2MIYW9jFVnqsit51wxhZ4pb/V6th3+6
hmdPcVgSIgQiIs6L71RxAM5QNVh2lQjuarGiAdUCAwEAAaOCAXYwggFyMBIGCSsG
AQQBgjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUCBBYEFPjBa7d/d1NK8yU3HU6hJnsP
IHCAMB0GA1UdDgQWBBQTrb9DCb2CcJyM1U8xbtUimIob1DAZBgkrBgEEAYI3FAIE
DB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNV
HSMEGDAWgBRFZlJD4X5YEb/WTp4jVQg7OiJqqDBcBgNVHR8EVTBTMFGgT6BNhkto
dHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNDb3JU
aGlQYXJNYXJSb29fMjAxMC0xMC0wNS5jcmwwYAYIKwYBBQUHAQEEVDBSMFAGCCsG
AQUFBzAChkRodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY0Nv
clRoaVBhck1hclJvb18yMDEwLTEwLTA1LmNydDANBgkqhkiG9w0BAQsFAAOCAgEA
NQhC/zDMzvd2DK0QaFg1KUYydid87xJBJ0IbSqptgThIWRNV8+lYNKYWC4KqXa2C
2oCDQQaPtB3yA7nzGl0b8VCQ+bNVhEIoHCC9sq5RFMXArJeVIRyQ2w/8d56Vc5GI
yr29UrkFUA3fV56gYe0N5W0l2UAPF0DIzqNKwk2vmhIdCFSPvce8uSs9SSsfMvxq
IWlPm8h+QjT8NgYXi48gQMCzmiV1J83JA6P2XdHnNlR6uVC10xLRB7+7dN/cHo+A
1e0Y9C8UFmsv3maMsCPlx4TY7erBM4KtVksYLfFolQfNz/By8K673YaFmCwhTDMr
8A9K8GiHtZJVMnWhaoJqPKMlEaTtrdcErsvYQFmghNGVTGKRIhp0HYw9Rw5EpuSw
mzQ1sfq2U6gsgeykBXHInbi66BtEZuRHVA6OVn+znxaYsobQaD6QI7UvXo9QhY3G
jYJfQaH0Lg3gmdJsdeS2abUhhvoH0fbiTdHarSx3Ux4lMjfHbFJylYaw8TVhahn1
sjuBUFamMi3+oon5QoYnGFWhgspam/gwmFQUpkeWJS/IJuRBlBpcAj/lluOFWzw+
P7tHFnJV4iUisdl75wMGKqP3HpBGwwAN1hmJ4w41J2IDcRWm79AnoKBZN2D4OJS4
4Hhw+LpMhoeU9uCuAkXuZcK2o35pFnUHkpv1prxZg1gxghnRMIIZzQIBATCBmTCB
gTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl
ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMi
TWljcm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMQITMwAAAF4N6/Cb7d17
4QABAAAAXjANBglghkgBZQMEAgEFAKCB3DAZBgkqhkiG9w0BCQMxDAYKKwYBBAGC
NwIBBDAcBgorBgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkqhkiG9w0BCQQx
IgQgWnkyutU58W19ODC1kGSE40Jvsfnzovm0ZYV45zV/dKMwcAYKKwYBBAGCNwIB
DDFiMGCgMoAwAFMAVQBTAEUAIABMAGkAbgB1AHgAIABQAHIAbwBkAHUAYwB0AHMA
IABHAG0AYgBIoSqAKGh0dHBzOi8vd3d3Lm1pY3Jvc29mdC5jb20vZW4tdXMvd2lu
ZG93cyAwDQYJKoZIhvcNAQEBBQAEggEAos9I8lNSjXX3fLXt3Dq0Fw7skD87RHf1
NSg9XI1A/pgkgSeaYTXexCA59ohpmfJOrEWgnm30XpCRAdu85cQCRXGgatG6hyLI
2eWs5qmXBT70y8qrbH17oN1WGChXtUu9wy7k2Yd6z12yD5UuHLVPlc8qYw6q374H
h7g1mnnpKznGvJF1hC1oAyJoaIiqTJY8UgwRfoHagRW4V+YsiDrJhyJzStGw/fQ1
46mqtWO7SIMXki4X9XpKxRXGVb2hoPjAl988nfGuP89bv4DvLYzXUfy6z4yGLrfH
6sQ83JTzhHedoY5RpqGaAi0RmzcfWT7izJ+wnAftep+1NPTrn687XaGCFykwghcl
BgorBgEEAYI3AwMBMYIXFTCCFxEGCSqGSIb3DQEHAqCCFwIwghb+AgEDMQ8wDQYJ
YIZIAWUDBAIBBQAwggFZBgsqhkiG9w0BCRABBKCCAUgEggFEMIIBQAIBAQYKKwYB
BAGEWQoDATAxMA0GCWCGSAFlAwQCAQUABCArI7TJixF2Sfy1u9xlXF9UJOqmXAgu
042XVn0qGO7bpwIGZldczm2dGBMyMDI0MDYwNDIzMjM0MC4yNTJaMASAAgH0oIHY
pIHVMIHSMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE
BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYD
VQQLEyRNaWNyb3NvZnQgSXJlbGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJjAkBgNV
BAsTHVRoYWxlcyBUU1MgRVNOOkQwODItNEJGRC1FRUJBMSUwIwYDVQQDExxNaWNy
b3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloIIReDCCBycwggUPoAMCAQICEzMAAAHc
weCMwl9YXo4AAQAAAdwwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxEzAR
BgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1p
Y3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3Rh
bXAgUENBIDIwMTAwHhcNMjMxMDEyMTkwNzA2WhcNMjUwMTEwMTkwNzA2WjCB0jEL
MAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1v
bmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMkTWlj
cm9zb2Z0IElyZWxhbmQgT3BlcmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1UaGFs
ZXMgVFNTIEVTTjpEMDgyLTRCRkQtRUVCQTElMCMGA1UEAxMcTWljcm9zb2Z0IFRp
bWUtU3RhbXAgU2VydmljZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
AIvIsyA1sjg9kSKJzelrUWF5ShqYWL83amn3SE5JyIVPUC7F6qTcLphhHZ9idf21
f0RaGrU8EHydF8NxPMR2KVNiAtCGPJa8kV1CGvn3beGB2m2ltmqJanG71mAywrkK
ATYniwKLPQLJ00EkXw5TSwfmJXbdgQLFlHyfA5Kg+pUsJXzqumkIvEr0DXPvptAG
qkdFLKwo4BTlEgnvzeTfXukzX8vQtTALfVJuTUgRU7zoP/RFWt3WagahZ6UloI0F
C8XlBQDVDX5JeMEsx7jgJDdEnK44Y8gHuEWRDq+SG9Xo0GIOjiuTWD5uv3vlEmIA
yR/7rSFvcLnwAqMdqcy/iqQPMlDOcd0AbniP8ia1BQEUnfZT3UxyK9rLB/SRiKPy
HDlg8oWwXyiv3+bGB6dmdM61ur6nUtfDf51lPcKhK4Vo83pOE1/niWlVnEHQV9NJ
5/DbUSqW2RqTUa2O2KuvsyRGMEgjGJA12/SqrRqlvE2fiN5ZmZVtqSPWaIasx7a0
GB+fdTw+geRn6Mo2S6+/bZEwS/0IJ5gcKGinNbfyQ1xrvWXPtXzKOfjkh75iRuXo
urGVPRqkmz5UYz+R5ybMJWj+mfcGqz2hXV8iZnCZDBrrnZivnErCMh5Flfg8496p
T0phjUTH2GChHIvE4SDSk2hwWP/uHB9gEs8p/9Pe/mt9AgMBAAGjggFJMIIBRTAd
BgNVHQ4EFgQU6HPSBd0OfEX3uNWsdkSraUGe3dswHwYDVR0jBBgwFoAUn6cVXQBe
Yl2D9OXSZacbUzUZ6XIwXwYDVR0fBFgwVjBUoFKgUIZOaHR0cDovL3d3dy5taWNy
b3NvZnQuY29tL3BraW9wcy9jcmwvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBD
QSUyMDIwMTAoMSkuY3JsMGwGCCsGAQUFBwEBBGAwXjBcBggrBgEFBQcwAoZQaHR0
cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBU
aW1lLVN0YW1wJTIwUENBJTIwMjAxMCgxKS5jcnQwDAYDVR0TAQH/BAIwADAWBgNV
HSUBAf8EDDAKBggrBgEFBQcDCDAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQEL
BQADggIBANnrb8Ewr8eX/H1sKt3rnwTDx4AqgHbkMNQo+kUGwCINXS3y1GUcdqsK
/R1g6Tf7tNx1q0NpKk1JTupUJfHdExKtkuhHA+82lT7yISp/Y74dqJ03RCT4Q+8o
oQXTMzxiewfErVLt8WefebncST0i6ypKv87pCYkxM24bbqbM/V+M5VBppCUs7R+c
ETiz/zEA1AbZL/viXtHmryA0CGd+Pt9c+adsYfm7qe5UMnS0f/YJmEEMkEqGXCzy
LK+dh+UsFi0d4lkdcE+Zq5JNjIHesX1wztGVAtvX0DYDZdN2WZ1kk+hOMblUV/L8
n1YWzhP/5XQnYl03AfXErn+1Eatylifzd3ChJ1xuGG76YbWgiRXnDvCiwDqvUJev
VRY1qy4y4vlVKaShtbdfgPyGeeJ/YcSBONOc0DNTWbjMbL50qeIEC0lHSpL2rRYN
Vu3hsHzG8n5u5CQajPwx9PzpsZIeFTNHyVF6kujI4Vo9NvO/zF8Ot44IMj4M7UX9
Za4QwGf5B71x57OjaX53gxT4vzoHvEBXF9qCmHRgXBLbRomJfDn60alzv7dpCVQI
uQ062nyIZKnsXxzuKFb0TjXWw6OFpG1bsjXpOo5DMHkysribxHor4Yz5dZjVyHAN
yKo0bSrAlVeihcaG5F74SZT8FtyHAW6IgLc5w/3D+R1obDhKZ21WMIIHcTCCBVmg
AwIBAgITMwAAABXF52ueAptJmQAAAAAAFTANBgkqhkiG9w0BAQsFADCBiDELMAkG
A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx
HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9z
b2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTAwHhcNMjEwOTMwMTgy
MjI1WhcNMzAwOTMwMTgzMjI1WjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz
aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv
cnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAx
MDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOThpkzntHIhC3miy9ck
eb0O1YLT/e6cBwfSqWxOdcjKNVf2AX9sSuDivbk+F2Az/1xPx2b3lVNxWuJ+Slr+
uDZnhUYjDLWNE893MsAQGOhgfWpSg0S3po5GawcU88V29YZQ3MFEyHFcUTE3oAo4
bo3t1w/YJlN8OWECesSq/XJprx2rrPY2vjUmZNqYO7oaezOtgFt+jBAcnVL+tuhi
JdxqD89d9P6OU8/W7IVWTe/dvI2k45GPsjksUZzpcGkNyjYtcI4xyDUoveO0hyTD
4MmPfrVUj9z6BVWYbWg7mka97aSueik3rMvrg0XnRm7KMtXAhjBcTyziYrLNueKN
iOSWrAFKu75xqRdbZ2De+JKRHh09/SDPc31BmkZ1zcRfNN0Sidb9pSB9fvzZnkXf
tnIv231fgLrbqn427DZM9ituqBJR6L8FA6PRc6ZNN3SUHDSCD/AQ8rdHGO2n6Jl8
P0zbr17C89XYcz1DTsEzOUyOArxCaC4Q6oRRRuLRvWoYWmEBc8pnol7XKHYC4jMY
ctenIPDC+hIK12NvDMk2ZItboKaDIV1fMHSRlJTYuVD5C4lh8zYGNRiER9vcG9H9
stQcxWv2XFJRXRLbJbqvUAV6bMURHXLvjflSxIUXk8A8FdsaN8cIFRg/eKtFtvUe
h17aj54WcmnGrnu3tz5q4i6tAgMBAAGjggHdMIIB2TASBgkrBgEEAYI3FQEEBQID
AQABMCMGCSsGAQQBgjcVAgQWBBQqp1L+ZMSavoKRPEY1Kc8Q/y8E7jAdBgNVHQ4E
FgQUn6cVXQBeYl2D9OXSZacbUzUZ6XIwXAYDVR0gBFUwUzBRBgwrBgEEAYI3TIN9
AQEwQTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9w
cy9Eb2NzL1JlcG9zaXRvcnkuaHRtMBMGA1UdJQQMMAoGCCsGAQUFBwMIMBkGCSsG
AQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTAD
AQH/MB8GA1UdIwQYMBaAFNX2VsuP6KJcYmjRPZSQW9fOmhjEMFYGA1UdHwRPME0w
S6BJoEeGRWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3Rz
L01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNybDBaBggrBgEFBQcBAQROMEwwSgYI
KwYBBQUHMAKGPmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWlj
Um9vQ2VyQXV0XzIwMTAtMDYtMjMuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQCdVX38
Kq3hLB9nATEkW+Geckv8qW/qXBS2Pk5HZHixBpOXPTEztTnXwnE2P9pkbHzQdTlt
uw8x5MKP+2zRoZQYIu7pZmc6U03dmLq2HnjYNi6cqYJWAAOwBb6J6Gngugnue99q
b74py27YP0h1AdkY3m2CDPVtI1TkeFN1JFe53Z/zjj3G82jfZfakVqr3lbYoVSfQ
JL1AoL8ZthISEV09J+BAljis9/kpicO8F7BUhUKz/AyeixmJ5/ALaoHCgRlCGVJ1
ijbCHcNhcy4sa3tuPywJeBTpkbKpW99Jo3QMvOyRgNI95ko+ZjtPu4b6MhrZlvSP
9pEB9s7GdP32THJvEKt1MMU0sHrYUP4KWN1APMdUbZ1jdEgssU5HLcEUBHG/ZPkk
vnNtyo4JvbMBV0lUZNlz138eW0QBjloZkWsNn6Qo3GcZKCS6OEuabvshVGtqRRFH
qfG3rsjoiV5PndLQTHa1V1QJsWkBRH58oWFsc/4Ku+xBZj1p/cvBQUl+fpO+y/g7
5LcVv7TOPqUxUYS8vwLBgqJ7Fx0ViY1w/ue10CgaiQuPNtq6TPmb/wrpNPgkNWcr
4A245oyZ1uEi6vAnQj0llOZ0dFtq0Z4+7X6gMTN9vMvpe784cETRkPHIqzqKOghi
f9lwY1NNje6CbaUFEMFxBmoQtB1VM1izoXBm8qGCAtQwggI9AgEBMIIBAKGB2KSB
1TCB0jELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT
B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UE
CxMkTWljcm9zb2Z0IElyZWxhbmQgT3BlcmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQL
Ex1UaGFsZXMgVFNTIEVTTjpEMDgyLTRCRkQtRUVCQTElMCMGA1UEAxMcTWljcm9z
b2Z0IFRpbWUtU3RhbXAgU2VydmljZaIjCgEBMAcGBSsOAwIaAxUAHDn/cz+3yRkI
UCJfSbL3djnQEqaggYMwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz
aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv
cnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAx
MDANBgkqhkiG9w0BAQUFAAIFAOoJw8wwIhgPMjAyNDA2MDUwMDQ4MTJaGA8yMDI0
MDYwNjAwNDgxMlowdDA6BgorBgEEAYRZCgQBMSwwKjAKAgUA6gnDzAIBADAHAgEA
AgICgTAHAgEAAgIRODAKAgUA6gsVTAIBADA2BgorBgEEAYRZCgQCMSgwJjAMBgor
BgEEAYRZCgMCoAowCAIBAAIDB6EgoQowCAIBAAIDAYagMA0GCSqGSIb3DQEBBQUA
A4GBAC8f4b6D4ICk8noOTebv0jGeslnSLucbojAcUpvzBes/5xMWJlO9c9lpsGHs
e8H5gavRMLuGnbxQBB4cKoV1gMDuoUmdkcLoP/M/KkpHCEQ09Oy0VdiS6glNmqfD
MJ19kqSQEeWYCD5rctJ/js7reWZAxi5IvNDe/dMJ0GjVtLrXMYIEDTCCBAkCAQEw
gZMwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT
B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UE
AxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTACEzMAAAHcweCMwl9YXo4A
AQAAAdwwDQYJYIZIAWUDBAIBBQCgggFKMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0B
CRABBDAvBgkqhkiG9w0BCQQxIgQgych9UPNiK7mD96e7HrSeRWh2CFQ0dV4wppRX
rfyb4iswgfoGCyqGSIb3DQEJEAIvMYHqMIHnMIHkMIG9BCBTpxeKatlEP4y8qZzj
uWL0Ou0IqxELDhX2TLylxIINNzCBmDCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYD
VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy
b3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1w
IFBDQSAyMDEwAhMzAAAB3MHgjMJfWF6OAAEAAAHcMCIEILInP7QqpUGxqWx5NrYV
ySYRHR4t3MB7S+UItLqJz9liMA0GCSqGSIb3DQEBCwUABIICAEgVl52woahMzwzO
xColP2EZtBTo/ZJI0PjvH+NpdO0ElptMOSGRTpveI4i9Dy5n5RI4GGVx89vPK5F5
ypVWKyliaU+Cq/xMx+HeNOWMhpBJp76QkYQHnHHtqMm7CTRFqUCVoXF/YS176sdl
Sp5ltlXom7ubkVkVt33FW7kkZcN7iIS+XR/e4MxVloCYSPW63LQOveYq41cv9r8H
vwiLlXWKujFmJRUW6PqcS2TCH24b4zi0TJMd0kzt68qPzCSbA1dJAz6UY0GfN4df
s9gGdePUoK51m2qempsMAAie3qeYDyzM7GhyTJgE4Dw4IY2wnH6cFy3MyuTKGXxB
b+/RiSejYTym87Q07mMVOIfWUzwJzuovprzXZ0xTfFuHCXffRJ7/vHcA0m2UkBWV
HIeLK1cUtOmuRUdFvdpH4N9keP4hGIZetrSio3Z1gUuU/LO2ZjpMtqYrPcv6xCwE
PhirRpF51u0ytAfDqQxtVwYKUm8Dh2jI7/QlGtI04xhXzTeeHBW65XgjRV6+J3x7
hnVYxvN6315f76RhpDmx3bCAT1/IJLGFgPaXM+jCpHGV2gWeiZsoKCRyTudysf1r
T2WD2QBZvRcaHXBsR60RDLNKGLXLKPuRiT5kssBkTKPYHcqKhzued4MPu9rR2WvB
KZfWKFVEiNFsMJ4PCiRxSyQmcQycAAAA
-----END AUTHENTICODE SIGNATURE-----

210
signature-sles.aarch64.asc Normal file
View File

@ -0,0 +1,210 @@
hash: 8bfe4fc6a7506d82a4efdd39ecac04ef0ab6f65d9ac3514d803462a7b4ae7fcf
# 1970-01-01 00:00:00
timestamp: 0
linker: 2902
checksum: 3f4c
-----BEGIN AUTHENTICODE SIGNATURE-----
MIIl+wYJKoZIhvcNAQcCoIIl7DCCJegCAQExDzANBglghkgBZQMEAgEFADBcBgor
BgEEAYI3AgEEoE4wTDAXBgorBgEEAYI3AgEPMAkDAQCgBKICgAAwMTANBglghkgB
ZQMEAgEFAAQgi/5PxqdQbYKk79057KwE7wq29l2aw1FNgDRip7Suf8+gggszMIIF
GzCCBAOgAwIBAgITMwAAAF4N6/Cb7d174QABAAAAXjANBgkqhkiG9w0BAQsFADCB
gTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl
ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMi
TWljcm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMTAeFw0yMzEwMTkxOTUz
MjNaFw0yNDEwMTYxOTUzMjNaMIGGMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz
aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv
cnBvcmF0aW9uMTAwLgYDVQQDEydNaWNyb3NvZnQgV2luZG93cyBVRUZJIERyaXZl
ciBQdWJsaXNoZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzpvyW
cc7Gs+Ea6UCnwbKrckBd4Q7X4TqLmyMXmzQ0qR3SXfpXij+zVEgVsEiZu/q2EpK0
yMFaXzI2XRxUEh4OUvEr/YxnOIf4RC2LBhrMtGgxRgtsquEcYqpmpwD0/55+CAGt
Ro1lBKt6xjNg94JoiTyO06zfNsSU8XbAWKH/D6yNhmJy2sx8LCOzQ84FrnUw8WX5
qrYMxn098IVb7OWiT77OZDfQAacxPmjCl1Mu0B97JbkSXJQjC9i6bojYQiyj644u
l/AZ0PNQnsskHt3wRCWbt6JeJoBvZ1AfyB18YZlSTErrsLWMMdskxjDxaPQZ89np
hh8x1pp4s+rRydvnAgMBAAGjggGDMIIBfzAfBgNVHSUEGDAWBgorBgEEAYI3UAIB
BggrBgEFBQcDAzAdBgNVHQ4EFgQUlfB5rBZSx3/3mPyB55Q8ze/1EU8wVAYDVR0R
BE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJhdGlvbnMg
TGltaXRlZDEWMBQGA1UEBRMNMjI5OTExKzUwMTY1NzAfBgNVHSMEGDAWgBQTrb9D
Cb2CcJyM1U8xbtUimIob1DBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vd3d3Lm1p
Y3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb3JVRUZDQTIwMTFfMjAxMS0wNi0y
Ny5jcmwlMjAwYAYIKwYBBQUHAQEEVDBSMFAGCCsGAQUFBzAChkRodHRwOi8vd3d3
Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY0NvclVFRkNBMjAxMV8yMDEx
LTA2LTI3LmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAbF+I8
wqogC0dVERcDh9mPeIvBJ0MJAYE7RraCaQHgjl8vQi8X1yB8o/xzzP7vTJWxdHLx
uuVLIZMGW922OtA5zth05/mwOwYJClf5IEpj7lAYYDAFYLy4Q7amg0s13bFnpwJx
h4pNfvoZYaGpQw5HOTTz8fAZW5U61Kcbvy5sjbfKWJMxyD6GP1B8CkWHXsc5OdxU
y+GvmwuguWtgW7MNFOTxxccPocRo7/KKhTL68jZysOPdEyCbLnuiICwowAK2GHCh
cdxsOKwu/Lqb+rbJEv+Tj8aFNyuymDw6CYl/cfwbBrlh7EWB9Tr2bp8HRCYgZDC7
/3VMVGyApvwRUC4VMIIGEDCCA/igAwIBAgIKYQjTxAAAAAAABDANBgkqhkiG9w0B
AQsFADCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNV
BAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE7MDkG
A1UEAxMyTWljcm9zb2Z0IENvcnBvcmF0aW9uIFRoaXJkIFBhcnR5IE1hcmtldHBs
YWNlIFJvb3QwHhcNMTEwNjI3MjEyMjQ1WhcNMjYwNjI3MjEzMjQ1WjCBgTELMAkG
A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx
HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiTWljcm9z
b2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKUIbEzHRQlqSwykwId/BnUMQwFUZOAWfwftkn0LsnO/DArG
SkVhoMUWLZbT9Sug+01Jm0GAkDy5VP3mvNGdxKQYin9BilxZg2gyu4xHye5xvCFP
mop8/0Q/jY8ysiZIrnW17slMHkoZfuSCmh14d00MsL32D9MW07z6K6VROF31+7rb
eALb/+wKG5bVg7gZE+m2wHtAe+EfKCfJ+u9WXhzmfpR+wPBEsnk55dqyYotNvzhw
4mgkFMkzpAg31VhpXtN87cEEUwjnTrAqh2MIYW9jFVnqsit51wxhZ4pb/V6th3+6
hmdPcVgSIgQiIs6L71RxAM5QNVh2lQjuarGiAdUCAwEAAaOCAXYwggFyMBIGCSsG
AQQBgjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUCBBYEFPjBa7d/d1NK8yU3HU6hJnsP
IHCAMB0GA1UdDgQWBBQTrb9DCb2CcJyM1U8xbtUimIob1DAZBgkrBgEEAYI3FAIE
DB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNV
HSMEGDAWgBRFZlJD4X5YEb/WTp4jVQg7OiJqqDBcBgNVHR8EVTBTMFGgT6BNhkto
dHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNDb3JU
aGlQYXJNYXJSb29fMjAxMC0xMC0wNS5jcmwwYAYIKwYBBQUHAQEEVDBSMFAGCCsG
AQUFBzAChkRodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY0Nv
clRoaVBhck1hclJvb18yMDEwLTEwLTA1LmNydDANBgkqhkiG9w0BAQsFAAOCAgEA
NQhC/zDMzvd2DK0QaFg1KUYydid87xJBJ0IbSqptgThIWRNV8+lYNKYWC4KqXa2C
2oCDQQaPtB3yA7nzGl0b8VCQ+bNVhEIoHCC9sq5RFMXArJeVIRyQ2w/8d56Vc5GI
yr29UrkFUA3fV56gYe0N5W0l2UAPF0DIzqNKwk2vmhIdCFSPvce8uSs9SSsfMvxq
IWlPm8h+QjT8NgYXi48gQMCzmiV1J83JA6P2XdHnNlR6uVC10xLRB7+7dN/cHo+A
1e0Y9C8UFmsv3maMsCPlx4TY7erBM4KtVksYLfFolQfNz/By8K673YaFmCwhTDMr
8A9K8GiHtZJVMnWhaoJqPKMlEaTtrdcErsvYQFmghNGVTGKRIhp0HYw9Rw5EpuSw
mzQ1sfq2U6gsgeykBXHInbi66BtEZuRHVA6OVn+znxaYsobQaD6QI7UvXo9QhY3G
jYJfQaH0Lg3gmdJsdeS2abUhhvoH0fbiTdHarSx3Ux4lMjfHbFJylYaw8TVhahn1
sjuBUFamMi3+oon5QoYnGFWhgspam/gwmFQUpkeWJS/IJuRBlBpcAj/lluOFWzw+
P7tHFnJV4iUisdl75wMGKqP3HpBGwwAN1hmJ4w41J2IDcRWm79AnoKBZN2D4OJS4
4Hhw+LpMhoeU9uCuAkXuZcK2o35pFnUHkpv1prxZg1gxgho7MIIaNwIBATCBmTCB
gTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl
ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMi
TWljcm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMQITMwAAAF4N6/Cb7d17
4QABAAAAXjANBglghkgBZQMEAgEFAKCB3DAZBgkqhkiG9w0BCQMxDAYKKwYBBAGC
NwIBBDAcBgorBgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkqhkiG9w0BCQQx
IgQgHGa3pq6cZ6ju8xNpkCN24qz9D/S8mRmzmwE7aHgdbDMwcAYKKwYBBAGCNwIB
DDFiMGCgMoAwAFMAVQBTAEUAIABMAGkAbgB1AHgAIABQAHIAbwBkAHUAYwB0AHMA
IABHAG0AYgBIoSqAKGh0dHBzOi8vd3d3Lm1pY3Jvc29mdC5jb20vZW4tdXMvd2lu
ZG93cyAwDQYJKoZIhvcNAQEBBQAEggEAN7uAsMHOmhG69Ub1ymL32RVrpwF5DycX
lg+oLDJbtBQYv57qGpADcYmhDkJ0op9do6JirMRswk7ClioQkHg3NuOEtHXbt3+7
tSJx5GiT67nKvq5D6ZqRqc+q5k3np5MNXmGw3Alk2dShd62BFkOb5Kjf9TP5U7+M
0qCgaxXBLZ2Fu84Hu4yXp3KmCfdXFtsicEwbjT3Yhj3nhiZqHi9Y05XOqHuNdII2
blnEK0PgX1KyMcTXq2gIMtqIQ3ZEe7rxnG0lVdJcXl0iUdlVgfcB3VRD881IFVqq
ByKlMcmMV+WuWeMRRT7k2m+LLGn1GMR1WdWVnbBtOidqAn8Des3S9qGCF5MwgheP
BgorBgEEAYI3AwMBMYIXfzCCF3sGCSqGSIb3DQEHAqCCF2wwghdoAgEDMQ8wDQYJ
YIZIAWUDBAIBBQAwggFSBgsqhkiG9w0BCRABBKCCAUEEggE9MIIBOQIBAQYKKwYB
BAGEWQoDATAxMA0GCWCGSAFlAwQCAQUABCBoDPoWLlW8ISntMA2A0ZpkDTfW4KSB
C8mDh6J8aGLfMgIGZhfUMtF7GBMyMDI0MDQxMTIyNTAxOC44NDRaMASAAgH0oIHR
pIHOMIHLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE
BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYD
VQQLExxNaWNyb3NvZnQgQW1lcmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hp
ZWxkIFRTUyBFU046OTIwMC0wNUUwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBU
aW1lLVN0YW1wIFNlcnZpY2WgghHpMIIHIDCCBQigAwIBAgITMwAAAecujy+TC08b
6QABAAAB5zANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMK
V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0
IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0Eg
MjAxMDAeFw0yMzEyMDYxODQ1MTlaFw0yNTAzMDUxODQ1MTlaMIHLMQswCQYDVQQG
EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG
A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQg
QW1lcmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046OTIw
MC0wNUUwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZp
Y2UwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDCV58v4IuQ659XPM1D
taWMv9/HRUC5kdiEF89YBP6/Rn7kjqMkZ5ESemf5Eli4CLtQVSefRpF1j7S5LLKi
sMWOGRaLcaVbGTfcmI1vMRJ1tzMwCNIoCq/vy8WH8QdV1B/Ab5sK+Q9yIvzGw47T
fXPE8RlrauwK/e+nWnwMt060akEZiJJz1Vh1LhSYKaiP9Z23EZmGETCWigkKbcuA
nhvh3yrMa89uBfaeHQZEHGQqdskM48EBcWSWdpiSSBiAxyhHUkbknl9PPztB/SUx
zRZjUzWHg9bf1mqZ0cIiAWC0EjK7ONhlQfKSRHVLKLNPpl3/+UL4Xjc0Yvdqc88g
OLUr/84T9/xK5r82ulvRp2A8/ar9cG4W7650uKaAxRAmgL4hKgIX5/0aIAsbyqJO
a6OIGSF9a+DfXl1LpQPNKR792scF7tjD5WqwIuifS9YUiHMvRLjjKk0SSCV/mpXC
0BoPkk5asfxrrJbCsJePHSOEblpJzRmzaP6OMXwRcrb7TXFQOsTkKuqkWvvYIPvV
zC68UM+MskLPld1eqdOOMK7Sbbf2tGSZf3+iOwWQMcWXB9gw5gK3AIYK08WkJJuy
zPqfitgubdRCmYr9CVsNOuW+wHDYGhciJDF2LkrjkFUjUcXSIJd9f2ssYitZ9Cur
GV74BQcfrxjvk1L8jvtN7mulIwIDAQABo4IBSTCCAUUwHQYDVR0OBBYEFM/+4JiA
nzY4dpEf/Zlrh1K73o9YMB8GA1UdIwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1Gely
MF8GA1UdHwRYMFYwVKBSoFCGTmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lv
cHMvY3JsL01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNy
bDBsBggrBgEFBQcBAQRgMF4wXAYIKwYBBQUHMAKGUGh0dHA6Ly93d3cubWljcm9z
b2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBD
QSUyMDIwMTAoMSkuY3J0MAwGA1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYB
BQUHAwgwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4ICAQB0ofDbk+ll
Wi1cC6nsfie5Jtp09o6b6ARCpvtDPq2KFP+hi+UNNP7LGciKuckqXCmBTFIhfBeG
Sxvk6ycokdQr3815pEOaYWTnHvQ0+8hKy86r1F4rfBu4oHB5cTy08T4ohrG/OYG/
B/gNnz0Ol6v7u/qEjz48zXZ6ZlxKGyZwKmKZWaBd2DYEwzKpdLkBxs6A6enWZR0j
Y+q5FdbV45ghGTKgSr5ECAOnLD4njJwfjIq0mRZWwDZQoXtJSaVHSu2lHQL3YHEF
ikunbUTJfNfBDLL7Gv+sTmRiDZky5OAxoLG2gaTfuiFbfpmSfPcgl5COUzfMQnzp
KfX6+FkI0QQNvuPpWsDU8sR+uni2VmDo7rmqJrom4ihgVNdLaMfNUqvBL5ZiSK1z
maELBJ9a+YOjE5pmSarW5sGbn7iVkF2W9JQIOH6tGWLFJS5Hs36zahkoHh8iD963
LeGjZqkFusKaUW72yMj/yxTeGEDOoIr35kwXxr1Uu+zkur2y+FuNY0oZjppzp95A
W1lehP0xaO+oBV1XfvaCur/B5PVAp2xzrosMEUcAwpJpio+VYfIufGj7meXcGQYW
A8Umr8K6Auo+Jlj8IeFS6lSvKhqQpmdBzAMGqPOQKt1Ow3ZXxehK7vAiim3ZiALl
M0K546k0sZrxdZPgpmz7O8w9gHLuyZAQezCCB3EwggVZoAMCAQICEzMAAAAVxedr
ngKbSZkAAAAAABUwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYD
VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy
b3NvZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRp
ZmljYXRlIEF1dGhvcml0eSAyMDEwMB4XDTIxMDkzMDE4MjIyNVoXDTMwMDkzMDE4
MzIyNVowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNV
BAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQG
A1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwggIiMA0GCSqGSIb3
DQEBAQUAA4ICDwAwggIKAoICAQDk4aZM57RyIQt5osvXJHm9DtWC0/3unAcH0qls
TnXIyjVX9gF/bErg4r25PhdgM/9cT8dm95VTcVrifkpa/rg2Z4VGIwy1jRPPdzLA
EBjoYH1qUoNEt6aORmsHFPPFdvWGUNzBRMhxXFExN6AKOG6N7dcP2CZTfDlhAnrE
qv1yaa8dq6z2Nr41JmTamDu6GnszrYBbfowQHJ1S/rboYiXcag/PXfT+jlPP1uyF
Vk3v3byNpOORj7I5LFGc6XBpDco2LXCOMcg1KL3jtIckw+DJj361VI/c+gVVmG1o
O5pGve2krnopN6zL64NF50ZuyjLVwIYwXE8s4mKyzbnijYjklqwBSru+cakXW2dg
3viSkR4dPf0gz3N9QZpGdc3EXzTdEonW/aUgfX782Z5F37ZyL9t9X4C626p+Nuw2
TPYrbqgSUei/BQOj0XOmTTd0lBw0gg/wEPK3Rxjtp+iZfD9M269ewvPV2HM9Q07B
MzlMjgK8QmguEOqEUUbi0b1qGFphAXPKZ6Je1yh2AuIzGHLXpyDwwvoSCtdjbwzJ
NmSLW6CmgyFdXzB0kZSU2LlQ+QuJYfM2BjUYhEfb3BvR/bLUHMVr9lxSUV0S2yW6
r1AFemzFER1y7435UsSFF5PAPBXbGjfHCBUYP3irRbb1Hode2o+eFnJpxq57t7c+
auIurQIDAQABo4IB3TCCAdkwEgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3
FQIEFgQUKqdS/mTEmr6CkTxGNSnPEP8vBO4wHQYDVR0OBBYEFJ+nFV0AXmJdg/Tl
0mWnG1M1GelyMFwGA1UdIARVMFMwUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUH
AgEWM2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0
b3J5Lmh0bTATBgNVHSUEDDAKBggrBgEFBQcDCDAZBgkrBgEEAYI3FAIEDB4KAFMA
dQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAW
gBTV9lbLj+iiXGJo0T2UkFvXzpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8v
Y3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRf
MjAxMC0wNi0yMy5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRw
Oi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEw
LTA2LTIzLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAnVV9/Cqt4SwfZwExJFvhnnJL
/Klv6lwUtj5OR2R4sQaTlz0xM7U518JxNj/aZGx80HU5bbsPMeTCj/ts0aGUGCLu
6WZnOlNN3Zi6th542DYunKmCVgADsAW+iehp4LoJ7nvfam++Kctu2D9IdQHZGN5t
ggz1bSNU5HhTdSRXud2f8449xvNo32X2pFaq95W2KFUn0CS9QKC/GbYSEhFdPSfg
QJY4rPf5KYnDvBewVIVCs/wMnosZiefwC2qBwoEZQhlSdYo2wh3DYXMuLGt7bj8s
CXgU6ZGyqVvfSaN0DLzskYDSPeZKPmY7T7uG+jIa2Zb0j/aRAfbOxnT99kxybxCr
dTDFNLB62FD+CljdQDzHVG2dY3RILLFORy3BFARxv2T5JL5zbcqOCb2zAVdJVGTZ
c9d/HltEAY5aGZFrDZ+kKNxnGSgkujhLmm77IVRrakURR6nxt67I6IleT53S0Ex2
tVdUCbFpAUR+fKFhbHP+CrvsQWY9af3LwUFJfn6Tvsv4O+S3Fb+0zj6lMVGEvL8C
wYKiexcdFYmNcP7ntdAoGokLjzbaukz5m/8K6TT4JDVnK+ANuOaMmdbhIurwJ0I9
JZTmdHRbatGePu1+oDEzfbzL6Xu/OHBE0ZDxyKs6ijoIYn/ZcGNTTY3ugm2lBRDB
cQZqELQdVTNYs6FwZvKhggNMMIICNAIBATCB+aGB0aSBzjCByzELMAkGA1UEBhMC
VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV
BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFt
ZXJpY2EgT3BlcmF0aW9uczEnMCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOjkyMDAt
MDVFMC1EOTQ3MSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNl
oiMKAQEwBwYFKw4DAhoDFQCzcgTnGasSwe/dru+cPe1NF/vwQ6CBgzCBgKR+MHwx
CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt
b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1p
Y3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMA0GCSqGSIb3DQEBCwUAAgUA6cJS
mjAiGA8yMDI0MDQxMTEyMTQxOFoYDzIwMjQwNDEyMTIxNDE4WjBzMDkGCisGAQQB
hFkKBAExKzApMAoCBQDpwlKaAgEAMAYCAQACASgwBwIBAAICEiYwCgIFAOnDpBoC
AQAwNgYKKwYBBAGEWQoEAjEoMCYwDAYKKwYBBAGEWQoDAqAKMAgCAQACAwehIKEK
MAgCAQACAwGGoDANBgkqhkiG9w0BAQsFAAOCAQEAf4tOpQ5gBGzARNdwp1pVuYXp
bWyRCRiqfYb68+JtblKjwyWYDtAOXNP2qRUjZ6X8oJgO1wEjxpDVYRN5VIn+ban3
PildnY8xy8jasAWW0wURKgJqtFO0xdetSgjXn5MaHGJTxGtpCS8heC+YnwWNoSlJ
HsVR52ZcVPu+9Y3MlCbjtWbSOaTuksLHSnqUZiAX7wjjIqTbj6upzev8jnmrlx6R
onVk/tA2kvLIDpVpe2jBPd2EfinE7D67aQomuwxPBFW2bBjrDt/JNFym7jkeCy1d
CmdZDhJimT8pT1+tQeZRzePOgI7ZnXKmebMGQqYQcHxbEU0am/7hKiBpeaD2ujGC
BA0wggQJAgEBMIGTMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u
MRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRp
b24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAB
5y6PL5MLTxvpAAEAAAHnMA0GCWCGSAFlAwQCAQUAoIIBSjAaBgkqhkiG9w0BCQMx
DQYLKoZIhvcNAQkQAQQwLwYJKoZIhvcNAQkEMSIEIOkQmYDXPmLBh1DaIG8Y2CTX
QdhW9VMILYHR4VUkQa/MMIH6BgsqhkiG9w0BCRACLzGB6jCB5zCB5DCBvQQg5TZd
DXZqhv0N4MVcz1QUd4RfvgW/QAG9AwbuoLnWc60wgZgwgYCkfjB8MQswCQYDVQQG
EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG
A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQg
VGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAAecujy+TC08b6QABAAAB5zAiBCCsloFX
cLJwMLkxizfVMbeIkTSyF84H12/TwwH1v8D0vjANBgkqhkiG9w0BAQsFAASCAgCI
dACF0FS2OCOfS1jUu0GACyb39hQIlVJVPzSRhPj8Zc/h4mkTP358Wq57p+Qqm/zN
5UqpfHRCdaXB/KwG0re3rzYo8kqv5TIvMm+GTp4EUtqksyjaEeUCwjvo5pLinf56
ks0KADhqgddaHRjYeCeKyYvcdH78iTKM++NRupz0fwifHKNVo1FEGhtG++a0LdPp
UZk4DpvgoGfPnOGxt9fCchLHLxvHikWejK4cwsMA00otQUfhZnDm5vdQbi/NKBBV
RFmXPjHeY8He1h3hTuCO0O/spqVLhF2cK8Lid+F0HWwuOgVeCjy1RnpVKaTcQtMo
UmsGm75tdyQcKKTPvdtpuk72RAG2PqjtuC5U8fIo0c1l3cCr80ijVqkC7/PF1cfT
GY6T77CWexF5AwrJBX4ghnT0TsQU5kNBvqHEthWqKQjPyQuXh0wJ/5IlPJcaFa7X
QH4tMJMxAujRbWTQD+mS6HRYC7oRpdKKcQkZbE9z0NBaOK9e4Xn5tRjcGPVOK7DX
NizSCu+SXl7trZDH8uhqQBx1oBjEPP+/Og1q6pXjrITpsPUPKp9C56aIn8sQRitb
dtzdbywveaOcTy/8boBjsEpSipXVFZVETGs/MbKOkD2RkV5IFKAhr05dA58OisKA
8mbwwIi8UZuUQzdvx+U0FJakJqQONhWbdPUvFcViTAA=
-----END AUTHENTICODE SIGNATURE-----

208
signature-sles.x86_64.asc Normal file
View File

@ -0,0 +1,208 @@
hash: f327bfe0e31193974df9fa68b621a2c87d154ef2986059ce16fc6d0bd7537a96
# 1970-01-01 00:00:00
timestamp: 0
linker: 2902
checksum: 5cd1
-----BEGIN AUTHENTICODE SIGNATURE-----
MIIlkQYJKoZIhvcNAQcCoIIlgjCCJX4CAQExDzANBglghkgBZQMEAgEFADBcBgor
BgEEAYI3AgEEoE4wTDAXBgorBgEEAYI3AgEPMAkDAQCgBKICgAAwMTANBglghkgB
ZQMEAgEFAAQg8ye/4OMRk5dN+fpotiGiyH0VTvKYYFnOFvxtC9dTepagggszMIIF
GzCCBAOgAwIBAgITMwAAAF4N6/Cb7d174QABAAAAXjANBgkqhkiG9w0BAQsFADCB
gTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl
ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMi
TWljcm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMTAeFw0yMzEwMTkxOTUz
MjNaFw0yNDEwMTYxOTUzMjNaMIGGMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz
aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv
cnBvcmF0aW9uMTAwLgYDVQQDEydNaWNyb3NvZnQgV2luZG93cyBVRUZJIERyaXZl
ciBQdWJsaXNoZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzpvyW
cc7Gs+Ea6UCnwbKrckBd4Q7X4TqLmyMXmzQ0qR3SXfpXij+zVEgVsEiZu/q2EpK0
yMFaXzI2XRxUEh4OUvEr/YxnOIf4RC2LBhrMtGgxRgtsquEcYqpmpwD0/55+CAGt
Ro1lBKt6xjNg94JoiTyO06zfNsSU8XbAWKH/D6yNhmJy2sx8LCOzQ84FrnUw8WX5
qrYMxn098IVb7OWiT77OZDfQAacxPmjCl1Mu0B97JbkSXJQjC9i6bojYQiyj644u
l/AZ0PNQnsskHt3wRCWbt6JeJoBvZ1AfyB18YZlSTErrsLWMMdskxjDxaPQZ89np
hh8x1pp4s+rRydvnAgMBAAGjggGDMIIBfzAfBgNVHSUEGDAWBgorBgEEAYI3UAIB
BggrBgEFBQcDAzAdBgNVHQ4EFgQUlfB5rBZSx3/3mPyB55Q8ze/1EU8wVAYDVR0R
BE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJhdGlvbnMg
TGltaXRlZDEWMBQGA1UEBRMNMjI5OTExKzUwMTY1NzAfBgNVHSMEGDAWgBQTrb9D
Cb2CcJyM1U8xbtUimIob1DBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vd3d3Lm1p
Y3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb3JVRUZDQTIwMTFfMjAxMS0wNi0y
Ny5jcmwlMjAwYAYIKwYBBQUHAQEEVDBSMFAGCCsGAQUFBzAChkRodHRwOi8vd3d3
Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY0NvclVFRkNBMjAxMV8yMDEx
LTA2LTI3LmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAbF+I8
wqogC0dVERcDh9mPeIvBJ0MJAYE7RraCaQHgjl8vQi8X1yB8o/xzzP7vTJWxdHLx
uuVLIZMGW922OtA5zth05/mwOwYJClf5IEpj7lAYYDAFYLy4Q7amg0s13bFnpwJx
h4pNfvoZYaGpQw5HOTTz8fAZW5U61Kcbvy5sjbfKWJMxyD6GP1B8CkWHXsc5OdxU
y+GvmwuguWtgW7MNFOTxxccPocRo7/KKhTL68jZysOPdEyCbLnuiICwowAK2GHCh
cdxsOKwu/Lqb+rbJEv+Tj8aFNyuymDw6CYl/cfwbBrlh7EWB9Tr2bp8HRCYgZDC7
/3VMVGyApvwRUC4VMIIGEDCCA/igAwIBAgIKYQjTxAAAAAAABDANBgkqhkiG9w0B
AQsFADCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNV
BAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE7MDkG
A1UEAxMyTWljcm9zb2Z0IENvcnBvcmF0aW9uIFRoaXJkIFBhcnR5IE1hcmtldHBs
YWNlIFJvb3QwHhcNMTEwNjI3MjEyMjQ1WhcNMjYwNjI3MjEzMjQ1WjCBgTELMAkG
A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx
HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiTWljcm9z
b2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKUIbEzHRQlqSwykwId/BnUMQwFUZOAWfwftkn0LsnO/DArG
SkVhoMUWLZbT9Sug+01Jm0GAkDy5VP3mvNGdxKQYin9BilxZg2gyu4xHye5xvCFP
mop8/0Q/jY8ysiZIrnW17slMHkoZfuSCmh14d00MsL32D9MW07z6K6VROF31+7rb
eALb/+wKG5bVg7gZE+m2wHtAe+EfKCfJ+u9WXhzmfpR+wPBEsnk55dqyYotNvzhw
4mgkFMkzpAg31VhpXtN87cEEUwjnTrAqh2MIYW9jFVnqsit51wxhZ4pb/V6th3+6
hmdPcVgSIgQiIs6L71RxAM5QNVh2lQjuarGiAdUCAwEAAaOCAXYwggFyMBIGCSsG
AQQBgjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUCBBYEFPjBa7d/d1NK8yU3HU6hJnsP
IHCAMB0GA1UdDgQWBBQTrb9DCb2CcJyM1U8xbtUimIob1DAZBgkrBgEEAYI3FAIE
DB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNV
HSMEGDAWgBRFZlJD4X5YEb/WTp4jVQg7OiJqqDBcBgNVHR8EVTBTMFGgT6BNhkto
dHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNDb3JU
aGlQYXJNYXJSb29fMjAxMC0xMC0wNS5jcmwwYAYIKwYBBQUHAQEEVDBSMFAGCCsG
AQUFBzAChkRodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY0Nv
clRoaVBhck1hclJvb18yMDEwLTEwLTA1LmNydDANBgkqhkiG9w0BAQsFAAOCAgEA
NQhC/zDMzvd2DK0QaFg1KUYydid87xJBJ0IbSqptgThIWRNV8+lYNKYWC4KqXa2C
2oCDQQaPtB3yA7nzGl0b8VCQ+bNVhEIoHCC9sq5RFMXArJeVIRyQ2w/8d56Vc5GI
yr29UrkFUA3fV56gYe0N5W0l2UAPF0DIzqNKwk2vmhIdCFSPvce8uSs9SSsfMvxq
IWlPm8h+QjT8NgYXi48gQMCzmiV1J83JA6P2XdHnNlR6uVC10xLRB7+7dN/cHo+A
1e0Y9C8UFmsv3maMsCPlx4TY7erBM4KtVksYLfFolQfNz/By8K673YaFmCwhTDMr
8A9K8GiHtZJVMnWhaoJqPKMlEaTtrdcErsvYQFmghNGVTGKRIhp0HYw9Rw5EpuSw
mzQ1sfq2U6gsgeykBXHInbi66BtEZuRHVA6OVn+znxaYsobQaD6QI7UvXo9QhY3G
jYJfQaH0Lg3gmdJsdeS2abUhhvoH0fbiTdHarSx3Ux4lMjfHbFJylYaw8TVhahn1
sjuBUFamMi3+oon5QoYnGFWhgspam/gwmFQUpkeWJS/IJuRBlBpcAj/lluOFWzw+
P7tHFnJV4iUisdl75wMGKqP3HpBGwwAN1hmJ4w41J2IDcRWm79AnoKBZN2D4OJS4
4Hhw+LpMhoeU9uCuAkXuZcK2o35pFnUHkpv1prxZg1gxghnRMIIZzQIBATCBmTCB
gTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl
ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMi
TWljcm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMQITMwAAAF4N6/Cb7d17
4QABAAAAXjANBglghkgBZQMEAgEFAKCB3DAZBgkqhkiG9w0BCQMxDAYKKwYBBAGC
NwIBBDAcBgorBgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkqhkiG9w0BCQQx
IgQgRq9ceIYVwwT7J59sqDneA0/YIuLUvyKjjHH2OiRZab8wcAYKKwYBBAGCNwIB
DDFiMGCgMoAwAFMAVQBTAEUAIABMAGkAbgB1AHgAIABQAHIAbwBkAHUAYwB0AHMA
IABHAG0AYgBIoSqAKGh0dHBzOi8vd3d3Lm1pY3Jvc29mdC5jb20vZW4tdXMvd2lu
ZG93cyAwDQYJKoZIhvcNAQEBBQAEggEAVdCpoMwPovJGd29CZUkSPe9UvvahoUB9
FYbVATVEA3P3GkBfNoWAr1fhdA5FFu+9gSXuBaevn1JfAYj1oXeOJaDNtY+WsuJ4
VxtCEbM+o4VVWLst4gWTojlrjGsaV2OOXNbNw98+8XGJsA932dqzYv8X7uhrjZW/
wC9F/8OoPDDAoM8R7tKIm6hmwnyjiWGfGIOLHuhL5gvXP0Qy+Ex6AgrQW/GDUGjV
jKAE8rA0JStEqUulLw6dUXM1lUV5kQT7IDRKjh91Gwn7s8M98dRzWR9NCG/LfU5B
5S+qGxsMiNDvJ46ZwIeAXtzLmf1FygcQQXzJen4UyxoCjx2QOt91DKGCFykwghcl
BgorBgEEAYI3AwMBMYIXFTCCFxEGCSqGSIb3DQEHAqCCFwIwghb+AgEDMQ8wDQYJ
YIZIAWUDBAIBBQAwggFZBgsqhkiG9w0BCRABBKCCAUgEggFEMIIBQAIBAQYKKwYB
BAGEWQoDATAxMA0GCWCGSAFlAwQCAQUABCCNpBEsuuGuUzmV1OJ8tm5CTBqO275y
oxDGfw8ttfhG5gIGZfxowbM5GBMyMDI0MDQxMTIyNDk0NC44NDNaMASAAgH0oIHY
pIHVMIHSMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE
BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYD
VQQLEyRNaWNyb3NvZnQgSXJlbGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJjAkBgNV
BAsTHVRoYWxlcyBUU1MgRVNOOjE3OUUtNEJCMC04MjQ2MSUwIwYDVQQDExxNaWNy
b3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloIIReDCCBycwggUPoAMCAQICEzMAAAHg
1PwfExUffl0AAQAAAeAwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxEzAR
BgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1p
Y3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3Rh
bXAgUENBIDIwMTAwHhcNMjMxMDEyMTkwNzE5WhcNMjUwMTEwMTkwNzE5WjCB0jEL
MAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1v
bmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMkTWlj
cm9zb2Z0IElyZWxhbmQgT3BlcmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1UaGFs
ZXMgVFNTIEVTTjoxNzlFLTRCQjAtODI0NjElMCMGA1UEAxMcTWljcm9zb2Z0IFRp
bWUtU3RhbXAgU2VydmljZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
AKyHnPOhxbvRATnGjb/6fuBhh3ZLzotAxAgdLaZ/zkRFUdeSKzyNt3tqorMK7GDv
cXdKs+qIMUbvenlH+w53ssPa6rYP760ZuFrABrfserf0kFayNXVzwT7jarJOEjnF
MBp+yi+uwQ2TnJuxczceG5FDHrII6sF6F879lP6ydY0BBZkZ9t39e/svNRieA5gU
nv/YcM/bIMY/QYmd9F0B+ebFYi+PH4AkXahNkFgK85OIaRrDGvhnxOa/5zGL7Oii
i7+J9/QHkdJGlfnRfbQ3QXM/5/umBOKG4JoFY1niZ5RVH5PT0+uCjwcqhTbnvUtf
K+N+yB2b9rEZvp2Tv4ZwYzEd9A9VsYMuZiCSbaFMk77LwVbklpnw4aHWJXJkEYmJ
vxRbcThE8FQyOoVkSuKc5OWZ2+WM/j50oblA0tCU53AauvUOZRoQBh89nHK+m5pO
XKXdYMJ+ceuLYF8h5y/cXLQMOmqLJz5l7MLqGwU0zHV+MEO8L1Fo2zEEQ4iL4BX8
YknKXonHGQacSCaLZot2kyJVRsFSxn0PlPvHVp0YdsCMzdeiw9jAZ7K9s1WxsZGE
BrK/obipX6uxjEpyUA9mbVPljlb3R4MWI0E2xI/NM6F4Ac8Ceax3YWLT+aWCZeqi
IMLxyyWZg+i1KY8ZEzMeNTKCEI5wF1wxqr6T1/MQo+8tAgMBAAGjggFJMIIBRTAd
BgNVHQ4EFgQUcF4XP26dV+8SusoA1XXQ2TDSmdIwHwYDVR0jBBgwFoAUn6cVXQBe
Yl2D9OXSZacbUzUZ6XIwXwYDVR0fBFgwVjBUoFKgUIZOaHR0cDovL3d3dy5taWNy
b3NvZnQuY29tL3BraW9wcy9jcmwvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBD
QSUyMDIwMTAoMSkuY3JsMGwGCCsGAQUFBwEBBGAwXjBcBggrBgEFBQcwAoZQaHR0
cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBU
aW1lLVN0YW1wJTIwUENBJTIwMjAxMCgxKS5jcnQwDAYDVR0TAQH/BAIwADAWBgNV
HSUBAf8EDDAKBggrBgEFBQcDCDAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQEL
BQADggIBAMATzg6R/A0ldO7MqGxD1VJji5yVA1hHb0Hc0Yjtv7WkxQ8iwfflulX5
Us64tD3+3NT1JkphWzaAWf2wKdAw35RxtQG1iON3HEZ0X23nde4Kg/Wfbx5rEHkZ
9bzKnR/2N5A16+w/1pbwJzdfRcnJT3cLyawr/kYjMWd63OP0Glq70ua4WUE/Po5p
U7rQRbWEoQozY24hAqOcwuRcm6Cb0JBeTOCeRBntEKgjKep4pRaQt7b9vusT97We
JcfaVosmmPtsZsawgnpIjbBa55tHfuk0vDkZtbIXjU4mr5dns9dnanBdBS2PY3N3
hIfCPEOszquwHLkfkFZ/9bxw8/eRJldtoukHo16afE/AqP/smmGJh5ZR0pmgW6Qc
X+61rdi5kDJTzCFaoMyYzUS0SEbyrDZ/p2KOuKAYNngljiOlllct0uJVz2agfczG
jjsKi2AS1WaXvOhgZNmGw42SFB1qaloa8Kaux9Q2HHLE8gee/5rgOnx9zSbfVUc7
IcRNodq6R7v+Rz+P6XKtOgyCqW/+rhPmp/n7Fq2BGTRkcy//hmS32p6qyglr2K4O
oJDJXxFs6lwc8D86qlUeGjUyo7hVy5VvyA+y0mGnEAuA85tsOcUPlzwWF5sv+B5f
z35OW3X4Spk5SiNulnLFRPM5XCsSHqvcbC8R3qwj2w1evPhZxDuNMIIHcTCCBVmg
AwIBAgITMwAAABXF52ueAptJmQAAAAAAFTANBgkqhkiG9w0BAQsFADCBiDELMAkG
A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx
HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9z
b2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTAwHhcNMjEwOTMwMTgy
MjI1WhcNMzAwOTMwMTgzMjI1WjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz
aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv
cnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAx
MDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOThpkzntHIhC3miy9ck
eb0O1YLT/e6cBwfSqWxOdcjKNVf2AX9sSuDivbk+F2Az/1xPx2b3lVNxWuJ+Slr+
uDZnhUYjDLWNE893MsAQGOhgfWpSg0S3po5GawcU88V29YZQ3MFEyHFcUTE3oAo4
bo3t1w/YJlN8OWECesSq/XJprx2rrPY2vjUmZNqYO7oaezOtgFt+jBAcnVL+tuhi
JdxqD89d9P6OU8/W7IVWTe/dvI2k45GPsjksUZzpcGkNyjYtcI4xyDUoveO0hyTD
4MmPfrVUj9z6BVWYbWg7mka97aSueik3rMvrg0XnRm7KMtXAhjBcTyziYrLNueKN
iOSWrAFKu75xqRdbZ2De+JKRHh09/SDPc31BmkZ1zcRfNN0Sidb9pSB9fvzZnkXf
tnIv231fgLrbqn427DZM9ituqBJR6L8FA6PRc6ZNN3SUHDSCD/AQ8rdHGO2n6Jl8
P0zbr17C89XYcz1DTsEzOUyOArxCaC4Q6oRRRuLRvWoYWmEBc8pnol7XKHYC4jMY
ctenIPDC+hIK12NvDMk2ZItboKaDIV1fMHSRlJTYuVD5C4lh8zYGNRiER9vcG9H9
stQcxWv2XFJRXRLbJbqvUAV6bMURHXLvjflSxIUXk8A8FdsaN8cIFRg/eKtFtvUe
h17aj54WcmnGrnu3tz5q4i6tAgMBAAGjggHdMIIB2TASBgkrBgEEAYI3FQEEBQID
AQABMCMGCSsGAQQBgjcVAgQWBBQqp1L+ZMSavoKRPEY1Kc8Q/y8E7jAdBgNVHQ4E
FgQUn6cVXQBeYl2D9OXSZacbUzUZ6XIwXAYDVR0gBFUwUzBRBgwrBgEEAYI3TIN9
AQEwQTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9w
cy9Eb2NzL1JlcG9zaXRvcnkuaHRtMBMGA1UdJQQMMAoGCCsGAQUFBwMIMBkGCSsG
AQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTAD
AQH/MB8GA1UdIwQYMBaAFNX2VsuP6KJcYmjRPZSQW9fOmhjEMFYGA1UdHwRPME0w
S6BJoEeGRWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3Rz
L01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNybDBaBggrBgEFBQcBAQROMEwwSgYI
KwYBBQUHMAKGPmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWlj
Um9vQ2VyQXV0XzIwMTAtMDYtMjMuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQCdVX38
Kq3hLB9nATEkW+Geckv8qW/qXBS2Pk5HZHixBpOXPTEztTnXwnE2P9pkbHzQdTlt
uw8x5MKP+2zRoZQYIu7pZmc6U03dmLq2HnjYNi6cqYJWAAOwBb6J6Gngugnue99q
b74py27YP0h1AdkY3m2CDPVtI1TkeFN1JFe53Z/zjj3G82jfZfakVqr3lbYoVSfQ
JL1AoL8ZthISEV09J+BAljis9/kpicO8F7BUhUKz/AyeixmJ5/ALaoHCgRlCGVJ1
ijbCHcNhcy4sa3tuPywJeBTpkbKpW99Jo3QMvOyRgNI95ko+ZjtPu4b6MhrZlvSP
9pEB9s7GdP32THJvEKt1MMU0sHrYUP4KWN1APMdUbZ1jdEgssU5HLcEUBHG/ZPkk
vnNtyo4JvbMBV0lUZNlz138eW0QBjloZkWsNn6Qo3GcZKCS6OEuabvshVGtqRRFH
qfG3rsjoiV5PndLQTHa1V1QJsWkBRH58oWFsc/4Ku+xBZj1p/cvBQUl+fpO+y/g7
5LcVv7TOPqUxUYS8vwLBgqJ7Fx0ViY1w/ue10CgaiQuPNtq6TPmb/wrpNPgkNWcr
4A245oyZ1uEi6vAnQj0llOZ0dFtq0Z4+7X6gMTN9vMvpe784cETRkPHIqzqKOghi
f9lwY1NNje6CbaUFEMFxBmoQtB1VM1izoXBm8qGCAtQwggI9AgEBMIIBAKGB2KSB
1TCB0jELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT
B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UE
CxMkTWljcm9zb2Z0IElyZWxhbmQgT3BlcmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQL
Ex1UaGFsZXMgVFNTIEVTTjoxNzlFLTRCQjAtODI0NjElMCMGA1UEAxMcTWljcm9z
b2Z0IFRpbWUtU3RhbXAgU2VydmljZaIjCgEBMAcGBSsOAwIaAxUAbfPR1fBX6HxY
fyPx8zYzJU5fIQyggYMwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz
aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv
cnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAx
MDANBgkqhkiG9w0BAQUFAAIFAOnClEYwIhgPMjAyNDA0MTIwMDU0MzBaGA8yMDI0
MDQxMzAwNTQzMFowdDA6BgorBgEEAYRZCgQBMSwwKjAKAgUA6cKURgIBADAHAgEA
AgIkVTAHAgEAAgISQzAKAgUA6cPlxgIBADA2BgorBgEEAYRZCgQCMSgwJjAMBgor
BgEEAYRZCgMCoAowCAIBAAIDB6EgoQowCAIBAAIDAYagMA0GCSqGSIb3DQEBBQUA
A4GBACjhO5VNAZ4M+K68yoopbRRXNkatDqiQlGGRo/28TSyoZNsfDPS9PbP8mudH
iZdF33as5llpEGH7q3arPBjAQzA6l/m+RbBs+Sn/sbMHSwWKFwaC9J3/tN1/KzZZ
WMhpLY36EhTg2vgw6mWqQgCCzRiXkJOe03FLMocETNDUQYeoMYIEDTCCBAkCAQEw
gZMwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT
B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UE
AxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTACEzMAAAHg1PwfExUffl0A
AQAAAeAwDQYJYIZIAWUDBAIBBQCgggFKMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0B
CRABBDAvBgkqhkiG9w0BCQQxIgQgDu4FStwQQV5IJr8tEGfg8gGlF/nGnBCygv/Z
/nhL00cwgfoGCyqGSIb3DQEJEAIvMYHqMIHnMIHkMIG9BCDj7lK/8jnlbTjPvc77
DCCSb4TZApY9nJm5whsK/2kKwTCBmDCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYD
VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy
b3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1w
IFBDQSAyMDEwAhMzAAAB4NT8HxMVH35dAAEAAAHgMCIEIPXZ6G4PFa+g0bETF5xr
w6GJUvcLtV90GLZw7lwhz3W8MA0GCSqGSIb3DQEBCwUABIICABwmE4kR0CUYylqX
iG/hm7ezIt+1hOmbQezOCkQBc8Ko29zNzOHH4sRFcP9FD3e+B9wlDj832ZC7jsVL
y8c9kRt2msQziN/yzBgfB9D0hOXpJR7VEtPxFyOf3BRH8sS4ZMWKXNb4NK9NuNA8
ydFQQC4TKgfiFPhZ92DQB1IUs+j6NlZnwis1B6q9zP3ix7wOjz+sOUGv8TrN7V44
8E0OkPdLeZQaMcYMtkBIpjJUP2G+u+dPCERjDWNPH8SzSwdfxe/+0rX2YR0EO43W
eVWB0P8mtsKXP6dHVmie5NNfvfBM6cDheuAx2d7SAqWNiAvp5h+HYO0rHfpmYig8
Rbq2/Vl42by4FahVG8yAEelVe+riOHtV1qrgeA2hTtJ/iTU5IbmWyGIbQ00s98Uc
fTM/fGj1kVhk03yyT38GTSowo1xCHCjbX/aNXR1WqXEWixLZrPWPw/blu1oYr5q9
3khGOK7jgacSxKTQ/9a+CPm5lv6SMCtTJbdxpPSnf1vOLn9EI2o+S322oR+WXJxg
nKc/1U32u2wjDw29SFYMZvN+8RifaOHV/1TcbcD5k/YsjkYv1lw/6Sfigo2iE82P
SwWBsJdmS1jI1h02q49TFYW/aEQ6QI7bqYZgatyXqzo0wKPIp56dWJMliJ7CmHBG
nO0K5xLYtOjQNErZcXyOqvs1XDvuAAAA
-----END AUTHENTICODE SIGNATURE-----

13
strip_signature.sh Normal file
View File

@ -0,0 +1,13 @@
#!/bin/bash
# strip the signature from a PE binary
set -e
infile="$1"
if [ -z "$infile" -o ! -e "$infile" ]; then
echo "USAGE: $0 file.efi"
exit 1
fi
outfile="${infile%.efi}-unsigned.efi"
pesign -r -i "$infile" -o "$outfile"

146
timestamp.pl Normal file
View File

@ -0,0 +1,146 @@
#!/usr/bin/perl -w
# Copyright (c) 2012-2021 SUSE LLC
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
=head1 timestamp.pl
timestamp.pl - show or set pe timestamp in file
=head1 SYNOPSIS
timestamp.pl [OPTIONS] FILE...
=head1 OPTIONS
=over 4
=item B<--set-form-file=FILE>
parse timestamp, checksum, and linker version from file
=item B<--help, -h>
print help
=back
=head1 DESCRIPTION
lorem ipsum ...
=cut
use strict;
use Getopt::Long;
Getopt::Long::Configure("no_ignore_case");
use POSIX qw/strftime/;
my %options;
sub usage($) {
my $r = shift;
eval "use Pod::Usage; pod2usage($r);";
if ($@) {
die "cannot display help, install perl(Pod::Usage)\n";
}
}
GetOptions(
\%options,
"set-from-file=s",
"verbose|v",
"help|h",
) or usage(1);
usage(1) unless @ARGV;
usage(0) if ($options{'help'});
my $set_timestamp;
my $set_checksum;
my $set_linker;
if ($options{'set-from-file'}) {
die "$options{'set-from-file'}: $!\n" unless open(my $fh, '<', $options{'set-from-file'});
while (<$fh>) {
chomp;
if (/^timestamp: ([0-9a-f]+)/) {
$set_timestamp = pack('L', hex($1));
next;
} elsif (/^linker: ([0-9a-f]+)/) {
$set_linker = pack('S', hex($1));
next;
} elsif (/^checksum: ([0-9a-f]+)/) {
$set_checksum = pack('S', hex($1));
next;
}
last if $set_timestamp && $set_checksum && $set_linker;
}
close($fh);
die "file didn't contain timestamp, checksum, or linker\n" unless $set_timestamp && $set_checksum && $set_linker;
}
sub do_show($)
{
my $file = shift;
die "$file: $!\n" unless open(my $fh, '<', $file);
die "seek $file: $!\n" unless seek($fh, 136, 0);
my $value;
die "read $file: $!\n" unless read($fh, $value, 4);
my $timestamp = unpack('L', $value);
print strftime("# %Y-%m-%d %H:%M:%S\n", gmtime($timestamp));
printf ("timestamp: %x\n", $timestamp);
die "seek $file: $!\n" unless seek($fh, 154, 0);
die "read $file: $!\n" unless read($fh, $value, 2);
printf ("linker: %x\n", unpack('S', $value));
die "seek $file: $!\n" unless seek($fh, 216, 0);
die "read $file: $!\n" unless read($fh, $value, 2);
printf ("checksum: %x\n", unpack('S', $value));
close($fh);
}
sub do_set($)
{
my $file = shift;
die "$file: $!\n" unless open(my $fh, '+<', $file);
die "seek $file: $!\n" unless seek($fh, 136, 0);
die "write $file: $!\n" unless print $fh $set_timestamp;
die "seek $file: $!\n" unless seek($fh, 154, 0);
die "write $file: $!\n" unless print $fh $set_linker;
die "seek $file: $!\n" unless seek($fh, 216, 0);
die "read $file: $!\n" unless print $fh $set_checksum;
close($fh);
}
for my $file (@ARGV) {
if ($options{'set-from-file'}) {
do_set($file);
} else {
do_show($file);
}
}