From patchwork Wed Mar 13 20:13:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: ali.oezaslan@arm.com X-Patchwork-Id: 40936 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E7859C54E69 for ; Wed, 13 Mar 2024 20:13:48 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.6180.1710360822394727199 for ; Wed, 13 Mar 2024 13:13:42 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ali.oezaslan@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id A818D1063; Wed, 13 Mar 2024 13:14:18 -0700 (PDT) Received: from PW05BKJD.arm.com (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 96DF93F64C; Wed, 13 Mar 2024 13:13:40 -0700 (PDT) From: ali.oezaslan@arm.com To: meta-arm@lists.yoctoproject.org Cc: Ali Can Ozaslan , Bence Balogh Subject: [PATCH 1/3] arm-bsp/trusted-firmware-m: corstone1000: update to 2.0 Date: Wed, 13 Mar 2024 20:13:23 +0000 Message-Id: <20240313201325.27043-2-ali.oezaslan@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240313201325.27043-1-ali.oezaslan@arm.com> References: <20240313201325.27043-1-ali.oezaslan@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 13 Mar 2024 20:13:48 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/5434 From: Ali Can Ozaslan This change upgrades the trusted-firmware-m version to 2.0 for Corstone-1000. Signed-off-by: Ali Can Ozaslan Signed-off-by: Bence Balogh Emekcan Aras --- .../conf/machine/include/corstone1000.inc | 2 +- .../corstone1000/images/ExternalFlash.png | Bin 40835 -> 54896 bytes ...ware-m-disable-address-warnings-into.patch | 26 ++ ...e1000-Increase-BL2-size-in-flash-lay.patch | 27 -- ...orstone1000-Update-MPU-configuration.patch | 274 ++++++++++++++++++ ...-Corstone1000-Increase-BL2_DATA_SIZE.patch | 31 -- ...m-corstone1000-Cover-S_DATA-with-MPU.patch | 76 +++++ ...e1000-Calculate-the-new-CRC32-value-.patch | 69 ----- ...e1000-Fix-issues-due-to-adjustment-M.patch | 76 +++++ ...ed-firmware-m-disable-fatal-warnings.patch | 24 -- ...ne1000-align-capsule-update-structs.patch} | 0 ...orstone1000-add-unique-firmware-GUID.patch | 35 --- ...1000-fix-synchronization-issue-on-o.patch} | 0 ...m-Corstone1000-Enable-Signed-Capsule.patch | 102 ------- ...rstone1000-skip-the-first-nv-counter.patch | 33 +++ ...tone1000-increase-ITS-max-asset-size.patch | 29 -- .../trusted-firmware-m-1.8.1-src.inc | 46 --- .../trusted-firmware-m-corstone1000.inc | 26 +- ...trusted-firmware-m-scripts-native_1.8.1.bb | 2 - .../trusted-firmware-m_1.8.1.bb | 2 - .../wic/corstone1000-flash-firmware.wks.in | 6 +- 21 files changed, 501 insertions(+), 385 deletions(-) create mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/0002-arm-trusted-firmware-m-disable-address-warnings-into.patch delete mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-corstone1000-Increase-BL2-size-in-flash-lay.patch create mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-platform-corstone1000-Update-MPU-configuration.patch delete mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-Platform-Corstone1000-Increase-BL2_DATA_SIZE.patch create mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-platform-corstone1000-Cover-S_DATA-with-MPU.patch delete mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-Corstone1000-Calculate-the-new-CRC32-value-.patch create mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-corstone1000-Fix-issues-due-to-adjustment-M.patch delete mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-arm-trusted-firmware-m-disable-fatal-warnings.patch rename meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/{0008-platform-corstone1000-align-capsule-update-structs.patch => 0004-platform-corstone1000-align-capsule-update-structs.patch} (100%) delete mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-Platform-corstone1000-add-unique-firmware-GUID.patch rename meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/{0009-platform-corstone1000-fix-synchronization-issue-on-o.patch => 0005-platform-corstone1000-fix-synchronization-issue-on-o.patch} (100%) delete mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-Enable-Signed-Capsule.patch create mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-skip-the-first-nv-counter.patch delete mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-increase-ITS-max-asset-size.patch delete mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.8.1-src.inc delete mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_1.8.1.bb delete mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.8.1.bb diff --git a/meta-arm-bsp/conf/machine/include/corstone1000.inc b/meta-arm-bsp/conf/machine/include/corstone1000.inc index a25a214e..a82d0076 100644 --- a/meta-arm-bsp/conf/machine/include/corstone1000.inc +++ b/meta-arm-bsp/conf/machine/include/corstone1000.inc @@ -3,7 +3,7 @@ require conf/machine/include/arm/armv8a/tune-cortexa35.inc MACHINEOVERRIDES =. "corstone1000:" # TF-M -PREFERRED_VERSION_trusted-firmware-m ?= "1.8.%" +PREFERRED_VERSION_trusted-firmware-m ?= "2.0.%" # TF-A TFA_PLATFORM = "corstone1000" diff --git a/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png b/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png index 399f87568fa16af62a12aeebfad913d38a7577df..578f0389969ecebbd284d78e062a0df1af4067fe 100644 GIT binary patch literal 54896 zcmeFZcTiJX8#hW3l`bF%ND&dF_Y%6)0HG6llM(^}5?TtOD}qY10RjRdDqWDG(vczv z0)iCjAOg~RZ+8bh?>X<8JKx-Y?##V2@8~u=D|@fQ zM^aTvn(&W|h^&~n_3!5$;V|T%4)sxZcTZ189tkaJ5iy`EK1*?N9!WLePR|{Q#sQx= zkc@+j6hCmM>h0|bvw%54+<|emq$OoVBxMM%K(wLydOQ;9z`dut2MqWC!<;=(gjdwv zd{JINiAn8@iLpwZOP)zR1eA6*dE0P}Z*|DL}p6bIMQw{`@(z`am9z_9LaCco#6 zf%*EmqmX}=DIp>*0*p_1*+0M=_Pf;uhH-ZW29)5D)C5TQhgQHNNJn5Er!+JImM<*+ z`$hLZG}FMUL#?df5IH#)q=Y6|Pfc7CSUaH;S#xg}Pid4C*hoqoi8g>qs2XT$s!MD8 zNJtpz%ebPU7*{{MfvlK`DgvVJXKdi?0_Bka=%?l(2G`Nm&_`%HsaYWWEp@@an*)sW zL8dO!AQydAlmt=??yM&P!s4VLhEh&mvQS^RtFtrK1)||3tFP}5lh8KN18Z4(=&M5g zQATb?724A!W>gMhz2d3rBG%OdJl7U&>t_2i3(`xVUJV!l8J)KEzlL0@n5qFoS}% zT~*z|YWjZS>SACSurW&772)A+;bf$1K;RWMH#L2zgcsaU-&jx5+A;v>SrcgX11>K| z86DsQXXuR=)6i8j2VtQa2$(xSO*JjF3_d^;4pTFbbvJ;yyEv<1(O4`B?J1|>DdU0$ z!!Y{(J|-psU>zBNm$baqz&g@ccTG=6EkB$%9%wO;_OmiJ#b`o2wY0>XRCQd<^{t_@ zI!?Y4ZmMotXlY$tIYU1UtQ*+fS|1oMz+KA}4kmD)zOSx^v6nRx>Zc)LEbR?<$II$! zS`c@BA5>u-$qw+_&Al955f{jJ2L{U8Bgl%cqG3-I(1_X6uknp>)?Vtidd26%`Q z%30M%%u&@C?WZN~Wv1?{=Y;i?hRNwz;Vg|@9G%7eEe%|NVVqn*dN5yOJy{G!M;fFL z#T&wrI9G%df$&bw2qzN>1aODZcXtALV*z5SA&m@y(anGh?c)h|bCd*0=>`OdNkOz^ zrNL4tjd(HbZiRM*;D z*2!Db$3WXqSHs#ErU{X8Hj`GDhFQu4$e2j#;*6kb*4A>K*2ZR*7+Ebdb%?CDw}Fwq zw3msgnYz24S%9{<3`|E>Ox3{2*vZA*#K%-Z!_X1w1~HO?$e2T1w0$sQ(w4@~;?^>H zI-Y1BM;)A@hcymi4ab0>D0gE6h?Su+Qr$~W%tt~StZyX^H$j`Z`GbHdg5>!K*1ZnXJfXli#83V6kojkCrzBnIMOKEpB8sjggY6XeT)dO9W0|N<+%m6D5oB2ALazWdhXH z#RH@9~5D z8p#@|LGVTh2{Roj;7509gh>EI7Ydg10pUD=230_xY3X51T%4TXzPhS_ebPsvthKeh z%+&!6s%9;t1~KwR>47CRt&P>eNUXV@n3p+H)7Qcq;ijW);RbTIK)WK;oG?99rDkL=A;AGc)xONBLub2^mXD20(qpadI#(q>q>!&|)SB(vyK3 zid(yg2Vgu6i35+SIU)^wfDe=t2I7U$a<$Zj$y&HN zp=I$BFejkh5)*)y@{ly~H^bo2W@r}=8FMQ`F?TFN!$8l>Man|jT3X5vWsNhjHnPCr zfZ3?Ys0Vmre4Wiv1~OPZ4NWgiV>}dMiZt@TV{lS9aV=dPCy-Hqm76ABL)OJZ3$R04 z-V)+ijFgOH076esN=!rA6KI3__{;bref_Mo!Df<{(r$3DI?i1SX<-df0|Re*NoxDT zu^2T?T{D=PG)4{SspX?17{+Q;>G3);h5+6V58wUUwqHcZRX%|+MUP1n-R zLI&*;;DwNI_fnT~a+T53clMVw)Hfhd${LFXOobLo7Z4AmxERI*0XNe`csuIJcw1T- zx|+L7c8WyNguG6oFmN4%-6>UW(BqI(lRjyVLW8@#bq!Ws$eOC z?pDPTtS{j&LAU>9mrso}@coagBdJ+_R?eS@=n9dJ2H*zRFOHHvWrG~ZtSY?o8h+=6 z@>Cf7jwyK?;57Ws&uJKA5VH~}u<|7|?Tx3X>&)_k{J=r_U`qNMhk?zxz`RNUBaPXL zqYJ+*LcOzy$oOs$Qy7JjTzvlf_WQ#dSIDaqO0pLn#BBr=@|g0~{_A(((Kw;v?IxJm zs=P1d%~Ae;y`D=%T9lSrf%MAldO~9Rn$=x#mhTe6KbD;*2 zp!r_sgWIWU*(U+%j}oTHwwfFw&q2rMH2Cky1r>LP{;Jm>yr<-Jh1MR7hxQ zv>7mdjWk6gQO{Ij3n4RCedafrYw(w@`5*7^0VK3&tWZCIw(32S;a;|{is+zpdoYei&hj&JMFHGT`vgB4JQ(*ufJSxc!4$^ zkf<;RN=r4nF^Pn3SOc4>vb~x~;TLiz(eJw z$)n>XL2IVZFB%X#{FJ?pi#G4sL^?aZqJJp<`GYNOJ+aK9aVj; zb7YkIrQF(4VJi-!Vv1vlaBP2f72W@=zdlt4%wenObEcHmUgHV#+Y#tq9TsJ*0`^6- zSsW|PaINBJ4mXeOq(q;Q&-qQa)bDu|9$fCJ=3Tb0iO8)oNFI|p-d0=-KGii7CnQwW z$DuU1GlZ`sPr?i)5>^La=^9rD9??I3$Dw}LC=+U@9D<8C*DSs2dZ>{zP$7!%62^U7bj*PuvTm#0hoRz^eJioK>*0+t> z78JtFZGmiwdXM^A6v9JgQ%QDx$Fp%+8nU)_WYeVoh$I$I6MjaxeS7^gw~#MOjAYdI zkD~>PyKG9lzKML%tV@;L(5JIZUQ@-_YF)dnb{#87g?98jqygu-%g8JlBI|OF6U< z0`n_ephMw>aJ#Vbf~ z-3T7UiTx)10zmp&gDLQ;>TO(z(qqapM#!&-ubT#_rAH*1Jf*a8!>8%NxHyo zv1Fu#hSM%-j^i24;_b`6`#cm!acx!SY|iM^>ptQomAE7n*^uDzV_~+7dHfX*$9T;h zxhPR?|L@)pjK%&BIsHj-U!IYB`;qOANb|dYBcpx-yuI@vFAbSA5a7kRb2-%rh7-jhZ-PSinrhdNuuZM4LG@wUe39mIlp z;Th$l9S#N=&SU4PCs*V{T|&2>6;WAjBZg}?IrWzNI2w~snt4Je1C2IC9-+1h!6fm^ zBTY?(;L++DaIDFBPH_qPR|Zi$Q&E>GsyWB&)YA%d9@N<~GQP1x6-L9OsQ5Wca8sNM z&A(0H1T#SGIG=PY2*J)qk_m;&g1dX%uN4#}DYWXB7QDkFR0<^u8Tn!_TZ}o{VX=es!dJAHej-9xwv-VBD`g<L5nY)xsmPf(ds2THx z2bEy8(M28O5?6I8PO%}@2xWfLN&|+4h1s}8aEAOepmc423Y&h0+`c1n z`>oTu+ZUxE%?_gi23+YS;X6#EpKz5ZmaD>&td|Ef7VD3E3XNmkfE; zZB~U`BEg#V9)%*3`4iWJ#CpN4oD9i3``wv38I$uXg4vZh$>}F@7=7x1ZJ|~Cc7OzB zS;Wmf)lWz7Jf^Se{px4U8d!|f!!^hLX2<&acA4Kk8}f{hs%Cn4Vb6=KY`@-9Iy8kG}okj z_`HsvT`M)~dg%#%k81i9`g&@tynT0b{G7C&gt z6Jpt-fhH+ype@KM8fu}7C0;h!Yzg#Zk9lbjz_qY`i!>T z@%ZIsb`?g(m^LOWQC3U14CkWZ3*xn*8x$6X8AeJI0T7E@La{triAzmy3YkX=&hB^G zcMhfm*!^~mc>r=n{w7!YS$lxBszRnFg%_?gM)2tA8lgu?XRRg@?mc)3?#Z7OhIN>c z8--F}mj_;;IdNSaV^JaNRNl)ZdG953zkmQ|=e&&Y(|dr|aBMcApC)`sK-Oc$z5O1G z3fB)F{W-2xRwbHt13=%0F;u;q*!(yOstJ8RPnL8gNy0BqCFKLn!7{Dy&OFb&+$^2o zdv4h4#Zb>9SCi_{;Fq__WTt^%4*XCkn_S1IZNDpVs;}& z7`*bWULn&%aB;ktg3|D_Us`4%AN|v7pd)?SqKBNMBRhoUc6AO#x6t-cHIbj3yfi+V zeY0*nq4dsAGO}&IY8j6+TpA9arCrH#Db(Vi$+Vt-+WM^S?v|B1%d$}83x=24v15`+ z`2FgFgL**)FDofQ6WHfW-bDFgA4bt8VvTAo~3~yQh>KTKUw_+ivXXQ(~sr3r4)frk#OV@2zc2>r(bcMO{8&P$NNQRsn zi`way3YBk-sY!h09_KmyoLAxzPsC3a!**WCPOFJ#&uxJ&iUXQ7&eX6cj+6brdJLKz5Z_e+_O((^YNkVMiIt5PZD(8Kdd=)e=VA9l1w z1z5pSsjAROZ2$9R1pl?2t~%>Bn@B`^N?V!$Q$tsVikMR~&4LMZ*(Mzxj@|od{JqjG zZlCKKxLYD;X#`TEFS}};?uQijrqb<0dLFqgNLJ@#xvV0ElusnQX@9SK16a3AD23H& zcsD~~dF%d{*Mc5}_;Sryb_;5ocbm+WG*$|U9W5`@mkQKV>i{30mF34(ouL?k);7;Z zi3;O*)>nP>s%AF+8hHhBYx8r?(#hS~@h6V!@0=evb|_Ok846^VXY|3-u1io< z4i#OJG;*LLy#Oyc9q?Tx8FvZSSE6i1pQTsx8tLkuXpfuIJYL&~N)glR?D}>N`xdsw zcDTE(-%-q_;7DJt_~^?S;m0r@-8rA+7a*NS`Lk7kB1lY5er2#eb@%Z3q}@cqY!WPh zw|#s30Q-QezXa(QgCp-1x9T@el#o2@Z`Q>osvI0uDwP^&H8Dnzh3^GGklT?i&jBJt z&*OAr65@}8d?QE5dLK!6>CQlj%_E1bWwzK*9X+_9*+jJ4Mu`shTh~u#7&WYES>io4 zb@RwyzLd4-PY&K%odcl=B zvwR^SoXf#K5>B;Hs$N!6cO_0jKk-Z8qn-1ixy}c402B^DVvTIMPwuKHQlsMxB}&smD+$cp=a%vZlq>17!}}ahnn>^*?^W@YmOSBxNTgoCb*h%+8#(fA`O?r=%=~0FXKQdtmOekd) zxNZs={Pzm#GtMyMq$gQ$(jP6K{nyaX!&CrfLo`UPB5u7s)d2rkO(^}%iM|Nz+L_hs zz|QL9fJ=-i`+p1jvtu1J)ea4j{fZ<^J6_=zIFpprGd>C{P%j$zqNDDOk z5}4&Lweh_)Y;cFrVd0(sb@)FT{>?Ur0;|g-er(MGWep>_M_->~SbDm1 z@4L3Qf5ABUA79rP0d`le&&i9(}B7A1LUjZV+G zGKBjzP@B)@FBNi|0X?Z|6l9_%G@z8?8>dRJR?D);hrpG$L$stQfyP83?Neo)4hT(_ zOK-A@Eo*|496`s195nKf7P&@mwAU*j4ufo~d}zU#4$Uvj#=Q?QOOnL#94akof$;_5 z*w!35%VK{95;BU2t7N5(FgI{aS~c@gqyhMuWw#i@I}j>halTXOlhf$yn%%vPOB6Hh zx2zuTUvc|-<@>vZ^F#iu_pYdtv6rXtP*s;iF|4zV~(_!mgvoGd{MZm_i_Wez(!uH z55E7b??LeWsawgndk++caak|-?%X^zK*V}s18YPWH5`bbMx@BT)W!jZE1js0s=BeI zQ@yfR=i!wQJ%2Yd%DRvvwH_))@q*CHdQaa$$;QyB+nKXrpF!1rG!2pDg^_12wPi3a zS@+%;Vlxov)ummD6h7##8Nc>ysLqJ`dZ&GkG9DzWQLd{=r-EkrlH7BN=l;)zUMs=w z*Bja+H6Q3Q)uS|?UF7ju+ofQlN+dBCS8d- zQGTI$;CPo&GLK^VO&~7m%}CtCsgsZ4UZof0q1wIfJz%ocNz$RK>dPt2UrQ?}*0@_b zT9$*a_xf0ptYl`v#hgY|zSp67l|zs3|4bH`T7DIK{*sK;jPOucJf}*Q**65BL%lLi zt?l<)VS}=|S_@w|{!+{Jfq&GtaAy%|QN(b6XQNNhN)Veoo{2Q73)=W3kT&H72`bB+ zw6Ay;$-a=E;yHx5kabJmJ{mnDAe{enQ*G^f=Jl ztf_C=qIc7(U+zD=(GdKkm9AQ8$~E+3jEv|QAIo0?69@=U>VVH5dsL4)wN|Igrn;2K z(WWoh;@Hspsx?JUn!YI-MqLfdN7r{V%oeI{w{&sdr4yzwSaz7;T~!WUW3|J_w@l~1 zH~apCtJ^EZ3_M9PXq0a(I#TiBqW~SRmc4Wn2vd;rOU3i-yCuaJ$J_fIfzkz5ai7t& zMO2L2dC%bC1N5&$4|neY5}IjW8UhOTrb|}}^-3$t(`c5-F)jzO_VX8Ee142Wa-jK= z{X!hEdFaYK4x63SGxl={iD4l#U+E(#7}Xdb&c;Snd})pwZFwN=C-CLzR~zc^ZBOTk zzC*QQg2xt4#9P0BBU0c}WFu&elt1>|Ff8` zd(B@%w3Z%pY&~$D>poha7IZaS&QI@4*x`xcylf_LQR~fB>O!U0JqxTN<{^EJffKFn zRP0J%YQZ>WE;c5S;h2DE8T|R`o{a@FIUp*VMzL)4s;!8`K9urN^q5HC81r|3^ui+w zpZ7hHJ*qo!;$nflB87XYMaythARWm2X3)_-_4{Q-XsIy-c={#_LRhI{3XH+1U#?ab367?w|r^TK+eT>g8RH`U%$8jI#rMH^?_Uab{F{v z=;caYH|O2qe!El8?=fLl7f{DKQw`tn?<f?QOFwz<(mf)eJ=2!X zkv7!-ad2Y*ipn*ec4F?W;`#BC@6Mj&*&JU9HtR^5@rq(P57{NNnySl*@y!deD@KL( z*r452Ixx1&w2Ouoo1C4_p04P3CuzExvbsl72+i*>%92eZ1Z|8LZl@P^s8Qc);}{Y@ z$EAJ-ymeOTfq>@Ktwm(zv%Wqfc<$70E~FTC;3(U*sw-Ob#7fFTOf8b?P5OqNV&L8V z6AAL9#lWfiKEI{AgYf~Z@xFy;VQta6XV9*uuCouvNtE>qn8NSEC>^t-L#bmLfsqJse zY?-{jolToqfH~!wg!blr1t;nL!UE*LvH9jgKX_N$#$RH$GMX><>9wuv73keyR4|uf zjA+rbz56lPh70lunln&PR9VrP&OiJLoYzML1ezkJk^SDW6^BcyVsY(<_G zP9yp$%u%vezj)KL{fw35^=+;BC-(?0wQ_W-;1yY2VR@?ZHwwZZO%v%K&(2pV$nNIT zO0wd{tApdO%?aL|t9ImjDjRL>v^aMAy5(_~H*H4XRDbZ3f?o5&4q+A6&(c?%_b)Ol z`ZA@Dd`D7OOLULqZB-RJ9iK88yG(-;zp&g_l#{gF;TE}W=h~n&X)rqw0D8)WFyf?Xqnq{V#en!=vly4<0&NRvtEe-6l%mr$*KUCl z4-PWiB7I^3xu<#GLc7DV7BMO!{j$z@bp6+0#luw2*q`T$ofxe%{nx7d!K6ZXi8ja1 zTU-6;vhmu3Fw4)n6I(S(=jpC~xa<kk2e4?|^x7G@vvYHa`V9e}M#>*t^RbmKt$r0XK#zMBqxgnS!WyYq`OfSpho`1) zope0GG=DMsV=-?e5ctUIHQ!RcxZ1Vw0Sm0O?+1D$>Us)l$M27s%zp6iU}W30^CnIlBuqV$%R${^Y6N43o4YofHbHnGn4Di-kVBC~RP7XJTk8u)l@G8pHNFlC%Bp z*`3sa(WA{lh#qra^Zs@6>XIiGCD+ypi*$a)C6`55Q;r-B^#Lxz-M1$>M8|92;MKT2 zEv2jCKK>R9LMw@Bcnbp(RMPg=m6ni|9^P_;4`((cXW#r7X`s!X(y&(FT44iRB zbS%fU^u6bL&Zju^;~KUOM-}0F(mtZ~3!vc$2lCxn^az@L)FIyPBzC~34ncj$Ci$1^ z#7+pfFAE~KFMV;_V)@Mk6~+R_xv>-xzUu4CN1^k^q*m7L>nU)^Jsrb0fJsT0HjTVU zan1LzVP0fmH1DwN>4&tzvP%?#g5a z-Ai3r_}p{bh|Ea4Dw=AEgGwrgOm35pNZ!$hOb};qcqe z_o4m$Dn(OTq@qPr$AfCSgQ0>qx6y$AzM%)CI&KYG`jpn))XMLw_c&$Y6_y7&!=Lo6 zV)_<#CYoyZRuTMf$LucW*9$&w`TS+3#OnB{G0G63c0ItpCTNbtQq1r9{y~I0q)+mw zWNT>*s;_*#tIgo@z&8qk%)RgF0Z2R!=H@;6I=EK?7D`dQd=fIT>RxWJyCvySt>pfu z-HN10F{3VEm@9^TIYzOWH9z>G(CC+M9QJ!}Cx&7J`5bDvT^*zb6$w!ehLca z2Yjzg`^V&^k6d$dA~oBaFo{dwKU2&-kg$D1 z;THHeFcaaqj*#_D9>72>!6wQVZFt8Hj;GG?9ucE|ha`1N(OWvlol)5*WTpjdZ4by64 z5-7npT+Ok01MDn4Jf`YTcn-DhGu!K9rtRb)6CJ67+z6TZdw{=uvptU-p^q%W{)LaX zxgf8h-YoM4w>^%5^`Ahb()R@;=*0zc$rwhLa0*(7=&I8I*nON|G^k0P~<;Q_YX0q{)s^IM8_YYfPc%)@I zm_xFRTP=#>9xHX=Rj<5j560YCDwoXUfMO)?(xX|7uu{`9X%URwUM`Wj`)ZbIn(wdi ztYq}j*av<{KK$vo*9J~1v60f^*XkEOaPcxps1mk!%r4%pD7SOr1Nrros@4B!+ONhW zMVmy^LL)>l$V~HVuX9Rg>?Ql#dSC85{y}i=IiyI7jQJBcJc!8$dKwW{iLFH{Cn)8W zpL39$!QuhV49?@!;0+~W2OumA3ys4?ga`toj^j7J1&RC-`DY;AiKEqV@Ydq9!*4Gd zjcCIMV#+0?=Z;>UW~I(`09xSw^r7{{{8km>L-A%=B-I=y*1k@eDJ$c8%?L2BDXI>w zkBbFtMN=4zniV@I<*NL$v)Xcf{9iis2AI5>De*SA6UU0{uog6ZJU$RjNR8p^Pg4n< zDrdCfQj7Wz*i}kOLxZaO;cX@063ogc#;LNgmWFL^V9H0&ApK2>0Lyfg{!9;Y`0d)x z$T?5kvEFVf0Oq?FT=RRrUry&s$eQ8^`rYO{A)Pl2Bq-zw2{#UA+==LF%3Jf-ymdvF z2&ufyFoIV9o%Q=GqrNS4bNh(kJ9{`z9M#o(e6mhXIjprGSrmQRP3ro8Ow;Y0kQA|a zz!2*P_){%P`!xJ7kNmH+_suR6*YS8DE`P@a5XM7hQME&>=E}nR;Dc@UkGIdM-*+MR z-d?2#s(AFc;L87}Gxd2=pa0oO_Ea|RIQ}2!_`lrb|I)GlU(G<*2ZkHcig5L|7>0B< zEqwSZkI(og!I-(L1sH}iOgpgCZ2$W8!?B}DKUq3?7jG9m4qD%=rr*GqAQ3TK59=4J zcbEI3VRxeaq{|!cwQuJvcrCioT~I)1xM*_>%yRxj(pJZ%8nm$kWknjHn=_{}uP&jm ziU?7R9uB`zXkS{q)v9?dhLH@dI~(D*^a5ifXdVt^{cqG?Amj-->TuCu(XlHw^AYpU z_x0?ez+ItriPzOlHj%d0HOek^{P6R&d)MduyO+7?_hkjMrI@_rA{z!xuA29rrzvR6BNT>K zL&I%o9VWUrWal$3p_HGSmEW3wJ``^s=>-HiC-d%ZXqUH=(p~gP4{uZtN|B4-tMpbbnp{&TvmaPoA~txDS0h=9$K10lzVy z2gOSRw)Su-OEW_HWSeVsxvs0$wb z%IBI1hx1#xf;&e=*}FSN^Pq0-p>q@-sz5HcK9W#vGh`yTVx$+x@w->GgulPR`@NdQ z4D`m)7!GBb)8#^P+SF4D zESlZG-x7X|)T!4`7JHqSXS&035_lwR9*@jStb1Gtts?IyfB$j^1Rm0u--_xQ%i;KW zBb;PVkZ}Ph?}CbfLgdV6LTR%!{6`7L8!FSzbY8CevwDSbxYfmuyh{V?f|bK7D8wz*6IX&`sGVSdGPBmjuH$E}t`GNm%>}|dK@Kod{!bsMityKoY3)FL4uy5X6tPMGc zTO}Lf_RP7Em%TgEQ)|xNzTZs$K=N92G~nIJKWEF=Bc^x?K-BX2KLcgunU-cl`^sp~ zt;oE|&k{DUl~1pZcF*tnoc0dTiY}>l;e4uvYdSamZC~YWDkWEp>I?M_`hOMTczcFF(iNg|y z$I&&KhwD84%ZaBf#s`$tB_5Z-+d4Y$~Uv4m9=Q>SL_fTNH_i{ zR23G?8R)VL4dbJ0@I7(@qx1^u^v?rfbUH5~a}fI@amyQa*LR8{z$o7ZvxN*uTbM-L zDB&Y$U&3Io&p)f#uJ16KSJrRKIYKH0(Z!zYuu#vAb~U`iZYrNMu#;XHNt#_`GaxFG zpis!)@-Yo~D^wI<1NRmJ8|bgKzvs+95wlEhd`PxD9%AfFspQ)&KW83gt=YTqp0ma%GZ`XH z_LZTdk>UYix3ceq4}hL70JM8_w~%2tS2m+=?Sd-FIj#97TiSsSypU5M5MaY5_(&v- zvng6d$0p|5vCQAzrsVBMysGL(HwZ*fveVP2T*v0;+Go7oC#pT!4F`-+?t^E-Xf<%A zlM??bnE33N3Vns}mGGq00g_9icA6=@{Lt|1u5{EtGv5)w^l?QYP5c6kbiw1LcO)$1M~2nm@wA3N6+Fj)udMX zx(?jOuHwULoTXt>1ipJ=EDGHC-t@`@Wssh=)D8BZLkvlDd@nXeLjD}Y$|FL1D>BEE zaE{e}e97VEbNq`~Bc6ftHq#sM_w#ibu*tvpl(2pk644ChPl9{1gA7}BuMo24=Oj=# zhiA&gl%g4mTFty(M&;8h)5%Qn?DtQ`>eK;z6CID1(8U5vyPD&*#=r=g%blSD9}QoH zu>)A3vlEZ^0Sx0ag%XE5Hrf4l7nG1e=(2-;Ver1~9vwga3sKOfqSS98IVHyci9=nG z*6IbWJ_vwOe;YYvNlu@s(GfYn1)#5PcFptLW#dky=m5@27!?&|C@?fJoIMDGD134;f_VRwmm={s;?U4;C$M z-~)tfntf^ch6_|jPcA*kc&^cLmJd1yI2q)l)>B)h*#c*>Tc1)ldmN_6EbI@O-er?~ zNAWqFgsj9ts6U1z^uo;vY9f6X07wbK?qUs*Q)7)rwT|sX-cZFef3Gb(OvL+Oova$q z+nAei#iZ<4t94F<{Ljn|kIDVL(7uIH-Y)R+qv^f{01BJ$%_g_MlKw-8>^|A1!1^xV z1UDcroNIG+dmm%-5l`0-WQ&YyykyI7djaQ+5CtIZBuSN9QHM%j?)-t45!4P5S&+b$ zg-h*z&FjyKJ#Cme%(*PpN)%j1l?e%P!Onf&D^ejXBdt>vci3 z-?QNnD?1**kPb{qv);m8L(AjE^pq`BCYP94(oLS3z=bGmAfrCN?jrj^ODffS}gcf;>RADN{yBNUnx%h-{Gp$+np}r?^_>T30 z^$e9{9=?exKu&8X0)4w=q!q0q`P(HKL>6{(4FfiQuw2!OU8c-vwfjp*3Cf{<<%~?me`RNlMqh+qB-tV2?(iBk-p?!7iply(-TsqD!r1Civ zFh}~JBjCW%YhVn$wvynzP4a~qJ(HRb{F1X`lMEjy|6UaU){Ltkwh+All+XbDy%qZ= z0L3g+&$XfQe@pWgnWDnp0FKLR@Sd_)r;`l1YIfXP%icd5!>tjAP+**Wcosz1wDdd3J_^A9z)Ba zbi6@l$RtXkzh}Up-EADOuuYr#ye&B zm#yffEO)WhN`?4u2k1{TcS@mO6TCeFLjk7Z?YWIBsaOt}@4xaocdsE;DD)ynb;$F|UX)fc07be>-O!J95 zWx3bU&HJYfRk6?cPR~N;WxnD9?*2y`17odH6VEM`Z?2Bj;K`E=INnCOK;l=k6lA;K zK#?97-fdo~!yR6@6vtk+ebEO0EO-i3(WOEO(wj&C4kwIQ_tz@6L~@R9##Dtl~_@KJ9VId0r|P0HzBp$ zf~<>EDeR9P(@x})j1(SyVPEIF4>DL9%)~$7){MUgoc+leu-j4ow%bpey`GNb z*Pwd}?Y|`ft_*OFVP(7)aAmOBU9U-t6r(OH*^?}6yz88%%(?eEgx0hZW!KVvk|Ly% z{9o+)JS>2ur!l`@BxK+62o?9@RbS^$fz^HBSY4jZ`ybaKcMPUna|dX>?4#9f`mF~< z-)#y(;!B05F3Nj?HfThMmOt~7t~4!sK?mwQI}YO25^pt=UJ<6f_pd=tC~V~edRgOm zuGyrskG*pdnW0(8q7gwQ>$*vLzSutj4q6&RjHJMi6*rXPLcVaTLSD(+?Cb&rAvyTd*ogA!40KJ8OEtj2wNN7OS zSw1lis=xfqzXS$%@k5aJwKv&M>7KhW<4AkwCO-ayPYAcg`UF>R;}ggKkC3LI2RFWI z55DzZ7K0XAHiZKfyxld1X2Ew_aRu(;Wey%yxd%Yy#;Dj|@}l4q(j&Z7X)6BhRRT@e z2w>a|&%fclp-kT^WEb}2551soER3N zB9&v;S>`O}2L|9&4M2_Zd6ge23OkH#mGT@%Ujz#5;k#{^gJo_hq|$}J?Tn_Wh2aa5 zS{E0TE4R|Z9!|{!exJRSOlk}ip=pakj}I9$U(9Z=;vZ@F_)INYZ{b%|O~qV#**53; z&yWU|uNs;0x0n2d1;G6JCHG6(n*xt^f7w~pjai$RlziDS8PON5mFXSs>ALRgaJuIc z=Lr6EDhAhLnV=Gr_B`Cs*INc^LnlO6uxp0 z^|N)74nSK&ZRNM@6qQc8}kP2c!e9v2J^jFJ~9v>k<$5z^{d2QW;l7@LpI+_ zUJ<0ju9=XPHQf5B6$GA^*=m}k}$+dA2%yrH@My%A6! zl~#O*mc0HC(Cn83Ys_o=3001>H*Kv9p6o4j#+LSuRQ|P>j+OP)2 zoEg&#@ZeIdwtOm`OAFvnY3AH*D=^nN>__hd`jg8&@_x=Vl>RpUJ+vwz_>-PB8~53F z>Qi{e-i_=M;b(HpK*6p)CLq5%ch>UR$omT{->yet!!6WS8(^v3FFS6c0&yD`JzlE4 zJma%7{E-{3NL_uWO$xkv^W*AK3oS6xIUi>*7{Gpf1xk^IHtn^yPx31LJ?$t{-?29h z6pcSr0OQTNKKQ)I-_f2>Lhs*aeG#(sNvXhL#%a_7s72Co<6WM~`>_Q0x~@vB;`>E} z6du;w)%u5Q*&|OS?xq4k;${iCz~2D>-O@0g)kw`zz}-IvG8;*3wsr^;Mw@dW?5r3jUiyFTqd})TZ0R!tkBRDLAuq2r&&Z zWBRqlp!A)G^#|*HHWBCP^w@8EN;H9-)2;I?EYcm=Wn4vGf3ePtT-6DF3a(+O-1GLH{JWj!>90cte z)_p!+xlzpOB%=N-wYTV(qssaYfFyeEep@%k_KnyW080_6X_*8B1{CVgLcnE_tb7g? zbv|tEoKGHBxFmDMVDVR;XMqckH{wLCY!Rfl^|f+&^2oHRm@Ot^W{2~*afrwHutIZV z>eK+=An+lWl5hgz_vwdKI57Z!OE;gRKHQ>2WS z+VTGQ_VK0OkPoLvV8WJ8Q%Qn^RMP3GkBKf4d!!a+_<6K5G0Xk z%{}R8a3CvgS`Nk{;^{&tu_NuJRmqS$!2d;&Fq;kIoxX&{upq^OI(*C5W3N-xT)m+B z+d$f9_ibheavgtpr6}Z1_N0^9?{uwJqAn%gehANv&v2TM4)V2p0C;>ii0B9jRl0v# zEyASTR`2g|_Zm&!3MkFd$#HpnBLx7xZx!SlOxOX?K!GRxcNg!>=jyyj?6|yb5k64L zVI5#^8M$o@AWm9_G3=_%DQRLpP>Y!KVj>HJLX!;a-n`e#PIKTOc7k9aek(=qWdg{K z3}hyfmmZn`cmMXvATRQojZ89ig;v6kNRpyzaHNzW+bH7}B2gTe&ONT#bP)vq>qV;` z%W>{5X!}Mr0DIgh=6nkRK!B;zAuD5{F%j-`F%k?!v98cL+QySs-RnrEZeegE(G{XL(bPkdlz z_TKAUajav-Mmty$NAvXZFi3XW)}VoC%m-}g=0LT?VS3SD{G~eDot`=V5#0YZ1?T`) z-x}EK{FSt-m8xJcmT|EXZ72$7$`pGho7oiLrbqK8ByrpQ5Yh9}{A(|^9}9z=_ZIaE zG%CNNq^O_IC`a>h+HBf68Azj_6m%RZyUu7fROn5Pe;S8t(YsOOEYUDFisQ6%KH=9x zbB)7De(U+-^4@M_IBc|5RPdn8@IlYj*tIVu)0}!Ac_J=rWVMjT!L$-(!-_9L>Fy5N zPH{3_Xc{{@2~JcG>M~yPpPq;*l`V-K z=}fqrNph?$ao7bNUqrS zeTE4t0K4!;(%Qrqm?%$IdgOR2onZ`JDF)cVY&q(6SK1QApX!TL7=rgUyqUc>)mLj7 zq&JnDD|GwMM{x)6YGg6CM~0F}|I#4{0Kb4Hq8|Le(XRp?G!sOgN$=SIad)w-428Ao zQ$wuLH$$gwpv}5)E|F^U)9S#_cesJ*rrCi#gn-G6@S;v{q zz*fnuPI}M2lu4`93YcCOv)2!ncAm7FM`TlSnG@<%8p*Q+dLp`g*4QU28`Cf~{7mkw zvn#E3FgXiji95ghT9rnt_1)H8YF_ko4RB8}3_BLZs|XgJZgeXNF4-)%N_315**$a% zUhGa{v@~;F**5r#5B>r=AC2za#;&z#7RpvGXf{w>!8}0ON8JKekh>u#SIB|vzg~*+pD*nDW#~ZavL(>JsoVn{ zmZ%#nRDL}Idy+mMaKBW=5GBw?-`Udm|L&-SVRZ0K=bb8&bS-X#Iz1n%7rlMH?F0H@ zFi`Y^Hj=wK-MdxCLw5uwy3zp3nlj71!u&ow{cqMv4KR`B`fUHjBPiEN?LBhoQxyit zV73}nW9zGk&u&@uCwxWI#ILa4R(KQpm3!vNkWhCf8gcE4+*IGr@7VVIMZbSyaoKsw>5-uOMyF-Tz7G3XpJLTVoVh|xybe}=^ z2A-%ZaY=`^FMHMnp6VPQ9Yvhwz5mi1UY`Q{3|dQ}s4ad5Ncj zK+z->CFeUvM@`b{tv(^uGj4aG(A~ZSU{Ljs#5XP@tsa2~<)rRB!Mkhg6y^;)Bp~n8 zNAk25@AfmURfoMXRxK}=mp9nPAAI3~QR1YXt~rob^Xvw+lY2g7G4c@!uQR5u=ehV% z$B41HpqSta*LM(NRgXv__yV@dXKn@vl0(&2POF}ejI^7i)>kyEL@ZN6 zKrW)@ZASr|**;}JLvJLwbvF$r4yX-0D*_@sm=cRKwoJsa>KraD}UgkT`^?_ zlh>|X{YsJ-R&75dk_72|9r1IaFt_&C_hz)7O@qp*UA7 zya7sf_GFHS#7Ppr*6YYH7-yY(g^VqM9dfh?hn@*@Ab=gXYTO=^Z!dqoGsD%(1NPpL zY@ZFJKLVSw0vE@NBLN7>oHzXElqCJ$>y84omMo&gD%XAr{TNBL z1}|T?hlgf#0->+OPS$e)_2nxRviCd%V;Knh9EGKipiE&g9_aCR*e(<`=sDz3G^Sr2 zWrrlKGZs~KH1m^$rC^iT`AZjVkE5zulJJF^)TgcR!RH6@cEz&XwKA^5M*tD=oxbN$ z8gS&7jBK~QT34DuZV7^lugL_ky3Ly!4oAIq?4Rknnb^VP89k|z&z4Z0IlN`uzgtDR zR?);{xkLErJEJlz5D^VqN27c7$8gXRcyo9&hMMTPWn1_!K4j(mV6nK7DIVN9j~^?t zw!k%~f;<9D$0gmQ*e*-vSgyC~Z#f)N{NWVUlTxK@tR!dC?Hym}Ot}tiWGmTK`bxg5 zxMz98T=g+R&DFZQeR!iu^#U+OVo*cbXpO$hH#$Iy4j|F}%c5+psVbD6{jOqDjqKM5 z5k%ka#m@K<65wXW0XskdAzI6n@V)R*|Er|i$n5NpehI`JN9C<P;o=^4oNn!!}DMNUw?fuacxojlUQ zw2dePqk~oVtGD4u^c!H+*6*CC=nAV&r`nU6*ArPIkYywyCWbQY)^HeY#MR4z8K5Vg zXC7)A;n#(lrQLZo+v3Rm^R1lUo^&3$@nJ%e$@KktYh{_ausQQ~2=5h%=N}_|T!@i_ zE#G~4!cOc9R2A!Cw2w#!IxI{9wJK+RwVa{miE^FwuTzOOI`MU${yis|M)z93D=f@y zXkWxlR(hKuAiRZ7f2|~d4idi0jdijNRuoNdnGb~r<^P;g?u`YlIS$O|-8Q_Q^>D%F zDqr&Bjo#7iXu6^M;%u?>hSi`;I0*DcDbjjx5jK}TwmYnt`%AOs8%x0}ceSr;p<=eT z%WX*}lhEKhaUVUP`Tu-t#r^7!!+3gM-1>9_Y}^oadnH!zg?w$XXAX)Um%dsKG!_b< z-L9ACN0Z9JGy_eKfYT|S(;_B^I2}&G_&1?-Q&7I0==YkeB5~lGXPKt~bAoILgO}nX0=fG|Nir6pToAbO5IexP!ZR8b2FgGtVRK zA9H|4Y+9r8h^(fz=;KN4F!>jv=IgGNh)E{1qUra9S)qaB$cHJZ(V+_E3Yk)-3#E)G z@eG!X4$x_BB?h%mm%sXRl&$vbyM`6{OT0&Z($cG(XasZ!24#HhQYhL{twS|o%Fym~ zvQ6a0OHFomI!}wM)y$OKqo7qNVgXt~HH}YwfaVLLis7JA;xPDSuhiS(o-bN9XGq^e zBTucziwG(WGUST`ZHsmc>8G~rZiSycFi=lQdD$8Z6e(2x+KREiLrgor*`y&bZADCv zU-o-{shA8~Ro%@6dbAi}UD{k|;?gOBWP=NKe8A%>UC!~dKG$H3q}P$w%Xoi^14*Mh+5;TW%x^Vb^rm?8R4O;0e}YPz+<+5?E0%@b?Ibu&mPc& zY(w_i#nVf+0THO)J+~yQ0v?}nXt14V)OabDh{iQg)y>6b1?=CgOhm4|eL*1PPAp6O zUJn?+DOAd)3saIj;;q5|`BpkKWQQqB^=`Rfq2`r2cUhPfQJtPkI;L$RD}ot&Zr3IK z%vi0Ms#2+)Hr$Wujse7q}NFp#p{W#pL6eB0=K<#jT2qhw9F78t!BA z(WLBN_t$016xAM@abG?qQd7lQg8VM**wu8Z54q*Xe-{ZhtQgYXSNDum99^p%j5@um zb{#VQYBr}l#F9qu&6L`SieWTl&8+ZlITGQ!;z2QDNBcoB*s0dxPqaTx-Cmn>ZYp=s z0lVE0ZtR3YAuCeV5&DmzFB$zt^u`r1_s-GEbI`38b@V- zwA3q98ASfP!2RL0stcG$y;;bQNN3TzhUbhvOIEdsB(w9tHKgZJt_UtutAKULAMVV) zi@*>x{;E`d@=d&ys4&w0bdl=9ask^FWviq0%^jKC<|{&eNx_fV?hVFrs~hF#W% zAe5>&^`tF!(Qhw(hduczoqbo<^2{#t8onO0v z0G*7$E2F``JADX30XNH?C_F{oPf+_pPyKrc1g&Dsnd3eO_UZ_@V~Wzetn34pov}Oz z`Nu-4xt^8RE=L;zw_=Qc!AENK_9MUGkP+dlL*DOm^v0Biy%>S-m5#F+DA!)LbSRUj z!!N5cgUIzazwf^vxm1WUMg*0=?@>TYpIm8CJ&ti@u^AHJ%%taT!~W|PU5^iWA?6Ad z4KOh5a4+FbY;2LiKccA>M33FkPf9`VPggC3$0W>p0vuK|-+ZCoR?*x!2(38`A~1-5 zV)YFEiWyHCTzQEutNS=HgPIU2CWUx~S4N3>rCygC*%z|S!FcQ?1Shcy-Hu2>vsafZ z?Q?+tAK6=?jVWYFad-S3{+ZwQ=@?F_O#SuHJh$>)RL?{=+UpP-oi=i7KNkWHC$g-r z?+7EX<@ah!8TO)=oi&zl&1gz*Fxa9BElUq-KjiM?j5+4s-&WdOeadw z;)b<@cjVHGUttZ{HK=@D>TK5C7SU?{imTJ=(e=O&J>9r-4ozm49eQW5x90f7yLGN= ztN4^WW38_{oA2aoGTj)rT_NpEX{kmq~D*2Kfc z>cTrz^)vgCIzh=u+V@QtCw`hUHU>9-TSW%qamU20W<2ZE-w*iFIy#`{f8orB=PaAo z1z5sSkJes70!lPB(XIb5>u62`?Dz4TlAbOgKRzSv*?yDE4p6In*RerU`92c=I->ko zz~!|?d5+CArlT~o8uZk7CBXODiS`(bb&Darq2}P@+A9#zN~NwPZ;6VvP!`F5pQ^-M zd{M$TRUCLFIKQ#CVL}_#@-2yftMd+>Hn}`SgjVj2vb@$LA1nY`3SC04aB34WEA4T8Tb~fj0D2&v?!KqIvtPSdno#3#kIEl`Tv^Uw--O@^m)-M@ z)p-Gnui}t!Q|ZV&enWQ0@(|-}bdHTMVmA^RJrES~rH{6G*1ID%tX2iVCrH!}?5EBR zX|+i4!+i$QqAd@^GnY^IHz6pSY&PF781RQQUYeYw%lp>rZHe=^?D@ zvifKF5>mEUDe{nHK4*A6*3t|e1D2FsDhzw@vKV(0aOSAPo@66NRCv$8d?lSls~wo? zh@(s%%TRzr0I6<*$sHl67{zihs{dj%{vm1Da+&Ey;}P@Prmmlj(v_A63RB7Sn#Fvj zwpWw92W?N+r*QJwV)DLIZ*|l zci;^LIBU;`TqfylrVgmh%2eboJ%0J>Vy6Qgq^@X!kYCnXRW@2ePCm0ux@~xWWnlYV z2&SSq+2=rx>2`XD(B5FGGlRRehoC4fQH=}ICDLQj=93zfo`rw4lFQI|wRTJ0nRAY~ z>N)S27j++dGtTf7^;1XND0=N<)yp_wK#RGY%0A{}_0aeXdxOEo6Cm%3GW)*_6Vs*(l`HqTv_64m#yq4Qg;)WH)7+z zPoLJ@+SlNbkB?tZRO$(v+?+arOiY9==E%N8(}_DYku{K%=km+C$L6ZIqc?dWPyCOC|A_eEY{Q$0IGO6n8U;Bx zn5pwvBoG>;u!!WvNxQYbaG^HsE%9fbuhHD)bFiH>uSCh~MF`zZT^%PpirV=0RSVg@ z96fYb4jwvs31P+I%WYze?alIn9)b92a9@Gk?a@Nv^053a^U{~2;3jap-}~{VCxV_- zeu6Fi1;7Cx5|qwNX0PT7vjxT@K6%~7pVy`f+Qn(J_$yw#FGtLmbK@2NE65V7k@oF! zB2^oR&B|n#VidnO(_j)05l+X=!c4hj+&Hdi5Bl0gL>pFI-U?9`hvF&~R=a1=<(m1N z_S1iQ0am6m#<4C>7D-Ly(l*+alr&~+{N+f6?B_}7@^0)tD~i<>&CJV@fRverYF05P z9ZgqG3$ybvDOFxNspgTXt$2I%WQ@UaqJrk_Io%)xhx6bNe4F*(5vb*r{!wh7r7X~Y zd~x;qBf_vw$q2uCy;yN#sxpt-v+iX9*NbnYyORH`JRC3~I1>G~POm}C8L4o!#t0R1tcv!#ds#E$B z8p`*NUCrs-K)n6N^uVV%X&u(tDd&g@CeOsb4X^EXK`uql`7p#CQ#@Dk>%jYcHW@3< z(cM5iGdPIxL)N!~i5#xDA)VoK(*5!-MGWw9n(`GgI2 z<4c9nq+iN{d&Y8>=a9bRFV-F{J6uO6eM|J#n*r-pCz{S0161k-^BNgDYpAE^Pzi^s7-2Q zEGthUV~=GwK(7VmlEv^IBc@m(PUmBiG&)wyYA)_ifV;?aT`)cz-(9kSpFYv)Df|7o znA-qGv(=n8L3+UMZrh5ZU@~&&v&O^jXb$D^yxVHG_GYN++PJ$ zj?UJ28=dC(?)k+Y9;d*v#gZ4zb*2v@c*oO+LF~gczL%f=+NsEZOOzK1j62pBL7g9~ zQ>LEkYRa-KayU8R8Vb)ZQcV*KHjjGT8ReV6| zfbLg*Z;kj@_usk*9=K8DeS%l0@=7kVisW^t-asjTx(R)xhSr}tbf4;ypCsN69h^(E zqxdK^N*aM0Yu*YFV&nB}2&iY2tqOsS8$&H}^iHrquW` z$rTu&qj~RnZx~7~%}j|+CHpOSiXNV~++FUfyWm51rS1{zZ#ja91(PAKU3cRzGkjC% zk(rKO@+O$P(HI!8+eigzdWKh8eC_nyLap8=+?LV{ zrFJgYg=KvEWt`p8lD9NHMN}DX;4cS2(0zwo2}s7y?bQSpqZ`M);|8;k-^|zd*{-{1 zuKnjcq3GFyYo8Z5#KsiFT&e0TTkUx~?{FACjbJMAg~mAwRG!>}TD$MfPzUo6e_%6* zr(fOSgWvP3{-XMUD*Hw-V9a0KK?949V}{!Cb8wzjQbi;h10&*45c-MW>XZfDj$Eol z`BjTLM1xQ07F`3ERRMmpHyImF{7S;_BQlRsUqXk0aB*MFue;q2%2x%F#oHf-4x%U| zw(%1zu1Y@SNMbg60;Vv}uij>&_{SCDKWM0FP{XGL`Rw0F!IyVeW-35P8k`XjPtrcP z#e;hzY0JCgu2u4t=aw{`{Z*v)e1Cm0wZYqxKH#b#D#9t%*COX^L3$xD3t)a@hU8(= z=r1|k7Zu-`6GSJ`$&!bapGC9!H?AkWw-DcGsPE)ul!Zgp=sy1U=E!`Y4mmP z-xj!FoS6YYoizgOqu7BZC+`<=!McK z*HQZFNO02xotes52*{-X?xsJh#UX@=VeuV45w87G_KBHM57|1SRekpwW=4|~O!oSV zPm*_(J(}@8{ihUu(5Er~&!xtMHFOPr@x%B^ZsCYfl8i!k_5|r5JvtYi78fHfK}pFM zHstkw#tR>o1xpX=yYo7eF&H&CYKm3}0mx|BVX=3AU5uZYs_|94E=8R;7Ny1KXtV~d zUx_IMAeSEOLHR3eNq2q8wA-YtrSs?q%Tu?!&HIRwnBd#W(wdJ*JVbvXT^Qv@8^8FZ zr`2P)&{M+BLNZ{EE>KAS$=BSm2v{nI2i_l$PijU-*uuzG9`8;IlW(?TJifUK<9AuX zJMtaUc}v<{FZLb7SG0Vhb@k&XtW49stc+Erg>WmhieJ(@EchfVZL6H|LC$MU0mPSy zSeX+j47d}B@+fB_^l&vr>q);jg=4lMm=qaSopmmE+l;gy1qEf~b(!qv!e-Uu4?~4f5894!9-bS>GT;yn&yIDI46~ zjEX*Vx&e|QpazmkYHsj5v;(~hB-jGk-?I1^PK>O5>-<5l{#S|m~kkFli8recO00+Y9kS$6R#A5$Sdygwip?wDWEo#tNoTsTvD!NbC1GIL=kDpp*`Q+pK>gnb+Mo zhIS{gHT72Sx1kMa56v8uf0y!&`^APvy$xgFVkYYDhVQ5q^jSc9o$g?zH}BhJ|QXtOM)f2;Gh6KqB1iA0&=+h~0=?2CT=;$(sQ zDMMLMZuEUys5-lSOS_6s#IaDYo@Wrz((JojTvyRAzg(XsA_iX$DlLg{irPVaagp5) z!r4nCk<1nk`L+ByTqz}&v`)9|7DfTSoUz1s#Uc{1H_lO$)o~2R8mZ-b9uMtir9_%v zAT9_C96t>D*oQ*ZNb+N@E^NM174Km=8amU`c6{n#fYi-BZNZQxV_@zkX-K3d9vi5};uJb?? z<6)i*fYF$nEe5Q?h%LgEu-yaK_~4qLWG|kL?g)QtxF$P6`y-n80?~N%efzhCB*0lX zni*?z2A@HP(>M@U+PozK8D6s(g7Iz8ZEMyU9xAw;{}@oI73*Dkx_%Z8lYBz`_e8wg zQZ4{QYf3REn1x_jsZw?(|-_)ti!-XZf}@zXiJR? zlX#pS3P@4MmhGjQMee@lGo%cnPk8cOY)z_f?q5ix2#q#t+jwnA(@S%gEelWV52>yG zG<_pzfFl({ucy`Vc|GadxtkNfh~XBiz9e(`#GzPW&&Q>XqACMo>1(h_pxcp7Cbe)X z-&SIBqn{>VJ`*nDrk8gA=JSA5;N=r@)8$oHGZhPzTf1OBn8}sp`o$}Jbh{+{DS)K{DT3_sQNZ_*O({O^c|Hh0C1wL07mESj#-hStNasyp)KeLrp6c6~w z(a3wk*D|4kw8`g0@mCwh051iYMb}g*x$Xs>3v+7oH_(wOr<21!AroHnxTq?+okd}4 z%_eB#uLypu{QCA`q(iWQsdRJPoM8*6RH=XsA)L?$s6Vd{m+~`s;g{<4!p5q&NLg#iwpt!;KBuCB>mb|z)kOP?QLKP{qGbA41MdSrWQs3v$?5pX+Em~(@3R#t&x zw_aaLZf^`DC1NxOE;x^A2*=&vv_xzcpb9;lN;Vw?z4w!|4hNUm>qN+ADzX0!o`E9s(YQYcE6N} zZNdUB=MD@f^_xbU*L@1`?3UkR}v2}-+F*A)o9gyArW&qx8}dwCV~1DojLV) z%SXqW{X?@wled1{I4hCkj^r5q$iM;PbR68n(MeRL%-W5!bx6x60VpeUj^2a_x_65Y zRuq@pvP3D4FX^6dv2ZCb=k1X0X?4E~7p#7zBlx>g@FRrpDS`ds%OB6bF>9yPL8R0G zm5ib|BjRz`qoVabT0I6ecwO?z=`SIC6+30?f}=7qyLRi(m8J;Ff*1|NhN&(A)#IU^ z6hSktkk?X`A4T#@djaqJYKEFy~@w(yxu(N+#erz{OTfm1| zTRmPvoBa20cuR-MhMFs^x7?hDDwUBx`$5-Qf(q1|;>L0lwUTa~_aej&@K4j0(cTlW zIQ8=2RhR3uif>UU&*t)qCE@IjHPPg^nNRg$Tk}f!EW?`gMFsQ(0y(&GX+i+U-UPg) z^kj>&v&ZcPb2H=9^<(D<^linveTEl9YPA-)h!a^NLMg@0rQ+*3>*JQicfw`a;s1zn zIF=uT0|~rtcf)J7N?WQ{k4HbhE)-qJY{z#jPLvVr6v&x+~Uf=~J?oZNbqsE%6h=({0g}J)y z-2(~!ho6R@Mw=|?V+xf5%Rj+X5h|Jc_{XE)V#0P*m)&NUu!1&ym0D5{9lHU2;N`x( z=H0k{K_d88A&I%khL7Xudy1<=hU3h%0Q$Ixlv$hU2{?1KwVocow^~0z9zqBr+t+KY z!JirZs{O}F@I38iHU_|ozxGp^Vo*i}sIy=7HY?Z8ad-scGMC#cmTpejDGPZu$n5c;#I{FVhT z4IOUqx+a6PJaMyKDAbwy>!)7cnSxQcWxv;`Kz8quo#9BYnUZ}p-bpBi%z^Vn-+tl5 z0@PB$MUr=NrkC-sZ>?S#rWbbW>B>7!$va!|f*AHQ+N3=BuQmj0W8x$u0{l#t8Xbv1 z8{mssfdUfd$xp6iQ@MryQw7058Z;Ry-y6vbhYEB*wG!%(MM(@!NvpEz_amjzDCS5F zTl?eSrtZwvpUk$TZ(ByZVuVEk6&ak|u&I67B>N1nBqZE_pM~5eszQBI0`!Btp1_)G z#H>2?0QX8lb(OcH9|~atRP=vXHzS31_&r?J1%0##709D>p6oWU4J`{E}+X0~U8_ zM-OTvBPb{JCu)tRRHn+`RNkQFx^Qtj?MWw6=ZX&?mN)f-i|UA(JN6joiX0!NXKi%_ zDa1nwQWVvW5`fnRRTEtf8nNGhw5pqb;qR*djKXYK!ZJELO~tyZt?8W(P)lmcRuHKA z8#BfI2?gZ1EGBS3fyq8lXU)!PXe)uhCooSk0Ye zPjeI;8);@1V!2_C3oNIJS5Era{A$-+Kx}W(h{bLh{^b$-%d}LDEXf}f_e&c=5%Q%C z{IZJz)?cTxM^GDa*R@LW0!S`;9jSp8zt{IC_&{3`CMC5y(RsbRw*5#Z?s`#ev3ZRL zq^KB&#SI_)@w@$rp!Zp*;>*3lQLj^YCS*0F-Nu4vBz$RU24p47L}yNkJU041aQR`0 zfk4qj|Egd89_#0J2a_kigV$2i&^|;F3#xL}9B%$d%C*Qc>WTCEnVDP$8BZH;u0P4t&UQ+vo{FsT01E5Gbifu(V?st! z@IKv(P)elbRr#OUFX5HK@iD=}>}9*a8?2hqSxhg44f0LH&yTrbp~s6G50+8cAGc3{ zDiR2fWYGbs1?-mPm5VUzWJ#Z-WP!DdQV!ad-l0?ivj{0_3>wb zIIsdpXf8<&Kx>~Mk8r4qQHl~2&c0d%bKY+y&TJ(i+BfFUz#%jmzFt7H|^6mq6DqQ(^s z*Z+db<&s6GXq{>YImHKHOA>VqbC6-kbs7IvKgL`I$UNJAnHdRazv{{M^TKoYu=q+;#-W*K0qpQ=irTvoW{8Sw1*J-sa)=jA|}sRiqBR&t;k8h z80~JQ7p`t`h<8%klJU|#z9=WRX(ZW}ei(IHj{A!t!3JV()bNL&|IKE^l!0vKBBXrn zTF8Xf4OQnP{axTTlE3y(pXYw&!|i8&ww>+xFYhyQ?nK&y z{|zIA((pE;?H3rW?)`LpwFQpaQ&Q_e1ssZkhlqr|4kIE9S0U9iorlH zU4VPbK1^M-nit-H`Mg1EO^J~L{oB6*3=7Mmw^BqH30~}9^K`-fFW{&2n{h>q;p`3( zh~ztQiAqC;Dg8I|0NAHq#oPc{x3fQ5ci2sRkuqNqQcG_=5coNjM%@L zR-+-jj|%A8yT7@Gbf4x2h}5KZ801aK^Kr9*h%NsywJh5|6^V~WR0tD~+!ty8@$5o@ z6z>OO$k)$Evx$EhWpV!^t+iNi5#buYu4AmLvJseP^`FsM!#^~F__cyI5)bclf<)nx z>d`I<{pR!LUwVTh4+#|3F5>DK`&_a;N2mVtjq?cny-bWz5n+IIK>{&e)AhxhU|0{``$1L3#ejvoo0z(b-3VAOEd4%4f!n>a*CNpFaLB*Y}(h}_E_X(@Wjc_ zlEwsw3zFnqiU^PVrxd7}D_u>#Z=FTJBzfUZA;if0u!^%Q^hBllb1~!T9>4HJ`eTGg ze{OG?UCaxRcK5(jBhR_Z3?B&8;uXRVB_UV6diip9eJgo)+(h7b(evBcG1XX^10~gl zoGbTyOT#)~T8MM0nK4;ej`U;CVluwCUI$ zZi>B?PQm~lqu*nFbUMBp)pu0-`TQ3aq#)*&aZ32GBJCZ>qf$p{4>anF;o!WYI%Z(9t(XqrD(jC z@m_8SQArKlSboSy!rtb-ceI1^euRuU464_V^!NhZu3797mOfe<~V3?)P z>YLL9s3(lp3-?zEo6Y9#P}Wz+31PHRl&rZ)VQy6gpVyKIfHzQx`CV5Aqye845yppS z%Wd8NPcMLsb{aY&^OC#n|Y&5vNVBj}8$b{*C*VrV$S9ZK`>)KCEV71|Fmf7izdu0(9 zy3TI1?1hv+qKzHDr)wK03MdJZByh^z^5npUSqhopi6ebR=C!+9YCaPwi98CZH{e_2 zYTAwBVbx6)H)P8ExW8{a%ykr|l#UMY!5GDbQH(=ovipX#7RHK($FKx{JAz@P zp_S)oBw`kdG0F%7JkDpze}De#$99ZU9_8S-i*yq$HE?dO8TL06_pYVgEsr7gDFp9+ zHfJcEg8B9XIK+UXC&%DJjvU~4F_lF-k;gP)K*Ri@z7^YL0jWzUfv1QFj$+LcqX$P< zI%_&;*p9LV4;Jvn;m_B57N4#GY+y^xCYNfp#-~;{f4m3YS_DCcp;W$qh6q)*M*xw9 zg;B<116qQl_Cr{gX`%)3^IBuNR$iZG5Xe&DHJ>>XP%!Df3#96=iG4|tj|@ zD^OX5r=AM%!9^McX^6%cxb>PXWg+O~DvngD)p(#b6VKQ)2au!^p6*n|Pos!ODgy2f z@KE16(Nl( z@Xcqd$)|v7*$6xPI*s>onXgiud6k1#}8pq$j6>ojwE-<%VG0j(a_AVr_ zLf-f7z>7wsSkzHgf&%BF?KXay3Ao#$?>TJy_xNDm--K_SpI$s_zm?n%zW$^YRr9}t8wf~J*AY17(r`54kp=$d(8xv);7oD_}k!(An2DoYwVnXHKOYZ zo0i~zyeQJ76>ti*u;);lPj@bo309~IPhG@5|C|8yGQ$A42}es}vm^`_D#+%t6<+N{ zw(OJ5q63S!r}>E!@V4oGT3vS;Pf1 zNZh8lM$x*`9eW4a-`JgWbAr&0IjvX~j0eqehA&dS7=u$i(?{5s|Wo$wUp((0BGHi!EeHF;K$oSj}0}+XZ^DSw9%1R z^ON+O6rZP-8s{>Q-$)JXVc`AEid;g|20Rq9_rO0}>ER1F1Y39MbHE`0KDYf8IiX3$ z{S`@wqQ{IG7^Hs66}@_kF$Veq>zuBs)VVN4TL=94?@Upzup zsO+nVI2$EK=AD;EKn8Y+(?}Xcs4!x{1?XVk{0$I3eQbT;hpoo~v0WA;4RZ zSpe+@{*CtQW@jY5dnagATHcKbe)2g)h3BU9^&yR-4+A^WLfy^ohSYxmo9>))5h+e2i5%kWcdfGWp0@dH80aA zP@!_9%hEAs^mC%J2jFLkm0RVS7$Xr}jgNaJ(~f01ltvv9o}&*|BRaF19mxNdjr=a8 z!(*Re$IRGL$hldC+wdQC2d-Cv0OPye{b zK3bTogh4ag%3hXy_51VXvZiu|+TQ9m#d9fdTS`W9@RClH$-Eb6xTI;uSLE~Ce9d;g z6I5Rk+fvh(L-!0ho`WuMOzzl_6E@H7b|&IwaGZ8tXCRu%;IZxHB$E&dTQBKWCxXzye40&828Q%XDMIlr zH7e`@DQbUB2)NoPrmu7l`l&g@VOYXrWS7v>W5;;#%`}bAz(tn;BgzAKN+F4wGJQgt?p1b6SNhS{vOIQO3y77RkFKww($D~GtO48$3cCbGHEQY?Vl9z#6JMYAW;<; zT{~3~A9poOsG{5BWbP~BY<&uvH}(w5{&?xOXweDM2sV@~t^=Y&AA|;AE~ko9k&6 z^O1FIu2$0omtA9E7&@36p1t+JbRL7Va0xT-*2WbcrDa=#<_ui3U z__0}#^gBVi8kl(*8k=m|fJxz$s|0ECG^+C7Uq3F*81dODY;bV{F9KoFJ6uF<1XBWr zc_2AmrJ#xCZkE2>7IGM{bWPW+%GfbY<>10>HLRaIX0*ugc;7pH>GE`CljdQ_T>3ZI z|M%>LX=!x#*;2XOnKl_Tf`7b(mIU#8gN)<%&d`A7LJ#G~lq>~B68&2(csp8BfyX9h zKkk@NL;&5q)i18!9~2a7bSDaQo!*L_`_`wZKYGvE{fSZ`rhvgbyXT%V=F3m(Kk(o` z^4m@HAxCH3dXr}|HK}fI>u@(++}rrQ&&X|e{Bv(gIg7U}eJ^l2CLtPaRzMsanaxvW zS(3iH=+M4MsfsLr0(PAya5m7O&R+kB&a@lpc!q1Wg|3_W|9zf6j_0i|#_zyCpo$SO ze4Wv?6}HjuB-nP{uov_jZLex)ZKTU+KDfJbqEHMnkL+Q~WC3VeIX!-b=bXT@^xgKB zgUq~BsNBu{9|vB9-H zbOQ_jg5*RfW@7Fe8)W#8D*)$7x$q(`{;F#u2x7hD104^Hz`#Te*V(~q^S(ons4I(Z zso|?i|BDI#qs{G=&w<9IHx^y5GhpXcVv`KBpgaDU{_o9^&)Rv|)Y85@$lAn2KG=02 z`0}tYb8F@!VD#q;y`soU>|9P6M5AVTwkjEa1W+`hg-=X0|D$Mt#oS}FIJ)NTIQQ%7 ze`gc4oHI6X1fcGIS}F#)!rMn#tvoBCypIr#A2-mGm5K!uR@yVxque7tFRot!5$&o6 z3b_QPIxs&pokzmEGrrivsr3=qYy6KP0%oF13A>qjbMg4bDKYP>v?Kr3I(?fru(W}{$okL_gd(shd z4?Y^$q4d&6DT|#XaGih6Gh2mD;R2Uw)f6A+af&9tY-$vDHLj4!%~rO@cGl+1kZ!Xm zEe)$`?>%RaG*J8hcO?f5mdooL2Kt>>N2sf8p3o8cgrlkRw%B#UZd^kRkC2m}N;Tix zGBJu?Fdv0^0`y(TEU+Aw@Z9CHOgnC+007nfs>!v&^4-+#W~l}gQK0_|n17U5f=c+; zRaZ75j8+~q3IF#;G`e$hmRv2i!*{K&YcC%kE?6g9l?!(LGV1aLen3OHyV;w|t9U1Xogw=_1prcCGM4zgPR(h(g>hbRI*-`x z;I5#-J2<{-ZyIYY9*adqOWR5(F1J^VE@+q$iY9#>PXAAPZygnN_x+C=2!ayQk|H48 zCDJOQgoJbqNJw`$bO{I&qI9Fu-8FPKg46&5NJ-}mF~mLi`1wB1^SQtKyLYX-*8S_c z*09Dmyx-@%_ul91yPUNR_8MYwd)?c>kK)@Bdr}CUV|)Xlct|PWyk4J8`L?!{(&_cyRw-AOzQ3E*(62 z=pP62pVR&Q@Z?MP>?YVvo*4k3?Z2dw&VcFC{q*|}Uhw~Z=$oS$5K(tuZ4(Qlu7_O2 z4s6C`q_d5lGDe3Fn3WhL;7*oCv4UOFf6Q)ipsOtwIsf?CU`g63UHkk@z6BHsU$gdv zhnknT3{r@?@7=bUlrvZ^z01BFPAwWpS|NH$MFeth85En70y_R{6P5E}nFK6+Nnt%BO}$7q_(Ye|lv zf;aA$*qzHD)srH;dpwDZ_UaNy!?sXgVsn)=5OQILWIptk3C$xe@C)95aNjl^Ht-B%o>gZ$Ee&?!C;Av+g}0byMfiuyn*VWD%os0)iRT}} z&hSYL7q=p2MoaNHQ82ll%)grnu0Oa=>{(48(NDNz1)R#O9LGrjSS;>=& zUj<2HewIDP4K$K$v)M&!|CcDb+q;AhDUKlPmDNj@x(Vn~R;}bHzz=*)3 z$yUkZ^;R^rKbct7tn;8oobBV8uto=3<}PZMIpJ1PP4+pT!%mr=;ZlTsFy*>0`-8bF zg-OKC75NmDkDQ)?z8>5bb7rTmONyXb==D{;3>n2D8jwe8l=ePB-8L}FT;)sZTmAEt z0TElcM`(&T&cU!x&+)4jmj z=}y1#8<75M?aifOsNOgzJNZLwVXN)=E6508th zAZ+ujq2;*PXavs*)TLl?Zpq|J7`_IPGIkeJkVpaopT+LIHU}2tl$Uwk2?seP4(a&g z@wHIaJ>sq~BuGtpJ%P~{PDx3Lm*3fmPpd4bFANbzn$3b1?_LX|<8mvUuQw4DuwmKR zSXO;PYxnZjL0Sn-58K&l{~LS-0|_ypUWd*bevMqhH0gW6!{YQ}=QF|Ezj&{JwggWX znIpA!AT>~uoZ-xtnZ_-{wJ$6kt!@?T0U$-HcxNDzsZOgIeY|h_alLG?C3?aMN@Um( zVlFCE@pH6VY!Q#+H&k{HBPsQAa}y-}16TsOJ!HPB<`+BdQdKw=0-7=yohI!vYc;%U z_Zv6ulwDXe2ieikgE^iUTfL6Xi?b73;vS{Ai-Aw{w{EEuc4YqK)Q6w`5-%3HWf}pe zfmz78YvN{Tg)KvoKS^#OM&;Cv;1jDL!!}|U{nmCiUGl_Fv)D%5VYxqenq@!j#rgv? zwEi5Ewm{}j{f%MMaZbG_VJZS)Y*oIv{-EL@9TMOMYn&`rQJCh^ul7Scao_`~Vp# zKWrfqN)+dVMw;_8-mhsvMpd?eG4{BIdqXJPRQ}s)7HY5O z#fzuzo!${4-6P}hG0X_r^O|nL*#3SdGq0S*I4~`Y`*XhWqq{?FjNbP&>FbC=OJ>Yw z5zyF1sVNWinen}*$)R6-4aEOCh85(7zG;8H;uq^@7+t6uqPRalgOw!gN(zdSnwq}* zD;3IWEgW}mChF#`ivI6t1NJ1FcDFtqF(FBO<~?3)WkB>Nd&G5OjtrC#PNPMi1 z6ue%~eMoFyfqc8{)op5~s;@5b;Gho}XYObYY4#klF(~$t)K8a-fio(CUZpMt^v@c( z`%vnGhNw5c)kQgob>~IKfo1Sltl)8z6n3_QdF3}WNa0@P&AeX2r3i|G7<-OuD6uJ#UtNFL^UmiIqOTbG#N1C| z4j}q_KN1z-K zl!5fI)wow~b<}#UPbifeintAtBNiwGtu&1XQtmP^j2J&}o!y4RZh>@_pTD{f#5`a6 zesx$GB*{)^VJ5A}82<=4JuBxK;dbsTmt6mJlT*J!_e!(-`U!_Bi#7>cRgq+-Rl|K@ z@JenfaK5C6=7y?yuSjskDDGQT7oS$paopLQ?T-;jT)=y2Uh|g$sVNWiQhT-sTMy1Z zOhcz9KI-D#j1x+jhdV7JGKxH&=5zP?zu{*2Xo7}S^Ur&~dq^|P&9u~xPuH;&)-{vL6kQN)8Tfj?Fv-lZOW_YW(P;9BiH$*b9KKnm7n zUdc|*QSeVkFU0a@0=;}3x4I>L&7E=9SCmgWT+=`5(B?mQ>v^6(kV zXy78W+~av`!$cc0EcVxOy!q}@ueP>8{0{pQe^KbLjut4~d(-!}hm#Ja7N{~A+}6;e zw6^z@b<=&B&~9(|!K#G+oLAARIb$)8hkJ@erLM;CpN8AM8_#gV`Ha+v&+Ci zcvVUqP!q4QLF&Sj^XOUqvxyk(`>4@aG1aPP6`mZ{sW%~VFF@Vq^PZZ#yoT3HSQ`2Z z(i?eP?%6hBvgl9ld!J3`BOiLTNVXTORrVhHJ&-g!o-bp1PJUsTwzb$i&$RDom#wu; z9(~AFp|W8qrgLMZ&v155$uY@Db!vP#<-=S>R1~1#x1_q-HA;0aJEQ=lt>L6JXl*RJ zd^<;u*8XG|Yq3A+wksc#+Kj5OKKISjCOMDJUIVJTM|8XrY)^6)pR#W2-+{@>e>q?< z)X#Y6{FZkVRZ;GLAIiZ9>RRYoRtgJG0;925J;TUKiW)Z3YXw+0+59vroF99MgL+TX z>=nLjn78!K+TgIE{@LVHlMk0us|^14)G&$~IzCKj=%bWoD56m$&3W)gbP}mI5g++} z?B7*IG=jW1Q}dFdbE_|<(z$?LQvd;y1$BPUR0cqw0$ecQKPeY7r)Hh}F;(#rcV0Wb z{re40%E~7+yakmf?_bUzAb9_rKNzrR_dlG;@RZ)kt$f)v$mA!qcpK?~8GTrE6LO}d zy^$x8m~9nlf!2l#-hst@0#IsXl%s}*XDdjq7>C|Lul3U8>UeAFgVw+(I%nrZjixH7RzAOEed51a59nhFd+&)f!5=M9ww^71@6Y}IYi+zkg8>0J z{ZIU*ZY`55)W3N^8Bf{sqG!9Pft~CBp&VJDFR76}cS((%N#UNz+-?2iv(eb4_CJD9 zS(LF!)NIL;qr?hL9AybI3PL$-H+o-$7r$<$2u_BfsK9oa9+@_~1~TzldRGQN^4Ur$ zteB6qQJb);%S2Nk1*o%fOM!fi;@c$mNZajBv%EXzxZM(X3u~M>XQ*P3o4DB&+vz{K z0QPLXdRg1+f_vrfr%u%5xLrfZ&b`hESNYzw7nktOC-CB?t|0Tsejy4kyI#EKz~Ve< ze&pF=_cVm+Mwr+mgC8Fu6U7$T5y|&$Ot_5?oSudgl2qB~w)<>Z@2re|cu&N2)eTfc z5Sp;w9US?le)r&)1R*G6X-$J{+M&ms8J@?Hi(!UJ?y8VfLzFge^5$&WYyw7&w>=wxM^jR` zF8ZvAd*iR^q4Az9ts#qT$4Q-R)M%NC#9F^%z3s159FgRGrGyw&;#Pw1E8I0(^?GH2MWD}emF>HQ`Dw=VqNo`>#Mdu{R- zLd1g%8QJbxl$!z1h6eUb!AP5rDT4o8;me!0G@GN-W4;fmDc5E08@4?+oBbl#5`-VI z=A2MmoIcu&%!~OA2H5}Tw7fmeMWwe*9D~b^dzzz|zTh1KXIX}z{KjeZsec7aEgG_bCPR$VkZ?;ICvuxERNc1I-0;40780gK%E zcx`^eEjbn0)NvPn59N%>may#)2qr6sQIzowAjt%<4=XR5f7rJcTddzq@VA9Eq zge_0LHyOl}`k`UzZiwkiD(rhu{H+;ZXYmi*UL7hD9Q0Rb3bhoV<=eh{(UvF2;kw1E zB81%_o2of3-Sgwa9JV!n3-kO#}M%A zzOX!?6_1oINEd~9WA(48H{ILrW>)%!;k^NQg#VyV+lGqC{jJR#GSm^aF1HDS)p#JL z7wVz3IRdpr=M=g2wM&Q7;5 zXS{%Zii){Z4`&+NEu%EqDRurGUmrvCMz1?Q*Zw)15s$H5Gt$Z90yh-5R`NR>?OlOU zz$~ZSo<`7I_Y4Ys()@)HNI<2P(%qH8B*`Dy-;X@XWq4jrLpAI68F(3jL-k~eni+%H zya8%N$f}+PG7M9t6mD#S6fRUSHxP1NrsS6Z6O^n!K9t2MXm1kkyxEzz7Wmkv zrA4Tkt03q1%-ixL`}Jwaomdhm%}WWS>edspJeyvkQsy14FP4 z(UrV&4ku~0q%L$5&V#I&*6-LKxV-nIp7E2a(*K|R_+pf(84c<^8K5uH!sBb-ulB_Y zVjgatwnsv9Lie{KguEMhw^jwx#H-(m)K=QOCmK(A{e1T2v)JVZJ#CQs8)`OOYIG%U zaWLxUzPi?LEpRs8+%|iyPpU1&SA=3Hbtx0r{sO`Ozw>FMLzu(fh-|A zHrjPbhnj^GP=bqdbnr}g*-~E+!oM?38TlzrbUf%)??+0@=ub6vYlCFuJlP`mpT2)@ za~5bc7_Jca$mM1ow@er*H5=LBv!k1L<{))Eb>*MB(#2rJw{sxThUDU2l{XRkHzBg< z#qVjnqHw3B?5>zvep+}Hk!LN`VDiKh_BH{v6izct8N?;ZUCRKvMHqV%Rs@pK5KkWW zWR%76yEB4DIc<5z+u(f3wn;Y0mI@mq#i$~cUPb&9XUleUr8)9^bE;99U&cW`q26zV z^?Qh2eQtZP$AT2V)_=ubt~8Nvb0lcY!5&s`J0v?)EtBOd`7M4d81x*&oX>cf{B~fh zR&$vjGTcGESuTZhl}P62to&Yix@&YL6iDoCV6D79I-jelJJq37O^=OR9`5*V&z}l5 z84CIb1JaWrqXnk<21!~=XL(G`mTc&ARt^JhU>FmW*miB{!ymulO#Z6!EFHtjlXTfLfPQW{n)o)DIB1+gqb4hpr>7 zB-Cya8RE@F(Bfk@u3ztXdTZR<%0Y+DxK7rzjG>pUuy&)U2`{lj`(q@-w5b811B zbu({;xj%O}Dsql-FkzS^x1^>J@+d+*EZ6T{EFy$Y#vD(6NTo-jsDZjOcd7r)qRizI>p{}?RFP2iCI)9FL<(uq`!vTr9(j60}@Yrd-RL?#4{Q<(R3APw=u0=277C$->W5Ts4$8eEt^w|&kVIvK%>pQ zC-!jBu64l(Su+CI_b(R%Q!3AQYBQhvuihGK5->?Hz(%AEcK|nT^OxYw`#O_C#pOPg zoAz@Wuf!zQ!JEgRa9NYT)?4Sp8)8s0e_1~k3`^6aYO}>|@gI|?EMg8{ZdeMl$>it2 z8{9}?fnqS$;V9*M^s@Sbmfe^Paw)R0nfSPVi!)mUP1q2|DuEMe5u8x=V0 zW@=e6&h`gGkjhC|^wdWdIlQlD*W@T=^h3a$2o4*snJJ(#V@QW8>jk_8M)%7gDMeQ1 z`d=tjAIZ4GwJ$mG;s1^k)KWVX8^lTc>Y)1QhO~JKx5Jg?qG=m>g-n^LAVB^(#p6L1 zO@*9NwLTn3h}*@|zNt8adj7;iH?xSza{Ivj%c_qfNeyt25A`zAXFd^i~ta6ff3)`|w~H zZBUl(nsK3rb7`b?^-7HKXl5EeNc?P*j>p;h1vh1W-iA@7^aJ_v>GLeCIu1&Y(?v}@ z8y!E#q&4)oGKQ_)h-Rc_t}468uh+6%zKVU5V*J>U5HIh&Usr+V4?)(wyl-9__2x#A zH$*BU4EQlgT8xXGplQHZX;DqN58bwJ0$+AY>LwDso*Kxpu`ckY7QBo3u!*Ws8bOLQ zpsRKGAG$I?v%)Duo}gU}nsbw>u!ko@fRo5YR4OcTOa?R5x2A_fP}EDKw?r!Q+lP4g z9wzsVFyZrfND94Vs%SC|s(g8>k@(c9nLXJ4VEC&6wIY^s)NDyB+K!dPof!D!h_C#w zloCMA^XtB5g;$lpf2WP%FthOAeK7JDQ=83G3TVxW0mP7d_Jawe`E=~4X zqd`i&6CVx<+ft|elz$O29(FQ>e3^|$wR3T_#pB@cDg~YYQmohfj z&q;Y5ps|q`0KZs=w>G%DShWm!C6{df;3x}2lzK5{#c4InU%4+G?q_37Nhj6P_6spf z={npgll+Y1d&VJw5{-J5Xpa3!hukT8l^(}bF0l7dV#hTvrYFEHOebC4pS0TPoL^hW ze#H`Ty#63Js>?V2gV2}vI(LUENC%VsND}d0qn8CVE1U{vwj3|9AjI4Z(U>Sep9EIn z7t_DdB~(?`1u4L9Oo^g7RIK&orXKv|(0H>zU$m)2byeA(FOSX;=M3MCSe?na@hMBz zKW5Wy#}vfx+NaHpN}!uGQ5;d&m*)HY&y4Sx!6LFz1);z{HY*RczQhJM>E4$U&|k{N z<33wG_lZ~t4Tl~#bzUWnz|_vxCI!7-AiEhNlWjabiq9wz*#Z1A&7DtEj=$ZZY4Zic znZnQSDL87Ccf`G%XqRwIJ8E>i>E+4wtF#VzUB6onnYlO@yvpGoKzQ`0zEV{JC_^!T z4*(cIE9>y>1^}0QmTGxDNk74yk7-hotM-|UMsg?ZFMTUbzqh@xT71YNcFwjgFiQpjVi&j#B$ zIv`3C^Q?EG5@3~MG=9%-@eqPtf}?GN3yQxn*-_XLG%&+Awe!Zg$M?Pv1%&%M4o409 z2oD2P!&=NxUc%@IeMrs|=6ARkz?ZGnaHR-`vIp4a+|VDYUh|_c8`lM-?Wt?~QC0p9 zrZ;JH%#)M(~l@4w;cmU4ns+{4T9f@1)7rh6|XdzehZw14TRx(8_)?d^opw9wQXiuTo@!?wM+~zA=^FG> zmSnjX4FD&q3}MCd`_SDD>_F7E-=*u^Gp#mJYftj#B}FsZg8o@3hMRIUuY#M?22WT1 z+!?)#?&1sD2)$^QiaXLyjIqB$M%U~pc;Q0w1{fhreAtHHWoddSUlUv@_mZFW(+ZebuLwB4ZS_oGKA1qW>DeZYcrz!m-Q7 z-LKNkH%qG>cBz)xr$T4FBYe+ibQZc7f?yF{qsKgKN-)_kv7gm4Qfi@29QWJfU2o^>jNjk+^!jm~XRt5O;bZ${&4E#v@4t+G z*61&^rrcRZvQ;y@z&wP9&3!M#noSK(?B^7^yKKyMWMDfX$XDfgbAN1Pq?@$FhC8JG#z~>2?0jGzikMMm#i7;3Tb@H`=vjG!TEIXkz>= z6yTKB$7oB7R^VBssUQ2jr<9y_5lgQkG zgDzZEnNB>Aa{Kej(LJ33SjXV=p)u=4^D)OQjoGOMgo`mc;iV7%pR=-rDx;S*z_`mJ8EDSOB}kP`JP) z9Zmrq1WSsl`zGD`&eq%j6kmT6!Fz+xa5|K+D^9r1p;;~x*?ptIayuQCYg|j{0kCu@ z+i?t$aNT1Pw>ANh^{2n3cCQg24=oXLHfya&L!Qb@rqF@NL2oNJ!KYBf*s zz@j8)>`^VvovY}qFL3j!9N#B#70-AckEx*Jyqs1bCc@7*5P5zfm`wg+XBgzt*0%$9 zG!j@!@^Lkx`Y#dHE_biHm3ORba9!rBJFSXE=?kh%R+;aUTj(4zAHAfwr_7hrUaCr2;E;wP~cN({v&Cpt&t4IH39R0mtt5tE+6qM za)4G7pwpqum>7>OE`yK57do|9G(0cXq;?Q6uV}{v+K29)_=0L|Fly}|%doy1AyJZF zDKduYQ-ydu~dyba;Scq4h z(!lq7+aGdcV?fjyVetWE>8=VcDrWlQka7fne?^MPeRq>DU!4^n_y+^XRqgVisROCx zVXbI(ok{ZdLlBp@>cBv7_Gn(84Ll%Z(d%G08>zANnacQVD)#MV;?;sj2Yd8T7EGLi z#qW^58Ky$?i+QtwjCghP*3;!grWvJ5>e{x)p|Ewolaw_;6Lm3(sRaONpNWW?rqrJM zMOy03i^05^z)slGNrPy-g}7d4c+%pWt$UworCtcbJzp*To_6JSa3erBtbNO3tQL)! zDW5DGe}CxT66s%8VzH{*r`IrQcA;y&V9>fXV)x>w#eU9jU+j<7_@7YdCJ*q610Iiw z0BGfC^~@|9H7XbN#?i(?s$i#Z)|mpJ{@e*4)DxMR+{)lfM`hOnX1HIEIj{qh2ywlZ z&X8f&)2!T0iZf1zQ&h5gXa1P4=QxSoRn{nk%{}a@X&6v-XBY2PTrY;Ttbr#p8|d#| z(HW5{!3|yfai!{3!Ok!%q~N4q>$2`&`5qf+XVqzG<-=hxHqmMs;Xb9jX=(A)EqJIv z&uBx`0SOY|O6jT2xOOIhCu(utcewIb2)E?Z);_{S4^mTs}a#X2vemfSW47J;S>Eo%Tt(RbaV|BaHbDwpDri7fw zF#TE0=`SHCzf^;V1(X_3kdG9UN_9!}upt(qe9QAB=tm86NZThNc3Y!W^mX5!g%D3p zfF7f?X-?+{6R-4 zVXJnv$Acyrn6&W5R~TGZ0Bl36$f>*OyH+D&Cd#@vT43KgtaEbA*J0HDNf_#M!Fm3k zh|Gkw`m1GXdQ!|&x%6@Y7L}|e1*BtESo@~VxbU|}(hT3Q>mdv3?~yWA3oF_K*4c77 zT+^09cmwG@5z5C+@?k`1zY*H^o*cBf4j0-3J>Cky$cJETuPyDDfRLF2XMfC7^Yis( z0sdTNilD*S!_V-xM)wCbVk%dt37b)z1I)m%2_BMhh6B)}FR`NvQ=$4`iNj`0$n5*a1r?bFcFQ9$B(JAAi$rkTlC9 z96j6p73(_gfs9mMW+=5EuKPd}qdo5s#8!Jgi-Vy&sLDADk-Z2Z8|T!YgW@d0&sP_) z&TTfsiC{r*fyS7qv=@l6o``7LLwuIoKhewj_|SY$-&y+j@NyHn{wLF6fB`Dwifjqz zu;g*-yKUSbiKUn-+O~6bW@mFsgMDZ6^_{yt3omRFepyRonk$ZxCmiDT4XKp(16aV?Pj*5){cYV!il!T5!fEOOFl_qx zSWFG8fP$|a|NM9b7la4*{okQNN%|v`UQxD(l29HLE4a4}f9o}4d6YNm`0THZj4}>a z0_GiLk2ouFTz_|t>HcCEh4l!saG-SNr6_b6p zE*&@I!F}2H1W_Rpee#PWpZk1p@=eT;+oc!La+c$Xq<#F!N$Eyf7N2N2odbJ>V z&Ho^1g4yr7z+jmkrY331e$w^~S}g1EjA&38Jw3i6>VCE%wjylw;AHcW(*{F?2ipDT zdFfKayt7=6M1A&4c)2;7exu{NsOV((Q%Zwj z4UOoL&DmN&8JTQR(ZTMA2UduqTQ%Qw0@%-v-Gn`UeQY${Xc9qZIqV|yxUDyU@R=99zk(^>Wu9@?iRClb zzRWF>|I{7iJ83?$2{Zj zho(nz;?q^w^+l&i8xv;@wA*P7VrM49t$`7uUQZg`xwbqDPF5pKj@QDxUPss7eYKc* z?(eZX>S3;^x!EGuusZx;_C$v;uF+H?BA*x{r1G|V(N-V6NS0vH6N|R0ZrCn(WAmcR z2#{}s459Ld9F0!%ZY`0%5O!EB<{G8-f_8cPZ>ZlFE%r{;9p5)}-A@gA$qI8n+=w}^ zcRxzpy(P4TzjbI5uOcF&&2LLbL{mM&HT|<8l5>pf?k0Ag9<*C%zD?Z3anBmI19I%e zwes_aH=Zq>cdc+*x@i2WmUtl8ZaH$Y;_;nR6z?mG*K)kqGl+)ygINz^gi7D{31O|= z8tb!tq2Mg^W7CU#4f}MBj|EZka4j1bsm94Y+_VaD%9QoQvcZO4jJI z7WCe-{)wDl6|6E(+4p-Z)`@9Qja=kRFGulC4r-~?Wkg*cI&-~(tG3$mXA8RD{aJ4{ zIw-lk-0d~N`gj3~?MDsa#+IJ_Aw|pCf)u7&ua>5o9Ic@%Wamo}O(v;T3t ztrwx}#moE)ua_5i7mX2;4aWoeBC|>ye=%;`9cwlk66<^rdtNJ@fy4E-rZwMubkA&) z%DdZfd`tf$`kBNJ$!-#a0HxQ8hQDLcx7nTA(M24&ygIbajAx^XiS?IG$?@#pUs2TJznO*h_N9po1;P&nIHUa3b}(olmwc!Ja+Ki|)&|(D+8C zRBmE~)4qbEElyEpX1|fv#hKMB4w0|-XE%&V_*6DMo^(pi<3{&r%{$wgO6e7d);YxM zcNeU!S)MVr@nxy?cIs4oqUF?C*bee^*t+eFU8W=GjSOKN-b->k_0-NHMNHY8ev)_F zz^*|BdPyDb;Qew8n3iz)Br&EK!ycvKRj*7FFD|o1bE-DEx1u-vrM=U5E1yCO^|hw- ztl)6*E4|FO+%MCy#)n-DZ;OhiX2s%W#O$V`9S_B)Gn{Qq>ads;_Jc=NBVsu9>d@8# z`hVWBw!HhW?+}O~3vBg`<}NC8hjehPC$ek@JsF}#+9}nbCC}l}2UgIz@g*bhZWX!9 zvBgR-vc+PUOi-s8D(9=WD2O44 zeZ{7vgR#M{8Ww2N^q_d#tEBbzALdW3SMXf(-J&);-K!eeYl~&~7kBB6r}B!PPwfxJ zvW%>BwFpP_mKe#HjPC0gw+Y$AG{Vjkyo*t;D;3B=9>+YK(^3uyGuD!55!AZ|6Fh_5LO`n~%x^jSQuOd1KWyZf> zQ7&6n`HD0mc110rEKY`}BVX8i=IH2@f5@1&iI|>NN1L-@&b57yies$4!5eHu;jY=|>C7(1p#?(yU9#7+2r> z^Dclw;{T$M#~l2Te%GJJRw+Semdf2xv{u~HFR9@@0ZZ1Dry^71pUqBA=aG7)E6M)D zWis)qD6;~GwH>rpfb!-&_b&#L zFb;itdtkysUqgX4?1xf#Ob)*@Wn%G*E@NPQ_NzuOZof8IMq3x7oN)z@z zK2?a7=0QD}HOz(!XTAYq9Ri-N_Om6?F3u|a%C(#KhT5*#T+I_hOIYl@5^*+TA&aWA z+S#_!S5+7Uk4mW3gKcNK#`vdQO4fY9rkQ?p6zPgpydra$!Gk-T#Gi~syc(DrFb zR7z?|BnbWYuY3uym7qi|ub@PJCBk4tpUYu?|4_Pr6|fHqKHP#b|9Q^uC(1HN&MVwh z1fP!Of8OCE8H~XU!=7h>VK+}u{d0H%=14F>I#KW;Po)2Q4DgMS5K!}7*3JVABgcPC zm_Rb^=`|p-JB2%YkN-6~L04cCNooxEli)@+8Xm8dmWVGHz$s{1BnTPye&j2?X z-e886IBW#{&wKqI-2l+T@(~T@e_bYElbjEWHj?T~e_d|FQGyyRP2m5FERs#-R|3YJL~sA*;@_`%Pu-`5lC9J0U(~&F zEfc&;=E7^c|GHcP2&E~Edh+-Em*2QKB)d}`{{Kn+Zw|aCc?f}KOnO@w;kW!ZD{pEN bA90zX)!`kTO<`BSzZcRkpB6qg@cTai!N_3V literal 40835 zcma&MV{~Rg(>8i%!ijB9%!#duZD(TJwr$&)*fu7%ZQI64=6&9C)~B<+-aq#0+TFXm ztE#KIuIdmODPb5$Oh^C#03#|QAO`>dBLe_Hwh&;S6!Yrz4*&qwz*RxTUQWje-`dv7 z(8SyT-`>UA0N=pb#1H^*UOr0|wk6`Q7d%i2NCa>`?sW+ngR6Cnk5QyDZycFr`=n0k zS0{hJ8D$!@J?MPDY5CaHs^0uPT%VvBdZ2Y&ys{~HQ|a~ggzN6w(djA5-Ldhu<)M7` zCdcD2bV9E+@Y3J?@^lgy#n$tB<*~5tReg_p_y!K<`7StCw(#;o=(3@C5p;|DCu<>W zTK%nK_6gUxoz^|^`aO#~>FzmaV-3zqA-9eJNw5})|90ZxUX5?|109?PY9qo-<>Dqa z>)fTZ4g3c_kNL$;(ZdGtEq^qRW^-1a){0TMCqzfY1IksAN}^M^^VJHE|Le@lm7V7c zx6P|Y%-bV45C5A1$Hm9Px#NY)nPvVjfsxkSOzog3ohEC<>&I24$CB5Hwu%YmgVLuh zH1ZA4r=bN%E_Bsqn*6F>2$uAN1IRF95)Pq))TNrowgugKOYx@=QLQbt2(I%*k@=b( z5#!MN=ETdTvP%6Wqlv&5XyBM#-5 zXzLA^5ovFpj`gF54ahJ#V!x;Fc6xrj6ASPRL6ys)(wRRN3_Ls3$eLOeVb#yL_}JH|bb>#n5clAx%p?h#?ZVX3W~^xJ90 zBMNC1h+K;ODPCTh<1Jjge9d`gtZ~(K<;=<5@GN6atK*$-zK6r?USDisZldg}qV!HL z7@u`$7z3jgdC*xAjLcYm+#QNMg}x~Li6(xepRm?;$5EzVM2Efm8YZjxWq5UCIBn$2 zYH#eF!cMCAWn(b?hePN78H?)5cJrP7>0Cf)ag_bWm|IP*ZO^F9IkqWDN#gQkXF2XX zuGIxyc{^o9DVAHr!+g6%1}0eRWk}!pDScePH>k6j3qzEXs;mTRKlQEtrJYgAP9fK* zUTn7@HmSBE&7F^C%g9?MftUMh_ysYyeRsV-OqIiZq_iX*ObHA=7oH2Jn9jIPu4U%g z=dL+TR{Yesz9d8Kd=!*2`ZIin z0kNuVHcwXu4#(bz>U;PUy2>$+kc6|{Jw2Hw<_)oG8w_>C=Q{3Y=gW&46PCR#;qhnn zw6U4vYCoz4CY_>k>C1I8qMrlirG{;0fA=gE-EM{ljCKqbkwpOJv#5>5T`*mJ%fS6azF z(#sc!D7A?4(MAm=GEa_SQZp*=OW|mq8+AaIQqk|FwdH(7*QdSw4SU|FOZhyMSx+ za&bS{DD|N-{g9LK<`DG?1JAbhcHup^dhP`v46y|^(aBBh%^r7ySnHnHImK0?`*z*T z0#RCBBigEEp(k6l*M&Wk)dUMVKOkDI1QR*3Of%+2!qHSTwdm(do5%sLPH~nz=d9rx z8!&aUmXLkbs?9wUXkJBQ$^hMhXWpbR9jI(Sq9h(6f|TXpIMke>!BKEbzzBs(8w!KL zDSi}(OTu7x2aJ37Yn>15UUs2wa&ynrq%NHX#uVl{5=uLV>71`<%$|Lvti4fiBA(X{ zuCc-#>}eGtycig@Mo6>k&#-kZQy;!5-5qd4c!}jvA|gU6KH({k_Eg4NQyO>b#CTd) zY~OtbJc!u==qBF`Yf!gqsMy_j^y2e=?y9!iS;a;Z_Mhkr)fDbD#e_$P8GswK%@mBw zw-(;l?1W04+9SS%?C%_#b<3P1Z;t-Slki+=S!sPg`sfhLK*XD1G=xhTa{=oyNp`%A zEx!vUBl?J9$L714&CFd&+B#8FdxwqFd20jdS@^E=9Ch^0`ci?ge^8lbA$zTOJTj*% zUDt=@sCd31Z1esBDgt&AU^g`w@e7x{TR!R|LCA>^DFxua1d@Fks0SU@cN4J`=5{ZnMOSUdk+uwG~Lw zt{&c4PWjB4n{HH z4o?1+mqo0aNR;7@t&vq!T-RKIQ86*$Q_lYXZc*d+%LCBqz6YlnNj|jWK zu%jUntGmR85FExU-KtKN9%)Kz9>G05Ag!4X_U8R}14E~er9Q7FhlkTfJ}qODwjIHR zsVIU|U<{rqFGSfG0|kQ9z^3)wd<|lVP}ULSZ_2yBg@LDOG4ICJ1~HN>hzOY;E>G8= zar;Mk^jX?!(y|O%9@wvnFTcZ_qm`va{h?Qcs~}Yb_I2X^4#=f3Z=DK;%J%4I^l+-o zDGjWcn7m@LrKhY-;6GWFU7R;MG#j-e$S0Q;o1O&iHgp0b5_uYo!cvE3#|ZO5`=f&W zAe`z+j<6r70D9GnJNuTd z0P$Q~+_~(QAAU-mBftt4?|oQJaO*IA+Ng;dJQ%Y)`(OuFTGEgYF&b z!*?kU1Dr#M8lbNhZ7%l~ul%O*3VbFGg(o@`3ylVaIJU0svxBcOj}S~C0b#uir5L0W z_-zo}TQ`FuKxlkGN`w~3E(1=eLxBF?knoL@L5Jy4U3fx9)~KYjuRb_NVw1irB@B*B zmZL+k562h%;3i!@ZX>#VrWrQ%lv~W^o89vg*kr^IG8S|xJYpuDy%IirUVzGwFB9Q3 z89J{9YMT%m9Rp*;#K8L-jAU52!Kesc?VSpw| zM1TvXV3&?<9?*qxNu0SHodq?ltGOX=Wfx8mX_uMw#jxW-UhEfXff>hNjE@yGNMiap z0s&7Ctki@OTYqF6DyX>92>sDwgdNfL_x_ZoKY7Lz_v!c|Rz-yZlSS8Mg`+0$QsBZY z#~Kwo@Jc5`U>O?=T@eofT2Pr}Qzrx@vC&eYx%<2|RvC#Qsdvv!gsF(QB5Xntzh9+P zjWk9|RGA?A|H@_zoz&+R&KB=+*T*BU-NhyZB`;_2_S4H{EuusCp002j5saoU*$xaj z`fh3KgT!}koE85}96YV?b3@l5EUUd*8FlJs>*7n-pFw8h9FepD>~{XFvMD54Jxq2NlbkTh;d z&P4vqsDKMJiu$0(jfdL4gTGbT!xADPFlvZtY*1nh3P&VD0)W`H|KYRuq~`)Futnb3 zodhs*5W_GZFAC`xlCkm-I4-t($fJB^nQKFX5OrFlR~9zD*^R#&M1U zD~e(6ce`U(BSomap1UxsA zy{Xf_{q1tqK#+A{;Htv-L#OZh{f{U9L=+vY9AQ|CH#82>(Ra;-{!8YZAAy!Re@+X{ISbBhw(wn1Yk#g$1#;U^RCcR32+Ek?{A+f6>+|_&l*uXu zxn6h02?qx_@0!>~A+(unc53N)``f{Gml^fN={ROoYmTlLZA>8$jH*y#di}MG+gt&o zzde@eeQV-mR1K3IEhP4pCZI>d%c( zp-?|R$>qvBb>cmn%oL4cctmoA#z*k1U0bjuWugCmWHb~opTB~iLN*-q>(Gj^NMEp( z3Le$Pd`SL>wT%}nWOX>OgTGPtw_887^UAZ+iz&`I3R`{&UeeaJn1b+S1famJ@|(85 zO``SRV(Zi%Fg$q=MTkY-uH4FRJ^b(b^Ymoj!w`Wf^Kcp0gY9wOeviDboWcx&GihdE z0b9b@OwDtFut@K^IS4>%@KU4Wm`);AnX%w`>6w6m(A?t`YCOD)>T zSXN1PafksGJhOqkBcF17Z{pYE6UF(KDJuXKN)W{p>;E=^&z=bp4A;eC_+!RG<|y#l zuf=Wn&>5!@hbeCSzVg*M6f4Q&yD2y2-b6>>dT#Qlakwu{@0k!NcOlC4-6YJn_zrcu zZ-(qfc`wpl))X{6oKv$oky6Khwq1!#MW5eLVZwnCVP4V-$6s^kH<*91G}DFk@H!<& zGBK}F^%{^KSF_qK-NO3`fl;u?OzAv;f=@ps)WG8(zk;2A5ODN_v3)o3*Bb%(Na4bu zD$|=uuR#m>mZ&@($sPcH69@m0GJCK8Y9>&k=PJXlWPoBH$hg(YLjm=0=%?ItR!UPC zou0EvpmxmChrFfp6Nm*3Z#e??cSxIFaW0`PjPfoo3+`Xe$pi0G3P*TVvV#ThKMEXbPrp7E2FscR?U&8)vu7hm_i^50KCNA^ zoE+QlbuBJ}&H}-*9Gg&fgli=pRCEBa%6_md2hQ>~ku(UA`{mLcpN572BQBgnGc4 zkcpPLD`s`j>gf3Uexv+8e!pDyVx^$6?F@YLGrLk7IS5fKz_|z7Ttr0}oJ5_5GR;^h zFP&kMz+rcOo_f=qSMDVgzxT}uG!2e@6p^R{n4AVs5NOKY$W;nQZ!Z@zXi-k;kOo4e zsZprdzc$qhjw<(>y5X>cO=7XIk%USF)r9HtxNiSOoQ^8K<896fZbHYO>xJk$qk9pV zQ=Q!S(+NjJ3(-=mOy&mxBzj48vqC}6Z`M?Gfs(DW_pX^o-~*x&-cQ*9dpQLvI2 zRnnf)z|D{s1gEM=0&V^w?;bt2Rm7ApHBXQ^4CAtzu;Z^J1GHe&B2=445OD+$oH~10G`}pLl4Yy+bTo$NJd}wP9$4o)n=AbNhBzi!D^RQbL&X!r6DQ13^N46IT}nKpXK575_-egd zVSe5RF+NG_P5P>vJNxgOFLezqz};5}=GTxuke)`g8Uk;!EO;mJvGa4ay`0#tBRlZ> zu#jp{Xl3YbQfa2J;z%%wsYVun)73iNdJ5p_699Jpua57U5RInGjqWCmKb<<_s zoV^GaCkf<~E;-_pWPvm~OBE=m z3I&#t!7~Jq#dnnIQsLRd9C2kXM-K@ArpST^B|8b6vtd{4ktM9Oe_;t32H@BMcG1@# zD*>AuGHFZk&{EbB3kF5=BzO2$l-99ef}gzqWN2Eg)gUAfoB56>A3D=$Kz;&u0=D8r zo~p2j(cs+aPetbM=?x7=W6v_(J6EMFnBVF)Oh`HMCdMb8hjB?QJ6RP_8-ND$suv(216n=! zg`>e=ljm7Q_v@Y9<~e@&)Ox;zDiFwc-tJl8T0yR{uYO`4Lz>a$P%r}S+^)W+LizG{ zhHXQ{K)sdOYg5>*9W&Q1#WPo&c}whQQ@+2>UA+}#Gh>J{(XS@>izXeq>)D~axUzy5 z-rnIR83p7?$6JY_V_FsnD!FBVDz$=PCj6uyT^Bsu(pEl}#x^b-KKA!79$LKYZXVp$ zI-8$f6wfzSUq8CvJJC+9%?aY)riIxqTD^J>fu-#x!>(nTPj)K(NF3Lv8J7T~tu2h* zd|1@cfesllr;$2OR>;9N;@F})pr7b-pb0;}j3__wIq)b@uuY1y+Te1teU0P^^`aR-`8Ejr` zC>4JQAo}4&UIf(KI@A1Qk!jD--i?b#LEE9-Wx$UCPB9q*HqT3*$F=elEG&n(Uv$}b ze;atfd^TxhN*C`Rsx20zyt^2z3z%LDD1JVPx)$UJMtYxHY;L#Y47qjf!A?HpiwEwC z0HwZbz&i8fSq%fY8hHmwR@6Q4ir{!dTf|lY;6Yt7nKcWX>uc+)E1gEiZ*PG2M%xW4 zS~sN6OaPd!xUc}=ozL;q>AR1i*W z(fIjdxMa0@U-FtfUjYaR$i)R5JfBU=81GwKW{~g&+d-z=`9r$f`O~Tuw%?R7BjLYt zO-m$?5d5!v3;6dUlldR2?%yP|nDdO&Y$$LLzRK2PPX}#A5hmon+S7uBR=xK@awG-u zS3O2rX5zh8t2x}1OyH~RYRPBA|7!^PU+rc8_tj5wOw>{U!rq_wq4$fAWt#0R;cHKr z{*$tIDux8L@%?Tu@+1u=73-y7(M{9mgQ}wGDAJ9`29k&8L?PAM8LOnLjZQ6J)@KV< ziaE@_t<7YUsJ5h^GkNr5PzKp8@{X$~jDPKphS2V9Zs#ONKMD<3ZSU4F>2)K~;Bpbk zizfQ*?ub{k5o`Ru|CN^~mj`RH`Yzpsmr1!``gA?LeM6g4{k(LKj;m#qC+tb#GP-XX z&s|G+Z9}Js5IiW{O~r!J>XaSqv0WQyKozoNrd9QFrG8Q~TGkv@Pd)8bx2MaPPpYK` z%qhBTMc`}zCse_ZHxzP`W&_$bgolpx3-<^|HXt!KL#@?YNx$us8qb+dPcv^$cy;r3nL~kvuEM0#ar4 zwsV!S`)El9N5-mhjDLi-XOHE`w%}Qy5q?^*4yH5f>xVV4Z(0;(`Z* zq$D#1c99Uf0|-763%B8t zJ|Fih^Q<4OxKUAyJeX->C0~{eRud+|#j}SxoatU!-|O3o>ZWEqMSyA5W=o8j-mq-3 z1RkvB+BmJ2Vxdb1w8BVIQewt{-J@pDK5w_?48}$obi}nmcI>DAnKACYppb?*CuzYF zpe-^@`_b&_u9vD$P1jw}W%fEDS(;6DJg%hrJSSk%TOT)oNQVAQ*28tk$lK}I93iBW zjKW;_h|Q92V;_2?$r|s^Ms%(#_h!?^Prsdex!QATFHXH*0)2|x4IoqKf_3+3M#HJC zlvg_KR_+Cppc(OFw_GMu(a}YwJdeb|Ij`sz@}w2o$H*7 z>3(I~e_Ik+zJUJhnAz352xU2gWrwk@1HvK4Sa?&nC!zJqz=gGVy|By7n3+(;)Bo1Y zm3*$AIWh1y8a-7$=;+3D;~GA2U{z5Phe2Cou|q(nl;ox zofR!PR$bT7y^5Tv(mZYBOnKjk`}dLhE?L8rHjdO4;r_3jYtynWNR6RW*C;Zs(XjY= z8=VIkuElGNi*Olvqc+eQT33p6Ozj5n*TWs*w1==)maCre9W$XpY#0C zHGebS+uoDSj&w&$x)Vl)3&}W0C{~Z%pUQd1JLZt@%D^I8EyOUwQQ3~>36U<;W3sD6CLwdB^6U!0WcOVaoVK1io4;;TrhuoID#)9oK`@HU1 z9&z?(mq;gDfBDM5lT!G?f8hVR$mn&OGB$kFFKja!0FjK!d^n84Q*9ZDxA#-ueqFU4 z(!iAev4V|SwlUUNP&zOhjQ+M*?*ccqHz4!(9rYwUnlMK1BF77!p!y`t)jF2nE~sW( zNy-$?fpo?$r$KvZTZLwQq=P4-301k46yeK@iDLFdR^=;kClWDFP_bl{^YA(yB!{uY z*}gq#)vnp&%mkSTM%J#?fc|(^3U7Us9t~J?`(97UpO8x)9PWHy+hV}Ra!riY*Rr#4 zbRJ8+|BPryuUve;{Y;fnEW^B3dm>{llF^R|`+|tfG1jtfEi~(P?mEZGl`@UFsRK`N zIq@xkEjfAI~Oe)S~#N>MQ7CI7^h{4s41%Kb>I$YJ-{TeIH zXd=hFbDotW8F*j6;su6!+v?l?Zm|+IAKBpMA#V+t)wd7B!*cy3DI4nLZwH*JNFU!? z*^{iypttQoqKm)Xd1?qim7}Q+79G_Xw4cW*wtoDR`O4tt~x+3L~A^lW>f?!)Ct#|2uP1 zOGyZcOh_o|o5E1L;QbmnQ!`&JdT5*^1|>x=ZaVrkr2?bm`_piJu0)|}d?fwDsO17K3Y`Bl$2pFI4OfU2IsxaD#;D_e| z26Hvuni4dLVmBmm`KHhv?J9ZFkN1E&(1wYmprg_O*3jFVy-WhG0D005bNhaFcP>&i zIA4$EYAd?ZR;B&PX3){IH(l1Y#%ge2H`;?=5jLZE7n#`@a_(#=^97r;L+00z`KA`? z?q0vgfYMsR{}@BDXx8LNMI5o0pe*Svm_WevJWSx2rz*s`a)8m>DWP4f^+Tzc%*3Ta zNWH9sep%%&w{0R~>8EGH656p(CJojJwR+Fudqu;2P{FUbqRc~Xr`IC!6zfi#&NfCT znZ&V06z6qALU@U>6b=OSHZ)~}?_r8Ul2;Ep6pp5{FyuG)!E79XBND(!J5EnB5j*G> zf??_4Tx*GKZQQ5q=PJu-B!N^#s>%Oo+t&=zO*OFqr82+$ZJ^QWVDo(qTZ1Xt=cZ8p zHK;z^D*lY;Y#|FLP}17OWwA%f(Y<V7kWK&Gq5)TU-xch4v(d zyR=xZl`FF3>Jm!xaW2kVTSelkb28}YSm@!KU)Mkx;B zGF#qBR?*Cai6=9gFGKYfzn5n7gT%ymXTT_36@pu&4peaTJ1KD^>!x!kqDib+&3)9141-0Asx2*Wq;xb8mkT0D@wHzg(S14d?}e;)@_l~fUAgMVXJog zqXNr)af?d>8oY+cd|tolU<7!yTKpm#E-%;}S%IH`5HDz;BVC;-$$_?6{vK)O7TH85 zN&_zOr_L)4ZoO($P%Wr5SsxlddsX=p2pCOSKkeC#wuFHs#SFx2qlAudi(EdX99mLp zyRo`0hkPKjfxZl_=|Lm$bH66DWJ+j~1Bb@P!-nvQi|(;Rcdn!Ps|O~-JcrBzU3!}4 zjfyoR!`yHAn%h-ePYxL$HNo|BR%wjT1bp#bd%DGT&@c_d>Ks-IXAd-?3HiD5dBeFS((Vt>?B(`+XKf5RD`mFj zu+w{P;UMKypnbMxTJ}L?n?ADpk3|;R1#R;@3|ko4S8thawk4;5#`_EOk{JF{sIS3* z8YkC&c-E0pk?EnTW`Z+jH(QW0Krud%HR6xuR(zz2W)!sAG@%++a1d3NGLvC-;eSKq zpmeQ(+tp;%*}Zh#*$J9QfKwkNy?fjxYknagCt0XEB$vn4USv=3Fhv%5r#YDJxu37f zeOQiapir!Ni|3w1UMtL?&(FHwOd(TzK;^3FHCTD@K<{Fs^{oCjnyML>jL03D<(WB> zU%&7@0I_lFJ+bZawW zB9#l%E*oNhCZgC&;y>f$_9mWoX30XLgVM7TkFcfHG3*Llm zSs#1d;Q|L1mZmQ_8V+#!U!C8a1O&Ljj^n96hfPJm3jL_c`i*z(CX$(e2{kUq-zqP_ z{i`JB|1#MBzk>w+e_F*P(Rs{J+P7DU6i|HO7_kCpLuEerndhWJ1H z>;EI;<@|}@k@MVlK=J>=TgYVG-IZSko@(snhpAg$%++pDz*x*B*1w}^UFVCm1x6SR z|K7n`^k!+M`C>~B@^vdere<~*lqEfZfDG`{?(X{39t1>t+~H{om}cf?tdDAv|*1R*7LY zj6?s4Q{yq8#wcr~2T7pEUb9a*>R+u`MS|FQ0<>tr^z-2e>7gQj;B7h`PZ6hPsnr|j)nyE>Y;(}}? z5I%QjXrVm1shptD1`O~o?C!%jpaKoGJpo2Ck*Vl@UYxVpQ*@7#kp1AOjg*l6qCJtT zS-t(fhU;YlZ1W5K}v%I;0G@`S6+h*bKCjRrkyvtUICLc-lO} zoe#nVkN7abd1!nW@H6p3OhI0sq^4!R)#zng_u%1v;(AM+DSuID2}-^Nc+0Lx7hnlj!uGn$x{RrfnhQ zY)l4MyP&gGWvlNNM{BnhX4(6`=_tm~lgWDBDO+Bwi)Q6{N%#Dr%lDCWts_LnZI;BK z{j4bmmpalD3Wo0uiu3Z5jh#bkUz^b;|1DT)wt=Cq0{`kMU>=rW1QFbG^GuAd5{ zW=q%>+Osd}1$=t@TAX`=1_eXz)ouCBHtDP!+detiUEgvXOCp3xHr}bu|Ig1?7?;P5 z#m9qq7CTRmD~-g-zgcLtow{hx9O#=Ba7bKebnmVv_cUe_%$wWco(dZ}eAV`bfcWE| z-rRq;%MT9SuOE0Kzih^NFXX}n+rk@xmQwog z(JR}aG2~Wvj>`N+-*utt;gf@qspO(4(*#BSjLxTlvq}=(3Vfw6fSm7oBknDBytMS? zMR0Ir$lz)xC}(>IN~}X)3=x_~yToot)gwBPO-7*xbIg68Ar*M3&c3jRojVe$1Q$QN z5@yAa=ic`bq!WUxg&#~V)e1q;5+DSeTO3`qEKQ$ObH?CMwVvjWG! zU~FzyB4C~)^$-?MYa#8uVE|k3r+>J6FSGn)9jL|AEqS`PWs2}-hPGW~UV1~I#`1^i zp03njAYL)+1=WD-L6n=?;04EH?I>D2GkA}Cv-ytDhFDSN8d>ZB2P z0t`R?jti{jOpMYL4NCjufg#0x0l9S(fV&XfJh{$QLc1X!uWRU|!FA`|^9DZ25OZ;f zp?I3r&YOEs>>g_+ZLhR?J17!Q91~ygDD&huU59Gn-l=BU#eUl9Elsw^izL% zXO*PW4_xF4Z`72U-N!nVUVaKcI#U|bDd-Z@sex1fj|X~HHx=!NC= zi+-O*;j0cO5Q}$3`iFr8ZP(hV^`w08@8Z^v^cO6?2gLDiEL07mLH<*jy+6+m6p# z5-^}SWfv^b6<*;6sSZRO2NU{52DXIbU`Ux4HlqZYwbWtwaf3A(U`+y9q=JtAVp=tO-=ThBAV}Snf3y1@Ugb*(+ z9cHDv$pQ>;PWyqo5W@CYD{KnQ;>2LRD0?dL+Jqewa+z$;+s{ZxN)C0ii{7K>>PGwu z8x%HDG-)^B5o=UAUIw)H-mxTOO{P;Ur}x1U7XMa)c2jN_y#RY|^%xV16lJZeAUdjh zpq^kgKCOG-q+ji?uKs7n0fRUZ1;`IW5Gz5uH~;tQ2EqGxa%4Oo5D52Kn@LqKxdnXDN2m+B z!%R{T?2*m5_C&^slU`xQ^0+gt7r-3zZeIlssUK!z$l+JBEf3CF5S;eRgolZ<325ee zNnW%QIU7bf49N4x-}I1|p=$@yLTGcz5p2{-cg?%^9o7B1IMf>}UNNJ<3H0IpC6B|i zZ4p^gp8NDj0Dj*AHea({-<%X6U&N$~=hjLI?`$B10j>+X3z6ewmowD!RqZB%s3_OX z(;aopKuO!AV^q(1Y{HHVNQb<-c2<_)y1KTCiIfxH|4%#RkxeJ#OrX7XdJt5x%WLCA z*awa$%-~!dWtt(J-dSl6h<80PIbPuA$22Hm^RZoA*CL*_`C0i-0V3>%?e#l5jqed} z1_RTOVa~v!oHk`5Shaf4$>)*{fy5#=HCcXR)YS~%iSeoSb+l!Oiseg`l-9eMZi_Sl zQ`~7L3wr>-R<}%(u#s2_*fqFzUu^%{aaFG!BhK0A6vO|5KFD8rWB8 z!`VZ%q_JM1nZ8xtWCGfqpaZeX)7)`bXjTW{VS@mul_S=tpUM*(`_orbjLS;tQ@ta4 zPF4tG%NG6PoZ;Y!70#Xp(zE^5tQjQ(5kRU)851>&XoF{gZq|6rt&OA^qKlL~69tmq zo0Qm0yPF(l9$<6R^f=aJ9$}?_!4OA%Z!q zGE5qkfntdz_xc#ESU|814btQ#8-4Q+&{b9Tx23kv z{4u~e^5`*2>CjbYN_}ZkU)9dks=Y7nBuSwo)*b{ePj3OK?xUDrV&If$bHC=ojR8EGEX(UxXNmRH}i~pj&F;lxK$R$TR z^(YA96I!XIVrtcN2q7*dkD{dP6nhX7TBS52aTVE16RyOjWFobiWesxV{U`PP|E97- zA82;_3|s1rr4y@-b_&;9c;m+NjHhkz6+2#2 zsDUsEmA--vWHN3#p!DXn5N_(w%UA0=MTRGOJ2#QjAOCeukw~A&|L?m1Y*{dW6Z348 zmB!EqOO}8SGp|`!D*iBj#Vor!MN&)O7iCKlab7zf0@#j9lKxh?U@c%W60WGy&T}Yq zQJ*g1xYCxV36IPe`fs%U1*K&1r1^7o{-55Mp$o_fE!bLyTz{!9;M>EVch9G8U7#p0wKrxN`HfuURX7(~cZCWpf5-3r+-hZ12A` z$X|U$BZEc4pGn_;__8{M76L-XgMdIR`rQ9` z8R9>8BL>0y6a+6#p3ere%$L0avnPL|!Wfr-`wUb2F9SO1%)2WW)e5?ZjY!PPuBWOKKm69UpD zUfWZ9@Q2*O3o0NfJ*BE%jPLDw+}=t-wiOqbQH_DKmnA zetj5l@X5b#e@XW?m(0qR_s0HqzN+vXk2D?KJlD%?eco`OE%oz|U?od`e69b%QFWp} zT24f*gG?UY zVw=Wy02?l|VvJp1$jTr`k44G!fx7?x%c$p}<3!0!-!eh-ld85#XQ6 zran87B(wrgut$|9@_$XC{2B^E=V^S0>SG68`QlN&(H!WR*-pMYIG9LQ+Kf$8iSnxM z=5a3|Rd3N*%m1kU`y`xfkvt!WyoY3raI(}i8ucx(nNc4NC*NS8ApE>p z<12ce>_yo+@ap#C{-W3b+|2f19>(2jee--Q?U9YWhSce%=?QqHUVmernw8bCo4^jW z%-sBt-X0k?QdOaeFqRQG;MEQ2;o@rGnd!CK6UNDMJ=?rKmGPye6;en*Ky$d8PW)5I zagVR>NJTbRqvQao^Noj|S0wQJ=~___fW~kAxFeq#`)RGU2r(w=$@JOm#<%w`!g~@cel#& zB9Tg=Tbye;XH}F2D5Q>wg`b}uYR6rANe>DFXz0U{NnGJ%Q1@*XE0?9~MRn$S%6|$(Bo?_d@ke!`%%0hNx7{3=_ow{05f z>ZHk?+C3_$udK`!iToJ@f}d=1L6dsgtT(|CcDm4=uk`AZykK{ShE2gye^2}`)u!AxyO-!4^S~0uhDFMSJe5mZbY(` zC40`xF0Urk12>s?gbUqtP`K^SC7*ihLulfLjlpNjV7I9nM>2rTW-?y@zE`>+_qpWY zHUepmD6>yh1r3er(ORgeF`IF1V=mXbPNi1K4{tVeSkTG46aTWNZrKF3Uz3M;X|yuf zi3P=8>_GXPgM!Iq@Cr-CRy+%j_b0|2EP{AnLSXyiCbctOj%CBY%MC5Xsy27SzpJ*i zIN8*zj7g~cxsmQNIGfU|^Im>204u0uvXQfteN4dI48o`f*6R-Y)+M=P9PW*qf z34SeChKX6p*DFE`9P~iP_UCUi_~cIG{(+Xv&CNcA#^*oaSDS5ckdTm`BeNv#NF?bb zGc`U9)2FK+EoG1D4ddSp*I#DxHDgo*lG|CNEBSXK7<*y) zY%9&bOCi&y{2%>AIi4krs)foXk^JJ9=wBWT!UvOstAn6HoS7Z0h6)YL1s9EfJrG_R z--i3OJojgF{NhVx!-9N#Y;KTAK7FwOH+JPQ=eonAu_?2~{q*?G1YC@nfgb;-zAJpK z!j@ycOn+hjF8+^9%BLC9voI@aC;J@jI>t4Fz&6VfcLBZ`5}B6O?v>2VYfYlS6=pk? zF`;ZbQ2mF~8Qa&HBLoWN>ceAw=3i^CrT=KpDjcT_CnS{KMP=Hf#~Wtb!$pC6IXejW ztxE<_jhnPK#-UlQ2~Mp%^6ZnmJRM z1~nL*xi99$>i2>ADMNp0kh3m@K~2;NCoJB?XCF?PKC5Z_%Lfbn(O8%pWYiLR#IF(H z=KrId++GY_p9~-Sv`muAUJ1KFgC2Q4xw^aE$~3k1Gg5_c8GH^4gtwW?StJe`dWLQN zc3W}RMtNjOW9s}jmO_2V01L@PW+B*XYGAz9cZO#Xl%#r;k42X0w0b~T>bWAmLNYhF7mwj>2tz5)nuYXq zqdzD657tJc6yLwqA4*)wZ(_v-#yrq>K{TVmwLAN#~aU>4DT4?jI6Qs%6fi-XSV0)U#p!RmTyEN8n?U}YF`Mb$&1gmzZfcD}<_$n}=e*Yiu zYrci`_?Rxvxl-*3f|Iq{5Tm1Gb>jaKi`~##zvTan{@=LpzyJSN*vQXlf~7?3Y^k_o z`7QJpqJ+Xk#tEVr^Typ9KZfpL>N%5(#h-JwhU}k{F=dh8a7FF(M(B~CIz3)r2$U#S zjB(bgm+|Zj>CUXO^bVXUyX-jjZ^%R|0-22Po=lkUi>934Z?$XcNaejpH&`s55tJmw2kazXLcBO1ui5$hYmxqZxO(u455PfF^If= z{UCTC`FGRGI&`vxHcYN!d-Bkc_fqFiASjdZZkdbrg2T%#0M#*|Pr%X$G_v;8zIu)A znU*M=x}}eF$07a4@tNR~i>IyX=Z^^kT3)fMgO!%1&V$W-G!0Wya6NL?ls4YA8k$9A z5VaMoCN#^f1$R0lj7WybWCLSOVU)mRJn#B5N^RuyaZ_W#7c$xL!n2bw9~`n4r-Gp& z4Tl##5$Fy8Z~}q{HGh~%WOEx)p&o)x|12EOjp#U-ufY}$TiV*agoftc+R{-Qug!rI z#y@+}7`P$#onBQKR&x2HLZdgUM_d}X-i>2mdmPNNeS-DhVl!avqi*aQs;67TjWj56 zhTItF-P4sn+vfp&iujwY8Q|o=jSZfyrq1}|^8<~ys8?g9jVVtM+q}Wo?iZskjCF6P zi+v9nbWNB9-3(pevm_sD&iTq!<0L?FmGJxfCkT{3=`k#esx=(@PUHK- zZpbwj8C@uq$zi7$e^4t&FbFyQ31|wcS|`6if!3b1e!>{t-R0uk=Ygj|Cy}fQEM`K4 znb!8k>(K1k8i8op=bGg1&N=KN9O}w+eT4Cx`n0jd3D(BA!59Gh*Ssl`oaI6`2MlRYHB8mnX3rNAI=P)AbWR1nSEiO)*Y~^gUG3H{g@M-p=!>@r z4433c&DjE`{XoZW9xxEs0z&t{%=771 zhzO+~VVb&l3cwpYAwRz!ODN7&h?rVcPagBv3zXtNxfx?Tmf;(DL{@KivTnCHr)+mb zVu0Sb@4kfgHU!f+YSFMb_IaG0JZI{e%E?#mABmVj(Nd{a<0qIm>hIr@t!Pijpz+rh z@n6u!R7;7Zkr$f1)c9L2gg9fMctnd1*i9CgnW4=^h}e3KgPnvn8>lrA7nejBnXG{h zG?u8>Ms|M}P4l(M7B2#A&ZWsEFhJlw_EROj?+JR6^A`FcXuthn^~KwRkUbOg=A^mV zoa-gY#h$GfrU1p|0hN6=lW%>PSErUx2|`531whH^k&C~96tiZrlh3*qT7O;lUaI0n zO@0}SA7y)`M^U4*fI3*qsYmmV0|ju-F#3-?i+}R-P+-fU-ZPS=Y;h3RG<2`sNBg`@ z;c@-Rg5GN|tYdHM?>3INSPY4^jhdd`I6hLYs0})G#*O0;ZgWgFE;#%>&g%KdS^JOf_k)(gK?|5vV)f((6&OnA~^^Z++{37 z@P!?Dp=uNY>na&6j<_85_4QSd+7k>&2?O8v9J~f7yHZb8$5PR>kE1!7KxcIFNiS6f zRa=imooHSVXv3?w-L`a3tC<|`3Dt3N#C;lheHc_|2ja~!orqT>Uaf;QC%;MI=u7Om+g;nD9?z+gFmftFkY$m|$Eb_nFHLz%^Aea3QhMx=0>_UvLVFpVPic9x=_{*`N^x0e*wEpDIUVWqp zsh1s7*;wOnIF!}Qm@Cfl*->t6iy_6sZw(ifS%Yo>a<>_+vf;k2ii7=Q5r9fPD| zk!eHd1K!uq8fI$bnkNCy?V+X%HBKfL`xoCL%T|KqVwja{p~6@j7S`K_c7u~$3%&S; z4-ZT#Q-2NI3rHH;Pc6l9lSD6fRbCN(edw{rb`(3^`3{M)Ir4azcE8$;ZDooGe5t4p zx6Iyh2PRircG5U?4qOoiP?SP zGCUQzkPd9JY_(^=b$53sIQfqh-ZF>{1?b=fTAhW=q7v?B?}^NpjRWwluFX+~5Bf7G zmx=_m<*@V}=1K0yabya;8Lx|qYkA;1SoNek1Mm@KJn&L6$|8v8r#l08Qe1<$EmP&~ zK#-SnCz2`jc#PK5k=BYt+au$p29IdTd)X?dbt~5(iB>ZZeYBLr=@@G(-%P~==EG{s z)P(CY zdNSdflHhe}cZXbRpXC%fSXLPCcv=?(dkb>EXSxU!$;K;Qf1fRZ$ ztm+?~uqYpD$pOjh4%>Sf&7(Kc<(633@8doDaZl40(7+@*ov5eZ8BR;sfPWs0T;5B< z#b!WW3g^)mUt)F!6m7U!Ey{peRGA2fsA>9YwbKf>u_E2!2}No&{HwOOopMlQ@SwR8 z;{SIS)BoAj^d5w~|NWoC|L5yqr@>=~&O&tit<=5>wMuZtNPh>T=UtbQvc;Sn$Xy)7 zqO*FLbyqliJMFe6z-9a%X!~xJ!+M}~byO`gNZ-MBR_?d=?3?NyxmsT>NLaL!NN6<2 z<2Z(g4MKZcx#0nQ7?a5h;W?K5;2T^8+vb&JKp;P_;{;4`@4sI7ZHSi}EjF2+aJx#z zIP-vE`f)41H=bbv{N98OgWLGMuDSC93CB=7^}nj$Qc14XY#5l5SluEN%cQ19zd9sH zPD24+zfGBxkVLKl4+E%f(BDtSpeTs0sZ?7|-@R$eD`79$U(#Kq!BC zI8{~so~;0Nl#32g%M9_flq2+i2eK0H=60xx>ss%$4sk7FX)Hm7>5~})E zhSWoTb8qB)7d|P3erSu;Pd;&RY+wplw@i9V5+sV)E`|!xm5;4kJjSF?$H;jm3J`kc zCX-*PP^Vcw6gqElk%mGyp6e-eBKjTW_c>oFl3T-fEm6Y>2n)4%?Mv>_v?ep2(&n*$ z;bi=1<*6BcweYEd@OFPH2mktJFeqX3B|#i3Dw){NF^)MVk489`{dt1h@|UT?{5BtB zb%95vm525OSpPtJ24iGaLxR4CuoPw{Ks!D_dv)n|gr0`>l?qM2(S4*^4o?Y5{|t!k z1vY!+V(!~qT_Fe#r?WnWzq`lH#wmWL!cqnVRavjP=ezm|T4gCjLZ<-)R3@+{1CjdU z=MP171`Ngo&{MTlzC{FArZ-nvw8t8uD6dhhe#PHfWqP?!8xvAe*KnDKuknCYu4`GIRDoD z2VE|WH@~a=ZojEt_cM2Ldz|s#B+S3q(r|Ny&MLFAfZBcN)6}!lj5MQ@tu`E%^oXE$ z0HuTr(AA=av*Aqf@5~^6k#!x}YS)JwsKFW-?-exk_uXnvt+`#}41STlL#`U2R$=e1 zIN$GRMl@Ail<&pv)76U}L$lIFCQ;h`zQf;`^5Ts{9N|0Q&G(r$3tH78;$iL$%$1HH zOzz&3;2X)gd_U9}&W%SL#kmWzbQ#rpyS+59;|9p;58{Y+soL`~i`D2pJKNxx1#0iv z-sH@Ttq1P}HAGV#?<*gvXBIVI9cp%f*UsZoCezV1m+q07-FS7_+w5q`yOFp^7hp8( z@U#SzW%RRLw&v#j)FzC|5tw*e6T6LA>0a<&vrD` z2e|!fzpW>^r9x*Whdqg}gwXb9E|fT7MxPT*aaSI_0*CyCMz2AVx5-{l*fREi`xaU- z8iPG+fPL(4*G74!@az!`1k)7#_t@u?JqLDu37Ga~(F#xMuOrCBmTs3y`V`mPx;168 zqi?HT`2K03l91~GnI0xThvdqq_5TWh4A9E0XQZX3vk>kRhY z65Nw4mI{x^(Q#~XKAD>pxV1ZaWxgUp!mZP!SJ4kFsB$q)Z<4}cglMtSYlNRaq^+Es zj*lg(P|cNaed4gH0hx1ynJgvc3VyfuI9BsA8G*dM^64gXH0&^ugHzT2J0ppm(}wf- z@R2|5k!!r5TCb}&llrCQ#Zw6_PMQ;%NPl%qv2IlVvxW}`p4D;;NW_SSS4QV? z$gP=H7P>2cipw@ET?UID+73jE-kmwq3qqdw?7)Ju<22-TGNlw_4a5PXR@Q&enl`i@l5E(ojeE-JFdwtXXv@U(}YBJLOli!N9*y_{l`4Hie<8cY62F3_ksK%~O&cQBA=I+Jx3Hd-XU7bm$hi5$L3L^L}!2h^)MLp-f$yP48*Ee;=oUO2V4{4msn$(Pvkbp-a zL%Bxtv18=3hOeTs-DBK9Mrkz9q8Chkw(=c_%EB$6Soe8+2*#vDz3tv>R2t!aac3i} zVq9HoT?nX}y2x{Ajy}10W!xz#nz_M;rU`6KVN!5M(uihaAgj-LF?Bv+Zig*6)*o(4 z&n%g;w(j&k^3PsqGsh?dMMzsJhVOc*I=u1{=&lJ#PgndV|xquRzZ5Vk%`se>i zrJWOHLks8+q=1-11%(0K`x<{EM249AMslFxyupr``y+iuY8)XWokC=e=G%|XPOhZe zrO6+`n0O6OrO&`t&uVvXA(}e}+APmt>Rjz1W2Bf4WSBPB1TH^%2o#IVbPQh~Q(Wf0 zdMO#9B~~V3w$v1g0h9~Qi~Wyn3m09<9iIbwynFT~Ig{`uFEnQOWwp6L0fW3Qc}!JQ zF{d7}{D>)|z6U$%omBR{}%04(n=9AE1*BLp`rH-8J(_TFG@OCr5CsiepG}sRa)hlo<*(bc|Y!*PIP1 zu-2%=h*tsWrco$^4q4v3^jpXSUIY^}2~N}UQ5n6F4`-JqdJedk;Y{N&5*5nBe_M`5 z-29nut<#DR{mUkU!Eb~+ldG^lr9APHI23o2%$(29p17y3;pYb&V69eJ}w+NIh${9&@y&vjC?nt;x8~pk?c&I@YUZ^QA7d-%rVbsHF%QoAjkA2 z)mxObZE^(_h%2<1KYX79@N7SYYuE>e?W@(STl3?|wlYWmzv5CB~xmkE)tC?Z|(Md*VQ9!EFEglEc>_DfCn(C)Ya)GG8)TW-c~1 z@Q;o8^_a#2=tSc2f_tmd-Vy5FD4%FaF~2F*ULC;|zs{ant z%b-uPQ`wP0#CYEeg8I)tWsAFu@n4wCU1mq32u7w!?xN29sL{9%Mc%q#)<>FV*}gE* z|6+uYdlsK3G1%w+bRyF&ND&Z@Yl*!+>vMCLwby*2kwjx^w$gNYa@>k$GzG(*;1~Y; z=6Y2vAs~yi=71{e@a=+xBShZz6N%aU#9(Eu}n6wQo!g`JL9TNO!Y3(??kg{r6cBIK1VbCd20V8mupM zc~Tm-;K=6+l1)U=)jQxz-I6?LFW5|42c5Mr*o>qJY=G@$FC}rC$+F|xbTxBz>l+)J zPncx7Aoj*Nx*aXHFNf)kCwEvI$S;qe_S3(UBjESWvqcnES94MFKOJbMa&EFb&hOCQ z=F0s`OCipPnhd1jp0J2|f6r4sn;pfqZM#ENbV~L(%T|-ra99dIGySF*pt zX%zyvrp>b9R>kJU(RtGl^Hd0tX>PJoc~g9xUks(!&%5ga^M^Q_0Zx^GhvxKdggXJty(;<UFm zAzP|LqD~&q(O7kH& z3P~v2Yp-L#LrhRoo4K`S8~zMJU_01NVO1&7;G^w-9Z@;A!w+}J$#sYG<{L0^!=ZTN zmrLBF!=1B_V-dmlE_ul{=W&6^LnQ5LXWiwGUrRtp&itWIx|%*0%R4y}qAmi&_)&MWNu@Z7Frnuz;1SS<{z5A%XV_}nYnE&& zMkS_|u4Ltu)~A^ho% zE+dUB1fU+tsU56M#q|--MeKJ~xm6VS=Go{fgGh(FGDcgq{cg}#nc8llv)%|GiYPU? zW1?YB5xsjeJ+jJ&6y+HfeZ`N|U6%-VLMz-q`qjj6z$&fg^e5JJ5MVc`3I0)}~gsbgSFF zqxbU{lf%}jt7#PDsQW;OK9)fn>mC;fPAJ1-YQ^P8$`SHck%t;1s?*q^Y$D;Gd`lTn zmXb9;o-Mgw3=!c#Hz~bW@O-Y|S5wCEbS5$9=Z+jy0n=TZF02j=7?x@?;`N#FF2xFm zJFfhlYIk}^-*sR!h4~u??U_nVsB|mg?o=yxk6Db>7m~7X9|XPFErR6wLE$*=k#PAp zlN__cev>1*0_mml)?-2)sZNnK?D@9zt|5r6TPZUGVZR^Xll61tBw^Ja-Kj)!f-*~J zwfouhbI!jbMOH|*mqwkX^(IH*r*N8o)a6N5_-+YPP}!jE@3OjeSGivbUw?6)^;RlH zL8JxRsam>6j!h`*OS|fits#qP+_5_zZP76FSY3$pS_a;v`EQQ=QI(Sg{BL0mHjO}Kver-J~1|)F7r5DDd=K$ z@TyMZFaH@7mDWOspV7!$*TOjsxeFB~uBB~qJywl;K3SYjDc$xHm%a0i7XN~Lpevq0 z!R?Dl+z?MkVVpO$9}+@dfB#CtJX(CH!>u=wTrCDt)I;DzRHsW>dNU<1DU~J$+(*6H ztGD?KO*7izpS65aNmLR)7T}m!SQcN8_4ISCl_smToc`1q^#}odxUQobU=ho$eDIs5p85^%gB5i_ z0U6;#=~pIgZ3F~DBoc~}^BiUtF*UWI13cS0i+QkG#bzvMPA^i7M%>6cvvn|0pvfyn z&-U~pToOArKAA-Kb4(>`XsDP0^mNhZHxw1~asT|W{92K08-CKrP?>tly*N=I;^e%Bc zr?zvN%ua?}uuiSRy)b#oI>I&r`*F;1@=&aOB3XS=EoOq}`K!3*l*;1&gmVl$nX(j6E+fKIgDnP;Aq3W3k;q zOD|b4f@bO`@5{dkK*>Roked8)S(cB(N~LvgMDXf9%xI|pa10QH^+WEox z>Z2A9_x^Ag<@~KM`S`)u4Cc1R0nWI;C{|sN5{{k?M@pWwsW&lr0E)FVl|3eh!I|OP z^3YLKnFW}xbb&q6Y3@QaV2a%(Oq?BC@+DrTU~8Qw++YIVt87U z>s%-9>)&*hXN5|<9^6Eia_jOuv0ATgE9s!yJeB5W&&ngmbjE2WN=1raIh0LJYNSVQ z_(%7o{Ku>baFMF4<|;`onH7uRKJGFDC!V8HX^Jh<5*-H|&=e-_Zr7ILZembi1;+ht zZwlyhl}p04bB;J17F1w2c&fYGpd}jsZxufk92_4HseI$zUWqcCO@@fSIF_IpQFGQR zM))G~YGYUXL*gffi+V1)mw#nq`j(gr?Yu0V-nAD8R9%$O?Vfs>xs~1}k&nI*OQ&oT zZ_}*Jb)M}M!mqVA6#LZ~t%31ocImH)T%O|1xyUO#SVDEeY$<1?Yb(~XX(gAC4_e^D zaow+a=nwqW_?Xhy-{fS;hbmyV`)9k!9q_c(67>#G9 zIYjsVt5#qc+$AXBXGkL_7FiN7wiuMvMXEGL#G+PR`PH4=K~mqUlufHdKL~is3jFzv01@yRsL1KFNon_#n znmBt|r~7%?0WJx5chp#q&cj=U30T11u{DN=2~{U`AP0a%-$JBbQORVUeQy5wkz)+w zOea$C#mf1SmsmkEH~C8Ttze00C+!UtLk*l^KZv3*)-~)ZNpe$551d(l=BYoj0$_RLuyqpoI~wh|Rk-?I7SumZ!4zXFbWgN?aL`C=N*}M%w|(5DKdFu0gxCE;%cHjLhbcE52=95%j%i; z4%d%;P$GHhysh4tCq0UI!v<;13dSj{Pv_=zh1FMh5qf(ten|ED;)|B$u3w`E-N|t# zF%5l{8$o?Bsm6Cf3pKndMSIkmSZ)Pz_ye4rnhz}&c*_hQyuy8PoCF(H$Pv|i5q4dI z9)I0SW_e-z-vwLn`AF@FtSiRf|IpECp1&^mZCCS=p~m0^Cg>?aPailtFSrTiYjBdX ze+e&UPq&B=LDp+8-PT>1$*`}YL)I(5455?<``7#|S^cHB_3XAw?TU8@* zS1C>EwTKO6wBHgGq^y~t^h?A1+>uswKPP_;_0TP{JyJyOB;;EC@Ry`W=`}o^2^4YU zE)cuy!_4_6kE55I9R7$iPYIxkKg!nFno%dQOzS;rmSa?a!2RBOnqdiSdZ+(!|L+wk z;`}`5m+$dDVZUJ)M|Sky%ea!(mYv${ngjARH$kNeMFR^%za458>|LCzo;SaWM zeXk7wL7FqpaW--`7k5`VTinx2Xx6%MD9A}ff`1^Dp+m2bo|1~{fc4TizWi5?!qxgm z^b&`W^~sPp?<|Uuzn>6|WZO`z;|mN$OY#Uew3y?k5e+m5=ZhMU8xn>Yzrql&MRTa` zN)%5(`TVKEw3ab2N?+-ZF5gXI>*7;$ESeYHf2I#CryYt1Zr9zs=+^0jmKTz?X5-*E zAHJ9*6sqBse>1{^pG!BYbA<6$6xs-_6vtN zb8lyT|KW;3VjP6*q|GD$^!Jm~K-}GW$ zp}8C2&L2fIc1Ql-FEGTUzft}j`r798?%Lw^R*{dm!T>>eZ+XFc|IHU$9j?*kKT~Uu zL^tM!Vpu7hN)&Y#_|K>pOKc_QV!6DpuVr`|&cb25$EU+yl~$b_S^Moa-fp-WQkuhF zQLtR@A>~hRTSqt8vYE}JL$yiY5Eg^8v%92b$3AVzTa|YQTY9dzR)8?8jbF5> z71J`C&PZ$ZIf8sm5_Mj`$&N13&pU%$C!=?$N@_G~0{N~46I{OZd~4MjZnjjlTUzB8 z`ORuIgBlbMo|Gvsv54B zi4kf1T}mYciTwwadh4-eGuoy9ri9^hJEe}y>*LIgq-AG04Xzaw%GsN7s^z(kQxdA0C?ni(3Orn|BuMy`17We}kKz@Ph`tHo4 z6l7L=Z*(TIUqGA*J(J;ZqjFVsUN!Lcnlor5u3ZFre-x0(8E{L3U>$iv7AstBeGD_& zdeJ?eutOI@eyu+ij@>Ak^*W9sG89k{NQ|$+9QsXfjTVdU;lONQ0Dp+*&c`O88>{th zzgs%qylnqLao32i4tK6t=bs4EdF?}h^O`*P0$m&xD=Z~dpQ3S9X!Hx13*2TyXNtau zIE@`k`N92DyEa@daRS*u?VaIzY*t*mv280wPzL$U3YE11l@g6V{R$uboBo${UUvz!o&XdyK$A010qxLgCzN8_hg;-8pjLs!b-c|@ zwf|_QTt3Kiv+COEdNv7#C{3uBRQkR+Q|sva_?&X z0%_%l&4#kx+7y~_NzHIkck#-ZN)r3K5Xuc_b2oXB2So)KQUpQ=X^-AKHnfYU-1Q`C zg=}&a>bwixg^Ho(C=*3=kumF5L^td+H}eOdL?WlI>-NpXO1Y)$0fQ$n zYUmT+e!+1XB}q1Ot?xK!j&!jy-T_sH+j<^ucLRl>9=oY9@`yh5{G65`EHY(keC@pJ z^8YLcl|;s$fGT;IFN~(2TFF%TU2AdN*p`G5^ zA`^54XicR|TtUJUYxLLrmq^z7Ek=;r8?r*#p=DXGFM8%0m z?WDG*<;niGe>nn(-`qG7Lqul4*V3{-{UX;7IPII_&CQR5a`0kx^9LKh1)bJGL!1sT zPPfOv==h7ZN`MhX`+N;n`*Q#Db7#eUBD@~)B4%PodMhQ*H%8Tz%jLxp=A+O4DApmW z87)&sRF%32@Wh;yj66)wKxZxQtBnK zQ=qy#_W3squ?R6d=NU9IAUr@Kgsr#8SEflX>$7}qMQ58-eJuU}85kdt#jpXTsCi?b zDI_S2BS0#Ux{vU@H97%~&`dqd`&taovCkjtB0i-n z4MYM4kW^otZ&XNs2_^|xWA8FKppnCsCbq<^q^;eGY{+tZ)+?FqW50){jl9Z$&aTsspyNG|J@)nYafUT^6a!De>hg~cK{&utcN#;v4 zXIb<5M&=A5oBviY|9u7Be$@gxsOrVX(%K#C7ltQs-!hct+wwC{mfCWCH>T{%s?cV^A{S|b=UOW8i2uT(0kB{a5ljXv^w3K z^qZ@5CAH{1MwW>0swMv`3d+t9L{IM@XtVhmK)c^9sM_E(y4oZo zSpx^i=i!gKQK(vJgPb%1G$T9PE{Kl@xEOqnh$n?F;a+Gnj+woIx#ry@AHF=kemvNj z6r}eLV7_T(TdZ7_`Q~CAKn6<=xY1w^ihUBV-*hHvSB=~X8Go*`A?(Ql@1FIQD?DRo zV3|wahX4`r?$m$Q8V97ycU&C&&IeqgxHvIj%L}$=l1}5 z>hKqh>o;S7WN%P*Bjp6ley`*MAla`l7tDlZxUY5Y@c?vuKu2q`Ay>xpcX8QkK?ZPm zh(8gq**0?DR%e?_b@_LV!}7l}n@yCgu!_Z?`zO-j;kmQwjjo*-)KF3M0h^Uw7hbNi_jq)2`VjJoSRfRO;%YZ;>-x z{{nb{{Kl5H-Q59CSc9+e>|)S z*hT24^Sb#1gHI)+$+x*0xO;ZT@bT26Iuc?gdORZhDFlI;Qob)v@I2}Mi`xCmFLtiD z9$jvrMy!FMoz&?xso!?o+XoQQkFZ0VunA%X+$y}^pM5rA464F4+;a5<{umq@#O ztDTlY{2BXC&ge>2)F!@4Mm%N1Dbq`>LLFXn2(^&_(dDsdam_YBAN0UmZoM-E@U!__ zh3sZ)pQde*zEs3g!r}E$E2rvE#{NW=2BIkt76aTg%2z;lM`1r2B|U+Q<5RryOI;^w zHh&1+*nX?FH%FP9`vg##f=1qFTc)o`x?KGY8l#mRn#p_54VVqQNM``H(s;J|E1tZ1 z0*lFZM~Yno?EAPFOpz)USp=VdvZmiZ(H_sA>{{u=2|sgB7eBQwGQ8F7fdRh*WcgKx z#6V(L=e{S2_xIi_O{fC__NXG-oqcBp@HM)P)F$H#rdeC+ee~|ifQ;TLHYrwUw5vdk zghnp1U#jMchJO<^eruhkIA=C=*gx?W*X>lHJQIR<6s*?2_yjimU2~$vZ{I*+Z#uB~ zpPc<&bX+3@%T`#Kcx-}O2*s~&G@EtatS(fYED^g)(z%RAG&UB=_sXRa7?i>LauwEc z5^{Hz-|Y&3a>`P>J=aK)@Qk%E_O(n>GIDe;`dHHX$MWYlwX!P5#P^c`uN?->VvNgP zdNHT!Iu&Du@gK?oC-xr#00aET3e3fAbigS9?7ye;YQ1}5$WL9{NQpB7Q8*_vSXc%o zIf~JJU(XKGSH(b44Yv8oYdvA@`2;sSt}G>mEd7#a!j!2$RlRxrwlfNSM&QKzCDI(&a$=oWi?R`lX*cR*Z#tlec8b^%$(61VqG7f}BF8oY0^ zvxJ>h@Py;Q`XLil{+VquYM1Q0A_IN=M5#h=(GhcDaWszGob>){Pi2-6|DLydZ^(s`A<;~DXVI1@pYA73;R=O*L6Z&kJoZ}skF47 z;A_2M#WP?vj1vwH<`a;$Zxonw7CG$c1R(qE7|?5I>nc69WW?kE9zMt718#;=(jluo z#P`GgYeeo^9x?5`DW&E4*}z>IPhAF^|3^HiDH1axny5A5$)X3k9|Yp&Uj1^d##Od2 z(CVkU1EGK1e@pByx zX!t8fo%hxpNOlI&RuD1jE&aA5I)2WuhmD$k}>% zsJ*xK;d}HcFf=k#86{;V$01{hjaD+9G1rJwZ23*4l7hUH1o8@-@Y5sh*cL6dTk=k_ z*ps*l|MAM3E7X~X`e_ntv3>so2U^#OHj#0-jW_L`Fo2L+W#9lKf z;UWB>_Myk9E$ZdTx-tGay`RQznCC5!tvLyy9k2z3jNXRmfQc~$9{gZWv2MjV648n~ z5s)`hjA5OF=o1?oYLMgBl+~Pn_)@5T*xN@D=jDM(^!o6ZZ#s6m*pniotl%_d+dJ5? z)57qe49}2zHg9AC`9Z#b7XSeuECM33DDk+OD?eEW6#M?HZnrfU@);W69EIBAa}lSt zH`hsq%&%IJ-O3WSu!ah_6FuG10Y^QV&&)H#AOlS{i}AmKV>p>H-F;ad1{3!L%4;*Q z&JVL_UxPo0|C_>v%Nbpsra+mpl7Oqp{u(8SK0hWgJyNWZ)@qy^k_drV0%G{|ZJ}vf z^0uNvhFa-F@N?(D&$kS(8_qDX^Gyfl-sej?2;+=BCvy2RP9p+3#7E*(Jy6>>g|SR-c{nfdp;J^USw#<0*XvAp;=s|twDzO<6Sc>E1>UgE zDM*%yfv7;_xjSb~w}upg73ve~$#ep>*pG=at_YK7>CQQGA*^dn zypB)n?CwHp$h9ry$yi<4$ zfp0_@;r7G~8X9}9w{mtZDJMyDkM-BS=|pxBvBz=O!a{H5|F99V^|k%=>vHS-t;?oo zXtx(Y(i-hh_J6?jJ$?M&w7KL=zv1r!^}KxGa1L0^J8ZZ>KzZW|8t*xeYIP{!ZhySL zxdH#oXc52~_&-)Gs`mHdEe{nK2Lq0Ix46o|(2cTGfM6&a!8A;b*ve9u{9{4K1b<60 zv<9yk6$k5-*Az5Bg~%lF7mUiw0)DpO8-pa2#FYMwDwJ57nf|50Xhot?V|C%_BsjD= zS$@HYA>raOnp1ak855|J;qLM>DoNuHu-t5}-oJvw^gyX7>C;Q04d*1rOT79P z&5gn6gmH4FCMd_+DOw#LEsoZdo!jSA1Keh4|{4e@wliIgF*$qpGZL3r>FFXxo6nws$IcVV^8d%Us+ zAwr7OPJD%vvt+(KN}h{xyFT?)A{2!`)CQNETw1~UovXzsi@4Yu(0$cjeyZOrKIP|^ z7V*1qWhHQs(l~sAP$eQRcC@Wnb@($d5VvkO%0Joc{%cwT@m^XW!v3^?IlqOkMFKiy z`i)~epCkYIp;Q^WBlQ*&bE@I`_i~5)_iMW^TZWvs_1Y4X%@P#ey2ELdE8nM67$OHI zhNuy@c_U{9bz}IW`QNqbJ;e~Bh)Fx^paq^vy>x3C)#-8J{J~L^#a3EvIA7f6m3^Vb zMM-bOmD}lt#K_V_m0Nleiddl(o6VAd<7vfEV^7>;dmXjbpH7;)t#X3HUf+ARhJcHOz( zX$ST^dZWa*6mE11+8<6f#N7plf;a9%XmP!Ff^$MX-%H~hIR`R}$xwZ22_4dX`{Vss zj*a$1JTWBpt~w7n4;fh5;KmnrwbTtZ1?j3r`m5d~7Bht1k;j;4&KA6Fa<7p^3_q<( z@d2&e8Qqa&4pUP54n)WoR(%75klLyq$O-I4#krZP365ObG~4?J2K|#*KH4(pc+~aG z!PaKB>Swk>Wb{BsgGVRJkRjS0D2MM&5k|VR#4fjuT0^5xeDtrFLJ!{~!G6Xw&)`-2 z_LUYY?atd;L`=$#&quswsGu9$4!N^KXd_NGql*Ad*iAU5*77V`?u@rj!XDE{%+nn_ zmoo+uMBj+s0SBn7W93wu`*@k*g57QDH$fS$!BDinQi_df^z397Sm-v#i3m>Sf&DPD z6gJ-OLP%px)7#!-ba9be85{Y5ij}=e&lFq4Q!H9Sa5IW9B>n9(UDSLXN90Hfvo)f@ z5|^!krS9`x@6S6H20tM?UJ2I~sUt)GD{Fs<8+^>rjPHZV0nkm*KPBV)wFG=MspLAjyva_i0hYBN#?pKc>SgYB;BKaY^fAfT%(Te$+VvJ1B`Y57r{QvO~jJ2&Z;s@NE z&ifBQQOQ~7Oq$mf3|Ygg^Mb(9+p$NB{X58GA!-wA7JD(sn84@R`55QgCGz#J)Tzl#jl|M^CV62(q4=oRD5?KVtri5~j zL~iP`_W1}OtRQaf$9Qu7hW{bhCx>-eecaIS=z4CS0VzWO!)L5nsae|p`JvUB5W z{@n39WrRatze)VYg4WfrErK-*I0xRG{9z~tK9vG0vL zlDeV%|N8pwXt<*9Um_yG5YYt_(R&YO^iH%y7mPmIj81f-ml>jWq6=un`M&km`mOig@7+K4I_sQ$&)w&ob?^D?&)MhPGo@uDlG%s}{|nOTb+X3*bmJ2I z>l9!X8TNXsmw3AnXaNu7HFQRAh$rWJLELA{PwMZ$43i2oFjDva~|f*3BWJD~6T)Wp{er5FT)H1&Psk+itGPUSIyi9C)V zbD_KWWc%!ZwJjSA^{7gDJhzkNK+`ERpO^zEfc&PNypq^kC**f-xsyF&G2^irWeQ_; zYje&}Xd^D80wKTE>WsC&ml8sG_~}(X8^oDqb6uUdl>4sPpK{ij&9FC7xVBC={^s|M z;UAsbJ*m+oKi8YXr|DsyN-}7+1&s<=z<0y%l()0FYZ9{rC`{nFj$m=X=~I@f=$C(B zYFIGpIM-Ol)*>4o*wbplDe7{MeJJ@HUi`@6zGp(O{Vu~x)O;4Tu#_SHX*o(`dnE!q0*O<;*3!Cvm zg-oYP?;oq#kBP5kzKXUS4pX5jZNu2;lguG87GW*iYvRuAe;}tFS{tm;+NTS13VI@z ztf|>txzO5A4_ZgClAJhC8$5RM3P#Z}jGzI5IDnxw*!2+tk~6CG-L90P?fVO2h{Z>P zczNrePlqn_`ofZw0}rvdlNT}eQJ1KNMd)88X@_fmSFntKKB@A@ZyydZh9Vm z@rXYOK&9r0_|gT!#Fx~aX)G#ISC!I%?^YZ!7v#dyGdr=f8p{Z%xAJgQ^tweanP z9>G-R?}RrOEL4JYZ{@32zTy(A;!^^8)~2@cG3nJ$7ONr}$byPDfV|cFk2YJNtbi-r zZTW|x+?{k5F>4WVwa`(VirwZ+sxA-Wsa$?5LH>+dmoUvwx+e<}=+lunp6Lr9m&~+N zta=>hJXz?QCpLF82+Fk6-pO%?ZdZSwCdgFohDRMl3!CXOG@4d zT%LEXb!nhzDho?mq;I>4W#16|Z0n$%q!pJ^Mk&wxdcW6iJ6027S>y^hF{+tDnwx`( zK2F5Q51%{+ZBmk2#}QUA=MOy%eVGtw+Fy(#%lX%;YD2ovwerV<2}5|o?%lDk^75nE z>-%PhsnzPs@@i|yV*tn&>uG-ytny@`!ykxWP$eozj>aZgXwD~KWZ}6xigR5fFOdVD zcNaJT_@Ml=pl1NE9VsWzvUh{ym~$d+Abk7Np;yzX!X?m`+5Uupg&y5u6p)z?T?qA; zv;2t}!IA<(<9CuLOPB=7=T@KpcFK0G3VQJrhq?#D{VdEkhxQ|}SIUmWLKZl6*2fbQJyd}gzNk5THwW&6LA~B7-MfU6C%GB$Zbq8Z>GJ|&NcoRIRUyarf(BQo3 z+}=f_UQy`|@5PTgxAE(XA>b4Y#aWTWR49I5INsJLC1|VblOYLji9M)R&NGRZf#&hL znu$y+KdoMf-mw}pCb6}Z)7P{B%ey7>oZIzh+8bp7iGvo%#{U3tW4)epJ^UND9@{l( z0?#LZrr*bvk~fNpDB?p*JrgpoXR1_A_2-DRDumRhWEc zudjqECCU-1BPNkfCy&kIe(|5^p%L95y3pCzsMTS=GX}0-dqV76@mlCQ#zkA z%;eT38!vxbOA&2PTD1=vJDp?oX(KXhLMii&u;+d~QoU2VnBKXtTy>RUia83;JZoqF ztlbDel&fy`YQiWTCAb;SmqG?ab%IV1_LXxkS+cg~%8zv&5_`(e#$t-vUz9o*IPH?< zaF&)Jm%WlWQOp*<%5l!n$WXKtP(`~JL#-XSJVR=Ih9DVd9rhb0sn5dqcKsc{<-EJ_ zFuX3)O6?D&!}GQ-<=tW0H=C?co&UI{X|MQ-wVTA8eg}-^tngj)pDmiKH4|9bSFGC8 z3dOIvi%}X}ymIM{vA7SG;+Q5Ojw=$Z zD<2na46tdF8(SXZvMAf`7k&6VkWv@m4=)g-yW;6?%}tZ3CO=mHQK(Um{wJl=Rm^VZ zIMD*dL;AB$ZvnY%9PL2VvP3Rnd~3$A#4o}*DYSdmARIvK!Bu5v1-Vr?H(j0eccz&d znL!@&uRKgaH3f)nTX)#b)5SADi6yp?$?ars!fZ6gO*1B(3euu4zF3b35AF5;$O-ll z@!S34;rS$ebjTqTJ;C{i!C7_rHZEV^NcB#ft7KovWWjRdX@3uA6Rc{4W)NcE zP@@Awu#M+uTUE5L+eT!U(X+@7>>x;Yf$)9f+Tca|gXRV+#KHXq0Uvb0bTJc*Ipy

se8GbVw_fYrM3h zm*EgkQABWl)AK8OvQb<8=+~c8)m|H!;yc9$mNdN!t~B%}6+9r}p)#wSH@&aDH1K|> zDQh@0@wGR?>(3AbVH2uM{I<{5-%p&3P(IX=n{>h8j$(c=YE&O5bvyat0%XSm}Sp!sGp97JU z2HCBGuQ%ZNXhf32Eu`uY%!G)ayZ<76<3vHp=9)H!AxGSgq-%+wZA~*Kt!0M-7vVBu zOB2ICFh>D%KlPhiT?Y+^k{kgo86@acD|Ht2_*Y;9N45cfCUC|06paza zq46+qXo8kq7ot>99R?%%9LblN$_K8z0gT>v3GAN0PAC?BTHWR6{<|u;8 zJ$I^qldVSc$-AemESoo`AN7x~C>BrojX@Yf9HaH(%r3j95TVdu&lfM2$aD;UCjmT- zcuaz=r^Bm|7Nf7`VuQPb^=|v$3P_hg%%kfWl{8gLc|UB9H;X>J+9;qTGyf+%U6_+E zwp=aRD`~rsUt8=a=r5aPD8JA2R-2XkamLpC-bs~3NWfT+U9LHkRF$J$Va*fjIJPf0 zg6^ayaTxC{$|Ki@ZEI0Pd+?h;5R{BfaZ#M$VHpRT0KfQjM;ZiPH!cQXymSx;&XeJl zxL)uaqPP=YB7Ip3e#R@?v7|mrsY(64rG`tsS!>k}6icNb|B3v{uYVpP)+98=KYN73 zMY$)cqvWU%H6c)D*=qxpFqmfFP9r(^D}@ebK!anRk>Ynt{69DKHT#{*@&U2%*DcjE8A-&1Pw~E(t0syeh5IW@I_+2e(~=BnJrvhEkGE zn1u_4qX(3DmQ=Orzpr}bSq@{|2Yh^jrSm>3LkZ{Ks^v8(pP#j|ZiWXTF5148^~XB0 zXBDUDDNlVLYlT}WG_JQrAR3dQjO|U0St%qZ|J%Ul@3e}~#uR@Pp^yD-G@U@ZRCN8c z>8Il`=?IuTxfGR^MDJlnTIk?boT+ z6m9dC)#zY*=ojKf3EmJ;W$0!0{8(8cP7Bmu=wKnK9Bpv3)bvDed(YI;whz%jQEnQY zD~a90BApu;`P`SD%$pEAkN>TKk`i+|FaEhyWFr5Yr26l3Mc)|o+6+a(#AQ|N&)6gr zoeP7*{$qY*huq~R7gKYx)^v0xTzb@x*04Vsjd2z$i3Arw68oP;JoJ`+~C9ynIUteXhelwJ7WX3bw`LezCPS}+N*kY<9j z%XRjoQkhuA4-l4QwpzBTF)%F*8bydjQ4I?444TY?S}3Agw3NrsEf2#kVx4vh7U?aU zx$hrRtRBFFi!YZj9{^|BGs%M3!F&Pc0K1(!Nx!e>&z_UR1l4{s&`s5+;|dI+n6i(P4n4%1ylzMEEG; z+8m?5D5R2`<7q7v@y+donYq9 z;z^r2!FB$}NoR?(D62iVB)mZNmKgW4LYB79wLR0iV`*xyY*ng#JY(~%$Enlj!z#=7 zb~dyUN<}vuz-`CAT@UYe_TBDv+K?_QQi;sH6@FiqfJ?-*>Cz?3Z9Lf^%-zWlK6z?m z&v1E6`jutV6#kondXa{EjIga3FV3wXEzcL~ZKls4ed`mfXIEZWwSy#o@}11*MDK-5 z3(Yq0?9)VI#`Mf$6C#a%q(S&P8>jKk4Yb>+W(*_lrRLAe#1x z@zlq@Cfz;R0@2wEN&Qhh-|3ZsLF)o4O+!{DnF4A9z}_T1-)LfUCHpstzX-zgyssX! z?y#4|eO^@Sf}NmUan_WV1y22y|GY%yYiT~H1{x4h@x(1m zkn^DHK?NKRF6saMO9UU^4Zo-JPr4-w`Ynt|w_3!fo=lo^0aels5_QH2mSk5V$4u)u z?#75JB)lD`?L-R*gJZL*0Xx{3S2oT$47>sa=oR_wrMZ{5D2{-`pL|a! z_PU+Ne&CqPPpsUc`7?qE+6wi?APxh^04;v3_nI*4!#xG8za5vtvZ&<^z`a1gz`#*T zqfefp9wYz)0b)Gr)FFv{kZ3x*+wpf~Si+vL(!(0l_2ay=j>f=vvY;d@rFEMiVfDSS zj9W7!@?vfJ7QRJ};&^}-RCmbdC48CKf?XFm_zyLt67$-Nl7s!_^M)5YS@@zCyt%QC zJubP6HD?3tVBStn+x@V3FYAm9!fQ8w4%K5bGbFXtf@|TM6budg%EM&^^5xAmjDMtY z5;)4ByVz#0;d>6HvK8CcOY+gu+>VJ9w+#1-HKTNZy-d*RXwW2Ax-jZ95TT+|O$6xf z(5YhhN(xaw3g5{j-oFtF^}ZxQbL-G)4Q}PqsfUV|o0xB>U)O~1Ta8xSE$>#|c;Ruz zN}6clmTK@A)tBY@Kb23FvBd7+cu5eeE!l3R5pF-O2cp&&>VIWXxkC|2me{aO7MG~8 z`Wk=1jmTeRfA$-8;QgzBtJ3Lw`1%GJ z_KU_lCF(8i^%`f#j*+VBbQZR}qAL;)n=ax=z9I)~F9DPHf<2t=h|FX-&}5MQ)(aAxxm0QD4uCdo@T_+OC`#=N3;lJIDBCTAwmiu zW~+lo?`rMEDzfiI@ecb7IfSD&JeE}4PT);sz?`cg;n!_kW+V4J9-Nt?+dV;o+b#8r zqC42yvRDxo<+D;&z)T4)2mYnu>g=1QZ10Z5A@Oo^6-@nR+~T{w;jbPvKlW3q_4&o| z30lN@PE2wd$^{^nrq!W6Ah@pw&fNWo*h=J=)Qr7g>wW9d_Z4@y2MD+E5UV&0S6^GI z>+9#?x{nWiLS$q#n17k>wzE1C@SCD=W5P{Y=Psw47aw*4~Qk9B+>N|0eq{&FeDpUoay=YRPgqIsh{t%Ds{#{>tCsJy%#o;s_4GAS9yfYpsb z{Cm*ytZ-p`fa}1|=QY*JI6LF5fF*!1My1Hbm8f(RLHB2*;|3_J6eXrg@$@36C@gqX z>3R?%Og?CJbxnU;2I?zY_eF=d4RTLz5JT$2;vF(kdg<%n(~s-TE=u9@)?e)y#9Il9;Vu4Yzaj_Pok}a%-Kj+4vz9mROsmLM4*li}SJ21DIK)33*uQ^Y z#A|NEIwONsBQ!qhWfy+gDdrO+8BSE6xiScPMY#*{&hjs0IyIPhj_VG4mB&7iMXYW( z$)p@UUbCX2r!^EAjS-k+u-hyT_|0AQuep>gUd844`x6tvy1m z)Mg*&3}{*ARA#_RT}Jjy$Bi#^3Lr#^OvtT{m?@1~o~TmJfO+1M*hKob({+WRA3)7p z8u%|0`^#FIuiKO8^O4kpUBTx2HwQMG2-ug?5-3G|Ia)bueFq@OFrwmOfGPL3h*-o} z>bn0OJSxmZ#;V$6f4M|XAXagxp3T~~E*jBqYW@7R5nUDS%+H1{hD}oH+|!fSNQTZv zq)My7kF(Q@Jib(~Rm#@OQj$%>12IJgj}sr{{V`n~Lzk23v@eH#=HOWZo3WR(Sf2FS zGu7y0lsdslH%{}gu9qW!chr`P&rP2FTea8Dn0&Mg0~zZLQbM$4fecE{iOfdvdv1x$ zdnSM%AiEW zQ>fBU$Fx~SL#OlvSE=c{_K(V>sDtcUdaq*pt$T6LGMPAwoY;KK4SxQ^9Kkqq1;w~0 zqFWk@aSTd)|4mX!X2{Sf-Q{2HK~`dVk;dnjmf#D1MsTmY?nn1akG?eVcEVWn0HU(l zL#8h$CGU3PlOzzpQ}ByVs&&mB<{=+YKIY)wuqhUO9HZu!UPbmwaSS_ND{3?72gSjK z(YB!z|C9Xhmi*u8xIk(2y`vBM`zBZPptvmqC3IaSz>i`7vj11%|3l)F{44#Rwxo@SHs11T$0%80bq$ MPEEF4+T_!J0YMX48UO$Q diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/0002-arm-trusted-firmware-m-disable-address-warnings-into.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/0002-arm-trusted-firmware-m-disable-address-warnings-into.patch new file mode 100644 index 00000000..1f19f55c --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/0002-arm-trusted-firmware-m-disable-address-warnings-into.patch @@ -0,0 +1,26 @@ +From 961d2e3718e9e6d652cadf5b4d3597cfe822dd04 Mon Sep 17 00:00:00 2001 +From: Ali Can Ozaslan +Date: Wed, 24 Jan 2024 16:10:08 +0000 +Subject: [PATCH] arm/trusted-firmware-m: disable address warnings into an + error + +Signed-off-by: Emekcan Aras +Signed-off-by: Ali Can Ozaslan +Upstream-Status: Inappropriate + +--- + toolchain_GNUARM.cmake | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/toolchain_GNUARM.cmake b/toolchain_GNUARM.cmake +index b6ae50ec3..4c2f5b3d7 100644 +--- a/toolchain_GNUARM.cmake ++++ b/toolchain_GNUARM.cmake +@@ -111,6 +111,7 @@ add_compile_options( + -Wno-format + -Wno-return-type + -Wno-unused-but-set-variable ++ -Wno-error=address + -c + -fdata-sections + -ffunction-sections diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-corstone1000-Increase-BL2-size-in-flash-lay.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-corstone1000-Increase-BL2-size-in-flash-lay.patch deleted file mode 100644 index 4f00ea28..00000000 --- a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-corstone1000-Increase-BL2-size-in-flash-lay.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 60598f3b44237bd5038e33400e749ec1e7e8fbda Mon Sep 17 00:00:00 2001 -From: Emekcan Aras -Date: Mon, 15 May 2023 10:42:23 +0100 -Subject: [PATCH] Platform: corstone1000: Increase BL2 size in flash layout - -Increases BL2 size to align with the flash page size in corstone1000. - -Signed-off-by: Emekcan Aras -Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/24103] - ---- - platform/ext/target/arm/corstone1000/partition/flash_layout.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/platform/ext/target/arm/corstone1000/partition/flash_layout.h b/platform/ext/target/arm/corstone1000/partition/flash_layout.h -index 41b4c6323f..bfe8c4fb3c 100644 ---- a/platform/ext/target/arm/corstone1000/partition/flash_layout.h -+++ b/platform/ext/target/arm/corstone1000/partition/flash_layout.h -@@ -89,7 +89,7 @@ - #endif - - /* Static Configurations of the Flash */ --#define SE_BL2_PARTITION_SIZE (0x18800) /* 98 KB */ -+#define SE_BL2_PARTITION_SIZE (0x19000) /* 98 KB */ - #define SE_BL2_BANK_0_OFFSET (0x9000) /* 72nd LBA */ - #define SE_BL2_BANK_1_OFFSET (0x1002000) /* 32784th LBA */ - diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-platform-corstone1000-Update-MPU-configuration.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-platform-corstone1000-Update-MPU-configuration.patch new file mode 100644 index 00000000..25e53b56 --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-platform-corstone1000-Update-MPU-configuration.patch @@ -0,0 +1,274 @@ +From eb096e4c03b80f9f31e5d15ca06e5a38e4112664 Mon Sep 17 00:00:00 2001 +From: Bence Balogh +Date: Tue, 7 Nov 2023 20:25:49 +0100 +Subject: [PATCH 1/2] platform: corstone1000: Update MPU configuration + +In Armv6-M the MPU requires the regions to be aligned with +region sizes. +The commit aligns the different code/data sections using the +alignment macros. The code/data sections can be covered by +multiple MPU regions in order to save memory. + +Small adjustments had to be made in the memory layout in order to +not overflow the flash: +- Decreased TFM_PARTITION_SIZE +- Increased S_UNPRIV_DATA_SIZE + +Added checks to the MPU configuration function for checking the +MPU constraints: +- Base address has to be aligned to the size +- The minimum MPU region size is 0x100 +- The MPU can have 8 regions at most + +Change-Id: I059468e8aba0822bb354fd1cd4987ac2bb1f34d1 +Signed-off-by: Bence Balogh +Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/25393] + +--- + .../target/arm/corstone1000/CMakeLists.txt | 19 +++++ + .../arm/corstone1000/create-flash-image.sh | 8 +- + .../arm/corstone1000/partition/flash_layout.h | 2 +- + .../arm/corstone1000/partition/region_defs.h | 6 +- + .../arm/corstone1000/tfm_hal_isolation.c | 83 +++++++++++++++---- + 5 files changed, 93 insertions(+), 25 deletions(-) + +diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt +index e6cf15b11..8817f514c 100644 +--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt ++++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt +@@ -22,6 +22,25 @@ target_compile_definitions(platform_region_defs + INTERFACE + $<$:TFM_S_REG_TEST> + ) ++ ++# The Armv6-M MPU requires that the MPU regions be aligned to the region sizes. ++# The minimal region size is 0x100 bytes. ++# ++# The alignments have to be a power of two and ideally bigger than the section size (which ++# can be checked in the map file). ++# In some cases the alignment value is smaller than the actual section ++# size to save memory. In that case, multiple MPU region has to be configured to cover it. ++# ++# To save memory, the attributes are set to XN_EXEC_OK and AP_RO_PRIV_UNPRIV for ++# the SRAM so the PSA_ROT_LINKER_CODE, TFM_UNPRIV_CODE and APP_ROT_LINKER_CODE don't have to ++# be aligned. The higher-priority regions will overwrite these attributes if needed. ++# The RAM is also located in the SRAM so it has to be configured to overwrite these default ++# attributes. ++target_compile_definitions(platform_region_defs ++ INTERFACE ++ TFM_LINKER_APP_ROT_LINKER_DATA_ALIGNMENT=0x2000 ++ TFM_LINKER_SP_META_PTR_ALIGNMENT=0x100 ++) + #========================= Platform common defs ===============================# + + # Specify the location of platform specific build dependencies. +diff --git a/platform/ext/target/arm/corstone1000/create-flash-image.sh b/platform/ext/target/arm/corstone1000/create-flash-image.sh +index 2522d3674..a6be61384 100755 +--- a/platform/ext/target/arm/corstone1000/create-flash-image.sh ++++ b/platform/ext/target/arm/corstone1000/create-flash-image.sh +@@ -8,7 +8,7 @@ + + ###################################################################### + # This script is to create a flash gpt image for corstone platform +-# ++# + # Flash image layout: + # |------------------------------| + # | Protective MBR | +@@ -82,15 +82,15 @@ sgdisk --mbrtogpt \ + --new=4:56:+4K --typecode=4:$PRIVATE_METADATA_TYPE_UUID --partition-guid=4:$(uuidgen) --change-name=4:'private_metadata_replica_1' \ + --new=5:64:+4k --typecode=5:$PRIVATE_METADATA_TYPE_UUID --partition-guid=5:$(uuidgen) --change-name=5:'private_metadata_replica_2' \ + --new=6:72:+100k --typecode=6:$SE_BL2_TYPE_UUID --partition-guid=6:$(uuidgen) --change-name=6:'bl2_primary' \ +- --new=7:272:+376K --typecode=7:$TFM_TYPE_UUID --partition-guid=7:$(uuidgen) --change-name=7:'tfm_primary' \ ++ --new=7:272:+368K --typecode=7:$TFM_TYPE_UUID --partition-guid=7:$(uuidgen) --change-name=7:'tfm_primary' \ + --new=8:32784:+100k --typecode=8:$SE_BL2_TYPE_UUID --partition-guid=8:$(uuidgen) --change-name=8:'bl2_secondary' \ +- --new=9:32984:+376K --typecode=9:$TFM_TYPE_UUID --partition-guid=9:$(uuidgen) --change-name=9:'tfm_secondary' \ ++ --new=9:32984:+368K --typecode=9:$TFM_TYPE_UUID --partition-guid=9:$(uuidgen) --change-name=9:'tfm_secondary' \ + --new=10:65496:65501 --partition-guid=10:$(uuidgen) --change-name=10:'reserved_2' \ + $IMAGE + + [ $? -ne 0 ] && echo "Error occurs while writing the GPT layout" && exit 1 + +-# Write partitions ++# Write partitions + # conv=notrunc avoids truncation to keep the geometry of the image. + dd if=$BIN_DIR/bl2_signed.bin of=${IMAGE} seek=72 conv=notrunc + dd if=$BIN_DIR/tfm_s_signed.bin of=${IMAGE} seek=272 conv=notrunc +diff --git a/platform/ext/target/arm/corstone1000/partition/flash_layout.h b/platform/ext/target/arm/corstone1000/partition/flash_layout.h +index 568c8de28..7fffd94c6 100644 +--- a/platform/ext/target/arm/corstone1000/partition/flash_layout.h ++++ b/platform/ext/target/arm/corstone1000/partition/flash_layout.h +@@ -134,7 +134,7 @@ + + /* Bank configurations */ + #define BANK_PARTITION_SIZE (0xFE0000) /* 15.875 MB */ +-#define TFM_PARTITION_SIZE (0x5E000) /* 376 KB */ ++#define TFM_PARTITION_SIZE (0x5C000) /* 368 KB */ + + /************************************************************/ + /* Bank : Images flash offsets are with respect to the bank */ +diff --git a/platform/ext/target/arm/corstone1000/partition/region_defs.h b/platform/ext/target/arm/corstone1000/partition/region_defs.h +index 99e822f51..64ab786e5 100644 +--- a/platform/ext/target/arm/corstone1000/partition/region_defs.h ++++ b/platform/ext/target/arm/corstone1000/partition/region_defs.h +@@ -1,8 +1,10 @@ + /* +- * Copyright (c) 2017-2022 Arm Limited. All rights reserved. ++ * Copyright (c) 2017-2023 Arm Limited. All rights reserved. + * Copyright (c) 2021-2023 Cypress Semiconductor Corporation (an Infineon company) + * or an affiliate of Cypress Semiconductor Corporation. All rights reserved. + * ++ * SPDX-License-Identifier: Apache-2.0 ++ * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at +@@ -53,7 +55,7 @@ + + #define S_DATA_START (SRAM_BASE + TFM_PARTITION_SIZE) + #define S_DATA_SIZE (SRAM_SIZE - TFM_PARTITION_SIZE) +-#define S_UNPRIV_DATA_SIZE (0x2160) ++#define S_UNPRIV_DATA_SIZE (0x4000) + #define S_DATA_LIMIT (S_DATA_START + S_DATA_SIZE - 1) + #define S_DATA_PRIV_START (S_DATA_START + S_UNPRIV_DATA_SIZE) + +diff --git a/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c b/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c +index 01f7687bc..98e795dde 100644 +--- a/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c ++++ b/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2020-2022, Arm Limited. All rights reserved. ++ * Copyright (c) 2020-2023, Arm Limited. All rights reserved. + * Copyright (c) 2022 Cypress Semiconductor Corporation (an Infineon + * company) or an affiliate of Cypress Semiconductor Corporation. All rights + * reserved. +@@ -14,9 +14,11 @@ + #include "tfm_hal_isolation.h" + #include "mpu_config.h" + #include "mmio_defs.h" ++#include "flash_layout.h" + + #define PROT_BOUNDARY_VAL \ + ((1U << HANDLE_ATTR_PRIV_POS) & HANDLE_ATTR_PRIV_MASK) ++#define MPU_REGION_MIN_SIZE (0x100) + + #ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT + +@@ -31,20 +33,38 @@ REGION_DECLARE(Image$$, TFM_SP_META_PTR, $$ZI$$Base); + REGION_DECLARE(Image$$, TFM_SP_META_PTR, $$ZI$$Limit); + #endif /* CONFIG_TFM_PARTITION_META */ + +-static void configure_mpu(uint32_t rnr, uint32_t base, uint32_t limit, +- uint32_t is_xn_exec, uint32_t ap_permissions) ++static enum tfm_hal_status_t configure_mpu(uint32_t rnr, uint32_t base, ++ uint32_t limit, uint32_t is_xn_exec, uint32_t ap_permissions) + { +- uint32_t size; /* region size */ ++ uint32_t rbar_size_field; /* region size as it is used in the RBAR */ + uint32_t rasr; /* region attribute and size register */ + uint32_t rbar; /* region base address register */ + +- size = get_rbar_size_field(limit - base); ++ rbar_size_field = get_rbar_size_field(limit - base); ++ ++ /* The MPU region's base address has to be aligned to the region ++ * size for a valid MPU configuration */ ++ if ((base % (1 << (rbar_size_field + 1))) != 0) { ++ return TFM_HAL_ERROR_INVALID_INPUT; ++ } ++ ++ /* The MPU supports only 8 memory regions */ ++ if (rnr > 7) { ++ return TFM_HAL_ERROR_INVALID_INPUT; ++ } ++ ++ /* The minimum size for a region is 0x100 bytes */ ++ if((limit - base) < MPU_REGION_MIN_SIZE) { ++ return TFM_HAL_ERROR_INVALID_INPUT; ++ } + + rasr = ARM_MPU_RASR(is_xn_exec, ap_permissions, TEX, NOT_SHAREABLE, +- NOT_CACHEABLE, NOT_BUFFERABLE, SUB_REGION_DISABLE, size); ++ NOT_CACHEABLE, NOT_BUFFERABLE, SUB_REGION_DISABLE, rbar_size_field); + rbar = base & MPU_RBAR_ADDR_Msk; + + ARM_MPU_SetRegionEx(rnr, rbar, rasr); ++ ++ return TFM_HAL_SUCCESS; + } + + #endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */ +@@ -56,33 +76,60 @@ enum tfm_hal_status_t tfm_hal_set_up_static_boundaries( + uint32_t rnr = TFM_ISOLATION_REGION_START_NUMBER; /* current region number */ + uint32_t base; /* start address */ + uint32_t limit; /* end address */ ++ enum tfm_hal_status_t ret; + + ARM_MPU_Disable(); + +- /* TFM Core unprivileged code region */ +- base = (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE_START, $$RO$$Base); +- limit = (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE_END, $$RO$$Limit); +- +- configure_mpu(rnr++, base, limit, XN_EXEC_OK, AP_RO_PRIV_UNPRIV); +- +- /* RO region */ +- base = (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base); +- limit = (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base); ++ /* Armv6-M MPU allows region overlapping. The region with the higher RNR ++ * will decide the attributes. ++ * ++ * The default attributes are set to XN_EXEC_OK and AP_RO_PRIV_UNPRIV for the ++ * whole SRAM so the PSA_ROT_LINKER_CODE, TFM_UNPRIV_CODE and APP_ROT_LINKER_CODE ++ * don't have to be aligned and memory space can be saved. ++ * This region has the lowest RNR so the next regions can overwrite these ++ * attributes if it's needed. ++ */ ++ base = SRAM_BASE; ++ limit = SRAM_BASE + SRAM_SIZE; ++ ++ ret = configure_mpu(rnr++, base, limit, ++ XN_EXEC_OK, AP_RW_PRIV_UNPRIV); ++ if (ret != TFM_HAL_SUCCESS) { ++ return ret; ++ } + +- configure_mpu(rnr++, base, limit, XN_EXEC_OK, AP_RO_PRIV_UNPRIV); + + /* RW, ZI and stack as one region */ + base = (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base); + limit = (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base); + +- configure_mpu(rnr++, base, limit, XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV); ++ /* The section size can be bigger than the alignment size, else the code would ++ * not fit into the memory. Because of this, the sections can use multiple MPU ++ * regions. */ ++ do { ++ ret = configure_mpu(rnr++, base, base + TFM_LINKER_APP_ROT_LINKER_DATA_ALIGNMENT, ++ XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV); ++ if (ret != TFM_HAL_SUCCESS) { ++ return ret; ++ } ++ base += TFM_LINKER_APP_ROT_LINKER_DATA_ALIGNMENT; ++ } while (base < limit); ++ + + #ifdef CONFIG_TFM_PARTITION_META + /* TFM partition metadata pointer region */ + base = (uint32_t)®ION_NAME(Image$$, TFM_SP_META_PTR, $$ZI$$Base); + limit = (uint32_t)®ION_NAME(Image$$, TFM_SP_META_PTR, $$ZI$$Limit); + +- configure_mpu(rnr++, base, limit, XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV); ++ do { ++ ret = configure_mpu(rnr++, base, base + TFM_LINKER_SP_META_PTR_ALIGNMENT, ++ XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV); ++ if (ret != TFM_HAL_SUCCESS) { ++ return ret; ++ } ++ base += TFM_LINKER_SP_META_PTR_ALIGNMENT; ++ } while (base < limit); ++ + #endif + + arm_mpu_enable(); diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-Platform-Corstone1000-Increase-BL2_DATA_SIZE.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-Platform-Corstone1000-Increase-BL2_DATA_SIZE.patch deleted file mode 100644 index 6bbd66fd..00000000 --- a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-Platform-Corstone1000-Increase-BL2_DATA_SIZE.patch +++ /dev/null @@ -1,31 +0,0 @@ -From b05fb661b3afc3ed8e3d4817df2798e9d4877b39 Mon Sep 17 00:00:00 2001 -From: Emekcan Aras -Date: Mon, 15 May 2023 10:46:18 +0100 -Subject: [PATCH] Platform: Corstone1000: Increase BL2_DATA_SIZE - -Increases BL2_DATA_SIZE to accommodate the changes in -metadata_write/read. - -Signed-off-by: Emekcan Aras -Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/24103] - ---- - platform/ext/target/arm/corstone1000/partition/region_defs.h | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/platform/ext/target/arm/corstone1000/partition/region_defs.h b/platform/ext/target/arm/corstone1000/partition/region_defs.h -index abfac39b62..e7f0bad2ba 100644 ---- a/platform/ext/target/arm/corstone1000/partition/region_defs.h -+++ b/platform/ext/target/arm/corstone1000/partition/region_defs.h -@@ -90,9 +90,10 @@ - #define BL2_CODE_SIZE (IMAGE_BL2_CODE_SIZE) - #define BL2_CODE_LIMIT (BL2_CODE_START + BL2_CODE_SIZE - 1) - -+#define BL2_DATA_ADDITIONAL 448 /* To increase the BL2_DATA_SIZE more than the default value */ - #define BL2_DATA_START (BOOT_TFM_SHARED_DATA_BASE + \ - BOOT_TFM_SHARED_DATA_SIZE) --#define BL2_DATA_SIZE (BL2_CODE_START - BL2_HEADER_SIZE - BL2_DATA_START) -+#define BL2_DATA_SIZE (BL2_CODE_START - BL2_HEADER_SIZE - BL2_DATA_START + BL2_DATA_ADDITIONAL) - #define BL2_DATA_LIMIT (BL2_DATA_START + BL2_DATA_SIZE - 1) - - /* SE BL1 regions */ diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-platform-corstone1000-Cover-S_DATA-with-MPU.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-platform-corstone1000-Cover-S_DATA-with-MPU.patch new file mode 100644 index 00000000..6676acf8 --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-platform-corstone1000-Cover-S_DATA-with-MPU.patch @@ -0,0 +1,76 @@ +From ca7696bca357cfd71a34582c65a7c7c08828b6dc Mon Sep 17 00:00:00 2001 +From: Bence Balogh +Date: Mon, 18 Dec 2023 14:00:14 +0100 +Subject: [PATCH 2/2] platform: corstone1000: Cover S_DATA with MPU + +The S_DATA has to be covered with MPU regions to override the +other MPU regions with smaller RNR values. + +Change-Id: I45fec65f51241939314941e25d287e6fdc82777c +Signed-off-by: Bence Balogh +Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/25583] + +--- + .../target/arm/corstone1000/CMakeLists.txt | 8 +++++++ + .../arm/corstone1000/tfm_hal_isolation.c | 22 +++++++++++++++++++ + 2 files changed, 30 insertions(+) + +diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt +index 8817f514c..541504368 100644 +--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt ++++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt +@@ -40,6 +40,14 @@ target_compile_definitions(platform_region_defs + INTERFACE + TFM_LINKER_APP_ROT_LINKER_DATA_ALIGNMENT=0x2000 + TFM_LINKER_SP_META_PTR_ALIGNMENT=0x100 ++ ++ # The RAM MPU Region block sizes are calculated manually. The RAM has to be covered ++ # with the MPU regions. These regions also have to be the power of 2 and ++ # the start addresses have to be aligned to these sizes. The sizes can be calculated ++ # from the S_DATA_START and S_DATA_SIZE defines. ++ RAM_MPU_REGION_BLOCK_1_SIZE=0x4000 ++ RAM_MPU_REGION_BLOCK_2_SIZE=0x20000 ++ + ) + #========================= Platform common defs ===============================# + +diff --git a/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c b/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c +index 98e795dde..39b19c535 100644 +--- a/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c ++++ b/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c +@@ -15,6 +15,7 @@ + #include "mpu_config.h" + #include "mmio_defs.h" + #include "flash_layout.h" ++#include "region_defs.h" + + #define PROT_BOUNDARY_VAL \ + ((1U << HANDLE_ATTR_PRIV_POS) & HANDLE_ATTR_PRIV_MASK) +@@ -132,6 +133,27 @@ enum tfm_hal_status_t tfm_hal_set_up_static_boundaries( + + #endif + ++ /* Set the RAM attributes. It is needed because the first region overlaps the whole ++ * SRAM and it has to be overridden. ++ * The RAM_MPU_REGION_BLOCK_1_SIZE and RAM_MPU_REGION_BLOCK_2_SIZE are calculated manually ++ * and added to the platform_region_defs compile definitions. ++ */ ++ base = S_DATA_START; ++ limit = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE; ++ ret = configure_mpu(rnr++, base, limit, ++ XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV); ++ if (ret != TFM_HAL_SUCCESS) { ++ return ret; ++ } ++ ++ base = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE; ++ limit = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE + RAM_MPU_REGION_BLOCK_2_SIZE; ++ ret = configure_mpu(rnr++, base, limit, ++ XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV); ++ if (ret != TFM_HAL_SUCCESS) { ++ return ret; ++ } ++ + arm_mpu_enable(); + + #endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */ diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-Corstone1000-Calculate-the-new-CRC32-value-.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-Corstone1000-Calculate-the-new-CRC32-value-.patch deleted file mode 100644 index 7a07c0c1..00000000 --- a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-Corstone1000-Calculate-the-new-CRC32-value-.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 88cfce2e04913d48ec8636b6a3550d71ebdd49c4 Mon Sep 17 00:00:00 2001 -From: Emekcan Aras -Date: Mon, 15 May 2023 10:47:27 +0100 -Subject: [PATCH] Platform: Corstone1000: Calculate the new CRC32 value after - changing the metadata - -Calculates the new CRC32 value for the metadata struct after chaing a value -during the capsule update. It also updates the CRC32 field in the metadata -so it doesn't fail the CRC check after a succesfull capsule update. -It also skips doing a sanity check the BL2 nv counter after the capsule -update since the tfm bl1 does not sync metadata and nv counters in OTP during -the boot anymore. - -Signed-off-by: Emekcan Aras -Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/24104/7] - ---- - .../arm/corstone1000/fw_update_agent/fwu_agent.c | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c -index afd8d66e42..f564f2902c 100644 ---- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c -+++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c -@@ -802,6 +802,8 @@ static enum fwu_agent_error_t flash_full_capsule( - } - metadata->active_index = previous_active_index; - metadata->previous_active_index = active_index; -+ metadata->crc_32 = crc32((uint8_t *)&metadata->version, -+ sizeof(struct fwu_metadata) - sizeof(uint32_t)); - - ret = metadata_write(metadata); - if (ret) { -@@ -913,6 +915,8 @@ static enum fwu_agent_error_t accept_full_capsule( - if (ret) { - return ret; - } -+ metadata->crc_32 = crc32((uint8_t *)&metadata->version, -+ sizeof(struct fwu_metadata) - sizeof(uint32_t)); - - ret = metadata_write(metadata); - if (ret) { -@@ -1007,6 +1011,8 @@ static enum fwu_agent_error_t fwu_select_previous( - if (ret) { - return ret; - } -+ metadata->crc_32 = crc32((uint8_t *)&metadata->version, -+ sizeof(struct fwu_metadata) - sizeof(uint32_t)); - - ret = metadata_write(metadata); - if (ret) { -@@ -1119,8 +1125,7 @@ static enum fwu_agent_error_t update_nv_counters( - - FWU_LOG_MSG("%s: enter\n\r", __func__); - -- for (int i = 0; i <= FWU_MAX_NV_COUNTER_INDEX; i++) { -- -+ for (int i = 1; i <= FWU_MAX_NV_COUNTER_INDEX; i++) { - switch (i) { - case FWU_BL2_NV_COUNTER: - tfm_nv_counter_i = PLAT_NV_COUNTER_BL1_0; -@@ -1141,7 +1146,6 @@ static enum fwu_agent_error_t update_nv_counters( - if (err != TFM_PLAT_ERR_SUCCESS) { - return FWU_AGENT_ERROR; - } -- - if (priv_metadata->nv_counter[i] < security_cnt) { - return FWU_AGENT_ERROR; - } else if (priv_metadata->nv_counter[i] > security_cnt) { diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-corstone1000-Fix-issues-due-to-adjustment-M.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-corstone1000-Fix-issues-due-to-adjustment-M.patch new file mode 100644 index 00000000..23609921 --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-corstone1000-Fix-issues-due-to-adjustment-M.patch @@ -0,0 +1,76 @@ +From f7b58b5ba5b48e071eb360c1bcfc4d31290a77c1 Mon Sep 17 00:00:00 2001 +From: Ali Can Ozaslan +Date: Tue, 5 Mar 2024 21:01:59 +0000 +Subject: [PATCH] Platform:corstone1000:Fix issues due to adjustment Mailbox + Agent params + +Adjust Mailbox Agent API parameters patch changed memory check and +related parameters. As a result, platform-specific issues occurred. +Secure side client IDs are converted to negative values. Control +parameter is created. + +Signed-off-by: Bence Balogh +Signed-off-by: Emekcan Aras +Signed-off-by: Ali Can Ozaslan +Upstream-Status: Pending + +--- + .../tfm_spe_dual_core_psa_client_secure_lib.c | 23 +++++++++++++++---- + 1 file changed, 18 insertions(+), 5 deletions(-) + +diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c +index d2eabe144..39e11b8cd 100644 +--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c ++++ b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c +@@ -18,6 +18,9 @@ + #include "utilities.h" + #include "thread.h" + ++#define SE_PROXY_SP_UID 0 ++#define SMM_GW_SP_UID 0x8003 ++ + /** + * In linux environment and for psa_call type client api, + * the layout of the reply from tf-m to linux is as following. +@@ -174,7 +177,14 @@ static psa_status_t prepare_params_for_psa_call(struct client_params_t *params, + { + psa_status_t ret = PSA_SUCCESS; + +- params->ns_client_id_stateless = s_map_entry->msg.client_id; ++ if (s_map_entry->msg.client_id == SE_PROXY_SP_UID) { ++ params->ns_client_id_stateless = -1; ++ } ++ else if (s_map_entry->msg.client_id == SMM_GW_SP_UID) { ++ params->ns_client_id_stateless = -1 * s_map_entry->msg.client_id; ++ } else { ++ params->ns_client_id_stateless = s_map_entry->msg.client_id; ++ } + + params->p_outvecs = NULL; + ret = alloc_and_prepare_out_vecs(¶ms->p_outvecs, s_map_entry); +@@ -250,6 +260,9 @@ void deliver_msg_to_tfm_spe(void *private) + struct client_params_t params = {0}; + psa_status_t psa_ret = PSA_ERROR_GENERIC_ERROR; + unordered_map_entry_t* s_map_entry = (unordered_map_entry_t*)private; ++ uint32_t control = PARAM_PACK(s_map_entry->msg.params.psa_call_params.type, ++ s_map_entry->msg.params.psa_call_params.in_len, ++ s_map_entry->msg.params.psa_call_params.out_len); + + switch(s_map_entry->msg.call_type) { + case OPENAMP_PSA_FRAMEWORK_VERSION: +@@ -266,11 +279,11 @@ void deliver_msg_to_tfm_spe(void *private) + send_service_reply_to_non_secure(psa_ret, s_map_entry); + break; + } ++ control = PARAM_SET_NS_INVEC(control); ++ control = PARAM_SET_NS_OUTVEC(control); ++ control = PARAM_SET_NS_VEC(control); + psa_ret = tfm_rpc_psa_call(s_map_entry->msg.params.psa_call_params.handle, +- PARAM_PACK(s_map_entry->msg.params.psa_call_params.type, +- s_map_entry->msg.params.psa_call_params.in_len, +- s_map_entry->msg.params.psa_call_params.out_len), +- ¶ms, NULL); ++ control, ¶ms, NULL); + if (psa_ret != PSA_SUCCESS) { + send_service_reply_to_non_secure(psa_ret, s_map_entry); + break; diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-arm-trusted-firmware-m-disable-fatal-warnings.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-arm-trusted-firmware-m-disable-fatal-warnings.patch deleted file mode 100644 index 07db4f6d..00000000 --- a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-arm-trusted-firmware-m-disable-fatal-warnings.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 04ce07d289e8cec75223349e9ebf7e69126fc04d Mon Sep 17 00:00:00 2001 -From: Jon Mason -Date: Wed, 18 Jan 2023 15:13:37 -0500 -Subject: [PATCH] arm/trusted-firmware-m: disable fatal warnings - -Signed-off-by: Jon Mason -Upstream-Status: Inappropriate - ---- - toolchain_GNUARM.cmake | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/toolchain_GNUARM.cmake b/toolchain_GNUARM.cmake -index 7989718515..a5939323d6 100644 ---- a/toolchain_GNUARM.cmake -+++ b/toolchain_GNUARM.cmake -@@ -71,7 +71,6 @@ macro(tfm_toolchain_reset_linker_flags) - --entry=Reset_Handler - -specs=nano.specs - LINKER:-check-sections -- LINKER:-fatal-warnings - LINKER:--gc-sections - LINKER:--no-wchar-size-warning - ${MEMORY_USAGE_FLAG} diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0008-platform-corstone1000-align-capsule-update-structs.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-platform-corstone1000-align-capsule-update-structs.patch similarity index 100% rename from meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0008-platform-corstone1000-align-capsule-update-structs.patch rename to meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-platform-corstone1000-align-capsule-update-structs.patch diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-Platform-corstone1000-add-unique-firmware-GUID.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-Platform-corstone1000-add-unique-firmware-GUID.patch deleted file mode 100644 index e4eba624..00000000 --- a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-Platform-corstone1000-add-unique-firmware-GUID.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 3004fda909079ebebd62c495a4e49e64d6c8a85f Mon Sep 17 00:00:00 2001 -From: Anusmita Dutta Mazumder -Date: Tue, 8 Aug 2023 10:58:01 +0000 -Subject: [PATCH] Platform corstone1000 add unique firmware GUID - -Add unique Corstone-1000 firmware GUID - -Signed-off-by: Anusmita Dutta Mazumder -Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/24132/3] ---- - .../target/arm/corstone1000/fw_update_agent/fwu_agent.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c -index f564f2902c..9c31aeee9d 100644 ---- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c -+++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c -@@ -113,10 +113,10 @@ enum fwu_agent_state_t { - }; - - struct efi_guid full_capsule_image_guid = { -- .time_low = 0xe2bb9c06, -- .time_mid = 0x70e9, -- .time_hi_and_version = 0x4b14, -- .clock_seq_and_node = {0x97, 0xa3, 0x5a, 0x79, 0x13, 0x17, 0x6e, 0x3f} -+ .time_low = 0x989f3a4e, -+ .time_mid = 0x46e0, -+ .time_hi_and_version = 0x4cd0, -+ .clock_seq_and_node = {0x98, 0x77, 0xa2, 0x5c, 0x70, 0xc0, 0x13, 0x29} - }; - - --- -2.38.1 - diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0009-platform-corstone1000-fix-synchronization-issue-on-o.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-platform-corstone1000-fix-synchronization-issue-on-o.patch similarity index 100% rename from meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0009-platform-corstone1000-fix-synchronization-issue-on-o.patch rename to meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-platform-corstone1000-fix-synchronization-issue-on-o.patch diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-Enable-Signed-Capsule.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-Enable-Signed-Capsule.patch deleted file mode 100644 index f805a44d..00000000 --- a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-Enable-Signed-Capsule.patch +++ /dev/null @@ -1,102 +0,0 @@ -From fa0988fd876400dc1bb451fffc4b167265b40d25 Mon Sep 17 00:00:00 2001 -From: Emekcan Aras -Date: Thu, 14 Sep 2023 12:14:28 +0100 -Subject: [PATCH] Platform: Corstone1000: Enable Signed Capsule - -Enables signed capsule update and adjusts the necessary structs (fmp_payload_header -, image_auth, etc.) to comply with the new capsule generation tool (mkeficapsule). - -Signed-off-by: Emekcan Aras -Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/24131/3] ---- - .../fw_update_agent/uefi_capsule_parser.c | 25 +++++++++++-------- - .../fw_update_agent/uefi_capsule_parser.h | 2 ++ - 2 files changed, 17 insertions(+), 10 deletions(-) - -diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c -index b72ff1eb91..c706c040ac 100644 ---- a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c -+++ b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c -@@ -102,11 +102,9 @@ enum uefi_capsule_error_t uefi_capsule_retrieve_images(void* capsule_ptr, - } - - capsule_header = (efi_capsule_header_t*)ptr; -- ptr += sizeof(efi_capsule_header_t) + sizeof(uint32_t); -+ ptr += sizeof(efi_capsule_header_t); - fmp_capsule_header = (efi_firmware_management_capsule_header_t*)ptr; - -- fmp_payload_header = fmp_capsule_header + sizeof(*fmp_capsule_header); -- - total_size = capsule_header->capsule_image_size; - image_count = fmp_capsule_header->payload_item_count; - images_info->nr_image = image_count; -@@ -119,22 +117,20 @@ enum uefi_capsule_error_t uefi_capsule_retrieve_images(void* capsule_ptr, - } - - for (int i = 0; i < image_count; i++) { -- - image_header = (efi_firmware_management_capsule_image_header_t*)(ptr + - fmp_capsule_header->item_offset_list[i]); - - images_info->size[i] = image_header->update_image_size; -- images_info->version[i] = fmp_payload_header->fw_version; -- FWU_LOG_MSG("%s: image %i version = %u\n\r", __func__, i, -- images_info->version[i]); -+ - #ifdef AUTHENTICATED_CAPSULE - image_auth = (efi_firmware_image_authentication_t*)( - (char*)image_header + - sizeof (efi_firmware_management_capsule_image_header_t) - ); - auth_size = sizeof(uint64_t) /* monotonic_count */ + -- image_auth->auth_info.hdr.dwLength /* WIN_CERTIFICATE + cert_data */ + -- sizeof(struct efi_guid) /* cert_type */; -+ image_auth->auth_info.hdr.dwLength/* WIN_CERTIFICATE + cert_data + cert_type */; -+ -+ fmp_payload_header = (fmp_payload_header_t*)((char*)image_auth + auth_size); - - FWU_LOG_MSG("%s: auth size = %u\n\r", __func__, auth_size); - -@@ -143,16 +139,25 @@ enum uefi_capsule_error_t uefi_capsule_retrieve_images(void* capsule_ptr, - images_info->image[i] = ( - (char*)image_header + - sizeof(efi_firmware_management_capsule_image_header_t) + -- auth_size); -+ auth_size + -+ sizeof(*fmp_payload_header)); - #else - images_info->image[i] = ( - (char*)image_header + - sizeof(efi_firmware_management_capsule_image_header_t) + - sizeof(*fmp_payload_header)); -+ -+ fmp_payload_header = (fmp_payload_header_t*)((char*)image_header + -+ sizeof(efi_firmware_management_capsule_image_header_t)); -+ - #endif - memcpy(&images_info->guid[i], &(image_header->update_image_type_id), - sizeof(struct efi_guid)); - -+ images_info->version[i] = fmp_payload_header->fw_version; -+ FWU_LOG_MSG("%s: image %i version = %d\n\r", __func__, i, -+ images_info->version[i]); -+ - FWU_LOG_MSG("%s: image %d at %p, size=%u\n\r", __func__, i, - images_info->image[i], images_info->size[i]); - -diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.h b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.h -index a890a709e9..a31cd8a3a0 100644 ---- a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.h -+++ b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.h -@@ -12,6 +12,8 @@ - #include "fip_parser/external/uuid.h" - #include "flash_layout.h" - -+#define AUTHENTICATED_CAPSULE 1 -+ - enum uefi_capsule_error_t { - UEFI_CAPSULE_PARSER_SUCCESS = 0, - UEFI_CAPSULE_PARSER_ERROR = (-1) --- -2.17.1 - diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-skip-the-first-nv-counter.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-skip-the-first-nv-counter.patch new file mode 100644 index 00000000..4c486e69 --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-skip-the-first-nv-counter.patch @@ -0,0 +1,33 @@ +From 001e5bea183bc78352ac3ba6283d9d7912bb6ea5 Mon Sep 17 00:00:00 2001 +From: Emekcan Aras +Date: Wed, 21 Feb 2024 07:44:25 +0000 +Subject: [PATCH] Platform: Corstone1000: skip the first nv counter + +It skips doing a sanity check the BL2 nv counter after the capsule +update since the tfm bl1 does not sync metadata and nv counters in OTP during +the boot anymore. + +Signed-off-by: Emekcan Aras +Upstream-Status: Pending + +--- + .../ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c +index 2e6de255b..2e6cf8047 100644 +--- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c ++++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c +@@ -1125,7 +1125,7 @@ static enum fwu_agent_error_t update_nv_counters( + + FWU_LOG_MSG("%s: enter\n\r", __func__); + +- for (int i = 0; i <= FWU_MAX_NV_COUNTER_INDEX; i++) { ++ for (int i = 1; i <= FWU_MAX_NV_COUNTER_INDEX; i++) { + + switch (i) { + case FWU_BL2_NV_COUNTER: +-- +2.25.1 + + diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-increase-ITS-max-asset-size.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-increase-ITS-max-asset-size.patch deleted file mode 100644 index 97cd14da..00000000 --- a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-increase-ITS-max-asset-size.patch +++ /dev/null @@ -1,29 +0,0 @@ -From ef97f7083279565dab45a550139935d741f159a9 Mon Sep 17 00:00:00 2001 -From: Emekcan Aras -Date: Fri, 29 Sep 2023 09:57:19 +0100 -Subject: [PATCH] platform: corstone1000: Increase ITS max asset size -​ -Increases the max asset size for ITS to enable parsec services & tests -​ -Upstream-Status: Pending -Signed-off-by: Emekcan Aras -Signed-off-by: Vikas Katariya ---- - platform/ext/target/arm/corstone1000/config_tfm_target.h | 5 +++++ - 1 files changed, 5 insertions(+) -​ -diff --git a/platform/ext/target/arm/corstone1000/config_tfm_target.h b/platform/ext/target/arm/corstone1000/config_tfm_target.h -index e968366639..3f6e8477e5 100644 ---- a/platform/ext/target/arm/corstone1000/config_tfm_target.h -+++ b/platform/ext/target/arm/corstone1000/config_tfm_target.h -@@ -24,4 +24,9 @@ - #undef PS_NUM_ASSETS - #define PS_NUM_ASSETS 20 - -+/* The maximum size of asset to be stored in the Internal Trusted Storage area. */ -+#undef ITS_MAX_ASSET_SIZE -+#define ITS_MAX_ASSET_SIZE 2048 -+ -+ - #endif /* __CONFIG_TFM_TARGET_H__ */ --- \ No newline at end of file diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.8.1-src.inc b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.8.1-src.inc deleted file mode 100644 index f7e202ad..00000000 --- a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.8.1-src.inc +++ /dev/null @@ -1,46 +0,0 @@ -# Common src definitions for trusted-firmware-m and trusted-firmware-m-scripts - -LICENSE = "BSD-2-Clause & BSD-3-Clause & Apache-2.0" - -LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa \ - file://../tf-m-tests/license.rst;md5=4481bae2221b0cfca76a69fb3411f390 \ - file://../mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \ - file://../mcuboot/LICENSE;md5=b6ee33f1d12a5e6ee3de1e82fb51eeb8" - -SRC_URI_TRUSTED_FIRMWARE_M ?= "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https" -SRC_URI_TRUSTED_FIRMWARE_M_TESTS ?= "git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https" -SRC_URI_TRUSTED_FIRMWARE_M_MBEDTLS ?= "git://github.com/ARMmbed/mbedtls.git;protocol=https" -SRC_URI_TRUSTED_FIRMWARE_M_MCUBOOT ?= "git://github.com/mcu-tools/mcuboot.git;protocol=https" -SRC_URI_TRUSTED_FIRMWARE_M_QCBOR ?= "git://github.com/laurencelundblade/QCBOR.git;protocol=https" -SRC_URI_TRUSTED_FIRMWARE_M_EXTRAS ?= "git://git.trustedfirmware.org/TF-M/tf-m-extras.git;protocol=https" -SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_M};branch=${SRCBRANCH_tfm};name=tfm;destsuffix=git/tfm \ - ${SRC_URI_TRUSTED_FIRMWARE_M_TESTS};branch=${SRCBRANCH_tfm-tests};name=tfm-tests;destsuffix=git/tf-m-tests \ - ${SRC_URI_TRUSTED_FIRMWARE_M_MBEDTLS};branch=${SRCBRANCH_mbedtls};name=mbedtls;destsuffix=git/mbedtls \ - ${SRC_URI_TRUSTED_FIRMWARE_M_MCUBOOT};branch=${SRCBRANCH_mcuboot};name=mcuboot;destsuffix=git/mcuboot \ - ${SRC_URI_TRUSTED_FIRMWARE_M_QCBOR};branch=${SRCBRANCH_qcbor};name=qcbor;destsuffix=git/qcbor \ - ${SRC_URI_TRUSTED_FIRMWARE_M_EXTRAS};branch=${SRCBRANCH_tfm-extras};name=tfm-extras;destsuffix=git/tfm-extras \ - " - -# The required dependencies are documented in tf-m/config/config_default.cmake -# TF-Mv1.8.1 -SRCBRANCH_tfm ?= "master" -SRCREV_tfm = "53aa78efef274b9e46e63b429078ae1863609728" -# TF-Mv1.8.1 -SRCBRANCH_tfm-tests ?= "master" -SRCREV_tfm-tests = "1273c5bcd3d8ade60d51524797e0b22b6fd7eea1" -# mbedtls-3.4.1 -SRCBRANCH_mbedtls ?= "master" -SRCREV_mbedtls = "72718dd87e087215ce9155a826ee5a66cfbe9631" -# mcuboot v1.10.0 -SRCBRANCH_mcuboot ?= "main" -SRCREV_mcuboot = "23d28832f02dcdc18687782c6cd8ba99e9b274d2" -# QCBOR v1.2 -SRCBRANCH_qcbor ?= "master" -SRCREV_qcbor = "b0e7033268e88c9f27146fa9a1415ef4c19ebaff" -# TF-Mv1.8.1 -SRCBRANCH_tfm-extras ?= "master" -SRCREV_tfm-extras = "504ae9a9a50981e9dd4d8accec8261a1dba9e965" - -SRCREV_FORMAT = "tfm" - -S = "${WORKDIR}/git/tfm" diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc index 19ad2897..716d3f1c 100644 --- a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc @@ -9,13 +9,14 @@ TFM_DEBUG = "1" ## Default is the MPS3 board TFM_PLATFORM_IS_FVP ?= "FALSE" EXTRA_OECMAKE += "-DPLATFORM_IS_FVP=${TFM_PLATFORM_IS_FVP}" -EXTRA_OECMAKE += "-DCC312_LEGACY_DRIVER_API_ENABLED=ON" +EXTRA_OECMAKE += "-DCC312_LEGACY_DRIVER_API_ENABLED=OFF" # libmetal v2023.04.0 LICENSE += "& BSD-3-Clause" LIC_FILES_CHKSUM += "file://../libmetal/LICENSE.md;md5=f4d5df0f12dcea1b1a0124219c0dbab4" SRC_URI += "git://github.com/OpenAMP/libmetal.git;protocol=https;branch=main;name=libmetal;destsuffix=git/libmetal \ file://0001-cmake-modify-path-to-libmetal-version-file.patch;patchdir=../libmetal \ + file://0002-arm-trusted-firmware-m-disable-address-warnings-into.patch \ " SRCREV_libmetal = "28fa2351d6a8121ce6c1c2ac5ee43ce08d38dbae" EXTRA_OECMAKE += "-DLIBMETAL_SRC_PATH=${S}/../libmetal -DLIBMETAL_BIN_PATH=${B}/libmetal-build" @@ -32,15 +33,12 @@ EXTRA_OECMAKE += "-DLIBOPENAMP_SRC_PATH=${S}/../openamp -DLIBOPENAMP_BIN_PATH=${ FILESEXTRAPATHS:prepend := "${THISDIR}/files:" SRC_URI:append:corstone1000 = " \ - file://0001-Platform-corstone1000-Increase-BL2-size-in-flash-lay.patch \ - file://0002-Platform-Corstone1000-Increase-BL2_DATA_SIZE.patch \ - file://0003-Platform-Corstone1000-Calculate-the-new-CRC32-value-.patch \ - file://0004-arm-trusted-firmware-m-disable-fatal-warnings.patch \ - file://0005-Platform-corstone1000-add-unique-firmware-GUID.patch \ - file://0006-Platform-Corstone1000-Enable-Signed-Capsule.patch \ - file://0007-platform-corstone1000-increase-ITS-max-asset-size.patch \ - file://0008-platform-corstone1000-align-capsule-update-structs.patch \ - file://0009-platform-corstone1000-fix-synchronization-issue-on-o.patch \ + file://0001-platform-corstone1000-Update-MPU-configuration.patch \ + file://0002-platform-corstone1000-Cover-S_DATA-with-MPU.patch \ + file://0003-Platform-corstone1000-Fix-issues-due-to-adjustment-M.patch \ + file://0004-platform-corstone1000-align-capsule-update-structs.patch \ + file://0005-platform-corstone1000-fix-synchronization-issue-on-o.patch \ + file://0006-Platform-Corstone1000-skip-the-first-nv-counter.patch \ " # TF-M ships patches for external dependencies that needs to be applied @@ -54,10 +52,10 @@ apply_tfm_patches() { do_patch[postfuncs] += "apply_tfm_patches" do_install() { - install -D -p -m 0644 ${B}/install/outputs/tfm_s_signed.bin ${D}/firmware/tfm_s_signed.bin - install -D -p -m 0644 ${B}/install/outputs/bl2_signed.bin ${D}/firmware/bl2_signed.bin - install -D -p -m 0644 ${B}/install/outputs/bl1_1.bin ${D}/firmware/bl1_1.bin - install -D -p -m 0644 ${B}/install/outputs/bl1_provisioning_bundle.bin ${D}/firmware/bl1_provisioning_bundle.bin + install -D -p -m 0644 ${B}/bin/tfm_s_signed.bin ${D}/firmware/tfm_s_signed.bin + install -D -p -m 0644 ${B}/bin/bl2_signed.bin ${D}/firmware/bl2_signed.bin + install -D -p -m 0644 ${B}/bin/bl1_1.bin ${D}/firmware/bl1_1.bin + install -D -p -m 0644 ${B}/bin/bl1_provisioning_bundle.bin ${D}/firmware/bl1_provisioning_bundle.bin } create_bl1_image(){ diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_1.8.1.bb b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_1.8.1.bb deleted file mode 100644 index d50d886f..00000000 --- a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_1.8.1.bb +++ /dev/null @@ -1,2 +0,0 @@ -require recipes-bsp/trusted-firmware-m/trusted-firmware-m-${PV}-src.inc -require recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native.inc diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.8.1.bb b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.8.1.bb deleted file mode 100644 index 3464f49d..00000000 --- a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.8.1.bb +++ /dev/null @@ -1,2 +0,0 @@ -require recipes-bsp/trusted-firmware-m/trusted-firmware-m-${PV}-src.inc -require recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc diff --git a/meta-arm-bsp/wic/corstone1000-flash-firmware.wks.in b/meta-arm-bsp/wic/corstone1000-flash-firmware.wks.in index 88559dee..6919afd0 100644 --- a/meta-arm-bsp/wic/corstone1000-flash-firmware.wks.in +++ b/meta-arm-bsp/wic/corstone1000-flash-firmware.wks.in @@ -17,7 +17,7 @@ part --source empty --size 4k --align 4 --offset 32k --part-name="private_metada part --source rawcopy --size 100k --sourceparams="file=bl2_signed.bin" --offset 36k --align 4 --part-name="bl2_primary" --uuid 9A3A8FBF-55EF-439C-80C9-A3F728033929 --part-type 64BD8ADB-02C0-4819-8688-03AB4CAB0ED9 -part --source rawcopy --size 376k --sourceparams="file=tfm_s_signed.bin" --align 4 --part-name="tfm_primary" --uuid 07F9616C-1233-439C-ACBA-72D75421BF70 --part-type D763C27F-07F6-4FF0-B2F3-060CB465CD4E +part --source rawcopy --size 368k --sourceparams="file=tfm_s_signed.bin" --align 4 --part-name="tfm_primary" --uuid 07F9616C-1233-439C-ACBA-72D75421BF70 --part-type D763C27F-07F6-4FF0-B2F3-060CB465CD4E # Rawcopy of the FIP binary part --source rawcopy --size 2 --sourceparams="file=signed_fip-corstone1000.bin" --align 4 --part-name="FIP_A" --uuid B9C7AC9D-40FF-4675-956B-EEF4DE9DF1C5 --part-type B5EB19BD-CF56-45E8-ABA7-7ADB228FFEA7 @@ -26,8 +26,8 @@ part --source rawcopy --size 2 --sourceparams="file=signed_fip-corstone1000.bin" part --source rawcopy --size 12 --sourceparams="file=Image.gz-initramfs-${MACHINE}.bin" --align 4 --part-name="kernel_primary" --uuid BF7A6142-0662-47FD-9434-6A8811980816 --part-type 8197561D-6124-46FC-921E-141CC5745B05 -part --source empty --size 100k --offset 16492k --align 4 --part-name="bl2_secondary" --uuid 3F0C49A4-48B7-4D1E-AF59-3E4A3CE1BA9F --part-type 64BD8ADB-02C0-4819-8688-03AB4CAB0ED9 -part --source empty --size 376k --align 4 --part-name="tfm_secondary" --uuid 009A6A12-64A6-4F0F-9882-57CD79A34A3D --part-type D763C27F-07F6-4FF0-B2F3-060CB465CD4E +part --source empty --size 100k --offset 16488k --align 4 --part-name="bl2_secondary" --uuid 3F0C49A4-48B7-4D1E-AF59-3E4A3CE1BA9F --part-type 64BD8ADB-02C0-4819-8688-03AB4CAB0ED9 +part --source empty --size 368k --align 4 --part-name="tfm_secondary" --uuid 009A6A12-64A6-4F0F-9882-57CD79A34A3D --part-type D763C27F-07F6-4FF0-B2F3-060CB465CD4E part --source empty --size 2 --align 4 --part-name="FIP_B" --uuid 9424E370-7BC9-43BB-8C23-71EE645E1273 --part-type B5EB19BD-CF56-45E8-ABA7-7ADB228FFEA7 part --source empty --size 12 --align 4 --part-name="kernel_secondary" --uuid A2698A91-F9B1-4629-9188-94E4520808F8 --part-type 8197561D-6124-46FC-921E-141CC5745B05 From patchwork Wed Mar 13 20:13:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: ali.oezaslan@arm.com X-Patchwork-Id: 40935 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E6A44C54791 for ; Wed, 13 Mar 2024 20:13:48 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.6181.1710360823497085610 for ; Wed, 13 Mar 2024 13:13:43 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ali.oezaslan@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id CAF621007; Wed, 13 Mar 2024 13:14:19 -0700 (PDT) Received: from PW05BKJD.arm.com (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 38ECE3F64C; Wed, 13 Mar 2024 13:13:42 -0700 (PDT) From: ali.oezaslan@arm.com To: meta-arm@lists.yoctoproject.org Cc: Ali Can Ozaslan , Emekcan Aras Subject: [PATCH 2/3] arm-bsp/trusted-services: corstone1000: Client Id adjustments after TF-M 2.0 Date: Wed, 13 Mar 2024 20:13:24 +0000 Message-Id: <20240313201325.27043-3-ali.oezaslan@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240313201325.27043-1-ali.oezaslan@arm.com> References: <20240313201325.27043-1-ali.oezaslan@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 13 Mar 2024 20:13:48 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/5435 From: Ali Can Ozaslan Corstone-1000 uses trusted-firmware-m as secure enclave software component. Due to the changes in TF-M 2.0, psa services requires a seperate client_id now. This commit adds smm-gateway-sp client id to the FMP services since FMP structure accessed by u-boot via smm-gateway-sp. Signed-off-by: Ali Can Ozaslan Signed-off-by: Emekcan Aras --- ...0009-plat-corstone1000-fmp-client-id.patch | 45 +++++++++++++++++++ .../trusted-services/ts-arm-platforms.inc | 1 + 2 files changed, 46 insertions(+) create mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-plat-corstone1000-fmp-client-id.patch diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-plat-corstone1000-fmp-client-id.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-plat-corstone1000-fmp-client-id.patch new file mode 100644 index 00000000..2fb91f62 --- /dev/null +++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-plat-corstone1000-fmp-client-id.patch @@ -0,0 +1,45 @@ +From 52d962239207bd06827c18d0ed21abdc2002337f Mon Sep 17 00:00:00 2001 +From: emeara01 +Date: Thu, 7 Mar 2024 10:24:42 +0000 +Subject: [PATCH] plat: corstone1000: add client_id for FMP service + +Corstone1000 uses trusted-firmware-m as secure enclave software component. Due +to the changes in TF-M 2.0, psa services requires a seperate client_id now. +This commit adds smm-gateway-sp client id to the FMP services since FMP structure +accessed by u-boot via smm-gateway-sp. + +Signed-off-by: emeara01 +Upstream-Status: Inappropriate [Design is to revisted] +--- + .../capsule_update/provider/corstone1000_fmp_service.c | 5 ++++--- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c +index d811af9f..354d025f 100644 +--- a/components/service/capsule_update/provider/corstone1000_fmp_service.c ++++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c +@@ -33,6 +33,7 @@ + EFI_VARIABLE_APPEND_WRITE) + + #define FMP_VARIABLES_COUNT 6 ++#define SMM_GW_SP_ID 0x8003 + + static struct variable_metadata fmp_variables_metadata[FMP_VARIABLES_COUNT] = { + { +@@ -91,7 +92,7 @@ static psa_status_t protected_storage_set(struct rpc_caller *caller, + { .base = psa_ptr_to_u32(&create_flags), .len = sizeof(create_flags) }, + }; + +- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_ITS_SET, ++ psa_status = psa_call_client_id(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, SMM_GW_SP_ID,TFM_PS_ITS_SET, + in_vec, IOVEC_LEN(in_vec), NULL, 0); + if (psa_status < 0) + EMSG("ipc_set: psa_call failed: %d", psa_status); +@@ -114,7 +115,7 @@ static psa_status_t protected_storage_get(struct rpc_caller *caller, + { .base = psa_ptr_to_u32(p_data), .len = data_size }, + }; + +- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, ++ psa_status = psa_call_client_id(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, SMM_GW_SP_ID, + TFM_PS_ITS_GET, in_vec, IOVEC_LEN(in_vec), + out_vec, IOVEC_LEN(out_vec)); diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc index 3c7e94e6..80a58056 100644 --- a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc +++ b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc @@ -10,6 +10,7 @@ SRC_URI:append:corstone1000 = " \ file://0006-plat-corstone1000-Use-the-stateless-platform-service.patch \ file://0007-plat-corstone1000-Initialize-capsule-update-provider.patch \ file://0008-platform-corstone1000-fix-synchronization-issue.patch \ + file://0009-plat-corstone1000-fmp-client-id.patch \ " From patchwork Wed Mar 13 20:13:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: ali.oezaslan@arm.com X-Patchwork-Id: 40934 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C5883C54E66 for ; Wed, 13 Mar 2024 20:13:48 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.6182.1710360824498850648 for ; Wed, 13 Mar 2024 13:13:44 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ali.oezaslan@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E4CA51063; Wed, 13 Mar 2024 13:14:20 -0700 (PDT) Received: from PW05BKJD.arm.com (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 828703F64C; Wed, 13 Mar 2024 13:13:43 -0700 (PDT) From: ali.oezaslan@arm.com To: meta-arm@lists.yoctoproject.org Cc: Ali Can Ozaslan , Emekcan Aras Subject: [PATCH 3/3] arm/trusted-firmware-m: Change GNU Arm compiler version for TF-M 2.0 Date: Wed, 13 Mar 2024 20:13:25 +0000 Message-Id: <20240313201325.27043-4-ali.oezaslan@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240313201325.27043-1-ali.oezaslan@arm.com> References: <20240313201325.27043-1-ali.oezaslan@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 13 Mar 2024 20:13:48 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/5436 From: Ali Can Ozaslan GNU Arm compiler version greater and equal than *11.3.Rel1* has a linker issue in syscall for TF-M 1.8.0. Let's bump to TF-M 2.0 which contains the fix for the issue. Signed-off-by: Emekcan Aras Signed-off-by: Ali Can Ozaslan --- .../recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc index 1747c654..772366d9 100644 --- a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc +++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc @@ -22,13 +22,13 @@ INHIBIT_DEFAULT_DEPS = "1" PACKAGE_ARCH = "${MACHINE_ARCH}" -# At present, TF-M needs GCC >10 but <11.3 so use 11.2: -# https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/getting_started/tfm_getting_started.rst?h=TF-Mv1.8.0#n214 +# At present, TF-M Select other GNU Arm compiler versions instead of 11.2: +# https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/getting_started/tfm_getting_started.rst#n214 # # See tools/requirements.txt for Python dependencies DEPENDS += "cmake-native \ ninja-native \ - gcc-arm-none-eabi-11.2-native \ + gcc-arm-none-eabi-native \ python3-cbor2-native \ python3-click-native \ python3-cryptography-native \