From 6a54be1f8e545f6c0eeb585c1ac4f8cb0110a1d1 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Sun, 12 Apr 2020 15:20:26 -0400
Subject: [PATCH 01/34] Add x230-external-flash board, working CIs and
 replacing x230 default building board with x230-external-flash in both
 CircleCI and GitlabCI configurations so people can test this PR prior of
 merging upstream.

---
 .circleci/config.yml                          | 171 +++-------
 .gitlab-ci.yml.deprecated                     |  84 +----
 blobs/xx30/README                             |  28 ++
 blobs/xx30/me.bin                             | Bin 0 -> 98304 bytes
 blobs/xx30/x230-ifd.bin                       | Bin 0 -> 4096 bytes
 .../x230-external-flash.config                |  60 ++++
 config/coreboot-x230-external-flash.config    |  29 ++
 config/linux-x230-external-flash.config       | 322 ++++++++++++++++++
 8 files changed, 506 insertions(+), 188 deletions(-)
 create mode 100644 blobs/xx30/README
 create mode 100644 blobs/xx30/me.bin
 create mode 100644 blobs/xx30/x230-ifd.bin
 create mode 100644 boards/x230-external-flash/x230-external-flash.config
 create mode 100644 config/coreboot-x230-external-flash.config
 create mode 100644 config/linux-x230-external-flash.config

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 92bc07469..49d0fd088 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -2,38 +2,23 @@ version: 2
 jobs:
   build:
     docker:
-      - image: debian:10
+      - image: ubuntu:18.04
     steps:
       - run:
           name: Install dependencies
           command: |
             apt update
-            apt install -y build-essential zlib1g-dev uuid-dev libdigest-sha-perl libelf-dev bc bzip2 bison flex git gnupg iasl m4 nasm patch python wget gnat cpio ccache pkg-config cmake libusb-1.0-0-dev autoconf texinfo ncurses-dev doxygen graphviz udev libudev1 libudev-dev automake libtool rsync
+            apt install -y build-essential zlib1g-dev uuid-dev libdigest-sha-perl libelf-dev bc bzip2 bison flex git gnupg iasl m4 nasm patch python wget gnat cpio ccache pkg-config cmake libusb-1.0-0-dev autoconf texinfo
       - checkout
 
+      - restore_cache:
+          key: heads-{{ .Branch }}{{ .Environment.CACHE_VERSION }}
+
       - run:
           name: git reset
           command: |
             git reset --hard "$CIRCLE_SHA1" \
 
-      - run:
-          name: Creating all modules and patches digest
-          command: |
-            find ./patches/ ./modules/ -type f | sort -h |xargs sha256sum > /tmp/all_modules_and_patches.sha256sums \
-
-      - run:
-          name: Creating musl-cross-make and musl-cross-make patches digest
-          command: |
-            find modules/musl-cross* -type f | sort -h | xargs sha256sum > /tmp/musl-cross_module_and_patches.sha256sums \
-
-
-      - restore_cache:
-          keys:
-            #Restore existing cache for modules checksums validated to be exactly the same as in github current commit
-            - heads-modules-and-patches-{{ checksum "/tmp/all_modules_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }}
-            #If precedent fails. Restore cache for musl-cross module checksum validated to be exactly the same as in github current commit
-            - heads-cross-musl-{{ checksum "/tmp/musl-cross_module_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }}
-
 # linuxboot steps need something to pass in the kernel header path
 # skipping for now
 #      - run:
@@ -50,7 +35,7 @@ jobs:
 #          command: |
 #            ./build/make-4.2.1/make \
 #                CROSS=/cross/bin/x86_64-linux-musl- \
-#                CPUS=4 \
+#                --load 2 \
 #                V=1 \
 #                BOARD=qemu-linuxboot \
 #
@@ -62,14 +47,12 @@ jobs:
       - run:
           name: librem_l1um
           command: |
-            rm -rf build/librem_l1um/* build/log/* && make CPUS=4 V=1 BOARD=librem_l1um || touch /tmp/failed_build
+            rm -rf build/librem_l1um/* build/log/* && make CPUS=4 \
+                V=1 \
+                BOARD=librem_l1um || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
           no_output_timeout: 3h
       - run:
-          name: Output build failing logs 
-          command: |
-            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi \
-      - run:
-          name: Output librem_l1um hashes
+          name: Ouput librem_l1um hashes
           command: |
             cat build/librem_l1um/hashes.txt \
       - run:
@@ -80,24 +63,16 @@ jobs:
           path: build/librem_l1um
 
       - run:
-          name: librem_mini
+          name: qemu-coreboot
           command: |
-            rm -rf build/librem_mini/* build/log/* && make CPUS=4 V=1 BOARD=librem_mini || touch /tmp/failed_build
+            rm -rf build/librem_mini/* build/log/* && make CPUS=4 \
+                V=1 \
+                BOARD=librem_mini || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
           no_output_timeout: 3h
       - run:
-          name: Output build failing logs
-          command: |
-            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
-      - run:
-          name: Output librem_mini hashes
-          command: |
-            cat build/librem_mini/hashes.txt \
-      - run:
-          name: Archiving build logs for librem_mini
+          name: Ouput librem_mini hashes
           command: |
-             tar zcvf build/librem_mini/logs.tar.gz build/log/*
-      - store-artifacts:
-          path: build/librem_mini
+             cat build/qemu-coreboot/hashes.txt \
 
       - run:
           name: librem_mini_v2
@@ -123,14 +98,12 @@ jobs:
           name: x230-flash
           #We delete build/make-4.2.1/ directory until issue #799 is fixed.
           command: |
-            rm -rf build/x230-flash/* build/log/* && make CPUS=4 V=1 BOARD=x230-flash || touch /tmp/failed_build
+            rm -rf build/x230-flash/* build/log/* && make CPUS=4 \
+                V=1 \
+                BOARD=x230-flash || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
           no_output_timeout: 3h
       - run:
-          name: Output build failing logs
-          command: |
-            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
-      - run:
-          name: Output x230-flash hashes
+          name: Ouput x230-flash hashes
           command: |
             cat build/x230-flash/hashes.txt \
       - run:
@@ -143,14 +116,12 @@ jobs:
       - run:
           name: t430-flash
           command: |
-            rm -rf build/t430-flash/* build/log/* && make CPUS=4 V=1 BOARD=t430-flash || touch /tmp/failed_build
+            rm -rf build/t430-flash/* build/log/* && make CPUS=4 \
+                V=1 \
+                BOARD=t430-flash || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
           no_output_timeout: 3h
       - run:
-          name: Output build failing logs
-          command: |
-            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
-      - run:
-          name: Output t430-flash hashes
+          name: Ouput t430-flash hashes
           command: |
             cat build/t430-flash/hashes.txt \
       - run:
@@ -158,39 +129,33 @@ jobs:
           command: |
              tar zcvf build/t430-flash/logs.tar.gz build/log/*
       - store-artifacts:
-          path: build/t430-flash
+          path: build/qemu-coreboot/hashes.txt
 
       - run:
-          name: t430
+          name: x230-external-flash
           command: |
-            rm -rf build/t430/* build/log/* && make CPUS=4 V=1 BOARD=t430 || touch /tmp/failed_build
+            rm -rf build/t430/* build/log/* && make CPUS=4 \
+                V=1 \
+                BOARD=t430  || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
           no_output_timeout: 3h
       - run:
-          name: Output build failing logs
-          command: |
-            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
-      - run:
-          name: Output t430 hashes
+          name: Ouput t430 hashes
           command: |
-            cat build/t430/hashes.txt \
+            cat build/x230-external-flash/hashes.txt \
       - run:
-          name: Archiving build logs for t430
+          name: Archiving build logs to bundle in artifacts
           command: |
-             tar zcvf build/t430/logs.tar.gz build/log/*
-      - store-artifacts:
-          path: build/t430
+            tar zcvf logs.tar.gz ./build/log/*
 
       - run:
           name: x230
           command: |
-            rm -rf build/x230/* build/log/* && make CPUS=4 V=1 BOARD=x230 || touch /tmp/failed_build
+            rm -rf build/x230/* build/log/* && make CPUS=4 \
+                V=1 \
+                BOARD=x230 || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
           no_output_timeout: 3h
       - run:
-          name: Output build failing logs
-          command: |
-            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
-      - run:
-          name: Output x230 hashes
+          name: Ouput x230 hashes
           command: |
             cat build/x230/hashes.txt \
       - run:
@@ -203,14 +168,12 @@ jobs:
       - run:
           name: x230-hotp-verification
           command: |
-            rm -rf build/x230-hotp-verification/* build/log/* && make CPUS=4 V=1 BOARD=x230-hotp-verification || touch /tmp/failed_build
+            rm -rf build/x230-hotp-verification/* build/log/* && make CPUS=4 \
+                V=1 \
+                BOARD=x230-hotp-verification || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
           no_output_timeout: 3h
       - run:
-          name: Output build failing logs
-          command: |
-            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
-      - run:
-          name: Output x230-hotp-verification hashes
+          name: Ouput x230-hotp-verification hashes
           command: |
             cat build/x230-hotp-verification/hashes.txt \
       - run:
@@ -223,14 +186,12 @@ jobs:
       - run:
           name: x230-nkstorecli
           command: |
-            rm -rf build/x230-nkstorecli/* build/log/* && make CPUS=4 V=1 BOARD=x230-nkstorecli || touch /tmp/failed_build
+            rm -rf build/x230-nkstorecli/* build/log/* && make CPUS=4 \
+                V=1 \
+                BOARD=x230-nkstorecli || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
           no_output_timeout: 3h
       - run:
-          name: Output build failing logs
-          command: |
-            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
-      - run:
-          name: Output x230-nkstorecli hashes
+          name: Ouput x230-nkstorecli hashes
           command: |
             cat build/x230-nkstorecli/hashes.txt \
       - run:
@@ -243,12 +204,10 @@ jobs:
       - run:
           name: qemu-coreboot
           command: |
-            rm -rf build/qemu-coreboot/* build/log/* && make CPUS=4 V=1 BOARD=qemu-coreboot || touch /tmp/failed_build
+            rm -rf build/qemu-coreboot/* build/log/* && make CPUS=4 \
+                V=1 \
+                BOARD=qemu-coreboot || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
           no_output_timeout: 3h
-      - run:
-          name: Output build failing logs
-          command: |
-            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
       - run:
           name: Output qemu-coreboot hashes
           command: |
@@ -258,38 +217,14 @@ jobs:
           command: |
              tar zcvf build/qemu-coreboot/logs.tar.gz build/log/*
       - store-artifacts:
-          path: build/qemu-coreboot
-
-      - run:
-          name: qemu-coreboot-fbwhiptail
-          command: |
-            rm -rf build/qemu-coreboot-fbwhiptail/* build/log/* && make CPUS=4 V=1 BOARD=qemu-coreboot-fbwhiptail || touch /tmp/failed_build
-          no_output_timeout: 3h
-      - run:
-          name: Output build failing logs
-          command: |
-            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
-      - run:
-          name: Output qemu-coreboot-fbwhiptail hashes
-          command: |
-             cat build/qemu-coreboot-fbwhiptail/hashes.txt \
-      - run:
-          name: Archiving build logs for qemu-coreboot-fbwhiptail
-          command: |
-             tar zcvf build/qemu-coreboot-fbwhiptail/logs.tar.gz build/log/*
+          path: build/x230-external-flash/x230-external-flash-top.rom
       - store-artifacts:
-          path: build/qemu-coreboot-fbwhiptail
-
-      - save_cache:
-          #Generate cache for the same musl-cross module definition if hash is not previously existing
-          key: heads-cross-musl-{{ checksum "/tmp/musl-cross_module_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }}
-          paths:
-            - crossgcc
-            - build/musl-cross-*
+          path: build/x230-external-flash/initrd.cpio.xz
+      - store-artifacts:
+          path: logs.tar.gz
 
       - save_cache:
-          #Generate cache for the exact same modules definitions if hash is not previously existing
-          key: heads-modules-and-patches-{{ checksum "/tmp/all_modules_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }}
+          key: heads-{{ .Branch }}{{ .Environment.CACHE_VERSION }}
           paths:
             - packages
             - crossgcc
diff --git a/.gitlab-ci.yml.deprecated b/.gitlab-ci.yml.deprecated
index 545d8b59a..9e493e737 100644
--- a/.gitlab-ci.yml.deprecated
+++ b/.gitlab-ci.yml.deprecated
@@ -8,80 +8,24 @@ stages:
 
 build:
   stage: build
-  retry: 1
+  retry: 2
   cache:
     paths:
-      - packages
-      - crossgcc
-      - build
-    key: "heads-$GITLAB_USER_LOGIN-2"
+      - ./
+    key: "$CI_COMMIT_REF_SLUG"
   script:
-    - dnf install -y @development-tools gcc-c++ gcc-gnat zlib-devel perl-Digest-MD5 perl-Digest-SHA uuid-devel pcsc-tools ncurses-devel lbzip2 libuuid-devel lzma elfutils-libelf-devel bc bzip2 bison flex git gnupg iasl m4 nasm patch python wget libusb-devel cmake automake pv bsdiff autoconf libtool cpio texinfo
+    - dnf install -y @development-tools gcc-c++ gcc-gnat zlib-devel perl-Digest-MD5 perl-Digest-SHA uuid-devel pcsc-tools ncurses-devel lbzip2 libuuid-devel lzma elfutils-libelf-devel bc bzip2 bison flex git gnupg iasl m4 nasm patch python wget libusb-devel cmake automake pv bsdiff autoconf libtool expat-devel boost-devel libaio-devel cpio texinfo
     - git fetch origin 
     - git reset --hard origin/$CI_COMMIT_REF_NAME
-    - echo "Removing old x230-flash artifacts..."
-    - rm -rf ./build/x230-flash/*
-    - rm -rf ./build/log/*
-    - echo "Building BOARD=x230-flash board..."
-    - make BOARD=x230-flash || (find ./build/log/ -cmin 1|xargs tail; exit 1)
-    - echo "x230-flash hashes:"
-    - cat ./build/x230-flash/hashes.txt
-    - echo "Archiving x230-flash logs..."
-    - tar zcvf ./build/x230-flash/logs.tar.gz ./build/log/*
-    - echo "Removing old t430-flash artifacts..."
-    - rm -rf ./build/t430-flash/*
-    - rm -rf ./build/log/*
-    - echo "Building BOARD=t430-flash board..."
-    - make BOARD=t430-flash || (find ./build/log/ -cmin 1|xargs tail; exit 1)
-    - echo "t430-flash hashes:"
-    - cat ./build/t430-flash/hashes.txt
-    - echo "Archiving t430-flash logs..."
-    - tar zcvf ./build/t430-flash/logs.tar.gz ./build/log/*
-    - echo "Removing old x230-hotp-verification artifacts..."
-    - rm -rf ./build/x230-hotp-verification/*
-    - rm -rf ./build/log/*
-    - echo "Building BOARD=x230-hotp-verification board..."
-    - make BOARD=x230-hotp-verification || (find ./build/log/ -cmin 1|xargs tail; exit 1)
-    - echo "x230-hotp-verification hashes:"
-    - cat ./build/x230-hotp-verification/hashes.txt
-    - echo "Archiving x230-hotp-verification logs..."
-    - tar zcvf ./build/x230-hotp-verification/logs.tar.gz ./build/log/*
-    - echo "Removing old x230 artifacts..."
-    - rm -rf ./build/x230/*
-    - rm -rf ./build/log/*
-    - echo "Building BOARD=x230 board..."
-    - make BOARD=x230 || (find ./build/log/ -cmin 1|xargs tail; exit 1)
-    - echo "x230 hashes:"
-    - cat ./build/x230/hashes.txt
-    - echo "Archiving x230 logs..."
-    - tar zcvf ./build/x230/logs.tar.gz ./build/log/*
-
-    - echo "Removing old t430 artifacts..."
-    - rm -rf ./build/t430/*
-    - rm -rf ./build/log/*
-    - echo "Building BOARD=t430 board..."
-    - make BOARD=t430 || (find ./build/log/ -cmin 1|xargs tail; exit 1)
-    - echo "t430 hashes:"
-    - cat ./build/t430/hashes.txt
-    - echo "Archiving t430 logs..."
-    - tar zcvf ./build/t430/logs.tar.gz ./build/log/*
-
-    - echo "Removing old qemu-coreboot artifacts..."
-    - rm -rf ./build/qemu-coreboot/*
-    - rm -rf ./build/log/*
-    - echo "Building BOARD=qemu-coreboot board..."
-    - make BOARD=qemu-coreboot || (find ./build/log/ -cmin 1|xargs tail; exit 1)
-    - echo "qemu-coreboot hashes:"
-    - cat ./build/qemu-coreboot/hashes.txt
-    - echo "Archiving qemu-coreboot logs..."
-    - tar zcvf ./build/qemu-coreboot/logs.tar.gz ./build/log/*
-    - echo "Calculate used space for cache"
-    - du -shc packages crossgcc build
+    - make BOARD=x230-external-flash || (find ./build/log/ -cmin 1|xargs tail; exit 1)
+    - echo "x230-external-flash hashes:"
+    - cat ./build/x230-external-flash/hashes.txt
+    - tar zcvf logs.tar.gz ./build/log/*
   artifacts:
     paths:
-      - ./build/qemu-coreboot
-      - ./build/x230-flash
-      - ./build/t430-flash
-      - ./build/x230-hotp-verification
-      - ./build/x230
-      - ./build/t430
+      - ./build/x230-external-flash/coreboot.rom
+      - ./build/x230-external-flash/x230-external-flash-top.rom
+      - ./build/x230-external-flash/x230-external-flash-bottom.rom
+      - ./build/x230-external-flash/hashes.txt
+      - ./build/x230-external-flash/initrd.cpio.xz
+      - ./logs.tar.gz
diff --git a/blobs/xx30/README b/blobs/xx30/README
new file mode 100644
index 000000000..85eab2bda
--- /dev/null
+++ b/blobs/xx30/README
@@ -0,0 +1,28 @@
+The ME blobs dumped in this directory come from the following link: https://pcsupport.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t430/downloads/DS032435
+
+You can arrive to the same result by doing the following:
+wget https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe && innoextract g1rg24ww.exe && python ~/me_cleaner/me_cleaner.py -r -t -O ~/heads/blobs/xx30/me.bin app/ME8_5M_Production.bin
+
+sha256sums:
+f60e1990e2da2b7efa58a645502d22d50afd97b53a092781beee9b0322b61153  g1rg24ww.exe
+821c6fa16e62e15bc902ce2e958ffb61f63349a471685bed0dc78ce721a01bfa  app/ME8_5M_Production.bin
+c140d04d792bed555e616065d48bdc327bb78f0213ccc54c0ae95f12b28896a4  blobs/x230/me.bin
+
+x230-ifd.bin is extracted from an external flashrom backup (no way found to be able to extract it from Lenovo firmware upgrades as of now):
+python ~/me_cleaner/me_cleaner.py -S -r -t -d -O discarded.bin -D ~/haeds/blobs/xx30/x230-ifd.bin -M temporary_me.bin x230_bottom_spi_backup.rom
+
+sha256sum:
+68c1e9be8e2f99b2432e86219515f7f2fea61a4d00c7f9ea936d76d9dab2869b  blobs/x230/x230-ifd.bin
+
+ls -al blobs/x230/*.bin
+-rw-r--r-- 1 user user  4096 Mar 15 12:55 blobs/x230/x230-ifd.bin
+-rw-r--r-- 1 user user 98304 Mar 15 14:33 blobs/x230/me.bin
+
+Notes: as specified in first link, this ME can be deployed to:
+    Helix (Type 3xxx)
+    T430, T430i, T430s, T430si, T431s
+    T530, T530i
+    W530
+    X1 Carbon (Type 34xx), X1 Helix (Type 3xxx), X1 Helix (Type 3xxx) 3G
+    X230, X230i, X230 Tablet, X230i Tablet, X230s
+
diff --git a/blobs/xx30/me.bin b/blobs/xx30/me.bin
new file mode 100644
index 0000000000000000000000000000000000000000..7eb85fca9c6e9054bcba4dc90b58964a7f0a753d
GIT binary patch
literal 98304
zcmeFZby!wUw>Q4;Ae2U0gqsc(5CoLmfRuCyB8><N2olm|kb-n~NGOd;DQp#`OOWpF
zl&;^t{XWlg&htL!yyy2`=lxy3^9RGVm|3&eteN?&HMRF#HwNQN0s;Uj@VCG!r>>2F
z(-=~|6+FNkz+m%_PEWBBHppqKYo5XZAcC26LI5j^C2a8J008W>vv7vM83JbroFQ<A
zz!?H(2%I5shQJvDX9)aHL;ww+TQdHfUJw8_?e7Z!tfbT!9wZ#AsPYrSdHC=NM**lN
zz=~ndI#{{?ZUA8gSY6$}s~>QN#plm2MQ1Bl_&#SYU*I9sop<SySo%a^$T~e>_@rLQ
zKA~WpsN0PsMSY6#C>w{hUG+n>n9H|;H~P<p(^t#Ivb+1EFP9Z;Dp6dFVtDm{*{JTl
zt2XzdHBpP62J~^d)bOxvlKEUuK|_aut9I<_GfvF{kD)%gUM-Kdm;Um`U++(1o(lz5
z36sfg6tvfwCN`A`wnWEwF>ZV-{urQIaEZ@TzrBfyP%EOBcC}QGH&xAxJD+*s7CSOb
zS0`+;>KS*+K*zZLD-Q29hj*)M3s!A8l9gQjPkq^V-#nFbv5nh!enOQqcMpA4IHU{h
z7~-<vu!q~bRC^A0I-U&1Ams34G9USFg1d^B)DNQJn(y&?yea$Jo7+tcI%`!G@gqu<
zWljN;bQE8V`(5jzYQ;Xt$lmBM%eU&|_?}%PI!*P_p(e;ZpnD>g1m~V+nM)$0cKyxj
zAR`={+4w|H%hMc;@N0t8{<1`lQo~QnFF4WCuU$Xdj0yFz+a9lvtM@NVc-;FbRQuBT
z)!H7_FWgNlCQm<h6TEnWf;^LvE)+)SjmZVX!nd3S+;3YD(eXh9Q<hLkqDCR#^R%Re
zkB8w0QFa>V1a#wKWhoGewC8A;c(1B*LN{J&9#W2!8M!>ycuw3t<t!FiGOGJBw6_(o
z^J`&BBFem5amX#B%-JA`JyXLl{0XcoDzbOfZ%Jv({yhf(Zu*<DcA=J%R%uy(-+e7q
zrJzVO9)>%<pBs{v;7l`O1VAVZ{&(0b`2e66b}CXh#u6}&!f=z4|C=H>h1IXArlS7u
zGfU}+`xXNXd90RlYoCgZDx1bO2bAds>W@mg{8W2QCI*mFVIX|C1O@=k;{gCC9AgQ<
zP+_P#QE=kl0#?8Doqtjfyor^$&_OZ5)<0WHs8ECxKxHYx&hHW0fT3F)4-o^I0Pt`6
z`4B+pH~@6oApQ`b{vYdClGRj|RsOd+f3Qt4uM*t9h>MukcDF~S-DjJrJ=8QAd}J}L
zJ@zv76eywotNr6h!0;jxc>fIbhX9Bg6Z;>uUtLXEQAY3I^uNIGO27dpUbOStWl9Zx
z^lRMomh`>TjPqlm#NGE~t{4C>{!Kpu=(0k<uS@<Sz~myV|6lP}P}9<uQBzU*dkwjD
zFT?7Z#a_K&iH(}-TjOcWw4td^rPGH<YY)v2)I$JJ5%c2*Y~M}*aC;1!*$?rD024(_
zX4k*!*VK~wyXrr&UGjnrgEm4;j%ePGK3TIOg5x;BqoLp{ZEWzZPV^;i0FcE<UdQ>P
ze+l+PvEIK3z{p~_yD$8cF06fJl(qgT@5em~Z!^A$>aE1chP62&H2(#gI!URBN&*$0
zR#$V2JfQP7hC2Y(4*@`|E&$M5BmNMu4(E6OYx}itY5$Y{zN%bS^`|>6s9t><+>jjM
zD$Bi>0n>={dD42$YOF450H}<CMq&Ny0B~Xf0H7)24*@31n799demQNKf9inQv+2ap
z!d;gFV@)D0l{Ml!0;_XPM;qD?R4Pf2i9v1vy!4lSeF5Nw96W~n|02NT5+?OO&@W@-
zsP6E{`5%4wMX<m>{b@gYqSeZ;q*nVX%C0u`BJpa;e5gvAoy`snFfNO!mBsxtekb7J
z#47X`!Ef9CL;SU5wX{^^VMF~b+^)QL|Fi3rsM$|7zg&ewG3!@sK0b~kyEB{ZfFS7~
z{{Ud*Flmageh3L%S%6>Xk)!?)0RF4~|F73*Ruvg_?3}L<M+j76=M;bjAT&l|?8KDi
zouWcahtz<{HBG(lMPW>qIOB}hgH@9f>`I9h#jclFV%1W*gI$A94Nlw6%fP&f%3TVW
z$H0W0tFRHkhxIou*co8SaX9_=0KpR&b_FjHhhx&eazQu>hZlTo7#9av;prDH`R83G
zHVa!PHYmzzs{fVx|NsBr?WC-HM|=HG1F8OWM&UggfG+)8oBySyaM!U2$f#>$r1&rx
zIO+SpBS;SbNeuyz-2{MMngHPcP8R#D8I}_;2cR-b06cFEfG=zTaLpco44wkeuqyy*
zcmiOx4*(Ir03bVm09ptFK>APs6buKz<R}0nhyy^4L;xI40YHNc0F258pqX3%Qhf)2
zr9}Y5Uj~3f9{})v6#%V&f`>T-K(*fhkgx%ON}B<QyB&Z6x&Vmu7XbP80}#tF0Dc?;
zAmu5z{44-+E&^cC3IHyz1E9`t0Q|lSfJBD?lyw4t2M7dch=Tx2@DX4g0Rki=L4ZQ!
z2q>Qt0dCVEKrMO%*vW_h<ya6<Iy(a5;6{LMR}ml=9|EknhJcI&5Fi$NhzS5*2_ZnI
z8~;qzF#liS_ka3a_a*|26hlBw;s_8+BoYYdp%eoADE$|i%OJqdvIvku0Rg_gjR5zQ
z5TK4K{7fAI-q1pT>N*H0P7eWX8z3Mx69klf9|4hDBA`cB2nb_~fV%Awkla%Ql<bOt
z(4GiL&j$geJx4$beh5e`2m!qcK|rHn2v9Q$mW@R~CW#2}O9}$SWFWxcYy>!zivX$K
zA)t&RSYH_e()xe^J1P+n&nGyq4gmq*5YU4k2&l9P0g<#JAkR(&wAGD(Ec+19k3j?|
zFp7XaOduff83gog9xlI(fIhDwpvg@HNWX&sU+yEIwj%_@4IrUl6cSp-MM4JWkzgtj
z61qr+gnTKG&>A%o62FLqQW=mCEi)37XG4MyIFZosWh4ahBB3|@NC+*2gzn!&Le*kO
zh#W*h8Zt;QSPluTC?Y{A6(smx9SPEEBcTtvNJvs22^AY5p?OmzsPzB|l{`d3#5QnU
zc1UQ}0STEqBcVYzShp7v3iU-o?Jtm^UH}rB2u4EcuaQt>1QMExMnVqpNN_(137VuK
zp^i)>B$0!J!t#+&UjY(2E=EFp<wz*|BNB3|MnZJ8NXYOD60E96LO>%DRBT3qDs4zm
zrUMB=Y_QM46Bcw8rfV<>!gLcRc#4ChV3LJN5hfLwG+?>|FO^+L=t>U~I{JkKtp|{Q
zeCO{z^zY-8AtXdKh6Ft(k>LCc64YKmg8j=#@Wwh4jNC$kq`OGa{s0LL9U~!C1PY8s
zqrhc66r@Lh0>2WYKqNWppLDy!{1PP!G^RyC_4FvH;t~qvVMP7IfB#SY|9`stdkhL3
zVL?Gu94OG18wGA$MS+^vP|&yQD2Ve0jFTt|>XJY~7-<ybB#VL$6i|?^G71_|LqQT+
zC@5J61<Bq+L4$^HY>EPh%~6oaLlm@Wje?BrV0i}=<m-%rnB7rOiWdqZd4_^)U!tJ7
z02Fll6$&bNje<lXQBZRX3PL2HAk$<NRFZ~*jxte@XbxN^9|hqQ!ucgAXt*2&iB+JW
znrakup%&Kr1qBV&qad&m1!cFOAY=y$y7v<WmHk42`~4_LYZwLn8iVaOg@Qb0QP9Q$
z3N&9qffeg0=<072RJ4l%2M<u-!7&OXM4&-^G#YHiLxYk8Xt0484GEH?p=e4pI8K9x
z#OcvsDI*%3V@5+KY-s2P7aDqV1r7b?MMI_nXmC^r4aJC{p*?XlST2QzIAqaKqXHVj
zD5Ie=H8jYng@)2~&=C3_8dNt#LzyOM=<q%oyk?1po?4-ys>f&uut!6*PH2$91r3V1
zqrnbOH0bJs1{ZwMpyqQl*yD!=(Sc}?ItUGl2E*-qg$Dn-{^j=y4Sjo!h7gfxNIeD(
zy^cpi8%b!$JPi%iWul?0IcO*%9}V>updq#rG~`~6h9*CvA-ZZbWd9irwLoZyw;m07
zH=v;}&1i_I9SzQQq9MI5H1xF#4OY9KXEJ}AS8+Pec9Y<)&V!VoSN20+h`MbaI%vt%
z6B*s-Eo>zbEx}VU_I;%mBro~8F9estC5ni@C(~wzxobG(ZrGz_pqK>lE2)q+?2gU(
zCc=nunrAbf=T%g+=vVO<1<UsLO{J$K_qM9MtPYZSE1zJ()lNBz?>xVy$i(sJG*Lu?
zfm4+T<zwL~%I%u(xn2AvRkVum$+hS8c~8EuF0DLcn%`)nzRW;|@2@ehTy+s4blIip
z#w>E<h+t~{hVH7e{nh5H+!hN{-}Hq2xND5(vr#bU<p<gAMDiqLOVICkpo?l3^_t7b
z%mVMg)!io)>YNxyGQ9zbi>vd8-Fuf@=<7CPE~rEl@z_O1@%!Lwu95^)gjqM`deAW;
zR+~(Tn{(Fj3UOB4$8o7@9|eS8?zxV+W>h19l#p+E!P7J*lG)HKxEoO4$!cd<SJp`*
z@z^smza<<+bFUn2p@ln=%lwhrX_4{pIMITHR6E}NZa?KT&GaK?#Ny4?#820ZioO?a
zGWN+$&U9N&dtml)Xl1DQXt^g0_gUOrUwqDg_@pxatK~?l<@Qf9r<Nh1U4=lxJUNik
z=x0<uRV>9zD)t29Zv9BB^@n@nN-HszS%e%+(0c^D>r_<LmQ}{Ur!9=Stfq?MUxy+b
zfDoX93EnpQ`v2=6a1MTU9;OR05x|7~qW}o0PnoZt-T(l?Q)=c@c%At70lT+`mk4-+
z3vZXPoAbYgLpc0N8hx5Hl^l8THQ5`Jb<8N0@{P&oC=+BbMofK{FnK=A;+6JAn*Jnx
zqRtTIJ1S;YJB~CMdv;&klNn0AB$II}M{|(P;g<CM<=_pAnHoL3AwSET)zi3lY31J>
zy0X_NJ`f!UK;NsJ&E3B!`y<|+buZ@@T|xt!hlsg<zdp`fRme|1+m&(+5>?X80$%&5
zHZrxsttULKk=>zo*UFZO)r&VSsI-SWTzM?e6-KC8vdVAsx>Jj2t#rLenLMK7s$+As
zGv~W)YDIjV_lu8&f4$N@xAZ~iVQ^1O3zy69w+d7X6?X^%d#_tvej3+wn_?%=iMuhD
zQYnA;<NSH;z94IOHT~D1ZtCP{_SC@=^Yn?OgQ@ug4E$0h;FXaW%faKfg4+387cS#M
z@m&XuFV6J}3Eoa=U*ZK6S=Ci!jMb&I5dnxgR54a365fpi01C;-z<`ek1THYc++}Rm
zp9>dS51wH7g)#hm*Z8ho7r7=NBFN|ev~&-+__a732OP)D;Ds{*<Jvy!oq5QouTN!L
z_kc@eJ>e)Zq#P0}!1tHHE#GzKk6H_R00~*obT~!|sa0(vxwi+%hoi;E`DRh%x;*5%
z8|2;z;lOz((sful0x^CIL9X?I+)H?!oZ2iL1M8aI$4dMuf#ZWF*SU(644jpb+z0r{
z_hpeXD-a&}zIHf{{5aqEPA497IDj+mgTTz5_d#OjaC}gFQz&v4S!O~q`+a~ATY~I@
zt&G<`Apci6BnECRTrM1VHm<$9PA)$Hcf;x2Iyp(Q50YH&ElBl84l6(~&NsIN=fg6-
zQ%IR4E7JOXcu(`E`oF7z^2p(PEW0o;u)LEmIk_|W1!VZ|g7H&w(Q=UdFC}Z_<SuYF
zR?jq&G?fj7hRpzPUH(@ysF*rn_=K=#;J<cFMBt`~pukm+(me!yIEsE8Glygf5C45Q
z{^U<wG=6H1Yl63Cj$;DzFtXtoau^ZN8}KnFm$Ukd<A=HP<ofu3ajY<>PHrgr7e@u<
z!3IFxfDM3cJqmXmHlObax!HwNCq&~~Bfc;4n?U~&ISJ!BY)gvua113m2?N|O7ST1B
z`M*-xAM^TN$7;ij@BhEA8Wu)+n6AsU?E{=xZ20ELun1s{GQIytDbw=bIHcU}57+H|
zfHoYB3*&=JZl{ZMLzCMzAzhnHB#96HFF2>I%$)<^6YLiUzyDPFU%J=9?|*SG*!LK#
z{}=(W9*zLUZ(-KSeIA4()yFXtc;QIoINu}zmgAcsgP|gVeRhU$JsgR^4wrBoIarDi
z>&IlUL$8w`%=|S>;P(7i!^Db|>=5_@w;dju|7iXn1UvEm*|-1x9^foKL*NX7GX%~M
zI78qJfinco5I95N41qHQ&JZ|5;0%E?1kMmRL*NX7GX%~MI78qJfinco5I95N41qHQ
z&JZ|5;0%E?1kMmRL*NX7GX%~MI78qJfinco5I95N41qHQ&JZ|5;0%E?1kMmRL*NX7
z|9J@LbE&=ip|E9wxw}rG+F>{?Jb!?B_|a(XQPlH&6(+JPF_-o9(<L{A5!?>zJeDT(
zps(Ynm(|YnIX`|3xU|6G5$A?Y1t|FXyIQS6{+!H+X5{d+Gq=~KtTL6Qc6P<hOTlTL
z;WV5cZ#DIkeM4H4fsk$kAmpeL!$hkkMVr8t9@4GdDd(--k1wam$0EQQg5M^{f)v<{
zNN1uI2SZxJw2ouZ7K!d<2Xu|1R6lke{1%M-$iq7j*V$`PYG>41>t9;^eb5=sj#oC&
zE$7WB7&IG{fV0a6UIk#K<ChKVER1FJqQ7ro+2mHEG%Q>FeHqK9E*orN3+<b29P%H~
zwfpnP3|yXtXezD;2-dX4B>A<yNczwgsCqQ8UwJe<P-QT9^V9G^LVD2X?BSN}>~7Uo
zn#$+gR>O)9Vz0gza}2Ekw_k*pIc8tuNeSRwLu%9ewJs}3)jw?i7VYwkn^+nm^l5Vc
zg6a0;3YEV<Gr_XYYczx*t?_v;MWM&}BY5$0v3p88o(Xv_=h{s)jC0nfgBRCQO2!Tx
z{q&8(=n*DDgmogfvK<3u)G#;!95-HG-vsW4J7!bE$#W+7ld?}5zT3xCa;KgcE6faw
zkxI}^hx6kM(H9rh1Oyf6+;ao2u&>hW6;Yg*zwr_QH>jySy#7x;=hPjj1xl~tk#n+j
zm&{xmhx<|DST@_cl;7R)YS!rVjebbghibDM9QbjEw-#Psd1aU2QKogl+9}Oil~%l|
zXwdq&<Bq*Dy|?@{b+e)Ppy$d4`{%sxqU-JAxCWnnguh%*pK)xP+UAIfY?9mJeexgT
zr1OuqP!YS?f2g)Nbhfz6d`)vRD`JPT^vitySI?HQ?a|q1AF8L5VRU_epL1HiDeoG~
z@^C7ZM>y9+moYJNL~D}v4n~Bfn}97!p!M_4!<z=1GKQpK543BhUb(%m?nS&xvG!>q
zcw*wXJw9kC<1WWGk*s0zESX_N*YmX6Px6hjQ1cagSDJes_XW~YXM~k3Uc__=hxNQ#
z`TdwD**|#kF-_&rezHNA_`{dpDeSAHtG#8NL|+*7w|vJQ_-P@}dEA%Z(|+Z2u^{Nc
zs;;C`|3$G2$#3}@zN^0%*UnGr*J^8+dL*@ay<B#Ra`m_ABbabqcja?@a=+Yo=~`B`
z$?SN83gdDDoEmto=FDXJpP?1(_|D8wlvraFop+M}Ppq%?^PG^r@gQ3`^Q&|3su^?~
zTR$IL;xTUTjI&8K>fQWF6Q}w&H=K25OP}QbcZJ0-w0>@vG?0$8TCFqRFmb*@<9pxH
z3?=oF$egk0W09mjPo!K<Ogz}DrtWE%MApM~E=`Du*%Wn`mglj0tD`#BxBu0ZxZ0b7
z{@8~+efkRh!RUik`^kfCs)yvcyvSK+L_I#9XiGBfqyVuLPrAWtU4O$_yz(!E_%vek
zVmu0ro;Ptd8LBFY-uxUJUtdiRq!C+QzH~@q^6Q$P&sJ0Q#Ob~K5$#B|RF&=z6l8N@
z9G|T=mW|%V?SH1af3Mwx`kmIG`C$BYtrU4lsQ104i6w0XCp~yl^>%x)IKMr7zsEK1
zQB=>IM#nblbCxLTMjJX0z|emWcH>rz0*B`0@B->|Nzzo1R$co$E(mVwf!;Z*^Ub8y
zN;ZivBIwr<dvL=Yl4#i*@4jo_ag=+uJDk%1|IWs>5{qa1?I8kUEo1pvqQqKPdoU(j
z;oA*ba?bSSqW-?=WQ>dlJ(Ei*(Zk)R`uA)zkHDClUWL(Q@QlIxp@dD<7*)mrR9y<-
zN|J2xKZHx=ik<RYT%qlE2sna)bI-w!&#Rc*$#qPlS0PxCx9xr6-)3VY>DIM3FDQqS
z*Db3`&)LP(HKhq*Scm&x=crZ?6n*q=>irqFsB?AVf)&B4x`Hr=!)Feq)|H<OYcox@
zhqIOsTsAZ6l#OK%uHH7zzgv-9llfNC;ki^5$;vmEv7{G|m{uc%(rahXFC1KM2)#k5
z4F;G%g#T20y25KqbhBpPLBDoCxytY;&#s%g%llJH<qW1JM3b;=#6nr+(&lk?&<{n$
ztVnIDC{t6@-Tz+L5gPOP?*|hz>6;ps9lfr6nla)5n{4k(*mDqWao=P|>VEF!HC{)~
zw5S>%4@8%3@v7ce|6!sn^5UCF`npixjBneV=7S#3ryPDd37@@W26LUu@j8>6CzTt(
z8$+Ite~EsGmx%DR)G;zL(jUUzx_WQ>M^OG~#GM<Qc6g)Lm~Zv0DZEXl)P1o=6Txid
zl6_~KLKvH7bK`GdEyx^>{FJt;csHM7z(~1NB_{e_(&eU;oaXNeQE%M%>r*aszE6QO
zqTZNg%R78ZFcWnzBrkg<@8(71lwxNi=5Ro_P&S6xXqmTuAG<gA+E~V5OMkZZrWeuE
zpJQy;><>CSYjCz<NX4g5u=H|Foj?O`M$x4HZ%>$A5v-%eva|X-Sa$6}t>aW&XP=M$
zCYD|Gt9>>pwZj}q>M91^rS81?Vw`m|o=po!vflkJhMGDx!XNjEhUJB>j=HPyR&^!<
zM0%~bn^|Hj7ADW)+9h><?T9xYG~QlUjp|4`PI!Bv-27cMa{t{A3w`=&ry{G8&yT5_
zmbKU&#R6pQcc*HnXkGZn2Xai)7ag777bcHVw-YYRv2*1VUR0=Sa!s1OvZ*ieoC|ZO
z-eM57T1ympiDJ*EJSz{!Q;vo6=p=le`ouf-WaOf1l-gw%l^eCs<9oIk3K7Ry9WzN~
z=ab7t&J7?ZEUd1d#y*(3$TeiOPi&g6YZhu&O?AvmuBlIJ)Eir<O3h1L+21^)GD42x
z7;#=TMT7(x)+B<aoqZ!A!rBuK>r4AK!rD_3nM=R&zs^kbU8FU5`&X$8;Gq*c{|S`^
z=lWRQhZDlqSGr7ZEr-Zr(LU8A-l5YJ*Qy6;d8G)BvhmyN@6OW&GxGFYN$l!dD(RrS
z;W6hR8SQI&Z2j!=cN(QnYHG33G26x`X;(RU#;^77U6;#Ll+`O!^pF%W@o~y?Pd_PM
zzvYN9T(~Y0$mSV;QH8_&VEAM~eOn=+bp4j|Y`21W-pqi66mQA$4Y<@{FTRgcVOvh5
zY7^Ud=f`BrT}89+A)Y|Cu)blyu0qUDp7|dgs}bG`YO9gfkxK34cYRA(OA$LFxQwCa
zvdn_seoB#j?3GmbD4;{IpZ$Cq&G!kHb<O>4TF(5h&%-(IKmCBiXlG<h9dkrc>jl#C
zN(-(lV7vP~tfII$NF;dZRjOl&GNlBc`+eiicWdQO3o&oD7Wp-_%4*Lc{e|__HFmJN
z2Gr2Lm9f>66yM7NvijavMtg>Rc~e0-8qPCK(d^2KG@XN)xb|<oE}`PN$p~3HcL(Yz
z%6H+vuB8yR`W>nxPu6;fcjI&^MbdHGgfc?LJ$tTYQ6&2F``l5-vvpf;EuM&@>{B7z
zXsc|~-doAt^Ne);#=~dS9M5#2#u)9(KcmlLXSzQkgNtuE`FoWmnUBt>Py#p~V~H+1
zK|XIiLFOts<X+;uwbW(z?gm>dgX+S-5rt+E@;7JkMIxLd(ouiQ;1qRNAJxUn`$I(3
z-S?AU_=T#jQeV7YVcHhG_0{6FPV!3hjsmTeD$g@F7okT<1k0pheP&jxl>%?NHVF1L
zOmNAr+$}bztjnIiu*jl5{Ys+oO&7$Y!Bs<{_f<7@M~;hCn}gP7kWXEivi;U-^$^q8
zfXlXj+smj;6e@i(;&!A%wl@Mlo0lfy${Sy@=QGNbV-xt-8)h-Ux$w(`FUcc}QzBPC
zT3#(u6a<{>#ae4>v-LV=?umY;m{RwS9olIqd0vs*AChJvOG|IAlCJl9M!Ng5q52TI
z%sPvB$;<0bX9mR;&j4?!TMxhFxmKoqA<dYawEga#=bB}owtf2m=AMik8yu@|*o&;x
zz8TXNGf**ExVHCLFh}llL$~6#?d9?ZiF2r3!Qs$v_3s(h%*N|=&3J;RE`4v}b?n@6
z-%cy#wv{C@CmAHXtr#8|l)n|B*qE{GXByX-H7(_xXKI;RAgS7s!??6fFk$$(K1O?(
z+M5yc((XwGHM#Qd9enwY5^3R-5#KHW!OL|9k2V$aP!)5ltzRS(cC0>ZOv`O1<UZT`
z9Il>wLgp)bKG<#g=T|&NImer($wd!5Lj5V;YjC)KFLCW$9=h&(5YNEaF)AzAvIN>9
z+ri%=;lJ+$rW<7VYdJRwNIoJv*eoYY=t}4)oy5~9YqJ%9SjMv)cK^qKWE?NEzD;)M
zkLuv0#+nrGhS&PjN<O(_q0y9;ZCzS!)Q(C08`*1jKa$X#azeqB)OfTL>meeCgF5An
zp~puL4IYW~Ugh$UkxUg|n;6+-``GfOaw0QllV?$~bV|#hHj5M|IodSl%AtEH1wk}l
zv+V%8<qET;k&a2LuXpErKAi4=HT%Ln)C>t(XW>?!%WB~7v>slc(C2dXPAUuZ3v|a_
z3|@BSg{|`PmJ%Ho!~>s@HHceMBz9Dq`(75|usb?#Vk}t>S6QP-R3pvOyAoa(&{sOd
zJn1v~+_OO9^L?L_jAgr__}8!7y^PpBNXMl-{XMpbrR|R=-QEuCpY}#rjPuj0fB6MH
zI85k5n{}RRHdC)}HO5y_e@XrI!u_>MKUQ4RqVT=@t@gx)-7N>+)ckQXlFb5wBAfoi
zMK~SZKE30;r-mAKZ5>h9HFXW9TgrRW>V5=Cc97D%40E8pRW*s4`7PdmG3X*$m(k+5
zLf@({eBK}&|N90QT!+sMco+}ABlcN$xBBp{dfcSS`}^;kh^Mv0K#L_wd+!b>w!SwD
ztqSDES)H`Lkz{KrILZ6Go+OBYd+7{K=f%di<t2;vo^iulKqgy<cI?3==ZA9jEgB_E
z&)1VTCwPym0_PPxS6X(Z0|Mvus(M6sZ@D9u?M`*<k=ipt{L;fSDcH@iN=RY=sf!+N
z4i!Tk>f>;|6RU*t%wdKMHu01gHbm7v!PwFXyx+_Dp`f2!UJCCMxk{sWO7X?RtxSFH
zdguOAMQZzSMbfYx1&<CzgEGts@qa(w%9Io#X4qd==zkrm>J;idFIQQ|oa^A0mDVR3
z4qKsYS1O4-Xm<U_;=uUryWXw}JzLq<yV8PAN5Ls9W+DVkEA5EQhkPuZM{~ElohXw$
zcVzH%5mEnEYDpFP8@!MMvD$s1dL_N8qaXL$o|Rs;_!VR=d_K0^VIW`Yz8Tuegj>hX
zDDJAo*q%eLt@qmKZ#(T8=STP6s(-yT%a<dgmBM0Njfuvd4#kj$qKHPCH+h+JQQw8d
zmD@y-x8{$|5hlbNSL9p~HSFG0E%e#euar9n8(9gd>kxA~ih1Y$_Vk4*duO0PtW>^K
zy0b>D>abg;vqyQs4ih9#KW`Bl_ykj{->`B!Q$IK+!r@gnSr=k%1wUz>;d<_r##e>I
z>qUx;L5<_>7IT~8;*s(=PWKrxPWe@f7OeFs&2J4~IOEYB(nWL1KoHcY<@oh9BR<Mr
z%pfnh6QWik<fw|;@#EZ>Nr`6go_s=_I!@$~Jl))3Mt=^Jd#+!JEYEa4RS0-@BygVt
zVYg0sQ_8oms-0WB$kWIjz_Y-63vG?A^3soQys^R~)1F(oMmsRB<=FFGreZeL%Ej?p
zYsRDqM(jA_f;Z|%^pVvKMMjI5CYFtxj5k~Rw-%NoB|6LQtZdq9Iquuj1ez?4YklN*
zD|ednnEW=cHWeuBPFrdmIDN;B#K!J|eWj$LxwNGD3xy`TIa}ju)-U-%cIBlr0hKFR
zdh+6QM{}Yz<U%YN#dBikZC$q|cr_ndFp`rwZNV)#TIX>aI=(Ge%;PS&-yS70c}}Fs
z-0z5LOT>$7h#_G{-*MK1`t|syaMkuX36?CS)bc<a%Udg_OvA4`_55gR=N~)zRPs7J
z5|fTHFOxoD^=cF_N!v|N6Ed2gZ8%D+qHl`G6&JnFK}J#gxx?f+p5pDr`@9`vb(WLO
z_pcFc8U#ne4V!6?C?27(0bAkb-duIGWwnu)Ug@BojB>5#>Q!Rpom3lc$C`~0Yc^ly
z-`uNC5PmYzQ(-aQ1KJ?r3*VcAe)I7^tIm*rFSaV^mr}*v9Vl85t6<y^<|q>Sfd04j
zRx%7X7yaU;!%SjQF_E8FhUeg40{r2==qnjGKRG9T`!8H<b0v%Kk0q~jRZaEmeO9dg
zv=)S4t-HJ{KN$c|RzSqSFJUqFH0pd|t&|NW>f1K?_FQnYwExp)9cM6m5h9!lA|L1Z
z9Y^y{)Xif1aeqR*H*qWG)4LmGfvklyio$^-4!6#ara!XIc=67+XFq%3`fa8JESzE<
z`~wwxZ3Cs>DIR>g*H+}#>Er*NIrL#eq2oYJ7~!l9N^I6ftEzRR#0{2n8>lT6EqB~V
z6fk*gDPWPF>N)W1P`opa9XqPNcZdzEl-%%R&6)E%)#?_mFYpWKV%-scr4vwTbX!6C
z9z#R<W{VQsP27ffBd5GWh6%T=W!Phz7WzkBHc!l%Uc7r251MZ+zSb6#zlE3fp4kp^
z{h1c@(k(N{v%Ka~w6{GOqs%q7GCd}rOA^b=?smYwr9%z9!CsPY3_LZ4SKPGjqV|9f
z!8t!vyhzQKVf)mx`VMl7UnCXaGcKI`X$8cPFkRgI_EC+MBM6?Xs9!(jDq4B&qcLan
z#SNbDo;O-m{S-V*Cofn~G-PJ8h8-;_P}jIHDZCyKBv}!$pu3pDhvY!q>*qM0oqKs`
zEOU*0(zVL?J*!%VFHcOQN-3#nL52^3UAd@6Qp+b&cX(>$8J;%SOtljxww+EokI5N;
z*S{dVa?y#1XV-w9lEePIf6NfHy|*%+bhav1rt)a3Wju=}`gI<jfH+SyX1Frz@JX+H
z_1vdrO`OGaV|4_oVRgJ91$rdkFT_8z#ri8E#r&ZK>#!O%H%BMbjJxQ^P=~XtzcH@9
zaf!lu`%o^TJ!7nzwT)g%9}6K$wSCWA)dE8oOOLe7&~?lKZjBQzvHaB~4GDi-bzyDJ
z9ZTO3NsUqz|MoDfg`5~(WI995>F28cF`$Lbh(aTq2=<)z1WK1B^+QcIY!x$0&!=GX
z?DhoSGO%Q1hW)i|SgK;8T!bOPHHGJG&i()-!88|v-@Il5%@!$<5-~!c^IcUp!2AUF
zX~bU>W$_?6+!N~CP3+}?qBa>mK(RpS!W!HnSr^vc2;3a(M8c%=6kh%;>Z#<&n>DZ<
zBzxDA8tUzs-C5^1^(!SzQQTIrjzR=pRv%^^VTY$!#eO#PXV}`lt*q9&vKO&Cj*75>
z67)NF7Xm`)*-H{pzb?4Pp+*LCHP*o@QKatJO-nGxJ5lz;TO2yr>B4xiz3>FdcXaMN
zR&PYENPzcznBIOi7k>k(`ycbfy(R1yNNTIU{O)cQV8uA-)cy~Mb^lkd5f5}7kUqIa
z?EAiy7){-%NliM<!8m%Axmm7|Viwy+)1&h8)kfafjl)R$rz((*(8In+rZ)33Q|AZe
zj_cPGY95O%^Hh&Ee2Yo)3A&b)Heo5?c$hqEqcPArW}tgB2{^r(gjBkj^scSlVwC|N
z&Gp4Mlg{Bf3K#vD6L9V%oV6`NB)9#lD$nq_=yPS+J!m+}2R~Tl1!-#;(QP8ySLHJ)
zVb^uMk4;D>;W6XT9Bnd3aER9AmJF~-kPma+_nQ?5b}M^f4<TvCddTon@i_03M>VX6
z2ZmAZp}YfcET{Sg1rk~aXB=IHDOZJPG`rx9@M4F6NqM+9ake<687DQTY4k{$a>w8;
z?@tBw7ETt9%dXFQY~By0T-T#^ocdrg>f`B|<B%{{o>wYWG(9zhYkLHym2_!^$csCf
zzN&V{WUbt{AHB|eQ;ax7wIVlGqFie*^P`r<>>Enq2p3!Dg7emKeY4I4H#xs?>+Nj+
zr!{`okEXlwsyb<~go;yeY*tI$@b}i@Qk>T(-Y$?}XP=c7-fH8~c1M2`BV$}K!tUpX
zME{c=w3z_>6Mj2l;G)nS+$rx@%&R&lI=Ib<20bh1H)7%w_*w?(Z{U;v<ouCjTlgZM
zxK`zqJIQ8~ybxFI7ktIh(g%H^ihg5l&IEV=ba`_wy8duPnRr-_mP~^h-*w{~3z@30
z%cDJb7oVF<<)GoOUB0qdug;_XjjP5yA?<zOv726C>wN26{{|{=z+U(Ye5P2GY=*33
zUUPHXF|T&)-(?e$xK+XBxBHT*%-6p6Udo$<NBC=WZPrwAPv2MB!iOG<M0-3StvWsD
zf%dgTYuBTR9N_hnZsS{XM1s`;Hy+hc@J%_Z9GPDErs8oe`Fi(4$YfT`=+7B~d#c~&
zG;rqD`!ZiP-mo%X_-0NLL>!c_`*=_YPfDa?W0XVZC&AlMee1wHx`9(KkNe5DXIAR6
zX4b2Bh0JXa@~ka&T*`9`Bs-5Lb*(%GMoezG^6k%X6i9Y-1lO@=jNtWX#|X&Pno~be
zW@H#ARWup2Vs^T%WgJ?}o*pyS*ImoVp1xfWHhJFqa4<+w?Lcwon9iW~J(-57*Wld^
z)eZ?7@0k&E`5?~y$NU%NrG#yIbb~II)ro_OeAQ2mrZld&?>qX&x7%k7-*pJGU;noI
z0Vgw4vPgn{WJM}3R^05<I6F}wclXfJrhCHZR&O(2?s&{aLCQ(FrMM1lF)HznFK=SS
z74EYRqJf7S!5^2xHSFH2y=xq>*8yOyoj}FZQbC^UbQ0)G#Bfc=KN^0l$^=}XZRfia
z${pp^(0BJu;nP&HhZbCLazNuUS?aRMCzV?_7iH*0BOCILJyr#hAF)u;XBv2F9uN8o
zk~b9b-mvnSly;pHOT1zBn3SA0Bm7sM?wv0txn>{Uyc+bE(aA8pUN7M3uVPOtR|s4i
zjUQx|YubJobjhu`b>dB4$?2f>Sltf|>Y{rrS~I<#-D<f!k#?W&i;`cwqnf?TRefRL
zn^K%c@yX9(M&-ln9=79L_1ZVbE=FAS3g#`HI)2EyTCa8sd|v-r^#cC6SYl@79PO2?
z>Jr7TrU?G#EqNDo{6m~-tz1$6i(jzsTL|o3mubqCVy{VB1uqTuh`!)W)++R=uQ1d1
zSrJvuKKgF%07=IFJpF*bRTeT|M2OQxeI+{2SfVC6X38-A%Vedn^R_H{tIzBG(UV#=
z!#h8cyc9)9NOH~hf@O1#yMi8Sy6arRQS;|3S|51(rY%a{tII!(=ACC1a`o`moEn+7
zO}0@8dEr7&{%HvJk&xpKK7CbKt~SSOuijP`km^M3JG=AL@(}fXldonMTtc3fHs(Jk
z6D>QhyOUXQc_E<jrHfXWYi9b<j(E^i@5K(8fyci_nv7<+O?0Y^^)OziR(KVgMOTGa
zLs+UarlM(lQqzfjuIT$xcy1g1LrmbK@P`yOsYi8A7S4X0x3{NTg$~wA>4V}(!tH~y
zrOh~MI)Cmxx=tzh%Ae1mE$(sZuhfymq^YOByBf3}r|=scgIf=$-Y9}}UVIm~-;U0Q
zG0Ew%yLBlq>iBVpj!9*`ZnS^O8@}3}!0R34R=Q)O`|81vMUCr6>2B}&ob@YI4Ifep
zn-5GknJ%@ddEAB@8@xKmB_tj+jyt6>67fQ2Aox!8R?%weVR5Oz126OTWe>eE^?`?-
zqO1qz)WxdXxmThj3IcN*cv3FjUXxLp$mmqEqF*%TQT2{aQ+~d^F#3L}>hjpNjGo|Q
z(V4&Ln6JCC^g!VKD~E;1P5#zPHocu}u`q-^D!YcEjI`YY-E3=}-;#Z!m?RzhcR0cf
zBs_|KgoWgDqSSJO-V|(lWD35RXO!J8%;@SjHgqS7dz=``(T(}c^uE)k#%6<3;d3VI
z-9nq4PY+`s9}AC+{Thy0ONiNaDB%kKlrXG2lVX$O9AQ3I@r+jG=CA8kN&J=|@u8%L
zqz{E@<@WDs5>bw#!=-Zb?Xml2lD$VZDP%jiv&{K+4Sg1`;x1n|dwpf6Qj&SLDRm?G
z9{rK5M%mrUf>|TXQ2E|Q_^vi0^}!-dYaN%i@cwKv8QDSg^25Dutf7t;MI*>`Mx3vE
z`iT8T<aQ(K?iH>EZc;pmv`nEuQA<aqsB{L-Zeax+=nZcL6Hvh>iwX&f>hlW4PBUxa
zSN8@)SeA)eWi=1OirUI#dp|z>5o7`T?js=AqG_r2c=`7y=Ss<Y$nQByV|nz8i8WWt
zU+QJ?ZPgbHh`aRn9|SanMrBGs!}WKr?j0--u^L)ij!oSvzu=Hl)M7J1^{`cJ<Ffdi
z%l(#&JRS=*!`(iM{Lg%3FH4s?eBnX%)%ECsGTbqeUaT`2dal+c-dNJ(-rvA>alxU;
zkl#p7*%lZ3P;sb?F5a;5N|`Zv#wDBSm^Xw!f6aKoPQUMa(3Dc+mC)O4`G_iZylm_a
zjc}Ak^wme%<lYlyHnOt<Jgb)vC_QtDUGR1+b%&lU5LT3n-n%WI8n)cNuJnL+A$m1w
zxxHC?tHU1tu+G<cg?Nk|fulw^Z{it`b3vuDXSbY#GxwN1xy`AeFwZ){-B<MfIV*~>
z9LAe?GL4JgVfcEu*?HH`J+n?Wb5Dt@im(<-_&L?bGg4X=FF3ZdQyNiWine$%SuaX3
z+<2%uQ>(nBNzPvRxi#$lO4D@v%Hp2YTaV^CqO{LR=5OPK4HN9c4cg~ly*g4J6;mzp
zjSbgvk-YHkWB})_ohpZ>6bhNBn;vn`n7k;zkZ)UMDBNABI7WTla*qA?i)PLY56@!<
zr||Eq({D0*gbAjV-Mw#k-+N|n$D(#&^)UFE2~ybY>Uv<zl3}tfqeZ%TXR4Tyymv#)
zZ;p`ZkGGRGe_kot(EAWC>TKP6Zv151Ig?BlHqKNCrhDY(SjG@{tC6g7VV*D7z?#QE
zNu{Xo&Vs2YNdu{mGQ~AtYSk}pBQ&PSyg2>%2rlaH#w`NnRYCnf#^Z!`4HH$rXm>fs
zq*thbO&MY?lV1WX99XnBJLeJud2E#U=g%4FNY&V7RV@YMEnfC38x-~XEcoC#eei7W
zeo|oJ<BD|Swre-1GRP<E{JA@c5=;tkQKXCXr##L-Mzl_8h<J%oSEt8DJJh}(i&cya
zYtPPQjkeKj4|F%D<+e=qjU?azRTVDm$Ig!<llnKutPpv5=Py=ggrq7h0?F_Y8=`E{
zV91?Sb@TO9J6(y2-V_OI1IzK7L{smv^^4u1SYwQ}Bb@52e{%GRn`?NkmPo*TsWo5m
zLj00rz6$wq^rv_I;zK20WjdT*58Qg|neXgFDJ$AA^DraXo#xqjR}t6M4NU7O@vWwl
z2tIzglc!vn#$|EQX;;M)JgF2^DV=tcUUr?!G1M^s`Ek>5(}T`OuBhdJrR*eGPfCdl
z9bqvi5<|!;c5dzMYRM@SEN5j-PBSpQd9+F?<OV(8C)}N-e>pW7z8}DJ<77i@(N^&t
zGwEfvNa_vo9i8Z5sl~4Nd86#%+bicO+v5=zo)zUxlIZv?s?-nYYDl~c;Jlcx%@@AT
zyW4qx{gv>|o;*{g@tflLVPD}F4tE5Sixi-%N5IRi_e!KccRkAMqLGnG2`7bpY;h?+
zKF|>)Ny+jXzvGR3c!47Qp{13s&Qe4c_4-PC8`~QkGn(66`re9JmZg#_;ftlX3w+Qo
z<1b+wc{+2|9Clk-?*x^F&B>pegoQKL2j!&KF5M<68P9<Guq1g&ui5V}1^Gu&()B@~
zynex7!;%8U4IuZ?fSnY>G3h@CJHeh|Sw58d$t0J}a-R%0^`|56&cJfV)K8jYay6Gn
z=&IeOwCG79A6k}w<JWt6`Wf90k&3gBg7zT($aV0-WR%H)uVm`{`0E=(3?HfN+ewrB
zUq4IXN1#=PCi7EDyt(+8#BDg=x_9cIH`e`m{5FCRb#M5!6UBlFy?#dY<!jCRDJzO1
z3cp?l2fIA$?3NW=R1vV{3d9JKhy_*dw=9;Y_~&!nzH~n`cecH#24Vd0xuwLar4nD-
zZltQy2t|8MxMfC^&VG+q(RX1|_o^Hb_(ctQjkMpNv$J)6<ujkZ9p6=tGai~epdd*S
zWrqUAuf!_oJ#&Aj(z+`xJZGyTf;nAsnN>Qy2_HE{gp=N~b(f}GY^yrGC!3V~y9ZxX
zgFp%E4lFbiIOGgyfiR8>GCf%z7>!HvFcu8YA4KeuTyPZc481uN^ZJ>M;l!mXCR_4c
zv!P)z>HeCpq7Kr-{GPk6Mu~$A$xnH1le|$vVvmqcAy4wl+u_rtWgQ>(bjcBAa@ALW
zL}n|wlrN9}WMb0SE`utqNEVW#HF4;zaJbj&agkKIAjMkvu~w|_&*nTJY($;#il%M1
zGxBJ;X8XsZ;x|$L@%IFRUy*BQEUnPC&ZIh2`6lY>Uy10y^J>`l;H^=t#3kbxuf+)^
zS>UwjoORN<=2_mX+`Jh_>Ypzg+#T0gPyC%T>w_Oj<F-}jI!CR>y~mIFIx-_WxUYg9
z&LYQa+TpGj!87Uq%%<P`_GN>nD9dNU1--B8mUrX|RaYzo30-_Wv{!r0JOkI}y1REj
zjcC>Ag(`m4bBo=65&l@dZXm^SMJhqd`x$&(v;jK$jf*p=q?&5GlG{~PLU%}LS1pr^
zY*d9@HM>+8$>Qkdgy|z)5-o#E71>T(D02Mm8wfSKq<1kA`MX*BbX}f_y;@%id(K%W
z5_3Jw&Z+Jipm?{Ad%u)pyS(Ufo%+}B?Av52cC>G)f3PYsTwD23AeizF*pKlg;?)k%
zVqtImZKo+p-qIY>-IOAiSVi=kPwQi^#=$1J52<$dfUne>lc#e6hRXaKN4vD-K`kr4
zHvEkQB}9C`Y9sNx@)Vtg)(X2D@->wkoJ=y>_nz3Wuh+l66MQ?gWLv~~Y43Ub7(4RC
zq};`xiT4XbI4(+BgrC$la3a*=L_?(RHl?}|3Cm%=rXdSBWsVNX8WV1ldTnfEauj-g
z@ATn2W_Hy)AXyJMddk<*pg$ihyAseJ5@@O<R9qQ&D|o2ZTx&;6R$Xrit|pF`9rcHo
zf3F4_=4q2eeLd<|qnk$6^`ZMEebPS%-+tMk5swiS#nZB$eYEMi;=yh5Qgy{M{yarv
z?(Y@ttHqId8Op()mh6>pIklM6h90Y}4hMZ2h;6=gH8QQQ?fGIYRX@)=<i{^gngo>F
zGQUXm$qF91dDzBmrWtzNyF<p@DVVZ5aQAa%$>P25Y_+j!R#j}#HLn$(^1SI_s|{?e
z>g(IU;ZIpcZq756+1&Ukp;=5eU0%mcZk;^*#L&24fOVO=r+af0v1p2TbFqjVx8Zy2
zb?aCfoF!v%j_M;Wxg|fTZ$NF-a75KcTOR?3Kf;TnTB_sntVt3*AHjlnbDU^*!t;ku
zAl~d<c{eD2(b+UI$cv@co#AcS$KrRvS1?5<I|w&#A~0H>H`<KIrv|8JWNYwt;5QnJ
z=^OEtd!`ric;lNDNG3|zUVVMYwQ{do_7ji(=g05AqHaHSmAw(gkWSpP7}_EGW%x~s
z&~r16!!-s$k_ay!Qmx_<Un4`bkV*iZeDj@2G2PFb8JBs!bl_cwkC-2X?(LlWeqqru
z5q4y1-6bJK(aa3Zg1c^wG<j^HbTjX7-%Mx7A*ECQ=;~Ol)A`1cJov?Xgm;{iV;W<8
zw4Qi6!S9-+Pn)$Crlo^Gol=c_%0g@Fby1Ld!A12?KOd6^c`3SaBH;GN)z{MHyUya5
z)Rye`$tBrQY%g$qovC3-hMF%V7>I+HB2>qi<3d4Wz9U`O91@Zx1TE?QO(jzb`?o*I
zKf`T)>3h@}?{ZxGZTHjcuSUBLm%D`Jt0_bBje-IGPgz$NpXs`2BV$K5Gt0eLT~4I=
zXaY3&-%bFE8{M7W8n5=UT#EVkGNateR)q7y!JL@NRW<g=WFBKmj*vUmhoohdwM|nJ
z;`oJm47R;CbnM;!SPlA*zU5pc3YIt1bCcey58~~5F0VsBs)V=di8N05?8Zl7Lr*D>
z$D34UXZh9LiiyR9->=}8z^39bHRi#Os<sBolSJt&b;b{SuHxUfD}}aYc*Y900gLia
zuY0;`rW8Y@K+XfRGT}UfM>R&)=S!INy@ICtNK)FiQ_~51oo826h#Zq%OY~7!MMSDj
zi09oUDB)7GK4f>kvykpgZ{YM=G|s<5)>Q34P-~P5#gm1%Z$f34w;iUsF(IIRG|)PG
z?d9;-qQ@?nJ&Rz!jUaN=@)t?b^vS}adj>7VuHV9l9DdGLZqnG>(B_4_Os%^h!vvjR
zvI80{jHyi6Qz*LRjEYlRz)LnAmNfWgb294+^J7G>3llW?YtBE(SWshr5bT?()xoS$
zjnim+&+IejfLZ=n-8k1+G5!|~hZN=lBwkCIQf^Roul@5v@%p-f>siMGmuPl$O7Kk%
zRg)vSYJZhyy7m?F*gi9_zy8uyE<}_6Zd9=k<&c?w@G%8@&vE&7m9eJprpvv=FS6%Y
z(Xd~rpJ>U>8a7V#XGAj^WFP<hq#J>MTVCUXK4y$l556g5Q-AOzL#PmYE2@Y0glKK)
z`K_e4E8+^b7H>bTc&ju(br8a=Uw6TGUWroP+rK{p!$G|b;H1%-<yUm9^&k856GQ6(
zVI}eMQzhTedz5cR@~1UqJr{jvL1hsZCK*|MOc~6uD7t+qOU-<lW@0Qd9oL4EE{<u2
z`<G!|pq>~f>3iQx)2C@SGI2I6kk)(8%RXHI%k|>ECuTKRw}0Q5j>w`w_ffM6o2pXW
zq%D&x3fa!yPe{~iOi(e<HTNJ1<z65gp&2T?X7uyp`Rj?&?<;T|KHxm|c*RhADCBsv
zv<x;~6ZNkdKkM%l1OnNz?f09~>g+C|IOLMuuATE1`Oq?_eoSXSeZaQ2mhBut(v{1g
zva#~I;l{yK!F$Q_5WDId!x~*I=bGC^j?%^~w6D??NkE|+Y1Ask6q=EJWciKo+9Ek{
zUBmZ2d$p3mxi^(9`^JTKJz>!afj!fL5=~iq1ZBpkrVFm|QuaA?x1Q_l3Nq(u1Qi8o
z{yZ<?zdFfJ`B3j;@h`Kz@<eI?RZ~2l`sAI$x%vK*(Y`G|eNq%VP2bJRsTF&=1X|XW
zm>uaBVKdSt6aMMrC})+QQpI;~;{Nn_OM)|Kr!lx`0-wSfZsO_dsfosHhyNK+tSNmS
zOb<0_4E?NJ{U~Z2-}|;^WrsEZQ_dUpH^wk6t3i!|$0nU+1B4Ym2$nJX?Xs5ct80+L
z?w5-Xik)xhS&xMF>b-hU?uu;Hz-t(ZU9-JMpso7dmb<sMrh$?<^l}BAlxBWujqRjk
z!uHBy<nDQj7qXW-9L<e7&lT&aZRRl!)t*;Aj_ZtEmg_4LE<za_T+gR&pym|5`$5HK
zXEyuJ`BD6jI~!Js1B*@ySZp%?=;yVg*EFEJ>wi_%rGljQo=_t*lIGoq%++im`KmJB
zhv>d{9Q)do<9aW;6g&I+LyHZZK9SHH6llC*Yx{IB=c9+CCU+S9rBNa*<K8b&9|oCT
zQsq5D6rcK-y}PlueD{HHxm}lUMY6P&o%Em-T{=Gd=EoenZ?cIqcwgDRj!lJXGS^@(
zr7;Z3&Ke7wk7hP|l$^KgmXt0NY_}DZP!xTWLS8`qG4>H+TX{POs137E{M&=f-HZp<
z=~Q-5JegG<C4|TKQU+VCXqJuSn)!zZv3Ek|g)8nD1tH2QzZ@9i%}2lf4C=)DHSUS9
z>2b%1>&oPc8`8>tCc(?6DQfYU8o;nn-y75Ku7w_S6+h0Ur0hEcI?}R3z4=Y?A8+N&
z?a}pyEE7&$Cr<|w-tH`jEow(zQsn>p<=iJLi@H@kuD_#xr5we>A7o`&u%Gh<joM^6
zBX;B^<R={j>c97~bPuq4WtbO_wrht5&M(gi0r023P(UfywAn^I;9!*JDVmMm{N%4Y
z=nig^IzvB}<e!k|@+g#|;ae8jbmz39iDQ$o@_5SbYAa8)|9p267z@X+w5j<T`COt?
zdsYvB4f217t)5PT--j4P?Y;IlPI2N5+s@Xj>hPqk6r^S;d+{i|N?s_(&0y-XPNN!&
zH)g4kWxFMfnIP1#O>=xeO>4bsC@kniBOxcZnMS1Y!uVVF@^^)`s@jK5iT+0yv;$(3
zM7L8q+)cmpf)Br{KimBlPB^2O1s+Z`(rn_55rga6iPuSL>0c;CL^;+KUY;AO@STt3
zY7C54lj_g0`}{6I_0^5-l>PRr9Hj6)jNU-E9r#lFvvKl;eqt#c;vzg&DV=qx@fbYJ
z^j2Iq$LdQdZdm7^EAQ^&tlNhFdY2@@DNy>#3oU{J>6*4yd1)E!r+o@BdFeLnXEc`n
z+Vg$?dX+?d^1?gpos~4Be=Z|4r@l5qHa`vq&z1+0=W>-sQq5gi{$nQdmICS7MnS&1
z!aBp*S(Xf@tqR_e^YC{;No*O~8uaPsQ}{mG5?jB4N~^rwoaDo<PEl!&i2sMLcZ{xV
z>DoZ!bewe1v2EK<I<{@wHab?vwrzCBwr$(KJLjDDen0LQcPD$STB~Ncc45}@%(cSo
zj?OKKOO&(j5+tjIOXk^NgXec$Xc^d-)GkQ+1{p>1RLFXb10BQpy(cFWGqW}~du@@L
zci@9Z;+8!=r`Zw#?T5CFl0tKCLZxYKEd<V@ru1*<WZutNWMm*x$_913?B4z6NJEvl
zX4fzpql-EKHNs+0;4b*hAV*Hpe{?(^?cfP;9C)5Ce|5`tkI`PgzP;MREwIimtzlQ8
z?HEJ^W4GJm{`y~Du=)Q(-87zLIer~N_kGXx&eSt}ll%t<Uf@GU$gu@_t(U|V``i*#
zeYt%2(a7F*XaRboa;t6@>T2M(u)!Rj)4$Agu!DbT4Ie7ob}4@h1Ii~hYFg`GA@n0|
z(tgMKMYMJb<DiGQHDsMqUoq<to7jh5{e*^kTSMxF6(41xcuSc-36j9*Q1<_2NBqOo
zKoY1zoN=1|AJHT*(~Yl+f;qAV01^j<pap$mbZ{&slLp|%(@`v<U;kzB7!WQ?xAcfU
z{^#-iyH5MR9)>m863yt}{$k3cG1cs|l1(R`eX$Bsm)g$4#sMKl{tXd*1)vhBaqNiQ
z_rYl00+Iss3Qh0`>jA2}BmO^!0>{iy(O*~~I%io<>%oM!S=Fx`zzf3U6fR|G`1V7Q
z$vSsaX!7;sf#qz@seBwb|CZ17QO1bf@RIdRoqKL?4SbV}cY0K(UD}yERT&nKIzrq!
zpW+5(vm|x8^%uS~CFrENb=kQ%(|{6>x`F@YeIO{4<u+uAF+s^Wb$eurPE3-8f1`>u
z=}(mYur#nTs7rp$wcONXezmZ{lm*&{7;ND4GVBcw1NrIF1^c7s6~6gimP-!pLokUd
z=H6l<Uqt+P&ty?<-to+~>hnw25~uZkry1me<a=M<%#(s6BzD-qQylIHTLuODhi;^;
zhZL8h5Vi6qLZ#rS&{|8Oi2|jvLld#bKX4-O@7~vtU`%kD&T&RvxI5?8UP1_g0N6++
z3#5Td=?f~{*(>oal({OCeRk(Z_(XiW9ZcA0W?D)|wY~MA9%$ACxM*j|P!8oMuUINE
zmM{jaM<5aTsw_G^%1;~%c%5;rSB&mC<{aPoFU=-;CYS^$fxba97-UJt8+H0BtvVBr
z?Ba_pIg^mPn%xs!%?Btz$#qRMbIGa51<z<2&0&Wf`XTg8BBduT4YLaN>$ui`4OjcD
zY`lL*4E4rAZ!^(lrB@^We|Zd92(67DO%3akUs$+TO>#m2BSqIzPcowm(nto_0l<J@
z^-Y0$_;to1<Nl$=wgTu~2u~z3I`>jvBZ&rp{NN+hq3I70)J->MiK@FyNl8iW2u?LF
z3`Aj!+X4Jg07M3K%;78mkzwhJ$neEt*mhpn03&yc+jV@m<T-N3!#)g%`e+Uy7r?(R
z1TO8H6veoFm<F9zZPtWAgZO*U<8TY47?(Hr92a`*v#+x}n0XsR$^5AS2za+XD0@{e
z__=M_?abuE%%1ylGcL6mCXTuCxRTn9oWl!>RpOb0EiZewop6*>=6_}Hv$UqejTm#3
zf}}Uyff#c_hggvO2}bmi-d_Uk8i4ek+s}21u!8gswWBux7SNG>JsEFh_nM2r=#D6{
zAO;~-DvX5%PzGI%K5<h%930L#q4H<v;9%Mf?-5ubzv}a8yXlij_rVVR66<-@q~j}l
zSZx!-UBUN2hu5)+w%>R04Soj{CR^a8GTJlFe-mj0xmoiS0mgK*od57LS9y|_*$cBo
zND0R-XdNVd@_big&gi&oH6rC+TA_~7K08c<<{2=M(`a2!6+SK+JR(7*yVc)2jz(d^
z;Z}oBGoLH;OATFS`62#b!Ik*%p)?EDK>+a(hx4N5@!8XVMZHuF5T3o>K!|lP;t*+H
zmT979p9`<at||rf3iD+>HjVasDF5R`Y)$cTtUviMDOxD$o4ACo`_h5OTt|?$xbXMG
zk78>q=bf!HtoOF?pV(gK(#x<@zqQH2hg3-qcjGv<(!)>%aWz)dB?h*7aQB_edo&8#
zSEsJtMz?9@;9uxEml|>YC0zcrMiim%F01qX6nN2Nr)S{_>%Ggo^n@@Y-5Rv%zD2AL
zI}60wEQ6}{hJr*pTfg#JlLkd}K2pY?s>jZ{UB4j^s<?vY>|2^N1XZgx1XX7mfT$${
zfD|oBDz~ITr|72cWbaPx{VS9iYJuVfb{(U_kSda!L56FLR><jOZYq5dc4Q9I@1kZk
z&=l&d+S#@`xvOyuMmRhxaBaC^vRovE!^^W<1DC;%FWpYfu8DaT;Pejzo)t+GqsS>7
zVu+xI3&C$TBp4_*VrPkQOPX|ze41_~4y2>B(lH5Qj4%^1<>#_fLcsI`3CAbACddJL
zVG#225ybQ>*%|W&p|l|ua%Ov@Y&uBNr!hkwqVGLNJw~6V7r40ZfCIJ-d=yl?3|8c1
z8Ow>d@2sAAaT9UnIH+jh84q--c)+a2_0AUNihz=j-?xx7M<X~`S!`@h63HHgE%{yq
z-4mI%p~|?~V@FMLidHy@TIfe*$)c=@Fh1Y|m-w2`(od}&`ysJop4i~)-Z6c*A&X2x
zKGHJ=brvky@yr_V<Yr>D0KoF5*AfH?Vc@=iLwOjhWl>l?I}*jyP&i)?N>f)$Y#%}>
zB(-?hQ!ei-9^6c9riaovCY{(_4PX0i(k^Vo$krrn2vbwPU{zblJkaf5P%Thx={}f`
z5CiGHYlm(#@oXU=Z7Sk4M?~=jx$a*=T+RSR{Wnuw8Pevu>ZdC<rgbpt<1Y>EcLXZb
zVS)H}h6e!JXWNZKRZY<Bg$E9y6|pEQ(yu2*=r-%}+xaj}Jo1XEYY?TASg?Q&&rpc-
zn&?*+hyl|U<h9DPxP)EFpD!*L1n-)J<fRdzn2jl0u47&}Sc$Hw8v3g}i7B_sp38xq
zuFJ>q@phA!%s?2Xn!n1V>!ST4eR?NpTrvQZbhoL@ydwR14lC~w#<-wJ@+a4N_zT%~
zx36vfU?axr))o_P01E>h;6bLdC#YTi{xiB@PTDbTOM4ivucA<4!KSkFC(=g&%;@uR
zRv6w*B7=`4Y{ZD6m~Rzifb4r-ChHvcqu}&J?gA$z-W8#rJmwjE_(&5}#lE`fzZ&Br
ztX9&zKC*x6V#w?w9?(BLCv<<Zl^woFBky?i{m}dxqK4DBiZ<~5dg)hzc`11R)n@aO
z%)zw|n_!He_&CjsFq{cfKez*swU-+d{GyHP?XiD_da~WK{(ylBTk+9nNMP|yH-B|J
z7(4^fNhg`-dyW|v!yEt~5R@IjW5W(+T6DwV#Rsey0)+oZLxuGFS**tagmBn~;p1ul
zW3Cq~a6G(eG+ncTKlmN<tlDjEKuA=yD$6CbCrl4_mtpd(SeTVMP$5v2eLJ?z#<Yzv
z<9uXLkR{P^x*XnFY;b+s_d-<3>ekPuirxQff@FGo3RoC3w3V{QJpFVE@-4vuu<I}e
zY#anR*Iu#w68Hbnm7`-0*lg=0*Lz#sHGvE-)VmDLXpFBCxm&XFl>>cCz-VjA(iopS
znpv<}mUGg)1TuM9i(jy<Y?^q%V9m}HLvKxh{Tn@d-{}}$Pp!gpEnT<x5W%<CixbJO
z&bd0kx0jAVj^5Rly9$mnXEox=PzOy*9Opoq{nIDuNB=JR3>hho88Y04aB*|8=PdqA
zjD&|d*`L0rgcUH$T=z665k=Fo8|*a6v4(Uy9Ii{yF1F6jlXcMSPIV!Bs}>kCO}8ch
z%pB*inG^jQN(_Uq)j<OMfVserK8_>ntcp?*F1!W6_(k$dk?C=ON(JyIBg!>HoYtiA
zzC@LL8n4nBSKWFRbeO`_`(l0^hd2$_zsYE~Y1Kj15iSa<%)q9CF!b=3gmwvJZF0LO
zm)pc%BAaOM;s$3(Yj&Rm&X)C4$0ES(ld{f%N1EMtB;ge?6_nRMJw95n<AM-#itq2q
zVT_g3dKuv|(VN78xe0o-5h7<^R36^<{jj<bT2Bv?dY_C=k1S2vLz4sEqu!ZYA)0a6
z{A^oPppjE3mKP`(r~0!6Dw;H7ttE;dLrGcNXfM4?8Qp>#D&7C52JTNO(VXiLbs^x$
z19B|6ISE3C@o>DKzA;sq3UM>!vm~6`QXN)<%riu7TV8+77-i1PA*qXwyxngm?l^Q$
zQmu;o-W0#CZYf4*qMsT-M)e+Pk6n@rT%RleR2wGnKlE-9KWIEQWW1vo5=LOqKfDf}
zvX7)ML|U#oB~IukF3*TfcA=R>yWA{VXM?0~Y=!sRozJL{Iqja$lg`H;(80rk4w4zE
zbnK7R0w@(xl!v^#rYeTHnzkI%#z;j9%z(AMmnr#-Qxw-CX_Djmp-kj=?rE?I?}75W
zOc4K%X;9>iR^`*d;x#iKzoRh=Z`at<;?`|kvluaty_qV<J&IeX`wgLbJHrf|KEalY
zx`Y*|FkF9#06Vxzl!w4DYpt(MMId0S=@5PAp11J(u}b=%JlIW9;VnXJp{Zz;#xImF
z0s4T%<Y~l@{mFYapx9eC5U<6gZYY<bl6$UBYV|}+6SslyI4e9QiUd+0<vN74tqC^8
z%Rlc@UGD1c>MKbK^Ke8vORgEcKt?*o_^OB*e9?Dek&`~}-e`?!#i&9>;L`jDR@)Q2
zEU@SfgvsY1EYtYM9BeDJpWok}M{J>|=QBnEaMsVLD>qg*kD{bIB^shLrDJ*X`C#}9
z-{qe=wk&^t!|JJK%J*u^+f0jOhE<HrQCIgY<)|zg1OF*vr7`8yMn`FK-Z%f7__Rnz
zPbP<gTh2j~<ca1mbWfEf)wK%z#}TZV5lG9;K<(r;n$$v@eEl$<1+E~Za9$MwW9x7$
z{1GuP6ZJ|#xI8H1VX@-+_WaW~pmx)E+)GVIE-Ilsi?wBUOt@qv+EF^VdaBW+$SGjr
z*CXwO%P`;;duR3+@T8O^qa{Xblpn?JtG@YtnUieCSVaxgg+|LRwtqa_bvOrN_b+PP
zJFaLwKtGYg%<EtAJ9#c~^yLfwZ^<A{P8SQ>+SHWzW7M6vuRudv-e&0CA`*U<^F%>z
zP*TIgb{475pqkS=I7##__?eiUQOL4v7u9zfNB3pc>B;kN>H392%N}j|yz0SSKfLv2
z8EGdgeb)+2r*;3OKSl6&m*exJW>=DguF29*r0rnJHK}Zi6le>#q^@~dRGA&MH;?JO
zq-Zi1_{0%=DgT`m3kR!&kx#8jrTiq~1cfxKx16lSkCKZU&B066m&3QSI2mD#qke5C
z&B4Q@63>7QaV*+-YLHw!Af?T7g%|i<@$m<CcUFC@Hjj+J?M>!oi&o2arPiX!YF5@_
z{3lZfx5cDvz4LJhs5bFp!bSu;D+#u8n2s*_;rrh%S@@lUp0Y@*rtN5axD957hT-dh
zg|r!xHQWkkkuK^`H=36RboXQTk{k*WEMz*va%I}p@A9k7#-Xn98+;z!i+qPh5f1p1
zqLin38+_cALThMGtF<|9g{zkDcHn}%DFXbIYJYZ80KA!h@~QfA(5)Ej#kKfyLXG0w
z*lZN5N+Ryu<*MmSD;;I?W-TM__dRp0u}5q-Gm{v~o-4xXIc(6ze9s)y5<fzkH?ed+
zR)jQ3dAoMVcaYJoDEZ{PZ>vkr7}N8eG3yhY7Wkt9aPYtLCJkhQ6kKdHYxtv6D4Ork
zGRX1Y+)bK$eiAGwY}aX#e`;<EXHLI({S9vxyJ1eJSAD%cRVvgJ(7ha3S3Z_C;#&mT
zQJ(YnZ!w>&2yM6qzYtn+i(cc5L4P13^;<_%3Vk<6vvDke1El2dlFDM6DVFa%R3Dtg
z1_7~L436CUV!Zv%sAu*eFF94*Pi0~+ImKaVdM&wD>ZuW0uHdB5R7Igl9icKtm{iMN
zXr(}*F==Q3hhPqv>tfJG0h{0r`RMcr`=j|f0l<P0hCaIo>9Ik8$qrvV1mEwBUp7L?
z=%ans^$6-(@Xx{Tb{_Fy+df2`MNZ1!2Hy~@KMK*{QbKMYkvnJd_Vg!wUr$?Fr*%~j
zj6$CX!L{V<3X?93`rU%sX?jG1Vfu{=r;qMYE)n^0sD0c2N<Y=L{raO)`Edzfst0u~
zt220k@3-$q)(=7WMsnP<snP;(8DYQhj4Ou1wOtuNCvC~|3(k1Y&?`*;-08!mg88;{
z03&<PpqI*bS(Qs&&BUt?lqzXiFthQDVM~9>#5Xq*w(5v)sb=K$f&Pq%Z=*j%DXyr3
ziJ+%HL>WJ*SH;q?KOExEFTFnw6%o&`TnGod&~dbk2rzA}1*L}9#x5w>p9)-BC3Cgx
z5wL{OCkGG(l)M+?1E};|G$i76;pjQ@nDLb4tPlk`mcq!ywnKo06)Qf>wB#mvp;aA)
zrYxXt^=#u{h#NmEt%mC5G;6#ke6q-jzXnpeky&4pZq@rSHb(5D!8Cm4({5Kar3+H(
z?M8bLN9I$t4STW-cdpnc5eA(a<H1}@|D0C3Ii~2#?+h2*avO2s;_lY>c!`CelL~+h
z#DP*FXy?JK3m=8R+wI&NCG+C+KQIo|U9TEGs&C~Y2Q<N^Be+DCnm*%g3c|r|5sHfS
zS#L<NH>4+-e%E#MC}DR)AZNy*mtx^8cYuW&V8IsErG^(tC02d&Jpsun&kYuGSdrDB
z0>I!Kf~lAno_qXr!x9!slQq!yZLUYDmb~h2b{ha^T@z;ioM+uEC|9nY@A+laFVI3)
zGS^E=iRtjtm$KI{xS*?k^Y*(m@W-5T$U(||&CtbDjX8jUv^8i=i(Ve+H_cwezhdQK
z0E#`BM)ut*r``hWZdl}<e_nSQ05VwR-lUQ01aDs0*&;;qM8_N=yb~mlza>P=o-TLw
zRl$Ke?>*gg_5O+IHqhph0x6r`BgC8VOT7=;u3Lrz57jT|_7+rrmgwHir(X*NY+A?n
z$Oa{jH?C#tcXS0imq$CcL``<y=X8+n)0xO;44p#r1W4OEyFSpo?m)!s3w^@}7h3jU
z@>a+5#+|pw2U5T7J35<hbg%2vO|!3G)%pi8l;zpa3@?e=>CjJ6#LwMYginV2sUJ_>
zXg}`sgWp`}yK9wP0?7yx57SZFs!-EYSIqu4(S(sU&^n#Gm?k(-$0fSX6>7c8{~@^<
z#Po5=D#%nFTZgFWN|lTqfkuLj?<vj3Zr9rJH)4AAzL%%t>x3#s^c6s?Ut01La~<Wm
zzf@;)<tK*mwCxN%n(G{MwHN41tE5^q>1$orUY&9x9DW?-YP?kE>I%)tRoQsJ(^Pn5
zybNz4S99&vX!2BNh0WBaFnXK`7Qgc=mDoW%78H~Vh8b`!oNJT_!=y=B#;g2CX{Dsp
z8!!Z~=<M`3&cC<p+=(`-q5A`%HN+S&Uyx$QJhrf~smj{%O@yROwVM=4PU&B8k_*rX
zjNK1w1UK$P+A7kK=LrkhS8M<TXftX8*y`AbJow|4M;OQKmt-q>D~t$-da*^KG^`n!
zVdhV{F?N$q>G9r<MR}9oMGCDL^u}t5r$-{ATqu92ZmyT4$f<ncob$8TAa!<Wdv^z{
zbTpn?;EQw#5umg`Z1!~o(MqZih;rBz#(+TDKDhqvW91(yrN02xmjYaVivXp=DFOi@
z0{$8TNh4JpzzT?R0qnP8F8X}1aWa;%!#bpQ9mWM(i|t|?z#4sFLdpFggCCHtHuurg
zf9Ymi1AK=01OYM1ajMEbOhXX%R~fy>#+*z5n4mdM^<Qbpaek#l1_E$uTOHay=!-(7
zxh+y|3<(<;D)bt-fGA5Hi?5xSrO5O%6~2mrm8H&X9r6RjQ6`dcdO6m>N>Fn!{<!S`
zuDNCaE-FX^+UFfldL7<zyJZ?47}0YaF#P@5_R`v!-MPJ)fE!-Cj-3=^3F|ZjetAX5
z28I$&E(%EZ)yu7$v7A&dlJrxwdj~t-ufOF%#H?*$6v~3CAEST1eHgi&{HQ#HH`!fm
zc2%xEynu$N;Hk=UypiiNK=b`;vUerOmx_pZsr&<eVjrh>wYIKW#op{2Hjph!n)Vuy
zW3#U^wqq>mM-`~H@Zn~z^f4+W`W)h?G}%|w{6b@SuC{a+*xtkR0KI-C6<7(xixn$l
z2gGn&F~&WbwMsEeN{AIJow=gXx?=EXFRM-Itb+GUWsYsCRF_rHVM;s^9ihs^iF>(P
zbPm;zlI{NaG;9?JsRkvrIBBuSt8uw5214yu=pMW8Kqb&U5GiHi@_AZj!`<jSAm3=M
zPxzS=0?8?WD~*={s3`@k!H{6%ZFI$v@X$xGf*ipSA2Ph$DEWv;s$W-6qBvbg4`Lfa
z{&vd65Q?<<jc+63jgEhR)QroOA9>V*C)+d_wc`_&wy%ImUqQcU+6Rb<^LU)b^P(un
zuy50V^o4kcIduW~C&u~l0)+#-Oy(=Se8usS{ZQ|^gZhkj1FN8cTADk(L@=PA;lZHL
z1zx9*o&8h~2PggTrEqyA6pb{P1iz_Esz=OE&SYH_PGEcZ{dn}rIS-IZK?&s3-5c^T
zsd<LE%Ih?%o;XHLP~4dN-U*9N1TCuRb>GTM#a5wSz3V9%d4*V=Ms?dJVvKxg0i|R9
z7JWDDj)4!QKqi!HZekDdOSh&1Vu%(^v(!a{q)UF9=Jan~Ujbjq9V3JE8HQss(WpM#
z5C6osg12`xNh`}><E{Z)5I=UcF}<K#AW6gTc!v6IDL*hcl+=DdcKx-R17HhC=i7B4
zq_m{t%R9H*QjA+{Er8DVy$VNrE~7&wphUa<SeAUbWOfc~>1}Lq{_ZaM3Pf)eTkdmJ
z4q&4br#WP7yh~>N&K|@Q%{2q3I47Y_U7Kyh{Q}i^SJ62V5ogvM<EkX6&hOUg{!Q`a
zDqUWWw76Gt=~6iGaz+}8+Q);Py=_h6i*J?8VpMXde9K=JKXF1z>DLfT>YLah>du^q
zSPAEpHkDtV2gb1fYloXqatN)xtf+2JNh=H17R$ApJ0rPmGm}>(fvb}L9b_+V-?xPO
zM)hy!X#)eU$}ETyNUfz@{txWqsvRNohC5wOdlCszVyHZ^qz`rXBdioH?;N2+pqr%&
z<Z^S~3}goDp*EAr`>Hl9Q98?HAvF9sMaZE<n<Ua`9at@)rc}k>^_%mwq)7QG(N}{d
zJ*wfV{7KR=)UH;&wZ*g5qEVK<&AXK<C=yQl=7BR5ZV^J}na0bC!xgHPBJCZ&RL%N{
z>a;6Tj8_A3^OY8~_zg5iJ#0TBie?BBBa(<*-hB$xW>BbXIyptt$aYJ&(82fq7S-*r
zwX0J`wlC94lrD}zGnn#kVPR&0ynJ9#au{<XoxE^{?OSDL4{LlmFb~s@wJyf(>Jyzv
z){|ILkVif>zsnC0z*$LKiK&SmYAnU~L`^i-vec4b+hqVpo$6jpgs^=$yC>hO)G|ld
zX<w!NR`K|q#>1H)V-mJ^cYlgu;q2(0HBqO}-5XyO*)-6WpfD4<w20)1f0k{n6hf}|
zBf>$F3A299)BdPqG+P(9MvLKmtEKfF<Kd25u0o;mFlmlkLp8Bm;bNVH;Hk1r61ul*
zodj7Ws;lB*Wqse)U4H21XRR*!YhuO`V<fw}X4dpVs9c1AE*1O3K_niBkL<iEtNyXB
z-k^=@^SQr<Xl^1lWb0~DS}5Qt7WF-9Lq(;P%v!an<9*i-j((fiJEmDyY(VQ-IMn3q
z;`~mp)9M0q8v1<J2QhJ7Gf#fGp(27-^jekkLW=SF7ed<J`}<4bfJwNvGhck2uDaXN
zB}mEHPddgq+Gw<s%oW)-em<T{KcC(RCT|8ud9Q+~NaN$lPWKe*(uRAMlcL$V6KW}s
z9N1xT=Lj-PWYOuvjgK`Fj^!Q0GV!dtgXCvDW+!6#$$s>hP^Sy@GiIo}5i#!$b)|c-
z0it)x6%WJMV=J!w4*Brn6gjQ$zIj?Z?e~z@;c{*4nq{u$yvI!ZeC(B{#>J^3-OZUg
z1KecFWs`Z@$zrokj!>lo2iy&%fAa^@cW$VI?X2^PP*<WD!f+||1-5F@$3z8X1$a;^
zBWvi<xW%IxybYAClkUTnOQf9d!+^a?{Jj*|s{gN;I#@^s0$1J9lw(Uha3a?Vki-UC
z6T?qI!3@iVA}!UT!7T*-1hzz2;{6Ajnoy<H%B)$%^2XjX=OsV9(~WygdwT*y`k<4$
z7^Jxzx^RJO(c5*t2R2h}Z($)9Ee;Tb+NgH+nv~5vO*=!=|9WqM8T9z{rZspcy+<8g
zr=@_gxU=PPVt*C6A(&(}_upOH)iZ1;&+!ql4@VTAD~?_J-qL-XW<<k|J4j5*CHRXI
z4B`innZij-b(@v~Hu7?G6jiD|T4<I#jV?2HaO}JT+Rr`4`h|qJ<(=_6KZjObu2=^p
zy<>Gk>lcSW@4hK26d5Ny)k-)pKBIW_<@GnTqI|wtrHlkIdu+#Ro<r?e-D1ji9%S1E
z2S*;*O{sJUg50jFcZVcL5G>L^VU~kLko-BG2)D-7YDXuF72J=gq1ie$xBmXsYVLb0
z_n{dSIBHH_au=|XfT!_Hf%^pLu-5*EhTPXS!5cURAoe=4QmB0)^t}1z7UvW7aw?sF
z{Gm>Y*RI|QNrS%UxK9~mT>FfDW9A~9Bw{U6c{PI~cH(NNwJbXpvANyvUtW3+#s!b`
zO+}BaoAi3{k>e?0knzGDU)i%&&^*z+ypkuq0ocLF5_3A*V75+Uo8ZsU@sK`?K8xUs
zXZI{i@OQmWN0fnPZMwD+0{Lc;e=ell#TAy0u-ZVcg?*4SnPRSYm!mXY?*)n*DQXhb
zhafKhveYHmGrFPiLWefG#1^y_RB?zo>lcERgOG;!_!2KJ1UD6yh6#^1OdLeNPCyzG
z(BTy?tJ1KII4<GFq#wb%e>kLuVG-kPf!@Km@9%mv3_?42*}=#3))mPjSzlY<?(Q!f
zCh~);+i$MHEvKpdZw<7ekbu)$ywv3sl4mxXU*r3a2+f^>(awbuIEhftfbg3IX0KrX
z6t^aVpb*gC(3-m~p*4#aUeTT%1d78jj&VMvWU6jI(}-A5K-9tM;W8fs%$B=2jzQo>
zIvVg_EYTpe_sLpn_zW+MMUk7tyvy|-o|Z8V;a3(BA4|o^?$-z|E@nU?9)^vK-$p;L
zw*`fyz>&P0J4QcjJ(pq(GZ?Z1EM&DlwA$ALIxKLFqG4^Raecf+(-zfg7`iZL)LGeL
zVi<cY#t_Z@^5|N5pNT_$mg^7kG+hXs|8+pH;u$WE+u6fiXTyIu=YVXE8X7o7gV0#s
zhA7W<V6f(_TOLVDLpd)VGA&Uge$?y=p61%mh5iu`JjXw6T|B|!y;u8fX>ylciVoHk
zD!4?{?zifhN&20xn|EKrT*%I{Gc<9&)D0`TchDb=ML%y>VYXpb>s^<lr$lr3@HSQq
zHp(d$a|g;MmAyt1kdZ(%`jo|Rbzz-Hxl25ZHQIph6D3XBJ4=XxW3VAH7RhyjX)!`_
zSXfy)61|4)lip0c45C<+9PBA;25H9!FX<i${JB7CNH%NY2`KD32lJJ*7v<59%3rfx
zjKfKL8T#}GE9%Kd70taR6S+=DK6f$LN7cy*;Qyab)&E>y530WI{{8!s_*bUtpU;2d
z|DOv$s>)7Kysxqvz6Z5y=z%*hJK^<g6q9&`pksQ_NTc;uKQf5A>&5>mVYkEuT2F<z
zP%SHMDUbu_{6}$*D>;s}ilQzKvZr#=B#!cR^*#fGKIT#|E$0%H<(Gk?0F46=F_Vrn
z`kz{B*9(_~>CM|GlDi~aBe)yg<)^lm^Rm9@+b;u6Lw={hg=@Bj-pzN6-_$i1&eKd;
zo1I#{4PVV_cY+CDjZ%?UPw%zI(pZhC-ZG_Bs=StMPsLgtO<hZJV^mAHoIk`L$u*`h
zU7S2#MRN$@5h{db4QH7S^Xz;?Cf*}RGKB(?TDolS=UOmvq%MA25TUwKu+$lM**(GG
zE~-I~=MAY|O~>&A$uxJtMw@;^PR+n{!X9Fldj!@_8sq%svQbKhVoo)mtUH+7mDC*<
zu6aM^?lyY-n%nf-T)NMJR2xc3mLur{p4dQp*J}+u33uJd__~};JyXs^6CNt{eFm5@
zgvPw_Ix3R-*CT{{)W=FV?8mVZI~dv7nz(MI0G^aE-)ZAmrwvpKdZmas40v1$1+NA#
zV^Px;3$Gp(YdWr{7wjVh?^e*ChzF0GLt?ri2PNH9R=wB9YcAQYnygM?GP(K<icfK9
z<~y-g`(Go0y>+(o5s&$cKjz$i(KT3LTEDWJf<t#HxSz|cRT$$>_#@j6N}idvus(f9
z4%6!jd&uwIh*6N8L6?b}BCC}%(VDop9-Pjz7I*8P3|*95+OAKW8oW@oxmOpSU-zsj
z^hcJ)Yt`K+QL2Yr8yrLdJwA7ckVP~8wKlh0kNLcA?}@<-q6%MToXv#Ago_Z$P>~cM
z2DFS!JN4%BZBMG3Q05Fk5D+_ctq~(MmViq>&l1UaU~mLXIbGV<8ii!8HBbdwx?y8h
zO7TtW^^mLjyVPemqFhVgcGam448`{f!ZeppEg?be!x)JbHl~)h`W&mfW}6NQODmG9
z>n5ws*QOREKMBSlMhVB!FA;ttMi^@~@25g;ro=!21q7Ssn;LF8N4cD5-AJ5)7Sy29
zc&xy+YdjBBr|VGjk@&-`^k+3%K3<Jf3`CzeTj&ZiBy3pLu-4luJx#J79}L-7*6<7s
z(+Y7kmw6*+vkIms36VCo2P#i^NYZs3#9db&c=BNi&-i`*BSG{fQNs6kEa#6Q3;n<r
zUZ$8YpP9>MjC3Et>Snokaawi;L^&Q6o4TgDYG0IN`CRvqLmYE}{c7{%*xo@bcJ>Qr
z#@mFL_oLr0Qf_tWpvFxva*_0=l*FZ<+K+#O$UBb8T=Di6?uk=bkqm-2gc5~b>yi!l
z4%&=a!FaQxU<Jtlk}5X+V%ZH`wqrE?$uEbhrM|KIXifpr%?e4aBo3enpQ5e+7n<g2
zrgHLQBCizXC;=+;s29@DOf@fi<IepBZ!y{xt|kQ8S)UhOSI5Yqx*>gs1;%Kik5Wi3
zhTA{lPnVB8*_q*T6hdG_3D;bg!QU{T$s)?S_gTL$dSB&&k@WwQ-3>6~<DVl|-)$N2
zshbx$yRdK6zqNgpV)ae~obD9pnK%Vd&bD`!B8oNN1jD^}H;$kK2j8P#6xj!{7LK<Z
z6w3HZj^Yd)jZCIqZxd29)3%D^GH)T<LTPiUALbBZd`xlGrC9Lh;Go&5!|5JyzeWnv
z2?l;Z(r0W-sxk-K0-jcmiQ^^0n?r2!F~!2vjU2@CaXe?FHkWygeznxCIBCaz(m1~5
z^F$1@f9RncM*)J3J(9^r>FFRZ8JhJ;Hp$`G&UmNd^dO%d_zhGw?{DxMi0*77kY`YY
zNi|?E|MN+XwSSt8;P-*U&rbd`b=z*OlT4%{nb+_dYV7WKQncfW6Fnmifu{%1`ZNKS
zL$yba0*K?=*60X0R~zK_Pd;_>XK6nQoMzDTlBn}o>XPBzWlCq13-_*~;<k}!MSU8+
z+3{z%n{*E~Q{tw1thscyM5Rn#{ra~M<;>YrltUGVy0X=c{u9_qH0vW)hL>ckP|Q`x
zdfLdVg=Pi-eyInDS)%glQuz&awW@heMdK2HG&u>JW)4vPr^{iLx$KK@W!aXNUewcP
z4FC)hb8jj$rbAgF11xgb==myhe3X^`##@IN@D;37N9Bxg<=#|OTsPjOs7anvY(02M
z6I~f8GLY6`f`Lci6GI0%E-7{#zh`r*+4)TY?$#+$-VmhC@=tj#k}<D664c!RXq&rR
zA0e-zjbw~rn#P@b(z2Aokim3uggvE-i)^LEjIT011FDJ8Q5?5tFxy7WHH2o7*}wX*
z1yI{q#YG2b&;o)6ky)~^X~QK7@6hbI$}9jgUF(0uX{n3;Y7`xoCWr@y^DJazi6a~z
zey`8MX8{;OO6qbpsi&lvn-Le80f?k#R>A|S7hp1IP?Bb|??U?%O$E^8_=n@MMMt4&
z{Ij>W9Av<ty_IG)*_Y36*?<BM@+|rk=3An9%sYLTQTw5s1NlBo63@Ma!?Z*`>ndf`
zt-WFV(F2);_lqpeaPvU-3`kD?!zuK@0LkGqWd0l7A#PsGy?bL3ldc265*^X?^}_D~
zp3(RHFrJ^o$P=mZ=jMQ~2V?%quCWn%;5<iNP+k5?V_p8LwHk2A!`T9mWw#bd9iL3I
zx;#xa#|B$PWx*Kd?n<VW3SKSE<-_U%UTx8J1)qWDYz3dEvL9xQEsh>U1(3UY9`dZE
zbK*$2jo`>Vcv!r{)-`DpQO68(`eLM>AkGK>kXhsG^QQcQg8E9&(ppZ#$<FK;7)9!J
zgi>98hQsSG1q(nAX`^7~CnIt{&J;fe?=(Z{E`u{QK0;Gov>cIO)(t=cOX-Q%Xeyx0
zr18nCm1#QP6c{91_YL=~&+~UYW>G&et!EEkDeIlc7I%xaAI|pn95cinJGKt5jhD`U
z5t`n%AjN?V!gess8oPwv?%9+syTQklKT&lj_CvWMPF9^R?;+C2IO^$8x`Pe;JyH!S
z=KNf|^Mz<(IKlzugm09Hy$a*vl^{WG0~)kdDoW2{1Y7YvcEv{*&v++_=O2QhZ6Qv>
zXmbD#Ix%^gtGaN8X(}YX?nl#hUgJ}Z1$Z?Byuv3f*onKsc6k)4tDs0jtk(iAa3Q5)
z88H_16bGqJtF}MV{t!=%58VylS=7%>X85$~uxXH4lq2w|sPObv;Q8Z&1`#7hw|zAH
zL4OjaZXW$OgZAA8sZ@@_ncp-);{j3WbUxU<A9>w_Y8=iQpN(bq>hnKVh}R@0KF()a
z?x=%^`7Pta{b+an08u4TN1b?b`Hh+eBWrvgAo<sE<?xi`!o{N?li9?RO-8^q$Yn2i
z;4``)Q+pda6A-=>36Ltu>i(w-j;>_Xq}1yU!+OWa{ZM^4Y2=k4k?x5E@jm1)di`%q
z5N+;V6&q<QS`L|gfa{`{12It+H@w;2dyUbe*_MOjQ&RdAH!l4fub7d%d}tz39r<c#
zJ1K5RqE_YmJsWJIS_h;2+OxT|;1f(p!h$|8Kem}0kD`vC>VV0y^HOkj1OJ`R%^k}(
zit%5-UU)D3#NTeBP%r6Z|4^Hpr3O<9vXig>rc)-<)zi*5=pRXKC)Mi|-mpMvFD_s3
z4(vP2pseffLfs#-fYv8<w!+R}7Bz7v2Upb;KNCduPu-t)Re}!f$W}G)Kt9R8eKWC!
zFW2VI2C6PBjX#^I8jdp;buh$~n?l|Ftxh|%hes-cJq5SN<WV9sk@36Fo|Q`neX5W|
z<rgxY+&7<9Pp@Ih0KW!J*($J4uhewxJp+gADXkQfBxobWH+bb#FXKaGfgcq)TbJW5
z+AlS5xR&m7t{=f2F2Rfx&k#%4Rju!!eVsd)HLw%<3?{6H%soM81HoMXde;9Na;iv#
z4}Y~Q+JE$UF@BNX3n*yJ&iq%aaMhzY3RByr{W~#s6#<(B6LE&pzqj9|o^MRdbb;4E
zeL`F{@AM&DMLTCemd}KmT-ImzL@6&6^jrv;!6R0*p+z#vgiVKqK(eATQFb_IH$a2$
ztAB3oYw)@&7}K9jzTTl;5Oy|i1)~CaA-FCAo0YH06n9`3YrI?<;M9{o>YN1>P06_9
zw^cbez9o;d7)R16Blsk+lbU@vMRHltf^$AWya;R`F~?-SusV=N^{_`gu6>hH;mbjR
z?WplybsOf;<=fK|@xX5$+AfngMAA7df?%)Q-d|Q+k?SeWH|5KE*gu=wC6XD&r>Tv=
zGbANT!81Y;m=3aE&LB%;Gc;TZ&o>9NVHu+lav{8j6F4&l;yX+JJ`lf$Kh%HyK9d^0
zm$dvHm}nnvc`2ta4X?Q9H*wjc{_6w5Dpx1Ml0z9Tpz-G|i@6z~bhJgT>`1Ik=REr6
zRR<4`Sd6r~3lOH@JsQ~owo%KOi+re)2Ni7|4g{`}Qh(QEVh){Ol2J8z-w{wtQz|x5
zg1B1=4Lsp;yr@-8Lji4$;uI?HqxHE^jllfgRLD|G&$*tQ>32C9^dzbiZwabp&X8Zn
zwBzQt?RS|eyM5g0XvMnA5i-p8mUQ>F3moK=7}&r6;LoRRKVzch5|$XPjXq58;wymo
zjHc!&0RQc8Qzrm?=hEzS&0KaPIa|4kx{TYa;-%S2VjgjBa~%Ij?ULj)Eh0tUL{!|@
z{uc&D)U@7d4-St3AD~#2pH?t!9hA-=oB|9E+Pyu;@eo3sKW7Ig{x=vj$Vx_r&TozU
zO7QExIqC)@M8$LX3=U{dGua>rIFW+4yRMN0X%^6b<+;6d^`7Dkl-jhw1?ULknWE7a
z#6*2a&wm*21m?zIUu>g2(|kziA}LYR+LQtDLB#3-!FxLvZIH9)?eM$0b+cA&zvMl_
zhP*ht2BBe6a>|)$eRA@r%}^W^W6|rR@TmoOVSg|uNK(0#p*0nRfn-_O*MlGPP)tGc
zw$4Skmkx}<_H;t$MMAD3mbv7n3FG8XbKMEm<1s#J#5!1Jgi2-_V5%SIwWYtNlDhrD
zOtqMaH<u?))8e+pWyH3X_-^hx<9OiMO>LFCygfucrie5&Wo5id2%F~RY3>xFN)P}#
zf=;ZDa=2rYfu5xPgHw>@TD$kcD0LTJ(;e4Ut{P{6(6ccX=x~ueu3-06MLnT&0}U-(
zMaY_BHBIT^A%}5^G}*A8*QDd-N(B3y=)o1hDzCgLkDr-xr4!5-8y!_IVdF_n%y`bY
z91hbd8@*w%f&e|NLWo(ULP`2z(G)>-2PNSgELQ0O3v)saJp5hGywg+d-Jx|;v%O-g
zZBt&R@t6Q4bz$5ymDD4l;<il#SbIGFG39+{NxAjP#2>IeE9WYClq}5etGLKt2r1x?
zusPPRh@?4@2EY<CZ#KeIq&BtA5xQ;!QssP6IF`q8ra?ciJP*(?ay++Kk$rAH^WG4{
zFmb^@<{Jr4;pgQ$;R`vJ^*7Zbw*Q>P)^oR&wn+oD+F$eY<hj5bB}-Tp*{04dI%J*T
zo0AG*ODo!<%wV0Mw&&=_b<$n1KR%95{chYsSl^vmyp>H?*+&aM4c}2t!>3LsqCIwd
zC+(JGCM%d_ar%k%iFCZd3D6cIta6URM?*|_b^V{DQvgt~$t7}B<jImB_9f-jaXKDl
z15&Dc#}9bC*_KxJxrJd#GcSP}@jYa$#ySsHl+GVEK)EwJulu&g+|KvD{-^P)Nk-{Q
z7&`xB8x1C8!^YS&-|!LO6fQ8Id1c@z%~}pjwgFdEh66YLor@Q5NbKgmFI{?@xPAWb
zbf!O{Sr`T|E)6CEC)**n7=upE*L!8y>hA<7HzucbpI0O`3wX=H<>sdnyK|5>S~swH
zk>3)OSuMbG(f@{i5-&ISGJn&%5!yu;%#iSd-*=ptDGa*KU1SYE)-S%%hP(8|`1t~i
zqlx+3v;CR03Mq`tVB;IWHbA@u`uvyO=QiJgqpAguh9S_XX>q`HBnB%lZtC8=m3<wh
z=AC&ei-)~;zG$PPq)McpY6N)MI>uHM;UWpJr~kmO_;k3lB0>s$EfkvHv?BLtMI1kZ
zM336XnP&E;0_rP9iWhI5CE2?2&#v9v5(?P)VZo>>KT}5JEKO$JpZL2NQ>GzOo?E$#
z!!Q&0T;3R;;h_p~GXC!2`kOlNy_IVck_e7ZbnDOdXAio9!b=e=-*}sA5j&Y9#24Ee
zX^M}=#!<wi{eE3$u4YmmfvtrXFrGs%uxD?{E4ptlw(>3yDFw?{78r#*&(~;TEY%Zd
zn?`;XD34nm?a?zFR-NAQz$J>C0XG*oC=QmLJpa3UI1nSTq5=C)GB%BaZh&nVA2XQe
ziH>$_gDB31zDojVj^gr<yDOngkQjRCGcl-KaX0w>dc2}>Bf9f5F+w&Pxm{pak#lq&
zhbB#X9nXp)b?l0*orzQ8w!@ig8cOP1we7Jw=i6gJd*N})xa)}u&peRJ;%EF_GbsJM
zb;jMvX7tL`9l&*6YkmbB-kJF#lf9Z*kfyTe5?Zt~OQo}Fb=cB!UWp*h`tQxA{i+6T
z=IO`xyHP_n^|UCwy-p0<!VOlRfQ_jeA|QWjU0lb%l1S17jt^%QRY`Y=t)3DrUb>9N
zmu^Qv<GM8BZG9~&Ndh72<Q>?~N)X@LP6A=k;W=~o`)@Rne|ia6cr%9Moc)5}Qyv%1
zV79{F^@ML`67ICmP1i3IztoTUz_!JZ*B6NATD>wL!H>XoQQb?B4_0Lop1v+Sda`m2
z+PHNIyhy=O%d%OB=Jfbs)=RS-SfP`#oT-dm4RU7>q00fu&CgqVkt{o_#|Fo$U#ivu
z>DrgHIhg72OgzN~JA|PLl;wWk+fBITeeCui0DQg2+=1~15}4){Z<bN{M5A}+g^9Wd
z54<;yE^j?**!1Rj@mDqP74_mO1$qjXLk<-y=GRr|p9fmIGV<YSjB9R6dct3P7~3Q+
zc>AfQ0rfpt+>N!9`yFdn*_I)injLv>&$1rVJ0P6tbVQz+?%4<(BkjS+(cK-UCH{Gf
zk*3O@HDj`mRgFR|dN($g`oBBLnJ=~j8+bt(!a0LE$Ft9(rQx>&=Tvn3miIT5;0hpg
z*aS|G0dHXGCxpu|Ez-Ra{pOg_kQ{YYQ~_>Bvt_|)%^LXO>tAW%BmVaXV#77U^9Mu|
z(=6{Z5qt<$&KU@ps~guY3s2S@wkuf|ql~5{F*Xxo1Wf#;V!Da<Xd`yI+Z4vyxbP#R
zYa1D!cOaS0Qp7KE>F%m6X;OIt1^uV7JY7X<9*zW3%rTzQ1X5~P*0=0nJLwoKyWoqk
zpG@@x)sDw(dsiBnOqAe-+XBP}&w7Y=1=k?&^N9O!Y3Zz%>SubEbi@!<Aj8nMK#015
zYs<^#VwqXJkdi$@>mp*$JQZDIjYY?tE(n{}N{<pIIq}S;UB^p&reSGq`P{knM_h0z
zCT}QY)i}mL5j#`5w5ri{{-Yl>^JtINmU{Q+wgO9E)R9~sw^MR3RkVO-hYsgNc-?E8
zl7_m@N~K&lYj=FUCtA%D1Hy|)<2#&?(Rv?f<i+SZKM{K~x)iEGb^iTNw3A4d-{Tgg
zzZN!VV%b;a93bt%FGP8i%c3SL>EU?gmiPTIIBGBs&2YZy(d(uK#&ShM>>W07l$l`Q
z4@{CJp2<8)R4qJ+b}{@RnT@4J5oaEQr)I@M4qptz=cp^P4dSs30@0m5Qtu3bPXiYA
z0HqJRDxqSl`7`oZuBJP<s@iRDk`st>a|xHF+ZCu81E9bO=GI%k5cQ7x&(?o5s`=0z
zMPI@N@PTR!Jm^E^AKjUG!s6ZWg)`%4W)c2%n`DEZG?sKA$?{VEdkLixkG8#=y1oq_
zjI{kFtNRLzlk>fE1F7#n57_?ZiC@SELdqS#sppUb=TQzd+S2uDC*ZQX0yTgX=U6?p
zi#_a*&?(wf3d68<;8=H6$XoZW(<c$}5E+gdffGaA{EkuSnGi&adC&mbh+qMyCs@2k
zOyy&dNkojJ@=}@SqsCNuiJV<*yQrV?xTs*T<Fdekkz5hdrI#JDB{F=OQlW4?Y7$Q-
z(V1;YXtgyFGMqhTuA{T7ygBfz>TjLcy7C9-?_V0={jR-q=4rYb5Y7=+VHc`jk&|J9
zqh~nYhJPi&XyR}N^7`%L+^_E#>fUmpzTeIVMMNWw?bVK?+3(qBBf2FOMk_JJ)JIvz
zgo&r5L^JI`193av1rh(8x}bMUDk2W3qAz}x***$Bt3v0$hr_SsCp>L`yi59Al0ho7
zC9H-6#oxP;#ugCH_>n)!n}aSlgz}OLc-zI|vxoXS-SQ+`xzJ4SX2ql&6%G`=E+Oij
z31lTMCQB99GS1+L#{Mx{E=iV9&oI_eHJW#aYWnxJI+S?&h-=f;9;_Mhj`)n60dwqc
zJ4}-KhC?u9e1wVIUbVH6Uxq{A{+14en&~1?@6c~wo`~YVGKeE$MKh`VO7DnM&}+`;
zv3uTsMI+li5!A(^V3fkk-!aKjAO4{m-0l@c)YZk;^n6=Vda$SzY5p5W6T2#4!vaZs
z`Z^n#`DQ}A?Tu#j0GD&U8CZkWL6adA<)a&BQu?<tQM=by+(uf!m`A&48qC>b=MKPR
zA;r(6@jwrLRa90sq%%-EO?Ct9A7Eg26Kc(WX*IGK03nRmaIg(V5fRE#yNHP*C5P@|
z7qAv7&#FC%DPz63IVVY)HR1T~=L><05AYCZd{RG>Th%{rkH%ddh6C>)=Yo?Tu4AW5
zuNPAl88NDs$A0sv*qOsn-;W@KzI!OqrdLm=oo5UO-jgU5P$t7Ah5}Rs+qbbaD5Yif
zMfHs9TZkra=L)$N6KP|ka{1MaMF<NDPK#x#JMU|82aAp_Tou|=_cQ#n)MNFF6r7%v
z{N)Od#O{r2>(M7ftwGwvaExQ4JPrw^8ihWxa>uyVu55<wBx`9^@ervd##yZrvofW+
zv16QK>DuE<7Y(kok%bwUf}`}z@9LnV9E6cbA=USaY%gz1=mgj;IkDdWhSk#6%B$GU
zF~tTY%kQ|c%kiwoC6k=O-Y~4*237a_^7P**$7Man0@)>4`dv@BQ}2OXPPw62MP>)D
z%o~1Uq61zD2Kd=V+w*o&l7IdT;R0IT&gFvfqDNkljFA6bV~~Bw4@>w27bTQo0CO0c
zm-4Gc>~xX02?0f1tj#N!!Uhcy)W#Y<<X3L|e3dTq)Gu}E`7YL@m{KR$tta1=-X}dL
zkd2#b1E^uPmN7M=2k|33T#jxjjKX{z_QK?4ZH2230uLMn`FACi;J>iOmGi<Ovr^o{
z-Q4)(F!bqT>Syb);(xG9S9{}61{a9e+8P12NPKqY({$GFE>WNgwX9^)$`zxt{6g~)
zLpK13hI?3(4{v^)?unq^bV=x0?fX8@sLXXYdFKzr3!%!~7OD3zp+i@_X@eqs4Z4Ih
zw|%jK{*PlA7ndc2zUU`*&wRY(-Lt}$uXULeiW~1|;|PE-zik4fOa8uxvx<}r_L%zn
zAKUBhpcR~RT3MdS?yfldy51Kt1vp#dpeN|$Mk3uZ0AOs1^z()>`5YNdgvk+7JK`yZ
zj)Y|I%<syRt@lWD{bBXwylnVyL!sWvi<>6rbM%?5h)-42KYgJy9Y*drE~w^JLglL2
z80myl5egR1kAT&-L)*!EjU617)can)^IdI+jvZU61c9c61c&Ad^cU(%lJIMPoxWWd
z>4Y=lNgO{+&3Hs5O&Wa)mW~{(CHJ<R1k<40gSX**B%fu&B~6+@K<qWL{3&y2jkG#F
zzxdaG!M<OLJTlwwRS1RReNGQaFwZ6bu=baT5PRD%5OO7%Ij@H*2ou}f0lsPOO9qGE
zwYv_j1zOI6$r0Ek)eolkazC|3&hK2x0G7FwiK>281&7TU+4~8``&Z^>_TnggUu0}&
zik{ctB8(_-&fO#3ON6te*ckgKn!=2)XvnpARq>nNARV1FZG8W05J@C~8OlB`UWeAY
zmczgQCu5hIa_&F3eUs?Q5}H{4UHEzAAm4rxP|62G8{>NE00m^&{5B1D$(rMF+iS?c
z9dwtCd3(QRPnl!LKWBg}6}{H8SlG1+!A67Apva?Fs_=rA9!b<3TX32QY8=#F=cK7M
zd_3CeOrU!KsyQgv?pgf#=fWWY38;polzD|GGXaewrvJO$^~#?|F0kM@go4S%O1Pcr
ziSNrQJI5>`CJC7WU`2KbcT`&gcrh&w@ihFxUaC1v_Gq>P@S483xlv`b$|y^JXy0|P
zI`tsNBYY(RFSlvEkf>;$bN6~)D9^j!M>&1vrrxKJRZSZdl=?B$*_$MilIMav8t<Nj
zIv{c@ej)7iG|8A7w=r}k>Nvr8TJlGpBkFYZjt0aVl9(ha_Qd}?&N!b}NlMk<<O6)c
zis!GBX_hCWXL&i~$Gy8~q~Bu^zEU*{)`zUoV&$&>O3|^s^?@FNBl$?gA5@2baBP<Q
z-5uE0ldWn@U5DA|023y<TERL}I%XvD^Hc)(jd$;g+TVRxW{+1fTN^5qxo2nPG<k;*
zEXGL$uLOrtl4)cn0_1g%UmarJwsKsLhSl;P+qcb_j2<pUD<AaN`2&URlJV6jRczzQ
z6h>ACMbthN12#KJ1J8B+j)yS1Xw{gh;u{^KCG(%ebM%2CR!eV+?Wx88)Wu*-Vq=B}
z?)l`m;}%^Y70PJi=%if4Uqajp3PS;%#ZG&I4-y(Hh1P_1zf76<pKyW`hGp`-l4eSG
z8srZzX@F*Mc{%Q6i=eI^&rMWutZxCkA4``gyFkvjg~MZ#|A(=6j;^GM{(hqgC(gv2
zWMbR4HIs=s!Nj(0+qP}n#>BRb$?ZJPkN3UrTKA8vb5dQWYWME$s$JDp-w(!cgt$4I
zuEW<fwm<%gs{^+8Cp0(%o4JLpWv(l^TG8ucRTsDQ?-<pj;|5La{VPn7JM7HMzSAW5
zJU^!Uy0eG`)eB>N#}bC@jRZ>u@PjJ9rYWmvPN1WJhV}{?w}FF9D90&=E&FOqJWWB^
zyHQ&Oe->OBb|aN{!;NUOq?R{tg^Wt<`nmz?g4QIEoq~2AZC`3}>=jvTx!oYskF^u>
zG;odCbBegGd2N|gyKuS#J&Rw-*oeG%RMugd4YIeD?Kzb^(_=(obrqDZiN4Pl(s1s2
zlhLs%KgB!RBzVYTZRmZq6VmiVF=vV|>|y`o94lw76<1rztVKoZAS6@<5}MaM2d{*^
zmvfJ>UgeHoX(T&A+?;U>QbM{}w9ZyD(W69mO?;kZ09F^Pj<I^&oV11Z4ehd(@>kNR
z17CNYtFmFR(o!CV)ABR0jtz~JFluuCrXm_LLr_kzq<`;=JOtnu7Rr`F(VJY#I7<c#
zY5$U>kWxl_G*`($;WLp)399t0rQ!#C2zKJ=%F8en8}gCODi<vJkvfaZ$2#5oh&o3B
z^BZesQ*AOFF_WSE3!}&06&`$1<XqEB1pau$L<Hu%Fb3fzD=E6|%F$x%EYm$EYbhGL
z&>yM-`cCFnJCfSHV>S>)ZcWztlt0O#2qgnY1F;p;9K+a}YZ+}eX!Gd~1{8gAIy5DJ
zriKgKhRx@AjKOb*FfXSvNFYq)Ut`ff@I=*Lskf4_V|*qw*BaCz2)sIV>Bya@@uDb9
zXL@-zS>Eb9-DO8KrFu$DcfU`s4+K3keM>G>McEUS!d@I{oUkI@46zg1joZg>5m|lU
z^UkT1!*5)!O&;SCaDuoIEH<%aeH<0;kHntYcet8YyAq*HNMtM?C@oS|P3ENvHuWLz
zs_%hAQUkQ)fr8_$6rFk`<nYUKtpgRrmyhQXp25^K7I+vCI7_w2^XGJa^$VXfO`2TK
z>>IIP^uM_K4=qLT(Vj;(V13FYTf=sNt-BAaDB%WN8j0OIlncrtfMjV+i^^aK_HR9^
z^~R0xmpMK^RlP#!X{>zu&;cS=uGZMFnG|tW5Lx7Rbpa=rfF8hX%2oRxZ3+^VktfdI
z6=(KCtUrv$bR$?H9;j<h$@s7*Z`Xl-!?VcCDE^Tj63_*Ac*5O~S?X4>N<OHH5N-Pw
zIDB7p72G)(c2v|QLqTMy8M-}zN7#3&^ykzVnWXs3wV|Uc+5;l?Z^pmc(R$Yn&+FD9
zlwV!h^kJQl>2HPaU-`ag{kN5g@1%yu^o-j%_BmuVK`yP>y5HJs-fE9AC)K|5qo#c4
zcV;>UIa^6@tQ9KBV3E0Jy;lz=>|gT35bK9)fnSmHjGii$aF?^XD#)eVdqSt9vaEO@
zYQ@Y3N^4G%;E~R8fEHV<=)KwYU$b73GwAVVq}+jZqe140AM24g{)Gi1$lKvSkcmcn
zt~KNODg-fWkE!%Bjk>HcMv_q=j~GpUTp0cXnrzan0kI5Z<L5aJcDQqyt31v?szG%+
zcIus5>@j0b59Jv|U_#4t@K9<zstgu}nyg7~m8E99p*5kSeSN|!PQ^C9+sV*(YV3D-
zxYOBLB2CQS&mP_k%n<9>Q|mOS3u@3~cL{TCs0WQgN^C_BDTCGGOnaQbvUwJLSPg=;
zWXf-Ri}cw>i;MCO?S6H|*qyY_1?5x{1x6i7{8GJ=F>O4@_<WHzjQqxFyLpv}9`ESs
zenNC+SnAN#B(E5?Fxix(q+aEZqcw%<oP<bn8G|}teuDQDpMXi8#EW1<JJhWn9_rOV
zgSm8$R59EAgz2`!u|1qI^+aCMRCIf{`*<GRk&yfrP4&p{l0qRS2Cu=Ebj18Fph!<w
zBSz%f&<2pKxR0<Dtj3qtxv=UKZ^=77G~U0azFk9~ogZjuJBEcm41C8^);&?@jv<}@
z%8~6x_Q*0%r>M3lVqnODg6U4i;XS1xFV`6sz$rr5I;A1ZUUKoNXBWokABR-aU3|oi
z(Zjou+Qt(`G)(d12Lp$Lw7h~1rD9#h5cOjwkz+z0$wULprRcl=1Uh~H1T-mKQam+%
zejaLgg5g9|BVp3RJn5d|y7FO~_cSYKesUadg<KkeXJ_2reDN@A=C~f~Gme9-+X-Pc
ztlG6fA)MJalkB~lDo4l`2wSb$a*Hz-xDcx=Ev4-PxE%?9l-B7F+<aCTzCh-6HRSh+
zVK$s96JzkCA%7iHS{T%JRR^IDHi)F}7y`kNSLFJpPd7#qO@;A@iW5c4DbI$J{H~@R
zX?#q({t2XIY#6P*ib69y?uLu%*a$^iI}<*|sCjdk*mwnt?8h`~^<Vm<^gLB1p83i>
zK}R`SvTEExHYCZXwv*E+i$45i+uc}sOhEE17mABcFG`|zB9-6J%+<T1p=NhyJ;JuK
zR?aY9JN3fw8oxoZXr?Lh^A++PLw=5mU&V=}H$yH|j&GJa7{p|sR*7=jxf`@1_+e-w
zW0<-F?>Hrldjo%#U}L<^K7hJxl4{gLH2Shp#AU9#?aFjdS~3!m(O>5M;GljQu=`;B
z$%O`!RhtuWGRV2p6-sXwdYZiy)9jSjR$=-l_e^AnK&LBqh`O};R}>F77SgxV-!$}T
z-&2>k8K9~{Xop?5CbPu3>rS7eA}X0XXm6SJ{$9C`)A^G`3EMjZ%dizHxaAB{=%Vq&
zuww>nbY_*@UfUFLpKyQwruXYR&$KmUc%A(5BUaWJ#CiVem(du><EZKWtbB$!TWU4Q
ztb-VDOS(j%6ooBhO6LAw8KW+nWaC%fSlI-{eR$^1@hlFy;cLqk%;;WS_Jb*BXZbq7
zta_0$c0>bu-xSE-gXzxE``=Cfd=7Co2>XRD>Th8>!Kanmk{bT!u$a^BhhN<24jq$b
zs`<}-uMCXD-M>Qn#&YVLJ9o!ig|wMpvPS8cAd}6fw10t+x7Qpq?|9vVPv2(~CtCUz
ze`SpblPIzsu`N$pf;50B-{;nDxA5za9DuH2k8Iq!XPMy%NwwZU#A0>6ca?Hr$YEIf
zKe9|bI_HAlyW*|u_rEM0O8<P-31wt>;^rM_A*eP-q%#ZMH#X>c(`q^2x=pdk*ncv#
zdsSHPKb>RLA+WBbsq(1Q)F*8XjA|$OOpsutplEVg0MC$+#5^SvW*p|wIi0lbaP{B<
zLK9IQ=1D{7(yWBemuP^Fnd%w7%<Fhn>E$u0-#X^h>9PhBN)U!@D9T3$Y#mS+8eP)V
z!vHFM903s*{O3!rZR`Qh|92@jJVw>?)scI7h$@tNgV%nlzk-K%$`SJG>;!*TT=si7
zl<PdH;~?oN;(qSYL9Ddr>(;qIt+K1Soc(LN8!c>$67>CMuHpaU9Zwe8|K%L&>L+eH
z>{jFBA=RA!w}m^sM8&Ob4kc2Hm}6ftN729;Ny6uFA;t8uiT|g6iGyA|2=p~Mf<FwO
zTZ`<^L;L|4zU`+PEx&vDY;Rx3bN_!9{&D&j4BKxfcBIrE^dixH?wyF$6^^}6#kNc5
zH~4hxje>fEI}obBB8PXf=KqKp#gCLM)ttIrSFGi#vh-UW$0QgriJ-!>Sy7fkIi;6+
z6I5n7T~MVGp?jSg#mryMR%+TbH4O(o^c$B_cLuT5G8Hn^`<5j>)&lpYk{``R*g-*E
zI9e;<FVIr;<HDLVFSEWJR4orRnj?c=V9P3c6wlA%P=XL-qndyX<%B@VX$Bs>x{Th1
z0ltJN9u45o2=cESGBRD{KEq`{vWPap2;d4Y31;PMquJaoI`kN+iai*xaPqjkd)F&!
zH7%<u84T!Lh_EkXzGeXaGDpl?R=SI!r_?CV&85n&cp#5Q(LO?Q{nd?U4<Z2kIlPRY
zEahSG8(Oex8~H<nGeXQhMK0&r$Li?~o}T*jVpv`U$!rXc-F@nw>wrVyCZKmM`ng3%
zAP*vbW#Lr5_Lp~JO3%C0rIRPUz-T$1U|z)7x`QJ<*I@YWA;rs(KjnWsBmZ7Qjf=n=
z#UtjuyVuuqr0ec=GSi9%*haSAq9oy&GvqNzqR?T!B`j(VkWn0JIuub2of3Tu(_Aw(
zjcRhA;Q)5UO3`HzD=?)$AP@zFpCm-A%=+30aTrK9yizoCID&<dZ5l@MPH}0xW11g?
z1D5q4kGS|tXC7TMhTCbRhL%gdWH>^WN$rD{qBuk@r0C}JCh#-pDZp1T62>l(yx1<H
zEkc3GOC!Hbw?}>T2qbx^)(4&KpFBpRU=FO&051$}9V1sXNA@)5&%-2)9{L8+O~6Ur
z8U-<-PXfhclPNX;Iy>-d9gTvqe6?IIo~J;m?Wds>Gr7R|$aZa%B&&|XD~Jr~4-5X{
zn5AlK9CWsqH|QV5$*FlLDlo<7=l0?pJyCZ+5vg535qn~_K;2;+Hx$g+k-(&}Ndcl{
zT%iA&;&_D)G81z4=4Id2Eu&i1x@&7}6PPb?r#4e-k3<QttPmuIF~m4{{dA8A2MDtl
zZsP9zA$Jm|<$!1!+=N0QnDeLQF9uE%J)k>Wkwu>c=R$-N0eMX4=>CTMLAtNmdcI5n
ztsDs47$as>$;6$$GbaZPGQtR!X?r1{63hGLI^UVrqTCYdn+EHv3wX+hA59InU4FY2
zwn~k49s|C+=_=7VaF8g<pi#~*@p3K|eIR*ps^lxDN^Q}+AZCcJbwGkoZF+9+KC+ME
z(gne5dL8veKi)vvkc9E!U0W^fMhiEAxML)-U}9*(7ic>C_q+oS%s<XtkNQmul^b`<
z@XMW~#n9<UfFW4cwVBsu#?N-**pdKd8<SnX);#n_-xT>I4a~wXdzPM|xz!#XN9$RO
zZCYuHZOGyaQF2OOMR%BRymxUT0#bBti^ZKh9M<NkR}OnVjaj*FhKSbr{0tBqP-dd%
z6^reIf=phzEv9XwJx(~IVr}wqNk(DAN?HZ>%i3`nB023kT7qTEM96$Q92j+1W3oh2
z=b;US*&etu)5AFupck7(<bcRZBHrqgzqGB|os+{9Yl4+Qtf}W!zHe|v=g-4l@ufb^
zT$CFDRmhAgZ1W=f4wDr3X@_VlyMYZkUXg!0`TUifU0+iCgM9FCZrMyL!2gA)&V-$O
z3{@d}6zxVu{tOyE3o1pbzXol2=(5MqkL*D83qCLAcE}&Y12xIX1sxL46LGTQXkzQ+
z@UCn4K_NJL7y9|cr7<S+)caEeDPdGLqV$$M-43m_(?8~^MF}|Nc@_+3mY(k%aq6_p
zgHb_@d%H6{I^9ZoU(3o<sf<U?Yifo9n5aa4IgsJDolo*y4E2OIGdq8hOW+_m$B|i#
zlbUqByk51C!52`<c!19Z;p|otP{->v;SQrWKxH#<_$9;yD(}q7Z<X=0`)Tv$*^(D3
z;|gzrwGk1XGXH-bcUba@?LCNJn0ijN4kr|=E&?-o9Xy@k9Ij^2zjqMO4Q+hvBfZ#h
zbG1iIPw9`u6t%FpH!^?^tczZhr^L|Y$7|^mzDJwo^(fLDI&%MuYMl(_1tP>YD}eF&
zyQa(X>tiJaaiFwHd-U3r_DWxLIY9VX#v7>3bD$!W<f*yZi#*7uL(GV$_Oj{A0i|{u
zCB&^J_e!0hVoNjHod_{uK4eu1)FCJeKAk!)jB&b>o%P`j!3T-Er+Bk%$n(aZ<?ZcZ
zJZ96i>*aZlAvTdcprA|IdwtDO&cc;pcnY%r8sm34`)v!iF9#a&KswP6=vgVB;KV|v
zzi-c*DR^lH2E*5kJQ!DSNO}bBNcln(h^0c$p4=??S^-OaIx<M3{0@MKCkHfn8qF}-
zlP_&xb=MU0_brd$Vy^QTw%$@H!#fP0(q?7G7>hdyO^ZRBI>8+)(A(nk@zG89OfIg?
zemj<7&p~ne;^Gr1QdiDKRx2EhBOMEesYSi`rMIMpa;fN$nI_8*#2Vmk6U~K)z4ZQT
zCg}#JK^t*WoDdaQ@g`-N!XXD4Wx;CjE6eW6y%$J2MD+D(*peh?@osw6iCeoLvIW>F
zx43z1BNQD$3-Hzn)&PH)1qu#(1La=zYbP}<)|XK>RgE$3?8Z-FWnZz9GVl0m8Zv0a
zDf^@GJQ-e?BWlc~f4)V95(l+<5O4#X_`M$PTmx~XN%kBXCyS<A3JLa#TlVD+m!oFx
zH!-HOo}ip3W^tA}_*{rOGkxLz88R7I6Ik}1niewf8kOC1HZZ)_c^~gd|NJW-N`uV7
z1sy@mI!1i@zk{jw=dq`X$L-|hw447GIpB)@xqQJs8k0*t;fd%>dP@;gWd&l5A(3Rv
zwhX|`hQN+dX2Fw1%?<2D0?R>RGL)UYVms><T_`6p2J*mRY}Pm2RGKD8px*;M$nq&u
zMV?z`bExvqZF{<s*$(^4F8>FJZfra7jqh5>{=XwOdxOC~Z2OanbFK_2m0sC)`?W#6
zbjAxN#F-jJ!DZ&eN`*O%zoL{HA`)0)xv?94G_evccX)~-lN~?eX;lc-nYNM1&&cuw
zKY@@C!BuKH{<<0*0}DVdqO(l~fv&1zQ)H1L(`nFd2>dDAw;a!M+(>cmuKv2b6st(=
zMWN7|=zKq1{0rQ)fm$&LcgZ!D(NMtB!ab055QX6?8XRTw4oAiWiu_B200ZhVYUBm3
zQWvT!&?+v2(gMvrUvA$|Ib=TP``s~vxu8v0rSrXY_nP05cbMZ(0@!yrvJbL-z5_<<
zo6Xm^grqUdgZ1SD|MWONCg%$0_-uJcjOqRGgIgt0`TYhK3^SzhqX&9CZj<<%_cIjn
zY3^HDTPWZ3Fb&Op&U$_4xH4-w-r+tA*<0YWayXo?59VE;kLz}ySkNm;xGqXf-||nJ
znTs}@MVbl&O1Ku5;e|)dRpj6;wD|+47Iv>tP~s-(YpL?4sRyrCOYn?b74FJ;+>GJT
zg6zzNnqk7J-z$HAn^_`_8!7l+<^1UL3A&hMT6TkP5nQ5YORhFO%pz)*0p=50QQ5oy
z%@;AwF+tp!B;|v67@F%Xye+Gfx$-!)$AHaet;TgEu~|4(cSpowonE32IQUh*Dbcq3
zu`*hZdV4BvUy}q9$VME6^0wLy9Eqv#oQ6>r%?S&xWUZ3P!X>8P*n)5V*8R_3O6ln>
z2Qx$8ggQu><E3q28nv%2C79oPa5<Z1X6wo+tT&Q-gMK&PvKEaMQFiw5wgyxp_CfQ)
zm?|r&FT5P{+zBs<#U^43jy^1=o|^xOFx^5E`5>~Qt{9G)OLhOTG@AY7><2-EZ?)8(
z<Dg(bVNoy496II;%s@wzi9H_j$n&|DIlm4wCu45>U5{sF=@*%cAPHv9PfD)aBs2)#
z%IlBUJBOrC;M7I1!WTBTigEAor=a;<tyv~I@U#og9ps>YMKqlEALXf^7Q}t0x@uPK
zlUjJeZwA%;%5TQ6$?#lVdLQPY7jUH89eB!tj>{sjS8e@nz0HVwVEQwEPS7>?`i&F+
zjt!SBJM1+7Iq~&HYOl~agm;Y2n-)|9TTr}pKeH{3o|-~RDkMFHW5vTR<4;cf(&n@9
zB0Tuhk>ukUos@6{%}Q?dJiX7#I9}$A7Zkku#*;3<f&rQ0I|Pu(>7cH(Aauu2g}K{Y
zLXCrjC4c>=moQMr+^Y>pQa861g6=9ExHcXBzKO_Gp{FRFUV3-i40XLP&>&NRalc)r
zA1{1Sz1&uiF2f~Y-)#JqpX&IMArV#5c*`Et54_AlP+h}w)V~$KI52~a5mR`!c4zrY
zkFle*8?yrbA=nMiuU8Gt9R&V}HgRMCC$!nPhG+e@Es*c5utIX$Bm&v_+A{)$WuEN(
zNg6Y~_IYaa-ptnbM<O1+^4$6XRjJufLMzdnACY*nGtO#;Jdw}Vj|N{<6u$D$Y+1nB
ze%0DBncRbWKF)f=@-LcFQ!y84sJ&w|%v6r4#bw`}BFtd+1|Nm;MKHO|w>~(w$U`R*
zIUY!e!fE^T>h;(%%<GAr7|nxf=Xl^+b9gZd=eBV%mY(nj_}m*yKi{Ko9KT<af%)nV
z$XOTVR@UbQ8TFQEaDAy{Ysb*5hcUw1)M17cuKz7>$_Y73rx|H#iTSQuXS@TSg!WSj
z^CoYtj$K|EMSw>-7$<DZ0xHUalj8MnpYt(m%#goOrqY}_GM^`x=klhz;>Z0<WV31n
zkGIhO^ddlJ$CZaVHx%78Hn8aoxs#JQd4?3@5}sE>B!A%d9G<s^+E?(IAh^}op|YE4
zrxRi_33l<*iO>2gDo1^576sRw9Qp{-=6Hl$8pdj_NyWd-Q=9rX1zF6jS&ORKfC1gx
z!540#v|JOX=Sv)61~{B7MuAU{bG~v3K`v9^c<y#eCq>@)l{D2JHVs|2ja!g}Uy$OC
zQicga6VjXQKIKyJofzVfyQHQnHY>Tbpv|}8dx)sjBmJq+uFv4eKL4U%8O+bqZz+z%
zT@A4n*v!8(i926n345%Zp9eL0>mb}tz^(M8X^lGBDCXhVYJ~TsYnl4?6kGEL_<U`S
zZC@=wf9galzQGvipAiZ)@tgi4cO@t;R(r;>hw8m6P?f!Ch15PnBv3kzVY1!RKC?oh
z5K63rwF*CGsC;_K*sOG!eUET_z(S6)f%mk2Q7-Vw%qaCD0Sz4;JTYZ**-=s7zVB68
z&#Q4cgcT>|H(h8yqNI^}Y9%R%OAU-~jJ!1BF#VteuTsl3BpIPhHwdbohcv^w8I0`7
zD52s(^*br%`8h<v-5%J%Wfu+IuiOJrHu8F2dJAlv#b}WOGc((lO-V~F5p*J+3aj5|
zRo|$=NTXca=(LnI69G&G?0srD<m_lQde%dt2o<FV8Vh&hAmE3s-s_$XsmU*3E49@@
zLc`0qIY({$Dr4J#_ZINu>oeG<!uTfKc#(EfU)?{?3GuN#J|`C?gI*U`A0x@$1pMbc
z7+sg^!uXRw%E_TEG+EB<9N#btVH{%d7fYs7B_YG&q9m(8&T^Dq7?kmMo*j&c-{ZRL
zM9e~jhJ+;&m&V53^-)T0fD>BerBT4p6=Q|#n4lw4_oAfnZG3c`DI{{#ODBS6P4JUC
z2UL&7`Bn>_3=o$1p)7bqYPc<c!J8w&J=q0D=!rpD4jr^r%rCr`V9U@#jv1o7LjjO!
z(oeDtFWfMMd@DAIzbY^c$}3>$4Y&|%5HX<1Y&D7><wqbI2i^BtPviyEu_+fv;n^$Z
zyye_goNz5d`%)D-RUhvQbBN}UJQo6ed)y1!3Z~BJQw+gO2zv^rSey02o{h2mM3Ic4
z`B}xQGi6wur?Jh0o41c9?1D@<eG)19_s#+1La-u#yR;Enw^dLu5=$vr=ta#s)t*G0
z%x%_*1v_8ZowgXKbG7Xh1gfEO+0D-xuQ{%I6`NL{neS{q)lqxq3hj;cOJw62J&ATP
zHHwT~@h!7Xbv#hfFYD>=d{)bkj|@+pr-mS$G>nb29gg|!R_Dr9zKc4d)9~juR4pX)
zs1W`r0&Bs)xL!&!E3jvx@rlzj0d=5WcS1#+R6lL+ILfwLBa2#~$UlW|2mf(tl5I&3
zipdfKaz}Hi>#M=D_TDMMR=8d3=MzDmzIod_+9hmd!NO;gtfJ_2V@oYj9l|LjFSBSJ
zo?oit)<M39eS&I)+rm8f>Xl#1hpxO`CAoE!gERK|=O93S6Q5e5Q9jsG>;mhtc!~Y_
zYy_|4P$4{OZ9(_QNugi;@>pS0<wB}I4)e8H%YAwo0fy4|f=(Z~JjFt?zzai;Q^)cK
zz|Me40s9MBv{cI_yl--*ezFZG<KR=lBb#-xT52?{1G6$=E7S#`s9c;H86b;oR%`@3
z$w=P@v*UnCgW3YIb9mQ5vQVm|p>11226!?-XvkptoU1lb)uZ~8#YaPowmz@L&S`mn
zWbWF^;@`p#1+J`j#{JjrN=jQvs>)CFql|ooOQTfyc)=!y;!MlvPy97*#)0Ui)d_Lx
z*M-kZwrkOHBS2(Fl3zHC)H>S?#CluIH9by&C<>O-Xc;Hs=Y_3bGe1sBEs<25=SSBS
z)o~OFlk+F3#o7{ziD7Tla`+b4>HRCoSh8FB_fSfqKcqQM^`ylmd5_?E#b@ZKgJS>7
z{2&zEh!&`vov9IqH=<&9S8kZm#k$~;9dsj+WvBB}8d2|whdJm?U^}`BKc&n7-zO#g
zl{G{kWN`kqI@%DhOvXgd@)o_r44Qb>4C=0@?nl7@o^_lhyk~X^GA{5=QHggLl7~&l
z!!42w4TLvLAxl;cUh^}HQW3^;nzd|w>BltB#|M#3V;oOS?jNbNZbzbHu)KhX`K%*3
zVTl=k;~6VK@)CM`ri=(7|MdVOV(n28czzM52ngpjFrfc){>7p&40>gBmn6{ung9P+
zU-={owAIZ1AWDSTKyO)?SC6k}6KCBOgY^qWNJvjygS^U@svcVFSYZ%M{P!p6Jx%R<
z5gL;vo%m5d$&KXi&hO=0R-yEUOiJ4JJxyd|aKKUkM3WtP)%LP-1TBR5J!d=*4%pUt
z(-GJNtycVnhx<G7E5mLgBK&#U{X9m$(Gr?OsFU(GE%;uc$ytHNvKr56Dq_U@J<8yS
zMa9%uHBxTu->atU^51&4XZP<ab7aa_x8xcTl(beo+mamiD0c5HBr}u^_cV#*E#!;g
z2X;%Mu`Fz6pua_-QDdYdRatpBVQ@xtcRLSgA-EG-f0?>pNSrQOKL$zqLL#Ova#CJ!
zx3FWs&;SGNU>23R&zmQD`i7Dx`levar)j>8>22FpB8V*;wQHNgj+7dv;4NoNmOXn)
z<^{+$cLTa%P()%Mn+aOSgyARw$ysZ&W@fcZPQqd~7<TuMkV2f2djk7D;JawLPuN#W
z_(NPvp`a?sO!ZzDD4cXc*_!9HMS440yTj*%O<de2+s41F*z$vfnX(0bE1LW}t^)ig
zukvs5@DBlnw%w)b?v6>+6*RI9@3vj)1bMx98Dl)2{wctE>I&&{?{6%Q^6V>KyUdO<
znj%ejW}C{XVb0J=&X>l@^z1<kg<d*Zluljs3_rx9M_RlG7CJ~~uY?Lm<l#DFA)e?r
zVYuG-=k(UIIcy7u`Yxs0L4&mrN`>mj3?%Oz4<Wy$ah5}WH567SC}qP#Nuo=*75)`T
zv44BoUFT<EbjEGc4$_#59uK{d^%K`zk~H>fU}8#0;G!75XdvyCA*VSayWekHy5PdO
zbKiG_@|h)V{Nq;!zP1=4wjY}opW5P|<t=VWRy3irz7Rp^9gi=|bnT>rLLkKAG<OEr
zY@E>(FL@@*5*38H@ICgKy@v)^_@d7V>P+yhB%AbzJ#8SnN9#t*I7EC7jD(PH7_=_&
z?D<s)LvY|GaxW4f!m{4P>+;Ryz%}=vR3Mbym_fHZl=YCoKuRF=`;^{F9A@3QFS=+P
zW<9Jg`sl?w+fr$$>1{p0Qc+p^>sb+^(}~t6M%R>0hKg9GBs%rcAQ8{(p2Z686H>77
zTEex!5<!|4E&1e!4c0djz?*Nvd*PowwSB#`D2C#!3d8SQA(INgnW<q)@Bj4lMfF{)
zfJiX*hXbBdAPl<G1j5iM3u$<^KZ#7_<#3RE-nx65=L)%{<gn;DIo&`M*~BuCICjw5
zbMA9@%6Xa0{YUq5xT_GlD3q{6eZns|_-&a17A@H!cUz!@8sxDGT(ZmNpb8H&9I>{G
z$a{MgGZJ4YZB&W0o)9TKP+%!2L>Pj$Sd1O^O~cI#e{YB3%-k(Tg0<<<)F9ECqM=g)
z+UwjV1#3}eElLDCGXgG2BJQ0941vK?8Txn;?@eiy*1^?`<EyvsjKy6O_8vRsm%@_Y
z<5fb`4{N`%D|{LQ!X^ihN3A=djkQ}{)y?5AGsjP)-=@q&R_1uiQ@rCN;}$c)tr5hy
zBAUF{urlPssp(EX_mL|a4+4}_Ul_#5Hx?6+8``$7r@iN>eSB4GdKL^|s7-6*B~-S4
zKdwPZXA0C5k?^>!!wp8H7pEu01Ha-@hU5B(hKki=Pjef?w0<u>y)2k=j%)$lhfQk5
zP498KsLxobR8w(vRW~9L3ay0B9BL3)C5tFg0fDOBwt|$(|CPJL@JN{{rEYz>;DyF)
zj!2?cY3V}+vleeY#$A5)TZ2Z<DuXk|69lSh%vIePj##^ZxOHuF{lST-sea!(*I3O{
zRKn?<Z7^wJ`2l99#)nYnCMLsF(EuBr;B_sqrtciJ7ZEabn%mKtl5?%cNoV+H$4<r`
zM8Bu#XO&A-%!>6NR9H<Do=OIUW*inoN)hk^R23*lO}90+1UIZ3y`;X5rKxuJvRZ%Y
z4gR2SR0-y>w6$bhW3PR_V?s{tPt*7pNML^GDZh&&#6Y_3)U3dD@1N}*SL&mV6tGMk
zitzM#u;AR4nl4CtHqb3V%e_FRaUyqoI!OAmgQX35@*AWDDmPs~;5_bNjy44}N+DhK
zR)b#S2eRb80nmXwb}~;Y{~(#Tn@6eu94^l+amR#>8w!N$)Qkcuo|>Y*8vPqN7Ov*4
zeH(|t6as5*iFQ3$yqF<heq_t25g?O|FbE6c8K)sO&VP^$CjXOUkmLUObCyMsrYwO<
z;BHX%HYYjmG2TlK_ZLN?NHgpvXs1S;q=-Pd-`_rnPN0-Fm$XIz%SW8!o=3<K*him!
zDi4_-2$DSh``oSzIt|{QjhpTnE0_(ne<XOLj^;C{-Ee{s16Pgzt2kGXp^VXf>u_GS
zdyOiQC(7S#tc<6M(+%_UQnp_t_BQKNmG(cxwfoOtWk!*Hy9OC$hlnz27em?9lg9X%
z8`KE?W#$U{B{Qi6!a~gsF_}R4e?1w6{lG~VX(TM358T7TIZ-?y5AYAkfumgWKS0O_
z{_p>Bsdxh*<=K?UZ}s=oUZZiGB7zgSEZ(Lj^>Cr-q9#3bhkzhXjz)CMjQgDUl@5HS
zPx&R7<Tl>q?+_ZbwLy*}iVRyLmCA}9mS5mxyda<_(1+6oTCBU)t@A&)5&!LN$1^y9
z8^Nfv!@M9x(mEEPzZ_tnjS#G(L--lO<T3f@#&M=c1p!AMz|ctl%Eo{PgP7jzaTrTu
z{V&Kjd0&X(h@kmTtW_U2*9R%#@qs9Qr|AsX(niSR%;qN)@d4;%YajYAKaCM`;)S=F
z3C2H~>STcIHm<CdLmSMf(3u*ShpH{<>w)&tnX0x1oYtpiHi~;zG=zo+6<0rcg-?K%
z!Pp`omIl<PHtCxrx|S_@d@EaTJ8V?tTri^q-~;7HG=|5kHjA!Y&&}nA8&BV4!r=AU
z79D}qtNgOHerNvq|3q~-{THgE(^w4?OE@E(PZmH;1l?rCa~w`xlG7sS@l)DP&4wsX
z8a_?QVhNBPW~<3GuXw#~xjJ^~&sKuHM{2yLHw&VAV2ilE?96rUjHAZ7>Fmjtzo)y!
zA@x6JOM7)0)|2LBrPxLd$bpIW*-^9|&4_l|iB-KRd^`XyegC%y;J;8FsV#&{%YuKu
z{q1AI&vZ?%0~m3d&D}(~dbr?rb5OhG6A24{sU&7!<--}7O^-F9^pdabOn3@pplzEu
z<~*{Dg2qS8wC2AdBE6*}{qv7XNDK;xbw9%E2D7~6X!ypE_}(BI*NvN?yyT#e1a9AU
zte_rj{Kq|tZG#obls<Oo)Ce%s1OQay#TxVi%+EuJ;t?|g|0Zy4zCb`IR!N_PW<u>n
zzX3pRQB;?7-}DwGT-Nw`ia)l(tMH8p=-$)4cO{X=lKtgFHk#%*h>i5}-YRhpS>vrb
zFfO&{>`fmlA3H&CaA~9~<LLTe-w^^Rq|q*S+X>JXWR$>+Llcg1zZ8W@(K3#C^w7>G
zol5|!v2eHEe0DkipyBn=f*8q{{)69!v@gw0inZp}C`x}3oa!3kZ9V{{MIcGJC-VGw
zQo(bCSg;6+R%{)Rq?595zM_1PhpsU1h*CoHhL}mhU6Cd~+5pUsJVrrLea4~EC=<@|
zjyxuX)VbFIgxR~iH(l;ujSSvpD-z=tbIUFPO!lU;xfKnFi)!PY`!S2ItP8d7re*c1
zi@$%Bt<^Zw7(UN-_n$H9CMj$$+srLAT#}kN%1>Jmsxr6EtHmmLv<UP6a8JQ6S^Um+
zEZ5OGoPY)!uswwD0%*5|mzB-s<I|Hr%FsLFEB!RY9Wf2v5#N9{R$*{6PTi96Y!#@l
z#Qm#o$h#f%9zkgLqkPWCM68&44m}%Bq!Nh%>q2iNG%0LlIgtFD`eMtI4j~LksKq;h
zZX}*H_<C$v+XuVN!mc~%=dZ$-#&)ENYM3vO#@OQ&g$b-N;{s|eQLE~7iH*gU2Y~I)
z3X<!8*IZyD(MLjl>^tO-sDhcr--)9jNv5?QCnd`E#?{qw@xg`xeT0hv05aL5A(Zqo
zM1n0Iq>9)2)l~5&@W<vWX=mh7X2!Hp<7LK-cuj_p<;Myz3KGR>kv6PU1}PEjv!L39
zn(3u}0veWDT_?0!v^!wO#J4<M2i`q{$0ZLqBCSw7um`%1V#4pl2(98hZI73HZ`%$k
zMqF{U9OL?xoQVUl)%l%hX%nwMnYdoZ<D@*3i-Ik0Sa3(RNgDO=Zk3fI!QZK$bBtJJ
zEm&XA#y35u>1MUlw=gLwJ-y%44@eTJlF~+YvgfyBL}<{=l03ox2FLDl7Mu!ogoN&N
zz55^43DLx+MyTFyq*rJ`{VipwlfXyzlL89f0DtFL&9<H}MQa)N38$X$p#NT|#LPJg
z&d5sET&Wx*dPA`_-(J71n#64pvU`yU?6Z|hBg*7u6Qh0Z&mO1<wJ|b9FF~#UYj8J4
zITy2M%amr}8-~(<5<abA+q}ZdCPE`}V9Gvvg#l;tyg<Wr#}QnVpA(v&TSI{y<#+sq
z5CLvMplZsrFEg}<y`VPMU(>`BPwG<jEtt%*eB7spkliKkX&PM_Wrn`>hZ+}VfhK?1
z^{xb$yM>85wB3wjk(r7iGMU;v+REm=GN8{dC#qYMQKHI{^cuV5^j@UcQ&i9O^MY}C
zXlE57Go7U_OoXmnQmM0F&?;V}ctyq>FIwtE(f`*tIRS3$l8e7Y8Yha80t<V&?6kVJ
zT7Mx|WWlz@(zJ<+m>Q+7i1(mmi(qWZz=+5i4PT@M=75Y&Bf%UtrA4Rx9p|%^e(|@F
z{Xe^Saxdpp>K(tt!qh`FBI8Q`?0LHq_fMkJmQ$Z0IN>w@sD(_#Be=C3__$c|<&CR9
z3XRo6w0O`@S~5$`JIQY$;}v^%MPE%mZZTNZj_rCb!BxeBIQ5ESkFr`1<fC~iK>r`-
zDlb|}1dR;gC1mal&MJ&FPEon=xJgju5S}qVa47t7Mm#?!1g*Bb|F?sGQ+}gyqvqV3
zst!&@y1?*%SKf~MQMsRPsK_@-kMhQX!a@}iN5ts=EF3ZS-@+M<^NQu>t)BItL9qM3
z)cyJI4C?=8U_Q(%GFPLLlP#-`9)HG8?qpW9>_<zzVqx+;sasberA8Ru($Oma<-N3#
zhT6JX#gL%bmC5PL7V#7PY0rCEGL4w3x$ho-{>xO29v(*VB@c2Zwgg(8eESe$i9{#V
zUpbw<Ai>wjOQzGir-@JHg*B8HZ?RgoI-cH{MwJs*GzRFks=5j@1e{1^BOwIGmQ*|*
zwsEU>^gfe{u4NWY5O~`^<bBEbqL1ca2uuf6hx<~N9seu)E=R|tcG?~y^3=3}ZIR=-
zKM>&XNSs%<Y$7=ZtI~-|t75xAMApkMgn$+PlH7DM6-MV}I=;<yMcNb%NqIdWIc5X-
zRt@<UJL$bSRe|(2qHH5Q6lmFAl>H$b-k#CPF|>#u=Eu|rIeOzG81*#eZ>TJfUdu3R
z@O_AR8xxwwsBq*X(2#QvKxny&vBeSK!N$*aD|8TW5g`QMtEbX>2-e?0Ct}Q1h2p_}
zJs>#BR?<$}RNH@L{r-vwt88TmEyT_5p7wW_T`^zA!!}3?KMYR0PN2AEdDBTo1>uhi
zO5-0($q<J>Q^~x4JifR#tov0u{5dVh>)<ARv5Cj!n-vsO>_fm8b$LAiTV%^w=4rwI
zz<}mts_MG^<C2Jik3$Q-j`@GVp#;I1?J|N3hWjMA&pPagRO8VOxq89n)hWmdHVVH%
z5DB;$;!ryAU(V8Hd2bcST5J#kAHo>BNZicB`uulJsj=gAYrO;o_Vu_V5srR{Ur9Vs
zqvn#ig7GtkiG5m{A6=LOXDsPH-5S>6@I`g#pC!o-qNSuRGCDuLg9Y94vh~eANg`~M
z75IBTqKRc^Z=i}Z^%?H560Nod1_Mez=;RojfO-ZyfLgRkCD58EbX32Y;uOmf>mbeW
zXw}s7nWq6KTR2b1pYkP@zMgBoHaI5@kgG5@nB1+WO~s<u8cTcgOYl1Gs!Ko0K|GTR
zOZ|$>VR;Q)Wb{$+ga+y9^bjNQZ_49&lHX>lrB{F<#hF>u2h_7;VcOF3uDBbbSZl37
zjyPTH@_nsxc|w&x-Uwzn17P$_pw_8>;1TRe>#HsT>QKs0Cn>9G)5A|E2_+kAx$6OV
z7F#X%KjQW&fII`BV*kyI9?*SfR6%bO!rwMN5cXIrkiKPonzQz{k^lL3i}_CbqK&h{
zUB!8^;gUhzf+o>_QLRBSQzd*-RQ$&BehOqa>EYqi)$V$0uUy6DKx1o-qtbYkJu%EN
z)JC~eYL<wNf$rSuiI7KR4rJ)B5r&lY_p7D`4T1_ltablgU9INk@!a?wjg--~oLo?+
z%EF>Mx>UGN$pZoVvolUvH-)Dm@Sf;r*#kS17Qrk9bLXDpaq47;iv6FgtYl!zHQwnT
z^$ivEh~b4jM*GHaxn==I8I|XDD?h#^Gua2a@5E`3t0fK*S`aC)W`d3%u@0x>;KL7C
zAKRaL)T;;H^h>F}#rYGUH&<uLeUK1KiudE;K!^t><mPEGm*h9`@z@9gzYwZ^yuZP&
zlF~za`3Q|{JNTNr$qs%zZNJ5mRb_gc-UrE_0%*4GM1q+Z58Hl@v#xnpm`C(ZC;yM)
z9(&J$^r3^adjlT7S2*o9LDdgauqL+NC}=utg8#S*H64FW0?K&^q69`7bUPSLo{|zz
z6K+<NCac#|x-*#r-H-QyAOXWgU|ddLvB@f~l&<CFgaTJ($VmVu%sAmO%j*$Jb_)&p
zU38rZk^}&6DF6pfY_b!7%+FQ7C+QVn13Hs#9-G+iSn%PmfH9nb>i8(g!(o9btpCvP
zJR)5HduDc&GRbY}XT(r6;R|^9F4XH}Pu8|~m%P<Z`rAXrsq=Q*;k|FQ_r?iH)(9;{
z4ymq270KcfE%#ZZ@4Y?sdg=vfd<Y@KfRQr^uLvZuXh6Cn&LI+T+%ouN-6tOy5q@d|
z7%^wn7;LWMquiD$pq^hli>@W6CvBXu>o(7J&lh4T1krDKS&E{`JSl$mQ0F%LSkR#~
zlqYIjBXD~x<@1<FO8R;fw$D3c6(WTCqrj4mw&D2(Qdy7KuoTvxsA@|gtq70ZiX)$g
z=Q}ZYXUU>M`C&e>(j-99SkisKXCly+s&MPu+6!c!CUX5*siA1hcLL|KQalB1Lf%z!
zK8v}szb^tR1Wj(ehVyIS1l2pa82pia))RNz|7a6@7A_rQb=0`Ll;L|Fi`fnY5=*C{
zwDD<=hX$VlCcV?r?$KeCj`eE(?h57&EaP)jT=*zkUKze!Qiw<fcVLV=V7`N^Re~$b
z)F{998lLR*cmGqwrx>|?9M<(81u5<bOGP3?e^83@xb#fX`0yk?8D`bJ*-&r$d>~FC
zhFMK52?)MHL~?UUXZm6N1Yp~nkwSvdrsvUNWMiy)SfW{mj2<sz1=a$(B*bpR3+v*4
zC83EvC#GQnQ>p7C*_)(sf|(?u-q{CU?a#qj%$RLbT{3)C>nALb%9b}FaCDRu>I=^y
z@gu^UXN;!rJhQ8tw*UZ0DgE*x^p^;g3l`^}{_4`QGe(_3pp~$VF=9&%Qc>aOOqu7%
z@c(DH?uGfL2{)G-TvL(b4uc@irkH2SX2etMeR1g|k%s?g2@AFH-4jX4C5Xm}vk?IQ
zO+|40X<urT2L>;>PKak=by+o+Ehm=f1C>n6TcVSn$1n~RF<=!JqZx~7Y<+@#-Yn5$
z;_7$VD5W$uD|I^62Txy_Wtg{`Gdxx>cX;dlJo4%%*oeb?7NbiQ)ei8Y`$+0{6?VcR
z#)_O-O%&%VtOUM(buj>SP?gdWS>;CJAT*%*tzvb>Qf}*aLnLC-<n8p;oH8~E`SXMD
z+215|SI0E$x>l%Q?Bu|~fGeX~SSI9wMa?Y)>ZnF4=kv=bw`;42ZW=)KF0~qad<P$=
z?;9YZO$|Uc^yslq+KBoAErM8JMpEErxTjno%q2!P)8O1xwNHR4N|<R44TQQWNJ^`E
zn!n5r-IYF<0sqW?9cg<Q&ZaTr0tRZ54Eo%s@i|7KTeQ|u*RuH4+iesazi;@Y^>Y$@
z&3x@q1=%d}qK4N3=gYZvl)js_;I93{YA5SdfzrP;-pn~*@Ja6Z`~hobatB~3Hlgny
zm|m3!C4f_%?RRWE(HqYMQR-AM53uUOw^M<>=GsZ5`yBWg-FOZ2X@E2Vy~G-YWs!(e
z0}J*C^_SxXI~*GdkrVDyMo_1+&+<NZ{Wvz%hD~yNxM(<dV7eS=sRDpDKUcXQ$QAW|
zSZ&d%oyIthQs;gKTVCg`d44`1_ys3lnF8R}ZLX0!a>WMZ&J{fCp2I(og4$#E|0HNK
zj|6qnZ%{LUf#OeRxj#@$&gRg~Q}o+@lvrRnS*!m~9ZH#0Kr$_>dF~F`14U|QjlLnW
zn$K&mhKMMt^_PpW%8E1<W@7-#m+Z?eYM~t`!UfGnn3)^Nu!h8^({OJrkX*BQ@Kj`n
zx3lyfv}arReXj|FxN7gI;lm>vKAK!O{j9*+q>cdDdcFZuMSLdp$*_fgii*+~BE%p8
z-0{=^=@hnF+!n<M=6~=H6kDd7(x%`>%L$&ACZU1FEkUCtReI^9;6V@RQ5wO0h2BiN
z2IvayNb9qhG=Ap~$V5Y@H9p~Zp%grc)Eu0qTMB7frJP9J7uavt@hHwM&;YM|?o2Dl
zOl*m_BRU_`sRGg}BZ3qP)@c==$;E+65?h8B$`ix+@;l83$~(=q^4p_CXjb;(1EBLW
z_T#Kuh_N<yfi3$cv*2Xp2MX)$F?xL;6jJq!;BBa|FrBYZ2}odp6S)a6N^{)ZHgmVJ
zj7F4)>IAius-3rm&OUoD!RHE`3Zqj?$A9C*Xvqac4JdH8`_!TW*{iWV>Hz=f<PsrR
z>+u#nnccGzN!HkxkD2jfBy-Nu!+dA_5e&SbHsLu#qW2zU2S(OUUzumxm7au6vb>{E
zbBBNwFCQY!D+px0Q7OPGLscTs7qeJoY-2(Lh{J0DMMEWQk_!*Kju!xj#;vXCEZUbr
zZl#G>TjUB!fcbH66lM64R~LNW8SHy|@~!|qM$<R-<qRb)C%9FV5`%J-n;hmT{vIgm
zO}(6D10P3B3^>XOaBfk%i45>I1?GWp@QYbaPpIoX@W8YYIF!79ZZ^n|ODxZ+<`VmH
zyJgv}W?9|jErv^c+}7Xou(p|O%9$wtIac~lV5p`7`|p1;Bfx_pGf`U1Y>dl&#KsAf
znofEkT_W@Gz{pHM$yuQk(uykp3Rbvz*f2_Q2+2zya|8%clEvvfP&)U*YE0GAN1;|g
zgZn4r=wj~rK;b#(W0K*|xSV_kYFsne0ZaJL+;lKV{_j<_EeziRGqQd!$QyY<FZ7(T
z;;n^$quxy(Kgy%V+FQ*gS<0tnPdoRdT-(cKr%O!yo9*`7E#bY`Qz`-uCJaoOEJ<^b
z`_l#0K`JONLF6`N`=QRepd(pM;;g@<2w!qD+qVV;rBai2W`8eo@Dp1zYtRhMbLRzo
z2dn+EtazAx43jE=I6%i=XI{ni1?OUv=HBB#0hZo~WWrL0=og5)pj*M%xuy_4u5P4l
z8TSdpxT@1nL&Pruuj~2#alW)^Rme(=T!$N(g!zvcv%y^u<9Yi@zOfCF20sq8W{yTd
zcfXzGyUaMZgAQBx>Tw!#I2+$PMp@B~V^h;=jqh?I5_Z_urKnTuOXPh%rE^wFHS1uR
zN;sng!gG=l>3VySN+w>x$N4;i+n;Sm*wxdd>Tek^I6TwK6EM&plXLtZNXt}oChm=I
zf3lqKUy?^ZCTPoVay>j<kZ++8ol8xa3^^1gb!H$biQ@kW*KAW}7@!k4f-!ZvD2Dfe
z2{HH%+Y^8zj9?4)V5G?En(cHT&()dv9g$~h$`{|gS#tG=<ox_T>RIN^tg3^^Q!zJX
zhUBjRbBTTVbB&$l<b9B5MPv2lp5<hh4zQ*WRdW5S9!p84$%xG962ci9?>vT#Sh$7q
zglPz#Krk-RQr2h$5=n-l95W_VaSuz_j^Q(ZKDfv%Mj@O(FSl7i%!;>0(3eR5!smB)
z!>3Q9BBA?6=(n&j`Z>2-R)wq7%qNmT-V&qcU=wYrhv@Qthq3RPqN9zaANe2%S0lEb
zYujkiUi<@0>dI;ATX5FP&axQVKOdBG0r+V&eFCXtwMKGk)~XbnySWe6!m$z0@|0R{
z3S3;u=vq4J0@)C)!lZ+J>F}r7T@1>|0wCiBNqUdT58j{6_%FRT=o>~G5$GbFJ-zg@
z=H%CnWu&QN2wTjtQ3dlM-r7ysT`n)R?QvL(t(<{6_@}2XV_rkap;ne{*h7cypSk=4
zbdu3uDDv45F{Kxaj`)$*91+YN4>a22X8eB#u}34we$+>tp=Tl%d!YE0LY~XNyY8nX
zAO1d;PgBk<4xOQW?UND3p9_dsynj7rTTY@sjMQ~!WWKWp-8<8rpOhRB!PSeKJUOT-
z!i-u@H}a$W6Vkc7BBEky7isE<V^WG*?d$ms)s(C@UU&3e-d_W|WJ1Xp-D<)V^;MJ#
zH9h)caVnNiC7Y-+`(#Ne>b&=qOiFSs++S9n5grp|d!#u*;z|0kgMf)Z31EM)O~vMr
z&-an$h@eE-LCSrfLuT236C$CwhJdMFQu1{)Y&k0f0ZNGwmXEn#Qt~bxrB>gsFe;S$
zY+p6GU>HO{RiLh7A${0jX}f+UMb7Hp9Su=Tii7^ZiM6GHs*jL@)V>g@^G%~P1qQg`
zfog%T$x1MGrzHJYhFQmKd3w^2#5$<l{BjxHeeE^vb4;L+u72P~8=6r=D8XIv1V;y=
zbV&wsctoebb0a~&6eXGS5Glk7F|*F!9P}k-HFxi&#=bF@K$p1`?^MmL)2*~26L=LC
zi{M3L&qqIWE$`yi`;W!kxEDmU>3&JMPVy$}x*t}O&w2lo0O}2M^En7GENK;3CP31U
ziQXPbKjfnv3m@v5@eraa(D!i|sJpRwY7*{qH>SO`|9PD&DCM5Ul=z2V6}*A3BT4_b
zXeIoJe$dWPPX|?2t-!AGBUAq&;PF^A9ktbrt$*qr;{PY>;PmV{;JjuPma$V|)!%TU
z4k&tI0ByoCrV^C-*c|zUr11@r`9EZg!<H-Zz7u10v<>k8UQqI;NZpclA|FLbreiUs
zB;BO_e3KStwAtWu!(e}viUH+ipq#Ys@_p=g3)6%RL*}krM|wJKd&t{-XBQ)-w0RL6
zvbrCxTJtEi(_HjvXqyaM`Z}0Nu?x*!;vF4i;Px-mXv}%s<{+$;f%0EJy6cwkF7;DT
zQ)=p9jGKjR5c$maNZE*&m{R9JP&IPbqAC@0#JTgXKasSQ-qD(b9`2WQ671pRlqg6_
z&~vr4p~rWh8|}o42e=Qkr7t1B&ZeIL`}3>MiWf<++9)5aPHc2H9Oh1<5!KnfxJb8e
z#_&&lLi=`Vo?B<6OzdoHf8B1+aIRvS9GJ^C6OOMWkwtPZ6~oF>!Gxq(M*Q6Ut$qI9
zRiwQ4&T+t%%javSC>2RN#`If)YVO>Lf}yUyWP5f9Gwh|X?ZQgn;CLhN7BDZvu1<ym
zvon&tL_}FzQ0mKWq;5%urQp1evYlO215IZ^P)|6&Hj^{H!bZ`N!IayfkQr!Wr{V>U
z7&KC)N9Z9mRzWur00A<GDeOyE7a)m#IYsb!mVjEjXYaqQ*k!1zL>9+%1l@v%GxkxW
zd>hJD6mCrI0y&kmvj0+k3TCo5<jerchew^-$)!f6EBpP&fVWUQy39s;_?N0e%2Fdb
z0werXFI0hFYr|UC^6t=(Sc<7=8$T4+%9)|j3nApT?EeNNU&@1hx|%s0qM&oT&1lQ>
zmlaEqAOtByNxIN`V;9msKgJwWlPKaw|LyHiHV^hywFKns+9CGoL5#|fYdrFHuEUQ~
z;x~9>hnFG4;l>Hl?&h*$9ZhSwo7?hHKPC@4x9>Qt_{x_`HCA}%St4sZ#8mc9V@0!Q
z8_RXlA$N*{B`1cYzkgEVDGw7y)%eoATjZYHXii#KubzSm{yb@-MTD@`F5J+BO0a-9
zY`f>Z;|t8XiG-UqoI6`jNpo;51t`be4HJh@Oo1--k5=Mx0b(vk7%@cd;<>o^zvFoC
zYn^|rk-aw1kj#PpSveznL9W9{#*@3xl9;BTnr)dLA^U48?9o(Vu<E?1HM6E6rO~iI
z+rU=W`2GKB?<|1gde#LW971rH5IndCcLD@=cY*|WcbDMq?l8DZaCf($!QEYU_}_c?
zzTLWS->X+!uWD=O)YO^Que*O!XU;kOef>2H3=|%qQkZ<Y9t#*#g(^_~bzQK}S7kz;
zh4{N+D|0*c1*(l!I)Nr%-Z)#M_s=yF&~q;dqB36tk$=8Y6t_wuiRX4kKAYX`4~}%B
zeg8b6GoWUTTe)i?Zirp%B^Ubs^HplwUSEF@JH$#rwXA7NT0DIua7pj))?}k@q04M?
zWN^4G1hHNc?tEN=>hs_XVQk0yUyiQc+7DWkDnf{%Npg0I#VTLHMV5c#lfLxkrFheX
zpDMfIB=j3LRAAS}$^!SSdIdMnNr*P=X<T20R=6mC2~|g@D}>|Q{%aU3^c|TuS^Pvk
zsuKnmA~rAsdVLl1qPt0xp2&U<{{9TH3mzWd_S*vq5ASKGIQBBa1cL5qCu;aY+1%Fr
zGcOi^P4s2zASF2e5xOXLC$L6H;3fR&yS7C>a7@{P%8gy-_2U%i!}y^WugyiS{Ot21
zUtVf%rIdcyZ2NTj&$9T{SF+~Tdi;Q&_xc$v+3uG*_^P&TJlREM{#??I2x`<Lx%GTx
zEwT%Nwfr9^gGVpehoZN}@qc(C^$MjoLo&D!Z5ioCMKGeplU}c^>)BhXo*LL+7+88E
z+2SC_Y>deUZPe&y@vJ5aR*^3@8_K0Qv^j&>D$4q4F!Y&ON;kSpcq!Tn$&)HXNwmyf
z4?h3(Xsn>GP*{>*2b@Z@PZf@D+MlI49LkzcWu^OeNrUC21$Iqva=j`V&_wETWjB8v
zDz-9D@I#g!f<_}oG*f_{@37lv?&L6%E$Z({qI|<It)$PECyf_fJ|fC@>Fb32>Ta%x
zJ)+Lp%pX21rUyry3%dQ}ehXY-4Ux2w3wub7{UY$zY{((53NQbC_ywwnQ_j5F0?=xV
zpgsh2%$R~8m-;kf;JFb!^2$cvfYfLpln?xdX*7`k2#Hh7YDe8caH9nDwh*5No-%a!
z6=F%kiznBen()TIgC{HhTJB!JHsEls+2K%W+XQx^A!*cg_EEe3T=|O`B?pzxp>fZi
zijdIogd>zVb03yj2K>20+ae;KPxOA8x6?EtL{;k|CxLQ5m%DCieqN{BiLbC*ujn1}
z!LTf<kDxq@KRNi9@z^x1l<z`EI3J})e)Qb!L#}(;uhNRh2xz2*u1rSXZAB&4+YSp)
zJO6C?EM*;0d`OTv<cjl3&X6b(B=v`n;fqYpCLzqbVbauGn)Q{z+S5s=HK84Zr6{+k
zU0!;e$IzSrth5D#C8r&()9g#IV<bCX&gY|*_WQcVYjSD-({rYYPkR#PE?3vIU;zU9
zBd@mN&n&091Hp)`4fy3?U~Nq&#n$&|*<2)7d(1dmImpQPiwg7ZJUuX9p!sCvr`;4>
zrUaOHcqF6__<v2e4=t~Hi+{B$C7GV7g+_-tVD~;8wi#M?bWyqW-A*Vrn~SwD!>Leb
z9GX~E4jQTjYcHbvy5;7&8A~m{Bk&uKCgYiL%@4ct_!a{`X47Bx2u*g@YA$d9u<_2=
zxr;+je@@NGO$OuL*S%n9=_zz1kwvp1d>Q)%8Q>C4*ga~;Vlcdo=({csBk(yjS8q|M
zVLHmU#^z+S>on#8t)?CVwnDHMdz${#3iTh0{1fwQ!k!3c*D?x9ty<x&6}ti{Tpq`h
z9CJ{$W6A|e+j(S!Jl5%6>aEzZsK-uaHIq+8$`m}k4y`#=t-p^q&}swybrKg6q-N#+
znPDR2jXf)Cy~2OF+fFCgzjS6^F}Jj)lQe3x*j(Iw?%r*K2tNt<T%VJEXG{>hTV&ux
zoE6^bo<F@(ILr&&LajVI1$;Y^E=HsvbPQ-{c6tFHgKdz?6_id~I_5|Az=Ptqe)<%|
z9xK|wQE92qiD~J${g};?W|zb2hRjSN4r`9JXWY)Pu@V_7w1dx8^}OkFd>&7PywLg(
z7&kCg@@>tg0-C!=4BzQ1;t8o2YIRod2Q^&NqexTJG#k8Z6bfhH5?vy?YJsu?wl@O@
zRNa}Y8;14%q!5y$_$aEa$W3KAFtAA8lopbuB4b7Nf~>c!h&`Vze_)mZ3RqaAlveby
zln6o(aK26U{NpD^Se_UJ9Fost*=x<DoyC0=tNQ$e2{~Ec{xlQ1=#kvT16{~78km$;
z^As!F--cA|rk#l2z`eS7&OH&60<AlezOvFpS@e^Uq?72p31~lxRqbIl_mlUN)&6WS
zpCNe^{H@0wrqcUi%k^y>W@XAxTo-(3QDd-(o1z8V(Z|-e!{Ob6EJX-L`qvyi{>G<n
z(CEZuK(*Xeu#+0$tmgJ5P&pUEU@D*uC028pHRu^B;xp|uBM|!C1%h}#vj-B!ya^T&
zP=@@m29uDto=U^H{uWx;VaW_f&^GBIquajhQ$X_1Dl{BxmtQs)H6l>o>d<wB^<Lz1
zc}Qu=?s_>&={F(WFENXJ;cBPYyc*o}>t)x%AmUD+Lg$R=c5C1tcRx|Hyi&DjRb?d8
z_jm)JlcI)!PUyj)_6uByn`ou*<!*j(J>5P3qEK72hED1rzQxVcG^Pw)7Ts)#gZYE_
z-9D9(x^PrL4bIIO@Fa#W+65DT@93o8^89+#!%Zc8OT}XO+7UHaaOhR+R%8M+n3>@&
z7H7$w5zj6&WWV+!X(ij&Nw~UEHwR9?0!U9v#T-5V@MKt{^m8y}^1l}?DzzR{XurUT
zrJoHt0*^jmr~U#-`40WT*t=>3sH$qi8U@o2eG5>J9t2xMi(F*y;Gi?qFvl2;yeBfl
zYK7Qpldr0o96||)ilM<+Us{2Wr@G=GeU(&R;)!|}m)ReFm_K);mQ<CX=@V>rQo=$w
zX$}1qTZUmEJFr}V5Sh!a%N?7E5NJNb!mrM)t8q}JQyc3weOxyk!lIISzDlm}Y=LMf
zb)mDMc<Qx7-8eaWXVEOK<LU9h?o3>#D~Ef87&6pQI?kc&&Uz``F~$i?eg%1&=&Ok@
zrh~(GO24!gH6$`_FUK+U<$G?o70c0wKRIS&SHDAVH2)^aBllUJ75lkLy^<o_5$5Z*
z#>{S7DKDN&p{{W{Bq}oua5cAt|1<TU&(GVB8W&XG7EeMybBdJNJ6r6e`()Tlx%7OE
zu37nz`Id(Ig>8_F2B^vI&1SPa(=T&{AV~mPcyX3x!{=|FAK{=|z7M-DRi^u-UT*&#
zfo5XozKr~MwZlhaY{dP3(ADG<S}v3cpZHXkd?4(_D0;(WdB<Ld@++?7OZ$K!iE%T5
z=G(M~z>X>j%cTNG2Uhmr=jWYW|3@wVoo#Qeby?v9cJALzjSJ`~`j<`}P_U%!LHf>s
z+VkOkSLd?IO{dWq;6_!x4|(>7K`g_*`{S3$dG4ZYeG?yfNv8~63B_O-O;fYJ**Oos
zy4_doAij=r&z$TAB~Jl+ox1%Y0=VB^Anva`(V6|-yp&rHjn@TcFAU6(VEca3owl{R
zCkK4AfnBDV4*g8-?C4gLXOaxV)B6tx4l_@~YiGee|1@3PwfXQ67qwqY%~;ob`Kq3#
zWw#n=m4|uxL>D_n*jf8z@?PBg6}XD02_u299ylY(h6&V^_>{FOwL*~KT$zrb0o^eN
zm!ZpR+o5|xMff;zU2smm*zb;ge@D0LHh9cW%{gCPcihUb@M~I$mPyXF6935r7Isak
zm*Jtq?mW+G?ow&<sMd>_hV7Y(McE+Ju!v(X#js?R$g*Ce^$3cEI`%%1YF$+ZGd;kK
zm6UdF*r^<~0OM#OV>!UpziZ(501rSyb7L;QqI~n*QenS0wmRsG=B9!TI~RX|W~GAC
z`rI^&b7*4>En*xqw=G+$PT5ln@w=r@W`>F4Ou%k%W4Lq7enl}+YjA%7I#rF&YqT+j
z04cSwi-`44)Q|pV*_w88Dug~s6$Kv8U7g%Sq{om_$!>KOmytE5$DleAnE0uo8eIbE
zalNmnot_-poZZ5+&?(*i9-mgVgg^F@Hy!ytIkh@8-euKs8cc5ILlvL0&#OB2<p`}h
z(N%7E_upnR%~;=hzB_~em93FZVT%^&y&5QCB4eL%Bg9}*#x6Q}W>s)%Q}B&P($d<%
ziqwlJ+8}oPAU;NYk{-ik_bgP*lZ99C93s4I23uqs4|$zzV(as#RX*n@iH~v1k6)`H
z<zKhx-x+y+nIe!6N>pP-r&O~~1LuVrGbYNGCC2xNct9N%%=*geM)*rGsu7oxFr(83
zlKJ_w+@ebOYqL`BBGd)Cx486~&#vJI@-^B`a$&h$8M`itt2&1sTr(;%@o4#?$?(#)
z!)4xCIR!W!(?q&#VK<dftldJ40?~}G1fIJWtLE9+Wn3sI-+((nKE?=QeJTqY`}!+;
zjb6b@-qepMAoi*M-zvF$$_rM5ZvPka;gD)r8fN@yf8edkkYW^_tx)CdM#alS<X0NJ
zH1xMS8I+x!=tJRJX&`DIT&d_T3VMnd@>(^5IKm-sL0fhti}ctAx2r7^-Mu=pnZ^fm
z{%nJ~s;7k7ZwMAxcqk}z@8;~Pj?H+0mYanD?SxgeY-2Z>y+}&TIt+bWB$EiDX{Yfu
z0n(YDdwob*QDG0M!93~(qqcBKJs~4k9Y}}mVQ>+)JqkAHT_en?<C4dcs^eV~lwOLs
zrI)kseA-BFi4rmahXVsGdq87ThlFlDhPtL{7_ur<S6xj}wYVv@B5D;m2;u6n>IG+V
z%$iI2g%BQMER;DzmITxH0tbXYD#3(yPDMlToLoN0-!JfYFNM;%a4XpLmyE#kdmLG9
zb2{1>mYUQ#y(rjqy~yrPtp|AW2m$x!)8b{Xo^9x`fJEjLw{*THE<r+aY!wQO9$$Gg
z(H-!A8CSwr3>XOfvG{zFL9t2gsaSR}^ZS~Kh_7ZgW+q_3KlzB@agoL*Gi>H9<NTl|
zD<epHjG`3yqXR9F2~S^|Ue~_~P$BZa&AmfJ<@!jYeD>IRwa5U_<;P(aG<$H_-}%rQ
z7o|Iimm53UqfP8D_KFqEuENRMf``4??S0&0!who&Qhoz`nJCVjcRj3~V+xB|yAXli
zH`3qkq<B?V+>JgTk8BEfX@DzlOs{*m6fcveNnS>(U?~~doJeo0+llAr7lR#gr0yE3
z2b=JE>ZCxL;B-sT|4xU*<%_Y;H^iv&wM~fRUR(+iS*i$Nq<`v${WCbwbCS@yR8+?^
z3E*wHc@3t5Lgd&jkP?8OF!(g{YKm#4T4NP%RQFSP;#z(Ce!GmD!xFe}g`w-|JZ^rZ
zY#;R(-(0mLZVtgYov1FhC|Wo8km$|y3!L4;9l7wl%h?3ROx>$yc<k{m*Vs<2{cl7M
z{P(n1UPz8IKlf#6uVWaO`&{;3Ae>jA4Y@H^<FzmYp+7g3?_{*5j!^~HI{>{5@@d(f
zam>$O4LQM|;dQV&YNXcuS~z;R_qYj4Rpw8GD`J6%{0J-tzvzJjT$IkkhcroDPA)2m
z)DG6F!Ynk?8hL5(lIK`c%4~|w%esa;+ViL>E%X@bL~?`I(L_fs8tMekJT4|C^FTj?
z=(90wg!w*xt*A4?d6b+-!Er9PX^Z<yrjn@*a2z3H6vi9G4S%rMy=;hOwIY;v(H+dQ
zh4wx2_a7o<yDJLg{p(V$RC|&NrW=Cf#+PMyP9+XI|12m(7x{ciL^MJc)wl#yIr59w
z%g-mn<mEpxDbH0bSbeC^$t!NEkr6l5if7^{o-V0K7<tzj;4}2tG=V^dH>rg1Sx0@P
zfz_N9K9A+2L=)|OGECv29^ay-%&c->Yy0q%1D>{el%@WUaDWm8M<zK*)XpRi*-7ML
z<%0q%tL_7rYiTXaOA|-O7qRkFewH+X;1QOT6<sk){j_XmeG3-O$noIM);~DY3k3G>
z81W2HSjn4RqFn9a$qB!vOXH|`1tUc^UlLyJVM_9caK=w~96QH6J_LNkM-n2udb;W$
zyS;wTS^tIMre}bMt(1%S#jiVYhK;NgEbVimXV&rkV<e(-dGnmJx$BRL@B{S0=|zi0
ztRu>Em5IV_IgjLJ(<m{AV4MJ0n=3cxNG`lpwkXX`9!A(|3obpkzH=Sg7|oTGm}cR*
zGiDjoMe|`p0z9O9^6q8Q1%%?tY?Z93MHH~g%|TWy3v1uOjVDIv!d5Gk)$TieC@}sN
zog1c>zH<?g-fEMope(W&>>iz}{_A{fkqSS;tEC%VlsvtJJs1eRxC>K4Xk==LOXLG#
z@lT}8i$%Z*Cv^n=b&Se8eVV+-iE7xLpi-h*lnML>xh3?0!d`8t*G;UHJvy?A=&czu
z>FID{ST(WR>{!2vYXeqqr7=via?ZcXDWM<}IqwAUzC19}o|;11et8lsq|plgP-Cig
z%0+5J!YUnwtMU7;pr0!rtZ}umHPGNgj{c92q@vlpVOl^ZsB66eKjTD6wC9nETJ)tB
z`rCotyss24*k%4`r-k`digGh^43JF*w||e^lR^FG`24A^1g+}aB2z<d!bxCg7UH(_
za9g5EC$7qZhhxEov4b40tu!&&XpY25k*h<J1NwXfGEEz_kPIygpV_`Z6CIwgWiAcj
z<j=lEVX1?DTfwYGD02gHk$;))k^e!CyxNhFc*4~8=JD^HJMj?+fc_!=rzC%0u;SNf
zcafpd#tgxk6RV}bgrWFK7WvaCRE<tQ6RFNtTgKVTt>1NJg5(*Ak$*X7iFSnf?{M1&
zB5Q0}6Z3R;?xE&KS8Zj>j{?q@R8Y~+9$bE2cwJd)giV?1b|!1;>+Lu3II=Wx+#@o|
zDz!y@vM*|ss^b7xHswKn*n@|D!hVcaW+9Q6_l!Rk#<pI#86YkZXW}IfKH@9`70__9
zm&`XOiI9E(j`W-G4LK`xB~+vl5ejoga*x_Qa^lyLG}&tpfblS+MlH0lgwT_&Z&8$&
zKBJIc2=j5F03+73;$~3ku^F#g=t>qd<0x21)p@3@DfZyzs4V!iQ4v^hjUxJXN_KeZ
ziY!E(Q4u#Y#lkdy&(Fk2cff#l=}#iSQLcQ?=kZ;I^jRB2V%|<2Up66U_tj43&4-n^
z{O)qsqfFV=Pt1G7i_MHt;`Z&)!FOhpK}cck2ZiW7I%aAYBg(JA+8kMm$}6)J9NE+n
zrS`VUoQl9KdHpn+UdstIcNqSn(1rHBzqK2lH2HM~m@D^DCPBa9N$^q%JWK7<{B(Wm
zBhPyu11g03l4Y(#O(HKc5k+`n0q~28t)kw>7xgoLHIXzKhN_$Dp921F8+r;g&sweB
zNp&0Yb$eZueqK&840#`}L`g8nHJhEzoqfOaP;4c$;87C#lf_O&h$YfRLp{Q$xJ8G?
zlKbq%kWY&3i;@mfd!@{{|8ll6|7Py~%a!ry?aPDt=$mD{K73L{Ovv%Mqv9bI-izH{
zm%!EX>AkV;Kdwm$eL9hrC5vHADsr@O?J$6Ai%U)E6hDRy8q>lLs-pQ|oa7drev)lT
zb(l|67DQpfJ^2$OMf24oV?)x`{@AKLnwUR2gjxR3oqD>e%gRaK4Yv$i%2z;^QptZ?
zQRZ=}MOWZqI(f-e$e9*s20u?2{|=!Fv_sT5GYiP|D0h;)J<QTvZ*ju?iLB)fAqw%b
zk-q4hPEC)aLYo*ipQxU1tOc|HD@~tWtl=_bd-FJB;eY_pdr+UPM(-gSVcZc!JEsse
zd`7Upe|!(rrN*-j_~c9tM8kU98hqTl*kNS5Pbw1)b=&!rx3r3Y_4@#<DJ$JBab~9}
z%aCJu&wdFyrD=amN2p+eWp<Q}!{am1g4!69?_mmPWZ3yzH4+`7F^mjm!CE%W%lUfW
zmq=hKuhD&=LjWRgz-oXDRysKJnt%EzV}Qi~p6FAdHVTp(9X-DMp9^jT1#SO;O)^*|
zgsSiMg$GC~F#Os~Z~9kCbimtd&e9zb^12(;M&XrdFPl{H2&d#y<czx<&ZL|Icqf(T
zDWgvUT92YLK?lK%^<z*dyn?;eNAwB(JI_B5&viXO8w7c4_0%l9&Nc*G@FScJ=^zIu
z1?XEMT-2*|;GzW>72vj88uw#5oWS?{%I$SkE~KfpF)k$O0a~faRu-`~FfhjtXNBKS
z!cS3HXSRt+@g^p-=sGjdkK9WHx0_Othl-76=C^6VK3RKE+Fbj&j!4xp3A{sVRFy%0
zK3!Ru6j;=T>-m%cHI^t8yrzZmsX!*p5z`bNZ($#g>uDrh+kLQKQKg1LfXe43i0UA)
zQa>Kzc>>u%sMJRm7NI(u`{;m1N=A%{WmlNStFi-Vd2{AqSNOCS2h{HknM-r7jd8aL
zyE5W5za!i4m}Yslr8{f2Mb2p3J;@2m%aY?^=Lv)%FCx@TL2CFe?_(H;qf*(iHMIrr
zCSd>g0Rf@6x&tp=#cLRI5NkTfV*{wTmed?`$nRgpiint;OuvlE+8b&bkf%8ZoW5{F
zU1K`WovA^X-A6;M*llJj0;mB=cQt+Wmw5**g98fAzqXhWv&sh4s<Qx(r;wb3K*QQR
zyi@4WrjKA%>&`QnmIgNwdWUW({)dC->mv9omF;xduvQZeJgb-qODm|aPC+U%E#2E`
z=F8FZ#w{J^XN?NmP^sxA>JWI7(znj)8fL~4ZL7#Sv>PJ)#U8R@>#c^~^Ri1z^3N_6
zOvpbx>z4hex#J(`C(XYfk+`n=(Gg6S_?7E$CPCs@-)K2oP?z8LN;bNE1BMEgDdBPR
zVKO6HHE0X38hZzQ-2Y_pjS38W?3p$*qC@R}rYr)h^hT2c1h>2_UJp>EwjMo~X)eCx
zJj?5|J=tUNp&0mjreU-RDyYm%U-wq;c7?BG!eQP9MX&1{BpoF1vT~CUctrBH_qE69
z%&(O<?43L>d!F>0({D$x*0t2m9eee_&amV5ilJ_zapBGtUORi!i~E%MN~<quZUgiV
zaToR5f{B!@P*A9yeUuH(p<w}=;B-Y0s?n)QK0CSkaH8RW1g5MxtT{rIg+?D-F?Mfy
zexEW%!qaJ*_wJz#IkM+PPG1Y6bK(aJr6Bl#e`g#Rb?g^DMuR14{KaPjJlLg&3E>$D
z>@CS(Bq%U=abR*WJZvXxruwmLuXRupRVGE|a9B{uo-V5PhNNwFmn+n!t}H@!6LbAk
z`8LI-mlDND6a+NqbCzg+NF#^TO9x=K_Us8FGK%-iUN;Myw}E#_di{0SPbCsD6b2fl
zo?ckw+##x+dR}Z$D0%D$|M7EmkrZ`iYa7OAYK@8&-MLIK&P)})80j)@twA;nS`>?G
zvg~DtYksR)*!DQh@}A$}SM2~=9D1leS7+Oa>PGy2?xo8x^Z01ay^$XCs#@6T+7ic+
z9Scj3-NMcfsah_T2scSlo(LoVW#^C8j<=#Ly^JNERR9D=xg5qLGeL{&rB=HoBND~u
z@9Jn4>yCrVEBLVuzK9vARyM-pQVoqcyS1Ho22}vK`ZF$r<C6%n<xUtGlhj~4l?d0r
zRn`r!R-OBYc=9FZDfVAz$^(+4yl3noE`+Cu=LSj9dYCc`6x0C|l<P2_ylyl!G`ufw
z$3?|%e58oHT_o>{>sVs0xeRw3K5pkLs&vMzH~S}M`b3iGfh}7O{0QlX?;B@#?zZ0S
zhKr6`iSE3gkb=5_DW?UzU_F=QeC_R(PNOxN-r=UTr3o2x7n{@`fK5xBoe7}dL!UL)
zQCsjYB~v@<ZW_bEfSZPpM&nc=_N7(rf`w(x+QBRiK*FUoBG<pH9%v(#&^9cc{DpOm
zWzp<+?S8C+#pS<~B(ts5OUsvHUU#DY0}H+O#iV+^jd7-BRH|W=RsEKh$%x5lc_)?D
zEg_kiaLD+tG-kAaPuRa`QVM)CA@i?lEbyV~UcmmWCLL()6#QLiND4$M7{3g%&C(X6
znNq%H?M*`>ipH@On)NtqpiQm5=U>eK?Wv<cRbIGa(|B2$px``{8v%_J7PCVB_d6ZM
zh(-TX#Y_jWn<X16$oI(-Uq2leqGs_I$JGkF{OhCw6jZlpNn&b~o+4z@s}vJ|VGH(n
z1p>qpb;4I*2pp1B(1{e7TatA4;tTiwO$cnyYkiuy4|sw6B+TPmJt{+5WUqfONk*(7
z>8tW|h%BMlKFc(0C{RKH_eaIQcL=tpHV&^%>p?e;vsLoZq<dzSdDkb$01SNgK*JmU
zAbOc0{UCOKMH)Daie@dQ?j>OL$NXs;9>BjyC@~DG1`ek32H2P41cDVc#bG2flb&K^
zRnB7je*`}_#{DDcCGZaMO;9O3Jmks$N$~${x<D1*)}%nyO+%UtDBH3O*kWDnreZM7
zN5$s91p|OT)a{7WvKb~hLjl#!XB-}ybtuYL2@PF3o~iGy`e=C5_DQQraXs7n@siTo
zi95@Ql>2cOO|}_{S3O(FA<JO<qqof#al8q2i7;qBiF?2+M<+gU%y7G`-Hm==_^JBk
zEkJ8{oeaF9{<^HzAkey(*Tz?XG0z>X#GAIiQvZ2ceSD;YB#<Et(=k?X+<j?Yb*Ye7
zgYlr3n7V5F*QeiQwQ^O~T?XptJb7THh!7I#_}uAdB#HE@OD^d8#fdTAi`0e8Q+I-g
zL`IWc^GsHE(x{TL9s&h36!)iMI+9Zm2r}n9GuTdOp1#8b1q4%&`{xnjbIbm*%y(UG
z!e_g3{e@<m9t<(0ymipdHQ&xC0k+5BIIPA4x=Wa)bp!qLf-bQ`irN$<N`YYEVo!+U
zobHRH`-^94>ys1EPfhQ{DOl8erA0!`?b5S@29(u>%b=D@xH3%0&O=06603{L+NLJ!
z!akQuuNW-p7P8Cw=C7b@sR9uCRv|Xq{fw8IziSRj>RBnfI(PSz>7hD_=zds6_!&f>
z$8cCCU9>$XkgSd?a(Ly(FhZ(yy(p#=Uo#8+wY=Ys=8rl)T6}I*U|WIcYVvP-m+F1^
zn9(nmCxE2`53aFNJFnS{IM(w76U|?v2`+g%M|iA>3c=jdPeB^EuSJ3c&1%CIae;8f
ztUoVvrK5N&^jvDNo!XhpgTR$A+TTNRz_KMu7~w3kXyNIBQ|(~2?ZTX$)R@aPH>~!N
zm(}4SR}CZ{vT^OlMvmyUSu}33>dDR+y{`7KVbNiRTieaoIt{}k81$da9#9cj3CV0u
zPgQCa(%MIJx?<Lz`|BAo;Hnr50{3;VxUp!!4c!n{?^Sn_wakW__N6=~UNBqoihEvx
zU-uVSz(9D!5p~XK)~Ts33bkw=g7fME$jGYUq?~8Ps2hrQlX)3qVoKvbWe*p$MkS@%
z?yy%-(;YB*0&<<p9Li%<OXyUnZv}~%1H0IaCM<E0;4PP`A;*}`0`7^ne(aomV`osV
z>lO%e)cTdq7<vTuy?mtuf!9!mS@aiWPj>rB4es|@n`Cqf;}_GHjvXT<qaU|BTsgQ$
z+zKH=UMogS(P?Xlk~+`?hfLq*92yuE3F>zYb9KVg7oVHvevgEfFLcDcTE1oA_o+WV
z+CAD*uCaJ6%Qq1R*}SHHxe0X|{d8YjzWZGB+RZo$oXE;?pSu`FUytECE>??{R(Scg
zVlkow!?*&Jmo(AVa%!(BX%YJk5zh_-sB;uvJC|04F}~T=c#9enJI^H6JlX-8lKQ$x
zB$147c8ny1l1alH8kn&cL>T1x8aS7eN<JuXp#9Nz^!lq;*o8D;ujqY0Z~hTQedm>D
zVdZr^R=-2#hu-Hpec8g-z_pH<GRWjCwE{=j*=iDwQy)A{)}>hgGq&~i%fa=i;b-~Q
z#TmfpNL?x2#c8Pg?pKFJbb;qXZ6vG@aH|x11vA$#(M<-7QpFmt;jewK&7m@vI_HHg
z71fk=)Ly-eg>A_hY&=h#TCm4HPGR#*_P?7oIgGs>$QDaqTjjk{z*fUd%o2=cE{S8G
zCJ?W_OK8?4cma|*EuC_INnbfpzqgzkZVS!oWzUU#%pEM-Vx9Z+x96t+;H=BK_8*k^
z&t&T|^8IIu0n1nm?*o*u3L0`k=Th~J&8&+6mKGQQze)AwP-+dSoVpruYV`#<^~Gll
zK$4vL8Wpt$bIy8+y>e~OE-EUP?E-UNfG+b4ecCr=C~}%Aw*>E542m{^1UlUBoOHx4
z1wf6i#M=MX72Q|R0U`h*03z_;M&SR>pXz^GcR>w-2!IHH2>jOwc!j-aYpYItxch(N
z^Isbys1}F-hyaKHhyaKHhyaKHhyaKHhyaKHhyaKHhyaKHhyaKHhyaKHhyaKHhyaKH
zhyaKHhyaKHhyaKHhyaKHhyaKHhyaKHhyaKHhyaKHhyaKHhyaKHhyaKHhyaKHhyaKH
ahyaKHhyaKHhyaKHhyaKHh`|4E1pWu@tQ)}q

literal 0
HcmV?d00001

diff --git a/blobs/xx30/x230-ifd.bin b/blobs/xx30/x230-ifd.bin
new file mode 100644
index 0000000000000000000000000000000000000000..be3cc7eb7940225743905f1d39bd6040fa385b08
GIT binary patch
literal 4096
zcmezW9~DF`{lL%6$imFVBp{@~sK}toz`%g4LWW_2Cr}6sK;j^VG{b*xW(Fw+Mg}H^
z|MIBn85p>^7#LVsBp5k3kj)t^?567i9{h|D|A0uQhbIsmD64^+!QcpkBg1qChMCBc
zb<PkT6ObA#{vp*JARmybXH@-Y2#kinXb6mkz-S1JhQMeDjE2By2#kin&<KG;3Stbb
z3ako;6vUyl1ekvB01<!h01<!h01;Q%1rb-+1rb-+1re7ifQZW!K*VJVAmT$K6d<m=
tFTudzZW!ceU>+X+-$Kt&&p^-6$jtP=p^>lC|6osdKUbHb<Q=ly3IL!z3HJa1

literal 0
HcmV?d00001

diff --git a/boards/x230-external-flash/x230-external-flash.config b/boards/x230-external-flash/x230-external-flash.config
new file mode 100644
index 000000000..5eaa7b515
--- /dev/null
+++ b/boards/x230-external-flash/x230-external-flash.config
@@ -0,0 +1,60 @@
+# Configuration for a x230 running Qubes and other OSes
+#Includes deactivated+neutered ME and expended consequent IFD 
+export CONFIG_COREBOOT=y
+CONFIG_COREBOOT_CONFIG=config/coreboot-x230-external-flash.config
+CONFIG_LINUX_CONFIG=config/linux-x230-external-flash.config
+
+CONFIG_CRYPTSETUP=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+CONFIG_DROPBEAR=y
+
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000E=y
+
+export CONFIG_TPM=y
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
+export CONFIG_BOOT_KERNEL_REMOVE="quiet"
+export CONFIG_BOOT_DEV="/dev/sda1"
+export CONFIG_BOOT_GUI_MENU_NAME="Thinkpad X230-Neutered_ME Heads Boot Menu"
+export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
+export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
+export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:laptop=force_I_want_a_brick,ich_spi_mode=hwseq"
+
+# This board has two SPI flash chips, an 8 MB that holds the IFD,
+# the ME image and part of the coreboot image, and a 4 MB one that
+# has the rest of the coreboot and the reset vector.
+#
+# This x230-external-flash board includes neutralized+deactivated Intel ME produced from the following command: 
+#   wget https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe && innoextract g1rg24ww.exe && python ~/me_cleaner/me_cleaner.py -r -t -O heads/blobs/xx30/me.bin app/ME8_5M_Production.bin
+#       
+# As a consequence, this replaces the need of having to flash x230-flash and expends available CBFS region (11.5Mb available CBFS space)
+#
+# When flashing via an external programmer it is easiest to have
+# to separate files for these pieces.
+all: $(build)/$(BOARD)/$(BOARD)-bottom.rom
+$(build)/$(BOARD)/$(BOARD)-bottom.rom: $(build)/$(BOARD)/coreboot.rom
+	$(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none)
+	@sha256sum $@
+
+all: $(build)/$(BOARD)/$(BOARD)-top.rom
+$(build)/$(BOARD)/$(BOARD)-top.rom: $(build)/$(BOARD)/coreboot.rom
+	$(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none)
+	@sha256sum $@
diff --git a/config/coreboot-x230-external-flash.config b/config/coreboot-x230-external-flash.config
new file mode 100644
index 000000000..0f6d8f816
--- /dev/null
+++ b/config/coreboot-x230-external-flash.config
@@ -0,0 +1,29 @@
+CONFIG_LOCALVERSION="heads"
+CONFIG_ANY_TOOLCHAIN=y
+# CONFIG_INCLUDE_CONFIG_FILE is not set
+# CONFIG_COLLECT_TIMESTAMPS is not set
+CONFIG_USE_BLOBS=y
+CONFIG_MEASURED_BOOT=y
+CONFIG_VENDOR_LENOVO=y
+CONFIG_CBFS_SIZE=0xB80000
+CONFIG_HAVE_IFD_BIN=y
+CONFIG_IFD_BIN_PATH="../../blobs/xx30/x230-ifd.bin"
+CONFIG_HAVE_ME_BIN=y
+CONFIG_ME_BIN_PATH="../../blobs/xx30/me.bin"
+# CONFIG_POST_IO is not set
+# CONFIG_POST_DEVICE is not set
+CONFIG_DRIVERS_UART_8250IO=y
+CONFIG_BOARD_LENOVO_X230=y
+CONFIG_DRIVERS_PS2_KEYBOARD=y
+CONFIG_UART_PCI_ADDR=0
+CONFIG_NO_GFX_INIT=y
+# CONFIG_CONSOLE_SERIAL is not set
+CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000
+CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y
+CONFIG_PAYLOAD_LINUX=y
+CONFIG_PAYLOAD_FILE="../../build/x230-external-flash/bzImage"
+CONFIG_PAYLOAD_OPTIONS=""
+# CONFIG_PXE is not set
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
+CONFIG_LINUX_INITRD="../../build/x230-external-flash/initrd.cpio.xz"
+CONFIG_DEBUG_SMM_RELOCATION=y
diff --git a/config/linux-x230-external-flash.config b/config/linux-x230-external-flash.config
new file mode 100644
index 000000000..dd5af0c15
--- /dev/null
+++ b/config/linux-x230-external-flash.config
@@ -0,0 +1,322 @@
+CONFIG_LOCALVERSION="-heads"
+# CONFIG_LOCALVERSION_AUTO is not set
+CONFIG_KERNEL_XZ=y
+# CONFIG_SWAP is not set
+# CONFIG_CROSS_MEMORY_ATTACH is not set
+# CONFIG_FHANDLE is not set
+CONFIG_NO_HZ_IDLE=y
+CONFIG_LOG_BUF_SHIFT=18
+CONFIG_BLK_DEV_INITRD=y
+CONFIG_INITRAMFS_SOURCE="../../../blobs/dev.cpio"
+# CONFIG_RD_GZIP is not set
+# CONFIG_RD_BZIP2 is not set
+# CONFIG_RD_LZMA is not set
+# CONFIG_RD_LZO is not set
+# CONFIG_RD_LZ4 is not set
+CONFIG_CC_OPTIMIZE_FOR_SIZE=y
+# CONFIG_SGETMASK_SYSCALL is not set
+# CONFIG_SYSFS_SYSCALL is not set
+# CONFIG_BASE_FULL is not set
+# CONFIG_SIGNALFD is not set
+# CONFIG_TIMERFD is not set
+# CONFIG_EVENTFD is not set
+# CONFIG_AIO is not set
+# CONFIG_ADVISE_SYSCALLS is not set
+# CONFIG_MEMBARRIER is not set
+CONFIG_EMBEDDED=y
+# CONFIG_VM_EVENT_COUNTERS is not set
+# CONFIG_SLUB_DEBUG is not set
+# CONFIG_COMPAT_BRK is not set
+CONFIG_JUMP_LABEL=y
+CONFIG_CC_STACKPROTECTOR_STRONG=y
+CONFIG_MODULES=y
+# CONFIG_IOSCHED_DEADLINE is not set
+# CONFIG_IOSCHED_CFQ is not set
+CONFIG_SMP=y
+# CONFIG_X86_EXTENDED_PLATFORM is not set
+CONFIG_PROCESSOR_SELECT=y
+# CONFIG_CPU_SUP_CENTAUR is not set
+CONFIG_PREEMPT_VOLUNTARY=y
+CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y
+# CONFIG_X86_MCE_AMD is not set
+# CONFIG_PERF_EVENTS_INTEL_RAPL is not set
+# CONFIG_MICROCODE is not set
+# CONFIG_SPARSEMEM_VMEMMAP is not set
+# CONFIG_COMPACTION is not set
+# CONFIG_BOUNCE is not set
+CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
+CONFIG_X86_PMEM_LEGACY=y
+# CONFIG_MTRR is not set
+# CONFIG_X86_SMAP is not set
+# CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS is not set
+# CONFIG_SECCOMP is not set
+CONFIG_KEXEC=y
+CONFIG_KEXEC_FILE=y
+# CONFIG_RELOCATABLE is not set
+CONFIG_PHYSICAL_ALIGN=0x1000000
+# CONFIG_MODIFY_LDT_SYSCALL is not set
+# CONFIG_SUSPEND is not set
+CONFIG_ACPI_VIDEO=y
+CONFIG_PCI_MSI=y
+# CONFIG_HT_IRQ is not set
+CONFIG_PCI_IOV=y
+CONFIG_PCI_PRI=y
+# CONFIG_COREDUMP is not set
+CONFIG_NET=y
+CONFIG_PACKET=y
+CONFIG_UNIX=y
+CONFIG_INET=y
+CONFIG_SYN_COOKIES=y
+# CONFIG_INET_XFRM_MODE_TRANSPORT is not set
+# CONFIG_INET_XFRM_MODE_TUNNEL is not set
+# CONFIG_INET_XFRM_MODE_BEET is not set
+# CONFIG_INET_DIAG is not set
+# CONFIG_IPV6 is not set
+# CONFIG_WIRELESS is not set
+# CONFIG_UEVENT_HELPER is not set
+CONFIG_DEVTMPFS=y
+CONFIG_DEVTMPFS_MOUNT=y
+# CONFIG_STANDALONE is not set
+# CONFIG_FIRMWARE_IN_KERNEL is not set
+# CONFIG_ALLOW_DEV_COREDUMP is not set
+CONFIG_BLK_DEV_LOOP=y
+CONFIG_BLK_DEV_RAM=y
+CONFIG_BLK_DEV_RAM_SIZE=65536
+CONFIG_EEPROM_93CX6=m
+CONFIG_INTEL_MEI_ME=m
+CONFIG_INTEL_MEI_TXE=m
+# CONFIG_SCSI_PROC_FS is not set
+CONFIG_BLK_DEV_SD=y
+CONFIG_BLK_DEV_SR=y
+CONFIG_CHR_DEV_SG=y
+CONFIG_SCSI_SCAN_ASYNC=y
+CONFIG_ISCSI_TCP=y
+CONFIG_ATA=y
+CONFIG_SATA_AHCI=y
+# CONFIG_ATA_SFF is not set
+CONFIG_MD=y
+CONFIG_BLK_DEV_DM=y
+CONFIG_DM_CRYPT=y
+CONFIG_DM_VERITY=y
+CONFIG_DM_VERITY_FEC=y
+CONFIG_NETDEVICES=y
+# CONFIG_NET_VENDOR_3COM is not set
+# CONFIG_NET_VENDOR_ADAPTEC is not set
+# CONFIG_NET_VENDOR_AGERE is not set
+# CONFIG_NET_VENDOR_ALTEON is not set
+# CONFIG_NET_VENDOR_AMAZON is not set
+# CONFIG_NET_VENDOR_AMD is not set
+# CONFIG_NET_VENDOR_ARC is not set
+# CONFIG_NET_VENDOR_ATHEROS is not set
+# CONFIG_NET_CADENCE is not set
+# CONFIG_NET_VENDOR_BROADCOM is not set
+# CONFIG_NET_VENDOR_BROCADE is not set
+# CONFIG_NET_VENDOR_CAVIUM is not set
+# CONFIG_NET_VENDOR_CHELSIO is not set
+# CONFIG_NET_VENDOR_CISCO is not set
+# CONFIG_NET_VENDOR_DEC is not set
+# CONFIG_NET_VENDOR_DLINK is not set
+# CONFIG_NET_VENDOR_EMULEX is not set
+# CONFIG_NET_VENDOR_EZCHIP is not set
+# CONFIG_NET_VENDOR_EXAR is not set
+# CONFIG_NET_VENDOR_HP is not set
+CONFIG_E1000=m
+CONFIG_E1000E=m
+# CONFIG_NET_VENDOR_I825XX is not set
+# CONFIG_NET_VENDOR_MARVELL is not set
+# CONFIG_NET_VENDOR_MELLANOX is not set
+# CONFIG_NET_VENDOR_MICREL is not set
+# CONFIG_NET_VENDOR_MYRI is not set
+# CONFIG_NET_VENDOR_NATSEMI is not set
+# CONFIG_NET_VENDOR_NETRONOME is not set
+# CONFIG_NET_VENDOR_NVIDIA is not set
+# CONFIG_NET_VENDOR_OKI is not set
+# CONFIG_NET_PACKET_ENGINE is not set
+# CONFIG_NET_VENDOR_QLOGIC is not set
+# CONFIG_NET_VENDOR_QUALCOMM is not set
+# CONFIG_NET_VENDOR_REALTEK is not set
+# CONFIG_NET_VENDOR_RENESAS is not set
+# CONFIG_NET_VENDOR_RDC is not set
+# CONFIG_NET_VENDOR_ROCKER is not set
+# CONFIG_NET_VENDOR_SAMSUNG is not set
+# CONFIG_NET_VENDOR_SEEQ is not set
+# CONFIG_NET_VENDOR_SILAN is not set
+# CONFIG_NET_VENDOR_SIS is not set
+# CONFIG_NET_VENDOR_SMSC is not set
+# CONFIG_NET_VENDOR_STMICRO is not set
+# CONFIG_NET_VENDOR_SUN is not set
+# CONFIG_NET_VENDOR_TEHUTI is not set
+# CONFIG_NET_VENDOR_TI is not set
+# CONFIG_NET_VENDOR_VIA is not set
+# CONFIG_NET_VENDOR_WIZNET is not set
+# CONFIG_NET_VENDOR_SYNOPSYS is not set
+# CONFIG_USB_NET_DRIVERS is not set
+# CONFIG_WLAN is not set
+# CONFIG_INPUT_MOUSE is not set
+# CONFIG_SERIO_SERPORT is not set
+# CONFIG_UNIX98_PTYS is not set
+# CONFIG_LEGACY_PTYS is not set
+CONFIG_SERIAL_8250=y
+# CONFIG_SERIAL_8250_DEPRECATED_OPTIONS is not set
+# CONFIG_SERIAL_8250_PNP is not set
+# CONFIG_SERIAL_8250_PCI is not set
+# CONFIG_SERIAL_8250_LPSS is not set
+# CONFIG_SERIAL_8250_MID is not set
+CONFIG_TTY_PRINTK=y
+CONFIG_HW_RANDOM=y
+CONFIG_HW_RANDOM_TIMERIOMEM=m
+CONFIG_HW_RANDOM_INTEL=m
+CONFIG_HW_RANDOM_AMD=m
+CONFIG_HW_RANDOM_VIA=m
+CONFIG_HW_RANDOM_TPM=m
+CONFIG_TCG_TPM=y
+CONFIG_TCG_TIS=y
+# CONFIG_I2C_COMPAT is not set
+CONFIG_I2C_MUX=m
+CONFIG_I2C_MUX_PCA9541=m
+CONFIG_I2C_MUX_REG=m
+# CONFIG_I2C_HELPER_AUTO is not set
+CONFIG_I2C_SLAVE=y
+CONFIG_PTP_1588_CLOCK=y
+# CONFIG_HWMON is not set
+# CONFIG_X86_PKG_TEMP_THERMAL is not set
+CONFIG_MFD_SYSCON=y
+CONFIG_DRM=y
+CONFIG_DRM_I915=y
+CONFIG_FB_VESA=y
+CONFIG_BACKLIGHT_LCD_SUPPORT=y
+# CONFIG_LCD_CLASS_DEVICE is not set
+CONFIG_BACKLIGHT_CLASS_DEVICE=y
+# CONFIG_BACKLIGHT_GENERIC is not set
+CONFIG_FRAMEBUFFER_CONSOLE=y
+CONFIG_USB=y
+CONFIG_USB_XHCI_HCD=m
+CONFIG_USB_XHCI_PLATFORM=m
+CONFIG_USB_EHCI_HCD=m
+CONFIG_USB_EHCI_HCD_PLATFORM=m
+CONFIG_USB_STORAGE=m
+CONFIG_RTC_CLASS=y
+# CONFIG_X86_PLATFORM_DEVICES is not set
+CONFIG_INTEL_IOMMU=y
+CONFIG_INTEL_IOMMU_SVM=y
+CONFIG_GENERIC_PHY=y
+# CONFIG_BLK_DEV_PMEM is not set
+# CONFIG_ND_BLK is not set
+# CONFIG_BTT is not set
+# CONFIG_FIRMWARE_MEMMAP is not set
+# CONFIG_DMIID is not set
+CONFIG_GOOGLE_FIRMWARE=y
+CONFIG_GOOGLE_MEMCONSOLE_X86_LEGACY=y
+# CONFIG_EXT2_FS is not set
+CONFIG_EXT4_FS=y
+CONFIG_EXT4_USE_FOR_EXT2=y
+# CONFIG_DNOTIFY is not set
+# CONFIG_INOTIFY_USER is not set
+CONFIG_ISO9660_FS=y
+CONFIG_JOLIET=y
+CONFIG_MSDOS_FS=y
+CONFIG_VFAT_FS=y
+# CONFIG_PROC_SYSCTL is not set
+# CONFIG_PROC_PAGE_MONITOR is not set
+CONFIG_TMPFS=y
+# CONFIG_MISC_FILESYSTEMS is not set
+CONFIG_NLS_DEFAULT="utf8"
+CONFIG_NLS_CODEPAGE_437=y
+CONFIG_NLS_ISO8859_1=y
+CONFIG_NLS_UTF8=y
+CONFIG_PRINTK_TIME=y
+CONFIG_BOOT_PRINTK_DELAY=y
+# CONFIG_ENABLE_WARN_DEPRECATED is not set
+# CONFIG_ENABLE_MUST_CHECK is not set
+CONFIG_FRAME_WARN=1024
+# CONFIG_UNUSED_SYMBOLS is not set
+CONFIG_MAGIC_SYSRQ=y
+CONFIG_HARDLOCKUP_DETECTOR=y
+CONFIG_WQ_WATCHDOG=y
+# CONFIG_SCHED_DEBUG is not set
+CONFIG_STACKTRACE=y
+# CONFIG_DEBUG_BUGVERBOSE is not set
+# CONFIG_RCU_TRACE is not set
+# CONFIG_FTRACE is not set
+# CONFIG_STRICT_DEVMEM is not set
+# CONFIG_X86_VERBOSE_BOOTUP is not set
+# CONFIG_DOUBLEFAULT is not set
+CONFIG_IO_DELAY_0XED=y
+CONFIG_OPTIMIZE_INLINING=y
+# CONFIG_X86_DEBUG_FPU is not set
+CONFIG_HARDENED_USERCOPY=y
+CONFIG_CRYPTO_RSA=m
+CONFIG_CRYPTO_USER=y
+CONFIG_CRYPTO_MCRYPTD=m
+CONFIG_CRYPTO_AUTHENC=m
+CONFIG_CRYPTO_CCM=m
+CONFIG_CRYPTO_GCM=m
+CONFIG_CRYPTO_CHACHA20POLY1305=m
+CONFIG_CRYPTO_CTS=m
+CONFIG_CRYPTO_LRW=y
+CONFIG_CRYPTO_PCBC=m
+CONFIG_CRYPTO_XTS=y
+CONFIG_CRYPTO_KEYWRAP=m
+CONFIG_CRYPTO_CMAC=m
+CONFIG_CRYPTO_HMAC=y
+CONFIG_CRYPTO_XCBC=m
+CONFIG_CRYPTO_VMAC=m
+CONFIG_CRYPTO_CRC32C_INTEL=y
+CONFIG_CRYPTO_CRC32=m
+CONFIG_CRYPTO_CRC32_PCLMUL=m
+CONFIG_CRYPTO_CRCT10DIF_PCLMUL=m
+CONFIG_CRYPTO_POLY1305_X86_64=m
+CONFIG_CRYPTO_MD4=m
+CONFIG_CRYPTO_MICHAEL_MIC=m
+CONFIG_CRYPTO_RMD128=m
+CONFIG_CRYPTO_RMD160=m
+CONFIG_CRYPTO_RMD256=m
+CONFIG_CRYPTO_RMD320=m
+CONFIG_CRYPTO_SHA1_SSSE3=y
+CONFIG_CRYPTO_SHA256=y
+CONFIG_CRYPTO_TGR192=m
+CONFIG_CRYPTO_WP512=m
+CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m
+CONFIG_CRYPTO_AES_NI_INTEL=y
+CONFIG_CRYPTO_ANUBIS=m
+CONFIG_CRYPTO_ARC4=m
+CONFIG_CRYPTO_BLOWFISH=m
+CONFIG_CRYPTO_BLOWFISH_X86_64=m
+CONFIG_CRYPTO_CAMELLIA=m
+CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=m
+CONFIG_CRYPTO_CAST5_AVX_X86_64=m
+CONFIG_CRYPTO_CAST6_AVX_X86_64=m
+CONFIG_CRYPTO_DES3_EDE_X86_64=m
+CONFIG_CRYPTO_FCRYPT=m
+CONFIG_CRYPTO_KHAZAD=m
+CONFIG_CRYPTO_SALSA20=m
+CONFIG_CRYPTO_CHACHA20_X86_64=m
+CONFIG_CRYPTO_SEED=m
+CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m
+CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m
+CONFIG_CRYPTO_TEA=m
+CONFIG_CRYPTO_TWOFISH=m
+CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m
+CONFIG_CRYPTO_DEFLATE=m
+CONFIG_CRYPTO_LZO=y
+CONFIG_CRYPTO_842=m
+CONFIG_CRYPTO_LZ4=m
+CONFIG_CRYPTO_LZ4HC=m
+CONFIG_CRYPTO_ANSI_CPRNG=m
+CONFIG_CRYPTO_DRBG_HASH=y
+CONFIG_CRYPTO_DRBG_CTR=y
+CONFIG_CRYPTO_USER_API_HASH=y
+CONFIG_CRYPTO_USER_API_SKCIPHER=y
+CONFIG_CRYPTO_USER_API_RNG=y
+CONFIG_CRYPTO_USER_API_AEAD=y
+# CONFIG_CRYPTO_HW is not set
+# CONFIG_VIRTUALIZATION is not set
+CONFIG_CRC_CCITT=m
+CONFIG_CRC_T10DIF=y
+CONFIG_CRC_ITU_T=m
+CONFIG_CRC7=m
+CONFIG_LIBCRC32C=m
+CONFIG_CRC8=m
+CONFIG_XZ_DEC_TEST=m
+CONFIG_CORDIC=m
+CONFIG_IRQ_POLL=y

From 9a3a4bcf724c06f90be1fa9781c0c066569585ff Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Thu, 16 Apr 2020 16:01:51 -0400
Subject: [PATCH 02/34] CIs: adding ncurses devel packages to both
 Ubuntu(CircleCI) and Fedora(GitlabCI) CIs for better user local
 reproducibility of host local builds. (required for make menuconfig and make
 savedefconfig to move reduced configs back to config directory containing
 minimal changes)

---
 .circleci/config.yml                    |   2 +-
 .gitlab-ci.yml.deprecated               |   2 +-
 config/linux-x230-external-flash.config | 322 ------------------------
 3 files changed, 2 insertions(+), 324 deletions(-)
 delete mode 100644 config/linux-x230-external-flash.config

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 49d0fd088..b6ed85821 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -8,7 +8,7 @@ jobs:
           name: Install dependencies
           command: |
             apt update
-            apt install -y build-essential zlib1g-dev uuid-dev libdigest-sha-perl libelf-dev bc bzip2 bison flex git gnupg iasl m4 nasm patch python wget gnat cpio ccache pkg-config cmake libusb-1.0-0-dev autoconf texinfo
+            apt install -y build-essential zlib1g-dev uuid-dev libdigest-sha-perl libelf-dev bc bzip2 bison flex git gnupg iasl m4 nasm patch python wget gnat cpio ccache pkg-config cmake libusb-1.0-0-dev autoconf texinfo ncurses-dev
       - checkout
 
       - restore_cache:
diff --git a/.gitlab-ci.yml.deprecated b/.gitlab-ci.yml.deprecated
index 9e493e737..db30bf7c7 100644
--- a/.gitlab-ci.yml.deprecated
+++ b/.gitlab-ci.yml.deprecated
@@ -14,7 +14,7 @@ build:
       - ./
     key: "$CI_COMMIT_REF_SLUG"
   script:
-    - dnf install -y @development-tools gcc-c++ gcc-gnat zlib-devel perl-Digest-MD5 perl-Digest-SHA uuid-devel pcsc-tools ncurses-devel lbzip2 libuuid-devel lzma elfutils-libelf-devel bc bzip2 bison flex git gnupg iasl m4 nasm patch python wget libusb-devel cmake automake pv bsdiff autoconf libtool expat-devel boost-devel libaio-devel cpio texinfo
+    - dnf install -y @development-tools gcc-c++ gcc-gnat zlib-devel perl-Digest-MD5 perl-Digest-SHA uuid-devel pcsc-tools ncurses-devel lbzip2 libuuid-devel lzma elfutils-libelf-devel bc bzip2 bison flex git gnupg iasl m4 nasm patch python wget libusb-devel cmake automake pv bsdiff autoconf libtool expat-devel boost-devel libaio-devel cpio texinfo ncurses-devel
     - git fetch origin 
     - git reset --hard origin/$CI_COMMIT_REF_NAME
     - make BOARD=x230-external-flash || (find ./build/log/ -cmin 1|xargs tail; exit 1)
diff --git a/config/linux-x230-external-flash.config b/config/linux-x230-external-flash.config
deleted file mode 100644
index dd5af0c15..000000000
--- a/config/linux-x230-external-flash.config
+++ /dev/null
@@ -1,322 +0,0 @@
-CONFIG_LOCALVERSION="-heads"
-# CONFIG_LOCALVERSION_AUTO is not set
-CONFIG_KERNEL_XZ=y
-# CONFIG_SWAP is not set
-# CONFIG_CROSS_MEMORY_ATTACH is not set
-# CONFIG_FHANDLE is not set
-CONFIG_NO_HZ_IDLE=y
-CONFIG_LOG_BUF_SHIFT=18
-CONFIG_BLK_DEV_INITRD=y
-CONFIG_INITRAMFS_SOURCE="../../../blobs/dev.cpio"
-# CONFIG_RD_GZIP is not set
-# CONFIG_RD_BZIP2 is not set
-# CONFIG_RD_LZMA is not set
-# CONFIG_RD_LZO is not set
-# CONFIG_RD_LZ4 is not set
-CONFIG_CC_OPTIMIZE_FOR_SIZE=y
-# CONFIG_SGETMASK_SYSCALL is not set
-# CONFIG_SYSFS_SYSCALL is not set
-# CONFIG_BASE_FULL is not set
-# CONFIG_SIGNALFD is not set
-# CONFIG_TIMERFD is not set
-# CONFIG_EVENTFD is not set
-# CONFIG_AIO is not set
-# CONFIG_ADVISE_SYSCALLS is not set
-# CONFIG_MEMBARRIER is not set
-CONFIG_EMBEDDED=y
-# CONFIG_VM_EVENT_COUNTERS is not set
-# CONFIG_SLUB_DEBUG is not set
-# CONFIG_COMPAT_BRK is not set
-CONFIG_JUMP_LABEL=y
-CONFIG_CC_STACKPROTECTOR_STRONG=y
-CONFIG_MODULES=y
-# CONFIG_IOSCHED_DEADLINE is not set
-# CONFIG_IOSCHED_CFQ is not set
-CONFIG_SMP=y
-# CONFIG_X86_EXTENDED_PLATFORM is not set
-CONFIG_PROCESSOR_SELECT=y
-# CONFIG_CPU_SUP_CENTAUR is not set
-CONFIG_PREEMPT_VOLUNTARY=y
-CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y
-# CONFIG_X86_MCE_AMD is not set
-# CONFIG_PERF_EVENTS_INTEL_RAPL is not set
-# CONFIG_MICROCODE is not set
-# CONFIG_SPARSEMEM_VMEMMAP is not set
-# CONFIG_COMPACTION is not set
-# CONFIG_BOUNCE is not set
-CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
-CONFIG_X86_PMEM_LEGACY=y
-# CONFIG_MTRR is not set
-# CONFIG_X86_SMAP is not set
-# CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS is not set
-# CONFIG_SECCOMP is not set
-CONFIG_KEXEC=y
-CONFIG_KEXEC_FILE=y
-# CONFIG_RELOCATABLE is not set
-CONFIG_PHYSICAL_ALIGN=0x1000000
-# CONFIG_MODIFY_LDT_SYSCALL is not set
-# CONFIG_SUSPEND is not set
-CONFIG_ACPI_VIDEO=y
-CONFIG_PCI_MSI=y
-# CONFIG_HT_IRQ is not set
-CONFIG_PCI_IOV=y
-CONFIG_PCI_PRI=y
-# CONFIG_COREDUMP is not set
-CONFIG_NET=y
-CONFIG_PACKET=y
-CONFIG_UNIX=y
-CONFIG_INET=y
-CONFIG_SYN_COOKIES=y
-# CONFIG_INET_XFRM_MODE_TRANSPORT is not set
-# CONFIG_INET_XFRM_MODE_TUNNEL is not set
-# CONFIG_INET_XFRM_MODE_BEET is not set
-# CONFIG_INET_DIAG is not set
-# CONFIG_IPV6 is not set
-# CONFIG_WIRELESS is not set
-# CONFIG_UEVENT_HELPER is not set
-CONFIG_DEVTMPFS=y
-CONFIG_DEVTMPFS_MOUNT=y
-# CONFIG_STANDALONE is not set
-# CONFIG_FIRMWARE_IN_KERNEL is not set
-# CONFIG_ALLOW_DEV_COREDUMP is not set
-CONFIG_BLK_DEV_LOOP=y
-CONFIG_BLK_DEV_RAM=y
-CONFIG_BLK_DEV_RAM_SIZE=65536
-CONFIG_EEPROM_93CX6=m
-CONFIG_INTEL_MEI_ME=m
-CONFIG_INTEL_MEI_TXE=m
-# CONFIG_SCSI_PROC_FS is not set
-CONFIG_BLK_DEV_SD=y
-CONFIG_BLK_DEV_SR=y
-CONFIG_CHR_DEV_SG=y
-CONFIG_SCSI_SCAN_ASYNC=y
-CONFIG_ISCSI_TCP=y
-CONFIG_ATA=y
-CONFIG_SATA_AHCI=y
-# CONFIG_ATA_SFF is not set
-CONFIG_MD=y
-CONFIG_BLK_DEV_DM=y
-CONFIG_DM_CRYPT=y
-CONFIG_DM_VERITY=y
-CONFIG_DM_VERITY_FEC=y
-CONFIG_NETDEVICES=y
-# CONFIG_NET_VENDOR_3COM is not set
-# CONFIG_NET_VENDOR_ADAPTEC is not set
-# CONFIG_NET_VENDOR_AGERE is not set
-# CONFIG_NET_VENDOR_ALTEON is not set
-# CONFIG_NET_VENDOR_AMAZON is not set
-# CONFIG_NET_VENDOR_AMD is not set
-# CONFIG_NET_VENDOR_ARC is not set
-# CONFIG_NET_VENDOR_ATHEROS is not set
-# CONFIG_NET_CADENCE is not set
-# CONFIG_NET_VENDOR_BROADCOM is not set
-# CONFIG_NET_VENDOR_BROCADE is not set
-# CONFIG_NET_VENDOR_CAVIUM is not set
-# CONFIG_NET_VENDOR_CHELSIO is not set
-# CONFIG_NET_VENDOR_CISCO is not set
-# CONFIG_NET_VENDOR_DEC is not set
-# CONFIG_NET_VENDOR_DLINK is not set
-# CONFIG_NET_VENDOR_EMULEX is not set
-# CONFIG_NET_VENDOR_EZCHIP is not set
-# CONFIG_NET_VENDOR_EXAR is not set
-# CONFIG_NET_VENDOR_HP is not set
-CONFIG_E1000=m
-CONFIG_E1000E=m
-# CONFIG_NET_VENDOR_I825XX is not set
-# CONFIG_NET_VENDOR_MARVELL is not set
-# CONFIG_NET_VENDOR_MELLANOX is not set
-# CONFIG_NET_VENDOR_MICREL is not set
-# CONFIG_NET_VENDOR_MYRI is not set
-# CONFIG_NET_VENDOR_NATSEMI is not set
-# CONFIG_NET_VENDOR_NETRONOME is not set
-# CONFIG_NET_VENDOR_NVIDIA is not set
-# CONFIG_NET_VENDOR_OKI is not set
-# CONFIG_NET_PACKET_ENGINE is not set
-# CONFIG_NET_VENDOR_QLOGIC is not set
-# CONFIG_NET_VENDOR_QUALCOMM is not set
-# CONFIG_NET_VENDOR_REALTEK is not set
-# CONFIG_NET_VENDOR_RENESAS is not set
-# CONFIG_NET_VENDOR_RDC is not set
-# CONFIG_NET_VENDOR_ROCKER is not set
-# CONFIG_NET_VENDOR_SAMSUNG is not set
-# CONFIG_NET_VENDOR_SEEQ is not set
-# CONFIG_NET_VENDOR_SILAN is not set
-# CONFIG_NET_VENDOR_SIS is not set
-# CONFIG_NET_VENDOR_SMSC is not set
-# CONFIG_NET_VENDOR_STMICRO is not set
-# CONFIG_NET_VENDOR_SUN is not set
-# CONFIG_NET_VENDOR_TEHUTI is not set
-# CONFIG_NET_VENDOR_TI is not set
-# CONFIG_NET_VENDOR_VIA is not set
-# CONFIG_NET_VENDOR_WIZNET is not set
-# CONFIG_NET_VENDOR_SYNOPSYS is not set
-# CONFIG_USB_NET_DRIVERS is not set
-# CONFIG_WLAN is not set
-# CONFIG_INPUT_MOUSE is not set
-# CONFIG_SERIO_SERPORT is not set
-# CONFIG_UNIX98_PTYS is not set
-# CONFIG_LEGACY_PTYS is not set
-CONFIG_SERIAL_8250=y
-# CONFIG_SERIAL_8250_DEPRECATED_OPTIONS is not set
-# CONFIG_SERIAL_8250_PNP is not set
-# CONFIG_SERIAL_8250_PCI is not set
-# CONFIG_SERIAL_8250_LPSS is not set
-# CONFIG_SERIAL_8250_MID is not set
-CONFIG_TTY_PRINTK=y
-CONFIG_HW_RANDOM=y
-CONFIG_HW_RANDOM_TIMERIOMEM=m
-CONFIG_HW_RANDOM_INTEL=m
-CONFIG_HW_RANDOM_AMD=m
-CONFIG_HW_RANDOM_VIA=m
-CONFIG_HW_RANDOM_TPM=m
-CONFIG_TCG_TPM=y
-CONFIG_TCG_TIS=y
-# CONFIG_I2C_COMPAT is not set
-CONFIG_I2C_MUX=m
-CONFIG_I2C_MUX_PCA9541=m
-CONFIG_I2C_MUX_REG=m
-# CONFIG_I2C_HELPER_AUTO is not set
-CONFIG_I2C_SLAVE=y
-CONFIG_PTP_1588_CLOCK=y
-# CONFIG_HWMON is not set
-# CONFIG_X86_PKG_TEMP_THERMAL is not set
-CONFIG_MFD_SYSCON=y
-CONFIG_DRM=y
-CONFIG_DRM_I915=y
-CONFIG_FB_VESA=y
-CONFIG_BACKLIGHT_LCD_SUPPORT=y
-# CONFIG_LCD_CLASS_DEVICE is not set
-CONFIG_BACKLIGHT_CLASS_DEVICE=y
-# CONFIG_BACKLIGHT_GENERIC is not set
-CONFIG_FRAMEBUFFER_CONSOLE=y
-CONFIG_USB=y
-CONFIG_USB_XHCI_HCD=m
-CONFIG_USB_XHCI_PLATFORM=m
-CONFIG_USB_EHCI_HCD=m
-CONFIG_USB_EHCI_HCD_PLATFORM=m
-CONFIG_USB_STORAGE=m
-CONFIG_RTC_CLASS=y
-# CONFIG_X86_PLATFORM_DEVICES is not set
-CONFIG_INTEL_IOMMU=y
-CONFIG_INTEL_IOMMU_SVM=y
-CONFIG_GENERIC_PHY=y
-# CONFIG_BLK_DEV_PMEM is not set
-# CONFIG_ND_BLK is not set
-# CONFIG_BTT is not set
-# CONFIG_FIRMWARE_MEMMAP is not set
-# CONFIG_DMIID is not set
-CONFIG_GOOGLE_FIRMWARE=y
-CONFIG_GOOGLE_MEMCONSOLE_X86_LEGACY=y
-# CONFIG_EXT2_FS is not set
-CONFIG_EXT4_FS=y
-CONFIG_EXT4_USE_FOR_EXT2=y
-# CONFIG_DNOTIFY is not set
-# CONFIG_INOTIFY_USER is not set
-CONFIG_ISO9660_FS=y
-CONFIG_JOLIET=y
-CONFIG_MSDOS_FS=y
-CONFIG_VFAT_FS=y
-# CONFIG_PROC_SYSCTL is not set
-# CONFIG_PROC_PAGE_MONITOR is not set
-CONFIG_TMPFS=y
-# CONFIG_MISC_FILESYSTEMS is not set
-CONFIG_NLS_DEFAULT="utf8"
-CONFIG_NLS_CODEPAGE_437=y
-CONFIG_NLS_ISO8859_1=y
-CONFIG_NLS_UTF8=y
-CONFIG_PRINTK_TIME=y
-CONFIG_BOOT_PRINTK_DELAY=y
-# CONFIG_ENABLE_WARN_DEPRECATED is not set
-# CONFIG_ENABLE_MUST_CHECK is not set
-CONFIG_FRAME_WARN=1024
-# CONFIG_UNUSED_SYMBOLS is not set
-CONFIG_MAGIC_SYSRQ=y
-CONFIG_HARDLOCKUP_DETECTOR=y
-CONFIG_WQ_WATCHDOG=y
-# CONFIG_SCHED_DEBUG is not set
-CONFIG_STACKTRACE=y
-# CONFIG_DEBUG_BUGVERBOSE is not set
-# CONFIG_RCU_TRACE is not set
-# CONFIG_FTRACE is not set
-# CONFIG_STRICT_DEVMEM is not set
-# CONFIG_X86_VERBOSE_BOOTUP is not set
-# CONFIG_DOUBLEFAULT is not set
-CONFIG_IO_DELAY_0XED=y
-CONFIG_OPTIMIZE_INLINING=y
-# CONFIG_X86_DEBUG_FPU is not set
-CONFIG_HARDENED_USERCOPY=y
-CONFIG_CRYPTO_RSA=m
-CONFIG_CRYPTO_USER=y
-CONFIG_CRYPTO_MCRYPTD=m
-CONFIG_CRYPTO_AUTHENC=m
-CONFIG_CRYPTO_CCM=m
-CONFIG_CRYPTO_GCM=m
-CONFIG_CRYPTO_CHACHA20POLY1305=m
-CONFIG_CRYPTO_CTS=m
-CONFIG_CRYPTO_LRW=y
-CONFIG_CRYPTO_PCBC=m
-CONFIG_CRYPTO_XTS=y
-CONFIG_CRYPTO_KEYWRAP=m
-CONFIG_CRYPTO_CMAC=m
-CONFIG_CRYPTO_HMAC=y
-CONFIG_CRYPTO_XCBC=m
-CONFIG_CRYPTO_VMAC=m
-CONFIG_CRYPTO_CRC32C_INTEL=y
-CONFIG_CRYPTO_CRC32=m
-CONFIG_CRYPTO_CRC32_PCLMUL=m
-CONFIG_CRYPTO_CRCT10DIF_PCLMUL=m
-CONFIG_CRYPTO_POLY1305_X86_64=m
-CONFIG_CRYPTO_MD4=m
-CONFIG_CRYPTO_MICHAEL_MIC=m
-CONFIG_CRYPTO_RMD128=m
-CONFIG_CRYPTO_RMD160=m
-CONFIG_CRYPTO_RMD256=m
-CONFIG_CRYPTO_RMD320=m
-CONFIG_CRYPTO_SHA1_SSSE3=y
-CONFIG_CRYPTO_SHA256=y
-CONFIG_CRYPTO_TGR192=m
-CONFIG_CRYPTO_WP512=m
-CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m
-CONFIG_CRYPTO_AES_NI_INTEL=y
-CONFIG_CRYPTO_ANUBIS=m
-CONFIG_CRYPTO_ARC4=m
-CONFIG_CRYPTO_BLOWFISH=m
-CONFIG_CRYPTO_BLOWFISH_X86_64=m
-CONFIG_CRYPTO_CAMELLIA=m
-CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=m
-CONFIG_CRYPTO_CAST5_AVX_X86_64=m
-CONFIG_CRYPTO_CAST6_AVX_X86_64=m
-CONFIG_CRYPTO_DES3_EDE_X86_64=m
-CONFIG_CRYPTO_FCRYPT=m
-CONFIG_CRYPTO_KHAZAD=m
-CONFIG_CRYPTO_SALSA20=m
-CONFIG_CRYPTO_CHACHA20_X86_64=m
-CONFIG_CRYPTO_SEED=m
-CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m
-CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m
-CONFIG_CRYPTO_TEA=m
-CONFIG_CRYPTO_TWOFISH=m
-CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m
-CONFIG_CRYPTO_DEFLATE=m
-CONFIG_CRYPTO_LZO=y
-CONFIG_CRYPTO_842=m
-CONFIG_CRYPTO_LZ4=m
-CONFIG_CRYPTO_LZ4HC=m
-CONFIG_CRYPTO_ANSI_CPRNG=m
-CONFIG_CRYPTO_DRBG_HASH=y
-CONFIG_CRYPTO_DRBG_CTR=y
-CONFIG_CRYPTO_USER_API_HASH=y
-CONFIG_CRYPTO_USER_API_SKCIPHER=y
-CONFIG_CRYPTO_USER_API_RNG=y
-CONFIG_CRYPTO_USER_API_AEAD=y
-# CONFIG_CRYPTO_HW is not set
-# CONFIG_VIRTUALIZATION is not set
-CONFIG_CRC_CCITT=m
-CONFIG_CRC_T10DIF=y
-CONFIG_CRC_ITU_T=m
-CONFIG_CRC7=m
-CONFIG_LIBCRC32C=m
-CONFIG_CRC8=m
-CONFIG_XZ_DEC_TEST=m
-CONFIG_CORDIC=m
-CONFIG_IRQ_POLL=y

From 46d703eca26b604b28be5dd9683c5393d70fcca4 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Thu, 16 Apr 2020 16:09:23 -0400
Subject: [PATCH 03/34] x230-external-flash: remove
 linux-x230-external-flash.config, pointing board config to generic
 linux-x230.config, removing default coreboot statements

---
 .../x230-external-flash/x230-external-flash.config |  2 +-
 config/coreboot-x230-external-flash.config         | 14 ++------------
 2 files changed, 3 insertions(+), 13 deletions(-)

diff --git a/boards/x230-external-flash/x230-external-flash.config b/boards/x230-external-flash/x230-external-flash.config
index 5eaa7b515..3419ac721 100644
--- a/boards/x230-external-flash/x230-external-flash.config
+++ b/boards/x230-external-flash/x230-external-flash.config
@@ -2,7 +2,7 @@
 #Includes deactivated+neutered ME and expended consequent IFD 
 export CONFIG_COREBOOT=y
 CONFIG_COREBOOT_CONFIG=config/coreboot-x230-external-flash.config
-CONFIG_LINUX_CONFIG=config/linux-x230-external-flash.config
+CONFIG_LINUX_CONFIG=config/linux-x230.config
 
 CONFIG_CRYPTSETUP=y
 CONFIG_FLASHROM=y
diff --git a/config/coreboot-x230-external-flash.config b/config/coreboot-x230-external-flash.config
index 0f6d8f816..c732290b4 100644
--- a/config/coreboot-x230-external-flash.config
+++ b/config/coreboot-x230-external-flash.config
@@ -1,29 +1,19 @@
 CONFIG_LOCALVERSION="heads"
 CONFIG_ANY_TOOLCHAIN=y
-# CONFIG_INCLUDE_CONFIG_FILE is not set
-# CONFIG_COLLECT_TIMESTAMPS is not set
-CONFIG_USE_BLOBS=y
 CONFIG_MEASURED_BOOT=y
 CONFIG_VENDOR_LENOVO=y
 CONFIG_CBFS_SIZE=0xB80000
 CONFIG_HAVE_IFD_BIN=y
-CONFIG_IFD_BIN_PATH="../../blobs/xx30/x230-ifd.bin"
 CONFIG_HAVE_ME_BIN=y
+CONFIG_IFD_BIN_PATH="../../blobs/xx30/x230-ifd.bin"
 CONFIG_ME_BIN_PATH="../../blobs/xx30/me.bin"
-# CONFIG_POST_IO is not set
-# CONFIG_POST_DEVICE is not set
-CONFIG_DRIVERS_UART_8250IO=y
 CONFIG_BOARD_LENOVO_X230=y
-CONFIG_DRIVERS_PS2_KEYBOARD=y
+CONFIG_NO_POST=y
 CONFIG_UART_PCI_ADDR=0
 CONFIG_NO_GFX_INIT=y
-# CONFIG_CONSOLE_SERIAL is not set
 CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000
 CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y
 CONFIG_PAYLOAD_LINUX=y
 CONFIG_PAYLOAD_FILE="../../build/x230-external-flash/bzImage"
-CONFIG_PAYLOAD_OPTIONS=""
-# CONFIG_PXE is not set
 CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
 CONFIG_LINUX_INITRD="../../build/x230-external-flash/initrd.cpio.xz"
-CONFIG_DEBUG_SMM_RELOCATION=y

From 463690a6475ecb226a38ca6d5f92a7623189def7 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Sun, 3 May 2020 13:27:33 -0400
Subject: [PATCH 04/34] coreboot and xx30 blobs: testing simple includion of
 extracted gbe.bin without playing with precedent ifd.bin exported by
 me_cleaner per instruction in blobs' README

---
 blobs/xx30/gbe.bin                         | Bin 0 -> 8192 bytes
 config/coreboot-x230-external-flash.config |   1 +
 2 files changed, 1 insertion(+)
 create mode 100644 blobs/xx30/gbe.bin

diff --git a/blobs/xx30/gbe.bin b/blobs/xx30/gbe.bin
new file mode 100644
index 0000000000000000000000000000000000000000..8b5cb854308f8d8e18e0a28800a2d701f849c9a0
GIT binary patch
literal 8192
zcmexx@8kC;>lrxy|G&)O$;i;aAn^bHVS&$ztHhZ^8GwL^9YnG&)i7WX0y20~v>ddZ
zIfNORMAz<O5@iOGAP7|3Frk6LuZ;tw8mtAxVEF%^fsw(%NR-{-KL%i6{Quu$3s@Nj
zfl$n3V!$B6WXND<0djyLgE^2E2htWmS{6u4wHPt@1X%%1Fk)~>kY`}ID9F$Nq#4c#
zFf?$8GF&wk2Fl3;T`~%=g+OL-3o|1|_>T&phXAuJx(EZq9v)1wQIXLQAT<QA<;zjA
z(GVC7fzc2c4S~@R7!85Z5Eu=C(GZ|T2z(%}|IaYm|EERh54@S9{eR+mYoq;t;=*ZE
l73m=`@TI`03r0g=Gz3ONU^E0qLtr!nMnhmU1V%~-0089$pY;F$

literal 0
HcmV?d00001

diff --git a/config/coreboot-x230-external-flash.config b/config/coreboot-x230-external-flash.config
index c732290b4..dc000c43a 100644
--- a/config/coreboot-x230-external-flash.config
+++ b/config/coreboot-x230-external-flash.config
@@ -7,6 +7,7 @@ CONFIG_HAVE_IFD_BIN=y
 CONFIG_HAVE_ME_BIN=y
 CONFIG_IFD_BIN_PATH="../../blobs/xx30/x230-ifd.bin"
 CONFIG_ME_BIN_PATH="../../blobs/xx30/me.bin"
+CONFIG_GBE_BIN_PATH="../../blobs/xx30/gbe.bin"
 CONFIG_BOARD_LENOVO_X230=y
 CONFIG_NO_POST=y
 CONFIG_UART_PCI_ADDR=0

From ce532bbd474513afc658a985543c538335a52eb7 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Mon, 4 May 2020 16:17:43 -0400
Subject: [PATCH 05/34] x230-external-flash: update flasrom options removing
 unneeded options, keeping whole flash of rom.

---
 boards/x230-external-flash/x230-external-flash.config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/boards/x230-external-flash/x230-external-flash.config b/boards/x230-external-flash/x230-external-flash.config
index 3419ac721..3c5f7db7e 100644
--- a/boards/x230-external-flash/x230-external-flash.config
+++ b/boards/x230-external-flash/x230-external-flash.config
@@ -36,7 +36,7 @@ export CONFIG_BOOT_DEV="/dev/sda1"
 export CONFIG_BOOT_GUI_MENU_NAME="Thinkpad X230-Neutered_ME Heads Boot Menu"
 export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
 export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
-export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:laptop=force_I_want_a_brick,ich_spi_mode=hwseq"
+export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
 
 # This board has two SPI flash chips, an 8 MB that holds the IFD,
 # the ME image and part of the coreboot image, and a 4 MB one that

From ef047abba653f84448ec003018ebd675fdb1fe29 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Sun, 9 Aug 2020 16:11:29 -0400
Subject: [PATCH 06/34] x230-external-flash: binding coreboot to version 4.8.1
 for the time being. Rebased on master.

---
 boards/x230-external-flash/x230-external-flash.config | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/boards/x230-external-flash/x230-external-flash.config b/boards/x230-external-flash/x230-external-flash.config
index 3c5f7db7e..aa8a37977 100644
--- a/boards/x230-external-flash/x230-external-flash.config
+++ b/boards/x230-external-flash/x230-external-flash.config
@@ -1,6 +1,8 @@
 # Configuration for a x230 running Qubes and other OSes
 #Includes deactivated+neutered ME and expended consequent IFD 
 export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=4.8.1
+
 CONFIG_COREBOOT_CONFIG=config/coreboot-x230-external-flash.config
 CONFIG_LINUX_CONFIG=config/linux-x230.config
 

From d6f204af7fd4a8616935f20f8d0ea843c3dc599c Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Sun, 9 Aug 2020 16:35:34 -0400
Subject: [PATCH 07/34] CIs: fixup and add x230-external-flash consequently of
 past CIs fixes

---
 .circleci/config.yml      | 95 +++++++++++----------------------------
 .gitlab-ci.yml.deprecated | 94 +++++++++++++++++++++++++++++++++-----
 2 files changed, 108 insertions(+), 81 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index b6ed85821..e22dec24d 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -2,7 +2,7 @@ version: 2
 jobs:
   build:
     docker:
-      - image: ubuntu:18.04
+      - image: debian:bullseye
     steps:
       - run:
           name: Install dependencies
@@ -12,7 +12,7 @@ jobs:
       - checkout
 
       - restore_cache:
-          key: heads-{{ .Branch }}{{ .Environment.CACHE_VERSION }}
+          key: heads-{{ .Environment.CIRCLE_USERNAME }}-{{ .Environment.CACHE_VERSION }}
 
       - run:
           name: git reset
@@ -74,26 +74,6 @@ jobs:
           command: |
              cat build/qemu-coreboot/hashes.txt \
 
-      - run:
-          name: librem_mini_v2
-          command: |
-            rm -rf build/librem_mini_v2/* build/log/* && make CPUS=4 V=1 BOARD=librem_mini_v2 || touch /tmp/failed_build
-          no_output_timeout: 3h
-      - run:
-          name: Output build failing logs
-          command: |
-            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
-      - run:
-          name: Output librem_mini_v2 hashes
-          command: |
-            cat build/librem_mini_v2/hashes.txt \
-      - run:
-          name: Archiving build logs for librem_mini_v2
-          command: |
-             tar zcvf build/librem_mini_v2/logs.tar.gz build/log/*
-      - store-artifacts:
-          path: build/librem_mini_v2
-
       - run:
           name: x230-flash
           #We delete build/make-4.2.1/ directory until issue #799 is fixed.
@@ -116,12 +96,12 @@ jobs:
       - run:
           name: t430-flash
           command: |
-            rm -rf build/t430-flash/* build/log/* && make CPUS=4 \
+            rm -rf build/make-4.2.1/ build/qemu-coreboot/* && make --load 2 \
                 V=1 \
-                BOARD=t430-flash || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
+                BOARD=qemu-coreboot \
           no_output_timeout: 3h
       - run:
-          name: Ouput t430-flash hashes
+          name: Output qemu-coreboot hashes
           command: |
             cat build/t430-flash/hashes.txt \
       - run:
@@ -129,48 +109,19 @@ jobs:
           command: |
              tar zcvf build/t430-flash/logs.tar.gz build/log/*
       - store-artifacts:
-          path: build/qemu-coreboot/hashes.txt
-
-      - run:
-          name: x230-external-flash
-          command: |
-            rm -rf build/t430/* build/log/* && make CPUS=4 \
-                V=1 \
-                BOARD=t430  || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
-          no_output_timeout: 3h
-      - run:
-          name: Ouput t430 hashes
-          command: |
-            cat build/x230-external-flash/hashes.txt \
-      - run:
-          name: Archiving build logs to bundle in artifacts
-          command: |
-            tar zcvf logs.tar.gz ./build/log/*
+          path: build/t430-flash
 
-      - run:
-          name: x230
-          command: |
-            rm -rf build/x230/* build/log/* && make CPUS=4 \
-                V=1 \
-                BOARD=x230 || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
-          no_output_timeout: 3h
-      - run:
-          name: Ouput x230 hashes
-          command: |
-            cat build/x230/hashes.txt \
-      - run:
-          name: Archiving build logs for x230
-          command: |
-             tar zcvf build/x230/logs.tar.gz build/log/*
+      - store-artifacts:
+          path: build/qemu-coreboot/coreboot.rom
       - store-artifacts:
           path: build/x230
 
       - run:
           name: x230-hotp-verification
           command: |
-            rm -rf build/x230-hotp-verification/* build/log/* && make CPUS=4 \
+            rm -rf build/x230-hotp-verification/* build/log/* && make --load 2 \
                 V=1 \
-                BOARD=x230-hotp-verification || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
+                BOARD=x230-hotp-verification \
           no_output_timeout: 3h
       - run:
           name: Ouput x230-hotp-verification hashes
@@ -184,29 +135,29 @@ jobs:
           path: build/x230-hotp-verification
 
       - run:
-          name: x230-nkstorecli
+          name: x230-external-flash
           command: |
-            rm -rf build/x230-nkstorecli/* build/log/* && make CPUS=4 \
+            make --load 2 \
                 V=1 \
-                BOARD=x230-nkstorecli || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
+                BOARD=x230-external-flash \
           no_output_timeout: 3h
       - run:
-          name: Ouput x230-nkstorecli hashes
+          name: Ouput x230-external-flash hashes
           command: |
-            cat build/x230-nkstorecli/hashes.txt \
+            cat build/x230-external-flash/hashes.txt \
       - run:
-          name: Archiving build logs for x230-nkstorecli
+          name: Archiving build logs for x230-external-flash
           command: |
-             tar zcvf build/x230-nkstorecli/logs.tar.gz build/log/*
+            tar zcvf build/x230-external-flash/logs.tar.gz ./build/log/*
       - store-artifacts:
-          path: build/x230-nkstorecli
+          path: build/x230-external-flash
 
       - run:
           name: qemu-coreboot
           command: |
-            rm -rf build/qemu-coreboot/* build/log/* && make CPUS=4 \
+            rm -rf build/make-4.2.1/ build/qemu-coreboot/* build/log/* && make --load 2 \
                 V=1 \
-                BOARD=qemu-coreboot || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
+                BOARD=qemu-coreboot \
           no_output_timeout: 3h
       - run:
           name: Output qemu-coreboot hashes
@@ -216,6 +167,10 @@ jobs:
           name: Archiving build logs for qemu-coreboot
           command: |
              tar zcvf build/qemu-coreboot/logs.tar.gz build/log/*
+      - store-artifacts:
+          path: build/x230-external-flash/coreboot.rom
+      - store-artifacts:
+          path: build/x230-external-flash/x230-external-flash-bottom.rom
       - store-artifacts:
           path: build/x230-external-flash/x230-external-flash-top.rom
       - store-artifacts:
@@ -224,7 +179,7 @@ jobs:
           path: logs.tar.gz
 
       - save_cache:
-          key: heads-{{ .Branch }}{{ .Environment.CACHE_VERSION }}
+          key: heads-{{ .Environment.CIRCLE_USERNAME }}-{{ .Environment.CACHE_VERSION }}
           paths:
             - packages
             - crossgcc
diff --git a/.gitlab-ci.yml.deprecated b/.gitlab-ci.yml.deprecated
index db30bf7c7..28c9f7ea2 100644
--- a/.gitlab-ci.yml.deprecated
+++ b/.gitlab-ci.yml.deprecated
@@ -8,24 +8,96 @@ stages:
 
 build:
   stage: build
-  retry: 2
+  retry: 1
   cache:
     paths:
-      - ./
-    key: "$CI_COMMIT_REF_SLUG"
+      - packages
+      - crossgcc
+      - build
+    key: "heads-$GITLAB_USER_LOGIN-2"
   script:
-    - dnf install -y @development-tools gcc-c++ gcc-gnat zlib-devel perl-Digest-MD5 perl-Digest-SHA uuid-devel pcsc-tools ncurses-devel lbzip2 libuuid-devel lzma elfutils-libelf-devel bc bzip2 bison flex git gnupg iasl m4 nasm patch python wget libusb-devel cmake automake pv bsdiff autoconf libtool expat-devel boost-devel libaio-devel cpio texinfo ncurses-devel
+    - dnf install -y @development-tools gcc-c++ gcc-gnat zlib-devel perl-Digest-MD5 perl-Digest-SHA uuid-devel pcsc-tools ncurses-devel lbzip2 libuuid-devel lzma elfutils-libelf-devel bc bzip2 bison flex git gnupg iasl m4 nasm patch python wget libusb-devel cmake automake pv bsdiff autoconf libtool cpio texinfo
     - git fetch origin 
     - git reset --hard origin/$CI_COMMIT_REF_NAME
+
+    - echo "Removing old x230-flash artifacts..."
+    - rm -rf ./build/x230-flash/*
+    - rm -rf ./build/log/*
+    - echo "Building BOARD=x230-flash board..."
+    - make BOARD=x230-flash || (find ./build/log/ -cmin 1|xargs tail; exit 1)
+    - echo "x230-flash hashes:"
+    - cat ./build/x230-flash/hashes.txt
+    - echo "Archiving x230-flash logs..."
+    - tar zcvf ./build/x230-flash/logs.tar.gz ./build/log/*
+
+    - echo "Removing old t430-flash artifacts..."
+    - rm -rf ./build/t430-flash/*
+    - rm -rf ./build/log/*
+    - echo "Building BOARD=t430-flash board..."
+    - make BOARD=t430-flash || (find ./build/log/ -cmin 1|xargs tail; exit 1)
+    - echo "t430-flash hashes:"
+    - cat ./build/t430-flash/hashes.txt
+    - echo "Archiving t430-flash logs..."
+    - tar zcvf ./build/t430-flash/logs.tar.gz ./build/log/*
+
+    - echo "Removing old x230-external-flash artifacts..."
+    - rm -rf ./build/x230-external-flash/*
+    - rm -rf ./build/log/*
+    - echo "Building BOARD=x230-external-flash board..."
     - make BOARD=x230-external-flash || (find ./build/log/ -cmin 1|xargs tail; exit 1)
     - echo "x230-external-flash hashes:"
     - cat ./build/x230-external-flash/hashes.txt
-    - tar zcvf logs.tar.gz ./build/log/*
+    - echo "Archiving x230-external-flash logs..."
+
+    - tar zcvf ./build/x230-external-flash/logs.tar.gz ./build/log/*
+    - echo "Removing old x230-hotp-verification artifacts..."
+    - rm -rf ./build/x230-hotp-verification/*
+    - rm -rf ./build/log/*
+    - echo "Building BOARD=x230-hotp-verification board..."
+    - make BOARD=x230-hotp-verification || (find ./build/log/ -cmin 1|xargs tail; exit 1)
+    - echo "x230-hotp-verification hashes:"
+    - cat ./build/x230-hotp-verification/hashes.txt
+    - echo "Archiving x230-hotp-verification logs..."
+    - tar zcvf ./build/x230-hotp-verification/logs.tar.gz ./build/log/*
+
+    - echo "Removing old x230 artifacts..."
+    - rm -rf ./build/x230/*
+    - rm -rf ./build/log/*
+    - echo "Building BOARD=x230 board..."
+    - make BOARD=x230 || (find ./build/log/ -cmin 1|xargs tail; exit 1)
+    - echo "x230 hashes:"
+    - cat ./build/x230/hashes.txt
+    - echo "Archiving x230 logs..."
+    - tar zcvf ./build/x230/logs.tar.gz ./build/log/*
+
+    - echo "Removing old t430 artifacts..."
+    - rm -rf ./build/t430/*
+    - rm -rf ./build/log/*
+    - echo "Building BOARD=t430 board..."
+    - make BOARD=t430 || (find ./build/log/ -cmin 1|xargs tail; exit 1)
+    - echo "t430 hashes:"
+    - cat ./build/t430/hashes.txt
+    - echo "Archiving t430 logs..."
+    - tar zcvf ./build/t430/logs.tar.gz ./build/log/*
+
+    - echo "Removing old qemu-coreboot artifacts..."
+    - rm -rf ./build/qemu-coreboot/*
+    - rm -rf ./build/log/*
+    - echo "Building BOARD=qemu-coreboot board..."
+    - make BOARD=qemu-coreboot || (find ./build/log/ -cmin 1|xargs tail; exit 1)
+    - echo "qemu-coreboot hashes:"
+    - cat ./build/qemu-coreboot/hashes.txt
+    - echo "Archiving qemu-coreboot logs..."
+    - tar zcvf ./build/qemu-coreboot/logs.tar.gz ./build/log/*
+
+    - echo "Calculate used space for cache"
+    - du -shc packages crossgcc build
   artifacts:
     paths:
-      - ./build/x230-external-flash/coreboot.rom
-      - ./build/x230-external-flash/x230-external-flash-top.rom
-      - ./build/x230-external-flash/x230-external-flash-bottom.rom
-      - ./build/x230-external-flash/hashes.txt
-      - ./build/x230-external-flash/initrd.cpio.xz
-      - ./logs.tar.gz
+      - ./build/qemu-coreboot
+      - ./build/x230-flash
+      - ./build/t430-flash
+      - ./build/x230-hotp-verification
+      - ./build/x230-external-flash
+      - ./build/x230
+      - ./build/t430

From 65077ab0afb55189560154e5e842f8b02743f6c3 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Tue, 18 Aug 2020 11:06:39 -0400
Subject: [PATCH 08/34] Adding generated bincfg coreboot 4.8.1 patch, resulting
 gbe.bin in blobs/xx30/gbe.bin and instructions to replicate in README prior
 of automation

---
 blobs/xx30/README                             |  13 +
 blobs/xx30/gbe.bin                            | Bin 8192 -> 8192 bytes
 ...incfg-Intel_GBE_82579LM_set_and_spec.patch | 471 ++++++++++++++++++
 3 files changed, 484 insertions(+)
 create mode 100644 patches/coreboot-4.8.1/0061-bincfg-Intel_GBE_82579LM_set_and_spec.patch

diff --git a/blobs/xx30/README b/blobs/xx30/README
index 85eab2bda..7f26c9b8e 100644
--- a/blobs/xx30/README
+++ b/blobs/xx30/README
@@ -18,6 +18,19 @@ ls -al blobs/x230/*.bin
 -rw-r--r-- 1 user user  4096 Mar 15 12:55 blobs/x230/x230-ifd.bin
 -rw-r--r-- 1 user user 98304 Mar 15 14:33 blobs/x230/me.bin
 
+blobs/x230/gbe.bin is generated per bincfg from the following coreboot patch: https://review.coreboot.org/c/coreboot/+/44510 
+And then by following those instructions:
+# Use this target to generate GbE for X220/x230
+gen-gbe-82579LM:
+	./bincfg gbe-82579LM.spec gbe-82579LM.set gbe1.bin
+	# duplicate binary as per spec
+	cat gbe1.bin gbe1.bin > ../../../../blobs/xx30/gbe.bin
+	rm -f gbe1.bin
+
+sha256sum:
+9f72818e23290fb661e7899c953de2eb4cea96ff067b36348b3d061fd13366e5  blobs/xx30/gbe.bin
+
+
 Notes: as specified in first link, this ME can be deployed to:
     Helix (Type 3xxx)
     T430, T430i, T430s, T430si, T431s
diff --git a/blobs/xx30/gbe.bin b/blobs/xx30/gbe.bin
index 8b5cb854308f8d8e18e0a28800a2d701f849c9a0..0c9dfa1df053c351547cf46596df7cab4c9e8500 100644
GIT binary patch
delta 158
zcmZp0XmF5XxVQGe|91==|NmcR_zwk#1sE9G8YW7aNHs8^gBuLY4H`o14HG|#F)_4E
V7Gx6J+`?MJwRr*SI~J-M1^_i+IBx&|

literal 8192
zcmexx@8kC;>lrxy|G&)O$;i;aAn^bHVS&$ztHhZ^8GwL^9YnG&)i7WX0y20~v>ddZ
zIfNORMAz<O5@iOGAP7|3Frk6LuZ;tw8mtAxVEF%^fsw(%NR-{-KL%i6{Quu$3s@Nj
zfl$n3V!$B6WXND<0djyLgE^2E2htWmS{6u4wHPt@1X%%1Fk)~>kY`}ID9F$Nq#4c#
zFf?$8GF&wk2Fl3;T`~%=g+OL-3o|1|_>T&phXAuJx(EZq9v)1wQIXLQAT<QA<;zjA
z(GVC7fzc2c4S~@R7!85Z5Eu=C(GZ|T2z(%}|IaYm|EERh54@S9{eR+mYoq;t;=*ZE
l73m=`@TI`03r0g=Gz3ONU^E0qLtr!nMnhmU1V%~-0089$pY;F$

diff --git a/patches/coreboot-4.8.1/0061-bincfg-Intel_GBE_82579LM_set_and_spec.patch b/patches/coreboot-4.8.1/0061-bincfg-Intel_GBE_82579LM_set_and_spec.patch
new file mode 100644
index 000000000..0385b075e
--- /dev/null
+++ b/patches/coreboot-4.8.1/0061-bincfg-Intel_GBE_82579LM_set_and_spec.patch
@@ -0,0 +1,471 @@
+idiff --git a/util/bincfg/Makefile b/util/bincfg/Makefile
+index 1b3e936..f568e67 100644
+--- a/util/bincfg/Makefile
++++ b/util/bincfg/Makefile
+
+@@ -19,6 +19,13 @@
+ 	cat gbe1.bin gbe1.bin > flashregion_3_gbe.bin
+ 	rm -f gbe1.bin
+ 
++# Use this target to generate GbE for X220/x230
++gen-gbe-82579LM:
++	./bincfg gbe-82579LM.spec gbe-82579LM.set gbe1.bin
++	# duplicate binary as per spec
++	cat gbe1.bin gbe1.bin > flashregion_3_gbe.bin
++	rm -f gbe1.bin
++
+ # Use this target to generate IFD for X200
+ gen-ifd-x200:
+ 	./bincfg ifd-x200.spec ifd-x200.set flashregion_0_fd.bin
+
+diff --git a/util/bincfg/gbe-82579LM.set b/util/bincfg/gbe-82579LM.set
+new file mode 100644
+index 0000000..01ae470
+--- /dev/null
++++ b/util/bincfg/gbe-82579LM.set
+
+@@ -0,0 +1,288 @@
++# SPDX-License-Identifier: GPL-3.0-or-later
++
++#
++# Datasheets:
++#
++# https://cdrdv2.intel.com/v1/dl/getContent/613456
++
++# The datasheet says that this spec covers the following pci ids:
++# 8086:1502 - Intel 82579LM gigabit ethernet controller
++# 8086:1503 - Intel 82579V gigabit ethernet controller
++
++# Naming convention
++# * Word groups separated by a blank line
++# * Word groups with known meaning given a prefix
++#	* prefix will be defined in comment before group
++# * Variable names to be named using a prefix, descriptive name and bit offset
++#   within the word, separated by an underscore.
++#	* Example: "prefix_description_0"
++# * Unidentified reserved word groups will be named reserved and LAN Word
++#	* EXCEPTION: Word 0x24, Word 0x25, Word 0x26 also include bit offset
++#   	  within the word
++#   Offset hex address, separated by an underscore.
++#	* Example: "reserved_x03"
++# * Nonprefixed names will be  named reserved and LAN Word Offset hex address,
++#   separated by an underscore.
++#	* Example: "imageversioninfo_x05"
++# * Unspecified words are prefixed with "offset_"
++
++# GbE values for 82579LM
++{
++	# This example sets MAC address to 00:DE:AD:C0:FF:EE
++	# USE YOUR DEVICES MAC ADDRESS!!
++	# prefix: "mac_"
++	"mac_address_0" = 0x00,
++	"mac_address_1" = 0xDE,
++	"mac_address_2" = 0xAD,
++	"mac_address_3" = 0xC0,
++	"mac_address_4" = 0xFF,
++	"mac_address_5" = 0xEE,
++
++	# Reserved (Word 0x3)
++	"reserved_x03" = 0x0800,
++
++	# Reserved (Word 0x04)
++	"reserved_x04" = 0xffff,
++
++	# Image Version Information (Word 0x05)
++	"imageversioninfo_x05" = 0x00D3,
++
++	"reserved_x06" = 0xffff,
++	"reserved_x07" = 0xffff,
++
++	# PBA Low and PBA High (Words 0x08 and 0x09)
++	# prefix: "pba_"
++	"pba_low_x08" = 0xffff,
++	"pba_high_x09" = 0xffff,
++
++	# PCI Init Control Word (Word 0x0A)
++	# prefix: "pci_"
++	"pci_loaddeviceid_0" = 1,
++	"pci_loadsubsystemid_1" = 1,
++	"pci_reserved_2" = 0,
++	"pci_reserved_3" = 0x0,
++	"pci_pmenable_6" = 1,
++	"pci_auxpwr_7" = 1,
++	"pci_reserved_8" = 0x10,
++
++	# ************* Configurable PCI IDs ****************
++	# TODO: make command line switch for these
++	# Subsystem ID (Word 0x0B)
++	"subsystemid_x0B" = 0,
++	# Subsystem Vendor ID (Word 0x0C)
++	"subsystemvendorid_x0C" = 0x8086,
++	# Device ID (Word 0x0D)
++	# TODO: 82579V uses "deviceid_x0D" = 0x1503,
++	"deviceid_x0D" = 0x1502,
++	# ************* END Configurable PCI IDs ****************
++
++	# Words 0x0E and 0x0F Are Reserved
++	"reserved_x0E" = 0x0,
++	"reserved_x0F" = 0x0,
++
++	# LAN Power Consumption (Word 0x10)
++	# prefix: "lanpwr_"
++	"lanpwr_d3pwr_0" = 0x2,
++	"lanpwr_reserved_5" = 0,
++	"lanpwr_d0pwr_8" = 0x7,
++
++	# Word 0x12 and Word 0x11 Are Reserved
++	"reserved_x11" = 0x0000,
++	"reserved_x12" = 0x0000,
++
++	# Shared Init Control Word (Word 0x13)
++	# prefix: "sicw_"
++	"sicw_dynamicclock_0" = 1,
++	"sicw_clkcnt_1" = 0,
++	"sicw_reserved_2" = 1,
++	"sicw_fullduplex_3" = 0,
++	"sicw_forcespeed_4" = 0,
++	"sicw_reserved_5" = 0,
++	"sicw_phydeviceype_6" = 0,
++	"sicw_reserved_8" = 1,
++	"sicw_phy_enpwrdown_9" = 0,
++	"sicw_reserved_10" = 1,
++	"sicw_macsecdisable_13" = 1,
++	"sicw_sign_14" = 0x2,
++
++	# Extended Configuration Word 1 (Word 0x14)
++	# prefix: "ecw1_"
++	"ecw1_extcfgptr_0" = 0x0028,
++	"ecw1_oemload_12" = 1,
++	"ecw1_phyload_13" = 1,
++	"ecw1_reserved_14" = 0,
++
++	# Extended Configuration Word 2 (Word 0x15)
++	# prefix: "ecw2_"
++	"ecw2_reserved_0" = 0x00,
++	"ecw2_extphylen_8" = 0x12,
++
++	# Extended Configuration Word 3 (Word 0x16)
++	# prefix: "ecw3_"
++	"ecw3_extcfg1_0" = 0x00,
++
++	# OEM Configuration Defaults (Word 0x17)
++	# prefix: "oem_"
++	"oem_reserved_0" = 0x000,
++	"oem_lpluenind0a_9" = 0,
++	"oem_lplueninnond0a_10" = 1,
++	"oem_gbedisinnond0a_11" = 1,
++	"oem_reserved_12" = 0,
++	"oem_gbedis_14" = 0,
++	"oem_reserved_15" = 0,
++
++	# LED 0 - 2 Configuration Defaults (Word 0x18)
++	# prefix: "l02_"
++	# Lenovo default values
++	"l02_led0mode_0" = 0x4,
++	"l02_led0invert_3" = 0,
++	"l02_led0blink_4" = 0,
++	"l02_led1mode_5" = 0x3,
++	"l02_led1invert_8" = 0,
++	"l02_led1blink_9" = 1,
++	"l02_led2mode_10" = 0x2,
++	"l02_led2invert_13" = 1,
++	"l02_led2blink_14" = 0,
++	"l02_blinkrate_15" = 0,
++
++	# Intel default Values
++	#"l02_led0mode_0" = 0x4,
++	#"l02_led0invert_3" = 0,
++	#"l02_led0blink_4" = 1,
++	#"l02_led1mode_5" = 0x7,
++	#"l02_led1invert_8" = 0,
++	#"l02_led1blink_9" = 0,
++	#"l02_led2mode_10" = 0x6,
++	#"l02_led2invert_13" = 0,
++	#"l02_led2blink_14" = 0,
++	#"l02_blinkrate_15" = 0,
++
++
++	# Reserved (Word 0x19)
++	# NOTE: bit 6 must be 1 for validation.  See datasheet.
++	"reserved_x19" = 0x2B40,
++
++	# Reserved (Word 0x1A)
++	# Advanced Power Management Wake Up Enable
++	# prefix: "amp_"
++	"amp_enable_0" = 1,
++	"amp_reserved_1" = 0x0421,
++
++	# Reserved (Word 0x1B)
++	"reserved_x1B" = 0x0113,
++
++	# Reserved (Word 0x1C)
++	"reserved_x1C" = 0x1502,
++
++	# Reserved (Word 0x1D)
++	"reserved_x1D" = 0xBAAD,
++
++	# Reserved (Word 0x1E)
++	"reserved_x1E" = 0x1502,
++
++	# Reserved (Word 0x1F)
++	"reserved_x1F" = 0x1503,
++
++	# Reserved (Word 0x20)
++	"reserved_x20" = 0xBAAD,
++
++	# Reserved (Word 0x21)
++	"reserved_x21" = 0xBAAD,
++
++	# Reserved (Word 0x22)
++	"reserved_x22" = 0xBAAD,
++
++	# Reserved (Word 0x23)
++	"reserved_x23" = 0x1502,
++
++	# Reserved (Word 0x24)
++	"reserved_x24_0" = 0x0000,
++	"reserved_x24_14" = 0,
++	"reserved_x24_15" = 1,
++
++	# Reserved (Word 0x25)
++	"reserved_x25_0" = 0x0000,
++	"reserved_x25_4" = 1,
++	"reserved_x25_5" = 0,
++	"reserved_x25_7" = 1,
++	"reserved_x25_8" = 0x00,
++	"reserved_x25_15" = 1,
++
++	# Reserved (Word 0x26)
++	"reserved_x26_0" = 0x00,
++	"reserved_x26_9" = 1,
++	"reserved_x26_10" = 1,
++	"reserved_x26_11" = 1,
++	"reserved_x26_12" = 0,
++	"reserved_x26_14" = 1,
++	"reserved_x26_15" = 0,
++
++	# Reserved (Word 0x27)
++	"reserved_x27" = 0x80,
++
++	# Offsets 0x28-0x2F
++	"offset_x28" = 0x0000,
++	"offset_x29" = 0x0000,
++	"offset_x2A" = 0x0000,
++	"offset_x2B" = 0x0000,
++	"offset_x2C" = 0x0000,
++	"offset_x2D" = 0x0000,
++	"offset_x2E" = 0x0000,
++	"offset_x2F" = 0x0000,
++
++	# Boot Agent Main Setup Options (Word 0x30)
++	# Hardcoded PXE setup (disabled)
++	# prefix: "pxe30_"
++	"pxe30_protocolsel_0" = 0,
++	"pxe30_reserved_2" = 0,
++	"pxe30_defbootsel_3" = 0x3,
++	"pxe30_reserved_5" = 0,
++	"pxe30_prompttime_6" = 0x3,
++	"pxe30_dispsetup_8" = 0,
++	"pxe30_reserved_9" = 0,
++	"pxe30_forcespeed_10" = 0,
++	"pxe30_forcefullduplex_12" = 0,
++	"pxe30_reserved_13" = 0,
++	"pxe30_reserved_14" = 0,
++
++	# Boot Agent Configuration Customization Options (Word 0x31)
++	# prefix: "pxe31_"
++	"pxe31_disablemenu_0" = 1,
++ 	"pxe31_disabletitle_1" = 1,
++	"pxe31_disableprotsel_2" = 0,
++	"pxe31_disbootorder_3" = 0,
++	"pxe31_dislegacywak_4" = 0,
++	"pxe31_disableflasicwpro_5" = 0,
++	"pxe31_reserved_6" = 0,
++	"pxe31_ibootagentmode_8" = 0,
++	"pxe31_contretrydis_11" = 0,
++	"pxe31_reserved_12" = 0,
++	"pxe31_signature_14" = 10,
++
++	# Boot Agent Configuration Customization Options (Word 0x32)
++	# prefix: "pxe32_"
++	"pxe32_buildnum_0" = 0x28,
++	"pxe32_minorversion_8" = 0x2,
++	"pxe32_majorversion_12" = 0x1,
++
++	# IBA Capabilities (Word 0x33)
++	# prefix: "pxe33_"
++	"pxe33_basecodepresent_0" = 1,
++	"pxe33_undipresent_1" = 1,
++	"pxe33_reserved_2" = 1,
++	"pxe33_efiundipresent_3" = 0,
++	"pxe33_iscsi_4" = 0,
++	"pxe33_reserved_5" = 0,
++	"pxe33_signature_14" = 10,
++
++	"pxe_padding"[11] = 0xffff,
++
++	# Checksum is generated by bincfg
++	# "checksum_gbe" = xxx,
++
++	# G3 -> S5 PHY Configuration
++	"g3_s5_phy_conf"[0x16] = 0,
++
++	# Padding 0xf80 bytes
++	"padding"[0xf6a] = 0xff
++}
+
+diff --git a/util/bincfg/gbe-82579LM.spec b/util/bincfg/gbe-82579LM.spec
+new file mode 100644
+index 0000000..0367aff
+--- /dev/null
++++ b/util/bincfg/gbe-82579LM.spec
+
+@@ -0,0 +1,147 @@
++# SPDX-License-Identifier: GPL-3.0-or-later
++#
++# Datasheets:
++#
++# https://cdrdv2.intel.com/v1/dl/getContent/613456
++
++# The datasheet says that this spec covers the following pci ids:
++# 8086:1502 - Intel 82579LM gigabit ethernet controller
++# 8086:1503 - Intel 82579V gigabit ethernet controller
++
++# GbE SPEC for 82579LM/82579V
++{
++	"mac_address_"[6]	: 8,
++	"reserved_x03"		: 16,
++	"reserved_x04"		: 16,
++	"imageversioninfo_x05"	: 16,
++	"reserved_x06"		: 16,
++	"reserved_x07"		: 16,
++	"pba_low_x08"		: 16,
++	"pba_high_x09"		: 16,
++	"pci_loaddeviceid_0"	: 1,
++	"pci_loadsubsystemid_1"	: 1,
++	"pci_reserved_2"	: 1,
++	"pci_reserved_3"	: 3,
++	"pci_pmenable_6"	: 1,
++	"pci_auxpwr_7"		: 1,
++	"pci_reserved_8"	: 8,
++	"subsystemid_x0B"	: 16,
++	"subsystemvendorid_x0C"	: 16,
++	"deviceid_x0D"		: 16,
++	"reserved_x0E"		: 16,
++	"reserved_x0F"		: 16,
++	"lanpwr_d3pwr_0"	: 5,
++	"lanpwr_reserved_5"	: 3,
++	"lanpwr_d0pwr_8"	: 8,
++	"reserved_x11"		: 16,
++	"reserved_x12"		: 16,
++	"sicw_dynamicclock_0"	: 1,
++	"sicw_clkcnt_1"		: 1,
++	"sicw_reserved_2"	: 1,
++	"sicw_fullduplex_3"	: 1,
++	"sicw_forcespeed_4"	: 1,
++	"sicw_reserved_5"	: 1,
++	"sicw_phydeviceype_6"	: 2,
++	"sicw_reserved_8"	: 1,
++	"sicw_phy_enpwrdown_9"	: 1,
++	"sicw_reserved_10"	: 3,
++	"sicw_macsecdisable_13"	: 1,
++	"sicw_sign_14"		: 2,
++	"ecw1_extcfgptr_0"	: 12,
++	"ecw1_oemload_12"	: 1,
++	"ecw1_phyload_13"	: 1,
++	"ecw1_reserved_14"	: 2,
++	"ecw2_reserved_0"	: 8,
++	"ecw2_extphylen_8"	: 8,
++	"ecw3_extcfg1_0"	: 16,
++	"oem_reserved_0"	: 9,
++	"oem_lpluenind0a_9" 	: 1,
++	"oem_lplueninnond0a_10"	: 1,
++	"oem_gbedisinnond0a_11"	: 1,
++	"oem_reserved_12"	: 2,
++	"oem_gbedis_14"		: 1,
++	"oem_reserved_15"	: 1,
++	"l02_led0mode_0"	: 3,
++	"l02_led0invert_3"	: 1,
++	"l02_led0blink_4"	: 1,
++	"l02_led1mode_5"	: 3,
++	"l02_led1invert_8"	: 1,
++	"l02_led1blink_9"	: 1,
++	"l02_led2mode_10"	: 3,
++	"l02_led2invert_13"	: 1,
++	"l02_led2blink_14"	: 1,
++	"l02_blinkrate_15"	: 1,
++	"reserved_x19"		: 16,
++	"amp_enable_0"		: 1,
++	"amp_reserved_1"	: 15,
++	"reserved_x1B"		: 16,
++	"reserved_x1C"		: 16,
++	"reserved_x1D"		: 16,
++	"reserved_x1E"		: 16,
++	"reserved_x1F"		: 16,
++	"reserved_x20"		: 16,
++	"reserved_x21"		: 16,
++	"reserved_x22"		: 16,
++	"reserved_x23"		: 16,
++	"reserved_x24_0"	: 14,
++	"reserved_x24_14"	: 1,
++	"reserved_x24_15"	: 1,
++	"reserved_x25_0"	: 4,
++	"reserved_x25_4"	: 1,
++	"reserved_x25_5"	: 2,
++	"reserved_x25_7"	: 1,
++	"reserved_x25_8"	: 7,
++	"reserved_x25_15"	: 1,
++	"reserved_x26_0"	: 9,
++	"reserved_x26_9"	: 1,
++	"reserved_x26_10"	: 1,
++	"reserved_x26_11"	: 1,
++	"reserved_x26_12"	: 2,
++	"reserved_x26_14"	: 1,
++	"reserved_x26_15"	: 1,
++	"reserved_x27"		: 16,
++	"offset_x28"		: 16,
++	"offset_x29"		: 16,
++	"offset_x2A"		: 16,
++	"offset_x2B"		: 16,
++	"offset_x2C"		: 16,
++	"offset_x2D"		: 16,
++	"offset_x2E"		: 16,
++	"offset_x2F"		: 16,
++	"pxe30_protocolsel_0"	: 2,
++	"pxe30_reserved_2"	: 1,
++	"pxe30_defbootsel_3"	: 2,
++	"pxe30_reserved_5"	: 1,
++	"pxe30_prompttime_6"	: 2,
++	"pxe30_dispsetup_8"	: 1,
++	"pxe30_reserved_9"	: 1,
++	"pxe30_forcespeed_10"	: 2,
++	"pxe30_forcefullduplex_12" : 1,
++	"pxe30_reserved_13"	: 1,
++	"pxe30_reserved_14"	: 2,
++	"pxe31_disablemenu_0"	: 1,
++	"pxe31_disabletitle_1"	: 1,
++	"pxe31_disableprotsel_2" : 1,
++	"pxe31_disbootorder_3"	: 1,
++	"pxe31_dislegacywak_4"	: 1,
++	"pxe31_disableflasicwpro_5" : 1,
++	"pxe31_reserved_6"	: 2,
++	"pxe31_ibootagentmode_8" : 3,
++	"pxe31_contretrydis_11"	: 1,
++	"pxe31_reserved_12"	: 2,
++	"pxe31_signature_14"	: 2,
++	"pxe32_buildnum_0"	: 8,
++	"pxe32_minorversion_8"	: 4,
++	"pxe32_majorversion_12"	: 4,
++	"pxe33_basecodepresent_0" : 1,
++	"pxe33_undipresent_1"	: 1,
++	"pxe33_reserved_2"	: 1,
++	"pxe33_efiundipresent_3" : 1,
++	"pxe33_iscsi_4"		: 1,
++	"pxe33_reserved_5"	: 9,
++	"pxe33_signature_14"	: 2,
++	"pxe_padding"[11]	: 16,
++	"checksum_gbe"		: 16,
++	"g3_s5_phy_conf"[0x16]  : 8,
++	"padding"[0xf6a]	: 8
++}
+

From 7bddbbe4e423d8cbe2b5665c0520062ecef5b9d1 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Tue, 18 Aug 2020 11:12:44 -0400
Subject: [PATCH 09/34] CircleCI: take back specialized cache to reapply
 coreboot patches that aren't build in current cache

---
 .circleci/config.yml | 111 +++++++++++++++++++++----------------------
 1 file changed, 54 insertions(+), 57 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index e22dec24d..d72328d30 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -11,14 +11,29 @@ jobs:
             apt install -y build-essential zlib1g-dev uuid-dev libdigest-sha-perl libelf-dev bc bzip2 bison flex git gnupg iasl m4 nasm patch python wget gnat cpio ccache pkg-config cmake libusb-1.0-0-dev autoconf texinfo ncurses-dev
       - checkout
 
-      - restore_cache:
-          key: heads-{{ .Environment.CIRCLE_USERNAME }}-{{ .Environment.CACHE_VERSION }}
-
       - run:
           name: git reset
           command: |
             git reset --hard "$CIRCLE_SHA1" \
 
+      - run:
+          name: Creating all modules and patches digest
+          command: |
+            find ./patches/ ./modules/ -type f | sort -h |xargs sha256sum > /tmp/all_modules_and_patches.sha256sums \
+
+      - run:
+          name: Creating musl-cross-make and musl-cross-make patches digest
+          command: |
+            find ./patches/musl-cross-* modules/musl-cross* -type f | sort -h | xargs sha256sum > /tmp/musl-cross_module_and_patches.sha256sums \
+
+
+      - restore_cache:
+          keys:
+            #Restore existing cache for modules checksums validated to be exactly the same as in github current commit
+            - heads-modules-and-patches-{{ checksum "/tmp/all_modules_and_patches.sha256sums" }}
+            #If precedent fails. Restore cache for musl-cross module checksum validated to be exactly the same as in github current commit
+            - heads-cross-musl-{{ checksum "/tmp/musl-cross_module_and_patches.sha256sums" }}
+
 # linuxboot steps need something to pass in the kernel header path
 # skipping for now
 #      - run:
@@ -44,75 +59,58 @@ jobs:
 #      - store-artifacts:
 #          path: build/qemu-linuxboot/hashes.txt
 
+
       - run:
-          name: librem_l1um
+          name: t430-flash
           command: |
-            rm -rf build/librem_l1um/* build/log/* && make CPUS=4 \
+            rm -rf build/t430-flash/* build/log/* && make --load 2 \
                 V=1 \
-                BOARD=librem_l1um || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
+                BOARD=t430-flash \
           no_output_timeout: 3h
       - run:
-          name: Ouput librem_l1um hashes
+          name: Ouput t430-flash hashes
           command: |
-            cat build/librem_l1um/hashes.txt \
+            cat build/t430-flash/hashes.txt \
       - run:
-          name: Archiving build logs for librem_l1um
+          name: Archiving build logs for t430-flash
           command: |
-             tar zcvf build/librem_l1um/logs.tar.gz build/log/*
+             tar zcvf build/t430-flash/logs.tar.gz build/log/*
       - store-artifacts:
-          path: build/librem_l1um
-
-      - run:
-          name: qemu-coreboot
-          command: |
-            rm -rf build/librem_mini/* build/log/* && make CPUS=4 \
-                V=1 \
-                BOARD=librem_mini || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
-          no_output_timeout: 3h
-      - run:
-          name: Ouput librem_mini hashes
-          command: |
-             cat build/qemu-coreboot/hashes.txt \
+          path: build/t430-flash
 
       - run:
-          name: x230-flash
-          #We delete build/make-4.2.1/ directory until issue #799 is fixed.
+          name: t430
           command: |
-            rm -rf build/x230-flash/* build/log/* && make CPUS=4 \
+            rm -rf build/t430/* build/log/* && make --load 2 \
                 V=1 \
-                BOARD=x230-flash || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
+                BOARD=t430 \
           no_output_timeout: 3h
       - run:
-          name: Ouput x230-flash hashes
+          name: Ouput t430 hashes
           command: |
-            cat build/x230-flash/hashes.txt \
+            cat build/t430/hashes.txt \
       - run:
-          name: Archiving build logs for x230-flash
+          name: Archiving build logs for t430
           command: |
-             tar zcvf build/x230-flash/logs.tar.gz build/log/*
+             tar zcvf build/t430/logs.tar.gz build/log/*
       - store-artifacts:
-          path: build/x230-flash
+          path: build/t430
 
       - run:
-          name: t430-flash
+          name: x230
           command: |
-            rm -rf build/make-4.2.1/ build/qemu-coreboot/* && make --load 2 \
+            rm -rf build/x230/* build/log/* && make --load 2 \
                 V=1 \
-                BOARD=qemu-coreboot \
+                BOARD=x230 \
           no_output_timeout: 3h
       - run:
-          name: Output qemu-coreboot hashes
+          name: Ouput x230 hashes
           command: |
-            cat build/t430-flash/hashes.txt \
+            cat build/x230/hashes.txt \
       - run:
-          name: Archiving build logs for t430-flash
+          name: Archiving build logs for x230
           command: |
-             tar zcvf build/t430-flash/logs.tar.gz build/log/*
-      - store-artifacts:
-          path: build/t430-flash
-
-      - store-artifacts:
-          path: build/qemu-coreboot/coreboot.rom
+             tar zcvf build/x230/logs.tar.gz build/log/*
       - store-artifacts:
           path: build/x230
 
@@ -137,7 +135,7 @@ jobs:
       - run:
           name: x230-external-flash
           command: |
-            make --load 2 \
+            rm -rf build/x230-external-flash/* build/log/* && make --load 2 \
                 V=1 \
                 BOARD=x230-external-flash \
           no_output_timeout: 3h
@@ -155,7 +153,7 @@ jobs:
       - run:
           name: qemu-coreboot
           command: |
-            rm -rf build/make-4.2.1/ build/qemu-coreboot/* build/log/* && make --load 2 \
+            rm -rf build/qemu-coreboot/* build/log/* && make --load 2 \
                 V=1 \
                 BOARD=qemu-coreboot \
           no_output_timeout: 3h
@@ -168,23 +166,22 @@ jobs:
           command: |
              tar zcvf build/qemu-coreboot/logs.tar.gz build/log/*
       - store-artifacts:
-          path: build/x230-external-flash/coreboot.rom
-      - store-artifacts:
-          path: build/x230-external-flash/x230-external-flash-bottom.rom
-      - store-artifacts:
-          path: build/x230-external-flash/x230-external-flash-top.rom
-      - store-artifacts:
-          path: build/x230-external-flash/initrd.cpio.xz
-      - store-artifacts:
-          path: logs.tar.gz
+          path: build/qemu-coreboot
 
       - save_cache:
-          key: heads-{{ .Environment.CIRCLE_USERNAME }}-{{ .Environment.CACHE_VERSION }}
+          #Generate cache for the same musl-cross module definition if hash is not previously existing
+          key: heads-cross-musl-{{ checksum "/tmp/musl-cross_module_and_patches.sha256sums" }}
+          paths:
+            - crossgcc
+            - build/musl-cross-*
+
+      - save_cache:
+          #Generate cache for the exact same modules definitions if hash is not previously existing
+          key: heads-modules-and-patches-{{ checksum "/tmp/all_modules_and_patches.sha256sums" }}
           paths:
             - packages
             - crossgcc
             - build
-
 workflows:
   version: 2
   build_and_test:

From f3128fdb00ff7a297979ac2397961c1b2fa33d60 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Tue, 18 Aug 2020 11:31:02 -0400
Subject: [PATCH 10/34] typo correction

---
 .../0061-bincfg-Intel_GBE_82579LM_set_and_spec.patch            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/patches/coreboot-4.8.1/0061-bincfg-Intel_GBE_82579LM_set_and_spec.patch b/patches/coreboot-4.8.1/0061-bincfg-Intel_GBE_82579LM_set_and_spec.patch
index 0385b075e..490318bf9 100644
--- a/patches/coreboot-4.8.1/0061-bincfg-Intel_GBE_82579LM_set_and_spec.patch
+++ b/patches/coreboot-4.8.1/0061-bincfg-Intel_GBE_82579LM_set_and_spec.patch
@@ -1,4 +1,4 @@
-idiff --git a/util/bincfg/Makefile b/util/bincfg/Makefile
+diff --git a/util/bincfg/Makefile b/util/bincfg/Makefile
 index 1b3e936..f568e67 100644
 --- a/util/bincfg/Makefile
 +++ b/util/bincfg/Makefile

From a50876149f25dae93740fbdf5ba4764b80a5bdeb Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Thu, 20 Aug 2020 15:20:57 -0400
Subject: [PATCH 11/34] CircleCI: bring pair to master with changes for
 x230-external-flash changes

---
 .circleci/config.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index d72328d30..72bbd275c 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -2,7 +2,7 @@ version: 2
 jobs:
   build:
     docker:
-      - image: debian:bullseye
+      - image: debian:10
     steps:
       - run:
           name: Install dependencies
@@ -30,9 +30,9 @@ jobs:
       - restore_cache:
           keys:
             #Restore existing cache for modules checksums validated to be exactly the same as in github current commit
-            - heads-modules-and-patches-{{ checksum "/tmp/all_modules_and_patches.sha256sums" }}
+            - heads-modules-and-patches-{{ checksum "/tmp/all_modules_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }}
             #If precedent fails. Restore cache for musl-cross module checksum validated to be exactly the same as in github current commit
-            - heads-cross-musl-{{ checksum "/tmp/musl-cross_module_and_patches.sha256sums" }}
+            - heads-cross-musl-{{ checksum "/tmp/musl-cross_module_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }}
 
 # linuxboot steps need something to pass in the kernel header path
 # skipping for now
@@ -170,14 +170,14 @@ jobs:
 
       - save_cache:
           #Generate cache for the same musl-cross module definition if hash is not previously existing
-          key: heads-cross-musl-{{ checksum "/tmp/musl-cross_module_and_patches.sha256sums" }}
+          key: heads-cross-musl-{{ checksum "/tmp/musl-cross_module_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }}
           paths:
             - crossgcc
             - build/musl-cross-*
 
       - save_cache:
           #Generate cache for the exact same modules definitions if hash is not previously existing
-          key: heads-modules-and-patches-{{ checksum "/tmp/all_modules_and_patches.sha256sums" }}
+          key: heads-modules-and-patches-{{ checksum "/tmp/all_modules_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }}
           paths:
             - packages
             - crossgcc

From a65871fbd57a0380c241460c5e1b8f0e0471efc9 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Fri, 21 Aug 2020 10:23:30 -0400
Subject: [PATCH 12/34] blobs/xx30/gbe.bin reverted to commit
 3dbce2874d58939c2cb73eabd69de580a419f86d where mac=F0:DE:F1:F7:E4:AF to ease
 #796 troubleshooting.

---
 blobs/xx30/gbe.bin | Bin 8192 -> 8192 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/blobs/xx30/gbe.bin b/blobs/xx30/gbe.bin
index 0c9dfa1df053c351547cf46596df7cab4c9e8500..8b5cb854308f8d8e18e0a28800a2d701f849c9a0 100644
GIT binary patch
literal 8192
zcmexx@8kC;>lrxy|G&)O$;i;aAn^bHVS&$ztHhZ^8GwL^9YnG&)i7WX0y20~v>ddZ
zIfNORMAz<O5@iOGAP7|3Frk6LuZ;tw8mtAxVEF%^fsw(%NR-{-KL%i6{Quu$3s@Nj
zfl$n3V!$B6WXND<0djyLgE^2E2htWmS{6u4wHPt@1X%%1Fk)~>kY`}ID9F$Nq#4c#
zFf?$8GF&wk2Fl3;T`~%=g+OL-3o|1|_>T&phXAuJx(EZq9v)1wQIXLQAT<QA<;zjA
z(GVC7fzc2c4S~@R7!85Z5Eu=C(GZ|T2z(%}|IaYm|EERh54@S9{eR+mYoq;t;=*ZE
l73m=`@TI`03r0g=Gz3ONU^E0qLtr!nMnhmU1V%~-0089$pY;F$

delta 158
zcmZp0XmF5XxVQGe|91==|NmcR_zwk#1sE9G8YW7aNHs8^gBuLY4H`o14HG|#F)_4E
V7Gx6J+`?MJwRr*SI~J-M1^_i+IBx&|


From afa523668398073b47ee7ba6c43ebffb5c4ba6b9 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Fri, 21 Aug 2020 12:52:27 -0400
Subject: [PATCH 13/34] x230-external-flash board: add gbe_bin config
 statement, not just path (duh) #796. Maybe there is notthing wrong with #796
 afterall

---
 config/coreboot-x230-external-flash.config | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/config/coreboot-x230-external-flash.config b/config/coreboot-x230-external-flash.config
index dc000c43a..35907418d 100644
--- a/config/coreboot-x230-external-flash.config
+++ b/config/coreboot-x230-external-flash.config
@@ -5,12 +5,14 @@ CONFIG_VENDOR_LENOVO=y
 CONFIG_CBFS_SIZE=0xB80000
 CONFIG_HAVE_IFD_BIN=y
 CONFIG_HAVE_ME_BIN=y
+CONFIG_HAVE_GBE_BIN=y
 CONFIG_IFD_BIN_PATH="../../blobs/xx30/x230-ifd.bin"
 CONFIG_ME_BIN_PATH="../../blobs/xx30/me.bin"
 CONFIG_GBE_BIN_PATH="../../blobs/xx30/gbe.bin"
 CONFIG_BOARD_LENOVO_X230=y
 CONFIG_NO_POST=y
 CONFIG_UART_PCI_ADDR=0
+CONFIG_GBE_BIN_PATH="../../blobs/xx30/gbe.bin"
 CONFIG_NO_GFX_INIT=y
 CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000
 CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y

From 2ee00fa7fb63972851a930a5002d16f41b091f3f Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Fri, 21 Aug 2020 13:00:20 -0400
Subject: [PATCH 14/34] blobs/xx30/gbe.bin back to the generated one as
 proposed per code under #796

---
 blobs/xx30/gbe.bin | Bin 8192 -> 8192 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/blobs/xx30/gbe.bin b/blobs/xx30/gbe.bin
index 8b5cb854308f8d8e18e0a28800a2d701f849c9a0..0c9dfa1df053c351547cf46596df7cab4c9e8500 100644
GIT binary patch
delta 158
zcmZp0XmF5XxVQGe|91==|NmcR_zwk#1sE9G8YW7aNHs8^gBuLY4H`o14HG|#F)_4E
V7Gx6J+`?MJwRr*SI~J-M1^_i+IBx&|

literal 8192
zcmexx@8kC;>lrxy|G&)O$;i;aAn^bHVS&$ztHhZ^8GwL^9YnG&)i7WX0y20~v>ddZ
zIfNORMAz<O5@iOGAP7|3Frk6LuZ;tw8mtAxVEF%^fsw(%NR-{-KL%i6{Quu$3s@Nj
zfl$n3V!$B6WXND<0djyLgE^2E2htWmS{6u4wHPt@1X%%1Fk)~>kY`}ID9F$Nq#4c#
zFf?$8GF&wk2Fl3;T`~%=g+OL-3o|1|_>T&phXAuJx(EZq9v)1wQIXLQAT<QA<;zjA
z(GVC7fzc2c4S~@R7!85Z5Eu=C(GZ|T2z(%}|IaYm|EERh54@S9{eR+mYoq;t;=*ZE
l73m=`@TI`03r0g=Gz3ONU^E0qLtr!nMnhmU1V%~-0089$pY;F$


From 6c5e850157388f6b14493227ba901de4cf71f5fa Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Sun, 25 Oct 2020 14:10:06 -0400
Subject: [PATCH 15/34] conflict resolution after merge (LOCAL_VERSION removed
 from coreboot config). coreboot 4.8.1 test branch

---
 .circleci/config.yml                          | 65 ++++++++++++++-----
 .../x230-external-flash.config                | 11 ++--
 .../x230-hotp-verification.config             |  4 +-
 config/coreboot-x230-external-flash.config    |  1 -
 4 files changed, 60 insertions(+), 21 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 72bbd275c..1438e8717 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -8,7 +8,7 @@ jobs:
           name: Install dependencies
           command: |
             apt update
-            apt install -y build-essential zlib1g-dev uuid-dev libdigest-sha-perl libelf-dev bc bzip2 bison flex git gnupg iasl m4 nasm patch python wget gnat cpio ccache pkg-config cmake libusb-1.0-0-dev autoconf texinfo ncurses-dev
+            apt install -y build-essential zlib1g-dev uuid-dev libdigest-sha-perl libelf-dev bc bzip2 bison flex git gnupg iasl m4 nasm patch python wget gnat cpio ccache pkg-config cmake libusb-1.0-0-dev autoconf texinfo ncurses-dev doxygen graphviz udev libudev1 libudev-dev automake libtool rsync
       - checkout
 
       - run:
@@ -24,7 +24,7 @@ jobs:
       - run:
           name: Creating musl-cross-make and musl-cross-make patches digest
           command: |
-            find ./patches/musl-cross-* modules/musl-cross* -type f | sort -h | xargs sha256sum > /tmp/musl-cross_module_and_patches.sha256sums \
+            find modules/musl-cross* -type f | sort -h | xargs sha256sum > /tmp/musl-cross_module_and_patches.sha256sums \
 
 
       - restore_cache:
@@ -50,7 +50,7 @@ jobs:
 #          command: |
 #            ./build/make-4.2.1/make \
 #                CROSS=/cross/bin/x86_64-linux-musl- \
-#                --load 2 \
+#                CPUS=4 \
 #                V=1 \
 #                BOARD=qemu-linuxboot \
 #
@@ -59,13 +59,30 @@ jobs:
 #      - store-artifacts:
 #          path: build/qemu-linuxboot/hashes.txt
 
+      - run:
+          name: x230-flash
+          command: |
+            rm -rf build/x230-flash/* build/log/* && make --load 2 \
+                V=1 \
+                BOARD=x230-flash \
+          no_output_timeout: 3h
+      - run:
+          name: Ouput x230-flash hashes
+          command: |
+            cat build/x230-flash/hashes.txt \
+      - run:
+          name: Archiving build logs for x230-flash
+          command: |
+             tar zcvf build/x230-flash/logs.tar.gz build/log/*
+      - store-artifacts:
+          path: build/x230-flash
 
       - run:
           name: t430-flash
           command: |
-            rm -rf build/t430-flash/* build/log/* && make --load 2 \
+            rm -rf build/t430-flash/* build/log/* && make CPUS=4 \
                 V=1 \
-                BOARD=t430-flash \
+                BOARD=t430-flash || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
           no_output_timeout: 3h
       - run:
           name: Ouput t430-flash hashes
@@ -81,9 +98,9 @@ jobs:
       - run:
           name: t430
           command: |
-            rm -rf build/t430/* build/log/* && make --load 2 \
+            rm -rf build/t430/* build/log/* && make CPUS=4 \
                 V=1 \
-                BOARD=t430 \
+                BOARD=t430  || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
           no_output_timeout: 3h
       - run:
           name: Ouput t430 hashes
@@ -99,9 +116,9 @@ jobs:
       - run:
           name: x230
           command: |
-            rm -rf build/x230/* build/log/* && make --load 2 \
+            rm -rf build/x230/* build/log/* && make CPUS=4 \
                 V=1 \
-                BOARD=x230 \
+                BOARD=x230 || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
           no_output_timeout: 3h
       - run:
           name: Ouput x230 hashes
@@ -117,9 +134,9 @@ jobs:
       - run:
           name: x230-hotp-verification
           command: |
-            rm -rf build/x230-hotp-verification/* build/log/* && make --load 2 \
+            rm -rf build/x230-hotp-verification/* build/log/* && make CPUS=4 \
                 V=1 \
-                BOARD=x230-hotp-verification \
+                BOARD=x230-hotp-verification || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
           no_output_timeout: 3h
       - run:
           name: Ouput x230-hotp-verification hashes
@@ -132,12 +149,30 @@ jobs:
       - store-artifacts:
           path: build/x230-hotp-verification
 
+      - run:
+          name: x230-nkstorecli
+          command: |
+            rm -rf build/x230-nkstorecli/* build/log/* && make CPUS=4 \
+                V=1 \
+                BOARD=x230-nkstorecli || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
+          no_output_timeout: 3h
+      - run:
+          name: Ouput x230-nkstorecli hashes
+          command: |
+            cat build/x230-nkstorecli/hashes.txt \
+      - run:
+          name: Archiving build logs for x230-nkstorecli
+          command: |
+             tar zcvf build/x230-nkstorecli/logs.tar.gz build/log/*
+      - store-artifacts:
+          path: build/x230-nkstorecli
+
       - run:
           name: x230-external-flash
           command: |
-            rm -rf build/x230-external-flash/* build/log/* && make --load 2 \
+            rm -rf build/x230-external-flash/* build/log/* && make CPUS=4 \
                 V=1 \
-                BOARD=x230-external-flash \
+                BOARD=x230-external-flash || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
           no_output_timeout: 3h
       - run:
           name: Ouput x230-external-flash hashes
@@ -153,9 +188,9 @@ jobs:
       - run:
           name: qemu-coreboot
           command: |
-            rm -rf build/qemu-coreboot/* build/log/* && make --load 2 \
+            rm -rf build/qemu-coreboot/* build/log/* && make CPUS=4 \
                 V=1 \
-                BOARD=qemu-coreboot \
+                BOARD=qemu-coreboot || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
           no_output_timeout: 3h
       - run:
           name: Output qemu-coreboot hashes
diff --git a/boards/x230-external-flash/x230-external-flash.config b/boards/x230-external-flash/x230-external-flash.config
index aa8a37977..a69ab3752 100644
--- a/boards/x230-external-flash/x230-external-flash.config
+++ b/boards/x230-external-flash/x230-external-flash.config
@@ -2,6 +2,7 @@
 #Includes deactivated+neutered ME and expended consequent IFD 
 export CONFIG_COREBOOT=y
 export CONFIG_COREBOOT_VERSION=4.8.1
+export CONFIG_LINUX_VERSION=4.14.62
 
 CONFIG_COREBOOT_CONFIG=config/coreboot-x230-external-flash.config
 CONFIG_LINUX_CONFIG=config/linux-x230.config
@@ -19,11 +20,13 @@ CONFIG_POPT=y
 CONFIG_QRENCODE=y
 CONFIG_TPMTOTP=y
 CONFIG_DROPBEAR=y
+CONFIG_NKSTORECLI=y
 
 #CONFIG_SLANG=y
 #CONFIG_NEWT=y
 CONFIG_CAIRO=y
 CONFIG_FBWHIPTAIL=y
+CONFIG_HOTPKEY=y
 
 CONFIG_LINUX_USB=y
 CONFIG_LINUX_E1000E=y
@@ -35,7 +38,7 @@ export CONFIG_BOOT_REQ_ROLLBACK=n
 export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
 export CONFIG_BOOT_KERNEL_REMOVE="quiet"
 export CONFIG_BOOT_DEV="/dev/sda1"
-export CONFIG_BOOT_GUI_MENU_NAME="Thinkpad X230-Neutered_ME Heads Boot Menu"
+export CONFIG_BOOT_GUI_MENU_NAME="Thinkpad X230-external Heads Boot Menu"
 export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
 export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
 export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
@@ -50,13 +53,13 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
 # As a consequence, this replaces the need of having to flash x230-flash and expends available CBFS region (11.5Mb available CBFS space)
 #
 # When flashing via an external programmer it is easiest to have
-# to separate files for these pieces.
+# two separate files for these pieces.
 all: $(build)/$(BOARD)/$(BOARD)-bottom.rom
-$(build)/$(BOARD)/$(BOARD)-bottom.rom: $(build)/$(BOARD)/coreboot.rom
+$(build)/$(BOARD)/$(BOARD)-bottom.rom: $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
 	$(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none)
 	@sha256sum $@
 
 all: $(build)/$(BOARD)/$(BOARD)-top.rom
-$(build)/$(BOARD)/$(BOARD)-top.rom: $(build)/$(BOARD)/coreboot.rom
+$(build)/$(BOARD)/$(BOARD)-top.rom: $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
 	$(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none)
 	@sha256sum $@
diff --git a/boards/x230-hotp-verification/x230-hotp-verification.config b/boards/x230-hotp-verification/x230-hotp-verification.config
index c14c78384..6d0fcff68 100644
--- a/boards/x230-hotp-verification/x230-hotp-verification.config
+++ b/boards/x230-hotp-verification/x230-hotp-verification.config
@@ -47,7 +47,9 @@ export CONFIG_BOOT_REQ_ROLLBACK=n
 export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
 export CONFIG_BOOT_KERNEL_REMOVE="quiet"
 export CONFIG_BOOT_DEV="/dev/sda1"
-export CONFIG_BOARD_NAME="Thinkpad X230"
+export CONFIG_BOOT_GUI_MENU_NAME="Thinkpad X230-HOTP-dongle Heads Boot Menu"
+export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
+export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
 export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios"
 
 # This board has two SPI flash chips, an 8 MB that holds the IFD,
diff --git a/config/coreboot-x230-external-flash.config b/config/coreboot-x230-external-flash.config
index 35907418d..835cd4a34 100644
--- a/config/coreboot-x230-external-flash.config
+++ b/config/coreboot-x230-external-flash.config
@@ -1,4 +1,3 @@
-CONFIG_LOCALVERSION="heads"
 CONFIG_ANY_TOOLCHAIN=y
 CONFIG_MEASURED_BOOT=y
 CONFIG_VENDOR_LENOVO=y

From be3c87eda6d8e60b9d3c54d8c7523120762a1bf9 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Wed, 28 Oct 2020 16:46:40 -0400
Subject: [PATCH 16/34] x230-external-flash verified README, hashes.txt
 addition and update of ifd from sacrificed dead motherboard.

---
 blobs/xx30/README                          |  13 +++++++------
 blobs/xx30/hashes.txt                      |   3 +++
 blobs/xx30/{x230-ifd.bin => ifd.bin}       | Bin 4096 -> 4096 bytes
 config/coreboot-x230-external-flash.config |   2 +-
 4 files changed, 11 insertions(+), 7 deletions(-)
 create mode 100644 blobs/xx30/hashes.txt
 rename blobs/xx30/{x230-ifd.bin => ifd.bin} (98%)

diff --git a/blobs/xx30/README b/blobs/xx30/README
index 7f26c9b8e..1d8b1aaa0 100644
--- a/blobs/xx30/README
+++ b/blobs/xx30/README
@@ -6,17 +6,18 @@ wget https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe && innoextract g1rg
 sha256sums:
 f60e1990e2da2b7efa58a645502d22d50afd97b53a092781beee9b0322b61153  g1rg24ww.exe
 821c6fa16e62e15bc902ce2e958ffb61f63349a471685bed0dc78ce721a01bfa  app/ME8_5M_Production.bin
-c140d04d792bed555e616065d48bdc327bb78f0213ccc54c0ae95f12b28896a4  blobs/x230/me.bin
+c140d04d792bed555e616065d48bdc327bb78f0213ccc54c0ae95f12b28896a4  blobs/xx30/me.bin
 
 x230-ifd.bin is extracted from an external flashrom backup (no way found to be able to extract it from Lenovo firmware upgrades as of now):
-python ~/me_cleaner/me_cleaner.py -S -r -t -d -O discarded.bin -D ~/haeds/blobs/xx30/x230-ifd.bin -M temporary_me.bin x230_bottom_spi_backup.rom
+python ~/me_cleaner/me_cleaner.py -S -r -t -d -O /tmp/discarded.bin -D ~/heads/blobs/xx30/ifd.bin -M /tmp/temporary_me.bin dead_serving_a_purpose_x230_bottom_spi_backup.rom
 
 sha256sum:
-68c1e9be8e2f99b2432e86219515f7f2fea61a4d00c7f9ea936d76d9dab2869b  blobs/x230/x230-ifd.bin
+c96d19bbf5356b2b827e1ef52d79d0010884bfc889eab48835e4af9a634d129b  ifd.bin
 
-ls -al blobs/x230/*.bin
--rw-r--r-- 1 user user  4096 Mar 15 12:55 blobs/x230/x230-ifd.bin
--rw-r--r-- 1 user user 98304 Mar 15 14:33 blobs/x230/me.bin
+ls -al blobs/xx30/*.bin
+-rw-r--r-- 1 user user  8192 Oct 25 14:07 gbe.bin
+-rw-r--r-- 1 user user  4096 Oct 28 16:19 ifd.bin
+-rw-r--r-- 1 user user 98304 Oct 28 16:15 me.bin
 
 blobs/x230/gbe.bin is generated per bincfg from the following coreboot patch: https://review.coreboot.org/c/coreboot/+/44510 
 And then by following those instructions:
diff --git a/blobs/xx30/hashes.txt b/blobs/xx30/hashes.txt
new file mode 100644
index 000000000..fd1bafb9a
--- /dev/null
+++ b/blobs/xx30/hashes.txt
@@ -0,0 +1,3 @@
+9f72818e23290fb661e7899c953de2eb4cea96ff067b36348b3d061fd13366e5  gbe.bin
+c96d19bbf5356b2b827e1ef52d79d0010884bfc889eab48835e4af9a634d129b  ifd.bin
+c140d04d792bed555e616065d48bdc327bb78f0213ccc54c0ae95f12b28896a4  me.bin
diff --git a/blobs/xx30/x230-ifd.bin b/blobs/xx30/ifd.bin
similarity index 98%
rename from blobs/xx30/x230-ifd.bin
rename to blobs/xx30/ifd.bin
index be3cc7eb7940225743905f1d39bd6040fa385b08..f414eb90f01084a0ca359ffff5c06d087037645c 100644
GIT binary patch
delta 41
wcmZorXi(U|%rEO}ViX?!-$Kto&(KKE(8SW>zoC(@)Bj*kcRyE`$%0G|0RN5*+W-In

delta 40
vcmZorXi(U|%rE0-U>+X+-$Kt&&p^-6$jtP=p^>lC|6osdKUbH@f=mwq^;!(0

diff --git a/config/coreboot-x230-external-flash.config b/config/coreboot-x230-external-flash.config
index 835cd4a34..d4e9a1b27 100644
--- a/config/coreboot-x230-external-flash.config
+++ b/config/coreboot-x230-external-flash.config
@@ -5,7 +5,7 @@ CONFIG_CBFS_SIZE=0xB80000
 CONFIG_HAVE_IFD_BIN=y
 CONFIG_HAVE_ME_BIN=y
 CONFIG_HAVE_GBE_BIN=y
-CONFIG_IFD_BIN_PATH="../../blobs/xx30/x230-ifd.bin"
+CONFIG_IFD_BIN_PATH="../../blobs/xx30/ifd.bin"
 CONFIG_ME_BIN_PATH="../../blobs/xx30/me.bin"
 CONFIG_GBE_BIN_PATH="../../blobs/xx30/gbe.bin"
 CONFIG_BOARD_LENOVO_X230=y

From 57e131dfabd2f0fb586038e48b5777e839ed84bb Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Wed, 28 Oct 2020 18:07:24 -0400
Subject: [PATCH 17/34] x230-external-flash: test on coreboot 4.12 with unfaked
 ifd with all blobs present

---
 .../x230-external-flash.config                |   4 +-
 config/coreboot-x230-external-flash.config    |   2 +-
 config/linux-x230.config                      | 150 +++++++++---------
 3 files changed, 80 insertions(+), 76 deletions(-)

diff --git a/boards/x230-external-flash/x230-external-flash.config b/boards/x230-external-flash/x230-external-flash.config
index a69ab3752..723bd8d37 100644
--- a/boards/x230-external-flash/x230-external-flash.config
+++ b/boards/x230-external-flash/x230-external-flash.config
@@ -1,8 +1,8 @@
 # Configuration for a x230 running Qubes and other OSes
 #Includes deactivated+neutered ME and expended consequent IFD 
 export CONFIG_COREBOOT=y
-export CONFIG_COREBOOT_VERSION=4.8.1
-export CONFIG_LINUX_VERSION=4.14.62
+export CONFIG_COREBOOT_VERSION=4.12
+export CONFIG_LINUX_VERSION=5.4.69
 
 CONFIG_COREBOOT_CONFIG=config/coreboot-x230-external-flash.config
 CONFIG_LINUX_CONFIG=config/linux-x230.config
diff --git a/config/coreboot-x230-external-flash.config b/config/coreboot-x230-external-flash.config
index d4e9a1b27..cbe137a33 100644
--- a/config/coreboot-x230-external-flash.config
+++ b/config/coreboot-x230-external-flash.config
@@ -1,5 +1,5 @@
 CONFIG_ANY_TOOLCHAIN=y
-CONFIG_MEASURED_BOOT=y
+CONFIG_TPM_MEASURED_BOOT=y
 CONFIG_VENDOR_LENOVO=y
 CONFIG_CBFS_SIZE=0xB80000
 CONFIG_HAVE_IFD_BIN=y
diff --git a/config/linux-x230.config b/config/linux-x230.config
index dd5af0c15..a7d516285 100644
--- a/config/linux-x230.config
+++ b/config/linux-x230.config
@@ -3,8 +3,8 @@ CONFIG_LOCALVERSION="-heads"
 CONFIG_KERNEL_XZ=y
 # CONFIG_SWAP is not set
 # CONFIG_CROSS_MEMORY_ATTACH is not set
-# CONFIG_FHANDLE is not set
 CONFIG_NO_HZ_IDLE=y
+CONFIG_PREEMPT_VOLUNTARY=y
 CONFIG_LOG_BUF_SHIFT=18
 CONFIG_BLK_DEV_INITRD=y
 CONFIG_INITRAMFS_SOURCE="../../../blobs/dev.cpio"
@@ -16,38 +16,35 @@ CONFIG_INITRAMFS_SOURCE="../../../blobs/dev.cpio"
 CONFIG_CC_OPTIMIZE_FOR_SIZE=y
 # CONFIG_SGETMASK_SYSCALL is not set
 # CONFIG_SYSFS_SYSCALL is not set
+# CONFIG_FHANDLE is not set
 # CONFIG_BASE_FULL is not set
 # CONFIG_SIGNALFD is not set
 # CONFIG_TIMERFD is not set
 # CONFIG_EVENTFD is not set
 # CONFIG_AIO is not set
 # CONFIG_ADVISE_SYSCALLS is not set
-# CONFIG_MEMBARRIER is not set
+# CONFIG_KALLSYMS is not set
 CONFIG_EMBEDDED=y
 # CONFIG_VM_EVENT_COUNTERS is not set
 # CONFIG_SLUB_DEBUG is not set
 # CONFIG_COMPAT_BRK is not set
-CONFIG_JUMP_LABEL=y
-CONFIG_CC_STACKPROTECTOR_STRONG=y
-CONFIG_MODULES=y
-# CONFIG_IOSCHED_DEADLINE is not set
-# CONFIG_IOSCHED_CFQ is not set
 CONFIG_SMP=y
+# CONFIG_RETPOLINE is not set
 # CONFIG_X86_EXTENDED_PLATFORM is not set
 CONFIG_PROCESSOR_SELECT=y
+# CONFIG_CPU_SUP_AMD is not set
+# CONFIG_CPU_SUP_HYGON is not set
 # CONFIG_CPU_SUP_CENTAUR is not set
-CONFIG_PREEMPT_VOLUNTARY=y
+# CONFIG_CPU_SUP_ZHAOXIN is not set
 CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y
-# CONFIG_X86_MCE_AMD is not set
+# CONFIG_PERF_EVENTS_INTEL_UNCORE is not set
 # CONFIG_PERF_EVENTS_INTEL_RAPL is not set
+# CONFIG_PERF_EVENTS_INTEL_CSTATE is not set
 # CONFIG_MICROCODE is not set
-# CONFIG_SPARSEMEM_VMEMMAP is not set
-# CONFIG_COMPACTION is not set
-# CONFIG_BOUNCE is not set
-CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
 CONFIG_X86_PMEM_LEGACY=y
 # CONFIG_MTRR is not set
 # CONFIG_X86_SMAP is not set
+# CONFIG_X86_INTEL_UMIP is not set
 # CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS is not set
 # CONFIG_SECCOMP is not set
 CONFIG_KEXEC=y
@@ -56,28 +53,37 @@ CONFIG_KEXEC_FILE=y
 CONFIG_PHYSICAL_ALIGN=0x1000000
 # CONFIG_MODIFY_LDT_SYSCALL is not set
 # CONFIG_SUSPEND is not set
-CONFIG_ACPI_VIDEO=y
-CONFIG_PCI_MSI=y
-# CONFIG_HT_IRQ is not set
-CONFIG_PCI_IOV=y
-CONFIG_PCI_PRI=y
+# CONFIG_ISA_DMA_API is not set
+# CONFIG_FIRMWARE_MEMMAP is not set
+# CONFIG_DMIID is not set
+# CONFIG_VIRTUALIZATION is not set
+CONFIG_JUMP_LABEL=y
+CONFIG_MODULES=y
+CONFIG_MODULE_COMPRESS=y
+CONFIG_MODULE_COMPRESS_XZ=y
+# CONFIG_UNUSED_SYMBOLS is not set
+CONFIG_TRIM_UNUSED_KSYMS=y
+# CONFIG_MQ_IOSCHED_KYBER is not set
 # CONFIG_COREDUMP is not set
+# CONFIG_SPARSEMEM_VMEMMAP is not set
+# CONFIG_COMPACTION is not set
+# CONFIG_BOUNCE is not set
+CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
 CONFIG_NET=y
 CONFIG_PACKET=y
 CONFIG_UNIX=y
 CONFIG_INET=y
 CONFIG_SYN_COOKIES=y
-# CONFIG_INET_XFRM_MODE_TRANSPORT is not set
-# CONFIG_INET_XFRM_MODE_TUNNEL is not set
-# CONFIG_INET_XFRM_MODE_BEET is not set
 # CONFIG_INET_DIAG is not set
 # CONFIG_IPV6 is not set
 # CONFIG_WIRELESS is not set
-# CONFIG_UEVENT_HELPER is not set
+CONFIG_PCI=y
+CONFIG_PCI_MSI=y
+CONFIG_PCI_IOV=y
+CONFIG_PCI_PRI=y
 CONFIG_DEVTMPFS=y
 CONFIG_DEVTMPFS_MOUNT=y
 # CONFIG_STANDALONE is not set
-# CONFIG_FIRMWARE_IN_KERNEL is not set
 # CONFIG_ALLOW_DEV_COREDUMP is not set
 CONFIG_BLK_DEV_LOOP=y
 CONFIG_BLK_DEV_RAM=y
@@ -92,64 +98,74 @@ CONFIG_CHR_DEV_SG=y
 CONFIG_SCSI_SCAN_ASYNC=y
 CONFIG_ISCSI_TCP=y
 CONFIG_ATA=y
-CONFIG_SATA_AHCI=y
 # CONFIG_ATA_SFF is not set
 CONFIG_MD=y
 CONFIG_BLK_DEV_DM=y
 CONFIG_DM_CRYPT=y
-CONFIG_DM_VERITY=y
-CONFIG_DM_VERITY_FEC=y
 CONFIG_NETDEVICES=y
 # CONFIG_NET_VENDOR_3COM is not set
 # CONFIG_NET_VENDOR_ADAPTEC is not set
 # CONFIG_NET_VENDOR_AGERE is not set
+# CONFIG_NET_VENDOR_ALACRITECH is not set
 # CONFIG_NET_VENDOR_ALTEON is not set
 # CONFIG_NET_VENDOR_AMAZON is not set
 # CONFIG_NET_VENDOR_AMD is not set
+# CONFIG_NET_VENDOR_AQUANTIA is not set
 # CONFIG_NET_VENDOR_ARC is not set
 # CONFIG_NET_VENDOR_ATHEROS is not set
-# CONFIG_NET_CADENCE is not set
+# CONFIG_NET_VENDOR_AURORA is not set
 # CONFIG_NET_VENDOR_BROADCOM is not set
 # CONFIG_NET_VENDOR_BROCADE is not set
+# CONFIG_NET_VENDOR_CADENCE is not set
 # CONFIG_NET_VENDOR_CAVIUM is not set
 # CONFIG_NET_VENDOR_CHELSIO is not set
 # CONFIG_NET_VENDOR_CISCO is not set
+# CONFIG_NET_VENDOR_CORTINA is not set
 # CONFIG_NET_VENDOR_DEC is not set
 # CONFIG_NET_VENDOR_DLINK is not set
 # CONFIG_NET_VENDOR_EMULEX is not set
 # CONFIG_NET_VENDOR_EZCHIP is not set
-# CONFIG_NET_VENDOR_EXAR is not set
+# CONFIG_NET_VENDOR_GOOGLE is not set
 # CONFIG_NET_VENDOR_HP is not set
+# CONFIG_NET_VENDOR_HUAWEI is not set
+# CONFIG_NET_VENDOR_I825XX is not set
 CONFIG_E1000=m
 CONFIG_E1000E=m
-# CONFIG_NET_VENDOR_I825XX is not set
 # CONFIG_NET_VENDOR_MARVELL is not set
 # CONFIG_NET_VENDOR_MELLANOX is not set
 # CONFIG_NET_VENDOR_MICREL is not set
+# CONFIG_NET_VENDOR_MICROCHIP is not set
+# CONFIG_NET_VENDOR_MICROSEMI is not set
 # CONFIG_NET_VENDOR_MYRI is not set
 # CONFIG_NET_VENDOR_NATSEMI is not set
+# CONFIG_NET_VENDOR_NETERION is not set
 # CONFIG_NET_VENDOR_NETRONOME is not set
+# CONFIG_NET_VENDOR_NI is not set
 # CONFIG_NET_VENDOR_NVIDIA is not set
 # CONFIG_NET_VENDOR_OKI is not set
-# CONFIG_NET_PACKET_ENGINE is not set
+# CONFIG_NET_VENDOR_PACKET_ENGINES is not set
+# CONFIG_NET_VENDOR_PENSANDO is not set
 # CONFIG_NET_VENDOR_QLOGIC is not set
 # CONFIG_NET_VENDOR_QUALCOMM is not set
+# CONFIG_NET_VENDOR_RDC is not set
 # CONFIG_NET_VENDOR_REALTEK is not set
 # CONFIG_NET_VENDOR_RENESAS is not set
-# CONFIG_NET_VENDOR_RDC is not set
 # CONFIG_NET_VENDOR_ROCKER is not set
 # CONFIG_NET_VENDOR_SAMSUNG is not set
 # CONFIG_NET_VENDOR_SEEQ is not set
+# CONFIG_NET_VENDOR_SOLARFLARE is not set
 # CONFIG_NET_VENDOR_SILAN is not set
 # CONFIG_NET_VENDOR_SIS is not set
 # CONFIG_NET_VENDOR_SMSC is not set
+# CONFIG_NET_VENDOR_SOCIONEXT is not set
 # CONFIG_NET_VENDOR_STMICRO is not set
 # CONFIG_NET_VENDOR_SUN is not set
+# CONFIG_NET_VENDOR_SYNOPSYS is not set
 # CONFIG_NET_VENDOR_TEHUTI is not set
 # CONFIG_NET_VENDOR_TI is not set
 # CONFIG_NET_VENDOR_VIA is not set
 # CONFIG_NET_VENDOR_WIZNET is not set
-# CONFIG_NET_VENDOR_SYNOPSYS is not set
+# CONFIG_NET_VENDOR_XILINX is not set
 # CONFIG_USB_NET_DRIVERS is not set
 # CONFIG_WLAN is not set
 # CONFIG_INPUT_MOUSE is not set
@@ -165,10 +181,8 @@ CONFIG_SERIAL_8250=y
 CONFIG_TTY_PRINTK=y
 CONFIG_HW_RANDOM=y
 CONFIG_HW_RANDOM_TIMERIOMEM=m
-CONFIG_HW_RANDOM_INTEL=m
-CONFIG_HW_RANDOM_AMD=m
-CONFIG_HW_RANDOM_VIA=m
-CONFIG_HW_RANDOM_TPM=m
+# CONFIG_HW_RANDOM_AMD is not set
+# CONFIG_HW_RANDOM_VIA is not set
 CONFIG_TCG_TPM=y
 CONFIG_TCG_TIS=y
 # CONFIG_I2C_COMPAT is not set
@@ -184,9 +198,6 @@ CONFIG_MFD_SYSCON=y
 CONFIG_DRM=y
 CONFIG_DRM_I915=y
 CONFIG_FB_VESA=y
-CONFIG_BACKLIGHT_LCD_SUPPORT=y
-# CONFIG_LCD_CLASS_DEVICE is not set
-CONFIG_BACKLIGHT_CLASS_DEVICE=y
 # CONFIG_BACKLIGHT_GENERIC is not set
 CONFIG_FRAMEBUFFER_CONSOLE=y
 CONFIG_USB=y
@@ -196,20 +207,14 @@ CONFIG_USB_EHCI_HCD=m
 CONFIG_USB_EHCI_HCD_PLATFORM=m
 CONFIG_USB_STORAGE=m
 CONFIG_RTC_CLASS=y
+# CONFIG_VIRTIO_MENU is not set
 # CONFIG_X86_PLATFORM_DEVICES is not set
 CONFIG_INTEL_IOMMU=y
-CONFIG_INTEL_IOMMU_SVM=y
 CONFIG_GENERIC_PHY=y
 # CONFIG_BLK_DEV_PMEM is not set
 # CONFIG_ND_BLK is not set
 # CONFIG_BTT is not set
-# CONFIG_FIRMWARE_MEMMAP is not set
-# CONFIG_DMIID is not set
-CONFIG_GOOGLE_FIRMWARE=y
-CONFIG_GOOGLE_MEMCONSOLE_X86_LEGACY=y
-# CONFIG_EXT2_FS is not set
 CONFIG_EXT4_FS=y
-CONFIG_EXT4_USE_FOR_EXT2=y
 # CONFIG_DNOTIFY is not set
 # CONFIG_INOTIFY_USER is not set
 CONFIG_ISO9660_FS=y
@@ -218,37 +223,14 @@ CONFIG_MSDOS_FS=y
 CONFIG_VFAT_FS=y
 # CONFIG_PROC_SYSCTL is not set
 # CONFIG_PROC_PAGE_MONITOR is not set
-CONFIG_TMPFS=y
 # CONFIG_MISC_FILESYSTEMS is not set
 CONFIG_NLS_DEFAULT="utf8"
 CONFIG_NLS_CODEPAGE_437=y
 CONFIG_NLS_ISO8859_1=y
 CONFIG_NLS_UTF8=y
-CONFIG_PRINTK_TIME=y
-CONFIG_BOOT_PRINTK_DELAY=y
-# CONFIG_ENABLE_WARN_DEPRECATED is not set
-# CONFIG_ENABLE_MUST_CHECK is not set
-CONFIG_FRAME_WARN=1024
-# CONFIG_UNUSED_SYMBOLS is not set
-CONFIG_MAGIC_SYSRQ=y
-CONFIG_HARDLOCKUP_DETECTOR=y
-CONFIG_WQ_WATCHDOG=y
-# CONFIG_SCHED_DEBUG is not set
-CONFIG_STACKTRACE=y
-# CONFIG_DEBUG_BUGVERBOSE is not set
-# CONFIG_RCU_TRACE is not set
-# CONFIG_FTRACE is not set
-# CONFIG_STRICT_DEVMEM is not set
-# CONFIG_X86_VERBOSE_BOOTUP is not set
-# CONFIG_DOUBLEFAULT is not set
-CONFIG_IO_DELAY_0XED=y
-CONFIG_OPTIMIZE_INLINING=y
-# CONFIG_X86_DEBUG_FPU is not set
 CONFIG_HARDENED_USERCOPY=y
-CONFIG_CRYPTO_RSA=m
 CONFIG_CRYPTO_USER=y
-CONFIG_CRYPTO_MCRYPTD=m
-CONFIG_CRYPTO_AUTHENC=m
+CONFIG_CRYPTO_RSA=m
 CONFIG_CRYPTO_CCM=m
 CONFIG_CRYPTO_GCM=m
 CONFIG_CRYPTO_CHACHA20POLY1305=m
@@ -310,13 +292,35 @@ CONFIG_CRYPTO_USER_API_SKCIPHER=y
 CONFIG_CRYPTO_USER_API_RNG=y
 CONFIG_CRYPTO_USER_API_AEAD=y
 # CONFIG_CRYPTO_HW is not set
-# CONFIG_VIRTUALIZATION is not set
+CONFIG_CORDIC=m
 CONFIG_CRC_CCITT=m
 CONFIG_CRC_T10DIF=y
 CONFIG_CRC_ITU_T=m
 CONFIG_CRC7=m
 CONFIG_LIBCRC32C=m
 CONFIG_CRC8=m
-CONFIG_XZ_DEC_TEST=m
-CONFIG_CORDIC=m
+# CONFIG_XZ_DEC_POWERPC is not set
+# CONFIG_XZ_DEC_ARM is not set
+# CONFIG_XZ_DEC_ARMTHUMB is not set
+# CONFIG_XZ_DEC_SPARC is not set
 CONFIG_IRQ_POLL=y
+CONFIG_PRINTK_TIME=y
+CONFIG_BOOT_PRINTK_DELAY=y
+# CONFIG_ENABLE_MUST_CHECK is not set
+CONFIG_FRAME_WARN=1024
+CONFIG_STRIP_ASM_SYMS=y
+CONFIG_MAGIC_SYSRQ=y
+# CONFIG_DEBUG_MISC is not set
+CONFIG_HARDLOCKUP_DETECTOR=y
+CONFIG_WQ_WATCHDOG=y
+# CONFIG_SCHED_DEBUG is not set
+# CONFIG_DEBUG_BUGVERBOSE is not set
+# CONFIG_RCU_TRACE is not set
+# CONFIG_FTRACE is not set
+# CONFIG_RUNTIME_TESTING_MENU is not set
+# CONFIG_STRICT_DEVMEM is not set
+# CONFIG_X86_VERBOSE_BOOTUP is not set
+# CONFIG_EARLY_PRINTK is not set
+# CONFIG_DOUBLEFAULT is not set
+CONFIG_IO_DELAY_0XED=y
+# CONFIG_X86_DEBUG_FPU is not set

From d2c01fe99f7a44173d2e6a7387ff406612a44b1a Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Thu, 29 Oct 2020 15:38:47 -0400
Subject: [PATCH 18/34] x230-external-flash: 4.12 add
 CONFIG_DRIVERS_PS2_KEYBOARD CONFIG_VALIDATE_INTEL_DESCRIPTOR
 CONFIG_ONBOARD_VGA_IS_PRIMARY CONFIG_GENERIC_LINEAR_FRAMEBUFFER
 CONFIG_NO_STAGE_CACHE CONFIG_NO_POST, musl-cross-make version bump to see if
 fmd errors when linking are due to old build toolstack and see if it breaks
 other boards in CI. Note that linux-x230.conf being common will be used to
 build older kernels, which might cause problems

---
 config/coreboot-x230-external-flash.config | 21 +++++++++++++--------
 modules/musl-cross                         |  4 ++--
 2 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/config/coreboot-x230-external-flash.config b/config/coreboot-x230-external-flash.config
index cbe137a33..c231b6001 100644
--- a/config/coreboot-x230-external-flash.config
+++ b/config/coreboot-x230-external-flash.config
@@ -1,21 +1,26 @@
 CONFIG_ANY_TOOLCHAIN=y
-CONFIG_TPM_MEASURED_BOOT=y
+CONFIG_NO_STAGE_CACHE=y
 CONFIG_VENDOR_LENOVO=y
+CONFIG_NO_POST=y
+CONFIG_ONBOARD_VGA_IS_PRIMARY=y
 CONFIG_CBFS_SIZE=0xB80000
-CONFIG_HAVE_IFD_BIN=y
-CONFIG_HAVE_ME_BIN=y
-CONFIG_HAVE_GBE_BIN=y
+# CONFIG_DRIVERS_INTEL_WIFI is not set
 CONFIG_IFD_BIN_PATH="../../blobs/xx30/ifd.bin"
 CONFIG_ME_BIN_PATH="../../blobs/xx30/me.bin"
 CONFIG_GBE_BIN_PATH="../../blobs/xx30/gbe.bin"
+CONFIG_HAVE_IFD_BIN=y
 CONFIG_BOARD_LENOVO_X230=y
-CONFIG_NO_POST=y
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
 CONFIG_UART_PCI_ADDR=0
-CONFIG_GBE_BIN_PATH="../../blobs/xx30/gbe.bin"
-CONFIG_NO_GFX_INIT=y
+CONFIG_VALIDATE_INTEL_DESCRIPTOR=y
+CONFIG_HAVE_ME_BIN=y
+CONFIG_HAVE_GBE_BIN=y
+CONFIG_GENERIC_LINEAR_FRAMEBUFFER=y
+# CONFIG_INTEL_GMA_ADD_VBT is not set
+CONFIG_DRIVERS_PS2_KEYBOARD=y
+CONFIG_TPM_MEASURED_BOOT=y
 CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000
 CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y
 CONFIG_PAYLOAD_LINUX=y
 CONFIG_PAYLOAD_FILE="../../build/x230-external-flash/bzImage"
-CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
 CONFIG_LINUX_INITRD="../../build/x230-external-flash/initrd.cpio.xz"
diff --git a/modules/musl-cross b/modules/musl-cross
index f9cf79db0..a6e41a99c 100644
--- a/modules/musl-cross
+++ b/modules/musl-cross
@@ -4,11 +4,11 @@ ifeq "$(MUSL_CROSS_ONCE)" ""
 MUSL_CROSS_ONCE := 1
 modules-$(CONFIG_MUSL) += musl-cross
 
-musl-cross_version := 38e52db8358c043ae82b346a2e6e66bc86a53bc1
+musl-cross_version := b12ded507831d0cac2dabd869aef14f3822a8770
 musl-cross_dir := musl-cross-$(musl-cross_version)
 musl-cross_url := https://github.com/richfelker/musl-cross-make/archive/$(musl-cross_version).tar.gz
 musl-cross_tar := musl-cross-$(musl-cross_version).tar.gz
-musl-cross_hash := b4b85d6d3ddab0f2b8650a53e775673f8c346fa2fb07d652a9880bd206ade100
+musl-cross_hash := 21fc8d4d5ac241e57c73dfb1e4cdd8b6dcfb32db1276aa71e89be498a39e1980
 
 
 ifneq "$(CROSS)" ""

From a07e14454628d37464083119c708539380c51267 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Thu, 29 Oct 2020 17:54:41 -0400
Subject: [PATCH 19/34] coreboot module: add -Wno-address-of-packed-member to
 deal with gcc 9+ warning as error

---
 modules/coreboot | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/coreboot b/modules/coreboot
index a4664e94e..9e647b009 100644
--- a/modules/coreboot
+++ b/modules/coreboot
@@ -32,7 +32,7 @@ CONFIG_COREBOOT_CONFIG ?= config/coreboot-$(BOARD).config
 # Ensure that touching the config file will force a rebuild
 $(build)/$(coreboot_dir)/.configured: $(CONFIG_COREBOOT_CONFIG)
 
-EXTRA_FLAGS := -fdebug-prefix-map=$(pwd)=heads -gno-record-gcc-switches -Wno-error=packed-not-aligned
+EXTRA_FLAGS := -fdebug-prefix-map=$(pwd)=heads -gno-record-gcc-switches -Wno-error=packed-not-aligned -Wno-address-of-packed-member
 
 coreboot_configure := \
 	mkdir -p "$(build)/$(coreboot_dir)" \

From aba0049fcedaf9cac823d42f8ee706d36b306b90 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Fri, 30 Oct 2020 17:05:04 -0400
Subject: [PATCH 20/34] musl-cross-make: Add ada support (...and gold and lto,
 while not using it)

---
 modules/musl-cross | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/musl-cross b/modules/musl-cross
index a6e41a99c..6eb30faf6 100644
--- a/modules/musl-cross
+++ b/modules/musl-cross
@@ -35,6 +35,8 @@ else
 # have to build both x86_64 and i386 versions for coreboot
 
 musl-cross_configure := \
+	/bin/echo -e >> config.mak 'GCC_CONFIG += --enable-languages=c,c++,lto' ; \
+	/bin/echo -e >> config.mak 'COMMON_CONFIG += --enable-gold --enable-lto' ; \
 	/bin/echo -e >> Makefile 'both:' ; \
 	/bin/echo -e >> Makefile '\t$$$$(MAKE) TARGET=x86_64-linux-musl install' ; \
 	/bin/echo -e >> Makefile '\t$$$$(MAKE) TARGET=i386-linux-musl install' ; \

From af2517584425bb12d191646fcafa90bc098efb54 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Sun, 1 Nov 2020 15:30:39 -0500
Subject: [PATCH 21/34] xx30 blobs: adapt README to specify ME version and
 origin of dumped IFD

---
 blobs/xx30/README | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/blobs/xx30/README b/blobs/xx30/README
index 1d8b1aaa0..9e3edfb31 100644
--- a/blobs/xx30/README
+++ b/blobs/xx30/README
@@ -1,6 +1,13 @@
 The ME blobs dumped in this directory come from the following link: https://pcsupport.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t430/downloads/DS032435
 
-You can arrive to the same result by doing the following:
+This provides latest ME version 8.1.72.3002, for which only BUP and ROMP regions will be kept as non-removable:
+Here is what Lenovo provides as a Summary of Changes:
+Version 8.1.72.3002 (G1RG24WW)
+
+  (Fix) Fixed the following security vulnerabilites: CVE-2017-5711, CVE-2017-5712, CVE-2017-13077, CVE-2017-13078, CVE-2017-13080.
+
+
+You can arrive to the same result of the following me.bin by doing the following manually:
 wget https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe && innoextract g1rg24ww.exe && python ~/me_cleaner/me_cleaner.py -r -t -O ~/heads/blobs/xx30/me.bin app/ME8_5M_Production.bin
 
 sha256sums:
@@ -8,7 +15,7 @@ f60e1990e2da2b7efa58a645502d22d50afd97b53a092781beee9b0322b61153  g1rg24ww.exe
 821c6fa16e62e15bc902ce2e958ffb61f63349a471685bed0dc78ce721a01bfa  app/ME8_5M_Production.bin
 c140d04d792bed555e616065d48bdc327bb78f0213ccc54c0ae95f12b28896a4  blobs/xx30/me.bin
 
-x230-ifd.bin is extracted from an external flashrom backup (no way found to be able to extract it from Lenovo firmware upgrades as of now):
+x230-ifd.bin was extracted from sacrificed X230 (dead motherboard) fron an external flashrom backup (no way found to be able to extract it from Lenovo firmware upgrades as of now):
 python ~/me_cleaner/me_cleaner.py -S -r -t -d -O /tmp/discarded.bin -D ~/heads/blobs/xx30/ifd.bin -M /tmp/temporary_me.bin dead_serving_a_purpose_x230_bottom_spi_backup.rom
 
 sha256sum:

From f0a1746a0ec8ca2ba7f4822a336ee02fd3c0c76d Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Sun, 1 Nov 2020 15:39:10 -0500
Subject: [PATCH 22/34] resolve merge conflicts from master

---
 .circleci/config.yml                                        | 1 +
 boards/x230-external-flash/x230-external-flash.config       | 2 --
 boards/x230-hotp-verification/x230-hotp-verification.config | 4 +---
 3 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 1438e8717..c7f80f92e 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -217,6 +217,7 @@ jobs:
             - packages
             - crossgcc
             - build
+
 workflows:
   version: 2
   build_and_test:
diff --git a/boards/x230-external-flash/x230-external-flash.config b/boards/x230-external-flash/x230-external-flash.config
index 723bd8d37..bd9a6155e 100644
--- a/boards/x230-external-flash/x230-external-flash.config
+++ b/boards/x230-external-flash/x230-external-flash.config
@@ -39,8 +39,6 @@ export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
 export CONFIG_BOOT_KERNEL_REMOVE="quiet"
 export CONFIG_BOOT_DEV="/dev/sda1"
 export CONFIG_BOOT_GUI_MENU_NAME="Thinkpad X230-external Heads Boot Menu"
-export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
-export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
 export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
 
 # This board has two SPI flash chips, an 8 MB that holds the IFD,
diff --git a/boards/x230-hotp-verification/x230-hotp-verification.config b/boards/x230-hotp-verification/x230-hotp-verification.config
index 6d0fcff68..c14c78384 100644
--- a/boards/x230-hotp-verification/x230-hotp-verification.config
+++ b/boards/x230-hotp-verification/x230-hotp-verification.config
@@ -47,9 +47,7 @@ export CONFIG_BOOT_REQ_ROLLBACK=n
 export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
 export CONFIG_BOOT_KERNEL_REMOVE="quiet"
 export CONFIG_BOOT_DEV="/dev/sda1"
-export CONFIG_BOOT_GUI_MENU_NAME="Thinkpad X230-HOTP-dongle Heads Boot Menu"
-export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
-export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
+export CONFIG_BOARD_NAME="Thinkpad X230"
 export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios"
 
 # This board has two SPI flash chips, an 8 MB that holds the IFD,

From 1c6961ec8325d03bc48d06f6f9aab7d10c91ac62 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Mon, 2 Nov 2020 17:05:57 -0500
Subject: [PATCH 23/34] musl-cross + coreboot WIP to have gnat built into
 musl-cross, not depend of the one of coreboot.

---
 modules/coreboot   | 2 +-
 modules/musl-cross | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/coreboot b/modules/coreboot
index 9e647b009..fee0112ee 100644
--- a/modules/coreboot
+++ b/modules/coreboot
@@ -32,7 +32,7 @@ CONFIG_COREBOOT_CONFIG ?= config/coreboot-$(BOARD).config
 # Ensure that touching the config file will force a rebuild
 $(build)/$(coreboot_dir)/.configured: $(CONFIG_COREBOOT_CONFIG)
 
-EXTRA_FLAGS := -fdebug-prefix-map=$(pwd)=heads -gno-record-gcc-switches -Wno-error=packed-not-aligned -Wno-address-of-packed-member
+EXTRA_FLAGS := -fdebug-prefix-map=$(pwd)=heads -gno-record-gcc-switches -Wno-error=packed-not-aligned -Wno-address-of-packed-member -Wno-error=address-of-packed-member
 
 coreboot_configure := \
 	mkdir -p "$(build)/$(coreboot_dir)" \
diff --git a/modules/musl-cross b/modules/musl-cross
index 6eb30faf6..766e714e3 100644
--- a/modules/musl-cross
+++ b/modules/musl-cross
@@ -35,8 +35,8 @@ else
 # have to build both x86_64 and i386 versions for coreboot
 
 musl-cross_configure := \
-	/bin/echo -e >> config.mak 'GCC_CONFIG += --enable-languages=c,c++,lto' ; \
-	/bin/echo -e >> config.mak 'COMMON_CONFIG += --enable-gold --enable-lto' ; \
+	/bin/echo -e >> config.mak 'GCC_CONFIG += --enable-languages=c,c++,lto,ada' ; \
+	/bin/echo -e >> config.mak 'COMMON_CONFIG += --enable-gold --enable-lto --enable-plugins' ; \
 	/bin/echo -e >> Makefile 'both:' ; \
 	/bin/echo -e >> Makefile '\t$$$$(MAKE) TARGET=x86_64-linux-musl install' ; \
 	/bin/echo -e >> Makefile '\t$$$$(MAKE) TARGET=i386-linux-musl install' ; \

From 330d20de218bdb08a3426b2a3ba0303465f07dde Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Mon, 2 Nov 2020 17:41:36 -0500
Subject: [PATCH 24/34] CircleCI seperation of main failed error and detailed
 logs of last minute + qemu-coreboot-fbwhiptail board addition

---
 .circleci/config.yml | 112 +++++++++++++++++++++++++++++++++++--------
 1 file changed, 92 insertions(+), 20 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index c7f80f92e..805605409 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -59,13 +59,53 @@ jobs:
 #      - store-artifacts:
 #          path: build/qemu-linuxboot/hashes.txt
 
+      - run:
+          name: librem_l1um
+          command: |
+            rm -rf build/librem_l1um/* build/log/* && make CPUS=4 \
+                V=1 \
+                BOARD=librem_l1um || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
+          no_output_timeout: 3h
+      - run:
+          name: Ouput librem_l1um hashes
+          command: |
+            cat build/librem_l1um/hashes.txt \
+      - run:
+          name: Archiving build logs for librem_l1um
+          command: |
+             tar zcvf build/librem_l1um/logs.tar.gz build/log/*
+      - store-artifacts:
+          path: build/librem_l1um
+
+      - run:
+          name: librem_mini
+          command: |
+            rm -rf build/librem_mini/* build/log/* && make CPUS=4 \
+                V=1 \
+                BOARD=librem_mini || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
+          no_output_timeout: 3h
+      - run:
+          name: Ouput librem_mini hashes
+          command: |
+            cat build/librem_mini/hashes.txt \
+      - run:
+          name: Archiving build logs for librem_mini
+          command: |
+             tar zcvf build/librem_mini/logs.tar.gz build/log/*
+      - store-artifacts:
+          path: build/librem_mini
+
       - run:
           name: x230-flash
           command: |
-            rm -rf build/x230-flash/* build/log/* && make --load 2 \
+            rm -rf build/x230-flash/* build/log/* && make CPUS=4 \
                 V=1 \
-                BOARD=x230-flash \
+                BOARD=x230-flash || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
           no_output_timeout: 3h
+      - run:
+          name: Ouput build failing logs
+          command: |
+            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
       - run:
           name: Ouput x230-flash hashes
           command: |
@@ -80,10 +120,12 @@ jobs:
       - run:
           name: t430-flash
           command: |
-            rm -rf build/t430-flash/* build/log/* && make CPUS=4 \
-                V=1 \
-                BOARD=t430-flash || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
+            rm -rf build/t430-flash/* build/log/* && make CPUS=4 V=1 BOARD=t430-flash || touch /tmp/failed_build
           no_output_timeout: 3h
+      - run:
+          name: Ouput build failing logs
+          command: |
+            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
       - run:
           name: Ouput t430-flash hashes
           command: |
@@ -98,10 +140,12 @@ jobs:
       - run:
           name: t430
           command: |
-            rm -rf build/t430/* build/log/* && make CPUS=4 \
-                V=1 \
-                BOARD=t430  || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
+            rm -rf build/t430/* build/log/* && make CPUS=4 V=1 BOARD=t430 || touch /tmp/failed_build
           no_output_timeout: 3h
+      - run:
+          name: Ouput build failing logs
+          command: |
+            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
       - run:
           name: Ouput t430 hashes
           command: |
@@ -116,10 +160,12 @@ jobs:
       - run:
           name: x230
           command: |
-            rm -rf build/x230/* build/log/* && make CPUS=4 \
-                V=1 \
-                BOARD=x230 || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
+            rm -rf build/x230/* build/log/* && make CPUS=4 V=1 BOARD=x230 || touch /tmp/failed_build
           no_output_timeout: 3h
+      - run:
+          name: Ouput build failing logs
+          command: |
+            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
       - run:
           name: Ouput x230 hashes
           command: |
@@ -134,10 +180,12 @@ jobs:
       - run:
           name: x230-hotp-verification
           command: |
-            rm -rf build/x230-hotp-verification/* build/log/* && make CPUS=4 \
-                V=1 \
-                BOARD=x230-hotp-verification || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
+            rm -rf build/x230-hotp-verification/* build/log/* && make CPUS=4 V=1 BOARD=x230-hotp-verification || touch /tmp/failed_build
           no_output_timeout: 3h
+      - run:
+          name: Ouput build failing logs
+          command: |
+            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
       - run:
           name: Ouput x230-hotp-verification hashes
           command: |
@@ -152,10 +200,12 @@ jobs:
       - run:
           name: x230-nkstorecli
           command: |
-            rm -rf build/x230-nkstorecli/* build/log/* && make CPUS=4 \
-                V=1 \
-                BOARD=x230-nkstorecli || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
+            rm -rf build/x230-nkstorecli/* build/log/* && make CPUS=4 V=1 BOARD=x230-nkstorecli || touch /tmp/failed_build
           no_output_timeout: 3h
+      - run:
+          name: Ouput build failing logs
+          command: |
+            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
       - run:
           name: Ouput x230-nkstorecli hashes
           command: |
@@ -188,10 +238,12 @@ jobs:
       - run:
           name: qemu-coreboot
           command: |
-            rm -rf build/qemu-coreboot/* build/log/* && make CPUS=4 \
-                V=1 \
-                BOARD=qemu-coreboot || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
+            rm -rf build/qemu-coreboot/* build/log/* && make CPUS=4 V=1 BOARD=qemu-coreboot || touch /tmp/failed_build
           no_output_timeout: 3h
+      - run:
+          name: Ouput build failing logs
+          command: |
+            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
       - run:
           name: Output qemu-coreboot hashes
           command: |
@@ -203,6 +255,26 @@ jobs:
       - store-artifacts:
           path: build/qemu-coreboot
 
+      - run:
+          name: qemu-coreboot-fbwhiptail
+          command: |
+            rm -rf build/qemu-coreboot-fbwhiptail/* build/log/* && make CPUS=4 V=1 BOARD=qemu-coreboot-fbwhiptail || touch /tmp/failed_build
+          no_output_timeout: 3h
+      - run:
+          name: Ouput build failing logs
+          command: |
+            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
+      - run:
+          name: Output qemu-coreboot-fbwhiptail hashes
+          command: |
+             cat build/qemu-coreboot-fbwhiptail/hashes.txt \
+      - run:
+          name: Archiving build logs for qemu-coreboot-fbwhiptail
+          command: |
+             tar zcvf build/qemu-coreboot-fbwhiptail/logs.tar.gz build/log/*
+      - store-artifacts:
+          path: build/qemu-coreboot-fbwhiptail
+
       - save_cache:
           #Generate cache for the same musl-cross module definition if hash is not previously existing
           key: heads-cross-musl-{{ checksum "/tmp/musl-cross_module_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }}

From d4be7b5e21ce79894eb351aaae50e0990c5c4f7a Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Wed, 4 Nov 2020 12:18:54 -0500
Subject: [PATCH 25/34] WIP: x230-external-flash coreboot 4.8.1, master
 musl-cross-make.

---
 .../x230-external-flash.config                |   4 +-
 .../x230-hotp-verification.config             |   2 +-
 config/coreboot-x230-external-flash.config    |  20 +--
 config/linux-x230.config                      | 150 +++++++++---------
 modules/coreboot                              |   2 +-
 modules/musl-cross                            |   6 +-
 6 files changed, 86 insertions(+), 98 deletions(-)

diff --git a/boards/x230-external-flash/x230-external-flash.config b/boards/x230-external-flash/x230-external-flash.config
index bd9a6155e..dba39c136 100644
--- a/boards/x230-external-flash/x230-external-flash.config
+++ b/boards/x230-external-flash/x230-external-flash.config
@@ -1,8 +1,8 @@
 # Configuration for a x230 running Qubes and other OSes
 #Includes deactivated+neutered ME and expended consequent IFD 
 export CONFIG_COREBOOT=y
-export CONFIG_COREBOOT_VERSION=4.12
-export CONFIG_LINUX_VERSION=5.4.69
+export CONFIG_COREBOOT_VERSION=4.8.1
+export CONFIG_LINUX_VERSION=4.14.62
 
 CONFIG_COREBOOT_CONFIG=config/coreboot-x230-external-flash.config
 CONFIG_LINUX_CONFIG=config/linux-x230.config
diff --git a/boards/x230-hotp-verification/x230-hotp-verification.config b/boards/x230-hotp-verification/x230-hotp-verification.config
index c14c78384..a0aa199e5 100644
--- a/boards/x230-hotp-verification/x230-hotp-verification.config
+++ b/boards/x230-hotp-verification/x230-hotp-verification.config
@@ -47,7 +47,7 @@ export CONFIG_BOOT_REQ_ROLLBACK=n
 export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
 export CONFIG_BOOT_KERNEL_REMOVE="quiet"
 export CONFIG_BOOT_DEV="/dev/sda1"
-export CONFIG_BOARD_NAME="Thinkpad X230"
+export CONFIG_BOOT_GUI_MENU_NAME="Thinkpad X230-HOTP-dongle Heads Boot Menu"
 export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios"
 
 # This board has two SPI flash chips, an 8 MB that holds the IFD,
diff --git a/config/coreboot-x230-external-flash.config b/config/coreboot-x230-external-flash.config
index c231b6001..c140f2d61 100644
--- a/config/coreboot-x230-external-flash.config
+++ b/config/coreboot-x230-external-flash.config
@@ -1,26 +1,20 @@
 CONFIG_ANY_TOOLCHAIN=y
-CONFIG_NO_STAGE_CACHE=y
+CONFIG_MEASURED_BOOT=y
 CONFIG_VENDOR_LENOVO=y
-CONFIG_NO_POST=y
-CONFIG_ONBOARD_VGA_IS_PRIMARY=y
 CONFIG_CBFS_SIZE=0xB80000
-# CONFIG_DRIVERS_INTEL_WIFI is not set
+CONFIG_HAVE_IFD_BIN=y
+CONFIG_HAVE_ME_BIN=y
+CONFIG_HAVE_GBE_BIN=y
 CONFIG_IFD_BIN_PATH="../../blobs/xx30/ifd.bin"
 CONFIG_ME_BIN_PATH="../../blobs/xx30/me.bin"
 CONFIG_GBE_BIN_PATH="../../blobs/xx30/gbe.bin"
-CONFIG_HAVE_IFD_BIN=y
 CONFIG_BOARD_LENOVO_X230=y
-CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
+CONFIG_NO_POST=y
 CONFIG_UART_PCI_ADDR=0
-CONFIG_VALIDATE_INTEL_DESCRIPTOR=y
-CONFIG_HAVE_ME_BIN=y
-CONFIG_HAVE_GBE_BIN=y
-CONFIG_GENERIC_LINEAR_FRAMEBUFFER=y
-# CONFIG_INTEL_GMA_ADD_VBT is not set
-CONFIG_DRIVERS_PS2_KEYBOARD=y
-CONFIG_TPM_MEASURED_BOOT=y
+CONFIG_NO_GFX_INIT=y
 CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000
 CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y
 CONFIG_PAYLOAD_LINUX=y
 CONFIG_PAYLOAD_FILE="../../build/x230-external-flash/bzImage"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
 CONFIG_LINUX_INITRD="../../build/x230-external-flash/initrd.cpio.xz"
diff --git a/config/linux-x230.config b/config/linux-x230.config
index a7d516285..dd5af0c15 100644
--- a/config/linux-x230.config
+++ b/config/linux-x230.config
@@ -3,8 +3,8 @@ CONFIG_LOCALVERSION="-heads"
 CONFIG_KERNEL_XZ=y
 # CONFIG_SWAP is not set
 # CONFIG_CROSS_MEMORY_ATTACH is not set
+# CONFIG_FHANDLE is not set
 CONFIG_NO_HZ_IDLE=y
-CONFIG_PREEMPT_VOLUNTARY=y
 CONFIG_LOG_BUF_SHIFT=18
 CONFIG_BLK_DEV_INITRD=y
 CONFIG_INITRAMFS_SOURCE="../../../blobs/dev.cpio"
@@ -16,35 +16,38 @@ CONFIG_INITRAMFS_SOURCE="../../../blobs/dev.cpio"
 CONFIG_CC_OPTIMIZE_FOR_SIZE=y
 # CONFIG_SGETMASK_SYSCALL is not set
 # CONFIG_SYSFS_SYSCALL is not set
-# CONFIG_FHANDLE is not set
 # CONFIG_BASE_FULL is not set
 # CONFIG_SIGNALFD is not set
 # CONFIG_TIMERFD is not set
 # CONFIG_EVENTFD is not set
 # CONFIG_AIO is not set
 # CONFIG_ADVISE_SYSCALLS is not set
-# CONFIG_KALLSYMS is not set
+# CONFIG_MEMBARRIER is not set
 CONFIG_EMBEDDED=y
 # CONFIG_VM_EVENT_COUNTERS is not set
 # CONFIG_SLUB_DEBUG is not set
 # CONFIG_COMPAT_BRK is not set
+CONFIG_JUMP_LABEL=y
+CONFIG_CC_STACKPROTECTOR_STRONG=y
+CONFIG_MODULES=y
+# CONFIG_IOSCHED_DEADLINE is not set
+# CONFIG_IOSCHED_CFQ is not set
 CONFIG_SMP=y
-# CONFIG_RETPOLINE is not set
 # CONFIG_X86_EXTENDED_PLATFORM is not set
 CONFIG_PROCESSOR_SELECT=y
-# CONFIG_CPU_SUP_AMD is not set
-# CONFIG_CPU_SUP_HYGON is not set
 # CONFIG_CPU_SUP_CENTAUR is not set
-# CONFIG_CPU_SUP_ZHAOXIN is not set
+CONFIG_PREEMPT_VOLUNTARY=y
 CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y
-# CONFIG_PERF_EVENTS_INTEL_UNCORE is not set
+# CONFIG_X86_MCE_AMD is not set
 # CONFIG_PERF_EVENTS_INTEL_RAPL is not set
-# CONFIG_PERF_EVENTS_INTEL_CSTATE is not set
 # CONFIG_MICROCODE is not set
+# CONFIG_SPARSEMEM_VMEMMAP is not set
+# CONFIG_COMPACTION is not set
+# CONFIG_BOUNCE is not set
+CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
 CONFIG_X86_PMEM_LEGACY=y
 # CONFIG_MTRR is not set
 # CONFIG_X86_SMAP is not set
-# CONFIG_X86_INTEL_UMIP is not set
 # CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS is not set
 # CONFIG_SECCOMP is not set
 CONFIG_KEXEC=y
@@ -53,37 +56,28 @@ CONFIG_KEXEC_FILE=y
 CONFIG_PHYSICAL_ALIGN=0x1000000
 # CONFIG_MODIFY_LDT_SYSCALL is not set
 # CONFIG_SUSPEND is not set
-# CONFIG_ISA_DMA_API is not set
-# CONFIG_FIRMWARE_MEMMAP is not set
-# CONFIG_DMIID is not set
-# CONFIG_VIRTUALIZATION is not set
-CONFIG_JUMP_LABEL=y
-CONFIG_MODULES=y
-CONFIG_MODULE_COMPRESS=y
-CONFIG_MODULE_COMPRESS_XZ=y
-# CONFIG_UNUSED_SYMBOLS is not set
-CONFIG_TRIM_UNUSED_KSYMS=y
-# CONFIG_MQ_IOSCHED_KYBER is not set
+CONFIG_ACPI_VIDEO=y
+CONFIG_PCI_MSI=y
+# CONFIG_HT_IRQ is not set
+CONFIG_PCI_IOV=y
+CONFIG_PCI_PRI=y
 # CONFIG_COREDUMP is not set
-# CONFIG_SPARSEMEM_VMEMMAP is not set
-# CONFIG_COMPACTION is not set
-# CONFIG_BOUNCE is not set
-CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
 CONFIG_NET=y
 CONFIG_PACKET=y
 CONFIG_UNIX=y
 CONFIG_INET=y
 CONFIG_SYN_COOKIES=y
+# CONFIG_INET_XFRM_MODE_TRANSPORT is not set
+# CONFIG_INET_XFRM_MODE_TUNNEL is not set
+# CONFIG_INET_XFRM_MODE_BEET is not set
 # CONFIG_INET_DIAG is not set
 # CONFIG_IPV6 is not set
 # CONFIG_WIRELESS is not set
-CONFIG_PCI=y
-CONFIG_PCI_MSI=y
-CONFIG_PCI_IOV=y
-CONFIG_PCI_PRI=y
+# CONFIG_UEVENT_HELPER is not set
 CONFIG_DEVTMPFS=y
 CONFIG_DEVTMPFS_MOUNT=y
 # CONFIG_STANDALONE is not set
+# CONFIG_FIRMWARE_IN_KERNEL is not set
 # CONFIG_ALLOW_DEV_COREDUMP is not set
 CONFIG_BLK_DEV_LOOP=y
 CONFIG_BLK_DEV_RAM=y
@@ -98,74 +92,64 @@ CONFIG_CHR_DEV_SG=y
 CONFIG_SCSI_SCAN_ASYNC=y
 CONFIG_ISCSI_TCP=y
 CONFIG_ATA=y
+CONFIG_SATA_AHCI=y
 # CONFIG_ATA_SFF is not set
 CONFIG_MD=y
 CONFIG_BLK_DEV_DM=y
 CONFIG_DM_CRYPT=y
+CONFIG_DM_VERITY=y
+CONFIG_DM_VERITY_FEC=y
 CONFIG_NETDEVICES=y
 # CONFIG_NET_VENDOR_3COM is not set
 # CONFIG_NET_VENDOR_ADAPTEC is not set
 # CONFIG_NET_VENDOR_AGERE is not set
-# CONFIG_NET_VENDOR_ALACRITECH is not set
 # CONFIG_NET_VENDOR_ALTEON is not set
 # CONFIG_NET_VENDOR_AMAZON is not set
 # CONFIG_NET_VENDOR_AMD is not set
-# CONFIG_NET_VENDOR_AQUANTIA is not set
 # CONFIG_NET_VENDOR_ARC is not set
 # CONFIG_NET_VENDOR_ATHEROS is not set
-# CONFIG_NET_VENDOR_AURORA is not set
+# CONFIG_NET_CADENCE is not set
 # CONFIG_NET_VENDOR_BROADCOM is not set
 # CONFIG_NET_VENDOR_BROCADE is not set
-# CONFIG_NET_VENDOR_CADENCE is not set
 # CONFIG_NET_VENDOR_CAVIUM is not set
 # CONFIG_NET_VENDOR_CHELSIO is not set
 # CONFIG_NET_VENDOR_CISCO is not set
-# CONFIG_NET_VENDOR_CORTINA is not set
 # CONFIG_NET_VENDOR_DEC is not set
 # CONFIG_NET_VENDOR_DLINK is not set
 # CONFIG_NET_VENDOR_EMULEX is not set
 # CONFIG_NET_VENDOR_EZCHIP is not set
-# CONFIG_NET_VENDOR_GOOGLE is not set
+# CONFIG_NET_VENDOR_EXAR is not set
 # CONFIG_NET_VENDOR_HP is not set
-# CONFIG_NET_VENDOR_HUAWEI is not set
-# CONFIG_NET_VENDOR_I825XX is not set
 CONFIG_E1000=m
 CONFIG_E1000E=m
+# CONFIG_NET_VENDOR_I825XX is not set
 # CONFIG_NET_VENDOR_MARVELL is not set
 # CONFIG_NET_VENDOR_MELLANOX is not set
 # CONFIG_NET_VENDOR_MICREL is not set
-# CONFIG_NET_VENDOR_MICROCHIP is not set
-# CONFIG_NET_VENDOR_MICROSEMI is not set
 # CONFIG_NET_VENDOR_MYRI is not set
 # CONFIG_NET_VENDOR_NATSEMI is not set
-# CONFIG_NET_VENDOR_NETERION is not set
 # CONFIG_NET_VENDOR_NETRONOME is not set
-# CONFIG_NET_VENDOR_NI is not set
 # CONFIG_NET_VENDOR_NVIDIA is not set
 # CONFIG_NET_VENDOR_OKI is not set
-# CONFIG_NET_VENDOR_PACKET_ENGINES is not set
-# CONFIG_NET_VENDOR_PENSANDO is not set
+# CONFIG_NET_PACKET_ENGINE is not set
 # CONFIG_NET_VENDOR_QLOGIC is not set
 # CONFIG_NET_VENDOR_QUALCOMM is not set
-# CONFIG_NET_VENDOR_RDC is not set
 # CONFIG_NET_VENDOR_REALTEK is not set
 # CONFIG_NET_VENDOR_RENESAS is not set
+# CONFIG_NET_VENDOR_RDC is not set
 # CONFIG_NET_VENDOR_ROCKER is not set
 # CONFIG_NET_VENDOR_SAMSUNG is not set
 # CONFIG_NET_VENDOR_SEEQ is not set
-# CONFIG_NET_VENDOR_SOLARFLARE is not set
 # CONFIG_NET_VENDOR_SILAN is not set
 # CONFIG_NET_VENDOR_SIS is not set
 # CONFIG_NET_VENDOR_SMSC is not set
-# CONFIG_NET_VENDOR_SOCIONEXT is not set
 # CONFIG_NET_VENDOR_STMICRO is not set
 # CONFIG_NET_VENDOR_SUN is not set
-# CONFIG_NET_VENDOR_SYNOPSYS is not set
 # CONFIG_NET_VENDOR_TEHUTI is not set
 # CONFIG_NET_VENDOR_TI is not set
 # CONFIG_NET_VENDOR_VIA is not set
 # CONFIG_NET_VENDOR_WIZNET is not set
-# CONFIG_NET_VENDOR_XILINX is not set
+# CONFIG_NET_VENDOR_SYNOPSYS is not set
 # CONFIG_USB_NET_DRIVERS is not set
 # CONFIG_WLAN is not set
 # CONFIG_INPUT_MOUSE is not set
@@ -181,8 +165,10 @@ CONFIG_SERIAL_8250=y
 CONFIG_TTY_PRINTK=y
 CONFIG_HW_RANDOM=y
 CONFIG_HW_RANDOM_TIMERIOMEM=m
-# CONFIG_HW_RANDOM_AMD is not set
-# CONFIG_HW_RANDOM_VIA is not set
+CONFIG_HW_RANDOM_INTEL=m
+CONFIG_HW_RANDOM_AMD=m
+CONFIG_HW_RANDOM_VIA=m
+CONFIG_HW_RANDOM_TPM=m
 CONFIG_TCG_TPM=y
 CONFIG_TCG_TIS=y
 # CONFIG_I2C_COMPAT is not set
@@ -198,6 +184,9 @@ CONFIG_MFD_SYSCON=y
 CONFIG_DRM=y
 CONFIG_DRM_I915=y
 CONFIG_FB_VESA=y
+CONFIG_BACKLIGHT_LCD_SUPPORT=y
+# CONFIG_LCD_CLASS_DEVICE is not set
+CONFIG_BACKLIGHT_CLASS_DEVICE=y
 # CONFIG_BACKLIGHT_GENERIC is not set
 CONFIG_FRAMEBUFFER_CONSOLE=y
 CONFIG_USB=y
@@ -207,14 +196,20 @@ CONFIG_USB_EHCI_HCD=m
 CONFIG_USB_EHCI_HCD_PLATFORM=m
 CONFIG_USB_STORAGE=m
 CONFIG_RTC_CLASS=y
-# CONFIG_VIRTIO_MENU is not set
 # CONFIG_X86_PLATFORM_DEVICES is not set
 CONFIG_INTEL_IOMMU=y
+CONFIG_INTEL_IOMMU_SVM=y
 CONFIG_GENERIC_PHY=y
 # CONFIG_BLK_DEV_PMEM is not set
 # CONFIG_ND_BLK is not set
 # CONFIG_BTT is not set
+# CONFIG_FIRMWARE_MEMMAP is not set
+# CONFIG_DMIID is not set
+CONFIG_GOOGLE_FIRMWARE=y
+CONFIG_GOOGLE_MEMCONSOLE_X86_LEGACY=y
+# CONFIG_EXT2_FS is not set
 CONFIG_EXT4_FS=y
+CONFIG_EXT4_USE_FOR_EXT2=y
 # CONFIG_DNOTIFY is not set
 # CONFIG_INOTIFY_USER is not set
 CONFIG_ISO9660_FS=y
@@ -223,14 +218,37 @@ CONFIG_MSDOS_FS=y
 CONFIG_VFAT_FS=y
 # CONFIG_PROC_SYSCTL is not set
 # CONFIG_PROC_PAGE_MONITOR is not set
+CONFIG_TMPFS=y
 # CONFIG_MISC_FILESYSTEMS is not set
 CONFIG_NLS_DEFAULT="utf8"
 CONFIG_NLS_CODEPAGE_437=y
 CONFIG_NLS_ISO8859_1=y
 CONFIG_NLS_UTF8=y
+CONFIG_PRINTK_TIME=y
+CONFIG_BOOT_PRINTK_DELAY=y
+# CONFIG_ENABLE_WARN_DEPRECATED is not set
+# CONFIG_ENABLE_MUST_CHECK is not set
+CONFIG_FRAME_WARN=1024
+# CONFIG_UNUSED_SYMBOLS is not set
+CONFIG_MAGIC_SYSRQ=y
+CONFIG_HARDLOCKUP_DETECTOR=y
+CONFIG_WQ_WATCHDOG=y
+# CONFIG_SCHED_DEBUG is not set
+CONFIG_STACKTRACE=y
+# CONFIG_DEBUG_BUGVERBOSE is not set
+# CONFIG_RCU_TRACE is not set
+# CONFIG_FTRACE is not set
+# CONFIG_STRICT_DEVMEM is not set
+# CONFIG_X86_VERBOSE_BOOTUP is not set
+# CONFIG_DOUBLEFAULT is not set
+CONFIG_IO_DELAY_0XED=y
+CONFIG_OPTIMIZE_INLINING=y
+# CONFIG_X86_DEBUG_FPU is not set
 CONFIG_HARDENED_USERCOPY=y
-CONFIG_CRYPTO_USER=y
 CONFIG_CRYPTO_RSA=m
+CONFIG_CRYPTO_USER=y
+CONFIG_CRYPTO_MCRYPTD=m
+CONFIG_CRYPTO_AUTHENC=m
 CONFIG_CRYPTO_CCM=m
 CONFIG_CRYPTO_GCM=m
 CONFIG_CRYPTO_CHACHA20POLY1305=m
@@ -292,35 +310,13 @@ CONFIG_CRYPTO_USER_API_SKCIPHER=y
 CONFIG_CRYPTO_USER_API_RNG=y
 CONFIG_CRYPTO_USER_API_AEAD=y
 # CONFIG_CRYPTO_HW is not set
-CONFIG_CORDIC=m
+# CONFIG_VIRTUALIZATION is not set
 CONFIG_CRC_CCITT=m
 CONFIG_CRC_T10DIF=y
 CONFIG_CRC_ITU_T=m
 CONFIG_CRC7=m
 CONFIG_LIBCRC32C=m
 CONFIG_CRC8=m
-# CONFIG_XZ_DEC_POWERPC is not set
-# CONFIG_XZ_DEC_ARM is not set
-# CONFIG_XZ_DEC_ARMTHUMB is not set
-# CONFIG_XZ_DEC_SPARC is not set
+CONFIG_XZ_DEC_TEST=m
+CONFIG_CORDIC=m
 CONFIG_IRQ_POLL=y
-CONFIG_PRINTK_TIME=y
-CONFIG_BOOT_PRINTK_DELAY=y
-# CONFIG_ENABLE_MUST_CHECK is not set
-CONFIG_FRAME_WARN=1024
-CONFIG_STRIP_ASM_SYMS=y
-CONFIG_MAGIC_SYSRQ=y
-# CONFIG_DEBUG_MISC is not set
-CONFIG_HARDLOCKUP_DETECTOR=y
-CONFIG_WQ_WATCHDOG=y
-# CONFIG_SCHED_DEBUG is not set
-# CONFIG_DEBUG_BUGVERBOSE is not set
-# CONFIG_RCU_TRACE is not set
-# CONFIG_FTRACE is not set
-# CONFIG_RUNTIME_TESTING_MENU is not set
-# CONFIG_STRICT_DEVMEM is not set
-# CONFIG_X86_VERBOSE_BOOTUP is not set
-# CONFIG_EARLY_PRINTK is not set
-# CONFIG_DOUBLEFAULT is not set
-CONFIG_IO_DELAY_0XED=y
-# CONFIG_X86_DEBUG_FPU is not set
diff --git a/modules/coreboot b/modules/coreboot
index fee0112ee..a4664e94e 100644
--- a/modules/coreboot
+++ b/modules/coreboot
@@ -32,7 +32,7 @@ CONFIG_COREBOOT_CONFIG ?= config/coreboot-$(BOARD).config
 # Ensure that touching the config file will force a rebuild
 $(build)/$(coreboot_dir)/.configured: $(CONFIG_COREBOOT_CONFIG)
 
-EXTRA_FLAGS := -fdebug-prefix-map=$(pwd)=heads -gno-record-gcc-switches -Wno-error=packed-not-aligned -Wno-address-of-packed-member -Wno-error=address-of-packed-member
+EXTRA_FLAGS := -fdebug-prefix-map=$(pwd)=heads -gno-record-gcc-switches -Wno-error=packed-not-aligned
 
 coreboot_configure := \
 	mkdir -p "$(build)/$(coreboot_dir)" \
diff --git a/modules/musl-cross b/modules/musl-cross
index 766e714e3..f9cf79db0 100644
--- a/modules/musl-cross
+++ b/modules/musl-cross
@@ -4,11 +4,11 @@ ifeq "$(MUSL_CROSS_ONCE)" ""
 MUSL_CROSS_ONCE := 1
 modules-$(CONFIG_MUSL) += musl-cross
 
-musl-cross_version := b12ded507831d0cac2dabd869aef14f3822a8770
+musl-cross_version := 38e52db8358c043ae82b346a2e6e66bc86a53bc1
 musl-cross_dir := musl-cross-$(musl-cross_version)
 musl-cross_url := https://github.com/richfelker/musl-cross-make/archive/$(musl-cross_version).tar.gz
 musl-cross_tar := musl-cross-$(musl-cross_version).tar.gz
-musl-cross_hash := 21fc8d4d5ac241e57c73dfb1e4cdd8b6dcfb32db1276aa71e89be498a39e1980
+musl-cross_hash := b4b85d6d3ddab0f2b8650a53e775673f8c346fa2fb07d652a9880bd206ade100
 
 
 ifneq "$(CROSS)" ""
@@ -35,8 +35,6 @@ else
 # have to build both x86_64 and i386 versions for coreboot
 
 musl-cross_configure := \
-	/bin/echo -e >> config.mak 'GCC_CONFIG += --enable-languages=c,c++,lto,ada' ; \
-	/bin/echo -e >> config.mak 'COMMON_CONFIG += --enable-gold --enable-lto --enable-plugins' ; \
 	/bin/echo -e >> Makefile 'both:' ; \
 	/bin/echo -e >> Makefile '\t$$$$(MAKE) TARGET=x86_64-linux-musl install' ; \
 	/bin/echo -e >> Makefile '\t$$$$(MAKE) TARGET=i386-linux-musl install' ; \

From 9543014bcedd95d587a8462f486106c844fcb753 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Wed, 4 Nov 2020 14:47:14 -0500
Subject: [PATCH 26/34] xx30 blobs: copy script from #877 to test on x230...

---
 blobs/xx30/extract.sh | 64 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 64 insertions(+)
 create mode 100644 blobs/xx30/extract.sh

diff --git a/blobs/xx30/extract.sh b/blobs/xx30/extract.sh
new file mode 100644
index 000000000..812d51664
--- /dev/null
+++ b/blobs/xx30/extract.sh
@@ -0,0 +1,64 @@
+#!/bin/bash
+
+function printusage {
+  echo "Usage: $0 -f <romdump> -m <me_cleaner>(optional) -i <ifdtool>(optional)"
+  exit 0
+}
+
+BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+if [ "$#" -eq 0 ]; then printusage; fi
+
+while getopts ":f:m:i:" opt; do
+  case $opt in
+    f)
+      FILE="$OPTARG"
+      ;;
+    m)
+      if [ -x "$OPTARG" ]; then
+        MECLEAN="$OPTARG"
+      fi
+      ;;
+    i)
+      if [ -x "$OPTARG" ]; then
+        IFDTOOL="$OPTARG"
+      fi
+      ;;
+  esac
+done
+
+if [ -z "$MECLEAN" ]; then
+  MECLEAN=`command -v $BLOBDIR/../../build/coreboot-*/util/me_cleaner/me_cleaner.py 2>&1|head -n1`
+  if [ -z "$MECLEAN" ]; then
+    echo "me_cleaner.py required but not found or specified with -m. Aborting."
+    exit 1;
+  fi
+fi
+
+if [ -z "$IFDTOOL" ]; then
+  IFDTOOL=`command -v $BLOBDIR/../../build/coreboot-*/util/ifdtool/ifdtool 2>&1|head -n1`
+  if [ -z "$IFDTOOL" ]; then
+    echo "ifdtool required but not found or specified with -m. Aborting."
+    exit 1;
+  fi
+fi
+
+echo "FILE: $FILE"
+echo "ME: $MECLEAN"
+echo "IFD: $IFDTOOL"
+
+bioscopy=$(mktemp)
+extractdir=$(mktemp -d)
+
+cp "$FILE" $bioscopy
+
+cd "$extractdir"
+$IFDTOOL -x $bioscopy
+cp "$extractdir/flashregion_3_gbe.bin" "$BLOBDIR/gbe.bin"
+$MECLEAN -r -t -d -O /tmp/unneeded.bin -D "$BLOBDIR/ifd.bin" -M "$BLOBDIR/me.bin" "$extractdir/flashregion_2_intel_me.bin"
+$IFDTOOL -n "$BLOBDIR/layout.txt" $bioscopy
+$IFDTOOL -x $bioscopy.new
+
+rm "$bioscopy"
+rm "$bioscopy.new"
+rm -r "$extractdir"

From a0c7caeb72dd1487816e827d995ad5deaafb7963 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Wed, 4 Nov 2020 17:13:52 -0500
Subject: [PATCH 27/34] xx30 blobs: add two blobs management scripts for xx30:
 extract from local backup/download+neuter ME extract.sh: extract from backup
 gbe.bin, neuter me.bin and maximize BIOS+reduce ME regions under unlocked
 ifd.bin download_clean_me.sh: download and verify Lenovo latest ME version
 from website, and drop me.bin in place

CircleCI: x230-external-flash additional step to call download_clean_me.sh prior of building
---
 .circleci/config.yml            |  6 +++-
 blobs/xx30/download_clean_me.sh | 56 +++++++++++++++++++++++++++++++++
 blobs/xx30/extract.sh           | 12 ++++---
 3 files changed, 69 insertions(+), 5 deletions(-)
 create mode 100755 blobs/xx30/download_clean_me.sh
 mode change 100644 => 100755 blobs/xx30/extract.sh

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 805605409..495924019 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -8,7 +8,7 @@ jobs:
           name: Install dependencies
           command: |
             apt update
-            apt install -y build-essential zlib1g-dev uuid-dev libdigest-sha-perl libelf-dev bc bzip2 bison flex git gnupg iasl m4 nasm patch python wget gnat cpio ccache pkg-config cmake libusb-1.0-0-dev autoconf texinfo ncurses-dev doxygen graphviz udev libudev1 libudev-dev automake libtool rsync
+            apt install -y build-essential zlib1g-dev uuid-dev libdigest-sha-perl libelf-dev bc bzip2 bison flex git gnupg iasl m4 nasm patch python wget gnat cpio ccache pkg-config cmake libusb-1.0-0-dev autoconf texinfo ncurses-dev doxygen graphviz udev libudev1 libudev-dev automake libtool rsync innoextract
       - checkout
 
       - run:
@@ -217,6 +217,10 @@ jobs:
       - store-artifacts:
           path: build/x230-nkstorecli
 
+      - run:
+          name: Download and neuter xx30 ME (keep generated GBE and extracted IFD in tree)  
+          command: |
+            ./blobs/xx30/download_clean_me.sh
       - run:
           name: x230-external-flash
           command: |
diff --git a/blobs/xx30/download_clean_me.sh b/blobs/xx30/download_clean_me.sh
new file mode 100755
index 000000000..5914718ad
--- /dev/null
+++ b/blobs/xx30/download_clean_me.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+
+function printusage {
+  echo "Usage: $0 -m <me_cleaner>(optional)"
+}
+
+BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+if [ "$#" -eq 0 ]; then printusage; fi
+
+while getopts ":m:" opt; do
+  case $opt in
+    m)
+      if [ -x "$OPTARG" ]; then
+        MECLEAN="$OPTARG"
+      fi
+      ;;
+  esac
+done
+
+FINAL_ME_BIN_SHA256SUM="c140d04d792bed555e616065d48bdc327bb78f0213ccc54c0ae95f12b28896a4  $BLOBDIR/me.bin"
+ME_EXE_SHA256SUM="f60e1990e2da2b7efa58a645502d22d50afd97b53a092781beee9b0322b61153  g1rg24ww.exe"
+ME8_5M_PRODUCTION_SHA256SUM="821c6fa16e62e15bc902ce2e958ffb61f63349a471685bed0dc78ce721a01bfa  app/ME8_5M_Production.bin"
+
+
+if [ -z "$MECLEAN" ]; then
+  MECLEAN=`command -v $BLOBDIR/../../build/coreboot-*/util/me_cleaner/me_cleaner.py 2>&1|head -n1`
+  if [ -z "$MECLEAN" ]; then
+    echo "me_cleaner.py required but not found or specified with -m. Aborting."
+    exit 1;
+  fi
+fi
+
+echo "### Creating temp dir"
+extractdir=$(mktemp -d)
+cd "$extractdir"
+
+echo "### Downloading https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe..."
+wget  https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe || ( echo "ERROR: wget not found" && exit 1 ) 
+echo "### Verifying expected hash of g1rg24ww.exe"
+echo "$ME_EXE_SHA256SUM" | sha256sum --check || ( echo "Failed sha256sum verification on downloaded binary..." && exit 1 )
+
+echo "### Extracting g1rg24ww.exe..."
+innoextract ./g1rg24ww.exe || exit 1 "Failed calling innoextract. Tool installed on host?"
+echo "### Verifying expected hash of app/ME8_5M_Production.bin"
+echo "$ME8_5M_PRODUCTION_SHA256SUM" | sha256sum --check || ( echo "Failed sha256sum verification on extracted binary..." && exit 1 )
+
+echo "###Applying me_cleaner to neuter+deactivate+maximize reduction of ME on $bioscopy, outputting minimized ME under $BLOBDIR/me.bin... "
+$MECLEAN -r -t -O "$BLOBDIR/me.bin" app/ME8_5M_Production.bin
+echo "### Verifying expected hash of me.bin"
+echo "$FINAL_ME_BIN_SHA256SUM" | sha256sum --check || ( echo "Failed sha256sum verification on final binary..." && exit 1 )
+
+
+echo "###Cleaning up..."
+cd - 
+rm -r "$extractdir"
diff --git a/blobs/xx30/extract.sh b/blobs/xx30/extract.sh
old mode 100644
new mode 100755
index 812d51664..f63c4d31e
--- a/blobs/xx30/extract.sh
+++ b/blobs/xx30/extract.sh
@@ -50,15 +50,19 @@ echo "IFD: $IFDTOOL"
 bioscopy=$(mktemp)
 extractdir=$(mktemp -d)
 
+echo "###Copying $FILE under $bioscopy"
 cp "$FILE" $bioscopy
 
 cd "$extractdir"
+echo "###Unlocking $bioscopy IFD..."
+$IFDTOOL -u $bioscopy
+echo "###Extracting regions from ROM..."
 $IFDTOOL -x $bioscopy
+echo "###Copying GBE region under $BLOBDIR/gbe.bin..."
 cp "$extractdir/flashregion_3_gbe.bin" "$BLOBDIR/gbe.bin"
-$MECLEAN -r -t -d -O /tmp/unneeded.bin -D "$BLOBDIR/ifd.bin" -M "$BLOBDIR/me.bin" "$extractdir/flashregion_2_intel_me.bin"
-$IFDTOOL -n "$BLOBDIR/layout.txt" $bioscopy
-$IFDTOOL -x $bioscopy.new
+echo "###Applying me_cleaner to neuter+deactivate+maximize reduction of ME on $bioscopy, outputting minimized ME under $BLOBDIR/me.bin and adapting BIOS+ME regions under $BLOBDIR/ifd.bin... "
+$MECLEAN -r -t -d -O /tmp/unneeded.bin -D "$BLOBDIR/ifd.bin" -M "$BLOBDIR/me.bin" "$bioscopy"
 
+echo "###Cleaning up..."
 rm "$bioscopy"
-rm "$bioscopy.new"
 rm -r "$extractdir"

From 994cb8498f9a20cda5453a7690c4754d83c2ad97 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Thu, 5 Nov 2020 10:24:24 -0500
Subject: [PATCH 28/34] xx30 blobs: remove me.bin and adapt README to be
 clearer.

---
 blobs/xx30/README |  23 ++++++++++++++++++++++-
 blobs/xx30/me.bin | Bin 98304 -> 0 bytes
 2 files changed, 22 insertions(+), 1 deletion(-)
 delete mode 100644 blobs/xx30/me.bin

diff --git a/blobs/xx30/README b/blobs/xx30/README
index 9e3edfb31..34bb6b5d5 100644
--- a/blobs/xx30/README
+++ b/blobs/xx30/README
@@ -6,7 +6,23 @@ Version 8.1.72.3002 (G1RG24WW)
 
   (Fix) Fixed the following security vulnerabilites: CVE-2017-5711, CVE-2017-5712, CVE-2017-13077, CVE-2017-13078, CVE-2017-13080.
 
+1.0:Automatically extract and neuter me.bin
+download_clean_me.sh : Downloads latest ME from lenovo verify checksum, extract ME, neuters ME, relocate and trim it and place it into me.bin
 
+sha256sum:
+c140d04d792bed555e616065d48bdc327bb78f0213ccc54c0ae95f12b28896a4  blobs/xx30/me.bin
+
+1.0.1: Extract blobs from rom original and updated to 2.76 BIOS version:
+extract.sh: takes backup, unlocks ifd, apply me_cleaner to neuter, relocate, trim it, modify BIOS and ME region of IFD and place output files into this dir.
+
+sha256sum: will vary depending of IFD and ME extracted where IFD regions of BIOS and ME should be consistent.
+
+
+
+
+1.1: Manually generating blobs
+--------------------
+Manually generate me.bin:
 You can arrive to the same result of the following me.bin by doing the following manually:
 wget https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe && innoextract g1rg24ww.exe && python ~/me_cleaner/me_cleaner.py -r -t -O ~/heads/blobs/xx30/me.bin app/ME8_5M_Production.bin
 
@@ -26,18 +42,23 @@ ls -al blobs/xx30/*.bin
 -rw-r--r-- 1 user user  4096 Oct 28 16:19 ifd.bin
 -rw-r--r-- 1 user user 98304 Oct 28 16:15 me.bin
 
+
+Manually regenerate gbe.bin:
 blobs/x230/gbe.bin is generated per bincfg from the following coreboot patch: https://review.coreboot.org/c/coreboot/+/44510 
 And then by following those instructions:
 # Use this target to generate GbE for X220/x230
 gen-gbe-82579LM:
+	cd build/coreboot-4.8.1/util/bincfg/
+	make	
 	./bincfg gbe-82579LM.spec gbe-82579LM.set gbe1.bin
 	# duplicate binary as per spec
 	cat gbe1.bin gbe1.bin > ../../../../blobs/xx30/gbe.bin
 	rm -f gbe1.bin
+	cd -
 
 sha256sum:
 9f72818e23290fb661e7899c953de2eb4cea96ff067b36348b3d061fd13366e5  blobs/xx30/gbe.bin
-
+------------------------
 
 Notes: as specified in first link, this ME can be deployed to:
     Helix (Type 3xxx)
diff --git a/blobs/xx30/me.bin b/blobs/xx30/me.bin
deleted file mode 100644
index 7eb85fca9c6e9054bcba4dc90b58964a7f0a753d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 98304
zcmeFZby!wUw>Q4;Ae2U0gqsc(5CoLmfRuCyB8><N2olm|kb-n~NGOd;DQp#`OOWpF
zl&;^t{XWlg&htL!yyy2`=lxy3^9RGVm|3&eteN?&HMRF#HwNQN0s;Uj@VCG!r>>2F
z(-=~|6+FNkz+m%_PEWBBHppqKYo5XZAcC26LI5j^C2a8J008W>vv7vM83JbroFQ<A
zz!?H(2%I5shQJvDX9)aHL;ww+TQdHfUJw8_?e7Z!tfbT!9wZ#AsPYrSdHC=NM**lN
zz=~ndI#{{?ZUA8gSY6$}s~>QN#plm2MQ1Bl_&#SYU*I9sop<SySo%a^$T~e>_@rLQ
zKA~WpsN0PsMSY6#C>w{hUG+n>n9H|;H~P<p(^t#Ivb+1EFP9Z;Dp6dFVtDm{*{JTl
zt2XzdHBpP62J~^d)bOxvlKEUuK|_aut9I<_GfvF{kD)%gUM-Kdm;Um`U++(1o(lz5
z36sfg6tvfwCN`A`wnWEwF>ZV-{urQIaEZ@TzrBfyP%EOBcC}QGH&xAxJD+*s7CSOb
zS0`+;>KS*+K*zZLD-Q29hj*)M3s!A8l9gQjPkq^V-#nFbv5nh!enOQqcMpA4IHU{h
z7~-<vu!q~bRC^A0I-U&1Ams34G9USFg1d^B)DNQJn(y&?yea$Jo7+tcI%`!G@gqu<
zWljN;bQE8V`(5jzYQ;Xt$lmBM%eU&|_?}%PI!*P_p(e;ZpnD>g1m~V+nM)$0cKyxj
zAR`={+4w|H%hMc;@N0t8{<1`lQo~QnFF4WCuU$Xdj0yFz+a9lvtM@NVc-;FbRQuBT
z)!H7_FWgNlCQm<h6TEnWf;^LvE)+)SjmZVX!nd3S+;3YD(eXh9Q<hLkqDCR#^R%Re
zkB8w0QFa>V1a#wKWhoGewC8A;c(1B*LN{J&9#W2!8M!>ycuw3t<t!FiGOGJBw6_(o
z^J`&BBFem5amX#B%-JA`JyXLl{0XcoDzbOfZ%Jv({yhf(Zu*<DcA=J%R%uy(-+e7q
zrJzVO9)>%<pBs{v;7l`O1VAVZ{&(0b`2e66b}CXh#u6}&!f=z4|C=H>h1IXArlS7u
zGfU}+`xXNXd90RlYoCgZDx1bO2bAds>W@mg{8W2QCI*mFVIX|C1O@=k;{gCC9AgQ<
zP+_P#QE=kl0#?8Doqtjfyor^$&_OZ5)<0WHs8ECxKxHYx&hHW0fT3F)4-o^I0Pt`6
z`4B+pH~@6oApQ`b{vYdClGRj|RsOd+f3Qt4uM*t9h>MukcDF~S-DjJrJ=8QAd}J}L
zJ@zv76eywotNr6h!0;jxc>fIbhX9Bg6Z;>uUtLXEQAY3I^uNIGO27dpUbOStWl9Zx
z^lRMomh`>TjPqlm#NGE~t{4C>{!Kpu=(0k<uS@<Sz~myV|6lP}P}9<uQBzU*dkwjD
zFT?7Z#a_K&iH(}-TjOcWw4td^rPGH<YY)v2)I$JJ5%c2*Y~M}*aC;1!*$?rD024(_
zX4k*!*VK~wyXrr&UGjnrgEm4;j%ePGK3TIOg5x;BqoLp{ZEWzZPV^;i0FcE<UdQ>P
ze+l+PvEIK3z{p~_yD$8cF06fJl(qgT@5em~Z!^A$>aE1chP62&H2(#gI!URBN&*$0
zR#$V2JfQP7hC2Y(4*@`|E&$M5BmNMu4(E6OYx}itY5$Y{zN%bS^`|>6s9t><+>jjM
zD$Bi>0n>={dD42$YOF450H}<CMq&Ny0B~Xf0H7)24*@31n799demQNKf9inQv+2ap
z!d;gFV@)D0l{Ml!0;_XPM;qD?R4Pf2i9v1vy!4lSeF5Nw96W~n|02NT5+?OO&@W@-
zsP6E{`5%4wMX<m>{b@gYqSeZ;q*nVX%C0u`BJpa;e5gvAoy`snFfNO!mBsxtekb7J
z#47X`!Ef9CL;SU5wX{^^VMF~b+^)QL|Fi3rsM$|7zg&ewG3!@sK0b~kyEB{ZfFS7~
z{{Ud*Flmageh3L%S%6>Xk)!?)0RF4~|F73*Ruvg_?3}L<M+j76=M;bjAT&l|?8KDi
zouWcahtz<{HBG(lMPW>qIOB}hgH@9f>`I9h#jclFV%1W*gI$A94Nlw6%fP&f%3TVW
z$H0W0tFRHkhxIou*co8SaX9_=0KpR&b_FjHhhx&eazQu>hZlTo7#9av;prDH`R83G
zHVa!PHYmzzs{fVx|NsBr?WC-HM|=HG1F8OWM&UggfG+)8oBySyaM!U2$f#>$r1&rx
zIO+SpBS;SbNeuyz-2{MMngHPcP8R#D8I}_;2cR-b06cFEfG=zTaLpco44wkeuqyy*
zcmiOx4*(Ir03bVm09ptFK>APs6buKz<R}0nhyy^4L;xI40YHNc0F258pqX3%Qhf)2
zr9}Y5Uj~3f9{})v6#%V&f`>T-K(*fhkgx%ON}B<QyB&Z6x&Vmu7XbP80}#tF0Dc?;
zAmu5z{44-+E&^cC3IHyz1E9`t0Q|lSfJBD?lyw4t2M7dch=Tx2@DX4g0Rki=L4ZQ!
z2q>Qt0dCVEKrMO%*vW_h<ya6<Iy(a5;6{LMR}ml=9|EknhJcI&5Fi$NhzS5*2_ZnI
z8~;qzF#liS_ka3a_a*|26hlBw;s_8+BoYYdp%eoADE$|i%OJqdvIvku0Rg_gjR5zQ
z5TK4K{7fAI-q1pT>N*H0P7eWX8z3Mx69klf9|4hDBA`cB2nb_~fV%Awkla%Ql<bOt
z(4GiL&j$geJx4$beh5e`2m!qcK|rHn2v9Q$mW@R~CW#2}O9}$SWFWxcYy>!zivX$K
zA)t&RSYH_e()xe^J1P+n&nGyq4gmq*5YU4k2&l9P0g<#JAkR(&wAGD(Ec+19k3j?|
zFp7XaOduff83gog9xlI(fIhDwpvg@HNWX&sU+yEIwj%_@4IrUl6cSp-MM4JWkzgtj
z61qr+gnTKG&>A%o62FLqQW=mCEi)37XG4MyIFZosWh4ahBB3|@NC+*2gzn!&Le*kO
zh#W*h8Zt;QSPluTC?Y{A6(smx9SPEEBcTtvNJvs22^AY5p?OmzsPzB|l{`d3#5QnU
zc1UQ}0STEqBcVYzShp7v3iU-o?Jtm^UH}rB2u4EcuaQt>1QMExMnVqpNN_(137VuK
zp^i)>B$0!J!t#+&UjY(2E=EFp<wz*|BNB3|MnZJ8NXYOD60E96LO>%DRBT3qDs4zm
zrUMB=Y_QM46Bcw8rfV<>!gLcRc#4ChV3LJN5hfLwG+?>|FO^+L=t>U~I{JkKtp|{Q
zeCO{z^zY-8AtXdKh6Ft(k>LCc64YKmg8j=#@Wwh4jNC$kq`OGa{s0LL9U~!C1PY8s
zqrhc66r@Lh0>2WYKqNWppLDy!{1PP!G^RyC_4FvH;t~qvVMP7IfB#SY|9`stdkhL3
zVL?Gu94OG18wGA$MS+^vP|&yQD2Ve0jFTt|>XJY~7-<ybB#VL$6i|?^G71_|LqQT+
zC@5J61<Bq+L4$^HY>EPh%~6oaLlm@Wje?BrV0i}=<m-%rnB7rOiWdqZd4_^)U!tJ7
z02Fll6$&bNje<lXQBZRX3PL2HAk$<NRFZ~*jxte@XbxN^9|hqQ!ucgAXt*2&iB+JW
znrakup%&Kr1qBV&qad&m1!cFOAY=y$y7v<WmHk42`~4_LYZwLn8iVaOg@Qb0QP9Q$
z3N&9qffeg0=<072RJ4l%2M<u-!7&OXM4&-^G#YHiLxYk8Xt0484GEH?p=e4pI8K9x
z#OcvsDI*%3V@5+KY-s2P7aDqV1r7b?MMI_nXmC^r4aJC{p*?XlST2QzIAqaKqXHVj
zD5Ie=H8jYng@)2~&=C3_8dNt#LzyOM=<q%oyk?1po?4-ys>f&uut!6*PH2$91r3V1
zqrnbOH0bJs1{ZwMpyqQl*yD!=(Sc}?ItUGl2E*-qg$Dn-{^j=y4Sjo!h7gfxNIeD(
zy^cpi8%b!$JPi%iWul?0IcO*%9}V>updq#rG~`~6h9*CvA-ZZbWd9irwLoZyw;m07
zH=v;}&1i_I9SzQQq9MI5H1xF#4OY9KXEJ}AS8+Pec9Y<)&V!VoSN20+h`MbaI%vt%
z6B*s-Eo>zbEx}VU_I;%mBro~8F9estC5ni@C(~wzxobG(ZrGz_pqK>lE2)q+?2gU(
zCc=nunrAbf=T%g+=vVO<1<UsLO{J$K_qM9MtPYZSE1zJ()lNBz?>xVy$i(sJG*Lu?
zfm4+T<zwL~%I%u(xn2AvRkVum$+hS8c~8EuF0DLcn%`)nzRW;|@2@ehTy+s4blIip
z#w>E<h+t~{hVH7e{nh5H+!hN{-}Hq2xND5(vr#bU<p<gAMDiqLOVICkpo?l3^_t7b
z%mVMg)!io)>YNxyGQ9zbi>vd8-Fuf@=<7CPE~rEl@z_O1@%!Lwu95^)gjqM`deAW;
zR+~(Tn{(Fj3UOB4$8o7@9|eS8?zxV+W>h19l#p+E!P7J*lG)HKxEoO4$!cd<SJp`*
z@z^smza<<+bFUn2p@ln=%lwhrX_4{pIMITHR6E}NZa?KT&GaK?#Ny4?#820ZioO?a
zGWN+$&U9N&dtml)Xl1DQXt^g0_gUOrUwqDg_@pxatK~?l<@Qf9r<Nh1U4=lxJUNik
z=x0<uRV>9zD)t29Zv9BB^@n@nN-HszS%e%+(0c^D>r_<LmQ}{Ur!9=Stfq?MUxy+b
zfDoX93EnpQ`v2=6a1MTU9;OR05x|7~qW}o0PnoZt-T(l?Q)=c@c%At70lT+`mk4-+
z3vZXPoAbYgLpc0N8hx5Hl^l8THQ5`Jb<8N0@{P&oC=+BbMofK{FnK=A;+6JAn*Jnx
zqRtTIJ1S;YJB~CMdv;&klNn0AB$II}M{|(P;g<CM<=_pAnHoL3AwSET)zi3lY31J>
zy0X_NJ`f!UK;NsJ&E3B!`y<|+buZ@@T|xt!hlsg<zdp`fRme|1+m&(+5>?X80$%&5
zHZrxsttULKk=>zo*UFZO)r&VSsI-SWTzM?e6-KC8vdVAsx>Jj2t#rLenLMK7s$+As
zGv~W)YDIjV_lu8&f4$N@xAZ~iVQ^1O3zy69w+d7X6?X^%d#_tvej3+wn_?%=iMuhD
zQYnA;<NSH;z94IOHT~D1ZtCP{_SC@=^Yn?OgQ@ug4E$0h;FXaW%faKfg4+387cS#M
z@m&XuFV6J}3Eoa=U*ZK6S=Ci!jMb&I5dnxgR54a365fpi01C;-z<`ek1THYc++}Rm
zp9>dS51wH7g)#hm*Z8ho7r7=NBFN|ev~&-+__a732OP)D;Ds{*<Jvy!oq5QouTN!L
z_kc@eJ>e)Zq#P0}!1tHHE#GzKk6H_R00~*obT~!|sa0(vxwi+%hoi;E`DRh%x;*5%
z8|2;z;lOz((sful0x^CIL9X?I+)H?!oZ2iL1M8aI$4dMuf#ZWF*SU(644jpb+z0r{
z_hpeXD-a&}zIHf{{5aqEPA497IDj+mgTTz5_d#OjaC}gFQz&v4S!O~q`+a~ATY~I@
zt&G<`Apci6BnECRTrM1VHm<$9PA)$Hcf;x2Iyp(Q50YH&ElBl84l6(~&NsIN=fg6-
zQ%IR4E7JOXcu(`E`oF7z^2p(PEW0o;u)LEmIk_|W1!VZ|g7H&w(Q=UdFC}Z_<SuYF
zR?jq&G?fj7hRpzPUH(@ysF*rn_=K=#;J<cFMBt`~pukm+(me!yIEsE8Glygf5C45Q
z{^U<wG=6H1Yl63Cj$;DzFtXtoau^ZN8}KnFm$Ukd<A=HP<ofu3ajY<>PHrgr7e@u<
z!3IFxfDM3cJqmXmHlObax!HwNCq&~~Bfc;4n?U~&ISJ!BY)gvua113m2?N|O7ST1B
z`M*-xAM^TN$7;ij@BhEA8Wu)+n6AsU?E{=xZ20ELun1s{GQIytDbw=bIHcU}57+H|
zfHoYB3*&=JZl{ZMLzCMzAzhnHB#96HFF2>I%$)<^6YLiUzyDPFU%J=9?|*SG*!LK#
z{}=(W9*zLUZ(-KSeIA4()yFXtc;QIoINu}zmgAcsgP|gVeRhU$JsgR^4wrBoIarDi
z>&IlUL$8w`%=|S>;P(7i!^Db|>=5_@w;dju|7iXn1UvEm*|-1x9^foKL*NX7GX%~M
zI78qJfinco5I95N41qHQ&JZ|5;0%E?1kMmRL*NX7GX%~MI78qJfinco5I95N41qHQ
z&JZ|5;0%E?1kMmRL*NX7GX%~MI78qJfinco5I95N41qHQ&JZ|5;0%E?1kMmRL*NX7
z|9J@LbE&=ip|E9wxw}rG+F>{?Jb!?B_|a(XQPlH&6(+JPF_-o9(<L{A5!?>zJeDT(
zps(Ynm(|YnIX`|3xU|6G5$A?Y1t|FXyIQS6{+!H+X5{d+Gq=~KtTL6Qc6P<hOTlTL
z;WV5cZ#DIkeM4H4fsk$kAmpeL!$hkkMVr8t9@4GdDd(--k1wam$0EQQg5M^{f)v<{
zNN1uI2SZxJw2ouZ7K!d<2Xu|1R6lke{1%M-$iq7j*V$`PYG>41>t9;^eb5=sj#oC&
zE$7WB7&IG{fV0a6UIk#K<ChKVER1FJqQ7ro+2mHEG%Q>FeHqK9E*orN3+<b29P%H~
zwfpnP3|yXtXezD;2-dX4B>A<yNczwgsCqQ8UwJe<P-QT9^V9G^LVD2X?BSN}>~7Uo
zn#$+gR>O)9Vz0gza}2Ekw_k*pIc8tuNeSRwLu%9ewJs}3)jw?i7VYwkn^+nm^l5Vc
zg6a0;3YEV<Gr_XYYczx*t?_v;MWM&}BY5$0v3p88o(Xv_=h{s)jC0nfgBRCQO2!Tx
z{q&8(=n*DDgmogfvK<3u)G#;!95-HG-vsW4J7!bE$#W+7ld?}5zT3xCa;KgcE6faw
zkxI}^hx6kM(H9rh1Oyf6+;ao2u&>hW6;Yg*zwr_QH>jySy#7x;=hPjj1xl~tk#n+j
zm&{xmhx<|DST@_cl;7R)YS!rVjebbghibDM9QbjEw-#Psd1aU2QKogl+9}Oil~%l|
zXwdq&<Bq*Dy|?@{b+e)Ppy$d4`{%sxqU-JAxCWnnguh%*pK)xP+UAIfY?9mJeexgT
zr1OuqP!YS?f2g)Nbhfz6d`)vRD`JPT^vitySI?HQ?a|q1AF8L5VRU_epL1HiDeoG~
z@^C7ZM>y9+moYJNL~D}v4n~Bfn}97!p!M_4!<z=1GKQpK543BhUb(%m?nS&xvG!>q
zcw*wXJw9kC<1WWGk*s0zESX_N*YmX6Px6hjQ1cagSDJes_XW~YXM~k3Uc__=hxNQ#
z`TdwD**|#kF-_&rezHNA_`{dpDeSAHtG#8NL|+*7w|vJQ_-P@}dEA%Z(|+Z2u^{Nc
zs;;C`|3$G2$#3}@zN^0%*UnGr*J^8+dL*@ay<B#Ra`m_ABbabqcja?@a=+Yo=~`B`
z$?SN83gdDDoEmto=FDXJpP?1(_|D8wlvraFop+M}Ppq%?^PG^r@gQ3`^Q&|3su^?~
zTR$IL;xTUTjI&8K>fQWF6Q}w&H=K25OP}QbcZJ0-w0>@vG?0$8TCFqRFmb*@<9pxH
z3?=oF$egk0W09mjPo!K<Ogz}DrtWE%MApM~E=`Du*%Wn`mglj0tD`#BxBu0ZxZ0b7
z{@8~+efkRh!RUik`^kfCs)yvcyvSK+L_I#9XiGBfqyVuLPrAWtU4O$_yz(!E_%vek
zVmu0ro;Ptd8LBFY-uxUJUtdiRq!C+QzH~@q^6Q$P&sJ0Q#Ob~K5$#B|RF&=z6l8N@
z9G|T=mW|%V?SH1af3Mwx`kmIG`C$BYtrU4lsQ104i6w0XCp~yl^>%x)IKMr7zsEK1
zQB=>IM#nblbCxLTMjJX0z|emWcH>rz0*B`0@B->|Nzzo1R$co$E(mVwf!;Z*^Ub8y
zN;ZivBIwr<dvL=Yl4#i*@4jo_ag=+uJDk%1|IWs>5{qa1?I8kUEo1pvqQqKPdoU(j
z;oA*ba?bSSqW-?=WQ>dlJ(Ei*(Zk)R`uA)zkHDClUWL(Q@QlIxp@dD<7*)mrR9y<-
zN|J2xKZHx=ik<RYT%qlE2sna)bI-w!&#Rc*$#qPlS0PxCx9xr6-)3VY>DIM3FDQqS
z*Db3`&)LP(HKhq*Scm&x=crZ?6n*q=>irqFsB?AVf)&B4x`Hr=!)Feq)|H<OYcox@
zhqIOsTsAZ6l#OK%uHH7zzgv-9llfNC;ki^5$;vmEv7{G|m{uc%(rahXFC1KM2)#k5
z4F;G%g#T20y25KqbhBpPLBDoCxytY;&#s%g%llJH<qW1JM3b;=#6nr+(&lk?&<{n$
ztVnIDC{t6@-Tz+L5gPOP?*|hz>6;ps9lfr6nla)5n{4k(*mDqWao=P|>VEF!HC{)~
zw5S>%4@8%3@v7ce|6!sn^5UCF`npixjBneV=7S#3ryPDd37@@W26LUu@j8>6CzTt(
z8$+Ite~EsGmx%DR)G;zL(jUUzx_WQ>M^OG~#GM<Qc6g)Lm~Zv0DZEXl)P1o=6Txid
zl6_~KLKvH7bK`GdEyx^>{FJt;csHM7z(~1NB_{e_(&eU;oaXNeQE%M%>r*aszE6QO
zqTZNg%R78ZFcWnzBrkg<@8(71lwxNi=5Ro_P&S6xXqmTuAG<gA+E~V5OMkZZrWeuE
zpJQy;><>CSYjCz<NX4g5u=H|Foj?O`M$x4HZ%>$A5v-%eva|X-Sa$6}t>aW&XP=M$
zCYD|Gt9>>pwZj}q>M91^rS81?Vw`m|o=po!vflkJhMGDx!XNjEhUJB>j=HPyR&^!<
zM0%~bn^|Hj7ADW)+9h><?T9xYG~QlUjp|4`PI!Bv-27cMa{t{A3w`=&ry{G8&yT5_
zmbKU&#R6pQcc*HnXkGZn2Xai)7ag777bcHVw-YYRv2*1VUR0=Sa!s1OvZ*ieoC|ZO
z-eM57T1ympiDJ*EJSz{!Q;vo6=p=le`ouf-WaOf1l-gw%l^eCs<9oIk3K7Ry9WzN~
z=ab7t&J7?ZEUd1d#y*(3$TeiOPi&g6YZhu&O?AvmuBlIJ)Eir<O3h1L+21^)GD42x
z7;#=TMT7(x)+B<aoqZ!A!rBuK>r4AK!rD_3nM=R&zs^kbU8FU5`&X$8;Gq*c{|S`^
z=lWRQhZDlqSGr7ZEr-Zr(LU8A-l5YJ*Qy6;d8G)BvhmyN@6OW&GxGFYN$l!dD(RrS
z;W6hR8SQI&Z2j!=cN(QnYHG33G26x`X;(RU#;^77U6;#Ll+`O!^pF%W@o~y?Pd_PM
zzvYN9T(~Y0$mSV;QH8_&VEAM~eOn=+bp4j|Y`21W-pqi66mQA$4Y<@{FTRgcVOvh5
zY7^Ud=f`BrT}89+A)Y|Cu)blyu0qUDp7|dgs}bG`YO9gfkxK34cYRA(OA$LFxQwCa
zvdn_seoB#j?3GmbD4;{IpZ$Cq&G!kHb<O>4TF(5h&%-(IKmCBiXlG<h9dkrc>jl#C
zN(-(lV7vP~tfII$NF;dZRjOl&GNlBc`+eiicWdQO3o&oD7Wp-_%4*Lc{e|__HFmJN
z2Gr2Lm9f>66yM7NvijavMtg>Rc~e0-8qPCK(d^2KG@XN)xb|<oE}`PN$p~3HcL(Yz
z%6H+vuB8yR`W>nxPu6;fcjI&^MbdHGgfc?LJ$tTYQ6&2F``l5-vvpf;EuM&@>{B7z
zXsc|~-doAt^Ne);#=~dS9M5#2#u)9(KcmlLXSzQkgNtuE`FoWmnUBt>Py#p~V~H+1
zK|XIiLFOts<X+;uwbW(z?gm>dgX+S-5rt+E@;7JkMIxLd(ouiQ;1qRNAJxUn`$I(3
z-S?AU_=T#jQeV7YVcHhG_0{6FPV!3hjsmTeD$g@F7okT<1k0pheP&jxl>%?NHVF1L
zOmNAr+$}bztjnIiu*jl5{Ys+oO&7$Y!Bs<{_f<7@M~;hCn}gP7kWXEivi;U-^$^q8
zfXlXj+smj;6e@i(;&!A%wl@Mlo0lfy${Sy@=QGNbV-xt-8)h-Ux$w(`FUcc}QzBPC
zT3#(u6a<{>#ae4>v-LV=?umY;m{RwS9olIqd0vs*AChJvOG|IAlCJl9M!Ng5q52TI
z%sPvB$;<0bX9mR;&j4?!TMxhFxmKoqA<dYawEga#=bB}owtf2m=AMik8yu@|*o&;x
zz8TXNGf**ExVHCLFh}llL$~6#?d9?ZiF2r3!Qs$v_3s(h%*N|=&3J;RE`4v}b?n@6
z-%cy#wv{C@CmAHXtr#8|l)n|B*qE{GXByX-H7(_xXKI;RAgS7s!??6fFk$$(K1O?(
z+M5yc((XwGHM#Qd9enwY5^3R-5#KHW!OL|9k2V$aP!)5ltzRS(cC0>ZOv`O1<UZT`
z9Il>wLgp)bKG<#g=T|&NImer($wd!5Lj5V;YjC)KFLCW$9=h&(5YNEaF)AzAvIN>9
z+ri%=;lJ+$rW<7VYdJRwNIoJv*eoYY=t}4)oy5~9YqJ%9SjMv)cK^qKWE?NEzD;)M
zkLuv0#+nrGhS&PjN<O(_q0y9;ZCzS!)Q(C08`*1jKa$X#azeqB)OfTL>meeCgF5An
zp~puL4IYW~Ugh$UkxUg|n;6+-``GfOaw0QllV?$~bV|#hHj5M|IodSl%AtEH1wk}l
zv+V%8<qET;k&a2LuXpErKAi4=HT%Ln)C>t(XW>?!%WB~7v>slc(C2dXPAUuZ3v|a_
z3|@BSg{|`PmJ%Ho!~>s@HHceMBz9Dq`(75|usb?#Vk}t>S6QP-R3pvOyAoa(&{sOd
zJn1v~+_OO9^L?L_jAgr__}8!7y^PpBNXMl-{XMpbrR|R=-QEuCpY}#rjPuj0fB6MH
zI85k5n{}RRHdC)}HO5y_e@XrI!u_>MKUQ4RqVT=@t@gx)-7N>+)ckQXlFb5wBAfoi
zMK~SZKE30;r-mAKZ5>h9HFXW9TgrRW>V5=Cc97D%40E8pRW*s4`7PdmG3X*$m(k+5
zLf@({eBK}&|N90QT!+sMco+}ABlcN$xBBp{dfcSS`}^;kh^Mv0K#L_wd+!b>w!SwD
ztqSDES)H`Lkz{KrILZ6Go+OBYd+7{K=f%di<t2;vo^iulKqgy<cI?3==ZA9jEgB_E
z&)1VTCwPym0_PPxS6X(Z0|Mvus(M6sZ@D9u?M`*<k=ipt{L;fSDcH@iN=RY=sf!+N
z4i!Tk>f>;|6RU*t%wdKMHu01gHbm7v!PwFXyx+_Dp`f2!UJCCMxk{sWO7X?RtxSFH
zdguOAMQZzSMbfYx1&<CzgEGts@qa(w%9Io#X4qd==zkrm>J;idFIQQ|oa^A0mDVR3
z4qKsYS1O4-Xm<U_;=uUryWXw}JzLq<yV8PAN5Ls9W+DVkEA5EQhkPuZM{~ElohXw$
zcVzH%5mEnEYDpFP8@!MMvD$s1dL_N8qaXL$o|Rs;_!VR=d_K0^VIW`Yz8Tuegj>hX
zDDJAo*q%eLt@qmKZ#(T8=STP6s(-yT%a<dgmBM0Njfuvd4#kj$qKHPCH+h+JQQw8d
zmD@y-x8{$|5hlbNSL9p~HSFG0E%e#euar9n8(9gd>kxA~ih1Y$_Vk4*duO0PtW>^K
zy0b>D>abg;vqyQs4ih9#KW`Bl_ykj{->`B!Q$IK+!r@gnSr=k%1wUz>;d<_r##e>I
z>qUx;L5<_>7IT~8;*s(=PWKrxPWe@f7OeFs&2J4~IOEYB(nWL1KoHcY<@oh9BR<Mr
z%pfnh6QWik<fw|;@#EZ>Nr`6go_s=_I!@$~Jl))3Mt=^Jd#+!JEYEa4RS0-@BygVt
zVYg0sQ_8oms-0WB$kWIjz_Y-63vG?A^3soQys^R~)1F(oMmsRB<=FFGreZeL%Ej?p
zYsRDqM(jA_f;Z|%^pVvKMMjI5CYFtxj5k~Rw-%NoB|6LQtZdq9Iquuj1ez?4YklN*
zD|ednnEW=cHWeuBPFrdmIDN;B#K!J|eWj$LxwNGD3xy`TIa}ju)-U-%cIBlr0hKFR
zdh+6QM{}Yz<U%YN#dBikZC$q|cr_ndFp`rwZNV)#TIX>aI=(Ge%;PS&-yS70c}}Fs
z-0z5LOT>$7h#_G{-*MK1`t|syaMkuX36?CS)bc<a%Udg_OvA4`_55gR=N~)zRPs7J
z5|fTHFOxoD^=cF_N!v|N6Ed2gZ8%D+qHl`G6&JnFK}J#gxx?f+p5pDr`@9`vb(WLO
z_pcFc8U#ne4V!6?C?27(0bAkb-duIGWwnu)Ug@BojB>5#>Q!Rpom3lc$C`~0Yc^ly
z-`uNC5PmYzQ(-aQ1KJ?r3*VcAe)I7^tIm*rFSaV^mr}*v9Vl85t6<y^<|q>Sfd04j
zRx%7X7yaU;!%SjQF_E8FhUeg40{r2==qnjGKRG9T`!8H<b0v%Kk0q~jRZaEmeO9dg
zv=)S4t-HJ{KN$c|RzSqSFJUqFH0pd|t&|NW>f1K?_FQnYwExp)9cM6m5h9!lA|L1Z
z9Y^y{)Xif1aeqR*H*qWG)4LmGfvklyio$^-4!6#ara!XIc=67+XFq%3`fa8JESzE<
z`~wwxZ3Cs>DIR>g*H+}#>Er*NIrL#eq2oYJ7~!l9N^I6ftEzRR#0{2n8>lT6EqB~V
z6fk*gDPWPF>N)W1P`opa9XqPNcZdzEl-%%R&6)E%)#?_mFYpWKV%-scr4vwTbX!6C
z9z#R<W{VQsP27ffBd5GWh6%T=W!Phz7WzkBHc!l%Uc7r251MZ+zSb6#zlE3fp4kp^
z{h1c@(k(N{v%Ka~w6{GOqs%q7GCd}rOA^b=?smYwr9%z9!CsPY3_LZ4SKPGjqV|9f
z!8t!vyhzQKVf)mx`VMl7UnCXaGcKI`X$8cPFkRgI_EC+MBM6?Xs9!(jDq4B&qcLan
z#SNbDo;O-m{S-V*Cofn~G-PJ8h8-;_P}jIHDZCyKBv}!$pu3pDhvY!q>*qM0oqKs`
zEOU*0(zVL?J*!%VFHcOQN-3#nL52^3UAd@6Qp+b&cX(>$8J;%SOtljxww+EokI5N;
z*S{dVa?y#1XV-w9lEePIf6NfHy|*%+bhav1rt)a3Wju=}`gI<jfH+SyX1Frz@JX+H
z_1vdrO`OGaV|4_oVRgJ91$rdkFT_8z#ri8E#r&ZK>#!O%H%BMbjJxQ^P=~XtzcH@9
zaf!lu`%o^TJ!7nzwT)g%9}6K$wSCWA)dE8oOOLe7&~?lKZjBQzvHaB~4GDi-bzyDJ
z9ZTO3NsUqz|MoDfg`5~(WI995>F28cF`$Lbh(aTq2=<)z1WK1B^+QcIY!x$0&!=GX
z?DhoSGO%Q1hW)i|SgK;8T!bOPHHGJG&i()-!88|v-@Il5%@!$<5-~!c^IcUp!2AUF
zX~bU>W$_?6+!N~CP3+}?qBa>mK(RpS!W!HnSr^vc2;3a(M8c%=6kh%;>Z#<&n>DZ<
zBzxDA8tUzs-C5^1^(!SzQQTIrjzR=pRv%^^VTY$!#eO#PXV}`lt*q9&vKO&Cj*75>
z67)NF7Xm`)*-H{pzb?4Pp+*LCHP*o@QKatJO-nGxJ5lz;TO2yr>B4xiz3>FdcXaMN
zR&PYENPzcznBIOi7k>k(`ycbfy(R1yNNTIU{O)cQV8uA-)cy~Mb^lkd5f5}7kUqIa
z?EAiy7){-%NliM<!8m%Axmm7|Viwy+)1&h8)kfafjl)R$rz((*(8In+rZ)33Q|AZe
zj_cPGY95O%^Hh&Ee2Yo)3A&b)Heo5?c$hqEqcPArW}tgB2{^r(gjBkj^scSlVwC|N
z&Gp4Mlg{Bf3K#vD6L9V%oV6`NB)9#lD$nq_=yPS+J!m+}2R~Tl1!-#;(QP8ySLHJ)
zVb^uMk4;D>;W6XT9Bnd3aER9AmJF~-kPma+_nQ?5b}M^f4<TvCddTon@i_03M>VX6
z2ZmAZp}YfcET{Sg1rk~aXB=IHDOZJPG`rx9@M4F6NqM+9ake<687DQTY4k{$a>w8;
z?@tBw7ETt9%dXFQY~By0T-T#^ocdrg>f`B|<B%{{o>wYWG(9zhYkLHym2_!^$csCf
zzN&V{WUbt{AHB|eQ;ax7wIVlGqFie*^P`r<>>Enq2p3!Dg7emKeY4I4H#xs?>+Nj+
zr!{`okEXlwsyb<~go;yeY*tI$@b}i@Qk>T(-Y$?}XP=c7-fH8~c1M2`BV$}K!tUpX
zME{c=w3z_>6Mj2l;G)nS+$rx@%&R&lI=Ib<20bh1H)7%w_*w?(Z{U;v<ouCjTlgZM
zxK`zqJIQ8~ybxFI7ktIh(g%H^ihg5l&IEV=ba`_wy8duPnRr-_mP~^h-*w{~3z@30
z%cDJb7oVF<<)GoOUB0qdug;_XjjP5yA?<zOv726C>wN26{{|{=z+U(Ye5P2GY=*33
zUUPHXF|T&)-(?e$xK+XBxBHT*%-6p6Udo$<NBC=WZPrwAPv2MB!iOG<M0-3StvWsD
zf%dgTYuBTR9N_hnZsS{XM1s`;Hy+hc@J%_Z9GPDErs8oe`Fi(4$YfT`=+7B~d#c~&
zG;rqD`!ZiP-mo%X_-0NLL>!c_`*=_YPfDa?W0XVZC&AlMee1wHx`9(KkNe5DXIAR6
zX4b2Bh0JXa@~ka&T*`9`Bs-5Lb*(%GMoezG^6k%X6i9Y-1lO@=jNtWX#|X&Pno~be
zW@H#ARWup2Vs^T%WgJ?}o*pyS*ImoVp1xfWHhJFqa4<+w?Lcwon9iW~J(-57*Wld^
z)eZ?7@0k&E`5?~y$NU%NrG#yIbb~II)ro_OeAQ2mrZld&?>qX&x7%k7-*pJGU;noI
z0Vgw4vPgn{WJM}3R^05<I6F}wclXfJrhCHZR&O(2?s&{aLCQ(FrMM1lF)HznFK=SS
z74EYRqJf7S!5^2xHSFH2y=xq>*8yOyoj}FZQbC^UbQ0)G#Bfc=KN^0l$^=}XZRfia
z${pp^(0BJu;nP&HhZbCLazNuUS?aRMCzV?_7iH*0BOCILJyr#hAF)u;XBv2F9uN8o
zk~b9b-mvnSly;pHOT1zBn3SA0Bm7sM?wv0txn>{Uyc+bE(aA8pUN7M3uVPOtR|s4i
zjUQx|YubJobjhu`b>dB4$?2f>Sltf|>Y{rrS~I<#-D<f!k#?W&i;`cwqnf?TRefRL
zn^K%c@yX9(M&-ln9=79L_1ZVbE=FAS3g#`HI)2EyTCa8sd|v-r^#cC6SYl@79PO2?
z>Jr7TrU?G#EqNDo{6m~-tz1$6i(jzsTL|o3mubqCVy{VB1uqTuh`!)W)++R=uQ1d1
zSrJvuKKgF%07=IFJpF*bRTeT|M2OQxeI+{2SfVC6X38-A%Vedn^R_H{tIzBG(UV#=
z!#h8cyc9)9NOH~hf@O1#yMi8Sy6arRQS;|3S|51(rY%a{tII!(=ACC1a`o`moEn+7
zO}0@8dEr7&{%HvJk&xpKK7CbKt~SSOuijP`km^M3JG=AL@(}fXldonMTtc3fHs(Jk
z6D>QhyOUXQc_E<jrHfXWYi9b<j(E^i@5K(8fyci_nv7<+O?0Y^^)OziR(KVgMOTGa
zLs+UarlM(lQqzfjuIT$xcy1g1LrmbK@P`yOsYi8A7S4X0x3{NTg$~wA>4V}(!tH~y
zrOh~MI)Cmxx=tzh%Ae1mE$(sZuhfymq^YOByBf3}r|=scgIf=$-Y9}}UVIm~-;U0Q
zG0Ew%yLBlq>iBVpj!9*`ZnS^O8@}3}!0R34R=Q)O`|81vMUCr6>2B}&ob@YI4Ifep
zn-5GknJ%@ddEAB@8@xKmB_tj+jyt6>67fQ2Aox!8R?%weVR5Oz126OTWe>eE^?`?-
zqO1qz)WxdXxmThj3IcN*cv3FjUXxLp$mmqEqF*%TQT2{aQ+~d^F#3L}>hjpNjGo|Q
z(V4&Ln6JCC^g!VKD~E;1P5#zPHocu}u`q-^D!YcEjI`YY-E3=}-;#Z!m?RzhcR0cf
zBs_|KgoWgDqSSJO-V|(lWD35RXO!J8%;@SjHgqS7dz=``(T(}c^uE)k#%6<3;d3VI
z-9nq4PY+`s9}AC+{Thy0ONiNaDB%kKlrXG2lVX$O9AQ3I@r+jG=CA8kN&J=|@u8%L
zqz{E@<@WDs5>bw#!=-Zb?Xml2lD$VZDP%jiv&{K+4Sg1`;x1n|dwpf6Qj&SLDRm?G
z9{rK5M%mrUf>|TXQ2E|Q_^vi0^}!-dYaN%i@cwKv8QDSg^25Dutf7t;MI*>`Mx3vE
z`iT8T<aQ(K?iH>EZc;pmv`nEuQA<aqsB{L-Zeax+=nZcL6Hvh>iwX&f>hlW4PBUxa
zSN8@)SeA)eWi=1OirUI#dp|z>5o7`T?js=AqG_r2c=`7y=Ss<Y$nQByV|nz8i8WWt
zU+QJ?ZPgbHh`aRn9|SanMrBGs!}WKr?j0--u^L)ij!oSvzu=Hl)M7J1^{`cJ<Ffdi
z%l(#&JRS=*!`(iM{Lg%3FH4s?eBnX%)%ECsGTbqeUaT`2dal+c-dNJ(-rvA>alxU;
zkl#p7*%lZ3P;sb?F5a;5N|`Zv#wDBSm^Xw!f6aKoPQUMa(3Dc+mC)O4`G_iZylm_a
zjc}Ak^wme%<lYlyHnOt<Jgb)vC_QtDUGR1+b%&lU5LT3n-n%WI8n)cNuJnL+A$m1w
zxxHC?tHU1tu+G<cg?Nk|fulw^Z{it`b3vuDXSbY#GxwN1xy`AeFwZ){-B<MfIV*~>
z9LAe?GL4JgVfcEu*?HH`J+n?Wb5Dt@im(<-_&L?bGg4X=FF3ZdQyNiWine$%SuaX3
z+<2%uQ>(nBNzPvRxi#$lO4D@v%Hp2YTaV^CqO{LR=5OPK4HN9c4cg~ly*g4J6;mzp
zjSbgvk-YHkWB})_ohpZ>6bhNBn;vn`n7k;zkZ)UMDBNABI7WTla*qA?i)PLY56@!<
zr||Eq({D0*gbAjV-Mw#k-+N|n$D(#&^)UFE2~ybY>Uv<zl3}tfqeZ%TXR4Tyymv#)
zZ;p`ZkGGRGe_kot(EAWC>TKP6Zv151Ig?BlHqKNCrhDY(SjG@{tC6g7VV*D7z?#QE
zNu{Xo&Vs2YNdu{mGQ~AtYSk}pBQ&PSyg2>%2rlaH#w`NnRYCnf#^Z!`4HH$rXm>fs
zq*thbO&MY?lV1WX99XnBJLeJud2E#U=g%4FNY&V7RV@YMEnfC38x-~XEcoC#eei7W
zeo|oJ<BD|Swre-1GRP<E{JA@c5=;tkQKXCXr##L-Mzl_8h<J%oSEt8DJJh}(i&cya
zYtPPQjkeKj4|F%D<+e=qjU?azRTVDm$Ig!<llnKutPpv5=Py=ggrq7h0?F_Y8=`E{
zV91?Sb@TO9J6(y2-V_OI1IzK7L{smv^^4u1SYwQ}Bb@52e{%GRn`?NkmPo*TsWo5m
zLj00rz6$wq^rv_I;zK20WjdT*58Qg|neXgFDJ$AA^DraXo#xqjR}t6M4NU7O@vWwl
z2tIzglc!vn#$|EQX;;M)JgF2^DV=tcUUr?!G1M^s`Ek>5(}T`OuBhdJrR*eGPfCdl
z9bqvi5<|!;c5dzMYRM@SEN5j-PBSpQd9+F?<OV(8C)}N-e>pW7z8}DJ<77i@(N^&t
zGwEfvNa_vo9i8Z5sl~4Nd86#%+bicO+v5=zo)zUxlIZv?s?-nYYDl~c;Jlcx%@@AT
zyW4qx{gv>|o;*{g@tflLVPD}F4tE5Sixi-%N5IRi_e!KccRkAMqLGnG2`7bpY;h?+
zKF|>)Ny+jXzvGR3c!47Qp{13s&Qe4c_4-PC8`~QkGn(66`re9JmZg#_;ftlX3w+Qo
z<1b+wc{+2|9Clk-?*x^F&B>pegoQKL2j!&KF5M<68P9<Guq1g&ui5V}1^Gu&()B@~
zynex7!;%8U4IuZ?fSnY>G3h@CJHeh|Sw58d$t0J}a-R%0^`|56&cJfV)K8jYay6Gn
z=&IeOwCG79A6k}w<JWt6`Wf90k&3gBg7zT($aV0-WR%H)uVm`{`0E=(3?HfN+ewrB
zUq4IXN1#=PCi7EDyt(+8#BDg=x_9cIH`e`m{5FCRb#M5!6UBlFy?#dY<!jCRDJzO1
z3cp?l2fIA$?3NW=R1vV{3d9JKhy_*dw=9;Y_~&!nzH~n`cecH#24Vd0xuwLar4nD-
zZltQy2t|8MxMfC^&VG+q(RX1|_o^Hb_(ctQjkMpNv$J)6<ujkZ9p6=tGai~epdd*S
zWrqUAuf!_oJ#&Aj(z+`xJZGyTf;nAsnN>Qy2_HE{gp=N~b(f}GY^yrGC!3V~y9ZxX
zgFp%E4lFbiIOGgyfiR8>GCf%z7>!HvFcu8YA4KeuTyPZc481uN^ZJ>M;l!mXCR_4c
zv!P)z>HeCpq7Kr-{GPk6Mu~$A$xnH1le|$vVvmqcAy4wl+u_rtWgQ>(bjcBAa@ALW
zL}n|wlrN9}WMb0SE`utqNEVW#HF4;zaJbj&agkKIAjMkvu~w|_&*nTJY($;#il%M1
zGxBJ;X8XsZ;x|$L@%IFRUy*BQEUnPC&ZIh2`6lY>Uy10y^J>`l;H^=t#3kbxuf+)^
zS>UwjoORN<=2_mX+`Jh_>Ypzg+#T0gPyC%T>w_Oj<F-}jI!CR>y~mIFIx-_WxUYg9
z&LYQa+TpGj!87Uq%%<P`_GN>nD9dNU1--B8mUrX|RaYzo30-_Wv{!r0JOkI}y1REj
zjcC>Ag(`m4bBo=65&l@dZXm^SMJhqd`x$&(v;jK$jf*p=q?&5GlG{~PLU%}LS1pr^
zY*d9@HM>+8$>Qkdgy|z)5-o#E71>T(D02Mm8wfSKq<1kA`MX*BbX}f_y;@%id(K%W
z5_3Jw&Z+Jipm?{Ad%u)pyS(Ufo%+}B?Av52cC>G)f3PYsTwD23AeizF*pKlg;?)k%
zVqtImZKo+p-qIY>-IOAiSVi=kPwQi^#=$1J52<$dfUne>lc#e6hRXaKN4vD-K`kr4
zHvEkQB}9C`Y9sNx@)Vtg)(X2D@->wkoJ=y>_nz3Wuh+l66MQ?gWLv~~Y43Ub7(4RC
zq};`xiT4XbI4(+BgrC$la3a*=L_?(RHl?}|3Cm%=rXdSBWsVNX8WV1ldTnfEauj-g
z@ATn2W_Hy)AXyJMddk<*pg$ihyAseJ5@@O<R9qQ&D|o2ZTx&;6R$Xrit|pF`9rcHo
zf3F4_=4q2eeLd<|qnk$6^`ZMEebPS%-+tMk5swiS#nZB$eYEMi;=yh5Qgy{M{yarv
z?(Y@ttHqId8Op()mh6>pIklM6h90Y}4hMZ2h;6=gH8QQQ?fGIYRX@)=<i{^gngo>F
zGQUXm$qF91dDzBmrWtzNyF<p@DVVZ5aQAa%$>P25Y_+j!R#j}#HLn$(^1SI_s|{?e
z>g(IU;ZIpcZq756+1&Ukp;=5eU0%mcZk;^*#L&24fOVO=r+af0v1p2TbFqjVx8Zy2
zb?aCfoF!v%j_M;Wxg|fTZ$NF-a75KcTOR?3Kf;TnTB_sntVt3*AHjlnbDU^*!t;ku
zAl~d<c{eD2(b+UI$cv@co#AcS$KrRvS1?5<I|w&#A~0H>H`<KIrv|8JWNYwt;5QnJ
z=^OEtd!`ric;lNDNG3|zUVVMYwQ{do_7ji(=g05AqHaHSmAw(gkWSpP7}_EGW%x~s
z&~r16!!-s$k_ay!Qmx_<Un4`bkV*iZeDj@2G2PFb8JBs!bl_cwkC-2X?(LlWeqqru
z5q4y1-6bJK(aa3Zg1c^wG<j^HbTjX7-%Mx7A*ECQ=;~Ol)A`1cJov?Xgm;{iV;W<8
zw4Qi6!S9-+Pn)$Crlo^Gol=c_%0g@Fby1Ld!A12?KOd6^c`3SaBH;GN)z{MHyUya5
z)Rye`$tBrQY%g$qovC3-hMF%V7>I+HB2>qi<3d4Wz9U`O91@Zx1TE?QO(jzb`?o*I
zKf`T)>3h@}?{ZxGZTHjcuSUBLm%D`Jt0_bBje-IGPgz$NpXs`2BV$K5Gt0eLT~4I=
zXaY3&-%bFE8{M7W8n5=UT#EVkGNateR)q7y!JL@NRW<g=WFBKmj*vUmhoohdwM|nJ
z;`oJm47R;CbnM;!SPlA*zU5pc3YIt1bCcey58~~5F0VsBs)V=di8N05?8Zl7Lr*D>
z$D34UXZh9LiiyR9->=}8z^39bHRi#Os<sBolSJt&b;b{SuHxUfD}}aYc*Y900gLia
zuY0;`rW8Y@K+XfRGT}UfM>R&)=S!INy@ICtNK)FiQ_~51oo826h#Zq%OY~7!MMSDj
zi09oUDB)7GK4f>kvykpgZ{YM=G|s<5)>Q34P-~P5#gm1%Z$f34w;iUsF(IIRG|)PG
z?d9;-qQ@?nJ&Rz!jUaN=@)t?b^vS}adj>7VuHV9l9DdGLZqnG>(B_4_Os%^h!vvjR
zvI80{jHyi6Qz*LRjEYlRz)LnAmNfWgb294+^J7G>3llW?YtBE(SWshr5bT?()xoS$
zjnim+&+IejfLZ=n-8k1+G5!|~hZN=lBwkCIQf^Roul@5v@%p-f>siMGmuPl$O7Kk%
zRg)vSYJZhyy7m?F*gi9_zy8uyE<}_6Zd9=k<&c?w@G%8@&vE&7m9eJprpvv=FS6%Y
z(Xd~rpJ>U>8a7V#XGAj^WFP<hq#J>MTVCUXK4y$l556g5Q-AOzL#PmYE2@Y0glKK)
z`K_e4E8+^b7H>bTc&ju(br8a=Uw6TGUWroP+rK{p!$G|b;H1%-<yUm9^&k856GQ6(
zVI}eMQzhTedz5cR@~1UqJr{jvL1hsZCK*|MOc~6uD7t+qOU-<lW@0Qd9oL4EE{<u2
z`<G!|pq>~f>3iQx)2C@SGI2I6kk)(8%RXHI%k|>ECuTKRw}0Q5j>w`w_ffM6o2pXW
zq%D&x3fa!yPe{~iOi(e<HTNJ1<z65gp&2T?X7uyp`Rj?&?<;T|KHxm|c*RhADCBsv
zv<x;~6ZNkdKkM%l1OnNz?f09~>g+C|IOLMuuATE1`Oq?_eoSXSeZaQ2mhBut(v{1g
zva#~I;l{yK!F$Q_5WDId!x~*I=bGC^j?%^~w6D??NkE|+Y1Ask6q=EJWciKo+9Ek{
zUBmZ2d$p3mxi^(9`^JTKJz>!afj!fL5=~iq1ZBpkrVFm|QuaA?x1Q_l3Nq(u1Qi8o
z{yZ<?zdFfJ`B3j;@h`Kz@<eI?RZ~2l`sAI$x%vK*(Y`G|eNq%VP2bJRsTF&=1X|XW
zm>uaBVKdSt6aMMrC})+QQpI;~;{Nn_OM)|Kr!lx`0-wSfZsO_dsfosHhyNK+tSNmS
zOb<0_4E?NJ{U~Z2-}|;^WrsEZQ_dUpH^wk6t3i!|$0nU+1B4Ym2$nJX?Xs5ct80+L
z?w5-Xik)xhS&xMF>b-hU?uu;Hz-t(ZU9-JMpso7dmb<sMrh$?<^l}BAlxBWujqRjk
z!uHBy<nDQj7qXW-9L<e7&lT&aZRRl!)t*;Aj_ZtEmg_4LE<za_T+gR&pym|5`$5HK
zXEyuJ`BD6jI~!Js1B*@ySZp%?=;yVg*EFEJ>wi_%rGljQo=_t*lIGoq%++im`KmJB
zhv>d{9Q)do<9aW;6g&I+LyHZZK9SHH6llC*Yx{IB=c9+CCU+S9rBNa*<K8b&9|oCT
zQsq5D6rcK-y}PlueD{HHxm}lUMY6P&o%Em-T{=Gd=EoenZ?cIqcwgDRj!lJXGS^@(
zr7;Z3&Ke7wk7hP|l$^KgmXt0NY_}DZP!xTWLS8`qG4>H+TX{POs137E{M&=f-HZp<
z=~Q-5JegG<C4|TKQU+VCXqJuSn)!zZv3Ek|g)8nD1tH2QzZ@9i%}2lf4C=)DHSUS9
z>2b%1>&oPc8`8>tCc(?6DQfYU8o;nn-y75Ku7w_S6+h0Ur0hEcI?}R3z4=Y?A8+N&
z?a}pyEE7&$Cr<|w-tH`jEow(zQsn>p<=iJLi@H@kuD_#xr5we>A7o`&u%Gh<joM^6
zBX;B^<R={j>c97~bPuq4WtbO_wrht5&M(gi0r023P(UfywAn^I;9!*JDVmMm{N%4Y
z=nig^IzvB}<e!k|@+g#|;ae8jbmz39iDQ$o@_5SbYAa8)|9p267z@X+w5j<T`COt?
zdsYvB4f217t)5PT--j4P?Y;IlPI2N5+s@Xj>hPqk6r^S;d+{i|N?s_(&0y-XPNN!&
zH)g4kWxFMfnIP1#O>=xeO>4bsC@kniBOxcZnMS1Y!uVVF@^^)`s@jK5iT+0yv;$(3
zM7L8q+)cmpf)Br{KimBlPB^2O1s+Z`(rn_55rga6iPuSL>0c;CL^;+KUY;AO@STt3
zY7C54lj_g0`}{6I_0^5-l>PRr9Hj6)jNU-E9r#lFvvKl;eqt#c;vzg&DV=qx@fbYJ
z^j2Iq$LdQdZdm7^EAQ^&tlNhFdY2@@DNy>#3oU{J>6*4yd1)E!r+o@BdFeLnXEc`n
z+Vg$?dX+?d^1?gpos~4Be=Z|4r@l5qHa`vq&z1+0=W>-sQq5gi{$nQdmICS7MnS&1
z!aBp*S(Xf@tqR_e^YC{;No*O~8uaPsQ}{mG5?jB4N~^rwoaDo<PEl!&i2sMLcZ{xV
z>DoZ!bewe1v2EK<I<{@wHab?vwrzCBwr$(KJLjDDen0LQcPD$STB~Ncc45}@%(cSo
zj?OKKOO&(j5+tjIOXk^NgXec$Xc^d-)GkQ+1{p>1RLFXb10BQpy(cFWGqW}~du@@L
zci@9Z;+8!=r`Zw#?T5CFl0tKCLZxYKEd<V@ru1*<WZutNWMm*x$_913?B4z6NJEvl
zX4fzpql-EKHNs+0;4b*hAV*Hpe{?(^?cfP;9C)5Ce|5`tkI`PgzP;MREwIimtzlQ8
z?HEJ^W4GJm{`y~Du=)Q(-87zLIer~N_kGXx&eSt}ll%t<Uf@GU$gu@_t(U|V``i*#
zeYt%2(a7F*XaRboa;t6@>T2M(u)!Rj)4$Agu!DbT4Ie7ob}4@h1Ii~hYFg`GA@n0|
z(tgMKMYMJb<DiGQHDsMqUoq<to7jh5{e*^kTSMxF6(41xcuSc-36j9*Q1<_2NBqOo
zKoY1zoN=1|AJHT*(~Yl+f;qAV01^j<pap$mbZ{&slLp|%(@`v<U;kzB7!WQ?xAcfU
z{^#-iyH5MR9)>m863yt}{$k3cG1cs|l1(R`eX$Bsm)g$4#sMKl{tXd*1)vhBaqNiQ
z_rYl00+Iss3Qh0`>jA2}BmO^!0>{iy(O*~~I%io<>%oM!S=Fx`zzf3U6fR|G`1V7Q
z$vSsaX!7;sf#qz@seBwb|CZ17QO1bf@RIdRoqKL?4SbV}cY0K(UD}yERT&nKIzrq!
zpW+5(vm|x8^%uS~CFrENb=kQ%(|{6>x`F@YeIO{4<u+uAF+s^Wb$eurPE3-8f1`>u
z=}(mYur#nTs7rp$wcONXezmZ{lm*&{7;ND4GVBcw1NrIF1^c7s6~6gimP-!pLokUd
z=H6l<Uqt+P&ty?<-to+~>hnw25~uZkry1me<a=M<%#(s6BzD-qQylIHTLuODhi;^;
zhZL8h5Vi6qLZ#rS&{|8Oi2|jvLld#bKX4-O@7~vtU`%kD&T&RvxI5?8UP1_g0N6++
z3#5Td=?f~{*(>oal({OCeRk(Z_(XiW9ZcA0W?D)|wY~MA9%$ACxM*j|P!8oMuUINE
zmM{jaM<5aTsw_G^%1;~%c%5;rSB&mC<{aPoFU=-;CYS^$fxba97-UJt8+H0BtvVBr
z?Ba_pIg^mPn%xs!%?Btz$#qRMbIGa51<z<2&0&Wf`XTg8BBduT4YLaN>$ui`4OjcD
zY`lL*4E4rAZ!^(lrB@^We|Zd92(67DO%3akUs$+TO>#m2BSqIzPcowm(nto_0l<J@
z^-Y0$_;to1<Nl$=wgTu~2u~z3I`>jvBZ&rp{NN+hq3I70)J->MiK@FyNl8iW2u?LF
z3`Aj!+X4Jg07M3K%;78mkzwhJ$neEt*mhpn03&yc+jV@m<T-N3!#)g%`e+Uy7r?(R
z1TO8H6veoFm<F9zZPtWAgZO*U<8TY47?(Hr92a`*v#+x}n0XsR$^5AS2za+XD0@{e
z__=M_?abuE%%1ylGcL6mCXTuCxRTn9oWl!>RpOb0EiZewop6*>=6_}Hv$UqejTm#3
zf}}Uyff#c_hggvO2}bmi-d_Uk8i4ek+s}21u!8gswWBux7SNG>JsEFh_nM2r=#D6{
zAO;~-DvX5%PzGI%K5<h%930L#q4H<v;9%Mf?-5ubzv}a8yXlij_rVVR66<-@q~j}l
zSZx!-UBUN2hu5)+w%>R04Soj{CR^a8GTJlFe-mj0xmoiS0mgK*od57LS9y|_*$cBo
zND0R-XdNVd@_big&gi&oH6rC+TA_~7K08c<<{2=M(`a2!6+SK+JR(7*yVc)2jz(d^
z;Z}oBGoLH;OATFS`62#b!Ik*%p)?EDK>+a(hx4N5@!8XVMZHuF5T3o>K!|lP;t*+H
zmT979p9`<at||rf3iD+>HjVasDF5R`Y)$cTtUviMDOxD$o4ACo`_h5OTt|?$xbXMG
zk78>q=bf!HtoOF?pV(gK(#x<@zqQH2hg3-qcjGv<(!)>%aWz)dB?h*7aQB_edo&8#
zSEsJtMz?9@;9uxEml|>YC0zcrMiim%F01qX6nN2Nr)S{_>%Ggo^n@@Y-5Rv%zD2AL
zI}60wEQ6}{hJr*pTfg#JlLkd}K2pY?s>jZ{UB4j^s<?vY>|2^N1XZgx1XX7mfT$${
zfD|oBDz~ITr|72cWbaPx{VS9iYJuVfb{(U_kSda!L56FLR><jOZYq5dc4Q9I@1kZk
z&=l&d+S#@`xvOyuMmRhxaBaC^vRovE!^^W<1DC;%FWpYfu8DaT;Pejzo)t+GqsS>7
zVu+xI3&C$TBp4_*VrPkQOPX|ze41_~4y2>B(lH5Qj4%^1<>#_fLcsI`3CAbACddJL
zVG#225ybQ>*%|W&p|l|ua%Ov@Y&uBNr!hkwqVGLNJw~6V7r40ZfCIJ-d=yl?3|8c1
z8Ow>d@2sAAaT9UnIH+jh84q--c)+a2_0AUNihz=j-?xx7M<X~`S!`@h63HHgE%{yq
z-4mI%p~|?~V@FMLidHy@TIfe*$)c=@Fh1Y|m-w2`(od}&`ysJop4i~)-Z6c*A&X2x
zKGHJ=brvky@yr_V<Yr>D0KoF5*AfH?Vc@=iLwOjhWl>l?I}*jyP&i)?N>f)$Y#%}>
zB(-?hQ!ei-9^6c9riaovCY{(_4PX0i(k^Vo$krrn2vbwPU{zblJkaf5P%Thx={}f`
z5CiGHYlm(#@oXU=Z7Sk4M?~=jx$a*=T+RSR{Wnuw8Pevu>ZdC<rgbpt<1Y>EcLXZb
zVS)H}h6e!JXWNZKRZY<Bg$E9y6|pEQ(yu2*=r-%}+xaj}Jo1XEYY?TASg?Q&&rpc-
zn&?*+hyl|U<h9DPxP)EFpD!*L1n-)J<fRdzn2jl0u47&}Sc$Hw8v3g}i7B_sp38xq
zuFJ>q@phA!%s?2Xn!n1V>!ST4eR?NpTrvQZbhoL@ydwR14lC~w#<-wJ@+a4N_zT%~
zx36vfU?axr))o_P01E>h;6bLdC#YTi{xiB@PTDbTOM4ivucA<4!KSkFC(=g&%;@uR
zRv6w*B7=`4Y{ZD6m~Rzifb4r-ChHvcqu}&J?gA$z-W8#rJmwjE_(&5}#lE`fzZ&Br
ztX9&zKC*x6V#w?w9?(BLCv<<Zl^woFBky?i{m}dxqK4DBiZ<~5dg)hzc`11R)n@aO
z%)zw|n_!He_&CjsFq{cfKez*swU-+d{GyHP?XiD_da~WK{(ylBTk+9nNMP|yH-B|J
z7(4^fNhg`-dyW|v!yEt~5R@IjW5W(+T6DwV#Rsey0)+oZLxuGFS**tagmBn~;p1ul
zW3Cq~a6G(eG+ncTKlmN<tlDjEKuA=yD$6CbCrl4_mtpd(SeTVMP$5v2eLJ?z#<Yzv
z<9uXLkR{P^x*XnFY;b+s_d-<3>ekPuirxQff@FGo3RoC3w3V{QJpFVE@-4vuu<I}e
zY#anR*Iu#w68Hbnm7`-0*lg=0*Lz#sHGvE-)VmDLXpFBCxm&XFl>>cCz-VjA(iopS
znpv<}mUGg)1TuM9i(jy<Y?^q%V9m}HLvKxh{Tn@d-{}}$Pp!gpEnT<x5W%<CixbJO
z&bd0kx0jAVj^5Rly9$mnXEox=PzOy*9Opoq{nIDuNB=JR3>hho88Y04aB*|8=PdqA
zjD&|d*`L0rgcUH$T=z665k=Fo8|*a6v4(Uy9Ii{yF1F6jlXcMSPIV!Bs}>kCO}8ch
z%pB*inG^jQN(_Uq)j<OMfVserK8_>ntcp?*F1!W6_(k$dk?C=ON(JyIBg!>HoYtiA
zzC@LL8n4nBSKWFRbeO`_`(l0^hd2$_zsYE~Y1Kj15iSa<%)q9CF!b=3gmwvJZF0LO
zm)pc%BAaOM;s$3(Yj&Rm&X)C4$0ES(ld{f%N1EMtB;ge?6_nRMJw95n<AM-#itq2q
zVT_g3dKuv|(VN78xe0o-5h7<^R36^<{jj<bT2Bv?dY_C=k1S2vLz4sEqu!ZYA)0a6
z{A^oPppjE3mKP`(r~0!6Dw;H7ttE;dLrGcNXfM4?8Qp>#D&7C52JTNO(VXiLbs^x$
z19B|6ISE3C@o>DKzA;sq3UM>!vm~6`QXN)<%riu7TV8+77-i1PA*qXwyxngm?l^Q$
zQmu;o-W0#CZYf4*qMsT-M)e+Pk6n@rT%RleR2wGnKlE-9KWIEQWW1vo5=LOqKfDf}
zvX7)ML|U#oB~IukF3*TfcA=R>yWA{VXM?0~Y=!sRozJL{Iqja$lg`H;(80rk4w4zE
zbnK7R0w@(xl!v^#rYeTHnzkI%#z;j9%z(AMmnr#-Qxw-CX_Djmp-kj=?rE?I?}75W
zOc4K%X;9>iR^`*d;x#iKzoRh=Z`at<;?`|kvluaty_qV<J&IeX`wgLbJHrf|KEalY
zx`Y*|FkF9#06Vxzl!w4DYpt(MMId0S=@5PAp11J(u}b=%JlIW9;VnXJp{Zz;#xImF
z0s4T%<Y~l@{mFYapx9eC5U<6gZYY<bl6$UBYV|}+6SslyI4e9QiUd+0<vN74tqC^8
z%Rlc@UGD1c>MKbK^Ke8vORgEcKt?*o_^OB*e9?Dek&`~}-e`?!#i&9>;L`jDR@)Q2
zEU@SfgvsY1EYtYM9BeDJpWok}M{J>|=QBnEaMsVLD>qg*kD{bIB^shLrDJ*X`C#}9
z-{qe=wk&^t!|JJK%J*u^+f0jOhE<HrQCIgY<)|zg1OF*vr7`8yMn`FK-Z%f7__Rnz
zPbP<gTh2j~<ca1mbWfEf)wK%z#}TZV5lG9;K<(r;n$$v@eEl$<1+E~Za9$MwW9x7$
z{1GuP6ZJ|#xI8H1VX@-+_WaW~pmx)E+)GVIE-Ilsi?wBUOt@qv+EF^VdaBW+$SGjr
z*CXwO%P`;;duR3+@T8O^qa{Xblpn?JtG@YtnUieCSVaxgg+|LRwtqa_bvOrN_b+PP
zJFaLwKtGYg%<EtAJ9#c~^yLfwZ^<A{P8SQ>+SHWzW7M6vuRudv-e&0CA`*U<^F%>z
zP*TIgb{475pqkS=I7##__?eiUQOL4v7u9zfNB3pc>B;kN>H392%N}j|yz0SSKfLv2
z8EGdgeb)+2r*;3OKSl6&m*exJW>=DguF29*r0rnJHK}Zi6le>#q^@~dRGA&MH;?JO
zq-Zi1_{0%=DgT`m3kR!&kx#8jrTiq~1cfxKx16lSkCKZU&B066m&3QSI2mD#qke5C
z&B4Q@63>7QaV*+-YLHw!Af?T7g%|i<@$m<CcUFC@Hjj+J?M>!oi&o2arPiX!YF5@_
z{3lZfx5cDvz4LJhs5bFp!bSu;D+#u8n2s*_;rrh%S@@lUp0Y@*rtN5axD957hT-dh
zg|r!xHQWkkkuK^`H=36RboXQTk{k*WEMz*va%I}p@A9k7#-Xn98+;z!i+qPh5f1p1
zqLin38+_cALThMGtF<|9g{zkDcHn}%DFXbIYJYZ80KA!h@~QfA(5)Ej#kKfyLXG0w
z*lZN5N+Ryu<*MmSD;;I?W-TM__dRp0u}5q-Gm{v~o-4xXIc(6ze9s)y5<fzkH?ed+
zR)jQ3dAoMVcaYJoDEZ{PZ>vkr7}N8eG3yhY7Wkt9aPYtLCJkhQ6kKdHYxtv6D4Ork
zGRX1Y+)bK$eiAGwY}aX#e`;<EXHLI({S9vxyJ1eJSAD%cRVvgJ(7ha3S3Z_C;#&mT
zQJ(YnZ!w>&2yM6qzYtn+i(cc5L4P13^;<_%3Vk<6vvDke1El2dlFDM6DVFa%R3Dtg
z1_7~L436CUV!Zv%sAu*eFF94*Pi0~+ImKaVdM&wD>ZuW0uHdB5R7Igl9icKtm{iMN
zXr(}*F==Q3hhPqv>tfJG0h{0r`RMcr`=j|f0l<P0hCaIo>9Ik8$qrvV1mEwBUp7L?
z=%ans^$6-(@Xx{Tb{_Fy+df2`MNZ1!2Hy~@KMK*{QbKMYkvnJd_Vg!wUr$?Fr*%~j
zj6$CX!L{V<3X?93`rU%sX?jG1Vfu{=r;qMYE)n^0sD0c2N<Y=L{raO)`Edzfst0u~
zt220k@3-$q)(=7WMsnP<snP;(8DYQhj4Ou1wOtuNCvC~|3(k1Y&?`*;-08!mg88;{
z03&<PpqI*bS(Qs&&BUt?lqzXiFthQDVM~9>#5Xq*w(5v)sb=K$f&Pq%Z=*j%DXyr3
ziJ+%HL>WJ*SH;q?KOExEFTFnw6%o&`TnGod&~dbk2rzA}1*L}9#x5w>p9)-BC3Cgx
z5wL{OCkGG(l)M+?1E};|G$i76;pjQ@nDLb4tPlk`mcq!ywnKo06)Qf>wB#mvp;aA)
zrYxXt^=#u{h#NmEt%mC5G;6#ke6q-jzXnpeky&4pZq@rSHb(5D!8Cm4({5Kar3+H(
z?M8bLN9I$t4STW-cdpnc5eA(a<H1}@|D0C3Ii~2#?+h2*avO2s;_lY>c!`CelL~+h
z#DP*FXy?JK3m=8R+wI&NCG+C+KQIo|U9TEGs&C~Y2Q<N^Be+DCnm*%g3c|r|5sHfS
zS#L<NH>4+-e%E#MC}DR)AZNy*mtx^8cYuW&V8IsErG^(tC02d&Jpsun&kYuGSdrDB
z0>I!Kf~lAno_qXr!x9!slQq!yZLUYDmb~h2b{ha^T@z;ioM+uEC|9nY@A+laFVI3)
zGS^E=iRtjtm$KI{xS*?k^Y*(m@W-5T$U(||&CtbDjX8jUv^8i=i(Ve+H_cwezhdQK
z0E#`BM)ut*r``hWZdl}<e_nSQ05VwR-lUQ01aDs0*&;;qM8_N=yb~mlza>P=o-TLw
zRl$Ke?>*gg_5O+IHqhph0x6r`BgC8VOT7=;u3Lrz57jT|_7+rrmgwHir(X*NY+A?n
z$Oa{jH?C#tcXS0imq$CcL``<y=X8+n)0xO;44p#r1W4OEyFSpo?m)!s3w^@}7h3jU
z@>a+5#+|pw2U5T7J35<hbg%2vO|!3G)%pi8l;zpa3@?e=>CjJ6#LwMYginV2sUJ_>
zXg}`sgWp`}yK9wP0?7yx57SZFs!-EYSIqu4(S(sU&^n#Gm?k(-$0fSX6>7c8{~@^<
z#Po5=D#%nFTZgFWN|lTqfkuLj?<vj3Zr9rJH)4AAzL%%t>x3#s^c6s?Ut01La~<Wm
zzf@;)<tK*mwCxN%n(G{MwHN41tE5^q>1$orUY&9x9DW?-YP?kE>I%)tRoQsJ(^Pn5
zybNz4S99&vX!2BNh0WBaFnXK`7Qgc=mDoW%78H~Vh8b`!oNJT_!=y=B#;g2CX{Dsp
z8!!Z~=<M`3&cC<p+=(`-q5A`%HN+S&Uyx$QJhrf~smj{%O@yROwVM=4PU&B8k_*rX
zjNK1w1UK$P+A7kK=LrkhS8M<TXftX8*y`AbJow|4M;OQKmt-q>D~t$-da*^KG^`n!
zVdhV{F?N$q>G9r<MR}9oMGCDL^u}t5r$-{ATqu92ZmyT4$f<ncob$8TAa!<Wdv^z{
zbTpn?;EQw#5umg`Z1!~o(MqZih;rBz#(+TDKDhqvW91(yrN02xmjYaVivXp=DFOi@
z0{$8TNh4JpzzT?R0qnP8F8X}1aWa;%!#bpQ9mWM(i|t|?z#4sFLdpFggCCHtHuurg
zf9Ymi1AK=01OYM1ajMEbOhXX%R~fy>#+*z5n4mdM^<Qbpaek#l1_E$uTOHay=!-(7
zxh+y|3<(<;D)bt-fGA5Hi?5xSrO5O%6~2mrm8H&X9r6RjQ6`dcdO6m>N>Fn!{<!S`
zuDNCaE-FX^+UFfldL7<zyJZ?47}0YaF#P@5_R`v!-MPJ)fE!-Cj-3=^3F|ZjetAX5
z28I$&E(%EZ)yu7$v7A&dlJrxwdj~t-ufOF%#H?*$6v~3CAEST1eHgi&{HQ#HH`!fm
zc2%xEynu$N;Hk=UypiiNK=b`;vUerOmx_pZsr&<eVjrh>wYIKW#op{2Hjph!n)Vuy
zW3#U^wqq>mM-`~H@Zn~z^f4+W`W)h?G}%|w{6b@SuC{a+*xtkR0KI-C6<7(xixn$l
z2gGn&F~&WbwMsEeN{AIJow=gXx?=EXFRM-Itb+GUWsYsCRF_rHVM;s^9ihs^iF>(P
zbPm;zlI{NaG;9?JsRkvrIBBuSt8uw5214yu=pMW8Kqb&U5GiHi@_AZj!`<jSAm3=M
zPxzS=0?8?WD~*={s3`@k!H{6%ZFI$v@X$xGf*ipSA2Ph$DEWv;s$W-6qBvbg4`Lfa
z{&vd65Q?<<jc+63jgEhR)QroOA9>V*C)+d_wc`_&wy%ImUqQcU+6Rb<^LU)b^P(un
zuy50V^o4kcIduW~C&u~l0)+#-Oy(=Se8usS{ZQ|^gZhkj1FN8cTADk(L@=PA;lZHL
z1zx9*o&8h~2PggTrEqyA6pb{P1iz_Esz=OE&SYH_PGEcZ{dn}rIS-IZK?&s3-5c^T
zsd<LE%Ih?%o;XHLP~4dN-U*9N1TCuRb>GTM#a5wSz3V9%d4*V=Ms?dJVvKxg0i|R9
z7JWDDj)4!QKqi!HZekDdOSh&1Vu%(^v(!a{q)UF9=Jan~Ujbjq9V3JE8HQss(WpM#
z5C6osg12`xNh`}><E{Z)5I=UcF}<K#AW6gTc!v6IDL*hcl+=DdcKx-R17HhC=i7B4
zq_m{t%R9H*QjA+{Er8DVy$VNrE~7&wphUa<SeAUbWOfc~>1}Lq{_ZaM3Pf)eTkdmJ
z4q&4br#WP7yh~>N&K|@Q%{2q3I47Y_U7Kyh{Q}i^SJ62V5ogvM<EkX6&hOUg{!Q`a
zDqUWWw76Gt=~6iGaz+}8+Q);Py=_h6i*J?8VpMXde9K=JKXF1z>DLfT>YLah>du^q
zSPAEpHkDtV2gb1fYloXqatN)xtf+2JNh=H17R$ApJ0rPmGm}>(fvb}L9b_+V-?xPO
zM)hy!X#)eU$}ETyNUfz@{txWqsvRNohC5wOdlCszVyHZ^qz`rXBdioH?;N2+pqr%&
z<Z^S~3}goDp*EAr`>Hl9Q98?HAvF9sMaZE<n<Ua`9at@)rc}k>^_%mwq)7QG(N}{d
zJ*wfV{7KR=)UH;&wZ*g5qEVK<&AXK<C=yQl=7BR5ZV^J}na0bC!xgHPBJCZ&RL%N{
z>a;6Tj8_A3^OY8~_zg5iJ#0TBie?BBBa(<*-hB$xW>BbXIyptt$aYJ&(82fq7S-*r
zwX0J`wlC94lrD}zGnn#kVPR&0ynJ9#au{<XoxE^{?OSDL4{LlmFb~s@wJyf(>Jyzv
z){|ILkVif>zsnC0z*$LKiK&SmYAnU~L`^i-vec4b+hqVpo$6jpgs^=$yC>hO)G|ld
zX<w!NR`K|q#>1H)V-mJ^cYlgu;q2(0HBqO}-5XyO*)-6WpfD4<w20)1f0k{n6hf}|
zBf>$F3A299)BdPqG+P(9MvLKmtEKfF<Kd25u0o;mFlmlkLp8Bm;bNVH;Hk1r61ul*
zodj7Ws;lB*Wqse)U4H21XRR*!YhuO`V<fw}X4dpVs9c1AE*1O3K_niBkL<iEtNyXB
z-k^=@^SQr<Xl^1lWb0~DS}5Qt7WF-9Lq(;P%v!an<9*i-j((fiJEmDyY(VQ-IMn3q
z;`~mp)9M0q8v1<J2QhJ7Gf#fGp(27-^jekkLW=SF7ed<J`}<4bfJwNvGhck2uDaXN
zB}mEHPddgq+Gw<s%oW)-em<T{KcC(RCT|8ud9Q+~NaN$lPWKe*(uRAMlcL$V6KW}s
z9N1xT=Lj-PWYOuvjgK`Fj^!Q0GV!dtgXCvDW+!6#$$s>hP^Sy@GiIo}5i#!$b)|c-
z0it)x6%WJMV=J!w4*Brn6gjQ$zIj?Z?e~z@;c{*4nq{u$yvI!ZeC(B{#>J^3-OZUg
z1KecFWs`Z@$zrokj!>lo2iy&%fAa^@cW$VI?X2^PP*<WD!f+||1-5F@$3z8X1$a;^
zBWvi<xW%IxybYAClkUTnOQf9d!+^a?{Jj*|s{gN;I#@^s0$1J9lw(Uha3a?Vki-UC
z6T?qI!3@iVA}!UT!7T*-1hzz2;{6Ajnoy<H%B)$%^2XjX=OsV9(~WygdwT*y`k<4$
z7^Jxzx^RJO(c5*t2R2h}Z($)9Ee;Tb+NgH+nv~5vO*=!=|9WqM8T9z{rZspcy+<8g
zr=@_gxU=PPVt*C6A(&(}_upOH)iZ1;&+!ql4@VTAD~?_J-qL-XW<<k|J4j5*CHRXI
z4B`innZij-b(@v~Hu7?G6jiD|T4<I#jV?2HaO}JT+Rr`4`h|qJ<(=_6KZjObu2=^p
zy<>Gk>lcSW@4hK26d5Ny)k-)pKBIW_<@GnTqI|wtrHlkIdu+#Ro<r?e-D1ji9%S1E
z2S*;*O{sJUg50jFcZVcL5G>L^VU~kLko-BG2)D-7YDXuF72J=gq1ie$xBmXsYVLb0
z_n{dSIBHH_au=|XfT!_Hf%^pLu-5*EhTPXS!5cURAoe=4QmB0)^t}1z7UvW7aw?sF
z{Gm>Y*RI|QNrS%UxK9~mT>FfDW9A~9Bw{U6c{PI~cH(NNwJbXpvANyvUtW3+#s!b`
zO+}BaoAi3{k>e?0knzGDU)i%&&^*z+ypkuq0ocLF5_3A*V75+Uo8ZsU@sK`?K8xUs
zXZI{i@OQmWN0fnPZMwD+0{Lc;e=ell#TAy0u-ZVcg?*4SnPRSYm!mXY?*)n*DQXhb
zhafKhveYHmGrFPiLWefG#1^y_RB?zo>lcERgOG;!_!2KJ1UD6yh6#^1OdLeNPCyzG
z(BTy?tJ1KII4<GFq#wb%e>kLuVG-kPf!@Km@9%mv3_?42*}=#3))mPjSzlY<?(Q!f
zCh~);+i$MHEvKpdZw<7ekbu)$ywv3sl4mxXU*r3a2+f^>(awbuIEhftfbg3IX0KrX
z6t^aVpb*gC(3-m~p*4#aUeTT%1d78jj&VMvWU6jI(}-A5K-9tM;W8fs%$B=2jzQo>
zIvVg_EYTpe_sLpn_zW+MMUk7tyvy|-o|Z8V;a3(BA4|o^?$-z|E@nU?9)^vK-$p;L
zw*`fyz>&P0J4QcjJ(pq(GZ?Z1EM&DlwA$ALIxKLFqG4^Raecf+(-zfg7`iZL)LGeL
zVi<cY#t_Z@^5|N5pNT_$mg^7kG+hXs|8+pH;u$WE+u6fiXTyIu=YVXE8X7o7gV0#s
zhA7W<V6f(_TOLVDLpd)VGA&Uge$?y=p61%mh5iu`JjXw6T|B|!y;u8fX>ylciVoHk
zD!4?{?zifhN&20xn|EKrT*%I{Gc<9&)D0`TchDb=ML%y>VYXpb>s^<lr$lr3@HSQq
zHp(d$a|g;MmAyt1kdZ(%`jo|Rbzz-Hxl25ZHQIph6D3XBJ4=XxW3VAH7RhyjX)!`_
zSXfy)61|4)lip0c45C<+9PBA;25H9!FX<i${JB7CNH%NY2`KD32lJJ*7v<59%3rfx
zjKfKL8T#}GE9%Kd70taR6S+=DK6f$LN7cy*;Qyab)&E>y530WI{{8!s_*bUtpU;2d
z|DOv$s>)7Kysxqvz6Z5y=z%*hJK^<g6q9&`pksQ_NTc;uKQf5A>&5>mVYkEuT2F<z
zP%SHMDUbu_{6}$*D>;s}ilQzKvZr#=B#!cR^*#fGKIT#|E$0%H<(Gk?0F46=F_Vrn
z`kz{B*9(_~>CM|GlDi~aBe)yg<)^lm^Rm9@+b;u6Lw={hg=@Bj-pzN6-_$i1&eKd;
zo1I#{4PVV_cY+CDjZ%?UPw%zI(pZhC-ZG_Bs=StMPsLgtO<hZJV^mAHoIk`L$u*`h
zU7S2#MRN$@5h{db4QH7S^Xz;?Cf*}RGKB(?TDolS=UOmvq%MA25TUwKu+$lM**(GG
zE~-I~=MAY|O~>&A$uxJtMw@;^PR+n{!X9Fldj!@_8sq%svQbKhVoo)mtUH+7mDC*<
zu6aM^?lyY-n%nf-T)NMJR2xc3mLur{p4dQp*J}+u33uJd__~};JyXs^6CNt{eFm5@
zgvPw_Ix3R-*CT{{)W=FV?8mVZI~dv7nz(MI0G^aE-)ZAmrwvpKdZmas40v1$1+NA#
zV^Px;3$Gp(YdWr{7wjVh?^e*ChzF0GLt?ri2PNH9R=wB9YcAQYnygM?GP(K<icfK9
z<~y-g`(Go0y>+(o5s&$cKjz$i(KT3LTEDWJf<t#HxSz|cRT$$>_#@j6N}idvus(f9
z4%6!jd&uwIh*6N8L6?b}BCC}%(VDop9-Pjz7I*8P3|*95+OAKW8oW@oxmOpSU-zsj
z^hcJ)Yt`K+QL2Yr8yrLdJwA7ckVP~8wKlh0kNLcA?}@<-q6%MToXv#Ago_Z$P>~cM
z2DFS!JN4%BZBMG3Q05Fk5D+_ctq~(MmViq>&l1UaU~mLXIbGV<8ii!8HBbdwx?y8h
zO7TtW^^mLjyVPemqFhVgcGam448`{f!ZeppEg?be!x)JbHl~)h`W&mfW}6NQODmG9
z>n5ws*QOREKMBSlMhVB!FA;ttMi^@~@25g;ro=!21q7Ssn;LF8N4cD5-AJ5)7Sy29
zc&xy+YdjBBr|VGjk@&-`^k+3%K3<Jf3`CzeTj&ZiBy3pLu-4luJx#J79}L-7*6<7s
z(+Y7kmw6*+vkIms36VCo2P#i^NYZs3#9db&c=BNi&-i`*BSG{fQNs6kEa#6Q3;n<r
zUZ$8YpP9>MjC3Et>Snokaawi;L^&Q6o4TgDYG0IN`CRvqLmYE}{c7{%*xo@bcJ>Qr
z#@mFL_oLr0Qf_tWpvFxva*_0=l*FZ<+K+#O$UBb8T=Di6?uk=bkqm-2gc5~b>yi!l
z4%&=a!FaQxU<Jtlk}5X+V%ZH`wqrE?$uEbhrM|KIXifpr%?e4aBo3enpQ5e+7n<g2
zrgHLQBCizXC;=+;s29@DOf@fi<IepBZ!y{xt|kQ8S)UhOSI5Yqx*>gs1;%Kik5Wi3
zhTA{lPnVB8*_q*T6hdG_3D;bg!QU{T$s)?S_gTL$dSB&&k@WwQ-3>6~<DVl|-)$N2
zshbx$yRdK6zqNgpV)ae~obD9pnK%Vd&bD`!B8oNN1jD^}H;$kK2j8P#6xj!{7LK<Z
z6w3HZj^Yd)jZCIqZxd29)3%D^GH)T<LTPiUALbBZd`xlGrC9Lh;Go&5!|5JyzeWnv
z2?l;Z(r0W-sxk-K0-jcmiQ^^0n?r2!F~!2vjU2@CaXe?FHkWygeznxCIBCaz(m1~5
z^F$1@f9RncM*)J3J(9^r>FFRZ8JhJ;Hp$`G&UmNd^dO%d_zhGw?{DxMi0*77kY`YY
zNi|?E|MN+XwSSt8;P-*U&rbd`b=z*OlT4%{nb+_dYV7WKQncfW6Fnmifu{%1`ZNKS
zL$yba0*K?=*60X0R~zK_Pd;_>XK6nQoMzDTlBn}o>XPBzWlCq13-_*~;<k}!MSU8+
z+3{z%n{*E~Q{tw1thscyM5Rn#{ra~M<;>YrltUGVy0X=c{u9_qH0vW)hL>ckP|Q`x
zdfLdVg=Pi-eyInDS)%glQuz&awW@heMdK2HG&u>JW)4vPr^{iLx$KK@W!aXNUewcP
z4FC)hb8jj$rbAgF11xgb==myhe3X^`##@IN@D;37N9Bxg<=#|OTsPjOs7anvY(02M
z6I~f8GLY6`f`Lci6GI0%E-7{#zh`r*+4)TY?$#+$-VmhC@=tj#k}<D664c!RXq&rR
zA0e-zjbw~rn#P@b(z2Aokim3uggvE-i)^LEjIT011FDJ8Q5?5tFxy7WHH2o7*}wX*
z1yI{q#YG2b&;o)6ky)~^X~QK7@6hbI$}9jgUF(0uX{n3;Y7`xoCWr@y^DJazi6a~z
zey`8MX8{;OO6qbpsi&lvn-Le80f?k#R>A|S7hp1IP?Bb|??U?%O$E^8_=n@MMMt4&
z{Ij>W9Av<ty_IG)*_Y36*?<BM@+|rk=3An9%sYLTQTw5s1NlBo63@Ma!?Z*`>ndf`
zt-WFV(F2);_lqpeaPvU-3`kD?!zuK@0LkGqWd0l7A#PsGy?bL3ldc265*^X?^}_D~
zp3(RHFrJ^o$P=mZ=jMQ~2V?%quCWn%;5<iNP+k5?V_p8LwHk2A!`T9mWw#bd9iL3I
zx;#xa#|B$PWx*Kd?n<VW3SKSE<-_U%UTx8J1)qWDYz3dEvL9xQEsh>U1(3UY9`dZE
zbK*$2jo`>Vcv!r{)-`DpQO68(`eLM>AkGK>kXhsG^QQcQg8E9&(ppZ#$<FK;7)9!J
zgi>98hQsSG1q(nAX`^7~CnIt{&J;fe?=(Z{E`u{QK0;Gov>cIO)(t=cOX-Q%Xeyx0
zr18nCm1#QP6c{91_YL=~&+~UYW>G&et!EEkDeIlc7I%xaAI|pn95cinJGKt5jhD`U
z5t`n%AjN?V!gess8oPwv?%9+syTQklKT&lj_CvWMPF9^R?;+C2IO^$8x`Pe;JyH!S
z=KNf|^Mz<(IKlzugm09Hy$a*vl^{WG0~)kdDoW2{1Y7YvcEv{*&v++_=O2QhZ6Qv>
zXmbD#Ix%^gtGaN8X(}YX?nl#hUgJ}Z1$Z?Byuv3f*onKsc6k)4tDs0jtk(iAa3Q5)
z88H_16bGqJtF}MV{t!=%58VylS=7%>X85$~uxXH4lq2w|sPObv;Q8Z&1`#7hw|zAH
zL4OjaZXW$OgZAA8sZ@@_ncp-);{j3WbUxU<A9>w_Y8=iQpN(bq>hnKVh}R@0KF()a
z?x=%^`7Pta{b+an08u4TN1b?b`Hh+eBWrvgAo<sE<?xi`!o{N?li9?RO-8^q$Yn2i
z;4``)Q+pda6A-=>36Ltu>i(w-j;>_Xq}1yU!+OWa{ZM^4Y2=k4k?x5E@jm1)di`%q
z5N+;V6&q<QS`L|gfa{`{12It+H@w;2dyUbe*_MOjQ&RdAH!l4fub7d%d}tz39r<c#
zJ1K5RqE_YmJsWJIS_h;2+OxT|;1f(p!h$|8Kem}0kD`vC>VV0y^HOkj1OJ`R%^k}(
zit%5-UU)D3#NTeBP%r6Z|4^Hpr3O<9vXig>rc)-<)zi*5=pRXKC)Mi|-mpMvFD_s3
z4(vP2pseffLfs#-fYv8<w!+R}7Bz7v2Upb;KNCduPu-t)Re}!f$W}G)Kt9R8eKWC!
zFW2VI2C6PBjX#^I8jdp;buh$~n?l|Ftxh|%hes-cJq5SN<WV9sk@36Fo|Q`neX5W|
z<rgxY+&7<9Pp@Ih0KW!J*($J4uhewxJp+gADXkQfBxobWH+bb#FXKaGfgcq)TbJW5
z+AlS5xR&m7t{=f2F2Rfx&k#%4Rju!!eVsd)HLw%<3?{6H%soM81HoMXde;9Na;iv#
z4}Y~Q+JE$UF@BNX3n*yJ&iq%aaMhzY3RByr{W~#s6#<(B6LE&pzqj9|o^MRdbb;4E
zeL`F{@AM&DMLTCemd}KmT-ImzL@6&6^jrv;!6R0*p+z#vgiVKqK(eATQFb_IH$a2$
ztAB3oYw)@&7}K9jzTTl;5Oy|i1)~CaA-FCAo0YH06n9`3YrI?<;M9{o>YN1>P06_9
zw^cbez9o;d7)R16Blsk+lbU@vMRHltf^$AWya;R`F~?-SusV=N^{_`gu6>hH;mbjR
z?WplybsOf;<=fK|@xX5$+AfngMAA7df?%)Q-d|Q+k?SeWH|5KE*gu=wC6XD&r>Tv=
zGbANT!81Y;m=3aE&LB%;Gc;TZ&o>9NVHu+lav{8j6F4&l;yX+JJ`lf$Kh%HyK9d^0
zm$dvHm}nnvc`2ta4X?Q9H*wjc{_6w5Dpx1Ml0z9Tpz-G|i@6z~bhJgT>`1Ik=REr6
zRR<4`Sd6r~3lOH@JsQ~owo%KOi+re)2Ni7|4g{`}Qh(QEVh){Ol2J8z-w{wtQz|x5
zg1B1=4Lsp;yr@-8Lji4$;uI?HqxHE^jllfgRLD|G&$*tQ>32C9^dzbiZwabp&X8Zn
zwBzQt?RS|eyM5g0XvMnA5i-p8mUQ>F3moK=7}&r6;LoRRKVzch5|$XPjXq58;wymo
zjHc!&0RQc8Qzrm?=hEzS&0KaPIa|4kx{TYa;-%S2VjgjBa~%Ij?ULj)Eh0tUL{!|@
z{uc&D)U@7d4-St3AD~#2pH?t!9hA-=oB|9E+Pyu;@eo3sKW7Ig{x=vj$Vx_r&TozU
zO7QExIqC)@M8$LX3=U{dGua>rIFW+4yRMN0X%^6b<+;6d^`7Dkl-jhw1?ULknWE7a
z#6*2a&wm*21m?zIUu>g2(|kziA}LYR+LQtDLB#3-!FxLvZIH9)?eM$0b+cA&zvMl_
zhP*ht2BBe6a>|)$eRA@r%}^W^W6|rR@TmoOVSg|uNK(0#p*0nRfn-_O*MlGPP)tGc
zw$4Skmkx}<_H;t$MMAD3mbv7n3FG8XbKMEm<1s#J#5!1Jgi2-_V5%SIwWYtNlDhrD
zOtqMaH<u?))8e+pWyH3X_-^hx<9OiMO>LFCygfucrie5&Wo5id2%F~RY3>xFN)P}#
zf=;ZDa=2rYfu5xPgHw>@TD$kcD0LTJ(;e4Ut{P{6(6ccX=x~ueu3-06MLnT&0}U-(
zMaY_BHBIT^A%}5^G}*A8*QDd-N(B3y=)o1hDzCgLkDr-xr4!5-8y!_IVdF_n%y`bY
z91hbd8@*w%f&e|NLWo(ULP`2z(G)>-2PNSgELQ0O3v)saJp5hGywg+d-Jx|;v%O-g
zZBt&R@t6Q4bz$5ymDD4l;<il#SbIGFG39+{NxAjP#2>IeE9WYClq}5etGLKt2r1x?
zusPPRh@?4@2EY<CZ#KeIq&BtA5xQ;!QssP6IF`q8ra?ciJP*(?ay++Kk$rAH^WG4{
zFmb^@<{Jr4;pgQ$;R`vJ^*7Zbw*Q>P)^oR&wn+oD+F$eY<hj5bB}-Tp*{04dI%J*T
zo0AG*ODo!<%wV0Mw&&=_b<$n1KR%95{chYsSl^vmyp>H?*+&aM4c}2t!>3LsqCIwd
zC+(JGCM%d_ar%k%iFCZd3D6cIta6URM?*|_b^V{DQvgt~$t7}B<jImB_9f-jaXKDl
z15&Dc#}9bC*_KxJxrJd#GcSP}@jYa$#ySsHl+GVEK)EwJulu&g+|KvD{-^P)Nk-{Q
z7&`xB8x1C8!^YS&-|!LO6fQ8Id1c@z%~}pjwgFdEh66YLor@Q5NbKgmFI{?@xPAWb
zbf!O{Sr`T|E)6CEC)**n7=upE*L!8y>hA<7HzucbpI0O`3wX=H<>sdnyK|5>S~swH
zk>3)OSuMbG(f@{i5-&ISGJn&%5!yu;%#iSd-*=ptDGa*KU1SYE)-S%%hP(8|`1t~i
zqlx+3v;CR03Mq`tVB;IWHbA@u`uvyO=QiJgqpAguh9S_XX>q`HBnB%lZtC8=m3<wh
z=AC&ei-)~;zG$PPq)McpY6N)MI>uHM;UWpJr~kmO_;k3lB0>s$EfkvHv?BLtMI1kZ
zM336XnP&E;0_rP9iWhI5CE2?2&#v9v5(?P)VZo>>KT}5JEKO$JpZL2NQ>GzOo?E$#
z!!Q&0T;3R;;h_p~GXC!2`kOlNy_IVck_e7ZbnDOdXAio9!b=e=-*}sA5j&Y9#24Ee
zX^M}=#!<wi{eE3$u4YmmfvtrXFrGs%uxD?{E4ptlw(>3yDFw?{78r#*&(~;TEY%Zd
zn?`;XD34nm?a?zFR-NAQz$J>C0XG*oC=QmLJpa3UI1nSTq5=C)GB%BaZh&nVA2XQe
ziH>$_gDB31zDojVj^gr<yDOngkQjRCGcl-KaX0w>dc2}>Bf9f5F+w&Pxm{pak#lq&
zhbB#X9nXp)b?l0*orzQ8w!@ig8cOP1we7Jw=i6gJd*N})xa)}u&peRJ;%EF_GbsJM
zb;jMvX7tL`9l&*6YkmbB-kJF#lf9Z*kfyTe5?Zt~OQo}Fb=cB!UWp*h`tQxA{i+6T
z=IO`xyHP_n^|UCwy-p0<!VOlRfQ_jeA|QWjU0lb%l1S17jt^%QRY`Y=t)3DrUb>9N
zmu^Qv<GM8BZG9~&Ndh72<Q>?~N)X@LP6A=k;W=~o`)@Rne|ia6cr%9Moc)5}Qyv%1
zV79{F^@ML`67ICmP1i3IztoTUz_!JZ*B6NATD>wL!H>XoQQb?B4_0Lop1v+Sda`m2
z+PHNIyhy=O%d%OB=Jfbs)=RS-SfP`#oT-dm4RU7>q00fu&CgqVkt{o_#|Fo$U#ivu
z>DrgHIhg72OgzN~JA|PLl;wWk+fBITeeCui0DQg2+=1~15}4){Z<bN{M5A}+g^9Wd
z54<;yE^j?**!1Rj@mDqP74_mO1$qjXLk<-y=GRr|p9fmIGV<YSjB9R6dct3P7~3Q+
zc>AfQ0rfpt+>N!9`yFdn*_I)injLv>&$1rVJ0P6tbVQz+?%4<(BkjS+(cK-UCH{Gf
zk*3O@HDj`mRgFR|dN($g`oBBLnJ=~j8+bt(!a0LE$Ft9(rQx>&=Tvn3miIT5;0hpg
z*aS|G0dHXGCxpu|Ez-Ra{pOg_kQ{YYQ~_>Bvt_|)%^LXO>tAW%BmVaXV#77U^9Mu|
z(=6{Z5qt<$&KU@ps~guY3s2S@wkuf|ql~5{F*Xxo1Wf#;V!Da<Xd`yI+Z4vyxbP#R
zYa1D!cOaS0Qp7KE>F%m6X;OIt1^uV7JY7X<9*zW3%rTzQ1X5~P*0=0nJLwoKyWoqk
zpG@@x)sDw(dsiBnOqAe-+XBP}&w7Y=1=k?&^N9O!Y3Zz%>SubEbi@!<Aj8nMK#015
zYs<^#VwqXJkdi$@>mp*$JQZDIjYY?tE(n{}N{<pIIq}S;UB^p&reSGq`P{knM_h0z
zCT}QY)i}mL5j#`5w5ri{{-Yl>^JtINmU{Q+wgO9E)R9~sw^MR3RkVO-hYsgNc-?E8
zl7_m@N~K&lYj=FUCtA%D1Hy|)<2#&?(Rv?f<i+SZKM{K~x)iEGb^iTNw3A4d-{Tgg
zzZN!VV%b;a93bt%FGP8i%c3SL>EU?gmiPTIIBGBs&2YZy(d(uK#&ShM>>W07l$l`Q
z4@{CJp2<8)R4qJ+b}{@RnT@4J5oaEQr)I@M4qptz=cp^P4dSs30@0m5Qtu3bPXiYA
z0HqJRDxqSl`7`oZuBJP<s@iRDk`st>a|xHF+ZCu81E9bO=GI%k5cQ7x&(?o5s`=0z
zMPI@N@PTR!Jm^E^AKjUG!s6ZWg)`%4W)c2%n`DEZG?sKA$?{VEdkLixkG8#=y1oq_
zjI{kFtNRLzlk>fE1F7#n57_?ZiC@SELdqS#sppUb=TQzd+S2uDC*ZQX0yTgX=U6?p
zi#_a*&?(wf3d68<;8=H6$XoZW(<c$}5E+gdffGaA{EkuSnGi&adC&mbh+qMyCs@2k
zOyy&dNkojJ@=}@SqsCNuiJV<*yQrV?xTs*T<Fdekkz5hdrI#JDB{F=OQlW4?Y7$Q-
z(V1;YXtgyFGMqhTuA{T7ygBfz>TjLcy7C9-?_V0={jR-q=4rYb5Y7=+VHc`jk&|J9
zqh~nYhJPi&XyR}N^7`%L+^_E#>fUmpzTeIVMMNWw?bVK?+3(qBBf2FOMk_JJ)JIvz
zgo&r5L^JI`193av1rh(8x}bMUDk2W3qAz}x***$Bt3v0$hr_SsCp>L`yi59Al0ho7
zC9H-6#oxP;#ugCH_>n)!n}aSlgz}OLc-zI|vxoXS-SQ+`xzJ4SX2ql&6%G`=E+Oij
z31lTMCQB99GS1+L#{Mx{E=iV9&oI_eHJW#aYWnxJI+S?&h-=f;9;_Mhj`)n60dwqc
zJ4}-KhC?u9e1wVIUbVH6Uxq{A{+14en&~1?@6c~wo`~YVGKeE$MKh`VO7DnM&}+`;
zv3uTsMI+li5!A(^V3fkk-!aKjAO4{m-0l@c)YZk;^n6=Vda$SzY5p5W6T2#4!vaZs
z`Z^n#`DQ}A?Tu#j0GD&U8CZkWL6adA<)a&BQu?<tQM=by+(uf!m`A&48qC>b=MKPR
zA;r(6@jwrLRa90sq%%-EO?Ct9A7Eg26Kc(WX*IGK03nRmaIg(V5fRE#yNHP*C5P@|
z7qAv7&#FC%DPz63IVVY)HR1T~=L><05AYCZd{RG>Th%{rkH%ddh6C>)=Yo?Tu4AW5
zuNPAl88NDs$A0sv*qOsn-;W@KzI!OqrdLm=oo5UO-jgU5P$t7Ah5}Rs+qbbaD5Yif
zMfHs9TZkra=L)$N6KP|ka{1MaMF<NDPK#x#JMU|82aAp_Tou|=_cQ#n)MNFF6r7%v
z{N)Od#O{r2>(M7ftwGwvaExQ4JPrw^8ihWxa>uyVu55<wBx`9^@ervd##yZrvofW+
zv16QK>DuE<7Y(kok%bwUf}`}z@9LnV9E6cbA=USaY%gz1=mgj;IkDdWhSk#6%B$GU
zF~tTY%kQ|c%kiwoC6k=O-Y~4*237a_^7P**$7Man0@)>4`dv@BQ}2OXPPw62MP>)D
z%o~1Uq61zD2Kd=V+w*o&l7IdT;R0IT&gFvfqDNkljFA6bV~~Bw4@>w27bTQo0CO0c
zm-4Gc>~xX02?0f1tj#N!!Uhcy)W#Y<<X3L|e3dTq)Gu}E`7YL@m{KR$tta1=-X}dL
zkd2#b1E^uPmN7M=2k|33T#jxjjKX{z_QK?4ZH2230uLMn`FACi;J>iOmGi<Ovr^o{
z-Q4)(F!bqT>Syb);(xG9S9{}61{a9e+8P12NPKqY({$GFE>WNgwX9^)$`zxt{6g~)
zLpK13hI?3(4{v^)?unq^bV=x0?fX8@sLXXYdFKzr3!%!~7OD3zp+i@_X@eqs4Z4Ih
zw|%jK{*PlA7ndc2zUU`*&wRY(-Lt}$uXULeiW~1|;|PE-zik4fOa8uxvx<}r_L%zn
zAKUBhpcR~RT3MdS?yfldy51Kt1vp#dpeN|$Mk3uZ0AOs1^z()>`5YNdgvk+7JK`yZ
zj)Y|I%<syRt@lWD{bBXwylnVyL!sWvi<>6rbM%?5h)-42KYgJy9Y*drE~w^JLglL2
z80myl5egR1kAT&-L)*!EjU617)can)^IdI+jvZU61c9c61c&Ad^cU(%lJIMPoxWWd
z>4Y=lNgO{+&3Hs5O&Wa)mW~{(CHJ<R1k<40gSX**B%fu&B~6+@K<qWL{3&y2jkG#F
zzxdaG!M<OLJTlwwRS1RReNGQaFwZ6bu=baT5PRD%5OO7%Ij@H*2ou}f0lsPOO9qGE
zwYv_j1zOI6$r0Ek)eolkazC|3&hK2x0G7FwiK>281&7TU+4~8``&Z^>_TnggUu0}&
zik{ctB8(_-&fO#3ON6te*ckgKn!=2)XvnpARq>nNARV1FZG8W05J@C~8OlB`UWeAY
zmczgQCu5hIa_&F3eUs?Q5}H{4UHEzAAm4rxP|62G8{>NE00m^&{5B1D$(rMF+iS?c
z9dwtCd3(QRPnl!LKWBg}6}{H8SlG1+!A67Apva?Fs_=rA9!b<3TX32QY8=#F=cK7M
zd_3CeOrU!KsyQgv?pgf#=fWWY38;polzD|GGXaewrvJO$^~#?|F0kM@go4S%O1Pcr
ziSNrQJI5>`CJC7WU`2KbcT`&gcrh&w@ihFxUaC1v_Gq>P@S483xlv`b$|y^JXy0|P
zI`tsNBYY(RFSlvEkf>;$bN6~)D9^j!M>&1vrrxKJRZSZdl=?B$*_$MilIMav8t<Nj
zIv{c@ej)7iG|8A7w=r}k>Nvr8TJlGpBkFYZjt0aVl9(ha_Qd}?&N!b}NlMk<<O6)c
zis!GBX_hCWXL&i~$Gy8~q~Bu^zEU*{)`zUoV&$&>O3|^s^?@FNBl$?gA5@2baBP<Q
z-5uE0ldWn@U5DA|023y<TERL}I%XvD^Hc)(jd$;g+TVRxW{+1fTN^5qxo2nPG<k;*
zEXGL$uLOrtl4)cn0_1g%UmarJwsKsLhSl;P+qcb_j2<pUD<AaN`2&URlJV6jRczzQ
z6h>ACMbthN12#KJ1J8B+j)yS1Xw{gh;u{^KCG(%ebM%2CR!eV+?Wx88)Wu*-Vq=B}
z?)l`m;}%^Y70PJi=%if4Uqajp3PS;%#ZG&I4-y(Hh1P_1zf76<pKyW`hGp`-l4eSG
z8srZzX@F*Mc{%Q6i=eI^&rMWutZxCkA4``gyFkvjg~MZ#|A(=6j;^GM{(hqgC(gv2
zWMbR4HIs=s!Nj(0+qP}n#>BRb$?ZJPkN3UrTKA8vb5dQWYWME$s$JDp-w(!cgt$4I
zuEW<fwm<%gs{^+8Cp0(%o4JLpWv(l^TG8ucRTsDQ?-<pj;|5La{VPn7JM7HMzSAW5
zJU^!Uy0eG`)eB>N#}bC@jRZ>u@PjJ9rYWmvPN1WJhV}{?w}FF9D90&=E&FOqJWWB^
zyHQ&Oe->OBb|aN{!;NUOq?R{tg^Wt<`nmz?g4QIEoq~2AZC`3}>=jvTx!oYskF^u>
zG;odCbBegGd2N|gyKuS#J&Rw-*oeG%RMugd4YIeD?Kzb^(_=(obrqDZiN4Pl(s1s2
zlhLs%KgB!RBzVYTZRmZq6VmiVF=vV|>|y`o94lw76<1rztVKoZAS6@<5}MaM2d{*^
zmvfJ>UgeHoX(T&A+?;U>QbM{}w9ZyD(W69mO?;kZ09F^Pj<I^&oV11Z4ehd(@>kNR
z17CNYtFmFR(o!CV)ABR0jtz~JFluuCrXm_LLr_kzq<`;=JOtnu7Rr`F(VJY#I7<c#
zY5$U>kWxl_G*`($;WLp)399t0rQ!#C2zKJ=%F8en8}gCODi<vJkvfaZ$2#5oh&o3B
z^BZesQ*AOFF_WSE3!}&06&`$1<XqEB1pau$L<Hu%Fb3fzD=E6|%F$x%EYm$EYbhGL
z&>yM-`cCFnJCfSHV>S>)ZcWztlt0O#2qgnY1F;p;9K+a}YZ+}eX!Gd~1{8gAIy5DJ
zriKgKhRx@AjKOb*FfXSvNFYq)Ut`ff@I=*Lskf4_V|*qw*BaCz2)sIV>Bya@@uDb9
zXL@-zS>Eb9-DO8KrFu$DcfU`s4+K3keM>G>McEUS!d@I{oUkI@46zg1joZg>5m|lU
z^UkT1!*5)!O&;SCaDuoIEH<%aeH<0;kHntYcet8YyAq*HNMtM?C@oS|P3ENvHuWLz
zs_%hAQUkQ)fr8_$6rFk`<nYUKtpgRrmyhQXp25^K7I+vCI7_w2^XGJa^$VXfO`2TK
z>>IIP^uM_K4=qLT(Vj;(V13FYTf=sNt-BAaDB%WN8j0OIlncrtfMjV+i^^aK_HR9^
z^~R0xmpMK^RlP#!X{>zu&;cS=uGZMFnG|tW5Lx7Rbpa=rfF8hX%2oRxZ3+^VktfdI
z6=(KCtUrv$bR$?H9;j<h$@s7*Z`Xl-!?VcCDE^Tj63_*Ac*5O~S?X4>N<OHH5N-Pw
zIDB7p72G)(c2v|QLqTMy8M-}zN7#3&^ykzVnWXs3wV|Uc+5;l?Z^pmc(R$Yn&+FD9
zlwV!h^kJQl>2HPaU-`ag{kN5g@1%yu^o-j%_BmuVK`yP>y5HJs-fE9AC)K|5qo#c4
zcV;>UIa^6@tQ9KBV3E0Jy;lz=>|gT35bK9)fnSmHjGii$aF?^XD#)eVdqSt9vaEO@
zYQ@Y3N^4G%;E~R8fEHV<=)KwYU$b73GwAVVq}+jZqe140AM24g{)Gi1$lKvSkcmcn
zt~KNODg-fWkE!%Bjk>HcMv_q=j~GpUTp0cXnrzan0kI5Z<L5aJcDQqyt31v?szG%+
zcIus5>@j0b59Jv|U_#4t@K9<zstgu}nyg7~m8E99p*5kSeSN|!PQ^C9+sV*(YV3D-
zxYOBLB2CQS&mP_k%n<9>Q|mOS3u@3~cL{TCs0WQgN^C_BDTCGGOnaQbvUwJLSPg=;
zWXf-Ri}cw>i;MCO?S6H|*qyY_1?5x{1x6i7{8GJ=F>O4@_<WHzjQqxFyLpv}9`ESs
zenNC+SnAN#B(E5?Fxix(q+aEZqcw%<oP<bn8G|}teuDQDpMXi8#EW1<JJhWn9_rOV
zgSm8$R59EAgz2`!u|1qI^+aCMRCIf{`*<GRk&yfrP4&p{l0qRS2Cu=Ebj18Fph!<w
zBSz%f&<2pKxR0<Dtj3qtxv=UKZ^=77G~U0azFk9~ogZjuJBEcm41C8^);&?@jv<}@
z%8~6x_Q*0%r>M3lVqnODg6U4i;XS1xFV`6sz$rr5I;A1ZUUKoNXBWokABR-aU3|oi
z(Zjou+Qt(`G)(d12Lp$Lw7h~1rD9#h5cOjwkz+z0$wULprRcl=1Uh~H1T-mKQam+%
zejaLgg5g9|BVp3RJn5d|y7FO~_cSYKesUadg<KkeXJ_2reDN@A=C~f~Gme9-+X-Pc
ztlG6fA)MJalkB~lDo4l`2wSb$a*Hz-xDcx=Ev4-PxE%?9l-B7F+<aCTzCh-6HRSh+
zVK$s96JzkCA%7iHS{T%JRR^IDHi)F}7y`kNSLFJpPd7#qO@;A@iW5c4DbI$J{H~@R
zX?#q({t2XIY#6P*ib69y?uLu%*a$^iI}<*|sCjdk*mwnt?8h`~^<Vm<^gLB1p83i>
zK}R`SvTEExHYCZXwv*E+i$45i+uc}sOhEE17mABcFG`|zB9-6J%+<T1p=NhyJ;JuK
zR?aY9JN3fw8oxoZXr?Lh^A++PLw=5mU&V=}H$yH|j&GJa7{p|sR*7=jxf`@1_+e-w
zW0<-F?>Hrldjo%#U}L<^K7hJxl4{gLH2Shp#AU9#?aFjdS~3!m(O>5M;GljQu=`;B
z$%O`!RhtuWGRV2p6-sXwdYZiy)9jSjR$=-l_e^AnK&LBqh`O};R}>F77SgxV-!$}T
z-&2>k8K9~{Xop?5CbPu3>rS7eA}X0XXm6SJ{$9C`)A^G`3EMjZ%dizHxaAB{=%Vq&
zuww>nbY_*@UfUFLpKyQwruXYR&$KmUc%A(5BUaWJ#CiVem(du><EZKWtbB$!TWU4Q
ztb-VDOS(j%6ooBhO6LAw8KW+nWaC%fSlI-{eR$^1@hlFy;cLqk%;;WS_Jb*BXZbq7
zta_0$c0>bu-xSE-gXzxE``=Cfd=7Co2>XRD>Th8>!Kanmk{bT!u$a^BhhN<24jq$b
zs`<}-uMCXD-M>Qn#&YVLJ9o!ig|wMpvPS8cAd}6fw10t+x7Qpq?|9vVPv2(~CtCUz
ze`SpblPIzsu`N$pf;50B-{;nDxA5za9DuH2k8Iq!XPMy%NwwZU#A0>6ca?Hr$YEIf
zKe9|bI_HAlyW*|u_rEM0O8<P-31wt>;^rM_A*eP-q%#ZMH#X>c(`q^2x=pdk*ncv#
zdsSHPKb>RLA+WBbsq(1Q)F*8XjA|$OOpsutplEVg0MC$+#5^SvW*p|wIi0lbaP{B<
zLK9IQ=1D{7(yWBemuP^Fnd%w7%<Fhn>E$u0-#X^h>9PhBN)U!@D9T3$Y#mS+8eP)V
z!vHFM903s*{O3!rZR`Qh|92@jJVw>?)scI7h$@tNgV%nlzk-K%$`SJG>;!*TT=si7
zl<PdH;~?oN;(qSYL9Ddr>(;qIt+K1Soc(LN8!c>$67>CMuHpaU9Zwe8|K%L&>L+eH
z>{jFBA=RA!w}m^sM8&Ob4kc2Hm}6ftN729;Ny6uFA;t8uiT|g6iGyA|2=p~Mf<FwO
zTZ`<^L;L|4zU`+PEx&vDY;Rx3bN_!9{&D&j4BKxfcBIrE^dixH?wyF$6^^}6#kNc5
zH~4hxje>fEI}obBB8PXf=KqKp#gCLM)ttIrSFGi#vh-UW$0QgriJ-!>Sy7fkIi;6+
z6I5n7T~MVGp?jSg#mryMR%+TbH4O(o^c$B_cLuT5G8Hn^`<5j>)&lpYk{``R*g-*E
zI9e;<FVIr;<HDLVFSEWJR4orRnj?c=V9P3c6wlA%P=XL-qndyX<%B@VX$Bs>x{Th1
z0ltJN9u45o2=cESGBRD{KEq`{vWPap2;d4Y31;PMquJaoI`kN+iai*xaPqjkd)F&!
zH7%<u84T!Lh_EkXzGeXaGDpl?R=SI!r_?CV&85n&cp#5Q(LO?Q{nd?U4<Z2kIlPRY
zEahSG8(Oex8~H<nGeXQhMK0&r$Li?~o}T*jVpv`U$!rXc-F@nw>wrVyCZKmM`ng3%
zAP*vbW#Lr5_Lp~JO3%C0rIRPUz-T$1U|z)7x`QJ<*I@YWA;rs(KjnWsBmZ7Qjf=n=
z#UtjuyVuuqr0ec=GSi9%*haSAq9oy&GvqNzqR?T!B`j(VkWn0JIuub2of3Tu(_Aw(
zjcRhA;Q)5UO3`HzD=?)$AP@zFpCm-A%=+30aTrK9yizoCID&<dZ5l@MPH}0xW11g?
z1D5q4kGS|tXC7TMhTCbRhL%gdWH>^WN$rD{qBuk@r0C}JCh#-pDZp1T62>l(yx1<H
zEkc3GOC!Hbw?}>T2qbx^)(4&KpFBpRU=FO&051$}9V1sXNA@)5&%-2)9{L8+O~6Ur
z8U-<-PXfhclPNX;Iy>-d9gTvqe6?IIo~J;m?Wds>Gr7R|$aZa%B&&|XD~Jr~4-5X{
zn5AlK9CWsqH|QV5$*FlLDlo<7=l0?pJyCZ+5vg535qn~_K;2;+Hx$g+k-(&}Ndcl{
zT%iA&;&_D)G81z4=4Id2Eu&i1x@&7}6PPb?r#4e-k3<QttPmuIF~m4{{dA8A2MDtl
zZsP9zA$Jm|<$!1!+=N0QnDeLQF9uE%J)k>Wkwu>c=R$-N0eMX4=>CTMLAtNmdcI5n
ztsDs47$as>$;6$$GbaZPGQtR!X?r1{63hGLI^UVrqTCYdn+EHv3wX+hA59InU4FY2
zwn~k49s|C+=_=7VaF8g<pi#~*@p3K|eIR*ps^lxDN^Q}+AZCcJbwGkoZF+9+KC+ME
z(gne5dL8veKi)vvkc9E!U0W^fMhiEAxML)-U}9*(7ic>C_q+oS%s<XtkNQmul^b`<
z@XMW~#n9<UfFW4cwVBsu#?N-**pdKd8<SnX);#n_-xT>I4a~wXdzPM|xz!#XN9$RO
zZCYuHZOGyaQF2OOMR%BRymxUT0#bBti^ZKh9M<NkR}OnVjaj*FhKSbr{0tBqP-dd%
z6^reIf=phzEv9XwJx(~IVr}wqNk(DAN?HZ>%i3`nB023kT7qTEM96$Q92j+1W3oh2
z=b;US*&etu)5AFupck7(<bcRZBHrqgzqGB|os+{9Yl4+Qtf}W!zHe|v=g-4l@ufb^
zT$CFDRmhAgZ1W=f4wDr3X@_VlyMYZkUXg!0`TUifU0+iCgM9FCZrMyL!2gA)&V-$O
z3{@d}6zxVu{tOyE3o1pbzXol2=(5MqkL*D83qCLAcE}&Y12xIX1sxL46LGTQXkzQ+
z@UCn4K_NJL7y9|cr7<S+)caEeDPdGLqV$$M-43m_(?8~^MF}|Nc@_+3mY(k%aq6_p
zgHb_@d%H6{I^9ZoU(3o<sf<U?Yifo9n5aa4IgsJDolo*y4E2OIGdq8hOW+_m$B|i#
zlbUqByk51C!52`<c!19Z;p|otP{->v;SQrWKxH#<_$9;yD(}q7Z<X=0`)Tv$*^(D3
z;|gzrwGk1XGXH-bcUba@?LCNJn0ijN4kr|=E&?-o9Xy@k9Ij^2zjqMO4Q+hvBfZ#h
zbG1iIPw9`u6t%FpH!^?^tczZhr^L|Y$7|^mzDJwo^(fLDI&%MuYMl(_1tP>YD}eF&
zyQa(X>tiJaaiFwHd-U3r_DWxLIY9VX#v7>3bD$!W<f*yZi#*7uL(GV$_Oj{A0i|{u
zCB&^J_e!0hVoNjHod_{uK4eu1)FCJeKAk!)jB&b>o%P`j!3T-Er+Bk%$n(aZ<?ZcZ
zJZ96i>*aZlAvTdcprA|IdwtDO&cc;pcnY%r8sm34`)v!iF9#a&KswP6=vgVB;KV|v
zzi-c*DR^lH2E*5kJQ!DSNO}bBNcln(h^0c$p4=??S^-OaIx<M3{0@MKCkHfn8qF}-
zlP_&xb=MU0_brd$Vy^QTw%$@H!#fP0(q?7G7>hdyO^ZRBI>8+)(A(nk@zG89OfIg?
zemj<7&p~ne;^Gr1QdiDKRx2EhBOMEesYSi`rMIMpa;fN$nI_8*#2Vmk6U~K)z4ZQT
zCg}#JK^t*WoDdaQ@g`-N!XXD4Wx;CjE6eW6y%$J2MD+D(*peh?@osw6iCeoLvIW>F
zx43z1BNQD$3-Hzn)&PH)1qu#(1La=zYbP}<)|XK>RgE$3?8Z-FWnZz9GVl0m8Zv0a
zDf^@GJQ-e?BWlc~f4)V95(l+<5O4#X_`M$PTmx~XN%kBXCyS<A3JLa#TlVD+m!oFx
zH!-HOo}ip3W^tA}_*{rOGkxLz88R7I6Ik}1niewf8kOC1HZZ)_c^~gd|NJW-N`uV7
z1sy@mI!1i@zk{jw=dq`X$L-|hw447GIpB)@xqQJs8k0*t;fd%>dP@;gWd&l5A(3Rv
zwhX|`hQN+dX2Fw1%?<2D0?R>RGL)UYVms><T_`6p2J*mRY}Pm2RGKD8px*;M$nq&u
zMV?z`bExvqZF{<s*$(^4F8>FJZfra7jqh5>{=XwOdxOC~Z2OanbFK_2m0sC)`?W#6
zbjAxN#F-jJ!DZ&eN`*O%zoL{HA`)0)xv?94G_evccX)~-lN~?eX;lc-nYNM1&&cuw
zKY@@C!BuKH{<<0*0}DVdqO(l~fv&1zQ)H1L(`nFd2>dDAw;a!M+(>cmuKv2b6st(=
zMWN7|=zKq1{0rQ)fm$&LcgZ!D(NMtB!ab055QX6?8XRTw4oAiWiu_B200ZhVYUBm3
zQWvT!&?+v2(gMvrUvA$|Ib=TP``s~vxu8v0rSrXY_nP05cbMZ(0@!yrvJbL-z5_<<
zo6Xm^grqUdgZ1SD|MWONCg%$0_-uJcjOqRGgIgt0`TYhK3^SzhqX&9CZj<<%_cIjn
zY3^HDTPWZ3Fb&Op&U$_4xH4-w-r+tA*<0YWayXo?59VE;kLz}ySkNm;xGqXf-||nJ
znTs}@MVbl&O1Ku5;e|)dRpj6;wD|+47Iv>tP~s-(YpL?4sRyrCOYn?b74FJ;+>GJT
zg6zzNnqk7J-z$HAn^_`_8!7l+<^1UL3A&hMT6TkP5nQ5YORhFO%pz)*0p=50QQ5oy
z%@;AwF+tp!B;|v67@F%Xye+Gfx$-!)$AHaet;TgEu~|4(cSpowonE32IQUh*Dbcq3
zu`*hZdV4BvUy}q9$VME6^0wLy9Eqv#oQ6>r%?S&xWUZ3P!X>8P*n)5V*8R_3O6ln>
z2Qx$8ggQu><E3q28nv%2C79oPa5<Z1X6wo+tT&Q-gMK&PvKEaMQFiw5wgyxp_CfQ)
zm?|r&FT5P{+zBs<#U^43jy^1=o|^xOFx^5E`5>~Qt{9G)OLhOTG@AY7><2-EZ?)8(
z<Dg(bVNoy496II;%s@wzi9H_j$n&|DIlm4wCu45>U5{sF=@*%cAPHv9PfD)aBs2)#
z%IlBUJBOrC;M7I1!WTBTigEAor=a;<tyv~I@U#og9ps>YMKqlEALXf^7Q}t0x@uPK
zlUjJeZwA%;%5TQ6$?#lVdLQPY7jUH89eB!tj>{sjS8e@nz0HVwVEQwEPS7>?`i&F+
zjt!SBJM1+7Iq~&HYOl~agm;Y2n-)|9TTr}pKeH{3o|-~RDkMFHW5vTR<4;cf(&n@9
zB0Tuhk>ukUos@6{%}Q?dJiX7#I9}$A7Zkku#*;3<f&rQ0I|Pu(>7cH(Aauu2g}K{Y
zLXCrjC4c>=moQMr+^Y>pQa861g6=9ExHcXBzKO_Gp{FRFUV3-i40XLP&>&NRalc)r
zA1{1Sz1&uiF2f~Y-)#JqpX&IMArV#5c*`Et54_AlP+h}w)V~$KI52~a5mR`!c4zrY
zkFle*8?yrbA=nMiuU8Gt9R&V}HgRMCC$!nPhG+e@Es*c5utIX$Bm&v_+A{)$WuEN(
zNg6Y~_IYaa-ptnbM<O1+^4$6XRjJufLMzdnACY*nGtO#;Jdw}Vj|N{<6u$D$Y+1nB
ze%0DBncRbWKF)f=@-LcFQ!y84sJ&w|%v6r4#bw`}BFtd+1|Nm;MKHO|w>~(w$U`R*
zIUY!e!fE^T>h;(%%<GAr7|nxf=Xl^+b9gZd=eBV%mY(nj_}m*yKi{Ko9KT<af%)nV
z$XOTVR@UbQ8TFQEaDAy{Ysb*5hcUw1)M17cuKz7>$_Y73rx|H#iTSQuXS@TSg!WSj
z^CoYtj$K|EMSw>-7$<DZ0xHUalj8MnpYt(m%#goOrqY}_GM^`x=klhz;>Z0<WV31n
zkGIhO^ddlJ$CZaVHx%78Hn8aoxs#JQd4?3@5}sE>B!A%d9G<s^+E?(IAh^}op|YE4
zrxRi_33l<*iO>2gDo1^576sRw9Qp{-=6Hl$8pdj_NyWd-Q=9rX1zF6jS&ORKfC1gx
z!540#v|JOX=Sv)61~{B7MuAU{bG~v3K`v9^c<y#eCq>@)l{D2JHVs|2ja!g}Uy$OC
zQicga6VjXQKIKyJofzVfyQHQnHY>Tbpv|}8dx)sjBmJq+uFv4eKL4U%8O+bqZz+z%
zT@A4n*v!8(i926n345%Zp9eL0>mb}tz^(M8X^lGBDCXhVYJ~TsYnl4?6kGEL_<U`S
zZC@=wf9galzQGvipAiZ)@tgi4cO@t;R(r;>hw8m6P?f!Ch15PnBv3kzVY1!RKC?oh
z5K63rwF*CGsC;_K*sOG!eUET_z(S6)f%mk2Q7-Vw%qaCD0Sz4;JTYZ**-=s7zVB68
z&#Q4cgcT>|H(h8yqNI^}Y9%R%OAU-~jJ!1BF#VteuTsl3BpIPhHwdbohcv^w8I0`7
zD52s(^*br%`8h<v-5%J%Wfu+IuiOJrHu8F2dJAlv#b}WOGc((lO-V~F5p*J+3aj5|
zRo|$=NTXca=(LnI69G&G?0srD<m_lQde%dt2o<FV8Vh&hAmE3s-s_$XsmU*3E49@@
zLc`0qIY({$Dr4J#_ZINu>oeG<!uTfKc#(EfU)?{?3GuN#J|`C?gI*U`A0x@$1pMbc
z7+sg^!uXRw%E_TEG+EB<9N#btVH{%d7fYs7B_YG&q9m(8&T^Dq7?kmMo*j&c-{ZRL
zM9e~jhJ+;&m&V53^-)T0fD>BerBT4p6=Q|#n4lw4_oAfnZG3c`DI{{#ODBS6P4JUC
z2UL&7`Bn>_3=o$1p)7bqYPc<c!J8w&J=q0D=!rpD4jr^r%rCr`V9U@#jv1o7LjjO!
z(oeDtFWfMMd@DAIzbY^c$}3>$4Y&|%5HX<1Y&D7><wqbI2i^BtPviyEu_+fv;n^$Z
zyye_goNz5d`%)D-RUhvQbBN}UJQo6ed)y1!3Z~BJQw+gO2zv^rSey02o{h2mM3Ic4
z`B}xQGi6wur?Jh0o41c9?1D@<eG)19_s#+1La-u#yR;Enw^dLu5=$vr=ta#s)t*G0
z%x%_*1v_8ZowgXKbG7Xh1gfEO+0D-xuQ{%I6`NL{neS{q)lqxq3hj;cOJw62J&ATP
zHHwT~@h!7Xbv#hfFYD>=d{)bkj|@+pr-mS$G>nb29gg|!R_Dr9zKc4d)9~juR4pX)
zs1W`r0&Bs)xL!&!E3jvx@rlzj0d=5WcS1#+R6lL+ILfwLBa2#~$UlW|2mf(tl5I&3
zipdfKaz}Hi>#M=D_TDMMR=8d3=MzDmzIod_+9hmd!NO;gtfJ_2V@oYj9l|LjFSBSJ
zo?oit)<M39eS&I)+rm8f>Xl#1hpxO`CAoE!gERK|=O93S6Q5e5Q9jsG>;mhtc!~Y_
zYy_|4P$4{OZ9(_QNugi;@>pS0<wB}I4)e8H%YAwo0fy4|f=(Z~JjFt?zzai;Q^)cK
zz|Me40s9MBv{cI_yl--*ezFZG<KR=lBb#-xT52?{1G6$=E7S#`s9c;H86b;oR%`@3
z$w=P@v*UnCgW3YIb9mQ5vQVm|p>11226!?-XvkptoU1lb)uZ~8#YaPowmz@L&S`mn
zWbWF^;@`p#1+J`j#{JjrN=jQvs>)CFql|ooOQTfyc)=!y;!MlvPy97*#)0Ui)d_Lx
z*M-kZwrkOHBS2(Fl3zHC)H>S?#CluIH9by&C<>O-Xc;Hs=Y_3bGe1sBEs<25=SSBS
z)o~OFlk+F3#o7{ziD7Tla`+b4>HRCoSh8FB_fSfqKcqQM^`ylmd5_?E#b@ZKgJS>7
z{2&zEh!&`vov9IqH=<&9S8kZm#k$~;9dsj+WvBB}8d2|whdJm?U^}`BKc&n7-zO#g
zl{G{kWN`kqI@%DhOvXgd@)o_r44Qb>4C=0@?nl7@o^_lhyk~X^GA{5=QHggLl7~&l
z!!42w4TLvLAxl;cUh^}HQW3^;nzd|w>BltB#|M#3V;oOS?jNbNZbzbHu)KhX`K%*3
zVTl=k;~6VK@)CM`ri=(7|MdVOV(n28czzM52ngpjFrfc){>7p&40>gBmn6{ung9P+
zU-={owAIZ1AWDSTKyO)?SC6k}6KCBOgY^qWNJvjygS^U@svcVFSYZ%M{P!p6Jx%R<
z5gL;vo%m5d$&KXi&hO=0R-yEUOiJ4JJxyd|aKKUkM3WtP)%LP-1TBR5J!d=*4%pUt
z(-GJNtycVnhx<G7E5mLgBK&#U{X9m$(Gr?OsFU(GE%;uc$ytHNvKr56Dq_U@J<8yS
zMa9%uHBxTu->atU^51&4XZP<ab7aa_x8xcTl(beo+mamiD0c5HBr}u^_cV#*E#!;g
z2X;%Mu`Fz6pua_-QDdYdRatpBVQ@xtcRLSgA-EG-f0?>pNSrQOKL$zqLL#Ova#CJ!
zx3FWs&;SGNU>23R&zmQD`i7Dx`levar)j>8>22FpB8V*;wQHNgj+7dv;4NoNmOXn)
z<^{+$cLTa%P()%Mn+aOSgyARw$ysZ&W@fcZPQqd~7<TuMkV2f2djk7D;JawLPuN#W
z_(NPvp`a?sO!ZzDD4cXc*_!9HMS440yTj*%O<de2+s41F*z$vfnX(0bE1LW}t^)ig
zukvs5@DBlnw%w)b?v6>+6*RI9@3vj)1bMx98Dl)2{wctE>I&&{?{6%Q^6V>KyUdO<
znj%ejW}C{XVb0J=&X>l@^z1<kg<d*Zluljs3_rx9M_RlG7CJ~~uY?Lm<l#DFA)e?r
zVYuG-=k(UIIcy7u`Yxs0L4&mrN`>mj3?%Oz4<Wy$ah5}WH567SC}qP#Nuo=*75)`T
zv44BoUFT<EbjEGc4$_#59uK{d^%K`zk~H>fU}8#0;G!75XdvyCA*VSayWekHy5PdO
zbKiG_@|h)V{Nq;!zP1=4wjY}opW5P|<t=VWRy3irz7Rp^9gi=|bnT>rLLkKAG<OEr
zY@E>(FL@@*5*38H@ICgKy@v)^_@d7V>P+yhB%AbzJ#8SnN9#t*I7EC7jD(PH7_=_&
z?D<s)LvY|GaxW4f!m{4P>+;Ryz%}=vR3Mbym_fHZl=YCoKuRF=`;^{F9A@3QFS=+P
zW<9Jg`sl?w+fr$$>1{p0Qc+p^>sb+^(}~t6M%R>0hKg9GBs%rcAQ8{(p2Z686H>77
zTEex!5<!|4E&1e!4c0djz?*Nvd*PowwSB#`D2C#!3d8SQA(INgnW<q)@Bj4lMfF{)
zfJiX*hXbBdAPl<G1j5iM3u$<^KZ#7_<#3RE-nx65=L)%{<gn;DIo&`M*~BuCICjw5
zbMA9@%6Xa0{YUq5xT_GlD3q{6eZns|_-&a17A@H!cUz!@8sxDGT(ZmNpb8H&9I>{G
z$a{MgGZJ4YZB&W0o)9TKP+%!2L>Pj$Sd1O^O~cI#e{YB3%-k(Tg0<<<)F9ECqM=g)
z+UwjV1#3}eElLDCGXgG2BJQ0941vK?8Txn;?@eiy*1^?`<EyvsjKy6O_8vRsm%@_Y
z<5fb`4{N`%D|{LQ!X^ihN3A=djkQ}{)y?5AGsjP)-=@q&R_1uiQ@rCN;}$c)tr5hy
zBAUF{urlPssp(EX_mL|a4+4}_Ul_#5Hx?6+8``$7r@iN>eSB4GdKL^|s7-6*B~-S4
zKdwPZXA0C5k?^>!!wp8H7pEu01Ha-@hU5B(hKki=Pjef?w0<u>y)2k=j%)$lhfQk5
zP498KsLxobR8w(vRW~9L3ay0B9BL3)C5tFg0fDOBwt|$(|CPJL@JN{{rEYz>;DyF)
zj!2?cY3V}+vleeY#$A5)TZ2Z<DuXk|69lSh%vIePj##^ZxOHuF{lST-sea!(*I3O{
zRKn?<Z7^wJ`2l99#)nYnCMLsF(EuBr;B_sqrtciJ7ZEabn%mKtl5?%cNoV+H$4<r`
zM8Bu#XO&A-%!>6NR9H<Do=OIUW*inoN)hk^R23*lO}90+1UIZ3y`;X5rKxuJvRZ%Y
z4gR2SR0-y>w6$bhW3PR_V?s{tPt*7pNML^GDZh&&#6Y_3)U3dD@1N}*SL&mV6tGMk
zitzM#u;AR4nl4CtHqb3V%e_FRaUyqoI!OAmgQX35@*AWDDmPs~;5_bNjy44}N+DhK
zR)b#S2eRb80nmXwb}~;Y{~(#Tn@6eu94^l+amR#>8w!N$)Qkcuo|>Y*8vPqN7Ov*4
zeH(|t6as5*iFQ3$yqF<heq_t25g?O|FbE6c8K)sO&VP^$CjXOUkmLUObCyMsrYwO<
z;BHX%HYYjmG2TlK_ZLN?NHgpvXs1S;q=-Pd-`_rnPN0-Fm$XIz%SW8!o=3<K*him!
zDi4_-2$DSh``oSzIt|{QjhpTnE0_(ne<XOLj^;C{-Ee{s16Pgzt2kGXp^VXf>u_GS
zdyOiQC(7S#tc<6M(+%_UQnp_t_BQKNmG(cxwfoOtWk!*Hy9OC$hlnz27em?9lg9X%
z8`KE?W#$U{B{Qi6!a~gsF_}R4e?1w6{lG~VX(TM358T7TIZ-?y5AYAkfumgWKS0O_
z{_p>Bsdxh*<=K?UZ}s=oUZZiGB7zgSEZ(Lj^>Cr-q9#3bhkzhXjz)CMjQgDUl@5HS
zPx&R7<Tl>q?+_ZbwLy*}iVRyLmCA}9mS5mxyda<_(1+6oTCBU)t@A&)5&!LN$1^y9
z8^Nfv!@M9x(mEEPzZ_tnjS#G(L--lO<T3f@#&M=c1p!AMz|ctl%Eo{PgP7jzaTrTu
z{V&Kjd0&X(h@kmTtW_U2*9R%#@qs9Qr|AsX(niSR%;qN)@d4;%YajYAKaCM`;)S=F
z3C2H~>STcIHm<CdLmSMf(3u*ShpH{<>w)&tnX0x1oYtpiHi~;zG=zo+6<0rcg-?K%
z!Pp`omIl<PHtCxrx|S_@d@EaTJ8V?tTri^q-~;7HG=|5kHjA!Y&&}nA8&BV4!r=AU
z79D}qtNgOHerNvq|3q~-{THgE(^w4?OE@E(PZmH;1l?rCa~w`xlG7sS@l)DP&4wsX
z8a_?QVhNBPW~<3GuXw#~xjJ^~&sKuHM{2yLHw&VAV2ilE?96rUjHAZ7>Fmjtzo)y!
zA@x6JOM7)0)|2LBrPxLd$bpIW*-^9|&4_l|iB-KRd^`XyegC%y;J;8FsV#&{%YuKu
z{q1AI&vZ?%0~m3d&D}(~dbr?rb5OhG6A24{sU&7!<--}7O^-F9^pdabOn3@pplzEu
z<~*{Dg2qS8wC2AdBE6*}{qv7XNDK;xbw9%E2D7~6X!ypE_}(BI*NvN?yyT#e1a9AU
zte_rj{Kq|tZG#obls<Oo)Ce%s1OQay#TxVi%+EuJ;t?|g|0Zy4zCb`IR!N_PW<u>n
zzX3pRQB;?7-}DwGT-Nw`ia)l(tMH8p=-$)4cO{X=lKtgFHk#%*h>i5}-YRhpS>vrb
zFfO&{>`fmlA3H&CaA~9~<LLTe-w^^Rq|q*S+X>JXWR$>+Llcg1zZ8W@(K3#C^w7>G
zol5|!v2eHEe0DkipyBn=f*8q{{)69!v@gw0inZp}C`x}3oa!3kZ9V{{MIcGJC-VGw
zQo(bCSg;6+R%{)Rq?595zM_1PhpsU1h*CoHhL}mhU6Cd~+5pUsJVrrLea4~EC=<@|
zjyxuX)VbFIgxR~iH(l;ujSSvpD-z=tbIUFPO!lU;xfKnFi)!PY`!S2ItP8d7re*c1
zi@$%Bt<^Zw7(UN-_n$H9CMj$$+srLAT#}kN%1>Jmsxr6EtHmmLv<UP6a8JQ6S^Um+
zEZ5OGoPY)!uswwD0%*5|mzB-s<I|Hr%FsLFEB!RY9Wf2v5#N9{R$*{6PTi96Y!#@l
z#Qm#o$h#f%9zkgLqkPWCM68&44m}%Bq!Nh%>q2iNG%0LlIgtFD`eMtI4j~LksKq;h
zZX}*H_<C$v+XuVN!mc~%=dZ$-#&)ENYM3vO#@OQ&g$b-N;{s|eQLE~7iH*gU2Y~I)
z3X<!8*IZyD(MLjl>^tO-sDhcr--)9jNv5?QCnd`E#?{qw@xg`xeT0hv05aL5A(Zqo
zM1n0Iq>9)2)l~5&@W<vWX=mh7X2!Hp<7LK-cuj_p<;Myz3KGR>kv6PU1}PEjv!L39
zn(3u}0veWDT_?0!v^!wO#J4<M2i`q{$0ZLqBCSw7um`%1V#4pl2(98hZI73HZ`%$k
zMqF{U9OL?xoQVUl)%l%hX%nwMnYdoZ<D@*3i-Ik0Sa3(RNgDO=Zk3fI!QZK$bBtJJ
zEm&XA#y35u>1MUlw=gLwJ-y%44@eTJlF~+YvgfyBL}<{=l03ox2FLDl7Mu!ogoN&N
zz55^43DLx+MyTFyq*rJ`{VipwlfXyzlL89f0DtFL&9<H}MQa)N38$X$p#NT|#LPJg
z&d5sET&Wx*dPA`_-(J71n#64pvU`yU?6Z|hBg*7u6Qh0Z&mO1<wJ|b9FF~#UYj8J4
zITy2M%amr}8-~(<5<abA+q}ZdCPE`}V9Gvvg#l;tyg<Wr#}QnVpA(v&TSI{y<#+sq
z5CLvMplZsrFEg}<y`VPMU(>`BPwG<jEtt%*eB7spkliKkX&PM_Wrn`>hZ+}VfhK?1
z^{xb$yM>85wB3wjk(r7iGMU;v+REm=GN8{dC#qYMQKHI{^cuV5^j@UcQ&i9O^MY}C
zXlE57Go7U_OoXmnQmM0F&?;V}ctyq>FIwtE(f`*tIRS3$l8e7Y8Yha80t<V&?6kVJ
zT7Mx|WWlz@(zJ<+m>Q+7i1(mmi(qWZz=+5i4PT@M=75Y&Bf%UtrA4Rx9p|%^e(|@F
z{Xe^Saxdpp>K(tt!qh`FBI8Q`?0LHq_fMkJmQ$Z0IN>w@sD(_#Be=C3__$c|<&CR9
z3XRo6w0O`@S~5$`JIQY$;}v^%MPE%mZZTNZj_rCb!BxeBIQ5ESkFr`1<fC~iK>r`-
zDlb|}1dR;gC1mal&MJ&FPEon=xJgju5S}qVa47t7Mm#?!1g*Bb|F?sGQ+}gyqvqV3
zst!&@y1?*%SKf~MQMsRPsK_@-kMhQX!a@}iN5ts=EF3ZS-@+M<^NQu>t)BItL9qM3
z)cyJI4C?=8U_Q(%GFPLLlP#-`9)HG8?qpW9>_<zzVqx+;sasberA8Ru($Oma<-N3#
zhT6JX#gL%bmC5PL7V#7PY0rCEGL4w3x$ho-{>xO29v(*VB@c2Zwgg(8eESe$i9{#V
zUpbw<Ai>wjOQzGir-@JHg*B8HZ?RgoI-cH{MwJs*GzRFks=5j@1e{1^BOwIGmQ*|*
zwsEU>^gfe{u4NWY5O~`^<bBEbqL1ca2uuf6hx<~N9seu)E=R|tcG?~y^3=3}ZIR=-
zKM>&XNSs%<Y$7=ZtI~-|t75xAMApkMgn$+PlH7DM6-MV}I=;<yMcNb%NqIdWIc5X-
zRt@<UJL$bSRe|(2qHH5Q6lmFAl>H$b-k#CPF|>#u=Eu|rIeOzG81*#eZ>TJfUdu3R
z@O_AR8xxwwsBq*X(2#QvKxny&vBeSK!N$*aD|8TW5g`QMtEbX>2-e?0Ct}Q1h2p_}
zJs>#BR?<$}RNH@L{r-vwt88TmEyT_5p7wW_T`^zA!!}3?KMYR0PN2AEdDBTo1>uhi
zO5-0($q<J>Q^~x4JifR#tov0u{5dVh>)<ARv5Cj!n-vsO>_fm8b$LAiTV%^w=4rwI
zz<}mts_MG^<C2Jik3$Q-j`@GVp#;I1?J|N3hWjMA&pPagRO8VOxq89n)hWmdHVVH%
z5DB;$;!ryAU(V8Hd2bcST5J#kAHo>BNZicB`uulJsj=gAYrO;o_Vu_V5srR{Ur9Vs
zqvn#ig7GtkiG5m{A6=LOXDsPH-5S>6@I`g#pC!o-qNSuRGCDuLg9Y94vh~eANg`~M
z75IBTqKRc^Z=i}Z^%?H560Nod1_Mez=;RojfO-ZyfLgRkCD58EbX32Y;uOmf>mbeW
zXw}s7nWq6KTR2b1pYkP@zMgBoHaI5@kgG5@nB1+WO~s<u8cTcgOYl1Gs!Ko0K|GTR
zOZ|$>VR;Q)Wb{$+ga+y9^bjNQZ_49&lHX>lrB{F<#hF>u2h_7;VcOF3uDBbbSZl37
zjyPTH@_nsxc|w&x-Uwzn17P$_pw_8>;1TRe>#HsT>QKs0Cn>9G)5A|E2_+kAx$6OV
z7F#X%KjQW&fII`BV*kyI9?*SfR6%bO!rwMN5cXIrkiKPonzQz{k^lL3i}_CbqK&h{
zUB!8^;gUhzf+o>_QLRBSQzd*-RQ$&BehOqa>EYqi)$V$0uUy6DKx1o-qtbYkJu%EN
z)JC~eYL<wNf$rSuiI7KR4rJ)B5r&lY_p7D`4T1_ltablgU9INk@!a?wjg--~oLo?+
z%EF>Mx>UGN$pZoVvolUvH-)Dm@Sf;r*#kS17Qrk9bLXDpaq47;iv6FgtYl!zHQwnT
z^$ivEh~b4jM*GHaxn==I8I|XDD?h#^Gua2a@5E`3t0fK*S`aC)W`d3%u@0x>;KL7C
zAKRaL)T;;H^h>F}#rYGUH&<uLeUK1KiudE;K!^t><mPEGm*h9`@z@9gzYwZ^yuZP&
zlF~za`3Q|{JNTNr$qs%zZNJ5mRb_gc-UrE_0%*4GM1q+Z58Hl@v#xnpm`C(ZC;yM)
z9(&J$^r3^adjlT7S2*o9LDdgauqL+NC}=utg8#S*H64FW0?K&^q69`7bUPSLo{|zz
z6K+<NCac#|x-*#r-H-QyAOXWgU|ddLvB@f~l&<CFgaTJ($VmVu%sAmO%j*$Jb_)&p
zU38rZk^}&6DF6pfY_b!7%+FQ7C+QVn13Hs#9-G+iSn%PmfH9nb>i8(g!(o9btpCvP
zJR)5HduDc&GRbY}XT(r6;R|^9F4XH}Pu8|~m%P<Z`rAXrsq=Q*;k|FQ_r?iH)(9;{
z4ymq270KcfE%#ZZ@4Y?sdg=vfd<Y@KfRQr^uLvZuXh6Cn&LI+T+%ouN-6tOy5q@d|
z7%^wn7;LWMquiD$pq^hli>@W6CvBXu>o(7J&lh4T1krDKS&E{`JSl$mQ0F%LSkR#~
zlqYIjBXD~x<@1<FO8R;fw$D3c6(WTCqrj4mw&D2(Qdy7KuoTvxsA@|gtq70ZiX)$g
z=Q}ZYXUU>M`C&e>(j-99SkisKXCly+s&MPu+6!c!CUX5*siA1hcLL|KQalB1Lf%z!
zK8v}szb^tR1Wj(ehVyIS1l2pa82pia))RNz|7a6@7A_rQb=0`Ll;L|Fi`fnY5=*C{
zwDD<=hX$VlCcV?r?$KeCj`eE(?h57&EaP)jT=*zkUKze!Qiw<fcVLV=V7`N^Re~$b
z)F{998lLR*cmGqwrx>|?9M<(81u5<bOGP3?e^83@xb#fX`0yk?8D`bJ*-&r$d>~FC
zhFMK52?)MHL~?UUXZm6N1Yp~nkwSvdrsvUNWMiy)SfW{mj2<sz1=a$(B*bpR3+v*4
zC83EvC#GQnQ>p7C*_)(sf|(?u-q{CU?a#qj%$RLbT{3)C>nALb%9b}FaCDRu>I=^y
z@gu^UXN;!rJhQ8tw*UZ0DgE*x^p^;g3l`^}{_4`QGe(_3pp~$VF=9&%Qc>aOOqu7%
z@c(DH?uGfL2{)G-TvL(b4uc@irkH2SX2etMeR1g|k%s?g2@AFH-4jX4C5Xm}vk?IQ
zO+|40X<urT2L>;>PKak=by+o+Ehm=f1C>n6TcVSn$1n~RF<=!JqZx~7Y<+@#-Yn5$
z;_7$VD5W$uD|I^62Txy_Wtg{`Gdxx>cX;dlJo4%%*oeb?7NbiQ)ei8Y`$+0{6?VcR
z#)_O-O%&%VtOUM(buj>SP?gdWS>;CJAT*%*tzvb>Qf}*aLnLC-<n8p;oH8~E`SXMD
z+215|SI0E$x>l%Q?Bu|~fGeX~SSI9wMa?Y)>ZnF4=kv=bw`;42ZW=)KF0~qad<P$=
z?;9YZO$|Uc^yslq+KBoAErM8JMpEErxTjno%q2!P)8O1xwNHR4N|<R44TQQWNJ^`E
zn!n5r-IYF<0sqW?9cg<Q&ZaTr0tRZ54Eo%s@i|7KTeQ|u*RuH4+iesazi;@Y^>Y$@
z&3x@q1=%d}qK4N3=gYZvl)js_;I93{YA5SdfzrP;-pn~*@Ja6Z`~hobatB~3Hlgny
zm|m3!C4f_%?RRWE(HqYMQR-AM53uUOw^M<>=GsZ5`yBWg-FOZ2X@E2Vy~G-YWs!(e
z0}J*C^_SxXI~*GdkrVDyMo_1+&+<NZ{Wvz%hD~yNxM(<dV7eS=sRDpDKUcXQ$QAW|
zSZ&d%oyIthQs;gKTVCg`d44`1_ys3lnF8R}ZLX0!a>WMZ&J{fCp2I(og4$#E|0HNK
zj|6qnZ%{LUf#OeRxj#@$&gRg~Q}o+@lvrRnS*!m~9ZH#0Kr$_>dF~F`14U|QjlLnW
zn$K&mhKMMt^_PpW%8E1<W@7-#m+Z?eYM~t`!UfGnn3)^Nu!h8^({OJrkX*BQ@Kj`n
zx3lyfv}arReXj|FxN7gI;lm>vKAK!O{j9*+q>cdDdcFZuMSLdp$*_fgii*+~BE%p8
z-0{=^=@hnF+!n<M=6~=H6kDd7(x%`>%L$&ACZU1FEkUCtReI^9;6V@RQ5wO0h2BiN
z2IvayNb9qhG=Ap~$V5Y@H9p~Zp%grc)Eu0qTMB7frJP9J7uavt@hHwM&;YM|?o2Dl
zOl*m_BRU_`sRGg}BZ3qP)@c==$;E+65?h8B$`ix+@;l83$~(=q^4p_CXjb;(1EBLW
z_T#Kuh_N<yfi3$cv*2Xp2MX)$F?xL;6jJq!;BBa|FrBYZ2}odp6S)a6N^{)ZHgmVJ
zj7F4)>IAius-3rm&OUoD!RHE`3Zqj?$A9C*Xvqac4JdH8`_!TW*{iWV>Hz=f<PsrR
z>+u#nnccGzN!HkxkD2jfBy-Nu!+dA_5e&SbHsLu#qW2zU2S(OUUzumxm7au6vb>{E
zbBBNwFCQY!D+px0Q7OPGLscTs7qeJoY-2(Lh{J0DMMEWQk_!*Kju!xj#;vXCEZUbr
zZl#G>TjUB!fcbH66lM64R~LNW8SHy|@~!|qM$<R-<qRb)C%9FV5`%J-n;hmT{vIgm
zO}(6D10P3B3^>XOaBfk%i45>I1?GWp@QYbaPpIoX@W8YYIF!79ZZ^n|ODxZ+<`VmH
zyJgv}W?9|jErv^c+}7Xou(p|O%9$wtIac~lV5p`7`|p1;Bfx_pGf`U1Y>dl&#KsAf
znofEkT_W@Gz{pHM$yuQk(uykp3Rbvz*f2_Q2+2zya|8%clEvvfP&)U*YE0GAN1;|g
zgZn4r=wj~rK;b#(W0K*|xSV_kYFsne0ZaJL+;lKV{_j<_EeziRGqQd!$QyY<FZ7(T
z;;n^$quxy(Kgy%V+FQ*gS<0tnPdoRdT-(cKr%O!yo9*`7E#bY`Qz`-uCJaoOEJ<^b
z`_l#0K`JONLF6`N`=QRepd(pM;;g@<2w!qD+qVV;rBai2W`8eo@Dp1zYtRhMbLRzo
z2dn+EtazAx43jE=I6%i=XI{ni1?OUv=HBB#0hZo~WWrL0=og5)pj*M%xuy_4u5P4l
z8TSdpxT@1nL&Pruuj~2#alW)^Rme(=T!$N(g!zvcv%y^u<9Yi@zOfCF20sq8W{yTd
zcfXzGyUaMZgAQBx>Tw!#I2+$PMp@B~V^h;=jqh?I5_Z_urKnTuOXPh%rE^wFHS1uR
zN;sng!gG=l>3VySN+w>x$N4;i+n;Sm*wxdd>Tek^I6TwK6EM&plXLtZNXt}oChm=I
zf3lqKUy?^ZCTPoVay>j<kZ++8ol8xa3^^1gb!H$biQ@kW*KAW}7@!k4f-!ZvD2Dfe
z2{HH%+Y^8zj9?4)V5G?En(cHT&()dv9g$~h$`{|gS#tG=<ox_T>RIN^tg3^^Q!zJX
zhUBjRbBTTVbB&$l<b9B5MPv2lp5<hh4zQ*WRdW5S9!p84$%xG962ci9?>vT#Sh$7q
zglPz#Krk-RQr2h$5=n-l95W_VaSuz_j^Q(ZKDfv%Mj@O(FSl7i%!;>0(3eR5!smB)
z!>3Q9BBA?6=(n&j`Z>2-R)wq7%qNmT-V&qcU=wYrhv@Qthq3RPqN9zaANe2%S0lEb
zYujkiUi<@0>dI;ATX5FP&axQVKOdBG0r+V&eFCXtwMKGk)~XbnySWe6!m$z0@|0R{
z3S3;u=vq4J0@)C)!lZ+J>F}r7T@1>|0wCiBNqUdT58j{6_%FRT=o>~G5$GbFJ-zg@
z=H%CnWu&QN2wTjtQ3dlM-r7ysT`n)R?QvL(t(<{6_@}2XV_rkap;ne{*h7cypSk=4
zbdu3uDDv45F{Kxaj`)$*91+YN4>a22X8eB#u}34we$+>tp=Tl%d!YE0LY~XNyY8nX
zAO1d;PgBk<4xOQW?UND3p9_dsynj7rTTY@sjMQ~!WWKWp-8<8rpOhRB!PSeKJUOT-
z!i-u@H}a$W6Vkc7BBEky7isE<V^WG*?d$ms)s(C@UU&3e-d_W|WJ1Xp-D<)V^;MJ#
zH9h)caVnNiC7Y-+`(#Ne>b&=qOiFSs++S9n5grp|d!#u*;z|0kgMf)Z31EM)O~vMr
z&-an$h@eE-LCSrfLuT236C$CwhJdMFQu1{)Y&k0f0ZNGwmXEn#Qt~bxrB>gsFe;S$
zY+p6GU>HO{RiLh7A${0jX}f+UMb7Hp9Su=Tii7^ZiM6GHs*jL@)V>g@^G%~P1qQg`
zfog%T$x1MGrzHJYhFQmKd3w^2#5$<l{BjxHeeE^vb4;L+u72P~8=6r=D8XIv1V;y=
zbV&wsctoebb0a~&6eXGS5Glk7F|*F!9P}k-HFxi&#=bF@K$p1`?^MmL)2*~26L=LC
zi{M3L&qqIWE$`yi`;W!kxEDmU>3&JMPVy$}x*t}O&w2lo0O}2M^En7GENK;3CP31U
ziQXPbKjfnv3m@v5@eraa(D!i|sJpRwY7*{qH>SO`|9PD&DCM5Ul=z2V6}*A3BT4_b
zXeIoJe$dWPPX|?2t-!AGBUAq&;PF^A9ktbrt$*qr;{PY>;PmV{;JjuPma$V|)!%TU
z4k&tI0ByoCrV^C-*c|zUr11@r`9EZg!<H-Zz7u10v<>k8UQqI;NZpclA|FLbreiUs
zB;BO_e3KStwAtWu!(e}viUH+ipq#Ys@_p=g3)6%RL*}krM|wJKd&t{-XBQ)-w0RL6
zvbrCxTJtEi(_HjvXqyaM`Z}0Nu?x*!;vF4i;Px-mXv}%s<{+$;f%0EJy6cwkF7;DT
zQ)=p9jGKjR5c$maNZE*&m{R9JP&IPbqAC@0#JTgXKasSQ-qD(b9`2WQ671pRlqg6_
z&~vr4p~rWh8|}o42e=Qkr7t1B&ZeIL`}3>MiWf<++9)5aPHc2H9Oh1<5!KnfxJb8e
z#_&&lLi=`Vo?B<6OzdoHf8B1+aIRvS9GJ^C6OOMWkwtPZ6~oF>!Gxq(M*Q6Ut$qI9
zRiwQ4&T+t%%javSC>2RN#`If)YVO>Lf}yUyWP5f9Gwh|X?ZQgn;CLhN7BDZvu1<ym
zvon&tL_}FzQ0mKWq;5%urQp1evYlO215IZ^P)|6&Hj^{H!bZ`N!IayfkQr!Wr{V>U
z7&KC)N9Z9mRzWur00A<GDeOyE7a)m#IYsb!mVjEjXYaqQ*k!1zL>9+%1l@v%GxkxW
zd>hJD6mCrI0y&kmvj0+k3TCo5<jerchew^-$)!f6EBpP&fVWUQy39s;_?N0e%2Fdb
z0werXFI0hFYr|UC^6t=(Sc<7=8$T4+%9)|j3nApT?EeNNU&@1hx|%s0qM&oT&1lQ>
zmlaEqAOtByNxIN`V;9msKgJwWlPKaw|LyHiHV^hywFKns+9CGoL5#|fYdrFHuEUQ~
z;x~9>hnFG4;l>Hl?&h*$9ZhSwo7?hHKPC@4x9>Qt_{x_`HCA}%St4sZ#8mc9V@0!Q
z8_RXlA$N*{B`1cYzkgEVDGw7y)%eoATjZYHXii#KubzSm{yb@-MTD@`F5J+BO0a-9
zY`f>Z;|t8XiG-UqoI6`jNpo;51t`be4HJh@Oo1--k5=Mx0b(vk7%@cd;<>o^zvFoC
zYn^|rk-aw1kj#PpSveznL9W9{#*@3xl9;BTnr)dLA^U48?9o(Vu<E?1HM6E6rO~iI
z+rU=W`2GKB?<|1gde#LW971rH5IndCcLD@=cY*|WcbDMq?l8DZaCf($!QEYU_}_c?
zzTLWS->X+!uWD=O)YO^Que*O!XU;kOef>2H3=|%qQkZ<Y9t#*#g(^_~bzQK}S7kz;
zh4{N+D|0*c1*(l!I)Nr%-Z)#M_s=yF&~q;dqB36tk$=8Y6t_wuiRX4kKAYX`4~}%B
zeg8b6GoWUTTe)i?Zirp%B^Ubs^HplwUSEF@JH$#rwXA7NT0DIua7pj))?}k@q04M?
zWN^4G1hHNc?tEN=>hs_XVQk0yUyiQc+7DWkDnf{%Npg0I#VTLHMV5c#lfLxkrFheX
zpDMfIB=j3LRAAS}$^!SSdIdMnNr*P=X<T20R=6mC2~|g@D}>|Q{%aU3^c|TuS^Pvk
zsuKnmA~rAsdVLl1qPt0xp2&U<{{9TH3mzWd_S*vq5ASKGIQBBa1cL5qCu;aY+1%Fr
zGcOi^P4s2zASF2e5xOXLC$L6H;3fR&yS7C>a7@{P%8gy-_2U%i!}y^WugyiS{Ot21
zUtVf%rIdcyZ2NTj&$9T{SF+~Tdi;Q&_xc$v+3uG*_^P&TJlREM{#??I2x`<Lx%GTx
zEwT%Nwfr9^gGVpehoZN}@qc(C^$MjoLo&D!Z5ioCMKGeplU}c^>)BhXo*LL+7+88E
z+2SC_Y>deUZPe&y@vJ5aR*^3@8_K0Qv^j&>D$4q4F!Y&ON;kSpcq!Tn$&)HXNwmyf
z4?h3(Xsn>GP*{>*2b@Z@PZf@D+MlI49LkzcWu^OeNrUC21$Iqva=j`V&_wETWjB8v
zDz-9D@I#g!f<_}oG*f_{@37lv?&L6%E$Z({qI|<It)$PECyf_fJ|fC@>Fb32>Ta%x
zJ)+Lp%pX21rUyry3%dQ}ehXY-4Ux2w3wub7{UY$zY{((53NQbC_ywwnQ_j5F0?=xV
zpgsh2%$R~8m-;kf;JFb!^2$cvfYfLpln?xdX*7`k2#Hh7YDe8caH9nDwh*5No-%a!
z6=F%kiznBen()TIgC{HhTJB!JHsEls+2K%W+XQx^A!*cg_EEe3T=|O`B?pzxp>fZi
zijdIogd>zVb03yj2K>20+ae;KPxOA8x6?EtL{;k|CxLQ5m%DCieqN{BiLbC*ujn1}
z!LTf<kDxq@KRNi9@z^x1l<z`EI3J})e)Qb!L#}(;uhNRh2xz2*u1rSXZAB&4+YSp)
zJO6C?EM*;0d`OTv<cjl3&X6b(B=v`n;fqYpCLzqbVbauGn)Q{z+S5s=HK84Zr6{+k
zU0!;e$IzSrth5D#C8r&()9g#IV<bCX&gY|*_WQcVYjSD-({rYYPkR#PE?3vIU;zU9
zBd@mN&n&091Hp)`4fy3?U~Nq&#n$&|*<2)7d(1dmImpQPiwg7ZJUuX9p!sCvr`;4>
zrUaOHcqF6__<v2e4=t~Hi+{B$C7GV7g+_-tVD~;8wi#M?bWyqW-A*Vrn~SwD!>Leb
z9GX~E4jQTjYcHbvy5;7&8A~m{Bk&uKCgYiL%@4ct_!a{`X47Bx2u*g@YA$d9u<_2=
zxr;+je@@NGO$OuL*S%n9=_zz1kwvp1d>Q)%8Q>C4*ga~;Vlcdo=({csBk(yjS8q|M
zVLHmU#^z+S>on#8t)?CVwnDHMdz${#3iTh0{1fwQ!k!3c*D?x9ty<x&6}ti{Tpq`h
z9CJ{$W6A|e+j(S!Jl5%6>aEzZsK-uaHIq+8$`m}k4y`#=t-p^q&}swybrKg6q-N#+
znPDR2jXf)Cy~2OF+fFCgzjS6^F}Jj)lQe3x*j(Iw?%r*K2tNt<T%VJEXG{>hTV&ux
zoE6^bo<F@(ILr&&LajVI1$;Y^E=HsvbPQ-{c6tFHgKdz?6_id~I_5|Az=Ptqe)<%|
z9xK|wQE92qiD~J${g};?W|zb2hRjSN4r`9JXWY)Pu@V_7w1dx8^}OkFd>&7PywLg(
z7&kCg@@>tg0-C!=4BzQ1;t8o2YIRod2Q^&NqexTJG#k8Z6bfhH5?vy?YJsu?wl@O@
zRNa}Y8;14%q!5y$_$aEa$W3KAFtAA8lopbuB4b7Nf~>c!h&`Vze_)mZ3RqaAlveby
zln6o(aK26U{NpD^Se_UJ9Fost*=x<DoyC0=tNQ$e2{~Ec{xlQ1=#kvT16{~78km$;
z^As!F--cA|rk#l2z`eS7&OH&60<AlezOvFpS@e^Uq?72p31~lxRqbIl_mlUN)&6WS
zpCNe^{H@0wrqcUi%k^y>W@XAxTo-(3QDd-(o1z8V(Z|-e!{Ob6EJX-L`qvyi{>G<n
z(CEZuK(*Xeu#+0$tmgJ5P&pUEU@D*uC028pHRu^B;xp|uBM|!C1%h}#vj-B!ya^T&
zP=@@m29uDto=U^H{uWx;VaW_f&^GBIquajhQ$X_1Dl{BxmtQs)H6l>o>d<wB^<Lz1
zc}Qu=?s_>&={F(WFENXJ;cBPYyc*o}>t)x%AmUD+Lg$R=c5C1tcRx|Hyi&DjRb?d8
z_jm)JlcI)!PUyj)_6uByn`ou*<!*j(J>5P3qEK72hED1rzQxVcG^Pw)7Ts)#gZYE_
z-9D9(x^PrL4bIIO@Fa#W+65DT@93o8^89+#!%Zc8OT}XO+7UHaaOhR+R%8M+n3>@&
z7H7$w5zj6&WWV+!X(ij&Nw~UEHwR9?0!U9v#T-5V@MKt{^m8y}^1l}?DzzR{XurUT
zrJoHt0*^jmr~U#-`40WT*t=>3sH$qi8U@o2eG5>J9t2xMi(F*y;Gi?qFvl2;yeBfl
zYK7Qpldr0o96||)ilM<+Us{2Wr@G=GeU(&R;)!|}m)ReFm_K);mQ<CX=@V>rQo=$w
zX$}1qTZUmEJFr}V5Sh!a%N?7E5NJNb!mrM)t8q}JQyc3weOxyk!lIISzDlm}Y=LMf
zb)mDMc<Qx7-8eaWXVEOK<LU9h?o3>#D~Ef87&6pQI?kc&&Uz``F~$i?eg%1&=&Ok@
zrh~(GO24!gH6$`_FUK+U<$G?o70c0wKRIS&SHDAVH2)^aBllUJ75lkLy^<o_5$5Z*
z#>{S7DKDN&p{{W{Bq}oua5cAt|1<TU&(GVB8W&XG7EeMybBdJNJ6r6e`()Tlx%7OE
zu37nz`Id(Ig>8_F2B^vI&1SPa(=T&{AV~mPcyX3x!{=|FAK{=|z7M-DRi^u-UT*&#
zfo5XozKr~MwZlhaY{dP3(ADG<S}v3cpZHXkd?4(_D0;(WdB<Ld@++?7OZ$K!iE%T5
z=G(M~z>X>j%cTNG2Uhmr=jWYW|3@wVoo#Qeby?v9cJALzjSJ`~`j<`}P_U%!LHf>s
z+VkOkSLd?IO{dWq;6_!x4|(>7K`g_*`{S3$dG4ZYeG?yfNv8~63B_O-O;fYJ**Oos
zy4_doAij=r&z$TAB~Jl+ox1%Y0=VB^Anva`(V6|-yp&rHjn@TcFAU6(VEca3owl{R
zCkK4AfnBDV4*g8-?C4gLXOaxV)B6tx4l_@~YiGee|1@3PwfXQ67qwqY%~;ob`Kq3#
zWw#n=m4|uxL>D_n*jf8z@?PBg6}XD02_u299ylY(h6&V^_>{FOwL*~KT$zrb0o^eN
zm!ZpR+o5|xMff;zU2smm*zb;ge@D0LHh9cW%{gCPcihUb@M~I$mPyXF6935r7Isak
zm*Jtq?mW+G?ow&<sMd>_hV7Y(McE+Ju!v(X#js?R$g*Ce^$3cEI`%%1YF$+ZGd;kK
zm6UdF*r^<~0OM#OV>!UpziZ(501rSyb7L;QqI~n*QenS0wmRsG=B9!TI~RX|W~GAC
z`rI^&b7*4>En*xqw=G+$PT5ln@w=r@W`>F4Ou%k%W4Lq7enl}+YjA%7I#rF&YqT+j
z04cSwi-`44)Q|pV*_w88Dug~s6$Kv8U7g%Sq{om_$!>KOmytE5$DleAnE0uo8eIbE
zalNmnot_-poZZ5+&?(*i9-mgVgg^F@Hy!ytIkh@8-euKs8cc5ILlvL0&#OB2<p`}h
z(N%7E_upnR%~;=hzB_~em93FZVT%^&y&5QCB4eL%Bg9}*#x6Q}W>s)%Q}B&P($d<%
ziqwlJ+8}oPAU;NYk{-ik_bgP*lZ99C93s4I23uqs4|$zzV(as#RX*n@iH~v1k6)`H
z<zKhx-x+y+nIe!6N>pP-r&O~~1LuVrGbYNGCC2xNct9N%%=*geM)*rGsu7oxFr(83
zlKJ_w+@ebOYqL`BBGd)Cx486~&#vJI@-^B`a$&h$8M`itt2&1sTr(;%@o4#?$?(#)
z!)4xCIR!W!(?q&#VK<dftldJ40?~}G1fIJWtLE9+Wn3sI-+((nKE?=QeJTqY`}!+;
zjb6b@-qepMAoi*M-zvF$$_rM5ZvPka;gD)r8fN@yf8edkkYW^_tx)CdM#alS<X0NJ
zH1xMS8I+x!=tJRJX&`DIT&d_T3VMnd@>(^5IKm-sL0fhti}ctAx2r7^-Mu=pnZ^fm
z{%nJ~s;7k7ZwMAxcqk}z@8;~Pj?H+0mYanD?SxgeY-2Z>y+}&TIt+bWB$EiDX{Yfu
z0n(YDdwob*QDG0M!93~(qqcBKJs~4k9Y}}mVQ>+)JqkAHT_en?<C4dcs^eV~lwOLs
zrI)kseA-BFi4rmahXVsGdq87ThlFlDhPtL{7_ur<S6xj}wYVv@B5D;m2;u6n>IG+V
z%$iI2g%BQMER;DzmITxH0tbXYD#3(yPDMlToLoN0-!JfYFNM;%a4XpLmyE#kdmLG9
zb2{1>mYUQ#y(rjqy~yrPtp|AW2m$x!)8b{Xo^9x`fJEjLw{*THE<r+aY!wQO9$$Gg
z(H-!A8CSwr3>XOfvG{zFL9t2gsaSR}^ZS~Kh_7ZgW+q_3KlzB@agoL*Gi>H9<NTl|
zD<epHjG`3yqXR9F2~S^|Ue~_~P$BZa&AmfJ<@!jYeD>IRwa5U_<;P(aG<$H_-}%rQ
z7o|Iimm53UqfP8D_KFqEuENRMf``4??S0&0!who&Qhoz`nJCVjcRj3~V+xB|yAXli
zH`3qkq<B?V+>JgTk8BEfX@DzlOs{*m6fcveNnS>(U?~~doJeo0+llAr7lR#gr0yE3
z2b=JE>ZCxL;B-sT|4xU*<%_Y;H^iv&wM~fRUR(+iS*i$Nq<`v${WCbwbCS@yR8+?^
z3E*wHc@3t5Lgd&jkP?8OF!(g{YKm#4T4NP%RQFSP;#z(Ce!GmD!xFe}g`w-|JZ^rZ
zY#;R(-(0mLZVtgYov1FhC|Wo8km$|y3!L4;9l7wl%h?3ROx>$yc<k{m*Vs<2{cl7M
z{P(n1UPz8IKlf#6uVWaO`&{;3Ae>jA4Y@H^<FzmYp+7g3?_{*5j!^~HI{>{5@@d(f
zam>$O4LQM|;dQV&YNXcuS~z;R_qYj4Rpw8GD`J6%{0J-tzvzJjT$IkkhcroDPA)2m
z)DG6F!Ynk?8hL5(lIK`c%4~|w%esa;+ViL>E%X@bL~?`I(L_fs8tMekJT4|C^FTj?
z=(90wg!w*xt*A4?d6b+-!Er9PX^Z<yrjn@*a2z3H6vi9G4S%rMy=;hOwIY;v(H+dQ
zh4wx2_a7o<yDJLg{p(V$RC|&NrW=Cf#+PMyP9+XI|12m(7x{ciL^MJc)wl#yIr59w
z%g-mn<mEpxDbH0bSbeC^$t!NEkr6l5if7^{o-V0K7<tzj;4}2tG=V^dH>rg1Sx0@P
zfz_N9K9A+2L=)|OGECv29^ay-%&c->Yy0q%1D>{el%@WUaDWm8M<zK*)XpRi*-7ML
z<%0q%tL_7rYiTXaOA|-O7qRkFewH+X;1QOT6<sk){j_XmeG3-O$noIM);~DY3k3G>
z81W2HSjn4RqFn9a$qB!vOXH|`1tUc^UlLyJVM_9caK=w~96QH6J_LNkM-n2udb;W$
zyS;wTS^tIMre}bMt(1%S#jiVYhK;NgEbVimXV&rkV<e(-dGnmJx$BRL@B{S0=|zi0
ztRu>Em5IV_IgjLJ(<m{AV4MJ0n=3cxNG`lpwkXX`9!A(|3obpkzH=Sg7|oTGm}cR*
zGiDjoMe|`p0z9O9^6q8Q1%%?tY?Z93MHH~g%|TWy3v1uOjVDIv!d5Gk)$TieC@}sN
zog1c>zH<?g-fEMope(W&>>iz}{_A{fkqSS;tEC%VlsvtJJs1eRxC>K4Xk==LOXLG#
z@lT}8i$%Z*Cv^n=b&Se8eVV+-iE7xLpi-h*lnML>xh3?0!d`8t*G;UHJvy?A=&czu
z>FID{ST(WR>{!2vYXeqqr7=via?ZcXDWM<}IqwAUzC19}o|;11et8lsq|plgP-Cig
z%0+5J!YUnwtMU7;pr0!rtZ}umHPGNgj{c92q@vlpVOl^ZsB66eKjTD6wC9nETJ)tB
z`rCotyss24*k%4`r-k`digGh^43JF*w||e^lR^FG`24A^1g+}aB2z<d!bxCg7UH(_
za9g5EC$7qZhhxEov4b40tu!&&XpY25k*h<J1NwXfGEEz_kPIygpV_`Z6CIwgWiAcj
z<j=lEVX1?DTfwYGD02gHk$;))k^e!CyxNhFc*4~8=JD^HJMj?+fc_!=rzC%0u;SNf
zcafpd#tgxk6RV}bgrWFK7WvaCRE<tQ6RFNtTgKVTt>1NJg5(*Ak$*X7iFSnf?{M1&
zB5Q0}6Z3R;?xE&KS8Zj>j{?q@R8Y~+9$bE2cwJd)giV?1b|!1;>+Lu3II=Wx+#@o|
zDz!y@vM*|ss^b7xHswKn*n@|D!hVcaW+9Q6_l!Rk#<pI#86YkZXW}IfKH@9`70__9
zm&`XOiI9E(j`W-G4LK`xB~+vl5ejoga*x_Qa^lyLG}&tpfblS+MlH0lgwT_&Z&8$&
zKBJIc2=j5F03+73;$~3ku^F#g=t>qd<0x21)p@3@DfZyzs4V!iQ4v^hjUxJXN_KeZ
ziY!E(Q4u#Y#lkdy&(Fk2cff#l=}#iSQLcQ?=kZ;I^jRB2V%|<2Up66U_tj43&4-n^
z{O)qsqfFV=Pt1G7i_MHt;`Z&)!FOhpK}cck2ZiW7I%aAYBg(JA+8kMm$}6)J9NE+n
zrS`VUoQl9KdHpn+UdstIcNqSn(1rHBzqK2lH2HM~m@D^DCPBa9N$^q%JWK7<{B(Wm
zBhPyu11g03l4Y(#O(HKc5k+`n0q~28t)kw>7xgoLHIXzKhN_$Dp921F8+r;g&sweB
zNp&0Yb$eZueqK&840#`}L`g8nHJhEzoqfOaP;4c$;87C#lf_O&h$YfRLp{Q$xJ8G?
zlKbq%kWY&3i;@mfd!@{{|8ll6|7Py~%a!ry?aPDt=$mD{K73L{Ovv%Mqv9bI-izH{
zm%!EX>AkV;Kdwm$eL9hrC5vHADsr@O?J$6Ai%U)E6hDRy8q>lLs-pQ|oa7drev)lT
zb(l|67DQpfJ^2$OMf24oV?)x`{@AKLnwUR2gjxR3oqD>e%gRaK4Yv$i%2z;^QptZ?
zQRZ=}MOWZqI(f-e$e9*s20u?2{|=!Fv_sT5GYiP|D0h;)J<QTvZ*ju?iLB)fAqw%b
zk-q4hPEC)aLYo*ipQxU1tOc|HD@~tWtl=_bd-FJB;eY_pdr+UPM(-gSVcZc!JEsse
zd`7Upe|!(rrN*-j_~c9tM8kU98hqTl*kNS5Pbw1)b=&!rx3r3Y_4@#<DJ$JBab~9}
z%aCJu&wdFyrD=amN2p+eWp<Q}!{am1g4!69?_mmPWZ3yzH4+`7F^mjm!CE%W%lUfW
zmq=hKuhD&=LjWRgz-oXDRysKJnt%EzV}Qi~p6FAdHVTp(9X-DMp9^jT1#SO;O)^*|
zgsSiMg$GC~F#Os~Z~9kCbimtd&e9zb^12(;M&XrdFPl{H2&d#y<czx<&ZL|Icqf(T
zDWgvUT92YLK?lK%^<z*dyn?;eNAwB(JI_B5&viXO8w7c4_0%l9&Nc*G@FScJ=^zIu
z1?XEMT-2*|;GzW>72vj88uw#5oWS?{%I$SkE~KfpF)k$O0a~faRu-`~FfhjtXNBKS
z!cS3HXSRt+@g^p-=sGjdkK9WHx0_Othl-76=C^6VK3RKE+Fbj&j!4xp3A{sVRFy%0
zK3!Ru6j;=T>-m%cHI^t8yrzZmsX!*p5z`bNZ($#g>uDrh+kLQKQKg1LfXe43i0UA)
zQa>Kzc>>u%sMJRm7NI(u`{;m1N=A%{WmlNStFi-Vd2{AqSNOCS2h{HknM-r7jd8aL
zyE5W5za!i4m}Yslr8{f2Mb2p3J;@2m%aY?^=Lv)%FCx@TL2CFe?_(H;qf*(iHMIrr
zCSd>g0Rf@6x&tp=#cLRI5NkTfV*{wTmed?`$nRgpiint;OuvlE+8b&bkf%8ZoW5{F
zU1K`WovA^X-A6;M*llJj0;mB=cQt+Wmw5**g98fAzqXhWv&sh4s<Qx(r;wb3K*QQR
zyi@4WrjKA%>&`QnmIgNwdWUW({)dC->mv9omF;xduvQZeJgb-qODm|aPC+U%E#2E`
z=F8FZ#w{J^XN?NmP^sxA>JWI7(znj)8fL~4ZL7#Sv>PJ)#U8R@>#c^~^Ri1z^3N_6
zOvpbx>z4hex#J(`C(XYfk+`n=(Gg6S_?7E$CPCs@-)K2oP?z8LN;bNE1BMEgDdBPR
zVKO6HHE0X38hZzQ-2Y_pjS38W?3p$*qC@R}rYr)h^hT2c1h>2_UJp>EwjMo~X)eCx
zJj?5|J=tUNp&0mjreU-RDyYm%U-wq;c7?BG!eQP9MX&1{BpoF1vT~CUctrBH_qE69
z%&(O<?43L>d!F>0({D$x*0t2m9eee_&amV5ilJ_zapBGtUORi!i~E%MN~<quZUgiV
zaToR5f{B!@P*A9yeUuH(p<w}=;B-Y0s?n)QK0CSkaH8RW1g5MxtT{rIg+?D-F?Mfy
zexEW%!qaJ*_wJz#IkM+PPG1Y6bK(aJr6Bl#e`g#Rb?g^DMuR14{KaPjJlLg&3E>$D
z>@CS(Bq%U=abR*WJZvXxruwmLuXRupRVGE|a9B{uo-V5PhNNwFmn+n!t}H@!6LbAk
z`8LI-mlDND6a+NqbCzg+NF#^TO9x=K_Us8FGK%-iUN;Myw}E#_di{0SPbCsD6b2fl
zo?ckw+##x+dR}Z$D0%D$|M7EmkrZ`iYa7OAYK@8&-MLIK&P)})80j)@twA;nS`>?G
zvg~DtYksR)*!DQh@}A$}SM2~=9D1leS7+Oa>PGy2?xo8x^Z01ay^$XCs#@6T+7ic+
z9Scj3-NMcfsah_T2scSlo(LoVW#^C8j<=#Ly^JNERR9D=xg5qLGeL{&rB=HoBND~u
z@9Jn4>yCrVEBLVuzK9vARyM-pQVoqcyS1Ho22}vK`ZF$r<C6%n<xUtGlhj~4l?d0r
zRn`r!R-OBYc=9FZDfVAz$^(+4yl3noE`+Cu=LSj9dYCc`6x0C|l<P2_ylyl!G`ufw
z$3?|%e58oHT_o>{>sVs0xeRw3K5pkLs&vMzH~S}M`b3iGfh}7O{0QlX?;B@#?zZ0S
zhKr6`iSE3gkb=5_DW?UzU_F=QeC_R(PNOxN-r=UTr3o2x7n{@`fK5xBoe7}dL!UL)
zQCsjYB~v@<ZW_bEfSZPpM&nc=_N7(rf`w(x+QBRiK*FUoBG<pH9%v(#&^9cc{DpOm
zWzp<+?S8C+#pS<~B(ts5OUsvHUU#DY0}H+O#iV+^jd7-BRH|W=RsEKh$%x5lc_)?D
zEg_kiaLD+tG-kAaPuRa`QVM)CA@i?lEbyV~UcmmWCLL()6#QLiND4$M7{3g%&C(X6
znNq%H?M*`>ipH@On)NtqpiQm5=U>eK?Wv<cRbIGa(|B2$px``{8v%_J7PCVB_d6ZM
zh(-TX#Y_jWn<X16$oI(-Uq2leqGs_I$JGkF{OhCw6jZlpNn&b~o+4z@s}vJ|VGH(n
z1p>qpb;4I*2pp1B(1{e7TatA4;tTiwO$cnyYkiuy4|sw6B+TPmJt{+5WUqfONk*(7
z>8tW|h%BMlKFc(0C{RKH_eaIQcL=tpHV&^%>p?e;vsLoZq<dzSdDkb$01SNgK*JmU
zAbOc0{UCOKMH)Daie@dQ?j>OL$NXs;9>BjyC@~DG1`ek32H2P41cDVc#bG2flb&K^
zRnB7je*`}_#{DDcCGZaMO;9O3Jmks$N$~${x<D1*)}%nyO+%UtDBH3O*kWDnreZM7
zN5$s91p|OT)a{7WvKb~hLjl#!XB-}ybtuYL2@PF3o~iGy`e=C5_DQQraXs7n@siTo
zi95@Ql>2cOO|}_{S3O(FA<JO<qqof#al8q2i7;qBiF?2+M<+gU%y7G`-Hm==_^JBk
zEkJ8{oeaF9{<^HzAkey(*Tz?XG0z>X#GAIiQvZ2ceSD;YB#<Et(=k?X+<j?Yb*Ye7
zgYlr3n7V5F*QeiQwQ^O~T?XptJb7THh!7I#_}uAdB#HE@OD^d8#fdTAi`0e8Q+I-g
zL`IWc^GsHE(x{TL9s&h36!)iMI+9Zm2r}n9GuTdOp1#8b1q4%&`{xnjbIbm*%y(UG
z!e_g3{e@<m9t<(0ymipdHQ&xC0k+5BIIPA4x=Wa)bp!qLf-bQ`irN$<N`YYEVo!+U
zobHRH`-^94>ys1EPfhQ{DOl8erA0!`?b5S@29(u>%b=D@xH3%0&O=06603{L+NLJ!
z!akQuuNW-p7P8Cw=C7b@sR9uCRv|Xq{fw8IziSRj>RBnfI(PSz>7hD_=zds6_!&f>
z$8cCCU9>$XkgSd?a(Ly(FhZ(yy(p#=Uo#8+wY=Ys=8rl)T6}I*U|WIcYVvP-m+F1^
zn9(nmCxE2`53aFNJFnS{IM(w76U|?v2`+g%M|iA>3c=jdPeB^EuSJ3c&1%CIae;8f
ztUoVvrK5N&^jvDNo!XhpgTR$A+TTNRz_KMu7~w3kXyNIBQ|(~2?ZTX$)R@aPH>~!N
zm(}4SR}CZ{vT^OlMvmyUSu}33>dDR+y{`7KVbNiRTieaoIt{}k81$da9#9cj3CV0u
zPgQCa(%MIJx?<Lz`|BAo;Hnr50{3;VxUp!!4c!n{?^Sn_wakW__N6=~UNBqoihEvx
zU-uVSz(9D!5p~XK)~Ts33bkw=g7fME$jGYUq?~8Ps2hrQlX)3qVoKvbWe*p$MkS@%
z?yy%-(;YB*0&<<p9Li%<OXyUnZv}~%1H0IaCM<E0;4PP`A;*}`0`7^ne(aomV`osV
z>lO%e)cTdq7<vTuy?mtuf!9!mS@aiWPj>rB4es|@n`Cqf;}_GHjvXT<qaU|BTsgQ$
z+zKH=UMogS(P?Xlk~+`?hfLq*92yuE3F>zYb9KVg7oVHvevgEfFLcDcTE1oA_o+WV
z+CAD*uCaJ6%Qq1R*}SHHxe0X|{d8YjzWZGB+RZo$oXE;?pSu`FUytECE>??{R(Scg
zVlkow!?*&Jmo(AVa%!(BX%YJk5zh_-sB;uvJC|04F}~T=c#9enJI^H6JlX-8lKQ$x
zB$147c8ny1l1alH8kn&cL>T1x8aS7eN<JuXp#9Nz^!lq;*o8D;ujqY0Z~hTQedm>D
zVdZr^R=-2#hu-Hpec8g-z_pH<GRWjCwE{=j*=iDwQy)A{)}>hgGq&~i%fa=i;b-~Q
z#TmfpNL?x2#c8Pg?pKFJbb;qXZ6vG@aH|x11vA$#(M<-7QpFmt;jewK&7m@vI_HHg
z71fk=)Ly-eg>A_hY&=h#TCm4HPGR#*_P?7oIgGs>$QDaqTjjk{z*fUd%o2=cE{S8G
zCJ?W_OK8?4cma|*EuC_INnbfpzqgzkZVS!oWzUU#%pEM-Vx9Z+x96t+;H=BK_8*k^
z&t&T|^8IIu0n1nm?*o*u3L0`k=Th~J&8&+6mKGQQze)AwP-+dSoVpruYV`#<^~Gll
zK$4vL8Wpt$bIy8+y>e~OE-EUP?E-UNfG+b4ecCr=C~}%Aw*>E542m{^1UlUBoOHx4
z1wf6i#M=MX72Q|R0U`h*03z_;M&SR>pXz^GcR>w-2!IHH2>jOwc!j-aYpYItxch(N
z^Isbys1}F-hyaKHhyaKHhyaKHhyaKHhyaKHhyaKHhyaKHhyaKHhyaKHhyaKHhyaKH
zhyaKHhyaKHhyaKHhyaKHhyaKHhyaKHhyaKHhyaKHhyaKHhyaKHhyaKHhyaKHhyaKH
ahyaKHhyaKHhyaKHhyaKHh`|4E1pWu@tQ)}q


From d3e189412e968eae62be33e3d69ae1b621c1bb37 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Mon, 9 Nov 2020 16:37:17 -0500
Subject: [PATCH 29/34] x230-external-flash board: CONFIG_BOARD_NAME was
 missing (taken into consideration for display since
 https://github.com/osresearch/heads/commit/6df281813f11add95827727c5d3916ec1a880a04)

---
 boards/x230-external-flash/x230-external-flash.config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/boards/x230-external-flash/x230-external-flash.config b/boards/x230-external-flash/x230-external-flash.config
index dba39c136..a92a324e1 100644
--- a/boards/x230-external-flash/x230-external-flash.config
+++ b/boards/x230-external-flash/x230-external-flash.config
@@ -38,7 +38,7 @@ export CONFIG_BOOT_REQ_ROLLBACK=n
 export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
 export CONFIG_BOOT_KERNEL_REMOVE="quiet"
 export CONFIG_BOOT_DEV="/dev/sda1"
-export CONFIG_BOOT_GUI_MENU_NAME="Thinkpad X230-external Heads Boot Menu"
+export CONFIG_BOARD_NAME="Thinkpad X230-external-flash"
 export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
 
 # This board has two SPI flash chips, an 8 MB that holds the IFD,

From 65d9b3e2fcdede1b9bd2812bed42f9473e94e744 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Mon, 9 Nov 2020 17:04:44 -0500
Subject: [PATCH 30/34] t430-external-flash board addition

---
 .circleci/config.yml                          | 18 ++++++
 .../t430-external-flash.config                | 63 +++++++++++++++++++
 config/coreboot-t430-external-flash.config    | 22 +++++++
 3 files changed, 103 insertions(+)
 create mode 100644 boards/t430-external-flash/t430-external-flash.config
 create mode 100644 config/coreboot-t430-external-flash.config

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 495924019..390fa1c46 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -239,6 +239,24 @@ jobs:
       - store-artifacts:
           path: build/x230-external-flash
 
+      - run:
+          name: t430-external-flash
+          command: |
+            rm -rf build/t430-external-flash/* build/log/* && make CPUS=4 \
+                V=1 \
+                BOARD=t430-external-flash || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
+          no_output_timeout: 3h
+      - run:
+          name: Ouput t430-external-flash hashes
+          command: |
+            cat build/t430-external-flash/hashes.txt \
+      - run:
+          name: Archiving build logs for t430-external-flash
+          command: |
+            tar zcvf build/t430-external-flash/logs.tar.gz ./build/log/*
+      - store-artifacts:
+          path: build/t430-external-flash
+
       - run:
           name: qemu-coreboot
           command: |
diff --git a/boards/t430-external-flash/t430-external-flash.config b/boards/t430-external-flash/t430-external-flash.config
new file mode 100644
index 000000000..ce943382b
--- /dev/null
+++ b/boards/t430-external-flash/t430-external-flash.config
@@ -0,0 +1,63 @@
+# Configuration for a t430 running Qubes and other OSes
+#Includes deactivated+neutered ME and expended consequent IFD 
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=4.8.1
+export CONFIG_LINUX_VERSION=4.14.62
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-x230-external-flash.config
+CONFIG_LINUX_CONFIG=config/linux-x230.config
+
+CONFIG_CRYPTSETUP=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+CONFIG_DROPBEAR=y
+CONFIG_NKSTORECLI=y
+
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+CONFIG_HOTPKEY=y
+
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000E=y
+
+export CONFIG_TPM=y
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
+export CONFIG_BOOT_KERNEL_REMOVE="quiet"
+export CONFIG_BOOT_DEV="/dev/sda1"
+export CONFIG_BOARD_NAME="Thinkpad T430-external-flash"
+export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
+
+# This board has two SPI flash chips, an 8 MB that holds the IFD,
+# the ME image and part of the coreboot image, and a 4 MB one that
+# has the rest of the coreboot and the reset vector.
+#
+# This x230-external-flash board includes neutralized+deactivated Intel ME produced from the following command: 
+#   wget https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe && innoextract g1rg24ww.exe && python ~/me_cleaner/me_cleaner.py -r -t -O heads/blobs/xx30/me.bin app/ME8_5M_Production.bin
+#       
+# As a consequence, this replaces the need of having to flash x230-flash and expends available CBFS region (11.5Mb available CBFS space)
+#
+# When flashing via an external programmer it is easiest to have
+# two separate files for these pieces.
+all: $(build)/$(BOARD)/$(BOARD)-bottom.rom
+$(build)/$(BOARD)/$(BOARD)-bottom.rom: $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
+	$(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none)
+	@sha256sum $@
+
+all: $(build)/$(BOARD)/$(BOARD)-top.rom
+$(build)/$(BOARD)/$(BOARD)-top.rom: $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
+	$(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none)
+	@sha256sum $@
diff --git a/config/coreboot-t430-external-flash.config b/config/coreboot-t430-external-flash.config
new file mode 100644
index 000000000..7e7ddf2fa
--- /dev/null
+++ b/config/coreboot-t430-external-flash.config
@@ -0,0 +1,22 @@
+CONFIG_ANY_TOOLCHAIN=y
+CONFIG_MEASURED_BOOT=y
+CONFIG_VENDOR_LENOVO=y
+CONFIG_CBFS_SIZE=0xB80000
+CONFIG_HAVE_IFD_BIN=y
+CONFIG_HAVE_ME_BIN=y
+CONFIG_HAVE_GBE_BIN=y
+CONFIG_IFD_BIN_PATH="../../blobs/xx30/ifd.bin"
+CONFIG_ME_BIN_PATH="../../blobs/xx30/me.bin"
+CONFIG_GBE_BIN_PATH="../../blobs/xx30/gbe.bin"
+CONFIG_BOARD_LENOVO_THINKPAD_T430=y
+CONFIG_NO_POST=y
+CONFIG_UART_PCI_ADDR=0
+# CONFIG_CONSOLE_SERIAL is not set
+CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000
+CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y
+CONFIG_PAYLOAD_LINUX=y
+CONFIG_PAYLOAD_FILE="../../build/t430-external-flash/bzImage"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
+CONFIG_LINUX_INITRD="../../build/t430-external-flash/initrd.cpio.xz"
+CONFIG_USE_OPTION_TABLE=y
+CONFIG_STATIC_OPTION_TABLE=y

From c80ccb9024750898bc039fcd808be115bc9296ca Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Fri, 20 Nov 2020 22:54:09 -0500
Subject: [PATCH 31/34] x230-external-flash, t430-external flash boards:
 correct -top.rom and -bottom.rom names to contain also git commit id in final
 top and bottom rom names.

---
 boards/t430-external-flash/t430-external-flash.config | 4 ++--
 boards/x230-external-flash/x230-external-flash.config | 5 +++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/boards/t430-external-flash/t430-external-flash.config b/boards/t430-external-flash/t430-external-flash.config
index ce943382b..5be5aed0a 100644
--- a/boards/t430-external-flash/t430-external-flash.config
+++ b/boards/t430-external-flash/t430-external-flash.config
@@ -53,11 +53,11 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
 # When flashing via an external programmer it is easiest to have
 # two separate files for these pieces.
 all: $(build)/$(BOARD)/$(BOARD)-bottom.rom
-$(build)/$(BOARD)/$(BOARD)-bottom.rom: $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
+$(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
 	$(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none)
 	@sha256sum $@
 
-all: $(build)/$(BOARD)/$(BOARD)-top.rom
+all: $(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom
 $(build)/$(BOARD)/$(BOARD)-top.rom: $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
 	$(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none)
 	@sha256sum $@
diff --git a/boards/x230-external-flash/x230-external-flash.config b/boards/x230-external-flash/x230-external-flash.config
index a92a324e1..786775ec9 100644
--- a/boards/x230-external-flash/x230-external-flash.config
+++ b/boards/x230-external-flash/x230-external-flash.config
@@ -53,11 +53,12 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
 # When flashing via an external programmer it is easiest to have
 # two separate files for these pieces.
 all: $(build)/$(BOARD)/$(BOARD)-bottom.rom
-$(build)/$(BOARD)/$(BOARD)-bottom.rom: $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
+heads-$(BOARD)-$(HEADS_GIT_VERSION)
+$(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
 	$(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none)
 	@sha256sum $@
 
-all: $(build)/$(BOARD)/$(BOARD)-top.rom
+all: $(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom
 $(build)/$(BOARD)/$(BOARD)-top.rom: $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
 	$(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none)
 	@sha256sum $@

From 1462bee343c5c43f99ab9fdf91b01dc61e9a403e Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Sat, 21 Nov 2020 14:44:18 -0500
Subject: [PATCH 32/34] xx30 CircleCI: call ./blobs/xx30/download_clean_me.sh
 prior of external-flash boards, seperate build from output of build errors as
 for other boards. xx30 Boards: clarify requirements, blobs extraction scripts
 and categorize dependencies in groups bfor better user/dev understanding xx30
 Boards: rename boards : x230-external-flash -> x230-maximized,
 t430-external-flash -> t430-maximized. Changes inside of CircleCI
 accordingly. xx30 Boards: Add x230-hotp-maximized and t430-hotp-maximized.
 Changes in CircleCI accordingly.

---
 .circleci/config.yml                          | 189 ++++++++++++++----
 .../t430-hotp-maximized.config}               |  51 +++--
 boards/t430-maximized/t430-maximized.config   |  86 ++++++++
 .../x230-hotp-maximized.config}               |  52 +++--
 .../x230-hotp-verification.config             |   2 +-
 .../x230-hotp-verification.config.orig        |  65 ++++++
 boards/x230-maximized/x230-maximized.config   |  86 ++++++++
 ...ig => coreboot-t430-hotp-maximized.config} |   4 +-
 config/coreboot-t430-maximized.config         |  22 ++
 ...ig => coreboot-x230-hotp-maximized.config} |   4 +-
 config/coreboot-x230-maximized.config         |  20 ++
 11 files changed, 504 insertions(+), 77 deletions(-)
 rename boards/{t430-external-flash/t430-external-flash.config => t430-hotp-maximized/t430-hotp-maximized.config} (51%)
 create mode 100644 boards/t430-maximized/t430-maximized.config
 rename boards/{x230-external-flash/x230-external-flash.config => x230-hotp-maximized/x230-hotp-maximized.config} (51%)
 create mode 100644 boards/x230-hotp-verification/x230-hotp-verification.config.orig
 create mode 100644 boards/x230-maximized/x230-maximized.config
 rename config/{coreboot-t430-external-flash.config => coreboot-t430-hotp-maximized.config} (83%)
 create mode 100644 config/coreboot-t430-maximized.config
 rename config/{coreboot-x230-external-flash.config => coreboot-x230-hotp-maximized.config} (81%)
 create mode 100644 config/coreboot-x230-maximized.config

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 390fa1c46..e2b79cd9e 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -62,12 +62,14 @@ jobs:
       - run:
           name: librem_l1um
           command: |
-            rm -rf build/librem_l1um/* build/log/* && make CPUS=4 \
-                V=1 \
-                BOARD=librem_l1um || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
+            rm -rf build/librem_l1um/* build/log/* && make CPUS=4 V=1 BOARD=librem_l1um || touch /tmp/failed_build
           no_output_timeout: 3h
       - run:
-          name: Ouput librem_l1um hashes
+          name: Output build failing logs 
+          command: |
+            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi \
+      - run:
+          name: Output librem_l1um hashes
           command: |
             cat build/librem_l1um/hashes.txt \
       - run:
@@ -80,12 +82,14 @@ jobs:
       - run:
           name: librem_mini
           command: |
-            rm -rf build/librem_mini/* build/log/* && make CPUS=4 \
-                V=1 \
-                BOARD=librem_mini || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
+            rm -rf build/librem_mini/* build/log/* && make CPUS=4 V=1 BOARD=librem_mini || touch /tmp/failed_build
           no_output_timeout: 3h
       - run:
-          name: Ouput librem_mini hashes
+          name: Output build failing logs
+          command: |
+            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
+      - run:
+          name: Output librem_mini hashes
           command: |
             cat build/librem_mini/hashes.txt \
       - run:
@@ -95,19 +99,37 @@ jobs:
       - store-artifacts:
           path: build/librem_mini
 
+      - run:
+          name: librem_mini_v2
+          command: |
+            rm -rf build/librem_mini_v2/* build/log/* && make CPUS=4 V=1 BOARD=librem_mini_v2 || touch /tmp/failed_build
+          no_output_timeout: 3h
+      - run:
+          name: Output build failing logs
+          command: |
+            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
+      - run:
+          name: Output librem_mini_v2 hashes
+          command: |
+            cat build/librem_mini_v2/hashes.txt \
+      - run:
+          name: Archiving build logs for librem_mini_v2
+          command: |
+             tar zcvf build/librem_mini_v2/logs.tar.gz build/log/*
+      - store-artifacts:
+          path: build/librem_mini_v2
+
       - run:
           name: x230-flash
           command: |
-            rm -rf build/x230-flash/* build/log/* && make CPUS=4 \
-                V=1 \
-                BOARD=x230-flash || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
+            rm -rf build/x230-flash/* build/log/* && make CPUS=4 V=1 BOARD=x230-flash || touch /tmp/failed_build
           no_output_timeout: 3h
       - run:
-          name: Ouput build failing logs
+          name: Output build failing logs
           command: |
             if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
       - run:
-          name: Ouput x230-flash hashes
+          name: Output x230-flash hashes
           command: |
             cat build/x230-flash/hashes.txt \
       - run:
@@ -123,11 +145,11 @@ jobs:
             rm -rf build/t430-flash/* build/log/* && make CPUS=4 V=1 BOARD=t430-flash || touch /tmp/failed_build
           no_output_timeout: 3h
       - run:
-          name: Ouput build failing logs
+          name: Output build failing logs
           command: |
             if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
       - run:
-          name: Ouput t430-flash hashes
+          name: Output t430-flash hashes
           command: |
             cat build/t430-flash/hashes.txt \
       - run:
@@ -143,11 +165,11 @@ jobs:
             rm -rf build/t430/* build/log/* && make CPUS=4 V=1 BOARD=t430 || touch /tmp/failed_build
           no_output_timeout: 3h
       - run:
-          name: Ouput build failing logs
+          name: Output build failing logs
           command: |
             if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
       - run:
-          name: Ouput t430 hashes
+          name: Output t430 hashes
           command: |
             cat build/t430/hashes.txt \
       - run:
@@ -163,11 +185,11 @@ jobs:
             rm -rf build/x230/* build/log/* && make CPUS=4 V=1 BOARD=x230 || touch /tmp/failed_build
           no_output_timeout: 3h
       - run:
-          name: Ouput build failing logs
+          name: Output build failing logs
           command: |
             if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
       - run:
-          name: Ouput x230 hashes
+          name: Output x230 hashes
           command: |
             cat build/x230/hashes.txt \
       - run:
@@ -183,11 +205,11 @@ jobs:
             rm -rf build/x230-hotp-verification/* build/log/* && make CPUS=4 V=1 BOARD=x230-hotp-verification || touch /tmp/failed_build
           no_output_timeout: 3h
       - run:
-          name: Ouput build failing logs
+          name: Output build failing logs
           command: |
             if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
       - run:
-          name: Ouput x230-hotp-verification hashes
+          name: Output x230-hotp-verification hashes
           command: |
             cat build/x230-hotp-verification/hashes.txt \
       - run:
@@ -203,11 +225,11 @@ jobs:
             rm -rf build/x230-nkstorecli/* build/log/* && make CPUS=4 V=1 BOARD=x230-nkstorecli || touch /tmp/failed_build
           no_output_timeout: 3h
       - run:
-          name: Ouput build failing logs
+          name: Output build failing logs
           command: |
             if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
       - run:
-          name: Ouput x230-nkstorecli hashes
+          name: Output x230-nkstorecli hashes
           command: |
             cat build/x230-nkstorecli/hashes.txt \
       - run:
@@ -222,40 +244,121 @@ jobs:
           command: |
             ./blobs/xx30/download_clean_me.sh
       - run:
-          name: x230-external-flash
+          name: x230-maximized
+          command: |
+            rm -rf build/x230-maximized/* build/log/* && make CPUS=4 V=1 BOARD=x230-maximized || touch /tmp/failed_build
+          no_output_timeout: 3h
+      - run:
+          name: Output build failing logs
+          command: |
+            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
+      - run:
+          name: Output x230-maximized hashes
+          command: |
+            cat build/x230-maximized/hashes.txt \
+      - run:
+          name: Archiving build logs for x230-maximized
+          command: |
+            tar zcvf build/x230-maximized/logs.tar.gz ./build/log/*
+      - store-artifacts:
+          path: build/x230-maximized
+
+      - run:
+          name: Download and neuter xx30 ME (keep generated GBE and extracted IFD in tree)  
+          command: |
+            ./blobs/xx30/download_clean_me.sh
+      - run:
+          name: t430-hotp-maximized
+          command: |
+            rm -rf build/t430-hotp-maximized/* build/log/* && make CPUS=4 V=1 BOARD=t430-hotp-maximized || touch /tmp/failed_build
+          no_output_timeout: 3h
+      - run:
+          name: Output build failing logs
+          command: |
+            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
+      - run:
+          name: Output t430-hotp-maximized hashes
+          command: |
+            cat build/t430-hotp-maximized/hashes.txt \
+      - run:
+          name: Archiving build logs for t430-hotp-maximized
+          command: |
+            tar zcvf build/t430-hotp-maximized/logs.tar.gz ./build/log/*
+      - store-artifacts:
+          path: build/t430-hotp-maximized
+
+      - run:
+          name: Download and neuter xx30 ME (keep generated GBE and extracted IFD in tree)  
+          command: |
+            ./blobs/xx30/download_clean_me.sh
+      - run:
+          name: x230-maximized
+          command: |
+            rm -rf build/x230-maximized/* build/log/* && make CPUS=4 V=1 BOARD=x230-maximized || touch /tmp/failed_build
+          no_output_timeout: 3h
+      - run:
+          name: Output build failing logs
+          command: |
+            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
+      - run:
+          name: Output x230-maximized hashes
+          command: |
+            cat build/x230-maximized/hashes.txt \
+      - run:
+          name: Archiving build logs for x230-maximized
+          command: |
+            tar zcvf build/x230-maximized/logs.tar.gz ./build/log/*
+      - store-artifacts:
+          path: build/x230-maximized
+
+      - run:
+          name: Download and neuter xx30 ME (keep generated GBE and extracted IFD in tree)  
+          command: |
+            ./blobs/xx30/download_clean_me.sh
+      - run:
+          name: x230-hotp-maximized
           command: |
-            rm -rf build/x230-external-flash/* build/log/* && make CPUS=4 \
-                V=1 \
-                BOARD=x230-external-flash || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
+            rm -rf build/x230-hotp-maximized/* build/log/* && make CPUS=4 V=1 BOARD=x230-hotp-maximized || touch /tmp/failed_build
           no_output_timeout: 3h
       - run:
-          name: Ouput x230-external-flash hashes
+          name: Output build failing logs
           command: |
-            cat build/x230-external-flash/hashes.txt \
+            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
       - run:
-          name: Archiving build logs for x230-external-flash
+          name: Output x230-hotp-maximized hashes
           command: |
-            tar zcvf build/x230-external-flash/logs.tar.gz ./build/log/*
+            cat build/x230-hotp-maximized/hashes.txt \
+      - run:
+          name: Archiving build logs for x230-hotp-maximized
+          command: |
+            tar zcvf build/x230-hotp-maximized/logs.tar.gz ./build/log/*
       - store-artifacts:
-          path: build/x230-external-flash
+          path: build/x230-hotp-maximized
+
 
       - run:
-          name: t430-external-flash
+          name: Download and neuter xx30 ME (keep generated GBE and extracted IFD in tree)  
           command: |
-            rm -rf build/t430-external-flash/* build/log/* && make CPUS=4 \
-                V=1 \
-                BOARD=t430-external-flash || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
+            ./blobs/xx30/download_clean_me.sh
+      - run:
+          name: t430-maximized
+          command: |
+            rm -rf build/t430-maximized/* build/log/* && make CPUS=4 V=1 BOARD=t430-maximized || touch /tmp/failed_build
           no_output_timeout: 3h
       - run:
-          name: Ouput t430-external-flash hashes
+          name: Output build failing logs
+          command: |
+            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
+      - run:
+          name: Output t430-maximized hashes
           command: |
-            cat build/t430-external-flash/hashes.txt \
+            cat build/t430-maximized/hashes.txt \
       - run:
-          name: Archiving build logs for t430-external-flash
+          name: Archiving build logs for t430-maximized
           command: |
-            tar zcvf build/t430-external-flash/logs.tar.gz ./build/log/*
+            tar zcvf build/t430-maximized/logs.tar.gz ./build/log/*
       - store-artifacts:
-          path: build/t430-external-flash
+          path: build/t430-maximized
 
       - run:
           name: qemu-coreboot
@@ -263,7 +366,7 @@ jobs:
             rm -rf build/qemu-coreboot/* build/log/* && make CPUS=4 V=1 BOARD=qemu-coreboot || touch /tmp/failed_build
           no_output_timeout: 3h
       - run:
-          name: Ouput build failing logs
+          name: Output build failing logs
           command: |
             if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
       - run:
@@ -283,7 +386,7 @@ jobs:
             rm -rf build/qemu-coreboot-fbwhiptail/* build/log/* && make CPUS=4 V=1 BOARD=qemu-coreboot-fbwhiptail || touch /tmp/failed_build
           no_output_timeout: 3h
       - run:
-          name: Ouput build failing logs
+          name: Output build failing logs
           command: |
             if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
       - run:
diff --git a/boards/t430-external-flash/t430-external-flash.config b/boards/t430-hotp-maximized/t430-hotp-maximized.config
similarity index 51%
rename from boards/t430-external-flash/t430-external-flash.config
rename to boards/t430-hotp-maximized/t430-hotp-maximized.config
index 5be5aed0a..fa5635b55 100644
--- a/boards/t430-external-flash/t430-external-flash.config
+++ b/boards/t430-hotp-maximized/t430-hotp-maximized.config
@@ -1,12 +1,23 @@
-# Configuration for a t430 running Qubes and other OSes
-#Includes deactivated+neutered ME and expended consequent IFD 
+# Configuration for a T430 running Qubes and other Linux Based OSes (through kexec)
+#
+# Includes 
+# - Deactivated+neutered ME and expended consequent IFD BIOS regions 
+# - Forged 00:DE:AD:C0:FF:EE MAC address  (if not extracting gbe.bin from backup with blobs/xx30/extract.sh)
+#   - Note that this MAC address can be modified under build/coreboot-VER/util/bincfg/gbe-82579LM.set
+#
+# - Includes NKSTORECLI to support Nitrokey Storage administrative tool
+# - Nitrokey/Librem Key HOTP Security dongle remote attestation (in addition to TOTP remote attestation through Qr Code)
 export CONFIG_COREBOOT=y
 export CONFIG_COREBOOT_VERSION=4.8.1
 export CONFIG_LINUX_VERSION=4.14.62
 
-CONFIG_COREBOOT_CONFIG=config/coreboot-x230-external-flash.config
+CONFIG_COREBOOT_CONFIG=config/coreboot-t430-hotp-maximized.config
 CONFIG_LINUX_CONFIG=config/linux-x230.config
 
+#Additional hardware support
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000E=y
+
 CONFIG_CRYPTSETUP=y
 CONFIG_FLASHROM=y
 CONFIG_FLASHTOOLS=y
@@ -16,22 +27,32 @@ CONFIG_UTIL_LINUX=y
 CONFIG_LVM2=y
 CONFIG_MBEDTLS=y
 CONFIG_PCIUTILS=y
+
+#Remote attestation support
+#TPM based requirements
+export CONFIG_TPM=y
 CONFIG_POPT=y
 CONFIG_QRENCODE=y
 CONFIG_TPMTOTP=y
-CONFIG_DROPBEAR=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
+CONFIG_HOTPKEY=y
+
+#Nitrokey Storage admin tool
 CONFIG_NKSTORECLI=y
 
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
 #CONFIG_SLANG=y
 #CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
 CONFIG_CAIRO=y
 CONFIG_FBWHIPTAIL=y
-CONFIG_HOTPKEY=y
 
-CONFIG_LINUX_USB=y
-CONFIG_LINUX_E1000E=y
+#Additional tools:
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
 
-export CONFIG_TPM=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n
@@ -41,23 +62,25 @@ export CONFIG_BOOT_DEV="/dev/sda1"
 export CONFIG_BOARD_NAME="Thinkpad T430-external-flash"
 export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
 
+# xx30-external-flash boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin
+#  - blobs/xx30/download_clean_me.sh
+#     To download Lenovo original ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region.
+#  - blobs/xx30/extract.sh
+#     To extract from backuped 8M (bottom SPI) ME binary, GBE and 
 # This board has two SPI flash chips, an 8 MB that holds the IFD,
 # the ME image and part of the coreboot image, and a 4 MB one that
 # has the rest of the coreboot and the reset vector.
-#
-# This x230-external-flash board includes neutralized+deactivated Intel ME produced from the following command: 
-#   wget https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe && innoextract g1rg24ww.exe && python ~/me_cleaner/me_cleaner.py -r -t -O heads/blobs/xx30/me.bin app/ME8_5M_Production.bin
-#       
+#   
 # As a consequence, this replaces the need of having to flash x230-flash and expends available CBFS region (11.5Mb available CBFS space)
 #
 # When flashing via an external programmer it is easiest to have
 # two separate files for these pieces.
-all: $(build)/$(BOARD)/$(BOARD)-bottom.rom
+all: $(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom
 $(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
 	$(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none)
 	@sha256sum $@
 
 all: $(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom
-$(build)/$(BOARD)/$(BOARD)-top.rom: $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
+$(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
 	$(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none)
 	@sha256sum $@
diff --git a/boards/t430-maximized/t430-maximized.config b/boards/t430-maximized/t430-maximized.config
new file mode 100644
index 000000000..2553a6203
--- /dev/null
+++ b/boards/t430-maximized/t430-maximized.config
@@ -0,0 +1,86 @@
+# Configuration for a T430 running Qubes and other Linux Based OSes (through kexec)
+#
+# Includes 
+# - Deactivated+neutered ME and expended consequent IFD BIOS regions 
+# - Forged 00:DE:AD:C0:FF:EE MAC address  (if not extracting gbe.bin from backup with blobs/xx30/extract.sh)
+#   - Note that this MAC address can be modified under build/coreboot-VER/util/bincfg/gbe-82579LM.set
+#
+# - Includes NKSTORECLI to support Nitrokey Storage administrative tool
+# - DOES NOT INCLUDE Nitrokey/Librem Key HOTP Security dongle remote attestation (in addition to TOTP remote attestation through Qr Code)
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=4.8.1
+export CONFIG_LINUX_VERSION=4.14.62
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-t430-maximized.config
+CONFIG_LINUX_CONFIG=config/linux-x230.config
+
+#Additional hardware support
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000E=y
+
+CONFIG_CRYPTSETUP=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+
+#Remote attestation support
+#TPM based requirements
+export CONFIG_TPM=y
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
+#CONFIG_HOTPKEY=y
+
+#Nitrokey Storage admin tool
+CONFIG_NKSTORECLI=y
+
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+
+#Additional tools:
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
+
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
+export CONFIG_BOOT_KERNEL_REMOVE="quiet"
+export CONFIG_BOOT_DEV="/dev/sda1"
+export CONFIG_BOARD_NAME="Thinkpad T430-external-flash"
+export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
+
+# xx30-external-flash boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin
+#  - blobs/xx30/download_clean_me.sh
+#     To download Lenovo original ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region.
+#  - blobs/xx30/extract.sh
+#     To extract from backuped 8M (bottom SPI) ME binary, GBE and 
+# This board has two SPI flash chips, an 8 MB that holds the IFD,
+# the ME image and part of the coreboot image, and a 4 MB one that
+# has the rest of the coreboot and the reset vector.
+#   
+# As a consequence, this replaces the need of having to flash x230-flash and expends available CBFS region (11.5Mb available CBFS space)
+#
+# When flashing via an external programmer it is easiest to have
+# two separate files for these pieces.
+all: $(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom
+$(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
+	$(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none)
+	@sha256sum $@
+
+all: $(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom
+$(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
+	$(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none)
+	@sha256sum $@
diff --git a/boards/x230-external-flash/x230-external-flash.config b/boards/x230-hotp-maximized/x230-hotp-maximized.config
similarity index 51%
rename from boards/x230-external-flash/x230-external-flash.config
rename to boards/x230-hotp-maximized/x230-hotp-maximized.config
index 786775ec9..bfbf68334 100644
--- a/boards/x230-external-flash/x230-external-flash.config
+++ b/boards/x230-hotp-maximized/x230-hotp-maximized.config
@@ -1,12 +1,23 @@
-# Configuration for a x230 running Qubes and other OSes
-#Includes deactivated+neutered ME and expended consequent IFD 
+# Configuration for a X230 running Qubes and other Linux Based OSes (through kexec)
+#
+# Includes 
+# - Deactivated+neutered ME and expended consequent IFD BIOS regions 
+# - Forged 00:DE:AD:C0:FF:EE MAC address  (if not extracting gbe.bin from backup with blobs/xx30/extract.sh)
+#   - Note that this MAC address can be modified under build/coreboot-VER/util/bincfg/gbe-82579LM.set
+#
+# - Includes NKSTORECLI to support Nitrokey Storage administrative tool
+# - Nitrokey/Librem Key HOTP Security dongle remote attestation (in addition to TOTP remote attestation through Qr Code)
 export CONFIG_COREBOOT=y
 export CONFIG_COREBOOT_VERSION=4.8.1
 export CONFIG_LINUX_VERSION=4.14.62
 
-CONFIG_COREBOOT_CONFIG=config/coreboot-x230-external-flash.config
+CONFIG_COREBOOT_CONFIG=config/coreboot-x230-hotp-maximized.config
 CONFIG_LINUX_CONFIG=config/linux-x230.config
 
+#Additional hardware support
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000E=y
+
 CONFIG_CRYPTSETUP=y
 CONFIG_FLASHROM=y
 CONFIG_FLASHTOOLS=y
@@ -16,22 +27,32 @@ CONFIG_UTIL_LINUX=y
 CONFIG_LVM2=y
 CONFIG_MBEDTLS=y
 CONFIG_PCIUTILS=y
+
+#Remote attestation support
+#TPM based requirements
+export CONFIG_TPM=y
 CONFIG_POPT=y
 CONFIG_QRENCODE=y
 CONFIG_TPMTOTP=y
-CONFIG_DROPBEAR=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
+CONFIG_HOTPKEY=y
+
+#Nitrokey Storage admin tool
 CONFIG_NKSTORECLI=y
 
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
 #CONFIG_SLANG=y
 #CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
 CONFIG_CAIRO=y
 CONFIG_FBWHIPTAIL=y
-CONFIG_HOTPKEY=y
 
-CONFIG_LINUX_USB=y
-CONFIG_LINUX_E1000E=y
+#Additional tools:
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
 
-export CONFIG_TPM=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n
@@ -41,24 +62,25 @@ export CONFIG_BOOT_DEV="/dev/sda1"
 export CONFIG_BOARD_NAME="Thinkpad X230-external-flash"
 export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
 
+# xx30-external-flash boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin
+#  - blobs/xx30/download_clean_me.sh
+#     To download Lenovo original ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region.
+#  - blobs/xx30/extract.sh
+#     To extract from backuped 8M (bottom SPI) ME binary, GBE and 
 # This board has two SPI flash chips, an 8 MB that holds the IFD,
 # the ME image and part of the coreboot image, and a 4 MB one that
 # has the rest of the coreboot and the reset vector.
-#
-# This x230-external-flash board includes neutralized+deactivated Intel ME produced from the following command: 
-#   wget https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe && innoextract g1rg24ww.exe && python ~/me_cleaner/me_cleaner.py -r -t -O heads/blobs/xx30/me.bin app/ME8_5M_Production.bin
-#       
+#   
 # As a consequence, this replaces the need of having to flash x230-flash and expends available CBFS region (11.5Mb available CBFS space)
 #
 # When flashing via an external programmer it is easiest to have
 # two separate files for these pieces.
-all: $(build)/$(BOARD)/$(BOARD)-bottom.rom
-heads-$(BOARD)-$(HEADS_GIT_VERSION)
+all: $(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom
 $(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
 	$(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none)
 	@sha256sum $@
 
 all: $(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom
-$(build)/$(BOARD)/$(BOARD)-top.rom: $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
+$(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
 	$(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none)
 	@sha256sum $@
diff --git a/boards/x230-hotp-verification/x230-hotp-verification.config b/boards/x230-hotp-verification/x230-hotp-verification.config
index a0aa199e5..c14c78384 100644
--- a/boards/x230-hotp-verification/x230-hotp-verification.config
+++ b/boards/x230-hotp-verification/x230-hotp-verification.config
@@ -47,7 +47,7 @@ export CONFIG_BOOT_REQ_ROLLBACK=n
 export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
 export CONFIG_BOOT_KERNEL_REMOVE="quiet"
 export CONFIG_BOOT_DEV="/dev/sda1"
-export CONFIG_BOOT_GUI_MENU_NAME="Thinkpad X230-HOTP-dongle Heads Boot Menu"
+export CONFIG_BOARD_NAME="Thinkpad X230"
 export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios"
 
 # This board has two SPI flash chips, an 8 MB that holds the IFD,
diff --git a/boards/x230-hotp-verification/x230-hotp-verification.config.orig b/boards/x230-hotp-verification/x230-hotp-verification.config.orig
new file mode 100644
index 000000000..b29b22445
--- /dev/null
+++ b/boards/x230-hotp-verification/x230-hotp-verification.config.orig
@@ -0,0 +1,65 @@
+# Configuration for a x230-hotp-verification (Nitrokey/Purism USB Security dongle enabled HOTP support) 
+# running Qubes and other OSes.
+#
+# Deactivated to fit in coreboot's CONFIG_CBFS_SIZE=0x700000 :
+# dropbear support(ssh client/server)
+# e1000e (ethernet driver)
+#
+# Addition vs standard x230 board config:
+# HOTP_KEY: HOTP challenge for currently supported USB Security dongles
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=4.8.1
+export CONFIG_LINUX_VERSION=4.14.62
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-x230-hotp-verification.config
+CONFIG_LINUX_CONFIG=config/linux-x230.config
+
+CONFIG_CRYPTSETUP=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+CONFIG_HOTPKEY=y
+
+CONFIG_LINUX_USB=y
+
+#SSH client/server
+CONFIG_DROPBEAR=n
+#Ethernet driver (Heads only)
+CONFIG_LINUX_E1000E=n
+
+export CONFIG_TPM=y
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
+export CONFIG_BOOT_KERNEL_REMOVE="quiet"
+export CONFIG_BOOT_DEV="/dev/sda1"
+<<<<<<< HEAD
+export CONFIG_BOARD_NAME="Thinkpad X230"
+=======
+export CONFIG_BOOT_GUI_MENU_NAME="Thinkpad X230-HOTP-dongle Heads Boot Menu"
+export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
+export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
+>>>>>>> conflict resolution after merge (LOCAL_VERSION removed from coreboot config). coreboot 4.8.1 test branch
+export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios"
+
+# This board has two SPI flash chips, an 8 MB that holds the IFD,
+# the ME image and part of the coreboot image, and a 4 MB one that
+# has the rest of the coreboot and the reset vector.
+#
+# Only flashing to the bios region is safe to do. The easiest is to
+# flash internally when the IFD is unlocked for writing, and x230-flash
+# is installed first.
diff --git a/boards/x230-maximized/x230-maximized.config b/boards/x230-maximized/x230-maximized.config
new file mode 100644
index 000000000..dc1900060
--- /dev/null
+++ b/boards/x230-maximized/x230-maximized.config
@@ -0,0 +1,86 @@
+# Configuration for a X230 running Qubes and other Linux Based OSes (through kexec)
+#
+# Includes 
+# - Deactivated+neutered ME and expended consequent IFD BIOS regions 
+# - Forged 00:DE:AD:C0:FF:EE MAC address  (if not extracting gbe.bin from backup with blobs/xx30/extract.sh)
+#   - Note that this MAC address can be modified under build/coreboot-VER/util/bincfg/gbe-82579LM.set
+#
+# - Includes NKSTORECLI to support Nitrokey Storage administrative tool
+# - DOES NOT INCLUDE Nitrokey/Librem Key HOTP Security dongle remote attestation (in addition to TOTP remote attestation through Qr Code)
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=4.8.1
+export CONFIG_LINUX_VERSION=4.14.62
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-x230-maximized.config
+CONFIG_LINUX_CONFIG=config/linux-x230.config
+
+#Additional hardware support
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000E=y
+
+CONFIG_CRYPTSETUP=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+
+#Remote attestation support
+#TPM based requirements
+export CONFIG_TPM=y
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
+#CONFIG_HOTPKEY=y
+
+#Nitrokey Storage admin tool
+CONFIG_NKSTORECLI=y
+
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+
+#Additional tools:
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
+
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
+export CONFIG_BOOT_KERNEL_REMOVE="quiet"
+export CONFIG_BOOT_DEV="/dev/sda1"
+export CONFIG_BOARD_NAME="Thinkpad X230-external-flash"
+export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
+
+# xx30-external-flash boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin
+#  - blobs/xx30/download_clean_me.sh
+#     To download Lenovo original ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region.
+#  - blobs/xx30/extract.sh
+#     To extract from backuped 8M (bottom SPI) ME binary, GBE and 
+# This board has two SPI flash chips, an 8 MB that holds the IFD,
+# the ME image and part of the coreboot image, and a 4 MB one that
+# has the rest of the coreboot and the reset vector.
+#   
+# As a consequence, this replaces the need of having to flash x230-flash and expends available CBFS region (11.5Mb available CBFS space)
+#
+# When flashing via an external programmer it is easiest to have
+# two separate files for these pieces.
+all: $(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom
+$(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
+	$(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none)
+	@sha256sum $@
+
+all: $(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom
+$(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(build)/$(BOARD)/$(CB_OUTPUT_FILE)
+	$(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none)
+	@sha256sum $@
diff --git a/config/coreboot-t430-external-flash.config b/config/coreboot-t430-hotp-maximized.config
similarity index 83%
rename from config/coreboot-t430-external-flash.config
rename to config/coreboot-t430-hotp-maximized.config
index 7e7ddf2fa..7e1022604 100644
--- a/config/coreboot-t430-external-flash.config
+++ b/config/coreboot-t430-hotp-maximized.config
@@ -15,8 +15,8 @@ CONFIG_UART_PCI_ADDR=0
 CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000
 CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y
 CONFIG_PAYLOAD_LINUX=y
-CONFIG_PAYLOAD_FILE="../../build/t430-external-flash/bzImage"
+CONFIG_PAYLOAD_FILE="../../build/t430-hotp-maximized/bzImage"
 CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
-CONFIG_LINUX_INITRD="../../build/t430-external-flash/initrd.cpio.xz"
+CONFIG_LINUX_INITRD="../../build/t430-hotp-maximized/initrd.cpio.xz"
 CONFIG_USE_OPTION_TABLE=y
 CONFIG_STATIC_OPTION_TABLE=y
diff --git a/config/coreboot-t430-maximized.config b/config/coreboot-t430-maximized.config
new file mode 100644
index 000000000..e4706b350
--- /dev/null
+++ b/config/coreboot-t430-maximized.config
@@ -0,0 +1,22 @@
+CONFIG_ANY_TOOLCHAIN=y
+CONFIG_MEASURED_BOOT=y
+CONFIG_VENDOR_LENOVO=y
+CONFIG_CBFS_SIZE=0xB80000
+CONFIG_HAVE_IFD_BIN=y
+CONFIG_HAVE_ME_BIN=y
+CONFIG_HAVE_GBE_BIN=y
+CONFIG_IFD_BIN_PATH="../../blobs/xx30/ifd.bin"
+CONFIG_ME_BIN_PATH="../../blobs/xx30/me.bin"
+CONFIG_GBE_BIN_PATH="../../blobs/xx30/gbe.bin"
+CONFIG_BOARD_LENOVO_THINKPAD_T430=y
+CONFIG_NO_POST=y
+CONFIG_UART_PCI_ADDR=0
+# CONFIG_CONSOLE_SERIAL is not set
+CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000
+CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y
+CONFIG_PAYLOAD_LINUX=y
+CONFIG_PAYLOAD_FILE="../../build/t430-maximized/bzImage"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
+CONFIG_LINUX_INITRD="../../build/t430-maximized/initrd.cpio.xz"
+CONFIG_USE_OPTION_TABLE=y
+CONFIG_STATIC_OPTION_TABLE=y
diff --git a/config/coreboot-x230-external-flash.config b/config/coreboot-x230-hotp-maximized.config
similarity index 81%
rename from config/coreboot-x230-external-flash.config
rename to config/coreboot-x230-hotp-maximized.config
index c140f2d61..1f50577b4 100644
--- a/config/coreboot-x230-external-flash.config
+++ b/config/coreboot-x230-hotp-maximized.config
@@ -15,6 +15,6 @@ CONFIG_NO_GFX_INIT=y
 CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000
 CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y
 CONFIG_PAYLOAD_LINUX=y
-CONFIG_PAYLOAD_FILE="../../build/x230-external-flash/bzImage"
+CONFIG_PAYLOAD_FILE="../../build/x230-hotp-maximized/bzImage"
 CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
-CONFIG_LINUX_INITRD="../../build/x230-external-flash/initrd.cpio.xz"
+CONFIG_LINUX_INITRD="../../build/x230-hotp-maximized/initrd.cpio.xz"
diff --git a/config/coreboot-x230-maximized.config b/config/coreboot-x230-maximized.config
new file mode 100644
index 000000000..fb9b6d1d8
--- /dev/null
+++ b/config/coreboot-x230-maximized.config
@@ -0,0 +1,20 @@
+CONFIG_ANY_TOOLCHAIN=y
+CONFIG_MEASURED_BOOT=y
+CONFIG_VENDOR_LENOVO=y
+CONFIG_CBFS_SIZE=0xB80000
+CONFIG_HAVE_IFD_BIN=y
+CONFIG_HAVE_ME_BIN=y
+CONFIG_HAVE_GBE_BIN=y
+CONFIG_IFD_BIN_PATH="../../blobs/xx30/ifd.bin"
+CONFIG_ME_BIN_PATH="../../blobs/xx30/me.bin"
+CONFIG_GBE_BIN_PATH="../../blobs/xx30/gbe.bin"
+CONFIG_BOARD_LENOVO_X230=y
+CONFIG_NO_POST=y
+CONFIG_UART_PCI_ADDR=0
+CONFIG_NO_GFX_INIT=y
+CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000
+CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y
+CONFIG_PAYLOAD_LINUX=y
+CONFIG_PAYLOAD_FILE="../../build/x230-maximized/bzImage"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
+CONFIG_LINUX_INITRD="../../build/x230-maximized/initrd.cpio.xz"

From e8165fce672bdc0d06e80c2fb0e14dd0df0d3ed4 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Wed, 2 Dec 2020 11:11:34 -0500
Subject: [PATCH 33/34] xx30-*-maximized boards: Change CONFIG_BOARD_NAME
 accordingly. blobs/xx30/README: corrections on ifd naming and sections name
 consistency

---
 blobs/xx30/README                                     | 6 +++---
 boards/t430-hotp-maximized/t430-hotp-maximized.config | 2 +-
 boards/t430-maximized/t430-maximized.config           | 2 +-
 boards/x230-hotp-maximized/x230-hotp-maximized.config | 2 +-
 boards/x230-maximized/x230-maximized.config           | 2 +-
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/blobs/xx30/README b/blobs/xx30/README
index 34bb6b5d5..7847c997c 100644
--- a/blobs/xx30/README
+++ b/blobs/xx30/README
@@ -6,7 +6,7 @@ Version 8.1.72.3002 (G1RG24WW)
 
   (Fix) Fixed the following security vulnerabilites: CVE-2017-5711, CVE-2017-5712, CVE-2017-13077, CVE-2017-13078, CVE-2017-13080.
 
-1.0:Automatically extract and neuter me.bin
+1.0.0:Automatically extract and neuter me.bin
 download_clean_me.sh : Downloads latest ME from lenovo verify checksum, extract ME, neuters ME, relocate and trim it and place it into me.bin
 
 sha256sum:
@@ -31,7 +31,7 @@ f60e1990e2da2b7efa58a645502d22d50afd97b53a092781beee9b0322b61153  g1rg24ww.exe
 821c6fa16e62e15bc902ce2e958ffb61f63349a471685bed0dc78ce721a01bfa  app/ME8_5M_Production.bin
 c140d04d792bed555e616065d48bdc327bb78f0213ccc54c0ae95f12b28896a4  blobs/xx30/me.bin
 
-x230-ifd.bin was extracted from sacrificed X230 (dead motherboard) fron an external flashrom backup (no way found to be able to extract it from Lenovo firmware upgrades as of now):
+ifd.bin was extracted from sacrificed X230 (dead motherboard) fron an external flashrom backup (no way found to be able to extract it from Lenovo firmware upgrades as of now):
 python ~/me_cleaner/me_cleaner.py -S -r -t -d -O /tmp/discarded.bin -D ~/heads/blobs/xx30/ifd.bin -M /tmp/temporary_me.bin dead_serving_a_purpose_x230_bottom_spi_backup.rom
 
 sha256sum:
@@ -48,7 +48,7 @@ blobs/x230/gbe.bin is generated per bincfg from the following coreboot patch: ht
 And then by following those instructions:
 # Use this target to generate GbE for X220/x230
 gen-gbe-82579LM:
-	cd build/coreboot-4.8.1/util/bincfg/
+	cd build/coreboot-*/util/bincfg/
 	make	
 	./bincfg gbe-82579LM.spec gbe-82579LM.set gbe1.bin
 	# duplicate binary as per spec
diff --git a/boards/t430-hotp-maximized/t430-hotp-maximized.config b/boards/t430-hotp-maximized/t430-hotp-maximized.config
index fa5635b55..90e7f51ff 100644
--- a/boards/t430-hotp-maximized/t430-hotp-maximized.config
+++ b/boards/t430-hotp-maximized/t430-hotp-maximized.config
@@ -59,7 +59,7 @@ export CONFIG_BOOT_REQ_ROLLBACK=n
 export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
 export CONFIG_BOOT_KERNEL_REMOVE="quiet"
 export CONFIG_BOOT_DEV="/dev/sda1"
-export CONFIG_BOARD_NAME="Thinkpad T430-external-flash"
+export CONFIG_BOARD_NAME="Thinkpad T430-hotp-maximized"
 export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
 
 # xx30-external-flash boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin
diff --git a/boards/t430-maximized/t430-maximized.config b/boards/t430-maximized/t430-maximized.config
index 2553a6203..8d569edb7 100644
--- a/boards/t430-maximized/t430-maximized.config
+++ b/boards/t430-maximized/t430-maximized.config
@@ -59,7 +59,7 @@ export CONFIG_BOOT_REQ_ROLLBACK=n
 export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
 export CONFIG_BOOT_KERNEL_REMOVE="quiet"
 export CONFIG_BOOT_DEV="/dev/sda1"
-export CONFIG_BOARD_NAME="Thinkpad T430-external-flash"
+export CONFIG_BOARD_NAME="Thinkpad T430-maximized"
 export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
 
 # xx30-external-flash boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin
diff --git a/boards/x230-hotp-maximized/x230-hotp-maximized.config b/boards/x230-hotp-maximized/x230-hotp-maximized.config
index bfbf68334..7261d919e 100644
--- a/boards/x230-hotp-maximized/x230-hotp-maximized.config
+++ b/boards/x230-hotp-maximized/x230-hotp-maximized.config
@@ -59,7 +59,7 @@ export CONFIG_BOOT_REQ_ROLLBACK=n
 export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
 export CONFIG_BOOT_KERNEL_REMOVE="quiet"
 export CONFIG_BOOT_DEV="/dev/sda1"
-export CONFIG_BOARD_NAME="Thinkpad X230-external-flash"
+export CONFIG_BOARD_NAME="Thinkpad X230-hotp-maximized"
 export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
 
 # xx30-external-flash boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin
diff --git a/boards/x230-maximized/x230-maximized.config b/boards/x230-maximized/x230-maximized.config
index dc1900060..90d313ab8 100644
--- a/boards/x230-maximized/x230-maximized.config
+++ b/boards/x230-maximized/x230-maximized.config
@@ -59,7 +59,7 @@ export CONFIG_BOOT_REQ_ROLLBACK=n
 export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
 export CONFIG_BOOT_KERNEL_REMOVE="quiet"
 export CONFIG_BOOT_DEV="/dev/sda1"
-export CONFIG_BOARD_NAME="Thinkpad X230-external-flash"
+export CONFIG_BOARD_NAME="Thinkpad X230-maximized"
 export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
 
 # xx30-external-flash boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin

From e4b33449da03c194cad6abec99122dd6657a7590 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Wed, 2 Dec 2020 16:22:33 -0500
Subject: [PATCH 34/34] xx30-maximized PR: Corrections of typos and wrong file
 inclusions based on review prior of squashing and merging into master.

---
 .../t430-hotp-maximized.config                |  4 +-
 boards/t430-maximized/t430-maximized.config   |  4 +-
 .../x230-hotp-maximized.config                |  4 +-
 .../x230-hotp-verification.config.orig        | 65 -------------------
 boards/x230-maximized/x230-maximized.config   |  4 +-
 5 files changed, 8 insertions(+), 73 deletions(-)
 delete mode 100644 boards/x230-hotp-verification/x230-hotp-verification.config.orig

diff --git a/boards/t430-hotp-maximized/t430-hotp-maximized.config b/boards/t430-hotp-maximized/t430-hotp-maximized.config
index 90e7f51ff..38e10af74 100644
--- a/boards/t430-hotp-maximized/t430-hotp-maximized.config
+++ b/boards/t430-hotp-maximized/t430-hotp-maximized.config
@@ -1,7 +1,7 @@
 # Configuration for a T430 running Qubes and other Linux Based OSes (through kexec)
 #
 # Includes 
-# - Deactivated+neutered ME and expended consequent IFD BIOS regions 
+# - Deactivated+neutered ME and expanded consequent IFD BIOS regions 
 # - Forged 00:DE:AD:C0:FF:EE MAC address  (if not extracting gbe.bin from backup with blobs/xx30/extract.sh)
 #   - Note that this MAC address can be modified under build/coreboot-VER/util/bincfg/gbe-82579LM.set
 #
@@ -64,7 +64,7 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
 
 # xx30-external-flash boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin
 #  - blobs/xx30/download_clean_me.sh
-#     To download Lenovo original ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region.
+#     To download Lenovo original ME binary, neuter+deactivate ME, produce reduced IFD ME region and expanded BIOS IFD region.
 #  - blobs/xx30/extract.sh
 #     To extract from backuped 8M (bottom SPI) ME binary, GBE and 
 # This board has two SPI flash chips, an 8 MB that holds the IFD,
diff --git a/boards/t430-maximized/t430-maximized.config b/boards/t430-maximized/t430-maximized.config
index 8d569edb7..b5c06e85f 100644
--- a/boards/t430-maximized/t430-maximized.config
+++ b/boards/t430-maximized/t430-maximized.config
@@ -1,7 +1,7 @@
 # Configuration for a T430 running Qubes and other Linux Based OSes (through kexec)
 #
 # Includes 
-# - Deactivated+neutered ME and expended consequent IFD BIOS regions 
+# - Deactivated+neutered ME and expanded consequent IFD BIOS regions 
 # - Forged 00:DE:AD:C0:FF:EE MAC address  (if not extracting gbe.bin from backup with blobs/xx30/extract.sh)
 #   - Note that this MAC address can be modified under build/coreboot-VER/util/bincfg/gbe-82579LM.set
 #
@@ -64,7 +64,7 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
 
 # xx30-external-flash boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin
 #  - blobs/xx30/download_clean_me.sh
-#     To download Lenovo original ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region.
+#     To download Lenovo original ME binary, neuter+deactivate ME, produce reduced IFD ME region and expanded BIOS IFD region.
 #  - blobs/xx30/extract.sh
 #     To extract from backuped 8M (bottom SPI) ME binary, GBE and 
 # This board has two SPI flash chips, an 8 MB that holds the IFD,
diff --git a/boards/x230-hotp-maximized/x230-hotp-maximized.config b/boards/x230-hotp-maximized/x230-hotp-maximized.config
index 7261d919e..3a39a36e7 100644
--- a/boards/x230-hotp-maximized/x230-hotp-maximized.config
+++ b/boards/x230-hotp-maximized/x230-hotp-maximized.config
@@ -1,7 +1,7 @@
 # Configuration for a X230 running Qubes and other Linux Based OSes (through kexec)
 #
 # Includes 
-# - Deactivated+neutered ME and expended consequent IFD BIOS regions 
+# - Deactivated+neutered ME and expanded consequent IFD BIOS regions 
 # - Forged 00:DE:AD:C0:FF:EE MAC address  (if not extracting gbe.bin from backup with blobs/xx30/extract.sh)
 #   - Note that this MAC address can be modified under build/coreboot-VER/util/bincfg/gbe-82579LM.set
 #
@@ -64,7 +64,7 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
 
 # xx30-external-flash boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin
 #  - blobs/xx30/download_clean_me.sh
-#     To download Lenovo original ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region.
+#     To download Lenovo original ME binary, neuter+deactivate ME, produce reduced IFD ME region and expanded BIOS IFD region.
 #  - blobs/xx30/extract.sh
 #     To extract from backuped 8M (bottom SPI) ME binary, GBE and 
 # This board has two SPI flash chips, an 8 MB that holds the IFD,
diff --git a/boards/x230-hotp-verification/x230-hotp-verification.config.orig b/boards/x230-hotp-verification/x230-hotp-verification.config.orig
deleted file mode 100644
index b29b22445..000000000
--- a/boards/x230-hotp-verification/x230-hotp-verification.config.orig
+++ /dev/null
@@ -1,65 +0,0 @@
-# Configuration for a x230-hotp-verification (Nitrokey/Purism USB Security dongle enabled HOTP support) 
-# running Qubes and other OSes.
-#
-# Deactivated to fit in coreboot's CONFIG_CBFS_SIZE=0x700000 :
-# dropbear support(ssh client/server)
-# e1000e (ethernet driver)
-#
-# Addition vs standard x230 board config:
-# HOTP_KEY: HOTP challenge for currently supported USB Security dongles
-export CONFIG_COREBOOT=y
-export CONFIG_COREBOOT_VERSION=4.8.1
-export CONFIG_LINUX_VERSION=4.14.62
-
-CONFIG_COREBOOT_CONFIG=config/coreboot-x230-hotp-verification.config
-CONFIG_LINUX_CONFIG=config/linux-x230.config
-
-CONFIG_CRYPTSETUP=y
-CONFIG_FLASHROM=y
-CONFIG_FLASHTOOLS=y
-CONFIG_GPG2=y
-CONFIG_KEXEC=y
-CONFIG_UTIL_LINUX=y
-CONFIG_LVM2=y
-CONFIG_MBEDTLS=y
-CONFIG_PCIUTILS=y
-CONFIG_POPT=y
-CONFIG_QRENCODE=y
-CONFIG_TPMTOTP=y
-
-#CONFIG_SLANG=y
-#CONFIG_NEWT=y
-CONFIG_CAIRO=y
-CONFIG_FBWHIPTAIL=y
-CONFIG_HOTPKEY=y
-
-CONFIG_LINUX_USB=y
-
-#SSH client/server
-CONFIG_DROPBEAR=n
-#Ethernet driver (Heads only)
-CONFIG_LINUX_E1000E=n
-
-export CONFIG_TPM=y
-export CONFIG_BOOTSCRIPT=/bin/gui-init
-export CONFIG_BOOT_REQ_HASH=n
-export CONFIG_BOOT_REQ_ROLLBACK=n
-export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
-export CONFIG_BOOT_KERNEL_REMOVE="quiet"
-export CONFIG_BOOT_DEV="/dev/sda1"
-<<<<<<< HEAD
-export CONFIG_BOARD_NAME="Thinkpad X230"
-=======
-export CONFIG_BOOT_GUI_MENU_NAME="Thinkpad X230-HOTP-dongle Heads Boot Menu"
-export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
-export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
->>>>>>> conflict resolution after merge (LOCAL_VERSION removed from coreboot config). coreboot 4.8.1 test branch
-export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios"
-
-# This board has two SPI flash chips, an 8 MB that holds the IFD,
-# the ME image and part of the coreboot image, and a 4 MB one that
-# has the rest of the coreboot and the reset vector.
-#
-# Only flashing to the bios region is safe to do. The easiest is to
-# flash internally when the IFD is unlocked for writing, and x230-flash
-# is installed first.
diff --git a/boards/x230-maximized/x230-maximized.config b/boards/x230-maximized/x230-maximized.config
index 90d313ab8..db317cbce 100644
--- a/boards/x230-maximized/x230-maximized.config
+++ b/boards/x230-maximized/x230-maximized.config
@@ -1,7 +1,7 @@
 # Configuration for a X230 running Qubes and other Linux Based OSes (through kexec)
 #
 # Includes 
-# - Deactivated+neutered ME and expended consequent IFD BIOS regions 
+# - Deactivated+neutered ME and expanded consequent IFD BIOS regions 
 # - Forged 00:DE:AD:C0:FF:EE MAC address  (if not extracting gbe.bin from backup with blobs/xx30/extract.sh)
 #   - Note that this MAC address can be modified under build/coreboot-VER/util/bincfg/gbe-82579LM.set
 #
@@ -64,7 +64,7 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
 
 # xx30-external-flash boards require of you initially call one of the following to habe gbe.bin ifd.bin and me.bin
 #  - blobs/xx30/download_clean_me.sh
-#     To download Lenovo original ME binary, neuter+deactivate ME, produce reduced IFD ME region and expended BIOS IFD region.
+#     To download Lenovo original ME binary, neuter+deactivate ME, produce reduced IFD ME region and expanded BIOS IFD region.
 #  - blobs/xx30/extract.sh
 #     To extract from backuped 8M (bottom SPI) ME binary, GBE and 
 # This board has two SPI flash chips, an 8 MB that holds the IFD,