diff --git a/components/bootloader/Kconfig.projbuild b/components/bootloader/Kconfig.projbuild index 222e2ad5d4..214ad0f48e 100644 --- a/components/bootloader/Kconfig.projbuild +++ b/components/bootloader/Kconfig.projbuild @@ -764,7 +764,7 @@ menu "Security features" config SECURE_BOOT_FLASH_BOOTLOADER_DEFAULT bool "Flash bootloader along with other artifacts when using the default flash command" - depends on SECURE_BOOT_V2_ENABLED && SECURE_BOOT_BUILD_SIGNED_BINARIES + depends on SECURE_BOOT_V2_ENABLED default n help When Secure Boot V2 is enabled, by default the bootloader is not flashed along with other artifacts diff --git a/components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_bootloader.c b/components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_bootloader.c index a653707845..45332f9925 100644 --- a/components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_bootloader.c +++ b/components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_bootloader.c @@ -154,13 +154,12 @@ esp_err_t esp_secure_boot_verify_sbv2_signature_block(const ets_secure_boot_sign ets_secure_boot_key_digests_t trusted_key_digests = {0}; bool valid_sig_blk = false; for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) { + trusted_key_digests.key_digests[i] = &trusted.key_digests[i]; if (sig_block->block[i].version != ESP_SECURE_BOOT_SCHEME) { ESP_LOGD(TAG, "%s signing scheme selected but signature block %d generated for %s scheme", esp_secure_boot_get_scheme_name(ESP_SECURE_BOOT_SCHEME), i, esp_secure_boot_get_scheme_name(sig_block->block[i].version)); - continue; } else { valid_sig_blk = true; } - trusted_key_digests.key_digests[i] = &trusted.key_digests[i]; } if (valid_sig_blk != true) { ESP_LOGE(TAG, "No signature block generated for valid scheme"); diff --git a/tools/test_apps/security/.build-test-rules.yml b/tools/test_apps/security/.build-test-rules.yml index c015f7ea42..45e3922604 100644 --- a/tools/test_apps/security/.build-test-rules.yml +++ b/tools/test_apps/security/.build-test-rules.yml @@ -2,7 +2,7 @@ tools/test_apps/security/secure_boot: disable: - - if: IDF_ENV_FPGA != 1 + - if: IDF_ENV_FPGA != 1 and CONFIG_NAME != "qemu" reason: the test can only run on an FPGA as efuses need to be reset during the test. tools/test_apps/security/signed_app_no_secure_boot: diff --git a/tools/test_apps/security/secure_boot/main/CMakeLists.txt b/tools/test_apps/security/secure_boot/main/CMakeLists.txt index 609328ff5e..5201d97810 100644 --- a/tools/test_apps/security/secure_boot/main/CMakeLists.txt +++ b/tools/test_apps/security/secure_boot/main/CMakeLists.txt @@ -7,3 +7,38 @@ endif() idf_component_register(SRCS "${main_src}" INCLUDE_DIRS ".") target_compile_options(${COMPONENT_LIB} PRIVATE "-Wno-format") + +if(CONFIG_EXAMPLE_TARGET_QEMU) + set(bootloader_unsigned_bin "bootloader-unsigned.bin") + set(app_unsigned_bin "${PROJECT_BIN}-unsigned.bin") + + add_custom_target(sign_bootloader ALL + COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_BINARY_DIR}/bootloader/bootloader.bin" + "${CMAKE_BINARY_DIR}/bootloader/${bootloader_unsigned_bin}" + COMMAND ${ESPSECUREPY} sign_data --version 2 --keyfile + ${PROJECT_DIR}/test/secure_boot_signing_key0.pem + ${PROJECT_DIR}/test/secure_boot_signing_key1.pem + ${PROJECT_DIR}/test/secure_boot_signing_key2.pem + -o "${CMAKE_BINARY_DIR}/bootloader/bootloader.bin" + "${CMAKE_BINARY_DIR}/bootloader/${bootloader_unsigned_bin}" + COMMAND ${CMAKE_COMMAND} -E echo "Generated signed binary image ${CMAKE_BINARY_DIR}/bootloader/bootloader.bin" + "from ${CMAKE_BINARY_DIR}/bootloader/${bootloader_unsigned_bin}" + VERBATIM + COMMENT "Generated the test-specific signed bootloader") + + add_dependencies(sign_bootloader bootloader) + + add_custom_target(sign_app ALL + COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_BINARY_DIR}/${PROJECT_BIN}" + "${CMAKE_BINARY_DIR}/${app_unsigned_bin}" + COMMAND ${ESPSECUREPY} sign_data --version 2 --keyfile + ${PROJECT_DIR}/test/secure_boot_signing_key1.pem + -o "${CMAKE_BINARY_DIR}/${PROJECT_BIN}" + "${CMAKE_BINARY_DIR}/${app_unsigned_bin}" + COMMAND ${CMAKE_COMMAND} -E echo "Generated signed binary image ${CMAKE_BINARY_DIR}/${PROJECT_BIN}" + "from ${CMAKE_BINARY_DIR}/${app_unsigned_bin}" + VERBATIM + COMMENT "Generated the test-specific signed application") + + add_dependencies(sign_app app) +endif() diff --git a/tools/test_apps/security/secure_boot/main/Kconfig.projbuild b/tools/test_apps/security/secure_boot/main/Kconfig.projbuild new file mode 100644 index 0000000000..471d37419a --- /dev/null +++ b/tools/test_apps/security/secure_boot/main/Kconfig.projbuild @@ -0,0 +1,9 @@ +menu "Example Configuration" + + config EXAMPLE_TARGET_QEMU + bool "Run the example tests for target QEMU" + default n + help + Run the example tests for target QEMU + +endmenu diff --git a/tools/test_apps/security/secure_boot/main/secure_boot_main.c b/tools/test_apps/security/secure_boot/main/secure_boot_main.c index 011b599cdc..82611c1f39 100644 --- a/tools/test_apps/security/secure_boot/main/secure_boot_main.c +++ b/tools/test_apps/security/secure_boot/main/secure_boot_main.c @@ -76,4 +76,13 @@ static void example_secure_boot_status(void) } else { ESP_LOGI(TAG, "Secure Boot not enabled. Enable Secure Boot in menuconfig, build & flash again."); } + +#if CONFIG_EXAMPLE_TARGET_QEMU + for (int i = 5; i >= 0; i--) { + ESP_LOGI(TAG, "Restarting in %d seconds...", i); + vTaskDelay(1000 / portTICK_PERIOD_MS); + } + ESP_LOGI(TAG, "Restarting now."); + esp_restart(); +#endif /* CONFIG_EXAMPLE_TARGET_QEMU */ } diff --git a/tools/test_apps/security/secure_boot/pytest_secure_boot.py b/tools/test_apps/security/secure_boot/pytest_secure_boot.py index 6bd5ae69cd..1ebb0fcee4 100644 --- a/tools/test_apps/security/secure_boot/pytest_secure_boot.py +++ b/tools/test_apps/security/secure_boot/pytest_secure_boot.py @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD +# SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD # SPDX-License-Identifier: Unlicense OR CC0-1.0 import os import struct @@ -91,6 +91,36 @@ def test_examples_security_secure_boot(dut: Dut) -> None: dut.burn_wafer_version() +# Test secure boot flow. +# Correctly signed bootloader + correctly signed app should work +@pytest.mark.host_test +@pytest.mark.qemu +@pytest.mark.esp32c3 +@pytest.mark.parametrize( + 'qemu_extra_args', + [ + f'-drive file={os.path.join(os.path.dirname(__file__), "test", "esp32c3_efuses.bin")},if=none,format=raw,id=efuse ' + '-global driver=nvram.esp32c3.efuse,property=drive,value=efuse ' + '-global driver=timer.esp32c3.timg,property=wdt_disable,value=true', + ], + indirect=True, +) +@pytest.mark.parametrize('config', ['qemu'], indirect=True) +def test_examples_security_secure_boot_qemu(dut: Dut) -> None: + try: + dut.expect('Secure Boot is enabled', timeout=10) + dut.expect('Restarting now.', timeout=10) + dut.expect('Secure Boot is enabled', timeout=10) + + finally: + # the above example test burns the efuses, and hence the efuses file which the + # qemu uses to emulate the efuses, "esp32c3_efuses.bin", gets modified. + # Thus, restore the efuses file values back to the default ESP32C3 efuses values. + with open(os.path.join(os.path.dirname(__file__), 'test', 'esp32c3_efuses.bin'), 'wb') as efuse_file: + esp32c3_efuses = '0' * 77 + 'c' + '0' * 1970 + efuse_file.write(bytearray.fromhex(esp32c3_efuses)) + + # Test efuse key index and key block combination. # Any key index can be written to any key block and should work @pytest.mark.esp32c3 diff --git a/tools/test_apps/security/secure_boot/sdkconfig.ci.qemu b/tools/test_apps/security/secure_boot/sdkconfig.ci.qemu new file mode 100644 index 0000000000..2f609c136b --- /dev/null +++ b/tools/test_apps/security/secure_boot/sdkconfig.ci.qemu @@ -0,0 +1,7 @@ +CONFIG_IDF_TARGET="esp32c3" + +CONFIG_SECURE_BOOT=y +CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES=n +CONFIG_SECURE_BOOT_FLASH_BOOTLOADER_DEFAULT=y + +CONFIG_EXAMPLE_TARGET_QEMU=y diff --git a/tools/test_apps/security/secure_boot/test/esp32c3_efuses.bin b/tools/test_apps/security/secure_boot/test/esp32c3_efuses.bin new file mode 100644 index 0000000000..bcab7e0b28 Binary files /dev/null and b/tools/test_apps/security/secure_boot/test/esp32c3_efuses.bin differ diff --git a/tools/test_apps/security/secure_boot/test/secure_boot_signing_key0.pem b/tools/test_apps/security/secure_boot/test/secure_boot_signing_key0.pem new file mode 100644 index 0000000000..70fb9df6b8 --- /dev/null +++ b/tools/test_apps/security/secure_boot/test/secure_boot_signing_key0.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEA1E4X2rXFWjZ96ZDvzQInTb9Of+R6cL9CPejkKi38mgDTD7T8 +t3VBD2MSrNEXk9CjjI1tbMAUQfWdthPGnPwpqWThK+OxdpHVqIHJ5IHn+3+2O9PA +V9lV2Ls7HyX2/xpTLGD9DUTTsh0yDHnU5+LqIC3e8idL2mY/3eF5cOQDfuSQ1ifP +T7ZjUs0MPYuiUPSwJHK2f8Sco/HzbM6MCxFUjXLMgyZ3vAdgoqlZnPffj1jIeQAL +mj07vW1FYuRJ7RpNc7nxWs7kvE+ygFLUsnbhpreLt1f4JhjqU7FVupx/EQumg1B0 +ZEtnDYnRv8oFj+BPVa0ox0dwHF9qS57LG21SF+B3xr9UOGI8w98ZOm4VMNU1JKpf +kSqsvlUCR23SpLQ7P3DaQMAkZqUWHoafnmPQBL1beaiPcwmPwTC0XZFX5VCq+lQd +bV3jurM8EXY4Dk/YRrk7tZFEO8istytHXcFINL1zgCXbBXeFmzppePtpNYfuamMN +br+Eq/UBz+FWG1ITAgMBAAECggGAPRQcg8UQuoP71ILoooPQl+sGY//xA9facGI8 +pi/lwM6k6htpK0SWC522pTZggJuhOdIEXamjCljl3xiwZsCbIctOhqhyiUiqfdid +I1sGSRI0dODWMM/rhTdUaoErHrhNnnJmyvb2qoMAv5sbV/0t20UnI2aPyYzqKeTw +4bwPj2Wlj58TYvz3dT5dm6U89Op4dHv2Kir/36C/phmEK7j4KNuSn9ak0tkSgamU +CPc8/4oM3tbW/7BHLBewQyOnawnKIO2C27/MrWm5gehGMW/c5p40Tgv8cA95cv/0 +VHFOMlgpEIZtm8HhgPt+t+UM7+/T4dBPO4pOCFaXZK0RcMawttpVm6kGDpyqoAQ4 +UCNl2qPo7EADsWcvpKbLSk23SoznUdslrr4y1frGiDBaPg7siSQepJ8d25K/d3vO +sAWV4lf6qMEJebWfPKlv2HQQ08xRa8g4T187gQqsNaFVkZP+mJCyJSKIko56ui1x +1zBCazwFZStIvoIQWXDJ/UaLhCXJAoHBAP53tlkuAUEwuJ/2KlMqIEk6m7M5ZHl3 +zYy4bujmpsDZG/FphxkH32ULe2stlms3w+7zg/i36Xc4ZYnrDreTygKqaXQQXZni +SHeii0/GZkzTH7lf0wz4XRNjlw+zcMRaRpA58/DSVjMmRvG2eK/FPtn+VZ19oQB9 +CY1+W/P/CKB1N1Gh7R6JWMpOnoAYnM+6yym0UGCXu1MLzNpDKJ2DPKBB/k6DyA8k +19MEB0BFL7aBEaFrerF+SO7Ri6+KIQw4OwKBwQDVlWILnpaS/eph7Egnx67RgDzs +X/zJAEV0zTRJtTYzZPTVPZWkEZE+8Nd51l2S6YQfKVi4PskQqlomU5/15WRMYGRB +ja56rBCcjO38vo/G5OCUWBfn4OmZkj87RZDNzvaKgfhTESWlScgUyftiCnQw/WNV +CFJ/qB7KlNvxBnz461L0OdVM4WpCss1nRq77P6bMK0uW6gDukuOQxPcA57WVyCDD +dGqXWLXTIGT4HV9kO2t4Vyr7SzOH8/RDDS2KiAkCgcB/HYoHroWN7SqtLaki9i4+ +pnpU41yfmQsjOpac3Wt7dnkQ9Wg5Rsd/kGbMuW8kjCziVt8cBbMojRGb/cHSTo9h +GYOoKOy5DGKq8JWq+i7sPaLhVU72cbL9FojFnRu92mLZdTm4mTnaP0q9QCu1klC9 +UOGv1KvytINrHS4OCt5iWWuS6dKrqGykUvW2g5UB6AvI/3wPZHx9Fa31cgr99Cr6 +2zyQOCBeAEeX77E3l9gn0P3fpvMZaz4/nomq3NN5aTUCgcB5D6o6QdLBUJE4nfAs +NB/f+dsOdD3ZRIEZ+nJH0SH+sZug/r5B9/8m+OZ51crGSfwsmYgDLvtSqexdSwsh +GrvmGsDY81DRkZP82FjQ6MagCv1MuD4cnbxq4p1aoEy6izPtQEwb8V0wOgjh17bY +VGqVlhpmiUgRuZ5yXzvnezD8+o3ThrBjWmWblrOcdVEbcnG9ylCXIt4SXEoGtc33 +wl6Hnp8LioIcdRjiqbrxc9ys+I0q8eWX+IEl714lX2PP4NkCgcEA/O7zrnGJ2kQP +QuE/A7YWgGVD3ybK1Crk7vKtGQPaCKrSVVS5E/WBNsIpAMkroaJCOd53+l/OzBfz +uPWIcVCujOvrrhxsvkkCIZ66mQkiygd5etPyvfmeqXHNhLBVNER6c42rpmTf1WAf +UnIBhKoG09ehJ5rqfcAnMN92Z5a7zP+7iDnANgUQrH5qfDLkvZq37wyS01iIX47D +fo1MQgUBAUjpBNUGLtCSo8r/irDLnt2/VWx+67dE1ELv7/QizXBm +-----END RSA PRIVATE KEY----- diff --git a/tools/test_apps/security/secure_boot/test/secure_boot_signing_key1.pem b/tools/test_apps/security/secure_boot/test/secure_boot_signing_key1.pem new file mode 100644 index 0000000000..b101342ee3 --- /dev/null +++ b/tools/test_apps/security/secure_boot/test/secure_boot_signing_key1.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEAn9mfX+24efn7xCnI2YlpBJONsht1SOLQTQQ7xC8JGVxHwJ6f +KaPWZFdb+LMy7hN9YRudr+93c2LDh0sfBetKUs/i5jio+StKitI8VVDUj2ccV6Fb +qlL/9NtdNGTIcP29MoexcCyF+U5IsXjgyrVgfDWyr/ca9y0SFJ7GPeWn6W8ESpIC +AmeQOcJ0VFTaYpyJy0uPPAxZFoq9uuNGjtiDg33TmOcC4A5h+xCU+AxLDgogbNw5 +/yY9P5Tm9VD92KLenoXkRWyAKscpyOOa77fRViLa16RkaJLWv+sd8Xk+Qry0Yeoq +BnZF5atz37h2TOFDvTyBkACjK/Hs+nqSekqF+3IrEH71Llk1lyTKbARFTtHe0VrE +dNAtwZqPqa+bqJJKaIE9Ts3WoNRSUcgsZpzV+rSzVsHj6pTbODruFqhhkHXVvOQj +6uiK005+uoPFeuNiV2/s4vTniofXHgGqnHtXx8+XMR+uoTwrdVk0HQD5PIpOtQzF +xGmN6pjjMNgBnDuXAgMBAAECggGACaIWSjQryWIIy6YO/hkbVJTF1cV02HsevX1z +UpvZCwe2JUQJ6HsAqRRgrQizmYhgJnGBG8CtLK13hhg/Wt52oK35iRFCEZ4LxHjt +/OA9pxS6LwfA2+9bkHiF0en+8FxCQiDOTynHuyH+HH/h4CV1Fpcv2Q3luJ6lN8vn +u4QzDczMb+gDqfxuwyRWWVyxun6fiTpY++/skIC09WXL80DWEB8NmOnXEQSc4AH8 +UESBY2u1z4moDxnRWBsTnhYO7jbGZk+ohEeiYFriGCELqdStNESTfuv1uMNfem7K +OW5WZ3bKmCc1oBbZOwL8/M12+sk/b2OR15yBa16hCZF0yDuv54YZOpLew6Agc7/l +z9nk32CSca57GvpGtDZjXswhlmEoX6PybMSIQwtjkgPcNk99Wba+n4zEJqVq1erd +kj1Nn1niWjwsCc5+K5uEVIwMwrZXgPZG2hiEhkkOl72GvNt2BfEJDaajMSTTdmmU +C3CJkA90THrugPAcxEMl05MORWMFAoHBANaNhTVp9i8o01iXvVCBtoUgA0VJpy2b +4DrZ+1b6z5hqRz9EngPmmthCjlWx+U9s4XlASRb2a4aIyqAXLqRlg8BYpGPACP90 +aRwWRfSFVogW1ji/3qVK3mPyl/j3AG0I+O3JX87OC0LgPaxO/UswV/B2ToTlnN3H +eoWTrRegDL/GjA9URG+YDebiSnmwL/70CBU+MWttWfTtiIjSWhXhez1+J37r/KEi +JYXdkYK7ww6D7aA0kE+iNoIqbiUpQAQYEwKBwQC+utZlqFWLqRGA6cbQWqCrftrY +XHKT2137gUsJKst/fy35NUN1fF0upbqLtrYDkLHzam3fEuap6ZPm6jB8tN9HtOlh +xufff5R0CJ1wKHNYOAwcvfps8JKVS/PaoEZJlgnmjh41CiGJuntsDIBYiM65w/62 +OPy1hRtBd62PZB99+eFo80ERLCBbP/g6ML2GXTSk7UOHYtNfxA7QjPp8q8JT3e4t +T9563czQqMBiru4gvG4+aRx6Jq0Kg+gE2hjohu0CgcB2fMeBHRihKLm3Jm2dpVUI +JgrIXAmgbYIi3jko6vB0qtTYAuwFGXiQUAlNGDGoBGhszuzOap4tOSQ1zzeqAIoH +UqzOjcIqWb6mjUJq7KxCEeKSipvJyxQQPGxjSP2KObdHkrt/eVjMwQwuOZ02xeb6 +3Es2p5u++ygV1t1zu6buzhaRbKcyvdWHmZcppvyKn3hLSwJ94nEYi4mojgrEJLcr +2Zy0Ql1NG49/Y0K14T2yqXc0z3KXF+1ka0xS53n8CNMCgcAT4UedmvknsHypkjRt +3TRoC7Xl3WT38mKOZ4CZuQMzC9+P3TRl14ui5BVYoLfCEV/q/knreX3fcgA/jmN1 +bCjlwX6d+WyLyDGCEq/OU/kJ1fW1PTwQBNdShnMpc5E/9Eqd5GxTnPW39F8O+RKb +p87cYAh5l+EHTpNztHS7wHTj3ZrYJJrAnnfU6wsFjbUDf02Qb0adovhjP/1HUZp+ +SizcLwK3aF7JMbs6eIxs/MzHTryy9qPIO6XHtc4GS3FTM1UCgcEAqbGAfdryYGnB +xEQPE7aw8rC1+SA9D8MhYjyIQi863MruDD4eqa6kyjATiKH2kV4yhLO/7aH31qZ0 +Jq/dV2/onzEF8/pFKUyjwDMvLo9FTR9ysE/o/sj7EyL4TdEX0bTZUUryEzIfA+Oc +6xv+80viBRbBV4sTiUPVsA7ai8TuQCvXQqZCP9FDPNvQgRaVSnpzh2+VS9BdGUmY +0yN4fBdiw2aDB1nywwO30FbzxgdS722/bUN922vQcBH5dXzx7O8F +-----END RSA PRIVATE KEY----- diff --git a/tools/test_apps/security/secure_boot/test/secure_boot_signing_key2.pem b/tools/test_apps/security/secure_boot/test/secure_boot_signing_key2.pem new file mode 100644 index 0000000000..410858d446 --- /dev/null +++ b/tools/test_apps/security/secure_boot/test/secure_boot_signing_key2.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEAm20CFl1l5N/JZ0AwxgouohrhQPFrBTtG+mQkC+vyhYd+ytBw +HXfoKAZA35EOWZlZUH8lBUYKAlISo9jQ7RvCFkd2JHPjSrtSjZXLp7+FWCSBirjX +AwOVclquzecPoRB5SRUhhnhjTi8nDwX+t5rGwztZ/+eEF3Hgt4g7BOieokrYp8Nq +AkiZm0FHOP0j9R4t8zRIOImdFBbuNT+47MN2gUMxIKxP21SIXGt999x3aA2Ae7dt +Xg2mMTW+JEcjvDHw0bID/hia77dhRLpUhLnyPI3e1uHX9q6jZKs/q7px5wOE/nvg +ViR9TD4Fg0veQjrpSbsrqo5k+Hxm0kGPVVQRpQH0zTEiwZC3QpeXiUkJcLmbAwhj +oP8mG+gfKins36vF4ozP6wxgNicCqzPEe6whtanUoqHkXpV78KjFXf7EVMTNI/p3 +3GH+8mcMVVXCUaASXZxzZUiXcjhj2K2QDPnHaVogiznzAD2RYMdpoUt9tDi53jeT +TWBzDRxYX8GBPayrAgMBAAECggGACy8w80MNTgb8iz2HRPj+mhOtGetFdD7rwKDs +Jx93eDxj11xgdP5n6llo2a2qhrAOSUic9WAw4DHfvYKgpi9VLB1AVycvt/T6381j +tlKF2e3mlIDwl/ruCiiUY6S47zIsSCIJI5AONVYXTXF0/ulYXDwtIckbLES5kvtu +o8/JeoxAQvJA8qEezJlJ8sPkjoL5c4LTn53ne8aapaJMQF1gbbTUGDHOHU5b8aqa +ifeHcClokX6FlDsPNoNTh3DHFYfSW7PG0wb9f8JdM74m8gpc+7dBY5e+ePlCZqNz +Tg4FXkz8R2UupPpbUWYl1h3OE5xgEMZhquThgMkOVvLe0KPl4ETi+gCWHp9vxqMR +/vVYOpE6dE+p2gfig6PEIyCTnqGW6WcjHtPKfo5iGltAABqQzR0FOPMJYTwCbFJP +VXuBGEIC55aN7xMdz9JfzF8nHF3hTEYwfqXnuQghJ9oTmR6HRVUQX7gJ3IsGQY7j +tOG43VQRCZm4vMfxQDSDo4X2HUQhAoHBANmChopRDwVovuhFGsFOESUVpyNX9hPZ +zlJ9iWgww6nwUr6GkdNvJAIGAyQRbsWR6omTxbC4ngypyRz+IoNQyd05GZ4Js6pk +5ttWgkDcrl2e967CgwGahBpI1OrPpY9axIYTH27xqFMDxbq3z9ZB//qHiZAKcTWb +QozG2OH5m6mNVtUiOf7bD+L7JXbAjo9oOGEnVN70HtEUWCC7X9DVc9l2G4Cv4yxF +qxO8UeBt0G1YVIw6ObDLO/JJb+bZaS1gnwKBwQC27f7ttbaKjxISBCujph+69Tnv +Z+XBaEy3iJXUSy12DaC//Mut3RFunhp1nMlNoFPN6ucZ1Rqk5f0Hfbz4FLtJQ1w4 +u0uGCq371gCLjZ8Kxh4kmxfmTScigK+1bzD99RMA83kCWgyormJ2mVuaM5ULzwEj +8ryJTyRPbqUPFRY5tFvys3aqcZtN8hxaMENrGA9IsvXgF8Mp8VXDD7+WIwCf8Lzp +FBKegWj7xfnNKjrmM6WATm5SEb1I+je5Tu0c/HUCgcAzFLtB+n1bmNjUtX3uDcZq +/iXNYBfzW4Bf0QmXBXS+ESltgy72B7DeJMlSDCIGlhkNjD2uHf1IHguUGn7CdhOi +N4mzmrWt+5pXwn4+e1UbuXyTdyzLEJ2biqUuK+vGudtTXWRRasFMFaO3EPnnaIKU +NIZy5HDn1PmRFBXVJAiRjhbpYOtb1dhqRu7qb5hLR3+OGW2OGqiuE2gK79Y1thtJ +47nbw/LG7+mYbe6QlVmQhGD+uaHYyjHe2a5E+aQAuyMCgcBGjSvRClBIyD0z7Z/X +Ee8S8BlUGEIogc10y5zdr9DswvzIjvsPJz/d5eRWkA2jfr5ToNFYyTPpfTpFdV04 +YOaKrwwWZUYPgHbxteun5wr74MUnYRmqnP8G85LQ6v1+NNMLftug6JIRTJB1JViK +9HH7h+7sqmXEn11ltUq7smpL/x+nT0fpHL/FJCeDMTIPT8w1QbBKqV+AAbAN9zjw +8rb++J4jVraHo2mWERjy4+KrfifKgHVT+buDNd3f/my8zTECgcEAs/v5UXrgmPTW +Zk6c3gBaXzsdaFjiPPB87JVypufzqoQ8kVqrAcUUUjXwQ2Bl2hAmmgwa4xAMBITP +Z33gs8gilYGTrCt/r91Zgo4tyM9QQM7kVskxY3o42GeRgD1+WNsOpEEuz2XxAEEc +CqY1xlNkAeqHis8k5GyFTxCu00eagunt/BPRq8iKtgBSVplEQisqAjM8WaEHKYp0 +3Eb6/fKw0va5ABMiwuiuSUtv4GAkok/DZC4pOgwCYICX9kjuuFXp +-----END RSA PRIVATE KEY-----