From b39963939c248bd1913f701f2b3d5a78bb9f0ea6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Charlotte=20=F0=9F=A6=9D=20Delenk?= <lotte@chir.rs>
Date: Wed, 20 Apr 2022 08:35:17 +0100
Subject: [PATCH] Add secureboot to nutty-noon

---
 .gitignore                                    |   1 +
 config/nutty-noon.nix                         |   1 +
 config/secureboot.nix                         |  15 +
 efi/DB.auth                                   | Bin 0 -> 3402 bytes
 efi/DB.cer                                    | Bin 0 -> 1327 bytes
 efi/DB.crt                                    |  30 ++
 efi/DB.esl                                    | Bin 0 -> 1371 bytes
 efi/KEK.auth                                  | Bin 0 -> 3401 bytes
 efi/KEK.cer                                   | Bin 0 -> 1329 bytes
 efi/KEK.crt                                   |  30 ++
 efi/KEK.esl                                   | Bin 0 -> 1373 bytes
 efi/MS_UEFI_db.esl                            | Bin 0 -> 1600 bytes
 efi/MS_Win_db.esl                             | Bin 0 -> 1543 bytes
 efi/MS_db.esl                                 | Bin 0 -> 3143 bytes
 efi/PK.auth                                   | Bin 0 -> 3399 bytes
 efi/PK.cer                                    | Bin 0 -> 1327 bytes
 efi/PK.crt                                    |  30 ++
 efi/PK.esl                                    | Bin 0 -> 1371 bytes
 efi/add_MS_db.auth                            | Bin 0 -> 5174 bytes
 efi/mkkeys.sh                                 |  44 +++
 efi/myGUID.txt                                |   1 +
 efi/noPK.auth                                 | Bin 0 -> 2028 bytes
 efi/noPK.esl                                  |   0
 efi/old_KEK.esl                               | Bin 0 -> 2388 bytes
 efi/old_PK.esl                                | Bin 0 -> 640 bytes
 efi/old_db.esl                                | Bin 0 -> 3143 bytes
 efi/old_dbx.esl                               | Bin 0 -> 11140 bytes
 modules/systemd-secure-boot/README.md         |   3 +
 modules/systemd-secure-boot/default.nix       | 200 ++++++++++++
 .../systemd-boot-builder.py                   | 300 ++++++++++++++++++
 secrets/nutty-noon.yaml                       |  54 ++--
 31 files changed, 683 insertions(+), 26 deletions(-)
 create mode 100644 config/secureboot.nix
 create mode 100644 efi/DB.auth
 create mode 100644 efi/DB.cer
 create mode 100644 efi/DB.crt
 create mode 100644 efi/DB.esl
 create mode 100644 efi/KEK.auth
 create mode 100644 efi/KEK.cer
 create mode 100644 efi/KEK.crt
 create mode 100644 efi/KEK.esl
 create mode 100644 efi/MS_UEFI_db.esl
 create mode 100644 efi/MS_Win_db.esl
 create mode 100644 efi/MS_db.esl
 create mode 100644 efi/PK.auth
 create mode 100644 efi/PK.cer
 create mode 100644 efi/PK.crt
 create mode 100644 efi/PK.esl
 create mode 100644 efi/add_MS_db.auth
 create mode 100755 efi/mkkeys.sh
 create mode 100644 efi/myGUID.txt
 create mode 100644 efi/noPK.auth
 create mode 100644 efi/noPK.esl
 create mode 100644 efi/old_KEK.esl
 create mode 100644 efi/old_PK.esl
 create mode 100644 efi/old_db.esl
 create mode 100644 efi/old_dbx.esl
 create mode 100644 modules/systemd-secure-boot/README.md
 create mode 100644 modules/systemd-secure-boot/default.nix
 create mode 100644 modules/systemd-secure-boot/systemd-boot-builder.py

diff --git a/.gitignore b/.gitignore
index 3e607236..52c1f543 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@ result
 *.qcow2
 *.fd
 .direnv
+/efi/secret
diff --git a/config/nutty-noon.nix b/config/nutty-noon.nix
index 67916682..a404ea1b 100644
--- a/config/nutty-noon.nix
+++ b/config/nutty-noon.nix
@@ -9,6 +9,7 @@
     #./services/tpm2.nix
     ./services/hydra.nix
     ./server.nix
+    ./secureboot.nix
     nixos-hardware.nixosModules.common-cpu-amd
     nixos-hardware.nixosModules.common-gpu-amd
     nixos-hardware.nixosModules.common-pc-ssd
diff --git a/config/secureboot.nix b/config/secureboot.nix
new file mode 100644
index 00000000..8a03c75e
--- /dev/null
+++ b/config/secureboot.nix
@@ -0,0 +1,15 @@
+{ config, ... }: {
+  imports = [
+    ../modules/systemd-secure-boot
+  ];
+
+  sops.secrets."secureboot/DB.key" = { };
+  boot.loader.systemd-boot = {
+    editor = false;
+    secureBoot = {
+      enable = true;
+      keyPath = config.sops.secrets."secureboot/DB.key".path;
+      certPath = builtins.toString ../efi/DB.crt;
+    };
+  };
+}
diff --git a/efi/DB.auth b/efi/DB.auth
new file mode 100644
index 0000000000000000000000000000000000000000..c0d2cf6c432533d26d204d9cfbb213d6a81ef76a
GIT binary patch
literal 3402
zcma)-c{CL49>-?}*-aXTA^Q-aX6(yk7+J=aVv;Qt(>uz(Wy#VsmTYAg1~r51vM<>p
z5s9)BSwcvb@yeF#J-2gD_n!AXx96YV^E=P)`JU%F=X<`Nc}99JCI-NN))eE>7PQVm
zeqU-ZMOei~<|_m$U&iMlh>UF@AP@;gupeW-7N!rx)6s)~3;+b{G3L`@`eEDbKt^CT
zkpYPyGRPu`blll=ARq|D#ljJAlb#hFbWThoDkkMiVz$Um;$IR!?*LhkBqWe<gy=Ck
z96cQyzdgax<BW%=u#PTP*bHy)?SU7@xVm}?8|oM$1bNuy<PZvS2!t|1K~cquhh6@t
zMJoSne_MwL68-fFN57yWg1`U-5yS!_f`EXP^gg0&(bZP?b06ZJ+&*E_!>w$q{&B{O
zB`_nIa=v^M@5YY0lw9Z0H@zqbaC^ugEFNc|0b3|LX%-twXH*7+9$40Q4m)*DztQFu
z*vyHj2$2M1KfNrv6FiY0#WcfDd1;+}`$>)_xu-YKd+p+fWQ7f4P_pe-sO6_sQe^S%
z%+F8d`U|O})%|qLPwt{0%x#=PqF@dLjPv^hgDmP-zJNE}kJu&!CilD04Ic2~wrOFT
z%WE$c`jny;Sq(JdfD7NRYs0$t((V|+SEI5DjqweSgM1c^cDJYVk-eayWHo#j?;k^U
zf`8I&$OK+_=T*j0qL*$=9nA3LIUiuCFW^>*d2GDJMGA+Mdh2r+AO&RV%7z1D#;ilu
zv%hJ7k7FI;1XXU-x@lUVqDYtA7XxGF%+X38AgXLt_HfaUUAA`xLz{2A>kjUgU|C-e
z=n0*XTZ4z8RnkTxBn`RVxt&*!Q?KWUo@a6!L5-}APQJf!@O=RoaC4b5UsP^|7&ntj
z-Qm5@f+;r1mEA{AJcmNDg2ou{tJ)(?+^iZTw@XWDAx;3hh1g)bByhD-tmI_NX9r!g
z==AKboovl~&j3Wxin=(d26M@hq=X5v+Krb}Bb=s#R9v=`-iM@n;+~5Fnzq&7f*4gV
z;v6GiYg*i9X{yN_saH2vI!v$w(E$NKiW%Y}Lg2`i0vz;Edamk9sn=IZ;SY4y`_+)m
zL&pm+3owMxU&mtfya;H>-w%NQ8h`+Shx7~xx})-|?T(y(WIG@rr#0l8p6+^qc$Tu~
z7{@I?6Zxj`im_dy#Uj&yd5+BB?CA<8Mb7WEMb$br-DrkT!7~B~lN)_;KqLBnN6$nc
zI>$t)YHlCeVT36*ezlpJP^88GW@4WAYpfMMSm}nbGxDiDMGQ5i7ZM}sYNGY5!&GFc
zeoQf%iONn2vsKI>R0|__DP}swm635C=k@%msx;@1D+i-;Pp{j`CK(Y57YB?huWRTK
zQh3N=jh~MVD@OKc^$P`5T6-6cr@@NcNDeRjX?zifJeH^Wd)8dJrk>B-?BS=_qlEI5
z<tlLiRT=4BNKiy$#|C~7yF9llE2dB&bpY6jN4_c@x*xXsUB|$uxAS^a(mbD-u+2i(
zaFUfW{v^0b;#JZ8Kc;M++3VIQ8zq{4vNW}H7*5dtk>WNee8`n{0_4XgnRc$hnY_Sp
zqRcj_26QDARa`Nz>UgWGrzs<{_MlMYvHmT*jGdO_`_$!j%InB*nm2CC7aKh?%k2W2
zZ5elFW5KdU9U@3}S$beZSxT!5112y3+!qK88*3qFaLqcQYD_v1Uecs~ORP5K+hLE$
z$_tkw^QFxSdoQp4TixL(XV(qvA`M+B{Y)Fr1(DCo<jZIFcDx&KEh|XsWlG<Uq_rE@
zvUIlEx}W>W+vE#bc-6%@QTj|uAR9OR0AD`=?n*`yL5@e!gFi}FgvRe?*gpsBui5-d
z&K`vvJrM*j>Rf-wS+}SERB%5udF?u|P0yA0g-MXU;2Wa{`vJ;;DKItMs^7dd;Ue8(
z%r;`4ak=s&O0wiU--pcE$eED*yX`pV1)+V5S_p*N2ZXl|{HV_;d1%x|-X1~dZfTri
za&5dCt`hIms0l?5Ft5dL_(pkT=mgU4SV!N>_><z@KJ3L#S2SDC;LNs^kTwgo>WE2C
z^fBHpwfJVBVBbt_n0#H>pk%^rvGvxi*6~7M?Tm1|KlW{9tf&jQ%1K`15_#a!Ad6i`
zq3^Yk>aFYI#Y_nU9Z<-XbRjb<p2rz?XO$hwkIgw#yU!#ip{NnzLIVB%MZSZE&_)By
zGAMGr<G77IUmxN2%i)c)aBLy=`Q>VkvZB3-vv?I8-909PfQ<y^;S+~I2xi^wv8AZ(
zc*BlKXG8pXqs;EA9OG0L-U;`;1`GD=7^1{0O|(FP_RQP4Qt;TkJ9ENgF58KcoTlnP
zPIHQhtR)LM*+RQCU_|zoSz_Amw6Z}Rf#lCI4Swq?*?cMr85dupi)BT6h>71A568ve
zQ;Le`ViOO-TDVZrpE%4u_#~XBp3*}b9dLSnZSMyyzas41*Xmq^4>g26BxAioo}^1!
zUKQP~UZ7d)8uEM^vM-FVIoodA7Vo~-?N)9Wi2N8^>Z>3WC)@ib-Yfk@arUTD(&jMh
z6U&yIxx_q!@Tx*?8|gI<>!0XHA61d7;|SlD70xDWz{vH!Nx>tMOCOOO@{{CZ!R0%f
zbyMN&%T6vfL>#U4D(%7l<QYO7DTWaFH_7?_iR9-o{}<%HDf9n0Uh*Po9FtO2N*nXv
zOZ-+mp+BL-k&uMu4TN%%Xz&l-Xfdq}hEuR^8q_k_-V}$^125LCI(aOGQ%W?wq*$dB
zBk6}xUFgk-XizRcN@{;hCiiohnp&R?bZlfdz{S+fwE0xwaUA1=YUr?SP8-fb!K<0F
zIf^ceLcSwFUCk)Vg17dhcpG`Bv-zH|!`zmRB;hmWrNMRMJr>fSoB(ynuW8FWHK|T7
zXBp&eT8SyhliSDCxtNZff}!SyJ#=7qB5A_Q<?62&EZ$x10$&_`U@wmyUktx4jPEM=
zXx0f2aZp+8ipsfnUN52@&?8T_BFC~1S>NBQS!XiLbxc;uR@~DGzFGN^0xkjDwQ^>q
zdh;%3Jg=oKm@|9EWu=jPs(cnoYhYUkT~xq(er9oB3=J}updvvb`+4pFQ~dky#?S0=
zI5aIgWY%|(k`ENW0BPE0c@MQV^B*}sTc@f9Duqs$+pg>~O2ZfwM#5$!)lH~<TD1*o
z;Y@hKrE4r}dLwQ24}fCZJ-O;@zRPp%srgAvh7N|JMT+%GTW*g^Yjt~l-$^hiSV>$%
zw$1P?G-m){@tu;KKMLmAR@CbS8xPjR&k5Q`CzuPnQ|g}@Ze~Uktk9}-^PB0Nm4Dii
zLXtulmXgl}FNnSYrrqNgSQ`;}CgC3>kr5#xulRQyU&|+d=xt>wcv>NOUE!|O?&{i|
zl>g%R-wyl^$Kz1O?KeE<skgIU0go3PUy9?tkeB9(%eKZD<0ylnyBN*O9{6z0FI+Ng
zHii{h2QDR}9ZW%Ld6OCKp@kAeXyyu_ej6gwy;g#WI%(vnA<ZK$uo_e?c$rg<;p4%X
zI&UuYwMEl+h;)(XkZIfaY15~lqn-j>nPx`S@JyWF^-b3W!$<)tcv_aMs5xw@p7*S#
z^7{f-9WZRTuj}I#`{DMw2bG_6@EHY5ja1wBFAu-X(AT?T-Z?oGl)Jm-n`yiHdouUk
zJfA1ZtJ5KE`v)IS&>o{`=?UW<WBw953Bk6#CT?19pVlisp>DNvg*D=4{=tr49a$A=
z%J2(G(W%J9mHxz>M7hP@v3A}_?=NNSDt=kv3tJsMEf?=~KDG?FS;{=Aj=nV72iGug
zxObezB83IQOb9A)d2f*W{j|E5lK?#yES;wWR4>haXZ+pQ=tmo=(ew%v#G7`Z*ZI~H
znj2ZcFmizKqGd?z&@Zv>f^&u8A(DEmaJAHH|8Dv7kPE{roZ+xCPS5U3>;tGF9TSfe
z`)~HhD`LW^1*@JP<kSosb#nX`*no;__L;e1F?eSR^e7+!<gDl$JJh}u<ujYUl1OMh
z*!Vg<yDR7`8?GzwZ0rl=9*#~EBB?cy1mq3-=aSC&sto{NFa~f2ZI9};Tc%dU%z4Q)
H6_Wl1Y7N$h

literal 0
HcmV?d00001

diff --git a/efi/DB.cer b/efi/DB.cer
new file mode 100644
index 0000000000000000000000000000000000000000..76327c0bd19cd1353d91fde396391872fbc80011
GIT binary patch
literal 1327
zcmXqLV%0WiVisP&%*4pVB%)lu>F4L2_uF}2=j6pSg?>30_odT-myJ`a&7<u*FC!y2
zD}#Zmp|XJ@8*?ZNGmlhqMrM&-QL%!no2No>YI12&s)AE~eu;vMlYyK#uaS{~iIIVU
zxq*qPMU*(NF_3F$4&@SSOcRq5vI7`d8JL@x_!$hEn7Ejlm>3z>?U{PpY5LanUv5?X
zp7MU}9gjO^e3PfzOVo-9wtP{!TxzfEIEPhT^7I$6$ok}f&`@{&7dzkO6uoL+yw0IS
zlUsXA7t3{<llGrGdYG0;+i3o|rL*km1}m!zF=DrF{Ho3iC<xfEzFHuZy>pw`_1L9{
zL&Hr<_AmZ?(|$v@;rR@){NTl}<+6TjO6(P1@_1#j<o{&{j!jk23t3;k^Y)o=ZKkEw
z)*5eTz5cm<M$Vzfti~}1o2DDed}p&3;b2pjw0Uy9$W^ku>x;tcP1eVsho6r-$sc&L
zGuhbl_KWsJh18R)?gpPwX-Khnak6`9ql<gT5r#9ybED?=@m`B={=NMphxf9~X=V#d
zf4kPFZMnOce;t4PLBaVmN+n***|_7&^AOJBiSuW*lx;10zJ9yp*S{y1FkF)6RIPCO
zBK%~sh1%k|mBl|9r&nF9ne^y4U&_AMDf4z6Ynk@f^d;jL=iuf2j-OXf$X)SqiDj)>
z>%&d4Z+@|BOR}2WXnUk#?YHED<Br`{?Hs8YK?z(R+;1FC?qpQ{erB2Vhl<xvj?7p&
zmBTy5TWO8yF0-!%6V~r=J6CaDjnyPdEy3{cBk||^=P*c4I-w!>Z`CuNH`cr4_Wu2#
zYAcuAGdV<|aPh81-k<07WJK9pGC%t~`^1)S@huHg8(3dWv#o!wbc%6SqqOXY8;UE`
zs_N9{bSN5|GBGnUFfI-@2sDrdrb$^o7BLo)4=d+hK6j97)uPQBi6%9gzutW)pKc%z
zl2&GsFc53Nu7Dq;K$wy7KMSh?Gmt_~cEEHGOm>V66K#BtBo#kfl0E+@qrfVGR})43
zm(MB=T@W4W8@l*v>n|sVu%gs<hnFHcJTcyz=l{)Hck>uWoz?PtbB?sGR%;TQ_l9BD
zcVV5=AJ#c_%lKs4X^X4MzN_0N7ba-LdiSs1&QcNkgckwl4Q4BD6n+>x>0!X4r`?Mf
z@;M&ev`Xa={NWMsQLe3}+9LJKd|jmw$yd81^c~DEt>Sj&m%M)A<lTtm>qmBWZh7FE
zI%n0Zy-Q**9s2+N5zDSZr}H@}t2PxDtPFO}uPWxekmj;nNy7D*c5J$oc-?PyrS(F-
zKYgXw#jD93{=HB1%ef1VM=Rw|TiLGOt{PlbpZPYE+w_aMivQG}8HQ8dT%59WiqVU6
zw~k13mA>4-Yf(AB{rT5pXAT55o|qX~owlCyp0$0@%?m1aUMY<NT;bEXggG<nR^?st
zTJ}TBx+F)I#gkuqxf!GN`eo;Re^mJVJKVB2Ac8}<^o#$w+^mIP3g()4cU{TYbKsit
z|H>&l{c|^a|2JI1w))-rl0P+@Ha7TQe<Ro~xk0e_bP(?qn`^FqMM8g0{hs?qS;6Lc
z)R}*CXUvJQo;&F)zt@t`{bi4m!mpO!XPQtwnJL$_qVL*~SKVcgXTO<}aq#b_w+|ox
zlB>{dcQelQtq>Ev-ZM+S#cFqptg-jSCsXw*tgbNbVXqdf`+n2?NaT#Iy-!MX_N{IK
E0E-n)>Hq)$

literal 0
HcmV?d00001

diff --git a/efi/DB.crt b/efi/DB.crt
new file mode 100644
index 00000000..22ca76fc
--- /dev/null
+++ b/efi/DB.crt
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFKzCCAxOgAwIBAgIUI3+y+fO534cN62xuXIJV9MFe9IkwDQYJKoZIhvcNAQEL
+BQAwJTEjMCEGA1UEAwwaY2hpci5ycyBFRkkgU2VjdXJlIEJvb3QgREIwHhcNMjIw
+NDIwMDcwNDU4WhcNMzIwNDE3MDcwNDU4WjAlMSMwIQYDVQQDDBpjaGlyLnJzIEVG
+SSBTZWN1cmUgQm9vdCBEQjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+AK68ldtCl7Wv9Np6+5TvrdxI3DYOk5U/GH0WEYT0JNN1PyNBnAUnGcv0Fll/Y1BV
+VUcP6LnubHLqh6OuQHQpCyuUigTXPMk/84iMAqYbPCn82iym5bA6OtBcFtrY+ntu
+UHBQvyerEFUHibYW112lw1VXNHS/o/PZP7CLMc9oFm9To+seavspGL0XpOOpcxn/
+psDGlSAuVK9/udvMVysCpXs7KO2a6/m3mGzC4wUzXMGClzEc9wY7FAgGJxk85Ndy
+RRl3ivQg67I7x+dXz17JD1HZiWMzSdvoh2EgZcmq3VPIJIBkOOjJi6WBREeIxADM
+M51anY4N1luD+7fxCEumaZY2oDX7RX9mtN2jD64PX8ERn5h1GOicsbj051QJc5Gf
+moR2tXbnr7cZ9f3JpADSGwkleEL0E+STOCajnXlz+QGXetF8kuL7DmS+62SeusaE
+lv016QH0Q1Onj0HzqZBtqPGkOX02heGyXez6BysZBTTYhuIoO06k0EG4uzqHCGVo
+UmAK8EfYw2OJASP3zKY78Hjr5MSYqZUIS2RLIqw1ujb1cJCvuEbOeM8mBTRaJmAx
+w+IX57+cABmSyCgR/qrmDOw7uh69/fAlPR5jjJNUIHGjuqJL856MaFo/OQPm85vI
+tPZfhICVgAXqlj1/5yLKAZqBGx3w2CGoJnp+JpyIITM1AgMBAAGjUzBRMB0GA1Ud
+DgQWBBTwqZ3TzsEKqqKzKGE0fCn67vB3lzAfBgNVHSMEGDAWgBTwqZ3TzsEKqqKz
+KGE0fCn67vB3lzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQCR
+PE3EYnPmpGufxQEQqhDqkRVPp5pzVaBbVU1Vo9WF+kJAVnJlh0DpFCwMXEuzn/1u
+rtnGCH46p96cxIWrJoIWnuwAuvcTLMvwrkKLHExpPisXJR3ufrYeVhEyBd39Lrl1
+FD9g6FDPMJshsRPhXZLhUKLli6IAbwji2TplCBH4SFDxHoaEezhl9J8tIlQZ6roY
+L0A30qoLRQ8Z19DJ3Vhj18S5ibTgRWWcquq9pF3Swv/v4gS6cULPbGSqsnFwqVND
+b3pzCdBmRKciGEXGK11nGhd++wcirxJN+U0brl8mHsP7vhX0ztBBxXkfyzo9q7cl
+U3p/ae1pCzX0NyRPlYyYMZTs0ZSllDLoztrEGIp16bANOHmfh+f1xszAUYHImVl7
+Zq8J3js/UtnQJD5KZIEQCleXChMJaH6qbtJKpvgqO3RsHQRJDyunNgE7r6bPTfh4
+TP7DhL1QWAgTdfRPzm1qofRwnTRLitRovMDWI/95lLlPbbNL/zGkBqvur3T8fLKx
+gE/X7BGHGbARc8tSDdQ81kVOchL8yvud7CMgPOdazP6dmJxcO52S9Q9KpFW/duJi
+V9V33wKQe5MCbTV4jtbE6ot245vslGjB/fLt4eP6Hngth0YzbU14FhXXjJofhDq7
+hB0zS9HklS54OtQBvAd7EX732UfEWZi1jeR0LL6rhA==
+-----END CERTIFICATE-----
diff --git a/efi/DB.esl b/efi/DB.esl
new file mode 100644
index 0000000000000000000000000000000000000000..d5e14298d4f40350ccb14db7c5b2c8c21ee54f2f
GIT binary patch
literal 1371
zcmZ1&d0^?2Da*aux2_hA(f&{r&B_1<_CQ)O?zTb2fj5Htq8V-^UbrV`(8Q{3(8Mgf
zfSHMriAhAce$&s-JMXvizRt;uX$t*vFz!pI0WTY;R+~rLcV0$DZdL{ZRYPS1MK<P8
z7G@r)<c!QBy`o|TS2s_E;MC;OqErQ^{QMFH7bgQbab6=M0}~?y19JltQ;R5ZUSlBF
z&>YGo)|e(HC1eLMvNA9?G4V4PG%;~8H8C+VtlKm7w$t>j>%ZKp`aR|S+B+V1%=jix
zwU?+B6KwgSa=FxA*>Mi5y5#9EVv+U90imJp{4aLC%PD%*zIdHOi6*!9lrEO*HYe>r
zcl0nVleW?Pb4zF0(+yTu7h=S2-S}0V7f=weUwySeD0}BNvFou*4~K@El<Z&p`KJAb
zZo~5#V)?;~U(03v)|A*QzU1-BV#)u@4jh}Rpck^fe&_8o;o3|~tF1NO&U*cG`;44J
zk6Ddl4mM3Ul=;qPEyBU3E@|`RdXcMSdDj<(*PE=5KMy}2calHwW@oao=j|8mi3+JF
zSKSRhq0*3I@#19n(nc5ejw1|bjORwp?c==`-TZs|M-K00nbXV`nErOHPup^LG5<RL
z_=AG;XOv33n6q)mm**jz#S`bxYAM@V_I&+z$*+G;E@8MN&8b@9^hNl|WDB*$b1RE~
zGET3$STpI-Z@!d$uT$pjI@U7nujxz1FV4Zs`yD^8oRGWX;}XkSv(|^3V&D8?*Op{8
zxzYAW!`g4j1;-t`t=c(KGlCMhKDggFoZQK%{Qb-_>kk#LpB$O7aw>;+inr1l(_Lm?
z3nr}J;dZX#yc(-Xlv;w};YZ@n_s?OFoOD7%@ZYLuJa4Rb$?g67LDg0+xo2{SLgC_F
zi@ZP2>&b|+w`6|ydG?7d-{M;urZ%v?nr2)7T<H|!tVU_s4>uH7s8!Xe&FN4yHf3UF
zWMEtzY!GN53rv%;d@N!tA|F=Hy?pK<*Q!OEH4;r~G=IJOP(Iy29we>IB4HrbfL#GU
zNP#dT<9`-b17;wFoa}(<9+>PH87A8J9!V;Gwj_K0QAUAP0<R{D`Y)eV9J(Mn)HihT
z)z)854q-*9?G7(Rba-OCH_!i@x9;XKjykL5_vRdFU9Hw6Ht!9?uJ6J+r$4N7>Xz}z
zw9^(>m3>#YO)gB(i1qGYy`7~Z_6aWn&Kt~D+$j7ocGAOuMNhjIG30YRx@nclA^5{1
z;G<kyOSMJnm-)I%A(F3lN$5M6Us}cO$}f5S!pXZ4$=8qU?A-FeHFeIaS9_PlUOM#u
z{UerLg-+*lQdVs$ELa)roL^PUc_GbZxsrtIG40rNDe=1B>`Lo}e1G~%uZvfcJN$c}
z=$CUB9FJDYpSH4Hy<Ii9sy_2=Cb#Jqa~1!oJu?iaytz1K=@g?E=WZR5=qi1=f!CsP
ze*5#U$IcuGY&<bDvN~-&=RIrtpqm#|?7UJM1-Qbea|v^1)UC?9<hAUFmUT&vEQ=?<
z_Hr{u>-Edd`~Il#`FFTwZ$JcxaOoHSbGcayzZA?h@$R~kvFE@w<^PpacKYXT_Wp0U
zgl+Y^^(B95Hf?P1zy3zBU2=n9@#!GmD>m0${fdPCoccZYjk1Ex^Qbfb=FXTCV?B4$
zSAMT0q5I1oC52xtzt1$GdNNb4X+__)Bd@y49?yO=CF9`VPj4SS{v}tT+wNwZ>suiv
tdc9|se2dlY7FlEOi%+KNRajkN+{0ciSoi&=`;o{QTYI0B=<HkF0st=uU>E=Z

literal 0
HcmV?d00001

diff --git a/efi/KEK.auth b/efi/KEK.auth
new file mode 100644
index 0000000000000000000000000000000000000000..9870eb88a5a951312e4b430b353c1d4e8d639e50
GIT binary patch
literal 3401
zcma)-c{CJiAIE3Lz9)=*Y@-O7v5go@WEn<iBC4^($i6SxHTESnSyQsFV=IHA#u5^e
zy+RZkB0E?1*FA6NJ>7fmJ#WuHzvp+J-}61sbI$jCKNLD@PI?-^|JDTE@fNhknmt%;
zFy*+6N+?qZMVRACV0gL~5D*AwgR#&u*u>}qaa7bGAPoS<M9Xj{Mn7ho1xN?X#nZ^b
z@HA2|JQYVS6$l6daT<V&6kutI!F5*i{;x8IZNd1S=YLB4yaQx9mJo-F!9-}O%&4iD
z`Rp8>yw7_32<zyggfTcfKX06{mWPM0u!$iI!p$Nl2UC!P!4NP7MZ{HZ7Wv~Aj`-RB
zt_&U|`s)LZ|3HNYu>oLs5F-c=0s^vRl^{(OQwd?}GurLr_?Z(|n7wj?<sThLA7E8;
zI`E}*`KQEDf~{>6^_yB;Cb`4LZd*G16fcYjS+6Jiu?`Opv+Dx8E|+pjT8Rj>IB%`>
z>+p|1*jrdtWVS@%X*1Fe(@1Sgvd(nBEh+VGphdQe`PpPdXJwOM*jhtPm8|TzP&bGF
zvJp~^L1GH~-4k-ribm=BgY5UBuTyW`?qDfd1e?s@LT&~IVo&I~O_q)A8`}cH+3v(_
zkJ}fiYWVgnO7D)|7EZR_mcq1v<h9m)g)e&QHZIscf9=uf$>idkHo3niEn0dLIx}qh
z3~Id11My1>C3`bI9qkzIB74ipD<fMie}v4X-{j#dm+y)h315LIR#&|7siPwg5W4xP
z>)zS+otnvd-c5V@8MR_+%8P+1z20{*yv^Yfnz>GWsE+*h1`L9jE)X!038+j$C5W@f
zQR0vrVN4^%H-@F=G<yIoOn1={Z!y<Kh~#=ZXI`MJ&ZrmUM5W>R0mJrPQrdH`oYZi?
zO=r#0bVi<@ZmUm>;!2-`?#9!G++SXBx|iR`eD5lWC>fGiuzU)fN_r)@k5%+aFtQo6
z5HWrwWlH*1?W=G&3aPHZgg1TKA7AVioCJE4-yYC=#?Xq}%1yPN@@GO+roiKN1?n93
z$@V~7=ew}#qx-IJgQP%IKmf1+12csQ9(z)dl^RUVId^TXQ0eVZNLydQp2yeWR;`}X
zXqeES$70kxFmS{_53v0?zySmvQPaSvj?1sMJNEst?SKGRA6EGcx*jMLKuqTP-UzTU
zhBrpR;}MzLntycBW?5NW*+Dy;^KaO)K)6EkU4qyMs)?D&ffijzQJv|QK}q_IQ{ZC%
zmaeJ3n;to?lPosf2YE>w=<6j??vDkug9)wyGWbXQlcopO{sN`9t@sO8+FmrqCxy<V
zq#`fNo-9+OGqgV%wzE0gt}o!{qybx4SzIz&ieCN#7&2Pk(Kqaw7;5c2x_`m=mV!fX
zW+~09W!VRlLN7$!NcYA?DGu;*wy_yT#dV4}VX+w&>UMo;W*cXM(J}w1PGueFW3yhT
zQ=$1XkdRp|NTWQ_O6;8oXweJ%HWNqe5l_^lSYF>@S7(@Yj~pg+?0N@nAr}0YB;Lx5
ztYgnO#4NYe%Pi7=ZZHfAa~`T)f6qP6a<CKfnewWYFj!N)pk-8EkbCFkjb~3VZ^Q<^
z0XO;&wO2-<#=++so4hZNHyO^aMjN(!6S`Nrtdl;;mjU*O$t837_Kv6fs0KL(s!qHL
z+R$2j7W?q*_MYR|3CKtHkQDhQ6wy#kLnu<v@F-+QaV7Fa!=0XXzR^piN45l6AHjvp
zeeE8ASafV->^`@|7Wzg<X$B$4JRe?h7$8CdMBJ`w7gqp(xiV#WJG&E<O73|fOwLtJ
zH)O6DDy2INHHrMb-9%RTX7oCeyL^~~-fm10jt4m&N00q+w!+kYGs6BoReufUUqbdc
z<EZf<KvHj@-1NI0u$uxm;W8A$buR@uL)2?#ukN4Kc(T$$bwCf)d+PswqpVjT6MvHD
zYevn%-g2AjB-K<#t!tq5x{z0_4A?y-WnykW>o#Wl8@F<rY3L=N&<1m-(D9`_nw@W#
zs_)gOaDxc71=4=y2~OG_LKL*~Af(CG=HwUVqF`mU=BkQO{O(7z){=8ZS)4-bifpsw
z!=XuhgKAPm+j=uHPRW--eMzDZ;g~7Ci{1P#7GEgQ%#h~$5e%KCR5Awn6`s(`!AzMM
z=c#rTIjtbP+}vY7F|3mAjSTQ%SQ^;_awN-EvG%YhNPp~Rf`bv|kN9clc%rmIi%Reo
z_;GtO`-t5AyKc*tkA`@7W?jrnEKWKRbU3|Gt9ueKcSN&oxK+Fh>J#d1^dwiBo6PPL
z!lCsZB$&UfRu_wy4k~)cq<VO_IXx$?TC(Ft)})25CL2zs3r<OXxp!Yc)Fo#ja>L>4
zKzr89PqJrEGulKi@<+XE&6^|ZDa;RY73jBj4sn-HcgQm+gO5DtM_BUR)okYojml~~
zQPXy4+A+-$+!IVifTUn0x>ypprrzsq0!~+W*wh}o0)W3$(_>54m`ko-4ls)*1*x~1
z-lR$~SK-EjlP&cRiE)^sHk?59%h8a4@&)(Xy0Q!IMmjBFlpD?;P1x?2m(I52S+*3-
zrj{7Q))Bd`ORaiie{%o)aTT!|huv!V&Q87t_+Z;V2|32N%rVBfeqx-FHQ0fgNh3^6
zOg-^V#<$d5k)71P#To1r910WtFUI-*4daG7f9JUJUpcOP^|y8YAIQHy?8nPgShYf*
z_~QeL`-P+KZslGb7^gF>;zdh8<tw}B_p<YOMzPz+?mi?3aC_7s=DwMMI`3SK046z_
z3S9#PA6Pbay?5>U(yh%SxKR{W8zI4l`rK9#5I#|sNI%VA&~`1?C9g;`ySFdYZ`E`t
zU11#`mX6(uw*0&tl~C#O_-nr00I~36{Qwn1UWi8g?D}aqlGol*%WW{lAg6GNFSwiQ
z9`mH&<o+9tCU0ovt1rUW%~#tL`jryrnG7_c0OKFF+Ppn`SpjJ1a$*kA2-ox=%zqxe
zyZxmM-Uk{@SHZpExjAYL`Gaa*I@IEwZw+ge-b16pkw-q<7lIA-1wBbx4~(`rqhdL#
z{q(uY;eyi7Yu<<68M_v-mb;?;gTOS(4kE2T^VGb8OpLnZH6MCs_Ogc35XU*@Iy<Q7
zr#ILTNOZG{m+r`J6^iNgu%6Iaxm9S4hH}=2I0-|}cb*qi395~(Nfdg|56BP8A14QI
z9Q>FA20JVkP%55Yg^gn*Gk16*8MP`e7R&5wOgsUDQ4k|7KP&AIWG*K4D9=j^SrM)P
z>$&7`>om4{rDTc8maq1@n52ifOI^&(e5C-qXzg=?WYcAds<e~|v1jXTQy<t(MheYx
zUG;|2Zj1ZO3u<EPSHkGdnVLBzyw<$p!bom-{Gn0RNa-lW`kz2vPm+9XQ4NjPSsPG+
zH;<ku*P7$~3&{U*;CDb?)Ecp(r@K}zo`diiV|5O^C{G@*9oxlUnWrDVTqHd*bEei+
zk^RT!{JG~Ux=A$Akh6lYi#PfSKs5EflTRv8qv)bg-RwTN6RlNg)UlD7QgNQYdxFBV
zlzbHzu5`o54W4gTAcmaMi?}1<aq)a<r-{fy<CtO+eIZL!3|8@xW4$nZw*aG4NlGAi
zU(gGztJ9>MK!hWU&#Yl(($J2?`C%iHt-6k526uMM%dfQW6%%^T4+sU5uK5wivv?~!
zqwHS<ZSut(aa*1q=w0>ToO&|t(92(7hZHJ7$dSwd=cJ`}Il|&zcCO<_P>Zw6GGYql
zk_UjD`|ytH(a4zPA36s9eO<QXGzy=X@b$Sj@6)a#Z~|=PQymqNH>a+b+UYhR(5WV$
zEln)#->2vwW_XSWA8}@#1O+lnWT`c|WzVsmtih%=fGjeRm9>;}PR?(7$&V7A9S}tx
z=sV-2t<O6RW-hiDyiSPS^fTMKg-ZG`!{yF9(=zVH%!p!2Jc318=jgG)YBE~gX|zhp
z)V^`>qLQ!38Q5G)sT-3Dg;tSOoyDGItQ_@<e1G9yad}~**3Q>=z_}+D>E^MHn%~qQ
zNtJ5jI634?9`ltk_&J3H+vJ2vwq^A1NL=&eT$IXHSqt<MaLG2#!JV6*6{UV$5X#I&
MJ<K=Y2=&PR4~ORK6#xJL

literal 0
HcmV?d00001

diff --git a/efi/KEK.cer b/efi/KEK.cer
new file mode 100644
index 0000000000000000000000000000000000000000..246fa4bfca9c03e3bae327c0442caf1641622b44
GIT binary patch
literal 1329
zcmXqLV%0ThVisM%%*4pVB*Mj4oyNj#UuUaq*WEk)<&*`AKc^V*vT<s)d9;1!Wn|=L
zWiU`PR54IuV-96u=8;a$$Sl$;DpqiH^Hc~<O)f1;RdCABFH!Jz^)`?b=QT1iFflSP
zFgGwUwTKeuH3o7G&7oYP&1qs%LUsZpD+6;A6F-AN6B8Fx6B8rDo7oqdbl1ckRM}Y8
zRKDzjLQDVG1yL7ovj?t|^wHTQwbHM2@3EcJm*w6(b<ReZ@%uHewn?F0c9PFG$OQMb
zGW%>`6#E;w>%{e(6Aw>0OUQm++OfGogWvPPp*7|8cUE?DJd$2~D0)Hm!le##&z!3*
z{SbJ0n#rf8x@oarTO%L5Yw22>J@4rvql>GT+}w7NnR8){edm);>V`IwDH%?=mnM77
zU-DL}`jqGdo_n(Q{+zVmU8J)1@I!@|un&h!E|_({;P!G*VetQv=q!2q_pEXsm3Q6q
zSNo>!o>^D+!splbhbs-wF<qNxm3mSl{aU=-H|9?|wGrn_Ht?-;pY6Nk>YQS6muhbh
z*@7)jGkw2`w6qJaFZB>zWhkq&bHnx8-doWP9~ZoL{xOmJnjq7bPdf@6!fm=+f(l>M
z_C5)*H@hrs$+I<CMd|Lz*c!Rk{n>?XSAVVZ<UW4IU0%=VgG!sd#jG108r~x33tX%x
zTJPfPdB#z2!{)}joA)jy{r&Nru{!Pb;%93%MH$=<)|~NEqM6HSt=}@;KlXPviivs3
z`8t)xIp5eP%5B$D5cFzRLk>gy^S=7{sr=i_`ZVqxc$(rC+%tQ@+Y>zdrB*OBDQ(_4
zQFC{Q#=5DK?<nv1bm;yK!GNnvLKoz?U!K~iTKq!RA$HsQI(Eyz(9Evm4&m8c`?k-!
zvCG=m?EmC=CT2zk#>K$~fd;a`R4L2HBE}-JZHwmdi1jL+t{*R28ScL(u*&JVq=7t0
zTA4+{K&%0~0)CJJVMfOPEUX61Kngk80aHFO*)cLKJ=pNx-R<Kl)%oVdxA?Lu{fzhB
z-hAs<Q}_#xD<MmDu0Gb<oMS5Z<I4-nomOr=tgUi-vIc%h7bY_Lu>8p^p2BFq)K7lv
zlRsj|e4N($9{oIH@)}3!Q+J+8yzPrhtv5^Z%{5$<yja=hzI#KjM!uipiemwauXf!s
z?crF$+tL<mIwxbBg5j^l!LDn!bWJRBaj)FE)!~_ddA-dtt&g#~Q++a4zqsPNCDG0`
zW4id<w!Kf;uA6q9al9yBy(PMI_3c@bYYJLY_Ede5>i91nsebXyhkTLy8y}^ekzSl^
zBfs3-XiF%ArH=M5;ku5!$3CTA^?d#0ovyOUD$TzPKPMR;U4N~)?cEPoud;I|68BAg
zCZ((p^ZexXsZr*sGW`40j;?7=zaO(A*=@VI&y;`%kpYn@*C%`Yn_h5L;lIc%A*M<m
zjajz4bLT$i6WS0vbvskU44bu^pIK&RojkK|PS=jVs}*N@WTooFJ7!**@%qT(<6Z4v
zN<+U^c=p_QESe|z_`vO49xhMr?*9fY@$=pJ4K_?an8)h0e5LJ6VM))va3imT=*e4e
zY1gW(+h?7nykq+N|7R56?8#db^6K;E<dTw$S*P1=a`QiVzW8FlMSF#Fs)(@h@_AA#
zIZHEZsuSkdX&#z>;ipD)fyis^1y&y`3uUtB`p-|beDOqyW!~ai9#NJnQWrB+^5+5o
D%EU&Z

literal 0
HcmV?d00001

diff --git a/efi/KEK.crt b/efi/KEK.crt
new file mode 100644
index 00000000..b4cc33bc
--- /dev/null
+++ b/efi/KEK.crt
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFLTCCAxWgAwIBAgIUCg57ZgQLP349Iz6LjZfplKAh+ZQwDQYJKoZIhvcNAQEL
+BQAwJjEkMCIGA1UEAwwbY2hpci5ycyBFRkkgU2VjdXJlIEJvb3QgS0VLMB4XDTIy
+MDQyMDA3MDQ1OFoXDTMyMDQxNzA3MDQ1OFowJjEkMCIGA1UEAwwbY2hpci5ycyBF
+RkkgU2VjdXJlIEJvb3QgS0VLMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
+AgEA7JvQgi2sXsEksXaCd6bQIISP9aBa0dsHUa4ZTCyyGqlOdb3GuZembdnKzjwT
+AffWSoaSVUo+GeewHFOOhQNMsAEW/Vm6yNdsyOHKQxgd86WIs4AoD0ngwqx3f9yp
+iwjiG6PCW6BroaVAnczOfXXwUdOWNPKCfpZd9YVZ4O6Eiq1rnuWiMtGrpNm20QMJ
+oXw/ieTyJzE8GWRoQm3Sk0qfpO0ae8oVkAzeHd78yT+7ciStw+EgXFbwwjTQNovo
+C0pAJABP+GFDGcv7mndMJO6Ln6tNZbuZfnboTPr34akxzgLWljplyRhn1l8e9gPy
+LH1Yz3SwDq5Hm02k1ZxzF0R7S0gdcLRCmU31FISHE691SBWqMR0subDXfY3aW4Dx
+oO9D+JEL1hECtPK4cEBXPIuEUnHofY3kVD820xM5DLVjJCLdyV18HoW/a3FG1fqu
+SQvH1EcfLjLwJIY/OJrYiChLFM9wRDuRO7oOjOYIcNg82O7Z3tJi/fjnAXtm66Pm
+rLJaMNtTKZj5GIMKQq1Opi38P9yxFhZJHk1CdV5D2L4VCz6EcFLqmoBsAF/njn9f
+lQ+2No4o3sDlZEZTjJug7cgMvxqoAIIis7mRKbtUKK6Vk9wjuPLC39gRUNWkVaBs
+R9OVgSVz6B1AXbbvfgc5UVVpisdAV2sKvree2Lo7TTb/k18CAwEAAaNTMFEwHQYD
+VR0OBBYEFLa0KcdYrySJRfHROjG/1hCqQucZMB8GA1UdIwQYMBaAFLa0KcdYrySJ
+RfHROjG/1hCqQucZMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB
+AKXBgO9HRvGqJZ83c9oOanlOM77bs9r6glfoCNRUpSzV4yqzbDUR+PToObk6RowF
+hR4uHTBOYtCRAUwE/GlzlAE/pU4fteT8FsZMQq1NxfOYk6xBG8rc5hjtjlplfzZi
+TW0xomOjIzzfR4CNKG9OQajGUCHquto1jAikDYSGXTWcaLYgMfqjU0WttIqRckRH
+ebW1QOYQN388pirxXS2VTGir6NRNtGE+RWiXF52GveUG1zWKzEHRH3u0W3Wr25oZ
+rHCEZLx69BqI/xdZJ9HM8G8U37HiZswbo2M8H6c3MrRVADksK/oTfoi9xvJl1Unr
+5O4tIzSqKf0A+ZIxxa/Wg4bu+EVKds7IYb6V5hojIFznydeVWjdlHA++JsWsg2ff
+XKhjRrc3TJRQ4FlQWWTXk0j+l3DVIP8UmhICeQwomj27bZ3nDhKwXZW3AliYPK2z
+5jlpasnMvpyKuP2rIZlIamUsX0Fp0pjrxKPHiof0dVX1eEmM2OMVbhnjwNttDApJ
+C4v/MIRfn0cPMLCXwW4FQqepPekTGUmOVzJKYFuTtdorfSSuvjtqI7iX7//MIey8
+bqxU6vOzY3R00WrLhzxtb/JJ6PQ/tCuoQ2UUEzOnnhqpCXVpfHtgn34pwpfQ+Shb
+cBTrK6A68XlxHGudT59lOejkIgSeo30MFQTUGtFoJG+d
+-----END CERTIFICATE-----
diff --git a/efi/KEK.esl b/efi/KEK.esl
new file mode 100644
index 0000000000000000000000000000000000000000..58cc05db10fe42d3b1f18ca46ef5c2269919162b
GIT binary patch
literal 1373
zcmZ1&d0^?2Da*aux2_hA(f&{r%gO)-jzC&5?zTb2fj5Htq8V-^UbrV`(8Q{1(8Mgd
zfSHMriAjWuuR4u|+rG|L*{-{H`pYQ`6n{=J;AP{~YV&CO&dbQi&B|b)W~gGI#Ks)T
z!ptL`oRL|iS5&Ov>gK5soSIx(l&avApI@Tj?dokHC(dhRWME=sU|?=wVrmg3&T9<h
z8k$47M4QvZq=f7QMpg#qCMJFcgC-^}rY0svhBvb>H0iF1JE*d;tf_q21%;OWuM46s
z-ewP6C+VZJNou8E>E2^Ir!ULBdFq^vFyr@YUTu>?z3e2PZ;%P@Yi0J?z$o@Na@UFL
zIVT>Ta+Z+&ytHF;g9g9ngF|b|>+h`W=6EE%_)zqM?1f7m=AJoMTlyjJ@-&lAO?A^^
zzqUp`c-PXkHhbRFMMf7_FS)txA~Wa08vD*CpVSR)BvUe+axYExn!n_&RP`y*2|V{?
z@BKMxzq?3f?cs+CF<~DLnOrdIe!=bKpu*t)Bhgv%^zT{aJ}U3J=dbon-959e?1j&-
z?+;fRo@2T;%_{YzMEbROxo^y$bZR5cmu%o$=RVta$<;Z<;x5(R9<l{noM!rd6=`V~
zUSH}Vy2?;iXXl3NwY|5Z8$K?0@BCvT_ccMLEuVH2IE34Dw*(cwsO^0cVsCa?*pg>!
zvWn8(ld&~&t^2bJ-LC#x=gEEiio3j?(Fc__dy82&IyAgR&KI~?Pqf~}*Yk{{;D*hO
zcQ@}{O8WcbIb(I&>&4I3Y>G0t9jrOyr$jTC(^|h}x_|8NY!nmol=F2ejdQ-SPn6rP
zr6B0ltcDzh_~(7~@l*M?ne}PhJMc8cEx2d)g10Al_Dii`Xj0m|bE4+%5RG+HC*M)t
z@#)b08-f8>mxM0JalbsZQMLGmtV8U!_jT-+fuWgQ#~s46x%O?JcVm~eui5{}@l4E&
z42+9|4FU~hfvHlKk420{WZM?a;}PpsI$b|rv@+a(O<<MNb4devkhC(3gn?KCb_M((
z1;UJs|5;cKn1K{>vIC}kV6tOmSbDJGy}R4TRjTvNi*NB|Rr(q4yS@3=ucq)999Ke?
z>Rf%SwK>OB@W+=ImOHK7dRSZK^kfbEk}gbS^kMmvSv-Z&eyN}Q)+c|&j`=vP^*#D|
z#^g1Q(x>h`lX%+~m0E9><eO`_D0#86&3*TVUX6S|#}&r{6kqMSW!l5Bgtw(F)^twB
zHU-09i-TR)Zt0p><l<hrb*sZO0rPsBWm+F&b*K7dtbTFDcT1w3YsPf(xovx&vRyar
zI^%dzzIsb^>FV3FB-a$Qr0l8sBGvI<JW~DQnGg9Q_cuODJ0ra~*+zc3xzUzT21_07
zU&3`Adyjoez3Tb;$va(TlU1638GcSOJi7i`bKAQgu3ly5P9*M|`b<h$A?EqX>r<o5
zQ)T$~sU2O@oPIxMMY7v=bDt>z4<Z91Q?5_;_&2@as=|MfSwc*eJQ}lXcjwN1&L^}X
zcItMfh#59(H$St?%sP2y-<+-;e^)Ec^vFupiFeGrG~@M=#mBqazm$f4t?=x*@mMrZ
z^6`P&xjbB++}-~TTH@!s^BZiKelU;KY57Xqm%@^sec?u43DJ|c-qNmBS+~zROL@oi
z_y5l*zS)zvCgj!U&B-Mt7qd>c+vMhd@_g~dev9@B=Ts44<K^?DR&thR)>J3VuhTp<
s{lZU;=mL?~+6$~cRu;-+&-I_5YWd=c63e{BwLGFMSEMdxsN~ND0H!uq)Bpeg

literal 0
HcmV?d00001

diff --git a/efi/MS_UEFI_db.esl b/efi/MS_UEFI_db.esl
new file mode 100644
index 0000000000000000000000000000000000000000..37325b002b91869387bedd84604b4188614c41b3
GIT binary patch
literal 1600
zcmZ1&d0^?2Da*aux2_hA(f&~6z{UUuDnNSgtY77k%tpR@6Ewa&@2~JSXkrsEXkz}c
zfSHMriHR$b<MI)(S{4IdHcqWJkGAi;jEvl@3<ix84Y>_C*_cCF*o2uvgAIiZ1VJ1Q
zVXpAR;*89^^pgBMLjeOmkRZD-dr)dhZhl^hp`3vXNQ6sR)HgG^D8D#Atwg~&zo;O;
zD6u3HsKeU85+u(oY=l)_AtWQSC`BP4v8bd{!8freJGG=BCowryAt*n;#6V7**U-?w
z%*fox(8$QdG)kP;$PB_Y25}7<8)@QZZ39h+o0YJ;In>q7Q^DC$!N>sUx+X>?<e+3^
zWngY%<Yxeib1^kBGBPaX$niPu%9-WOv*bW~JzFV{Gh;}~1F?Gcx07nQHx=*a;X3B!
znz-PonC`U8U$qzf_Vt|Y*f7CnXUN}YdoIpBvP7b*-mxntvN^+OcaQtYcZGWt{bzO6
z{CBbM?Kj$_=CQ7H>${Uaa$b^kPnu@QR+RhlY}osa|FYQSJ-@V<23o{^{k`jU1=H>S
zZ@8qVU2WbWDg1KVfog~9hw>WgCx5*Ui<5a)H>K{t2bWEimQQbOO6vCAZ&C0lLq+7I
z@e&U6s}Y%Tmuuc0WC`YY?zcg!J((jhKUp;L)h6xA>pY3+UD1Ez*0$I0YD@Poj1W>{
zQBpeB{XV3S;aq@eMA=l1cUc=3F<xb2W@KPo+{9Q043Q!OAvR8JHbxf4CUa3n7FMvF
zfigmjiA9V><j2A6?e*osUY}LXW&IYaRr4zpG#JPNV?>q@BrUvlzcc6Frh+*=SN#q1
zt}4ywlD=Xf2{%K8iG@dwiy@eylp%@1nZeP38>Ew;g$0-a+6?$X9AQSr|17Kq%s|RO
z9wea5B4HrbAmW-9<ovKMLU8{zzj?}`9M)D!St|@;KnmnpLJfiq0vGr%@NM(XC@Cqh
z($`Ne%F)Y(rFp&N{9OHl>`aiTenC-wN@;RQu|6>Q0P_Mci38I&FmVIZbUZN480Z3#
zfvFx)sX+o82QWNXS=kvGSwakg3<6+$1Ew|?s72-F<=8ArEh55(66CZA%;wBZOpFYs
z98UiY&Yb&R#<Nx+Bf?bE&8SSh=Dm=kx|6ims@z5kk4WLr&o3iPmWgpUt%_aSbgQA+
zk*$A=>?h`(pQU1@KL$+rxjD4ONkc|q@1}KuB1aFbnLbrfX2Na$KjrhL7EkOrwRdmO
zPSyb4`{DBzB);W+nyY%#fnVI=#JR;@hkV!15|ZTz>EC;N&rWSyPi=XlKUs>I{<BZi
zIhp)1V-xT0S8zD6d6sIa`q`7ri@(KQd~Oy}wKHJrWuc4g`*)Yzza!V*aP_Uk7kv@2
zZ2fy_JsXst9&fqv_SHe-rnO<-61pEVrm~+s|Dou^y4`o%T4(4e`WS0};P?8F(Y|$3
zs8Q*{tfnlR#j1i!-mbmQvhMT^hsXsj7pM9pO;nO9k?pZ{=W|*1WW#I|(~ZBj1+UO)
ze6xhL@Wk95yIx4Uq&;yD;p+>l-#lMz#-_Fl8Fmwtx9Z3B2ekGc>urj6T=+$g_rc6d
zIi*jwWo}h$`^A3o+auqLx7O;E2g|7%nIF#yDw^81;iG9{mgLt>){OyS%ZzmYE$aN~
z)TS;Gy0Ga~)a)MyGeSg`xldEoKcV)-af(z7ll{|ak6WW{?Cf{Dixq`FQdQb`v-&wR
zo7Up*aueJRGw@!M?0n2;s-DDLD7x(Z1@#3BBFz(iSWMaRprYW%E}ypcDc>HfV{(0$
WdT86?x=gWB_DQq9F545?9035V8Amh#

literal 0
HcmV?d00001

diff --git a/efi/MS_Win_db.esl b/efi/MS_Win_db.esl
new file mode 100644
index 0000000000000000000000000000000000000000..58cb0a1b24a15865edaf7cb6f3bf4d253c9fbcad
GIT binary patch
literal 1543
zcmZ1&d0^?2Da*aux2_hA(f&}x&c*-+uUQ!w_RjiM9?5LvyEj4O%k%yUZ-XY*>jq8C
z`xh`XF)}f6C9;==fz@&t@Un4gwRyCC=VfH%W@RvF>@egu;ACSCWnmL$3Jo?CHV_1H
zIE1;v6N@u4^U_Q5^9%(H_&|c}!t6n*DY^N1DTZ<eG9VEyVNu`A<f8oI{In7U=lr6A
z{G!B?OrQ=U0|Ssev#=&YJ}5sQs3^6lBr`2DIk6;F!LhU?BfluKq*B4iz|g=zPMp`!
z(9pop($K=h(8MT8oY%+<!ZihP4H{c$;#55Y9f(s^5l#)y%uC5HFIEUB%1<dx2Kh)K
zz}XSxOhbbvMkVAxWMpMvZerwT0E%-lH8C<W+~wK5=!qWZ<L5`ePs`lHptv{F*!cZg
zmeU~(@7S7mA600%`TbJ&XNwK1m#o#TNvdT1|Jci(#Z;l-@sa1*59S;&D}C8zc(=FU
z=^gW}C2rF+qT3Ucb@tzJUz+|sP<>v}YxZR)cgk4@o7OzN{6>9eyUf3xCzUz#SGY|)
zm^aPF@$%`#_OVP^zHc(+RW)MF{{M9r<(l$9a?APqhlCy-idKK8USZH3t;LzG)ES&0
zrgI=eHh9+?&(Cucds;I%i(O)C7lmlwt^6)}-ZVBxMmy%*o;k|h`FUH_Zkh=n_P?gS
zZl{s8<0PGj$Iq6(SQX;;J%*d5J#~w-#EMN1awW^(M5+ApU}j=wWMEv}#OMqR5qkpx
zHco9eMi#~<b5TYXU}9u2kOhXeEFX&)i^xh%Cd)ptBhxF+PWU;`f7ZjA(DlIvl5h<o
zOe{QdTnxbsr3^_7&J2zQ+#sF&EFfdr4ERADVMfOPEUX61K*~TKB%sV9VIbBZa`ju-
z>HZgsVv;g0+D@4eef``li6aJKAO-R){sz7V-U~bzxVO1xl#~=$>FXyK<>=+YlCfTL
zey)B&b|y$vzW@^d#rnXc0ZhKY#0yNb@u1YIYhb2pWUL2NWDv#10rVm(D?1}2i=Tmy
zfftN#z|>|3wW7Sd9Gexu%z)4A66Ayi%&p8#zyK8aQ&SkYwDM5iruUY1du)RE^R(>+
zgp2>J$hhFK%*3~A8mrnnL$?WumDm1T=(%QpIq+0t$1U0ZuG^f~rH=b>nWbg*ypg`n
zGGT>;_>$Q>A2}GAl^r=4b!`6=mIJTEF0VP9@jhwI-H@CBgNS9XYyM4H?$`I_O-);I
z_@N-hVw0%Pi@U;3u-szjeEXyO@wqQ`ed|7a<L=`4ZGTd>s6Ked>wU=&9@`qGZfJb^
zY0X)&CG%}pY@B__>B5AT_z>Cuov(Jux=+a8Q0(V8-(i0I(}h}_1Sb}EDQbK;cdyto
z-fneF!khcd0xK?azWnlSTI;s@z>YL`$=*d9glrqNGFZ!ZPxMKu-gc1v_^zsU6J|c|
zq^g-OPyIRPWqwk3NqCLSKifMy_@jPZJF=OnmC5SW=9_s>G8N75HD3HyD#@CDd2)E1
zrnKdWce)SHK5;FMzHsSW)oL-xCbx(SadR6tr?1a3{j}$)y~-ogMO>w9-z36jUa8Qz
z$SVE%LI>mARRSMb@9(P9N#4#jTUqhQ&x)K!5#nrS+7pGC&n&t5Nq5)JDRUj(O1OSJ
z*A<g(x0?BKfrJ)U)`NKWi&vAmj6SWuZYHl)5cSk4lB3W&d{<p_;|E2XFER&@?wl~0
zufuh6+slm#GxyCneRS%Q*raO<k~tLimI{>D+J1K3Ie+^6)8P&I#w%IQmoG_@iL3(v
D6(vW!

literal 0
HcmV?d00001

diff --git a/efi/MS_db.esl b/efi/MS_db.esl
new file mode 100644
index 0000000000000000000000000000000000000000..0534fc0263c054d3eed88f5b387d745c87766168
GIT binary patch
literal 3143
zcmcJQc{tQ-8^>p#vCA@%ZIH-Vo*Bkc$rj2UW2YLT8Dz#R4JFJ}qo`1*XtCuu6-nu2
zJC>BxN#w|Bm*uqCiYRsR{wAkW*Ll0nb>8cG`~CA=-}~9_=l*@4=Tj8ad~zt~2iLTk
z)5@X52{sl3`}Dm;!(fg1v-}_=*`slT!PL{t1UDc=_W>cYsSt^PBM_1_>=yq|V{t$R
zBVj07Et-*m!==zLAlOZk0umUc9}1(0@be`pf(2rMQ<My#ap;V=O<ZOiNgl|GgIGnZ
zPvpkU%(#stO`tB0NGd9OFe2DY4l{~NaAdMsOg4?nfM$>Z5ceY$mwxH@VKSjXk!&s_
ziV;EMMiT6KTso7@;3g8tfCPZ%LKzZ?1W48-D|3=LIe4KA*<xN&#1aU0ewS2DfYE%a
zdS6lvV8m@?@;L-=Hgh8{LVO~Ex1+r{O%f2ob-pel91TMX;c_r2E{PDr;jo9&^~FOb
z5`#~#%;Yf|VA_ogGqdpu)D3Ft7-mQP6~fNDGq*D)t*TC!Rv0IRC!*&DU2Rbm0&B4C
zX-xmoW((f)bkf6ptl<ZiHC*RBgOIchx<*Y8TuyG9S*w4X{SsT&QLDM!my$HxGooLc
zrv9<ELsx=X?ws8cm$$;c=SGQb7$VwZgrTKp5Na{^hoiD&PQU7fTaQ~623kY($Mh3G
zMu?$AjLsh44S1twx`uDv$ePJxw7t9N5}Z|G+l#5hhlw-Fw<uw;>cr5_hNHR}%($8*
zcP$hzd)?8mtR*kEKVbBv{U-m}DXQm8s1zzK@`9sEd3FD0RsKlu;@Q<m1QHH|mk8mG
zP(^HkJVt_ufurC;OJz6;G9wIVK-JceMd49OKQ2XB@5i?tO1PQz?zmU}lO(^hzCiV_
z2}%f*w5BA?7si8y!yIAuKuSDQ4kcbj1mwg*5e}b2p#c(VfR;F*i&6pjRHfc&{~MXl
zibKQc-8MN{A$^_sDs8}DJU|QO1w4RT;hI7hkrSQEWi2x`jbO)`Z2oLxlL+Q!Q&tQ^
z95rRl|9_4tWDUr^ka;1`t{1!27+4sS%}k&{AQ*##j)+EM;c%2Ea0jlRH9&|~{<#I8
z&;QmI&}I0iwYgs#4Z5vJAyh!64@vQBPbRj;RgYV*Y*^tV7e};}SLA#wr+2L`Gxtc(
zLoXR4IcL!l@61`5IK@mg4;x&%r;(X{U!reOySt=CRP^2vwLVl<xyr)Qg4zK)vc;CR
zmf)*RL#XB#_?|PD>Eq#N9#UhyL15X-q>nj2c<!GXNfL1aT79%R=E0LC>HgPH_plP9
zZ!-ovr;_(qPE1Rs<KEkLXs}a!FTMOZqJPka6j>!0etqU9zVw7m`MH8thpw!h>!})Z
zdtTIOxMVS_IG*+=>`ts7E;6iMkj+WgHkjyq#Iat#@^t8ik;h2+@*aujQ`337E~c#A
z9p$3BueeIVMqo%s^Xs$S!?#^*!M4|JO*2Qzx`l5&^8EUTPFKqg<I;d6^^Z0WF3APY
z-f26J*o9d3;{4sXA%?c)BSH5xPZhnX=U~9PrE1pK#*Clb9CG4>blvXUdK#}PbPnuV
zcT8}8)7e<c>xN<5#RHULNgife#sA2!2}a#$wU=GH;m1zNzd}E*OE!x52~(h}-S#da
zb|7#e#)6owfc&NO?rY<^cR9!GMpc|%b*6{LtUQhEVW}8OM)$9G>F$k?B)>k}XQ5@t
z3LbU{!o|A<)Ftl_OlYr|Qg69Zn{`ljx6?t<^K*nFKOeqvCATyz{7zv6j?l=H=Wn-}
zbgDgZ=){eHRHoUFs9XHfaP^?%qQ7Cl?oSLXhT8we07f3dz}wFl!1c6!!T{=T#sY%u
z@A9@T2iDM~gD^n;^0t132?CYQU~eRN)7TILJZS8gNG>au77<Ahqhg*1z=CW^CXvbJ
zlutaEmu6xK1cL99GZ8GE&spc&Ir}*|uOa+f7@Wk#y0<$?M7v3sHm9Xvc+!q=>c)P2
z3U>6scByJkleFYjS0`HG6})j?&l_Uldyh2*_NiGbYN>zx-q3xltyCpF#XdbWXa}8K
zzt^Q>EWSb8D?dGHZk6r6Omg*-)s?)Ou?}}lSJmVpVZKHJ-$S~paayhi-_tNlJh|2?
z?9KbS`w58qb0d;!dA&O>sVY9d*u2ed+Y>DV{f^mj|8?rWC+8$LPpqm=v>v`!9iHLQ
zWW^ewFIMU>E5%v%1~S(5B#pM9d~r`bs|?d3a5QFwa?p!vVq%{(ZBu&4AL}a8QtCvT
zyy62DbWl1vof+fQcvz=5C2&hFZY=s-F}(LP47NZpU;~A}-gXEE=udq>_e%^RhQiyH
zn4ePkzOIvcmKvT#OSZ`oSgBtzL$RXCQKC`EI=Z*lixk(Zb2we?*Z&VQoT7XjpCkt^
zXu9KhT-Oh`e3?#kIS8F+h9B?+YYV*!Jw$H*6Eh&MLl%ep4VfGA^gKDl@SuDm$A-_O
zfXG1wKEV64hRCt%-;v`VclahhC^&~X@Jr{+7U>FkdLU(~GkJ@C(zt@XzJr?Usm%hb
z)j^7Wlg|Uq%kWadQ(+atd#O9@F_{-MUL$KK7lo<4^3Hm9-fyRafjXhFx^k`3mF6>t
za<$d7?#q4PAJ64v@4nvH=u?aKmU$d-ypT33GrU>vuASUMyK9{#uB{$t^A$93)Xc{A
zhFYS{8lo2YL$o%-tKeF)gZT#w%)*RJf?f0Zd_A82%?@PAbXfOO3+mQd@0uQkZfsLM
z_wfVG%+%gdl_^ste2nR%sJ&IX!|gkN8-3AYCamyxQ!#!;&&A%nHNl>!tbZulb=XMT
z-HbRP=Q=@8t2y9D<`qQ?qgRyZEhrtW=tEWB_{}b;aA$X}dw90aBCf_>8yDGCWkXd3
z=9F`@7k$f(1S6&B_-n^5)jd;N6*c5SmEG^3a{dJVaJ8t5zA{U<#&lh#_pW_c_X*eA
z7fqSS^dGq$%Nx4LsL>Y9V!NjYJi6~y81a2I^~jd(u|DivQPnF7En4+W^>Tr?e;L{M
zWAUDM4kCROzaruF;DWc{Fjc9{B~Q=v+L9sroJFAs+u^*yT_G!0+Sa?^*?t3hI_K_g
zdy2#umdt2oIbVj!+)>>#C`-`~N5(6cjd$r676w^vcx#n&sXu}Bw$5FYmNVU7iEtW=
VY`s{L%)s-o2MXSlH3aPl{0}Tmj_&{f

literal 0
HcmV?d00001

diff --git a/efi/PK.auth b/efi/PK.auth
new file mode 100644
index 0000000000000000000000000000000000000000..0258825dddfc323c3bccf1d3dee25ac4f463602f
GIT binary patch
literal 3399
zcmeH|`8U-2AIIl2GmMNS5wdSXW&4bwsVEaE8nR4@tdm^|Q)C%r+-xCZ&rQTFGM4I&
zlx6P7l1#QS+#5nEF=`Yc+3xf`o$u*~@AusM2lW2s^?sfA>-{|M_c_n=d`uzWQbGcd
z|E^I4e+&I2R>ZD7Htx@}O1*0sgLU*N2Pp_96adiTps3&$&qPbW2L^`%0uT@>xMg>u
zW#Y0ZfB;G;0{S3DKpUjMBuijW01A~lCVkrw%)J_2=RO_Yn$IChQ&^9`NqoNpAo&s~
zv^uCN2s;UfiO6~R2axng7gQ{cSg8<vyuwI6DrUjK7gg-=ppuNJfdOb}0D@T1&<J~4
zMij$u(b(_pzm=gt)qZ>c{|_(<R2%|Qpu$iJ6o3@!?@?;38c&TqIBDKCLYdrpN+h%-
z8gpY^XWh-XxSdjgDAhz+DYiTrefZgIyIl##_S~X{{8T7Gm2s3+bkjmsRwRfkab)}6
z?A&ryjXSqKwY=qgS(0Fi?blsYL+4KF_`WtVcV<|;?jzE3u0=W(opsd9z;;wOD#m`Q
zzgMHLKcd_v8P2mYIk08txZC>>rQ_}bdt9#<{i*geCnCOGw0u_DZqkSB7a8fc_2{{=
zyTfa?L`a-?dgAhk_iba-i>z6luS4-F86L~p1SS+?Hh)p&c*v0kF7ffx;EoXF*}&Yf
zwN)Lp3O|iW4)KwO?Xs*=SZ)l1B>Z5gozux68DRFBv^akuzsvKJm8-;bCJx5UDH+vP
zJ-bkcVDwYF<l%L_#2(Gb!pB{LT94pHIoVD9<42$OChqtnZYQoJpvS7cw5^_irR6DH
z8ZCfSr&*<<B$B6+O%`I2gLlqwwBO-a5GL}P_2q7Y%OH*M&?|5Upl>l0s<gElf2bed
z_LZLdIJ7t?F6?t4t|CuZmeu9{QW&*oBI;U-AUTW24ah8Q5Xn4Er|lwNE#qlQ=g?af
z*W8RkQ*AuiPO7%8+V=FB+KYx8LrS$(gt*3+Ya_E=iemtY(Y-Ddk|>BG8jQDSh9j}n
z+34i23U$6~3~zuKcnz%G%nIs`(uTqS2v9}<?LkGpCl$ru(r~GFE}wqe(>*|b(o?n?
z{Fc*V#?rC|mA@UU!(~C~%l~^o{M&#e0BphqKp4OLXgj{|`L+WfK^Md@`3RPV285Qe
z{e1(((-z(E3pxc`u#8*k6fAUiI<;c$yDz+c(Fq%*RC+c_oN9cvAS2SL(?reUHIuzd
zC|^_hPB^o3yvHxNIA~1NvupiU+Jd!fx%T;+3g*$&pi8=x8}eiJ>mK0>74h!!WphuO
z8dB0?rmeISPUvsDYlOgiZ*sgm_1Y{I!U9Y|?%eDLn-5obuOI_9ycJ74YjmKcV>9cp
zZG@rk^MVS2R-XR#G36$;bM(v+wJBe8rTFlqu+jV!iaPrT7<10`!{oA$9l^r!#X*=y
z<OR?9I*Te?b0oE(R#9N@XbbK6=q2XS*qO;>8Vhw5H|6ZQB5`oboAU`AYWr7G)FPG}
zhTPe$J2>yQ+c%NNe5gAsG*OR_iVYn2eg03G5z+M(^2AhY3zdDZmTP8HSyqz1?aZV5
zglFpgGr&UMhWXr}hHdnrhDOqfkw*OV$1C_Y618it(<ALA<}PHFmQnt$)Z1UH2ga7{
zui4rfwO}^;DCt+d<yHUTtx7M>le006Ry6zpQ{@Cj{3dzDXfC0tKAqJjH{?*UNu=su
zP~;Y@nX@43SCSf%)?{`rTAyjJ$frg*mZGaRE~(NXm*Z>NP=?a4PK`Uq7j-~$7_250
zMu~AAUZiTE0<jTem+*eMk+FZq=4paVB}Y=oYuE@)f%@~K$D5z6;DLV`VgEl>e+=dy
zLYAL#a0(O>pTst>DoAX5>c75DDB5=nRhVp@E0S+aEW_|Bv2?b0Mt;3~rQF3FM=kC{
z4U_ua2%ODP!R3xQ%+Rz>ZAkV2`IV}CO<XyU{F|?X^fi^geB4r4GQ<^x3$Dh%eAolN
z>1QDCGLla!SLYr+&h|2+CwXH?&E5LjRpynE`z?kZ_=kRc_u?e1u1O%uH}_J4o-VQ%
zDkF)Tk=yUub5Jd)BG*-8f|VRKO<U4B#2ghWF74RJw+B-0?TYa0_7@}UsKT8OVD~z7
z6!-JQ4lp}0MJ@u{ii$aXnRJ=JBHim`Q)h<g3+27!T6%D)-?Mums+^eLc_kzWQNsDA
z6Ez_7nN;gEruu|4E$)L0>dnyoZ8}+R@Gm;k7B?&vevLJ03@}7krZ9%Z)6PT>s*P9b
zv74JuQ`B!h28TQH8uTSm<8PZUuc|&k4n6s#+KgS)ouF^vU~K^yuo^AQ>(y9L_Lkz_
z=iDhd2s!NXR!_}0m2FyQJF6&ke9=+LzRb?R*yHd%vxuz73OS^MthE`C3UB>9BKy20
z^XZxClsD%;=w5dpKu(e8<sG6HdedcR9B0E%rw^DLoE#J{T+J|EYP4_i=|PaLOvCA4
z`WhvspWQ28Oya!NObYXU&f}6fqsn2GON^MMht`$Eh~l-r8~qalUNH;CpQB~k(ra!x
zGjG4iDL<A}N89eI{gLGIo%^Qzs_H%hMljz?FkB#i5&OoJeq#J5#(!e`Kb-%G@t+v~
HCyf6MjU4~u

literal 0
HcmV?d00001

diff --git a/efi/PK.cer b/efi/PK.cer
new file mode 100644
index 0000000000000000000000000000000000000000..8e3fe67cd0f623ea71106c75ec11537c9c74258b
GIT binary patch
literal 1327
zcmXqLV%0WiVisP&%*4pVB;qBu)Wl$FclFk|7iEX1Ur7{eI=$0?myJ`a&7<u*FC!y2
zD}#Zmp|XJ@8*?ZNGmlhqMrM&-QL%!no2No>YI12&s)AE~eu+YWw}G5EuaS{~iIIVU
zxq*qPd6YP>F_3F$4&@SSOcRq5vI7`d8JL@x_!$hEn7Ejlm>3ym>6^*zUUR>z&hD}E
zk=sp=1;Tj>7gQV1`K$9c)_VTYrWNdq)KooX4<5R+?TeFWz=A9OxnEtSpA`lx?sGpq
zcb=<+1W(Q@K{rv0$y1jrsw`Xh@!-=dKfVbb;Iq>Gs$@9zu}<0}8|TP<u8%GxZkf_w
z88J6IOs~)U*xKE)bsx8HSf{UlTmF=A**jkwTTYGpv2P0G{Nh;6VrI_0u5^4#MdMN4
z<*&s89;eo%S60RfxaZzmdFzjVB11iYZ`=3VDNC*GOHRMm`E{*Pp)dZscJKivW2a9g
z3VsD{yIv*kJf457fIB;D>b*a|b(B`5t31AvxI@MNyM$cn)Y^STT$`>Py>en-k&&^5
z&B4eYHP5G|OGvFUKGAly{=J;(`ZXtux3cfMIPsJ;%hvOW=hPn0+IfmieFux_l*xN8
z-giH9zD;s}y@tbr%yXVc7aiFiY`%J$O!=J|3~PHlyHo``o^{xKuH(MCEa{5&bBEIm
z2e|uv8qNksUtPU#TXL2pqrU64LOFr8-i{Z&kNny)b!XxHDfOjavK&@S<B~XiD()_q
zs@a38{!X@<N$*}|PFS>yXF}AL)tWWki{Gh<P1$l-_D`&7VV7^hr3gj;!`gvcUal`O
z`FBlj{hHwV-FN@oetk;z9%IqIvwt}X+SpVRjqV>*E8{j_JK3<~m(13*Kl@S`6SMja
z*8iWBbGAyGiJ6gsadEIgpn)tfP0I4Ih_Q$~kN&vC?Cj;5L+2L%&VPF4pwnq}9|L)i
zv@(l?fmj1}1^gfd!i<dnSy&C2ffRDG1EzamvSVb(Ddsbt&VE`&g<*A{=$l;(3I2w=
zS`0hQXMA_~c7knITtxU!pES#|?O!9zbL19fSMg7@?w-+C8F9i!$@S5JOPU<h)x?&S
z9XN6STzdZeoO`?pr~WSN`Ro(3Tsv=`jC1wGoO0c!Inwt6|HhZetZ0mrUi|*ho?V?i
zwJ$uin?v-4R+_SVr~JQ?oS=8aL#8y--r&{y*Kd8_w!VAFaM}0WPY>_YcP<}1_J5L#
ze}zffnHeis55Lo&c~5?iQtp-sx0Rly8Lr~L^_a`_(=*kHulF0&=El5z{5>@w*fs2?
z9dmqTal)squ4^3jR!*F;UY6D3&cW4Z?vx*JuY38pWA$m(Zii=)F+T<EIG^M-UzvFH
zS5ehh^H-(Z8fSH{eu~vfYkPNKo9=6l2iv`?>as3x{&ZdZHt*k`H4mO0J~;8xhV`$U
zd{-@A&?}U*V`K11<%=&FKVSIg{Qjznf3@ST-9;g{cYDA1(CU4pXyU2&C*phV8n0yd
zy}EDt^F=8c>gSj*313_%aJcHT)9W4Wv-Q6J&bTEYcQdbMvhi-u)!w%D^3Af||7(7l
zzHi>Mz4!DHscS(i{wGe<FP42Z<B#)c2IbcFUG0CwHNN^J9bGYfVpZ58!!`fP6}K=n
zG_E_MY9jV9{C;HP++$2r_MP6Nuy29&G;f|Ymsha=s|{#=^L_U|tCzmVo5fdM5#~s~
GWeNa(5MN~g

literal 0
HcmV?d00001

diff --git a/efi/PK.crt b/efi/PK.crt
new file mode 100644
index 00000000..831e0d5f
--- /dev/null
+++ b/efi/PK.crt
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFKzCCAxOgAwIBAgIUShalNDCVi3u1Xuh2w5fUYRaCy7kwDQYJKoZIhvcNAQEL
+BQAwJTEjMCEGA1UEAwwaY2hpci5ycyBFRkkgU2VjdXJlIEJvb3QgUEswHhcNMjIw
+NDIwMDcwNDU3WhcNMzIwNDE3MDcwNDU3WjAlMSMwIQYDVQQDDBpjaGlyLnJzIEVG
+SSBTZWN1cmUgQm9vdCBQSzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+AJovNh67rN+Kfj7jQ8TbguMQVwxxoHsznP0s/V07n8WCqAeiJiVJHcHC3Lb0QhVQ
+oNRPbfVFG+ZxUyG+R8udnkUYGAxs6hFGFTiTlachJKah8cHl1Pj2EcAOOi31IjGV
+4yxm4jxDWb5F4tBhtJSPeVida1YujjfGrbsdfvG3sK4vL9sfyhN27k08PQko313s
+cB5OXgU2XJmd1yLHlHiBxQ2n6xZQ42V8Z3l5XRBHbd6p2vxPYQB/D42G99tkpTs/
+dMvrLPrWgSCOX/crU8ACM0LydCBOcEa66mG5x2/GcAtrapXe/PssIqhnJOPUYbgk
+T/cYHnWVfb5yCrLWxdTIvnIyMzg8wVn4fOeWZxgaqjPIhtV/7x41r6zJc7UHvtGR
+yhsEtc9hzibjmrnKBie4BDWUk7zR30fMz4YZv38oQKBpzknFosS3Uzerlhx33JgA
+rYxJiiURiOaIPPN+C9WmYtQr50DLAMALj0yAzVNb1au+tmNqGQEvRdZxHhCtS0HR
+S8T6tJW5cZ+Uf3X0akColgoYy8pe3QolNuB6j4kGfJLu6mmQoroMkFq0qyl8i6Pu
+JhaUtMMd/F01cYpNYNJYIU/DK1G06a90NP7WHq+sU3+73fzb68od3gFyvs39CHCG
+BiVhMt/BJnYLN62TMYj6HLVm/L5kAWFqjzCv/5JszXorAgMBAAGjUzBRMB0GA1Ud
+DgQWBBTnW/GkNs3TfMLOo/tv5dTBQssnTDAfBgNVHSMEGDAWgBTnW/GkNs3TfMLO
+o/tv5dTBQssnTDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBs
+cw4zlwfLJCQAq44V7LoAYE8xuoQxiTeY90D2yAaaXlhX+UxmOXa39Vg3bB6ia3oP
+kTuLmI55WMg8IkXiwNIpCJcmFqZ2wMjfzmdvn2zeDWDK/aGM80xcpytunhxDe5Fs
+dy2CnBveUf1fdhyogV4bo+/CvLqJjH3oSSuDVC8SqTUHS2T/1GNgLsRIHHVpPzDq
+7+vtTe2F7uEA003u+UhLy9zTwcb/kkRPeDRmzJioBcPuL5neH7wibbSQ2yLmZjGq
+D9rjCjXy5iWR678wfW1c7eP3ZVBTRVbZPgNfeXNg8rVFrEC9eZGYrx0FONzBq8zc
+d8BHfunjiKvLJYtA5llc+RE+CeRug9SRxfpyevU36nULKM0t1fJdKmaG7sC2LesI
+4LdLen5q07Py1xfbDf35fODmw8GR0rCv6kJNqqOgjRJiuLFTySPR6QHz0P5D79Uk
+T3tBurtyVNu7S+jwhUvEcpHK78hfjN0zqQD7q46n56JkaCfOA9IT0a4Qw3rzQuu4
+h5su9/to2hAe2W58kzO7SatLPT8fgx1L/3z5Ne+DvLeNy8Qa1lKo/2GRL3Md6pj8
+Q8sAI4WHuof8Fyj1TGLFqJeRelaiMaz+dyG0AICBrsQlNBbhV99ZgZ3GApS+y7wg
+vqA7lksMrNOoB/59UIPs97u+OulNx4MXqtQTCGPaNQ==
+-----END CERTIFICATE-----
diff --git a/efi/PK.esl b/efi/PK.esl
new file mode 100644
index 0000000000000000000000000000000000000000..7412f975adb19950db707025f45f226f22b60330
GIT binary patch
literal 1371
zcmZ1&d0^?2Da*aux2_hA(f&{r&B_1<_CQ)O?zTb2fj5Htq8V-^UbrV`(8Q{3(8Mgf
zfSHMriAlsuY^jOC)b8r7aWBdaPrs5V)^vKO0WTY;R+~rLcV0$DZdL{ZRYPS1MK<P8
z7G@r)<c!QBy`o|TS2s_E;MC;OqErQ^{QMGy0B-|1ab6=M0}~?y19JltQ}ZZsUSlBF
z&>YGo)|e(HC1eLMvNA9?G4V4PG%;~8H8C+V%+fcL+r8#~SDoEs=Oee99t(u?6fUSX
zp7U4dZ>;tFqfIN=7pbXw${sv)XWJJi(SQY4{Bys$N<S+MR@~=)dhR?|2??H@SAuS$
z7L%tgS5#TH@Z-U!SAKjGJiuqA`&G$s>SLX>M>fup`&=JgNZc}|zcONOc9>qD`LVUT
zW$Qj}->^<!|F--o;j(wWHnyA^_ha7_$oa*wn#IhVdtK@Hl#0fqyvtvU1w2lzNw2Jo
z6>!hJxAN8>|3rp*{@%9lw^No{+n1bvt@G<zqe5T&ckSQ<OvX;1N)-GG+;+W6+<83z
zSOIr-*3^4{e(NZ$NLP7$C2@y}|91(w(y6ukinumiJ9_2Bz9J)I3!8(HKWd&&OP7#Z
zWqhLTYW;gT)Aegk7H?(WcX8q=X_l?$6VItVp0)E7oB9qG(<zhpT)gjo=6svv{(23E
z1)1kOk1jg0J=lEpG@0@{GZ@zPcy_4@c0B8_`CP|+by?CC?dJ}s84hsw`!t*lj=s8j
z-?ro|Nk)CwYlU(GYrP#WdLQ|<W$Mnt`BUmkzhpVAn8qb>`c&LqE>*J!RsEf8HIv@G
z%ABxh7te&KEvq$ax);Aw6PvQ-u<V~$)50#_gi8^M{)e>#x4c|mV)E~r-1;@a^}Fx>
zx&8W->^;V!eP{o26tuCaCK}y8s8+^pzIL)<$1j<!X@B;mFeYa88?667Dd%jJHWM==
z1LNXggFpjWV49TWV-aH!c^>_7iP_o9HHXeE{+<8y%0Z{o>OKbYAZcY52?MbP><ain
z3WOOM|Ff_fFas&%WCu+5z+}hBkW<WOJe~ctiVDN(KG8S37!v#qceNOHn$P&|@a+WK
zthk8qpFU}pW!t|-nCHkX%C6#{Xx%-duQK9<jgsr51D7;8rmKl9D?4!F{<-x0`8oG^
z6HfhI*z?&ZX1R9WJQ?Tei8<xEO>?C01^$gMlUdOiC%yRnp*_1gdum^JYBz`I3#~L|
z_fGkLB{@Owh=)vRroF+d_pjgjzHNQ?km0iLyPqE3r|(=oc<lcq7yk;Av@<hSupWM=
zKl7ga9;MtZ6K*R#OEX->f9o-q>8EF^6JPH)sLhRe`}limK(K4rO*`iJ%Ho7iTV2;U
z?5&(QW4$b^#hrtz&)g|L;9mFgamVV@s@)FHB4d6E+HpR~YrZn^=&z!xuja2xxi!w}
zUi}oSmDcv|z&73291pg8SJh=*-u&sh_-)?5KWiR5JA82Br48#}Ir*+yyr5SoX~)Lk
zlgbxgGJd}B&-wjT75{3-UAv1yZtwPf@uAiGNYTVo?@z?{+%;aw@OyRN^5=_EGSts8
zUlP8!PT+9WXQ$UY+Gp#1|DAD5K<;K<&1B=<o~ylW?d6+gz5mzzG=1N^XM6AIBU0Cb
zR{T$#s9!AmYQ`Vu(+tY3?Yr9lh--ZHNjkb>`oyZRMTTqsl`C#xXlPt_MAby>Vfg*X
v#<|CsrtCYtM`7Or>uKIRYc8)~|5qE({O0@aeO51hk2j02x+2Vxe9II7A_8!e

literal 0
HcmV?d00001

diff --git a/efi/add_MS_db.auth b/efi/add_MS_db.auth
new file mode 100644
index 0000000000000000000000000000000000000000..dd557aafb29c76acdb8ceff49d9aaac25ac78c56
GIT binary patch
literal 5174
zcmcJScT`j9y2eu>bfpQ>LX!?Vp^5Y^ReJ9bOlS!u0)mtPK`8=CQ4m2Xq7>;0O0|In
zK?H0gNRcW{x`mU-c*Z+3_pG^V-IIUzdcXR9JI{W8?*{_?&)+C5C5Egp7rwY@Jc?a3
zO1Z9ZO4$x`4It6pgMh&(7J!L{&VzgujDf-+U^ob1prMl_A0=-xfoZ|TBsdBn!DRpv
zl%p650Yf0{^vqGdFb2&SbzzOv^t{>ZV!`cf>Jq=t0W(mRID`@bglM3)FeoFBHx?Hn
z8xo4tH!wn4W4wtW7^Ds!ABHs1Hv#w$Frm?a0vZ660R_dwP6wFeDIrSv_wXODLxKqX
zngZn%P!fa%1dt%~5E29oS}5oz$yB*@iPW7Sg_rju6EoI}od(|0TGnuzO4lE}Zcc1_
z*pgQs`1*058XI_X*qD6I)>wmkx|Y}aY!cM87R>q0v9)I;py$J5T`s=QWv3hB#955S
zx~sxt-(62djPsOqI~V(3Dbp%^+INb$Y&n>#uu6)_bzM(#99v9GsrJ7-brn5OS^Bzp
z07`cyTJy~0su)U*+Xt%?_~N{AQR%0HQI9z?8Q=50|Jtj0Cq$(B-Up<M-Ey}=zf$T9
zgRzzf=-8I0F87l!`QfG_i>XDGW|%t{V@}MN?reUzj_QL9=N`fIavdLb=ih*?N}qCg
z9#+d-V_0BTI&>-YfL@fzQ9eSW&PB6z_QYhio5Z6WH&A@iEwv-3(%(48trRcmZe=kH
z?}s$5-X>_-tEDDd1<#yHpS00b8e~&pZ1NTn`mNVBnm?(-KiFVsr^blk(Mv-CS@g09
zS@UrItJC5p?9T~$s#&V7%xNDHgjZ^>7GJ-A;q`568XV<2U-Gf4-U)bXEpcI+D}i38
z+PqxmtLD2pPEI3!GaaIv?yGhV28~35)m(mD0LXp%Y^-|@OS95h@%NomJ_gol1;w9w
z7&{JDfJj0OEm;zGY{YAF&c74Bz1ltcYQM!$scmt9;b2a@Xy^=|mTU7;46TZ#EiUDe
zmc2iH`>o5bT2;-IcF(&*pkNTV#2T;!_$aF6V}^0U*qa+A9y#0;IitTaa0Jycyzhq2
zG&dkX?G}b{0i1DvKY)cgfDH`Zg~0(R<?*ZRD9WeE4h$;mid!-?Sh*ouq#XK&*)P&u
zzWr^(n;nw<4C19tne@<vWJ7@B{;jncm6jt0Y49X|Sw6trt3L~D3j2x+%?4|hnF};c
ze&u{<s#9(D;PZv^RoXm{-+kozbk+$ItK?-Ch`Q=sBCIxQ7?&=NH`lIsXdyV)`bIGg
zQOcA^c2&HDZAPMYO04y(8&k4E^b8}LnzTOdQ;t<Dmt1j`$uY%N&b%~h^wiMD<{c;`
zw@uNED5gBs9uSCXbS755&F8KnB>LPvxpwgM?g2-!fv3xO_R+d=-={n!-f9BZl+lg0
zAQfq;9k!U$Z4Xy5Lq_wHi!#CrHzdA+w$Gs++#F6IFK+1@pXlrHY|r_4P#Ebl-8+)w
zq>SNZX+QL!D&hF3ONF<=EoIYei!nzFN1u`NN5AJ0hLF4L`K*vgM)7?0JAsAM%&fJp
zIkzAV7u2d7KC0mSdY`smO1b^5Qt;wYKa8}yHtxlR`THf0Qj*t*w(Ai_X|E<Yg19F-
z-v%<$8!@Er0*UTLhAcpBURMxY=h}7kSvGE?v-W6X59jkuZ=_C%)U>Pm3E$3J+I=dx
za5t#RX6|!?cUahf-;-puK>VuF%$jDSRD~{volXAQ<%8Ghh`8t|kD?ff?!5kOac2Vi
zyj1a#mB?UT|H5NM7?qhxA=u@TQ;Zz2mj?&1BKSfS34)_o4~F8dfW|-du>ajyfA!{H
ze3oKzFcJi0b9{a%?WJ2jkNuVXoqh5X&q?-mmba2#7kh5bNw#J@cJvlOb=x)RNGv|d
zm9UzR_!8{#Uc=?goS*=|I;&ej>hX5-!^F=K&+SqWHszbHdh;xt*O|JnSs^$p%f?kD
zl%r?+zjV-vR7&2<mfC^GW4+i6kE)7Bmr8NN){Qvzal97qyBANZCU9Jlki*BEd0F9e
zm7yfh>DCZ`jdgDKxu}oY0_~M?b6YLL(q-RoDSz3f^AUgt&)s{gmYuvpf2J>9U{)fe
zO$a;=U9b&BSn|597=uK^Sx53F>6TQqyV(y*HO6Xe@T#$%bR2*FN|-2yZdW#0FZ48u
zP?)vk&oaoay0{Uid*X3UlzCkRSGvB1T#?)};FbdugPkqgEf^WYwqBCw@>OqjBq{6t
zOxS1|!I!shQ7kRJi`dR|tmuP}uFg(-^SF2`ya!$v0mn|VNGHQf_3pi!KtFG<e8_#W
zQ(uz#D+swMJDZk1{2-5mCUTttdrQruAyT+UzO`)FF>roWI<o7{z!d)}@nko<8#bCe
z33d2Fq>#eUyDWws{_5fT{hqCKT241y(_1rZEw+J1`wc|E6Y?U~r@gLm9JH{SGC=DY
z?;S+H-udBa!oWQ_!*)W#dHSNo!3-r2T@l0F!nJMLr7h8>cBPXQH^ahwZ>UaUjNRP^
zDqh!KaqKLc%)Vxv+*HZoBDEYsOS6anc{m8vmcJA32t}K<d5Et~XGEA#NIpU#dB+~f
z={;#r*!>uc_>+qP@uyJ?038+JG;9!CYZM!>pBf<8=<Pj2vACe)VfY}_K7g6pNXtfR
zh4Bf*2l=4*0bXhgJsXD^&N~DjiuVme>f%EP_z=%99AyTD^VEJQo5UaeR@7QR7ZVbO
z^Tm04hGCG}#4s#A1Q!;GL<1;*S|XrOC;+8`I;?<FKvPNtw9;OvNDYDb#Q#dFvVinn
zs-l0SYL5%@!H0(;Ekf`<L~rVekQTby)HEqI68Ntb2$))dfGHIS7!3N2@y^vrS-Oeo
z2b;OLyCA_foV@%}HSCE^+#*fFod?Lo*PAa=KOe5GEUlJ__KJk>P8e&#6p@69`_uko
zmpYY*vni<G(g{=Vl$*i~a>bpKJ%pt@-Wir1-?S9F95PQ^-rK^jYONSOHMk(wlFa+P
zrB|2^Uty5d6_l%{J@}+V(-q=pwty256?akE{ie%7pFPIi_<XdRb-deIY*8!%NOhK^
z^A|c}?ZGMCiRH6yT`>Aw=$V#;r3=+_J$2Pa>bJ;Ej^~Q50lZQ!eRnSjr{aT}4!u@l
zyLW6@tfmF6s(nuS!=q>6GdFC^H(eND$(Tl6u8R7xK<@AbCy||_&^-c^z`B$-q6zGy
zp_8Hk!@wkE4ls;TR)T)v@^uM_%303)c@fVtw=W;d{}63^(;DFZ_XKtbjFF!nWDO#M
zyg<4jZA!UHAu<b$x(pfk3!Z-k`p|~mlZ=_GE?(FH_3TXNk-mJc`+yyFx&Z7LU<Q~J
z8x<Rp^|4`Lgd=it-XQ_9fj?y|>x~bTBlzQ}t#X9D|36fYA`OasDdMGQ)}5+W89+$}
zEiX$M1US(kC`W|DX~AHaIbaGH|BL|$S>yLD!o$P=ZVSrC@SoNW`_tF@qvl}$8Xas|
z7TFzCzoepZSIvqgNJ?`bTj=)+Z2!@61+$b~_@PCVL8fQq@a|z*egC!2De>EH_%c%7
z(v2K^WJ<5(>zB5`GXl%3;5txR&@!%tRyuLN%jsdqB&>6ebFk_jcFC*iH=6(pz@dCT
z`g`^@^RsIU(d1D3ZY#l11*gv?DRw=uH?(x0wo)hh)?&`qEN?KRAiik!@`c1&-=1&x
z9-B}{VQS;2R;!+ImKLd3)D?8=^k*iz+wkq4nQP@U%*5A*nrjzn6}eAck*wdJ6`CR_
zzTEddRK;DR(#2z86uPfskZyKuBR8oz*7CHkA$R)KT2}RVNi014PL`=xRC5>Yqt=tj
z3Q%Sfuag&NAAjvLR_>K4wU6fguKw;ei_^~V{RT)9<j7pZ>!3-Tpz{0pfej)z{P^H`
zdp8Llm7YbJ56>p`L!J9y^qs8a<R%$7^t%<tHypniptyQ>N>gN9@hUx$W`oP_;>!r>
z0XWZm|7mdHjeRTd(bgDg?^`ql!h-j=BLc=94$vq`WwAn^mcCw<Y2D5))cVAwztWfD
z;;&H&9VBo`()*3M8x9P4)1y~!jwlI85}c-V91+1L_N_4q@ymj0YrI_#S~AZwpVmK5
zo~=V(Y`^g2K~AZw*Kn~n0@+5~7k*0pvwllaUeOc#IK2FI*z@pGFJ8x(KVv}acMOP7
zo`1yv%{~eSwtiv&F?jz624H^@77(BHU-4E|KxNNc(SLaBFPK2uP;QJqNDI#p3IohM
zL;NvegaA)(43dh9Jsto`Xk|1CjaE?n!Gpa}o*Dx2@&A>ar2vV&oQ3{AXItv^_MgI_
z3=v@ZNT1Hngt4?UIhKaVs0+678RLwl{dDdWLw#rmBmF~Teb3?toHDtC>r%yE%!~@O
z<1*D+Y`%TGJ5YGPlq)4xJH^E@0gJwqX4tzJd{^*TeoFMNo@ROmy8h778e-F8uPMJV
zcg!RypD!ZZjIp+DgJqC&@a~ROndM>E^)Ib&BOq^g7wCC%hZ1gcv&}YlMrlQT5D*vZ
z-C448<NX+u9n-n2S0AY|^`_n{)vV(%VH_*M-YZ{<P#$u?xeZ2t>VjD#rp;?5lf4n1
zcyA8Jxq7L{5k}ABDbC;As*__|$;XccJFp7DgoOH1mu!MTeHMxiCvp&resx#DLqB0~
zf&zmOfc4+rPJsdZM;{>kM;nBCS=;LJzZDy9ZTwkOna}*np(qw4A?_DuuvK^H(zTHY
zm(qrgp@N2lE~N0h{QqHwzOR+;hZu+b9mD3Ag>4b4M}+(;0GB;x*aDOrW%03MGqTD5
zi5V2FQzTB&H$~hOP4AI|3J=8}<nZ`O3JN)F04u=aXG|f7-ajM9f8613`Jsr=*#(~V
zZJuDP-iLKilrTV_5Q|=7)fUs?F}@KPfB2{)o9*XW2ZeG@2GR}JYSNpy1Z|p(M!r>O
z%jbixJS!HN+YPpfI^w*@w)z@N_6MC+c{zf-nQvLXhF{JJ%{u+Kt<9<hZoxEaf4SK6
z6Vp_n=xZ&O16n<OCC1%mH}hHf5H=ZYkM6cesT)ZNpuhSF;*J&c#ONq|RiZhNnt{~n
zY{(ZSiaqOvmTb5VOe@)(Y_Vt>WF4UGxDz(|jz1%A=o8nP96P7K+<V`&TH&cjiLXA*
zb;*;e?M%32R<Jp=&z>)bEZ5xmjhu8rTF_KpYMI4&8Jpa6&K6C);z#mRD-qpa`l)&Z
zR`cYQmSb_^K#r+bme9d4zBF}1X1(&s+5!c|x}9e03hDTTQh0Dr;qBHL9zEYlLmTF^
zcCigboEPfJ{aB4m;U+n^42z`nhv_7D?JH}tOk)>c1P~{iaZQ5c9om77akGIp)zabC
z{Gw>(M*&tLIpo?EMNdEO^?KEK3%hc(%=fEjwspv2T((z8kDUs(fD1P4<%YSUay^G8
zwX+YpKs2XvCz71iG&JuRa)#KBiwf1fj+%zjNS18!XBylCF%5H{nP65F^MVF*lrQy*
u6&E`ydu$!fzC9K}*lIN;CueVr)j;$YG2P82F*r^l?YV;W^1F@+4*vo#`T!vS

literal 0
HcmV?d00001

diff --git a/efi/mkkeys.sh b/efi/mkkeys.sh
new file mode 100755
index 00000000..2d30db4a
--- /dev/null
+++ b/efi/mkkeys.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+# Copyright (c) 2015 by Roderick W. Smith
+# Licensed under the terms of the GPL v3
+
+echo -n "Enter a Common Name to embed in the keys: "
+read NAME
+
+openssl req -new -x509 -newkey rsa:4096 -subj "/CN=$NAME PK/" -keyout PK.key \
+        -out PK.crt -days 3650 -nodes -sha256
+openssl req -new -x509 -newkey rsa:4096 -subj "/CN=$NAME KEK/" -keyout KEK.key \
+        -out KEK.crt -days 3650 -nodes -sha256
+openssl req -new -x509 -newkey rsa:4096 -subj "/CN=$NAME DB/" -keyout DB.key \
+        -out DB.crt -days 3650 -nodes -sha256
+openssl x509 -in PK.crt -out PK.cer -outform DER
+openssl x509 -in KEK.crt -out KEK.cer -outform DER
+openssl x509 -in DB.crt -out DB.cer -outform DER
+
+GUID=`python3 -c 'import uuid; print(str(uuid.uuid1()))'`
+echo $GUID > myGUID.txt
+
+cert-to-efi-sig-list -g $GUID PK.crt PK.esl
+cert-to-efi-sig-list -g $GUID KEK.crt KEK.esl
+cert-to-efi-sig-list -g $GUID DB.crt DB.esl
+rm -f noPK.esl
+touch noPK.esl
+
+sign-efi-sig-list -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \
+                  -k PK.key -c PK.crt PK PK.esl PK.auth
+sign-efi-sig-list -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \
+                  -k PK.key -c PK.crt PK noPK.esl noPK.auth
+sign-efi-sig-list -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \
+                  -k PK.key -c PK.crt KEK KEK.esl KEK.auth
+sign-efi-sig-list -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \
+                  -k KEK.key -c KEK.crt db DB.esl DB.auth
+
+chmod 0600 *.key
+
+echo ""
+echo ""
+echo "For use with KeyTool, copy the *.auth and *.esl files to a FAT USB"
+echo "flash drive or to your EFI System Partition (ESP)."
+echo "For use with most UEFIs' built-in key managers, copy the *.cer files;"
+echo "but some UEFIs require the *.auth files."
+echo ""
diff --git a/efi/myGUID.txt b/efi/myGUID.txt
new file mode 100644
index 00000000..7281d52d
--- /dev/null
+++ b/efi/myGUID.txt
@@ -0,0 +1 @@
+30db5e21-c078-11ec-be5b-00d861d0de1e
diff --git a/efi/noPK.auth b/efi/noPK.auth
new file mode 100644
index 0000000000000000000000000000000000000000..33dd13fba6d558b5f08cc9d9fd26bc5b30fc5007
GIT binary patch
literal 2028
zcma)+c{J4f8^>qH*akx>6vmK|vVF(Qm_mpULv%+{wwWv;>)5hH#%(MSQ?|Ov;1;3W
zZkB9gtjVA-+#8~r8<{CCk|oS<I_I9>>5t#<ocsLqdEV#qeBS5zobx`fS#jtd2~p60
zYf4<$LYCmgBenK30Sk7S53yJ9u6`8&Rh$I@gVC~pjF=>eb`tC-0)>D@L4cH)<YC%L
z+L{bl9L%7K8UR#L9e^q#&k%utA&@=x3iq)<{`G`<ua7ZZg&eX1mEH8+;-5EQDWL@l
zeE?7w6FCDFk>2kU5J=IdL?W$i?2tr1pJ<97(lRV83h7J$5Q;K}h5*(O0Pp}7hd-|<
zgAqzJ{vY{oZKx299~Th*L4*pC1p!nD3_^u~L3a#{5G^$`nMr0`tL{lESMIEI1S0`+
zcUyPc)1;(_S}9(pg|bua=$vZ!V!79u!Ep*%wN{>uAgVKM*~Ry)m6W7|dAn@(9=VlY
zp|1I$bgAP5XZ`Cg7Tj2GRRf*R)%AaGYITlj{r(lXE-xp}t@x6w{tbNZqZZYqrN-YL
z8yHNg^~=XBIGP@l)SmJD6plFMC2HhxyZ8@{=XsY?dSoj23eH@=#EWrpo^rM!(+?-M
zoXDVL*=*X{r0;zb^C&i7cXK=idBb~6hsc6pESIB@r^0QTdE}<&VZGr}mxA)Ax4!9W
zR9@8Na>&m#oz|2P(fL=H6xi?MJ)Ax!#SnAEwBy`*;#|Q+rTtZyKH6CFA_7-i^CGfd
zoH<PISBBQVBoAqE?=<y`9ef7G<=tu>p0OQxN!!<+tZl&v9J1>v>ux0Cs|!?Or;0$2
zvg|TZyV7UVO;?hn#vWYY=*(HLK`f~phpU4`_pxebgHO;tuz~e>1VZi+;rKA2d$TUT
zDWW7VIr>YGMP&g@iQVt@28J?v8=sRQmUwf47nobtES-D4uKG~o_3{NRg}k~h)h$n4
zM5ZHY#7*6)OXqamd~FnVXB<&mLriXYvo*=@SDgk^n1kCA;WRN6*>I*qD@F?c=oUJC
zQ>EU2i|Gp{2ju{@f}6pE@j4I@FbG^u1Wp60!c3~dp$gDFbM8yO8V!ynb`F()3;V$7
zuw)-}0Mx!;AAl+W3RnO4fb91Hc`#T26$M0u$B(fS=3W>(Feo?@jwuvpYife3Z|wcl
z3?ez9n}0@U;EUEQzV?aT@p3!6;oyHXrg7B`AB-rw6fa9Rxn6W5&aKZ>!}>jI<d8(6
zmcoM=R^QCf#juj#X&F-gc4^j%gGYr<=sgvy1bT3+9`&yB^yzKy7?sKtFXi&Z&erCP
ztScYwbW&Xmc0a_46MO|6ACi9eNtNh8bAY$V|Lpkr+QK`~sN=%MNdkLnw4+yW^Muo7
ztp7k!rD)fJ!R=|aR*jIl+)0gDe{_}X1Q&)|o<-65?ZA}~kI&pSKWCz~>uWO+@3=_P
za=mqpMOz%bs8&_<$W%x5z*H>DHff%lUd={bx0pTWv9Zfc@~_ZT4!viS62FS)MN4T9
z>WwXX9`>g#up0FE5^oy`@kv3WPnZ8toRrz#NPIin)j=Qmt(Ir$SXIu*-hJWO6XJ^l
z!}H*kS36dVW13D0$D3OyE|V>UkAGhybW`a4i+$c%Z!ix*->Pp^%$4~D92^oEksp36
z*A>5F$$ysii~icTfC)Lo>(Inom=?Qg!ZCBTR8@i?aRaxQ+S-`S?%qHCQ>B1RH;7c_
z6>V9uK?km-HK%PUYOgw6=&3BE$GeuHYj$GQ>p)ji9(SX#3h&O&oJ%S0h2$~Wtw<)r
zq<|n@Gg>LWbHzFJ(^?DDc;4}Os$vyKUczSrho(XTgy``VvK2V?FA?_tsrn<Be}Jrz
zaZoA*l$u|EGP5lgJA@7UHPYAG)O4<y$MZeD{1yjOYTFsBGPxM*a<{#jyVCaRLt$I0
zU<BV_qqB-j;M<M+85iURxk%K)pXPaUayJi~PiH)p4ti~Xab~9+LfCp&5$#(so6JvM
zNA6`~?+vCiLrIt!Smt$Dg&TRt1zA?^+A3eVVy2?s{pB@=pq!n4wn??kY@He8(^Q0i
zRuYlvVxXo?sc#$>U<;1Lq$L?9cP3t-Xvpc8qTD-Z4(pna$5^Daw7<h01H$=ZgK95S
zXhfWQH_zq7i>vE*$30(#y!^6vDH2|{`)I?ye8&54s4%5rkDG$?A%oS7uL%V+Ipkkl
zoDbSyxRtRZVJ~yC{)89$BPUwksZ&qH-OELZ^%C+Jr3<$Y+71*vbz&a&*NPXUnx8?h
z;m7oUI^`<LsIxbIZ!{ZJYJ6;U2k0}8v^YLmMVkyXm!!*&WNR2HqCI891<TLdbiIt@
z24%1ympnazou;T)=80OrdQ>RuzNQRGH{)`M<QSv3*dmw28csn*X;1gIxA*;({_ZQR
zXBlrc8GnBXIvY|6FYG7n-!d;m@dxwZa8@U7I~kHWRe>5XGHw8w*dK^`62PM@P0gd-
zOFFyQ*qqw+pnT?d){CW*qxTz(2+lLSjAhUh*qH%Z=t^Vg&+4$ZQ#SUvu8scy@&J<n

literal 0
HcmV?d00001

diff --git a/efi/noPK.esl b/efi/noPK.esl
new file mode 100644
index 00000000..e69de29b
diff --git a/efi/old_KEK.esl b/efi/old_KEK.esl
new file mode 100644
index 0000000000000000000000000000000000000000..9fa0826b79683e2a68363eb909c058fda6a5046b
GIT binary patch
literal 2388
zcmcIldo+~m8vo`-m@%UnA<9JV2k*>AG_^}pvf08&E}Ia8L1s)NCJxPz>#=h?U376T
zsgaaKk$Z@wW2v)ug*3<|C6`3(Z*ulItyXKD^UwL#x7NF!=Y5~|dA{fSJ-=VRTYd5C
z?8`QZl~)x#4Bl~-rJyg*5(a{5b3R45p{RDX-nug*CnIfv5HkvdsK<FIBm#+)^^xsK
z`f?Tpa8fe*3DyboI0Qlt0|7w>MGnYFp`6iDM5MD5g$NWR#u}omi_eijR%if^9ZDep
zd5Ke+D9vE{9cG96Q8ofKiAR>GXvgy9vX8L+d1N}9%VBeUcq}-A1}r4|C?fT{`{ezB
zEUq8f!H3J^lkI%C!Au?}#K)IOX0X{juu%y|p#U?g2^E-7s21)@II7vIX(};+;Q0Tg
zW__T$TJxsw*KE7TmQ1%KQvqC@5TWsPClMG3B}CvM*e{C|A`npXXl2TMk&AY@cGK9%
zqRX+}NKa|pZ#H6{{%|>d;_&!HZ1s@4FEv_0$zFa)?y|XJ)~~Iz1MxR<&i!R%wko4f
zX7E)#y5t&A>$m<O<&fid*)g{5g#Af!!lPy5!Q2&L{p6djM>9@AhqlVmt6yn-UdAl+
zHj}O@ywXfg<5U%Gu$w3opZ~P3@oB@u-qB`b@!7YVQ&AIX)2U-kHj8wHwQ@0)dox3x
z52KUEXMaGC6A=1g;)OWkwiPWI<G`a<D>e3Y&qZPSuBD6ePx#wkpJUQG_4IR>xNZgG
zWtmfRro`i|$cfipofnRFP5EXvT<7nM=O@MvF-k@+L`kzwDk4z`2vI0R*ux#M1q3M>
z11SU=A>5*fK*NZHzy`R}8|2aJ(4<34^sc-giyj87ee%mcov%f8-cIoXD*p~3A<@{4
zvXB!L4jqE%kR_0lMB>qsYZ3rnVh|CC6*LB*;035l9GYllu<kf%k3WMx7~`sNzi;0~
zP3JYVtr|fkz(aCC9qkO9fMcG0o?U`%Adkn{YHaMw4KX_WCzg$T*@ule!7Pc_n8RiJ
zh5Pc37{joDF%Cl)#w`q57^_||7=R)C0#hUSDDakA1Aiz6BaJ|y_X7rS_|pc+gx&v2
z6cG{ey+lmz|B!+AHR#~+MG4_%_Qog8lCqVN9s1iA^)uD5PxE@-k23sA-WF7bA4`Wy
z4U3MtkMXOjw*)yx5&Y%`{icxtb@L^vk+n6Cl3e|;eJ*V(g<hDx-&-HE9$DK`tHwQ_
zfZ6)lJ2jEgg$B##em6M~KOyWWv()084}P<pj(>VeT|APlUZIaovt7~EBSg(VjV|sv
zT8(MrPvX-v&o?gjvtvT=QN0a&UYIzZvcQWE9(bmVIW;4FY1hrXh|g<Oro#?&<|b$s
zB|g0L*)^t@6`+_ABbbgQigBqa+Y;l)haT0^#UjJ_tY3o++@p7YVw4Kn4At%qF!~{d
zk2%{LyvqlFs4PtCVXDZkAGsD?)F4dUXMV#N*Fs8Ue@-*HXK{OExM|>Zmrndt_O2<t
z)O0ILnm{$+*#g~-`4D&SGn8pR6HdE)W%H7Q<xc*9p}lO7&e2fD<SACvb^LrH=JB3J
zkrPRvz6j8zTg-fZvtg;4JPVxcLw1K`WB<_|qQMv4cy|v~VC8+KS-NqP@crlMQ9jlC
z{<CYv8YJ6}hG(|pf8F6?S}|-NeyiLYrQuYT!Qaq#&Qe`5VLzwhCC(HdU2ejyIqgk*
z#~&}KQ1dKUcPFvsjp|(GX)U&S?oh_36#khemV8yA8X0r?V+W}WdfNP<o<s-_Hpx@1
zJnQ|zqrAmspV<>?{QZmh-{`_N)T%C!;nmUlxwe<epiPd-;>WnVHxI&^fQ3hLW>psm
zCF_;j-z5jt(TyGRUgipf-@ps3r@)g0PYg`tcsr+`$WGQjIgnR*@C!>*ff=v>78I(<
z770uL$24;XN)$yvT#dzk9s6IoGq2f4-s5LJrpjjX8i-Jw6n5Z4&WpCnK72AWS~Mk=
zxzR4bc$&0dmlF2==udpo+N+$UE5|pV<bN_h@v~OV+zGu>=*+!lclF5gbG0oig6fxn
zeWFlvta%(FmWiBC+F!im?TfM)&s_!G>D_c(Gh<Bk;h_{O`;Z_*zeV@ppq;tQ3wzUb
z!X77{Xf3D=jXz<yw@4s57xCEiR_}u_4L_Z<B?hUxd+iyI0-8%LmR2FA*v-r?XwT0p
zTwD-E$=xwjw)A>QTW%W&FlayDQdQ~xAjn^wo@TD%RK*(V<$M&UUTtbqJZ#WYWP7%@
z#fjeN&*S7{k0^~3V&=GHuT}1J1opsALRJX071({8@V6aV`7L81G`!+S#L&X+fqYnk
zDeHmqYKIlR?(i2C6%shp>y@6@s0nv-Uc@e8b%MV6xv*d%pfIpYbk}o?=|#SKY*JGc
zz*@3vJpJlDPM$U>6?}U^+c3@0y1ldI!LZe-*jTqK!$bWaoqM!xI=URQ<kZe81$DJs
z<!2kw>iDs-b?vUxZ{`l7V{}i4WTY6}>XE59Y2(|JszgdY>l*h<aYtdKNke4ZHpuRv
ztywNMJ0f{w!#HnI`3{l2LC0e|-Z%w{slOR_rgItDyRljMCWX*Hc>T`w^{FFn4!Ty=
z^{qBV(*8v6kxeCDYCTdDoYKEHDT{U70}XG^G0TbC?fs5dHg#OeNhs^|&Wc{vl6iBr
nu7fPNtjF+bxFB%Z$D6=~>Aj@Pw+*nH$G7h^Y94kJX|DVMZT+`P

literal 0
HcmV?d00001

diff --git a/efi/old_PK.esl b/efi/old_PK.esl
new file mode 100644
index 0000000000000000000000000000000000000000..4b9c25040c2332f3425af1c901868c95c06afbeb
GIT binary patch
literal 640
zcmZ1&d0^?2Da*aux2_hA(f&}>z{CIsDL^{V<BnRq<U_AnlD~g6@7^3|(8LsA(8Ty_
z0W%XL6O+L0_-)@xc23#j!4X?2-thIG0WTY;R+~rLcV0$DZdL{ZF+&jpAvWev7G`1Y
zp#1z21;_N%yyQv)IdNV?BLg!7O9OKwQ$vd=ab6<?*E|YEpKq|ILa>KtfI@&b&}JoM
zD;QZBn41{+8GzzkOihf847)aWq;~K7y|{JCQTg+U{|q0l-#qhhBg60P&zIKBkDng<
zy6{9&&4YZ~A8*~?PwDz47iB2dVzo8I{`R%^TVMI^;+HPZ{Caz;JlC|Pk6Hgd<_xZJ
zF4%QQf7$MA!K_7ZALjpBYJOvW;kpcgx7r7eE1y=`Zy3*ZH+zZ9zkhaz^SAw6sNvfD
zV8^wb2n`wWk0N^xuUu6*weOLyHK)wW-us#xY(lQST^IXW_tnnYlq0MD?_X8_Z3~~$
z6psB<&p0`n-4sg}mNKw-x{qV=ao(7H40&PO4MgXh-_g52Vn*Lm&GWVPdGl{yiR51A
z6l4A{b*fuXY~K5YZJ*wB+Fz~g`_E}ok@|SyM<!-Q2FArP22lq5z)+VJW@P-&!fL<_
zqzv3a0*ovU26hbsLQgn#*<@w?8F~{H?}()&FO)zDaio}P5@0jWVOYhG(j|C)$CXtv
zreBc59~i~Vjtm(>-x>cMbUPZ%pr>kZEB}vkXvpetWoK>cC!v|kz8_G#8f3BHl=OlB
ea}Lak+VrCR=qnceD>_HKDi35Y5iVMA)B*r%3HqM^

literal 0
HcmV?d00001

diff --git a/efi/old_db.esl b/efi/old_db.esl
new file mode 100644
index 0000000000000000000000000000000000000000..88d9baf7ad119570b980a05aa5e187e2b600c809
GIT binary patch
literal 3143
zcmcJQ2{e@Z8^>p#vCA@%ZIH-Velv`vk}Z@y#!fXvGsuit8cLX{Mp2<q(PGPWE0WU9
zb}cEXo5+>hF3WAR6;bNu|4weV&OQCl>3`0@_q^x4=llG&=ltI9^L&benokbp{N$Qe
zb6Po+IKj5Vz&<^Tp>JdUEI$ZI_GsK-F!eMu!3_v8@<51uTZlx!5eP{duBYwOTojPO
zNEnJ%i)Lita49ql2(n31KmvpGLtzvVe!e6{us|$uijn~|4xJIViOY;5$pcw&5UYsw
ziQKrE8Ml$73Dm_ANkwH3Mg*J5VMcKYj!ZU-$)<4`(2C{2T0D+aB!6?9K&3O-8wuVt
zHaC&rL1V{6a#^voh)9ADlgR~|3uQ<oU_rJdlgMOqO7KD%vc<eK6H6cv{E(c9VCj6$
zI^WLO&&hcW!O@;T22gfFxX#yC2}i?_Lbx0Zic2Dda5(HFF4n!>Ng~=!y0keh1;dke
zgi|;6<5RGs2ewO9bDE?juev(X3a{Xe^LpM83*URJDX>q?T2V{=>(7SnV{N4>=_&T<
zp+P(7<odlX9b@qg+FtqTNpq`g_hpi+m#nVj)r@txYr3i?4+--%68Ij{RgKefJ@}r6
zS>nmHR$*`6*WFJ*+@BkfRLkq#aY<G2`NigKcH5q48R&P+j{C1u|1&u!xp`t$b)xm~
zz3T7`k0vYD0DZAihgm7kvNw>it|w`<1?7u->RDx&7J;KNBb0+)R1*{Xq-mSdL;hM<
zk(N>?+T;}<sGx(=(do<>r^drNy(xiPa&cqP=ZfLI2qYW^FA>7GKsUk$3K$6@29AOY
zEtTOY^rtbP`z3}z;ZaI&TVj4m;rqHy>RD=d7A@H(M_{D_4d{<($cl#*E1Dc78ilN*
zdwab|alJZ+)75?ls{ibvgg{AaO2T|$JXko)5oQmh#4F`cD5wBLKu#<a;qW;W8X%z$
z&=Lo9Q7QnRs^k>q<M<>wa6!`@&*Qp&xaG@qqRT<3c!Czn5BP$$g<gdoA~!mh%UWh?
z8o`b=+5Fk_CK1fdrmPr-IBLpbGdJ=gxExc+K2R+{7Ki)|nH%!-ddM@t7<vK41eyvq
zU~tfVpwU=397P2_!27cX2+^v)590Ir-#RFg{T(N8zxF0n=13s|4x`{4=D=^AGh3u9
z<mrKwrOxCn`bpyo_WBNLuBSE&tX2mp`b|C$G%v$T2~UMp2=Artu*YOx(0Glkom>>A
z_R2f!-Fd&A4hHIk#_GzoN>`fC9Lm*J&$=)7fqy)glfC<TW1~+k+FRyv!0|%bsLb$Y
zy}NdD3+=9TmbkWhoXuCzz)>?B+Z$?$HfxAl<PXu>46lM~$qwcpEHDc*G6{Cg=kxV=
z`Zqg}CDUQuPc5ihYrSiF6uPlZ_1wn~G&56sM^&awmGCj9kD~Tg=?=H={A2V*i<z*(
z-%Z8%6+IVw^VS4=qO$&>XxCvQZFe)`gq-UHJ+0<|ADLGaEsS1KqPL)Qw4x7HdE*be
zpu(Nqx$fcFI*Yg(du?1~SCtJ_6_``b&0h2^Hxi7LqT{a}yHxi~ZB^8e3srW%f6Dn2
z_`}trF8azW-5S$%nclnhUEL>KZ(lTJBGZ55b}Vn`BBMrIG>h$?9`NYCS7F5W)zl+f
zw#WLgb469JD70wRH`U7p-u`7|<B!FA-Z_Z$Rs4#C*Mke*g2Pm$GM79((`!qH>~j`{
zB5a5A26u(5SZQ1Df@k{;=;@rhyX`3wV^}hyndN*LCUZx1&!8+tKO7maTsGdNUsxDq
zx#6u<&ZYhY*4sLFQCiM)e<i|cEVA`tNiqY^!yYJjQ`Qi)Be3XS{J{RrkC*6g@dMol
z@uTT8Kd@W;Kk)<iFJl40?jO>N$pAnF2=Qa-mtHJp1HlpUKO>3}LE}ae?0H-|lg)q-
zA}+6aY>)uSnq*~8GADn+#=NA6B@pcVA*q@Gqxn?zzN8w!h}+2Ia|qt^Ede4T!TWp3
z@ld+Hc*sOz@adJAJVpadyOCjLHeP|cK}{XQ?5Mv&*m-y6cE+St)#=g-<D~FJ^xUAU
zEs8>54Yoav=|9?R!F!%gdbp1@{J^q?>zrp0lD0wDsOf>r$xSnB^^db(V#_*eHJAHR
zl7@Rm^lQ`9Kh}2WN-)cvvs>cwR@nF4D6tJgM0<=dwDb%@E$04mRF=%?SG{oSajU{W
zYl!}segen{F_ehW+2gwbZ`4fJ@U0tJGkJ`*cNblPvnp(RF_ri*aYp$TB`j8*7~0uz
zR5ybeSF_}<h2mweJNlKi<mL7UjGnaL<Ucz_^_&TnLZwAsa8xO;?%%A+9|>MOyBhhK
z9F7n<Y=Qhg9UdYF)XQOCA>rqx2<!d$wnGUwv)&!|%72pNch>j+gM{8`{~MXlibKQc
z-8MN{A$^_sDs8}j9tmE+1Gp8gDRdDz{ZB}M><gI}^6WeefQ2#H>=O)vKR15}2A;qj
zxPI0U3|4+04F1dB-^75@hotzmClg!as>iKYHmvZGizC{~D{?-T)4NuenR}$?p_h!2
zoU>?&cjl~2oMNV$hYc>>)5uJ}FVVNC-CfcmDthmTS|2K_TxDTtLG6GY*<wpuOYqgE
zAyo4Ve9xK7^zraB52>-<Ah7IZ(#M>iJoitHB#Afytv=cu^We#nbpLCpdsvClw;6+-
zQ_1@)C#I#+aqn$AG}tM=mtOuF(LZQIimVb0zdmylUwXo({9Hk+Ls!<$^;C_yJum7s
zT(X!|98dcbb|=;k7a3MB$mXPL8%%UQ;#jX=c{+5%$YZ2@d5^^Nsp-637gN^mj&f1m
zS6roFBQT_+`SscE;oB~@VB71qrkNvU-NLsXd4Byvr>kX$acMx3`bV1wm*j$H@3fsq
z>_RMiasF=H5JTJYk)V5;r;6Uxb1-1tQZ?&qW5!Qz4moi`x^8!FJ&jitItO;GJ0>{4
z>1-_Jb;Gdj;sHvrBo8yK;(z4#1fy=W+RLup@MEXsU!fn@B^yQjf+^6|ZhMyyI}o@K
zV?oSTK>k*G_qB1|yPRWoqbg3XI@3dAR-Q)ouv82sqx;vpboWL`l3$<gv(PeR1rIv}
z;o{u_>XLT|CbU;fskdCI%{nN%+v%X_`8mRoUk~57l3N-Uey1=3M`+~9^S9efI@O*y
VbmB%pD%0#|)GdB#xO!0Xe*pf*j_&{f

literal 0
HcmV?d00001

diff --git a/efi/old_dbx.esl b/efi/old_dbx.esl
new file mode 100644
index 0000000000000000000000000000000000000000..06e07fb57a75dd4a1caa2496580fe1599131cf56
GIT binary patch
literal 11140
zcmb8!byQnhw<vIeOK>eNr8rHH;ts_fid!K#1h-P$t+*DKLh<5O+=><`QYaKH?oa{B
z>-o+d<DR$k-njSVpUqBw%*^bpIoH}NkH`jkRWy<%t16^^K1q>bRYCgu0r{`vKM&4)
zIIr&;{4!sc%I<XdU~~E;(nvH22zrGR7Ne8b7SI$L^ptL;zEO&7sw6e$ICaxN{rkW9
z{v5lqe|a0A@Thi~vtE9C<)aJ<L8XU;pkNlDAcK&RK_Cb&Iu?6`Ld17m5C{hi2@)Iz
z#era<qv)cd6C=w@LrEY+f1O~0aTMJhVf1iodQ}T&C;<fTuV*p97_x9r8%GOwC^>}m
zuV=8qcrq5waA!M93rBht4=ZjcAB5+x7f`?)|Mv@j;<$Uj+~{RsZXR~lf4m2bUdq$M
z7Vc)};R~T9$A$7h_@F#cD6bGi(2yLL@2}H8kN=!P0{=Hz{(p1&uMdR-#?gjZdb+{r
zrQvW7C<lb??@Sp1nf?ROYunj4+d11nLO_iFymTNmB$N;kKGL7(v5`YSAf!>Voae7_
z>a0Sl-j8lP-&CH-r;Yh!LCIkvc-b=9mfb4TDwE+|sU8S+d5Uuz=rrWCA7l!eX|bk_
zT*Y;omdYqEtp!`EfA{ax8ZUrWbVQqE(LROiy0>}R9WM0VGRzNQd{ggYT-_=+;#yAQ
zdyp~Ds?4DBp@YV^j6Bfrr_GMBkDM5RQysa%Bf>$w%|Nw~_G?bH5dqcvaMCdOuSX*O
zft|H`Ahb7Nc>i8}@#Oom%?Z&aea^f-6l!xu0ik;-<X*NCnC3k%-&<+YpJ_g~TvwlC
z!u>;XZv;3UO3T;$b#a2YMe8irCj=FucS+E3LOSo}Fl?#t#g|CGq!Lmgqkxb=#lZ!T
z;9Lm!&t;_{27&HTks(MBy1&ktQ7Ir~=$IVnAT%@#6clvqKYyWuLIki;&>@`YSmqH5
zpokyRAY4>BG8%Okn6tLF3cWnc8Rqt9m{|RD%s^=V3WtYEhDu_gz+M!Ji~X+J@C?UI
z<8vbKm&wz=-;L?7cMBq^PRhdRW3Rs=M~!1@h8aFe;4`%R=a=|r{Qvn9K}fG+3eoA<
zTCkNq4c-M;GVk}i+_<$*FYryVIYz@{CSu+)ynai0Ms$G|A8C4KXgn6r<PM`DZChn@
zm{+tJEgo8Uu4dfy6D3qKcqQ_+s01~xW_~IRJ50f5tLR6W(&@K}iLTU5tQiw7GAcAu
zoH5x(aSLh20d`}xL7L)?uUhX8E@L@X1cgj)q6(kE%sA8^-J|;u5FNys@N5pr)iUQ4
z+$WsKV-@ek3M41nc?Ix^B%|4=)iED+nwq_8oc|zszqJ8n0*5o#fOSEK+w!JsMx7+Q
zn?qL=%}d|EG&B}MXAO-_UW#{PZ*A>18oU%~j4P&UqAzX}4}-@sAoU9Y`w1t?-~EK(
z&k?boAm9EO^jm-T6EvhZPvcJj*AzkzrG-%cr?iMkWns_lES%~8SyD1m|0(w;5JBh@
zs2~pyKjcrj^ZfG^@({`hq5nI=ga1c_zlsv(_CMC-?8neV{LiqW#~6m@X$RkjBmC(j
zKEsO3hz^WICP!{03f+|R)-(oDcuT+>X7f_0xXn{(3P&;Ts^_;s0&3<H@00{l8)So0
zYxA9TmdoixTa+QI48d@$V(WH$j`aC#3vck;k?6E*M|IpOqp>*ixDz9{MMhd}4!5d)
zbAS(WKVI9fcSbC$FN@xTNvhlrGwMi9kB+uWJtcg;x=ucx3_a3@LNe8Meu9dkqRN;s
z{c&4#gvrv5Onprg)qYRBT@AUtPIpyPRBW5wtE&uLV3%*vhOqdrSZ89vKL%U{iiyt^
z*+&^5KYlDWGQ_$n{d-AE>|x)nWG3OYS9e?o?C+Wsf(Sqe|GUIMsHiB&s09CM-+#&y
z?@zV<cQJw>IDeHF{$B<o2=KlBr&jc+O3YQ*_Re2A7^f_cJLXeJ*ePUtu3BA$Dq&ST
zVmRJ=X0k56<T*AT*sZ#?8!Z+<C><%;|LLo%?+TLRy6f}d%)T)eoX7d&hreRqUEt(h
zocE9BFEghkmP~Yjwi7NFbjuq(rJ#3eCMXmIeN}_2Prt2DPZ52}-IdQxiQ}1&{p2wW
z$<`}<HXSg9M%Z|H!S-`GM|-C0akahYBRQ+~cGmRBgqBlZy<dKKqDq3vo#$!i-&m)=
zFJ@Aj3gtDyg1Rm~6G>=z*|6n*#KESG%rJIaz5sbBeZgq=+Oxm?!nphtd7&12@QAb%
zpQB<qzB>?JUDPtDswCgg`z*1U{1IRt?_~PBR{omDfwdCUxMT<I#znqMDx-byQJtnl
zYscxGWL&wqsuW!^EFT-_uO5dM|9X8hpN#Lu`fzy*MUHRAC>-OVgGk!TDrc%mKcF96
zS}cs%7~#UIeaj9H<aUq56}S4%sfKxC<7*#=kKYCKl!sxh%8sy7BKnH=uEFVA5C+`m
z^RuD~S+5<~3^}mTfxf>Y`zdaTRe@f=zEkMr)nyH43xSaDQ8bSS*XfZq*c#~dZ&E2w
z(uxdZ8g9&(2@2LEwp8>-O|e^1BiTG{D>GbyUOTD3=!TF1x$G_N3UiJ3dcFx9YXa-|
zokkX8_k=<6KG4rUA`PIica80RSQ%gB-vPtmED(O-!2Ggntjqk`^x`AXPg@?cUI(;m
zpILErzr5!iDrWx@k#A1?n~a;2=WJ}-3Fz5|4zwCYg$rXj7mu9F&HYbAf33IwCWLt!
zpYM=_DaitT;>|ZayLn#8cyV&DEzk118LY1?%q(loVu~|qZe^D$Ku-X#+MhbSQ-g?j
zTm}^cWo}FdaiqW#hCL=3F32KmUjse4nlO%$%upFd$E>6}8Xv9Ll+bgV$<!ZBc-%}C
zpOe8r&yh9tNSZtO_Y<>j<$hciOvk)+Wk2}6?9F3`M37yU5YThGB-uoieRtQSdqY82
ziBIFwq&LLFUBUFOe7224v-Ty>OHAhEuZf@L>S)#dG~EjBYdLlD5O()<)lG0Awx1Mt
z2YUH&ObeC`^z4YQ!VV{#a|AyI4V@g8pD@_=Q*myx8?FJp>v<x4hEXv<r}*jf%7+=Z
zBLwu`_*cZXdz(w$V|SLGKp(O!GTC^IDKnXy(f=`WBF8{#LTr}+Pan?l`I&&8nGMj#
z%qtk2r8Ql}*S<}~vA3|Pn)i!xe)TlPirkH1&_J#Y=;ITLqNl!LQ)5)R!^T*THIHUR
z&o!KOqi(9_@w$T)sDZxbpa!bRLgapw_Lkd*Q0NF+5pDw!=4H(MA%Io!$*>UU2e7)T
z<UOkwmy_QzHnmXP#HAKK<)qsyA!{><;f?CM1^OZK-tzim_F!t(rgAEk(1p=hBQOgq
zjRi8s!A^2tdLYn`;`3UQw|@H>nxR8HnsJ8Xe()%8u@Kz0+0{K{Q@I=q^j3OCOGG}|
z+$7b{uKDP+Y8`%nf65~H7<lfTs&QE@$N|0F@JNj(_Ed+$t$@}`E21w}sx^yAq7yL>
zM^(e^Y}OKhK6vp)C6C)Lgc;_b9OB+GR#GQ^zIQ<XwSbN6;bCEW1kks!pJ%RMqUQJv
zdnC{6Qn`W`*sF^dUTi<b+T!s!aaINT_1v1!9&R`*vHsk_M;dRY#;biieqW4FvSNpW
zKSgPCfnI32k2T>^*({Bhv&DOp5M@_#xh%+1sT}=kv>pka0vYIeu2R88xr;<ay>dIZ
z(N@;1_v8M4(jT^ocwfe|4d5X3TY@>WvEuZa3sUjj>%$uT+Ff~jR&4r5x31R=FQ*jS
z9|PknN7$Cm!8*SrBE5~jy_ZH+ADgb3<hgYrEEi8Q-_6GY`sj;~*IVKJd=qH7SZSLR
zcRgsX^<kMhVSchJx(XXBH$Xpn$d8JC?yQ@A--v>{aj>exkEX(3k!f!9Y6>-jD_$4q
z8@AE;@Vg!KA~JYWF!CQZJCwjMHcgXg>YlK(PwcrU0)0M(<&hqFe`+K58MZY>y=<9L
zAziax?oZ`}cc%jr=Dk4w#h~^XrY!nqoaN2eaC}I?1d;bsc7|jF{5qpPgB>D-ezIJf
zhvp<^B-k9T4N>Zh3JK^$`T=emUeB25)MuQ4Is)UvE_w>6!jNa5x4Cg=em6DEqIINj
zPEmis!R@fKI)Zcv^hOU8lEhrY#l%W$zQkuM5Bep!KGG8;zcCx*iYPi8K^UKpd|~*T
zQs+~&<)Ke;_@BM4^?rlv5I+z$3ZbF$aQxl`jNd`?(McN#(-O|agz}~wE_R=u9~MR0
zqo+*Nw-EVzR08P1Um1|D{R4iOsU1Ceh1~6uEQl@2^dadk@PQ0&Y906i(5Ip1<4Fk&
zC)Uk)xu$Ky-Gg2d39tOP{?^T<nneRKiw1h+9R~XkCsrUyx>DW4_e+xXrRUGGkCM|Y
z1ZwmZxX)UE-ud@$93zl??2A+tg4yz_qVW>?sHhFJ{225x{f7(fbwHnsRHHKICp8?p
zqHrPI<JH#-=OezHS=0C!{6VCtIvk-M7w2}qTyJrCl$Ac&e||?qzQu+^Vw`9EB(0cA
z`lRWq1Q`F^yH-7CB`Ib%zu369L5(j{1+^vv#=|LEr>Lj;L<3<y#qCq^JfJ*z)^;Y`
zwraj{SU8}G#J7>y(cpNEt&_uqFkgr22cMVfak&^YjaX_>=&~m7$vuY?nvH(IsQTWu
ztA~(J``Xpk>F+m$F4W~Wj9UYO44bqJ;43Z~b&oF^XVXHR!2AcaD#Og(*9<3_$IDb5
z{IHhLAu*J&11-tTfrAef;|TNnS%mmV%cVqWHOUQ5tdgCgUmWbPlU?^~hcuoyN8Cyh
zF#e0tF&)cEd=Om|rfF-t_s6Q4&;bc0J#*1s;&aY}L0_QXMG`W3kB6!kyo;pi)7XAh
zq<88}n#54%Z(wG>!Hj+f^wf<jAI?XJrrtEBBoMp)=15P%-@;&kFX^z_a5)CJlL5W>
zB+FRCp{(HeHd7nRz^U1av4OCF^>U_)sf?e*b)f^$+a5pV8GcV~Jt7|cC1wAZD3vt3
zTduKhnCs=RVs=r14A5^VLk)GwTouG(6WtrQ)~Qt254bBCDDSvlL-VgpF{gq4TOW>a
zWAI_rpS$K#Hi6(pWkbq7^{7V<S}xxX8{aYu0)0SLPzC9T%3STCWi;xNTD@(#uCHdv
zC!so52&*oKLmbe5v!x@2GVIgZd{^$Qn;6_icHyLo8#HS+apAhDP-waY`jv6f^&Y&f
zx_Z>eS+{~;@>hLuy<&s+FIa+TNz|&^2Y?<~@7@)koop+*!6T)|3-!%Jg$3JU`JL@d
zbFHNiD%1q%g_BNyZnFj!WvRSO!QrGdU02y%AAu-srBx5c4akWij5kGXBwswooO4aw
z%F^71PXW0c;R_2^sC<W>?Zx5L9^1h9!R7BpJt+_9D&H)xn(o=r^z0wAL;GV%lFCVJ
zo|Uz@0DXe?$qMNYt;y}OJvL~k^bVQmEdI6P_?ulft^N{&bR3}1;^NPKQ~Eu6#<op`
zuuZ|xfqF;gdEHT?EcG~rzmU}npwBP)ge);9{^4F4sXZWGMw>a8Bf!+H3CsCDh-Kc1
z0Ac*hy7f$7-i=;y=g~3UK09`kQX;?5n4T=_v*$1CXYeBi#y8eSdte{FClD>?LO%EN
zz?QYmUurC;Y<7iioX||m4`DtHQsY;#wC!N2z^_SAjL}2mVB@1;&IY|!*DgYG(^13+
z#z(nUVoQyQdVjx+Vv2+HMgTkoUYc~6O0WVmU_f70Mgl$BVgRWtpN<9G2yY=QyQ$Ze
zy;U8VFV*LeUGS$%4+%p5M?WyCo^e*Mf&DCD(qBFCr`YD~G3y8%w(;7@rOIR{0mjGd
zV2s||qf({6mmqzvX<rwRk;CbDvQg<WwAT9|KfV;`u~<(fW4|-+(AX@x3YH&tYNd0r
z%AYy&N0Nz<;Yl@DBlw>&75L!~;&9!6<h%)pJcJuKDiUklyozlPDtp|Kqzv@fp8Gg7
zF8d|37ak9tn$(9I#RCoO`FXM0`W@7lJl#xz9;~^L2p>oxRP-__j|h==;QXCuUvloI
zz2AsLNW!!E2I%pNi?XLRAq&5aE@up2mJ>%bk&@|e$0-QxQrNi_HM4=9#2eE1nDDov
z#2#`pGi}BM2b^!#{wf7>MuS}PI29KI!M|F6<!YEewO%4SiGLp$9+B6`$cx*f3{}Br
zGjV#82lP~lNu=d-?%Twy<vvVZ&#8BG*J^Zrar|<->tTx^oNonsnppkbyVlRKyyM5T
zW*NfY`Ihi5$TuZS>h(l93Zlvp>Ya`}DdJ?!^n4W*BG-;r6U-M80cywPzZc7d^=kVc
zr2ylzfWzM9Mx0p^)!Dz@I%r+{vHB7dH^eAP=$_n~MeSZ5=-I|gbkvF=^Q1|`VRptO
zuN_d47^_|wMUO48B7MY^M7ZDQV9eYva>yMh(T&;Teo?pe!}vn^hr-?Ulb&9>_XC+3
z!1!EK3Gu-$OdogG<tW8$=MN!E@0V0MTLT|_=^Y1=RZ#*xl#+eWNTVkQ(lDOVmRk6L
zRQ$L~=Op^^fP6<+IsqlZ{Tfd-PkKnsfYVf!>6fwGZcf@GW5ORIj097!oy~_c=McsZ
zA8s*+J}-3w$1|#02)JTxzKwc@1@G%dv7&zc5OZEQFrO#fvo!SeUr~}-iJ%p5Z0xC3
zWQ%C+owU&t?z;AVPYnd`2i*>hf>v{4Je7~KcU(Is->Gj;!nqG$@r$g<G0g;e0oa0F
zkI~Oq=@<Nji6RUFyCpgB@LcROgCqM0ANw*spcizqGhXA8^ZH8lVf<<<&*!sdZI*6N
z>n|^K0TCqM)CQmzR`+;cTf>nOS{*_<!&^2bh8EZ`yg|I1@%}_w_t!DPdQbS9qud9V
zJqj?XK_;E_bFLZ9&cd6WHqan<FPVECKSKWz+5L9F7ti0D{OZB5U6@T&7Maw?>nSWv
zl|p2@6m@q4U_RnPk4{?)4L=o1*>qU>g^7yEFl?H1%C78=2uKBTu_CNjC9#K`3|i_^
zD>iXJWnCcQdm4xye&{!Y$I>+K%`V$t0pm-BhtN4y8kO_C@G0Uj%f|L}`Cy##MpZt>
zS1h!BAQKJ2e>|@D?%`1*{{qvy2;1ga1z%BuvSl4WCk>jN%(>n`FBj>cx@a+HB%B(A
z;eqUD(rBpg?hTt17G|^5<Cw@jg!%ocO*b=mp|`*x%wvdnqJGUPCQ#oU-mN!n0{1kj
zv_V*J$lp_0)=M_uq8|AY6GL}2KO1pBCdW6axg-_qyBXxE2j=r{{lDGc)7wcB{xz<}
z*yS}*3;l5v6|G~%tnG1v<rlJWl|7r54$MbC@fV{j!?080QJ&>UfG~{rxZwJ<ut<V#
zK#n+Ps1sp-$%Hn0tV8J~va+q#8nS`Q#^gNwn(-L)dip4EQEI#z;eOwOj~2tu*M||W
zj5d5_Mw(dWytkWw+$bJ<=9CdGM1rt>wwN3!_U<-7?)hD_>B85Y@u|}popeK(daZqD
z^Xf(vVf}1LhpE>{A@_tcaVQf<nP8xqbwlj^!{$9lqL|H<x=&TW&kK9^ZJc5Wr60OR
zsI}()0e6&VCZ9aZBX|%FiG243iqLPZ-x3!b^*s<&eJyPw#IkdwWb#0A@Y{rHRn(O?
z2<7|?7~j@?=9-$VOKVT(_};+#ZK#b*Rz@)8^Lqx))L`DBc!YlI)UiJ!9v1=r(HQ7)
zb6ZNUy15Y>MNHg5Lp#1AFQ1|YjPJDnkw<T>e|)H<!G)|n$<u7_>mi+#1|*f+uv7lj
zKMLqw3gxiRtA%v!s<D69FZD9>sO@1N3iatnf%xX4xil+*-mMQF;(w5wnUR@JHB{pf
zPeO|}doa~(k|_1gdX)Zs2+;eGTM;lsl{ePA&y`;trY^Etxjw@R%;NXcr+uz0;EAx`
z;u9KLGR)f%In%9aBQ`9ayhd92Qgg-i8B2|~ty4S`!u_33<I#u8ktHl~`VI0R&YH&4
zJf>nH6{T_K$lVL=G$_J)FHmv30gFe3+OM8EWmLCySoXB2#TZJbXiAZ2?xKOj0?hy4
z{=N`W)voY~$#LpCEc=$kK=nA0V;+<HtQZ?7M<arDiVvYbM63D;J$c2GIi6&=>%n~i
zStzp3x-^iFJLlwZcoz;r*#D11QCz^(quhSW&`WHoz{G>Wld))fo~WM$V>=n7KS5ak
z$EVDL?H(AwNW8XJo+_`ihyT(FYQB0nSJ;0$I;}8;us%$*yt*0O_G?~sOpPKjr(bug
z_xe<+H#d@xZ;nU)n`;AjeUf1IB`1m^f)5K?9`Pt_ZOrSHjwr-Oft!s$?pQoG+6X>_
znk1t;!DuK<sA?eI@}Tus<(-%6*zRMI3hxgiQ}#fg>f-a$-y%IdPI&Kiwu!!VKtvSh
z^~mU_Xq%Gs4!=uLpike@NY$7P`rQBgK7ma)nka^jdRsqy1~<CzMN!2x7Q%ST2yHr+
zP2Ss08qz(x4B}7At(FtTdoFzX`^9-rsZaPOFn&fUC6=u0bKHx##UV}3s>E#1I~l+A
ztr<49ATJB1V1)6LQ9jsCI8S%dVPcQ=S&g(^o@-!eLecG(62)Ybf$#AaFn$&*{mx;W
z)aM%I#Y%;%5ZgVOGM8E7(v7YOaetN60yhNzFYni~bP6kSb$9EdE2%z6DJNYQkUyYv
zlq`3Ei(lA&i9mt^<LA_>do4Iz&6j6%cbQ4&6sn?rjaBGBj`vEz4taGih_D~>nmK<A
zLSr^86!6J2%kt}q!;>v~y*qbQXNT!nl6+5UVEo*fm6pe*9%L-%dtZg?!%>PQMXxJR
zOMFX~(Ut-jH7bBUZ&m`olLDuQ=SSk}qJc_2ilcsExl&wahT^73`{I30pf6eSX&LA$
z)Zzbx`J>H%yRWqRhG_pqHHkg{VG|_P3Sob^;^FLv`OnfVLOJOLX$5eK>-x&lR`<G3
z7X`-*?v1gI!1&c7+tEGpY8k6W@49)l6%|?>T2Z{#R`lzCFW58{8r=eY>wMF<@E3BS
zcp(25n~Tq?4>E??@an7$#pH#R4>VUUfWA!vJ<H%#Ed4Lss$S09TRLW2UkPXLJXBv(
zCx1q5e1zX?IzXRMcsnd#2T%t&)jgvbjnO7Me|$oacoUDa<y51Ha6i@Q`IF$D2j93U
zE6=)P4n<vQTcG6e+6g}ywYI{h^#;QJQr9%$qrF8vg4y4mwbZ>X>};pOjn{YAMem4>
zkuxeL2Z8y&mofQ1!TOfnKfduc*j?Vpd%N-?`MZO^*DndXxE4x;eBOVz7TMlc?OwEX
ze&|Ar0#`w~37oJg8?-)3ox~cDMd)vRPcsa9Qv*mYo6X!Rt{Q4%;m&R^Y&&q11dY3;
z$?ao+`SfcTT^tgW(o}7c4?Dzu#1blieY{ZfY%NAN-J~AML0JC`a1joJr%dB6Zj$cK
zX`&<<szV*iV%9i2eA9YyuA=6E@&E09<4~?uX{*o{RiTZvRscDgJ;kIb3w*|zFOiaJ
zczTl&VgGrI4~ek$0M}!nG^)Y5y+kUV40CtpSI|m%ub|tAhA+bY-gv^Ha~lI^ceJ13
zWI)XO!*z^&N~aTSpR}YgQu(vfFkt>u#6>c_6WpS42LUbwD3Oz6H=$_E9Y3dAz`oTN
zyHcz`znD$<(NQ6O?xs_RMj7MR4;x%-tW<?p+sbs^=Pqi}2<wd{>zF2%a7>$sUcRQS
zuI29!wSq<L+!?dm*b7Tl>8Y-O@jvsM-+_6WR6^&@?;{dXW-wFis?JB!F@My)k#YF-
z6k-2o4f$<jXk^9u+>jP4=IiFl_4JX;hV<dBj{dY&Vmt3^VEnbDs_+W+3Ghv@ZkPZ2
zUsWWngU9X}zd1(?!sPO}3lY{=Uo~5z4%?4PAy0?#?61*Yr7?1%TIjV7^tSa)4VgXN
z2FCxle$(mJHJ5>;Z!>#8DlCsxu96215B#Qvr=1g^vq<*@p+9eCCSAsM4yLpoMNEcF
zTElxujPl3sI566$%X2P=ySst;?1aOK1AVi&M%9Zhc`^=pW|rQ-U+h?r3>AvsicDOM
z0R8@bTzDU5yQ+~x(9^4VOmg`J-}cYmwmXW`^7lD()(HC>$DyUxiWXRJ)a{412-c7~
z*oqRrB9oHUh{Q0lCIoOJ%wNX~Ur)}Dbo1DKkDt(GJ+Bp^%}Ro9;<Vgh=)h~R-E4sQ
zoHbr+is0%f*~SxB_a&W_59UjQOIO~B;~1j<3c$q_1N!qqC;lcKJE_PwxRM`i*$gf(
zj5)vVx87NOuVQbz>Qe&x3%WUr!M!vBNr_Q^nxe&uu?-i4mptujujU=R70u#Pf&MbV
zY0)(yO~kxNo%4Meb{fNKjm<K%w9!l9Nm0$0O9;R3jG&o|suu`)J4>Hi4xu*YriY<0
zt|xOnL$9doXzKnA2gau(!-$(i%Dv`Z&U1CyaeTYu()o?*Rq|{|(4c*>8ww533zP&2
zsMbD5p7aGnV>nvh3S>ZuEXc4EAiA+H_kD)TfL<~-R_v;>PDYDTk)IhE>RCx-QNPN7
wuIg|uKS{!%-3IhJn4m9wCcXXQm(T{I%buOs*#}MDZI$a4Q)grS`8u!u4|!AAvH$=8

literal 0
HcmV?d00001

diff --git a/modules/systemd-secure-boot/README.md b/modules/systemd-secure-boot/README.md
new file mode 100644
index 00000000..28f1fc3c
--- /dev/null
+++ b/modules/systemd-secure-boot/README.md
@@ -0,0 +1,3 @@
+# Systemd Secure Boot
+
+Taken from https://github.com/frogamic/nix-machines/tree/main/modules/systemd-secure-boot
diff --git a/modules/systemd-secure-boot/default.nix b/modules/systemd-secure-boot/default.nix
new file mode 100644
index 00000000..bedec49a
--- /dev/null
+++ b/modules/systemd-secure-boot/default.nix
@@ -0,0 +1,200 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.boot.loader.systemd-boot;
+
+  efi = config.boot.loader.efi;
+
+  systemdBootBuilder = pkgs.substituteAll {
+    src = ./systemd-boot-builder.py;
+
+    isExecutable = true;
+
+    inherit (pkgs) python3 sbsigntool;
+
+    binutils = pkgs.binutils-unwrapped;
+
+    systemd = config.systemd.package;
+
+    nix = config.nix.package.out;
+
+    timeout = if config.boot.loader.timeout != null then config.boot.loader.timeout else "";
+
+    editor = if cfg.editor then "True" else "False";
+
+    configurationLimit = if cfg.configurationLimit == null then 0 else cfg.configurationLimit;
+
+    inherit (cfg) consoleMode;
+
+    inherit (cfg.secureBoot) keyPath certPath;
+
+    secureBootEnable = cfg.secureBoot.enable;
+
+    inherit (efi) efiSysMountPoint canTouchEfiVariables;
+
+    memtest86 = if cfg.memtest86.enable then pkgs.memtest86-efi else "";
+  };
+
+  checkedSystemdBootBuilder = pkgs.runCommand "systemd-boot"
+    {
+      nativeBuildInputs = [ pkgs.mypy ];
+    } ''
+    install -m755 ${systemdBootBuilder} $out
+    mypy \
+      --no-implicit-optional \
+      --disallow-untyped-calls \
+      --disallow-untyped-defs \
+      $out
+  '';
+in
+{
+
+  disabledModules = [ "system/boot/loader/systemd-boot/systemd-boot.nix" ];
+  imports =
+    [
+      (mkRenamedOptionModule [ "boot" "loader" "gummiboot" "enable" ] [ "boot" "loader" "systemd-boot" "enable" ])
+    ];
+
+  options.boot.loader.systemd-boot = {
+    enable = mkOption {
+      default = false;
+
+      type = types.bool;
+
+      description = "Whether to enable the systemd-boot (formerly gummiboot) EFI boot manager";
+    };
+
+    editor = mkOption {
+      default = true;
+
+      type = types.bool;
+
+      description = ''
+        Whether to allow editing the kernel command-line before
+        boot. It is recommended to set this to false, as it allows
+        gaining root access by passing init=/bin/sh as a kernel
+        parameter. However, it is enabled by default for backwards
+        compatibility.
+      '';
+    };
+
+    configurationLimit = mkOption {
+      default = null;
+      example = 120;
+      type = types.nullOr types.int;
+      description = ''
+        Maximum number of latest generations in the boot menu.
+        Useful to prevent boot partition running out of disk space.
+
+        <literal>null</literal> means no limit i.e. all generations
+        that were not garbage collected yet.
+      '';
+    };
+
+    consoleMode = mkOption {
+      default = "keep";
+
+      type = types.enum [ "0" "1" "2" "auto" "max" "keep" ];
+
+      description = ''
+        The resolution of the console. The following values are valid:
+
+        <itemizedlist>
+          <listitem><para>
+            <literal>"0"</literal>: Standard UEFI 80x25 mode
+          </para></listitem>
+          <listitem><para>
+            <literal>"1"</literal>: 80x50 mode, not supported by all devices
+          </para></listitem>
+          <listitem><para>
+            <literal>"2"</literal>: The first non-standard mode provided by the device firmware, if any
+          </para></listitem>
+          <listitem><para>
+            <literal>"auto"</literal>: Pick a suitable mode automatically using heuristics
+          </para></listitem>
+          <listitem><para>
+            <literal>"max"</literal>: Pick the highest-numbered available mode
+          </para></listitem>
+          <listitem><para>
+            <literal>"keep"</literal>: Keep the mode selected by firmware (the default)
+          </para></listitem>
+        </itemizedlist>
+      '';
+    };
+
+    memtest86 = {
+      enable = mkOption {
+        default = false;
+        type = types.bool;
+        description = ''
+          Make MemTest86 available from the systemd-boot menu. MemTest86 is a
+          program for testing memory.  MemTest86 is an unfree program, so
+          this requires <literal>allowUnfree</literal> to be set to
+          <literal>true</literal>.
+        '';
+      };
+    };
+
+    secureBoot = {
+      enable = mkOption {
+        default = false;
+
+        type = types.bool;
+
+        description = "Whether to enable secureboot for systemd-boot";
+      };
+
+      keyPath = mkOption {
+        default = null;
+
+        type = types.nullOr types.str;
+
+        description = "Path to the secureboot signing key";
+      };
+
+      certPath = mkOption {
+        default = null;
+
+        type = types.nullOr types.str;
+
+        description = "Path to the secureboot signing certificate";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = !(cfg.secureBoot.enable && isNull cfg.secureBoot.keyPath);
+
+        message = "The secureboot signing key must be provided";
+      }
+      {
+        assertion = !(cfg.secureBoot.enable && isNull cfg.secureBoot.certPath);
+
+        message = "The secureboot signing certificate must be provided";
+      }
+      {
+        assertion = (config.boot.kernelPackages.kernel.features or { efiBootStub = true; }) ? efiBootStub;
+
+        message = "This kernel does not support the EFI boot stub";
+      }
+    ];
+
+    boot.loader.grub.enable = mkDefault false;
+
+    boot.loader.supportsInitrdSecrets = true;
+
+    system = {
+      build.installBootLoader = checkedSystemdBootBuilder;
+
+      boot.loader.id = "systemd-boot";
+
+      requiredKernelConfig = with config.lib.kernelConfig; [
+        (isYes "EFI_STUB")
+      ];
+    };
+  };
+}
diff --git a/modules/systemd-secure-boot/systemd-boot-builder.py b/modules/systemd-secure-boot/systemd-boot-builder.py
new file mode 100644
index 00000000..160e3be7
--- /dev/null
+++ b/modules/systemd-secure-boot/systemd-boot-builder.py
@@ -0,0 +1,300 @@
+#! @python3@/bin/python3 -B
+import argparse
+import shutil
+import os
+import sys
+import errno
+import subprocess
+import glob
+import tempfile
+import errno
+import warnings
+import ctypes
+libc = ctypes.CDLL("libc.so.6")
+import re
+import datetime
+import glob
+import os.path
+from typing import Tuple, List, Optional, Callable
+
+
+def install_signed_if_required(source: Callable[[], str], dest: str) -> None:
+    if "@secureBootEnable@" == "1":
+        try:
+            subprocess.check_call(
+                ["@sbsigntool@/bin/sbverify", "--cert=@certPath@", dest],
+                stdout=subprocess.DEVNULL,
+                stderr=subprocess.DEVNULL)
+        except subprocess.CalledProcessError:
+            subprocess.check_call([
+                "@sbsigntool@/bin/sbsign",
+                "--key=@keyPath@",
+                "--cert=@certPath@",
+                "--output=%s.tmp" % (dest),
+                source()],
+                stdout=subprocess.DEVNULL,
+                stderr=subprocess.DEVNULL)
+            os.rename("%s.tmp" % (dest), dest)
+    elif not os.path.exists(dest):
+        shutil.copy(source(), dest)
+
+def efi_section(name: str, path: str, vma: str) -> List[str]:
+    return [
+        "--add-section",
+        ".%s=%s" % (name, path),
+        "--change-section-vma",
+        ".%s=%s" % (name, vma)]
+
+def system_dir(profile: Optional[str], generation: int) -> str:
+    if profile:
+        return "/nix/var/nix/profiles/system-profiles/%s-%d-link" % (profile, generation)
+    else:
+        return "/nix/var/nix/profiles/system-%d-link" % (generation)
+
+# The boot loader entry for memtest86.
+#
+# TODO: This is hard-coded to use the 64-bit EFI app, but it could probably
+# be updated to use the 32-bit EFI app on 32-bit systems.  The 32-bit EFI
+# app filename is BOOTIA32.efi.
+MEMTEST_BOOT_ENTRY = """title MemTest86
+efi /efi/memtest86/BOOTX64.efi
+"""
+
+
+def write_loader_conf(profile: Optional[str], generation: int) -> None:
+    with open("@efiSysMountPoint@/loader/loader.conf.tmp", 'w') as f:
+        if "@timeout@" != "":
+            f.write("timeout @timeout@\n")
+        if profile:
+            f.write("default nixos-%s-generation-%d.efi\n" % (profile, generation))
+        else:
+            f.write("default nixos-generation-%d.efi\n" % (generation))
+        if not @editor@:
+            f.write("editor 0\n");
+        f.write("console-mode @consoleMode@\n");
+    os.rename("@efiSysMountPoint@/loader/loader.conf.tmp", "@efiSysMountPoint@/loader/loader.conf")
+
+
+def profile_path(profile: Optional[str], generation: int, name: str) -> str:
+    return os.path.realpath("%s/%s" % (system_dir(profile, generation), name))
+
+
+def path_from_profile(profile: Optional[str], generation: int, name: str) -> str:
+    store_file_path = profile_path(profile, generation, name)
+    suffix = os.path.basename(store_file_path)
+    store_dir = os.path.basename(os.path.dirname(store_file_path))
+    efi_file_path = "/efi/nixos/%s-%s.efi" % (store_dir, suffix)
+    return efi_file_path
+
+
+def describe_generation(generation_dir: str) -> str:
+    try:
+        with open("%s/nixos-version" % generation_dir) as f:
+            nixos_version = f.read()
+    except IOError:
+        nixos_version = "Unknown"
+
+    kernel_dir = os.path.dirname(os.path.realpath("%s/kernel" % generation_dir))
+    module_dir = glob.glob("%s/lib/modules/*" % kernel_dir)[0]
+    kernel_version = os.path.basename(module_dir)
+
+    build_time = int(os.path.getctime(generation_dir))
+    build_date = datetime.datetime.fromtimestamp(build_time).strftime('%F')
+
+    description = "NixOS {}, Linux Kernel {}, Built on {}".format(
+        nixos_version, kernel_version, build_date
+    )
+
+    return description
+
+
+def write_entry(profile: Optional[str], generation: int) -> None:
+    if profile:
+        entry_file = "@efiSysMountPoint@/EFI/Linux/nixos-%s-generation-%d.efi" % (profile, generation)
+    else:
+        entry_file = "@efiSysMountPoint@/EFI/Linux/nixos-generation-%d.efi" % (generation)
+    with tempfile.TemporaryDirectory() as tmpdir:
+        def make_unified_kernel() -> str:
+            kernel = profile_path(profile, generation, "kernel")
+            initrd = profile_path(profile, generation, "initrd")
+            osrel = profile_path(profile, generation, "etc/os-release")
+            cmdline = "%s/cmdline" % (tmpdir)
+
+            efistub = profile_path(profile, generation, "sw/lib/systemd/boot/efi/linuxx64.efi.stub")
+            if not os.path.exists(efistub):
+                efistub = "@systemd@lib/systemd/boot/efi/linuxx64.efi.stub"
+
+            try:
+                append_initrd_secrets = profile_path(profile, generation, "append-initrd-secrets")
+                subprocess.check_call([append_initrd_secrets, initrd])
+            except FileNotFoundError:
+                pass
+            generation_dir = os.readlink(system_dir(profile, generation))
+            kernel_params = "init=%s/init " % generation_dir
+
+            with open("%s/kernel-params" % (generation_dir)) as params_file:
+                kernel_params = kernel_params + params_file.read()
+            with open(cmdline, 'w') as f:
+                f.write(kernel_params)
+            subprocess.check_call([
+                "@binutils@/bin/objcopy",
+                *efi_section("osrel", osrel, "0x20000"),
+                *efi_section("cmdline", cmdline, "0x30000"),
+                *efi_section("linux", kernel, "0x40000"),
+                *efi_section("initrd", initrd, "0x3000000"),
+                efistub,
+                "%s/unified.efi" % (tmpdir)])
+            return "%s/unified.efi" % (tmpdir)
+        install_signed_if_required(make_unified_kernel, entry_file)
+
+
+def mkdir_p(path: str) -> None:
+    try:
+        os.makedirs(path)
+    except OSError as e:
+        if e.errno != errno.EEXIST or not os.path.isdir(path):
+            raise
+
+
+def get_generations(profile: Optional[str] = None) -> List[Tuple[Optional[str], int]]:
+    gen_list = subprocess.check_output([
+        "@nix@/bin/nix-env",
+        "--list-generations",
+        "-p",
+        "/nix/var/nix/profiles/%s" % ("system-profiles/" + profile if profile else "system"),
+        "--option", "build-users-group", ""],
+        universal_newlines=True)
+    gen_lines = gen_list.split('\n')
+    gen_lines.pop()
+
+    configurationLimit = @configurationLimit@
+    return [ (profile, int(line.split()[0])) for line in gen_lines ][-configurationLimit:]
+
+
+def remove_old_entries(gens: List[Tuple[Optional[str], int]]) -> None:
+    rex_profile = re.compile("^@efiSysMountPoint@/EFI/Linux/nixos-(.*)-generation-.*\.efi$")
+    rex_generation = re.compile("^@efiSysMountPoint@/EFI/Linux/nixos.*-generation-(.*)\.efi$")
+    known_paths = []
+    for gen in gens:
+        known_paths.append(path_from_profile(*gen, "kernel"))
+        known_paths.append(path_from_profile(*gen, "initrd"))
+    for path in glob.iglob("@efiSysMountPoint@/EFI/Linux/nixos*-generation-[1-9]*.efi"):
+        try:
+            if rex_profile.match(path):
+                prof = rex_profile.sub(r"\1", path)
+            else:
+                prof = "system"
+            gen_number = int(rex_generation.sub(r"\1", path))
+            if not (prof, gen_number) in gens:
+                os.unlink(path)
+        except ValueError:
+            pass
+    for path in glob.iglob("@efiSysMountPoint@/EFI/Linux/*"):
+        if not path in known_paths and not os.path.isdir(path):
+            os.unlink(path)
+
+
+def get_profiles() -> List[str]:
+    if os.path.isdir("/nix/var/nix/profiles/system-profiles/"):
+        return [x
+            for x in os.listdir("/nix/var/nix/profiles/system-profiles/")
+            if not x.endswith("-link")]
+    else:
+        return []
+
+
+def main() -> None:
+    parser = argparse.ArgumentParser(description='Update NixOS-related systemd-boot files')
+    parser.add_argument('default_config', metavar='DEFAULT-CONFIG', help='The default NixOS config to boot')
+    args = parser.parse_args()
+
+    try:
+        with open("/etc/machine-id") as machine_file:
+            machine_id = machine_file.readlines()[0]
+    except IOError as e:
+        if e.errno != errno.ENOENT:
+            raise
+        # Since systemd version 232 a machine ID is required and it might not
+        # be there on newly installed systems, so let's generate one so that
+        # bootctl can find it and we can also pass it to write_entry() later.
+        cmd = ["@systemd@/bin/systemd-machine-id-setup", "--print"]
+        machine_id = subprocess.run(
+          cmd, text=True, check=True, stdout=subprocess.PIPE
+        ).stdout.rstrip()
+
+    if os.getenv("NIXOS_INSTALL_GRUB") == "1":
+        warnings.warn("NIXOS_INSTALL_GRUB env var deprecated, use NIXOS_INSTALL_BOOTLOADER", DeprecationWarning)
+        os.environ["NIXOS_INSTALL_BOOTLOADER"] = "1"
+
+    if os.getenv("NIXOS_INSTALL_BOOTLOADER") == "1":
+        # bootctl uses fopen() with modes "wxe" and fails if the file exists.
+        if os.path.exists("@efiSysMountPoint@/loader/loader.conf"):
+            os.unlink("@efiSysMountPoint@/loader/loader.conf")
+
+        if "@canTouchEfiVariables@" == "1":
+            subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "install"])
+        else:
+            subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "--no-variables", "install"])
+    else:
+        # Update bootloader to latest if needed
+        systemd_version = subprocess.check_output(["@systemd@/bin/bootctl", "--version"], universal_newlines=True).split()[1]
+        sdboot_status = subprocess.check_output(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "status"], universal_newlines=True)
+
+        # See status_binaries() in systemd bootctl.c for code which generates this
+        m = re.search("^\W+File:.*/EFI/(BOOT|systemd)/.*\.efi \(systemd-boot ([\d.]+[^)]*)\)$",
+                      sdboot_status, re.IGNORECASE | re.MULTILINE)
+        if m is None:
+            print("could not find any previously installed systemd-boot")
+        else:
+            sdboot_version = m.group(2)
+            if systemd_version > sdboot_version:
+                print("updating systemd-boot from %s to %s" % (sdboot_version, systemd_version))
+                subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "update"])
+
+    install_signed_if_required(lambda: "@systemd@/lib/systemd/boot/efi/systemd-bootx64.efi", "@efiSysMountPoint@/EFI/BOOT/BOOTX64.efi")
+    install_signed_if_required(lambda: "@systemd@/lib/systemd/boot/efi/systemd-bootx64.efi", "@efiSysMountPoint@/EFI/systemd/systemd-bootx64.efi")
+
+    mkdir_p("@efiSysMountPoint@/EFI/Linux")
+    mkdir_p("@efiSysMountPoint@/loader/entries")
+
+    gens = get_generations()
+    for profile in get_profiles():
+        gens += get_generations(profile)
+    remove_old_entries(gens)
+    for gen in gens:
+        try:
+            write_entry(*gen)
+            if os.readlink(system_dir(*gen)) == args.default_config:
+                write_loader_conf(*gen)
+        except OSError as e:
+            print("ignoring profile '{}' in the list of boot entries because of the following error:\n{}".format(profile, e), file=sys.stderr)
+
+    memtest_entry_file = "@efiSysMountPoint@/loader/entries/memtest86.conf"
+    if os.path.exists(memtest_entry_file):
+        os.unlink(memtest_entry_file)
+    shutil.rmtree("@efiSysMountPoint@/efi/memtest86", ignore_errors=True)
+    if "@memtest86@" != "":
+        mkdir_p("@efiSysMountPoint@/efi/memtest86")
+        for path in glob.iglob("@memtest86@/*"):
+            if os.path.isdir(path):
+                shutil.copytree(path, os.path.join("@efiSysMountPoint@/efi/memtest86", os.path.basename(path)))
+            else:
+                shutil.copy(path, "@efiSysMountPoint@/efi/memtest86/")
+
+        memtest_entry_file = "@efiSysMountPoint@/loader/entries/memtest86.conf"
+        memtest_entry_file_tmp_path = "%s.tmp" % memtest_entry_file
+        with open(memtest_entry_file_tmp_path, 'w') as f:
+            f.write(MEMTEST_BOOT_ENTRY)
+        os.rename(memtest_entry_file_tmp_path, memtest_entry_file)
+
+    # Since fat32 provides little recovery facilities after a crash,
+    # it can leave the system in an unbootable state, when a crash/outage
+    # happens shortly after an update. To decrease the likelihood of this
+    # event sync the efi filesystem after each update.
+    rc = libc.syncfs(os.open("@efiSysMountPoint@", os.O_RDONLY))
+    if rc != 0:
+        print("could not sync @efiSysMountPoint@: {}".format(os.strerror(rc)), file=sys.stderr)
+
+
+if __name__ == '__main__':
+    main()
diff --git a/secrets/nutty-noon.yaml b/secrets/nutty-noon.yaml
index ac8616e2..35a02325 100644
--- a/secrets/nutty-noon.yaml
+++ b/secrets/nutty-noon.yaml
@@ -1,26 +1,28 @@
 network:
     wireguard:
-        privkey: ENC[AES256_GCM,data:y0yJd/IsKQIuYPnf/GKtQy8HXeS5PeiM0FMu1ZWqMOaO22LnJcWfQV9IZs8=,iv:nQNKSYgaQ+kgxiFRatMFGyJm3ui8iQ+xKIU9zOF2RiM=,tag:bDQE9cUrXAa8VuG0pMwf8g==,type:str]
+        privkey: ENC[AES256_GCM,data:szEM0VB3vTMs0PbquIbH/nLUOcntT0w5pggZzUEhTsUTQPbP2X20gROEK4w=,iv:T6xB0HKPtmVe/83p85y30Wwiq6bhflQCET/epa+E7PE=,tag:ThFxTCdcYXxql/bggNWIUQ==,type:str]
 services:
     nix-serve:
-        privkey: ENC[AES256_GCM,data:N2SpdR1ctfMDDQXhrQxQqGhpA7QkO3XumLFcBBUVi4MQ2VekG3NqzQfyfffxkfNB1/AJlb0KghDCde44baHCAJ6J5d3xFLluGPGp+uyLUA5qZFqqu9l6O41hOgkUu469pQ==,iv:5GZ6sPcdIdbEPMh60I5sgCqB9jhFqkwu6luxF9kpNVk=,tag:PeAJ1YEiHDFWuXYVsmGINw==,type:str]
+        privkey: ENC[AES256_GCM,data:H5bhEcGthmrPmnBx3npzBT4C6GXmxpedlsiG66m009Crca4Ho15SKUjUUVVRXPtcHO38zilJrh5tppWAkb34MSdLSYrVv0zHyeuJVG+LQmZ3SpUNTHHZwKFCfTYNXDxyqQ==,iv:w49+cYfTcz31jgMqTmFuRmIyybjrA6aDSdCZ+IovQVQ=,tag:7vYRLrZF7JFLhGXqAQOhiQ==,type:str]
     hydra:
-        gitea_token: ENC[AES256_GCM,data:MMDgCQSuRPBav6YhdW2tcE0p2s24yDzACgqdm6kBrdlpaNkXxBw8ZQ==,iv:q8ye1vW4SeHzwJjf3Mfbac76dtIYid6E61nBMWj5sUg=,tag:qskumtwySnkPKof95BvnGg==,type:str]
-        github_token: ENC[AES256_GCM,data:FRvWJ/FXNPjfvrGEVlieHENu7UmkDHobB/PwAVVI4nZxtzGLqwljPg==,iv:8supeS0aTTRiVh1e5X4RNs9zP2UAKNF9JNZjw1geMPY=,tag:1RutlYl8soA+raxEZJT3CA==,type:str]
-        aws_credentials: ENC[AES256_GCM,data:zztGMpBqCaPBuSehvF9MVGScGA/OlU2H/w+WVhacMkE8QxNjQsfI69Ztc8R/tktQTNn9+7vsvJlQIIDnA/SVm2PmeKsD0GVg8wEehCGz2WBWClUZ2X5tQZsmC9h1YogND7FN7vgSWjSMvMllzGa84Q==,iv:egFR0o650ZbWELL1e3hMvU5oYTNxZTY41Kn04QHlXk8=,tag:E/zMWzcTsPbPMCFy3l5LNg==,type:str]
+        gitea_token: ENC[AES256_GCM,data:3Ig/5LUJuG6kt4KPOFrACIYHPaHKd8Csb6tRoDG1V+5zEWWc1f4msA==,iv:PyLk/XPmibWC8gssbWR5ah+880ZkAML/aumwkZptlgI=,tag:JXZTLZPPbhC/6tGoFTLgng==,type:str]
+        github_token: ENC[AES256_GCM,data:8Hl1X5w7g4JsfsGohmGL2sWdEsP7HyaJKXxqNBG0VosSoLPrDNhNRw==,iv:cX1Wp9MHeGtdxkqvag7TCqju9Pq+6L5kJVQKHRszCdE=,tag:/x25BMa19jGQ7/Lf7gI7BQ==,type:str]
+        aws_credentials: ENC[AES256_GCM,data:jw2iHyAAgAWyDUj9SZX3l4qFnxfdA0rNtTi7AJhfJMnq40S3ca476c+jkHb6ETEqb85C3a1k2So7gbMhHMaWnV5te7pM0JBHDm6qau3u50PdkQUxbFZXhMjjnjhYOrxANICS/AEqv3Aiui3HLH+Xeg==,iv:DS12/Oy7yzleeOoOs4n0Ratbq7k9+8+Dti/Wk59GduA=,tag:fB8MDgrg221mdo9vztIvtg==,type:str]
 security:
     restic:
-        password: ENC[AES256_GCM,data:Mr8uOq7UtN7hdWWQQbyDfdC+jzI=,iv:Ey2Q0O+UPVhrb+z54l/w6sk3OQEAvAoMyP6TfJBRgmI=,tag:4z/NvwFpEE/QE7i/lSeexQ==,type:str]
+        password: ENC[AES256_GCM,data:h6gOInhL3WizolCbfcYM1mC1kqA=,iv:WeAGzefn1pZobi3Zw+PS5nAXTRWJ5Xj2bbtrleI92cQ=,tag:eG/xlHRL6U5G1ZtCtqGV1Q==,type:str]
     acme:
-        dns: ENC[AES256_GCM,data:vxGlQldRgsQErlZ5SzvjmDGth3Ozf3FIsREp7rPevzWEdeQzrX5U1f9enBed2Bdysa2SIdxtI5ZFl9Tql7YWBLFGURvjjeWEFE5FjoOznlYGqKDMUcnnoWcMa99fXpQAdYP1ThgRPZ69DAeLOopndHAl0KFQgwJFrRDlSDfj19orcJ4pXxGmw1dEY0SpiU71SfmS3oLyvdWNmnPklC46qcK4q/D+SON1Nk2J4O0rTDi6OgZv37fVz4I17P66L5XVzepwZGppGIJDd+IdIm/I55Q99kjeRj2VVw==,iv:WkGdSldoBepdtoIouIRTCfWVHmp9wYkYqUonzWo4H+o=,tag:/l7NAQxYzr8dfflsKhEUcw==,type:str]
-        dns2: ENC[AES256_GCM,data:j5Lmr1T1BfPKJmdf+Z9MYx7L9z/PqDTHTxYZo/osln7/wx+vlGf/1zWKq0m2AUObqIGRDqytKuOIwiGw+Q32OviEF2TwJkyLg0Dxjp5u9un8ha6FAa7YgfbHCw6W/FS8xWP/CE6ZOxgDd6e6NgPB8WcPltlsNMKtQ9gjQ6IZm4mdzfCcsjIerI6ZTkHjJHGZJSadJ8zFLeFaHosAIneDQC8ODRyDE8lSZuscIMCVhR+ynvsncSGOu7Vkh5mLPmseZjURiKrpNmxB/xkFvfdkwNnEUUJs4Da79w==,iv:yjA/yp8wOAA++hSKETPbXXOuAN0pozdgMDOFh0nNvq0=,tag:oAiiN/ol76kVEunoruAliQ==,type:str]
-        cloudflare: ENC[AES256_GCM,data:WfSxl91cv+1ztYN7AGLyNAX8tkF1OjAF5sndqVvZHpbWmq8IfeuVe1Xu/FNdZVUeSinyDCuf0uMBMlaE+frIdHbm/MrvnlVQ7oBmtmDKsj40P19TqLD77KqRfccX8tDsEeTsasFT/7fWab9zchHzmb7UMcb7372LwmAtGgtEW6AfF8RKKt7fEPJGWx8pcxKdUhFvrn6C0Wvg+yh0v0NpX3DNz8psx4zkd/BU9CGHBP+O5SIRbdSHYU8=,iv:5gPdKrlPCxKyq2hQqM/PzTgaT+xDpo6Czdf1BUpxlbI=,tag:S+A5XRHNDzSu2NuqR0id1A==,type:str]
+        dns: ENC[AES256_GCM,data:5VC6oBXZcfg3w4tX98hmvZO/Z2LK0wsHczJ4gtWGoJEu9vzMuwkLkcXkwBffL35HBXcV5NEK4X9/7TAlcM2vWNYjxBnHY3gT2763zQs9WUwQlVYLCXD3dptROUO9u0wU+Ekj/+xYY74V7WGrolzPnbrJo5/QyOcqc05N5yUu8oLCgTG9TlN7kVKUiEFBklZIolM9hoqBtYSoCQmnzigR1uc5UdLxVhAmThoJOmC9MnWym0smMqB6cTVyd27fMU4731yQSsO0Uji0BP/3LZN+S9e2/cIHI9migg==,iv:BjvU+s2mv36S89OMYGPN/c9LQEGdEIq0SMDHQys7XXU=,tag:ljhUMj8BHjRTvWYig21lgA==,type:str]
+        dns2: ENC[AES256_GCM,data:g1t7Eq800gSfqZkqGb36PxTqtV+Ah4R4Jitv29Be110kcRVTdfdKHELpCp/YelHbyjhf8w4JdoSOXqb2nXKGdpXQINidjOBHAYusZHJaRiGJWKqswSqnvUiWw0j0tyIaR7jn9Il25IjlQ4PhlpAV0fk/Ezm+COVKC8GlY03bscPCHFSpQCLdGzKv7Yl9Fz+K3excZGm1OZMOnjCoZnHsi/oT0TFeymXw+Lkm2v6/B8PVoOpe8N5woH92sFgbuIvAZIyeTIaRH8e9K4ZvOYAQMqY6SANnqL1Q0w==,iv:XRjXqZbcC80KnpoWUIDBinoVsJBCzM3tJ6v4qPcJYiw=,tag:VUgl3efofNwhFP/VcH1hLw==,type:str]
+        cloudflare: ENC[AES256_GCM,data:ONvtdegXFZuPSa/vQDZSDmQ4x8H1Qz08/i6NE6p7eJQav3c1rM1ai0oMdRMKZ1kfHGW99hkEGCacnIO0Lbg9iJbCQeR+Co/CM6G4UUeLgt3EOAI+J0aBpgMAjAbU7wPZVvG4mUarcwDkwx61tyKj/8gPhBMvArjnnUMyU3Xn+iuHHG5TeBRhX6KnlEwmcRDLWnYObmLcVzU37nque9NBrvyPT9iNANjF9WjtOnQU63EhFnTp4HUwcW8=,iv:DpQOKpdXOrTvxsWHJoIeEPc/rZJQmG3NprhEVqGpOgw=,tag:N47EaTXcFOAer2oL6wsDhQ==,type:str]
 email:
-    lotte@chir.rs: ENC[AES256_GCM,data:02v6qsTC30thvqQ4yDpYhfyNVg==,iv:rdz3HHlAyyt1TR7iUXpokIlBC8VEdS0GLoCkItBc3HY=,tag:/aNoPNoMeVGCWRT3j+F+ew==,type:str]
-    mdelenk@hs-mittweida.de: ENC[AES256_GCM,data:rXwwhdX2STqJjO2UMqW9YeXc8JtJ2DXLptZvVN9552ldRgZU7OoNiPxbYg/Kr7ZOkl/8HIg0yFa1uQIbvQxuoQ==,iv:ThZzE7m05FS1NPH/mvWF/vflxC4pmZCMX12iOUzKQfQ=,tag:qK0+ZA8486YgaW/I7BrfPQ==,type:str]
+    lotte@chir.rs: ENC[AES256_GCM,data:P6zZjE5iqqPifjwXxFtXwNFnKg==,iv:m9bCuByKC+ppg/+K97hwkuO29bdtID8bFW4Ie7hwAgA=,tag:2sNxBWery9H+Mu5hzJPELA==,type:str]
+    mdelenk@hs-mittweida.de: ENC[AES256_GCM,data:gxUiw3kGER3g6MLfy6xDWQhsWnkvvmn68bBYaXf7JTs7/KPSv25kQatziMvotjkkSDmjqP0/r5fqlVLI+QnPUQ==,iv:Ry4LhbEhgI6J61nQ6bGhu1Y8ZLSdAP3rEAMbI/h0j7c=,tag:woIMx78b8Fb2yvsBznwOZw==,type:str]
 password:
-    root: ENC[AES256_GCM,data:PioiMzGCro6vLXfCkJrmWN+SZkwdCSiHUXMmmtK3FLl2XRhtYFixeiDI+YFNT3SmdJ3clI4R+IrEV2pMjXX/jHejI80NnTzJU32Rp2/dYxwz6qk9vNwRC1OiyrsF67sg4VoSBVinbGMVuA==,iv:bIRfmXQqdv+PJDpHtnjR5RJUd5E5HC+Q+kN1ncRdUMU=,tag:6PAVQ1DPh5+5BrWkZrp4MQ==,type:str]
-    darkkirb: ENC[AES256_GCM,data:b1yBZSqsJh3Er8/U7dLa3L92uoe3/MH2xoOK+eOAjNYAL5kJD2yf+5ikTR9N+bRsVTjoGxfcpYfbx08WSK9NY8lP0u7zdQ32g9gyWSlpZiFjm9yQd3iwdxbnrtNYMd6fmSqTaPOAQqW9ww==,iv:Q1nuM+lmpqAJgiBKISjOKdLjTRJD3YFjaSDR6j1e43w=,tag:2O/3LY9hIvcixGtshWVDDg==,type:str]
+    root: ENC[AES256_GCM,data:EqOfup6j6v1rhfjN5/zKTgN/QuUVytSeed3F0Tj+lWRtPUCmP1CdXTt7dzU98LA88S48M9C4c2sQ3SsJnfoApvZ2VGfMeoMo40mdEaSJR4FJo5KxR+OYjsc2BD0CGnAWBUXL8OnXB6HfYA==,iv:gXqTmyCX7OBUSBAsjDee0qG+wwkENCNtZ7VU89WQQFI=,tag:aNNJI93+L4NxV1kyW6lqUw==,type:str]
+    darkkirb: ENC[AES256_GCM,data:iTWDpNIMlh6DMSBn981M5QTYk0uFutM1i7J2aiLWILIp8yqIJgufMTNndlNPeM0CMjxAaER392f9z9pyTpxQ27JdSBO79AOflqfk280NBICMkVSOUQSEdnGaA5JLfgS4TwNbO1cSCPNlxg==,iv:ItjvSYOm68ZjjkspgVF2s4J4saq7+TIBbEaIhlQpnaI=,tag:KBlXqLL2Fh6IrSQn4Fq0mQ==,type:str]
+secureboot:
+    DB.key: ENC[AES256_GCM,data:rrZQzfgknNqcQG/MHT86LUU2KVlu6XPhgbKWZkDEdExWkPCeNjST2DZTTL1mixDjZMhrT5SqGf0Cth6P4yT/8BXolTGwYpEnxYDbx87f8NL495NvDHtLWD5koxi3d9sa0Gs4qBPcAiThJKdQ0DQsgK2CXVzN/TjHP17eixoUBEIX79hlr9RTKLXX2xqDno05/kpYL4pIp9dHeJPEwhbpjv+KzF/5+oi9bh12uTtFECOJNm/aZvsXTSDNXzpbFKbqXBg6sJZ8I5LVMjbmJYDlY5fq3K1XUmCDU67vvv9M2uEYFgy6CW0r/YjVT1NlccmlNGvwbidDAGytdwE2XXLSG+PO6KHP9XWJZfluCHAm1tz+/cSJk+Nf1URQD+yO5HI5gHiBHIslaybWfb3fZmNYpMsnY+3f2p6Pjaq6cDRu0Ga1IVvDToxxn5QG06PiCV6sIrtvoCDz43GxlQxPUCICEg8WX5zfFIEoULVtUt07/5a4tXKXz9MeogGREHaqqwizTZGdGZsDh7ioFeAJDyOUVc3+sArWsO/zWnejDLX69LyB1kmN9ygnjAPQF1+zoRjtVvHBIPiQZAPDfEgfPhNVjFLafS8D2X3rv+5SAvLoPzVx1ydUDr97BK9W5TVt78+iv/lrPdjRGQw53wtFaDHiDn8B9WwZeysY5UlViz7slkt+DoWYm4TkHVG7QQSLenNuMjPH5T8eqcVGzi1B8S6F1bA+kM8D6DwhqHLUE7EnXkyAmDpSH/7AY1YFpTpyMprJs2ebdt9jymHQbD6ZmcfzygTXjkwlt9S5uNdNisvKCLmvlGL6+Yr3zBWGyb1tgxY1MqnS2/LYjp4vucySGRr5/ttAxa/YhUN1bHlmoBVP0RJ+D2d0d1x1O/KbpAnNlz9rIp87ZnARcjkxiFIaJBB3IT09UVj1Q+gTcPRrbfMm5jnSelTsifoOWRP+9g99ESt2m+QZNeAH92qZwsYxyxXGljJyp3pLmOTJD7IWXlS0270VYi+I7XnyOdoFk6UFoMOnKgjJpzr2es207T6OIdNbrHBDB8Q7TNLOYyWv5epbqY6SFMFJRq5F36qpDD6HcHYp+iNWEJNmgsagbHNNQ+rDtooetBTmgc0R1JfOeBAaJEwl6+KhHJXiHC32YZ7VO21sRDXcXpmRT8bqNz/TnTA7wVnbCAmiLF1RFf2k3VkUvbrIpHVkgJBJhizYzRnKDQjqbmAITRGgZywSKukWA8tAGroak7ZqD7/Ym8GXY7b4x1lWorIYEHogZxe43Sbj1GlxuW7srwVQhQb3xkfLnklONtYz5h6QnjGKb374Lzn2wbZ1iFV8T6opc/+p9IOIlMsP0lLG+r821emotH+hp1ue2uTGTaTMK3v2iG2OwFKACiDfSiEpG/9KEhLN5v94Kx1BZRJoN60g26D1j5Ev8iQEMF/WN0M6uDSVYMzwqWUFzy7BlJgmwEAG2H9SThS4HAmHHsSyQL1yj124/nibohRn3jEC72mj2fphWgQ2uJP/80bZ897RDjqvMWQFFdCnjI6mV119BbNR+AFSdADby9EkU8iEW/Q/oLGR9UeWCL07gsnU+BmqWDgBBXC7RQZyMzVnwO7iPBWOY1a4iKnzEwgGbxLbLY7760X/qIX8lY07Tpc7K3U9hkQhFKAWDHtoc4G06bCMs5toVbHGWQ3QgY7LgA7izcRq2npPhDRPGvF7jnA0MBhhSaBex+u89MdhTY69+bCnbhzdz/EM1j3xAdFd3FzQaXNBKnPzzXm8wKy1KdqR79AGK/Rc1q3Z5dSHE4bvq59IwTBIOPeEueOx9Xfgr8kXw/QAabChJ0z9nmbL8t2xC9y257AIp8yzwrOmyEjUGKht9fD3dse7XU8i7PoAzE2xPJofeEXqDofloOs5kh51cr9OxIpdnsqRLC1kHrxp1kPOd74wwa3zam69NWiJkdj4NnJnVROV028R1PmhPKMpo3bRaaSs3GiKB0WoVJNkUQwkqB6zZj2AdRSHRPSo4byz6iApjENJGVOJ+DLM7ReUKL3NzmgLHP67JxKUcxq+ItQmu5O54b/A5VFosoxDnJ/Yzem9UG9YyxWOj4IEuqdSkWM/X8ceMujrF7w/ygan16kPzL0ZrACZ78X+2vKeHsYF2HoAJlLUnpMXO/lBBJTwpKD/1JEf1rcuYY6DkVNUgQAJGTq9eCyH/6cgPojAfWnCJRefVXIO+vnqNMVaT534ZpBsl9f5Mbnb2+ha2uHTKskEH3h0DsHOkWr5DduwLH8fn8d/SsoAA7eM2/GjGwUyXxfQRbDmCTmCk9nm4Iw79a2J31G7eHyP8Q5E+nlcPrICPzZdpArBuRK7gonQLjO37IXKROAl5PI/TymZnYf/dV9wEUoaXqxiKQq7u9sS6+Rbqg0TQnAZAvL0YsdEETAg1WOYcF+4Xyku255/KCMA35/yWNK2HhSUUTUFihWImN+A/8T2IgP8lvITM+sZWoz4P33DTBNHCfGlJqLynyxmZG2D43omG6mMD3RA0lpASMyb8xjw7lWlbJCtpsyFI0ERUmWQuPPp6B29/NhTWTrJXbqe6gBI1YAXlm1sDU0JpI17ojpYuMfbpRaoyIrCD3UugRlNYWIbD+nHdu444E2iyRA5YGrdxB2ssgYvwVLall5zcYeEG1mNQOzYZCbFONEWaSy/Jc0U1CTk4qDWXQ5Fpx9O5bX/+TdB50BxmT7nio9R/ElrpVgxq5czk/1psw4ze3vpf+15PyvHrY6YnTKxiNjdXADBy8Pa1RDmobh7WnDMrWia9Caek0NQPRcTyGP/Zt2ousJBwHJu7UF6bxUmXWIUiF8vrF/STqT/Jc3rXxFpTFng+ZubkwxfgG2PuykQC1jqQqezc8M61nZmd53GZ2FBi9WtMgMPsG146mwbCpGUaIYSxq4ufVdZ/QvMNEx2iQrrXgAapJjXd3UBFSR+9KKd77hdm4HEm0FMjfD/u/2X1WRTURLQbQ/YDOd+1sUajj9B7ZEFcBnLWTtxc/N4qP/LQKfsAgpYahMN+yJwTkGy+1wdPPgEohm3/sYDruin9XBxztSt9wF/PwbtRZ+cZduYBXfcfeoyWjT4xOsDCE17ohG1tnCAC7knUoVC4a3PqZJNoSDAyiGzMKLDdPerOBzcWDVX4KYQgdRvqY+cE+b9p7U8a+o3AQxi9IWUl9NpBT3UxGFSiBSVpA+dtOZ1lAv5+nDZNTeGdYhgtHe5DdsiHVtHRenhOUye8lYQyvGwz5UB/ITtYjJUaenkkhbYhUz7qFJR5hhqnQeS505+oah4ntLPzRLUIvUDdUJPjT5Zj0oA98RqrIuyCvC1A9zb6PknfVUEPxIM3+WIw0mxz0/lEZpH+1syAy3OnT/JHB5gwQtM7NHqqO8zGFOAPVwZyVOV7JFKmAU6ev++22HWIRGnlwtr4S1Te7V91+On/vlc9Z8Gt6zDVgzTCL6sWaL3JpygLagVL/MUfAvRsmmrnWQIjzfr/jDfKIVHWK+parqWI6yQdi3HYT/Jboekj3R0ADh6Zh9mbFJArIlgswlzgqIpEWDCcxBOaGUKI1VVeX1zYXdi83wNQEOy+7jGo+E9whWTskmNUY5AGpK8u5933Ycp768vNMcD0qf4JDBdyWh+y0z0AS0649f3mnc9YewUa3HLH3qfSNnLhLwNvE66K1fxKVcvS50pUXaDKDAsGFFDAt2QhlNBU5FdFP20hAQjXHRfXtOS0ZKvHoyHFF6k33ObhCr6h7rQ5+KNBU2X0Vd9s4eyH+18EdwTaHhE7v5ixRFIOyxBysKuiEGaGV8A4jqEiOgbzaHuUb4XSfJENPpl17fHSY8tcJwBHXImUHtAv0rE3zgqKX98Jn0044C9/rfRF/llKTNKSZ8rjNu/sH+GQSvUry0FjMfmd2CnkXWZD9gjoKHEnd3xZO11IewdLIfZLBIj0B1O55VCU6/QS+js8YOAQzfqNrQxB5Q0PQz1OG58Wo1y2XnOGcTTiTRYWWtOTdKE2U2J0RT45Bb44iT0YWaWM52aQIPY7Ac007kmHAIskw83orUO/ELQdRvv+eQ4tV+ylSR3uZyplVQR7jPqb/2N3hdcfKdXNpUMr7lgNn1dKH4MtPsjWhmpmhPGVqut78Eby1Lr+uTDC4SzbwVVpYmXP3PPH8r/9boMDPjgVjRDiyny9NTIlQx39jHedX46vFruS1tr1TWWNT+CpUuNNLWGCnK8yx1HuiXCkwwv0e90PsBQZCsVrGqtd7NaiStZO2DXMFBwgz41vgjn/4IC3n+MVg5BGfmRMicIlYN0SWuH/oMUJNnSsNhuD0/j0Y+VmcLwsc3plgi4qo24IFiXZB1c5RfF9l2BPN3jrGUjETyD0O5LI0E=,iv:OFiuSu/Kh8mf4BxwtbpT4TH4oDS+YXu0GFK5/Zy+C/w=,tag:Fu4WeWJhWwQGFLB1c3qyXg==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -30,24 +32,24 @@ sops:
         - recipient: age1wfftrnyngg7nxcwvt7m590fwx3w7p4kkrjn9uprjq0u3k3ym4s3qqzkmzm
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzcDBaa0FXM21xNGErS3RH
-            S0gzZjJ1ZEFNTTFUZElMVFErVU0vbmVqQ0N3ClNpODB6djJ1bCtHNkVyQXFXWEpN
-            MkVabkJEUDJ4enVIRHFmcGlBRmsxcjgKLS0tIDBsTllyYXdsK0NLSDRKTkFRbk9P
-            U0JxSTR3WEFvZjVoMjJsV3NYNVFpYTAKxCpvEDbEjh3sNR+2X7AsReYPxi9n3bpP
-            g+IVnv+EX9CkqBNbpAHiwqzekVXNqM7SxMmgSasZ4IGRK1Wcf5NU0w==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUTnNSMC9lMmN0eVh6ck1i
+            Z0piR3ZnVTZNSTZCZTdGZld1b084L1RlWm40Ck9RNk0zWVVVWE5MeVo5S20ycW5W
+            c1J5T0JiRlNvU2t1MVlwU0FGbjRqV0EKLS0tIE9FZnVvQzEycjVnVGNJbVA1Q0li
+            eEtjUkdQek1peEdhbXpnSDJ6ZWlQQ00K+wUZi9x5ja1832ov4DYxCH5fbfZFkXv1
+            8U5idFtpxkQQH1mYKfBASC/3WbpH/xv3SCpIpqisqEVc7lL/2xD9cQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-04-13T14:30:15Z"
-    mac: ENC[AES256_GCM,data:jYbhAoFF6giESwzrWh1lpORjERoDl1sAOViYuaffslyBMc/RAH4i6LTCdtaMbqckciuxjppQeVvSXNU/TgjrASNHQNCgG4UDGZD91vx4tdLeABCCq/b65eTjUi9pNdFm5GzGaySvYzztcPxcVnqhaIY3z5N1fBQKYWu4LAJbqRM=,iv:ZqPomgoGoge/wPRdO0BEXt5Zh6VSTr2mS/iStUvLcbE=,tag:/EByxD3yAZ9MP1u+/hXo8A==,type:str]
+    lastmodified: "2022-04-20T07:17:38Z"
+    mac: ENC[AES256_GCM,data:ESjkNG8vQXJY9L2M8R/tuFtgjIR3UTIibwqTXKnU0/dxxdrr+y8jCdn2h4Yqm6BuZOCF6S4NRUsqLd1GoTORMyEENjpyhglhvld+bArZWQs/S3DDApgU5H9/gppDSVNN0XQTifsk9Wabm/ZPlfeBWKoGTbSQBKnMrX+LHiiwN/Q=,iv:5FURepA8YIps+nJMczarLdt27BQC2moSvG6qoz2+Z/o=,tag:2ikHAzF3lAiEB+uQozMOww==,type:str]
     pgp:
-        - created_at: "2022-04-02T06:17:40Z"
+        - created_at: "2022-04-20T07:17:37Z"
           enc: |
             -----BEGIN PGP MESSAGE-----
 
-            hF4DAAAAAAAAAAASAQdACVlYZwj9xdlHrbQ/yMc8jx0Ls3LSAyWGqJiIaj1ksRsw
-            XvU2dbAYhSLrpJSkTU+lSmjXFmPrq7GnkNKy+bPFWu7bmghKItXpO//6AcU7IB9m
-            0l4BOrloU1EedUf6rJUewUtQP7nNXsJ+iqWOMpN5Y6GX4UWeXMZ8AgSEqpHni9QV
-            KFa5VdU73/ms2+zatFxqj1bix4ZZqsxwapWreyKgo2jwIOVLZyHAu9TyoN7rLyLP
-            =x+Y/
+            hF4DAAAAAAAAAAASAQdAxefXUpTNr2aKPMHYv7vh1VygwqEGmUF/jLnmUvhY+Akw
+            okJvyJqVK2Fe2t/FOxBVfmfktMQ0K7GN6aoIGrRl6BLu1hUzRHyURYquKqOpDAPt
+            0l4BOoRh/9iRaDICkEh0dG3OSgL7xG3L/QcNXB0K6H/tYBzfIJ0oCmCqwaG9khm8
+            5dqZtQ9x0Oxfdp6LfSwRk4C18n/fzDz4DydPH4IbURhXDVUu34p/Alg6kjwGYFyM
+            =xlEM
             -----END PGP MESSAGE-----
           fp: 46C6A7E14BC7812E86C2700737FE303AAC2D06CD
     unencrypted_suffix: _unencrypted