From 912ddde3ed7ac99602a40cf8f1b6cb8195d360de Mon Sep 17 00:00:00 2001 From: Anthony Rocha <116300062+rusty1968@users.noreply.github.com> Date: Tue, 9 Sep 2025 14:59:18 -0700 Subject: [PATCH 1/7] Add files via upload --- docs/src/mctp-architecture-1.svg | 1 + 1 file changed, 1 insertion(+) create mode 100644 docs/src/mctp-architecture-1.svg diff --git a/docs/src/mctp-architecture-1.svg b/docs/src/mctp-architecture-1.svg new file mode 100644 index 0000000..d3e851d --- /dev/null +++ b/docs/src/mctp-architecture-1.svg @@ -0,0 +1 @@ +

Hubris PRoT System

BMC/Management Controller

Sensor Management

Traditional I2C Layer

MCTP Transport Layer

MCTP Protocol Layer

Application Layer

I2C MCTP

I2C MCTP Backup

Raw Packets

Routed Messages

Routed Messages

Routed Messages

Control Messages

IPC

IPC

BMC
MCTP Controller

PLDM Task
Firmware Update

SPDM Task
Attestation

Vendor Task
Custom Protocol

MCTP Control Task
Endpoint Management

MCTP Router Task
Message Routing & I2C Owner

I2C Controller 2
Dedicated MCTP Bus A

I2C Controller 3
Dedicated MCTP Bus B

I2C Server Task
Shared Resource Model

I2C Controller 4
Sensors/PMBus

I2C Controller 7
FRU/Expansion

Sensor Manager

Thermal Monitor

 \ No newline at end of file From 62cd28d0207cd56a8accd087982613b7ddf2a7e8 Mon Sep 17 00:00:00 2001 From: Anthony Rocha <116300062+rusty1968@users.noreply.github.com> Date: Tue, 9 Sep 2025 15:01:04 -0700 Subject: [PATCH 2/7] Create mctcp-i2-resource-management.md --- docs/src/mctcp-i2-resource-management.md | 104 +++++++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100644 docs/src/mctcp-i2-resource-management.md diff --git a/docs/src/mctcp-i2-resource-management.md b/docs/src/mctcp-i2-resource-management.md new file mode 100644 index 0000000..4638dab --- /dev/null +++ b/docs/src/mctcp-i2-resource-management.md @@ -0,0 +1,104 @@ +## Architecture Description + +This diagram illustrates the **Hybrid Direct Ownership** architecture for MCTP integration in Hubris, demonstrating how Platform Root of Trust (PRoT) systems can achieve optimal performance and security through selective resource management strategies. + +### **System Overview** + +The architecture is divided into two distinct domains: + +1. **MCTP Domain** - High-performance, security-critical communication using direct hardware ownership +2. **Traditional I2C Domain** - Backward-compatible, shared resource model for existing functionality + +### **External Components** + +**BMC/Management Controller** (Orange) +- Represents the external Baseboard Management Controller +- Communicates with the Hubris PRoT system via I2C MCTP protocol +- Connects to both primary and backup MCTP buses for redundancy + +### **MCTP Domain Components** + +#### **Application Layer** (Blue) +- **PLDM Task**: Handles Platform Level Data Model operations including firmware updates, sensor readings, and platform management +- **SPDM Task**: Manages Security Protocol and Data Model for attestation, measurement, and secure communication +- **Vendor Task**: Processes vendor-specific MCTP protocols and custom management functions + +#### **MCTP Protocol Layer** (Blue) +- **MCTP Control Task**: + - Manages MCTP endpoint discovery and configuration + - Handles MCTP control messages (Set/Get Endpoint ID, etc.) + - Software-only task with no direct hardware ownership + - Communicates with MCTP Router Task via IPC + +- **MCTP Router Task**: + - **Primary responsibility**: Direct ownership of I2C controllers 2 and 3 + - **Transport layer**: Handles raw I2C MCTP packet transmission and reception + - **Protocol layer**: Routes incoming MCTP messages to appropriate application tasks + - **Performance critical**: Provides sub-10μs latency for real-time security protocols + +#### **MCTP Transport Layer** (Green) +- **I2C Controller 2**: Dedicated MCTP Bus A - primary secure communication channel +- **I2C Controller 3**: Dedicated MCTP Bus B - backup/redundant secure communication channel +- Both controllers are exclusively owned by the MCTP Router Task + +### **Traditional I2C Domain Components** + +#### **Traditional I2C Layer** (Purple) +- **I2C Server Task**: + - Implements the shared resource model + - Manages multiple I2C controllers for backward compatibility + - Provides IPC-based access to I2C resources + +- **I2C Hardware Controllers**: + - **I2C Controller 4**: Sensors and PMBus devices + - **I2C Controller 7**: FRU (Field Replaceable Unit) and expansion interfaces + +#### **Sensor Management** (Purple) +- **Sensor Manager**: Collects environmental and system sensor data +- **Thermal Monitor**: Manages thermal policies and fan control +- Both tasks access I2C hardware through the I2C Server Task via IPC + +### **Communication Flows** + +#### **MCTP Communication Flow** (Dotted lines) +1. BMC initiates I2C MCTP communication on primary bus (I2C Controller 2) +2. Backup communication available on secondary bus (I2C Controller 3) +3. MCTP Router Task receives raw I2C packets directly from hardware + +#### **MCTP Protocol Flow** (Solid arrows) +1. **Raw packet processing**: MCTP Router Task processes incoming I2C packets +2. **Message routing**: Router determines destination based on MCTP message type +3. **Application delivery**: Routed messages delivered to PLDM, SPDM, or Vendor tasks +4. **Control message handling**: MCTP control messages routed to MCTP Control Task + +#### **Traditional I2C Flow** (Solid arrows) +1. **IPC requests**: Sensor Manager and Thermal Monitor send I2C requests via IPC +2. **Server processing**: I2C Server Task handles requests and accesses hardware +3. **Hardware operation**: Server controls I2C Controllers 4 and 7 for sensor operations + +### **Key Architectural Benefits** + +#### **Performance Optimization** +- **Direct hardware access** for MCTP eliminates IPC overhead +- **Dedicated buses** prevent contention between security-critical MCTP and routine sensor traffic +- **Hardware redundancy** with dual MCTP buses ensures communication reliability + +#### **Security Isolation** +- **Complete separation** between MCTP security domain and traditional I2C operations +- **No shared resources** between security-critical and general-purpose functions +- **Attack surface reduction** through hardware-enforced boundaries + +#### **Maintainability** +- **Backward compatibility** preserved for existing I2C sensor infrastructure +- **Clear separation of concerns** between performance-critical and general-purpose operations +- **Incremental deployment** allows gradual migration strategies + +#### **Resource Efficiency** +- **Optimal resource allocation** based on performance and security requirements +- **Reuse of existing infrastructure** for non-critical operations +- **Scalable architecture** supporting future protocol additions + +This hybrid approach represents the optimal balance between performance, security, and implementation complexity for MCTP integration in Hubris-based PRoT systems. + +![MCTP Architecture Diagram](mctp-architecture.svg) + From f20126750fdf67784f025d90ea46ff13530dc765 Mon Sep 17 00:00:00 2001 From: Anthony Rocha Date: Tue, 9 Sep 2025 15:45:00 -0700 Subject: [PATCH 3/7] docs: Add MCTP Partitioned Resource Architecture documentation Create documentation for MCTP integration in Hubris using a partitioned resource architecture that separatesl MCTP transport from general-purpose I2C operations. --- docs/images/mctp-i2c-domains.svg | 1 + docs/src/mctp-i2-resource-partition.md | 155 +++++++++++++++++++++++++ 2 files changed, 156 insertions(+) create mode 100644 docs/images/mctp-i2c-domains.svg create mode 100644 docs/src/mctp-i2-resource-partition.md diff --git a/docs/images/mctp-i2c-domains.svg b/docs/images/mctp-i2c-domains.svg new file mode 100644 index 0000000..d3e851d --- /dev/null +++ b/docs/images/mctp-i2c-domains.svg @@ -0,0 +1 @@ +

Hubris PRoT System

BMC/Management Controller

Sensor Management

Traditional I2C Layer

MCTP Transport Layer

MCTP Protocol Layer

Application Layer

I2C MCTP

I2C MCTP Backup

Raw Packets

Routed Messages

Routed Messages

Routed Messages

Control Messages

IPC

IPC

BMC
MCTP Controller

PLDM Task
Firmware Update

SPDM Task
Attestation

Vendor Task
Custom Protocol

MCTP Control Task
Endpoint Management

MCTP Router Task
Message Routing & I2C Owner

I2C Controller 2
Dedicated MCTP Bus A

I2C Controller 3
Dedicated MCTP Bus B

I2C Server Task
Shared Resource Model

I2C Controller 4
Sensors/PMBus

I2C Controller 7
FRU/Expansion

Sensor Manager

Thermal Monitor

 \ No newline at end of file diff --git a/docs/src/mctp-i2-resource-partition.md b/docs/src/mctp-i2-resource-partition.md new file mode 100644 index 0000000..8771e82 --- /dev/null +++ b/docs/src/mctp-i2-resource-partition.md @@ -0,0 +1,155 @@ +## Architecture Description + +This diagram illustrates the **Partitioned Resource Architecture** for MCTP integration in Hubris, demonstrating how Platform Root of Trust (PRoT) systems can achieve optimal performance and security through selective resource management strategies. + +### **System Overview** + +The architecture is divided into two distinct domains: + +1. **MCTP Domain** - High-performance, security-critical communication using direct hardware ownership +2. **General Purpose I2C Domain** - Server-based resource management for non-transport functionality + +### **Key Motivations** + +The partitioned approach addresses critical reliability and performance concerns in shared I2C environments: + +- **Blast Radius Limitation**: I2C failures in one domain (e.g., a stuck sensor) cannot impact the other domain's operations +- **Blocking Prevention**: Eliminates scenarios where security-critical MCTP tasks could be blocked waiting for I2C server tasks that are servicing slow or unresponsive devices in the general-purpose domain +- **Fault Isolation**: Hardware or software failures in sensor management cannot compromise MCTP security protocols + +### **External Components** + +**BMC/Management Controller** (Orange) +- Represents the external Baseboard Management Controller +- Communicates with the Hubris PRoT system via I2C MCTP protocol +- Connects to both primary and backup MCTP buses for redundancy + +### **MCTP Domain Components** + +#### **Application Layer** (Blue) +- **PLDM Task**: Handles Platform Level Data Model operations including firmware updates, sensor readings, and platform management +- **SPDM Task**: Manages Security Protocol and Data Model for attestation, measurement, and secure communication +- **Vendor Task**: Processes vendor-specific MCTP protocols and custom management functions + +#### **MCTP Protocol Layer** (Blue) +- **MCTP Control Task**: + - Manages MCTP endpoint discovery and configuration + - Handles MCTP control messages (Set/Get Endpoint ID, etc.) + - Software-only task with no direct hardware ownership + - Communicates with MCTP Router Task via IPC + +- **MCTP Router Task**: + - **Primary responsibility**: Direct ownership of I2C controllers 2 and 3 + - **Transport layer**: Handles raw I2C MCTP packet transmission and reception + - **Protocol layer**: Routes incoming MCTP messages to appropriate application tasks + - **Performance critical**: Optimized for low-latency real-time security protocols + +#### **MCTP Transport Layer** (Green) +- **I2C Controller 2**: Dedicated MCTP Bus A - primary secure communication channel +- **I2C Controller 3**: Dedicated MCTP Bus B - backup/redundant secure communication channel +- Both controllers are exclusively owned by the MCTP Router Task + +*Note: Controller numbers (2, 3, 4, 7) are examples and will vary based on specific hardware implementations.* + +### **General Purpose I2C Domain Components** + +#### **General Purpose I2C Layer** (Purple) +- **I2C Server Task**: + - Provides server-based resource management via IPC + - Manages multiple I2C controllers for backward compatibility + - Provides IPC-based access to I2C resources + +- **I2C Hardware Controllers**: + - **I2C Controller 4**: Sensors and PMBus devices + - **I2C Controller 7**: FRU (Field Replaceable Unit) and expansion interfaces + +#### **Sensor Management** (Purple) +- **Sensor Manager**: Collects environmental and system sensor data +- **Thermal Monitor**: Manages thermal policies and fan control +- Both tasks access I2C hardware through the I2C Server Task via IPC + +### **Communication Flows** + +#### **MCTP Communication Flow** (Dotted lines) +1. BMC initiates I2C MCTP communication on primary bus (I2C Controller 2) +2. Backup communication available on secondary bus (I2C Controller 3) +3. MCTP Router Task receives raw I2C packets directly from hardware + +#### **MCTP Protocol Flow** (Solid arrows) +1. **Raw packet processing**: MCTP Router Task processes incoming I2C packets +2. **Message routing**: Router determines destination based on MCTP message type +3. **Application delivery**: Routed messages delivered to PLDM, SPDM, or Vendor tasks +4. **Control message handling**: MCTP control messages routed to MCTP Control Task + +#### **General Purpose I2C Flow** (Solid arrows) +1. **IPC requests**: Sensor Manager and Thermal Monitor send I2C requests via IPC +2. **Server processing**: I2C Server Task handles requests and accesses hardware +3. **Hardware operation**: Server controls I2C Controllers 4 and 7 for sensor operations + +### **Key Architectural Benefits** + +#### **Performance Optimization** +- **Direct hardware access** for MCTP eliminates IPC overhead +- **Dedicated buses** prevent contention between security-critical MCTP and routine sensor traffic +- **Hardware redundancy** with dual MCTP buses ensures communication reliability + +#### **Security Isolation** +- **Complete separation** between MCTP security domain and general purpose I2C operations +- **No shared resources** between security-critical and general-purpose functions +- **Attack surface reduction** through hardware-enforced boundaries + +#### **Maintainability** +- **Backward compatibility** preserved for existing I2C sensor infrastructure +- **Clear separation of concerns** between performance-critical and general-purpose operations +- **Incremental deployment** allows gradual migration strategies + +#### **Resource Efficiency** +- **Optimal resource allocation** based on performance and security requirements +- **Reuse of existing infrastructure** for non-critical operations +- **Scalable architecture** supporting future protocol additions + +### **Trade-offs and Considerations** + +#### **Implementation Considerations** +- **Additional tasks**: More tasks required compared to unified I2C server approach, but each with simpler, focused responsibilities +- **Resource allocation**: Need to carefully assign I2C controllers to appropriate domains during system design +- **Separate codepaths**: MCTP and general-purpose I2C operations use different patterns, but this enables domain-specific optimizations + +#### **Reduced Flexibility** +- **Static partitioning**: I2C controllers dedicated to MCTP domain cannot be repurposed for other uses +- **Hardware dependencies**: Architecture requires sufficient I2C controllers to support domain separation + +#### **Implementation Challenges** +- **Task priorities**: Must carefully configure task priorities to ensure MCTP Router Task can preempt when necessary +- **Error handling**: Direct hardware ownership requires robust error recovery mechanisms in MCTP Router Task +- **Testing complexity**: Need separate test strategies for both direct ownership and server-based patterns + +#### **When This Architecture May Not Be Suitable** +- **Resource-constrained systems**: Platforms with limited I2C controllers may not support domain separation (note: server-class SoCs typically provide 8+ I2C controllers, making partitioning highly feasible) +- **Simple deployments**: Systems with minimal I2C traffic may not benefit from the added complexity +- **Highly dynamic requirements**: Applications needing frequent reassignment of I2C resources between functions + +This partitioned approach represents the optimal balance between performance, security, and implementation complexity for MCTP integration in Hubris-based PRoT systems. + +### **Glossary** + +**BMC (Baseboard Management Controller)** - A specialized microcontroller that manages the interface between system management software and platform hardware. + +**FRU (Field Replaceable Unit)** - A circuit board, part, or assembly that can be quickly and easily removed from a computer or other piece of electronic equipment and replaced by the user or technician. + +**Hubris** - A microkernel-based operating system designed for deeply embedded systems, emphasizing memory safety and deterministic behavior. + +**IPC (Inter-Process Communication)** - Mechanisms that allow processes or tasks to communicate and synchronize with each other. + +**MCTP (Management Component Transport Protocol)** - A protocol for communication between management controllers and managed devices, designed to be transport-agnostic. + +**PLDM (Platform Level Data Model)** - A specification that defines data formats and commands for platform management operations like firmware updates, sensor monitoring, and inventory management. + +**PMBus** - A power management protocol that uses I2C/SMBus for communication with power management devices. + +**PRoT (Platform Root of Trust)** - A computing engine capable of making attestations about the platform's integrity and identity. + +**SPDM (Security Protocol and Data Model)** - A protocol for device authentication, measurement, and secure communication in platform management scenarios. + +![MCTP Architecture Diagram](../images/mctp-i2c-domains.svg) + From 18055bef5f43d56c1dec02e1140d6f59dde7d2f3 Mon Sep 17 00:00:00 2001 From: Anthony Rocha Date: Tue, 9 Sep 2025 17:14:39 -0700 Subject: [PATCH 4/7] delete old files --- docs/src/mctcp-i2-resource-management.md | 104 ----------------------- docs/src/mctp-architecture-1.svg | 1 - 2 files changed, 105 deletions(-) delete mode 100644 docs/src/mctcp-i2-resource-management.md delete mode 100644 docs/src/mctp-architecture-1.svg diff --git a/docs/src/mctcp-i2-resource-management.md b/docs/src/mctcp-i2-resource-management.md deleted file mode 100644 index 4638dab..0000000 --- a/docs/src/mctcp-i2-resource-management.md +++ /dev/null @@ -1,104 +0,0 @@ -## Architecture Description - -This diagram illustrates the **Hybrid Direct Ownership** architecture for MCTP integration in Hubris, demonstrating how Platform Root of Trust (PRoT) systems can achieve optimal performance and security through selective resource management strategies. - -### **System Overview** - -The architecture is divided into two distinct domains: - -1. **MCTP Domain** - High-performance, security-critical communication using direct hardware ownership -2. **Traditional I2C Domain** - Backward-compatible, shared resource model for existing functionality - -### **External Components** - -**BMC/Management Controller** (Orange) -- Represents the external Baseboard Management Controller -- Communicates with the Hubris PRoT system via I2C MCTP protocol -- Connects to both primary and backup MCTP buses for redundancy - -### **MCTP Domain Components** - -#### **Application Layer** (Blue) -- **PLDM Task**: Handles Platform Level Data Model operations including firmware updates, sensor readings, and platform management -- **SPDM Task**: Manages Security Protocol and Data Model for attestation, measurement, and secure communication -- **Vendor Task**: Processes vendor-specific MCTP protocols and custom management functions - -#### **MCTP Protocol Layer** (Blue) -- **MCTP Control Task**: - - Manages MCTP endpoint discovery and configuration - - Handles MCTP control messages (Set/Get Endpoint ID, etc.) - - Software-only task with no direct hardware ownership - - Communicates with MCTP Router Task via IPC - -- **MCTP Router Task**: - - **Primary responsibility**: Direct ownership of I2C controllers 2 and 3 - - **Transport layer**: Handles raw I2C MCTP packet transmission and reception - - **Protocol layer**: Routes incoming MCTP messages to appropriate application tasks - - **Performance critical**: Provides sub-10μs latency for real-time security protocols - -#### **MCTP Transport Layer** (Green) -- **I2C Controller 2**: Dedicated MCTP Bus A - primary secure communication channel -- **I2C Controller 3**: Dedicated MCTP Bus B - backup/redundant secure communication channel -- Both controllers are exclusively owned by the MCTP Router Task - -### **Traditional I2C Domain Components** - -#### **Traditional I2C Layer** (Purple) -- **I2C Server Task**: - - Implements the shared resource model - - Manages multiple I2C controllers for backward compatibility - - Provides IPC-based access to I2C resources - -- **I2C Hardware Controllers**: - - **I2C Controller 4**: Sensors and PMBus devices - - **I2C Controller 7**: FRU (Field Replaceable Unit) and expansion interfaces - -#### **Sensor Management** (Purple) -- **Sensor Manager**: Collects environmental and system sensor data -- **Thermal Monitor**: Manages thermal policies and fan control -- Both tasks access I2C hardware through the I2C Server Task via IPC - -### **Communication Flows** - -#### **MCTP Communication Flow** (Dotted lines) -1. BMC initiates I2C MCTP communication on primary bus (I2C Controller 2) -2. Backup communication available on secondary bus (I2C Controller 3) -3. MCTP Router Task receives raw I2C packets directly from hardware - -#### **MCTP Protocol Flow** (Solid arrows) -1. **Raw packet processing**: MCTP Router Task processes incoming I2C packets -2. **Message routing**: Router determines destination based on MCTP message type -3. **Application delivery**: Routed messages delivered to PLDM, SPDM, or Vendor tasks -4. **Control message handling**: MCTP control messages routed to MCTP Control Task - -#### **Traditional I2C Flow** (Solid arrows) -1. **IPC requests**: Sensor Manager and Thermal Monitor send I2C requests via IPC -2. **Server processing**: I2C Server Task handles requests and accesses hardware -3. **Hardware operation**: Server controls I2C Controllers 4 and 7 for sensor operations - -### **Key Architectural Benefits** - -#### **Performance Optimization** -- **Direct hardware access** for MCTP eliminates IPC overhead -- **Dedicated buses** prevent contention between security-critical MCTP and routine sensor traffic -- **Hardware redundancy** with dual MCTP buses ensures communication reliability - -#### **Security Isolation** -- **Complete separation** between MCTP security domain and traditional I2C operations -- **No shared resources** between security-critical and general-purpose functions -- **Attack surface reduction** through hardware-enforced boundaries - -#### **Maintainability** -- **Backward compatibility** preserved for existing I2C sensor infrastructure -- **Clear separation of concerns** between performance-critical and general-purpose operations -- **Incremental deployment** allows gradual migration strategies - -#### **Resource Efficiency** -- **Optimal resource allocation** based on performance and security requirements -- **Reuse of existing infrastructure** for non-critical operations -- **Scalable architecture** supporting future protocol additions - -This hybrid approach represents the optimal balance between performance, security, and implementation complexity for MCTP integration in Hubris-based PRoT systems. - -![MCTP Architecture Diagram](mctp-architecture.svg) - diff --git a/docs/src/mctp-architecture-1.svg b/docs/src/mctp-architecture-1.svg deleted file mode 100644 index d3e851d..0000000 --- a/docs/src/mctp-architecture-1.svg +++ /dev/null @@ -1 +0,0 @@ -

Hubris PRoT System

BMC/Management Controller

Sensor Management

Traditional I2C Layer

MCTP Transport Layer

MCTP Protocol Layer

Application Layer

I2C MCTP

I2C MCTP Backup

Raw Packets

Routed Messages

Routed Messages

Routed Messages

Control Messages

IPC

IPC

BMC
MCTP Controller

PLDM Task
Firmware Update

SPDM Task
Attestation

Vendor Task
Custom Protocol

MCTP Control Task
Endpoint Management

MCTP Router Task
Message Routing & I2C Owner

I2C Controller 2
Dedicated MCTP Bus A

I2C Controller 3
Dedicated MCTP Bus B

I2C Server Task
Shared Resource Model

I2C Controller 4
Sensors/PMBus

I2C Controller 7
FRU/Expansion

Sensor Manager

Thermal Monitor

 \ No newline at end of file From 74da6a6cd1b97f77f9e661d7b43de0e61483e9fe Mon Sep 17 00:00:00 2001 From: Anthony Rocha Date: Tue, 9 Sep 2025 17:29:03 -0700 Subject: [PATCH 5/7] Convert diagram to PNG --- docs/images/mctp-i2c-domains.png | Bin 0 -> 51380 bytes docs/images/mctp-i2c-domains.svg | 1 - docs/src/mctp-i2-resource-partition.md | 2 +- 3 files changed, 1 insertion(+), 2 deletions(-) create mode 100644 docs/images/mctp-i2c-domains.png delete mode 100644 docs/images/mctp-i2c-domains.svg diff --git a/docs/images/mctp-i2c-domains.png b/docs/images/mctp-i2c-domains.png new file mode 100644 index 0000000000000000000000000000000000000000..71bf2b128bda8f08edbfe09683742b264115c3e4 GIT binary patch literal 51380 zcmeFZWmFtr@GXk#AcMOG2~KbiPH>0d5<+ly3lQAh-QC@t0KqM|ySsCTB)|W=@4avL z^F3<~tX_0apHqFRYS-S?1j);aBO%}+fPsM_eUcDS1OtPH0Rsc4hXeft(+Fsj0{sHF zQxq2hD<37;2OU5e3(5$BfmKByKIub)j^V8(KHGtTA@{s}zz3`fzkq=ae)=RLsO+qB zv<$0-Vf-R+hC(JKo_s}?=_6UC--9L=l7ajuzVY}7pIv!ikQBkyWOzY2Wdf1^-% zKUWJK_-`n{c6XBeKL@@4_W<_)#0I%GD%sK;!6DeUG)f}>#xz!9va68Xm}F9mf{F_8 z;zE|jZhE0enXSF})aDD-?TV^MT9RLjoR7gR;XkrxFD$*)_;YCflu!l@)IbY7#GTIS4*fcvo z#5LN10VZA_sU@;p(zc%KN7`o$J++>m_b;|sxrTm$8qo~qvg!ycSdA~=g(lT$qOkkL zk=Slczw>lTH!ZnXRt#*Tf`A?(0PQD*76sIBlL`+;Vx?c|jNt>pz_Y27=FN0Fvnoz? z=~&XO#iT@bCGKzyYh~{0;+z%YK(H!FLDYD2n)t;HFO8r~JeO+d<&*j2n~L@D$q0j6 z7o!K+g9!aoTe`)0){a=}sj%!uPNIc{w5$T-@>*2TE!oPi);2r$NUbB02eW-y)>t+C z_T-T`=heu*40G)*#_A2c`cyJfBTzWD>BnI}y*@uylKzB>zb`7Z-9rlF6EGNUmd3e0 zhK9YLo2P?Hv+Gl{)Ag6>mHffeLMEV{{Az$O67d=?B4-s_dJlf7CN9`>tsw0>gr5UI z2X4L~x4X{3UyJikEQa@7lzFZF>cXNH@WfbeMz$W873(~a8s}`vK4DIqfm25fv`e#C z`z-}~uBo~%&>@z+w1BA{Bis2ph;>&cB_=3@`ZQ~ty%?yoSDeQS_GV1-;jxH-sw$q^ zT0m?({>-#;b|n)U7FJtad`sb=i25%H_iHC@0`9`@#4Mxvn+bLdK7K690JZgj&=cq1 zcVI6u*BG8pdkUc!Hs6C<4Vddshq})umb0Ar;aFz1`eWp9*T*+jqb7FY=f%o;Q;Ba$ ztNVfcddr99AA7pWsmvV?Ugmc@0L)0wQwvrYZBwE*kbpVmjdI(zZ$m@WZ_OYv zCz4&pA+lTxS?WkU!vsz1*?PiyqyECsMPal|V+r0Eyv_^vHZPxNwa95ds4YSx=;XmeVsc;nCX80&xZJBD#M- zf+1V}T22I2=9e7j@`6kvc0%H&9U(qJ*VcilDtgH#JJ7td*)vJ5z*Jv}!0YPm?c;GH ziU(4oT<&%Yaw5Ehe;CswrZO36J zFVI`a@c&rn#*v+8*r9z+>Fm^HR>|j1kW`%R{PjV~IZKWg;s%?1YfkCx^BKHOC8Lmv zD@i-gruXfN7okp;Syc-Yq|#og8F*H+zT1(IpKx4fG;Gp=}{E-Pve|)t&v4O}e(wOkqxWPKGtt z1lD-dwlE9&(jWYz`dZv?CHd>AIrSxL^{N3V_p24EyXReaR2xBn8)kw592EaI(UWvr;bH|uY!VHfNgSV4{7&T zE>0;W8X4vaE!wHKuxsJ>yRyo8JL9$g$A~s(QZ(Xml#(9$afoxu`?I1T@zf}AN!vqz zggIJHE#%#S1LXPWDdjVl9*Btys-BzEXL*Mc07Sb6L)j@ZN1I}7pdV|WH9}eQW*!Ue z`8s=NSp&U%wtq?lLW{s{-=w{o^W0YUki2dwc!O8FKQs5_kJfTqdbtGB4rOBhjdpgUEa3@KpLllU*eOLO)ojNTs&Z=RcWKSgsED2qsJfQmR3W5io+Fq&zmC?F6l&gxvgq`n+gTP zCrPpPD)?GoH9d#h{lp2irYuN36@$0G&t}tLQ$Xq(%D-*%LR?&pl1O6Qh%aLu4uzR( z#9e>Tn1a$oji2#Yb1M7W_M4W@HDo%q@m=rPtaLMF6Aq%K4T(%ADjoq&w5fl-j(eFs zsd(aiLv+iZMMX&&ba?YefWSHdSJ$1&I>OSC<>EFZijzSidup2!1OO$)v2WWmQ=VVo z$vd7$*3z;^W~M*S2u?(giR&Kh=qNdVgB++JMZ-8IE+c~p=}Rb*f&#eNzx0_D5^=J9 zd2)n-c|#v~pFH#`olbY-u*kA+gzf3{^(r^@&ZBN9lAH@{i3Hql;FX`we{;f`JK( zDMD=7w<6PgyRQ4*iFF^;l1RxO4F6x~Vf*|LWn(B#5(88FyPqg=o}XnTUYK4^(B0Lk zPUTGOj$MS|&$$#}WF~lp=S-lM2f<4Thrz0fTIh%1fhRf7p7Ih$9K$$o-Hx*!s{yvP zoz3q{-#;E9pNq?HqXMe1os>f>w*^R-c5v@vL@ODq(=$; zUZd#GG?U;L*W2XnzESKvHKIhZg`e$b1;q?|bv_|w!Hw1S%kT1<>s|>wxz?h^>&Q~` z69s1e@>X}O1%noUTE~9Jx2k|F4_op7OTxM&iga!I1T@RK)?DVUH$KAH_cK#62neG+ z4zx3AnX=!;S7lg6}7}GSswf{6?PV#-?}?bAaWCV6ewuppF;3{Xll&~>pV3A#kR#Zwq5LNVIAu^2}70oMjtM2b-&+Vd2RYdBUawayJ|fu!Eplv zPe+~C`1bGJ{L1@Ix&Z`b2NC~LG-s2&@1bD~^OBBB@E<=D38T1$C?>KK+gZQl)Yw4C zi2kBAIPI$@w|&Dyjq2Ty)DBlk9J+`+PCNF|xr&EBg%6z1EuzoO%MD<;i%e3Oxfi}` zrV=!HKbi50w7RdM{(O1QlhMI<0LL-+;=KJkok^MKTFkA}@5FsQIfLREZT{yenrMkPWVo|5@h%}DJ|9C<>yKB_Sqk%q-;muE9 zC_>e#KgHB>tKfcj@0hEc*eNDw%EAgJDH7nsm&ox%`E%rZ{bI}{_98dk1i^PT^Xb5F z`0gX38^wP3XUh5IFqkt7c&F@DNH#+iUD^-*gm z{)dtnb?}7?SBJR^dmDygz@g`i?c=T)P7b+D;4Wha3@BcMA~t2L4%pv}Pn$L;?JXz6 zi-0s7WfP&$^fjkoEr+qa^OX2DK+>coX=q-(J^bdG2;ADgpv@jnm4R*P#+@Ec)Ih(h z6KvstU~Bd8={VeyTkenxm_E@``L2;*3w@qpx{bQm7tt`ltlhSv@N{*oys}jhn}E_+&!z#~`Kz`#-lU_rHc# zJ^T0AU;tZ_*sZxJAOzQO8{MbUv;}n0 zgMrobs3EHY5Mu%noryf@9ZCNoht@%qibyx+VBUb?vCQUm7mX(7^z)ycVxiv~zK*q| z3!o_s^cVMDS(^p}i7Wh@j2Kk!cQ$5z8|vjRiO2+~1pP@$C?#l0Qa`o!Loz3(&Ls^C z6pD+)E*`e$*{tzang>u#OkdUG8V&VT3`}*BAD9M2MMNPOM-2WXV^CQ1Op0(v;FqyM zQ;7?S_O4*2mJqoGkpq11=o7C`BA7Rq^m`cg|N7Id%*-!%S+W8>!>K>Hy7fdv#HlB% zSHuD}0PT%zVN2h^k$n2O@Xj2GQGTb8KKOZz#3;DX!URb;=n@2%KZxFz3=4b}-sTrc zYVkthj!pCy%w`Ytek)qC`=_+L1q}@~c^AeMOtR{?lDIS@Z>E@x!r!j=I7Mg2n ziQ{TckfJpfeEm6xgYzzX@h{RVJZCl5JKI*U1Q7|CMk+JT=CfijFh##i>AeMq`}Dtm zHO})p$=~aEHLw5261-stAkg6>;Egi)I~+b98&Fp{LtnlUm5)rcJ$a<_NYgvSHU(gN z6{Bh<=*aKv2|jJ&qu@BrfS3*9e@iAprpRwump3pyZpphMUj){qJQV_A@G!{52SpA`v)XA7r$#>DRXvS8}YYylHbcLzx69y56L zX;Q!Fno7L!wr?W=E0}HfLupS8xu06;O#W762r7`xKhz@eCIUK< zWmjtCYz!I!MeozcDtDzPMq1Q&o}tuXolgzzy``rKdM_&va^*J>|4kb?m-8Cn2%Q0C zDof@rOb|^w4fjY-gpNHrph-O1We2&;eA4sT*{qt%RW`m{z#Y$#si%;`Sik=$C~%d$ z%ng#o~nfHa~cU*B#7JcSlbv zx_21TVAi>@kVVWc%08-`X-{*2|pj||j>?2TV z8+k9%bY>aZRejR|I}%&sw^I52GBb$#$Vz9&lC|qtk$TCFbCzJ@Z2E&8*@_GD9rWf# zC$6)x*0SrT4iEolRrIyoXk*Z{G`h~8)!RrRO!w_5C}hKeMnM(v2?oP0?)S+b23y95 zJtZyG*8f9+Dg;CYg(R0d58>ZEtLb%yuos5Y`sj#K+MXuQjRAyplf0dXi08kQ3U7{MqaXOGw6kAFxT z>62v#7_&PQ=(ubOOAoI2d0?xYx%5FyTt@3Zx_T-1X@AcW#Qks)>&Jr%a?$HTg`8T& zBuhYCo;-^Q^P4A5IIx{d6x;Y1b*$qsIdf`Rq<#OP73wwxld=Njf-%;6Ie1uayA0eUzn z$+i)r46T{-84+Ume{;ixm7p0lE9B-vb&kv9fBkxU!0nkcG(`4};#fF?pOKpWR<6}2 zLEB01zKbI^{?VR-uwA#*ThI!VK)fx$CXDOH(~|Ao%oCCl-}LQ6-b-RXCw2}g*_JNfFcP0emzLa zq+)3TAeR2@ds>eaV57F5xd)ym&_Osm`<&asrU|N&K;xw_I9TW%74gT@l`&fSu+x~j zPfYCfeZx6Ru~??GL&e4C^QB=Dk0yzeLeuqMj5EYQWs|uDEG>OQaM&`8_y9JDu*|Dn zDl9IBgNOIDcFM@EIaG&iBrjIo>lR{2PSF2t^peUYcOPpQ1)NyrX2x5Q15knRW zJQ_a_oG`09z(ey<>K|mpW$L}?-+2h&+j$9ub|*vqxVP$>wEC*owN97$0sOEd!@KFQ zM?O$dq%^}XV%Ia^8QZ&CNwd;($|JG9<4o_Gn8qHp>aQiFXlOUd=$$oKHpj6nW8H3pkYyHv+OJCf5 zziuGpCru1-Nm(`F9U8y;BgK^s`W*2(yxT|mwv#41W5a-XF(c;rD&++jDJK#!*CKeg zS^eh+Ty@ujr8KC4G?2#-LU z0bKS^o%IXZZ%#wOX_Qb^`7mnuaU-VrfbtGr5LRuhxO`~!oAL@+jz{46qYpT~GoR%% zbONuP2~S__K1e#13%6c4dz4h|0EAw!tt*(GV|VD9cYn@*Bjn}!blDI z-j#cw$i7xxZAF>0<%5(zrg#%ojFNsgym~GjQ8VvSE8jG5SdBLAJk5+4u+bxbzzvo6 z$#2r|uE+Jk-JR!zSM``tL~zh0@!5zW|M!m#>(9iTl8fMDgU9ToCM4oDA%>uddE5RdK8_UB`B!dS9r+%Tk|x#{aIG;C-sM4PU@93 z5VIcrYf0_9RnuOKH}}NC@n}xXlxDE*PU#6$Vg52cG`e<(6RZ%J?kt*)bvW^hl=l&x!L!!PzwF! z{7uIq=CO|=2;mz_f6L+;Ogm%Nzfc}WbRKiM=`w0AnB*04Iv!ytN=fN|MLN307Vhv< zey6O_GvSW$5N1Chk1ozxShL2fihuY#+hsN5a)s+!u;l;MdK$jxU=<}tZ;$VW?=P$a zD&S94g+$aE_+g{T8yWc1y%I;U-P`f%XD^*aYABsYg@^yeP8zUS#7!s%Xt71K7N(OwHDn%a_Q0>fbKVij4`yHT57Gc zC~vf=UeyNR2G*F2Y99MiAjw9q;OML;FHITMHi5OW?hJwh8hTwETE(g;Ce>?7NEDCg25 zIoV#=B;aQyzU04`hX1a*K9W4fWaS9PFdMtp4b2vsr&PT4QMXi`gb#alxzKW&*-m8I zo+iruD~C@`-p@fLb;1OIgDB3^2Ibl=m(_aBSiWBA7>4`J=^S&_m_+O2X~S8+9%Sa2 z(xip1LGnHjYUWkmddhWW!%qJcP5Sj4xMvt$48Ib2rQ0U^$b)jSfKu3&Z^~MOBa2V& zSnu8OVx{XgFC9Na9f#H~mQmnJI{^#7X83nIBWlie#1b!EA421k$AVO>zqBbxHY+iP zZu-lejpgC*J8RF>@L%!D-tiV9Nd_a;58}DDIHbK;6Rduu=LYc?n-;ivjcJG z%OIRcz&Jho+i3DFg2=u@i+e9o_d)Od<oC$65ZW3MyQf4gYE>G5KJ(1%GzzB$#|ueCMb#Ld=EFQ`Z0vc3izAyJ z;&K$6l#Lsc<~VboL#Y=#dLwA&>qQR zR8xnd zjByvSH8#jpn7rwi%Yi)r*wnf;0RGVNN~q;)tT#b45mRYNcz?eVUQQ~nSu%pEP(tZJ zWOD0_u%hlukqmhjT!%M7@gQ#;#NX>QVGP0V>PG3Q%L-(dM7Ounkb^=f6J25Vz{$oS zQ-EYuaY)eI>(O!_T(L}pK|mPRqxQnV*V|Ye>%rAvIwf13F8<5RgGh4Ind=kHt3H_d z_Im`nxY?XdKvy=gn&DyuxWvg$@WpZaJmzO?))qccPD0$gyFEgN&$}N``^8?6UzTBe+a9Th>%JKo9De+IU9`y8nt+ zPTu3?S>UB;XSy~V+|O9qhQlIY)dF@wuS8pmBUEUAR$WQe-Yx_Vp0;jEphi`?%Mfqn*Z z8>u8@agau%>x~qJCd9A0if$Xmm zq>1uRvmpc#K+ou+s!Vps544vkJ}N;)Wrivn_5TbMA^vXP zo%TsUYkeTP7D$r8dBaW!0iMd2T_jh?H z<#9+5~-;3 zy*s*=N;`Wx3>8Vg2z-yh?Ev+>JAcTZY&Vng&b9I>(IKs=;yBs!;+dJf=_2&n+J%)S z38Or`v^v&_&q_)rF4l2zD&u>(;Pm@i(&hpE)(`B z98Z#cBjm0M+O4G{Y;8JisZr68>+vU{NAd6A+aC-6PTK*$oDoegE3j6!6Ji`w6%)7ZS67eaeTocRpk&TfgW9*ZSC*8zoS2vp z>+rOsrY(`zSRi_{T;bv5V4e0JxDD}JTakjBqN1Yz+S;bA&vOvEc<0ZbvQ2rfWv&lx-kxwZVf6D@l`sRlAD&#GHxMAwBBYJUVS#9!{lY-i^*H*he&`)$+DqlvS}l={i5^8FPr3m^?b3@G^L~+?qu}B`O=gz9?NVhV=MfD`+ePq^5q` z&#cV2YMABb2YVy=7pnhvKBg>SumqdP6Dvm?C0>>rDNdE!l~o8CEtrT~hJud|F)OQp z*|`$C*`Y>3BWNN0=xD02sK}@6STAo|wW?}yZSOAI{>A+NL(kN<78lcCU?+4=PHLH$ zxFj$pY&_j70|@4AnFIeLXArIOwof!v^v*W=n2gFj<{KDgA0SSHM$>*X*W~r~f0ZIO zr`d-rzn6^Xz?PDd`zM+Unjry#g~;7*{W}K=1WHRa#)7QOtoId*QmxMS3&e$`q@+wN z-0$y2Ic>Kv93FR z*kimbFljtasv3n&L8LGSI3M3q0fV9uXedjHp)xOB0vA=Zo4~ zmjmcKRVi6mu(!7{0SGI8H8q5aN-S|r`Q)zTNJK}!zqlX;?R9}-gSWrG|A)C|99-ON zsf7BNhrfC0&(-hWr{(CJ2wvs4+UALk?$1mU5L)EMctG|JP|?zhOe=~o>YO)Fzc6T$ zpEu>Is?pk&5&sX8l#r1@`tZSaZB4JNc04VRrrXaiA+{-hCP$p(&2x4FK_)QmfQNr? zJ8seWefF~+D?Po`$?K4_aD%hd+@!HxU+U$*gnqSl$7Hk+z)12GQ*`sj2 zG5683&lN`z&#SZ00|mw)=2JS}$?9HM|FW{Y4}Yr1>4%`)Yf#o0B3KT~%j0UcpHSOL zPREg5A`ngp;%*)qqH!5KD^g;%tyn9jVWX7BK_(=$FbbL#JM1H*5Fk>+22-NoxnQkoCX`{JC7#U-X4mc7Q&j=_l4_}%P z-$JWxXfS1KD-@O69!?mJOic8@+*R7XLh*%l8+4IdB>THbK}kL;HWq+^8Aokr&p{@k zraaBd1p}?E4Gb(*+yONYpm~XBQ|WnBbS^BENJvY^xk)?i8~hOT<;^T8AiwQ2LlQv% zSD@G7T}|VO_$V$e)m*r?J^`7ZubsQQ;OI5-7ty?7Bw*8#$SF=Uhmw+ElbV8^LXon3 zNs@T_o}jXd3OPBs+6j{L#nxx8Os}UqP~wpI{24km)qJ8T2F4%h5EhhD_D>fiKG$pq zrVp~Q)!B}Tp1YHijcOlOae6+<-`8}Gjw0aU;n`|x=G&-T&6$h5HQ$C$`zIxpOitST z^BI2^7|qDLO}2m7>7T=>C}WU;nqgdTJwf~aGnK4J&(adc=%^zI<9+h=j#BOd}-ZlX3NX z3qGDD{ zcel`YWQ1)0-XS`}`15DX($diF-Bnc()Q}i!fTg2r{nPE(Md=U+!nuhO@-z&8u!e=- zo_3Gn{3E$Pd9aT7FHtCzWR?O_1v3MKN!x7M_iI(#ja&lgMPfurSb~;6Jdn5u8-o8mmkgTlI3QALXq70ar57h4`#59ueaBir|)BxD3pT=aa<{iC5q!{GnsFi*L2M zBqb%;X39xxYG`De&6VRY8$dPN@B4s5!gTiciy;^OURV$k7cc1Z@rjFzv+ZQ$Ip)p+UoqOrA1I%D-wlDn3$NDso7w;x7yJ`FnIL4rr_y`$5mcl?+>>B6Mn+b z`JP3XQ55LN`S>);Gu?JZT$GgyZ4Q*Hr{nz^8^3^t)NtJJv4%#nt*ADB3Ih`pQ|Ek@ z;dZ(Y*&UV7SF*(XiVDVCWb>l642cO!i0@?TpVif=+wxgJ(Nfgiop&^ihiX+-QIQN5 zyzkQ9$tj?ziOU}eA4XeSo0ErUxIz#LZeR7kln?43vnBhes_qO=L1AQT)lpkZ_vP!( z`rY|At#&Q{%F1tFjCaXtX^CfMW-d_I7_ce_2IZwN5~668J({Ld>23W#W;_6NS6KY#91GcX9gLE9%DFMjCtb>qBx#dnnX zL&G5}o?>DTOsvzsDJd-W4t31t>bi}M^TXK2#%_rzDV<${TM*O!?ViI(w-ypxcj!It zAt52#YZ*8&1ZZevu+JhVLO_ht;^JsG#^Ci1WMpIXD*+sdx7z##THmh`1>-nvM`i#`aYvW;WBFDC(qp*o__u+bC$H>s^L zA3dYDm57k!H3dGC-JnFt6JM1SqTZj{Zg=XMA3--I=$e{R%BJ)BN+n350&Qe<7(kWA zs4ta|v#RRO-qL3!l0{H0~L!5&vpl#hITgrJfo&JCizf5|y}Hv{e@Xs9E* zAS1CHRAz((3FIdPY#)9Gca}Wi?GrDderBq#!LP%Cj@;IJavg;uT^_N-^6`xhn{aDKe(Q9C9De zGAGW`y?ZLx$Dp;0!D}^vBejtb2$BsA03w#KtLRhD)RYqP3lbiy#3(qmKe(o*=CHSb z4KS^s@Lvi3Hb3szr+eG?H^+!^zCPHDU$dGY5X!ZR zqI^9&RhpbKsJBR6?_8X(V%=_BT$+S*bx}ajc&N+J#^je^hb!6LdxV78xFS%#CA)p% zaXd;SI78=qJqUOX)(IiI+g)ELZDaQU5b>&?+*1`}g@9#7MMb&mpH&=BL^>X+{Ezf1 zGN>IFAHF^mr)gLU!j^hR^IhZ9tyOb+yQ6hO7;Kd1vgJihHUhoG?4BmaTs();(bMli1=dT z1DqP{Vl?*i7Z!F-$EL7G6D*yOSLBV1;@s)|FM>(Z3a4p<9Ri;`^74#qRaRo57Gzfnt0`qC>@L+R6O+ZF2@DS4zXXc;1x#dRz1@lE>ZP3TNcS&)As88H>l+(W z>~do8QHF&fRX~3Eo`&rfS(B0u`JNdc|7|L=ps%ix)k?n7WCc4L zJrwRG2w~t_IJ3_YZEmA3JUNz|X{6=^CVHv1I_&;O<$}>;N`Q&SjDBG8Cd>akl@9}4I zNIPhFH5}C!lg(qVY7_XM=(C(p#N&uq{{DgSsIXVC5+2bp?^AO=5M{L&)*c?VpztR| zEmYE~(d1qxez8AZ5C>r`TwE?&ZUUPNStlx*wy(y!J#VE))67f>o`lY|pS!2EMSs*ay!#JkyI<1_@QK8Q*`!RQ=+T zRS}2RHOwJc)4|i6Yt`h)AFDM3Zw&cVJ&Lu3oC!nWZD$Lec zMhdWu8Ry=2C@nP{ds{%g1tj#)VORrVC(xlls+N>&ueXr}WDFh~>t!O^+1cfmeGc`= z_pm;1pn#L%^uHdcWgcolB=da2ctr~C`OSh^d4A&0FtpiMuH^@CVpLZl>}7mO##vi| zHbH7IjF5zSv}oR}FFGgiKCz|hvv#K%eN+lJG|Me-6*zecZ+?8tCYAYBGCt8{vlyZi zsiIUcB*7Vk3J_i$j@o;gcDq{)q%ntU1+)!*YaD%oV+0VxsD;Q*K3)b_ z!@O;J2m61XIl|*0#xHR9nEBxj)~R2jhsphQ6Ys}XN@j&4>kUR@rwSwdCzpJtV}bxa zeYU+5b!?KK0GW@cx36JyWrmf!8nDgcUVf`9cH`D~a8$oIp%|WlB`6qOt`gY2#IXK6 zsRIj%3};NA`qGVtD{n-g>0C8QJ&wuD`731W1^EfeAlo3ZCkC3*HkL)9HB0 za*v%?i}bHR&AVdjUymN{Ce8WyL}x4EpFNw{wK9<);LzXv9F)Qx1O@osz02+H?}q?| z&pDsZ1~_fy<;X`zblXEyVq!2CqE}ED3C)kkKYRu^B^roBsE92pEzEN&xt%_=d%BVN zv%(=rYQg}`u*ilkTma3D@GNqB8-9XGcX{iMtd&iN^`AZai8ft>Zbd1DdR<=a8NUz= z`(L6$iqJiRcN~Q`?LKxh@W3S1vopyogz$+njB}m@{NiykH2#9b3(E}_=T}&&y!mvG z!G+^`clQ4NnVuiJ*^wuB46BzrIDt`v1q!o1-jJ%$6+hy7JA@+43=C`IT9 zi|*zbt-}c5AEAmoz6>q>`}a~X>Qx8v*>m=DC9!FUxePWaR+%FIp%qNos)2XM_O168 z-1)qxFe(w}&X;2`<9wdPLRWyuS^C~}A0)ghVQbv5FSScP}oyMN~INXgW zFs)a{(&rOG<2RhCS_ddI(~Qi&Ya8{rzhSKm85r>}6>+Dbk`;<+`CSegf3Ba?tYLpF=#g8D|j;23kb_))=J2?Wv|7D3bnfdCQx zEesuXBb1Dc3|E5o?a7U;)kokHdfS5Qm31tn7g^^_VON>|V*fZ;-o5A$64F+#@bLC$ zXMIf1sjGerTDH-+m9hJWYm3V-JrkX6L|w7FFMe}`*+8@w?2vfM9r$#;*5ZezLh1Wn~3Q;}36B+Sc zK?o`u=T{?Mw1iX9AT0T0M>O%ANd=93pRu)*y%Rn_TRI*bc7c9lQ%4eK18TX>42-EQ z(2WFR-&AkhS+CEBe*UTBn$zX8MrI0P`qMB|>Sc(~Dm)DogFs+rnHx|ODUlm*ZL41e z4t_a=VligxvBk>>?tTKr1am_Dgq9D>l6OoiC6i7y=0`7{o4SjO;rK_ZtLiG)=nE@O z;^dl_n+WY!JS*|5D|GPAr6mZh)$qg z;mTowpQ3iIJjCn%bc}L$Qj-BBy9tSm{bA}Rbw$XE>I>7@H3XCx>F9B6{b|t<#;bT{ z_7uGbe_B3y%*NHw%E~k$bif{DxcfDQNbI!dE z%**HCwe`^}@aZSk^575rVbl~9VE+CKOe}UP8r=TXALx~pm+nFW?x02OgDg2mbj5cO z0Du#%@bnkXzev)n^{yJt1xrLF-xUu}E$`O&AEigA4SL}!ItC^4?LDaYc#7iSVA41~ zH%BFnJz0_PuIESL^Jyi+*m%vESyPZwAP9TBk`5Q?aFF{xO_x=c7+-stc6_em@?PJ9 zK6iJel`BfQ7;oPtj+}=_&XxFJ^J<^-?(Rz1-o7>UP!_68l&R8%_Hm`SSpz+RflorO z(IxOwaUw?%Ra8)9OakZ#oQbw-_$AA5M|5|#dKRBA%ACxgU3_5qP2~6Qg1lWtXwAhg z$>B24OXL6WCP;F%6(J{l9bYJfl-P*=9IMb5@ zwVzYIdnd#&zqU7D`JvarfZ9f7rsp~cRQiZ%Xym(l7F4V@3cH;;T9O&asHlXcSSgmZ zlW7-6rf5Q$9hOtm(gp;5!sd!psi03~49e=I|C}R!rTlAXC?=!?6hD!Kd+^7&UJLW* zZwMr%LHey8`a%OE#`EKCyi}#qFdTq4a3TlxT#ex^`!(mxV&PzPy>YTkrm=(EVz+46 zPJ+mjfp!)7sJOVar|8VFs>%x%CB3NYAQ6%)GA=2}mx!;q>fo4|goaTU#LW2k7=WZp zVSusKF{l|H)QZ1B*-HvWFXw*0zt3h>t@C!9?0_r~O$*z+_Y!!}z{LeUq_z1;wmr~d z(Pvvf8>FIG)(8roKQZczh>3}X6ZE2C{#agi`#^mM8>p8Fw-7=)`}}ZiiY_Ra?FM?~ z58lKKM5#whN)2y&jO)ZezPcVC|%w}1i8S_DXTjP>>Lc({s0tVFHDeiHd6)ZDz0 z(2igfo}4lWN!I>H1PWY0Q+N`DBD%N?iN$J80Lh6UIWzmi?OJusB@heC&*9K<=$`QL z#vvxaHiW?4LPbXh2%=)vHd#IriOw(uknkm5UD07+>2!~0dEoO6yi<_cq!LC)gMN!v zDmx$rp%qtE)#5fJ^(_o@Gep6jfP__}@RK|>Mq_2wVjyt_h~w3kktx%Xe#d&n%5J$t zj!ln|hCnIfDuVnHc)Y5r-DLa5Ol_Mv-JTGfJVf?Bid~*Z@oE|2|^@3?kGjMRs zg~*CZ?&AFK1(R2s>^@yEa{m#G-WCXAUO;?0C#O0&C8eNAmK(4uWxWS>uuBjKh7tE8 zCwrsPN|&15e4ajoJaD}>J-r;HPBWjK?^B@&Vl6hefy7t;n3yzo21yh~5P#%Kyxs7> zID5;ms=l@DTR;Kn21)5|q`RdXq(f1B8Nn*R8aD62fAwO+^vN{D@Y;@78J|KJ-iYlJ`@ zVU5^fc`9*#cYD0pQMegYI{7ZORaNOPkY>NX6ZuwbwYWbIHzX{ewU0}eUs^JdRa8_| zGUo%zkPNMcPEOc)L8QS1ceLSQ=bKAk!NMwog=JU0+Uf|30F{7Os$rL)+Xd>bZjHC! zX&-lgw1kXIkU!i_uM|5kQc*PBesXMVVAXqU`_*20>lr*IgeOB8LaYc+ZLAwi2a?Gz z4?B5QMUBKgdlLASm> zZx72KI$E%@w6@ll77#_ps_aGjwr#Yk;521Kn1P=YXk$iA{l!?zCr66Zd+1Tf`?@0- zq~YMXWXj7dx8yZ%8Kzqr`zNvaoq1_}eg+++keYHA#LEAw<$Y2rA)KOjp+bC2ki@2f>aq1Rg+ zd}okCSf&6U)behrJj*XmDG~Tpu`w|;=&$i+RP?8Hktjxx)vWt(Z^ciy#|=mwm7*k8 zadDd2eh)N=8nxPJ7uo{bR|C;+R_Z?I96FZhkRPt^w|>7Z13e@G0W2*o@2sp52Q}jG zr?n#^8+okhN^I;~YLhx1Xb}r~0eb~zm7dBl*O7bCKd;hhk(}1oOb0fvZI2(hE*ziI z_&(t_S}h697sZlpxaRg;3nB-3 zyLCCEr^#sk1>awj#uswaV4gCm#)qB+7@$rpR{Mau543-*$<+gDsG)Lmj zedMds!|74bwpF(_gvU>W}W`6#RS z`*Vm;gxM+BL7-Q4T|V`>wI0VaW31Sc_{J#hf{-@t74gz&4vJX&2MmG%@nJq~uU8lErX))w>#8W_20yg5 zw_uU$4T>#LAkXlS1U{^55Lon>-W~YsG!{Qu57akFb-{5me~2d8q9It;3XU?mk3{`- zeYkD+sSAFn`}g;IZHBGN+#a8^Kzz2h#&*tVNa9y@EwcI*_}(qvWWFy1R&`ZW=)(A; z-xgd49_v44)(`K7sT|(i56>R18s0KtPXF-K3R7`xe?>DJ$^Blo^U%IdX7ba zBe^L4bW{@3m?J~EdJA_a{uF7w$Bp7k)KgxE&r#BUu7GU8^2s^$%7h2|7N0k1&EA8Wgu|uD6WF@`0 zW45lP#$TY$+6zQh*Pi!Pv~3(mumcabc9%+%9ov}@voqx_catUB%Yo%5iE;?PMm!)( zIg{6&yZIYfMi+EE{I$=;%9Ps?q^XQ5 z%+ukH=3byT9dF0cy}1*bNDCM9pJ%&u`=#NU4qok+^g&REF0(->d*4T5W``i<*WaDJ z;*dM%mHJ@a>^mL8pfvPTtyoUx*A#6&Y$X&!9f#e@hh=xROo|y#7Rd73t^4^U-FD!$ zCo$d4s+s=}gMVV^IPx;PR|eO^kulYRyVl%As7TYc*_UD{vsaTAdIE}kea*Mx;uMu2ocdua?`jfAs=_xih*(7+syR(-NPV`pgB7*4i9_Dg9S#kMu;ClGQ)Zp) zCLQ*Ch;ECb1Ob5%N_u*O3_E($x+*$B%5z0;yM9t3;#4lgSxkd^wZP>*39c zXs-HB0Wyx7&@}mBQlQBkX@NTQ;#`h(Q4aP#p{~C`?3#1dR~xcE#qm1r#=pE4TTU=Y1*gjXjan!rD>`#cu{U&DNfz5m++)7#+zeSlv@sRV`xr;@n#nUNGst z2)#;0VH@E`T(D_+$vXaSH$5{VhUxem2j8r-Rvy!So*%slkU<#rK9hv@B9VyQ)K7mb7vz}r8yb^k`N#G% z(bEEoDBkBsTOpNZA-zH`yVb&Wf zDDOTrx74RN$Rh|pSYCdK;4k1}`r#8lix#!5*s{F7S5YWc92Y4nYM=pza=x;nqj zSTjL)-+Q9oX(Khj2X}HkC^gUr70!2=B0%ke0#-R&Mb>m#%Hm4NQCZB%2_U0p&^h1V zqr$_xbgpheFrP6>-iu(;;lR*V4(S^-wnL$}!ALz6p;M))vXxZfqVYLjzsk-(m~Q^q z+_JE>oi>5hU^ba+Nayw7!a8U=p|#lmCdj3Ci|Ru44+dch35dB(k5{*jPm|dt*gVf4 zT#}8#BwyN(WG6V9nvH1Q2jSE7&ebzB|Bk2LG<@VhoPT<}G9*P30-OR33L^l88n-Ev zsyMiALPQM9$}$c8;2oo^Uxsk^CEwHz)OgZpm2q$}B}{1*2>jg^ycN-Kpq^WYGxIOtWR^<=+F=&_Sqo~#1Kg-M3O zFk;$tf&Mq0b|$ttfdvmE1}Ql}(t@Sx+0nMxeCO%%nL`SF`9@nmo_;&@{)2Hve*Sv! zSHn4%HN}% z*EId)!UG#NWbOn@U{O$2`t9^nL%dIf$FhlG=uFjoi6`fFRXQ-e&r=G(HNT4|7oo(;ae zU8p*sV;)O8f41j0imUgrw_+2KJotO~{3oDA275}fY?p~8`@_JUhs_cb$^~)hfU1*j z%P6{-5$k*7m}wGt_=7-16s5bjOuK0*6}5TRhIoT*izJUC@xABZ0%%|Z)oD>W{Pq)p zqVac87x8Vw4HZCrb(IQTZ3iFy>^T5sO|q@7x++0dkG)qY=b&aSE!J*9K!pC;(|LR$ zUu{kRVq~R7MljoI41tROrhdtV!FLsQxtr&^2(-1w7{?wIDs&8T8>={dS2W#w*%;CW zUx#r(FSGA+EtY?~Ht8L5lfGaAo+XR&pa%$EEt7QOQvX(>beTs+8Cc6@%cwk#Owq8g zM^{Z4JdL8)^xZo|bjZH@YOGkY z;KwxQk2oL@!vY1(pP<6GwDpH%t|7&Es-nfQYzGL|roB{RbRofFVq#6SdwZqqpj~(6 z4cc`gI(mA&2S*Yi9hd|JOs$Z(IM%+R{K2%>UEnN<%+AJIBLxm2fF=3I&QT)SR#wJu zRjGzUiOS9%#_PfWPfi}oYyT2Oz?HaT{rAn{K`T1&Q}lf-lKLvC;fvc%q@Wlz(%c9K z3g|tTN1dw_u0XkshfRahQ>Z#mz}1TliffxAotTM<@Q$&lsxVsWC+AlsVY+gYWih**AL3`hhg&oE?IQNaa0Lh<{fH5FM++JSS0_Q!8c2IzB6)?H5=!p*$Hul0 zpW+GWNL2_hGpn-<(;Z{4SLR)a;zC@ zFkTS*NLOA*Ea(mkM0DiT)av_x9#w>GBO~yJhPDK+EMI2$ctnE4O04zTIJ34^Kv2-5 zulc46LteE;69;C=-jHH(&g~)GW#>Nd;ognL+J-4!>wi{56+uliFEN5FG#deEO&o<= zHaFeVcvUm2STzP6emJbyZe4$!#RH0s{TiwX>`r$nTuoY9fz!PmnvFfr-O42pryV78 zZDB?d@!)iZTqJp(*Ee2>UhGp$y{AS`!f6*~F8!hE7gJcXxv+o=gkBxf4UBCWm6Bt< z;9&k++wBC>>~LV90r)v-EiF<|R>A<%kc(ODXDDbS{9!_#;uSV}7@*P`MIwOKFX1_q zp%@=>3#5qIyaB!Kw85-s1j9sTKT+COf32{;>&tOp4pV)!*?4(f%h#U8h8%?hH6_!U z+&2ol%;;#jkBRQsSrD2(POU@zM z2@y3)Qf1g-clM*s;5co7cXrZ381_ggL|M$$RhWU1F{`vRASj65<9wH9W0#1>mLS7( zpS_-;yzmph`G7G9sL?@dLmD^>>|M+H|Imh$f^=70J+1(03|=FCJUwa5NPR}@!Mp9? zS+;qn-Oa>mm-T=U44_r`=e4r7-z->*C4OkFLp$*0MMn1d5~W!%ew^(`Xd=JR9k7tp z$-}E@;prY!pd|<4L9~ATsb7sReSojV7plaloFS-PT+wDMozP~@WM(Rb;cCj3Rz1HMy%6mWwaX0J5U_ITNL2mZo z>+kgLK9q16866cXP$CYNjiM(;UJrtc-8ou=FfLuR3tA7we39?0be=BIsc6HOzsQ|r zW?+=K>_9)ZpL@CHY|b9<T9?{is_^Gl~3< zb^X>B^zGz5sMA?zLDdg=h^QpG+<&RV=HBohvS|a%UOLHh#^RRY;SWR(zr3xW!@i$5 zBNdzz5@|j=Acn9bu?nBlH3>C;ebE4i+ljE$@%>4i_bu){mo-jP30Fdp6DC$XLMG3H zKW%zc-j!O{?$vV@S+<|20 zqAPFFWy;r*I$9$tpf-xe*`{fcvk;#F>($Y0>;3bM)d!RIz9*8Cb;hA4#9sKfes|i9 zS-xv;a;MS#_&*@XrF*uQ+*`bgol;L3W-sxd5mnC%+BRs`jd*k%`L$*O-sPCRtPj<}z*F)_3JTFn(qMSN+E%L4Hwl+J3=N&kZo7YTc4HCTLk+x+X0 z6iVV+M!B?S7Wv6t`F3YTd$Ht2)M&cl&(?fp$+Iuxbe`5!CEW(;Gr?>T7MB}F!EN8U zP>R<9ZCVkbj&E(bt;w!pNkv!z-o4{kjcsD!qWg!eO z5hWcQk~HSa%ED2Z6-F8(rGwmyxdr*s;ZKPkfPbU9nf#A10}k?LHcS33FzEF7lKn}Q_JP? zB{p{^Q5SF%B5GBQZ@i8QOeo7p`Qi)K>=uA0L-i%nBr6g-qiE;11Fm(<~@q<|M@{5W_w6oOw_Rfy8 zBDz#V4mz>gPMN1mc;`IX1K9*g@u#2=WR|_7p7x3}#8TqmdspZ}M2oW_CluKb@5Pko zJRao@*ZTV{m!qu>RV~9%)qS{x#GjRGIv9cm*ByOhY8Dpy@7{O25=Xqo_F5cYKzh+Q z*g3(1WMw;L7ap#{G&6zC+3GFp=4|LINdBn%uzbN2%G=lu|MC^Ckd*T&_i>z+msQ}z(pjal*m(UO zt`r0F@5DhOE919s3qaFAM1=I`&wc2H+UTvK%1$?FV5#P^9I@-i=MpM@OusWW9s1cL zUuAgz!W4L~)CuLxYYPj~flMCli_qpcZ}4{&WQb?=$RxjVpi@x4bExBh5x_=KJ)O~A zyt+8rkE5RY&Ij{sgTk22LO36_&fAc{>R^)XY)j@V|1KnXOhR_=hSWTAmwX|y!j{`r zS1_DZfgYU7V?W->WO<|!IZ6z^%wBPdsw;bl8m;*|jOLqU>v5eU^cbhwalw1F5O6M#p*X*Bd?R{D%@UBi31oLzH@h@KYVp-STVHgd1qr5IY zr(nIJ`W7O4vNDQ6kcIB~9v{WaR&cffhnxZWB(5bT+@ID?f8(>G_F0EF4_tXmP;CaI z)Z!N^94VPjk zyt9D%Tw@)$&P61QNFge*b&u7no8S@#5F_Ak37Bvh5?i3VIO2p~EB1uU(^hi0V6~(@ zuqeQ4Qz+FJSaIA|QvF2s_1v)A^!B1g!^h*%5hxTx(maMbQm!u;?&V&x(9Q9~(Y;suf+MWB= zXMBkV2lLQd2LZNTlB7Nq6T0YEXFV%(_+7O%FaxJ+-L^Rx0zNvSPy6pTv(y7V!;qP{ zLcA}%M$mBNYuo<-H|uKq;NMs#@2$Ail!i{%fcW<_4U|H@K;+@c7h~$Ch~?hq*U45X-pCxKuzDs5lvz|f$M%3=lEA#GFxz*!# z({_`agre!=_P4IFr+;jpvHz4en*NbT4gHjlNc3&{dnpa+z|zD$yyPn_MV`oprk}wOteo?27kvMfdhRRT)8<8A^}!>c-MjIQ<`5MxqwyK0Ex--7gh>rLgkGOzHR}qfc#Z5{~2ZySuRQ z33EC@+NZO{#T^1@>iLm9xvz8BY-d&Yo&Zl!BQeS@NYl>GCmh+)F{w0)rsq{SvT5Re zkRty`$f6s@Z}ER^pUVGyD>H&P5czPeLnWR*q8;$;8`!i5HEWH3s&%2cqkKd4IlRyd z>ke98AY#iR6bs+qX11cKQV&%=Y$*yj-h0RHrGq9p`!Ni1XF>m9+v3m@wsJ zqgm1VXbZSYb&7Qnxk7ji!{}SMsyZ#kLLGayvvyf$3kdluM_=Zy8;Apq20E{Kc@&Q0 zC*JHp@?hWz=8WF#6MELg+lDMm6z&KK-6()VaP82j5oe|`GPs}!7o!PniLkHcjLQAz z>l;sHwp)qsM5jtkWlYvWUU?VO(9Zl#=2B@%bZMY@cwYTKng=&h53Cnk2%r%^qj3Kf zJ(D+}C^IrB{iL*2LFHtsiHZ2t1yf1!}hh6vZ-ggAT0n~)s1)~IBB^pZSgi^YrmocyJ`*ujr|4DlA0FSa>m_qp~VYDwJ7>6of4cJkD^6WdYpX4 zYHoFHhqkGAB-9mQdovJ`Rm0pCSZBR!*hsug@gs)mMJ2Ny#t=SJE0vouL`DpT?~GiKSRjE$sv0$~3*JK)*u1NA1j)8Uh{$|f;fkR6x>~(hUczpP#9Z+$4i%lgBwD`>0@z&W zP0yJ+HWrvVqA%6HGQsQleDNRhh18vs>lC0Hy5CR^_{`(TWFxD(Tl1~^h!FYoz z?X@9n%lus3(>b7{XE}9Tq%-EN5mJoe zDrxuuM&`1kp3ABvRhSXNvH6o3k}1`4Z&u5bAAX?>Jh;C4JWd^oo(8$9S~v4m2)pHV z8DQJ~{l@*^j=j!Z(2zfNA&MI6Jzzw>Pf3btLUF0>7b*%A1vA`bhEa+kaSrU<*xy*7 zPN*|cHblamO>bH$3_UVX$*QV<>|=%&hSe+oJVk%M+<&C1^MWZoY&FPqZTFeZB7Qi< z*6r8LL%A)xF?`QlCnWs_zg#5j53hZf9Q3@8)*?S1LR2Yfr_fJ?Q)m&q?CA;pi|;B~ z*pzhTbXn|+s_)fyqhf{M$gNa(wML}d-;vXaqh&{jP_TLX!gUbofhha>W>Q%bf6-o&5ZXeHm>QT{+K%`uE}xQv z|Nfl=|8Pb*Y)rrta&|u4m5-j{b0SRagW<%z7QEwYIpYh`EO_!?`2fLI8}D%>c}Dsf zUU1rfQ!hLB7kDJjlCF~PJ~uj}qXwC5^{5|R&u1jBH{eIC+^m!q9eh>pVx7u#Lt<}; zJKC?3F!nGd|Dh`n`45y6XKRG&ssJN}mE?2gKX^>@71p^Pm4SOx;ryE?J9mTGna;j; zXT0#OF*`;>8`z3Rg+5O^lrn?P+&R0_^buN5e_ftOKuj7o@VnALVpct$NP6IMI`Ua7 zhO~8Q=XFsd5jemt&Hp#C7)(p}FPvOsCq}`I;Jnu#grBe5>v-+q=U;3fG1nFxO-^Qp z$j@>UGY)k5i!LfJcm>~YD->M{o5< z+P1rNyjM`z&k4vIl6T*GMplSsEu)X`S$9eh`b)V%%!nx@>2TsEPNl(x^Ze$S_^Unn zfm``!**DX99qPc_t5n$XzHj_oJ!|h z20b0Cx3!!orCoGZ4d6`KVI&0k&t4HE!I)n|OV*=I#EcR1y#??gl*rGz->47~^py%d zoN`M~w|;sPH?DI%j}D+jmr zLiR71bxgz+Pfg&g3;FIz>q6f9!^l@-m9PEsQk+wD3_Y0hpvCN1tfJJd^UJA*$~^3^ zK``*U1PT9@!BITV;Z1p)AHIzW34TZ#lEl>|Tyy@?S%G1Xr>~k>H;Pf0=g_|i*9D1# zZ9aAF<9KxC75*V+#1l-w>tWz!tg8bHcZC+ocAQ>hj}^zEr*ONhecR1UhClwS*FVbZ zdnqe3BO315D+)Guw@FB}P`s*64i3WH;ecjwi>Z-vE^J}w2LTZzCEf_Bs#qm0NcJN}p3_Gl{V-py{N zlfN!iu5a~(JJB8byo=H8WZWGQZ_OMre026BCWPaq$?@{*bQ$)PD-TelS4y>Qa_`Jw zmOiMMPYYbbu`_l8N zpn5(}WJk`u=$1b$3zMo8d-44we&(RPs4pa zLGPQ+TPnI%Q&`2CcjYhV*od#MJzvt6E(v@t1oNFLe(AUSw7$_f9Ayoyc1=Qq*yS>N zi<)=ub}x+)MT95+cP=(&f5F}rEVWZ1Y`?&Kb^XMu=@OsQT4+Da=edZ9_n~2lNbEDs z3AD?7K~`21E^90e82O6(3!|7tZlvZC^@{C{H6545{LE&3+8pIBYo;@!kUUQf_xyv8 z79M{YxmtGxc8aiAmW}PxW^}5^oU7_jO`(Bdf-n9qr(c-(4jS!i~n}!}_SK zt_Mt~Q0Gx=P4SVuAG!1y4?>4`rD?ZiS_4(0Q-J)Ibjg$lR`;<7Pva3g-*rS`O4?b- zLG4M!ypnXR|A{})lFa#=Il#OkfoMnw}{`}I6ggi-ZejEdFs*i3*ft@l^Hj z#zE*7k_7X|v(i~U`+J(or)E#Zqw)uZp3{0G6R%~%c*fdlgT9>yZX$4S!DhZ@ur^}Y z8&dSdEdKGy4We^-Pq!CnfXX4o4|2d22ukIgr=(@27P@gaTZ07m|%L6im) zhEV%a3@!WmxnEWm_rQRDLZY6O^mTjxj*Ij5*c%IrIbpA5#C#tPJlDZV{zP@ong6HU z(&(UjBrP0!S@oTH^z5sM*pmW2g7@EMhd&Vt=Xa+%8Gqb)@j#L;H_%?*s7zrW+z1sX zQB@d#ud9m;iH@!W0_6XuC+ta-I)B>$-TPgm3K@&6bu0|R(6n1guXCtKeB#fe>5ez< zYa^{~{dr4l7M5tB?F|pw^&$Sz8BnO}{}mgrBGXR#x7X~vaQfRXvhc&=pP?_*baY%^ z0|?KN9_Mw8%>A2SsMtS-dnW@44zW3r+9W+^@9*maxQGZwZC;F&$1)1}KmFH2gVD{g z=Kzm&c(DM1L+G$ySAYdnt9ZRfdlo-H3I4Td8H|pOw^Kq;I-G`tf`z>sR<_4=C4v70 z$k=$jc!?bx@Kto^w8bACE88mnbT_lnveao&b>5@^mIf|Fm>)%1Lg#jJv2YrX>j3}i)SovdZGOVZybhm; znX0R*Btgdlbf}Gcq9vy4PY|Kd?<$&kS`&{swx!5Ff8R3C($W%$D=+~ap{vXwL{&`< z2{5$Qv@ET!uN!~~geMr~s6$;j>gVCoU6z`QG(exg!l9ckw5UkR^ia}8|+gX8*6Z8?*bGkcGIpWf)}&y0H6q_ zwZgq0Op_56jY-R76Bd5f-A&y`2wt(0HW5EHAIS=8YOnzDgv!YY2zXktu|81$@f|?8 zv>~4Ix$MIHAgZ2Xr3*xa$1Vj*B$VcQ-fKu)d6OO@<&zuq$bxqepg0*XE-jVT7-Kly zxd{H-p-LCNBN7xe49++2*}>ITQDH)VgNr}nq)40{MZk{1&(H8Kj6ZHYQ_P{BV-!WQ zTq-tI`DvFfvcsXSo;qc-^8Uf)fTS{wPSZmqm9+X3VRdCNDbo595L1mq= z#|rso;ut@bR8c`O+n;R3SBQ*?pGeex^M=~43JT>o zb#@WgcEVmu6gaW3JK?rL0aBYju@2zITQ#Kt;2vOkU@%|;G>~#8Dds#%1o#zJ8b+rv zERR1twkq7*cL5wy%^sub(<-4CBWqGUowe@Jg_{Q=?< zY5tMQ_-JMWJw;X_c34T`8DOdUHA$hIm6he+1d(cs`C=r43fNZ9|BAT|BEnGee{Vo}fgIRKV?wXXD*^BxH zAfteCL#~Gx!T#30TJWtt@dG%cFl(sb0cVZC9E;dXT-Y9m_E{;Ni*f`zH+NT?zc-r& zlA+_v{~`NQoIzrElJC)e1$0_p6PXr8A)~!C__d946ubxICZW=Y(1^!4e#$v(phQjxS1!|bwVl*Blx>UW`aMulD*o=B)se0PucMYx4;MM&&*jDh~Q$`oJRxvuvz)N{E3_VQX80;mVVp z6wv#E3ieZnU8_w($n&spU+{~iu>>qk!8PG+UyF;eGu%yag3KYrjHW9)+!=!1EunjHOj@X~`EegJsd zx??E|*gQ^O*0;gWkr^1+obF5_mp7ls-xfFUF3Bkks@PJ46ZT_Rn8j4f-BLVjZ#~-l4nVtPeMCHW7-R|g6%6Wu_P5jof$U^|uR7ToEQjXkmXV}DWvmPZ* zT2Q8{DU6IHuKyZZM=Cgl40Ja#lVvuw$0e6bzq`8)Q>+?MP|wyZ`z&j8g$+N*1NG@@ zEHwpL7Tvv?o~LFR2J)@7@ndC!nU!#K&DPp~{Ost^5Z1x-@9@46UlV-1 z8^4RPv(-o)iEwdQ@mny2nk8H6ekiThIXPR4h!~?0O(?hECHT!ys5a}a8sOoUNI^P) zT&k}=X((NO8Il7&;B*+=PMWQ)HvniG2~ewG+#rGEy_oV)1|pg;OM34izB5=&((K8J z{W+O6vO-c{uU!4ttwO*t5;N)s>~@UIdx5=6v`ES6LaAS?s}<4ECLH+*M;L3WtBL*n z+e5>{B|d)4`~LLt#UD6Q$Do=|B=rwg)x_L&gTWQNQx1}F`G$y*IfuYnU6%p}gw?WK_-ud<#6S~L*6sl&M z7yO@!d}Kl*(IZHa+qDW1Fvsq7bUivITq`)-il?S*?47+ZJv{bSdXyT#a42p#hYA{{ zmy*#0miz#I3f7AJA>7txP8jX-00C(2#xknc+rHBEk~@yO?9aZC2zHn2Vc)Y`4BGT( z4VKb-lLD5lzdPbjD1fA199t_(`mxc_z@(&n1d0YUe0;pR#y`!lf!gI0kHgycl7fGx zLktKAcI&{HvKLg;dFFme(K9jV_vojJ5f$PsH#x4{-f z-#OjVDb&z)EL%J;0czIZ;JxC_-o4~xf?v%PGfu+_Peo*+PZN>jLWw_tUzc?20IqcG zc6xbvPT;VX2iVw{n3%^AvY2=5_4Pr(JQo1C4N$00LXx(qk&$+a)xz#xDF`fc25OWI z8ovOHwTZ0Kps2q7cc>irJZDPqlIW0L@GZJ6i>U{U9oY~kb8 z$pJS?BpC$RBh28j7KexTsHm(2!~E*QjCx-rQ&VJ%d;=aV7L5_r!trs(*o5eg!9g{C ztzq@`X%Rq>y^^tdJn4cT|F5RzILUU>#e_5%R9aXF7`36HqyuaHd2AdU8tc=ojM|p` zk}TaG6mt=quclOW^ilx?!sziEQhdvC(9Blg36GC|LO^KQIWV9Jno@6b$(ouBWeSw` zZWh(4nDE1zZq9b{s#TmAn3_Hv9##>E%mbQMrlnOeCT@+KM`m-@U$*YsT`_D)ZIqoNK-{Ynal!8MLP7-j-YsFf8mU#qD)_JPIG zye;#84g?*Xn9xnv|IME;#+H+nU5kmrqf)Z&s-OeMqpxH|2|Mdrx3;at=;%&Bv9@My zHP88)&#Y~8NJG5#*Sg!E+}?LAP|BLJi&!pJ zTz7B*))ZRHkQ1t+rCt7=Xq zSh)pf%%>M$zI!jz(f5s&i)-3VUk&9Kro<~ICIukERx+LG>7sgscgo4%IG9K7`;&7L?)&*Zob4vMVgmO7v8elW60iMsz~GA``Zc@tUuZc>>o5(33?$h z;X)_3s<*wo$)C#G9ymOgQ+%dF=gt^?42h!U`VHCSZ*h%SMG#SM{0oKZ5F=orCQ}8B zYFc-GMy@@gofa?CP@tH%3sRS7#&n;{PJ5mN+Lv6K2%YOcxpvkz+vp&}NH+JAX<{CE zb26A>U}^Qro_rJ5qxFH*kUP5TLCquU{WR<4y)QzH*#sHs^ayW?1)Sa})$Sk7rN0M;8X<JG?w}_rgiD=pC}|t-h>vG#j(@%lT|4J=$7i7 zJzsVE4`@`o@&c2@p{D2Queq;H=Oz`u=b{gM^#fzPuuu1FLY=H~?<)2Xvz=^)7s&B% zl9)TEv2iOlZ6N(KJ3rKw59TYl>O85+zO!L3)j*aP?9inD4ASD1zb!YHH@Uqn6Tybt=h+Mhr; zByEto2NkXCS1nmlMg&9c5=mu>iiCE*LyR{@<`5Ms+wJFi;djQC-_o(o_DFw>r}$KE z@aaPYJwe(QBt@|)Qz-a6xM)5-q?f0*sfi%@i(Dp5y2~TY+>-7eaoaGo;l>TGMg$z} zpsJylD4Xd7bnO69O2@qSIC5qzW7f_15Cm-}?Ig1M7u<&BhCxOy3!O>jUrZlZG1(@2 zWgNh~Z=u#_sr_W_vcGx91g{ySztt|@sPHIwx^Qv1m3Dm8L<#tIA22j;FE&`Iz>BI4 z8^|Yvp_VVMStKmSs@e7xWmB~gu2r)o+%4Z(;kx9*P0E9rGegkX(YM9@-NOT}F>38~D_#O)f9r>4mOWRjvfVUWc$S2QKwe;lDSk||T&1na>pXzrk#%3_?n0R1 z^1AKI-kJ*S`(HD^IxDcNUG_-`W-mKAp6&|<4ElN?Xr)eyzPjUVGVysLlIa+rX~=b& z=dJH#jXcO7?YGrUD0trBOmYtAV_T8Qu|hGj#hSSsMaqZRzZtwF=f`sMfsTQ{$l=!^ zhg@Hz3KIT@U456CjU6!O`}aok&Ur!~v6AgM8;elrUCRD2+B8ftL_}&K_azSDhOvBC z>CEoRkt-Wl-3=l<`!3I_J!Vtcvw}SD4WckrBZZ#2l5rhXi=az3-1}E2m{jEg(Phfc z61vtrw6^qQ^p$ zCF8$B$LD$Z<`mS_5}>w06Y#yH1q8WDACKX`i8av(G}TgDn# zJgFZD+5y(ju8qTy6HBIt0rZ3mP540~--n?BcN9K4ra_pJE=V+VN2=%)U1fp$Ud?&M z46TuY*$N5!NSBBdX8j)+nklN5rH5H~0^!DI+i5M~hYqI6z~m}p)&?WbJ*m+DAmEC! zXo;7#O^!Mw*a$v^cW}TFg!XW_KecP++MISpvS7=;ur0~B#fg~T4GI_##L-Ibkkhst zOUh7B`Tt6L>!>)sty?q%588NeOK=Zv!GgQHbZ~cv1b0Gkm*5V;H8_C;X*59N?khGP3Lxhb-u^FgT1w*tFi)wgokEm-^LsQHg) zmzc{U)ICT{3bVeZ)3L}OS>D=FR$01j6oO+d9)Q8yscp`fMjUytSUL5jAy-gP81ZId z=C) zHOdZUP-vSTEw_={6~`g*wL0UA3y6O1I_ox@`W!rumx7UePXie42=m-Kim3!khFTNK znVLHWnfiaoo5RMPU#v(t5<=B$2O3gM1U-gQH#U7lvs!3b3=+eI<(p|#jnv=#-l4pH zPY(fn15*j|3$+lZ98y%0`8R$B$ljW7h#}YuMP@y8>eN3P@vl2rL^7x=*0NL*`s5}X zofPMS=C?pz={nT*P%NFg0JcqEHz%<@2T_C%y34m|jPhRX{bpzNEb|?_T3yn*YB=Rb zENlFEq8<0`&suBKEzbI~Y(%5Vk=P%Bc*6GxB85h;C>Z%ob&tL?E4Y^v|FSB}ROK6D z?z3=QD!K20QNPyCyLqJ><*i4?x3u=+GuSM4UvqAv{=Uh-VFx`#4YG~Sf-hvxvJ_VH zNaEa?Bvf~&oJ2Lh&7r{C8BumFe+tHMktwFB>&1y9=v(E6U<4~1n%0bc-pI~5!MK-O z7%JN11L1@=d{s-rle^cQLty1$OyXa*&V*v&liydonf0f1K@W)KKWIEH^nI6NzYvt$ zL}C(?T0hTyy=&A&)@>IbG>`AT-=DTHO zkW4=n3(V&KD8o76|BJ|WBA`$z%;&n@ku}}cxzl3%d$wvZGS$e(Al>%g@%5`m*#8<| zmsJ5W|AmsF<>mTqirnQuOURxYjdsi5KDnucB*z!(P;BOlleqZeRtDasQu$OyD{H9t za8c>0o`K)a(WDL|)64|mR8+WrD`6A$#Z3%D{ld;pFDH0MgcJ*Rt2hkMi6eRq?QHp= znh@9U_;(k#RTM}tu)})<1bDCC`e7F_$kHF0z0!=J;1PTzalBD=Xo+m~4&`+B#mCp9 zXR?KDtOFTG;YL^mM8qp%sBQeQvceY;2Adf%7>$nn^MWw-4D!UIr3c)Z{Qo5DT5@Ra zctFAXImg2V33=}t47a6BwBbd&T6dmaXEtNKY9hE2#r?aMmzP(DrCzwPq`UfauNjM= z5pWHb*%`wkG~ub$$Un7XhWIMBgH>vw*5Lc+!o+dhKjgWBObyMl$+9VlYn>^Lo*r8w zzYfEFm)b@%01(Ie>ysZO8~^$A^%`P@=rU@}p9soQqCaOUZby@z{k4Brma|`IXuds! z55$A}lcXs29tEU}hmEhUYQULVfA~FXFyrTI7R$>ElHYebNuwW&r)a0dbH82arV+R1 zeMM$cTaM^3uxoZ`2>!$Osvlf7xP*=R|rP&Rd!~ zR6nsqNsh{#3F_-*fOl1Ri!?g7b_jp6ARZl7uI}&WCE26^=#z%VX*&aO)1X5pwHU97 zc7LJ?3j+=UBg8RwiuqE!tJ982h)F8<4uUwl};*_{h!84fJ|{ ze7Kx?jZVDziZE4VL^xyU$9oDG?7`s~e7NEGhoBkj{0PI~r(I}dLI)J?h}eICfU*@D z3CY!w7Nedx;PJ9CL=nHXK7h_AxCs80mS0=Tu1=nxQ(kd0ydf2JqZe~06!73Qzi_Q~ z44|LX)Sr8vRT9e@dwb1jX|tqdWcbX$;{~?bhCo-O6L1%0s^G;YrC|M$UI3Kb8%ttN zB-GNqq`5FVE9V{JgR^#`Ec#|GoC0%WESp#%_yLfK-kNxF1DXA!|4G>G8h6*OO*za(`0zlf)VgQGlI9@8-{MfcMr5|HtYPn&$%IuGqi758%tIV}<}0 z11!km)abv4hm+|ZaBw3!&PQBx1BTYL6Np|QCrUN1BD!BpsTfAE2hU|Fi=1%2&Dy{3#iecq#eh+Q}g3T1bO3L zcTmpKt~3A^a)1BH z>K?y50~Pgti&E|~0&nx{35Z&w3+~3ijIqNKeQ24rXIh$DszdwF=C^O5n?vQ9<>fXJ zXCNt}w+_)!awc|m2!Iq_>(w_M0EtePt|(bwCm9}RYio{JX|+^Vx8_K66a+e`g}&-h zQ?Ju4b?6pfuf%2~W|5*GhokN;Xg=y;;({6h;m4cav19k$1AWFfg$zXKP5E4wtiwHd zM57ToaYu_cYt7yMVt>?>Sx}Jxt*V4SpsQdzfxUtdG`Dnr2 z9Q1kj%2&)Pp8V~3RStPO@?TvTw$ySjsJh4u5}d|vK;4*;{5gUAm?gkBzDQrq#s zXlED3^hQ!r*+^+j84`$*Uu93z{D2GYoq zw!^5?mK=4PCvRw@yQtfN1*N|+yM_bCvErA>7A9wDj{~jbrB`Ypxzq@_(K>|CKq-`R zJ@hSoRjhpl;HAVbM3FeqlZ<+yF+;32LuNom7jEtNzrPk!_R`~WXSXW?qE1l~qweVz zMka*O-rRxm=1)KV8vJk#BuC}isxE%zv}(ftR#gTCpVuo`r$QG zBj7hLEEpE9G_&5~QkB|F&S-X5PXIW1S?e6JT1bIA3$+xQjApb92&r7}LpeD0^g6DG z64N*}&d@1m`U)l?q4qThYv99%=#a|C z4a5tsm5q(Y@GmMf!rJ$=BB!xZ>E4b+gjrHe3AjSBY^EFGPxE+FsAJ1b^n9S8Z|xF5 zwALNMHwmWCV1e9g=4K*eP#)}(mZiUBKwTuEjh2L<3$GS9)NhIn4DbOLwF4^8%K8d zIWY55v@H1_>g(!0eRrimC*5T>{Ipo$=_v306$ON}ci<_dt4q+(2-t?4uBL-8&XxLl zd#j+2XDSH!)GzQimd!19e!`8mx>^ID-Q2*-#SfIeBE+ zHyfuv*L!5{=9H$REgA+1bu!eR;XyIp3#FpY*<;vWJAME<{%5 zGwRi7{{F)Je8tyPfYTGE+kkK3e_2``ZR};Z9k4|;l&63#c7!;gjj=y2PlMK0{Vnv$*ZCft?cyzo3zE*SbMFY)%Y&4@|hQW2dUiN%ucwW$!}|M zHgJh$hj_LI+#5AUgK6&`(Ry~_Z^5w0OG>H&%{VRzgt>BYmA!x^hF$5bh18N)Nu~=DKHKCS9>1M zdV$Uf9($p;3a5h+pd7%5=PPgkwhDrAfs~&#twk5Up}(su+NP5{a{*?+!&#cpgQR4? zvI`Nt-is)QiAR`lFb6nny>afX38XOL^!hrf@4c@tN$XW6;9YkynCRDd;A-F z(TR6u{0UN(1jleyRL@ut$89dCXuh2r{|({wY8n*%*K4)lZ^mSy)$vSnW-hBRUo6@x zR7oFIf%TCpQHZP?!ak567ew^eg4lO{_Tf8oD4g>Fn z+6IPRfWv!eIgs|Quk_FZ@PkSlE+T}CUitTt8XOgdUiP83aBX^fd8bi&Z>i3+Wg#d_ z!}nK0qaUIw__U`8{cDEie92&Ms7paCOOiM5C#!gY;*kT0w#_|9*jLQqDmBwr(SeFK zhyr95c?Ok~_n2%Ootl!u?2@$QoouX?#!~0!!-fVd77Q#V+HlanRGl1A{N+($bC((o zbVLrbKyh%?HuE$ZlJKsm!|t(7OHhQRfKL*uO@}9IVtI3-gD|6f4obzWzy)-{e4^W1 z_-iBhs%)?2=1$REFJcVg+|{G5RFXNEwxZR$>a%; zN3fn`Ttkys0Qwnu91D=E&{0^^Pz2m|-<}Q0c>6Cj?9_eyN$Q=Q6H{L=2gHWCTLctl z#Y3yBSCD|RlBEhGzB?4|X{+^k-^AF4+_S>+sP(h0Z5w8TOXlfsRho-sXivnf_&2jm zOpZS{X3GdbEi+XW1e3Afg@67M!W0(%u9fa5so+E%cSgO+#Ke^9sJXax-V$Cet9-dt zbk_E^w6rwo;9G62j)SlFtCyU(HEXxRQ}& zzx{0dh+RwLon!*o=8^F~;K9v3sx+uMoYDG_M$|o#<2^-6;YPr)4F@#WN*VF0(Bubx z4Vm%mE-Vmxb0)Q6*M2+Vn)U&dv3+y1mgscoi(hF`H}kIL~)0uLO|#FR0WEp{;}g zvn&OOg{2acGurAetJ@}O0$%7evtHxV(11e9#V270`|s|ZeWw!QyGeKszlen2-L3}n zLo7?d9%cSZ7cZWpp>Qw|4Nbo#B5m8n*xhTWi4JKiw|CsYfp+Q#4=eLB=vQsrN2u8G zod(y>1ZZe#{;aZJ$P`t~2;&{>D7AYO0Dj|OF|=R*KrNZYhqU{(1%U4?GU-==mxdx+ z%1zfytj)RW=VDcw^oE*Bg(}fU)SC2^M7l=*c1J(sLw>WejO~F-guLq$E3&ZMhrlf% zN{20O=L*LCFFa3W6k#{Mx9`6c7*!jpKTgWv!!%`9KxWQ6ajXCjF)In{vc7VRyS?^@stvGmP*vzUI6ZI#LBs{?VAnWL6kLYpI8gHpmt4V;sIR-~wnvAA? zb&v(mpG)qK&pY&gW?xUDw4Vj8pmJ!tE2iw zz1ibCUV};>k5ZG<$D=>D*HFSF93Q;Q_^iHc{X2Ucbk-aZoa!bExk#UOO?Tvt6oe*O zcCTFn46Tm6s-y`v@0|*G9gZr(4j9qMXX6cmK=(y6gZ9CmmEV~=CT3=U1)HaLJ3k8< zxRwTF+(;ZAa5Fc$RjZ8PU;g9dsVxnmSYGhJ`F**G(;hkn-(rKq2^!2iC-4r4Z9%Fe z&ynqIi3K$^1jP)3$Z;2xmT-N(Ww%Fth65?opRAA7Q~G5?^7?f+MF3w+X{ndDmOjU5 z6_L93FFR(7x@>k+gn)}oS+BE!Ng^%_`i_nzz$eRiF90_!JyJJ*riR1`YS;ZNEi5ZL z6fa6H0YE0=5;V2oAvnN$gbvG@3P4q0`~nN6)1_2ik5@m_IL%`;l#QNY0U`Z{QfUry zN{MISh}y>X`IeVT;P&KLdAlF!ad2|gjEHHPnY~iVmXq}ILcczW?mvc_0+g62T)K7V zrw8-a=n5iam4=VF&`)Jsk~-XWX@bSdxesdOT+UFk#K{Z@OUp>085Y6S5TF>lgCC~u#qvS3j`BNh4Gyn_z zq{=7KpN2q4f!K({Ws|bw;heAIdI5od7}&AtbNpw?92_1^tW5_^wn34Ujlyxz1!BoO zx|bH9eg!7w>M%O}Dh4jEmBZLJOoSAOLY{r0TEa55Fs$d?A{K z`8i3#T|knx*zK(qMD8eN9$FyC4oH;qpWNOC5%XePsYC63p53!ya1h#>l%}?I9 zPFSr{WxyASx8rS;99Q~!?1DCu{<2*ni= zS)LEZs(F*jPC`A0zrX=+FAVCB{1fUwfIw+h*?kPf*jjxCTq9(r*opiWY|2%PbWc)p zTFUEPG-lf0C{p?_kK8(latL)b%DCGeCz7>{IYQflgMto#Bxvx@cfu`#0O`1_uS0i> zjR%yNWKk(}UlqeOU%G!W~k+!k@!hvnRqX)%WY$_@_5FLtoAF zzt~c7p~!Dnhvn9=dGycRi^KBHEi|dNoJgaRtB_^S^}`E&n!9%k8oFif!&XF7O|HWy z<)|JR`QdJz#>^`9dC(~A_=0V$@1yNoN3!2P?3dk6c;e488^!dctMy!&*g@54S5mur zuuAq>MXIGuQ@xh5%5D$BD{38F@#K=)iK7OPx^>JA;bpJdVeq1MSI`J9$dHU?_vqQ0 zL0N!n!RbJZx6V#GQH3b_ho;iS!mIfV${d~0jRRh4{mNG?RVN+q?dDzoK5BTrp^83h zG%$Yu)HE;;liz{UWd*wN%HsmDR9$SoJuE-C51!P1D8Dx>(Z~&cyWpI?(x&O|7!<#` zDSx|H!gapMk)IC&d}2idp6(dOaugH$#PR`13UCQoCfNb{*LSv1KZaqtC$^_lTqq0| zQf2TDS|E@0A&(Yr?91)(WzSveko;L~Vach0ta^8+?QE^zu4$M*iV^3q>HDCMtb9kh zzevIWW`NDyyqU@_2OL@oAYWqSK6v%ZtndgWw5K3&weyC+aS4bS*6d)R1gqvdpwoDeRAm(rFNjtwD|$ve)TKo(N|$YP9o)UfX_#r zxY(}?4{g~Os|Ksgc570>TbJ6yujM6^AI%p{ni*FOZ1K73!KlCwlz%_qh`$V~6{bbp zg81Sxb`l0uNF>bc@+%rd52hq{onFO%a8@MlZ9+61LVjvVl@O4-k8W`6*s=?nnl%3UY^uECYW_U13M08?mu!`Z60m8Rh`Mr;+skiux>yn4{WSekH zp#ajT8!1`a)(F|UA*T%|JHu8|UiC7Cp=^>O*xrbr3v@WT4;WM7DDi4jS<+ zdDsT`v9#7&+>Yt_8*zQ%wbr7A)w1Pc!he5V&I~0IHo>uwa~Cb=d|{iTmQ6^w@&k6Y zm|S)50BvJw-X8tc!PtBl9W59Q9x~fP6}di9{yIC(i0fyN*p3waQ?UOdM?rF~)!EJw zlw@Pj`zMz)7SSpSkRe_k{&aql@#p3rG{PDhOWMA6FBy$p5n5>>Em2q7%kRG7 zJbrQKYB!QqeGU%<7X*r8e{!HLX*m&Qysti7|0>6w>}KjX6%n%;Mr;YkYPNlB;OCAN*F8t&T+$jN5>A8?Y&tLRk0r@$<4WJ{#(!@*nqP0UE|lUr)+f& zTP~!4oC$AHB`S+A-!9&|xE#J8Y;*mi3*HFK_uGTn#ad3&g~o&Pwi{pJ;lR&>P`<>< z=$~i-;bPDtK}XUbgto36zZMm)R(Z5^btB=Cl~&Kqov)@vMASvp)&_ug)sJH z3Tod$)P=cM&in)DB4N%E@rpqM^4l`r@6q_sPISFCcsKG~Khmi=_ESqa3T*#64XbOp zSoiU39VZqUyAqX&SDx0EU+OY^GcKN)s7^UoL6mqrT_#B?OdLEh0e0b?5%kQsN9(D{ z`(|j7Zc2u!5I-e<82^J1DU< zqm+Bzu~Tj#Cu(#B@f*9amH;wyUwh4bg;9F~o$ikN@iL-PjzFyF-#ePy`;(NRTU@UD z! z08eiQ(NG!Jcl?8IH($g-&a_**y|3aIwaN<)VslfYJ4qlMcZqCgE5g@iwrYU(b$k`> zAsO8oH-+y~muKaq{UzyEQHFVFPheVfs`MW9c{ta5J-+&I=D~+ErSnefOaK?#qMdI( zrg{z<^j-&xNqKJy^os~$(V)Xg^to&rsvnn*4`Xl5?IX%c-MwdX2HC%mNGfZ)vXNa0 z=!b;BDHP2)T=QSy8MCDZbm?&Q&);>2lDU~s8?P}q&{DVkcrmk&T#6P@WIVQy2e)7hJ&T05gx4Ivcb3vZ52O2#q+NsFtCyj& z6JJfMs9=YpLp2*hYnED6Z5-3*6qd-X0x*P9Q^&+-!b0b>n4!8Ku`Cak?yFW7R00C1 z2w3!j%|{=wU#EY{4Zx`?HrvWmK?ndmt$wWam0(i@Dv@hf6&B(Fo=PeDYC!C7wyWX^ zJU6xD5B%=?eBR8B#xp*0qbR`^fsx8N>WwIPEJ$?Y#xX@Cv!?YL+U_H`MNH!Ql=`En zY`$s<5YN1G; zP)8?i)KEn_p8O?HC|1+8RTjt(HXWC}y1LQei$9?zQ;$gkj~M*A+$+eUanl?sgQ)Eh zf!!SMx33o2_ZY@#!q`h02JFi^die7`)2Z*o0-17jFmi$OU46NFYZ|Ifh%fan?)^^S z6K{drniUw^Q$-b;apBLc>=kl~;*leZg6Ih90;?P3Y0tSSG*sO_Jnl;H5ox zjqGwIh_L~>w*NyIYmyWgy1=aQ#t**xw{vZpFrscCAs8KIHn1~!)2`am9mb@o8|EU;BJ=)?z-_bhmrMrL z4MFbl&Q2sJVN^gDahY7F=&_+cL+f`t(k9cTJ?Dj})Gaus(P=t8{e>jY zD(^eZQAsZAse=KFeGX^}()ag=7S ze++C76+)6(-(BF|Y;0~V(kr74&WSEz*~O9#tu^w-)LKrl#adpOP=C^^-$e7qiMqTb z^;Qs=gq;AmdaGt0N_M}O8{mzrCXAT?&sY~BaDDcgdaj~n9PkQ%?h!<5;B zSas0BUob|%`at&ZC_1>*TJuet&GlIkngzbGv7J7ix`3d}dYdQ{9L;Ojr5THVyJmK1 z^WYpi(^y4rSJh6$1yd7W`)oFk)g`*Ayqxh@+S$R%y)y-!+1X`+Q=>npVSa9t zzNRPpbugI@KP?3ZM+t}`klfi>Fxi)41%SFp1+;_l9etSIT*@!s?Z41cI0#*PB!6U6 zPfs7pFR=_G7dA-#TKu2NyUhT5Rw;h$)9$;JvD44r6+80@cOy?9Mm_0a7D@G2R$mk0 z*H+o#4BJI&U-N(xJ_rT|)VOut3S3^XB;!Ev>;Q(+^q?dfleDy82WGh%Y?S91@6toL%xo3s~z)^61ri&C{7TL~KvvVI6+dZe-!1A$S1_-79dlY^K3f~D9 z6=mXg0Qi$u+F8cRG(cva4YUgEb8_elJs+RgW1{kv0!S-n9X=bsr(W2u(7`Wg4$UWW zKFzK}2w+NGtr_k8!Uj!T??#L?8(bPexkdgc%QOP^(*{Qx8<0HuE~IBsGN;p65ML*z zu!mIU09r|~{Z@JG44O{SML$qs#st1|g?|yTngP1FN>EE6>eG3?S2cx4Ryi;HWzE-k zmA@!^!rz9pybvhHbSpD-=Xr_tyans7OcGoy7o&|kNzcypSg)%wzlb{i9zp956K);( zkj+>~9w#1IU*u5Ur@dyo_noGOj_mz|d);jP%H7ij$>_jY-^gLJ@@;1T&qBd=S_l2C}~)OQuQgj+y_a3!h((>?lEp!+tmPMg_}+#aHVyg3^83xK;owerj<4UVOw3clYQLDJ5gfPty`TVdLi9D8 zv0XUv0{x!wiwfPdeztt-g}g#{zgCkY7u)mh_Y6Rce!3(L^A^mzyhUv3=tk-0jvOi; zttQgKk7wSyao>CEZzw{JaqHD5=c6~0qvMvj3)i>lWu>SeBC13j2FKGVvqToFR4x3a zi4HT{XPd@OogFCJt61@1W6t%R-Vy49{C^|BLzxrs@k4ey#pZn)2v~z{v9Et>qx@zM zsj#M6cez|$UnV2uxnBpC=}!TD6OVof*U~5barS>|Nkv|4$9J`_l_cq0vU7e~m0~&9Yiweu4qNp{rQ+wubUl$c_xkNi|oc_u5GH>~&1`)^K<1@U+c{(p4 zT-!Q|IiK%qvDw9}IHUj(oWWlkcELkK_(G0uiR08M48oE8+;R7lk-bmC;m%ekZ!TRJ-tStHINz$#wRp{ct8me2^${{y z&>qYuluPgtBIALVb9S5ZKtLvYpO8+N6~ih+Xq>wmp6jA&yB(XKjkQ|A)-_mWYvI)V zyZ4%VW#elKOIG$}0{MD)?21%Aq?gR!M`S^vEOKv7#kYhMe4k1GrV8x(QKaL3u|WDp zIypF1vp z58bRJk_euq8`F*`9!*wJDh1RS#wOO;HnIgoz{AiFq6-q?_!@a%e3rIlcl&58G}3YD zX=77&C&Nk5Ij_%PO=kIh#OZFqFvhuAQ%>*gMR-jD?{7j^qw}8CE{LzM@T;>wO}pkP zQGHZWkUAeQm-}{%{*cyMAa6*)4?iLU_YEf@S{yMr!Gr)spXJ%?;XQuhYJznIS_Z}5 zy)mxSRK!HpPVN`hn(2IjHZ)35V&scW<>OAJ=3J59xgmK|vlG-z66D(BTw72MIP5cg zl`5!}-1za{H|t)(*Q%cdFOe1$35Ebwal-e|kDHbJQT5+VQ!;7xzr3_03o?nW3m#`?Yg^ z_O@9vBmYm+!du9i!J+$aJxTidUaoos`*l)31&(7%$ zC7+y-N)?9EaoB$8@5kOY0-~(l*nw_wy|bs`4Ry&mi53rn08U5M06(|!C6KaVCm?bl z&?$V_voX75J)WyX{(jIXtFkUUcmt*5;VTJx!7L@wcMi)*H;qHo-P6|+Y5Hvk| zO4WghGkP2|eHC#mV^42K;<7JL0bWX9fl?AgB&X`!WchpTCcjG7{`5j|1BdFdk(aes zBW}!w-$@6l4iXrJ>8eLaPR2aN1AfzXwA*mji<@nwR?q~7X|WEO9@McbM+HAs7@Jv~ z{6MNvcVL@&bp6i$i-*vcw-9_zXT09+dpIyl12_Lg2q${ZFVb^RkK0=`VpmpPyw-|? zh+0ouen;Srv{c|`i>_)&BpXqu&4wV$t?(pp4{~;X#jPWtP3ZeL{tot_)$>zNU>5J4 zPweqk+(tPC%I2E_pAN291%-3;?n8O?cuBi0rVmT4X@^-MeQOx;zd8708` zcDih04EO9!U zG0x6oibm~np=w_!H%w;H9Sd5IkJ5wizN?c7W7c~$cN+NPW)*@sq-hb&;jYMuq|mc;$8MU0XaFs~7d7q_Xw8W6CqY}*|AcxT+C;c))Q*Q+NL+o-ajdKGw8J=fl3T$#=IpaD0OX*gvr2^~V}}4)6JT*TEOUQN>q;6nomx6Irq*WT`C4|j~Le@N4lxpJ1@D`m<{dV@UI3*nOltj zDL7=e;PHn)a%eGeO#Y7SYG1pD%CcxBb8JMm?H&ZXYj@T8LfHlhuiBA~9bq}|G?)z~ zGrpBrsenJy`mZ{S7Oe}Xh)R%UeHPrEU$XQ|?@!5oq)FrQ-jEGD$$Ojp(myxB5jnJ;3dv)U7e+2> z_Oqfl$#TZD?ee+5+l~anK1@`P1f1?PKiR&cqaj?NvG`_r&RKYq5!=IU>BRpB%k~=1 zKkF!yJX4;SZ1LV(g4d3}Yd#HrN31b+tkv+CqIv&O(1AxFd|t-(y!%A#?+4)R^C>4n zmxH|2?wgw<%-1A$di@UZnBfUUfG94nwBrNS53+tlzu?^d_bl9TY3n%=jzF!zzm{qc zNL9s41sdU3`cukySi`7Rd?Y*PCO<0~jwhm7m)19a8mgrtTHiuP+q>6YKrAzG&}<=o zA{1WT`WX4^g{U1WUql0vsBr)yx5Z~`S4B`86(WHMtBgUTIC-XX^O{ae-mA$Hz=_TP zTP|A6JEjLc#6Jh+q-N)3W)r1idC7WOFp6ILOVHTVDs?BwT-ywk{H5rX>%k~mAB=*P zfrJq{q!gl**C2Z9*i-bh?B#^)Z6mDYHTH*W3>V67*C7b=iVJRXtNWZ`V8G{v_eZnn zYEaL$Z{JPOfTmc zP>?pV$w@W*7ZM-Yah7hEmnArmB7oh*<1;ybL=k6}yElRPh?9T}?|kcrjHP~@vU*xn zrqdFf_^X1)|R%ZCGQ6Y>(=>(Os_y+o-Y3z z#G=CB5!4@q2^*)!F?1v<_5fty>9Do&ZSPu6_JHWdnVLYE0#$nvXlrSJ2kMj0To7ts zC<>4b*+q}^<-2n0oE0~#iFa>i*I=3qG#C*r*R-oaT>iKCK)J1=?DSa7|AYsAe~X*= z<8rr{LNmAn?y#%E6Jjynlj)wtc;L6>FZ_&ZPTz-vXS<;tclV~wD$6}+j?Z;2fuVlZc`E1}jHr)X*!S(p` zy(iJMM=N-APgkOy7M0=kaT?d(y|AF?>O2n-`d6Q+0}SLvTvmg?|r>XR6h|hYb9`+F1Vi7v%jjL*(D% z9rl0w5%)GG)mcC!?*n^GjNAXW1>*bw!|)R6X~prW+-|b3@^LK?bhr1`yu#g&0u+_B zB;Io6tS+}JHfEp{6s@V;!Lcn>v^iG>XpNbzd!Alq6(zmX)JcmvKd-3$PVz0O!N6`o zv7=j<#4(O6FKOc2FazT=>F3s}trGyA2K}=lR)lxT?5xAOk+a@kw}D2q4(17x!zFfX z*y{rwi$Vf^#tpkZlYhc)4yu8(S!_G+?xp7gZ45v*IaR{j^V=S&p}{Q~r{LQBQo4lW z;!bRYKv?#~UMQ@<@dJZ?{9As0Y)nktiN=aLHK1YXDqFN$yUoat3^Wc>J0l_b8~retS}DU>;2#p55wDfgBvDlUq<}oucTP zo!mG}1yHDD-;5A6PUq%;*<~{1)#JO51~zh#|I-0c#M48WP;7GmJh9S7cEED6BottO zO!jdQO&gGc|L-2-|JjqD-m8|>b;N)Dx`&+;5}KY4z$_HR94kGC+Ha&v|(TQ{MjzaYIAnHII%cbvNkFLHef|Wkv@$umCoeyMiXz z{y*o$gdWxNyCo~j=;q!oBbeB#2APJoHv*kojYtv_Xhg4d8T1tatse$kpbZ4jYgqu= zJOEQaEZ|`-EC>RJsUA#DaU~D{2I~;bf6gxn#sP1@P0aFW$jPV!K7h{)+CO7jq;?>0 zd;Pg(?cam=A8O4rFb8x=A^oq=+`s+~0$Ef3!;<;eXZ{aAlBeYP27sA{hfzM*+b7gZ z6-Me^(Ev&{&ttmSVTCm~8+tG?*Zh2q4L

Hubris PRoT System

BMC/Management Controller

Sensor Management

Traditional I2C Layer

MCTP Transport Layer

MCTP Protocol Layer

Application Layer

I2C MCTP

I2C MCTP Backup

Raw Packets

Routed Messages

Routed Messages

Routed Messages

Control Messages

IPC

IPC

BMC
MCTP Controller

PLDM Task
Firmware Update

SPDM Task
Attestation

Vendor Task
Custom Protocol

MCTP Control Task
Endpoint Management

MCTP Router Task
Message Routing & I2C Owner

I2C Controller 2
Dedicated MCTP Bus A

I2C Controller 3
Dedicated MCTP Bus B

I2C Server Task
Shared Resource Model

I2C Controller 4
Sensors/PMBus

I2C Controller 7
FRU/Expansion

Sensor Manager

Thermal Monitor

 \ No newline at end of file diff --git a/docs/src/mctp-i2-resource-partition.md b/docs/src/mctp-i2-resource-partition.md index 8771e82..55825be 100644 --- a/docs/src/mctp-i2-resource-partition.md +++ b/docs/src/mctp-i2-resource-partition.md @@ -151,5 +151,5 @@ This partitioned approach represents the optimal balance between performance, se **SPDM (Security Protocol and Data Model)** - A protocol for device authentication, measurement, and secure communication in platform management scenarios. -![MCTP Architecture Diagram](../images/mctp-i2c-domains.svg) +![MCTP Architecture Diagram](../images/snapshot.png) From c6e5cb98c129e2eed36d170288dfb1102760afe7 Mon Sep 17 00:00:00 2001 From: Anthony Rocha Date: Tue, 9 Sep 2025 17:31:14 -0700 Subject: [PATCH 6/7] Fix broken link --- docs/src/mctp-i2-resource-partition.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/src/mctp-i2-resource-partition.md b/docs/src/mctp-i2-resource-partition.md index 55825be..af44918 100644 --- a/docs/src/mctp-i2-resource-partition.md +++ b/docs/src/mctp-i2-resource-partition.md @@ -151,5 +151,5 @@ This partitioned approach represents the optimal balance between performance, se **SPDM (Security Protocol and Data Model)** - A protocol for device authentication, measurement, and secure communication in platform management scenarios. -![MCTP Architecture Diagram](../images/snapshot.png) +![MCTP Architecture Diagram](../images/mctp-i2c-domains.png) From b148a89be18cd96fcb0508c2ff445127863f3816 Mon Sep 17 00:00:00 2001 From: Anthony Rocha Date: Tue, 9 Sep 2025 17:56:09 -0700 Subject: [PATCH 7/7] docs: Refine MCTP architecture trade-offs and motivations Update the MCTP Partitioned Resource Architecture documentation to: - Add IPC complexity reduction as a key motivation, highlighting that a unified I2C server handling both master operations and slave instances would require complex bidirectional IPC protocols - Clarify that resource allocation is straightforward given server-class SoCs typically provide 8-16 I2C controllers and Hubris's static resource allocation at compile time - Soften over-emphasized concerns about static partitioning and hardware dependencies, noting these are not significant issues for the target server/datacenter use cases - Remove resource-constrained systems from unsuitable --- docs/src/mctp-i2-resource-partition.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/src/mctp-i2-resource-partition.md b/docs/src/mctp-i2-resource-partition.md index af44918..2256529 100644 --- a/docs/src/mctp-i2-resource-partition.md +++ b/docs/src/mctp-i2-resource-partition.md @@ -15,6 +15,7 @@ The partitioned approach addresses critical reliability and performance concerns - **Blast Radius Limitation**: I2C failures in one domain (e.g., a stuck sensor) cannot impact the other domain's operations - **Blocking Prevention**: Eliminates scenarios where security-critical MCTP tasks could be blocked waiting for I2C server tasks that are servicing slow or unresponsive devices in the general-purpose domain +- **IPC Complexity Reduction**: A unified I2C server handling both master operations (sensors, PMBus) and slave instances (MCTP endpoints) would require complex IPC protocols to manage bidirectional communication and varying response patterns - **Fault Isolation**: Hardware or software failures in sensor management cannot compromise MCTP security protocols ### **External Components** @@ -112,12 +113,12 @@ The partitioned approach addresses critical reliability and performance concerns #### **Implementation Considerations** - **Additional tasks**: More tasks required compared to unified I2C server approach, but each with simpler, focused responsibilities -- **Resource allocation**: Need to carefully assign I2C controllers to appropriate domains during system design +- **Resource allocation**: I2C controllers need to be assigned to appropriate domains during system design (straightforward with abundant controllers in server SoCs and Hubris's static resource allocation at compile time) - **Separate codepaths**: MCTP and general-purpose I2C operations use different patterns, but this enables domain-specific optimizations #### **Reduced Flexibility** -- **Static partitioning**: I2C controllers dedicated to MCTP domain cannot be repurposed for other uses -- **Hardware dependencies**: Architecture requires sufficient I2C controllers to support domain separation +- **Static partitioning**: I2C controllers dedicated to MCTP domain cannot be repurposed for other uses (though this is typically not a concern given the abundance of I2C controllers in server-class SoCs) +- **Hardware dependencies**: Architecture requires sufficient I2C controllers to support domain separation (server-class SoCs for datacenter and management applications typically provide 8-16 I2C controllers, making this requirement easily satisfied) #### **Implementation Challenges** - **Task priorities**: Must carefully configure task priorities to ensure MCTP Router Task can preempt when necessary @@ -125,7 +126,6 @@ The partitioned approach addresses critical reliability and performance concerns - **Testing complexity**: Need separate test strategies for both direct ownership and server-based patterns #### **When This Architecture May Not Be Suitable** -- **Resource-constrained systems**: Platforms with limited I2C controllers may not support domain separation (note: server-class SoCs typically provide 8+ I2C controllers, making partitioning highly feasible) - **Simple deployments**: Systems with minimal I2C traffic may not benefit from the added complexity - **Highly dynamic requirements**: Applications needing frequent reassignment of I2C resources between functions