kcli 99.0.202507120954__py3-none-any.whl → 99.0.202601080644__py3-none-any.whl

kvirt/cluster/openshift/telco_manifests.yml

@@ -0,0 +1,790 @@
+- 98-var-lib-containers-partitioned.yaml: |
+    apiVersion: machineconfiguration.openshift.io/v1
+    kind: MachineConfig
+    metadata:
+      labels:
+        machineconfiguration.openshift.io/role: master
+      name: 98-var-lib-containers-partitioned
+    spec:
+      config:
+        ignition:
+          version: 3.2.0
+        storage:
+          disks:
+            - device: SNO_DISK
+              partitions:
+                - label: var-lib-containers
+                  startMiB: 60000 # Leave room for rootfs
+                  sizeMiB: 0 # Use available space
+          filesystems:
+            - device: /dev/disk/by-partlabel/var-lib-containers
+              format: xfs
+              mountOptions:
+                - defaults
+                - prjquota
+              path: /var/lib/containers
+              wipeFilesystem: true
+        systemd:
+          units:
+            - contents: |-
+                # Generated by Butane
+                [Unit]
+                Before=local-fs.target
+                Requires=systemd-fsck@dev-disk-by\x2dpartlabel-var\x2dlib\x2dcontainers.service
+                After=systemd-fsck@dev-disk-by\x2dpartlabel-var\x2dlib\x2dcontainers.service
+
+                [Mount]
+                Where=/var/lib/containers
+                What=/dev/disk/by-partlabel/var-lib-containers
+                Type=xfs
+                Options=defaults,prjquota
+
+                [Install]
+                RequiredBy=local-fs.target
+              enabled: true
+              name: var-lib-containers.mount
+- 99_workload_partitioning.yaml: |
+    apiVersion: machineconfiguration.openshift.io/v1
+    kind: MachineConfig
+    metadata:
+      labels:
+        machineconfiguration.openshift.io/role: master
+      name: 02-master-workload-partitioning
+    spec:
+      config:
+        ignition:
+          version: 3.2.0
+        storage:
+          files:
+          - contents:
+              source: data:text/plain;charset=utf-8;base64,W2NyaW8ucnVudGltZS53b3JrbG9hZHMubWFuYWdlbWVudF0KYWN0aXZhdGlvbl9hbm5vdGF0aW9uID0gInRhcmdldC53b3JrbG9hZC5vcGVuc2hpZnQuaW8vbWFuYWdlbWVudCIKYW5ub3RhdGlvbl9wcmVmaXggPSAicmVzb3VyY2VzLndvcmtsb2FkLm9wZW5zaGlmdC5pbyIKcmVzb3VyY2VzID0geyAiY3B1c2hhcmVzIiA9IDAsICJjcHVzZXQiID0gIjAtNyIgfQo=
+            mode: 420
+            overwrite: true
+            path: /etc/crio/crio.conf.d/01-workload-partitioning
+            user:
+              name: root
+          - contents:
+              source: data:text/plain;charset=utf-8;base64,ewogICJtYW5hZ2VtZW50IjogewogICAgImNwdXNldCI6ICIwLTciCiAgfQp9Cg==
+            mode: 420
+            overwrite: true
+            path: /etc/kubernetes/openshift-workload-pinning
+            user:
+              name: root
+- 99-openshift-disconnected-catalog.yaml: |
+    apiVersion: operators.coreos.com/v1alpha1
+    kind: CatalogSource
+    metadata:
+      annotations:
+        ran.openshift.io/ztp-deploy-wave: "1"
+      name: redhat-operator-index
+      namespace: openshift-marketplace
+    spec:
+      image: REGISTRY/redhat/redhat-operator-index:vTAG
+      sourceType: grpc
+- 01-container-mount-ns-and-kubelet-conf-master.yaml: |
+    # Automatically generated by extra-manifests-builder
+    # Do not make changes directly.
+    apiVersion: machineconfiguration.openshift.io/v1
+    kind: MachineConfig
+    metadata:
+      labels:
+        machineconfiguration.openshift.io/role: master
+      name: container-mount-namespace-and-kubelet-conf-master
+    spec:
+      config:
+        ignition:
+          version: 3.2.0
+        storage:
+          files:
+          - contents:
+              source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKCmRlYnVnKCkgewogIGVjaG8gJEAgPiYyCn0KCnVzYWdlKCkgewogIGVjaG8gVXNhZ2U6ICQoYmFzZW5hbWUgJDApIFVOSVQgW2VudmZpbGUgW3Zhcm5hbWVdXQogIGVjaG8KICBlY2hvIEV4dHJhY3QgdGhlIGNvbnRlbnRzIG9mIHRoZSBmaXJzdCBFeGVjU3RhcnQgc3RhbnphIGZyb20gdGhlIGdpdmVuIHN5c3RlbWQgdW5pdCBhbmQgcmV0dXJuIGl0IHRvIHN0ZG91dAogIGVjaG8KICBlY2hvICJJZiAnZW52ZmlsZScgaXMgcHJvdmlkZWQsIHB1dCBpdCBpbiB0aGVyZSBpbnN0ZWFkLCBhcyBhbiBlbnZpcm9ubWVudCB2YXJpYWJsZSBuYW1lZCAndmFybmFtZSciCiAgZWNobyAiRGVmYXVsdCAndmFybmFtZScgaXMgRVhFQ1NUQVJUIGlmIG5vdCBzcGVjaWZpZWQiCiAgZXhpdCAxCn0KClVOSVQ9JDEKRU5WRklMRT0kMgpWQVJOQU1FPSQzCmlmIFtbIC16ICRVTklUIHx8ICRVTklUID09ICItLWhlbHAiIHx8ICRVTklUID09ICItaCIgXV07IHRoZW4KICB1c2FnZQpmaQpkZWJ1ZyAiRXh0cmFjdGluZyBFeGVjU3RhcnQgZnJvbSAkVU5JVCIKRklMRT0kKHN5c3RlbWN0bCBjYXQgJFVOSVQgfCBoZWFkIC1uIDEpCkZJTEU9JHtGSUxFI1wjIH0KaWYgW1sgISAtZiAkRklMRSBdXTsgdGhlbgogIGRlYnVnICJGYWlsZWQgdG8gZmluZCByb290IGZpbGUgZm9yIHVuaXQgJFVOSVQgKCRGSUxFKSIKICBleGl0CmZpCmRlYnVnICJTZXJ2aWNlIGRlZmluaXRpb24gaXMgaW4gJEZJTEUiCkVYRUNTVEFSVD0kKHNlZCAtbiAtZSAnL15FeGVjU3RhcnQ9LipcXCQvLC9bXlxcXSQvIHsgcy9eRXhlY1N0YXJ0PS8vOyBwIH0nIC1lICcvXkV4ZWNTdGFydD0uKlteXFxdJC8geyBzL15FeGVjU3RhcnQ9Ly87IHAgfScgJEZJTEUpCgppZiBbWyAkRU5WRklMRSBdXTsgdGhlbgogIFZBUk5BTUU9JHtWQVJOQU1FOi1FWEVDU1RBUlR9CiAgZWNobyAiJHtWQVJOQU1FfT0ke0VYRUNTVEFSVH0iID4gJEVOVkZJTEUKZWxzZQogIGVjaG8gJEVYRUNTVEFSVApmaQo=
+            mode: 493
+            path: /usr/local/bin/extractExecStart
+          - contents:
+              source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKbnNlbnRlciAtLW1vdW50PS9ydW4vY29udGFpbmVyLW1vdW50LW5hbWVzcGFjZS9tbnQgIiRAIgo=
+            mode: 493
+            path: /usr/local/bin/nsenterCmns
+        systemd:
+          units:
+          - contents: |
+              [Unit]
+              Description=Manages a mount namespace that both kubelet and crio can use to share their container-specific mounts
+
+              [Service]
+              Type=oneshot
+              RemainAfterExit=yes
+              RuntimeDirectory=container-mount-namespace
+              Environment=RUNTIME_DIRECTORY=%t/container-mount-namespace
+              Environment=BIND_POINT=%t/container-mount-namespace/mnt
+              ExecStartPre=bash -c "findmnt ${RUNTIME_DIRECTORY} || mount --make-unbindable --bind ${RUNTIME_DIRECTORY} ${RUNTIME_DIRECTORY}"
+              ExecStartPre=touch ${BIND_POINT}
+              ExecStart=unshare --mount=${BIND_POINT} --propagation slave mount --make-rshared /
+              ExecStop=umount -R ${RUNTIME_DIRECTORY}
+            name: container-mount-namespace.service
+          - dropins:
+            - contents: |
+                [Unit]
+                Wants=container-mount-namespace.service
+                After=container-mount-namespace.service
+
+                [Service]
+                ExecStartPre=/usr/local/bin/extractExecStart %n /%t/%N-execstart.env ORIG_EXECSTART
+                EnvironmentFile=-/%t/%N-execstart.env
+                ExecStart=
+                ExecStart=bash -c "nsenter --mount=%t/container-mount-namespace/mnt \
+                    ${ORIG_EXECSTART}"
+              name: 90-container-mount-namespace.conf
+            name: crio.service
+          - dropins:
+            - contents: |
+                [Unit]
+                Wants=container-mount-namespace.service
+                After=container-mount-namespace.service
+
+                [Service]
+                ExecStartPre=/usr/local/bin/extractExecStart %n /%t/%N-execstart.env ORIG_EXECSTART
+                EnvironmentFile=-/%t/%N-execstart.env
+                ExecStart=
+                ExecStart=bash -c "nsenter --mount=%t/container-mount-namespace/mnt \
+                    ${ORIG_EXECSTART} --housekeeping-interval=30s"
+              name: 90-container-mount-namespace.conf
+            - contents: |
+                [Service]
+                Environment="OPENSHIFT_MAX_HOUSEKEEPING_INTERVAL_DURATION=60s"
+                Environment="OPENSHIFT_EVICTION_MONITORING_PERIOD_DURATION=30s"
+              name: 30-kubelet-interval-tuning.conf
+            name: kubelet.service
+- 01-container-mount-ns-and-kubelet-conf-worker.yaml: |
+    # Automatically generated by extra-manifests-builder
+    # Do not make changes directly.
+    apiVersion: machineconfiguration.openshift.io/v1
+    kind: MachineConfig
+    metadata:
+      labels:
+        machineconfiguration.openshift.io/role: worker
+      name: container-mount-namespace-and-kubelet-conf-worker
+    spec:
+      config:
+        ignition:
+          version: 3.2.0
+        storage:
+          files:
+          - contents:
+              source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKCmRlYnVnKCkgewogIGVjaG8gJEAgPiYyCn0KCnVzYWdlKCkgewogIGVjaG8gVXNhZ2U6ICQoYmFzZW5hbWUgJDApIFVOSVQgW2VudmZpbGUgW3Zhcm5hbWVdXQogIGVjaG8KICBlY2hvIEV4dHJhY3QgdGhlIGNvbnRlbnRzIG9mIHRoZSBmaXJzdCBFeGVjU3RhcnQgc3RhbnphIGZyb20gdGhlIGdpdmVuIHN5c3RlbWQgdW5pdCBhbmQgcmV0dXJuIGl0IHRvIHN0ZG91dAogIGVjaG8KICBlY2hvICJJZiAnZW52ZmlsZScgaXMgcHJvdmlkZWQsIHB1dCBpdCBpbiB0aGVyZSBpbnN0ZWFkLCBhcyBhbiBlbnZpcm9ubWVudCB2YXJpYWJsZSBuYW1lZCAndmFybmFtZSciCiAgZWNobyAiRGVmYXVsdCAndmFybmFtZScgaXMgRVhFQ1NUQVJUIGlmIG5vdCBzcGVjaWZpZWQiCiAgZXhpdCAxCn0KClVOSVQ9JDEKRU5WRklMRT0kMgpWQVJOQU1FPSQzCmlmIFtbIC16ICRVTklUIHx8ICRVTklUID09ICItLWhlbHAiIHx8ICRVTklUID09ICItaCIgXV07IHRoZW4KICB1c2FnZQpmaQpkZWJ1ZyAiRXh0cmFjdGluZyBFeGVjU3RhcnQgZnJvbSAkVU5JVCIKRklMRT0kKHN5c3RlbWN0bCBjYXQgJFVOSVQgfCBoZWFkIC1uIDEpCkZJTEU9JHtGSUxFI1wjIH0KaWYgW1sgISAtZiAkRklMRSBdXTsgdGhlbgogIGRlYnVnICJGYWlsZWQgdG8gZmluZCByb290IGZpbGUgZm9yIHVuaXQgJFVOSVQgKCRGSUxFKSIKICBleGl0CmZpCmRlYnVnICJTZXJ2aWNlIGRlZmluaXRpb24gaXMgaW4gJEZJTEUiCkVYRUNTVEFSVD0kKHNlZCAtbiAtZSAnL15FeGVjU3RhcnQ9LipcXCQvLC9bXlxcXSQvIHsgcy9eRXhlY1N0YXJ0PS8vOyBwIH0nIC1lICcvXkV4ZWNTdGFydD0uKlteXFxdJC8geyBzL15FeGVjU3RhcnQ9Ly87IHAgfScgJEZJTEUpCgppZiBbWyAkRU5WRklMRSBdXTsgdGhlbgogIFZBUk5BTUU9JHtWQVJOQU1FOi1FWEVDU1RBUlR9CiAgZWNobyAiJHtWQVJOQU1FfT0ke0VYRUNTVEFSVH0iID4gJEVOVkZJTEUKZWxzZQogIGVjaG8gJEVYRUNTVEFSVApmaQo=
+            mode: 493
+            path: /usr/local/bin/extractExecStart
+          - contents:
+              source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKbnNlbnRlciAtLW1vdW50PS9ydW4vY29udGFpbmVyLW1vdW50LW5hbWVzcGFjZS9tbnQgIiRAIgo=
+            mode: 493
+            path: /usr/local/bin/nsenterCmns
+        systemd:
+          units:
+          - contents: |
+              [Unit]
+              Description=Manages a mount namespace that both kubelet and crio can use to share their container-specific mounts
+
+              [Service]
+              Type=oneshot
+              RemainAfterExit=yes
+              RuntimeDirectory=container-mount-namespace
+              Environment=RUNTIME_DIRECTORY=%t/container-mount-namespace
+              Environment=BIND_POINT=%t/container-mount-namespace/mnt
+              ExecStartPre=bash -c "findmnt ${RUNTIME_DIRECTORY} || mount --make-unbindable --bind ${RUNTIME_DIRECTORY} ${RUNTIME_DIRECTORY}"
+              ExecStartPre=touch ${BIND_POINT}
+              ExecStart=unshare --mount=${BIND_POINT} --propagation slave mount --make-rshared /
+              ExecStop=umount -R ${RUNTIME_DIRECTORY}
+            name: container-mount-namespace.service
+          - dropins:
+            - contents: |
+                [Unit]
+                Wants=container-mount-namespace.service
+                After=container-mount-namespace.service
+
+                [Service]
+                ExecStartPre=/usr/local/bin/extractExecStart %n /%t/%N-execstart.env ORIG_EXECSTART
+                EnvironmentFile=-/%t/%N-execstart.env
+                ExecStart=
+                ExecStart=bash -c "nsenter --mount=%t/container-mount-namespace/mnt \
+                    ${ORIG_EXECSTART}"
+              name: 90-container-mount-namespace.conf
+            name: crio.service
+          - dropins:
+            - contents: |
+                [Unit]
+                Wants=container-mount-namespace.service
+                After=container-mount-namespace.service
+
+                [Service]
+                ExecStartPre=/usr/local/bin/extractExecStart %n /%t/%N-execstart.env ORIG_EXECSTART
+                EnvironmentFile=-/%t/%N-execstart.env
+                ExecStart=
+                ExecStart=bash -c "nsenter --mount=%t/container-mount-namespace/mnt \
+                    ${ORIG_EXECSTART} --housekeeping-interval=30s"
+              name: 90-container-mount-namespace.conf
+            - contents: |
+                [Service]
+                Environment="OPENSHIFT_MAX_HOUSEKEEPING_INTERVAL_DURATION=60s"
+                Environment="OPENSHIFT_EVICTION_MONITORING_PERIOD_DURATION=30s"
+              name: 30-kubelet-interval-tuning.conf
+            name: kubelet.service
+- 01-disk-encryption-pcr-rebind-master.yaml: |
+    # Automatically generated by extra-manifests-builder
+    # Do not make changes directly.
+    apiVersion: machineconfiguration.openshift.io/v1
+    kind: MachineConfig
+    metadata:
+      labels:
+        machineconfiguration.openshift.io/role: master
+      name: 01-disk-encryption-rebind-master
+    spec:
+      config:
+        ignition:
+          version: 3.2.0
+        storage:
+          files:
+          - contents:
+              source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKc2V0IC1vIGVycmV4aXQgLW8gbm91bnNldCAtbyBwaXBlZmFpbAoKQ0xFVklTPWNsZXZpcwpMU0JMSz1sc2JsawpERUJVRz0idHJ1ZSIKUkVTRVJWRURfU0xPVD0zMQpDTEVWSVNfQ09ORklHX1JFU0VSVkVEX1NMT1Q9IiRSRVNFUlZFRF9TTE9UOiB0cG0yICd7XCJoYXNoXCI6XCJzaGEyNTZcIixcImtleVwiOlwiZWNjXCJ9JyIKVFJVRT0wCkZBTFNFPTEKCiNzZXQgLXgKCiMgbG9nIGZ1bmN0aW9uLiBUYWtlcyAyIGFyZ3VtZW50czoKIyBsb2cgbGV2ZWw6IGRlYnVnIG9yIGluZm8KIyBzdHJpbmcgdG8gcHJpbnQKbG9nKCkgewoJbG9jYWwgbG9nTGV2ZWwgbG9nVGV4dAoKCWxvZ0xldmVsPSIkMSIKCWxvZ1RleHQ9IiQyIgoJY2FzZSAkbG9nTGV2ZWwgaW4KCSJkZWJ1ZyIpCgkJZWNobyAiREVCVUcgLSAkbG9nVGV4dCIgPiYyCgkJOzsKCSJpbmZvIikKCQllY2hvICJJTkZPIC0gJGxvZ1RleHQiID4mMgoJCTs7CgkqKQoJCSMgQ29kZSB0byBleGVjdXRlIHdoZW4gbm8gcGF0dGVybnMgbWF0Y2gKCQk7OwoJZXNhYwp9CgojIGxvZ3MgYSBzdHJpbmcgd2l0aCBhIGRlYnVnIGxldmVsCmxvZ0RlYnVnKCkgewoJbG9jYWwgbG9nVGV4dD0iJDEiCglpZiAhIFsgLXYgREVCVUcgXSB8fCB7IFsgLXYgREVCVUcgXSAmJiBbICIkREVCVUciID09ICJ0cnVlIiBdOyB9OyB0aGVuCgkJbG9nICJkZWJ1ZyIgIiRsb2dUZXh0IgoJZmkKfQoKIyBsb2dzIGEgc3RyaW5nIHdpdGggYSBpbmZvIGxldmVsCmxvZ0luZm8oKSB7Cglsb2NhbCBsb2dUZXh0CgoJbG9nVGV4dD0iJDEiCglsb2cgImluZm8iICIkbG9nVGV4dCIKfQoKIyByZXR1cm4gJFRSVUUgaWQgdGhlIHRlbXBvcmFyeSByZXNlcnZlZCBzbG90IGlzIGNvbmZpZ3VyZWQgd2l0aCBhIGtleSAodG8gZGlzYWJsZSBQQ1IgcHJvdGVjdGlvbiksIHJldHVybnMgJEZBTFNFIG90aGVyd2lzZQppc1Jlc2VydmVkU2xvdFByZXNlbnQoKSB7Cglsb2NhbCBkZXZpY2VQYXRoCgoJZGV2aWNlUGF0aD0iJDEiCglSRVNVTFQ9JCgkQ0xFVklTIGx1a3MgbGlzdCAtZCAiJGRldmljZVBhdGgiIC1zICRSRVNFUlZFRF9TTE9UIHx8IHRydWUpCglpZiBbIC1uICIkUkVTVUxUIiBdICYmIFsgIiRSRVNVTFQiID09ICIkQ0xFVklTX0NPTkZJR19SRVNFUlZFRF9TTE9UIiBdOyB0aGVuCgkJbG9nRGVidWcgInJlc2VydmVkIHNsb3QgJFJFU0VSVkVEX1NMT1QgaXMgcHJlc2VudCIKCQlyZXR1cm4gJFRSVUUKCWZpCglsb2dEZWJ1ZyAicmVzZXJ2ZWQgc2xvdCAkUkVTRVJWRURfU0xPVCBpcyBub3QgcHJlc2VudCIKCXJldHVybiAkRkFMU0UKfQoKIyBjcmVhdGUgYSB0ZW1wb3Jhcnkga2V5IGluIHRoZSByZXNlcnZlZCBzbG90IHRvIGRpc2FibGUgUENSIHByb3RlY3Rpb24KYWRkUmVzZXJ2ZWRTbG90KCkgewoJbG9jYWwgcmVzZXJ2ZWRTbG90UHJlc2VudCBkZXZpY2VQYXRoIHNsb3QgcGNySURzIGNsZXZpc0NvbmZpZwoKCXJlc2VydmVkU2xvdFByZXNlbnQ9IiQxIgoJZGV2aWNlUGF0aD0iJDIiCglzbG90PSIkMyIKCXBjcklEcz0iJDQiCgljbGV2aXNDb25maWc9IiQ1IgoJbG9nSW5mbyAicmVzZXJ2ZWRTbG90UHJlc2VudD0kcmVzZXJ2ZWRTbG90UHJlc2VudCBkZXZpY2U9JGRldmljZVBhdGggc2xvdD0kc2xvdCB3aXRoIFBDUiBJRHM9JHBjcklEcyBhbmQgJENMRVZJUyBjb25maWc9JGNsZXZpc0NvbmZpZyIKCWlmIFsgIiRyZXNlcnZlZFNsb3RQcmVzZW50IiA9PSAiJFRSVUUiIF07IHRoZW4KCQlsb2dJbmZvICJyZXNlcnZlIHNsb3QgYWxyZWFkeSBwcmVzZW50LCBubyBuZWVkIHRvIGFkZCBhZ2FpbiIKCQkkQ0xFVklTIGx1a3MgbGlzdCAtZCAiJGRldmljZVBhdGgiIHx8IHRydWUKCQlyZXR1cm4KCWZpCglsb2dJbmZvICJhZGRpbmcgcmVzZXJ2ZWQgc2xvdCBvbiBkZXZpY2U9JGRldmljZVBhdGgiCglBTllQQVNTPSQob3BlbnNzbCByYW5kIC1iYXNlNjQgMjEpCgllY2hvIC1lICIkQU5ZUEFTU1xuIiB8ICRDTEVWSVMgbHVrcyBiaW5kIC1zICRSRVNFUlZFRF9TTE9UIC1kICIkZGV2aWNlUGF0aCIgdHBtMiAne30nIHx8IHRydWUKCSRDTEVWSVMgbHVrcyBsaXN0IC1kICIkZGV2aWNlUGF0aCIgfHwgdHJ1ZQp9CgojIHJlbW92ZSB0aGUgdGVtcG9yYXJ5IGtleSBpbiB0aGUgcmVzZXJ2ZWQgc2xvdCB0byBlbmFibGUgUENSIHByb3RlY3Rpb24KcmVtb3ZlUmVzZXJ2ZWRTbG90KCkgewoJbG9jYWwgZGV2aWNlUGF0aAoKCWRldmljZVBhdGg9IiQxIgoJbG9nSW5mbyAicmVtb3ZpbmcgbHVrcyByZXNlcnZlZCBzbG90IDMxIGluIGRpc2sgJGRldmljZVBhdGgiCgkjIGRvIG5vdCBjaGFuZ2UgdGhpcyBsaW5lLiBUaGVyZSBpcyBhIHZlcnkgd2VpcmQgYmVoYXZpb3Igd2hlcmUgdmFyaWFibGUgCgkjIHN1YnN0aXR1dGlvbiBkb2VzIG5vdCB3b3JrIGZvciB0aGUgY2xldmlzIGx1a3MgdW5iaW5kIGNvbW1hbmQKCWVjaG8gInN1ZG8gJENMRVZJUyBsdWtzIHVuYmluZCAtcyAkUkVTRVJWRURfU0xPVCAtZCAkZGV2aWNlUGF0aCAtZiIgfCBiYXNoIHx8IHRydWUKfQoKI2dldHMgdGhlIGxpc3Qgb2YgbHVrcyBkZXZpY2VzIGluIHRoZSBzeXN0ZW0KZ2V0TFVLU0RldmljZXMoKSB7Cglsb2NhbCByZXN1bHRzCglyZXN1bHRzPSQoJExTQkxLIC1vIE5BTUUsRlNUWVBFIC1sIHwgZ3JlcCBjcnlwdG9fTFVLUyB8IGF3ayAne3ByaW50ZiAiL2Rldi8iICQxICJ8In0nKQoJbG9nRGVidWcgImdvdCBsdWtzIGRldmljZXMgYWNyb3NzIGFsbCBkcml2ZXM6ICRyZXN1bHRzIgoJZWNobyAiJHJlc3VsdHMiCn0KCiMgY3JlYXRlIGEgbGlzdCBvZiBzbG90IGNvbmZpZ3VyYXRpb24gZm9yIGFsbCBlbmNyeXB0ZWQgZGV2aWNlcyBpbiB0aGUgc3lzdGVtCnBhcnNlQ2xldmlzQ29uZmlnKCkgewoJbG9jYWwgbHVrc0RldmljZXMgSUZTCgoJbHVrc0RldmljZXM9IiQxIgoJSUZTPSJ8IgoJZm9yIGRldmljZSBpbiAkbHVrc0RldmljZXM7IGRvCgkJbG9nRGVidWcgImRldmljZT0kZGV2aWNlIgoJCWlzUmVzZXJ2ZWRTbG90UHJlc2VudCAiJGRldmljZSIKCQlpc1Jlc2VydmVkPSIkPyIKCQlwY3JTbG90cz0kKGdldFBjclNsb3RzRm9yRGV2aWNlICIkZGV2aWNlIikKCQlsb2dEZWJ1ZyAicGNyU2xvdHM9JHBjclNsb3RzIgoJCXBhcnNlQ2xldmlzUmVnZXggIiRwY3JTbG90cyIgIiRpc1Jlc2VydmVkIiAiJGRldmljZSIKCWRvbmUKfQoKZ2V0UGNyU2xvdHNGb3JEZXZpY2UoKSB7Cglsb2NhbCBkZXZpY2VQYXRoCgoJZGV2aWNlUGF0aD0iJDEiCgoJbG9nRGVidWcgImdldFBjclNsb3RzRm9yRGV2aWNlLCBkZXZpY2U9JGRldmljZVBhdGgiCgkkQ0xFVklTIGx1a3MgbGlzdCAtZCAiJGRldmljZVBhdGgiIHwgZ3JlcCAtdiAiJFJFU0VSVkVEX1NMT1Q6IiB8IGdyZXAgcGNyX2lkcyB8fCB0cnVlCn0KCnBhcnNlQ2xldmlzUmVnZXgoKSB7Cglsb2NhbCBjbGV2aXNTbG90c091dHB1dFdpdGhQQ1IgaXNSZXNlcnZlZCBkZXZpY2VQYXRoIElGUwoKCWNsZXZpc1Nsb3RzT3V0cHV0V2l0aFBDUj0iJDEiCglpc1Jlc2VydmVkPSIkMiIKCWRldmljZVBhdGg9IiQzIgoJSUZTPSQnXG4nCglmb3IgbGluZSBpbiAkY2xldmlzU2xvdHNPdXRwdXRXaXRoUENSOyBkbwoJCWxvZ0RlYnVnICJsaW5lPSRsaW5lIgoJCWVjaG8gIiRsaW5lIiB8IHNlZCAtRSAnc0AoWzAtOV0rKSg6XHMrLiorXHMrJ1wnJykoXHspKC4qPyJwY3JfaWRzIjoiKShbXiJdKikoIi4qKSguKikoJ1wnJy4qKUAnIiRpc1Jlc2VydmVkIid8JyIkZGV2aWNlUGF0aCInfFwxfFw1fFwzXDRcNVw2XDdAJwoJZG9uZQp9CgojIGV4ZWN1dGVzIGEgZnVuY3Rpb24gcG9pbnRlciBwYXNzZWQgYXJndW1lbnQgImZ1bmN0aW9uVG9SdW4iIGZvciBlYWNoIHNsb3QgY29uZmlndXJlZCB3aXRoIFBDUiBhbmQKIyBmb3IgZXZlcnkgZGV2aWNlIGluIHRoZSBzeXN0ZW0KcHJvY2Vzc1BDUmVudHJpZXNPbmx5KCkgewoJbG9jYWwgbHVrc0RldmljZXMgcGFyc2VkQ2xldmlzIGZ1bmN0aW9uVG9SdW4KCWZ1bmN0aW9uVG9SdW49IiQxIgoJbHVrc0RldmljZXM9JChnZXRMVUtTRGV2aWNlcykKCXBhcnNlZENsZXZpcz0kKHBhcnNlQ2xldmlzQ29uZmlnICIkbHVrc0RldmljZXMiKQoKCWlmIFsgIiRwYXJzZWRDbGV2aXMiID09ICIiIF07IHRoZW4KCQlsb2dJbmZvICJubyBwY3IgY29uZmlnIGRldGVjdGVkLCBub3RoaW5nIHRvIGRvIGZvciAkZnVuY3Rpb25Ub1J1biIKCQlyZXR1cm4KCWZpCglsb2dJbmZvICJwYXJzZWQgY2xldmlzIGZvciBhbGwgZHJpdmVzOiAkcGFyc2VkQ2xldmlzIgoJZWNobyAiJHBhcnNlZENsZXZpcyIgfCB3aGlsZSBJRlM9IHJlYWQgLXIgbGluZTsgZG8KCQlsb2dEZWJ1ZyAiJGxpbmUiCgkJSUZTPSJ8IiByZWFkIC1yYSB2YWx1ZXMgPDw8IiRsaW5lIgoJCXJlc2VydmVkU2xvdFByZXNlbnQ9JHt2YWx1ZXNbMF19CgkJZGV2aWNlPSR7dmFsdWVzWzFdfQoJCXNsb3ROdW1iZXI9JHt2YWx1ZXNbMl19CgkJcGNySURzPSR7dmFsdWVzWzNdfQoJCWNsZXZpc0NvbmZpZz0ke3ZhbHVlc1s0XX0KCQlsb2dJbmZvICJyZXNlcnZlZFNsb3Q9JHJlc2VydmVkU2xvdFByZXNlbnQgZGV2aWNlPSRkZXZpY2Ugc2xvdD0kc2xvdE51bWJlciB3aXRoIFBDUiBJRHM9JHBjcklEcyBhbmQgY2xldmlzIGNvbmZpZz0kY2xldmlzQ29uZmlnIgoJCWlmIFsgLW4gIiRwY3JJRHMiIF07IHRoZW4KCQkJbG9nRGVidWcgImJlZm9yZSBhcHBseWluZyBjb21tYW5kOiAkKC91c3IvYmluL3RwbTJfcGNycmVhZCBzaGEyNTY6IiRwY3JJRHMiKSIKCQkJIiRmdW5jdGlvblRvUnVuIiAiJHJlc2VydmVkU2xvdFByZXNlbnQiICIkZGV2aWNlIiAiJHNsb3ROdW1iZXIiICIkcGNySURzIiAiJGNsZXZpc0NvbmZpZyIgfHwgdHJ1ZQoJCQlsb2dEZWJ1ZyAiYWZ0ZXIgYXBwbHlpbmcgY29tbWFuZDogJCgvdXNyL2Jpbi90cG0yX3BjcnJlYWQgc2hhMjU2OiIkcGNySURzIikiCgkJZmkKCWRvbmUKfQoKIyBpbml0aWFsaXplIHRoZSBhcnJheSBvZiB1cGdyYWRlIGRldGVjdGlvbiBtZXRob2RzIHNlcnZlclVwZGF0ZURldGVjdGlvbk1ldGhvZHMKaW5pdFVwZ3JhZGVEZXRlY3Rpb25NZXRob2RzKCkgewoJIyBzaGVsbGNoZWNrIHNvdXJjZT1od3VwZ3JhZGUtZGV0ZWN0aW9uLW1ldGhvZHMvZmlsZS5zaAoJZm9yIGYgaW4gIiRTQ1JJUFRfRElSIi9od3VwZ3JhZGUtZGV0ZWN0aW9uLW1ldGhvZHMvKi5zaDsgZG8gc291cmNlICIkZiI7IGRvbmUKCWxvZ0luZm8gImRldGVjdGVkIHN5c3RlbSB1cGdyYWRlIGRldGVjdGlvbiBwbHVnaW5zOiIKCWZvciBlbGVtZW50IGluICIke3NlcnZlclVwZGF0ZURldGVjdGlvbk1ldGhvZHNbQF19IjsgZG8gZWNobyAiJGVsZW1lbnQiOyBkb25lCn0KCiMgZXhlY3V0ZSBhbGwgaHcgdXBncmFkZSBkZXRlY3Rpb24gZnVuY3Rpb25zIGluIGh3dXBncmFkZS1kZXRlY3Rpb24tbWV0aG9kcyBkaXJlY3RvcnkKIyByZXR1cm5zIHRydWUgaWYgYSBodyB1cGdyYWRlIGlzIGRldGVjdGVkCiMgZmFsc2Ugb3RoZXJ3aXNlCmlzU3lzdGVtVXBkYXRpbmcoKSB7Cglsb2NhbCBpc1VwZGF0aW5nCgoJaXNVcGRhdGluZz0kRkFMU0UKCSMgSXRlcmF0ZSB0aHJvdWdoIHRoZSB1cGRhdGVkIGFycmF5IGFuZCBjYWxsIGVhY2ggZnVuY3Rpb24KCWZvciBmdW5jIGluICIke3NlcnZlclVwZGF0ZURldGVjdGlvbk1ldGhvZHNbQF19IjsgZG8KCQlpZiAkZnVuYzsgdGhlbgoJCQlpc1VwZGF0aW5nPSRUUlVFCgkJCWxvZ0luZm8gImRldGVjdGVkIHVwZGF0ZSB2aWEgJGZ1bmMiCgkJZWxzZQoJCQlsb2dJbmZvICJubyB1cGRhdGUgZGV0ZWN0ZWQgdmlhICRmdW5jIgoJCWZpCglkb25lCglyZXR1cm4gJGlzVXBkYXRpbmcKfQoKI3JlYmluZHMgYSBnaXZlbiBrZXkgc2xvdCB0aGF0IGlzIGNvbmZpZ3VyZWQgd2l0aCBQQ1IgZm9yIGEgZ2l2ZW4gZGV2aWNlCnJlYmluZFBDUmVudHJpZXNPbmx5KCkgewoJbG9jYWwgcmVzZXJ2ZWRTbG90UHJlc2VudCBkZXZpY2VQYXRoIHNsb3QgcGNySURzIGNsZXZpc0NvbmZpZwoKCXJlc2VydmVkU2xvdFByZXNlbnQ9IiQxIgoJZGV2aWNlUGF0aD0iJDIiCglzbG90PSIkMyIKCXBjcklEcz0iJDQiCgljbGV2aXNDb25maWc9IiQ1IgoKCWxvZ0luZm8gIlJlYmluZGluZyByZXNlcnZlZFNsb3RQcmVzZW50PSRyZXNlcnZlZFNsb3RQcmVzZW50IGRldmljZT0kZGV2aWNlUGF0aCBzbG90PSRzbG90IHdpdGggUENSIElEcz0kcGNySURzIGFuZCBjbGV2aXMgY29uZmlnPSRjbGV2aXNDb25maWciCgljbGV2aXMtbHVrcy1yZWdlbiAtZCAiJGRldmljZVBhdGgiIC1zICIkc2xvdCIgLXEgfHwgdHJ1ZQoJcmVtb3ZlUmVzZXJ2ZWRTbG90ICIkZGV2aWNlUGF0aCIKfQo=
+            mode: 493
+            path: /usr/local/bin/luks-helpers.sh
+          - contents:
+              source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKc2V0IC1vIGVycmV4aXQgLW8gbm91bnNldCAtbyBwaXBlZmFpbAoKU0NSSVBUX0RJUj0kKGRpcm5hbWUgIiQwIikKc291cmNlICIkU0NSSVBUX0RJUiIvbHVrcy1oZWxwZXJzLnNoCgpsb2dJbmZvICJTaHV0dGluZyBkb3duIG9yIHJlYm9vdGluZyIKaW5pdFVwZ3JhZGVEZXRlY3Rpb25NZXRob2RzCmlmIGlzU3lzdGVtVXBkYXRpbmc7IHRoZW4KCWxvZ0luZm8gIlN5c3RlbSBIVyB1cGRhdGUgZGV0ZWN0ZWQsIGRpc2FibGluZyBQQ1IgcHJvdGVjdGlvbiBvbiBhbGwgUENSIHByb3RlY3RlZCBMVUtTIHBhcnRpdGlvbnMiCglwcm9jZXNzUENSZW50cmllc09ubHkgYWRkUmVzZXJ2ZWRTbG90CglleGl0IDAKZmkKCmxvZ0luZm8gIk5vIFN5c3RlbSBIVyB1cGRhdGUgZGV0ZWN0ZWQsIGNvbnRpbnVlIgo=
+            mode: 493
+            path: /usr/local/bin/disablePcrOnRebootOrShutdown.sh
+          - contents:
+              source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKc2V0IC1vIGVycmV4aXQgLW8gbm91bnNldCAtbyBwaXBlZmFpbAoKU0NSSVBUX0RJUj0kKGRpcm5hbWUgIiQwIikKIyBzaGVsbGNoZWNrIHNvdXJjZT1sdWtzLWhlbHBlcnMuc2gKc291cmNlICIkU0NSSVBUX0RJUiIvbHVrcy1oZWxwZXJzLnNoCiNzZXQgLXgKCmxvZ0luZm8gImJvb3RpbmcuLi4gY2hlY2tpbmcgaWYgcmViaW5kaW5nIGRpc2sgbmVlZGVkIgpwcm9jZXNzUENSZW50cmllc09ubHkgcmViaW5kUENSZW50cmllc09ubHkK
+            mode: 493
+            path: /usr/local/bin/rebindDiskOnBoot.sh
+          - contents:
+              source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKc2V0IC1vIGVycmV4aXQgLW8gbm91bnNldCAtbyBwaXBlZmFpbAoKaXNDdXN0b21GaWxlVXBkYXRpbmcoKSB7CglpZiBbIC1mICIvZXRjL2hvc3QtaHctVXBkYXRpbmcuZmxhZyIgXTsgdGhlbgoJCXJldHVybiAiJFRSVUUiCgllbHNlCgkJcmV0dXJuICIkRkFMU0UiCglmaQp9CgojIEFkZCBhIG5ldyBmdW5jdGlvbiB0byB0aGUgYXJyYXkgb2YgdXBkYXRlIGRldGVjdGlvbiBtZXRob2RzCnNlcnZlclVwZGF0ZURldGVjdGlvbk1ldGhvZHMrPSgiaXNDdXN0b21GaWxlVXBkYXRpbmciKQo=
+            mode: 493
+            path: /usr/local/bin/hwupgrade-detection-methods/file.sh
+          - contents:
+              source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKc2V0IC1vIGVycmV4aXQgLW8gbm91bnNldCAtbyBwaXBlZmFpbAoKaXNGd3VwVXBkYXRpbmcoKSB7Cglsb2NhbCBFRkkgTkVYVF9CT09UCgoJRUZJPSQoZWZpYm9vdG1ncikKCU5FWFRfQk9PVD0kKGVjaG8gIiRFRkkiIHwgZ3JlcCAiQm9vdE5leHQ6IiB8IGF3ayAneyBwcmludCAkMiB9JykKCWlmIFsgIiRORVhUX0JPT1QiID09ICIiIF07IHRoZW4KCQlyZXR1cm4gMQoJZmkKCWVjaG8gIiRFRkkiIHwgZ3JlcCAiQm9vdCRORVhUX0JPT1QiIHwgZ3JlcCAiZnd1cGQiCgkjIGlmIHRoZSBuZXh0IGJvb3QgbGluZSBjb250YWlucyB0aGUgdGV4dCAiZnd1cGQiCglpZiBbICQ/IF07IHRoZW4KCQlyZXR1cm4gIiRUUlVFIgoJZmkKCXJldHVybiAiJEZBTFNFIgp9CgojIEFkZCBhIG5ldyBmdW5jdGlvbiB0byB0aGUgYXJyYXkgb2YgdXBkYXRlIGRldGVjdGlvbiBtZXRob2RzCnNlcnZlclVwZGF0ZURldGVjdGlvbk1ldGhvZHMrPSgiaXNGd3VwVXBkYXRpbmciKQo=
+            mode: 493
+            path: /usr/local/bin/hwupgrade-detection-methods/fwup.sh
+          - contents:
+              source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKc2V0IC1vIGVycmV4aXQgLW8gbm91bnNldCAtbyBwaXBlZmFpbAoKaXNPc3RyZWVVcGRhdGluZygpIHsKCWxvY2FsIFJFU1VMVAoKCVJFU1VMVD0kKG9zdHJlZSBhZG1pbiBzdGF0dXMgfCBncmVwIC1FICJzdGFnZWR8cGVuZGluZyIpCglpZiBbICIkUkVTVUxUIiAhPSAiIiBdOyB0aGVuCgkJcmV0dXJuICIkVFJVRSIKCWVsc2UKCQlyZXR1cm4gIiRGQUxTRSIKCWZpCn0KCiMgQWRkIGEgbmV3IGZ1bmN0aW9uIHRvIHRoZSBhcnJheSBvZiB1cGRhdGUgZGV0ZWN0aW9uIG1ldGhvZHMKc2VydmVyVXBkYXRlRGV0ZWN0aW9uTWV0aG9kcys9KCJpc09zdHJlZVVwZGF0aW5nIikK
+            mode: 493
+            path: /usr/local/bin/hwupgrade-detection-methods/ostree.sh
+          - contents:
+              source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKc2V0IC1vIGVycmV4aXQgLW8gbm91bnNldCAtbyBwaXBlZmFpbAoKU1BPS0VfS1VCRUNPTkZJR19QQVRIPS92YXIvbGliL2t1YmVsZXQva3ViZWNvbmZpZwpIVUJfU0VDUkVUX05BTUVTUEFDRT1vcGVuLWNsdXN0ZXItbWFuYWdlbWVudC1hZ2VudApIVUJfU0VDUkVUX05BTUU9aHViLWt1YmVjb25maWctc2VjcmV0CgojIHJldHJpZXZlcyB0aGUga3ViZWNvbmZpZyBmb3IgdGhpcyBzcG9rZSdzIGNsdXN0ZXIKZ2V0SHViS3ViZWNvbmZpZygpIHsKCWxvY2FsIGt1YmVDb25maWdQYXRoIG5hbWVzcGFjZSBzZWNyZXROYW1lIEtVQkVDT05GSUdfREFUQSBUTFNfS0VZIFRMU19DUlQKCglrdWJlQ29uZmlnUGF0aD0iJDEiCgluYW1lc3BhY2U9IiQyIgoJc2VjcmV0TmFtZT0iJDMiCglLVUJFQ09ORklHX0RBVEE9JChvYyAtLWt1YmVjb25maWcgIiRrdWJlQ29uZmlnUGF0aCIgZ2V0IHNlY3JldCAtbiAiJG5hbWVzcGFjZSIgIiRzZWNyZXROYW1lIiAtbyBqc29uIHwganEgLmRhdGEua3ViZWNvbmZpZyB8IHNlZCAncy8iLy9nJyB8IGJhc2U2NCAtZCkKCWlmIFsgLXogIiRLVUJFQ09ORklHX0RBVEEiIF07IHRoZW4KCQlyZXR1cm4gIiRGQUxTRSIKCWZpCglUTFNfS0VZPSQob2MgLS1rdWJlY29uZmlnICIka3ViZUNvbmZpZ1BhdGgiIGdldCBzZWNyZXQgLW4gIiRuYW1lc3BhY2UiICIkc2VjcmV0TmFtZSIgLW8ganNvbiB8IGpxICcuZGF0YS4idGxzLmtleSInIHwgc2VkICdzLyIvL2cnKQoJVExTX0NSVD0kKG9jIC0ta3ViZWNvbmZpZyAiJGt1YmVDb25maWdQYXRoIiBnZXQgc2VjcmV0IC1uICIkbmFtZXNwYWNlIiAiJHNlY3JldE5hbWUiIC1vIGpzb24gfCBqcSAnLmRhdGEuInRscy5jcnQiJyB8IHNlZCAncy8iLy9nJykKCWVjaG8gIiRLVUJFQ09ORklHX0RBVEEiIHwgc2VkIC1lICJzL2NsaWVudC1jZXJ0aWZpY2F0ZTogdGxzLmNydC9jbGllbnQtY2VydGlmaWNhdGUtZGF0YTogJFRMU19DUlQvZyIgfCBzZWQgLWUgInMvY2xpZW50LWtleTogdGxzLmtleS9jbGllbnQta2V5LWRhdGE6ICRUTFNfS0VZL2ciID4vdG1wL2t1YmVjb25maWctaHViCglyZXR1cm4gIiRUUlVFIgp9CgojIFJldHJlaXZlcyBUQUxNJ3Mgc3RhdGUgaW4gdGhlIGh1YiBjbHVzdGVyJ3MgbWFuYWdlZENsdXN0ZXIgb2JqZWN0LiBUYWtlcyBvbmUgYXJndW1lbnQ6CiMgZG9uZSAtPiByZXR1cm4gJFRSVUUgaWYgdGhlIHp0cC1kb25lIGxhYmVsIGlzIHNldCwgJEZBTFNFIG90aGVyd2lzZQojIHJ1bm5pbmcgLT4gcmV0dXJuICRUUlVFIGlmIHRoZSB6dHAtcnVubmluZyBsYWJlbCBpcyBzZXQsICRGQUxTRSBvdGhlcndpc2UKaXNadHBTdGF0ZSgpIHsKCWxvY2FsIHRhbG1TdGF0ZSBSRVNVTFQKCgl0YWxtU3RhdGU9IiQxIgoJUkVTVUxUPSRGQUxTRQoKCWNhc2UgIiR0YWxtU3RhdGUiIGluCgkicnVubmluZyIpCgkJUkVTVUxUPSQoS1VCRUNPTkZJRz0vdG1wL2t1YmVjb25maWctaHViIG9jIGdldCBtYW5hZ2VkY2x1c3RlciAiJChob3N0bmFtZSAtLXNob3J0KSIgLW9qc29uIHwganEgJy5tZXRhZGF0YS5sYWJlbHNbInp0cC1ydW5uaW5nIl0hPW51bGwnKQoJCTs7CgkiZG9uZSIpCgkJUkVTVUxUPSQoS1VCRUNPTkZJRz0vdG1wL2t1YmVjb25maWctaHViIG9jIGdldCBtYW5hZ2VkY2x1c3RlciAiJChob3N0bmFtZSAtLXNob3J0KSIgLW9qc29uIHwganEgJy5tZXRhZGF0YS5sYWJlbHNbInp0cC1kb25lIl0hPW51bGwnKQoJCTs7CgkqKQoJCSMgQ29kZSB0byBleGVjdXRlIHdoZW4gbm8gcGF0dGVybnMgbWF0Y2gKCQk7OwoJZXNhYwoJaWYgWyAiJFJFU1VMVCIgPT0gImZhbHNlIiBdOyB0aGVuCgkJbG9nRGVidWcgIlRBTE0gJHRhbG1TdGF0ZSBzdGF0ZSBpcyAkUkVTVUxUIgoJCXJldHVybiAiJEZBTFNFIgoJZmkKCWxvZ0RlYnVnICJUQUxNICR0YWxtU3RhdGUgc3RhdGUgaXMgJFJFU1VMVCIKCXJldHVybiAiJFRSVUUiCn0KCmlzVEFMTVVwZGF0aW5nKCkgewoJaWYgISBnZXRIdWJLdWJlY29uZmlnICRTUE9LRV9LVUJFQ09ORklHX1BBVEggJEhVQl9TRUNSRVRfTkFNRVNQQUNFICRIVUJfU0VDUkVUX05BTUU7IHRoZW4KCQlsb2dJbmZvICJUQUxNIG5vdCBhdmFpbGFibGUgb3IgaHViIGt1YmVjb25maWcgaXMgbm8gcmVhZHkgeWV0IGF0ICRTUE9LRV9LVUJFQ09ORklHX1BBVEggcGF0aCwgY2Fubm90IGdldCBzcG9rZSBzZWNyZXQgJEhVQl9TRUNSRVRfTkFNRSBpbiAkSFVCX1NFQ1JFVF9OQU1FU1BBQ0UgbmFtZXNwYWNlIgoJCXJldHVybiAiJEZBTFNFIgoJZmkKCWlzWnRwU3RhdGUgInJ1bm5pbmciCglyZXR1cm4gJD8KfQoKIyBBZGQgYSBuZXcgZnVuY3Rpb24gdG8gdGhlIGFycmF5IG9mIHVwZGF0ZSBkZXRlY3Rpb24gbWV0aG9kcwpzZXJ2ZXJVcGRhdGVEZXRlY3Rpb25NZXRob2RzKz0oImlzVEFMTVVwZGF0aW5nIikK
+            mode: 493
+            path: /usr/local/bin/hwupgrade-detection-methods/talm.sh
+        systemd:
+          units:
+          - contents: |
+              [Unit]
+              After=cryptsetup.target systemd-boot-update.service
+              Requires=cryptsetup.target systemd-boot-update.service
+              [Service]
+              Type=oneshot
+              ExecStart=/usr/local/bin/rebindDiskOnBoot.sh
+              [Install]
+              RequiredBy=sysinit.target
+            enabled: true
+            name: pcr-rebind-boot.service
+          - contents: |
+              [Service]
+              Type=oneshot
+              RemainAfterExit=true
+              ExecStart=/usr/bin/true
+              ExecStop=/usr/local/bin/disablePcrOnRebootOrShutdown.sh
+              [Install]
+              WantedBy=multi-user.target
+            enabled: true
+            name: pcr-disable-shutdown.service
+- 01-disk-encryption-pcr-rebind-worker.yaml: |
+    # Automatically generated by extra-manifests-builder
+    # Do not make changes directly.
+    apiVersion: machineconfiguration.openshift.io/v1
+    kind: MachineConfig
+    metadata:
+      labels:
+        machineconfiguration.openshift.io/role: worker
+      name: 01-disk-encryption-rebind-worker
+    spec:
+      config:
+        ignition:
+          version: 3.2.0
+        storage:
+          files:
+          - contents:
+              source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKc2V0IC1vIGVycmV4aXQgLW8gbm91bnNldCAtbyBwaXBlZmFpbAoKQ0xFVklTPWNsZXZpcwpMU0JMSz1sc2JsawpERUJVRz0idHJ1ZSIKUkVTRVJWRURfU0xPVD0zMQpDTEVWSVNfQ09ORklHX1JFU0VSVkVEX1NMT1Q9IiRSRVNFUlZFRF9TTE9UOiB0cG0yICd7XCJoYXNoXCI6XCJzaGEyNTZcIixcImtleVwiOlwiZWNjXCJ9JyIKVFJVRT0wCkZBTFNFPTEKCiNzZXQgLXgKCiMgbG9nIGZ1bmN0aW9uLiBUYWtlcyAyIGFyZ3VtZW50czoKIyBsb2cgbGV2ZWw6IGRlYnVnIG9yIGluZm8KIyBzdHJpbmcgdG8gcHJpbnQKbG9nKCkgewoJbG9jYWwgbG9nTGV2ZWwgbG9nVGV4dAoKCWxvZ0xldmVsPSIkMSIKCWxvZ1RleHQ9IiQyIgoJY2FzZSAkbG9nTGV2ZWwgaW4KCSJkZWJ1ZyIpCgkJZWNobyAiREVCVUcgLSAkbG9nVGV4dCIgPiYyCgkJOzsKCSJpbmZvIikKCQllY2hvICJJTkZPIC0gJGxvZ1RleHQiID4mMgoJCTs7CgkqKQoJCSMgQ29kZSB0byBleGVjdXRlIHdoZW4gbm8gcGF0dGVybnMgbWF0Y2gKCQk7OwoJZXNhYwp9CgojIGxvZ3MgYSBzdHJpbmcgd2l0aCBhIGRlYnVnIGxldmVsCmxvZ0RlYnVnKCkgewoJbG9jYWwgbG9nVGV4dD0iJDEiCglpZiAhIFsgLXYgREVCVUcgXSB8fCB7IFsgLXYgREVCVUcgXSAmJiBbICIkREVCVUciID09ICJ0cnVlIiBdOyB9OyB0aGVuCgkJbG9nICJkZWJ1ZyIgIiRsb2dUZXh0IgoJZmkKfQoKIyBsb2dzIGEgc3RyaW5nIHdpdGggYSBpbmZvIGxldmVsCmxvZ0luZm8oKSB7Cglsb2NhbCBsb2dUZXh0CgoJbG9nVGV4dD0iJDEiCglsb2cgImluZm8iICIkbG9nVGV4dCIKfQoKIyByZXR1cm4gJFRSVUUgaWQgdGhlIHRlbXBvcmFyeSByZXNlcnZlZCBzbG90IGlzIGNvbmZpZ3VyZWQgd2l0aCBhIGtleSAodG8gZGlzYWJsZSBQQ1IgcHJvdGVjdGlvbiksIHJldHVybnMgJEZBTFNFIG90aGVyd2lzZQppc1Jlc2VydmVkU2xvdFByZXNlbnQoKSB7Cglsb2NhbCBkZXZpY2VQYXRoCgoJZGV2aWNlUGF0aD0iJDEiCglSRVNVTFQ9JCgkQ0xFVklTIGx1a3MgbGlzdCAtZCAiJGRldmljZVBhdGgiIC1zICRSRVNFUlZFRF9TTE9UIHx8IHRydWUpCglpZiBbIC1uICIkUkVTVUxUIiBdICYmIFsgIiRSRVNVTFQiID09ICIkQ0xFVklTX0NPTkZJR19SRVNFUlZFRF9TTE9UIiBdOyB0aGVuCgkJbG9nRGVidWcgInJlc2VydmVkIHNsb3QgJFJFU0VSVkVEX1NMT1QgaXMgcHJlc2VudCIKCQlyZXR1cm4gJFRSVUUKCWZpCglsb2dEZWJ1ZyAicmVzZXJ2ZWQgc2xvdCAkUkVTRVJWRURfU0xPVCBpcyBub3QgcHJlc2VudCIKCXJldHVybiAkRkFMU0UKfQoKIyBjcmVhdGUgYSB0ZW1wb3Jhcnkga2V5IGluIHRoZSByZXNlcnZlZCBzbG90IHRvIGRpc2FibGUgUENSIHByb3RlY3Rpb24KYWRkUmVzZXJ2ZWRTbG90KCkgewoJbG9jYWwgcmVzZXJ2ZWRTbG90UHJlc2VudCBkZXZpY2VQYXRoIHNsb3QgcGNySURzIGNsZXZpc0NvbmZpZwoKCXJlc2VydmVkU2xvdFByZXNlbnQ9IiQxIgoJZGV2aWNlUGF0aD0iJDIiCglzbG90PSIkMyIKCXBjcklEcz0iJDQiCgljbGV2aXNDb25maWc9IiQ1IgoJbG9nSW5mbyAicmVzZXJ2ZWRTbG90UHJlc2VudD0kcmVzZXJ2ZWRTbG90UHJlc2VudCBkZXZpY2U9JGRldmljZVBhdGggc2xvdD0kc2xvdCB3aXRoIFBDUiBJRHM9JHBjcklEcyBhbmQgJENMRVZJUyBjb25maWc9JGNsZXZpc0NvbmZpZyIKCWlmIFsgIiRyZXNlcnZlZFNsb3RQcmVzZW50IiA9PSAiJFRSVUUiIF07IHRoZW4KCQlsb2dJbmZvICJyZXNlcnZlIHNsb3QgYWxyZWFkeSBwcmVzZW50LCBubyBuZWVkIHRvIGFkZCBhZ2FpbiIKCQkkQ0xFVklTIGx1a3MgbGlzdCAtZCAiJGRldmljZVBhdGgiIHx8IHRydWUKCQlyZXR1cm4KCWZpCglsb2dJbmZvICJhZGRpbmcgcmVzZXJ2ZWQgc2xvdCBvbiBkZXZpY2U9JGRldmljZVBhdGgiCglBTllQQVNTPSQob3BlbnNzbCByYW5kIC1iYXNlNjQgMjEpCgllY2hvIC1lICIkQU5ZUEFTU1xuIiB8ICRDTEVWSVMgbHVrcyBiaW5kIC1zICRSRVNFUlZFRF9TTE9UIC1kICIkZGV2aWNlUGF0aCIgdHBtMiAne30nIHx8IHRydWUKCSRDTEVWSVMgbHVrcyBsaXN0IC1kICIkZGV2aWNlUGF0aCIgfHwgdHJ1ZQp9CgojIHJlbW92ZSB0aGUgdGVtcG9yYXJ5IGtleSBpbiB0aGUgcmVzZXJ2ZWQgc2xvdCB0byBlbmFibGUgUENSIHByb3RlY3Rpb24KcmVtb3ZlUmVzZXJ2ZWRTbG90KCkgewoJbG9jYWwgZGV2aWNlUGF0aAoKCWRldmljZVBhdGg9IiQxIgoJbG9nSW5mbyAicmVtb3ZpbmcgbHVrcyByZXNlcnZlZCBzbG90IDMxIGluIGRpc2sgJGRldmljZVBhdGgiCgkjIGRvIG5vdCBjaGFuZ2UgdGhpcyBsaW5lLiBUaGVyZSBpcyBhIHZlcnkgd2VpcmQgYmVoYXZpb3Igd2hlcmUgdmFyaWFibGUgCgkjIHN1YnN0aXR1dGlvbiBkb2VzIG5vdCB3b3JrIGZvciB0aGUgY2xldmlzIGx1a3MgdW5iaW5kIGNvbW1hbmQKCWVjaG8gInN1ZG8gJENMRVZJUyBsdWtzIHVuYmluZCAtcyAkUkVTRVJWRURfU0xPVCAtZCAkZGV2aWNlUGF0aCAtZiIgfCBiYXNoIHx8IHRydWUKfQoKI2dldHMgdGhlIGxpc3Qgb2YgbHVrcyBkZXZpY2VzIGluIHRoZSBzeXN0ZW0KZ2V0TFVLU0RldmljZXMoKSB7Cglsb2NhbCByZXN1bHRzCglyZXN1bHRzPSQoJExTQkxLIC1vIE5BTUUsRlNUWVBFIC1sIHwgZ3JlcCBjcnlwdG9fTFVLUyB8IGF3ayAne3ByaW50ZiAiL2Rldi8iICQxICJ8In0nKQoJbG9nRGVidWcgImdvdCBsdWtzIGRldmljZXMgYWNyb3NzIGFsbCBkcml2ZXM6ICRyZXN1bHRzIgoJZWNobyAiJHJlc3VsdHMiCn0KCiMgY3JlYXRlIGEgbGlzdCBvZiBzbG90IGNvbmZpZ3VyYXRpb24gZm9yIGFsbCBlbmNyeXB0ZWQgZGV2aWNlcyBpbiB0aGUgc3lzdGVtCnBhcnNlQ2xldmlzQ29uZmlnKCkgewoJbG9jYWwgbHVrc0RldmljZXMgSUZTCgoJbHVrc0RldmljZXM9IiQxIgoJSUZTPSJ8IgoJZm9yIGRldmljZSBpbiAkbHVrc0RldmljZXM7IGRvCgkJbG9nRGVidWcgImRldmljZT0kZGV2aWNlIgoJCWlzUmVzZXJ2ZWRTbG90UHJlc2VudCAiJGRldmljZSIKCQlpc1Jlc2VydmVkPSIkPyIKCQlwY3JTbG90cz0kKGdldFBjclNsb3RzRm9yRGV2aWNlICIkZGV2aWNlIikKCQlsb2dEZWJ1ZyAicGNyU2xvdHM9JHBjclNsb3RzIgoJCXBhcnNlQ2xldmlzUmVnZXggIiRwY3JTbG90cyIgIiRpc1Jlc2VydmVkIiAiJGRldmljZSIKCWRvbmUKfQoKZ2V0UGNyU2xvdHNGb3JEZXZpY2UoKSB7Cglsb2NhbCBkZXZpY2VQYXRoCgoJZGV2aWNlUGF0aD0iJDEiCgoJbG9nRGVidWcgImdldFBjclNsb3RzRm9yRGV2aWNlLCBkZXZpY2U9JGRldmljZVBhdGgiCgkkQ0xFVklTIGx1a3MgbGlzdCAtZCAiJGRldmljZVBhdGgiIHwgZ3JlcCAtdiAiJFJFU0VSVkVEX1NMT1Q6IiB8IGdyZXAgcGNyX2lkcyB8fCB0cnVlCn0KCnBhcnNlQ2xldmlzUmVnZXgoKSB7Cglsb2NhbCBjbGV2aXNTbG90c091dHB1dFdpdGhQQ1IgaXNSZXNlcnZlZCBkZXZpY2VQYXRoIElGUwoKCWNsZXZpc1Nsb3RzT3V0cHV0V2l0aFBDUj0iJDEiCglpc1Jlc2VydmVkPSIkMiIKCWRldmljZVBhdGg9IiQzIgoJSUZTPSQnXG4nCglmb3IgbGluZSBpbiAkY2xldmlzU2xvdHNPdXRwdXRXaXRoUENSOyBkbwoJCWxvZ0RlYnVnICJsaW5lPSRsaW5lIgoJCWVjaG8gIiRsaW5lIiB8IHNlZCAtRSAnc0AoWzAtOV0rKSg6XHMrLiorXHMrJ1wnJykoXHspKC4qPyJwY3JfaWRzIjoiKShbXiJdKikoIi4qKSguKikoJ1wnJy4qKUAnIiRpc1Jlc2VydmVkIid8JyIkZGV2aWNlUGF0aCInfFwxfFw1fFwzXDRcNVw2XDdAJwoJZG9uZQp9CgojIGV4ZWN1dGVzIGEgZnVuY3Rpb24gcG9pbnRlciBwYXNzZWQgYXJndW1lbnQgImZ1bmN0aW9uVG9SdW4iIGZvciBlYWNoIHNsb3QgY29uZmlndXJlZCB3aXRoIFBDUiBhbmQKIyBmb3IgZXZlcnkgZGV2aWNlIGluIHRoZSBzeXN0ZW0KcHJvY2Vzc1BDUmVudHJpZXNPbmx5KCkgewoJbG9jYWwgbHVrc0RldmljZXMgcGFyc2VkQ2xldmlzIGZ1bmN0aW9uVG9SdW4KCWZ1bmN0aW9uVG9SdW49IiQxIgoJbHVrc0RldmljZXM9JChnZXRMVUtTRGV2aWNlcykKCXBhcnNlZENsZXZpcz0kKHBhcnNlQ2xldmlzQ29uZmlnICIkbHVrc0RldmljZXMiKQoKCWlmIFsgIiRwYXJzZWRDbGV2aXMiID09ICIiIF07IHRoZW4KCQlsb2dJbmZvICJubyBwY3IgY29uZmlnIGRldGVjdGVkLCBub3RoaW5nIHRvIGRvIGZvciAkZnVuY3Rpb25Ub1J1biIKCQlyZXR1cm4KCWZpCglsb2dJbmZvICJwYXJzZWQgY2xldmlzIGZvciBhbGwgZHJpdmVzOiAkcGFyc2VkQ2xldmlzIgoJZWNobyAiJHBhcnNlZENsZXZpcyIgfCB3aGlsZSBJRlM9IHJlYWQgLXIgbGluZTsgZG8KCQlsb2dEZWJ1ZyAiJGxpbmUiCgkJSUZTPSJ8IiByZWFkIC1yYSB2YWx1ZXMgPDw8IiRsaW5lIgoJCXJlc2VydmVkU2xvdFByZXNlbnQ9JHt2YWx1ZXNbMF19CgkJZGV2aWNlPSR7dmFsdWVzWzFdfQoJCXNsb3ROdW1iZXI9JHt2YWx1ZXNbMl19CgkJcGNySURzPSR7dmFsdWVzWzNdfQoJCWNsZXZpc0NvbmZpZz0ke3ZhbHVlc1s0XX0KCQlsb2dJbmZvICJyZXNlcnZlZFNsb3Q9JHJlc2VydmVkU2xvdFByZXNlbnQgZGV2aWNlPSRkZXZpY2Ugc2xvdD0kc2xvdE51bWJlciB3aXRoIFBDUiBJRHM9JHBjcklEcyBhbmQgY2xldmlzIGNvbmZpZz0kY2xldmlzQ29uZmlnIgoJCWlmIFsgLW4gIiRwY3JJRHMiIF07IHRoZW4KCQkJbG9nRGVidWcgImJlZm9yZSBhcHBseWluZyBjb21tYW5kOiAkKC91c3IvYmluL3RwbTJfcGNycmVhZCBzaGEyNTY6IiRwY3JJRHMiKSIKCQkJIiRmdW5jdGlvblRvUnVuIiAiJHJlc2VydmVkU2xvdFByZXNlbnQiICIkZGV2aWNlIiAiJHNsb3ROdW1iZXIiICIkcGNySURzIiAiJGNsZXZpc0NvbmZpZyIgfHwgdHJ1ZQoJCQlsb2dEZWJ1ZyAiYWZ0ZXIgYXBwbHlpbmcgY29tbWFuZDogJCgvdXNyL2Jpbi90cG0yX3BjcnJlYWQgc2hhMjU2OiIkcGNySURzIikiCgkJZmkKCWRvbmUKfQoKIyBpbml0aWFsaXplIHRoZSBhcnJheSBvZiB1cGdyYWRlIGRldGVjdGlvbiBtZXRob2RzIHNlcnZlclVwZGF0ZURldGVjdGlvbk1ldGhvZHMKaW5pdFVwZ3JhZGVEZXRlY3Rpb25NZXRob2RzKCkgewoJIyBzaGVsbGNoZWNrIHNvdXJjZT1od3VwZ3JhZGUtZGV0ZWN0aW9uLW1ldGhvZHMvZmlsZS5zaAoJZm9yIGYgaW4gIiRTQ1JJUFRfRElSIi9od3VwZ3JhZGUtZGV0ZWN0aW9uLW1ldGhvZHMvKi5zaDsgZG8gc291cmNlICIkZiI7IGRvbmUKCWxvZ0luZm8gImRldGVjdGVkIHN5c3RlbSB1cGdyYWRlIGRldGVjdGlvbiBwbHVnaW5zOiIKCWZvciBlbGVtZW50IGluICIke3NlcnZlclVwZGF0ZURldGVjdGlvbk1ldGhvZHNbQF19IjsgZG8gZWNobyAiJGVsZW1lbnQiOyBkb25lCn0KCiMgZXhlY3V0ZSBhbGwgaHcgdXBncmFkZSBkZXRlY3Rpb24gZnVuY3Rpb25zIGluIGh3dXBncmFkZS1kZXRlY3Rpb24tbWV0aG9kcyBkaXJlY3RvcnkKIyByZXR1cm5zIHRydWUgaWYgYSBodyB1cGdyYWRlIGlzIGRldGVjdGVkCiMgZmFsc2Ugb3RoZXJ3aXNlCmlzU3lzdGVtVXBkYXRpbmcoKSB7Cglsb2NhbCBpc1VwZGF0aW5nCgoJaXNVcGRhdGluZz0kRkFMU0UKCSMgSXRlcmF0ZSB0aHJvdWdoIHRoZSB1cGRhdGVkIGFycmF5IGFuZCBjYWxsIGVhY2ggZnVuY3Rpb24KCWZvciBmdW5jIGluICIke3NlcnZlclVwZGF0ZURldGVjdGlvbk1ldGhvZHNbQF19IjsgZG8KCQlpZiAkZnVuYzsgdGhlbgoJCQlpc1VwZGF0aW5nPSRUUlVFCgkJCWxvZ0luZm8gImRldGVjdGVkIHVwZGF0ZSB2aWEgJGZ1bmMiCgkJZWxzZQoJCQlsb2dJbmZvICJubyB1cGRhdGUgZGV0ZWN0ZWQgdmlhICRmdW5jIgoJCWZpCglkb25lCglyZXR1cm4gJGlzVXBkYXRpbmcKfQoKI3JlYmluZHMgYSBnaXZlbiBrZXkgc2xvdCB0aGF0IGlzIGNvbmZpZ3VyZWQgd2l0aCBQQ1IgZm9yIGEgZ2l2ZW4gZGV2aWNlCnJlYmluZFBDUmVudHJpZXNPbmx5KCkgewoJbG9jYWwgcmVzZXJ2ZWRTbG90UHJlc2VudCBkZXZpY2VQYXRoIHNsb3QgcGNySURzIGNsZXZpc0NvbmZpZwoKCXJlc2VydmVkU2xvdFByZXNlbnQ9IiQxIgoJZGV2aWNlUGF0aD0iJDIiCglzbG90PSIkMyIKCXBjcklEcz0iJDQiCgljbGV2aXNDb25maWc9IiQ1IgoKCWxvZ0luZm8gIlJlYmluZGluZyByZXNlcnZlZFNsb3RQcmVzZW50PSRyZXNlcnZlZFNsb3RQcmVzZW50IGRldmljZT0kZGV2aWNlUGF0aCBzbG90PSRzbG90IHdpdGggUENSIElEcz0kcGNySURzIGFuZCBjbGV2aXMgY29uZmlnPSRjbGV2aXNDb25maWciCgljbGV2aXMtbHVrcy1yZWdlbiAtZCAiJGRldmljZVBhdGgiIC1zICIkc2xvdCIgLXEgfHwgdHJ1ZQoJcmVtb3ZlUmVzZXJ2ZWRTbG90ICIkZGV2aWNlUGF0aCIKfQo=
+            mode: 493
+            path: /usr/local/bin/luks-helpers.sh
+          - contents:
+              source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKc2V0IC1vIGVycmV4aXQgLW8gbm91bnNldCAtbyBwaXBlZmFpbAoKU0NSSVBUX0RJUj0kKGRpcm5hbWUgIiQwIikKc291cmNlICIkU0NSSVBUX0RJUiIvbHVrcy1oZWxwZXJzLnNoCgpsb2dJbmZvICJTaHV0dGluZyBkb3duIG9yIHJlYm9vdGluZyIKaW5pdFVwZ3JhZGVEZXRlY3Rpb25NZXRob2RzCmlmIGlzU3lzdGVtVXBkYXRpbmc7IHRoZW4KCWxvZ0luZm8gIlN5c3RlbSBIVyB1cGRhdGUgZGV0ZWN0ZWQsIGRpc2FibGluZyBQQ1IgcHJvdGVjdGlvbiBvbiBhbGwgUENSIHByb3RlY3RlZCBMVUtTIHBhcnRpdGlvbnMiCglwcm9jZXNzUENSZW50cmllc09ubHkgYWRkUmVzZXJ2ZWRTbG90CglleGl0IDAKZmkKCmxvZ0luZm8gIk5vIFN5c3RlbSBIVyB1cGRhdGUgZGV0ZWN0ZWQsIGNvbnRpbnVlIgo=
+            mode: 493
+            path: /usr/local/bin/disablePcrOnRebootOrShutdown.sh
+          - contents:
+              source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKc2V0IC1vIGVycmV4aXQgLW8gbm91bnNldCAtbyBwaXBlZmFpbAoKU0NSSVBUX0RJUj0kKGRpcm5hbWUgIiQwIikKIyBzaGVsbGNoZWNrIHNvdXJjZT1sdWtzLWhlbHBlcnMuc2gKc291cmNlICIkU0NSSVBUX0RJUiIvbHVrcy1oZWxwZXJzLnNoCiNzZXQgLXgKCmxvZ0luZm8gImJvb3RpbmcuLi4gY2hlY2tpbmcgaWYgcmViaW5kaW5nIGRpc2sgbmVlZGVkIgpwcm9jZXNzUENSZW50cmllc09ubHkgcmViaW5kUENSZW50cmllc09ubHkK
+            mode: 493
+            path: /usr/local/bin/rebindDiskOnBoot.sh
+          - contents:
+              source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKc2V0IC1vIGVycmV4aXQgLW8gbm91bnNldCAtbyBwaXBlZmFpbAoKaXNDdXN0b21GaWxlVXBkYXRpbmcoKSB7CglpZiBbIC1mICIvZXRjL2hvc3QtaHctVXBkYXRpbmcuZmxhZyIgXTsgdGhlbgoJCXJldHVybiAiJFRSVUUiCgllbHNlCgkJcmV0dXJuICIkRkFMU0UiCglmaQp9CgojIEFkZCBhIG5ldyBmdW5jdGlvbiB0byB0aGUgYXJyYXkgb2YgdXBkYXRlIGRldGVjdGlvbiBtZXRob2RzCnNlcnZlclVwZGF0ZURldGVjdGlvbk1ldGhvZHMrPSgiaXNDdXN0b21GaWxlVXBkYXRpbmciKQo=
+            mode: 493
+            path: /usr/local/bin/hwupgrade-detection-methods/file.sh
+          - contents:
+              source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKc2V0IC1vIGVycmV4aXQgLW8gbm91bnNldCAtbyBwaXBlZmFpbAoKaXNGd3VwVXBkYXRpbmcoKSB7Cglsb2NhbCBFRkkgTkVYVF9CT09UCgoJRUZJPSQoZWZpYm9vdG1ncikKCU5FWFRfQk9PVD0kKGVjaG8gIiRFRkkiIHwgZ3JlcCAiQm9vdE5leHQ6IiB8IGF3ayAneyBwcmludCAkMiB9JykKCWlmIFsgIiRORVhUX0JPT1QiID09ICIiIF07IHRoZW4KCQlyZXR1cm4gMQoJZmkKCWVjaG8gIiRFRkkiIHwgZ3JlcCAiQm9vdCRORVhUX0JPT1QiIHwgZ3JlcCAiZnd1cGQiCgkjIGlmIHRoZSBuZXh0IGJvb3QgbGluZSBjb250YWlucyB0aGUgdGV4dCAiZnd1cGQiCglpZiBbICQ/IF07IHRoZW4KCQlyZXR1cm4gIiRUUlVFIgoJZmkKCXJldHVybiAiJEZBTFNFIgp9CgojIEFkZCBhIG5ldyBmdW5jdGlvbiB0byB0aGUgYXJyYXkgb2YgdXBkYXRlIGRldGVjdGlvbiBtZXRob2RzCnNlcnZlclVwZGF0ZURldGVjdGlvbk1ldGhvZHMrPSgiaXNGd3VwVXBkYXRpbmciKQo=
+            mode: 493
+            path: /usr/local/bin/hwupgrade-detection-methods/fwup.sh
+          - contents:
+              source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKc2V0IC1vIGVycmV4aXQgLW8gbm91bnNldCAtbyBwaXBlZmFpbAoKaXNPc3RyZWVVcGRhdGluZygpIHsKCWxvY2FsIFJFU1VMVAoKCVJFU1VMVD0kKG9zdHJlZSBhZG1pbiBzdGF0dXMgfCBncmVwIC1FICJzdGFnZWR8cGVuZGluZyIpCglpZiBbICIkUkVTVUxUIiAhPSAiIiBdOyB0aGVuCgkJcmV0dXJuICIkVFJVRSIKCWVsc2UKCQlyZXR1cm4gIiRGQUxTRSIKCWZpCn0KCiMgQWRkIGEgbmV3IGZ1bmN0aW9uIHRvIHRoZSBhcnJheSBvZiB1cGRhdGUgZGV0ZWN0aW9uIG1ldGhvZHMKc2VydmVyVXBkYXRlRGV0ZWN0aW9uTWV0aG9kcys9KCJpc09zdHJlZVVwZGF0aW5nIikK
+            mode: 493
+            path: /usr/local/bin/hwupgrade-detection-methods/ostree.sh
+          - contents:
+              source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKc2V0IC1vIGVycmV4aXQgLW8gbm91bnNldCAtbyBwaXBlZmFpbAoKU1BPS0VfS1VCRUNPTkZJR19QQVRIPS92YXIvbGliL2t1YmVsZXQva3ViZWNvbmZpZwpIVUJfU0VDUkVUX05BTUVTUEFDRT1vcGVuLWNsdXN0ZXItbWFuYWdlbWVudC1hZ2VudApIVUJfU0VDUkVUX05BTUU9aHViLWt1YmVjb25maWctc2VjcmV0CgojIHJldHJpZXZlcyB0aGUga3ViZWNvbmZpZyBmb3IgdGhpcyBzcG9rZSdzIGNsdXN0ZXIKZ2V0SHViS3ViZWNvbmZpZygpIHsKCWxvY2FsIGt1YmVDb25maWdQYXRoIG5hbWVzcGFjZSBzZWNyZXROYW1lIEtVQkVDT05GSUdfREFUQSBUTFNfS0VZIFRMU19DUlQKCglrdWJlQ29uZmlnUGF0aD0iJDEiCgluYW1lc3BhY2U9IiQyIgoJc2VjcmV0TmFtZT0iJDMiCglLVUJFQ09ORklHX0RBVEE9JChvYyAtLWt1YmVjb25maWcgIiRrdWJlQ29uZmlnUGF0aCIgZ2V0IHNlY3JldCAtbiAiJG5hbWVzcGFjZSIgIiRzZWNyZXROYW1lIiAtbyBqc29uIHwganEgLmRhdGEua3ViZWNvbmZpZyB8IHNlZCAncy8iLy9nJyB8IGJhc2U2NCAtZCkKCWlmIFsgLXogIiRLVUJFQ09ORklHX0RBVEEiIF07IHRoZW4KCQlyZXR1cm4gIiRGQUxTRSIKCWZpCglUTFNfS0VZPSQob2MgLS1rdWJlY29uZmlnICIka3ViZUNvbmZpZ1BhdGgiIGdldCBzZWNyZXQgLW4gIiRuYW1lc3BhY2UiICIkc2VjcmV0TmFtZSIgLW8ganNvbiB8IGpxICcuZGF0YS4idGxzLmtleSInIHwgc2VkICdzLyIvL2cnKQoJVExTX0NSVD0kKG9jIC0ta3ViZWNvbmZpZyAiJGt1YmVDb25maWdQYXRoIiBnZXQgc2VjcmV0IC1uICIkbmFtZXNwYWNlIiAiJHNlY3JldE5hbWUiIC1vIGpzb24gfCBqcSAnLmRhdGEuInRscy5jcnQiJyB8IHNlZCAncy8iLy9nJykKCWVjaG8gIiRLVUJFQ09ORklHX0RBVEEiIHwgc2VkIC1lICJzL2NsaWVudC1jZXJ0aWZpY2F0ZTogdGxzLmNydC9jbGllbnQtY2VydGlmaWNhdGUtZGF0YTogJFRMU19DUlQvZyIgfCBzZWQgLWUgInMvY2xpZW50LWtleTogdGxzLmtleS9jbGllbnQta2V5LWRhdGE6ICRUTFNfS0VZL2ciID4vdG1wL2t1YmVjb25maWctaHViCglyZXR1cm4gIiRUUlVFIgp9CgojIFJldHJlaXZlcyBUQUxNJ3Mgc3RhdGUgaW4gdGhlIGh1YiBjbHVzdGVyJ3MgbWFuYWdlZENsdXN0ZXIgb2JqZWN0LiBUYWtlcyBvbmUgYXJndW1lbnQ6CiMgZG9uZSAtPiByZXR1cm4gJFRSVUUgaWYgdGhlIHp0cC1kb25lIGxhYmVsIGlzIHNldCwgJEZBTFNFIG90aGVyd2lzZQojIHJ1bm5pbmcgLT4gcmV0dXJuICRUUlVFIGlmIHRoZSB6dHAtcnVubmluZyBsYWJlbCBpcyBzZXQsICRGQUxTRSBvdGhlcndpc2UKaXNadHBTdGF0ZSgpIHsKCWxvY2FsIHRhbG1TdGF0ZSBSRVNVTFQKCgl0YWxtU3RhdGU9IiQxIgoJUkVTVUxUPSRGQUxTRQoKCWNhc2UgIiR0YWxtU3RhdGUiIGluCgkicnVubmluZyIpCgkJUkVTVUxUPSQoS1VCRUNPTkZJRz0vdG1wL2t1YmVjb25maWctaHViIG9jIGdldCBtYW5hZ2VkY2x1c3RlciAiJChob3N0bmFtZSAtLXNob3J0KSIgLW9qc29uIHwganEgJy5tZXRhZGF0YS5sYWJlbHNbInp0cC1ydW5uaW5nIl0hPW51bGwnKQoJCTs7CgkiZG9uZSIpCgkJUkVTVUxUPSQoS1VCRUNPTkZJRz0vdG1wL2t1YmVjb25maWctaHViIG9jIGdldCBtYW5hZ2VkY2x1c3RlciAiJChob3N0bmFtZSAtLXNob3J0KSIgLW9qc29uIHwganEgJy5tZXRhZGF0YS5sYWJlbHNbInp0cC1kb25lIl0hPW51bGwnKQoJCTs7CgkqKQoJCSMgQ29kZSB0byBleGVjdXRlIHdoZW4gbm8gcGF0dGVybnMgbWF0Y2gKCQk7OwoJZXNhYwoJaWYgWyAiJFJFU1VMVCIgPT0gImZhbHNlIiBdOyB0aGVuCgkJbG9nRGVidWcgIlRBTE0gJHRhbG1TdGF0ZSBzdGF0ZSBpcyAkUkVTVUxUIgoJCXJldHVybiAiJEZBTFNFIgoJZmkKCWxvZ0RlYnVnICJUQUxNICR0YWxtU3RhdGUgc3RhdGUgaXMgJFJFU1VMVCIKCXJldHVybiAiJFRSVUUiCn0KCmlzVEFMTVVwZGF0aW5nKCkgewoJaWYgISBnZXRIdWJLdWJlY29uZmlnICRTUE9LRV9LVUJFQ09ORklHX1BBVEggJEhVQl9TRUNSRVRfTkFNRVNQQUNFICRIVUJfU0VDUkVUX05BTUU7IHRoZW4KCQlsb2dJbmZvICJUQUxNIG5vdCBhdmFpbGFibGUgb3IgaHViIGt1YmVjb25maWcgaXMgbm8gcmVhZHkgeWV0IGF0ICRTUE9LRV9LVUJFQ09ORklHX1BBVEggcGF0aCwgY2Fubm90IGdldCBzcG9rZSBzZWNyZXQgJEhVQl9TRUNSRVRfTkFNRSBpbiAkSFVCX1NFQ1JFVF9OQU1FU1BBQ0UgbmFtZXNwYWNlIgoJCXJldHVybiAiJEZBTFNFIgoJZmkKCWlzWnRwU3RhdGUgInJ1bm5pbmciCglyZXR1cm4gJD8KfQoKIyBBZGQgYSBuZXcgZnVuY3Rpb24gdG8gdGhlIGFycmF5IG9mIHVwZGF0ZSBkZXRlY3Rpb24gbWV0aG9kcwpzZXJ2ZXJVcGRhdGVEZXRlY3Rpb25NZXRob2RzKz0oImlzVEFMTVVwZGF0aW5nIikK
+            mode: 493
+            path: /usr/local/bin/hwupgrade-detection-methods/talm.sh
+        systemd:
+          units:
+          - contents: |
+              [Unit]
+              After=cryptsetup.target systemd-boot-update.service
+              Requires=cryptsetup.target systemd-boot-update.service
+              [Service]
+              Type=oneshot
+              ExecStart=/usr/local/bin/rebindDiskOnBoot.sh
+              [Install]
+              RequiredBy=sysinit.target
+            enabled: true
+            name: pcr-rebind-boot.service
+          - contents: |
+              [Service]
+              Type=oneshot
+              RemainAfterExit=true
+              ExecStart=/usr/bin/true
+              ExecStop=/usr/local/bin/disablePcrOnRebootOrShutdown.sh
+              [Install]
+              WantedBy=multi-user.target
+            enabled: true
+            name: pcr-disable-shutdown.service
+- 03-sctp-machine-config-master.yaml: |
+    # Automatically generated by extra-manifests-builder
+    # Do not make changes directly.
+    apiVersion: machineconfiguration.openshift.io/v1
+    kind: MachineConfig
+    metadata:
+      labels:
+        machineconfiguration.openshift.io/role: master
+      name: load-sctp-module-master
+    spec:
+      config:
+        ignition:
+          version: 2.2.0
+        storage:
+          files:
+            - contents:
+                source: data:,
+                verification: {}
+              filesystem: root
+              mode: 420
+              path: /etc/modprobe.d/sctp-blacklist.conf
+            - contents:
+                source: data:text/plain;charset=utf-8,sctp
+              filesystem: root
+              mode: 420
+              path: /etc/modules-load.d/sctp-load.conf
+- 03-sctp-machine-config-worker.yaml: |
+    # Automatically generated by extra-manifests-builder
+    # Do not make changes directly.
+    apiVersion: machineconfiguration.openshift.io/v1
+    kind: MachineConfig
+    metadata:
+      labels:
+        machineconfiguration.openshift.io/role: worker
+      name: load-sctp-module-worker
+    spec:
+      config:
+        ignition:
+          version: 2.2.0
+        storage:
+          files:
+            - contents:
+                source: data:,
+                verification: {}
+              filesystem: root
+              mode: 420
+              path: /etc/modprobe.d/sctp-blacklist.conf
+            - contents:
+                source: data:text/plain;charset=utf-8,sctp
+              filesystem: root
+              mode: 420
+              path: /etc/modules-load.d/sctp-load.conf
+- 06-kdump-master.yaml: |
+    # Automatically generated by extra-manifests-builder
+    # Do not make changes directly.
+    apiVersion: machineconfiguration.openshift.io/v1
+    kind: MachineConfig
+    metadata:
+      labels:
+        machineconfiguration.openshift.io/role: master
+      name: 06-kdump-enable-master
+    spec:
+      config:
+        ignition:
+          version: 3.2.0
+        systemd:
+          units:
+          - enabled: true
+            name: kdump.service
+      kernelArguments:
+        - crashkernel=512M
+- 06-kdump-worker.yaml: |
+    # Automatically generated by extra-manifests-builder
+    # Do not make changes directly.
+    apiVersion: machineconfiguration.openshift.io/v1
+    kind: MachineConfig
+    metadata:
+      labels:
+        machineconfiguration.openshift.io/role: worker
+      name: 06-kdump-enable-worker
+    spec:
+      config:
+        ignition:
+          version: 3.2.0
+        systemd:
+          units:
+          - enabled: true
+            name: kdump.service
+      kernelArguments:
+        - crashkernel=512M
+- 07-sriov-related-kernel-args-master.yaml: |
+    # Automatically generated by extra-manifests-builder
+    # Do not make changes directly.
+    apiVersion: machineconfiguration.openshift.io/v1
+    kind: MachineConfig
+    metadata:
+      labels:
+        machineconfiguration.openshift.io/role: master
+      name: 07-sriov-related-kernel-args-master
+    spec:
+      config:
+        ignition:
+          version: 3.2.0
+      kernelArguments:
+        - intel_iommu=on
+        - iommu=pt
+- 07-sriov-related-kernel-args-worker.yaml: |
+    # Automatically generated by extra-manifests-builder
+    # Do not make changes directly.
+    apiVersion: machineconfiguration.openshift.io/v1
+    kind: MachineConfig
+    metadata:
+      labels:
+        machineconfiguration.openshift.io/role: worker
+      name: 07-sriov-related-kernel-args-worker
+    spec:
+      config:
+        ignition:
+          version: 3.2.0
+      kernelArguments:
+        - intel_iommu=on
+        - iommu=pt
+- 08-set-rcu-normal-master.yaml: |
+    # Automatically generated by extra-manifests-builder
+    # Do not make changes directly.
+    apiVersion: machineconfiguration.openshift.io/v1
+    kind: MachineConfig
+    metadata:
+      labels:
+        machineconfiguration.openshift.io/role: master
+      name: 08-set-rcu-normal-master
+    spec:
+      config:
+        ignition:
+          version: 3.2.0
+        storage:
+          files:
+          - contents:
+              source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKIwojIERpc2FibGUgcmN1X2V4cGVkaXRlZCBhZnRlciBub2RlIGhhcyBmaW5pc2hlZCBib290aW5nCiMKIyBUaGUgZGVmYXVsdHMgYmVsb3cgY2FuIGJlIG92ZXJyaWRkZW4gdmlhIGVudmlyb25tZW50IHZhcmlhYmxlcwojCgojIERlZmF1bHQgd2FpdCB0aW1lIGlzIDYwMHMgPSAxMG06Ck1BWElNVU1fV0FJVF9USU1FPSR7TUFYSU1VTV9XQUlUX1RJTUU6LTYwMH0KCiMgRGVmYXVsdCBzdGVhZHktc3RhdGUgdGhyZXNob2xkID0gMiUKIyBBbGxvd2VkIHZhbHVlczoKIyAgNCAgLSBhYnNvbHV0ZSBwb2QgY291bnQgKCsvLSkKIyAgNCUgLSBwZXJjZW50IGNoYW5nZSAoKy8tKQojICAtMSAtIGRpc2FibGUgdGhlIHN0ZWFkeS1zdGF0ZSBjaGVjawpTVEVBRFlfU1RBVEVfVEhSRVNIT0xEPSR7U1RFQURZX1NUQVRFX1RIUkVTSE9MRDotMiV9CgojIERlZmF1bHQgc3RlYWR5LXN0YXRlIHdpbmRvdyA9IDYwcwojIElmIHRoZSBydW5uaW5nIHBvZCBjb3VudCBzdGF5cyB3aXRoaW4gdGhlIGdpdmVuIHRocmVzaG9sZCBmb3IgdGhpcyB0aW1lCiMgcGVyaW9kLCByZXR1cm4gQ1BVIHV0aWxpemF0aW9uIHRvIG5vcm1hbCBiZWZvcmUgdGhlIG1heGltdW0gd2FpdCB0aW1lIGhhcwojIGV4cGlyZXMKU1RFQURZX1NUQVRFX1dJTkRPVz0ke1NURUFEWV9TVEFURV9XSU5ET1c6LTYwfQoKIyBEZWZhdWx0IHN0ZWFkeS1zdGF0ZSBhbGxvd3MgYW55IHBvZCBjb3VudCB0byBiZSAic3RlYWR5IHN0YXRlIgojIEluY3JlYXNpbmcgdGhpcyB3aWxsIHNraXAgYW55IHN0ZWFkeS1zdGF0ZSBjaGVja3MgdW50aWwgdGhlIGNvdW50IHJpc2VzIGFib3ZlCiMgdGhpcyBudW1iZXIgdG8gYXZvaWQgZmFsc2UgcG9zaXRpdmVzIGlmIHRoZXJlIGFyZSBzb21lIHBlcmlvZHMgd2hlcmUgdGhlCiMgY291bnQgZG9lc24ndCBpbmNyZWFzZSBidXQgd2Uga25vdyB3ZSBjYW4ndCBiZSBhdCBzdGVhZHktc3RhdGUgeWV0LgpTVEVBRFlfU1RBVEVfTUlOSU1VTT0ke1NURUFEWV9TVEFURV9NSU5JTVVNOi0wfQoKIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIwoKd2l0aGluKCkgewogIGxvY2FsIGxhc3Q9JDEgY3VycmVudD0kMiB0aHJlc2hvbGQ9JDMKICBsb2NhbCBkZWx0YT0wIHBjaGFuZ2UKICBkZWx0YT0kKCggY3VycmVudCAtIGxhc3QgKSkKICBpZiBbWyAkY3VycmVudCAtZXEgJGxhc3QgXV07IHRoZW4KICAgIHBjaGFuZ2U9MAogIGVsaWYgW1sgJGxhc3QgLWVxIDAgXV07IHRoZW4KICAgIHBjaGFuZ2U9MTAwMDAwMAogIGVsc2UKICAgIHBjaGFuZ2U9JCgoICggIiRkZWx0YSIgKiAxMDApIC8gbGFzdCApKQogIGZpCiAgZWNobyAtbiAibGFzdDokbGFzdCBjdXJyZW50OiRjdXJyZW50IGRlbHRhOiRkZWx0YSBwY2hhbmdlOiR7cGNoYW5nZX0lOiAiCiAgbG9jYWwgYWJzb2x1dGUgbGltaXQKICBjYXNlICR0aHJlc2hvbGQgaW4KICAgIColKQogICAgICBhYnNvbHV0ZT0ke3BjaGFuZ2UjIy19ICMgYWJzb2x1dGUgdmFsdWUKICAgICAgbGltaXQ9JHt0aHJlc2hvbGQlJSV9CiAgICAgIDs7CiAgICAqKQogICAgICBhYnNvbHV0ZT0ke2RlbHRhIyMtfSAjIGFic29sdXRlIHZhbHVlCiAgICAgIGxpbWl0PSR0aHJlc2hvbGQKICAgICAgOzsKICBlc2FjCiAgaWYgW1sgJGFic29sdXRlIC1sZSAkbGltaXQgXV07IHRoZW4KICAgIGVjaG8gIndpdGhpbiAoKy8tKSR0aHJlc2hvbGQiCiAgICByZXR1cm4gMAogIGVsc2UKICAgIGVjaG8gIm91dHNpZGUgKCsvLSkkdGhyZXNob2xkIgogICAgcmV0dXJuIDEKICBmaQp9CgpzdGVhZHlzdGF0ZSgpIHsKICBsb2NhbCBsYXN0PSQxIGN1cnJlbnQ9JDIKICBpZiBbWyAkbGFzdCAtbHQgJFNURUFEWV9TVEFURV9NSU5JTVVNIF1dOyB0aGVuCiAgICBlY2hvICJsYXN0OiRsYXN0IGN1cnJlbnQ6JGN1cnJlbnQgV2FpdGluZyB0byByZWFjaCAkU1RFQURZX1NUQVRFX01JTklNVU0gYmVmb3JlIGNoZWNraW5nIGZvciBzdGVhZHktc3RhdGUiCiAgICByZXR1cm4gMQogIGZpCiAgd2l0aGluICIkbGFzdCIgIiRjdXJyZW50IiAiJFNURUFEWV9TVEFURV9USFJFU0hPTEQiCn0KCndhaXRGb3JSZWFkeSgpIHsKICBsb2dnZXIgIlJlY292ZXJ5OiBXYWl0aW5nICR7TUFYSU1VTV9XQUlUX1RJTUV9cyBmb3IgdGhlIGluaXRpYWxpemF0aW9uIHRvIGNvbXBsZXRlIgogIGxvY2FsIHQ9MCBzPTEwCiAgbG9jYWwgbGFzdENjb3VudD0wIGNjb3VudD0wIHN0ZWFkeVN0YXRlVGltZT0wCiAgd2hpbGUgW1sgJHQgLWx0ICRNQVhJTVVNX1dBSVRfVElNRSBdXTsgZG8KICAgIHNsZWVwICRzCiAgICAoKHQgKz0gcykpCiAgICAjIERldGVjdCBzdGVhZHktc3RhdGUgcG9kIGNvdW50CiAgICBjY291bnQ9JChjcmljdGwgcHMgMj4vZGV2L251bGwgfCB3YyAtbCkKICAgIGlmIFtbICRjY291bnQgLWd0IDAgXV0gJiYgc3RlYWR5c3RhdGUgIiRsYXN0Q2NvdW50IiAiJGNjb3VudCI7IHRoZW4KICAgICAgKChzdGVhZHlTdGF0ZVRpbWUgKz0gcykpCiAgICAgIGVjaG8gIlN0ZWFkeS1zdGF0ZSBmb3IgJHtzdGVhZHlTdGF0ZVRpbWV9cy8ke1NURUFEWV9TVEFURV9XSU5ET1d9cyIKICAgICAgaWYgW1sgJHN0ZWFkeVN0YXRlVGltZSAtZ2UgJFNURUFEWV9TVEFURV9XSU5ET1cgXV07IHRoZW4KICAgICAgICBsb2dnZXIgIlJlY292ZXJ5OiBTdGVhZHktc3RhdGUgKCsvLSAkU1RFQURZX1NUQVRFX1RIUkVTSE9MRCkgZm9yICR7U1RFQURZX1NUQVRFX1dJTkRPV31zOiBEb25lIgogICAgICAgIHJldHVybiAwCiAgICAgIGZpCiAgICBlbHNlCiAgICAgIGlmIFtbICRzdGVhZHlTdGF0ZVRpbWUgLWd0IDAgXV07IHRoZW4KICAgICAgICBlY2hvICJSZXNldHRpbmcgc3RlYWR5LXN0YXRlIHRpbWVyIgogICAgICAgIHN0ZWFkeVN0YXRlVGltZT0wCiAgICAgIGZpCiAgICBmaQogICAgbGFzdENjb3VudD0kY2NvdW50CiAgZG9uZQogIGxvZ2dlciAiUmVjb3Zlcnk6IFJlY292ZXJ5IENvbXBsZXRlIFRpbWVvdXQiCn0KCnNldFJjdU5vcm1hbCgpIHsKICBlY2hvICJTZXR0aW5nIHJjdV9ub3JtYWwgdG8gMSIKICBlY2hvIDEgPiAvc3lzL2tlcm5lbC9yY3Vfbm9ybWFsCn0KCm1haW4oKSB7CiAgd2FpdEZvclJlYWR5CiAgZWNobyAiV2FpdGluZyBmb3Igc3RlYWR5IHN0YXRlIHRvb2s6ICQoYXdrICd7cHJpbnQgaW50KCQxLzM2MDApImgiLCBpbnQoKCQxJTM2MDApLzYwKSJtIiwgaW50KCQxJTYwKSJzIn0nIC9wcm9jL3VwdGltZSkiCiAgc2V0UmN1Tm9ybWFsCn0KCmlmIFtbICIke0JBU0hfU09VUkNFWzBdfSIgPSAiJHswfSIgXV07IHRoZW4KICBtYWluICIke0B9IgogIGV4aXQgJD8KZmkK
+            mode: 493
+            path: /usr/local/bin/set-rcu-normal.sh
+        systemd:
+          units:
+          - contents: |
+              [Unit]
+              Description=Disable rcu_expedited after node has finished booting by setting rcu_normal to 1
+
+              [Service]
+              Type=simple
+              ExecStart=/usr/local/bin/set-rcu-normal.sh
+
+              # Maximum wait time is 600s = 10m:
+              Environment=MAXIMUM_WAIT_TIME=600
+
+              # Steady-state threshold = 2%
+              # Allowed values:
+              #  4  - absolute pod count (+/-)
+              #  4% - percent change (+/-)
+              #  -1 - disable the steady-state check
+              # Note: '%' must be escaped as '%%' in systemd unit files
+              Environment=STEADY_STATE_THRESHOLD=2%%
+
+              # Steady-state window = 120s
+              # If the running pod count stays within the given threshold for this time
+              # period, return CPU utilization to normal before the maximum wait time has
+              # expires
+              Environment=STEADY_STATE_WINDOW=120
+
+              # Steady-state minimum = 40
+              # Increasing this will skip any steady-state checks until the count rises above
+              # this number to avoid false positives if there are some periods where the
+              # count doesn't increase but we know we can't be at steady-state yet.
+              Environment=STEADY_STATE_MINIMUM=40
+
+              [Install]
+              WantedBy=multi-user.target
+            enabled: true
+            name: set-rcu-normal.service
+- 08-set-rcu-normal-worker.yaml: |
+    # Automatically generated by extra-manifests-builder
+    # Do not make changes directly.
+    apiVersion: machineconfiguration.openshift.io/v1
+    kind: MachineConfig
+    metadata:
+      labels:
+        machineconfiguration.openshift.io/role: worker
+      name: 08-set-rcu-normal-worker
+    spec:
+      config:
+        ignition:
+          version: 3.2.0
+        storage:
+          files:
+          - contents:
+              source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKIwojIERpc2FibGUgcmN1X2V4cGVkaXRlZCBhZnRlciBub2RlIGhhcyBmaW5pc2hlZCBib290aW5nCiMKIyBUaGUgZGVmYXVsdHMgYmVsb3cgY2FuIGJlIG92ZXJyaWRkZW4gdmlhIGVudmlyb25tZW50IHZhcmlhYmxlcwojCgojIERlZmF1bHQgd2FpdCB0aW1lIGlzIDYwMHMgPSAxMG06Ck1BWElNVU1fV0FJVF9USU1FPSR7TUFYSU1VTV9XQUlUX1RJTUU6LTYwMH0KCiMgRGVmYXVsdCBzdGVhZHktc3RhdGUgdGhyZXNob2xkID0gMiUKIyBBbGxvd2VkIHZhbHVlczoKIyAgNCAgLSBhYnNvbHV0ZSBwb2QgY291bnQgKCsvLSkKIyAgNCUgLSBwZXJjZW50IGNoYW5nZSAoKy8tKQojICAtMSAtIGRpc2FibGUgdGhlIHN0ZWFkeS1zdGF0ZSBjaGVjawpTVEVBRFlfU1RBVEVfVEhSRVNIT0xEPSR7U1RFQURZX1NUQVRFX1RIUkVTSE9MRDotMiV9CgojIERlZmF1bHQgc3RlYWR5LXN0YXRlIHdpbmRvdyA9IDYwcwojIElmIHRoZSBydW5uaW5nIHBvZCBjb3VudCBzdGF5cyB3aXRoaW4gdGhlIGdpdmVuIHRocmVzaG9sZCBmb3IgdGhpcyB0aW1lCiMgcGVyaW9kLCByZXR1cm4gQ1BVIHV0aWxpemF0aW9uIHRvIG5vcm1hbCBiZWZvcmUgdGhlIG1heGltdW0gd2FpdCB0aW1lIGhhcwojIGV4cGlyZXMKU1RFQURZX1NUQVRFX1dJTkRPVz0ke1NURUFEWV9TVEFURV9XSU5ET1c6LTYwfQoKIyBEZWZhdWx0IHN0ZWFkeS1zdGF0ZSBhbGxvd3MgYW55IHBvZCBjb3VudCB0byBiZSAic3RlYWR5IHN0YXRlIgojIEluY3JlYXNpbmcgdGhpcyB3aWxsIHNraXAgYW55IHN0ZWFkeS1zdGF0ZSBjaGVja3MgdW50aWwgdGhlIGNvdW50IHJpc2VzIGFib3ZlCiMgdGhpcyBudW1iZXIgdG8gYXZvaWQgZmFsc2UgcG9zaXRpdmVzIGlmIHRoZXJlIGFyZSBzb21lIHBlcmlvZHMgd2hlcmUgdGhlCiMgY291bnQgZG9lc24ndCBpbmNyZWFzZSBidXQgd2Uga25vdyB3ZSBjYW4ndCBiZSBhdCBzdGVhZHktc3RhdGUgeWV0LgpTVEVBRFlfU1RBVEVfTUlOSU1VTT0ke1NURUFEWV9TVEFURV9NSU5JTVVNOi0wfQoKIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIwoKd2l0aGluKCkgewogIGxvY2FsIGxhc3Q9JDEgY3VycmVudD0kMiB0aHJlc2hvbGQ9JDMKICBsb2NhbCBkZWx0YT0wIHBjaGFuZ2UKICBkZWx0YT0kKCggY3VycmVudCAtIGxhc3QgKSkKICBpZiBbWyAkY3VycmVudCAtZXEgJGxhc3QgXV07IHRoZW4KICAgIHBjaGFuZ2U9MAogIGVsaWYgW1sgJGxhc3QgLWVxIDAgXV07IHRoZW4KICAgIHBjaGFuZ2U9MTAwMDAwMAogIGVsc2UKICAgIHBjaGFuZ2U9JCgoICggIiRkZWx0YSIgKiAxMDApIC8gbGFzdCApKQogIGZpCiAgZWNobyAtbiAibGFzdDokbGFzdCBjdXJyZW50OiRjdXJyZW50IGRlbHRhOiRkZWx0YSBwY2hhbmdlOiR7cGNoYW5nZX0lOiAiCiAgbG9jYWwgYWJzb2x1dGUgbGltaXQKICBjYXNlICR0aHJlc2hvbGQgaW4KICAgIColKQogICAgICBhYnNvbHV0ZT0ke3BjaGFuZ2UjIy19ICMgYWJzb2x1dGUgdmFsdWUKICAgICAgbGltaXQ9JHt0aHJlc2hvbGQlJSV9CiAgICAgIDs7CiAgICAqKQogICAgICBhYnNvbHV0ZT0ke2RlbHRhIyMtfSAjIGFic29sdXRlIHZhbHVlCiAgICAgIGxpbWl0PSR0aHJlc2hvbGQKICAgICAgOzsKICBlc2FjCiAgaWYgW1sgJGFic29sdXRlIC1sZSAkbGltaXQgXV07IHRoZW4KICAgIGVjaG8gIndpdGhpbiAoKy8tKSR0aHJlc2hvbGQiCiAgICByZXR1cm4gMAogIGVsc2UKICAgIGVjaG8gIm91dHNpZGUgKCsvLSkkdGhyZXNob2xkIgogICAgcmV0dXJuIDEKICBmaQp9CgpzdGVhZHlzdGF0ZSgpIHsKICBsb2NhbCBsYXN0PSQxIGN1cnJlbnQ9JDIKICBpZiBbWyAkbGFzdCAtbHQgJFNURUFEWV9TVEFURV9NSU5JTVVNIF1dOyB0aGVuCiAgICBlY2hvICJsYXN0OiRsYXN0IGN1cnJlbnQ6JGN1cnJlbnQgV2FpdGluZyB0byByZWFjaCAkU1RFQURZX1NUQVRFX01JTklNVU0gYmVmb3JlIGNoZWNraW5nIGZvciBzdGVhZHktc3RhdGUiCiAgICByZXR1cm4gMQogIGZpCiAgd2l0aGluICIkbGFzdCIgIiRjdXJyZW50IiAiJFNURUFEWV9TVEFURV9USFJFU0hPTEQiCn0KCndhaXRGb3JSZWFkeSgpIHsKICBsb2dnZXIgIlJlY292ZXJ5OiBXYWl0aW5nICR7TUFYSU1VTV9XQUlUX1RJTUV9cyBmb3IgdGhlIGluaXRpYWxpemF0aW9uIHRvIGNvbXBsZXRlIgogIGxvY2FsIHQ9MCBzPTEwCiAgbG9jYWwgbGFzdENjb3VudD0wIGNjb3VudD0wIHN0ZWFkeVN0YXRlVGltZT0wCiAgd2hpbGUgW1sgJHQgLWx0ICRNQVhJTVVNX1dBSVRfVElNRSBdXTsgZG8KICAgIHNsZWVwICRzCiAgICAoKHQgKz0gcykpCiAgICAjIERldGVjdCBzdGVhZHktc3RhdGUgcG9kIGNvdW50CiAgICBjY291bnQ9JChjcmljdGwgcHMgMj4vZGV2L251bGwgfCB3YyAtbCkKICAgIGlmIFtbICRjY291bnQgLWd0IDAgXV0gJiYgc3RlYWR5c3RhdGUgIiRsYXN0Q2NvdW50IiAiJGNjb3VudCI7IHRoZW4KICAgICAgKChzdGVhZHlTdGF0ZVRpbWUgKz0gcykpCiAgICAgIGVjaG8gIlN0ZWFkeS1zdGF0ZSBmb3IgJHtzdGVhZHlTdGF0ZVRpbWV9cy8ke1NURUFEWV9TVEFURV9XSU5ET1d9cyIKICAgICAgaWYgW1sgJHN0ZWFkeVN0YXRlVGltZSAtZ2UgJFNURUFEWV9TVEFURV9XSU5ET1cgXV07IHRoZW4KICAgICAgICBsb2dnZXIgIlJlY292ZXJ5OiBTdGVhZHktc3RhdGUgKCsvLSAkU1RFQURZX1NUQVRFX1RIUkVTSE9MRCkgZm9yICR7U1RFQURZX1NUQVRFX1dJTkRPV31zOiBEb25lIgogICAgICAgIHJldHVybiAwCiAgICAgIGZpCiAgICBlbHNlCiAgICAgIGlmIFtbICRzdGVhZHlTdGF0ZVRpbWUgLWd0IDAgXV07IHRoZW4KICAgICAgICBlY2hvICJSZXNldHRpbmcgc3RlYWR5LXN0YXRlIHRpbWVyIgogICAgICAgIHN0ZWFkeVN0YXRlVGltZT0wCiAgICAgIGZpCiAgICBmaQogICAgbGFzdENjb3VudD0kY2NvdW50CiAgZG9uZQogIGxvZ2dlciAiUmVjb3Zlcnk6IFJlY292ZXJ5IENvbXBsZXRlIFRpbWVvdXQiCn0KCnNldFJjdU5vcm1hbCgpIHsKICBlY2hvICJTZXR0aW5nIHJjdV9ub3JtYWwgdG8gMSIKICBlY2hvIDEgPiAvc3lzL2tlcm5lbC9yY3Vfbm9ybWFsCn0KCm1haW4oKSB7CiAgd2FpdEZvclJlYWR5CiAgZWNobyAiV2FpdGluZyBmb3Igc3RlYWR5IHN0YXRlIHRvb2s6ICQoYXdrICd7cHJpbnQgaW50KCQxLzM2MDApImgiLCBpbnQoKCQxJTM2MDApLzYwKSJtIiwgaW50KCQxJTYwKSJzIn0nIC9wcm9jL3VwdGltZSkiCiAgc2V0UmN1Tm9ybWFsCn0KCmlmIFtbICIke0JBU0hfU09VUkNFWzBdfSIgPSAiJHswfSIgXV07IHRoZW4KICBtYWluICIke0B9IgogIGV4aXQgJD8KZmkK
+            mode: 493
+            path: /usr/local/bin/set-rcu-normal.sh
+        systemd:
+          units:
+          - contents: |
+              [Unit]
+              Description=Disable rcu_expedited after node has finished booting by setting rcu_normal to 1
+
+              [Service]
+              Type=simple
+              ExecStart=/usr/local/bin/set-rcu-normal.sh
+
+              # Maximum wait time is 600s = 10m:
+              Environment=MAXIMUM_WAIT_TIME=600
+
+              # Steady-state threshold = 2%
+              # Allowed values:
+              #  4  - absolute pod count (+/-)
+              #  4% - percent change (+/-)
+              #  -1 - disable the steady-state check
+              # Note: '%' must be escaped as '%%' in systemd unit files
+              Environment=STEADY_STATE_THRESHOLD=2%%
+
+              # Steady-state window = 120s
+              # If the running pod count stays within the given threshold for this time
+              # period, return CPU utilization to normal before the maximum wait time has
+              # expires
+              Environment=STEADY_STATE_WINDOW=120
+
+              # Steady-state minimum = 40
+              # Increasing this will skip any steady-state checks until the count rises above
+              # this number to avoid false positives if there are some periods where the
+              # count doesn't increase but we know we can't be at steady-state yet.
+              Environment=STEADY_STATE_MINIMUM=40
+
+              [Install]
+              WantedBy=multi-user.target
+            enabled: true
+            name: set-rcu-normal.service
+- 09-openshift-marketplace-ns.yaml: |
+    # Taken from https://github.com/operator-framework/operator-marketplace/blob/53c124a3f0edfd151652e1f23c87dd39ed7646bb/manifests/01_namespace.yaml
+    # Update it as the source evolves.
+    apiVersion: v1
+    kind: Namespace
+    metadata:
+      annotations:
+        openshift.io/node-selector: ""
+        workload.openshift.io/allowed: "management"
+      labels:
+        openshift.io/cluster-monitoring: "true"
+        pod-security.kubernetes.io/enforce: baseline
+        pod-security.kubernetes.io/enforce-version: v1.25
+        pod-security.kubernetes.io/audit: baseline
+        pod-security.kubernetes.io/audit-version: v1.25
+        pod-security.kubernetes.io/warn: baseline
+        pod-security.kubernetes.io/warn-version: v1.25
+      name: "openshift-marketplace"
+- 99-crio-disable-wipe-master.yaml: |
+    # Automatically generated by extra-manifests-builder
+    # Do not make changes directly.
+    apiVersion: machineconfiguration.openshift.io/v1
+    kind: MachineConfig
+    metadata:
+      labels:
+        machineconfiguration.openshift.io/role: master
+      name: 99-crio-disable-wipe-master
+    spec:
+      config:
+        ignition:
+          version: 3.2.0
+        storage:
+          files:
+            - contents:
+                source: data:text/plain;charset=utf-8;base64,W2NyaW9dCmNsZWFuX3NodXRkb3duX2ZpbGUgPSAiIgo=
+              mode: 420
+              path: /etc/crio/crio.conf.d/99-crio-disable-wipe.toml
+- 99-crio-disable-wipe-worker.yaml: |
+    # Automatically generated by extra-manifests-builder
+    # Do not make changes directly.
+    apiVersion: machineconfiguration.openshift.io/v1
+    kind: MachineConfig
+    metadata:
+      labels:
+        machineconfiguration.openshift.io/role: worker
+      name: 99-crio-disable-wipe-worker
+    spec:
+      config:
+        ignition:
+          version: 3.2.0
+        storage:
+          files:
+            - contents:
+                source: data:text/plain;charset=utf-8;base64,W2NyaW9dCmNsZWFuX3NodXRkb3duX2ZpbGUgPSAiIgo=
+              mode: 420
+              path: /etc/crio/crio.conf.d/99-crio-disable-wipe.toml
+- 99-sync-time-once-master.yaml: |
+    # Automatically generated by extra-manifests-builder
+    # Do not make changes directly.
+    apiVersion: machineconfiguration.openshift.io/v1
+    kind: MachineConfig
+    metadata:
+      labels:
+        machineconfiguration.openshift.io/role: master
+      name: 99-sync-time-once-master
+    spec:
+      config:
+        ignition:
+          version: 3.2.0
+        systemd:
+          units:
+            - contents: |
+                [Unit]
+                Description=Sync time once
+                After=network-online.target
+                Wants=network-online.target
+                [Service]
+                Type=oneshot
+                TimeoutStartSec=300
+                ExecCondition=/bin/bash -c 'systemctl is-enabled chronyd.service --quiet && exit 1 || exit 0'
+                ExecStart=/usr/sbin/chronyd -n -f /etc/chrony.conf -q
+                RemainAfterExit=yes
+                [Install]
+                WantedBy=multi-user.target
+              enabled: true
+              name: sync-time-once.service
+  99-sync-time-once-worker.yaml: |
+    # Automatically generated by extra-manifests-builder
+    # Do not make changes directly.
+    apiVersion: machineconfiguration.openshift.io/v1
+    kind: MachineConfig
+    metadata:
+      labels:
+        machineconfiguration.openshift.io/role: worker
+      name: 99-sync-time-once-worker
+    spec:
+      config:
+        ignition:
+          version: 3.2.0
+        systemd:
+          units:
+            - contents: |
+                [Unit]
+                Description=Sync time once
+                After=network-online.target
+                Wants=network-online.target
+                [Service]
+                Type=oneshot
+                TimeoutStartSec=300
+                ExecCondition=/bin/bash -c 'systemctl is-enabled chronyd.service --quiet && exit 1 || exit 0'
+                ExecStart=/usr/sbin/chronyd -n -f /etc/chrony.conf -q
+                RemainAfterExit=yes
+                [Install]
+                WantedBy=multi-user.target
+              enabled: true
+              name: sync-time-once.service
+- enable-crun-master.yaml: |
+    ---
+    apiVersion: machineconfiguration.openshift.io/v1
+    kind: ContainerRuntimeConfig
+    metadata:
+     name: enable-crun-master
+    spec:
+     machineConfigPoolSelector:
+       matchLabels:
+         pools.operator.machineconfiguration.openshift.io/master: ""
+     containerRuntimeConfig:
+       defaultRuntime: crun
+- enable-crun-worker.yaml: |
+    ---
+    apiVersion: machineconfiguration.openshift.io/v1
+    kind: ContainerRuntimeConfig
+    metadata:
+     name: enable-crun-worker
+    spec:
+     machineConfigPoolSelector:
+       matchLabels:
+         pools.operator.machineconfiguration.openshift.io/worker: ""
+     containerRuntimeConfig:
+       defaultRuntime: crun
+- ReduceMonitoringFootprint.yaml: |
+    ---
+    apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      name: cluster-monitoring-config
+      namespace: openshift-monitoring
+      annotations:
+        ran.openshift.io/ztp-deploy-wave: "1"
+    data:
+      config.yaml: |
+        alertmanagerMain:
+          enabled: false
+        telemeterClient:
+          enabled: false
+        prometheusK8s:
+           retention: 24h
+- DisableOLMPprof.yaml: |
+    ---
+    apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      name: collect-profiles-config
+      namespace: openshift-operator-lifecycle-manager
+      annotations:
+        ran.openshift.io/ztp-deploy-wave: "10"
+    data:
+      pprof-config.yaml: |
+        disabled: True
+- DisableSnoNetworkDiag.yaml: |
+    ---
+    apiVersion: operator.openshift.io/v1
+    kind: Network
+    metadata:
+      name: cluster
+      annotations:
+        ran.openshift.io/ztp-deploy-wave: "10"
+    spec:
+      disableNetworkDiagnostics: true
+- ConsoleOperatorDisable.yaml: |
+    ---
+    apiVersion: operator.openshift.io/v1
+    kind: Console
+    metadata:
+      annotations:
+        include.release.openshift.io/ibm-cloud-managed: "false"
+        include.release.openshift.io/self-managed-high-availability: "false"
+        include.release.openshift.io/single-node-developer: "false"
+        release.openshift.io/create-only: "true"
+        ran.openshift.io/ztp-deploy-wave: "10"
+      name: cluster
+    spec:
+      logLevel: Normal
+      managementState: Removed
+      operatorLogLevel: Normal