€•âIŒsphinx.addnodes”Œdocument”“”)”}”(Œ rawsource”Œ”Œchildren”]”(Œ translations”Œ LanguagesNode”“”)”}”(hhh]”(hŒ pending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ refdomain”Œstd”Œreftype”Œdoc”Œ reftarget”Œ)/translations/zh_CN/security/secrets/coco”Œmodname”NŒ classname”NŒ refexplicit”ˆuŒtagname”hhh ubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ)/translations/zh_TW/security/secrets/coco”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ)/translations/it_IT/security/secrets/coco”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ)/translations/ja_JP/security/secrets/coco”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ)/translations/ko_KR/security/secrets/coco”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒPortuguese (Brazilian)”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ)/translations/pt_BR/security/secrets/coco”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒSpanish”…””}”hh–sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ)/translations/sp_SP/security/secrets/coco”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h hhŒ _document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh·sbah}”(h]”h ]”h"]”h$]”h&]”Œ xml:space”Œpreserve”uh1hµhhh²hh³ŒC/var/lib/git/docbuild/linux/Documentation/security/secrets/coco.rst”h´KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒConfidential Computing secrets”h]”hŒConfidential Computing secrets”…””}”(hhÏh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhhÊh²hh³hÇh´KubhŒ paragraph”“”)”}”(hŒ­This document describes how Confidential Computing secret injection is handled from the firmware to the operating system, in the EFI driver and the efi_secret kernel module.”h]”hŒ­This document describes how Confidential Computing secret injection is handled from the firmware to the operating system, in the EFI driver and the efi_secret kernel module.”…””}”(hhßh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KhhÊh²hubhÉ)”}”(hhh]”(hÎ)”}”(hŒ Introduction”h]”hŒ Introduction”…””}”(hhðh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhhíh²hh³hÇh´K ubhÞ)”}”(hX/Confidential Computing (coco) hardware such as AMD SEV (Secure Encrypted Virtualization) allows guest owners to inject secrets into the VMs memory without the host/hypervisor being able to read them. In SEV, secret injection is performed early in the VM launch process, before the guest starts running.”h]”hX/Confidential Computing (coco) hardware such as AMD SEV (Secure Encrypted Virtualization) allows guest owners to inject secrets into the VMs memory without the host/hypervisor being able to read them. In SEV, secret injection is performed early in the VM launch process, before the guest starts running.”…””}”(hhþh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Khhíh²hubhÞ)”}”(hŒbThe efi_secret kernel module allows userspace applications to access these secrets via securityfs.”h]”hŒbThe efi_secret kernel module allows userspace applications to access these secrets via securityfs.”…””}”(hj h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Khhíh²hubeh}”(h]”Œ introduction”ah ]”h"]”Œ introduction”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´K ubhÉ)”}”(hhh]”(hÎ)”}”(hŒSecret data flow”h]”hŒSecret data flow”…””}”(hj%h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhj"h²hh³hÇh´KubhÞ)”}”(hXŠThe guest firmware may reserve a designated memory area for secret injection, and publish its location (base GPA and length) in the EFI configuration table under a ``LINUX_EFI_COCO_SECRET_AREA_GUID`` entry (``adf956ad-e98c-484c-ae11-b51c7d336447``). This memory area should be marked by the firmware as ``EFI_RESERVED_TYPE``, and therefore the kernel should not be use it for its own purposes.”h]”(hŒ¤The guest firmware may reserve a designated memory area for secret injection, and publish its location (base GPA and length) in the EFI configuration table under a ”…””}”(hj3h²hh³Nh´NubhŒliteral”“”)”}”(hŒ#``LINUX_EFI_COCO_SECRET_AREA_GUID``”h]”hŒLINUX_EFI_COCO_SECRET_AREA_GUID”…””}”(hj=h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j;hj3ubhŒ entry (”…””}”(hj3h²hh³Nh´Nubj<)”}”(hŒ(``adf956ad-e98c-484c-ae11-b51c7d336447``”h]”hŒ$adf956ad-e98c-484c-ae11-b51c7d336447”…””}”(hjOh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j;hj3ubhŒ9). This memory area should be marked by the firmware as ”…””}”(hj3h²hh³Nh´Nubj<)”}”(hŒ``EFI_RESERVED_TYPE``”h]”hŒEFI_RESERVED_TYPE”…””}”(hjah²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j;hj3ubhŒE, and therefore the kernel should not be use it for its own purposes.”…””}”(hj3h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Khj"h²hubhÞ)”}”(hX”During the VM's launch, the virtual machine manager may inject a secret to that area. In AMD SEV and SEV-ES this is performed using the ``KVM_SEV_LAUNCH_SECRET`` command (see [sev]_). The structure of the injected Guest Owner secret data should be a GUIDed table of secret values; the binary format is described in ``drivers/virt/coco/efi_secret/efi_secret.c`` under "Structure of the EFI secret area".”h]”(hŒ‹During the VM’s launch, the virtual machine manager may inject a secret to that area. In AMD SEV and SEV-ES this is performed using the ”…””}”(hjyh²hh³Nh´Nubj<)”}”(hŒ``KVM_SEV_LAUNCH_SECRET``”h]”hŒKVM_SEV_LAUNCH_SECRET”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j;hjyubhŒ command (see ”…””}”(hjyh²hh³Nh´Nubh)”}”(hŒsev”h]”hŒinline”“”)”}”(hj•h]”hŒ[sev]”…””}”(hj™h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j—hj“ubah}”(h]”Œid1”ah ]”h"]”h$]”h&]”Œ refdomain”Œcitation”Œreftype”Œref”Œ reftarget”j•Œrefwarn”ˆŒsupport_smartquotes”‰uh1hh³hÇh´K#hjyh²hubhŒ‡). The structure of the injected Guest Owner secret data should be a GUIDed table of secret values; the binary format is described in ”…””}”(hjyh²hh³Nh´Nubj<)”}”(hŒ-``drivers/virt/coco/efi_secret/efi_secret.c``”h]”hŒ)drivers/virt/coco/efi_secret/efi_secret.c”…””}”(hj¸h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j;hjyubhŒ. under “Structure of the EFI secret areaâ€.”…””}”(hjyh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K#hj"h²hubhÞ)”}”(hXDOn kernel start, the kernel's EFI driver saves the location of the secret area (taken from the EFI configuration table) in the ``efi.coco_secret`` field. Later it checks if the secret area is populated: it maps the area and checks whether its content begins with ``EFI_SECRET_TABLE_HEADER_GUID`` (``1e74f542-71dd-4d66-963e-ef4287ff173b``). If the secret area is populated, the EFI driver will autoload the efi_secret kernel module, which exposes the secrets to userspace applications via securityfs. The details of the efi_secret filesystem interface are in [secrets-coco-abi]_.”h]”(hŒOn kernel start, the kernel’s EFI driver saves the location of the secret area (taken from the EFI configuration table) in the ”…””}”(hjÐh²hh³Nh´Nubj<)”}”(hŒ``efi.coco_secret``”h]”hŒefi.coco_secret”…””}”(hjØh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j;hjÐubhŒu field. Later it checks if the secret area is populated: it maps the area and checks whether its content begins with ”…””}”(hjÐh²hh³Nh´Nubj<)”}”(hŒ ``EFI_SECRET_TABLE_HEADER_GUID``”h]”hŒEFI_SECRET_TABLE_HEADER_GUID”…””}”(hjêh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j;hjÐubhŒ (”…””}”(hjÐh²hh³Nh´Nubj<)”}”(hŒ(``1e74f542-71dd-4d66-963e-ef4287ff173b``”h]”hŒ$1e74f542-71dd-4d66-963e-ef4287ff173b”…””}”(hjüh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j;hjÐubhŒß). If the secret area is populated, the EFI driver will autoload the efi_secret kernel module, which exposes the secrets to userspace applications via securityfs. The details of the efi_secret filesystem interface are in ”…””}”(hjÐh²hh³Nh´Nubh)”}”(hŒsecrets-coco-abi”h]”j˜)”}”(hjh]”hŒ[secrets-coco-abi]”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j—hjubah}”(h]”Œid2”ah ]”h"]”h$]”h&]”Œ refdomain”j®Œreftype”j°Œ reftarget”jŒrefwarn”ˆŒsupport_smartquotes”‰uh1hh³hÇh´K*hjÐh²hubhŒ.”…””}”(hjÐh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K*hj"h²hubeh}”(h]”Œsecret-data-flow”ah ]”h"]”Œsecret data flow”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´KubhÉ)”}”(hhh]”(hÎ)”}”(hŒApplication usage example”h]”hŒApplication usage example”…””}”(hj@h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhj=h²hh³hÇh´K5ubhÞ)”}”(hXHConsider a guest performing computations on encrypted files. The Guest Owner provides the decryption key (= secret) using the secret injection mechanism. The guest application reads the secret from the efi_secret filesystem and proceeds to decrypt the files into memory and then performs the needed computations on the content.”h]”hXHConsider a guest performing computations on encrypted files. The Guest Owner provides the decryption key (= secret) using the secret injection mechanism. The guest application reads the secret from the efi_secret filesystem and proceeds to decrypt the files into memory and then performs the needed computations on the content.”…””}”(hjNh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K7hj=h²hubhÞ)”}”(hX8In this example, the host can't read the files from the disk image because they are encrypted. Host can't read the decryption key because it is passed using the secret injection mechanism (= secure channel). Host can't read the decrypted content from memory because it's a confidential (memory-encrypted) guest.”h]”hX@In this example, the host can’t read the files from the disk image because they are encrypted. Host can’t read the decryption key because it is passed using the secret injection mechanism (= secure channel). Host can’t read the decrypted content from memory because it’s a confidential (memory-encrypted) guest.”…””}”(hj\h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K=hj=h²hubhÞ)”}”(hŒŽHere is a simple example for usage of the efi_secret module in a guest to which an EFI secret area with 4 secrets was injected during launch::”h]”hŒHere is a simple example for usage of the efi_secret module in a guest to which an EFI secret area with 4 secrets was injected during launch:”…””}”(hjjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KChj=h²hubhŒ literal_block”“”)”}”(hX—# ls -la /sys/kernel/security/secrets/coco total 0 drwxr-xr-x 2 root root 0 Jun 28 11:54 . drwxr-xr-x 3 root root 0 Jun 28 11:54 .. -r--r----- 1 root root 0 Jun 28 11:54 736870e5-84f0-4973-92ec-06879ce3da0b -r--r----- 1 root root 0 Jun 28 11:54 83c83f7f-1356-4975-8b7e-d3a0b54312c6 -r--r----- 1 root root 0 Jun 28 11:54 9553f55d-3da2-43ee-ab5d-ff17f78864d2 -r--r----- 1 root root 0 Jun 28 11:54 e6f5a162-d67f-4750-a67c-5d065f2a9910 # hd /sys/kernel/security/secrets/coco/e6f5a162-d67f-4750-a67c-5d065f2a9910 00000000 74 68 65 73 65 2d 61 72 65 2d 74 68 65 2d 6b 61 |these-are-the-ka| 00000010 74 61 2d 73 65 63 72 65 74 73 00 01 02 03 04 05 |ta-secrets......| 00000020 06 07 |..| 00000022 # rm /sys/kernel/security/secrets/coco/e6f5a162-d67f-4750-a67c-5d065f2a9910 # ls -la /sys/kernel/security/secrets/coco total 0 drwxr-xr-x 2 root root 0 Jun 28 11:55 . drwxr-xr-x 3 root root 0 Jun 28 11:54 .. -r--r----- 1 root root 0 Jun 28 11:54 736870e5-84f0-4973-92ec-06879ce3da0b -r--r----- 1 root root 0 Jun 28 11:54 83c83f7f-1356-4975-8b7e-d3a0b54312c6 -r--r----- 1 root root 0 Jun 28 11:54 9553f55d-3da2-43ee-ab5d-ff17f78864d2”h]”hX—# ls -la /sys/kernel/security/secrets/coco total 0 drwxr-xr-x 2 root root 0 Jun 28 11:54 . drwxr-xr-x 3 root root 0 Jun 28 11:54 .. -r--r----- 1 root root 0 Jun 28 11:54 736870e5-84f0-4973-92ec-06879ce3da0b -r--r----- 1 root root 0 Jun 28 11:54 83c83f7f-1356-4975-8b7e-d3a0b54312c6 -r--r----- 1 root root 0 Jun 28 11:54 9553f55d-3da2-43ee-ab5d-ff17f78864d2 -r--r----- 1 root root 0 Jun 28 11:54 e6f5a162-d67f-4750-a67c-5d065f2a9910 # hd /sys/kernel/security/secrets/coco/e6f5a162-d67f-4750-a67c-5d065f2a9910 00000000 74 68 65 73 65 2d 61 72 65 2d 74 68 65 2d 6b 61 |these-are-the-ka| 00000010 74 61 2d 73 65 63 72 65 74 73 00 01 02 03 04 05 |ta-secrets......| 00000020 06 07 |..| 00000022 # rm /sys/kernel/security/secrets/coco/e6f5a162-d67f-4750-a67c-5d065f2a9910 # ls -la /sys/kernel/security/secrets/coco total 0 drwxr-xr-x 2 root root 0 Jun 28 11:55 . drwxr-xr-x 3 root root 0 Jun 28 11:54 .. -r--r----- 1 root root 0 Jun 28 11:54 736870e5-84f0-4973-92ec-06879ce3da0b -r--r----- 1 root root 0 Jun 28 11:54 83c83f7f-1356-4975-8b7e-d3a0b54312c6 -r--r----- 1 root root 0 Jun 28 11:54 9553f55d-3da2-43ee-ab5d-ff17f78864d2”…””}”hjzsbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1jxh³hÇh´KFhj=h²hubeh}”(h]”Œapplication-usage-example”ah ]”h"]”Œapplication usage example”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´K5ubhÉ)”}”(hhh]”(hÎ)”}”(hŒ References”h]”hŒ References”…””}”(hj“h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhjh²hh³hÇh´KaubhÞ)”}”(hŒLSee [sev-api-spec]_ for more info regarding SEV ``LAUNCH_SECRET`` operation.”h]”(hŒSee ”…””}”(hj¡h²hh³Nh´Nubh)”}”(hŒ sev-api-spec”h]”j˜)”}”(hj«h]”hŒ[sev-api-spec]”…””}”(hj­h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j—hj©ubah}”(h]”Œid3”ah ]”h"]”h$]”h&]”Œ refdomain”j®Œreftype”j°Œ reftarget”j«Œrefwarn”ˆŒsupport_smartquotes”‰uh1hh³hÇh´Kchj¡h²hubhŒ for more info regarding SEV ”…””}”(hj¡h²hh³Nh´Nubj<)”}”(hŒ``LAUNCH_SECRET``”h]”hŒ LAUNCH_SECRET”…””}”(hjÊh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j;hj¡ubhŒ operation.”…””}”(hj¡h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Kchjh²hubhj®“”)”}”(hŒ4Documentation/virt/kvm/x86/amd-memory-encryption.rst”h]”(hŒlabel”“”)”}”(hŒsev”h]”hŒsev”…””}”(hjéh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œsupport_smartquotes”‰uh1jçhjãubhÞ)”}”(hjåh]”hŒ4Documentation/virt/kvm/x86/amd-memory-encryption.rst”…””}”(hjøh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Kehjãubeh}”(h]”Œsev”ah ]”h"]”Œsev”ah$]”h&]”j¨aŒdocname”Œsecurity/secrets/coco”uh1j®h³hÇh´Kehjh²hŒresolved”Kubjâ)”}”(hŒ1Documentation/ABI/testing/securityfs-secrets-coco”h]”(jè)”}”(hŒsecrets-coco-abi”h]”hŒsecrets-coco-abi”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”j÷‰uh1jçhjubhÞ)”}”(hjh]”hŒ1Documentation/ABI/testing/securityfs-secrets-coco”…””}”(hj"h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Kfhjubeh}”(h]”Œsecrets-coco-abi”ah ]”h"]”Œsecrets-coco-abi”ah$]”h&]”j!aj juh1j®h³hÇh´Kfhjh²hjKubjâ)”}”(hŒLhttps://www.amd.com/system/files/TechDocs/55766_SEV-KM_API_Specification.pdf”h]”(jè)”}”(hŒ sev-api-spec”h]”hŒ sev-api-spec”…””}”(hj;h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”j÷‰uh1jçhj7ubhÞ)”}”(hj9h]”hŒ reference”“”)”}”(hj9h]”hŒLhttps://www.amd.com/system/files/TechDocs/55766_SEV-KM_API_Specification.pdf”…””}”(hjNh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”j9uh1jLhjIubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Kghj7ubeh}”(h]”Œ sev-api-spec”ah ]”h"]”Œ sev-api-spec”ah$]”h&]”j¼aj juh1j®h³hÇh´Kghjh²hjKubeh}”(h]”Œ references”ah ]”h"]”Œ references”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´Kaubeh}”(h]”Œconfidential-computing-secrets”ah ]”h"]”Œconfidential computing secrets”ah$]”h&]”uh1hÈhhh²hh³hÇh´Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”hÇuh1hŒcurrent_source”NŒ current_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(hÍNŒ generator”NŒ datestamp”NŒ source_link”NŒ source_url”NŒ toc_backlinks”Œentry”Œfootnote_backlinks”KŒ sectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒ strip_classes”NŒ report_level”KŒ halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ traceback”ˆŒinput_encoding”Œ utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”jŒerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œ language_code”Œen”Œrecord_dependencies”NŒconfig”NŒ id_prefix”hŒauto_id_prefix”Œid”Œ dump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”hÇŒ _destination”NŒ _config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒ raw_enabled”KŒline_length_limit”M'Œpep_references”NŒ pep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒ rfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œ smart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œ docinfo_xform”KŒsectsubtitle_xform”‰Œ image_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”(Œsev”]”hŒcitation_reference”“”)”}”(hŒ[sev]_”h]”hŒsev”…””}”hjásbah}”(h]”j¨ah ]”h"]”h$]”h&]”Œrefid”juh1jßhjyjKubaŒsecrets-coco-abi”]”jà)”}”(hŒ[secrets-coco-abi]_”h]”hŒsecrets-coco-abi”…””}”hjòsbah}”(h]”j!ah ]”h"]”h$]”h&]”jïj1uh1jßhjÐjKubaŒ sev-api-spec”]”jà)”}”(hŒ[sev-api-spec]_”h]”hŒ sev-api-spec”…””}”hjsbah}”(h]”j¼ah ]”h"]”h$]”h&]”jïjduh1jßhj¡jKubauŒrefids”}”Œnameids”}”(jwjtjjj:j7jjŠjojlj jj4j1jgjduŒ nametypes”}”(jw‰j‰j:‰j‰jo‰j ˆj4ˆjgˆuh}”(jthÊjhíj7j"j¨jáj!jòjŠj=jljj¼jjjãj1jjdj7uŒ footnote_refs”}”Œ citation_refs”}”(jÝ]”jáajð]”jòaj]”jauŒ autofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ footnotes”]”Œ citations”]”(jãjj7eŒautofootnote_start”KŒsymbol_footnote_start”KŒ id_counter”Œ collections”ŒCounter”“”}”j«Ks…”R”Œparse_messages”]”Œtransform_messages”]”Œ transformer”NŒ include_log”]”Œ decoration”Nh²hub.