From b7cd0974f19ee8f021848e65a09aa18cf5885d2c Mon Sep 17 00:00:00 2001
From: cproudlock <cproudlock@localhost>
Date: Thu, 26 Mar 2026 13:54:25 -0400
Subject: [PATCH] Blancco 7.15.1 upgrade: native kernel boot, BMC cloud
 licensing

- Switch to Blancco native kernel (vmlinuz-bde-linux) for hardware compat
- Config.img preferences with BMC connection (classic.eu-west-1.blancco.cloud)
- Disable wired LAN in preferences so WiFi takes default route to BMC
- WiFi SSID INTERNETACCESS configured in plaintext in config.img
- Slim GRUB EFI (1.3MB standalone with minimal modules)
- Fix Windows line endings in blancco-init.sh
- Add extra NIC drivers to switch_root initramfs
- SSH enabled in modified airootfs.sfs (root:blancco)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 playbook/blancco-init.sh         | 330 ++++++++++++++++---------------
 playbook/blancco-preferences.xml | 233 +++++++++++++---------
 2 files changed, 308 insertions(+), 255 deletions(-)

diff --git a/playbook/blancco-init.sh b/playbook/blancco-init.sh
index 0cc27cb..1a4dcd7 100644
--- a/playbook/blancco-init.sh
+++ b/playbook/blancco-init.sh
@@ -1,162 +1,168 @@
-#!/bin/sh
-# Blancco PXE Loader - init script for custom initramfs
-# Boot chain: iPXE -> GRUB EFI -> Ubuntu kernel + this initramfs -> switch_root to Blancco
-#
-# Blancco's own kernel freezes on Dell Precision towers during PXE boot.
-# Workaround: boot Ubuntu kernel, download Blancco rootfs (squashfs), mount
-# overlay filesystem, and switch_root into Blancco's userspace.
-
-export PATH=/bin:/sbin
-
-echo ""
-echo "============================================"
-echo "  Blancco PXE loader"
-echo "============================================"
-echo ""
-
-mount -t proc proc /proc
-mount -t sysfs sysfs /sys
-mount -t devtmpfs devtmpfs /dev 2>/dev/null
-mkdir -p /tmp /run
-
-echo "[1/4] Loading NIC drivers..."
-for mod in /lib/modules/*.ko; do
-    insmod $mod 2>/dev/null
-done
-sleep 2
-
-echo "  Waiting for network interface..."
-IFACE=""
-COUNT=0
-while [ $COUNT -lt 30 ]; do
-    for i in /sys/class/net/*; do
-        ifname="${i##*/}"
-        if [ "$ifname" != "lo" ] && [ -d "$i" ]; then
-            IFACE=$ifname
-            break 2
-        fi
-    done
-    COUNT=$((COUNT + 1))
-    sleep 1
-    echo -n "."
-done
-echo ""
-
-if [ -z "$IFACE" ]; then
-    echo "ERROR: No network interface found!"
-    exec sh
-fi
-
-echo "  Interface: $IFACE"
-ip link set $IFACE up
-sleep 2
-
-SERVER=10.9.100.1
-ifconfig $IFACE 10.9.100.250 netmask 255.255.255.0 up
-sleep 1
-echo "  IP: 10.9.100.250"
-
-echo "[2/4] Downloading Blancco rootfs (666MB)..."
-wget -O /tmp/airootfs.sfs http://$SERVER/blancco/arch/x86_64/airootfs.sfs 2>&1
-if [ ! -s /tmp/airootfs.sfs ]; then
-    echo "ERROR: Failed to download rootfs!"
-    exec sh
-fi
-echo "  OK ($(wc -c < /tmp/airootfs.sfs) bytes)"
-
-echo "[3/4] Mounting rootfs..."
-mkdir -p /run/lower /run/upper /run/work /run/newroot
-
-losetup /dev/loop0 /tmp/airootfs.sfs
-mount -t squashfs -o ro /dev/loop0 /run/lower
-if [ $? -ne 0 ]; then
-    echo "ERROR: squashfs mount failed!"
-    exec sh
-fi
-
-insmod /lib/modules/overlay.ko 2>/dev/null
-mount -t tmpfs -o size=50% tmpfs /run/upper
-mkdir -p /run/upper/upper /run/upper/work
-
-mount -t overlay overlay -o lowerdir=/run/lower,upperdir=/run/upper/upper,workdir=/run/upper/work /run/newroot
-if [ $? -ne 0 ]; then
-    echo "ERROR: overlay mount failed!"
-    exec sh
-fi
-
-echo "[4/5] Installing kernel modules (132MB)..."
-wget -O /tmp/kmod.tar.gz http://$SERVER/blancco/kmod.tar.gz 2>&1
-if [ -s /tmp/kmod.tar.gz ]; then
-    cd /run/newroot
-    gunzip -c /tmp/kmod.tar.gz | tar xf -
-    rm -f /tmp/kmod.tar.gz
-    cd /
-    echo "  OK"
-else
-    echo "  WARNING: Failed to download kernel modules"
-fi
-
-echo "[5/6] Switching root to Blancco..."
-mkdir -p /run/newroot/run /run/newroot/proc /run/newroot/sys /run/newroot/dev /run/newroot/tmp
-
-echo "[6/6] Downloading Blancco config..."
-wget -O /run/newroot/albus/config.xml http://$SERVER/blancco/config-clean.xml 2>&1
-wget -O /run/newroot/albus/preferences.xml http://$SERVER/blancco/preferences.xml 2>&1
-if [ -s /run/newroot/albus/config.xml ]; then
-    echo "  config.xml: $(wc -c < /run/newroot/albus/config.xml) bytes"
-else
-    echo "  WARNING: Failed to download config.xml"
-fi
-if [ -s /run/newroot/albus/preferences.xml ]; then
-    cp -f /run/newroot/albus/preferences.xml /run/newroot/albus/preferences.save
-    echo "  preferences.xml: $(wc -c < /run/newroot/albus/preferences.xml) bytes"
-else
-    echo "  WARNING: Failed to download preferences.xml"
-fi
-
-# Pre-configure X.org to use modesetting driver (generic KMS, works with all GPUs)
-mkdir -p /run/newroot/etc/X11/xorg.conf.d
-echo "  X.org: forcing modesetting driver"
-cat > /run/newroot/etc/X11/xorg.conf.d/20-failsafeDriver.conf << 'XEOF'
-Section "Device"
-    Identifier "Failsafe Video Device"
-    Driver "modesetting"
-EndSection
-XEOF
-
-# Enable SSH for remote debugging
-echo "  Enabling SSH (root:blancco)..."
-sed -i 's/^#*PermitRootLogin.*/PermitRootLogin yes/' /run/newroot/etc/ssh/sshd_config 2>/dev/null
-cat > /run/newroot/etc/rc.local << 'RCEOF'
-#!/bin/bash
-echo 'root:blancco' | chpasswd
-ssh-keygen -A 2>/dev/null
-IFACE=$(ls /sys/class/net/ | grep -v lo | head -1)
-ip addr add 10.9.100.250/24 dev "$IFACE" 2>/dev/null
-/usr/bin/sshd
-RCEOF
-chmod +x /run/newroot/etc/rc.local
-
-ln -sf /usr/lib/systemd/system/rc-local.service /run/newroot/etc/systemd/system/multi-user.target.wants/rc-local.service 2>/dev/null
-cat > /run/newroot/etc/systemd/system/pxe-debug.service << 'SVCEOF'
-[Unit]
-Description=PXE Debug SSH
-After=systemd-networkd.service
-Wants=systemd-networkd.service
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-ExecStart=/etc/rc.local
-
-[Install]
-WantedBy=multi-user.target
-SVCEOF
-ln -sf /etc/systemd/system/pxe-debug.service /run/newroot/etc/systemd/system/multi-user.target.wants/pxe-debug.service
-
-mount --move /proc /run/newroot/proc
-mount --move /sys /run/newroot/sys
-mount --move /dev /run/newroot/dev
-
-echo "  Starting Blancco..."
-exec switch_root /run/newroot /sbin/init
+#!/bin/sh
+# Blancco PXE Loader - init script for custom initramfs
+# Boot chain: iPXE -> GRUB EFI -> Ubuntu kernel + this initramfs -> switch_root to Blancco
+#
+# Blancco's own kernel freezes on Dell Precision towers during PXE boot.
+# Workaround: boot Ubuntu kernel, download Blancco rootfs (squashfs), mount
+# overlay filesystem, and switch_root into Blancco's userspace.
+
+export PATH=/bin:/sbin
+
+echo ""
+echo "============================================"
+echo "  Blancco PXE loader"
+echo "============================================"
+echo ""
+
+mount -t proc proc /proc
+mount -t sysfs sysfs /sys
+mount -t devtmpfs devtmpfs /dev 2>/dev/null
+mkdir -p /tmp /run
+
+echo "[1/4] Loading NIC drivers..."
+for mod in /lib/modules/*.ko; do
+    echo "  insmod $(basename $mod)"
+    insmod $mod 2>/dev/null || true
+done
+sleep 5
+
+echo "  Interfaces after driver load:"
+ls /sys/class/net/ 2>/dev/null
+
+echo "  Waiting for network interface..."
+IFACE=""
+COUNT=0
+while [ $COUNT -lt 60 ]; do
+    for i in /sys/class/net/*; do
+        ifname="${i##*/}"
+        if [ "$ifname" != "lo" ] && [ -d "$i" ]; then
+            IFACE=$ifname
+            break 2
+        fi
+    done
+    COUNT=$((COUNT + 1))
+    sleep 1
+    echo -n "."
+done
+echo ""
+
+if [ -z "$IFACE" ]; then
+    echo "ERROR: No network interface found!"
+    echo "Available interfaces:"
+    ls /sys/class/net/ 2>/dev/null
+    exec sh
+fi
+
+echo "  Interface: $IFACE"
+ip link set $IFACE up
+sleep 2
+
+SERVER=10.9.100.1
+ifconfig $IFACE 10.9.100.250 netmask 255.255.255.0 up
+sleep 1
+echo "  IP: 10.9.100.250"
+
+echo "[2/4] Downloading Blancco rootfs (666MB)..."
+wget -O /tmp/airootfs.sfs http://$SERVER/blancco/arch/x86_64/airootfs.sfs 2>&1
+if [ ! -s /tmp/airootfs.sfs ]; then
+    echo "ERROR: Failed to download rootfs!"
+    exec sh
+fi
+echo "  OK ($(wc -c < /tmp/airootfs.sfs) bytes)"
+
+echo "[3/4] Mounting rootfs..."
+mkdir -p /run/lower /run/upper /run/work /run/newroot
+
+losetup /dev/loop0 /tmp/airootfs.sfs
+mount -t squashfs -o ro /dev/loop0 /run/lower
+if [ $? -ne 0 ]; then
+    echo "ERROR: squashfs mount failed!"
+    exec sh
+fi
+
+insmod /lib/modules/overlay.ko 2>/dev/null
+mount -t tmpfs -o size=50% tmpfs /run/upper
+mkdir -p /run/upper/upper /run/upper/work
+
+mount -t overlay overlay -o lowerdir=/run/lower,upperdir=/run/upper/upper,workdir=/run/upper/work /run/newroot
+if [ $? -ne 0 ]; then
+    echo "ERROR: overlay mount failed!"
+    exec sh
+fi
+
+echo "[4/5] Installing kernel modules (132MB)..."
+wget -O /tmp/kmod.tar.gz http://$SERVER/blancco/kmod.tar.gz 2>&1
+if [ -s /tmp/kmod.tar.gz ]; then
+    cd /run/newroot
+    gunzip -c /tmp/kmod.tar.gz | tar xf -
+    rm -f /tmp/kmod.tar.gz
+    cd /
+    echo "  OK"
+else
+    echo "  WARNING: Failed to download kernel modules"
+fi
+
+echo "[5/6] Switching root to Blancco..."
+mkdir -p /run/newroot/run /run/newroot/proc /run/newroot/sys /run/newroot/dev /run/newroot/tmp
+
+echo "[6/6] Downloading Blancco config..."
+wget -O /run/newroot/albus/config.xml http://$SERVER/blancco/config-clean.xml 2>&1
+wget -O /run/newroot/albus/preferences.xml http://$SERVER/blancco/preferences.xml 2>&1
+if [ -s /run/newroot/albus/config.xml ]; then
+    echo "  config.xml: $(wc -c < /run/newroot/albus/config.xml) bytes"
+else
+    echo "  WARNING: Failed to download config.xml"
+fi
+if [ -s /run/newroot/albus/preferences.xml ]; then
+    cp -f /run/newroot/albus/preferences.xml /run/newroot/albus/preferences.save
+    echo "  preferences.xml: $(wc -c < /run/newroot/albus/preferences.xml) bytes"
+else
+    echo "  WARNING: Failed to download preferences.xml"
+fi
+
+# Pre-configure X.org to use modesetting driver (generic KMS, works with all GPUs)
+mkdir -p /run/newroot/etc/X11/xorg.conf.d
+echo "  X.org: forcing modesetting driver"
+cat > /run/newroot/etc/X11/xorg.conf.d/20-failsafeDriver.conf << 'XEOF'
+Section "Device"
+    Identifier "Failsafe Video Device"
+    Driver "modesetting"
+EndSection
+XEOF
+
+# Enable SSH for remote debugging
+echo "  Enabling SSH (root:blancco)..."
+if [ -f /run/newroot/etc/ssh/sshd_config ]; then
+    sed 's/^#*PermitRootLogin.*/PermitRootLogin yes/' /run/newroot/etc/ssh/sshd_config > /run/newroot/etc/ssh/sshd_config.new || true
+    mv /run/newroot/etc/ssh/sshd_config.new /run/newroot/etc/ssh/sshd_config || true
+fi
+
+cat > /run/newroot/etc/rc.local << 'RCEOF'
+#!/bin/bash
+echo 'root:blancco' | chpasswd
+ssh-keygen -A 2>/dev/null
+/usr/bin/sshd 2>/dev/null
+RCEOF
+chmod +x /run/newroot/etc/rc.local
+
+cat > /run/newroot/etc/systemd/system/pxe-debug.service << 'SVCEOF'
+[Unit]
+Description=PXE Debug SSH
+After=network.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/etc/rc.local
+
+[Install]
+WantedBy=multi-user.target
+SVCEOF
+ln -sf /etc/systemd/system/pxe-debug.service /run/newroot/etc/systemd/system/multi-user.target.wants/pxe-debug.service 2>/dev/null
+
+mount --move /proc /run/newroot/proc
+mount --move /sys /run/newroot/sys
+mount --move /dev /run/newroot/dev
+
+echo "  Starting Blancco..."
+exec switch_root /run/newroot /sbin/init
diff --git a/playbook/blancco-preferences.xml b/playbook/blancco-preferences.xml
index 780d0c7..d7c16f6 100644
--- a/playbook/blancco-preferences.xml
+++ b/playbook/blancco-preferences.xml
@@ -1,20 +1,26 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- FASDHFOSGHSVASLGHASDLASDFUILEFHLKJDKLFJGKLXCJGHFKLJDGHKLFJ -->
 <root>
-  <blancco type="albus-preferences" version="4.14"/>
+  <blancco type="albus-preferences" version="4.15"/>
   <version>
     <generation>7</generation>
-    <major>14</major>
-    <minor>0</minor>
+    <major>15</major>
+    <minor>1</minor>
   </version>
-  <integrity>WrE8qdGzoKMVy403SVha6O6JOdYlerKbbjyLSWo20NI=</integrity>
-  <configuration dect="3.14.0" imported="false">
+
+  <configuration>
+
+    <device_enrollment_detection>
+      <persistent_software>false</persistent_software>
+    </device_enrollment_detection>
+
     <processes type="array" key="process">
       <process>workflow</process>
       <process>auto</process>
       <process>semi</process>
       <process selected="true">manual</process>
     </processes>
+
     <hardware_tests type="array" key="test" enabled="false">
       <test enabled="true" mandatory="false" auto="true" threshold="60">battery</test>
       <test enabled="true" mandatory="false" auto="true">cpu</test>
@@ -37,6 +43,7 @@
       <test enabled="true" mandatory="false" auto="false">webcam</test>
       <test enabled="true" mandatory="false" auto="false">wifi</test>
     </hardware_tests>
+
     <layouts type="array" key="layout">
       <layout selected="true">us</layout>
       <layout>be</layout>
@@ -64,6 +71,7 @@
       <layout>se</layout>
       <layout>sk</layout>
     </layouts>
+
     <locales type="array" key="locale">
       <locale selected="true">en_US</locale>
       <locale>de_DE</locale>
@@ -80,93 +88,104 @@
       <locale>zh_CN</locale>
       <locale>zh_TW</locale>
     </locales>
-    <erasure_standards type="array" key="standard">
+
+    <erasure_standards key="standard" type="array">
       <standard enabled="true" id="afssi_5020" name="Air Force System Security Instruction 5020"/>
       <standard enabled="true" id="aperiodic_random" name="Aperiodic random overwrite"/>
+      <standard enabled="true" id="bl_ssd" name="Blancco SSD Erasure"/>
+      <standard enabled="true" id="bruce_schneier" name="Bruce Schneier's Algorithm"/>
       <standard enabled="true" id="bsi_vs" name="BSI-2011-VS"/>
       <standard enabled="true" id="bsi_gs" name="BSI-GS"/>
       <standard enabled="true" id="bsi_gse" name="BSI-GSE"/>
       <standard enabled="true" id="bsi_gsk" name="BSI-GSK"/>
-      <standard enabled="true" id="bl_ssd" name="Blancco SSD Erasure"/>
-      <standard enabled="true" id="bruce_schneier" name="Bruce Schneier's Algorithm"/>
       <standard enabled="true" id="cesg_higher" name="CESG CPA - Higher Level"/>
+      <standard enabled="true" id="crypto_erase" name="Sanitize Cryptographic Erasure"/>
       <standard enabled="true" id="dod" name="DoD 5220.22-M"/>
       <standard enabled="true" id="dod_ece" name="DoD 5220.22-M ECE"/>
-      <standard enabled="true" id="extended_firmware" name="Extended Firmware Based Erasure"/>
-      <standard enabled="true" id="firmware" name="Firmware Based Erasure"/>
-      <standard enabled="true" id="hmg_higher" name="HMG Infosec Standard 5, Higher Standard"/>
-      <standard enabled="true" id="hmg_lower" name="HMG Infosec Standard 5, Lower Standard"/>
-      <standard enabled="true" id="ieee_clear" name="IEEE 2883-2022 Clear"/>
-      <standard enabled="true" id="ieee_purge" name="IEEE 2883-2022 Purge"/>
-      <standard enabled="false" id="nist_pc" name="NIST 800-88" pattern="0x00" pattern_type="static"/>
       <standard enabled="true" id="nist_clear" name="NIST 800-88 Clear" pattern="0x00" pattern_type="static"/>
       <standard selected="true" enabled="true" id="nist_purge" name="NIST 800-88 Purge"/>
+      <standard enabled="true" id="firmware" name="Firmware Based Erasure"/>
+      <standard enabled="true" id="extended_firmware" name="Extended Firmware Based Erasure"/>
+      <standard enabled="true" id="hmg_lower" name="HMG Infosec Standard 5, Lower Standard"/>
+      <standard enabled="true" id="hmg_higher" name="HMG Infosec Standard 5, Higher Standard"/>
       <standard enabled="true" id="nsa" name="NSA 130-1"/>
       <standard enabled="true" id="ncsc" name="National Computer Security Center (NCSC-TG-025)"/>
       <standard enabled="true" id="navso" name="Navy Staff Office Publication (NAVSO P-5239-26)"/>
+      <standard enabled="true" id="tcg_crypto_erase" name="TCG Cryptographic Erasure"/>
       <standard enabled="true" id="opnavinst" name="OPNAVINST 5239.1A"/>
       <standard enabled="true" id="peter_gutmann" name="Peter Gutmann's Algorithm"/>
-      <standard enabled="true" id="rcmp_tssit" name="RCMP TSSIT OPS-II"/>
       <standard enabled="true" id="random_byte_3x" name="Random Byte Overwrite (3x)"/>
-      <standard enabled="true" id="crypto_erase" name="Sanitize Cryptographic Erasure"/>
-      <standard enabled="true" id="tcg_crypto_erase" name="TCG Cryptographic Erasure"/>
+      <standard enabled="true" id="rcmp_tssit" name="RCMP TSSIT OPS-II"/>
       <standard enabled="true" id="us_army" name="U.S. Army AR380-19"/>
+      <standard enabled="true" id="ieee_clear" name="IEEE 2883-2022 Clear"/>
+      <standard enabled="true" id="ieee_purge" name="IEEE 2883-2022 Purge"/>
+      <standard enabled="false" id="nist_pc" name="NIST 800-88" pattern="0x00" pattern_type="static"/>
     </erasure_standards>
-    <verification_standards type="array" key="standard">
-      <standard enabled="true" id="all_bytes_same" name="All bytes the same" pattern="0x00"/>
+
+    <verification_standards key="standard" type="array">
+      <standard enabled="true" id="all_bytes_same" pattern="0x00" name="All bytes the same"/>
       <standard enabled="true" id="all_ones" name="All ones"/>
-      <standard selected="true" enabled="true" id="all_sectors_same" name="All sectors the same"/>
+      <standard enabled="true" id="all_sectors_same" selected="true" name="All sectors the same"/>
       <standard enabled="true" id="all_zeros" name="All zeros"/>
     </verification_standards>
+
+    <adapters key="adapter" type="array"/>
+
     <network>
       <enabled>true</enabled>
       <dhcp>true</dhcp>
       <sshd>false</sshd>
       <looping>false</looping>
-      <address></address>
-      <mask></mask>
-      <gateway></gateway>
-      <dns1></dns1>
-      <dns2></dns2>
-      <vlan></vlan>
+      <address/>
+      <mask/>
+      <gateway/>
+      <dns1/>
+      <dns2/>
+      <vlan/>
     </network>
+
     <network_security>
       <enabled>false</enabled>
-      <certificate>false</certificate>
-      <protocols type="array" key="protocol">
+      <fallback>false</fallback>
+      <protocols key="protocol" type="array">
         <protocol selected="true">peap</protocol>
         <protocol>tls</protocol>
       </protocols>
-      <identity encrypted="false"></identity>
-      <password encrypted="false"></password>
+      <certificate>false</certificate>
+      <identity encrypted="false"/>
+      <password encrypted="false"/>
     </network_security>
-    <network_share>
-      <username encrypted="false">blancco</username>
-      <password encrypted="false">blancco</password>
-      <domain></domain>
-      <hostname>10.9.100.1</hostname>
-      <path>blancco-reports</path>
-      <protocols type="array" key="protocol">
-        <protocol selected="true">smb</protocol>
-      </protocols>
-    </network_share>
+
     <proxy>
-      <proxy_address encrypted="false"></proxy_address>
-      <proxy_port encrypted="false"></proxy_port>
-      <proxy_username encrypted="false"></proxy_username>
-      <proxy_password encrypted="false"></proxy_password>
+      <proxy_address encrypted="false"/>
+      <proxy_port encrypted="false"/>
+      <proxy_username encrypted="false"/>
+      <proxy_password encrypted="false"/>
     </proxy>
+
     <mc>
-      <username encrypted="false"></username>
-      <password encrypted="false"></password>
-      <hostname></hostname>
-      <port></port>
+      <username encrypted="false"/>
+      <password encrypted="false"/>
+      <hostname/>
+      <port/>
       <timeout>20</timeout>
       <validate_remote_certificate>true</validate_remote_certificate>
     </mc>
-    <workflow offline="false" default="false"></workflow>
+
+    <network_share>
+      <username encrypted="false">blancco</username>
+      <password encrypted="false">blancco</password>
+      <domain/>
+      <hostname>10.9.100.1</hostname>
+      <path>blancco-reports</path>
+      <protocols key="protocol" type="array">
+        <protocol selected="true">smb</protocol>
+      </protocols>
+    </network_share>
+
+    <workflow default="false" offline="false"/>
+
     <erasure>
-      <drive_self_test type="short">false</drive_self_test>
       <max_simultaneous_erasures>50</max_simultaneous_erasures>
       <remove_hidden_areas>false</remove_hidden_areas>
       <preserve_recovery_partition>false</preserve_recovery_partition>
@@ -177,10 +196,11 @@
       <fail_on_erasure_errors threshold="5">true</fail_on_erasure_errors>
       <fail_on_read_errors threshold="5">true</fail_on_read_errors>
       <verification>10</verification>
-      <enforced_rules type="array" key="rule">
+      <enforced_rules key="rule" type="array">
         <rule enabled="false" name="enforced_standard" standard_id="bl_ssd" target="ssd"/>
         <rule enabled="true" name="fallback_nist_standard" standard_id="nist_purge" fallback_id="nist_clear"/>
       </enforced_rules>
+      <drive_self_test type="short">false</drive_self_test>
       <fail_on_failed_self_test>false</fail_on_failed_self_test>
       <fail_on_low_erasure_speed threshold="1">false</fail_on_low_erasure_speed>
       <fail_on_timeout threshold="1">false</fail_on_timeout>
@@ -199,29 +219,36 @@
       <allow_tcg_reset_write_pointers>true</allow_tcg_reset_write_pointers>
       <allow_tcg_unmap>true</allow_tcg_unmap>
     </erasure>
+
     <fingerprint>
       <enabled>false</enabled>
       <location>67000</location>
     </fingerprint>
+
     <bootable_report>
       <enabled>true</enabled>
     </bootable_report>
+
     <format_disk>
       <enabled>false</enabled>
       <type>ntfs</type>
     </format_disk>
+
     <spin_down_idle_disk>
       <enabled>false</enabled>
     </spin_down_idle_disk>
+
     <raid>
       <show_logical_disks>false</show_logical_disks>
       <enable_passthrough>true</enable_passthrough>
       <kill_logical_disks>true</kill_logical_disks>
     </raid>
+
     <hotplug>
       <enabled>false</enabled>
       <timeout>30</timeout>
     </hotplug>
+
     <external_device_service>
       <enabled>false</enabled>
       <port>80</port>
@@ -237,24 +264,28 @@
         <test enabled="true">webcam</test>
       </hardware_tests>
     </external_device_service>
+
     <license>
       <provider>bios</provider>
       <provider_report>bios</provider_report>
       <edition>Enterprise Volume Edition</edition>
-      <offline></offline>
       <mode>Drive Eraser</mode>
+      <offline/>
     </license>
+
     <image>
-      <description></description>
+      <description/>
       <creation_date>2025-03-10</creation_date>
     </image>
+
     <customer_data>
-      <business_location></business_location>
+      <business_location/>
       <customer_license>General Electric Company</customer_license>
-      <erasure_person></erasure_person>
-      <erasure_provider></erasure_provider>
-      <business_name></business_name>
+      <erasure_person/>
+      <erasure_provider/>
+      <business_name/>
     </customer_data>
+
     <settings>
       <gui>
         <erasure_console>local</erasure_console>
@@ -292,8 +323,8 @@
         <accessibility>
           <available>false</available>
           <enabled>true</enabled>
-          <key_echo>true</key_echo>
           <speaking_rate>80</speaking_rate>
+          <key_echo>true</key_echo>
         </accessibility>
         <sound_level>70</sound_level>
         <input_method>
@@ -303,29 +334,7 @@
         </input_method>
       </gui>
     </settings>
-    <custom_fields type="array" key="custom_field">
-      <custom_field type="input" mandatory="true" locked="false" per_drive="false" show_in_editor="false" pattern="" hint="">
-        <name>custom_field_1</name>
-        <title>GERITM Number</title>
-        <value></value>
-      </custom_field>
-      <custom_field type="input" mandatory="true" locked="false" per_drive="false" show_in_editor="false" pattern="" hint="">
-        <name>custom_field_2</name>
-        <title>Device Name</title>
-        <value></value>
-      </custom_field>
-      <custom_field type="input" mandatory="true" locked="false" per_drive="false" show_in_editor="false" pattern="" hint="">
-        <name>custom_field_3</name>
-        <title>Device Serial Number</title>
-        <value></value>
-      </custom_field>
-      <custom_field type="input" mandatory="false" locked="true" per_drive="false" show_in_editor="false" pattern="" hint="">
-        <name>custom_field_4</name>
-        <title>Version</title>
-        <value>EVE_20250310</value>
-      </custom_field>
-    </custom_fields>
-    <exclude_verification_ranges type="array" key="exclude_verification_range"/>
+
     <report>
       <per_drive>false</per_drive>
       <auto_backup>true</auto_backup>
@@ -336,43 +345,81 @@
       <network_info>true</network_info>
       <custom_signature>
         <enabled>false</enabled>
-        <label></label>
+        <label/>
       </custom_signature>
       <drive_life_estimation>false</drive_life_estimation>
     </report>
+
+    <custom_fields type="array" key="custom_field">
+      <custom_field type="input" mandatory="true" locked="false" per_drive="false" show_in_editor="false" pattern="" hint="">
+        <name>custom_field_1</name>
+        <title>GERITM Number</title>
+        <value/>
+      </custom_field>
+      <custom_field type="input" mandatory="true" locked="false" per_drive="false" show_in_editor="false" pattern="" hint="">
+        <name>custom_field_2</name>
+        <title>Device Name</title>
+        <value/>
+      </custom_field>
+      <custom_field type="input" mandatory="true" locked="false" per_drive="false" show_in_editor="false" pattern="" hint="">
+        <name>custom_field_3</name>
+        <title>Device Serial Number</title>
+        <value/>
+      </custom_field>
+      <custom_field type="input" mandatory="false" locked="true" per_drive="false" show_in_editor="false" pattern="" hint="">
+        <name>custom_field_4</name>
+        <title>Version</title>
+        <value>EVE_20250310</value>
+      </custom_field>
+    </custom_fields>
+
+    <exclude_verification_ranges type="array" key="exclude_verification_range"/>
+
     <wireless>
-      <enabled>false</enabled>
-      <ssid encrypted="false"></ssid>
-      <password encrypted="false"></password>
+      <enabled>true</enabled>
+      <ssid encrypted="false">INTERNETACCESS</ssid>
+      <password encrypted="false">Acc3ssGr@nted22</password>
       <key_mgmt>WPA-PSK</key_mgmt>
       <scan_ssid>0</scan_ssid>
     </wireless>
+
     <cd_eject>
       <after_boot>true</after_boot>
       <after_erasure>false</after_erasure>
       <after_report>false</after_report>
       <at_shutdown>false</at_shutdown>
     </cd_eject>
+
     <system_shutdown>
       <after_erasure>false</after_erasure>
       <after_successful_erasure>false</after_successful_erasure>
     </system_shutdown>
+
     <system_restart>
       <after_erasure>false</after_erasure>
       <after_successful_erasure>false</after_successful_erasure>
     </system_restart>
-    <device_enrollment_detection>
-      <persistent_software>false</persistent_software>
-    </device_enrollment_detection>
+
     <vnc_remote>
       <enabled>false</enabled>
       <mode>viewer</mode>
-      <repeater_hostname></repeater_hostname>
+      <repeater_hostname/>
       <port>5900</port>
-      <password encrypted="false"></password>
+      <password encrypted="false"/>
     </vnc_remote>
-    <nvme_over_fabrics enabled="false" type="array" key="connection"/>
-    <adapters type="array" key="adapter"/>
+
+    <nvme_over_fabrics type="array" key="connection" enabled="false"/>
+
+    <update>
+      <enabled>false</enabled>
+      <intervals type="array" key="interval">
+        <interval selected="true">daily</interval>
+        <interval>weekly</interval>
+        <interval>monthly</interval>
+        <interval>no automatic check</interval>
+      </intervals>
+      <url>https://cdn.blancco.com/products/drive_eraser/download/ota/drive_eraser.json</url>
+    </update>
   </configuration>
 </root>
 <!-- JFLKHGDJLKFHGJCXLKGJFLKDJKLHFELIUFDSALDSAHGLSAVSHGSOFHDSAF -->