Add accepted MRTD values to TDX testnet chainspec

node/cli/src/chain_spec/dev.rs

@@ -13,7 +13,9 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
-use crate::chain_spec::{get_account_id_from_seed, provisioning_certification_key, ChainSpec};
+use crate::chain_spec::{
+    get_account_id_from_seed, provisioning_certification_key, ChainSpec, MrtdValues,
+};
 use crate::endowed_accounts::endowed_accounts_dev;
 
 use entropy_runtime::{
@@ -123,6 +125,7 @@ pub fn development_config() -> ChainSpec {
             vec![],
             get_account_id_from_seed::<sr25519::Public>("Alice"),
             devnet_four_node_initial_tss_servers(),
+            None,
         ))
         .build()
 }
@@ -148,6 +151,7 @@ pub fn devnet_local_four_node_config() -> crate::chain_spec::ChainSpec {
             vec![],
             get_account_id_from_seed::<sr25519::Public>("Alice"),
             devnet_local_docker_four_node_initial_tss_servers(),
+            None,
         ))
         .build()
 }
@@ -169,6 +173,7 @@ pub fn development_genesis_config(
         String,
         BoundedVecEncodedVerifyingKey,
     )>,
+    accepted_mrtd_values: Option<MrtdValues>,
 ) -> serde_json::Value {
     // Note that any endowed_accounts added here will be included in the `elections` and
     // `technical_committee` genesis configs. If you don't want that, don't push those accounts to
@@ -283,10 +288,10 @@ pub fn development_genesis_config(
             max_instructions_per_programs: INITIAL_MAX_INSTRUCTIONS_PER_PROGRAM,
             total_signers: TOTAL_SIGNERS,
             threshold: SIGNER_THRESHOLD,
-            accepted_mrtd_values: vec![
+            accepted_mrtd_values: accepted_mrtd_values.unwrap_or(vec![
                 BoundedVec::try_from([0; 48].to_vec()).unwrap(),
                 BoundedVec::try_from([1; 48].to_vec()).unwrap(),
-            ],
+            ]),
             ..Default::default()
         },
         "programs": ProgramsConfig {

node/cli/src/chain_spec/mod.rs

@@ -48,7 +48,10 @@ use serde_json::json;
 use sp_authority_discovery::AuthorityId as AuthorityDiscoveryId;
 use sp_consensus_babe::AuthorityId as BabeId;
 use sp_core::{sr25519, Pair, Public};
-use sp_runtime::traits::{IdentifyAccount, Verify};
+use sp_runtime::{
+    traits::{ConstU32, IdentifyAccount, Verify},
+    BoundedVec,
+};
 
 type AccountPublic = <Signature as Verify>::Signer;
 
@@ -216,3 +219,6 @@ pub fn authority_keys_from_seed(
         get_from_seed::<AuthorityDiscoveryId>(seed),
     )
 }
+
+/// Accepted build time measurement values for TDX attestation
+pub type MrtdValues = Vec<BoundedVec<u8, ConstU32<48>>>;

node/cli/src/chain_spec/tdx_testnet.rs

@@ -19,6 +19,14 @@ use entropy_runtime::wasm_binary_unwrap;
 use entropy_shared::{BoundedVecEncodedVerifyingKey, X25519PublicKey as TssX25519PublicKey};
 use sc_service::ChainType;
 use sp_core::sr25519;
+use sp_runtime::BoundedVec;
+
+/// The build time measurement value from the current entropy-tss VM images
+const ACCEPTED_MRTD: [u8; 48] = [
+    145, 235, 43, 68, 209, 65, 212, 236, 224, 159, 12, 117, 194, 197, 61, 36, 122, 60, 104, 237,
+    215, 250, 254, 138, 53, 32, 201, 66, 166, 4, 164, 7, 222, 3, 174, 109, 197, 248, 127, 39, 66,
+    139, 37, 56, 135, 49, 24, 183,
+];
 
 lazy_static::lazy_static! {
     pub static ref PCK: BoundedVecEncodedVerifyingKey = vec![
@@ -83,6 +91,7 @@ pub fn development_config() -> ChainSpec {
             vec![],
             get_account_id_from_seed::<sr25519::Public>("Alice"),
             tdx_devnet_four_node_initial_tss_servers(),
+            Some(vec![BoundedVec::try_from(ACCEPTED_MRTD.to_vec()).unwrap()]),
         ))
         .build()
 }