diff --git a/node/cli/src/chain_spec/dev.rs b/node/cli/src/chain_spec/dev.rs
index bdbdcf4a4..355785b55 100644
--- a/node/cli/src/chain_spec/dev.rs
+++ b/node/cli/src/chain_spec/dev.rs
@@ -13,7 +13,9 @@
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see .
-use crate::chain_spec::{get_account_id_from_seed, provisioning_certification_key, ChainSpec};
+use crate::chain_spec::{
+ get_account_id_from_seed, provisioning_certification_key, ChainSpec, MrtdValues,
+};
use crate::endowed_accounts::endowed_accounts_dev;
use entropy_runtime::{
@@ -123,6 +125,7 @@ pub fn development_config() -> ChainSpec {
vec![],
get_account_id_from_seed::("Alice"),
devnet_four_node_initial_tss_servers(),
+ None,
))
.build()
}
@@ -148,6 +151,7 @@ pub fn devnet_local_four_node_config() -> crate::chain_spec::ChainSpec {
vec![],
get_account_id_from_seed::("Alice"),
devnet_local_docker_four_node_initial_tss_servers(),
+ None,
))
.build()
}
@@ -169,6 +173,7 @@ pub fn development_genesis_config(
String,
BoundedVecEncodedVerifyingKey,
)>,
+ accepted_mrtd_values: Option,
) -> serde_json::Value {
// Note that any endowed_accounts added here will be included in the `elections` and
// `technical_committee` genesis configs. If you don't want that, don't push those accounts to
@@ -283,10 +288,10 @@ pub fn development_genesis_config(
max_instructions_per_programs: INITIAL_MAX_INSTRUCTIONS_PER_PROGRAM,
total_signers: TOTAL_SIGNERS,
threshold: SIGNER_THRESHOLD,
- accepted_mrtd_values: vec![
+ accepted_mrtd_values: accepted_mrtd_values.unwrap_or(vec![
BoundedVec::try_from([0; 48].to_vec()).unwrap(),
BoundedVec::try_from([1; 48].to_vec()).unwrap(),
- ],
+ ]),
..Default::default()
},
"programs": ProgramsConfig {
diff --git a/node/cli/src/chain_spec/mod.rs b/node/cli/src/chain_spec/mod.rs
index 1a6fab785..4e13ce939 100644
--- a/node/cli/src/chain_spec/mod.rs
+++ b/node/cli/src/chain_spec/mod.rs
@@ -48,7 +48,10 @@ use serde_json::json;
use sp_authority_discovery::AuthorityId as AuthorityDiscoveryId;
use sp_consensus_babe::AuthorityId as BabeId;
use sp_core::{sr25519, Pair, Public};
-use sp_runtime::traits::{IdentifyAccount, Verify};
+use sp_runtime::{
+ traits::{ConstU32, IdentifyAccount, Verify},
+ BoundedVec,
+};
type AccountPublic = ::Signer;
@@ -216,3 +219,6 @@ pub fn authority_keys_from_seed(
get_from_seed::(seed),
)
}
+
+/// Accepted build time measurement values for TDX attestation
+pub type MrtdValues = Vec>>;
diff --git a/node/cli/src/chain_spec/tdx_testnet.rs b/node/cli/src/chain_spec/tdx_testnet.rs
index 9b1c8feeb..bd025f544 100644
--- a/node/cli/src/chain_spec/tdx_testnet.rs
+++ b/node/cli/src/chain_spec/tdx_testnet.rs
@@ -19,6 +19,14 @@ use entropy_runtime::wasm_binary_unwrap;
use entropy_shared::{BoundedVecEncodedVerifyingKey, X25519PublicKey as TssX25519PublicKey};
use sc_service::ChainType;
use sp_core::sr25519;
+use sp_runtime::BoundedVec;
+
+/// The build time measurement value from the current entropy-tss VM images
+const ACCEPTED_MRTD: [u8; 48] = [
+ 145, 235, 43, 68, 209, 65, 212, 236, 224, 159, 12, 117, 194, 197, 61, 36, 122, 60, 104, 237,
+ 215, 250, 254, 138, 53, 32, 201, 66, 166, 4, 164, 7, 222, 3, 174, 109, 197, 248, 127, 39, 66,
+ 139, 37, 56, 135, 49, 24, 183,
+];
lazy_static::lazy_static! {
pub static ref PCK: BoundedVecEncodedVerifyingKey = vec![
@@ -83,6 +91,7 @@ pub fn development_config() -> ChainSpec {
vec![],
get_account_id_from_seed::("Alice"),
tdx_devnet_four_node_initial_tss_servers(),
+ Some(vec![BoundedVec::try_from(ACCEPTED_MRTD.to_vec()).unwrap()]),
))
.build()
}