Add TDX test network chainspec #1204
Conversation
| @@ -283,10 +288,10 @@ pub fn development_genesis_config( | |||
| max_instructions_per_programs: INITIAL_MAX_INSTRUCTIONS_PER_PROGRAM, | |||
| total_signers: TOTAL_SIGNERS, | |||
| threshold: SIGNER_THRESHOLD, | |||
| accepted_mrtd_values: vec
There was a problem hiding this comment.
I'd say it's fine for now, if we use it more then we can move it somewhere better
| let tss_ip = std::env::var("ENTROPY_TESTNET_TSS_IP") | ||
| .expect("ENTROPY_TESTNET_TSS_IP environment variable to be set"); |
There was a problem hiding this comment.
Why panic here instead of having a fallback to a default IP?
There was a problem hiding this comment.
I'm not sure what default IP we can fallback to. localhost wont work because these are the IPs which the TSS nodes use to communicate with each other, and from the CVM point of view localhost is not the same as localhost on the host. I don't really want to hardcode the public IP of our current box.
| .with_name("Development") | ||
| .with_id("dev") |
There was a problem hiding this comment.
These should be updated to be "TDX-something"
| /// The configuration used for development. | ||
| /// | ||
| /// Since Entropy requires at two-of-three threshold setup, and requires an additional relayer node, | ||
| /// we spin up four validators: Alice, Bob, Charlie and Dave. | ||
| pub fn development_config() -> ChainSpec { |
| 139, 37, 56, 135, 49, 24, 183, | ||
| ]; | ||
|
|
||
| lazy_static::lazy_static! { |
There was a problem hiding this comment.
A comment explaining how to generate this would be helpful
There was a problem hiding this comment.
This is specific to our current box so probably this also should be read in from an environment variable or file no i think about it - but for now i will just put a comment explaining what it is.
| @@ -215,3 +219,6 @@ pub fn authority_keys_from_seed( | |||
| get_from_seed::<AuthorityDiscoveryId>(seed), | |||
| ) | |||
| } | |||
|
|
|||
| /// Accepted build time measurement values for TDX attestation | |||
| pub type MrtdValues = Vec<BoundedVec<u8, ConstU32<48>>>; | |||
There was a problem hiding this comment.
I'd say it's fine for now, if we use it more then we can move it somewhere better
* master: Add TDX test network chainspec (#1204) Test CLI command to retrieve quote and change endpoint / TSS account in one command (#1198) Bump the patch-dependencies group with 2 updates (#1212) Bump thiserror from 2.0.4 to 2.0.6 in the patch-dependencies group (#1206) Downgrade parity-scale-codec as version we currently use has been yanked (#1205) Bump clap from 4.5.22 to 4.5.23 in the patch-dependencies group (#1202)
This add a chainspec type for the setup i am currently using for a simple test network with the TSS servers running in TDX virtual machines.
It is just the development chainspec with a custom TSS endpoint (we need TSS nodes to have their public IP address), custom PCK certificates (we can't use the mock ones), and a custom accepted MRTD value from the entropy-tss VM image i am currently using.
I don't want to hardcode the IP address as i think it will probably change (hopefully we find something cheaper!), so it is read from an environment variable.
Currently the PCK is hard-coded. Ideally i would like to read it in from a certificate file, using the same code that the staking extension pallet uses to extract and verify PCKs from certificates. But this would mean having the staking pallet be a direct dependency of the node CLI, which is kinda weird. Maybe that code should be extracted to a separate crate. Since this code may change anyway if we switch to using dcap-qvl, i am going to kick this decision down the road.
For details of how the TSS nodes are deployed see entropyxyz/tdx-build-system#5