# Swisstronik v3 Testnet

## Upgrading Swisstronik to 1.0.2

This guide provides instructions for upgrading Swisstronik to 1.0.2 version

**NOTE**: This upgrade including some breaking changes (such as changing denom from `uswtr` to `aswtr`), so it's not possible to perform just a Software Upgrade

### Before upgrade

#### Backup

Before the upgrade, please ensure, that you backuped following folders:

* `.swisstronik`. This is required to be able to rollback upgrade
* `.swisstronik-enclave` folder and `enclave.signed.so` file. This is required to be able to restore encryption key

Also it is recommended to backup `swisstronikd` binary

#### Install Intel SGX DCAP

**Check DCAP Driver**

Ensure that user under which you're running your node has access to SGX, by running the following command:

```sh
groups $USER
```

If you cannot see `sgx` and `sgx_prv` groups, add your user to them:

```sh
sudo groupadd sgx_prv
sudo usermod -a -G sgx_prv $USER
sudo usermod -a -G sgx $USER
```

Then run `groups $USER` again. If groups we're not updated, login again.

**Install DCAP Libraries**

Install required libraries by running the following command:

```sh
curl -fsSL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
. /etc/os-release; VERSION_CODENAME=${VERSION_CODENAME}
sudo add-apt-repository -y "deb https://download.01.org/intel-sgx/sgx_repo/ubuntu $VERSION_CODENAME main"
sudo apt-get update
sudo apt-get install -y \
    libsgx-aesm-launch-plugin \
    libsgx-enclave-common \
    libsgx-epid \
    libsgx-launch \
    libsgx-urts \
    libsgx-dcap-ql \
    libsgx-dcap-quote-verify \
    libsgx-dcap-default-qpl	\
    libsgx-quote-ex \
    libsgx-qe3-logic \
    libsgx-uae-service \
    libsgx-aesm-pce-plugin \
    libsgx-pce-logic \
    sgx-aesm-service \
    libsgx-aesm-ecdsa-plugin \
    libsgx-aesm-quote-ex-plugin \
    libsgx-ae-qve

sudo apt upgrade -y
```

**NOTE**: If you have 5th Generation Xeon SP, you have to install additional package:

```sh
sudo apt-get install -y sgx-ra-service
```

**Configure Intel PCCS**

You should configure Intel Quote Provider. Configuration file can be found here:

```
/etc/sgx_default_qcnl.conf
```

Update `pccs_url` value in that file and set it to:

```
"pccs_url": "https://api.trustedservices.intel.com/sgx/certification/v4/"
```

**NOTE**: If you're using Microsoft Azure to run your node, please refer their documentation, to set correct value for `pccs_url`. <https://learn.microsoft.com/en-us/azure/security/fundamentals/trusted-hardware-identity-management>

#### Download and install binaries

Download 1.0.2 binaries:

```sh
wget https://github.com/SigmaGmbH/swisstronik-chain/releases/download/testnet-v1.0.2/swisstronik_1.0.2_amd64.deb.zip
```

Extract downloaded archive and install binary:

```sh
unzip swisstronik_1.0.2_amd64.deb.zip
```

Install extracted deb package:

```sh
sudo dpkg -i swisstronik_1.0.2_amd64.deb
```

**NOTE**: if you have issue with `libsnappy1v5`, install it using:

```sh
sudo apt-get install libsnappy1v5 -y
```

To simplify process, you can copy `v1.0.2_enclave.signed.so` from `/usr/lib` to directory with already existing `enclave.signed.so` file. **DO NOT** replace `enclave.signed.so`, just put updated enclave file in the same folder.

#### Pass Remote Attestation

**NOTE**: Updated binary `swisstronikd_v1.0.2` by default stored in `/usr/local/bin`. Updated enclave file by default stored in `/usr/lib`. \
**NOTE**: `SEED_HOME` env var was renamed to `KEYMANAGER_HOME` and should lead to directory with `.keymanager` (`~/.swisstronik-enclave` by default)

Request encryption keys using one of the following commands:

Using EPID:

```sh
ENCLAVE_HOME=<PATH_TO_ENCLAVE_FILE> KEYMANAGER_HOME=<PATH_TO_SECRETS_DIRECTORY> \ 
swisstronikd_v1.0.2 enclave request-epoch-keys-epid \
rpc.testnet.swisstronik.com:46789
```

Using DCAP:&#x20;

```sh
ENCLAVE_HOME=<PATH_TO_ENCLAVE_FILE> KEYMANAGER_HOME=<PATH_TO_SECRETS_DIRECTORY> \ 
swisstronikd_v1.0.2 enclave request-epoch-keys-dcap \
rpc.testnet.swisstronik.com:46788

```

{% hint style="danger" %}
**NOTE**: Do not replace your current binaries for now, use v1.0.1 `swisstronikd` to run your node
{% endhint %}

\
**Set `halt-height`**

Upgrade will take place at `5430000` block. Set `halt-height` in `~/.swisstronik/config/app.toml` to `5430000` to stop your node on exact height.

**NOTE**: Once you changed `app.toml` file, please restart your validator

**NOTE**: Disable `Restart=always` in your `.service` file and run `sudo systemctl daemon-reload`. Otherwise, your validator will restart and continue produce blocks after halt height.

### During the upgrade

{% hint style="warning" %}
**NOTE**: This part will be executed once block height will reach **`5430000`**. You should wait until that moment.
{% endhint %}

#### Backup

Backup everything again. Please ensure, that you backuped following folders:

* `.swisstronik`. This is required to be able to rollback upgrade
* `.swisstronik-enclave` folder and `enclave.signed.so` file. This is required to be able to restore encryption key

#### Download latest genesis.json

Download `genesis.json` file from v1.0.2 release:&#x20;

<https://github.com/SigmaGmbH/swisstronik-chain/releases/download/testnet-v1.0.2/genesis.json>

```sh
wget https://github.com/SigmaGmbH/swisstronik-chain/releases/download/testnet-v1.0.2/genesis.json
```

#### Update validator

1. Backup `.swisstronik/data/priv_validator_state.json`, `.swisstronik/config/priv_validator_key.json` and `.swisstronik/config/node_key.json`
2. Run `swisstronikd tendermint unsafe-reset-all --keep-addr-book` to clean all states. Also you should remove file `.swisstronik/config/genesis.json.bak`
3. Replace `.swisstronik/config/genesis.json` with downloaded one
4. Update min gas prices in `app.toml` to correct denom. Sample command: `sed -i 's/minimum-gas-prices = "7uswtr"/minimum-gas-prices = "7aswtr"/' ~/.swisstronik/config/app.toml`
5. Restore `.swisstronik/config/priv_validator_key.json` and `.swisstronik/config/node_key.json` and \``` priv_validator_state.json` ``from backup.
6. Set `halt-height` in `.swisstronik/config/app.toml` to `0`
7. Update `.service` file for your validator with updated binaries. Updated binary `swisstronikd_v1.0.2` by default stored in `/usr/local/bin`. Updated enclave file by default stored in `/usr/lib`.
8. Reload daemon `sudo systemctl daemon-reload`
9. Restart your validator

NOTE: `SEED_HOME` env var was renamed to `KEYMANAGER_HOME` and should lead to directory with `.keymanager` (`~/.swisstronik-enclave` by default)

### Troubleshooting&#x20;

#### Cannot find \`swisstronikd\` binary

Download archive with old binaries from release <https://github.com/SigmaGmbH/swisstronik-chain/releases/download/testnet-v1.0.2/old-binaries.zip>

In case of missing `libsgx_wrapper.x86_64.so` copy that file from archive and put it in `/usr/lib` folder