Swisstronik v3 Testnet

Upgrading Swisstronik to 1.0.2

This guide provides instructions for upgrading Swisstronik to 1.0.2 version

NOTE: This upgrade including some breaking changes (such as changing denom from uswtr to aswtr), so it's not possible to perform just a Software Upgrade

Before upgrade

Backup

Before the upgrade, please ensure, that you backuped following folders:

  • .swisstronik. This is required to be able to rollback upgrade

  • .swisstronik-enclave folder and enclave.signed.so file. This is required to be able to restore encryption key

Also it is recommended to backup swisstronikd binary

Install Intel SGX DCAP

Check DCAP Driver

Ensure that user under which you're running your node has access to SGX, by running the following command:

groups $USER

If you cannot see sgx and sgx_prv groups, add your user to them:

sudo groupadd sgx_prv
sudo usermod -a -G sgx_prv $USER
sudo usermod -a -G sgx $USER

Then run groups $USER again. If groups we're not updated, login again.

Install DCAP Libraries

Install required libraries by running the following command:

curl -fsSL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
. /etc/os-release; VERSION_CODENAME=${VERSION_CODENAME}
sudo add-apt-repository -y "deb https://download.01.org/intel-sgx/sgx_repo/ubuntu $VERSION_CODENAME main"
sudo apt-get update
sudo apt-get install -y \
    libsgx-aesm-launch-plugin \
    libsgx-enclave-common \
    libsgx-epid \
    libsgx-launch \
    libsgx-urts \
    libsgx-dcap-ql \
    libsgx-dcap-quote-verify \
    libsgx-dcap-default-qpl	\
    libsgx-quote-ex \
    libsgx-qe3-logic \
    libsgx-uae-service \
    libsgx-aesm-pce-plugin \
    libsgx-pce-logic \
    sgx-aesm-service \
    libsgx-aesm-ecdsa-plugin \
    libsgx-aesm-quote-ex-plugin \
    libsgx-ae-qve

sudo apt upgrade -y

NOTE: If you have 5th Generation Xeon SP, you have to install additional package:

sudo apt-get install -y sgx-ra-service

Configure Intel PCCS

You should configure Intel Quote Provider. Configuration file can be found here:

/etc/sgx_default_qcnl.conf

Update pccs_url value in that file and set it to:

"pccs_url": "https://api.trustedservices.intel.com/sgx/certification/v4/"

NOTE: If you're using Microsoft Azure to run your node, please refer their documentation, to set correct value for pccs_url. https://learn.microsoft.com/en-us/azure/security/fundamentals/trusted-hardware-identity-management

Download and install binaries

Download 1.0.2 binaries:

wget https://github.com/SigmaGmbH/swisstronik-chain/releases/download/testnet-v1.0.2/swisstronik_1.0.2_amd64.deb.zip

Extract downloaded archive and install binary:

unzip swisstronik_1.0.2_amd64.deb.zip

Install extracted deb package:

sudo dpkg -i swisstronik_1.0.2_amd64.deb

NOTE: if you have issue with libsnappy1v5, install it using:

sudo apt-get install libsnappy1v5 -y

To simplify process, you can copy v1.0.2_enclave.signed.so from /usr/lib to directory with already existing enclave.signed.so file. DO NOT replace enclave.signed.so, just put updated enclave file in the same folder.

Pass Remote Attestation

NOTE: Updated binary swisstronikd_v1.0.2 by default stored in /usr/local/bin. Updated enclave file by default stored in /usr/lib. NOTE: SEED_HOME env var was renamed to KEYMANAGER_HOME and should lead to directory with .keymanager (~/.swisstronik-enclave by default)

Request encryption keys using one of the following commands:

Using EPID:

ENCLAVE_HOME=<PATH_TO_ENCLAVE_FILE> KEYMANAGER_HOME=<PATH_TO_SECRETS_DIRECTORY> \ 
swisstronikd_v1.0.2 enclave request-epoch-keys-epid \
rpc.testnet.swisstronik.com:46789

Using DCAP: 

ENCLAVE_HOME=<PATH_TO_ENCLAVE_FILE> KEYMANAGER_HOME=<PATH_TO_SECRETS_DIRECTORY> \ 
swisstronikd_v1.0.2 enclave request-epoch-keys-dcap \
rpc.testnet.swisstronik.com:46788

NOTE: Do not replace your current binaries for now, use v1.0.1 swisstronikd to run your node

Set halt-height

Upgrade will take place at 5430000 block. Set halt-height in ~/.swisstronik/config/app.toml to 5430000 to stop your node on exact height.

NOTE: Once you changed app.toml file, please restart your validator

NOTE: Disable Restart=always in your .service file and run sudo systemctl daemon-reload. Otherwise, your validator will restart and continue produce blocks after halt height.

During the upgrade

NOTE: This part will be executed once block height will reach 5430000. You should wait until that moment.

Backup

Backup everything again. Please ensure, that you backuped following folders:

  • .swisstronik. This is required to be able to rollback upgrade

  • .swisstronik-enclave folder and enclave.signed.so file. This is required to be able to restore encryption key

Download latest genesis.json

Download genesis.json file from v1.0.2 release:

https://github.com/SigmaGmbH/swisstronik-chain/releases/download/testnet-v1.0.2/genesis.json

wget https://github.com/SigmaGmbH/swisstronik-chain/releases/download/testnet-v1.0.2/genesis.json

Update validator

  1. Backup .swisstronik/data/priv_validator_state.json, .swisstronik/config/priv_validator_key.json and .swisstronik/config/node_key.json

  2. Run swisstronikd tendermint unsafe-reset-all --keep-addr-book to clean all states. Also you should remove file .swisstronik/config/genesis.json.bak

  3. Replace .swisstronik/config/genesis.json with downloaded one

  4. Update min gas prices in app.toml to correct denom. Sample command: sed -i 's/minimum-gas-prices = "7uswtr"/minimum-gas-prices = "7aswtr"/' ~/.swisstronik/config/app.toml

  5. Restore .swisstronik/config/priv_validator_key.json and .swisstronik/config/node_key.json and `priv_validator_state.json`from backup.

  6. Set halt-height in .swisstronik/config/app.toml to 0

  7. Update .service file for your validator with updated binaries. Updated binary swisstronikd_v1.0.2 by default stored in /usr/local/bin. Updated enclave file by default stored in /usr/lib.

  8. Reload daemon sudo systemctl daemon-reload

  9. Restart your validator

NOTE: SEED_HOME env var was renamed to KEYMANAGER_HOME and should lead to directory with .keymanager (~/.swisstronik-enclave by default)

Troubleshooting

Cannot find `swisstronikd` binary

Download archive with old binaries from release https://github.com/SigmaGmbH/swisstronik-chain/releases/download/testnet-v1.0.2/old-binaries.zip

In case of missing libsgx_wrapper.x86_64.so copy that file from archive and put it in /usr/lib folder

PreviousUpgrade your testnet nodeNextSwisstronik v4 Testnet

Last updated