All coordination efforts will be done in the "SN Validators" Telegram group.
Make sure to backup your validator before making any changes.
Please read carefully before you begin the upgrade.
Various prerequisites should be installed and configured
After the installation, the secret node should perform an additional step, BEFORE the actual network upgrade (more on this later).
There are 9 steps to be performed. Steps 1-4 inclusive can be performed BEFORE the upgrade height is reached (or before the upgrade is even proposed). We recommend doing so, i.e. perform those steps in advance, to minimize the downtime during the upgrade.
Technically the DCAP attestation isn't required. If your node is already registered on the network then the attestation during the upgrade isn't necessary, and we still support EPID attestation anwayay. But we strongly recommend making sure it works nevertheless. The EPID would be phased-out by Intel on April 2025.
If your system has 5th Gen Intel® Xeon® Scalable Processor(s)
For the DCAP attestation to work, you'll need to register your platform with Intel. This is achieved by the following:
You can check the file /var/log/mpa_registration.log
, to see if the platform is registered successfully.
The Quote Provider library is needed to provide the data for DCAP attestation. It should be installed by now (by the previous section), but before using it should be configured. The configuration file should be here:
/etc/sgx_default_qcnl.conf
If you're running a physical machine
The simplest would be to use the PCCS run by SecretLabs. Modify the following parameters in the file:
You can set this parameter by the following command:
Cloud computers
For cloud computers, the cloud service providers may provide their own PCCS. Please see their documentation
Note: You'll need to restart the AESMD service each time the configuration is changed
Download and run the check-hw tool (included in the Release package). You should see the following:
That would mean all the above steps are ok, and you're good to go.
In case you see some error messages, but at the end the following:
That would mean there's a problem with DCAP attestation. However the EPID attestation still works. Although you may technically run the node, it's strongly recommended to fix this. The EPID will be phased-out by Intel on April 2025.
To get a more detailed error info, run check-hw --testnet
When the network reaches the halt height you'll see this message in your node's log (journalctl -fu secret-node
):
Then, follow those steps to upgrade for v1.13: :warning: Note: The below instructions assume default installation. DO NOT COPY-PASTE if config.toml
is not in ~/.secretd/config/config.toml
or if you modified /etc/systemd/system/secret-node.service
. If you have modified /etc/systemd/system/secret-node.service
, you will need to re-apply those changes post installation and pre service restart.
This step must be done manually, before the Node automatic upgrade
This node version supports both EPID (older) and DCAP (newer) attestation schemes. Before proceeding, it's recommended to verify that DCAP attestation works properly. Though it's not mandatory if your node is already registered on the network.
The above retrieves self attestation. And since --no-epid
flag is specified, that should be a DCAP attestation.
You can also verify that EPID attestation works, by the following command
After restarting the node with v1.13, you should see INF applying upgrade "v1.13" at height: ...
in the logs (journalctl -fu secret-node
). Once 67% of voting power comes online, you'll see blocks executing again.
When the network reaches the halt height, the Secret Network blockchain will be halted and validators will need to take action to upgrade the chain to the secretd v1.13 binary (be it manually or automatically).
The upgrade is anticipated to take approx 30 minutes, during which time, there will not be any on-chain activity on the network.
In the event of an issue at upgrade time, we should coordinate via the "SN Validators" Telegram group.
If as a result of a software bug the network fails to produce new blocks with the v1.13 binaries, the SCRT Labs team will distribute a v1.12 binary with a replacement v1.13 upgrade handler, which will allow the chain to revert to v1.12 while continuing to produce new blocks.