NNS Updates 2025-08-15 (2)

Governance NNS proposal discussions
,
1

The NNS Team submitted the following proposals. DFINITY plans to vote on these proposals the following Monday.

Proposals to be Submitted

Cycles-minting

# Upgrade the Cycles-minting Canister to Commit 2407385

__Proposer__: jason.zhu at dfinity.org

__Source code__: [2407385056dbcd1d5eb15b84a9c0cd5f511ff997][new-commit]

[new-commit]: https://github.com/dfinity/ic/tree/2407385056dbcd1d5eb15b84a9c0cd5f511ff997


## Features & Fixes

###  Changed

The CMC's `set_authorized_subnetwork_list` method is now also callable by the Subnet Rental Canister, in addition to the NNS Governance Canister.


## New Commits

```
$ git log --format="%C(auto) %h %s" 4b7cde9a0e3b5ad4725e75cbc36ce635be6fa6a8..2407385056dbcd1d5eb15b84a9c0cd5f511ff997 --  ./rs/nns/cmc
 661c17a9a4 feat(cycles-minting): Allow Subnet Rental canister to tell Cycles Minting canister, "principal P is allowed to create canisters on subnet N". (#5652)
 af7da00221 chore(nervous-system): Update changelog for release 2025-07-30 (#6113)
 400e4f4eeb chore(cmc): Clean up StateV1 after migration (#6070)
```


## Upgrade Arguments

```candid
()
```


## Current Version

__Current git hash__: 4b7cde9a0e3b5ad4725e75cbc36ce635be6fa6a8

__Current wasm hash__: 4ca89381ad5bafcb66c0e5de51b5e78d2bdee582f5c7b7d046298cbf2bab9c11


## Verification

See the general instructions on [how to verify] proposals like this. A "quick
start" guide is provided here.

[how to verify]: https://github.com/dfinity/ic/tree/2407385056dbcd1d5eb15b84a9c0cd5f511ff997/rs/nervous_system/docs/proposal_verification.md


### WASM Verification

See ["Building the code"][prereqs] for prerequisites.

[prereqs]: https://github.com/dfinity/ic/tree/2407385056dbcd1d5eb15b84a9c0cd5f511ff997/README.adoc#building-the-code

```
# 1. Get a copy of the code.
git clone git@github.com:dfinity/ic.git
cd ic
# Or, if you already have a copy of the ic repo,
git fetch
git checkout 2407385056dbcd1d5eb15b84a9c0cd5f511ff997

# 2. Build canisters.
./ci/container/build-ic.sh -c

# 3. Fingerprint the result.
sha256sum ./artifacts/canisters/cycles-minting-canister.wasm.gz
```

This should match `wasm_module_hash` field of this proposal.


### Upgrade Arguments Verification

[`didc`][latest-didc] is required.

[latest-didc]: https://github.com/dfinity/candid/releases/latest

```
didc encode '()' | xxd -r -p | sha256sum

```

This should match the `arg_hash` field of this proposal.

Registry

# Upgrade the Registry Canister to Commit 2407385

__Proposer__: jason.zhu at dfinity.org

__Source code__: [2407385056dbcd1d5eb15b84a9c0cd5f511ff997][new-commit]

[new-commit]: https://github.com/dfinity/ic/tree/2407385056dbcd1d5eb15b84a9c0cd5f511ff997


## Features & Fixes

###  Added

- Added AMD SEV launch measurements to ReplicaVersionRecord, replacing the previous
  `guest_launch_measurement_sha256_hex` field with a new `guest_launch_measurements` field that can contain multiple
  measurements with metadata.

###  Removed

- Removed the `guest_launch_measurement_sha256_hex` field from ReplicaVersionRecord in favor of the
  `guest_launch_measurements` field.


## New Commits

```
$ git log --format="%C(auto) %h %s" 65f66f13fe07b3266ac9d1b44413fd5f0e9b4463..2407385056dbcd1d5eb15b84a9c0cd5f511ff997 --  ./rs/registry/canister
 98b37bf4ff chore: adding a test to ensure that two nodes can't be in the same subnet in the registry canister (#6200)
 84538856c2 feat: Add SEV measurements to ReplicaVersionRecord (#5966)
 a4c1c9bce1 chore: update rust to 1.88.0 (#6045)
 e8efa7288b chore: Remove deprecated `EcdsaInitialConfig` (#5950)
 b3d032a801 feat(idkg): [CON-1529] add `max_pre_signature_transcripts_in_creation` to `ChainKeyConfig` (#5972)
 aa0c00c9f8 test: Fix registry tests (#6009)
 4dc479127a docs(governance): Added entries to Governance backend CHANGELOGs for 2025-07-18. (#5980)
```


## Current Version

__Current git hash__: 65f66f13fe07b3266ac9d1b44413fd5f0e9b4463

__Current wasm hash__: 24465ad08cc136ac79e44512d5e82352fd2d916acaa44411aba217dce932b79a


## Verification

See the general instructions on [how to verify] proposals like this. A "quick
start" guide is provided here.

[how to verify]: https://github.com/dfinity/ic/tree/2407385056dbcd1d5eb15b84a9c0cd5f511ff997/rs/nervous_system/docs/proposal_verification.md


### WASM Verification

See ["Building the code"][prereqs] for prerequisites.

[prereqs]: https://github.com/dfinity/ic/tree/2407385056dbcd1d5eb15b84a9c0cd5f511ff997/README.adoc#building-the-code

```
# 1. Get a copy of the code.
git clone git@github.com:dfinity/ic.git
cd ic
# Or, if you already have a copy of the ic repo,
git fetch
git checkout 2407385056dbcd1d5eb15b84a9c0cd5f511ff997

# 2. Build canisters.
./ci/container/build-ic.sh -c

# 3. Fingerprint the result.
sha256sum ./artifacts/canisters/registry-canister.wasm.gz
```

This should match `wasm_module_hash` field of this proposal.

Root

# Upgrade the Root Canister to Commit 2407385

__Proposer__: jason.zhu at dfinity.org

__Source code__: [2407385056dbcd1d5eb15b84a9c0cd5f511ff997][new-commit]

[new-commit]: https://github.com/dfinity/ic/tree/2407385056dbcd1d5eb15b84a9c0cd5f511ff997


## Features & Fixes

###  Fixed

- A lock was added to `change_canister` to prevent two simultaneous upgrade operations from being executed  
  at the same time. The second upgrade will now fail immediately instead of attempting to run, which prevents
  dangerous edge cases where the canister is restarted by one operation while being upgraded by another.


## New Commits

```
$ git log --format="%C(auto) %h %s" 1377da9b6cec9d1b050864a44540311ae4be77d0..2407385056dbcd1d5eb15b84a9c0cd5f511ff997 --  ./rs/nns/handlers/root
 d04967f6f5 fix(sns/nns): Fix edge case where simultaneous upgrades can cause deadlock (#6127)
 6b037840af chore(nns/sns): Update changelogs for release (#6130)
```


## Current Version

__Current git hash__: 1377da9b6cec9d1b050864a44540311ae4be77d0

__Current wasm hash__: 995c91f5c404bd846caa1a99b6de970501db938e8c659253914aa97824dd9c7e


## Verification

See the general instructions on [how to verify] proposals like this. A "quick
start" guide is provided here.

[how to verify]: https://github.com/dfinity/ic/tree/2407385056dbcd1d5eb15b84a9c0cd5f511ff997/rs/nervous_system/docs/proposal_verification.md


### WASM Verification

See ["Building the code"][prereqs] for prerequisites.

[prereqs]: https://github.com/dfinity/ic/tree/2407385056dbcd1d5eb15b84a9c0cd5f511ff997/README.adoc#building-the-code

```
# 1. Get a copy of the code.
git clone git@github.com:dfinity/ic.git
cd ic
# Or, if you already have a copy of the ic repo,
git fetch
git checkout 2407385056dbcd1d5eb15b84a9c0cd5f511ff997

# 2. Build canisters.
./ci/container/build-ic.sh -c

# 3. Fingerprint the result.
sha256sum ./artifacts/canisters/root-canister.wasm.gz
```

This should match `wasm_module_hash` field of this proposal.
2

Proposal 137916 | Tim - CodeGov

image

Vote: Adopt

Reason: This proposal upgrades the Root canister. Build is successful, hashes match, commits match descriptions and the reasoning behind the changes is sound. Commits are reviewed below.

[d04967f6f5]
Puts in place a locking system whereby a canister can be marked as locked within a key-value map of canisters and requests when an upgrade of the canister is commenced. The map is contained within a new type NamedResourceGuard and the intention is to prevent the situation where a canister can become permanently deadlocked if two upgrade proposals are passed and executed at the same time.

[6b037840af]
Updates changelog files.

Proposal 137917

image

Vote: Adopt

Reason: This proposal upgrades the Registry canister. Build is successful, hashes match, commits match descriptions and the reasoning behind the changes is sound. Commits are reviewed below.

[98b37bf4ff]
Adds test_change_subnet_membership_duplicate_nodes. The first part of this test attempts to add a node to a subnet that is already in another subnet. The next part removes two nodes from a subnet in one operation then adds them to another subnet in a second operation. The title of this commit appears to have been mis-typed to say “two nodes … in the same subnet” instead of “the same node … in two subnets”.

[84538856c2]
Changes field guest_launch_measurement_sha256_hex to guest_launch_measurement within type ReviseElectedGuestosVersionsPayload. The changed field can be seen in the current GuestOS proposal (see the previous one for comparison). At its lowest level, the new field contains two subfields - measurement, representing the SEV-SNP measurement in a vector of 48 bytes, and metadata, optionally containing the command line string used to launch the guest. The value of this “measurement” is the hash of the replica image running on the virtual machine. Also related code and test changes as outlined in the commit description.

[a4c1c9bce1]
Updates Rust version from 1.86.0 to 1.88.0, along with related code changes including the specific changes listed in the commit notes.

[e8efa7288b]
Removes types EcdsaInitialConfig and EcdsaKeyRequest as these have now been superseded by InitialChainKeyConfig.

[b3d032a801]
Adds optional field max_parallel_pre_signature_transcripts_in_creation to type ChainKeyConfig. This represents the maximum number of pre-signature transcripts that can be worked on in parallel and is to be used in proposals that create a new subnet, update a subnet or update a recovery catch-up package.

[aa0c00c9f8]
Fixes an error in test_accepted_proposal_mutates_the_registry in which ReplicaVersion::default() was being used as the parameter for make_replica_version_key(...) (changed in this commit to "version_43") such that the test erroneously passed because the same MOCK_HASH value was being used in multiple code sections.

[4dc479127a]
Updates changelog files.

Proposal 137918

image

Vote: Adopt

Reason: This proposal upgrades the Cycles-Minting canister. Build is successful, hashes match, commits match descriptions and the reasoning behind the changes is sound. Commits are reviewed below.

[661c17a9a4]
Enables set_authorized_subnetwork_list to be called by both the governance canister and the subnet rental canister. (Previously only the governance canister could call it.) This function allows these canisters to authorise a principal to create canisters on a given set of subnets.

[af7da00221]
Updates changelog files.

[400e4f4eeb]
Removes code related to canister state StateV1 as the migration to StateV2 has now happened and these code sections are no longer needed.

About CodeGov
CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, API Boundary API Boundary Node Management, Node Admin and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neurons' Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralisation of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.
3

Adopt 137916

Proposal

Code Review

d04967f6f5: This fix prevents simultaneous upgrade attempts on the same canister by introducing a lock, ensuring that only one upgrade executes at a time. If two proposals collide, the second fails safely and can be retried with a new proposal, avoiding unsafe or permanently stopped canisters.
6b037840af: Update change logs.

Adopt 137917

Proposal

Code Review

98b37bf4ff: This commit adds a test to verify that a node cannot belong to multiple subnets in the registry canister, ensuring do_change_subnet_membership rejects such cases.
84538856c2: Add SEV measurements to ReplicaVersionRecord by replacing the deprecated guest_launch_measurement_sha256_hex field with a new GuestLaunchMeasurements message. It updates IC-OS builds, ic-admin, and system tests to handle the new measurement flow, along with test adjustments for compatibility.
a4c1c9bce1: chore update rust
e8efa7288b: Remove deprecated EcdsaInitialConfig
b3d032a801: Introduce an optional max_pre_signature_transcripts_in_creation parameter in ChainKeyConfig to limit how many pre-signature transcripts a subnet can create in parallel. It separates this from the stash size, allowing gradual creation of pre-signatures while improving threshold signature handling.
aa0c00c9f8: Fix registry tests.
4dc479127a: Update changelogs.

Adopt 137918

Proposal

Code Review

661c17a9a4: Enable the Subnet Rental canister to inform the Cycles Minting canister that a specific principal is authorized to create canisters on a given subnet, ensuring only the renter can deploy canisters there.
af7da00221: Update changelogs.
400e4f4eeb: Cleans up StateV1 following the migration to StateV2, without introducing any external behavioral changes.

4

proposals - [137916 - 137918] Cyberowl | CodeGov

137916-18
137916-181228×189 47.3 KB

Proposals:

137916
137917
137918

Vote: [ADOPT, ADOPT, ADOPT]

Reason & Feedback:

I successfully built and verified the hash. All the commit descriptions match their code changes.

Checks:

Hash Match: [PASS, PASS, PASS]
Target Canister: [PASS, PASS, PASS]
Proposer Check: [PASS, PASS, PASS]

Commits Summary

proposal/137916 (Root Canister)

d04967f6f5
Fixed a rare edge case in SNS/NNS root where simultaneous upgrade proposals could stop a canister permanently or upgrade unsafely—added a lock to block that. Second upgrade fails fast now, easy to recover with a new proposal.

6b037840af
Updated changelogs for NNS/SNS.

proposal/137917 (Registry)

98b37bf4ff
Added a test to check nodes can’t join two subnets at once, tries do_change_subnet_membership with a node already in another, expects invariant fail.

84538856c2
guest_launch_measurements is set to None. fetch_update_metadata_with_retry simplified to return just String.

a4c1c9bce1
Bumped Rust to 1.88.0. removed deprecated rls, disabled uninlined_format_args lint, fixed io_other_error/manual_contains warnings + more.

e8efa7288b
Removed deprecated EcdsaInitialConfig + EcdsaKeyRequest from registry canister/tests—superseded by InitialChainKeyConfig. Stripped refs from related files.

b3d032a801
Added max_pre_signature_transcripts_in_creation to ChainKeyConfig for controlling parallel pre-sig transcript work to fill the stash. Optional with None default for compat, part of threshold sig upgrades where pre-sigs go to replicated state over blocks.

aa0c00c9f8
Fixed registry tests: swapped ReplicaVersion::default() query for version_43, unique MOCK_HASH per file to dodge reuse.

4dc479127a
Update change logs.

proposal/137918 (Cycles-minting)

661c17a9a4
Updated main.rs to add a caller_id check in set_authorized_subnetwork_list, letting SUBNET_RENTAL_CANISTER_ID call it alongside governance_canister_id. Updated the panic msg to reflect both.

af7da00221
Update change logs.

400e4f4eeb
Removed StateV1 struct + fields like ledger_canister_id/governance_canister_id from main.rs, dropped the conditional migration block for version 1 + migrate_v1_to_v2 fn that mapped to StateV2 with defaults like subnet_rental_cycles_limit.

About CodeGov
CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron's Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.
5

Root
Root1587×164 31.9 KB

Reg
Reg1625×165 32.8 KB

cmc
cmc1704×225 48.9 KB