Proposal to elect new release rc--2025-07-31_03-32

Governance NNS proposal discussions
,
1

Hello there!

We are happy to announce that voting is now open for a new GuestOS release.
The NNS proposal is here: IC NNS Proposal 137678.

Here is a summary of the changes since the last GuestOS release:

Release Notes for release-2025-07-31_03-32-base (21a02f483fa8028568f4c2c5920ec960c87269c0)

This release is based on changes since release-2025-07-24_03-31-base (615045e039c57ed842c689e49a07ab3de3a8a781).

Please note that some commits may be excluded from this release if they’re not relevant, or not modifying the GuestOS image.
Additionally, descriptions of some changes might have been slightly modified to fit the release notes format.

To see a full list of commits added since last release, compare the revisions on GitHub.

Features:

  • e9f4cf612 Consensus,Execution,Interface: Increase subnet memory capacity to 2 TiB and subnet memory threshold to 750 GiB (#6086)
  • fd9024f23 Consensus,Interface: Allow full pre-signatures to be delivered with the batch (#6019)
  • da2a54e71 Execution,Interface: Resolve and pair full pre-signatures with request contexts (#6049)
  • 4d644f4c7 Execution,Interface: Add registry_version to subnet_info mgmt endpoint (#5800)
  • 2c22d31ff Execution,Interface: Make cycles charging dependent on registry flag (#5847)
  • 696d448ff Interface(governance): Add validation and fix display for reward_account (#6033)
  • cbbbc1dee Interface,Node: Implement SEV-based key derivation (#6112)
  • e266e4926 Node: Resurrect dfinity.system kernel arg (#6072)
  • 417b4de76 Node: Only configure GuestOS SSH keys if TEE is not enabled (#6012)

Bugfixes:

  • b2a9d2250 Consensus,Interface: Log sender reply callback instead of request ID (#6102)
  • 401e39350 Consensus,Interface: Use ReplicaVersion in CanisterHttpResponseShare (#6026)
  • 4b583cebe Consensus,Interface,Node(recovery): use zstd instead of gzip (#6023)

Chores:

  • 82d7b064b Execution,Interface: Add logs in system API to track whether bitcoin methods are called on the management canister (#6088)
  • 3c6a516cc Interface: Cleanup handling of malicious images (#6039)
  • 19ac53f96 Interface,Message Routing: Move testing only Functions in the State Manager into Testing Traits (#6030)
  • c7993fa04 Interface,Message Routing: Move Proto Conversions in State Layout to own Files (#6081)
  • 72e046612 Interface,Node: Move SEV host functionality to submodule in order to separate host and guest (#6111)
  • beea51add Node: Consolidate read_grubenv and write_grubenv references (#6062)
  • 5a1c00c6b Node: Update Base Image Refs [2025-07-24-0804] (#6044)

Refactoring:

  • 2f3964fa8 Execution,Interface,Message Routing: Remove special handling of empty target_id from replicated_state (#6051)

Full list of changes (including the ones that are not relevant to GuestOS) can be found on GitHub.

IC-OS Verification

To build and verify the IC-OS GuestOS disk image, after installing curl if necessary (sudo apt install curl), run:

# From https://github.com/dfinity/ic#verifying-releases
curl -fsSL https://raw.githubusercontent.com/dfinity/ic/master/ci/tools/repro-check | python3 - -c 21a02f483fa8028568f4c2c5920ec960c87269c0 --guestos

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

While not required for this NNS proposal, as we are only electing a new GuestOS version here, you have the option to verify the build reproducibility of the HostOS by passing --hostos to the script above instead of --guestos, or the SetupOS by passing --setupos.

1 Like
2

Hello there!

We are happy to announce that voting is now open for a new HostOS release.
The NNS proposal is here: IC NNS Proposal 137679.

Here is a summary of the changes since the last HostOS release:

Release Notes for release-2025-07-31_03-32-base (21a02f483fa8028568f4c2c5920ec960c87269c0)

This release is based on changes since release-2025-07-24_03-31-base (615045e039c57ed842c689e49a07ab3de3a8a781).

Please note that some commits may be excluded from this release if they’re not relevant, or not modifying the HostOS image. Additionally, descriptions of some changes might have been slightly modified to fit the release notes format.

To see a full list of commits added since last release, compare the revisions on GitHub.

Features:

Chores:

  • 3c6a516cc Interface: Cleanup handling of malicious images (#6039)
  • 72e046612 Interface,Node: Move SEV host functionality to submodule in order to separate host and guest (#6111)
  • b5ebec114 Interface,Node: Extract reusable device-related code and add small improvements (#6060)
  • 27813e55a Node: Clean up references to 20.04 (#5789)
  • beea51add Node: Consolidate read_grubenv and write_grubenv references (#6062)
  • 5a1c00c6b Node: Update Base Image Refs [2025-07-24-0804] (#6044)

Full list of changes (including the ones that are not relevant to HostOS) can be found on GitHub.

IC-OS Verification

To build and verify the IC-OS HostOS disk image, after installing curl if necessary (sudo apt install curl), run:

# From https://github.com/dfinity/ic#verifying-releases
curl -fsSL https://raw.githubusercontent.com/dfinity/ic/master/ci/tools/repro-check | python3 - -c 21a02f483fa8028568f4c2c5920ec960c87269c0 --hostos

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

While not required for this NNS proposal, as we are only electing a new HostOS version here, you have the option to verify the build reproducibility of the GuestOS by passing --guestos to the script above instead of --hostos, or the SetupOS by passing --setupos.

1 Like
3

Proposal: 137678 & 137679 - Manvick | ZenithCode

Summary:

  1. Build Hash: The build hash matches
  2. Summary: The release notes matches the code changes
  3. Vote: Adopt

137678 & 137679
137678 & 1376791938×934 264 KB

Commits

Features:

  • e9f4cf612 Consensus,Execution,Interface: Increase subnet memory capacity to 2 TiB and subnet memory threshold to 750 GiB (#6086)
    Review: Matches description + changes are appropriate
    Notes: Updates SUBNET_MEMORY_THRESHOLD from 450GB to 750GB SUBNET_MEMORY_CAPACITY from 1TB to 2TB.

  • fd9024f23 Consensus,Interface: Allow full pre-signatures to be delivered with the batch (#6019)
    Review: Matches description + changes are appropriate
    Notes: Updates in batch_delivery.rs to enable sending the full set of available pre-signature IDs with a block batch. Updates response of system calls get_idkg_subnet_public_keys_and_pre_signatures to return AvailablePreSignatures and MasterPublicKey. Code-cleanup and tests updates.

  • da2a54e71 Execution,Interface: Resolve and pair full pre-signatures with request contexts (#6049)
    Review: Matches description + changes are appropriate
    Notes: Updates match_pre_signatures_by_key_id in threshold_signatures.rs that pairs pre-signatures with waiting requests, for both ECDSA and Schnorr schemes. Also updates signer.rs to pair full iDKG pre-signatures with their associated request contexts. Related changes in consumers and tests. To ensure backward compatibility we are populating both context.matched_pre_signature (just the ID of the matched pre-signature) and context.args.pre_signature (full pre-signature data).

  • 4d644f4c7 Execution,Interface: Add registry_version to subnet_info mgmt endpoint (#5800)
    Review: Matches description + changes are appropriate
    Notes: Updates SubnetInfoResponse to include registry_version required for canister migration.

  • 2c22d31ff Execution,Interface: Make cycles charging dependent on registry flag (#5847)
    Review: Matches description + changes are appropriate
    Notes: Updates in CyclesAccountManager to support dynamic cycle charging based on a new param cost_schedule CanisterCyclesCostSchedule. cost_schedule enum has two variants: Normal (standard charging) and Free (no cycles charged). Updates related consumers and tests.

  • 696d448ff Interface(governance): Add validation and fix display for reward_account (#6033)
    Review: Matches description + changes are appropriate
    Notes: Adds validation validate_account_identifier to require 32-byte account identifier with checksum. This validation is used in both update_node_provider and AddOrRemoveNodeProvider. Also updates NodeProvider.reward_account to return 32-byte account identifier for valid accountIds and return the 28-byte accountId otherwise to ensure compatibility. Updates related consumers and tests.

  • cbbbc1dee Interface,Node: Implement SEV-based key derivation (#6112)
    Review: Matches description + changes are appropriate
    Notes: Introduces SevKeyDeriver - derivation provider that uses the SEV firmware to derive keys. The derive_key method derives a 32-byte key from the SEV firmware and applies HKDF with context-specific info and returns Base64 encoded key.

  • e266e4926 Node: Resurrect dfinity.system kernel arg (#6072)
    Review: Matches description + changes are appropriate
    Notes: Reintroduces the dfinity.system kernel argument in IC bootloader config.

  • 417b4de76 Node: Only configure GuestOS SSH keys if TEE is not enabled (#6012)
    Review: Matches description + changes are appropriate
    Notes: Updates guestos.bzl to include SSH key setup only when TEE is disabled. Adds setup-ssh-user-keys-guestos.sh to only set up SSH user keys if the node’s TEE is disabled. Updated references for hostos but no changes in logic.

Bugfixes:

  • b2a9d2250 Consensus,Interface: Log sender reply callback instead of request ID (#6102)
    Review: Matches description + changes are appropriate
    Notes: Fixes Http outcalls logs to log request_sender and sender_reply_callback_id instead of request_id.

  • 401e39350 Consensus,Interface: Use ReplicaVersion in CanisterHttpResponseShare (#6026)
    Review: Matches description + changes are appropriate
    Notes: Updates CanisterHttpResponseShare struct to include ReplicaVersion. Updates in pool_manager.rs where incoming redundant shares generated by nodes running the current replica version are marked as Invalid (HandleInvalid), and shares from outdated versions are now removed (RemoveUnvalidated) instead of being marked invalid. Added related tests.

  • 4b583cebe Consensus,Interface,Node(recovery): use zstd instead of gzip (#6023)
    Review: Matches description + changes are appropriate
    Notes: Updates compression and decompression commands to correctly use tar --zstd -cf and tar -xf for zst files.

Chores:

  • 82d7b064b Execution,Interface: Add logs in system API to track whether bitcoin methods are called on the management canister (#6088)
    Review: Matches description + changes are appropriate
    Notes: Added logs to catch instances where Bitcon API is called directly on the management canister. This is in preparation of deprecation of the Bitcoin API via the management canister.

  • 3c6a516cc Interface: Cleanup handling of malicious images (#6039)
    Review: Matches description + changes are appropriate
    Notes: Refactoring to use MaliciousBehavior instead of MaliciousBehaviour for standardization. Also updates malicious_behavior_log_entry.proto to better capture malicious behavior in logs.

  • 19ac53f96 Interface,Message Routing: Move testing only Functions in the State Manager into Testing Traits (#6030)
    Review: Matches description + changes are appropriate
    Notes: Code refactoring to move test-only functions from the state_manager to testing trait.

  • c7993fa04 Interface,Message Routing: Move Proto Conversions in State Layout to own Files (#6081)
    Review: Matches description + changes are appropriate
    Notes: Code refactoring to move protobuf conversion logic out of state_layout.rs and into a new module state_layout/proto.rs.

  • 72e046612 Interface,Node: Move SEV host functionality to submodule in order to separate host and guest (#6111)
    Review: Matches description + changes are appropriate
    Notes: Code refactoring to move SEV host functionality to a new module under rs/ic_os/os_tools/sev/src/host/mod.rs.

  • beea51add Node: Consolidate read_grubenv and write_grubenv references (#6062)
    Review: Matches description + changes are appropriate
    Notes: Code refactoring to move common grub utilities (read_grubenv and write_grubenv) for IC-OS components in ic-os/components/upgrade/grub.sh to reduce redundancy.

  • 5a1c00c6b Node: Update Base Image Refs [2025-07-24-0804] (#6044)
    Review: Matches description + changes are appropriate
    Notes: Updates base container image references.

Refactoring:

  • 2f3964fa8 Execution,Interface,Message Routing: Remove special handling of empty target_id from replicated_state (#6051)
    Review: Matches description + changes are appropriate
    Notes: Code clean-up to remove dead code handling empty target_id from replicated_state after the deprecation of compute_initial_i_dkg_dealings endpoint.
About Zenith Code

Zenith Code is a comprehensive platform dedicated to advancing the Internet Computer ecosystem. It offers an interactive live coding and learning environment tailored for Motoko and ICP, making it easy for new developers to onboard through hands-on challenges and real-time code execution.

Beyond education, Zenith Code actively supports the decentralization and governance of the Internet Computer. As a registered node provider, we help run the network’s infrastructure, and through our known neuron, we actively review and vote on IC OS version election proposals.

Explore more at zenithcode.ai.

4

Proposal: 137678 & 137679 - Ipsita | ZenithCode

Summary:

  1. Build Hash: Build has from the proposal, local build and CDN matches and is “8cbd94cb8bfeb5bdd362ef7de6676a51a52427ddff9bafc1e2884316485f519c”.
  2. Summary: The release notes matches the code changes
  3. Vote: I vote to adopt the proposals

137678
1376781932×926 280 KB

Commits

Features:

  • e9f4cf612 Consensus,Execution,Interface: Increase subnet memory capacity to 2 TiB and subnet memory threshold to 750 GiB (#6086)
    Notes: This commit updates SUBNET_MEMORY_CAPACITY from NumBytes::new(TIB) to NumBytes::new(2 * TIB) and SUBNET_MEMORY_THRESHOLD from NumBytes::new(450 * GIB) to NumBytes::new(750 * GIB), and modifies the test to check memory usage against 2 * 1024 * 1024 * 1024 * 1024 bytes.
    Review: Code changes look good and match release notes.

  • fd9024f23 Consensus,Interface: Allow full pre-signatures to be delivered with the batch (#6019)
    Notes: This commit changes the type of available_pre_signatures from Vec to BTreeMap<PreSigId, Option>, and adds delivery of current IDKG key transcripts to ConsensusResponse for full pre-signature support while keeping behavior unchanged by populating the map with None values.
    Review: Code changes look good and match release notes.

  • da2a54e71 Execution,Interface: Resolve and pair full pre-signatures with request contexts (#6049)
    Notes: Updates ExecutionPayload::resolve_pre_signatures() to pair request contexts with both matched_pre_signature (ID) and args.pre_signature (full PreSignature), ensuring backward compatibility by setting both fields during context resolution.
    Review: Code changes look good and match release notes.

  • 4d644f4c7 Execution,Interface: Add registry_version to subnet_info mgmt endpoint (#5800)
    Notes: This commit adds registry_version: RegistryVersion to the RegistryExecutionSettings and includes it in the subnet_info management canister response (SubnetInfoResponse), updating the relevant encoding/decoding logic, test utilities, and candid interface (ic.did) to support canister migration features that depend on registry version tracking.
    Review: Code changes look good and match release notes.

  • 2c22d31ff Execution,Interface: Make cycles charging dependent on registry flag (#5847)
    Notes: This commit modifies CyclesAccountManager and its interface to make cycle charging conditional based on the canister_cycles_cost_schedule flag from the registry, propagating the registry flag into replicated state and system APIs.
    Review: Code changes look good and match release notes.

  • 696d448ff Interface(governance): Add validation and fix display for reward_account (#6033)
    Notes: Adds validation to ensure reward_account fields in NodeProvider include a checksum via validate_account_identifier, and updates display logic to use the standard 32-byte account identifier format with checksum to improve compatibility with dashboards and external tools.
    Review: Code changes look good and match release notes.

  • cbbbc1dee Interface,Node: Implement SEV-based key derivation (#6112)
    Notes: This commit implements SEV-based key derivation by introducing SevKeyDeriver, which uses the SEV Secure Processor’s get_derived_key API and HKDF with SHA-256 to generate purpose-specific base64-encoded keys (e.g., for disk encryption).
    Review: Code changes look good and match release notes.

  • e266e4926 Node: Resurrect dfinity.system kernel arg (#6072)
    Notes: Restores the dfinity.system kernel parameter by adding it to guestOS and hostOS boot arguments, refactors bootloader and filesystem paths from /grub to /boot/grub, and updates scripts and systemd generators to dynamically read the parameter from /proc/cmdline for boot partition management.
    Review: Code changes look good and match release notes.

  • 417b4de76 Node: Only configure GuestOS SSH keys if TEE is not enabled (#6012)
    Notes: This commit splits the SSH key setup into separate scripts for GuestOS and HostOS, renames the original setup script for HostOS, and modifies the GuestOS setup script to copy authorized SSH keys only if the TEE (enable_trusted_execution_environment) is disabled to enhance conditional key provisioning.
    Review: Code changes look good and match release notes.

Bugfixes:

  • b2a9d2250 Consensus,Interface: Log sender reply callback instead of request ID (#6102)
    Notes: This commit corrects log statements in the execution environment and HTTPS outcalls client to use sender_reply_callback and sender instead of mismatched request IDs to ensure consistent tracing of canister HTTP request and response pairs.
    Review: Code changes look good and match release notes.

  • 401e39350 Consensus,Interface: Use ReplicaVersion in CanisterHttpResponseShare (#6026)
    Notes: This commit introduces a ReplicaVersion field in CanisterHttpResponseMetadata (including protobuf and decoding logic), updates the consensus pool manager to validate artifacts against the current replica version, and adds tests to ensure outdated canister HTTP shares are correctly rejected without triggering alerts.
    Review: Code changes look good and match release notes.

  • 4b583cebe Consensus,Interface,Node(recovery): use zstd instead of gzip (#6023)
    Notes: The commit replaces incorrect tar options that invoked gzip (-z) with the correct --zstd flag to properly handle .tar.zst files to ensure recovery artifacts are compressed and extracted using Zstandard.
    Review: Code changes look good and match release notes.

Chores:

  • 82d7b064b Execution,Interface: Add logs in system API to track whether bitcoin methods are called on the management canister (#6088)
    Notes: This commit improves observability by injecting structured info! logs when deprecated Bitcoin-related methods (BitcoinGetBalance, BitcoinGetUtxos, BitcoinSendTransaction, etc.) are invoked via the management canister, achieved by passing the caller canister ID and a ReplicaLogger reference into the system API’s resolve_destination and route_bitcoin_message functions and propagating those changes through the call graph and test cases.
    Review: Code changes look good and match release notes.

  • 3c6a516cc Interface: Cleanup handling of malicious images (#6039)
    Notes: Fixes a typo by standardizing the spelling from “behaviour” to “behavior” across the codebase.
    Review: Code changes look good and match release notes.

  • 19ac53f96 Interface,Message Routing: Move testing only Functions in the State Manager into Testing Traits (#6030)
    Note: This commit moves testing-only functions like flush_deallocation_channel and purge_manifest into a new StateManagerTesting trait, replaces the use of latest_state_certification_hash() with latest_state_height() in tests and updates related imports.
    Review: Code changes look good and match release notes.

  • c7993fa04 Interface,Message Routing: Move Proto Conversions in State Layout to own Files (#6081)
    Notes: Refactors the state layout module by extracting Protobuf conversion functions and related implementations into separate dedicated files to improve code readability and modularity by isolating serialization logic from core state layout code.
    Review: Code changes look good and match release notes.

  • 72e046612 Interface,Node: Move SEV host functionality to submodule in order to separate host and guest (#6111)
    Notes: Refactors the code by moving all SEV host functionality into a dedicated submodule, separating host and guest responsibilities to improve code modularity and maintainability.
    Review: Code changes look good and match release notes.

  • beea51add Node: Consolidate read_grubenv and write_grubenv references (#6062)
    Notes: This commit centralizes grub environment handling by moving the read_grubenv and write_grubenv functions into a new shared script sourced by multiple components, updates all callers to use this script, modifies write_grubenv to accept explicit boot_alternative and boot_cycle parameters, and removes duplicated function definitions across scripts for cleaner code.
    Review: Code changes look good and match release notes.

  • 5a1c00c6b Node: Update Base Image Refs [2025-07-24-0804] (#6044)
    Notes: Updates the base container image references to newer versions to have secure container images.
    Review: Code changes look good and match release notes.

Refactoring:

  • 2f3964fa8 Execution,Interface,Message Routing: Remove special handling of empty target_id from replicated_state (#6051)
    Notes: Removes the special case that handled empty target_id by deleting the conditional branch that returned a default zeroed NiDkgTargetId when target_id was empty and now it directly attempts to parse target_id as a 32-byte ID and returns an error if invalid, reflecting the removal of legacy support for the deprecated compute_initial_i_dkg_dealings endpoint.
    Review: Code changes look good and match release notes.
About Zenith Code

Zenith Code is a comprehensive platform dedicated to advancing the Internet Computer ecosystem. It offers an interactive live coding and learning environment tailored for Motoko and ICP, making it easy for new developers to onboard through hands-on challenges and real-time code execution.Beyond education, Zenith Code actively supports the decentralization and governance of the Internet Computer. As a registered node provider, we help run the network’s infrastructure, and through our known neuron, we actively review and vote on IC OS version election proposals.Explore more at zenithcode.ai.

5

Proposal 137678 & 137679 | Yuvika - Zentih Code

Summary

  1. Vote: Adopt
  2. Hash: Hashes match
  3. Reasons to adopt: Builds fine + hashes match + release notes match the commits.

image
image1932×922 237 KB

Commits

Features:

  • e9f4cf612
    Summary: Increase subnet memory capacity to 2 TiB and subnet memory threshold to 750 GiB.
    Notes: Increase the subnet memory capacity SUBNET_MEMORY_CAPACITY from 1 TiB to 2 TiB and subnet memory threshold SUBNET_MEMORY_THRESHOLD from 450 GiB to 750 GiB.
    Review: The description matches the code changes.
  • fd9024f23
    Summary: Allow full pre-signatures to be delivered with the batch.
    Notes: Update get_idkg_subnet_public_keys_and_pre_signatures to return AvailablePreSignatures and MasterPublicKey. And add logic to enable sending available pre-signature IDs with a block batch.
    Review: The description matches the code changes.
  • da2a54e71
    Summary: Resolve and pair full pre-signatures with request contexts.
    Notes: Add logic to ensure full pre-signatures are delivered and the context is paired with it by populating the field context.args.pre_signature. For backward compatibility, both fields context.matched_pre_signature and context.args.pre_signature are populated.
    Review: The description matches the code changes.
  • 4d644f4c7
    Summary: Add registry_version to subnet_info mgmt endpoint.
    Notes: Add registry_version to the subnet info endpoint, necessary for the canister migration feature.
    Review: The description matches the code changes.
  • 2c22d31ff
    Summary: Make cycles charging dependent on registry flag.
    Notes: Add logic to support dynamic cycle charging based on param CanisterCyclesCostSchedule in CyclesAccountManager, which can be either Normal or Free.
    Review: The description matches the code changes.
  • 696d448ff
    Summary: Add validation and fix display for reward_account.
    Notes: Add validation for node provider reward accounts to ensure they
    include checksums and add logic to display a 32-byte account identifier format with checksum.
    Review: The description matches the code changes.
  • cbbbc1dee
    Summary: Implement SEV-based key derivation.
    Notes: Implement SevKeyDeriver, which uses HKDF and get_derived_key API to derive the keys; they are encoded with base64 so that they can be entered manually if necessary.
    Review: The description matches the code changes.
  • e266e4926
    Summary: Resurrect dfinity.system kernel arg.
    Notes: Add kernel argument dfinity.system back, in IC bootloader config.
    Review: The description matches the code changes.
  • 417b4de76
    Summary: Only configure GuestOS SSH keys if TEE is not enabled.
    Notes: Add ic-os/components/ssh/setup-ssh-user-keys/setup-ssh-user-keys-guestos.sh to set up SSH user keys if the TEE is disabled for a given node and update guestos.bzl to include SSH key setup when TEE is disabled.
    Review: The description matches the code changes.

Bugfixes:

  • b2a9d2250
    Summary: Log sender reply callback instead of request ID.
    Notes: Add reply_callback_id and request_sender instead of request_id to the Http outcalls logs.
    Review: The description matches the code changes.
  • 401e39350
    Summary: Use ReplicaVersion in CanisterHttpResponseShare.
    Notes: Add ReplicaVersion to the CanisterHttpResponseMetadata
    struct, such that an alert is not raised when CanisterHttpPoolManager rejects artifacts if they are from an older replica version.
    Review: The description matches the code changes.
  • 4b583cebe
    Summary: use zstd instead of gzip.
    Notes: Use tar -xf and tar --zstd -cf for the decompression and compression, respectively, for zst files.
    Review: The description matches the code changes.

Chores:

  • 82d7b064b
    Summary: Add logs in system API to track whether bitcoin methods are called on the management canister.
    Notes: Add logs in the system API to track deprecated Bitcoin API’s that are called on the management canister in preparation for fully removing this code from the replica.
    Review: The description matches the code changes.
  • 3c6a516cc
    Summary: Cleanup handling of malicious images.
    Notes: Update the spelling of malicious_behaviour to malicious_behavior, MaliciousBehavior instead of MaliciousBehaviour and malicious_behaviour_log_entry to malicious_behavior_log_entry.
    Review: The description matches the code changes.
  • 19ac53f96
    Summary: Move testing only Functions in the State Manager into Testing Traits.
    Notes: Refactor test code from the state_manager to testing trait.
    Review: The description matches the code changes.
  • c7993fa04
    Summary: Move Proto Conversions in State Layout to own Files.
    Notes: Move protobuf conversions into a separate module state_layout/proto.rs to improve readability.
    Review: The description matches the code changes.
  • 72e046612
    Summary: Move SEV host functionality to submodule in order to separate host and guest.
    Notes: Refactor code and move SEV host functionality to a separate module rs/ic_os/os_tools/sev/src/host/mod.rs.
    Review: The description matches the code changes.
  • b5ebec114
    Summary: Extract reusable device-related code and add small improvements.
    Notes: Move device-related code in guest_vm_runner to a separate crate, as it is useful in other code paths. Moreover, add a fix for a race condition that occurs when attaching a disk image to a loop device, since finding a free loop device and attaching the image is not atomic
    Review: The description matches the code changes.
  • 27813e55a
    Summary: Clean up references to 20.04.
    Notes: Update Ubuntu package from Focal (20.04) to Noble (24.04).
    Review: The description matches the code changes.
  • beea51add
    Summary: Consolidate read_grubenv and write_grubenv references.
    Notes: Update ic-os/components/upgrade/grub.sh, which consists of common grub utilities for IC-OS components.
    Review: The description matches the code changes.
  • 5a1c00c6b
    Summary: Update Base Image Refs [2025-07-24-0804].
    Notes: Update the base image references used for IC OS.
    Review: The description matches the code changes.

Refactoring:

  • 2f3964fa8
    Summary: Remove special handling of empty target_id from replicated_state.
    Notes: Remove deprecated endpoint compute_initial_i_dkg_dealings and migrate to reshare_chain_key and clean up the special case from the replicated state, which was used during the migration.
    Review: The description matches the code changes.
About Zenith Code

Zenith Code is a comprehensive platform dedicated to advancing the Internet Computer ecosystem. It offers an interactive live coding and learning environment tailored for Motoko and ICP, making it easy for new developers to onboard through hands-on challenges and real-time code execution. Beyond education, Zenith Code actively supports the decentralization and governance of the Internet Computer. As a registered node provider, we help run the network’s infrastructure, and through our known neuron, we actively review and vote on IC OS version election proposals. Explore more at zenithcode.ai.

6

proposals - [137678, 137679] Cyberowl | CodeGov

ic_os
ic_os1263×566 105 KB

Proposals:

137678
137679

Vote: [ADOPT, ADOPT]

Reason & Feedback:

I successfully built and verified the hash for GuestOS and HostOS. All the commit descriptions match their code changes.

Checks:

Hash Match: [PASS, PASS]
2 Urls: [PASS, PASS]
Proposer Check: [PASS, PASS]

Overall Summary:

Validation for node provider reward accounts to ensure they include checksums, reducing the likelihood of invalid accounts, and enforces this in add/remove node provider proposals. Updates the consensus mechanism to deliver a map of pre-signature IDs to optional full pre-signatures in batches to execution. Consolidates the duplicated read_grubenv and write_grubenv functions.

Commits Summary

proposal/137678

e9f4cf612
Enhance the subnet memory limits. Update SUBNET_MEMORY_THRESHOLD to 750 GiB and SUBNET_MEMORY_CAPACITY to 2 TiB.

fd9024f23
Updates the consensus mechanism to deliver a map of pre-signature IDs to optional full pre-signatures in batches to execution, initially setting all values to None to maintain current logic while preparing for future full pre-signature delivery. It also includes all current IDKG key transcripts in the batch for potential use.

da2a54e71
Updates the system to deliver both pre-signature IDs and full pre-signatures to execution, populating both the matched_pre_signature ID field and the new pre_signature field in request contexts for compatibility during the transition.

4d644f4c7
Adds the registry_version field to the subnet_info management endpoint response to support upcoming canister migration features. It updates the execution environment and tests to include and verify the registry version in subnet info queries.

2c22d31ff
registry flag and canister_cycles_cost_schedule, to control cycles charging in rental subnets, making it dependent on whether the subnet should charge cycles for operations like creation, execution, and memory usage. It propagates this flag through various layers.

696d448ff
Validation for node provider reward accounts to ensure they include checksums, reducing the likelihood of invalid accounts, and enforces this in add/remove node provider proposals. It also updates the display of reward accounts to always show the 32-bit version with checksums for consistency.

cbbbc1dee
Adds a brand-new rs/ic_os/sev module that asks the AMD SEV firmware for a 32-byte seed, runs it through HKDF, and returns a base-64 key

e266e4926
Brings back ‘dfinity.system’ kernel argument by updating boot argument templates and related scripts to use ‘/boot’ paths consistently for GRUB and EFI configurations.

417b4de76
Modifies SSH key configuration to only set up GuestOS SSH keys when TEE is not enabled, introducing separate scripts for GuestOS and HostOS.

b2a9d2250
Fixes logging in the execution environment and HTTPS outcalls client by replacing the request ID with the sender reply callback ID for consistency in linking log lines related to canister HTTP requests and responses.

401e39350
Adds the ReplicaVersion to CanisterHttpResponseMetadata, allowing the CanisterHttpPoolManager to reject artifacts from older replica versions without alerting.

4b583cebe
This commit switches from gzip to zstd compression for recovery artifacts in scripts and recovery processes to improve efficiency. It updates tar commands in recovery engine, dummy archive generation, and state recovery steps to use zstd explicitly.

82d7b064b
The commit adds logging in the system API to track deprecated calls to Bitcoin methods via the management canister, preparing for their removal.

3c6a516cc
This commit cleans up handling of malicious images by unifying spelling to ‘behavior’ and updating configurations and protobuf definitions accordingly. It renames and adjusts malicious_behaviour to malicious_behavior in configs, logs.

19ac53f96
The commit moves testing-only functions from the State Manager implementation to testing traits to improve code organization. It relocates functions like latest_state_certification_hash, flush_deallocation_channel, and test_only_send_wait_to_tip_channel.

c7993fa04
Relocates protobuf conversions from the state_layout module to a new proto submodule. It moves From/TryFrom implementations for various state components into the new module and adjusts imports accordingly.

72e046612
The commit reorganizes SEV host functionality into a submodule to separate host and guest code, updating imports in configuration and VM runner files. It renames and adjusts paths for SEV certificate providers and testing mocks.

beea51add
Consolidates the duplicated read_grubenv and write_grubenv functions, which handle GRUB environment variables for boot alternatives and cycles, into a new shared script at /opt/ic/bin/grub.sh to reduce code redundancy across IC-OS components. This shared script is now sourced in files like guestos-recovery-upgrader.sh, manageboot.sh, and mount generators for both GuestOS and HostOS, with updates to function calls to pass parameters explicitly where needed.

5a1c00c6b
Update base image refs.

2f3964fa8
Removes the context.target_id.is_empty check.

proposal/137679

b5ebec114
Device-handling logic that had been buried in guest_vm_runner was split out into a new reusable rs/ic_os/device crate, and all Bazel/Cargo manifests were updated to include it. Along the way the loop-device attach code now retries on EBUSY, eliminating a race when multiple processes fight for the same device.

27813e55a
Every hard-coded Ubuntu 20.04 (Focal) reference across build docs, Dockerfiles, CI workflows, test-VM templates and Ansible configs was bumped to Ubuntu 24.04 (Noble).

About CodeGov
CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron's Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.
7

Proposal 137678 & 137679 - Hamish | CodeGov

I was again unable to successfully run the build script due to the error in the screenshot below. But a few others have managed to do so, and in my opinion all of the commits listed in the proposal look fine, so I have opted to adopt the proposals.

Screenshot 2025-08-02 at 22.58.41
Screenshot 2025-08-02 at 22.58.411660×960 300 KB

Features:

  • e9f4cf612 Consensus,Execution,Interface: Increase subnet memory capacity to 2 TiB and subnet memory threshold to 750 GiB (#6086)
    Review: Looks fine + matches description
    Notes: Doubles the max subnet memory capacity to 2TB and increases the threshold at which “reserved cycles” will start being charged from 450GB to 750GB.

  • fd9024f23 Consensus,Interface: Allow full pre-signatures to be delivered with the batch (#6019)
    Review: Looks fine + matches description
    Notes: Updates each batch to contain the new AvailablePreSignatures type which itself contains the key transcript and then a map of presignature Id to Option<PreSignature>. For now the presignatures will always be set to None, the full presignatures are added in commit da2a54e71. Then whenever the key transcript changes the presignatures will be cleared from the replicated state.

  • da2a54e71 Execution,Interface: Resolve and pair full pre-signatures with request contexts (#6049)
    Review: Looks fine + matches description
    Notes: Follows on from commit fd9024f23 by populating the AvailablePreSignatures with the full presignatures and then switches match_pre_signatures_by_key_id over to using AvailablePreSignatures rather than the set of presignature Ids so it is able to match each signing context with the full presignature.

  • 4d644f4c7 Execution,Interface: Add registry_version to subnet_info mgmt endpoint (#5800)
    Review: Looks fine + matches description
    Notes: Adds the registry_version field to the RegistryExecutionSettings within the execution environment, then uses it to populate the new registry_version field of the subnet_info management canister function.

  • 2c22d31ff Execution,Interface: Make cycles charging dependent on registry flag (#5847)
    Review: Looks fine + matches description
    Notes: Updates the CyclesAccountManager to use the newly added CanisterCyclesCostSchedule enum which indicates if a subnet should charge cycles or not. The majority of the changes in this PR are simply passing the new cost_schedule field through the various layers of the replica.

  • 696d448ff Interface(governance): Add validation and fix display for reward_account (#6033)
    Review: Looks fine + matches description
    Notes: Adds the new validate_add_or_remove_node_provider which, when adding a node provider, validates that the NP doesn’t already exist and that the account identifier provider is valid, or when removing a NP, validates that the NP does exist. Then also updates how account identifiers are returned to always include the checksum.

  • cbbbc1dee Interface,Node: Implement SEV-based key derivation (#6112)
    Review: Looks fine + matches description
    Notes: Introduces the (currently unused) SevKeyDeriver which uses HKDF to derive new keys given the SEV firmware and the disk encryption key.

  • e266e4926 Node: Resurrect dfinity.system kernel arg (#6072)
    Review: Looks fine + matches description
    Notes: Modifies the filesystem path at which the grubenv is stored (/grub/boot/grub) and then reintroduces the dfinity.system arg, set to A or B, which is used to set the CURRENT_SYSTEM variable which itself is used to distinguish between partitions.

  • 417b4de76 Node: Only configure GuestOS SSH keys if TEE is not enabled (#6012)
    Review: Looks fine + matches description
    Notes: Renames the setup-ssh-user-keys.sh script to setup-ssh-user-keys-hostos.sh and modifies it to avoid setting up GuestOS SSH keys, then introduces the setup-ssh-user-keys-guestos.sh script which only configures GuestOS SSH keys if icos_settings.enable_trusted_execution_environment is not set to true.

Bugfixes:

  • b2a9d2250 Consensus,Interface: Log sender reply callback instead of request ID (#6102)
    Review: Looks fine + matches description
    Notes: Fixes the ability to link the HTTP outcall log entries which were added in last week’s release to use the reply_callback_id rather than the request_id since the callback Ids will always be consistent whereas the request Ids will differ most of the time.

  • 401e39350 Consensus,Interface: Use ReplicaVersion in CanisterHttpResponseShare (#6026)
    Review: Looks fine + matches description
    Notes: Adds the replica_version field to CanisterHttpResponseMetadata then uses it to determine if invalid shares need to be handled (when the versions match) or can be dropped (when the versions differ).

  • 4b583cebe Consensus,Interface,Node(recovery): use zstd instead of gzip (#6023)
    Review: Looks fine + matches description
    Notes: Switches a few tar files to be created using zstd compression rather than gzip.

Chores:

  • 82d7b064b Execution,Interface: Add logs in system API to track whether bitcoin methods are called on the management canister (#6088)
    Review: Looks fine + matches description
    Notes: Writes a log entry each time a Bitcoin method is called on the management canister, this is because these Bitcoin methods are deprecated and these log entries will highlight if they are still in use at all.

  • 3c6a516cc Interface: Cleanup handling of malicious images (#6039)
    Review: Looks fine + matches description
    Notes: Replaces all usages of “behaviour” with “behavior” and also splits how the test driver loads malicious images by splitting the malicious arg into uses_guestos_malicious_img and uses_guestos_malicious_update.

  • 19ac53f96 Interface,Message Routing: Move testing only Functions in the State Manager into Testing Traits (#6030)
    Review: Looks fine + matches description
    Notes: Cleans up the StateManager by moving functionality that is only used for tests to the StateManagerTesting trait.

  • c7993fa04 Interface,Message Routing: Move Proto Conversions in State Layout to own Files (#6081)
    Review: Looks fine + matches description
    Notes: Moves a few functions which convert to/from protobuf out of state_layout.rs and into their own proto module.

  • 72e046612 Interface,Node: Move SEV host functionality to submodule in order to separate host and guest (#6111)
    Review: Looks fine + matches description
    Notes: Adds the host module to the ic_sev package and moves all functionality specific to the host into it.

  • b5ebec114 Interface,Node: Extract reusable device-related code and add small improvements (#6060)
    Review: Looks fine + matches description
    Notes: Moves the device_mapping and mount modules out of guest_vm_runner and into their own new ic_device package so they can be reused by other components, then also fixes a race condition within LoopDeviceWrapper by adding a retry pattern.

  • 72e046612 Interface,Node: Move SEV host functionality to submodule in order to separate host and guest (#6111)
    Review: Looks fine + matches description
    Notes: Adds the host module to the ic_sev package and moves all functionality specific to the host into it.

  • beea51add Node: Consolidate read_grubenv and write_grubenv references (#6062)
    Review: Looks fine + matches description
    Notes: Consolidates the duplicated read_grubenv and write_grubenv implementations into the new grub.sh script.

  • 5a1c00c6b Node: Update Base Image Refs [2025-07-24-0804] (#6044)
    Review: Looks fine + matches description
    Notes: Updates the base IC-OS image references.

Refactoring:

  • 2f3964fa8 Execution,Interface,Message Routing: Remove special handling of empty target_id from replicated_state (#6051)
    Review: Looks fine + matches description
    Notes: Removes a special case from the function which decodes serialized ReshareChainKeyContext instances which handles the target_id being empty, since this was only used during the migration from the now deprecated compute_initial_i_dkg_dealings function.
About CodeGov - reliable, credible, and sensible NNS governance
CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron's Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.
8

Proposals #137678 GuestOS, & 137679 HostOS — ZoLee | CodeGov

Release-2025-07-31_03-32-base

Vote: Adopted

Reason:
The build is successful and all three hashes match, as well as all the listed commits match their descriptions.

Screenshot From 2025-08-03 12-39-38
Screenshot From 2025-08-03 12-39-381726×704 145 KB

The main change is doubling subnet memory capacity to 2 TB and increasing subnet memory threshold to 750 GB (currently 450).

Commits

-GuestOS-

-HostOS-

About CodeGov
CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron's Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.
9

Proposals 137678 & 137679 | Tim - CodeGov

Screenshot 2025-08-04 114525
Screenshot 2025-08-04 1145251244×328 15.6 KB

Vote: Adopt

Reason: Build is successful, hashes match, commits match descriptions and the reasoning behind the changes is essentially sound. The HostOS commits (proposal 137679) mostly overlap the GuestOS commits (proposal 137678). I’ve reviewed commits for Consensus and Interface as detailed below.

Review

Features:

[e9f4cf612]
Increases SUBNET_MEMORY_THRESHOLD from 450 GiB to 750 GiB and SUBNET_MEMORY_CAPACITY from 1 TiB to 2 TiB.

[fd9024f23]
Removes get_pre_signature_ids_to_deliver and merges the logic from this function into get_idkg_subnet_public_keys (renamed as get_idkg_subnet_public_keys_and_pre_signatures). The old function returned a BTreeMap with MasterPublicKeyId as keys and a BTreeSet of PreSigIds as the value for each key. The new function returns (as part of a tuple) an optional full pre-signature as the value in this key-value pair. For now this value is set to None. This is to be used in the delivery of finalised blocks to the execution layer.

[696d448ff]
Adds method Governance::validate_add_or_remove_node_provider. This serves to validate a proposal to add or remove a node provider with respect to the expected requirements (fields not missing, can’t add an already existing node provider, etc) and to ensure that the account identifier is 32 bytes long (so that it includes the checksum).

[cbbbc1dee]
Adds logic to implement SEV-based key derivation using the HKDF Rust crate, matching the commit description.

Bugfixes:

[b2a9d2250]
Adds sender ID to the logging output of canister http requests and responses. Changes request_id to reply_callback_id in the canister http response logging.

[401e39350]
Adds field replica_version to types CanisterHttpResponseMetadata and CanisterHttpResponseWithConsensus. This is then used in CanisterHttpPoolManagerImpl::validate_shares to ensure that only artifacts from the current replica version are validated.

[4b583cebe]
Changes tar zcf <filename>.tar.zst to tar --zstd -cf <filename>.tar.zst (for compressing a file) and tar zxf "<filename>.tar.zst" to tar -xf "<filename>.tar.zst" (for extracting a file) within GuestOS recovery scripts. The old version is appropriate for gzip compression but mis-tags the files with .zst, and would fail if used in conjunction with external scripts. The new version fixes this and uses the compression method appropriate to the .zst file type.

Chores:

[3c6a516cc]
Several changes with respect to the handling of state manager behaviour, malicious node behaviour and related behavioural issues, most notably changing “behaviour” to “behavior” in 260 instances across the code.
OK now… (Takes deep slow breath.) Give me a moment while I work out how to handle this. :thinking:
@Bownairo The change from “behaviour” to “behavior” is a change from UK (and several other countries) spelling to US spelling. By all means call it a switch to US spelling for the sake of consistency across the code base. I’m all for consistency in whatever form it ends up taking, so no problem there. But for the love of trans-Atlantic harmony please don’t refer to it as “the more common variant”. Quora is chock-full of ridiculous arguments between people who get really touchy about this sort of thing. I’m sure the last thing we’d want to start seeing in this forum is ridiculous arguments between people getting really touchy about things. :zipper_mouth_face:
Also some minor test refactoring, but I’m still recovering from the spelling thing so I’ll leave this to other reviewers.*

[19ac53f96]
Moves test helper flush_deallocation_channel into the StateManagerTesting trait and consolidates other state manager test code.

[c7993fa04]
Moves From and TryFrom conversions out of rs/state_layout/src/state_layout.rs and into a new file.

[72e046612]
Moves the full content of rs/ic_os/sev/src/lib.rs into a new module, host, along with firmware.rs and testing.rs from the same directory.

[5a1c00c6b]
Updates GuestOS, HostOS and SetupOS base image container references.

HostOS-only commits:

[b5ebec114]
Moves device-related code from os_tools/guest_vm_runner/ into a new crate, ic_device, for the sake of reusability. Also adds a method LoopDeviceWrapper::attach_to_next_free in order to solve a parallel testing problem.

[27813e55a]
Updates references to Ubuntu version 20.04 to version 24.04.

* I did come back to this. The test refactoring essentially splits the test condition malicious: use the malicious disk image into two possibilities, designated uses_guestos_malicious_img: the test uses the malicious GuestOS image and uses_guestos_malicious_update: the test uses the malicious GuestOS update image.

About CodeGov
CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, API Boundary API Boundary Node Management, Node Admin and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neurons' Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralisation of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.
2 Likes
10

Proposal 137678-137679 | Gautier - Reviewing those proposals for free before next season.

New HostOS/GuestOS version.

Build Success, Hashes match.

Screenshot 2025-08-01 at 17.28.11
Screenshot 2025-08-01 at 17.28.111920×1008 210 KB

Vote : Approve

Features:

[e9f4cf612] Consensus,Execution,Interface: Increase subnet memory capacity to 2 TiB and subnet memory threshold to 750 GiB (#6086) - Just 2 constants updates, following commit description.

[fd9024f23] Consensus,Interface: Allow full pre-signatures to be delivered with the batch (#6019) - remove the get_pre_signature_ids_to_deliver method and modify get_idkg_subnet_public_keys to become get_idkg_subnet_public_keys_and_pre_signatures and return also the set of pre-signature IDs to be delivered in the batch of this block. Logic seems similar, and tests are updated accordingly..

[da2a54e71] Execution,Interface: Resolve and pair full pre-signatures with request contexts (#6049) - this commit fill build_signature_inputs for Ecdsa and Schnorr algo, and create the ThresholdSigInputsRef which contains all info, that’ll then use to translate.

remove the options on pre_signatures datastructure, as pre-signatures are now resolved during batch delivery.

[4d644f4c7] Execution,Interface: Add registry_version to subnet_info mgmt endpoint (#5800) - it basicly just add registry_version to the subnet_info. Registry version is defined by :


pub struct RegistryVersionTag {}

/// A type representing the registry's version.

pub type RegistryVersion = AmountOf<RegistryVersionTag, u64>;

ie : a u64 encapsuled by AmountOf.

[2c22d31ff] Execution,Interface: Make cycles charging dependent on registry flag (#5847) - In rental subnet, Canister creation/execution and memory doesnt have to pay for cycles. It’s a long PR, but mostly because this one has impact on a lot of already existed method. It’s difficult to know if nothing is missing, but the commit meet the description and LGTM.

[696d448ff] Interface(governance): Add validation and fix display for reward_account (#6033) - Not sure to understand why this commit is in this IC-OS topics, but it add Action::AddOrRemoveNodeProvider commande on governance. update also reward_account to return the 32-byte identifiers (28-byte identifiers with the checksum)

[cbbbc1dee] Interface,Node: Implement SEV-based key derivation (#6112) - impl SevKeyDeriver, where SimpleHkdf is used to derive the key using the SEV firmware, in base64 format.

[e266e4926] Node: Resurrect dfinity.system kernel arg (#6072) - change path for grub file : /grub to /boot/grub.

[417b4de76] Node: Only configure GuestOS SSH keys if TEE is not enabled (#6012) - ic-os/components/ssh/setup-ssh-user-keys/setup-ssh-user-keys.sh renamed to ic-os/components/ssh/setup-ssh-user-keys/setup-ssh-user-keys-hostos.sh.

add ic-os/components/ssh/setup-ssh-user-keys/setup-ssh-user-keys-guestos.sh, where copy_ssh_keys is done only if TEE is enable. LGTM.

Bugfixes:

[b2a9d2250] Consensus,Interface: Log sender reply callback instead of request ID (#6102) - Just adding sender print in logs.

[401e39350] Consensus,Interface: Use ReplicaVersion in CanisterHttpResponseShare (#6026) - replica_version is added on CanisterHttpResponseMetadata. it’s added so that CanisterHttpPoolManager can reject if ReplicaVersion is different without raising alerts.

[4b583cebe] Consensus,Interface,Node(recovery): use zstd instead of gzip (#6023) - use zstd instead of gzip. Note that the extension was wrong before.

Chores:

[82d7b064b] Execution,Interface: Add logs in system API to track whether bitcoin methods are called on the management canister (#6088) - Add a log in route_bitcoin_message, as it is deprecated. Method will be removed in the future.

[3c6a516cc] Interface: Cleanup handling of malicious images (#6039) - Renaming Behaviour to Behavior. Refacto from malicious parameter to uses_guestos_malicious_update and uses_guestos_malicious_img for tests.

[19ac53f96] Interface,Message Routing: Move testing only Functions in the State Manager into Testing Traits (#6030) - move flush_deallocation_channel to StateManagerTesting. Removed test_only_send_wait_to_tip_channel and latest_state_certification_hash methods.

[c7993fa04] Interface,Message Routing: Move Proto Conversions in State Layout to own Files (#6081) - Moved proto conversion to another file. It’s cleaner and definitly something i would have to do also in some of my code ahah

[72e046612] Interface,Node: Move SEV host functionality to submodule in order to separate host and guest (#6111) - Move HostSevCertificateProvider to another file, and no code change is done between the 2 versions.

[beea51add] Node: Consolidate read_grubenv and write_grubenv references (#6062) - move read_grubenv and write_grubend to ic-os/components/upgrade/grub.sh, and use this instead of duplicate code.

[5a1c00c6b] Node: Update Base Image Refs [2025-07-24-0804] (#6044) - Update image refs

[b5ebec114] Interface,Node: Extract reusable device-related code and add small improvements (#6060) - It’s not a Chores but more a bugfixe in my opinion. This commit fix a race condition where between next_free and attach, you can have another process which attached on the same loop device a file, meaning the attach will fail. It add a retry loop to fix it.

[27813e55a] Node: Clean up references to 20.04 (#5789) - remove ubuntu 20 reference (moved to 24)

Refactoring:

[2f3964fa8] Execution,Interface,Message Routing: Remove special handling of empty target_id from replicated_state (#6051) - remove code used for compute_initial_i_dkg_dealings to reshare_chain_key migration, uncessary now.

2 Likes
11

I should mention here that @Bownairo sent a very helpful reply to clarify this. As I understand, this was a team decision and the intention was to change to the spelling that is more commonly used in the IC repo, which sounds perfectly reasonable.

1 Like