diff --git a/docs/wallet-integration/hosted/getting-started.mdx b/docs/wallet-integration/hosted/getting-started.mdx index 8072e6d3..d02a4386 100644 --- a/docs/wallet-integration/hosted/getting-started.mdx +++ b/docs/wallet-integration/hosted/getting-started.mdx @@ -39,7 +39,7 @@ See [Attestation Verification](../self-hosted-tee/attestation) for implementatio ## PCR allowlist values -The PCRs are determined by the qos enclave runtime version Turnkey has deployed (currently TVC `v2026.2.6`, qos commit [`d866f2c6cbc58cc08c24eab4828f0824ad16a226`](https://github.com/tkhq/qos/commit/d866f2c6cbc58cc08c24eab4828f0824ad16a226)). You can reproduce them locally from that qos rev — never trust an externally supplied PCR file without verifying it. +The PCRs are determined by the qos enclave runtime version Turnkey has deployed (currently TVC `v2026.6.11`, qos commit [``](https://github.com/tkhq/qos/commit/)). You can reproduce them locally from that qos rev — never trust an externally supplied PCR file without verifying it. ### Generating PCRs from source @@ -52,7 +52,7 @@ The `scripts/extract-nitro-pcrs.sh` tool in this repo clones tkhq/qos at the dep The deployment rev lives in a marker comment in `src/Cargo.toml`: ```toml -# qos-deployment-rev = d866f2c6cbc58cc08c24eab4828f0824ad16a226 +# qos-deployment-rev = ``` This is distinct from the `rev = "..."` on each `qos_*` crate in the same file, which pins the qos library code that `parser_app` compiles against and does not affect PCRs. To audit a prospective deployment bump before updating the marker, pass `--rev` explicitly: diff --git a/tools/tvc-deploy/src/main.rs b/tools/tvc-deploy/src/main.rs index 33d0faaf..6f49dd52 100644 --- a/tools/tvc-deploy/src/main.rs +++ b/tools/tvc-deploy/src/main.rs @@ -38,7 +38,7 @@ const SETLIVE_TIMEOUT: Duration = Duration::from_secs(300); const USAGE: &str = "usage:\n \ tvc-deploy gen-operator-key --out \n \ tvc-deploy deploy --app-id --image-url --expected-digest --operator-id \ - [--operator-seed ] [--qos-version v2026.2.6] [--host-ip 0.0.0.0] [--host-port 3000]\n \ + [--operator-seed ] [--qos-version v2026.6.11] [--host-ip 0.0.0.0] [--host-port 3000]\n \ (operator seed may instead come from env TVC_CI_OPERATOR_SEED, or be omitted \ to approve with the logged-in org operator key)"; @@ -128,7 +128,7 @@ fn deploy(sh: &Shell, flags: &HashMap) -> Result<()> { let qos = flags .get("qos-version") .map(String::as_str) - .unwrap_or("v2026.2.6"); + .unwrap_or("v2026.6.11"); let host_ip = flags .get("host-ip") .map(String::as_str)