@inco/lightning 0.6.8 → 0.7.0

package/src/test/FakeIncoInfra/FakeDecryptionAttester.sol

@@ -15,6 +15,7 @@ import {FakeComputeServer} from "./FakeComputeServer.sol";
 /// operation on existing handles, or on a mix of existing handles and plaintexts values (which get trivial encrypted)
 /// as long as the handles are allowed for the requester
 contract FakeDecryptionAttester is FakeIncoInfraBase, FakeComputeServer {
+
     struct HandleWithProof {
         bytes32 handle;
         AllowanceProof proof; // sharer == address(0) means no proof
@@ -23,21 +24,12 @@ contract FakeDecryptionAttester is FakeIncoInfraBase, FakeComputeServer {
     // The following 4 functions mimic expected behavior of the TEE / covalidator over offchain API
 
     /// @notice request decryption attestation for an existing handle
-    function getDecryptionAttestation(
-        address requester,
-        HandleWithProof memory handle
-    )
-    internal
-    returns (
-        DecryptionAttestation memory decryption,
-        bytes memory signature
-    )
+    function getDecryptionAttestation(address requester, HandleWithProof memory handle)
+        internal
+        returns (DecryptionAttestation memory decryption, bytes[] memory signatures)
     {
         checkAccessControl(requester, handle);
-        (decryption, signature) = _getDecryptionAttestation(
-            handle.handle,
-            get(handle.handle)
-        );
+        (decryption, signatures) = _getDecryptionAttestation(handle.handle, get(handle.handle));
     }
 
     // The following 3 functions are for requesting decryption over a handle resulting of an operation
@@ -49,152 +41,76 @@ contract FakeDecryptionAttester is FakeIncoInfraBase, FakeComputeServer {
         HandleWithProof memory lhs,
         HandleWithProof memory rhs,
         EOps op
-    )
-    internal
-    returns (
-        DecryptionAttestation memory decryption,
-        bytes memory signature
-    )
-    {
+    ) internal returns (DecryptionAttestation memory decryption, bytes memory signature) {
         checkAccessControl(requester, lhs);
         checkAccessControl(requester, rhs);
         bytes32 result = computeBinaryOp(get(lhs.handle), get(rhs.handle), op);
-        (decryption, signature) = _getDecryptionAttestation(
-            lhs.handle,
-            rhs.handle,
-            result,
-            op
-        );
+        (decryption, signature) = _getDecryptionAttestation(lhs.handle, rhs.handle, result, op);
     }
 
     /// @notice request decryption attestation for a binary operation on a handle and a plaintext value (lhs)
-    function getDecryptionAttestation(
-        address requester,
-        uint256 lhs,
-        HandleWithProof memory rhs,
-        EOps op
-    )
-    internal
-    returns (
-        DecryptionAttestation memory decryption,
-        bytes memory signature
-    )
+    function getDecryptionAttestation(address requester, uint256 lhs, HandleWithProof memory rhs, EOps op)
+        internal
+        returns (DecryptionAttestation memory decryption, bytes memory signature)
     {
         checkAccessControl(requester, rhs);
-        bytes32 lhsHandle = inco.getTrivialEncryptHandle(
-            bytes32(lhs),
-            ETypes.Uint256
-        );
+        bytes32 lhsHandle = inco.getTrivialEncryptHandle(bytes32(lhs), ETypes.Uint256);
         bytes32 result = computeBinaryOp(bytes32(lhs), get(rhs.handle), op);
-        (decryption, signature) = _getDecryptionAttestation(
-            lhsHandle,
-            rhs.handle,
-            result,
-            op
-        );
+        (decryption, signature) = _getDecryptionAttestation(lhsHandle, rhs.handle, result, op);
     }
 
     /// @notice request decryption attestation for a binary operation on a handle and a plaintext value (rhs)
-    function getDecryptionAttestation(
-        address requester,
-        HandleWithProof memory lhs,
-        uint256 rhs,
-        EOps op
-    )
-    internal
-    returns (
-        DecryptionAttestation memory decryption,
-        bytes memory signature
-    )
+    function getDecryptionAttestation(address requester, HandleWithProof memory lhs, uint256 rhs, EOps op)
+        internal
+        returns (DecryptionAttestation memory decryption, bytes memory signature)
     {
         checkAccessControl(requester, lhs);
-        bytes32 rhsHandle = inco.getTrivialEncryptHandle(
-            bytes32(rhs),
-            ETypes.Uint256
-        );
+        bytes32 rhsHandle = inco.getTrivialEncryptHandle(bytes32(rhs), ETypes.Uint256);
 
         bytes32 result = computeBinaryOp(get(lhs.handle), bytes32(rhs), op);
-        (decryption, signature) = _getDecryptionAttestation(
-            lhs.handle,
-            rhsHandle,
-            result,
-            op
-        );
+        (decryption, signature) = _getDecryptionAttestation(lhs.handle, rhsHandle, result, op);
     }
 
     /// Private methods ///
 
-    function checkAccessControl(
-        address requester,
-        HandleWithProof memory handle
-    ) private {
+    function checkAccessControl(address requester, HandleWithProof memory handle) private {
         if (handle.proof.sharer == address(0)) {
-            require(
-                inco.isAllowed(handle.handle, requester),
-                SenderNotAllowedForHandle(handle.handle, requester)
-            );
+            require(inco.isAllowed(handle.handle, requester), SenderNotAllowedForHandle(handle.handle, requester));
         } else {
             require(
-                inco.incoVerifier().isAllowedWithProof(
-                    handle.handle,
-                    requester,
-                    handle.proof
-                ),
+                inco.incoVerifier().isAllowedWithProof(handle.handle, requester, handle.proof),
                 SenderNotAllowedForHandle(handle.handle, requester)
             );
         }
     }
 
-    function _getDecryptionAttestation(
-        bytes32 handle,
-        bytes32 value
-    )
-    private
-    view
-    returns (
-        DecryptionAttestation memory decryption,
-        bytes memory signature
-    )
+    function _getDecryptionAttestation(bytes32 handle, bytes32 value)
+        private
+        view
+        returns (DecryptionAttestation memory decryption, bytes[] memory signatures)
     {
         decryption = DecryptionAttestation({handle: handle, value: value});
-        signature = signDecryption(decryption);
+        bytes memory signature = signDecryption(decryption);
+        signatures = new bytes[](1);
+        signatures[0] = signature;
     }
 
-    function signDecryption(
-        DecryptionAttestation memory decryption
-    ) private view returns (bytes memory signature) {
+    function signDecryption(DecryptionAttestation memory decryption) private view returns (bytes memory signature) {
         // todo change this to don't call inco and call verifier directly
-        bytes32 digest = inco.incoVerifier().decryptionAttestationDigest(
-            decryption
-        );
+        bytes32 digest = inco.incoVerifier().decryptionAttestationDigest(decryption);
         signature = getSignatureForDigest(digest, teePrivKey);
     }
 
-    function _getDecryptionAttestation(
-        bytes32 lhsHandle,
-        bytes32 rhsHandle,
-        bytes32 encodedResult,
-        EOps op
-    )
-    private
-    view
-    returns (
-        DecryptionAttestation memory decryption,
-        bytes memory signature
-    )
+    function _getDecryptionAttestation(bytes32 lhsHandle, bytes32 rhsHandle, bytes32 encodedResult, EOps op)
+        private
+        view
+        returns (DecryptionAttestation memory decryption, bytes memory signature)
     {
         ETypes resultType = opToResultType(op);
         decryption = DecryptionAttestation({
-            handle: inco.getOpResultHandle(
-                op,
-                resultType,
-                abi.encodePacked(
-                    lhsHandle,
-                    rhsHandle
-                )
-            ),
-            value: encodedResult
+            handle: inco.getOpResultHandle(op, resultType, abi.encodePacked(lhsHandle, rhsHandle)), value: encodedResult
         });
         signature = signDecryption(decryption);
     }
+
 }

package/src/test/FakeIncoInfra/FakeIncoInfraBase.sol

@@ -9,74 +9,60 @@ import {HandleGeneration} from "../../lightning-parts/primitives/HandleGeneratio
 
 /// @notice simulates what inco does offchain but over plaintexts
 contract FakeIncoInfraBase is TestUtils, KVStore, HandleGeneration {
-    error UnsupportedTypeInput(ETypes inputType);
-
-    address immutable teePubkeyAddress;
-    uint256 immutable teePrivKey;
 
-    constructor() {
-        (teePrivKey, teePubkeyAddress) = getLabeledKeyPair("tee");
-    }
+    error UnsupportedTypeInput(ETypes inputType);
 
-    function getCiphertextInput(
-        bytes32 word,
-        address user,
-        address contractAddress,
-        ETypes inputType
-    ) public view returns (bytes memory input) {
+    function getCiphertextInput(bytes32 word, address user, address contractAddress, ETypes inputType)
+        public
+        view
+        returns (bytes memory input)
+    {
         // We need a single word here to get correct encoding
         bytes memory ciphertext = abi.encode(word);
         bytes32 handle = getInputHandle(ciphertext, address(inco), user, contractAddress, inputType);
         input = abi.encode(handle, ciphertext);
     }
 
-    function fakePrepareEuint256Ciphertext(
-        uint256 value,
-        address userAddress,
-        address contractAddress
-    ) internal view returns (bytes memory ciphertext) {
+    function fakePrepareEuint256Ciphertext(uint256 value, address userAddress, address contractAddress)
+        internal
+        view
+        returns (bytes memory ciphertext)
+    {
         ciphertext = getCiphertextInput(bytes32(value), userAddress, contractAddress, ETypes.Uint256);
     }
 
-
-    function fakeDecryptEuint256Ciphertext(
-        bytes memory ciphertext
-    ) internal pure returns (uint256 value) {
+    function fakeDecryptEuint256Ciphertext(bytes memory ciphertext) internal pure returns (uint256 value) {
         (value) = abi.decode(ciphertext, (uint256));
     }
 
-    function fakeDecryptEuint160Ciphertext(
-        bytes memory ciphertext
-    ) internal pure returns (uint160 value) {
+    function fakeDecryptEuint160Ciphertext(bytes memory ciphertext) internal pure returns (uint160 value) {
         value = abi.decode(ciphertext, (uint160));
     }
 
-    function fakePrepareEboolCiphertext(
-        bool value,
-        address userAddress,
-        address contractAddress
-    ) internal view returns (bytes memory ciphertext) {
+    function fakePrepareEboolCiphertext(bool value, address userAddress, address contractAddress)
+        internal
+        view
+        returns (bytes memory ciphertext)
+    {
         bytes32 b = bytes32(uint256(value ? 1 : 0));
         ciphertext = getCiphertextInput(b, userAddress, contractAddress, ETypes.Bool);
     }
 
-    function fakePrepareEaddressCiphertext(
-        address value,
-        address userAddress,
-        address contractAddress
-    ) internal view returns (bytes memory ciphertext) {
-        ciphertext = getCiphertextInput(bytes32(uint256(uint160(value))), userAddress, contractAddress, ETypes.AddressOrUint160OrBytes20);
+    function fakePrepareEaddressCiphertext(address value, address userAddress, address contractAddress)
+        internal
+        view
+        returns (bytes memory ciphertext)
+    {
+        ciphertext = getCiphertextInput(
+            bytes32(uint256(uint160(value))), userAddress, contractAddress, ETypes.AddressOrUint160OrBytes20
+        );
     }
 
-    function fakeDecryptEaddressCiphertext(
-        bytes memory ciphertext
-    ) internal pure returns (address value) {
+    function fakeDecryptEaddressCiphertext(bytes memory ciphertext) internal pure returns (address value) {
         value = abi.decode(ciphertext, (address));
     }
 
-    function fakeDecryptEboolCiphertext(
-        bytes memory ciphertext
-    ) internal pure returns (bool value) {
+    function fakeDecryptEboolCiphertext(bytes memory ciphertext) internal pure returns (bool value) {
         value = abi.decode(ciphertext, (bool));
     }
 
@@ -84,9 +70,7 @@ contract FakeIncoInfraBase is TestUtils, KVStore, HandleGeneration {
         return ebool.wrap(bytes32(value ? uint256(1) : uint256(0)));
     }
 
-    function fakeEncryptUint256(
-        uint256 value
-    ) internal pure returns (euint256) {
+    function fakeEncryptUint256(uint256 value) internal pure returns (euint256) {
         return euint256.wrap(bytes32(value));
     }
 
@@ -94,9 +78,8 @@ contract FakeIncoInfraBase is TestUtils, KVStore, HandleGeneration {
         return ebool.unwrap(handle) == bytes32(uint256(1));
     }
 
-    function fakeDecryptEuint256(
-        euint256 handle
-    ) internal pure returns (uint256) {
+    function fakeDecryptEuint256(euint256 handle) internal pure returns (uint256) {
         return uint256(euint256.unwrap(handle));
     }
+
 }

package/src/test/FakeIncoInfra/FakeQuoteVerifier.sol

@@ -8,6 +8,7 @@ import {IQuoteVerifier} from "../../interfaces/automata-interfaces/IQuoteVerifie
 // This contract is used to test the IncoLightning contract. It is a simple implementation of the QuoteVerifier interface.
 // It is used to test the IncoLightning contract without relying on the real QuoteVerifier contract.
 contract FakeQuoteVerifier is IQuoteVerifier {
+
     /// @dev immutable
     function pccsRouter() external pure returns (IPCCSRouter) {
         return IPCCSRouter(address(0));
@@ -18,16 +19,12 @@ contract FakeQuoteVerifier is IQuoteVerifier {
         return 4;
     }
 
-    function verifyQuote(
-        Header calldata,
-        bytes calldata quote
-    ) external pure returns (bool, bytes memory) {
+    function verifyQuote(Header calldata, bytes calldata quote) external pure returns (bool, bytes memory) {
         return (true, quote);
     }
 
-    function verifyZkOutput(
-        bytes calldata quote
-    ) external pure returns (bool, bytes memory) {
+    function verifyZkOutput(bytes calldata quote) external pure returns (bool, bytes memory) {
         return (true, quote);
     }
+
 }

package/src/test/FakeIncoInfra/KVStore.sol

@@ -7,6 +7,7 @@ import {asBool} from "../..//shared/TypeUtils.sol";
 
 /// @notice key-value store, knows the value behind each handle
 contract KVStore is HandleMetadata {
+
     mapping(bytes32 => bytes32) private store;
 
     function set(bytes32 key, bytes32 value) internal {
@@ -38,4 +39,5 @@ contract KVStore is HandleMetadata {
     function checkType(bytes32 handle, ETypes requiredType) private pure {
         assert(typeOf(handle) == requiredType);
     }
+
 }

package/src/test/FakeIncoInfra/MockOpHandler.sol

@@ -10,6 +10,7 @@ import {asBytes32} from "../../shared/TypeUtils.sol";
 import {getOpForSelector} from "./getOpForSelector.sol";
 
 contract MockOpHandler is FakeIncoInfraBase, FakeComputeServer {
+
     function processAllOperations() internal {
         Vm.Log[] memory logs = vm.getRecordedLogs();
         for (uint256 i = 0; i < logs.length; i++) {
@@ -24,10 +25,7 @@ contract MockOpHandler is FakeIncoInfraBase, FakeComputeServer {
         EOps op = getOpForSelector(eventSelector);
         if (op == EOps.TrivialEncrypt) {
             bytes32 result = log.topics[1];
-            (bytes32 plainTextBytes, , ) = abi.decode(
-                log.data,
-                (bytes32, ETypes, uint256)
-            );
+            (bytes32 plainTextBytes,,) = abi.decode(log.data, (bytes32, ETypes, uint256));
             handleTrivialEncryption(result, plainTextBytes);
         } else if (isBinaryUintOp(op)) {
             bytes32 lhs = log.topics[1];
@@ -65,18 +63,12 @@ contract MockOpHandler is FakeIncoInfraBase, FakeComputeServer {
         } else if (op == EOps.NewInput) {
             bytes32 result = log.topics[1];
             // contractAddress and user topics are ignored
-            (bytes memory ciphertext, ) = abi.decode(
-                log.data,
-                (bytes, uint256)
-            );
+            (bytes memory ciphertext,) = abi.decode(log.data, (bytes, uint256));
             handleEInput(result, ciphertext);
         }
     }
 
-    function handleEInput(
-        bytes32 result,
-        bytes memory ciphertext
-    ) private {
+    function handleEInput(bytes32 result, bytes memory ciphertext) private {
         ETypes inputType = typeOf(result);
         if (inputType == ETypes.Uint256) {
             set(result, bytes32(fakeDecryptEuint256Ciphertext(ciphertext)));
@@ -97,23 +89,11 @@ contract MockOpHandler is FakeIncoInfraBase, FakeComputeServer {
         set(euint256.unwrap(result), bytes32(counter));
     }
 
-    function handleERandBounded(
-        uint256 counter,
-        euint256 upperBound,
-        euint256 result
-    ) private {
-        set(
-            euint256.unwrap(result),
-            bytes32(counter % getUint256Value(upperBound))
-        );
+    function handleERandBounded(uint256 counter, euint256 upperBound, euint256 result) private {
+        set(euint256.unwrap(result), bytes32(counter % getUint256Value(upperBound)));
     }
 
-    function handleIfThenElse(
-        ebool control,
-        bytes32 lhs,
-        bytes32 rhs,
-        bytes32 result
-    ) private {
+    function handleIfThenElse(ebool control, bytes32 lhs, bytes32 rhs, bytes32 result) private {
         set(result, bytes32(getBoolValue(control) ? get(lhs) : get(rhs)));
     }
 
@@ -126,10 +106,8 @@ contract MockOpHandler is FakeIncoInfraBase, FakeComputeServer {
         }
     }
 
-    function handleTrivialEncryption(
-        bytes32 result,
-        bytes32 plainTextBytes
-    ) private {
+    function handleTrivialEncryption(bytes32 result, bytes32 plainTextBytes) private {
         set(result, plainTextBytes);
     }
+
 }

package/src/test/FakeIncoInfra/MockRemoteAttestation.sol

@@ -2,23 +2,19 @@
 pragma solidity ^0.8;
 
 import {TestUtils} from "../../shared/TestUtils.sol";
-import {
-    HEADER_LENGTH,
-    MINIMUM_QUOTE_LENGTH,
-    TDX_TEE
-} from "../../interfaces/automata-interfaces/Types.sol";
+import {HEADER_LENGTH, MINIMUM_QUOTE_LENGTH, TDX_TEE} from "../../interfaces/automata-interfaces/Types.sol";
+import {BootstrapResult} from "../../lightning-parts/TEELifecycle.types.sol";
+import {ITEELifecycle} from "../../lightning-parts/interfaces/ITEELifecycle.sol";
 
 contract MockRemoteAttestation is TestUtils {
+
     /**
      * @notice Creates a mock quote for the given MRTD and signer
      * The RTMR0, RTMR1, RTMR2 are set to zeros
      * @dev This function is the same as the non-TDX version of
      * get_tdx_quote in attestation/src/remote_attestation.rs
      */
-    function createQuote(
-        bytes memory mrtd,
-        address signer
-    ) public pure returns (bytes memory quote) {
+    function createQuote(bytes memory mrtd, address signer) public pure returns (bytes memory quote) {
         // Mock implementation of quote creation
         require(mrtd.length == 48, "MRTD should be 48 bytes");
         /* Quote structure:
@@ -34,22 +30,55 @@ contract MockRemoteAttestation is TestUtils {
 
         */
         bytes4 version = 0x04000000; // Version 4
-        bytes4 tdxTEEType = TDX_TEE; // TDX TEETYPE
+        bytes4 tdxTeeType = TDX_TEE; // TDX TEETYPE
         bytes memory prefix = new bytes(HEADER_LENGTH + 136 - 8);
         bytes memory middle = new bytes(520 - 184);
         bytes memory reportDataSuffix = new bytes(44);
-        bytes memory suffix = new bytes(
-            MINIMUM_QUOTE_LENGTH - HEADER_LENGTH - 584
-        );
+        bytes memory suffix = new bytes(MINIMUM_QUOTE_LENGTH - HEADER_LENGTH - 584);
         quote = abi.encodePacked(
-            version,
-            tdxTEEType,
-            prefix,
-            mrtd,
-            middle,
-            abi.encodePacked(signer),
-            reportDataSuffix,
-            suffix
+            version, tdxTeeType, prefix, mrtd, middle, abi.encodePacked(signer), reportDataSuffix, suffix
         );
     }
+
+    // Helper function to create a successful bootstrap result
+    function successfulBootstrapResult(
+        ITEELifecycle teeLifecycle,
+        bytes memory eciesPublicKey,
+        address signer,
+        uint256 signerPrivKey
+    )
+        internal
+        returns (
+            BootstrapResult memory bootstrapResult,
+            bytes memory quote,
+            bytes memory signature,
+            bytes32 mrAggregated
+        )
+    {
+        bytes memory eciesPubkey = eciesPublicKey;
+        // See DEFAULT_MRTD in attestation/src/remote_attestation.rs
+        bytes memory mrtd =
+            hex"010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101";
+        // See DEFAULT_MR_AGGREGATED in attestation/src/remote_attestation.rs to
+        // see the calculation of the default value.
+        mrAggregated = hex"c3a67bac251d4946d7b17481d39631676042fe3afab06e70c22105ad8383c19f";
+        bootstrapResult = BootstrapResult({ecies_pubkey: eciesPubkey});
+
+        quote = createQuote(mrtd, signer);
+        signature = signBootstrapResult(bootstrapResult, signerPrivKey, teeLifecycle);
+        // We set the signer address and priv key as part of the bootstrap for non-tee setups
+        teeEOA = signer;
+        teePrivKey = signerPrivKey;
+    }
+
+    // Helper function to sign the bootstrap result
+    function signBootstrapResult(BootstrapResult memory bootstrapResult, uint256 privateKey, ITEELifecycle teeLifecycle)
+        internal
+        view
+        returns (bytes memory)
+    {
+        bytes32 bootstrapResultDigest = teeLifecycle.bootstrapResultDigest(bootstrapResult);
+        return getSignatureForDigest(bootstrapResultDigest, privateKey);
+    }
+
 }

package/src/test/IncoTest.sol

@@ -10,15 +10,26 @@ import {FakeDecryptionAttester} from "./FakeIncoInfra/FakeDecryptionAttester.sol
 import {console} from "forge-std/console.sol";
 import {FakeQuoteVerifier} from "./FakeIncoInfra/FakeQuoteVerifier.sol";
 import {IOwnable} from "../../src/shared/IOwnable.sol";
+import {MockRemoteAttestation} from "./FakeIncoInfra/MockRemoteAttestation.sol";
+import {BootstrapResult} from "../lightning-parts/TEELifecycle.types.sol";
 
-contract IncoTest is MockOpHandler, DeployUtils, FakeDecryptionAttester {
+contract IncoTest is MockOpHandler, DeployUtils, FakeDecryptionAttester, MockRemoteAttestation {
+
+    // forge-lint: disable-next-line(screaming-snake-case-immutable)
     address immutable owner;
+    // forge-lint: disable-next-line(screaming-snake-case-immutable)
     address immutable testDeployer;
 
+    // Constants for testing
+    bytes testNetworkPubkey = hex"02516bda9e68a1c3dce74dc1b6ed7d91a91d51c1e1933947f06331cef59631e9eb";
+    address private constant ANVIL_ZEROTH_ADDRESS = 0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266;
+    uint256 private constant ANVIL_ZEROTH_PRIVATE_KEY =
+        0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80;
+
     constructor() {
         owner = getLabeledAddress("owner");
         // extracted from the deploy script running as bare simulation with:
-        //  forge script src/script/Deploy.s.sol:Deploy
+        // forge script src/script/Deploy.s.sol:Deploy
         testDeployer = deployedBy;
         vm.label(testDeployer, "testDeployer");
         vm.label(address(this), "testRunner");
@@ -29,7 +40,7 @@ contract IncoTest is MockOpHandler, DeployUtils, FakeDecryptionAttester {
         deployCreateX();
         vm.startPrank(testDeployer);
         vm.setEnv("USE_TDX_HW", "false"); // results in the test deployment using the FakeQuoteVerifier
-        (IIncoLightning proxy, ) = deployIncoLightningUsingConfig({
+        (IIncoLightning proxy,) = deployIncoLightningUsingConfig({
             deployer: testDeployer,
             // The highest precedent deployment
             // We select the pepper that will be used that will be generated in the lib.sol (usually "testnet"), but currently "alphanet" has higher major version
@@ -39,19 +50,21 @@ contract IncoTest is MockOpHandler, DeployUtils, FakeDecryptionAttester {
         IOwnable(address(proxy)).transferOwnership(owner);
         IOwnable(address(inco.incoVerifier())).transferOwnership(owner);
         vm.stopPrank();
-        console.log(
-            "Deployed %s (proxy) to: %s",
-            proxy.getName(),
-            address(proxy)
-        );
+        console.log("Deployed %s (proxy) to: %s", proxy.getName(), address(proxy));
         console.log("Generated inco address: %s", address(inco));
         require(
             address(proxy) == address(inco),
             "generated inco address in Lib.sol does not match address of inco deployed by IncoTest"
         );
         vm.startPrank(owner);
-        inco.incoVerifier().addSigner(teePubkeyAddress);
+        (BootstrapResult memory bootstrapResult, bytes memory quote, bytes memory signature, bytes32 mrAggregated) = successfulBootstrapResult(
+            inco.incoVerifier(), testNetworkPubkey, ANVIL_ZEROTH_ADDRESS, ANVIL_ZEROTH_PRIVATE_KEY
+        );
+        inco.incoVerifier().approveNewTeeVersion(mrAggregated);
+        inco.incoVerifier().verifyBootstrapResult(bootstrapResult, quote, signature);
+        inco.incoVerifier().setThreshold(1);
         vm.stopPrank();
         vm.recordLogs();
     }
+
 }