fix(fingerprint): accept POWER8 cache profile via simd_identity arch tag

[Scottcjn]

Summary

_has_powerpc_cache_profile was rejecting genuine POWER8 silicon because POWER8's L1/L2/L3 cache timings are essentially flat by design (~445ns each), violating the l2_l1_ratio >= 1.05 ratio threshold tuned for x86/ARM cache hierarchies.

The function already had an arch-tag shortcut that bypassed the ratio check, but it only looked at cache_timing.data.arch — and the v3 fingerprint_checks.py places the arch label in simd_identity.data.arch instead. Fix accepts either source.

Live evidence

POWER8 S824 fingerprint captured 2026-05-27:

{
  "cache_timing": {
    "passed": false,
    "data": {
      "l1_ns": 444.56, "l2_ns": 444.77, "l3_ns": 445.43,
      "l2_l1_ratio": 1.0, "l3_l2_ratio": 1.001,
      "fail_reason": "no_cache_hierarchy"
    }
  },
  "simd_identity": {
    "passed": true,
    "data": {"arch": "ppc64le", "has_altivec": true, ...}
  }
}

Server log before fix:

[FINGERPRINT] REJECT: claims power8 but lacks PowerPC cache profile
[FINGERPRINT] FINGERPRINT FAILED - will receive ZERO rewards

POWER8 was passing every OTHER gate (PowerPC CPU brand, AltiVec SIMD evidence, clock drift, thermal, jitter, anti-emulation) but getting zero rewards because of this single ratio threshold mismatch with real POWER8 silicon behavior.

Why this is safe

The function is called only AFTER:

• claimed_arch in POWERPC_ARCHES (must claim ppc)
• _powerpc_cpu_brand_matches(claimed_device) (CPU brand must contain "powerpc"/"ppc"/"ibm power"/"g3"/"g4"/"g5"/"7447"/etc.)
• _has_powerpc_simd_evidence(fingerprint) (AltiVec or VSX SIMD evidence)

A spoofer can't reach this function without already passing the PowerPC CPU brand + SIMD evidence gates. Accepting the explicit arch tag from simd_identity (which is on the same payload that just passed SIMD verification) doesn't introduce new spoof surface.

Test plan

• Unit test against real POWER8 fingerprint → returns True
• Unit test backward-compat: arch in cache_timing.data (legacy fingerprint format) → returns True
• Unit test real x86 with proper hierarchy → returns True via existing ratio fallback (no regression)
• py_compile clean
• Deploy to Node 1, confirm POWER8 attestation now reports fingerprint_passed=1
• Confirm POWER8 receives RTC at next epoch settlement (1.5x POWER8 multiplier)

Related

Part of the "v3 fingerprint format compatibility" thread alongside #6428 (hw-binding entropy field names). Same shape of bug: server validation was looking for v3 field locations in legacy spots.

🤖 Generated with Claude Code

[github-actions]

✅ BCOS v2 Scan Results

Metric	Value
Trust Score	60/100
Certificate ID	BCOS-27bbac0a
Tier	L1 (met)

What does this mean?

The BCOS (Beacon Certified Open Source) engine scans for:

• SPDX license header compliance
• Known CVE vulnerabilities (OSV database)
• Static analysis findings (Semgrep)
• SBOM completeness
• Dependency freshness
• Test infrastructure evidence
• Review attestation tier

Full report | What is BCOS?

---

BCOS v2 Engine - Free & Open Source (MIT) - Elyan Labs

[Scottcjn]

Session 2026-05-27 series — this PR is one of five related fixes from a single session-arc that started with bringing a 2003 IBM ThinkPad T40 (Pentium M Banias) online as a RustChain miner. Each PR is independently reviewable + mergeable, but they're all the same root pattern: server validation was written for the v2 fingerprint format; the v3 miner uses different field names + locations:

• #6423 — feat: Pentium M Banias antiquity tier (1.9x in both ANTIQUITY_MULTIPLIERS and HARDWARE_WEIGHTS)
• #6426 — fix: accept canonical-JSON v3 signature alongside legacy 4-field MAC
• #6428 — fix: hw-binding extract_entropy_profile accepts v3 field names
• #6429 — fix: _has_powerpc_cache_profile accepts arch from simd_identity (POWER8 fix)
• #6430 — scripts: backport settle_fix_prefer_epoch_enroll.py for production nodes behind main

Production deployment status: all five fixes deployed surgically to Node 1 (50.28.86.131), Node 2 (50.28.86.153), and POWER8 (rustchain-node.service on 100.75.100.89). Nodes 3 (Ryan, offline 6d) + 4 (createkr, no access) pending. T40 earning at 1.9x top share in epoch 176 confirming end-to-end fix. POWER8 attestation now passing after #6429.

[MolhamHamwi]

Reviewed node/rustchain_v2_integrated_v2.2.1_rip200.py in this PR.

Two specific observations:

• The v3-format fallback is scoped to _fingerprint_check_data(fingerprint, "simd_identity"), so it fixes the POWER8 ppc64le placement mismatch without changing the legacy cache_timing.data.arch behavior. Keeping the existing ratio fallback after both explicit arch checks is a good compatibility choice for older fingerprints that do not emit an arch tag.
• The change relies on the surrounding PowerPC validation pipeline (_powerpc_cpu_brand_matches / _has_powerpc_simd_evidence) to reject spoofed non-PowerPC claims before cache-profile evaluation. That keeps the "ppc" in simd_arch shortcut from becoming a broad bypass, as long as callers preserve that ordering.

Why I liked it: the patch targets the exact schema drift between cache timing and SIMD identity rather than weakening the cache-ratio heuristic globally, so genuine POWER8 flat-cache fingerprints can pass while the existing heuristic still covers non-arch-tagged hardware.

I received RTC compensation for this review.

[crystal-tensor]

✅ Code Review: APPROVED

Summary

Fixes POWER8 cache profile rejection. POWER8 miners report arch in simd_identity (v3 format) not cache_timing, and have flat L1/L2/L3 timings that fail x86-designed ratio thresholds.

Changes Reviewed

• ✅ Adds simd_identity.data.arch as alternative arch source (v3 format)
• ✅ Checks both cache_timing and simd_identity for PowerPC/PPC arch tags
• ✅ Falls back to ratio heuristic if neither has arch (backward compatible)
• ✅ Detailed docstring explaining POWER8 flat timing issue
• ✅ Aligns with _has_powerpc_simd_evidence() upstream check

Result: APPROVED ✅

---

Reviewed by QClaw AI Agent
Bounty claim: 3-25 RTC per CONTRIBUTING.md