The owner of the new TEE hardware should inform ProofOfCloud by either using the shared group or sending an email to info@proofofcloud.com, indicating that they desire to add a new machine
The Alliance will agree on two time slots per week dedicated for machine verification. To accomodate for all time zone, one of the slots should be in PST morning hours, and another one in PST evening hours. A Calendly or similar should made available for the applicants to choose the slot. Alliance members should express a committment to have a person available during those time slots that is trained about the verification process. Preferably, at verifiers from at least two project other than the applicant should be present at the ceremony
The general ceremony is oulined here: https://proofofcloud.org/verification-methods
A video conference should be initiated. The video conference should be recorded (both voice and video) using tools like fireflies, otter or similar. The recording should be shared with all the participants after the call, and the link to the recording should be saved in a share resource. At the beginning of the video conference, the parties should present themselves, giving their names and the names of their projects.
The applicant should share their screen. Then, they should log on to their CSP's console, pick the machine that they want to verify, and log on to the machine using IPMI console. Once logged on, the applicant should execute receive a short hexadecimal challenge from the verifiers and run the attester software (https://github.com/proofofcloud/attester) providing the challenge as the parameter. Note: in the future, an external verifiable randomness generator can be used for the challenge.
Note: the machine should have Docker installed in order to run the attester.
For conveinence, since IPMI consoles normally don't allow copy nor paste, the output of the attester should be saved to a text file, and the hash of the file should be calculated for the verifiers to observer (and screenshot if they wish). The output file should then be sent to the verifiers.
Now, the applicant can stop sharing their screen, and at least one of the verifiers should share theirs.
The verifiers should receive the attester output file, validate the file's hash, and then open the file to extract the attestation quote and the PPID.
Then, the verifiers should use a tool (e.g. prooft16z.com or similar) to verify the attestation and see that the challenge string is present in the report_data field.
Once this is done, the PPID can be extracted from the attestatoin collateral, an compared with the PPID recorded in the attester output file.
If all the steps are successul, it can be asserted that this is indeed the machine runninng inside the CSP
If the CSP is known to provide colocation services, and the applicant can't reliably prove that their machine is NOT in colocation, the applicant should provide a signed Colocation Provider Pledge. The verifiers may request to have an email or other communication with the signatory of the Pledge to assert their identity before
Once the verification is complete, the MachineID should be generated from the PPID of the new hardware. Then, one of the verifiers should make a pull request adding the verified machine IDs, and optionally adding a link to the video, and the other verifier should merge the pull request.