diff --git a/go.work.sum b/go.work.sum
index 227c3e8fa..ad49cea26 100644
--- a/go.work.sum
+++ b/go.work.sum
@@ -1,6 +1,7 @@
 cloud.google.com/go/iam v0.3.0 h1:exkAomrVUuzx9kWFI1wm3KI0uoDeUFPB4kKGzx6x+Gc=
 cloud.google.com/go/storage v1.22.1 h1:F6IlQJZrZM++apn9V5/VfS3gbTUYg98PS3EMQAzqtfg=
 github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
+github.com/google/go-tpm-tools v0.3.9/go.mod h1:22JvWmHcD5w55cs+nMeqDGDxgNS15/2pDq2cLqnc3rc=
 github.com/googleapis/gax-go v2.0.2+incompatible h1:silFMLAnr330+NRuag/VjIGF7TLp/LBrV2CJKFLWEww=
 github.com/googleapis/go-type-adapters v1.0.0 h1:9XdMn+d/G57qq1s8dNc5IesGCXHf6V2HZ2JwRxfA2tA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/proto/attest.proto b/proto/attest.proto
index b58b4727c..a81810d79 100644
--- a/proto/attest.proto
+++ b/proto/attest.proto
@@ -190,6 +190,21 @@ message AttestedCosState {
   SemanticVersion launcher_version = 3;
 }
 
+message EfiApp {
+  // The PE/COFF digest of the EFI application (pulled from the raw event digest).
+  bytes digest = 1;
+}
+
+// The verified state of EFI Applications. Policy usage on this machine state
+// should check the entire set of EFI App digests matches, not a subset.
+message EfiState {
+  // UEFI's OS Loader code is required to measure attempts to load and execute
+  // UEFI applications.
+  // UEFI applications are typically bootloaders such as shim and GRUB.
+  // These run and are measured using the UEFI LoadImage() service.
+  repeated EfiApp apps = 1;
+}
+
 // The verified state of a booted machine, obtained from an Attestation
 message MachineState {
   PlatformState platform = 1;
@@ -209,6 +224,8 @@ message MachineState {
   LinuxKernelState linux_kernel = 6;
 
   AttestedCosState cos = 7;
+
+  EfiState efi = 8;
 }
 
 // A policy dictating which values of PlatformState to allow
diff --git a/proto/attest/attest.pb.go b/proto/attest/attest.pb.go
index 0d3b335bb..bc8dfd9f1 100644
--- a/proto/attest/attest.pb.go
+++ b/proto/attest/attest.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.0
-// 	protoc        v3.20.1
+// 	protoc        v3.21.12
 // source: attest.proto
 
 package attest
@@ -1215,6 +1215,107 @@ func (x *AttestedCosState) GetLauncherVersion() *SemanticVersion {
 	return nil
 }
 
+type EfiApp struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The PE/COFF digest of the EFI application (pulled from the raw event digest).
+	Digest []byte `protobuf:"bytes,1,opt,name=digest,proto3" json:"digest,omitempty"`
+}
+
+func (x *EfiApp) Reset() {
+	*x = EfiApp{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_attest_proto_msgTypes[13]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *EfiApp) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EfiApp) ProtoMessage() {}
+
+func (x *EfiApp) ProtoReflect() protoreflect.Message {
+	mi := &file_attest_proto_msgTypes[13]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use EfiApp.ProtoReflect.Descriptor instead.
+func (*EfiApp) Descriptor() ([]byte, []int) {
+	return file_attest_proto_rawDescGZIP(), []int{13}
+}
+
+func (x *EfiApp) GetDigest() []byte {
+	if x != nil {
+		return x.Digest
+	}
+	return nil
+}
+
+// The verified state of EFI Applications. Policy usage on this machine state
+// should check the entire set of EFI App digests matches, not a subset.
+type EfiState struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// UEFI's OS Loader code is required to measure attempts to load and execute
+	// UEFI applications.
+	// UEFI applications are typically bootloaders such as shim and GRUB.
+	// These run and are measured using the UEFI LoadImage() service.
+	Apps []*EfiApp `protobuf:"bytes,1,rep,name=apps,proto3" json:"apps,omitempty"`
+}
+
+func (x *EfiState) Reset() {
+	*x = EfiState{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_attest_proto_msgTypes[14]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *EfiState) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EfiState) ProtoMessage() {}
+
+func (x *EfiState) ProtoReflect() protoreflect.Message {
+	mi := &file_attest_proto_msgTypes[14]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use EfiState.ProtoReflect.Descriptor instead.
+func (*EfiState) Descriptor() ([]byte, []int) {
+	return file_attest_proto_rawDescGZIP(), []int{14}
+}
+
+func (x *EfiState) GetApps() []*EfiApp {
+	if x != nil {
+		return x.Apps
+	}
+	return nil
+}
+
 // The verified state of a booted machine, obtained from an Attestation
 type MachineState struct {
 	state         protoimpl.MessageState
@@ -1233,12 +1334,13 @@ type MachineState struct {
 	Grub        *GrubState        `protobuf:"bytes,5,opt,name=grub,proto3" json:"grub,omitempty"`
 	LinuxKernel *LinuxKernelState `protobuf:"bytes,6,opt,name=linux_kernel,json=linuxKernel,proto3" json:"linux_kernel,omitempty"`
 	Cos         *AttestedCosState `protobuf:"bytes,7,opt,name=cos,proto3" json:"cos,omitempty"`
+	Efi         *EfiState         `protobuf:"bytes,8,opt,name=efi,proto3" json:"efi,omitempty"`
 }
 
 func (x *MachineState) Reset() {
 	*x = MachineState{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_attest_proto_msgTypes[13]
+		mi := &file_attest_proto_msgTypes[15]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1251,7 +1353,7 @@ func (x *MachineState) String() string {
 func (*MachineState) ProtoMessage() {}
 
 func (x *MachineState) ProtoReflect() protoreflect.Message {
-	mi := &file_attest_proto_msgTypes[13]
+	mi := &file_attest_proto_msgTypes[15]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1264,7 +1366,7 @@ func (x *MachineState) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use MachineState.ProtoReflect.Descriptor instead.
 func (*MachineState) Descriptor() ([]byte, []int) {
-	return file_attest_proto_rawDescGZIP(), []int{13}
+	return file_attest_proto_rawDescGZIP(), []int{15}
 }
 
 func (x *MachineState) GetPlatform() *PlatformState {
@@ -1316,6 +1418,13 @@ func (x *MachineState) GetCos() *AttestedCosState {
 	return nil
 }
 
+func (x *MachineState) GetEfi() *EfiState {
+	if x != nil {
+		return x.Efi
+	}
+	return nil
+}
+
 // A policy dictating which values of PlatformState to allow
 type PlatformPolicy struct {
 	state         protoimpl.MessageState
@@ -1337,7 +1446,7 @@ type PlatformPolicy struct {
 func (x *PlatformPolicy) Reset() {
 	*x = PlatformPolicy{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_attest_proto_msgTypes[14]
+		mi := &file_attest_proto_msgTypes[16]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1350,7 +1459,7 @@ func (x *PlatformPolicy) String() string {
 func (*PlatformPolicy) ProtoMessage() {}
 
 func (x *PlatformPolicy) ProtoReflect() protoreflect.Message {
-	mi := &file_attest_proto_msgTypes[14]
+	mi := &file_attest_proto_msgTypes[16]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1363,7 +1472,7 @@ func (x *PlatformPolicy) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use PlatformPolicy.ProtoReflect.Descriptor instead.
 func (*PlatformPolicy) Descriptor() ([]byte, []int) {
-	return file_attest_proto_rawDescGZIP(), []int{14}
+	return file_attest_proto_rawDescGZIP(), []int{16}
 }
 
 func (x *PlatformPolicy) GetAllowedScrtmVersionIds() [][]byte {
@@ -1399,7 +1508,7 @@ type Policy struct {
 func (x *Policy) Reset() {
 	*x = Policy{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_attest_proto_msgTypes[15]
+		mi := &file_attest_proto_msgTypes[17]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1412,7 +1521,7 @@ func (x *Policy) String() string {
 func (*Policy) ProtoMessage() {}
 
 func (x *Policy) ProtoReflect() protoreflect.Message {
-	mi := &file_attest_proto_msgTypes[15]
+	mi := &file_attest_proto_msgTypes[17]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1425,7 +1534,7 @@ func (x *Policy) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use Policy.ProtoReflect.Descriptor instead.
 func (*Policy) Descriptor() ([]byte, []int) {
-	return file_attest_proto_rawDescGZIP(), []int{15}
+	return file_attest_proto_rawDescGZIP(), []int{17}
 }
 
 func (x *Policy) GetPlatform() *PlatformPolicy {
@@ -1588,65 +1697,73 @@ var file_attest_proto_rawDesc = []byte{
 	0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17,
 	0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x53, 0x65, 0x6d, 0x61, 0x6e, 0x74, 0x69, 0x63,
 	0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x6c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x65,
-	0x72, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0xdc, 0x02, 0x0a, 0x0c, 0x4d, 0x61, 0x63,
-	0x68, 0x69, 0x6e, 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x31, 0x0a, 0x08, 0x70, 0x6c, 0x61,
-	0x74, 0x66, 0x6f, 0x72, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x61, 0x74,
-	0x74, 0x65, 0x73, 0x74, 0x2e, 0x50, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x53, 0x74, 0x61,
-	0x74, 0x65, 0x52, 0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x12, 0x38, 0x0a, 0x0b,
-	0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x5f, 0x62, 0x6f, 0x6f, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x17, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x53, 0x65, 0x63, 0x75, 0x72,
-	0x65, 0x42, 0x6f, 0x6f, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0a, 0x73, 0x65, 0x63, 0x75,
-	0x72, 0x65, 0x42, 0x6f, 0x6f, 0x74, 0x12, 0x2c, 0x0a, 0x0a, 0x72, 0x61, 0x77, 0x5f, 0x65, 0x76,
-	0x65, 0x6e, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x61, 0x74, 0x74,
-	0x65, 0x73, 0x74, 0x2e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x52, 0x09, 0x72, 0x61, 0x77, 0x45, 0x76,
-	0x65, 0x6e, 0x74, 0x73, 0x12, 0x21, 0x0a, 0x04, 0x68, 0x61, 0x73, 0x68, 0x18, 0x04, 0x20, 0x01,
-	0x28, 0x0e, 0x32, 0x0d, 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67,
-	0x6f, 0x52, 0x04, 0x68, 0x61, 0x73, 0x68, 0x12, 0x25, 0x0a, 0x04, 0x67, 0x72, 0x75, 0x62, 0x18,
-	0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x47,
-	0x72, 0x75, 0x62, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x04, 0x67, 0x72, 0x75, 0x62, 0x12, 0x3b,
-	0x0a, 0x0c, 0x6c, 0x69, 0x6e, 0x75, 0x78, 0x5f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x18, 0x06,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x4c, 0x69,
-	0x6e, 0x75, 0x78, 0x4b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0b,
-	0x6c, 0x69, 0x6e, 0x75, 0x78, 0x4b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x12, 0x2a, 0x0a, 0x03, 0x63,
-	0x6f, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73,
-	0x74, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x73, 0x53, 0x74, 0x61,
-	0x74, 0x65, 0x52, 0x03, 0x63, 0x6f, 0x73, 0x22, 0xde, 0x01, 0x0a, 0x0e, 0x50, 0x6c, 0x61, 0x74,
-	0x66, 0x6f, 0x72, 0x6d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x39, 0x0a, 0x19, 0x61, 0x6c,
-	0x6c, 0x6f, 0x77, 0x65, 0x64, 0x5f, 0x73, 0x63, 0x72, 0x74, 0x6d, 0x5f, 0x76, 0x65, 0x72, 0x73,
-	0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x16, 0x61,
-	0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x53, 0x63, 0x72, 0x74, 0x6d, 0x56, 0x65, 0x72, 0x73, 0x69,
-	0x6f, 0x6e, 0x49, 0x64, 0x73, 0x12, 0x3f, 0x0a, 0x1c, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d,
-	0x5f, 0x67, 0x63, 0x65, 0x5f, 0x66, 0x69, 0x72, 0x6d, 0x77, 0x61, 0x72, 0x65, 0x5f, 0x76, 0x65,
-	0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x19, 0x6d, 0x69, 0x6e,
-	0x69, 0x6d, 0x75, 0x6d, 0x47, 0x63, 0x65, 0x46, 0x69, 0x72, 0x6d, 0x77, 0x61, 0x72, 0x65, 0x56,
-	0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x50, 0x0a, 0x12, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75,
-	0x6d, 0x5f, 0x74, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x18, 0x03, 0x20, 0x01,
-	0x28, 0x0e, 0x32, 0x21, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x47, 0x43, 0x45, 0x43,
-	0x6f, 0x6e, 0x66, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x54, 0x65, 0x63, 0x68, 0x6e,
-	0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x52, 0x11, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x54, 0x65,
-	0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x22, 0x3c, 0x0a, 0x06, 0x50, 0x6f, 0x6c, 0x69,
-	0x63, 0x79, 0x12, 0x32, 0x0a, 0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x50, 0x6c,
-	0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x08, 0x70, 0x6c,
-	0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2a, 0x53, 0x0a, 0x19, 0x47, 0x43, 0x45, 0x43, 0x6f, 0x6e,
-	0x66, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c,
-	0x6f, 0x67, 0x79, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x0b, 0x0a,
-	0x07, 0x41, 0x4d, 0x44, 0x5f, 0x53, 0x45, 0x56, 0x10, 0x01, 0x12, 0x0e, 0x0a, 0x0a, 0x41, 0x4d,
-	0x44, 0x5f, 0x53, 0x45, 0x56, 0x5f, 0x45, 0x53, 0x10, 0x02, 0x12, 0x0f, 0x0a, 0x0b, 0x41, 0x4d,
-	0x44, 0x5f, 0x53, 0x45, 0x56, 0x5f, 0x53, 0x4e, 0x50, 0x10, 0x04, 0x2a, 0x62, 0x0a, 0x14, 0x57,
-	0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
-	0x61, 0x74, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00,
-	0x12, 0x1c, 0x0a, 0x18, 0x4d, 0x53, 0x5f, 0x57, 0x49, 0x4e, 0x44, 0x4f, 0x57, 0x53, 0x5f, 0x50,
-	0x52, 0x4f, 0x44, 0x5f, 0x50, 0x43, 0x41, 0x5f, 0x32, 0x30, 0x31, 0x31, 0x10, 0x01, 0x12, 0x1f,
-	0x0a, 0x1b, 0x4d, 0x53, 0x5f, 0x54, 0x48, 0x49, 0x52, 0x44, 0x5f, 0x50, 0x41, 0x52, 0x54, 0x59,
-	0x5f, 0x55, 0x45, 0x46, 0x49, 0x5f, 0x43, 0x41, 0x5f, 0x32, 0x30, 0x31, 0x31, 0x10, 0x02, 0x2a,
-	0x35, 0x0a, 0x0d, 0x52, 0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
-	0x12, 0x0a, 0x0a, 0x06, 0x41, 0x6c, 0x77, 0x61, 0x79, 0x73, 0x10, 0x00, 0x12, 0x0d, 0x0a, 0x09,
-	0x4f, 0x6e, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x4e,
-	0x65, 0x76, 0x65, 0x72, 0x10, 0x02, 0x42, 0x2d, 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62,
-	0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x67, 0x6f, 0x2d, 0x74,
-	0x70, 0x6d, 0x2d, 0x74, 0x6f, 0x6f, 0x6c, 0x73, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x61,
-	0x74, 0x74, 0x65, 0x73, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x72, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x20, 0x0a, 0x06, 0x45, 0x66, 0x69, 0x41,
+	0x70, 0x70, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x0c, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x22, 0x2e, 0x0a, 0x08, 0x45, 0x66,
+	0x69, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x22, 0x0a, 0x04, 0x61, 0x70, 0x70, 0x73, 0x18, 0x01,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x45, 0x66,
+	0x69, 0x41, 0x70, 0x70, 0x52, 0x04, 0x61, 0x70, 0x70, 0x73, 0x22, 0x80, 0x03, 0x0a, 0x0c, 0x4d,
+	0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x31, 0x0a, 0x08, 0x70,
+	0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e,
+	0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x50, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x53,
+	0x74, 0x61, 0x74, 0x65, 0x52, 0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x12, 0x38,
+	0x0a, 0x0b, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x5f, 0x62, 0x6f, 0x6f, 0x74, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x53, 0x65, 0x63,
+	0x75, 0x72, 0x65, 0x42, 0x6f, 0x6f, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0a, 0x73, 0x65,
+	0x63, 0x75, 0x72, 0x65, 0x42, 0x6f, 0x6f, 0x74, 0x12, 0x2c, 0x0a, 0x0a, 0x72, 0x61, 0x77, 0x5f,
+	0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x61,
+	0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x52, 0x09, 0x72, 0x61, 0x77,
+	0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x21, 0x0a, 0x04, 0x68, 0x61, 0x73, 0x68, 0x18, 0x04,
+	0x20, 0x01, 0x28, 0x0e, 0x32, 0x0d, 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x41,
+	0x6c, 0x67, 0x6f, 0x52, 0x04, 0x68, 0x61, 0x73, 0x68, 0x12, 0x25, 0x0a, 0x04, 0x67, 0x72, 0x75,
+	0x62, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74,
+	0x2e, 0x47, 0x72, 0x75, 0x62, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x04, 0x67, 0x72, 0x75, 0x62,
+	0x12, 0x3b, 0x0a, 0x0c, 0x6c, 0x69, 0x6e, 0x75, 0x78, 0x5f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c,
+	0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e,
+	0x4c, 0x69, 0x6e, 0x75, 0x78, 0x4b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65,
+	0x52, 0x0b, 0x6c, 0x69, 0x6e, 0x75, 0x78, 0x4b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x12, 0x2a, 0x0a,
+	0x03, 0x63, 0x6f, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x61, 0x74, 0x74,
+	0x65, 0x73, 0x74, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x73, 0x53,
+	0x74, 0x61, 0x74, 0x65, 0x52, 0x03, 0x63, 0x6f, 0x73, 0x12, 0x22, 0x0a, 0x03, 0x65, 0x66, 0x69,
+	0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e,
+	0x45, 0x66, 0x69, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x03, 0x65, 0x66, 0x69, 0x22, 0xde, 0x01,
+	0x0a, 0x0e, 0x50, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
+	0x12, 0x39, 0x0a, 0x19, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x5f, 0x73, 0x63, 0x72, 0x74,
+	0x6d, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x01, 0x20,
+	0x03, 0x28, 0x0c, 0x52, 0x16, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x53, 0x63, 0x72, 0x74,
+	0x6d, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x73, 0x12, 0x3f, 0x0a, 0x1c, 0x6d,
+	0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x67, 0x63, 0x65, 0x5f, 0x66, 0x69, 0x72, 0x6d, 0x77,
+	0x61, 0x72, 0x65, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x0d, 0x52, 0x19, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x47, 0x63, 0x65, 0x46, 0x69, 0x72,
+	0x6d, 0x77, 0x61, 0x72, 0x65, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x50, 0x0a, 0x12,
+	0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x74, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f,
+	0x67, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x21, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73,
+	0x74, 0x2e, 0x47, 0x43, 0x45, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61,
+	0x6c, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x52, 0x11, 0x6d, 0x69, 0x6e,
+	0x69, 0x6d, 0x75, 0x6d, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x22, 0x3c,
+	0x0a, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x32, 0x0a, 0x08, 0x70, 0x6c, 0x61, 0x74,
+	0x66, 0x6f, 0x72, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x61, 0x74, 0x74,
+	0x65, 0x73, 0x74, 0x2e, 0x50, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x50, 0x6f, 0x6c, 0x69,
+	0x63, 0x79, 0x52, 0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2a, 0x53, 0x0a, 0x19,
+	0x47, 0x43, 0x45, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x54,
+	0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e,
+	0x45, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x41, 0x4d, 0x44, 0x5f, 0x53, 0x45, 0x56, 0x10, 0x01,
+	0x12, 0x0e, 0x0a, 0x0a, 0x41, 0x4d, 0x44, 0x5f, 0x53, 0x45, 0x56, 0x5f, 0x45, 0x53, 0x10, 0x02,
+	0x12, 0x0f, 0x0a, 0x0b, 0x41, 0x4d, 0x44, 0x5f, 0x53, 0x45, 0x56, 0x5f, 0x53, 0x4e, 0x50, 0x10,
+	0x04, 0x2a, 0x62, 0x0a, 0x14, 0x57, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x43, 0x65,
+	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b,
+	0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x1c, 0x0a, 0x18, 0x4d, 0x53, 0x5f, 0x57, 0x49, 0x4e,
+	0x44, 0x4f, 0x57, 0x53, 0x5f, 0x50, 0x52, 0x4f, 0x44, 0x5f, 0x50, 0x43, 0x41, 0x5f, 0x32, 0x30,
+	0x31, 0x31, 0x10, 0x01, 0x12, 0x1f, 0x0a, 0x1b, 0x4d, 0x53, 0x5f, 0x54, 0x48, 0x49, 0x52, 0x44,
+	0x5f, 0x50, 0x41, 0x52, 0x54, 0x59, 0x5f, 0x55, 0x45, 0x46, 0x49, 0x5f, 0x43, 0x41, 0x5f, 0x32,
+	0x30, 0x31, 0x31, 0x10, 0x02, 0x2a, 0x35, 0x0a, 0x0d, 0x52, 0x65, 0x73, 0x74, 0x61, 0x72, 0x74,
+	0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0a, 0x0a, 0x06, 0x41, 0x6c, 0x77, 0x61, 0x79, 0x73,
+	0x10, 0x00, 0x12, 0x0d, 0x0a, 0x09, 0x4f, 0x6e, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x10,
+	0x01, 0x12, 0x09, 0x0a, 0x05, 0x4e, 0x65, 0x76, 0x65, 0x72, 0x10, 0x02, 0x42, 0x2d, 0x5a, 0x2b,
+	0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2f, 0x67, 0x6f, 0x2d, 0x74, 0x70, 0x6d, 0x2d, 0x74, 0x6f, 0x6f, 0x6c, 0x73, 0x2f, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x33,
 }
 
 var (
@@ -1662,7 +1779,7 @@ func file_attest_proto_rawDescGZIP() []byte {
 }
 
 var file_attest_proto_enumTypes = make([]protoimpl.EnumInfo, 3)
-var file_attest_proto_msgTypes = make([]protoimpl.MessageInfo, 18)
+var file_attest_proto_msgTypes = make([]protoimpl.MessageInfo, 20)
 var file_attest_proto_goTypes = []interface{}{
 	(GCEConfidentialTechnology)(0), // 0: attest.GCEConfidentialTechnology
 	(WellKnownCertificate)(0),      // 1: attest.WellKnownCertificate
@@ -1680,19 +1797,21 @@ var file_attest_proto_goTypes = []interface{}{
 	(*ContainerState)(nil),         // 13: attest.ContainerState
 	(*SemanticVersion)(nil),        // 14: attest.SemanticVersion
 	(*AttestedCosState)(nil),       // 15: attest.AttestedCosState
-	(*MachineState)(nil),           // 16: attest.MachineState
-	(*PlatformPolicy)(nil),         // 17: attest.PlatformPolicy
-	(*Policy)(nil),                 // 18: attest.Policy
-	nil,                            // 19: attest.ContainerState.EnvVarsEntry
-	nil,                            // 20: attest.ContainerState.OverriddenEnvVarsEntry
-	(*tpm.Quote)(nil),              // 21: tpm.Quote
-	(*sevsnp.Attestation)(nil),     // 22: sevsnp.Attestation
-	(tpm.HashAlgo)(0),              // 23: tpm.HashAlgo
+	(*EfiApp)(nil),                 // 16: attest.EfiApp
+	(*EfiState)(nil),               // 17: attest.EfiState
+	(*MachineState)(nil),           // 18: attest.MachineState
+	(*PlatformPolicy)(nil),         // 19: attest.PlatformPolicy
+	(*Policy)(nil),                 // 20: attest.Policy
+	nil,                            // 21: attest.ContainerState.EnvVarsEntry
+	nil,                            // 22: attest.ContainerState.OverriddenEnvVarsEntry
+	(*tpm.Quote)(nil),              // 23: tpm.Quote
+	(*sevsnp.Attestation)(nil),     // 24: sevsnp.Attestation
+	(tpm.HashAlgo)(0),              // 25: tpm.HashAlgo
 }
 var file_attest_proto_depIdxs = []int32{
-	21, // 0: attest.Attestation.quotes:type_name -> tpm.Quote
+	23, // 0: attest.Attestation.quotes:type_name -> tpm.Quote
 	3,  // 1: attest.Attestation.instance_info:type_name -> attest.GCEInstanceInfo
-	22, // 2: attest.Attestation.sev_snp_attestation:type_name -> sevsnp.Attestation
+	24, // 2: attest.Attestation.sev_snp_attestation:type_name -> sevsnp.Attestation
 	0,  // 3: attest.PlatformState.technology:type_name -> attest.GCEConfidentialTechnology
 	3,  // 4: attest.PlatformState.instance_info:type_name -> attest.GCEInstanceInfo
 	6,  // 5: attest.GrubState.files:type_name -> attest.GrubFile
@@ -1702,25 +1821,27 @@ var file_attest_proto_depIdxs = []int32{
 	11, // 9: attest.SecureBootState.dbx:type_name -> attest.Database
 	11, // 10: attest.SecureBootState.authority:type_name -> attest.Database
 	2,  // 11: attest.ContainerState.restart_policy:type_name -> attest.RestartPolicy
-	19, // 12: attest.ContainerState.env_vars:type_name -> attest.ContainerState.EnvVarsEntry
-	20, // 13: attest.ContainerState.overridden_env_vars:type_name -> attest.ContainerState.OverriddenEnvVarsEntry
+	21, // 12: attest.ContainerState.env_vars:type_name -> attest.ContainerState.EnvVarsEntry
+	22, // 13: attest.ContainerState.overridden_env_vars:type_name -> attest.ContainerState.OverriddenEnvVarsEntry
 	13, // 14: attest.AttestedCosState.container:type_name -> attest.ContainerState
 	14, // 15: attest.AttestedCosState.cos_version:type_name -> attest.SemanticVersion
 	14, // 16: attest.AttestedCosState.launcher_version:type_name -> attest.SemanticVersion
-	5,  // 17: attest.MachineState.platform:type_name -> attest.PlatformState
-	12, // 18: attest.MachineState.secure_boot:type_name -> attest.SecureBootState
-	9,  // 19: attest.MachineState.raw_events:type_name -> attest.Event
-	23, // 20: attest.MachineState.hash:type_name -> tpm.HashAlgo
-	7,  // 21: attest.MachineState.grub:type_name -> attest.GrubState
-	8,  // 22: attest.MachineState.linux_kernel:type_name -> attest.LinuxKernelState
-	15, // 23: attest.MachineState.cos:type_name -> attest.AttestedCosState
-	0,  // 24: attest.PlatformPolicy.minimum_technology:type_name -> attest.GCEConfidentialTechnology
-	17, // 25: attest.Policy.platform:type_name -> attest.PlatformPolicy
-	26, // [26:26] is the sub-list for method output_type
-	26, // [26:26] is the sub-list for method input_type
-	26, // [26:26] is the sub-list for extension type_name
-	26, // [26:26] is the sub-list for extension extendee
-	0,  // [0:26] is the sub-list for field type_name
+	16, // 17: attest.EfiState.apps:type_name -> attest.EfiApp
+	5,  // 18: attest.MachineState.platform:type_name -> attest.PlatformState
+	12, // 19: attest.MachineState.secure_boot:type_name -> attest.SecureBootState
+	9,  // 20: attest.MachineState.raw_events:type_name -> attest.Event
+	25, // 21: attest.MachineState.hash:type_name -> tpm.HashAlgo
+	7,  // 22: attest.MachineState.grub:type_name -> attest.GrubState
+	8,  // 23: attest.MachineState.linux_kernel:type_name -> attest.LinuxKernelState
+	15, // 24: attest.MachineState.cos:type_name -> attest.AttestedCosState
+	17, // 25: attest.MachineState.efi:type_name -> attest.EfiState
+	0,  // 26: attest.PlatformPolicy.minimum_technology:type_name -> attest.GCEConfidentialTechnology
+	19, // 27: attest.Policy.platform:type_name -> attest.PlatformPolicy
+	28, // [28:28] is the sub-list for method output_type
+	28, // [28:28] is the sub-list for method input_type
+	28, // [28:28] is the sub-list for extension type_name
+	28, // [28:28] is the sub-list for extension extendee
+	0,  // [0:28] is the sub-list for field type_name
 }
 
 func init() { file_attest_proto_init() }
@@ -1886,7 +2007,7 @@ func file_attest_proto_init() {
 			}
 		}
 		file_attest_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*MachineState); i {
+			switch v := v.(*EfiApp); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -1898,7 +2019,7 @@ func file_attest_proto_init() {
 			}
 		}
 		file_attest_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*PlatformPolicy); i {
+			switch v := v.(*EfiState); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -1910,6 +2031,30 @@ func file_attest_proto_init() {
 			}
 		}
 		file_attest_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*MachineState); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_attest_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*PlatformPolicy); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_attest_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*Policy); i {
 			case 0:
 				return &v.state
@@ -1939,7 +2084,7 @@ func file_attest_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_attest_proto_rawDesc,
 			NumEnums:      3,
-			NumMessages:   18,
+			NumMessages:   20,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
diff --git a/proto/tpm/tpm.pb.go b/proto/tpm/tpm.pb.go
index f5cfef78d..68f9f78ca 100644
--- a/proto/tpm/tpm.pb.go
+++ b/proto/tpm/tpm.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.28.0
-// 	protoc        v3.12.4
+// 	protoc        v3.21.12
 // source: tpm.proto
 
 package tpm