diff --git "a/kata-v3.15.0/doc/virtCCA\346\234\272\345\257\206\350\231\232\346\234\272\346\224\257\346\214\201DIM\345\212\250\346\200\201\345\272\246\351\207\217\346\214\207\345\257\274-20251127.md" "b/kata-v3.15.0/doc/virtCCA\346\234\272\345\257\206\350\231\232\346\234\272\346\224\257\346\214\201DIM\345\212\250\346\200\201\345\272\246\351\207\217\346\214\207\345\257\274-20251127.md"
new file mode 100644
index 0000000000000000000000000000000000000000..a6e2de07b5eb6cf024e8a378112bbc917b9003e3
--- /dev/null
+++ "b/kata-v3.15.0/doc/virtCCA\346\234\272\345\257\206\350\231\232\346\234\272\346\224\257\346\214\201DIM\345\212\250\346\200\201\345\272\246\351\207\217\346\214\207\345\257\274-20251127.md"
@@ -0,0 +1,213 @@
+# virtCCA机密虚机支持DIM动态度量指导
+
+## 前置步骤
+
+CoCo远程证明支持DIM动态度量是基于virtCCA远程证明的扩展功能，用户首先需要基于virtcca完成前置步骤[kata机密容器环境搭建](https://gitee.com/openeuler/virtCCA_sdk/blob/master/kata-v3.15.0/doc/%E6%9C%BA%E5%AF%86%E5%AE%B9%E5%99%A8%E8%BF%9C%E7%A8%8B%E8%AF%81%E6%98%8E%E7%8E%AF%E5%A2%83%E9%83%A8%E7%BD%B2.md)，至少完成到步骤[容器镜像签名验签](https://gitee.com/openeuler/virtCCA_sdk/blob/master/kata-v3.15.0/doc/%E5%AE%B9%E5%99%A8%E9%95%9C%E5%83%8F%E7%AD%BE%E5%90%8D%E9%AA%8C%E7%AD%BE.md)。
+
+### 1 CoCo远程证明使能DIM日志校验
+
+**步骤1：** 进入到容器，参考步骤[容器化编译CoCo远程证明组件](https://gitee.com/openeuler/virtCCA_sdk/blob/master/kata-v3.15.0/doc/%E5%AE%B9%E5%99%A8%E5%8C%96%E7%BC%96%E8%AF%91CoCo%E7%BB%84%E4%BB%B6.md)：
+
+```bash
+docker exec -it coco-build-env /bin/bash
+```
+**步骤2：** 远程证明组件打上支持DIM校验特性的补丁：
+
+```bash
+# guest-components组件补丁
+cd /home/kata-containers/build/guest-components
+wget https://gitee.com/xucee/virtCCA_sdk/raw/master/kata-v3.15.0/guest-components-virtcca-dim.patch
+git apply ./guest-components-virtcca-dim.patch
+
+# trustee组件补丁
+cd /home/kata-containers/build/trustee
+wget https://gitee.com/xucee/virtCCA_sdk/raw/master/kata-v3.15.0/trustee-virtcca-dim.patch
+git apply ./trustee-virtcca-dim.patch
+```
+**步骤3：** 进入容器进行编译，生成attestation-service和attestation-agent组件：
+
+```bash
+# 编译guest-components
+cd /coco/build/guest-components
+make clean && make build TEE_PLATFORM=virtcca
+
+# 编译attestation-agent和attestation-service
+cd /coco/build/guest-components/attestation-agent/attester
+cargo build --no-default-features --features bin,virtcca-attester --bin evidence_getter --release
+cd /coco/build/trustee/attestation-service && make VERIFIER=virtcca-verifier
+```
+
+
+### 2 机密虚机内核使能DIM动态度量
+
+**步骤1：** 拉取对应的内核源码：
+
+```
+git clone https://gitee.com/confidential_computing/kernel.git
+cd kernel
+git fetch --depth 1 origin befeef1c91ee7915a328b28788a9ff2f8aa119b4
+git checkout befeef1c91ee7915a328b28788a9ff2f8aa119b4
+
+# 替换内核config
+wget https://gitee.com/xucee/virtCCA_sdk/raw/master/kata-v3.15.0/conf/virtcca.config
+cp virtcca.config .config
+```
+
+**步骤2：** 将DIM代码放至内核的security目录（在kernel源码目录下执行）：
+
+```
+git clone https://gitee.com/HuaxinLuGitee/dim_ra.git --depth 1
+cp -r dim_ra/src/ security/dim
+```
+
+**步骤3：** 修改security目录下的编译配置（在kernel源码目录下执行）：
+
+```
+# 添加Kconfig引用
+sed -i '/endmenu/i\source "security/dim/Kconfig"' security/Kconfig
+# 添加Makefile引用
+echo "obj-y += dim/" >> security/Makefile
+# 替换内核版本的Makefile（默认为编译成内核模块）
+mv -f security/dim/Makefile.kernel security/dim/Makefile
+```
+
+**步骤3：** 编译内核：
+
+```
+make Image -j $(nproc)
+```
+**注意：** 编译过程中会弹出DIM相关的编译选项配置交互，需要将`DIM_CORE`开启，`DIM_CORE_SIGNATURE_SUPPORT`关闭。
+
+**步骤4：** 使用编译生成的Image替换机密虚机的内核（根据实际路径拷贝）：
+
+```
+cp arch/arm64/boot/Image /opt/kata/share/kata-containers
+cd /opt/kata/share/kata-containers
+ln -sf Image vmlinuz-confidential.container
+```
+
+**步骤5：** 重启机密虚机并登陆CVM（可选）：
+
+```
+略
+```
+
+**步骤6：** 检查DIM接口目录生成（可选）：
+
+```
+ls /sys/kernel/security/dim
+```
+
+### 3 机密虚机文件系统添加DIM启动配置
+
+**步骤1：** 挂载文件系统：
+
+```
+mount -o loop,offset=3145728 /opt/kata/share/kata-containers/kata-containers-confidential.img /mnt
+```
+
+**步骤2：** 替换coco组件：
+
+```
+# 替换attestation-agent
+cd /home/kata-containers/build/guest-components/target/aarch64-unknown-linux-musl/release/
+cp /mnt/usr/local/bin/attestation-agent /mnt/usr/local/bin/attestation-agent.bak
+cp attestation-agent /mnt/usr/local/bin/attestation-agent
+
+# 替换grpc-as
+cd /home/kata-containers/build/trustee/target/release
+cp /home/coco/remote_attestation/grpc-as /home/coco/remote_attestation/grpc-as.bak
+cp grpc-as /home/coco/remote_attestation/
+```
+
+**步骤3：** 创建dim策略（度量bash为例）：
+
+```
+mkdir -p /mnt/etc/dim/digest_list
+echo "measure obj=BPRM_TEXT path=/usr/bin/bash" > /mnt/etc/dim/policy
+```
+
+**步骤4：** 添加systemd服务配置系统启动时执行DIM度量：
+
+```
+# 创建systemd服务
+cat << EOF > /mnt/etc/systemd/system/dim.service
+[Unit]
+Description=DIM Init
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/bash -c "echo 1 > /sys/kernel/security/dim/baseline_init"
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
+EOF
+# 创建软链接，系统启动时执行
+ln -sf /lib/systemd/system/dim.service /mnt/etc/systemd/system/multi-user.target.wants/
+```
+
+**步骤5：** 在virtcca的基础上配置验证dim的policy：
+
+
+```
+vim /opt/confidential-containers/attestation-service/token/simple/policies/opa/default.rego
+
+package policy
+import future.keywords.every
+import future.keywords.if
+default allow := false
+allow if {
+    print("Full Input:", input)
+    print("Rim:", input["virtcca.realm.rim"])
+    print("Ref:", data.reference)
+    input["virtcca.realm.rim"] in data.reference["virtcca.realm.rim"]
+
+    every item in input["virtcca.dim"] {
+        item in data.reference["virtcca.dim"]
+    }
+}
+```
+**步骤6：** 通过[dim_tools](https://gitee.com/openeuler/dim_tools#/openeuler/dim_tools/blob/master/doc/cmd.md)工具生成dim基线值
+
+```
+dim_gen_baseline /usr/bin/bash
+dim USER sha256:1922b9243799a576fcd2f0eae047adad09868dd106cc1b4f13d457bad225292e /usr/bin/bash
+```
+**步骤7：** 通过rvps工具添加dim基线值（可与rim基线值一起添加），将步骤6生成的sha256的哈希值写到到virtcca.dim列表中。
+
+```bash
+cd /home/coco/remote_attestation
+cat << EOF > sample
+{
+    "virtcca.realm.rim": [
+        "59cbfed47932c52b6d36723727a6abe67547c22e6569b423562376e87ed8b3d5"
+    ],
+    "virtcca.dim" : [
+        "2491ef77532db575c87ecf9cf9a5778a6592ad8dddd51ac827587ce3ff5f3e37",
+        "8eceea7c8658ea28f8a9494c514c73983803fd949dc6c35f7aa936e34b0d99cb"
+    ]
+}
+EOF
+provenance=$(cat sample | base64 --wrap=0)
+cat << EOF > message
+{
+    "version" : "0.1.0",
+    "type": "sample",
+    "payload": "$provenance"
+}
+EOF
+./rvps-tool register --path ./message --addr http://127.0.0.1:50003
+```
+**步骤8：** 修改yaml文件，添加内核启动参数`dim_measure_rot=virtcca dim_measure_pcr=4 dim_measure_only=1`：
+
+```
+io.katacontainers.config.hypervisor.kernel_params: "agent.debug_console agent.log=debug dim_measure_rot=virtcca dim_measure_pcr=4 dim_measure_only=1"
+```
+
+**步骤9：** 卸载挂载点，启动coco组件拉起容器
+
+```bash
+umount /mnt
+kubectl apply -f xxxx.yaml
+```
diff --git a/kata-v3.15.0/guest-components-virtcca-dim.patch b/kata-v3.15.0/guest-components-virtcca-dim.patch
new file mode 100644
index 0000000000000000000000000000000000000000..5b08016edf99b9b3fe15d4929c9b663e84cd1336
--- /dev/null
+++ b/kata-v3.15.0/guest-components-virtcca-dim.patch
@@ -0,0 +1,95 @@
+From 6c326b244f9b725f22c3b89f5b8fe027825bfe39 Mon Sep 17 00:00:00 2001
+From: xuce <xuce10@h-partners.com>
+Date: Mon, 27 Oct 2025 11:11:49 +0800
+Subject: [PATCH] virtcca support dim log
+
+Signed-off-by: xuce <xuce10@h-partners.com>
+---
+ attestation-agent/attester/src/virtcca/mod.rs | 37 ++++++++++++++++++-
+ 1 file changed, 35 insertions(+), 2 deletions(-)
+
+diff --git a/attestation-agent/attester/src/virtcca/mod.rs b/attestation-agent/attester/src/virtcca/mod.rs
+index c6207df..85ab8ca 100644
+--- a/attestation-agent/attester/src/virtcca/mod.rs
++++ b/attestation-agent/attester/src/virtcca/mod.rs
+@@ -7,6 +7,8 @@ use anyhow::*;
+ use iocuddle::{Group, Ioctl, WriteRead, Read};
+ use serde::{Deserialize, Serialize};
+ use std::path::Path;
++use std::fs::File;
++use std::io::Read as IoRead;
+ 
+ const VIRTCCA_GUEST_IOCTL: &str = "/dev/tsi";
+ const VIRTCCA_REPORT_DATA_SIZE: usize = 64;
+@@ -14,6 +16,8 @@ const MAX_DEV_CERT_SIZE: usize = 4096;
+ const GRANULE_SIZE: usize = 4096;
+ const MAX_TOKEN_GRANULE_COUNT: usize = 2;
+ 
++const DIM_LOG_FILE_PATH: &str = "/sys/kernel/security/dim/binary_runtime_measurements";
++
+ pub fn detect_platform() -> bool {
+     Path::new(VIRTCCA_GUEST_IOCTL).exists()
+ }
+@@ -21,12 +25,32 @@ pub fn detect_platform() -> bool {
+ #[derive(Debug, Default)]
+ pub struct VirtccaAttester {}
+ 
++impl VirtccaAttester {
++    fn read_dim_log_file(&self) -> Result<Vec<u8>> {
++
++        if !Path::new(DIM_LOG_FILE_PATH).exists() {
++            return Err(anyhow!("DIM log file not found at {}", DIM_LOG_FILE_PATH));
++        }
++
++        let mut file = File::open(DIM_LOG_FILE_PATH)
++            .context(format!("Failed to open DIM log file: {}", DIM_LOG_FILE_PATH))?;
++
++        let mut content = Vec::new();
++        file.read_to_end(&mut content)
++            .context(format!("Failed to read content from DIM log file: {}", DIM_LOG_FILE_PATH))?;
++
++        Ok(content)
++    }
++}
++
+ #[derive(Serialize, Deserialize)]
+ pub struct VirtccaEvidence {
+     // virtcca token
+     pub evidence_virtcca: Vec<u8>,
+     // virtcca device certificate
+-    pub dev_cert: Vec<u8>
++    pub dev_cert: Vec<u8>,
++    // dim measure log
++    pub dim_log: Vec<u8>
+ }
+ 
+ #[repr(C)]
+@@ -67,9 +91,18 @@ impl Attester for VirtccaAttester {
+                                 .ioctl(&mut fd)
+                                 .context("Get virtcca device cert failed")?;
+ 
++        let dim_log = match self.read_dim_log_file() {
++            Result::Ok(content) => content,
++            Err(err) => {
++                log::warn!("Failed to read DIM log file: {}", err);
++                Vec::new()
++            }
++        };
++
+         let evidence = VirtccaEvidence {
+             evidence_virtcca: token_cmd.token[..token_cmd.token_size as usize].to_vec(),
+             dev_cert: cert_cmd.value[..cert_cmd.size as usize].to_vec(),
++            dim_log: dim_log,
+         };
+ 
+         serde_json::to_string(&evidence).context("Serialize virtCCA evidence failed")
+@@ -88,4 +121,4 @@ mod tests {
+         let evidence = attester.get_evidence(report_data).await;
+         assert!(evidence.is_ok());
+     }
+-}
++}
+\ No newline at end of file
+-- 
+2.43.0
+
diff --git a/kata-v3.15.0/tools/build.sh b/kata-v3.15.0/tools/build.sh
index 038253ba2645b266531712a73e694d90d3bada4d..ee4906aab3f0a8ecf95911a351702257f419466a 100644
--- a/kata-v3.15.0/tools/build.sh
+++ b/kata-v3.15.0/tools/build.sh
@@ -490,11 +490,23 @@ git apply --reject --whitespace=fix ../virtCCA_sdk/kata-v"$KATA_VERSION"/guest-c
     echo "Warning: guest-components patch issues detected, check .rej files"
 }
 
+if [[ $1 == "with_dim" ]]; then
+    git apply --reject --whitespace=fix ./build/virtCCA_sdk/kata-v"$KATA_VERSION"/guest-components-virtcca-dim.patch || {
+        echo "Warning: kata-containers patch issues detected, check .rej files"
+    }
+fi
+
 cd "$KATA_SRC_DIR/build/trustee"
 git apply --reject --whitespace=fix ../virtCCA_sdk/kata-v"$KATA_VERSION"/trustee.patch || {
     echo "Warning: trustee patch issues detected, check .rej files"
 }
 
+if [[ $1 == "with_dim" ]]; then
+    git apply --reject --whitespace=fix ./build/virtCCA_sdk/kata-v"$KATA_VERSION"/trustee-virtcca-dim.patch || {
+        echo "Warning: kata-containers patch issues detected, check .rej files"
+    }
+fi
+
 cd "$KATA_SRC_DIR/build/kbs-types"
 git reset --hard $KBS_TYPES_COMMIT_TAG
 git apply --reject --whitespace=fix ../virtCCA_sdk/kata-v"$KATA_VERSION"/kbs-types.patch || {
@@ -1414,7 +1426,7 @@ case "$1" in
         init_k8s
         ;;
     kdeploy*)
-        kata_deploy
+        kata_deploy $2
         ;;
     operator*)
         launch_cc_operator
@@ -1434,7 +1446,7 @@ case "$1" in
     all*)
         install_containerd
         init_k8s
-        kata_deploy
+        kata_deploy $2
         launch_cc_operator
         compile_coco
         rats
diff --git a/kata-v3.15.0/trustee-virtcca-dim.patch b/kata-v3.15.0/trustee-virtcca-dim.patch
new file mode 100644
index 0000000000000000000000000000000000000000..575fbb13cf85ee06da19d74199b672fdd7ac4495
--- /dev/null
+++ b/kata-v3.15.0/trustee-virtcca-dim.patch
@@ -0,0 +1,263 @@
+From 9fa32477d9b782afd92c436cb952345eedc89a02 Mon Sep 17 00:00:00 2001
+From: xuce <xuce10@h-partners.com>
+Date: Fri, 17 Oct 2025 16:07:24 +0800
+Subject: [PATCH] dim support virtcca
+
+Signed-off-by: xuce <xuce10@h-partners.com>
+---
+ Cargo.lock                       | 16 ++++++++
+ Cargo.toml                       |  2 +
+ deps/verifier/Cargo.toml         |  4 +-
+ deps/verifier/src/virtcca/dim.rs | 48 +++++++++++++++++++++++
+ deps/verifier/src/virtcca/mod.rs | 65 ++++++++++++++++++++++++++++++--
+ 5 files changed, 131 insertions(+), 4 deletions(-)
+ create mode 100644 deps/verifier/src/virtcca/dim.rs
+
+diff --git a/Cargo.lock b/Cargo.lock
+index c421136..76ebcd0 100644
+--- a/Cargo.lock
++++ b/Cargo.lock
+@@ -5960,6 +5960,7 @@ dependencies = [
+  "tonic-build",
+  "veraison-apiclient",
+  "x509-parser",
++ "ima-measurements",
+ ]
+ 
+ [[package]]
+@@ -6589,3 +6590,18 @@ dependencies = [
+  "cc",
+  "pkg-config",
+ ]
++
++[[package]]
++name = "ima-measurements"
++version = "0.2.0"
++source = "registry+https://github.com/rust-lang/crates.io-index"
++checksum = "352224641e2e2c25761629713f5059995750ad52ec59358d0f47cb71d1f836f2"
++dependencies = [
++ "byteorder",
++ "fallible-iterator",
++ "hex",
++ "serde",
++ "serde_yaml 0.8.26",
++ "thiserror 1.0.69",
++ "tpmless-tpm2",
++]
+\ No newline at end of file
+diff --git a/Cargo.toml b/Cargo.toml
+index 6531148..628082a 100644
+--- a/Cargo.toml
++++ b/Cargo.toml
+@@ -64,3 +64,5 @@ tokio = { version = "1", features = ["full"], default-features = false }
+ tempfile = "3.14.0"
+ tonic = "0.12"
+ tonic-build = "0.12"
++ima-measurements = "0.2.0"
++fallible-iterator = "0.2.0"
+\ No newline at end of file
+diff --git a/deps/verifier/Cargo.toml b/deps/verifier/Cargo.toml
+index f3ad264..bd88a28 100644
+--- a/deps/verifier/Cargo.toml
++++ b/deps/verifier/Cargo.toml
+@@ -44,7 +44,7 @@ serde_json.workspace = true
+ serde_with = { workspace = true, optional = true }
+ sev = { version = "4.0.0", features = ["openssl", "snp"], optional = true }
+ sha2.workspace = true 
+-tokio = { workspace = true, optional = true }
++tokio = { workspace = true, features = ["full"] }
+ intel-tee-quote-verification-rs = { git = "https://github.com/intel/SGXDataCenterAttestationPrimitives", tag = "DCAP_1.22", optional = true }
+ strum.workspace = true
+ veraison-apiclient = { git = "https://github.com/chendave/rust-apiclient", branch = "token", optional = true }
+@@ -54,6 +54,8 @@ reqwest.workspace = true
+ bitflags = { version = "2.8.0", features = ["serde"] }
+ cose-rust = { version = "0.1.7", optional = true }
+ ciborium = { version = "0.2.2", optional = true }
++ima-measurements.workspace = true
++fallible-iterator.workspace = true
+ 
+ [build-dependencies]
+ shadow-rs.workspace = true
+diff --git a/deps/verifier/src/virtcca/dim.rs b/deps/verifier/src/virtcca/dim.rs
+new file mode 100644
+index 0000000..19383a4
+--- /dev/null
++++ b/deps/verifier/src/virtcca/dim.rs
+@@ -0,0 +1,48 @@
++/*
++ * Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved.
++ * secGear is licensed under the Mulan PSL v2.
++ * You can use this software according to the terms and conditions of the Mulan PSL v2.
++ * You may obtain a copy of Mulan PSL v2 at:
++ *     http://license.coscl.org.cn/MulanPSL2
++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
++ * PURPOSE.
++ * See the Mulan PSL v2 for more details.
++ */
++
++//! DIM verifier module
++//!
++//! This module provides DIM (Dynamic Integrity Measurement) verification functionality
++//! for TEE attestation.
++
++use anyhow::{bail, Result};
++use ima_measurements::Event;
++
++/// Common function to parse DIM events
++/// which is shared between different TEE implementations.
++pub fn parse_dim_events(events: &[Event]) -> Result<Vec<String>> {
++    if events.len() < 2 {
++        bail!("No DIM measurement records for files found.");
++    }
++
++    let mut dim_digests = Vec::new();
++    let mut skip_first = true;
++    // parse each file digest in dim log
++    for event in events {
++        let (name, file_digest) = match &event.data {
++            ima_measurements::EventData::ImaNg { digest, name } => (name, &digest.digest),
++            _ => bail!("Invalid event {:?}", event),
++        };
++        if skip_first && name == "boot_aggregate" {
++            skip_first = false;
++            continue;
++        }
++
++        let hex_str_digest = hex::encode(file_digest);
++        dim_digests.push(hex_str_digest);
++    }
++
++    log::debug!("dim digests: {:?}", dim_digests);
++
++    Ok(dim_digests)
++}
+\ No newline at end of file
+diff --git a/deps/verifier/src/virtcca/mod.rs b/deps/verifier/src/virtcca/mod.rs
+index 9fac7e4..aa9e923 100644
+--- a/deps/verifier/src/virtcca/mod.rs
++++ b/deps/verifier/src/virtcca/mod.rs
+@@ -17,6 +17,11 @@ use serde::Deserialize;
+ use cose::message::CoseMessage;
+ use cose::keys::CoseKey;
+ 
++use fallible_iterator::FallibleIterator;
++mod dim;
++use dim::parse_dim_events;
++use ima_measurements::{Event, Parser};
++
+ // Define constants for the tags
+ const TAG_CCA_TOKEN_COLLECTION: u64 = 399;
+ const TAG_CCA_REALM_TOKEN: i128 = 44241;
+@@ -41,6 +46,7 @@ const CVM_ECC_PUB_KEY_SIZE: usize = 133;
+ pub struct VirtccaEvidence {
+     pub evidence_virtcca: Vec<u8>,
+     pub dev_cert: Vec<u8>,
++    pub dim_log: Vec<u8>
+ }
+ 
+ pub struct CcaCoseEvidence {
+@@ -73,7 +79,6 @@ const SUB_CERT_ENV: &str = "VIRTCCA_SUB_CERT";
+ const ECC_ROOT_CERT_OF_DEVICE_CERT: &str = "/etc/attestation/attestation-service/verifier/virtcca/Huawei ECC Attestation Root CA 1.pem";
+ const ECC_SUB_CERT_OF_DEVICE_CERT: &str = "/etc/attestation/attestation-service/verifier/virtcca/Huawei Computing ECC CCA CA 1.pem";
+ 
+-
+ #[derive(Debug, Default)]
+ pub struct VirtCCAVerifier {}
+ 
+@@ -191,6 +196,12 @@ impl Verifier for VirtCCAVerifier {
+                   realm_claims.challenge, expected_report_data);
+         }
+ 
++        // Verify the DIM events
++        let dim_digests = match dim_verify(&evidence.dim_log, &realm_claims.rem) {
++            Ok(result) => Some(result),
++            Err(err) => bail!("Failed to verify DIM events: {:?}", err),
++        };
++
+         // Not to verify if no init data from attester
+         if let InitDataHash::Value(expected_init_data_hash) = expected_init_data_hash {
+             let expected_init_data_hash = regularize_data(expected_init_data_hash, 64, "REPORT_DATA", "VIRTCCA");
+@@ -201,7 +212,7 @@ impl Verifier for VirtCCAVerifier {
+         }
+ 
+         // Extract and parse TeeClaim from evidence_virtcca
+-        let tee_claim = build_tee_claims(realm_claims, platform_claims)
++        let tee_claim = build_tee_claims(realm_claims, platform_claims, dim_digests)
+             .context("Failed to TeeEvidenceParsedClaim")?;
+ 
+         Ok(tee_claim)
+@@ -371,6 +382,53 @@ fn verify_evidence_integrity(dev_cert_is_ecc: bool, mut cose_envelop: CoseMessag
+     Ok(())
+ }
+ 
++fn dim_verify(dim_log: &[u8], cvm_rem: &[Vec<u8>]) -> Result<Vec<String>> {
++        if dim_log.is_empty() {
++            return Ok(Vec::new());
++        }
++
++        // Parse DIM events
++        let mut parser = Parser::new(dim_log);
++        let mut events: Vec<Event> = Vec::new();
++        while let Some(event) = parser.next()? {
++            events.push(event);
++        }
++
++        if events.len() < 2 {
++            bail!("No DIM measurement records for files found.");
++        }
++
++        let pcr_index = events[1].pcr_index;
++        if pcr_index < 1 || pcr_index > CVM_REM_ARR_SIZE as u32 {
++            bail!("Invalid pcr_index for DIM");
++        }
++
++        let dim_index = (pcr_index - 1) as usize;
++        let pcr_values = parser.pcr_values();
++        let pcr_value = pcr_values.get(&pcr_index).expect("PCR not measured");
++        let string_pcr_sha256 = hex::encode(pcr_value.sha256);
++        let string_dim_log_hash = hex::encode(cvm_rem[dim_index].clone());
++
++        log::debug!(
++            "pcr_index: {}, string_pcr_sha256: {}, string_dim_log_hash: {}",
++            pcr_index,
++            string_pcr_sha256,
++            string_dim_log_hash
++        );
++
++        if string_pcr_sha256 != string_dim_log_hash {
++            log::error!(
++                "dim log verify failed string_pcr_sha256 {}, string_dim_log_hash {}",
++                string_pcr_sha256,
++                string_dim_log_hash
++            );
++            bail!("DIM log hash verification failed. Please check the log and reference data, and verify if PCR has been extended to PCR4.");
++        }
++
++        // Use th+e common function to parse DIM events
++        parse_dim_events(&events)
++}
++
+ fn verify_dev_cert_chain(dev_cert: &x509::X509, sub_cert: &x509::X509, root_cert: &x509::X509) -> Result<Vec<u8>> {
+ 
+     // verify if pub key of dev_cert match expected_public_key
+@@ -395,7 +453,7 @@ fn verify_dev_cert_chain(dev_cert: &x509::X509, sub_cert: &x509::X509, root_cert
+     Ok(dev_cert_pub_key_der)
+ }
+ 
+-fn build_tee_claims(realm: CcaRealmClaims, platform: Option<CcaPlatformClaims>) -> Result<TeeEvidenceParsedClaim> {
++fn build_tee_claims(realm: CcaRealmClaims, platform: Option<CcaPlatformClaims>, dim_digests: Option<Vec<String>>) -> Result<TeeEvidenceParsedClaim> {
+     let claim = json!({
+         "realm": {
+             "challenge": hex::encode(realm.challenge.clone()),
+@@ -412,6 +470,7 @@ fn build_tee_claims(realm: CcaRealmClaims, platform: Option<CcaPlatformClaims>)
+             "payload": platform.as_ref().map(|p| hex::encode(&p.payload)).unwrap_or_default(),
+         },
+         "report_data" : hex::encode(realm.challenge.clone()),
++        "dim": dim_digests.unwrap_or_default(),
+     });
+     Ok(claim as TeeEvidenceParsedClaim)
+ }
+-- 
+2.43.0
+