How to extend TDX RTMRs in VM guest on Azure?

[zc-cu]

Describe the support request
I am trying to implement a simple software component, which will measure a custom specified file and extend RTMR[2]. It also needs to be configured to auto start up after system boot completely.
I have tried the following two approaches to extend RTMR[2]:

1. Use the go-tdx-guest library. However, the depended system interface seems not available on Azure Ubuntu 24.04. I saw this repo and branch about the feature but I don't know if this is available on Azure.
2. Use the TDCALL via assembly code. However, the UIMP rejects my TDCALL.

I want to know what are some possible solutions, and which is easier (maybe not best practice).
For example:
Does other cloud provider have ubuntu images with easier RTMR access interface?
Should I implement the software as a kernel module instead to use the TDCALL?
Is it possible to use a regular Ubuntu 24.04 for Azure confidential VM instead of the Azure versions?
Or, maybe Azure Ubuntu has feature for user application to extend RTMR but just I didn't find?
Or, some other advices and solutions?

System report
Sorry but I cannot run the system report script because I am using Azure provided VM without host access.

[syncronize-issues-to-jira]

Thank you for reporting your feedback to us!

The internal ticket has been created: https://warthogs.atlassian.net/browse/PEK-2300.

This message was autogenerated

[hyperfinitism]

For reference:
On Azure TDX VMs, this might be expected behavior.

Azure TDX VM does not expose a plain TDX guest interface to the guest OS. Instead, Azure uses an OpenHCL-based architecture where the TDX module and vTPM are isolated from the guest OS.

As a result, the guest OS cannot directly access the TDX guest interface (e.g. /dev/tdx_guest), unlike a plain TDX CVM. Any interaction with the TDX module must go through OpenHCL-vTPM.

This differs from Google Cloud TDX CVMs. On GCP, the guest OS can directly access the TDX guest interface (e.g. /dev/tdx_guest), and according to GCP documentation, user-space extension of RTMR[3] is supported:

Users can extend the RTMR[3] register with user space measurements.

RTMR[0-2] are reserved and match the reproduced RTMR values by the tdeventlog tool bundled in this repository.

So yes — other cloud providers do expose a more direct RTMR interface to the guest OS, depending on their TDX architecture.