diff --git a/src/libs/protocols/protos/confidential_data_hub.proto b/src/libs/protocols/protos/confidential_data_hub.proto
index f639c94c9..e3d6ff00c 100644
--- a/src/libs/protocols/protos/confidential_data_hub.proto
+++ b/src/libs/protocols/protos/confidential_data_hub.proto
@@ -28,6 +28,21 @@ message SecureMountResponse {
     string mount_path = 1;
 }
 
+message ImagePullRequest {
+    // - `image_url`: The reference of the image to pull
+    string image_url = 1;
+
+    // - `bundle_path`: The path to store the OCI bundle. This path
+    // should be created by client, and initially empty. After the RPC is
+    // called, a mounted `rootfs` directory under the this path. Note
+    // that this path is CDH's root filesystem, not the caller's root filesystem.
+    // However, usually the caller (kata-agent) and the server (CDH) runs on the same
+    // root, so it's safe to use an absolute path of kata-agent.
+    string bundle_path = 2;
+}
+
+message ImagePullResponse {}
+
 service SealedSecretService {
     rpc UnsealSecret(UnsealSecretInput) returns (UnsealSecretOutput) {};
 }
@@ -46,4 +61,10 @@ message GetResourceResponse {
 
 service GetResourceService {
     rpc GetResource(GetResourceRequest) returns (GetResourceResponse) {};
+}
+
+// ImagePullService is used to pull images from a remote registry
+// and mount the resulting root filesystems.
+service ImagePullService {
+    rpc PullImage(ImagePullRequest) returns (ImagePullResponse) {};
 }
\ No newline at end of file