diff --git a/tools/packaging/static-build/ovmf/Dockerfile b/tools/packaging/static-build/ovmf/Dockerfile
index cffeb2ffb2..a9a148a756 100644
--- a/tools/packaging/static-build/ovmf/Dockerfile
+++ b/tools/packaging/static-build/ovmf/Dockerfile
@@ -17,5 +17,6 @@ RUN apt-get update && \
         nasm \
         python \
         python3 \
+        python3-distutils \
         uuid-dev && \
     apt-get clean && rm -rf /var/lib/lists/
diff --git a/tools/packaging/static-build/ovmf/build-ovmf.sh b/tools/packaging/static-build/ovmf/build-ovmf.sh
index 83537686c9..fe3925b1ce 100755
--- a/tools/packaging/static-build/ovmf/build-ovmf.sh
+++ b/tools/packaging/static-build/ovmf/build-ovmf.sh
@@ -1,6 +1,7 @@
 #!/bin/bash
 #
 # Copyright (c) 2022 IBM
+# Copyright (c) 2022 Intel
 #
 # SPDX-License-Identifier: Apache-2.0
 
@@ -15,7 +16,6 @@ source "${script_dir}/../../scripts/lib.sh"
 set +u
 ovmf_build="${ovmf_build:-x86_64}"
 ovmf_repo="${ovmf_repo:-}"
-ovmf_dir="edk2"
 ovmf_version="${ovmf_version:-}"
 ovmf_package="${ovmf_package:-}"
 package_output_dir="${package_output_dir:-}"
@@ -30,13 +30,14 @@ build_target="${build_target:-RELEASE}"
 [ -n "$ovmf_package" ] || die "failed to get ovmf package or commit"
 [ -n "$package_output_dir" ] || die "failed to get ovmf package or commit"
 
+ovmf_dir="${ovmf_repo##*/}"
+
 info "Build ${ovmf_repo} version: ${ovmf_version}"
 
 build_root=$(mktemp -d)
 pushd $build_root
-git clone "${ovmf_repo}"
+git clone --single-branch --depth 1 -b "${ovmf_version}" "${ovmf_repo}"
 cd "${ovmf_dir}"
-git checkout "${ovmf_version}"
 git submodule init
 git submodule update
 
@@ -53,16 +54,43 @@ if [ "${ovmf_build}" == "sev" ]; then
 fi
 
 info "Building ovmf"
-build -b "${build_target}" -t "${toolchain}" -a "${architecture}" -p "${ovmf_package}"
+build_cmd="build -b ${build_target} -t ${toolchain} -a ${architecture} -p ${ovmf_package}"
+if [ "${ovmf_build}" == "tdx" ]; then
+	build_cmd+=" -D DEBUG_ON_SERIAL_PORT=TRUE -D TDX_MEM_PARTIAL_ACCEPT=512 -D TDX_EMULATION_ENABLE=FALSE -D TDX_ACCEPT_PAGE_SIZE=2M"
+fi
+
+eval "${build_cmd}"
 
 info "Done Building"
 
-build_path="Build/${package_output_dir}/${build_target}_${toolchain}/FV/OVMF.fd"
-stat "${build_path}"
+build_path_target_toolchain="Build/${package_output_dir}/${build_target}_${toolchain}"
+build_path_fv="${build_path_target_toolchain}/FV"
+stat "${build_path_fv}/OVMF.fd"
+if [ "${ovmf_build}" == "tdx" ]; then
+	build_path_arch="${build_path_target_toolchain}/X64"
+	stat "${build_path_fv}/OVMF_CODE.fd"
+	stat "${build_path_fv}/OVMF_VARS.fd"
+	stat "${build_path_arch}/DumpTdxEventLog.efi"
+fi
 
 #need to leave tmp dir
 popd
 
 info "Install fd to destdir"
-mkdir -p "$DESTDIR/$PREFIX/share/ovmf"
-cp $build_root/$ovmf_dir/"${build_path}" "$DESTDIR/$PREFIX/share/ovmf"
\ No newline at end of file
+install_dir="${DESTDIR}/${PREFIX}/share/ovmf"
+if [ "${ovmf_build}" == "tdx" ]; then
+	install_dir="$DESTDIR/$PREFIX/share/tdvf"
+fi
+
+mkdir -p "${install_dir}"
+install $build_root/$ovmf_dir/"${build_path_fv}"/OVMF.fd "${install_dir}"
+if [ "${ovmf_build}" == "tdx" ]; then
+	install $build_root/$ovmf_dir/"${build_path_fv}"/OVMF_CODE.fd ${install_dir}
+	install $build_root/$ovmf_dir/"${build_path_fv}"/OVMF_VARS.fd ${install_dir}
+	install $build_root/$ovmf_dir/"${build_path_arch}"/DumpTdxEventLog.efi ${install_dir}
+fi
+
+pushd $DESTDIR
+tar -czvf "${ovmf_dir}-${ovmf_build}.tar.gz" "./$PREFIX"
+rm -rf $(dirname ./$PREFIX) 
+popd
diff --git a/tools/packaging/static-build/ovmf/build.sh b/tools/packaging/static-build/ovmf/build.sh
index 0662d20b82..fcbbd93210 100755
--- a/tools/packaging/static-build/ovmf/build.sh
+++ b/tools/packaging/static-build/ovmf/build.sh
@@ -25,7 +25,11 @@ ovmf_package="${ovmf_package:-}"
 package_output_dir="${package_output_dir:-}"
 
 if [ -z "$ovmf_repo" ]; then
-       ovmf_repo=$(get_from_kata_deps "externals.ovmf.url" "${kata_version}")
+       if [ "${ovmf_build}" == "tdx" ]; then
+	       ovmf_repo=$(get_from_kata_deps "externals.ovmf.tdx.url" "${kata_version}")
+       else
+	       ovmf_repo=$(get_from_kata_deps "externals.ovmf.url" "${kata_version}")
+       fi
 fi
 
 [ -n "$ovmf_repo" ] || die "failed to get ovmf repo"
@@ -38,6 +42,10 @@ elif [ "${ovmf_build}" == "sev" ]; then
        [ -n "$ovmf_version" ] || ovmf_version=$(get_from_kata_deps "externals.ovmf.sev.version" "${kata_version}")
        [ -n "$ovmf_package" ] || ovmf_package=$(get_from_kata_deps "externals.ovmf.sev.package" "${kata_version}")
        [ -n "$package_output_dir" ] || package_output_dir=$(get_from_kata_deps "externals.ovmf.sev.package_output_dir" "${kata_version}")
+elif [ "${ovmf_build}" == "tdx" ]; then
+       [ -n "$ovmf_version" ] || ovmf_version=$(get_from_kata_deps "externals.ovmf.tdx.version" "${kata_version}")
+       [ -n "$ovmf_package" ] || ovmf_package=$(get_from_kata_deps "externals.ovmf.tdx.package" "${kata_version}")
+       [ -n "$package_output_dir" ] || package_output_dir=$(get_from_kata_deps "externals.ovmf.tdx.package_output_dir" "${kata_version}")
 fi
 
 [ -n "$ovmf_version" ] || die "failed to get ovmf version or commit"
diff --git a/tools/packaging/static-build/td-shim/Dockerfile b/tools/packaging/static-build/td-shim/Dockerfile
new file mode 100644
index 0000000000..ed9270ca4a
--- /dev/null
+++ b/tools/packaging/static-build/td-shim/Dockerfile
@@ -0,0 +1,23 @@
+# Copyright (c) 2022 Intel
+#
+# SPDX-License-Identifier: Apache-2.0
+
+FROM ubuntu:20.04
+ENV DEBIAN_FRONTEND=noninteractive
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+ARG RUST_TOOLCHAIN
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        ca-certificates \
+        clang \
+        curl \
+        gcc \
+        git \
+        llvm \
+        nasm && \
+    apt-get clean && rm -rf /var/lib/lists/ && \
+    curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain ${RUST_TOOLCHAIN} && \
+    source "$HOME/.cargo/env" && \
+    rustup component add rust-src && \
+    cargo install cargo-xbuild
diff --git a/tools/packaging/static-build/td-shim/build-td-shim.sh b/tools/packaging/static-build/td-shim/build-td-shim.sh
new file mode 100755
index 0000000000..ed933c007e
--- /dev/null
+++ b/tools/packaging/static-build/td-shim/build-td-shim.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+#
+# Copyright (c) 2022 Intel
+#
+# SPDX-License-Identifier: Apache-2.0
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "${script_dir}/../../scripts/lib.sh"
+
+tdshim_repo="${tdshim_repo:-}"
+DESTDIR=${DESTDIR:-${PWD}}
+PREFIX="${PREFIX:-/opt/kata}"
+
+[ -n "${tdshim_repo}" ] || die "Failed to get TD-shim repo"
+[ -n "${tdshim_version}" ] || die "Failed to get TD-shim version or commit"
+
+info "Build ${tdshim_repo} version: ${tdshim_version}"
+
+source ${HOME}/.cargo/env
+
+build_root=$(mktemp -d)
+pushd ${build_root}
+git clone --single-branch "${tdshim_repo}"
+pushd td-shim
+git checkout "${tdshim_version}"
+bash sh_script/build_final.sh boot_kernel
+
+install_dir="${DESTDIR}/${PREFIX}/share/td-shim"
+mkdir -p ${install_dir}
+install target/x86_64-unknown-uefi/release/final-boot-kernel.bin ${install_dir}/td-shim.bin
+popd #td-shim
+popd #${build_root}
+
+pushd ${DESTDIR}
+tar -czvf "td-shim.tar.gz" "./$PREFIX"
+rm -rf $(dirname ./$PREFIX)
+popd #${DESTDIR}
diff --git a/tools/packaging/static-build/td-shim/build.sh b/tools/packaging/static-build/td-shim/build.sh
new file mode 100755
index 0000000000..580c4a3376
--- /dev/null
+++ b/tools/packaging/static-build/td-shim/build.sh
@@ -0,0 +1,45 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2022 Intel
+#
+# SPDX-License-Identifier: Apache-2.0
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+readonly repo_root_dir="$(cd "${script_dir}/../../../.." && pwd)"
+readonly tdshim_builder="${script_dir}/build-td-shim.sh"
+
+source "${script_dir}/../../scripts/lib.sh"
+
+DESTDIR=${DESTDIR:-${PWD}}
+PREFIX=${PREFIX:-/opt/kata}
+container_image="kata-td-shim-builder"
+kata_version="${kata_version:-}"
+tdshim_repo="${tdshim_repo:-}"
+tdshim_version="${tdshim_version:-}"
+tdshim_toolchain="${tdshim_toolchain:-}"
+package_output_dir="${package_output_dir:-}"
+
+[ -n "${tdshim_repo}" ] || tdshim_repo=$(get_from_kata_deps "externals.td-shim.url" "${kata_version}")
+[ -n "${tdshim_version}" ] || tdshim_version=$(get_from_kata_deps "externals.td-shim.version" "${kata_version}")
+[ -n "${tdshim_toolchain}" ] || tdshim_toolchain=$(get_from_kata_deps "externals.td-shim.toolchain" "${kata_version}")
+
+[ -n "${tdshim_repo}" ] || die "Failed to get TD-shim repo"
+[ -n "${tdshim_version}" ] || die "Failed to get TD-shim version or commit"
+[ -n "${tdshim_toolchain}" ] || die "Failed to get TD-shim toolchain to be used to build the project"
+
+sudo docker build \
+	--build-arg RUST_TOOLCHAIN="${tdshim_toolchain}" \
+	-t "${container_image}" "${script_dir}"
+
+sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
+	-w "${PWD}" \
+	--env DESTDIR="${DESTDIR}" \
+	--env PREFIX="${PREFIX}" \
+	--env tdshim_repo="${tdshim_repo}" \
+	--env tdshim_version="${tdshim_version}" \
+	"${container_image}" \
+	bash -c "${tdshim_builder}"
diff --git a/versions.yaml b/versions.yaml
index 2bbf4b2aee..d1b2d9b202 100644
--- a/versions.yaml
+++ b/versions.yaml
@@ -274,6 +274,18 @@ externals:
       version: "edk2-stable202202"
       package: "OvmfPkg/AmdSev/AmdSevX64.dsc"
       package_output_dir: "AmdSev"
+    tdx:
+      url: "https://github.com/tianocore/edk2-staging"
+      description: "TDVF build needed for TDX measured direct boot."
+      version: "2022-tdvf-ww28.5"
+      package: "OvmfPkg/OvmfPkgX64.dsc"
+      package_output_dir: "OvmfX64"
+
+  td-shim:
+    description: "Confidential Containers Shim Firmware"
+    url: "https://github.com/confidential-containers/td-shim"
+    version: "5f62a0e367b1845a54e534d103ed4a697a599ac3"
+    toolchain: "nightly-2022-04-07"
 
   virtiofsd:
     description: "vhost-user virtio-fs device backend written in Rust"