@Nguyen-Huynh-Khoi , I hope all is well. A Measured Boot process measures each component, from firmware up through the boot start drivers, stores those measurements in the Trusted Platform Module (TPM) on the machine, and then makes available a log that can be tested remotely to verify the boot state of the client.
The Measured Boot feature provides Anti-Malware (AM) software with a trusted (resistant to spoofing and tampering) log of all boot components that started before the AM software.
AM software can use the log to determine whether components that ran before it are trustworthy or if they are infected with malware.
The AM software on the local machine can send the log to a remote server for evaluation.
The remote server may initiate remediation actions either by interacting with software on the client or through out-of-band mechanisms, as appropriate.
The Trusted Platform Module (TPM) is a tamper-proof, cryptographically secure auditing component with firmware supplied by a trusted third party.
The boot configuration log contains hash-chained measurements recorded in its Platform Configuration Registers (PCR) when the host last underwent the bootstrapping sequence, incrementally adding a previously hashed measurement to the next measurement’s hash and running the hashing algorithm on the union accomplishes hash-chaining.
I hope that helps to sort things out for you.
Good Luck !!!
Cheers,
Adam