nova/doc/source/admin/uefi.rst

UEFI

17.0.0 (Queens)

Nova supports configuring a UEFI bootloader for guests. This brings about important advantages over legacy BIOS bootloaders and allows for features such as secure-boot.

Enabling UEFI

Currently the configuration of UEFI guest bootloaders is only supported when using the libvirt compute driver with a :oslo.configlibvirt.virt_type of kvm or qemu or when using the Hyper-V compute driver with certain machine types. When using the libvirt compute driver with AArch64-based guests, UEFI is automatically enabled as AArch64 does not support BIOS.

Update this once compute drivers start reporting a trait indicating UEFI bootloader support.

Configuring a flavor or image

Configuring a UEFI bootloader varies depending on the compute driver in use.

Libvirt

UEFI support is enabled by default on AArch64-based guests. For other guest architectures, you can request UEFI support with libvirt by setting the hw_firmware_type image property to uefi. For example:

$ openstack image set --property hw_firmware_type=uefi $IMAGE

Hyper-V

It is not possible to explicitly request UEFI support with Hyper-V. Rather, it is enabled implicitly when using Generation 2 guests. You can request a Generation 2 guest by setting the hw_machine_type image metadata property to hyperv-gen2. For example:

$ openstack image set --property hw_machine_type=hyperv-gen2 $IMAGE

References

• Hyper-V UEFI Secure Boot (spec)
• Open Virtual Machine Firmware (OVMF) Status Report
• Anatomy of a boot, a QEMU perspective
• Should I create a generation 1 or 2 virtual machine in Hyper-V?