diff --git a/oswin_tempest_plugin/config.py b/oswin_tempest_plugin/config.py
index 93b34a3..c76981f 100644
--- a/oswin_tempest_plugin/config.py
+++ b/oswin_tempest_plugin/config.py
@@ -37,6 +37,11 @@ HyperVGroup = [
     cfg.StrOpt('gen2_image_ref',
                help="Valid Generation 2 VM VHDX image reference to be used "
                     "in tests."),
+    cfg.StrOpt('secure_boot_image_ref',
+               help="Valid secure boot VM VHDX image reference to be used "
+                    "in tests."),
+    cfg.StrOpt('secure_boot_image_ssh_user',
+               help='User for secure boot image to be used in tests.'),
     cfg.BoolOpt('cluster_enabled',
                 default=False,
                 help="The compute nodes are joined into a Hyper-V Cluster."),
diff --git a/oswin_tempest_plugin/tests/scenario/test_secure_boot.py b/oswin_tempest_plugin/tests/scenario/test_secure_boot.py
new file mode 100644
index 0000000..5199410
--- /dev/null
+++ b/oswin_tempest_plugin/tests/scenario/test_secure_boot.py
@@ -0,0 +1,70 @@
+# Copyright 2017 Cloudbase Solutions SRL
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from oswin_tempest_plugin import config
+from oswin_tempest_plugin.tests._mixins import optional_feature
+from oswin_tempest_plugin.tests import test_base
+
+CONF = config.CONF
+
+
+class SecureBootTestCase(test_base.TestBase,
+                         optional_feature._OptionalFeatureMixin):
+    """Secure boot test suite.
+
+    This test suite will spawn instances requiring secure boot to be
+    enabled.
+
+    This test suite will require a Generation 2 VHDX image, with a
+    Linux guest OS (it tests connectivity via SSH).
+
+    The configured image must contain the following properties:
+    * os_type=linux
+    * hw_machine_type=hyperv-gen2
+
+    Hyper-V Secure Boot was first introduced in Windows / Hyper-V Server 2012
+    R2, but support for Linux guests was introduced in Windows / Hyper-V
+    Server 2016, which is why this test suite will require compute nodes
+    with the OS version 10.0 or newer.
+    """
+
+    _MIN_HYPERV_VERSION = 10000
+
+    # NOTE(amuresan):Images supporting secure boot usually require more disk
+    #                space. We're trying to use the largest of the configured
+    #                flavors.
+
+    _FLAVOR_REF = CONF.compute.flavor_ref_alt
+    _IMAGE_REF = CONF.hyperv.secure_boot_image_ref
+    _IMAGE_SSH_USER = CONF.hyperv.secure_boot_image_ssh_user
+    _FEATURE_FLAVOR = {'extra_specs': {'os:secure_boot': 'required'}}
+
+    # TODO(amuresan): the secure_boot_image_ref should be reused in
+    # more than one test case so we don't have to add a different
+    # image for every test.
+
+    @classmethod
+    def skip_checks(cls):
+        super(SecureBootTestCase, cls).skip_checks()
+        # check if the needed image ref has been configured.
+        if not cls._IMAGE_REF:
+            msg = ('The config option "hyperv.secure_boot_image_ref" '
+                   'has not been set. Skipping secure boot tests.')
+            raise cls.skipException(msg)
+
+        if not cls._IMAGE_SSH_USER:
+            msg = ('The config option "hyperv.secure_boot_image_ssh_user" '
+                   'has not been set. Skipping.')
+            raise cls.skipException(msg)
diff --git a/oswin_tempest_plugin/tests/test_base.py b/oswin_tempest_plugin/tests/test_base.py
index 480cf9d..bda6c93 100644
--- a/oswin_tempest_plugin/tests/test_base.py
+++ b/oswin_tempest_plugin/tests/test_base.py
@@ -46,6 +46,12 @@ class TestBase(tempest.test.BaseTestCase):
     # Inheriting TestCases should change this image ref if needed.
     _IMAGE_REF = CONF.compute.image_ref
 
+    # Inheriting TestCases should change this flavor ref if needed.
+    _FLAVOR_REF = CONF.compute.flavor_ref
+
+    # Inheriting TestCases should change this ssh User if needed.
+    _IMAGE_SSH_USER = CONF.validation.image_ssh_user
+
     # suffix to use for the newly created flavors.
     _FLAVOR_SUFFIX = ''
 
@@ -144,7 +150,7 @@ class TestBase(tempest.test.BaseTestCase):
         return new_flavor
 
     def _get_flavor_ref(self):
-        return CONF.compute.flavor_ref
+        return self._FLAVOR_REF
 
     def _create_server(self, flavor=None):
         """Wrapper utility that returns a test server.
@@ -155,7 +161,7 @@ class TestBase(tempest.test.BaseTestCase):
         clients = self.os_primary
         name = data_utils.rand_name(self.__class__.__name__ + "-server")
         image_id = self._get_image_ref()
-        flavor = flavor or self._get_flavor_ref()
+        flavor = flavor or self._FLAVOR_REF or self._get_flavor_ref()
         keypair = self.create_keypair()
         tenant_network = self.get_tenant_network()
         security_group = self._create_security_group()
@@ -266,8 +272,8 @@ class TestBase(tempest.test.BaseTestCase):
         ip_address = server_tuple.floating_ip['ip']
         private_key = server_tuple.keypair['private_key']
 
-        # ssh into the VM.
-        username = CONF.validation.image_ssh_user
+        # ssh into the VM
+        username = self._IMAGE_SSH_USER
         linux_client = remote_client.RemoteClient(
             ip_address, username, pkey=private_key, password=None,
             server=server, servers_client=self.servers_client)