Version 1.14. This version is no longer supported. For information about how to upgrade to version 1.15, seeUpgrading Anthos on bare metalin the 1.15 documentation. For more information about supported and unsupported versions, see theVersion historypage in the latest documentation.
This document is for platform administrators and application owners that run
virtual machines (VMs) in VM Runtime on Google Distributed Cloud. This document shows you
how to enable the Unified Extensible Firmware Interface (UEFI) boot process
instead of the default BIOS booting process for virtual machines (VMs) that use
Anthos VM Runtime. This document also shows how to enableSecure Bootand how to set
up emulatedsmbiosfields.
Before you begin
To complete this document, you need access to the following resources:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThis guide demonstrates how to enable the Unified Extensible Firmware Interface (UEFI) boot process for virtual machines (VMs) in VM Runtime on Google Distributed Cloud, replacing the default BIOS boot.\u003c/p\u003e\n"],["\u003cp\u003eSecure Boot can be enabled for VMs that are configured to use UEFI booting by setting the \u003ccode\u003eenableSecureBoot\u003c/code\u003e field to \u003ccode\u003etrue\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003ePlatform administrators and application owners can set up emulated \u003ccode\u003esmbios\u003c/code\u003e fields, such as \u003ccode\u003euuid\u003c/code\u003e and \u003ccode\u003eserial\u003c/code\u003e, within the firmware section of the \u003ccode\u003eVirtualMachine\u003c/code\u003e manifest, for both UEFI and BIOS booting.\u003c/p\u003e\n"],["\u003cp\u003eTo enable UEFI booting on an existing VM, the VM must contain an EFI partition, and the \u003ccode\u003efirmware\u003c/code\u003e field in the \u003ccode\u003eVirtualMachine\u003c/code\u003e manifest needs to be edited to include the \u003ccode\u003ebootloader\u003c/code\u003e type \u003ccode\u003euefi\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,["# Configure booting\n\n\u003cbr /\u003e\n\nThis document is for platform administrators and application owners that run\nvirtual machines (VMs) in VM Runtime on Google Distributed Cloud. This document shows you\nhow to enable the Unified Extensible Firmware Interface (UEFI) boot process\ninstead of the default BIOS booting process for virtual machines (VMs) that use\nAnthos VM Runtime. This document also shows how to enable\n[Secure Boot](/compute/shielded-vm/docs/shielded-vm#secure-boot) and how to set\nup emulated `smbios` fields.\n\nBefore you begin\n----------------\n\nTo complete this document, you need access to the following resources:\n\n- Access to Google Distributed Cloud version 1.12.0 (`anthosBareMetalVersion: 1.12.0`) or higher cluster. You can use any cluster type capable of running workloads. If needed, [try Google Distributed Cloud on Compute\n Engine](/anthos/clusters/docs/bare-metal/1.14/try/gce-vms) or see the [cluster\n creation\n overview](/anthos/clusters/docs/bare-metal/1.14/installing/creating-clusters/create-clusters-overview).\n\nEnable UEFI booting\n-------------------\n\nYou can enable UEFI booting for both new and existing VMs. To enable UEFI\nbooting in an existing VM, the VM must have an EFI partition.\n\n1. [Create a manifest](/anthos/clusters/docs/bare-metal/latest/vm-runtime/tutorial-create-vm#create_a_vm) that defines a `VirtualMachine` or edit the manifest of an existing `VirtualMachine`.\n2. Add the `firmware` field to the `VirtualMachine` manifest as shown in the\n example below:\n\n apiVersion: vm.cluster.gke.io/v1\n kind: VirtualMachine\n metadata:\n labels:\n kubevirt.io/vm: vm1\n name: vm1\n namespace: test-vm-ns\n spec:\n compute:\n cpu:\n vcpus: 2\n memory:\n capacity: 4Gi\n interfaces:\n - name: eth0\n networkName: pod-network\n default: true\n firmware:\n bootloader:\n type: \"uefi\"\n enableSecureBoot: false\n disks:\n - virtualMachineDiskName: disk-from-gcs\n boot: true\n readOnly: true\n\nEnable secure boot\n------------------\n\nIf UEFI booting is enabled for a VM you can also enable Secure Boot by setting\nthe `enableSecureBoot` field to `true` as shown below: \n\n firmware:\n bootloader:\n type: \"uefi\"\n enableSecureBoot: true\n\nFor more information about Secure Boot, see [Secure\nBoot](/compute/shielded-vm/docs/shielded-vm#secure-boot) in the Compute Engine\ndocumentation.\n\nProvide emulated `smbios` fields\n--------------------------------\n\nYou can set up emulated `smbios` fields like `uuid` and `serial` by adding them\nin the firmware field of the `VirtualMachine` manifest as shown in the example\nbelow: \n\n firmware:\n \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-nt\"\u003eFIELD_NAME\u003c/span\u003e\u003c/var\u003e: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eFIELD_VALUE\u003c/span\u003e\u003c/var\u003e\n \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-nt\"\u003eFIELD_NAME\u003c/span\u003e\u003c/var\u003e: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eFIELD_VALUE\u003c/span\u003e\u003c/var\u003e\n\nReplace \u003cvar translate=\"no\"\u003eFIELD_NAME\u003c/var\u003e and \u003cvar translate=\"no\"\u003eFIELD_VALUE\u003c/var\u003e with the `smbios` field\nnames and values that your application requires.\n\nYou can set up emulated `smbios` fields when using either UEFI or BIOS booting."]]
