Version 1.16. This version is no longer supported. For information about how to upgrade to version 1.28, see Upgrade clusters in the latest documentation. For more information about supported and unsupported versions, see the Versioning page in the latest documentation.
This document is for platform administrators and application owners that run
virtual machines (VMs) in VM Runtime on GDC. This document shows you
how to enable the Unified Extensible Firmware Interface (UEFI) boot process
instead of the default BIOS booting process for virtual machines (VMs) that use
Anthos VM Runtime. This document also shows how to enable
Secure Boot and how to set
up emulated smbios fields.
Before you begin
To complete this document, you need access to the following resources:
For more information about Secure Boot, see Secure
Boot in the Compute Engine
documentation.
Provide emulated smbios fields
You can set up emulated smbios fields like uuid and serial by adding them
in the firmware field of the VirtualMachine manifest as shown in the example
below:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThis guide outlines how to configure the Unified Extensible Firmware Interface (UEFI) boot process for virtual machines (VMs) in VM Runtime on GDC, replacing the default BIOS boot.\u003c/p\u003e\n"],["\u003cp\u003eYou can enable Secure Boot for VMs that are configured to use UEFI booting by setting the \u003ccode\u003eenableSecureBoot\u003c/code\u003e field to \u003ccode\u003etrue\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eUEFI booting can be enabled for both new and existing VMs, given that the existing VM has an EFI partition.\u003c/p\u003e\n"],["\u003cp\u003eEmulated \u003ccode\u003esmbios\u003c/code\u003e fields, such as \u003ccode\u003euuid\u003c/code\u003e and \u003ccode\u003eserial\u003c/code\u003e, can be set up in the \u003ccode\u003eVirtualMachine\u003c/code\u003e manifest's firmware section, regardless of whether UEFI or BIOS booting is used.\u003c/p\u003e\n"]]],[],null,["# Configure booting\n\n\u003cbr /\u003e\n\nThis document is for platform administrators and application owners that run\nvirtual machines (VMs) in VM Runtime on GDC. This document shows you\nhow to enable the Unified Extensible Firmware Interface (UEFI) boot process\ninstead of the default BIOS booting process for virtual machines (VMs) that use\nAnthos VM Runtime. This document also shows how to enable\n[Secure Boot](/compute/shielded-vm/docs/shielded-vm#secure-boot) and how to set\nup emulated `smbios` fields.\n\nBefore you begin\n----------------\n\nTo complete this document, you need access to the following resources:\n\n- Access to Google Distributed Cloud version 1.12.0 (`anthosBareMetalVersion: 1.12.0`) or higher cluster. You can use any cluster type capable of running workloads. If needed, [try Distributed Cloud on Compute\n Engine](/anthos/clusters/docs/bare-metal/1.16/try/gce-vms) or see the [cluster\n creation\n overview](/anthos/clusters/docs/bare-metal/1.16/installing/creating-clusters/create-clusters-overview).\n\nEnable UEFI booting\n-------------------\n\nYou can enable UEFI booting for both new and existing VMs. To enable UEFI\nbooting in an existing VM, the VM must have an EFI partition.\n\n1. [Create a manifest](/anthos/clusters/docs/bare-metal/1.16/vm-runtime/tutorial-create-vm#create_a_vm) that defines a `VirtualMachine` or edit the manifest of an existing `VirtualMachine`.\n2. Add the `firmware` field to the `VirtualMachine` manifest as shown in the\n example below:\n\n apiVersion: vm.cluster.gke.io/v1\n kind: VirtualMachine\n metadata:\n labels:\n kubevirt.io/vm: vm1\n name: vm1\n namespace: test-vm-ns\n spec:\n compute:\n cpu:\n vcpus: 2\n memory:\n capacity: 4Gi\n interfaces:\n - name: eth0\n networkName: pod-network\n default: true\n firmware:\n bootloader:\n type: \"uefi\"\n enableSecureBoot: false\n disks:\n - virtualMachineDiskName: disk-from-gcs\n boot: true\n readOnly: true\n\nEnable secure boot\n------------------\n\nIf UEFI booting is enabled for a VM you can also enable Secure Boot by setting\nthe `enableSecureBoot` field to `true` as shown below: \n\n firmware:\n bootloader:\n type: \"uefi\"\n enableSecureBoot: true\n\nFor more information about Secure Boot, see [Secure\nBoot](/compute/shielded-vm/docs/shielded-vm#secure-boot) in the Compute Engine\ndocumentation.\n\nProvide emulated `smbios` fields\n--------------------------------\n\nYou can set up emulated `smbios` fields like `uuid` and `serial` by adding them\nin the firmware field of the `VirtualMachine` manifest as shown in the example\nbelow: \n\n firmware:\n \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-nt\"\u003eFIELD_NAME\u003c/span\u003e\u003c/var\u003e: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eFIELD_VALUE\u003c/span\u003e\u003c/var\u003e\n \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-nt\"\u003eFIELD_NAME\u003c/span\u003e\u003c/var\u003e: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eFIELD_VALUE\u003c/span\u003e\u003c/var\u003e\n\nReplace \u003cvar translate=\"no\"\u003eFIELD_NAME\u003c/var\u003e and \u003cvar translate=\"no\"\u003eFIELD_VALUE\u003c/var\u003e with the `smbios` field\nnames and values that your application requires.\n\nYou can set up emulated `smbios` fields when using either UEFI or BIOS booting."]]