diff --git a/nova/tests/unit/virt/libvirt/test_config.py b/nova/tests/unit/virt/libvirt/test_config.py
index 4a511535ec..6228e6e7d9 100644
--- a/nova/tests/unit/virt/libvirt/test_config.py
+++ b/nova/tests/unit/virt/libvirt/test_config.py
@@ -2896,6 +2896,7 @@ class LibvirtConfigGuestTest(LibvirtConfigBaseTest):
obj.os_mach_type = "pc-q35-5.1"
obj.os_loader_secure = secure
obj.os_loader_stateless = stateless
+
return obj.to_xml()
def test_config_uefi_autoconfigure(self):
@@ -2910,6 +2911,9 @@ class LibvirtConfigGuestTest(LibvirtConfigBaseTest):
104857600
1
+
+
+
hvm
@@ -2928,6 +2932,9 @@ class LibvirtConfigGuestTest(LibvirtConfigBaseTest):
104857600
1
+
+
+
hvm
@@ -2946,6 +2953,9 @@ class LibvirtConfigGuestTest(LibvirtConfigBaseTest):
104857600
1
+
+
+
hvm
diff --git a/nova/virt/libvirt/config.py b/nova/virt/libvirt/config.py
index 0ee794d422..32d9478061 100644
--- a/nova/virt/libvirt/config.py
+++ b/nova/virt/libvirt/config.py
@@ -3184,6 +3184,14 @@ class LibvirtConfigGuest(LibvirtConfigObject):
if self.os_firmware is not None:
os.set("firmware", self.os_firmware)
+ if self.os_loader_secure is not None:
+ firmware = etree.Element("firmware")
+ sb_feature = etree.Element("feature")
+ sb_feature.set("name", "secure-boot")
+ sb_feature.set(
+ "enabled", self.get_yes_no_str(self.os_loader_secure))
+ firmware.append(sb_feature)
+ os.append(firmware)
type_node = self._text_node("type", self.os_type)
if self.os_arch is not None: