Azure Compute Gallery image version does not persist securityProfile.uefiSettings even with supported security type (ConfidentialVmSupported)

Question

Azure Compute Gallery image version does not persist securityProfile.uefiSettings even with supported security type (ConfidentialVmSupported)

Patrick Foley 0

I’m trying to append custom UEFI DB keys to a private Azure Compute Gallery image version for a Confidential VM. I understand from Microsoft’s guidance and Q&A that **uefiSettings **is only supported when the image definition security type is one of: TrustedLaunchSupported, ConfidentialVmSupported, or TrustedLaunchAndConfidentialVmSupported. (learn.microsoft.com)

We’ve confirmed the image definition is set to** ConfidentialVmSupported (not ConfidentialVM****)**, and the VM is created with --security-type ConfidentialVM + Secure Boot + vTPM enabled.

Issue: The REST PUT response for the image version includes securityProfile.uefiSettings (with signatureTemplateNames + additionalSignatures.db), but once the version reaches Succeeded, a GET / az sig image-version show no longer contains securityProfile.uefiSettings. The setting appears to be dropped internally. As a result, the VM boots with the stock Canonical UKI and ignores our re‑signed UKI/initrd changes.

What I need:

A supported and working way to persist custom UEFI DB keys on a Compute Gallery image version for Confidential VMs, given the image definition security type is already supported.
Confirmation whether there are additional constraints (region/subscription/feature flag) that cause the platform to drop uefiSettings even when the image definition is compliant.

Environment summary:

PII info

Question: What is the correct, supported way to persist securityProfile.uefiSettings on a SIG image version when the image definition is already** ConfidentialVmSupported**, and why might Azure drop it after provisioning?

Manish Deshpande 4,225 Reputation points Microsoft External Staff Moderator

2026-02-18T03:55:26.11+00:00

Hello Patrick Foley

I wanted to check if my last response made sense. I’d be glad to assist further or explain anything in more detail and please accept as Yes and upvote if the answer is helpful so that it can help others in the community.
Manish Deshpande 4,225 Reputation points Microsoft External Staff Moderator

2026-02-19T19:30:10.8633333+00:00

Hello Patrick Foley

I wanted to check if my last response made sense. I’d be glad to assist further or explain anything in more detail and please accept as Yes and upvote if the answer is helpful so that it can help others in the community.

1 answer

Your answer

Manish Deshpande 4,225 Reputation points Microsoft External Staff Moderator

2026-02-18T03:55:26.11+00:00

Hello Patrick Foley

I wanted to check if my last response made sense. I’d be glad to assist further or explain anything in more detail and please accept as Yes and upvote if the answer is helpful so that it can help others in the community.
Manish Deshpande 4,225 Reputation points Microsoft External Staff Moderator

2026-02-19T19:30:10.8633333+00:00

Hello Patrick Foley

I wanted to check if my last response made sense. I’d be glad to assist further or explain anything in more detail and please accept as Yes and upvote if the answer is helpful so that it can help others in the community.

Answer 1

Manish Deshpande 4,225 Microsoft External Staff Moderator

Hello Patrick Foley

This behavior is by design when using Azure Compute Gallery (SIG) image versions with Confidential VM security.

Although the image definition security type is set to confidential VM supported, custom security Profile.uefisettings are not persisted on the image version for Confidential VMs. During image version creation, the REST API may temporarily accept the uefisettings payload, but once the image version reaches the Succeeded state, the platform drops this configuration internally. As a result, any VM created from that image boots using the default Microsoft/Canonical UEFI trust chain, and custom DB keys are ignored.

This matches what you are observing:

PUT on the image version includes security Profile.uefisettings
GET on the finalized image version no longer shows uefisettings
The VM boots with the stock UKI instead of the re‑signed components

At this time, Azure does not support persisting custom Secure Boot UEFI keys on Compute Gallery image versions for Confidential VMs, even though the image definition security type is marked as supported.

Actions to perform

Use Trusted Launch :
If persisting custom UEFI DB keys is a requirement:

Create the image definition with security type set to Trustedlaunchsupported or Trusted Launch and confidentail VM support
Apply security Profile.uefisettings at image version creation time using the REST API
Deploy VMs using Trusted Launch (Secure Boot + vTPM)

This is the only documented and supported path for custom UEFI key persistence today.

https://learn.microsoft.com/en-us/azure/virtual-machines/trusted-launch-secure-boot-custom-uefi

Confidential VM

If you must stay on Confidential VM security:

Use default Microsoft‑signed boot components
Custom DB/DBX/KEK keys cannot be persisted via Compute Gallery
This is a current platform limitation, not a configuration issue

https://learn.microsoft.com/en-us/azure/confidential-computing/create-confidential-vm-from-compute-gallery

Thanks,
Manish.

Patrick Foley 0

Thanks for getting back to me Manish. This does not reflect the guidance from the documentation (https://learn.microsoft.com/en-us/azure/virtual-machines/trusted-launch-secure-boot-custom-uefi):

"For certain advanced scenarios, it's necessary for customizing secure boot keys. The secure boot UEFI keys customization allows you to modify unified extensible firmware interface (UEFI) keys – PK, KEK, DB, DBX – in your image for a secure boot capable Azure virtual machine (VM) (Trusted Launch and Confidential VM). With this feature, UEFI keys can be fully replaced or appended to default key databases."

Furthermore, I tried the same operations for a Trusted Launch and I'm seeing the exact same behavior (PUT response includes securityProfi`le):

{
  "id": "/subscriptions/e6d80ffa-568b-4d91-bc35-a9acb31cd647/resourceGroups/rg-packer-build/providers/Microsoft.Compute/galleries/confidentialtltest/images/ubuntu-trustedlaunch-uefi-test/versions/2.0.0",
  "location": "westus",
  "name": "2.0.0",
  "properties": {
    "provisioningState": "Creating",
    "publishingProfile": {
      "excludeFromLatest": false,
      "publishedDate": "2026-02-25T23:44:23.6662592+00:00",
      "replicaCount": 1,
      "storageAccountType": "Standard_LRS",
      "targetRegions": [
        {
          "name": "West US",
          "regionalReplicaCount": 1,
          "storageAccountType": "Standard_LRS"
        }
      ]
    },
    "safetyProfile": {
      "allowDeletionOfReplicatedLocations": false,
      "reportedForPolicyViolation": false
    },
    "securityProfile": {
      "uefiSettings": {
        "additionalSignatures": {
          "db": [
            {
              "type": "x509",
              "value": [
                "MIIDJTCCAg2gAwIBAgIUaPIWwlChFg1FqQo6GOcOCcnE1sYwDQYJKoZIhvcNAQELBQAwIjEgMB4GA1UEAwwXVUtJIFNlY3VyZSBCb290IFNpZ25pbmcwHhcNMjYwMjEzMDUyNTQzWhcNMzYwMjExMDUyNTQzWjAiMSAwHgYDVQQDDBdVS0kgU2VjdXJlIEJvb3QgU2lnbmluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANeZWm/ZTApxNwsbIDSTArzDBuk92OBPI3Mr6jU3uUmHtgrUNv2PpcOBb2tpeImx+A3+HFhZ7mBumwr5KfKI5gg9HixHr9VGC3Z+fl8vkyOl8B75OkZA24lLUx7zE4x6fQQ9ciKZhLix+axVh6jS3u37WfGDwo2fTNSNuUtG1Ap8DxtNwPkGTZL4XD+zU/cPe1h0hP3oVszp4Sv6V+/cFXCK9CX1n6ccl6P/VN2HQUGvE3Q3E/8Z+XqGn/cGQ9SWxJ01/tky5tcScAktuvpZ4qbb1EKRpgnqpFB2l+U9f/oD7s7/jdtj0Q6D6w5bV3aw5ScNU5DTu0IamDnoIm8x5bsCAwEAAaNTMFEwHQYDVR0OBBYEFHzq5WO/TOBPs6tQOEXLNLhQKQtwMB8GA1UdIwQYMBaAFHzq5WO/TOBPs6tQOEXLNLhQKQtwMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAMK+41GCQkelTIOl6NeLhBDPWMJJacwIy7ZGZXEeRlsDxHbQpUkUcHHIvfd7YSk3IeN2YlsEJLRp0U7CfNKY+1C9Xuw9H+0X8NKAToGYU84mH8/6Q3MO/8Cf+IOTQeoyXLLDNQtjyRJq6qez0+52/4e0wsOkYbc/LOb1X+hCYnfXygbf4kvggipGLfNMIaojYjIekxnenRYiwwScJM5MDKoKo7FSELJ0t6rWsuUvRDoCmld2aUf7Zi5mC0p1jfVu+Y1jhQoE0EGZKYinppfLuNNKkRizjMWmmee5Ms0YDjSl5WT97z8qslQ+Qcv53R5NaOzAhZnBBTFhw2gp2zIp9u8="
              ]
            }
          ]
        },
        "signatureTemplateNames": [
          "MicrosoftUefiCertificateAuthorityTemplate"
        ]
      }
    },
    "storageProfile": {
      "source": {
        "id": "/subscriptions/e6d80ffa-568b-4d91-bc35-a9acb31cd647/resourceGroups/rg-packer-build/providers/Microsoft.Compute/images/ubuntu-confidential-amd-mi-2.0.0"
      }
    },
    "validationsProfile": {
      "validationOperationStatus": "NotExecuted"
    }
  },
  "type": "Microsoft.Compute/galleries/images/versions"
}

But the GET response does not - securityProfile is dropped:

az rest --method get --url 'https://management.azure.com/subscriptions/e6d80ffa-568b-4d91-bc35-a9acb31cd647/resourceGroups/rg-packer-build/providers/Microsoft.Compute/galleries/confidentialtltest/images/ubuntu-trustedlaunch-uefi-test/versions/2.0.0?api-version=2024-03-03' -o json

{
  "id": "/subscriptions/e6d80ffa-568b-4d91-bc35-a9acb31cd647/resourceGroups/rg-packer-build/providers/Microsoft.Compute/galleries/confidentialtltest/images/ubuntu-trustedlaunch-uefi-test/versions/2.0.0",
  "location": "westus",
  "name": "2.0.0",
  "properties": {
    "provisioningState": "Creating",
    "publishingProfile": {
      "excludeFromLatest": false,
      "publishedDate": "2026-02-25T23:44:23.6662592+00:00",
      "replicaCount": 1,
      "storageAccountType": "Standard_LRS",
      "targetRegions": [
        {
          "name": "West US",
          "regionalReplicaCount": 1,
          "storageAccountType": "Standard_LRS"
        }
      ]
    },
    "safetyProfile": {
      "allowDeletionOfReplicatedLocations": false,
      "reportedForPolicyViolation": false
    },
    "storageProfile": {
      "osDiskImage": {
        "hostCaching": "ReadWrite",
        "sizeInGB": 30,
        "source": {}
      },
      "source": {
        "id": "/subscriptions/e6d80ffa-568b-4d91-bc35-a9acb31cd647/resourceGroups/rg-packer-build/providers/Microsoft.Compute/images/ubuntu-confidential-amd-mi-2.0.0"
      }
    },
    "validationsProfile": {
      "validationOperationStatus": "NotExecuted"
    }
  },
  "type": "Microsoft.Compute/galleries/images/versions"
}

There seems to be a bug here.

Manish Deshpande 4,225 Reputation points Microsoft External Staff Moderator

2026-02-26T01:19:18.74+00:00

Hello @Patrick Foley

Thank you for your feedback we have reached out to you via email and will share the next steps shortly.

Share via

Azure Compute Gallery image version does not persist securityProfile.uefiSettings even with supported security type (ConfidentialVmSupported)

1 answer

Your answer