diff --git a/lib/fog/vsphere/compute.rb b/lib/fog/vsphere/compute.rb
index 214bfc2..03a1571 100644
--- a/lib/fog/vsphere/compute.rb
+++ b/lib/fog/vsphere/compute.rb
@@ -170,6 +170,7 @@ module Shared
           cpuHotAddEnabled: 'config.cpuHotAddEnabled',
           memoryHotAddEnabled: 'config.memoryHotAddEnabled',
           firmware: 'config.firmware',
+          secure_boot: 'config.bootOptions.efiSecureBootEnabled',
           boot_order: 'config.bootOptions.bootOrder',
           annotation: 'config.annotation',
           extra_config: 'config.extraConfig'
@@ -208,6 +209,11 @@ def props_to_attr_hash(vm_mob_ref, props)
             # finished cloning.
             attrs['boot_order'] = parse_boot_order(attrs['boot_order'])
 
+            # Foreman expects the firmware to be 'uefi_sb' if SB is enabled
+            if attrs['secure_boot'] && attrs['firmware'] == 'efi'
+              attrs['firmware'] = 'uefi_sb'
+            end
+
             if attrs['hypervisor'].is_a?(RbVmomi::VIM::HostSystem)
               host = attrs['hypervisor']
 
diff --git a/lib/fog/vsphere/requests/compute/create_vm.rb b/lib/fog/vsphere/requests/compute/create_vm.rb
index b2e1c13..31efa67 100644
--- a/lib/fog/vsphere/requests/compute/create_vm.rb
+++ b/lib/fog/vsphere/requests/compute/create_vm.rb
@@ -22,7 +22,7 @@ def create_vm(attributes = {})
           vm_cfg[:cpuHotAddEnabled] = attributes[:cpuHotAddEnabled] if attributes.key?(:cpuHotAddEnabled)
           vm_cfg[:memoryHotAddEnabled] = attributes[:memoryHotAddEnabled] if attributes.key?(:memoryHotAddEnabled)
           vm_cfg[:firmware] = attributes[:firmware] if attributes.key?(:firmware)
-          vm_cfg[:bootOptions] = boot_options(attributes, vm_cfg) if attributes.key?(:boot_order) || attributes.key?(:boot_retry)
+          vm_cfg[:bootOptions] = boot_options(attributes, vm_cfg)
           resource_pool = if attributes[:resource_pool] && attributes[:resource_pool] != 'Resources'
                             get_raw_resource_pool(attributes[:resource_pool], attributes[:cluster], attributes[:datacenter])
                           else
@@ -150,7 +150,7 @@ def device_change(attributes)
             devices << cdroms.map { |cdrom| create_cdrom(cdrom, cdroms.index(cdrom)) }
           end
 
-          devices << create_virtual_tpm if attributes[:virtual_tpm]
+          devices << create_virtual_tpm if ActiveRecord::Type::Boolean.new.cast(attributes[:virtual_tpm])
 
           devices.flatten
         end
@@ -169,9 +169,7 @@ def boot_options(attributes, vm_cfg)
             options[:bootRetryDelay]   = attributes[:boot_retry]
           end
 
-          if attributes[:secure_boot]
-            options[:efiSecureBootEnabled] = true
-          end
+          options[:efiSecureBootEnabled] = attributes[:secure_boot] if attributes.key?(:secure_boot)
 
           options.empty? ? nil : RbVmomi::VIM::VirtualMachineBootOptions.new(options)
         end