diff --git a/terraform/bastion/bastion.tf b/terraform/bastion/bastion.tf
index d402f5f..60053a0 100644
--- a/terraform/bastion/bastion.tf
+++ b/terraform/bastion/bastion.tf
@@ -74,7 +74,7 @@ resource "libvirt_domain" "bastion" {
   vcpu = var.cpu
   machine = "q35"
   firmware = "/usr/share/edk2/ovmf/OVMF_CODE.fd"
-  
+
   disk {
      volume_id = libvirt_volume.os_image.id
   }
@@ -99,6 +99,17 @@ resource "libvirt_domain" "bastion" {
     listen_type = "address"
     autoport = "true"
   }
+
+  # necessary when using UEFI
+  lifecycle {
+    ignore_changes = [
+      nvram
+    ]
+  }
+
+  xml {
+    xslt = file("${path.module}/uefi-patch.xsl")
+  }  
 }
 
 terraform {
diff --git a/terraform/bastion/uefi-patch.xsl b/terraform/bastion/uefi-patch.xsl
new file mode 100644
index 0000000..bd7b9a6
--- /dev/null
+++ b/terraform/bastion/uefi-patch.xsl
@@ -0,0 +1,20 @@
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+  <xsl:output omit-xml-declaration="yes" indent="yes"/>
+
+  <!-- Identity transform to copy everything as is -->
+  <xsl:template match="node()|@*">
+    <xsl:copy>
+      <xsl:apply-templates select="node()|@*"/>
+    </xsl:copy>
+  </xsl:template>
+
+  <!-- Use SATA CD-ROM for Linux setup for UEFI compatibility -->
+  <xsl:template match="disk[target/@bus='ide']">
+    <xsl:copy>
+      <xsl:apply-templates select="@*"/>
+      <target dev="sdb" bus="sata"/>
+      <xsl:apply-templates select="node()[not(self::target)]"/>
+    </xsl:copy>
+  </xsl:template>
+
+</xsl:stylesheet>
\ No newline at end of file
diff --git a/terraform/loadbalancer/loadbalancer.tf b/terraform/loadbalancer/loadbalancer.tf
index 6cdb517..cc220b3 100644
--- a/terraform/loadbalancer/loadbalancer.tf
+++ b/terraform/loadbalancer/loadbalancer.tf
@@ -94,6 +94,17 @@ resource "libvirt_domain" "infra-machine" {
     listen_type = "address"
     autoport = "true"
   }
+
+  # necessary when using UEFI
+  lifecycle {
+    ignore_changes = [
+      nvram
+    ]
+  }
+
+  xml {
+    xslt = file("${path.module}/uefi-patch.xsl")
+  }
 }
 
 terraform {
diff --git a/terraform/loadbalancer/uefi-patch.xsl b/terraform/loadbalancer/uefi-patch.xsl
new file mode 100644
index 0000000..bd7b9a6
--- /dev/null
+++ b/terraform/loadbalancer/uefi-patch.xsl
@@ -0,0 +1,20 @@
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+  <xsl:output omit-xml-declaration="yes" indent="yes"/>
+
+  <!-- Identity transform to copy everything as is -->
+  <xsl:template match="node()|@*">
+    <xsl:copy>
+      <xsl:apply-templates select="node()|@*"/>
+    </xsl:copy>
+  </xsl:template>
+
+  <!-- Use SATA CD-ROM for Linux setup for UEFI compatibility -->
+  <xsl:template match="disk[target/@bus='ide']">
+    <xsl:copy>
+      <xsl:apply-templates select="@*"/>
+      <target dev="sdb" bus="sata"/>
+      <xsl:apply-templates select="node()[not(self::target)]"/>
+    </xsl:copy>
+  </xsl:template>
+
+</xsl:stylesheet>
\ No newline at end of file