diff --git a/src/bootdisk b/src/bootdisk
index cea674d..4e93ef5 100755
--- a/src/bootdisk
+++ b/src/bootdisk
@@ -18,20 +18,17 @@ ovmfcode=/usr/share/edk2-ovmf/x64/OVMF_CODE.4m.fd
 ovmfcodesb=/usr/share/edk2-ovmf/x64/OVMF_CODE.secboot.4m.fd
 ovmfvars=/usr/share/edk2-ovmf/x64/OVMF_VARS.4m.fd
 
+initefi(){
+	if [[ ! -f ${qemuworkdir}/OVMF_VARS.fd ]]; then
+		cp ${ovmfvars} ${qemuworkdir}/OVMF_VARS.fd
+	fi
+}
 inittpm(){
 	swtpm socket \
 		--tpm2 \
 		--tpmstate dir=${qemuworkdir} \
 		--ctrl type=unixio,path=${qemuworkdir}/swtpm-sock &
 }
-initsecureboot(){
-	if [[ ! -f ${qemuworkdir}/OVMF_CODE.secboot.fd ]]; then
-		cp ${ovmfcodesb} ${qemuworkdir}/OVMF_CODE.secboot.fd
-	fi
-	if [[ ! -f ${qemuworkdir}/OVMF_VARS.fd ]]; then
-		cp ${ovmfvars} ${qemuworkdir}/OVMF_VARS.fd
-	fi
-}
 initbootargs(){
 	bootargs="-boot menu=on,strict=on,reboot-timeout=1000 "
 	bootargs+="-rtc base=${qemurtcbase} "
@@ -56,21 +53,27 @@ bootbios(){
 bootefi(){
 	echo "Booting EFI..."
 	initbootargs
+	initefi
 	${qemubin} \
 		-bios ${ovmfcode} \
 		${bootargs} \
 		-machine accel=kvm \
+		-drive if=pflash,format=raw,unit=0,file=${ovmfcode},readonly=on \
+		-drive if=pflash,format=raw,unit=1,file=${qemuworkdir}/OVMF_VARS.fd \
 		${qemusrctype} ${qemusrc} \
 		${qemusdb}
 }
 bootefitpm(){
 	echo "Booting EFI + TPM..."
+	initefi
 	inittpm
 	initbootargs
 	${qemubin} \
 		-bios ${ovmfcode} \
 		${bootargs} \
 		-machine accel=kvm \
+		-drive if=pflash,format=raw,unit=0,file=${ovmfcode},readonly=on \
+		-drive if=pflash,format=raw,unit=1,file=${qemuworkdir}/OVMF_VARS.fd \
 		-chardev socket,id=tpmchar,path=${qemuworkdir}/swtpm-sock \
 		-tpmdev emulator,id=tpmdev,chardev=tpmchar \
 		-device tpm-tis,tpmdev=tpmdev \
@@ -79,8 +82,8 @@ bootefitpm(){
 }
 bootefisec(){
 	echo "Booting EFI + TPM + Secure boot..."
+	initefi
 	inittpm
-	initsecureboot
 	initbootargs
 	${qemubin} \
 		-bios ${ovmfcode} \
@@ -88,7 +91,7 @@ bootefisec(){
 		-machine type=q35,smm=on,accel=kvm \
 		-global driver=cfi.pflash01,property=secure,value=on \
 		-global ICH9-LPC.disable_s3=1 \
-		-drive if=pflash,format=raw,unit=0,file=${qemuworkdir}/OVMF_CODE.secboot.fd,readonly=on \
+		-drive if=pflash,format=raw,unit=0,file=${ovmfcodesb},readonly=on \
 		-drive if=pflash,format=raw,unit=1,file=${qemuworkdir}/OVMF_VARS.fd \
 		-chardev socket,id=tpmchar,path=${qemuworkdir}/swtpm-sock \
 		-tpmdev emulator,id=tpmdev,chardev=tpmchar \