The VM-Series firewall on Google Cloud Platform (GCP) now supports Secure Boot, providing an added layer of protection against low-level threats like rootkits and bootkits. Secure Boot ensures only trusted software components are loaded during the boot process and safeguards against malicious code injection and unauthorized modifications. This feature establishes a reliable chain of trust to maintain the integrity and authenticity of your VM-Series instances leveraging the Unified Extensible Firmware Interface (UEFI) and cryptographic signatures.

Secure Boot support is available only for fresh installations of VM-Series with PAN-OS version 12.1 or later. Secure Boot will not be enabled for upgraded VM-Series models. For downgrades, you must disable Secure Boot in the GCP Console and restart the instance before proceeding.