diff --git a/config_example.sh b/config_example.sh
index ed12caf22..0502001bb 100644
--- a/config_example.sh
+++ b/config_example.sh
@@ -118,7 +118,7 @@
 #
 # Set libvirt firmware and BMC bootMode
 # Choose "legacy" (bios), "UEFI", or "UEFISecureBoot"
-# Defaults to legacy for ipv4, UEFI for ipv6
+# Defaults to UEFI
 # export BOOT_MODE="UEFI"
 
 # Select the Cluster API provider Metal3 version
diff --git a/lib/common.sh b/lib/common.sh
index aa88c51ca..623bb1ab7 100644
--- a/lib/common.sh
+++ b/lib/common.sh
@@ -35,6 +35,7 @@ source "${CONFIG}"
 export CI_CONFIG_FILE="${TMP_DIR:-/tmp}/config_ci.sh"
 
 # Set variables
+export BOOT_MODE="${BOOT_MODE:-UEFI}"
 export MARIADB_HOST="mariaDB"
 export MARIADB_HOST_IP="127.0.0.1"
 # Additional DNS
diff --git a/lib/network.sh b/lib/network.sh
index 775794b4e..4cdccdb26 100644
--- a/lib/network.sh
+++ b/lib/network.sh
@@ -43,10 +43,10 @@ BARE_METAL_PROVISIONER_SUBNET_IPV6_ONLY=${BARE_METAL_PROVISIONER_SUBNET_IPV6_ONL
 IPV6_ADDR_PREFIX=${IPV6_ADDR_PREFIX:-"fd2e:6f44:5dd8:b856"}
 
 if [[ "${BARE_METAL_PROVISIONER_SUBNET_IPV6_ONLY}" == "true" ]]; then
-  export BOOT_MODE="${BOOT_MODE:-UEFI}"
+  # IPV6 only works with UEFI boot mode
+  export BOOT_MODE=UEFI
   export BARE_METAL_PROVISIONER_NETWORK="${BARE_METAL_PROVISIONER_NETWORK:-fd2e:6f44:5dd8:b856::/64}"
 else
-  export BOOT_MODE="${BOOT_MODE:-legacy}"
   export BARE_METAL_PROVISIONER_NETWORK="${BARE_METAL_PROVISIONER_NETWORK:-172.22.0.0/24}"
 fi
 
diff --git a/vars.md b/vars.md
index debd6c395..170d6fae0 100644
--- a/vars.md
+++ b/vars.md
@@ -33,7 +33,7 @@ assured that they are persisted.
 | BMO_ROLLOUT_WAIT | Number of minutes(Until max 10m that is the default value of deployment.spec.progressDeadlineSeconds) to wait for BMO rollout | | 5 |
 | BMC_DRIVER | Set the BMC driver | "ipmi", "redfish", "redfish-virtualmedia", "redfish-uefihttp" | "mixed" |
 | BMORELEASEBRANCH | BMO Release branch | "main", "release-0.5", "release-0.6", "release-0.8" | Set via jjb for CI, for local dev it gets default value based on CAPM3 branch |
-| BOOT_MODE  | Set libvirt firmware and BMH bootMode | "legacy", "UEFI", "UEFISecureBoot" | "legacy" |
+| BOOT_MODE  | Set libvirt firmware and BMH bootMode | "legacy", "UEFI", "UEFISecureBoot" | "UEFI" |
 | IMAGE_OS | OS of the image to boot the nodes from, overriden by IMAGE\_\* if set | "centos", "cirros", "FCOS", "ubuntu", "flatcar" | "centos" |
 | IMAGE_NAME | Image for target hosts deployment | | "CENTOS_9_NODE_IMAGE_K8S_${KUBERNETES_VERSION}.qcow2" |
 | IMAGE_LOCATION | Location of the image to download | | https://artifactory.nordix.org/artifactory/metal3/images/${KUBERNETES_VERSION} |
diff --git a/vm-setup/roles/common/tasks/vm_nodes_tasks.yml b/vm-setup/roles/common/tasks/vm_nodes_tasks.yml
index fb57b0738..316f9afbf 100644
--- a/vm-setup/roles/common/tasks/vm_nodes_tasks.yml
+++ b/vm-setup/roles/common/tasks/vm_nodes_tasks.yml
@@ -12,3 +12,5 @@
   loop: "{{ range(0, lookup('vars', 'num_' + flavor.key + 's')|int)|list }}"
 - set_fact:
     vm_nodes_index: "{{vm_nodes_index|int + lookup('vars', 'num_' + flavor.key + 's')|int }}"
+- set_fact:
+    host_os: "{{ lookup('ansible.builtin.env', 'OS') }}"
diff --git a/vm-setup/roles/libvirt/defaults/main.yml b/vm-setup/roles/libvirt/defaults/main.yml
index aed741c4f..4b1a7d818 100644
--- a/vm-setup/roles/libvirt/defaults/main.yml
+++ b/vm-setup/roles/libvirt/defaults/main.yml
@@ -15,7 +15,7 @@ libvirt_diskbus: scsi
 libvirt_cdrombus: sata
 libvirt_arch: x86_64
 libvirt_cpu_mode: host-model
-libvirt_firmware: bios
+libvirt_firmware: uefi
 libvirt_secure_boot: false
 
 # Where to log serial console output
diff --git a/vm-setup/roles/libvirt/templates/baremetalvm.xml.j2 b/vm-setup/roles/libvirt/templates/baremetalvm.xml.j2
index da91e9723..b224df16f 100644
--- a/vm-setup/roles/libvirt/templates/baremetalvm.xml.j2
+++ b/vm-setup/roles/libvirt/templates/baremetalvm.xml.j2
@@ -9,11 +9,12 @@
   <os>
     <type arch='{{ libvirt_arch }}' machine='q35'>hvm</type>
 {% if libvirt_firmware  == 'uefi' %}
-     <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.fd</loader>
 {% if libvirt_secure_boot|bool %}
-     <nvram template="/usr/share/OVMF/OVMF_VARS.secboot.fd">/var/lib/libvirt/qemu/nvram/{{ item.name }}.fd</nvram>
+     <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader>
+{% elif host_os == 'centos' or host_os == 'rhel' %}
+     <loader readonly='yes' type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.fd</loader>
 {% else %}
-     <nvram>/var/lib/libvirt/qemu/nvram/{{ item.name }}.fd</nvram>
+     <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.fd</loader>
 {% endif %}
 {% endif %}
     <boot dev='network'/>