diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index dabe604ec2..5acb3b9469 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -102,7 +102,7 @@
   ...
   <os>
     <type>hvm</type>
-    <loader readonly='yes' type='rom'>/usr/lib/xen/boot/hvmloader</loader>
+    <loader readonly='yes' secure='no' type='rom'>/usr/lib/xen/boot/hvmloader</loader>
     <nvram template='/usr/share/OVMF/OVMF_VARS.fd'>/var/lib/libvirt/nvram/guest_VARS.fd</nvram>
     <boot dev='hd'/>
     <boot dev='cdrom'/>
@@ -140,7 +140,10 @@
         <code>pflash</code>. It tells the hypervisor where in the guest
         memory the file should be mapped.  For instance, if the loader
         path points to an UEFI image, <code>type</code> should be
-        <code>pflash</code>.</dd>
+        <code>pflash</code>. Moreover, some firmwares may
+        implement the Secure boot feature. Attribute
+        <code>secure</code> can be used then to control it.
+        <span class="since">Since 2.1.0</span></dd>
       <dt><code>nvram</code></dt>
       <dd>Some UEFI firmwares may want to use a non-volatile memory to store
         some variables. In the host, this is represented as a file and the
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 5233766239..052f28c867 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -259,6 +259,14 @@
                 </choice>
               </attribute>
             </optional>
+            <optional>
+              <attribute name="secure">
+                <choice>
+                  <value>yes</value>
+                  <value>no</value>
+                </choice>
+              </attribute>
+            </optional>
             <optional>
               <attribute name="type">
                 <choice>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 3d3e74ca2b..2500058622 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -15325,9 +15325,11 @@ virDomainLoaderDefParseXML(xmlNodePtr node,
 {
     int ret = -1;
     char *readonly_str = NULL;
+    char *secure_str = NULL;
     char *type_str = NULL;
 
     readonly_str = virXMLPropString(node, "readonly");
+    secure_str = virXMLPropString(node, "secure");
     type_str = virXMLPropString(node, "type");
     loader->path = (char *) xmlNodeGetContent(node);
 
@@ -15338,6 +15340,13 @@ virDomainLoaderDefParseXML(xmlNodePtr node,
         goto cleanup;
     }
 
+    if (secure_str &&
+        (loader->secure = virTristateBoolTypeFromString(secure_str)) <= 0) {
+        virReportError(VIR_ERR_XML_DETAIL,
+                       _("unknown secure value: %s"), secure_str);
+        goto cleanup;
+    }
+
     if (type_str) {
         int type;
         if ((type = virDomainLoaderTypeFromString(type_str)) < 0) {
@@ -15351,6 +15360,7 @@ virDomainLoaderDefParseXML(xmlNodePtr node,
     ret = 0;
  cleanup:
     VIR_FREE(readonly_str);
+    VIR_FREE(secure_str);
     VIR_FREE(type_str);
     return ret;
 }
@@ -22551,6 +22561,7 @@ virDomainLoaderDefFormat(virBufferPtr buf,
                          virDomainLoaderDefPtr loader)
 {
     const char *readonly = virTristateBoolTypeToString(loader->readonly);
+    const char *secure = virTristateBoolTypeToString(loader->secure);
     const char *type = virDomainLoaderTypeToString(loader->type);
 
     virBufferAddLit(buf, "<loader");
@@ -22558,6 +22569,9 @@ virDomainLoaderDefFormat(virBufferPtr buf,
     if (loader->readonly)
         virBufferAsprintf(buf, " readonly='%s'", readonly);
 
+    if (loader->secure)
+        virBufferAsprintf(buf, " secure='%s'", secure);
+
     virBufferAsprintf(buf, " type='%s'>", type);
 
     virBufferEscapeString(buf, "%s</loader>\n", loader->path);
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index cea7d1d7d6..8b2672487d 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1735,6 +1735,7 @@ struct _virDomainLoaderDef {
     char *path;
     int readonly;   /* enum virTristateBool */
     virDomainLoader type;
+    int secure;     /* enum virTristateBool */
     char *nvram;    /* path to non-volatile RAM */
     char *templt;   /* user override of path to master nvram */
 };
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-bios-nvram-secure.xml b/tests/qemuxml2argvdata/qemuxml2argv-bios-nvram-secure.xml
new file mode 100644
index 0000000000..0ddddfe393
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-bios-nvram-secure.xml
@@ -0,0 +1,41 @@
+<domain type='qemu'>
+  <name>test-bios</name>
+  <uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
+  <memory unit='KiB'>1048576</memory>
+  <currentMemory unit='KiB'>1048576</currentMemory>
+  <vcpu placement='static'>1</vcpu>
+  <os>
+    <type arch='x86_64' machine='pc-q35-2.5'>hvm</type>
+    <loader readonly='yes' secure='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader>
+    <nvram>/usr/share/OVMF/OVMF_VARS.fd</nvram>
+    <boot dev='hd'/>
+    <bootmenu enable='yes'/>
+  </os>
+  <features>
+    <acpi/>
+    <smm state='on'/>
+  </features>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>restart</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu</emulator>
+    <disk type='block' device='disk'>
+      <source dev='/dev/HostVG/QEMUGuest1'/>
+      <target dev='sda' bus='scsi'/>
+      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+    </disk>
+    <controller type='scsi' index='0'/>
+    <controller type='pci' index='0' model='pcie-root'/>
+    <serial type='pty'>
+      <target port='0'/>
+    </serial>
+    <console type='pty'>
+      <target type='serial' port='0'/>
+    </console>
+    <input type='mouse' bus='ps2'/>
+    <input type='keyboard' bus='ps2'/>
+    <memballoon model='virtio'/>
+  </devices>
+</domain>