diff --git a/lib/fog/vsphere/models/compute/server.rb b/lib/fog/vsphere/models/compute/server.rb
index acbefcb..83aba3b 100644
--- a/lib/fog/vsphere/models/compute/server.rb
+++ b/lib/fog/vsphere/models/compute/server.rb
@@ -53,6 +53,8 @@ class Server < Fog::Compute::Server # rubocop:disable Metrics/ClassLength
         attribute :cpuHotAddEnabled
         attribute :memoryHotAddEnabled
         attribute :firmware
+        attribute :secure_boot
+        attribute :virtual_tpm
         attribute :boot_order
         attribute :annotation
         attribute :extra_config
diff --git a/lib/fog/vsphere/requests/compute/create_vm.rb b/lib/fog/vsphere/requests/compute/create_vm.rb
index 4e9b585..1198b3a 100644
--- a/lib/fog/vsphere/requests/compute/create_vm.rb
+++ b/lib/fog/vsphere/requests/compute/create_vm.rb
@@ -153,6 +153,9 @@ def device_change(attributes)
           if (cdroms = attributes[:cdroms])
             devices << cdroms.map { |cdrom| create_cdrom(cdrom, cdroms.index(cdrom)) }
           end
+
+          devices << create_virtual_tpm if attributes[:virtual_tpm]
+
           devices.flatten
         end
 
@@ -170,6 +173,10 @@ def boot_options(attributes, vm_cfg)
             options[:bootRetryDelay]   = attributes[:boot_retry]
           end
 
+          if attributes[:secure_boot]
+            options[:efiSecureBootEnabled] = true
+          end
+
           options.empty? ? nil : RbVmomi::VIM::VirtualMachineBootOptions.new(options)
         end
 
@@ -333,6 +340,13 @@ def create_cdrom(cdrom, index = 0, operation = :add, controller_key = 200)
           }
         end
 
+        def create_virtual_tpm
+          {
+            operation: :add,
+            device: RbVmomi::VIM::VirtualTPM.new(key: -1)
+          }
+        end
+
         def extra_config(attributes)
           extra_config = attributes[:extra_config] || { 'bios.bootOrder' => 'ethernet0' }
           extra_config.map { |k, v| { key: k, value: v.to_s } }