diff --git a/embed.ipxe b/embed.ipxe
index 4ed1ec9..a2182c5 100644
--- a/embed.ipxe
+++ b/embed.ipxe
@@ -153,7 +153,6 @@ iseq ${buildarch} i386 && goto start_i386 ||
 iseq ${buildarch} x86_64 && goto start_amd64 ||
 goto error_handler
 
-
 # Builds may be done on 32-bit, but machines will always be 64-bit.
 # Keep this section just in case we want to use 32-bit machines in the future.
 :start_arm32
@@ -195,6 +194,9 @@ goto static_ip_boot_setup
 # Get accurate time so we can set the clock in kernel boot cmdline
 ntp pool.ntp.org || goto error_handler
 
+# check for EFI
+iseq ${platform} efi && goto is_efi || goto not_efi
+
 # We use HTTP because IPXE's HTTPS implementation is lacking. So we delegate
 #   integrity and validation to imgverify.
 
@@ -202,10 +204,6 @@ ntp pool.ntp.org || goto error_handler
 #   kernel fails to load it in the "root=" part of the kernel cmdline.
 # However, note that imgverify will fail if you refer to it as "/squashfs"
 #   instead of "squashfs".
-
-imgfetch http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/squashfs /squashfs || goto try_next_card
-imgverify --signer images.sysdeploy.org squashfs http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/squashfs.sig || goto error_handler
-
 # "--signer" validates against the subject common name field of the signing
 #   certificate. That signing cert must have both the digital signature key
 #   usage set and the code-signing key usage extension set.
@@ -214,18 +212,35 @@ imgverify --signer images.sysdeploy.org squashfs http://images.sysdeploy.org/${u
 #   make sure you pick a common name with a FQDN you control, even if you're
 #   using a custom CA that you import during build.
 
+:efi
+set initrd1 initrd=initrd.cpio
+if isset initrd2 && clear initrd2
+
+imgfetch http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/inird.cpio || goto try_next_card
+imgverify --signer images.sysdeploy.org initrd.cpio http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/initrd.cpio.sig || goto error_handler
+
+goto efi_and_not_efi
+
+:not_efi
+set initrd1 initrd=boot-initrd
+set initrd2 initrd=squashfs
+
+imgfetch http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/squashfs /squashfs || goto try_next_card
+imgverify --signer images.sysdeploy.org squashfs http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/squashfs.sig || goto error_handler
+
 initrd http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-initrd || goto try_next_card
 imgverify --signer images.sysdeploy.org boot-initrd http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-initrd.sig || goto error_handler
 
+:efi_and_not_efi
+
 kernel http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-kernel || goto try_next_card
 imgverify --signer images.sysdeploy.org boot-kernel http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-kernel.sig || goto error_handler
 
-
 echo ip-info ${ip-info}
 
 sleep 1
 
-boot boot-kernel initrd=initrd.cpio initrd=squashfs rootfstype=squashfs root=/squashfs ip=${ip-info} overlayroot=tmpfs:recurse=0 systemd.clock-usec=${unixtime:int32}000000 ds=nocloud-net;s=https://cloud-init.sysdeploy.org/apiv2?uuid=${uuid}&filetype= || goto error_handler
+boot boot-kernel ${initrd1} ${initrd2} rootfstype=squashfs root=/squashfs ip=${ip-info} overlayroot=tmpfs:recurse=0 systemd.clock-usec=${unixtime:int32}000000 ds=nocloud-net;s=https://cloud-init.sysdeploy.org/apiv2?uuid=${uuid}&filetype= || goto error_handler
 
 # unixtime variable must be used with int32, because that's the only way it
 #   will display as decimal digits. unit32 and string both display as hex.