This issue was originally opened by @Kmdkca in hashicorp/packer#11399 and has been migrated to this repository. The original issue description is below.

Packer version 1.7.8 on WS2019

When using hyperv-vmcx to create a gen2 vm with secureboot it fails to set secureboot.

Cloning virtual machine... ==> hyperv-vmcx: Error setting secure boot: PowerShell error: Hyper-V\Set-VMFirmware : 'Win11US' failed to modify settings. ==> hyperv-vmcx: Cannot modify the secure boot template ID property. ==> hyperv-vmcx: 'Win11US' failed to modify settings. (Virtual machine ID DD4F3DCE-083F-4F7B-B2C7-53E45B2B67EC) ==> hyperv-vmcx: Cannot modify the secure boot template ID property after the virtual TPM is initialized. ==> hyperv-vmcx: At C:\Users\PackerAdmin\AppData\Local\Temp\2\powershell1563918022.ps1:6 char:2 ==> hyperv-vmcx: + Hyper-V\Set-VMFirmware -VMName $vmName -EnableSecureBoot $enableS ... ==> hyperv-vmcx: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ==> hyperv-vmcx: + CategoryInfo : NotSpecified: (:) [Set-VMFirmware], VirtualizationException ==> hyperv-vmcx: + FullyQualifiedErrorId : OperationFailed,Microsoft.HyperV.PowerShell.Commands.SetVMFirmware

I can manually run the command "set-vmfirmware Win11US -EnableSecureBoot on" without issues.
Also using the hyperv-iso is able to set it.

So how do i prevent this error?