diff --git a/elements/iso/cleanup.d/100-build-iso b/elements/iso/cleanup.d/100-build-iso
index 668aa6fe3..b2d15a2f3 100755
--- a/elements/iso/cleanup.d/100-build-iso
+++ b/elements/iso/cleanup.d/100-build-iso
@@ -21,25 +21,21 @@ set -eu
 set -o pipefail
 
 function build_efiboot_img() {
+    # Signed bootloader files are saved at tmp/bootloader_files during
+    # post-install stage needs to copy them into image.
+    # Signed bootloader packages used are:-
+    # Ubuntu: grub-efi-amd64-signed and shim-signed
+    # Fedora: grub2-efi and shim
 
-    cat > "$TMP_BUILD_DIR/grub-embedded.cfg" << END_CONFIG
-search --set=root --label VMEDIA_BOOT_ISO
-set prefix=(\$root)/EFI/BOOT/
-END_CONFIG
+    if [ $DISTRO_NAME = "fedora" ]; then
+        cp $TMP_BOOTLOADER_DIR/shim.efi $TMP_BUILD_DIR/bootx64.efi
+        cp $TMP_BOOTLOADER_DIR/grubx64.efi $TMP_BUILD_DIR/grubx64.efi
+    else
+        cp $TMP_BOOTLOADER_DIR/shim.efi.signed $TMP_BUILD_DIR/bootx64.efi
+        cp $TMP_BOOTLOADER_DIR/grubx64.efi.signed $TMP_BUILD_DIR/grubx64.efi
+    fi
 
-    grub-mkimage --format=x86_64-efi --output=$TMP_BUILD_DIR/bootx64.efi \
-    --config=$TMP_BUILD_DIR/grub-embedded.cfg --compression=xz \
-    --prefix=/EFI/BOOT part_gpt part_msdos fat ext2 hfs hfsplus \
-    iso9660 udf ufs1 ufs2 zfs chain linux boot appleldr ahci \
-    configfile normal regexp minicmd reboot halt search \
-    search_fs_file search_fs_uuid search_label gfxterm gfxmenu \
-    efi_gop efi_uga all_video loadbios gzio echo true probe \
-    loadenv bitmap_scale font cat help ls png jpeg tga test \
-    at_keyboard usb_keyboard
-
-    # Create a FAT formatted image that contains bootx64.efi in the /EFI/BOOT
-    # directory.  This is used to bootstrap GRUB from the ISO image.
-    dd if=/dev/zero of=$TMP_BUILD_DIR/efiboot.img bs=1K count=1440
+    dd if=/dev/zero of=$TMP_BUILD_DIR/efiboot.img bs=1K count=5760
     mkdosfs -F 12 $TMP_BUILD_DIR/efiboot.img
 
     # Create a temporary mount point:
@@ -48,6 +44,7 @@ END_CONFIG
     sudo mount -o loop $TMP_BUILD_DIR/efiboot.img $MOUNTPOINT
     sudo mkdir -p $MOUNTPOINT/EFI/BOOT
     sudo cp $TMP_BUILD_DIR/bootx64.efi $MOUNTPOINT/EFI/BOOT
+    sudo cp $TMP_BUILD_DIR/grubx64.efi $MOUNTPOINT/EFI/BOOT
     sudo umount $MOUNTPOINT
     rmdir $MOUNTPOINT
     cp $TMP_BUILD_DIR/efiboot.img $TMP_IMAGE_DIR/isolinux
@@ -63,7 +60,18 @@ function build_iso() {
     SCRIPTNAME=$(basename $0)
     SCRIPTDIR=$(dirname $0)
     MKISOFS="/usr/bin/mkisofs"
-    EFI_BOOT_DIR="EFI/BOOT"
+
+    if [ $DISTRO_NAME = "fedora" ]; then
+        EFI_BOOT_DIR="EFI/fedora"
+        GRUB_LINUX_TAG="linuxefi"
+        GRUB_INITRD_TAG="initrdefi"
+        EXTRA_KERNEL_PARAMS="usbcore.autosuspend=-1"
+    else
+        EFI_BOOT_DIR="EFI/ubuntu"
+        GRUB_LINUX_TAG="linux"
+        GRUB_INITRD_TAG="initrd"
+        EXTRA_KERNEL_PARAMS=""
+    fi
 
     # Create a temporary build directory for holiding the contents of iso
     TMP_IMAGE_DIR="$TMP_BUILD_DIR/image"
@@ -74,13 +82,7 @@ function build_iso() {
     mkdir -p "$TMP_IMAGE_DIR/isolinux"
     echo "Copying isolinux.bin"
 
-    # TODO(rameshg87): Something similar to pkg-map can be used here.
-    # But pkg-map doesn't work for cleanup scripts right now.
-    if [ $DISTRO_NAME = "fedora" ]; then
-        ISOLINUX_BIN=/usr/share/syslinux/isolinux.bin
-    else
-        ISOLINUX_BIN=/usr/lib/syslinux/isolinux.bin
-    fi
+    ISOLINUX_BIN=$TMP_BOOTLOADER_DIR/isolinux.bin
 
     cp $ISOLINUX_BIN "$TMP_IMAGE_DIR/isolinux"
 
@@ -103,8 +105,7 @@ TIMEOUT 5
 PROMPT 0
 END_CONFIG
 
-
-    echo "Creating EFI/BOOT directory"
+    echo "Creating EFI/ubuntu directory"
     mkdir -p "$TMP_IMAGE_DIR/$EFI_BOOT_DIR"
 
     # Generate grub.cfg for default booting
@@ -115,18 +116,13 @@ set timeout="5"
 set hidden_timeout_quiet=false
 
 menuentry "install" {
-    linux /vmlinuz  $KERNEL_CMDLINE_ARGS --
-    initrd /initrd
+    search --set=root --label VMEDIA_BOOT_ISO
+    $GRUB_LINUX_TAG /vmlinuz  $EXTRA_KERNEL_PARAMS $KERNEL_CMDLINE_ARGS --
+    $GRUB_INITRD_TAG /initrd
 }
 END_CONFIG
 
-
-    DIB_UEFI_ISO_BUILD_EFIBOOT=${DIB_UEFI_ISO_BUILD_EFIBOOT:-}
-    if [ -n "$DIB_UEFI_ISO_BUILD_EFIBOOT" ]; then
-        build_efiboot_img
-    else
-        cp $SCRIPTDIR/efiboot.img $TMP_IMAGE_DIR/isolinux
-    fi
+    build_efiboot_img
 
     # Create the ISO
     echo "Generating the ISO"
@@ -145,6 +141,11 @@ if echo $IMAGE_ELEMENT | grep -q '\bramdisk\b'; then
     EMITTED_RAMDISK=$IMAGE_NAME.initramfs
     EMITTED_KERNEL_CMDLINE_ARGS="boot_method=vmedia"
     EMITTED_ISO_FILENAME=$IMAGE_NAME.iso
+elif echo $IMAGE_ELEMENT | grep -q '\bironic-agent\b'; then
+    EMITTED_KERNEL=$IMAGE_NAME.vmlinuz
+    EMITTED_RAMDISK=$IMAGE_NAME.initramfs
+    EMITTED_KERNEL_CMDLINE_ARGS="boot_method=vmedia"
+    EMITTED_ISO_FILENAME=$IMAGE_NAME.iso
 elif echo $IMAGE_ELEMENT | grep -q '\bbaremetal\b'; then
     EMITTED_KERNEL=${IMAGE_NAME}.vmlinuz
     EMITTED_RAMDISK=${IMAGE_NAME}.initrd
@@ -159,5 +160,10 @@ else
     echo "Please use 'iso' element with either 'baremetal' or 'ramdisk' elements"
 fi
 
+export TMP_BOOTLOADER_DIR=$TARGET_ROOT/tmp/bootloader_files
 build_iso "$EMITTED_KERNEL" "$EMITTED_RAMDISK" "$EMITTED_KERNEL_CMDLINE_ARGS" \
     "$EMITTED_ISO_FILENAME"
+
+# Clean-up the bootloaders directory
+sudo rm -fr $TMP_BOOTLOADER_DIR
+
diff --git a/elements/iso/cleanup.d/efiboot.img b/elements/iso/cleanup.d/efiboot.img
deleted file mode 100644
index 94407c70f..000000000
Binary files a/elements/iso/cleanup.d/efiboot.img and /dev/null differ
diff --git a/elements/iso/element-deps b/elements/iso/element-deps
new file mode 100644
index 000000000..7076aba94
--- /dev/null
+++ b/elements/iso/element-deps
@@ -0,0 +1 @@
+package-installs
diff --git a/elements/iso/package-installs.yaml b/elements/iso/package-installs.yaml
new file mode 100644
index 000000000..782d8df0a
--- /dev/null
+++ b/elements/iso/package-installs.yaml
@@ -0,0 +1,3 @@
+signed_grub:
+signed_shim:
+syslinux:
diff --git a/elements/iso/pkg-map b/elements/iso/pkg-map
new file mode 100644
index 000000000..2fa3799d4
--- /dev/null
+++ b/elements/iso/pkg-map
@@ -0,0 +1,20 @@
+{
+  "family":{
+    "debian":{
+      "signed_grub": "grub-efi-amd64-signed",
+      "signed_shim": "shim-signed",
+      "syslinux": "syslinux"
+    },
+    "redhat":{
+      "signed_grub": "grub2-efi",
+      "signed_shim": "shim",
+      "syslinux": ""
+    }
+  },
+  "default":{
+      "signed_grub": "grub-efi-amd64-signed",
+      "signed_shim": "shim-signed",
+      "syslinux": "syslinux"
+  }
+}
+
diff --git a/elements/iso/post-install.d/01-copy-bootloaders b/elements/iso/post-install.d/01-copy-bootloaders
new file mode 100755
index 000000000..98081ed4a
--- /dev/null
+++ b/elements/iso/post-install.d/01-copy-bootloaders
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+
+set -eux
+set -o pipefail
+
+TMP_BOOTLOADER_DIR=/tmp/bootloader_files
+mkdir -p $TMP_BOOTLOADER_DIR
+
+if [ $DISTRO_NAME = "fedora" ]; then
+    GRUB_FILE="/boot/efi/EFI/fedora/grubx64.efi"
+else
+    GRUB_FILE="/usr/lib/grub/x86_64-efi-signed/grubx64.efi.signed"
+fi
+
+if [ $DISTRO_NAME = "fedora" ]; then
+    SHIM_FILE="/boot/efi/EFI/fedora/shim.efi"
+else
+    SHIM_FILE="/usr/lib/shim/shim.efi.signed"
+fi
+
+if [ $DISTRO_NAME = "fedora" ]; then
+    SYSLINUX_FILE="/usr/share/syslinux/isolinux.bin"
+else
+    SYSLINUX_FILE="/usr/lib/syslinux/isolinux.bin"
+fi
+
+cp $GRUB_FILE $TMP_BOOTLOADER_DIR
+cp $SHIM_FILE $TMP_BOOTLOADER_DIR
+cp $SYSLINUX_FILE $TMP_BOOTLOADER_DIR