diff --git a/live-build/buildd/hooks/02-disk-image-uefi.binary b/live-build/buildd/hooks/02-disk-image-uefi.binary
index 75d93aa5..65c52af3 100755
--- a/live-build/buildd/hooks/02-disk-image-uefi.binary
+++ b/live-build/buildd/hooks/02-disk-image-uefi.binary
@@ -20,7 +20,7 @@ create_partitions() {
     disk_image="$1"
     sgdisk "${disk_image}" --zap-all
     case $ARCH in
-        arm64|armhf)
+        arm64)
             sgdisk "${disk_image}" \
                 --new=15:0:204800 \
                 --typecode=15:ef00 \
@@ -64,40 +64,42 @@ install_grub() {
     efi_boot_dir="/boot/efi/EFI/BOOT"
     chroot mountpoint mkdir -p "${efi_boot_dir}"
 
-    if [ -n "$partuuid" ]; then
+    if [ "${SUBPROJECT:-}" = minimized ] && [ -n "$partuuid" ]; then
         echo "GRUB_FORCE_PARTUUID=$partuuid" >> mountpoint/etc/default/grub.d/40-force-partuuid.cfg
     fi
 
     chroot mountpoint apt-get -y update
 
-    # UEFI GRUB modules are meant to be used equally by Secure Boot and
-    # non-Secure Boot systems. If you need an extra module not already
-    # provided or run into "Secure Boot policy forbids loading X" problems,
-    # please file a bug against grub2 to include the affected module.
+    # The modules below only make sense on non-Secure Boot UEFI systems.
+    # Otherwise, with Secure Boot enabled GRUB will refuse to load them.
+    # Any modules already in debian/build-efi-images do not need to be listed.
+    # Furthermore, other modules such as terminal, video_* and efi_* are all
+    # already available.
     case $ARCH in
         arm64)
             chroot mountpoint apt-get -qqy install --no-install-recommends grub-efi-arm64 grub-efi-arm64-bin
+            grub_modules="serial"
             efi_target=arm64-efi
             ;;
-        armhf)
-            chroot mountpoint apt-get -qqy install --no-install-recommends grub-efi-arm grub-efi-arm-bin
-            efi_target=arm-efi
-            ;;
         amd64)
             chroot mountpoint apt-get install -qqy grub-pc
-            chroot mountpoint apt-get install -qqy grub-efi-amd64-signed shim-signed
+            chroot mountpoint apt-get install -qqy grub-efi-amd64-signed grub-efi-amd64 shim-signed
+            grub_modules="multiboot serial usb usb_keyboard"
             efi_target=x86_64-efi
             ;;
     esac
 
-    # This call to rewrite the debian package manifest is added here to capture
+    cat << EOF >> mountpoint/etc/default/grub.d/50-cloudimg-settings.cfg
+${IMAGE_STR}
+# For Cloud Image compatability
+GRUB_PRELOAD_MODULES="${GRUB_PRELOAD_MODULES:-$grub_modules}"
+EOF
+
+    # This call to populate the package manifest is added here to capture
     # grub-efi packages that otherwise would not make it into the base
     # manifest. filesystem.packages is moved into place via symlinking to
     # livecd.ubuntu-cpc.manifest by live-build/auto/build after lb_binary runs
-    # and at that time snaps are added to the manifest (create-manifest is
-    # not called here as it calls snap-seed-parse, resulting in duplicate
-    # snap listings)
-    chroot mountpoint dpkg-query -W > binary/boot/filesystem.packages
+    create_manifest "mountpoint" "binary/boot/filesystem.packages"
 
     chroot mountpoint grub-install "${loop_device}" \
         --boot-directory=/boot \
@@ -105,7 +107,8 @@ install_grub() {
         --target=${efi_target} \
         --removable \
         --uefi-secure-boot \
-        --no-nvram
+        --no-nvram \
+        --modules="${grub_modules}"
 
     if [ -f mountpoint/boot/efi/EFI/BOOT/grub.cfg ]; then
         sed -i "s| root| root hd0,gpt1|" mountpoint/boot/efi/EFI/BOOT/grub.cfg