diff --git a/bin/macos-multipass-vm.sh b/bin/macos-multipass-vm.sh
index 1011dbf..854d7c7 100755
--- a/bin/macos-multipass-vm.sh
+++ b/bin/macos-multipass-vm.sh
@@ -65,7 +65,7 @@ fi
 [[ -z "$CPUS" ]] && CPUS=1
 [[ -z "$MEMS" ]] && MEMS=1
 [[ -z "$STOR" ]] && STOR=10
-[[ -z "$NIC" ]] && NIC=$(ifconfig | grep -v '127.0.0.1' | grep -E "(^en|inet )" | grep -B1 'inet ' | grep '^en' | cut -d: -f1)
+[[ -z "$NIC" ]] && NIC=$(ifconfig | grep -v '127.0.0.1' | grep -E "(^en|inet )" | grep -B1 'inet ' | grep '^en' | tail -n 1 | cut -d: -f1)
 echo "ACTN=$ACTN"
 echo "NAME=$NAME"
 echo "ISO =$ISO"
diff --git a/bin/macos-utm-vm.sh b/bin/macos-utm-vm.sh
index 10337be..9ed738d 100755
--- a/bin/macos-utm-vm.sh
+++ b/bin/macos-utm-vm.sh
@@ -17,11 +17,17 @@ Usage:
   ${0##*/}  [create|destroy|info|list|ps|restart|start|stop|unmount-boot-iso]  -n NAME  [-i iso-name]  [-c 1-4]  [-m 1-8]  [-s 10-60]
 
 Example:
-  ${0##*/} create -n test -i ubuntu-22 -c 1 -m 4 -s 40
-  ${0##*/} start -n test
-  ${0##*/} unmount-boot-iso -n test
+  ubuntu-container.sh
+  ubuntu-create-cloudinit-iso.sh
+
+  ${0##*/} create -n test -i ubuntu-22.04 -c 1 -m 4 -s 20
   ${0##*/} start -n test
+
+  bash bin/vm/ubuntu-create-autoinstall-iso.sh
   ${0##*/} destroy -n test
+
+  ${0##*/} create -n vm01 -i autoinstall-22.04 -c 1 -m 4 -s 20
+  ${0##*/} start -n vm01
 EOS
   exit 1
 }
@@ -85,7 +91,7 @@ CLOUD_INIT_ISO=$( find ${HOME}/iso -name 'cloudinit.iso' )
 [[ -z "$CPUS" ]] && CPUS=1
 [[ -z "$MEMS" ]] && MEMS=1
 [[ -z "$STOR" ]] && STOR=10
-[[ -z "$NIC" ]] && NIC=$(ifconfig | grep -v '127.0.0.1' | grep -E "(^en|inet )" | grep -B1 'inet ' | grep '^en' | cut -d: -f1)
+[[ -z "$NIC" ]] && NIC=$(ifconfig | grep -v '127.0.0.1' | grep -E "(^en|inet )" | grep -B1 'inet ' | grep '^en' | tail -n 1 | cut -d: -f1)
 echo "ACTN=$ACTN"
 echo "NAME=$NAME"
 echo "ISO =$ISO"
@@ -164,7 +170,7 @@ end tell
     ;;
   info)
     utmctl status $NAME
-    utmctl ip-address $NAME
+    # utmctl ip-address $NAME
     ;;
   list)
     utmctl list
@@ -179,7 +185,26 @@ end tell
   start)
     utmctl start $NAME
     set +x
-    echo "REMINDER: add 'autoinstall' on the 'linux' boot line"
+    INSTALLED=false
+    osascript -e '
+tell application "UTM"
+  set vm to virtual machine named "'$NAME'"
+  set config to configuration of vm
+  log config
+end tell
+' 2>&1 | grep -q "notes:installed" && INSTALLED=true
+    [[ "false" == "$INSTALLED" ]] && echo "REMINDER: add 'autoinstall' on the 'linux' boot line"
+    STOPPED=false
+    for i in {1..30} ; do
+      [[ "true" == "$STOPPED" ]] && continue
+      [[ "true" == "$INSTALLED" ]] && continue
+      sleep 60
+      utmctl status $NAME | grep -q stopped && STOPPED=true
+    done
+    if [[ "true" == "$STOPPED" ]] && [[ "false" == "$INSTALLED" ]] ; then
+      ${0##*/} unmount-boot-iso -n $NAME
+      ${0##*/} start -n $NAME
+    fi
     ;;
   stop)
     utmctl stop $NAME
@@ -191,6 +216,7 @@ end tell
 tell application "UTM"
   set vm to virtual machine named "'$NAME'"
   set config to configuration of vm
+  set notes of config to "installed"
   set cloudinit to POSIX file "'$CLOUD_INIT_ISO'"
   set i to id of item 1 of drives of config
   set item 1 of drives of config to {id:i, source:cloudinit}
diff --git a/bin/ubuntu-create-cloudinit-iso.sh b/bin/ubuntu-create-cloudinit-iso.sh
index c2bf402..b3d12df 100755
--- a/bin/ubuntu-create-cloudinit-iso.sh
+++ b/bin/ubuntu-create-cloudinit-iso.sh
@@ -15,8 +15,8 @@ UBUNTU_CONTAINER_ID=$($DOCKER_BIN ps | grep ubuntu:24.04 | cut -d' ' -f1)
 
 $DOCKER_BIN exec $UBUNTU_CONTAINER_ID apt update
 $DOCKER_BIN exec $UBUNTU_CONTAINER_ID apt install -y cloud-image-utils
-$DOCKER_BIN exec $UBUNTU_CONTAINER_ID mkdir -p cidata
-$DOCKER_BIN exec $UBUNTU_CONTAINER_ID touch ./cidata/meta-data
-$DOCKER_BIN cp $(dirname $0)/vm/cloud-init.yaml $UBUNTU_CONTAINER_ID:./cidata/user-data
-$DOCKER_BIN exec $UBUNTU_CONTAINER_ID bash -c "cd cidata && cloud-localds ../cloudinit.iso user-data meta-data"
+$DOCKER_BIN exec $UBUNTU_CONTAINER_ID mkdir -p cloudinit
+$DOCKER_BIN exec $UBUNTU_CONTAINER_ID touch ./cloudinit/meta-data
+$DOCKER_BIN cp $(dirname $0)/vm/cloud-init.yaml $UBUNTU_CONTAINER_ID:./cloudinit/user-data
+$DOCKER_BIN exec $UBUNTU_CONTAINER_ID bash -c "cd cloudinit && cloud-localds ../cloudinit.iso user-data meta-data"
 $DOCKER_BIN cp $UBUNTU_CONTAINER_ID:./cloudinit.iso ${HOME}/iso/cloudinit.iso
diff --git a/bin/vm/cloud-init.yaml b/bin/vm/cloud-init.yaml
index 51b31e7..20670af 100644
--- a/bin/vm/cloud-init.yaml
+++ b/bin/vm/cloud-init.yaml
@@ -15,6 +15,8 @@ autoinstall:
   updates: all
   shutdown: poweroff
   late-commands:
+    # set random hostname
+    - echo vm-$(openssl rand -hex 2) > /target/etc/hostname
     # add ip address to TTY login screen
     #   crete base64 with:
     #   cat bin/ubuntu-tty-update.sh | gzip -c - | base64
@@ -24,13 +26,11 @@ autoinstall:
     - echo 'H4sIACWwjGcAA3WOMRKCMBBF+5yCCwROkEJHClvRsWAoAqyyY9hgdqPk9mZkLK3/vPdfeyGUTh2Ah4CLoCcT+0gSC5FUxGW0AuoEz4gB2BDI24eH9uSQoBQb7iBqdxMIfzbVNhBeOECnzmkB4wl48pKVs0X6kvWKYhKwqlcYmsyJqbhHqrYQnUP0FlLylIVHYrHOdepqSWDcJzNHJ6gjQ/jdfgAt+l2E1wAAAA==' | base64 -d | zcat > /target/etc/systemd/system/ubuntu-tty-update.service
     - curtin in-target -- chmod 644 /etc/systemd/system/ubuntu-tty-update.service
     - curtin in-target -- systemctl enable ubuntu-tty-update.service
-    # # temp cronjob to update TTY login screen
-    # - echo '* * * * * root /sbin/ubuntu-tty-update.sh' > /target/etc/cron.d/update_issue
-    # - curtin in-target -- chmod 644 /etc/cron.d/update_issue
     # extend logical volume
     - curtin in-target -- lvextend -l +100%FREE /dev/ubuntu-vg/ubuntu-lv
     - curtin in-target -- resize2fs /dev/mapper/ubuntu--vg-ubuntu--lv
   user-data:
+    disable_root: true # disable root user interactive login
     users:
       - name: lab
         homedir: /home/lab
@@ -43,6 +43,8 @@ autoinstall:
           - gh:johnko
         sudo: ALL=(ALL) NOPASSWD:ALL
       - name: ubuntu
+        # disable ubuntu interactive login via expire
+        expiredate: "2000-01-01"
         homedir: /home/ubuntu
         shell: /bin/bash
         lock_passwd: true
@@ -54,6 +56,4 @@ autoinstall:
     package_upgrade: true
     packages:
       - openssh-server
-      - docker.io
-      - docker-compose
-    ssh_pwauth: false
+    ssh_pwauth: false # disable ssh interactive password auth
diff --git a/bin/vm/grub.cfg b/bin/vm/grub.cfg
new file mode 100644
index 0000000..fcb7aef
--- /dev/null
+++ b/bin/vm/grub.cfg
@@ -0,0 +1,23 @@
+set timeout=5
+
+loadfont unicode
+
+set menu_color_normal=red/black
+set menu_color_highlight=black/light-gray
+
+menuentry "AutoInstall Ubuntu Server" {
+	set gfxpayload=keep
+	linux	/casper/vmlinuz quiet autoinstall ---
+	initrd	/casper/initrd
+}
+menuentry "Ubuntu Server with the HWE kernel" {
+	set gfxpayload=keep
+	linux	/casper/hwe-vmlinuz quiet ---
+	initrd	/casper/hwe-initrd
+}
+menuentry 'Boot from next volume' {
+	exit 1
+}
+menuentry 'UEFI Firmware Settings' {
+	fwsetup
+}
diff --git a/bin/vm/ubuntu-create-autoinstall-iso.sh b/bin/vm/ubuntu-create-autoinstall-iso.sh
new file mode 100755
index 0000000..9aa257b
--- /dev/null
+++ b/bin/vm/ubuntu-create-autoinstall-iso.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+set -eux
+
+ssh vm sudo apt update
+ssh vm sudo apt install -y git python3 python3-pip xorriso
+ssh vm sudo rm -fr livefs-editor
+ssh vm git clone https://github.com/mwhudson/livefs-editor
+ssh vm sudo python3 -m pip install ./livefs-editor/
+rsync -virchlmP $(dirname $0)/grub.cfg vm:/tmp/grub.cfg
+rsync -virchlmP ${HOME}/iso/arm/ubuntu-22.04.5-live-server-arm64.iso vm:./ubuntu-22.04.5-live-server-arm64.iso
+ssh vm sudo python3 -m livefs_edit ubuntu-22.04.5-live-server-arm64.iso autoinstall-22.04.5-live-server-arm64.iso --cp /tmp/grub.cfg new/iso/boot/grub/grub.cfg
+rsync -virchlmP vm:./autoinstall-22.04.5-live-server-arm64.iso ${HOME}/iso/arm/autoinstall-22.04.5-live-server-arm64.iso