diff --git a/pkg/imager/imager.go b/pkg/imager/imager.go
index c4cfdf5c13..c5c7e8be1b 100644
--- a/pkg/imager/imager.go
+++ b/pkg/imager/imager.go
@@ -103,8 +103,25 @@ func (i *Imager) Execute(ctx context.Context, outputPath string, report *reporte
 		Status:  reporter.StatusSucceeded,
 	})
 
-	// 4. Build UKI unless the output is a kernel or cmdline.
-	if i.prof.Output.Kind != profile.OutKindKernel && i.prof.Output.Kind != profile.OutKindCmdline {
+	// 4. Build UKI if needed
+	needBuildUKI := quirks.New(i.prof.Version).SupportsUKI()
+
+	switch i.prof.Output.Kind {
+	case profile.OutKindUKI:
+		if !needBuildUKI {
+			return "", fmt.Errorf("UKI output is not supported in this Talos version")
+		}
+	case profile.OutKindISO, profile.OutKindImage, profile.OutKindInstaller:
+		needBuildUKI = needBuildUKI && i.prof.SecureBootEnabled()
+	case profile.OutKindCmdline, profile.OutKindKernel, profile.OutKindInitramfs:
+		needBuildUKI = false
+	case profile.OutKindUnknown:
+		fallthrough
+	default:
+		return "", fmt.Errorf("unknown output kind: %s", i.prof.Output.Kind)
+	}
+
+	if needBuildUKI {
 		if err = i.buildUKI(ctx, report); err != nil {
 			return "", err
 		}
diff --git a/pkg/machinery/imager/quirks/quirks.go b/pkg/machinery/imager/quirks/quirks.go
index da995f3329..b7153b7d92 100644
--- a/pkg/machinery/imager/quirks/quirks.go
+++ b/pkg/machinery/imager/quirks/quirks.go
@@ -27,13 +27,13 @@ func New(talosVersion string) Quirks {
 	}}
 }
 
-var minVersionResetOption = semver.MustParse("1.4.0")
-
 // Version returns the Talos version.
 func (q Quirks) Version() *semver.Version {
 	return q.v
 }
 
+var minVersionResetOption = semver.MustParse("1.4.0")
+
 // SupportsResetGRUBOption returns true if the Talos version supports the reset option in GRUB menu (image and ISO).
 func (q Quirks) SupportsResetGRUBOption() bool {
 	// if the version doesn't parse, we assume it's latest Talos
@@ -44,6 +44,18 @@ func (q Quirks) SupportsResetGRUBOption() bool {
 	return q.v.GTE(minVersionResetOption)
 }
 
+var minVersionUKI = semver.MustParse("1.5.0")
+
+// SupportsUKI returns true if the Talos version supports building UKIs.
+func (q Quirks) SupportsUKI() bool {
+	// if the version doesn't parse, we assume it's latest Talos
+	if q.v == nil {
+		return true
+	}
+
+	return q.v.GTE(minVersionUKI)
+}
+
 var minVersionCompressedMETA = semver.MustParse("1.6.3")
 
 // SupportsCompressedEncodedMETA returns true if the Talos version supports compressed and encoded META as an environment variable.