diff --git a/pkg/pillar/cmd/domainmgr/domainmgr.go b/pkg/pillar/cmd/domainmgr/domainmgr.go
index 4dbc6e93a21..777d57da545 100644
--- a/pkg/pillar/cmd/domainmgr/domainmgr.go
+++ b/pkg/pillar/cmd/domainmgr/domainmgr.go
@@ -2211,6 +2211,7 @@ func handleModify(ctx *domainContext, key string,
 func updateStatusFromConfig(status *types.DomainStatus, config types.DomainConfig) {
 	status.VirtualizationMode = config.VirtualizationModeOrDefault()
 	status.EnableVnc = config.EnableVnc
+	status.EnableVncShimVM = config.EnableVncShimVM
 	status.VncDisplay = config.VncDisplay
 	status.VncPasswd = config.VncPasswd
 	status.DisableLogs = config.DisableLogs
diff --git a/pkg/pillar/cmd/zedagent/parseconfig.go b/pkg/pillar/cmd/zedagent/parseconfig.go
index 84dc235ba26..e1c80e002e3 100644
--- a/pkg/pillar/cmd/zedagent/parseconfig.go
+++ b/pkg/pillar/cmd/zedagent/parseconfig.go
@@ -606,6 +606,7 @@ func parseAppInstanceConfig(getconfigCtx *getconfigContext,
 		appInstance.FixedResources.MaxCpus = int(cfgApp.Fixedresources.Maxcpus)
 		appInstance.FixedResources.VirtualizationMode = types.VmMode(cfgApp.Fixedresources.VirtualizationMode)
 		appInstance.FixedResources.EnableVnc = cfgApp.Fixedresources.EnableVnc
+		appInstance.FixedResources.EnableVncShimVM = cfgApp.Fixedresources.EnableVncShimVm
 		appInstance.FixedResources.VncDisplay = cfgApp.Fixedresources.VncDisplay
 		appInstance.FixedResources.VncPasswd = cfgApp.Fixedresources.VncPasswd
 		appInstance.DisableLogs = cfgApp.Fixedresources.DisableLogs
@@ -2614,6 +2615,12 @@ func checkAndPublishAppInstanceConfig(getconfigCtx *getconfigContext,
 		config.Errors = append(config.Errors, err.Error())
 	}
 
+	if config.FixedResources.EnableVnc == false && config.FixedResources.EnableVncShimVM == true {
+		err := fmt.Errorf("VNC shim VM enabled but VNC disabled for app instance %s", config.UUIDandVersion.UUID)
+		log.Error(err)
+		config.Errors = append(config.Errors, err.Error())
+	}
+
 	pub.Publish(key, config)
 }
 
diff --git a/pkg/pillar/hypervisor/kvm.go b/pkg/pillar/hypervisor/kvm.go
index f58982f24e0..a0b4bf261af 100644
--- a/pkg/pillar/hypervisor/kvm.go
+++ b/pkg/pillar/hypervisor/kvm.go
@@ -174,6 +174,7 @@ const qemuConfTemplate = `# This file is automatically generated by domainmgr
   chardev = "charserial1"
   name = "org.lfedge.eve.console.prime"
 
+{{- if .DomainConfig.EnableVncShimVM}}
 [chardev "charserial2"]
   backend = "vc"
 
@@ -181,6 +182,7 @@ const qemuConfTemplate = `# This file is automatically generated by domainmgr
   driver = "virtconsole"
   chardev = "charserial2"
   name = "org.lfedge.eve.console.prime.forvnc"
+{{- end -}}
 {{end}}
 
 {{if .DomainConfig.EnableVnc}}
diff --git a/pkg/pillar/types/domainmgrtypes.go b/pkg/pillar/types/domainmgrtypes.go
index f43a8007a46..a4021fcb7b3 100644
--- a/pkg/pillar/types/domainmgrtypes.go
+++ b/pkg/pillar/types/domainmgrtypes.go
@@ -152,6 +152,7 @@ func (config DomainConfig) LogCreate(logBase *base.LogObject) {
 	}
 	logObject.CloneAndAddField("activate", config.Activate).
 		AddField("enable-vnc", config.EnableVnc).
+		AddField("enable-vnc-shim-vm", config.EnableVncShimVM).
 		Noticef("domain config create")
 }
 
@@ -165,12 +166,15 @@ func (config DomainConfig) LogModify(logBase *base.LogObject, old interface{}) {
 		logObject.Clone().Fatalf("LogModify: Old object interface passed is not of DomainConfig type")
 	}
 	if oldConfig.Activate != config.Activate ||
-		oldConfig.EnableVnc != config.EnableVnc {
+		oldConfig.EnableVnc != config.EnableVnc ||
+		oldConfig.EnableVncShimVM != config.EnableVncShimVM {
 
 		logObject.CloneAndAddField("activate", config.Activate).
 			AddField("enable-vnc", config.EnableVnc).
+			AddField("enable-vnc-shim-vm", config.EnableVncShimVM).
 			AddField("old-activate", oldConfig.Activate).
 			AddField("old-enable-vnc", oldConfig.EnableVnc).
+			AddField("old-enable-vnc-shim-vm", oldConfig.EnableVncShimVM).
 			Noticef("domain config modify")
 	} else {
 		// XXX remove?
@@ -185,6 +189,7 @@ func (config DomainConfig) LogDelete(logBase *base.LogObject) {
 		config.UUIDandVersion.UUID, config.LogKey())
 	logObject.CloneAndAddField("activate", config.Activate).
 		AddField("enable-vnc", config.EnableVnc).
+		AddField("enable-vnc-shim-vm", config.EnableVncShimVM).
 		Noticef("domain config delete")
 
 	base.DeleteLogObject(logBase, config.LogKey())
@@ -229,6 +234,7 @@ type VmConfig struct {
 	VncPasswd          string
 	CPUsPinned         bool
 	VMMMaxMem          int // in kbytes
+	EnableVncShimVM    bool
 }
 
 type VmMode uint8