diff --git a/oem/ami/build_ebs_on_ec2.sh b/oem/ami/build_ebs_on_ec2.sh
index d574025fa8..360d5eae9d 100755
--- a/oem/ami/build_ebs_on_ec2.sh
+++ b/oem/ami/build_ebs_on_ec2.sh
@@ -102,7 +102,6 @@ fi
 size=8 # GB
 arch=x86_64
 arch2=amd64
-ephemeraldev=/dev/sdb
 # The name has a limited set of allowed characterrs
 name=$(sed -e "s%[^A-Za-z0-9()\\./_-]%_%g" <<< "CoreOS-$GROUP-$VERSION")
 description="CoreOS $GROUP $VERSION"
@@ -117,19 +116,6 @@ if [ -z "$akiid" ]; then
    exit 1
 fi
 
-# TODO: Once we sort out a long-term scheme for generating AMIs this likely
-# will go away. What if we want to generate AMIs from CoreOS?!?!?
-if [ -z "$(which ec2-attach-volume)" ]; then
-	# Update and install Ubuntu packages
-	export DEBIAN_FRONTEND=noninteractive
-	sudo perl -pi -e 's/^# *(deb .*multiverse)$/$1/' /etc/apt/sources.list
-	sudo apt-get update
-	sudo -E apt-get upgrade -y
-	sudo -E apt-get install -y \
-	  ec2-api-tools            \
-	  ec2-ami-tools 
-fi
-
 export EC2_URL="http://ec2.${region}.amazonaws.com"
 echo "Building AMI in zone $zone, region id $akiid"
 
@@ -171,27 +157,42 @@ snapshotid=$(ec2-create-snapshot --description "$name" "$volumeid" | cut -f2)
 while ec2-describe-snapshots "$snapshotid" | grep -q pending
   do sleep 30; done
 
+echo "Created snapshot $snapshotid, deleting $volumeid"
+ec2-delete-volume "$volumeid"
+
 echo "Sharing snapshot with Amazon"
 ec2-modify-snapshot-attribute "$snapshotid" -c --add 679593333241
 
-echo "Created snapshot $snapshotid, registering as a new AMI"
+echo "Registering hvm AMI"
+hvm_amiid=$(ec2-register                              \
+  --name "${name}-hvm"                                \
+  --description "$description (HVM)"                  \
+  --architecture "$arch"                              \
+  --virtualization-type hvm                           \
+  --root-device-name /dev/xvda                        \
+  --block-device-mapping /dev/xvda=$snapshotid::true  \
+  --block-device-mapping /dev/xvdb=ephemeral0         |
+  cut -f2)
+
+echo "Making $hvm_amiid public"
+ec2-modify-image-attribute "$hvm_amiid" --launch-permission -a all
+
+echo "Registering paravirtual AMI"
 amiid=$(ec2-register                                  \
   --name "$name"                                      \
-  --description "$description"                        \
+  --description "$description (PV)"                   \
   --architecture "$arch"                              \
+  --virtualization-type paravirtual                   \
   --kernel "$akiid"                                   \
-  --block-device-mapping /dev/sda=$snapshotid::true   \
-  --block-device-mapping $ephemeraldev=ephemeral0     |
+  --root-device-name /dev/xvda                        \
+  --block-device-mapping /dev/xvda=$snapshotid::true  \
+  --block-device-mapping /dev/xvdb=ephemeral0         |
   cut -f2)
 
 echo "Making $amiid public"
 ec2-modify-image-attribute "$amiid" --launch-permission -a all
 
-ec2-delete-volume "$volumeid"
-
 cat <<EOF
-AMI: $amiid $region $arch2
-
 $description
 architecture: $arch ($arch2)
 region:       $region ($zone)
@@ -200,15 +201,6 @@ name:         $name
 description:  $description
 EBS volume:   $volumeid (deleted)
 EBS snapshot: $snapshotid
-AMI id:       $amiid
-bin url:      $IMG_URL
-
-Test the new AMI using something like:
-
-  export EC2_URL=http://ec2.${region}.amazonaws.com
-  ec2-run-instances \\
-    --key \$USER \\
-    --instance-type t1.micro \\
-    $amiid
-
+PV AMI id:    $amiid
+HVM AMI id:   $hvm_amiid
 EOF
diff --git a/oem/ami/test_ami.sh b/oem/ami/test_ami.sh
index 9f3e7f53f0..21bbfa5a80 100755
--- a/oem/ami/test_ami.sh
+++ b/oem/ami/test_ami.sh
@@ -24,6 +24,7 @@ This script must be run from an ec2 host with the ec2 tools installed.
 "
 
 AMI=
+HVM=
 VER=
 BOARD="amd64-usr"
 GROUP="alpha"
@@ -46,6 +47,11 @@ if [[ $(id -u) -eq 0 ]]; then
     exit 1
 fi
 
+zoneurl=http://instance-data/latest/meta-data/placement/availability-zone
+zone=$(curl --fail -s $zoneurl)
+region=$(echo $zone | sed 's/.$//')
+export EC2_URL="http://ec2.${region}.amazonaws.com"
+
 if [[ -z "$AMI" && -n "$VER" ]]; then
     AMI=$(ec2-describe-images -F name="CoreOS-$GROUP-$VER" | grep -m1 ^IMAGE \
         | cut -f2) || true # Don't die silently, error messages are good
@@ -53,6 +59,12 @@ if [[ -z "$AMI" && -n "$VER" ]]; then
         echo "$0: Cannot find an AMI for CoreOS $GROUP $VER" >&2
         exit 1
     fi
+    HVM=$(ec2-describe-images -F name="CoreOS-$GROUP-$VER-hvm" \
+        | grep -m1 ^IMAGE | cut -f2) || true
+    if [[ -z "$HVM" ]]; then
+        echo "$0: Cannot find an AMI for CoreOS $GROUP $VER (HVM)" >&2
+        exit 1
+    fi
 elif [[ -n "$AMI" ]]; then
     # check to make sure this is a valid image
     if ! ec2-describe-images -F image-id="$AMI" | grep -q "$AMI"; then
@@ -78,10 +90,6 @@ ec2-authorize "$sg_name" -P tcp -p 7001 > /dev/null
 ec2-authorize "$sg_name" -P tcp -p 22 > /dev/null
 echo "OK ($key_name)"
 
-# might be needed later for multi-zone tests
-zoneurl=http://instance-data/latest/meta-data/placement/availability-zone
-zone=$(curl --fail -s $zoneurl)
-region=$(echo $zone | sed 's/.$//')
 discovery=$(curl --fail -s https://discovery.etcd.io/new)
 userdata="#cloud-config
 
@@ -98,13 +106,32 @@ coreos:
 "
 
 echo -n "Booting instances... "
-instances=$(ec2-run-instances \
+# Add in 1 HVM instance if available.
+if [[ -z "$HVM" ]]; then
+  instances=$(ec2-run-instances \
     --user-data "$userdata" \
     --instance-type "t1.micro" \
     --instance-count 3 \
     --group "$sg_name" \
     --key "$key_name" $AMI | \
        grep INSTANCE | cut -f2)
+else
+  instances=$(ec2-run-instances \
+    --user-data "$userdata" \
+    --instance-type "t1.micro" \
+    --instance-count 2 \
+    --group "$sg_name" \
+    --key "$key_name" $AMI | \
+       grep INSTANCE | cut -f2)
+  instances+=" "
+  instances+=$(ec2-run-instances \
+    --user-data "$userdata" \
+    --instance-type "m3.medium" \
+    --instance-count 1 \
+    --group "$sg_name" \
+    --key "$key_name" $HVM | \
+       grep INSTANCE | cut -f2)
+fi
 # little hack to create a describe instances command that only 
 # pulls data for these instances
 ec2_cmd=$(echo $instances | sed 's/ / --filter instance-id=/g')
@@ -155,8 +182,9 @@ ec2-terminate-instances $instances > /dev/null
 while ! $ec2_cmd | grep INSTANCE | grep -q terminated
   do sleep 10; done
 
-sleep 10
-ec2-delete-group $sg_name > /dev/null
+# The security group may take a little longer to free up
+while ! ec2-delete-group $sg_name > /dev/null
+  do sleep 10; done
 ec2-delete-keypair $key_name > /dev/null
 rm $key_file
 echo "OK"