diff --git a/Earthfile b/Earthfile
index 4beb94596a..a555424a20 100644
--- a/Earthfile
+++ b/Earthfile
@@ -544,18 +544,24 @@ uki:
 
 uki-signed:
     FROM +uki-tools-image
+    # HOW TO: Generate the keys
     # Platform key
-    RUN openssl req -new -x509 -subj "/CN=Kairos PK/" -days 3650 -nodes -newkey rsa:2048 -sha256 -keyout PK.key -out PK.crt
-    # CER keys are for FW install
-    RUN openssl x509 -in PK.crt -out PK.auth -outform DER
+    # RUN openssl req -new -x509 -subj "/CN=Kairos PK/" -days 3650 -nodes -newkey rsa:2048 -sha256 -keyout PK.key -out PK.crt
+    # DER keys are for FW install
+    # RUN openssl x509 -in PK.crt -out PK.der -outform DER
     # Key exchange
-    RUN openssl req -new -x509 -subj "/CN=Kairos KEK/" -days 3650 -nodes -newkey rsa:2048 -sha256 -keyout KEK.key -out KEK.crt
-    # CER keys are for FW install
-    RUN openssl x509 -in KEK.crt -out KEK.auth -outform DER
+    # RUN openssl req -new -x509 -subj "/CN=Kairos KEK/" -days 3650 -nodes -newkey rsa:2048 -sha256 -keyout KEK.key -out KEK.crt
+    # DER keys are for FW install
+    # RUN openssl x509 -in KEK.crt -out KEK.der -outform DER
     # Signature DB
-    RUN openssl req -new -x509 -subj "/CN=Kairos DB/" -days 3650 -nodes -newkey rsa:2048 -sha256 -keyout DB.key -out DB.crt
-    # CER keys are for FW install
-    RUN openssl x509 -in DB.crt -out DB.auth -outform DER
+    # RUN openssl req -new -x509 -subj "/CN=Kairos DB/" -days 3650 -nodes -newkey rsa:2048 -sha256 -keyout DB.key -out DB.crt
+    # DER keys are for FW install
+    # RUN openssl x509 -in DB.crt -out DB.der -outform DER
+    # But for now just use test keys pre-generated for easy testing.
+    # NOTE: NEVER EVER EVER use this keys for signing anything that its going outside your computer
+    # This is for easy testing SecureBoot locally for development purposes
+    # Installing this keys in other place than a VM for testing SecureBoot is irresponsible
+    COPY tests/keys/* .
     COPY +uki/uki.efi uki.efi
     COPY +uki/Uname Uname
     ARG KVERSION=$(cat Uname)
@@ -565,18 +571,17 @@ uki-signed:
     ARG TARGETARCH
     ARG ISO_NAME=${OS_ID}-${VARIANT}-${FLAVOR}-${TARGETARCH}-${MODEL}-${VERSION}
 
+    # Actuall signing of the binaries with the keys
     RUN sbsign --key DB.key --cert DB.crt --output uki.signed.efi uki.efi
-
-    SAVE ARTIFACT /boot/efi/EFI/fedora/mmx64.efi MokManager.efi
-    SAVE ARTIFACT PK.key PK.key AS LOCAL build/PK.key
-    SAVE ARTIFACT PK.crt PK.crt AS LOCAL build/PK.crt
-    SAVE ARTIFACT PK.auth PK.auth AS LOCAL build/PK.auth
-    SAVE ARTIFACT KEK.key KEK.key AS LOCAL build/KEK.key
-    SAVE ARTIFACT KEK.crt KEK.crt AS LOCAL build/KEK.crt
-    SAVE ARTIFACT KEK.auth KEK.auth AS LOCAL build/KEK.auth
-    SAVE ARTIFACT DB.key DB.key AS LOCAL build/DB.key
-    SAVE ARTIFACT DB.crt DB.crt AS LOCAL build/DB.crt
-    SAVE ARTIFACT DB.auth DB.auth AS LOCAL  build/DB.auth
+    RUN sbsign --key DB.key --cert DB.crt --output systemd-bootx64.signed.efi /usr/lib/systemd/boot/efi/systemd-bootx64.efi
+    RUN sbsign --key DB.key --cert DB.crt --output MokManager.signed.efi /boot/efi/EFI/fedora/mmx64.efi
+
+    SAVE ARTIFACT MokManager.signed.efi MokManager.efi
+    SAVE ARTIFACT systemd-bootx64.signed.efi systemd-bootx64.efi
+    # Only provide the der files as those are the one for installing in the firmware (like public keys kind of?)
+    SAVE ARTIFACT PK.der PK.der AS LOCAL build/PK.der
+    SAVE ARTIFACT KEK.der KEK.der AS LOCAL build/KEK.der
+    SAVE ARTIFACT DB.der DB.der AS LOCAL  build/DB.der
     SAVE ARTIFACT uki.signed.efi uki.efi AS LOCAL build/$ISO_NAME.signed-$KVERSION.efi
 
 # This target will prepare a disk.img ready with the uki artifact on it for qemu. Just attach it to qemu and mark you vm to boot from that disk
@@ -587,15 +592,9 @@ prepare-uki-disk-image:
     ARG SIGNED_EFI=false
     IF [ "$SIGNED_EFI" = "true" ]
         COPY +uki-signed/uki.efi .
-        COPY +uki-signed/PK.key .
-        COPY +uki-signed/PK.crt .
-        COPY +uki-signed/PK.auth .
-        COPY +uki-signed/KEK.key .
-        COPY +uki-signed/KEK.crt .
-        COPY +uki-signed/KEK.auth .
-        COPY +uki-signed/DB.key .
-        COPY +uki-signed/DB.crt .
-        COPY +uki-signed/DB.auth .
+        COPY +uki-signed/PK.der .
+        COPY +uki-signed/KEK.der .
+        COPY +uki-signed/DB.der .
         COPY +uki-signed/MokManager.efi .
     ELSE
         COPY +uki/uki.efi .
@@ -606,15 +605,9 @@ prepare-uki-disk-image:
     RUN mmd -i disk.img ::/EFI/BOOT
     RUN mcopy -i disk.img uki.efi ::/EFI/BOOT/BOOTX64.efi
     IF [ "$SIGNED_EFI" = "true" ]
-        RUN mcopy -i disk.img PK.key ::/EFI/BOOT/PK.key
-        RUN mcopy -i disk.img PK.crt ::/EFI/BOOT/PK.crt
-        RUN mcopy -i disk.img PK.cer ::/EFI/BOOT/PK.auth
-        RUN mcopy -i disk.img KEK.key ::/EFI/BOOT/KEK.key
-        RUN mcopy -i disk.img KEK.crt ::/EFI/BOOT/KEK.crt
-        RUN mcopy -i disk.img KEK.cer ::/EFI/BOOT/KEK.auth
-        RUN mcopy -i disk.img DB.key ::/EFI/BOOT/DB.key
-        RUN mcopy -i disk.img DB.crt ::/EFI/BOOT/DB.crt
-        RUN mcopy -i disk.img DB.cer ::/EFI/BOOT/DB.auth
+        RUN mcopy -i disk.img PK.cer ::/EFI/BOOT/PK.der
+        RUN mcopy -i disk.img KEK.cer ::/EFI/BOOT/KEK.der
+        RUN mcopy -i disk.img DB.cer ::/EFI/BOOT/DB.der
         RUN mcopy -i disk.img MokManager.efi ::/EFI/BOOT/mmx64.efi
     END
     RUN mdir -i disk.img ::/EFI/BOOT
@@ -649,13 +642,15 @@ iso-uki:
     FROM $OSBUILDER_IMAGE
     WORKDIR /build
     COPY +uki-signed/uki.efi .
-    COPY +uki-signed/PK.auth .
-    COPY +uki-signed/KEK.auth .
-    COPY +uki-signed/DB.auth .
+    COPY +uki-signed/PK.der .
+    COPY +uki-signed/KEK.der .
+    COPY +uki-signed/DB.der .
     COPY +uki-signed/MokManager.efi .
+    COPY +uki-signed/systemd-bootx64.efi .
     # Set the name for kairos manually as otherwise it picks it from the os-release automatically
     RUN printf "title Kairos ${FLAVOR} ${VERSION}\nefi /EFI/kairos/kairos.efi" > kairos.conf
-    RUN printf "default  kairos.conf" > loader.conf
+    RUN printf "title MokManager\nefi /EFI/tools/MokManager.efi" > mokmanager.conf
+    RUN printf "default kairos.conf" > loader.conf
     RUN mkdir -p /build/efi
     # TODO: Create the img size based on the actual efi size!
     RUN dd if=/dev/zero of=/build/efi/efiboot.img bs=1G count=1
@@ -668,19 +663,21 @@ iso-uki:
     RUN mmd -i /build/efi/efiboot.img ::loader/entries
     RUN mmd -i /build/efi/efiboot.img ::loader/keys
     RUN mmd -i /build/efi/efiboot.img ::loader/keys/kairos
-    # Copy keys, not sure which ones lol
-    RUN mcopy -i /build/efi/efiboot.img /build/PK.auth ::loader/keys/kairos/PK.auth
-    RUN mcopy -i /build/efi/efiboot.img /build/KEK.auth ::loader/keys/kairos/KEK.auth
-    RUN mcopy -i /build/efi/efiboot.img /build/DB.auth ::loader/keys/kairos/DB.auth
-    # Copy kairos efi. This dir will make system-boot autosearch and add to entries automatically
-    # /EFI/Linux/
-    # but here we do it by using systemd-boot
+    # Mokmanager
+    RUN mcopy -i /build/efi/efiboot.img /build/MokManager.efi ::EFI/tools/MokManager.efi
+    RUN mcopy -i /build/efi/efiboot.img /build/mokmanager.conf ::loader/entries/mokmanager.conf
+    # Copy keys
+    RUN mcopy -i /build/efi/efiboot.img /build/PK.der ::loader/keys/kairos/PK.der
+    RUN mcopy -i /build/efi/efiboot.img /build/KEK.der ::loader/keys/kairos/KEK.der
+    RUN mcopy -i /build/efi/efiboot.img /build/DB.der ::loader/keys/kairos/DB.der
+    # Copy kairos efi. This dir would make system-boot autosearch and add to entries automatically /EFI/Linux/
+    # but here we do it by using systemd-boot as fallback so it sets the proper efivars
     RUN mcopy -i /build/efi/efiboot.img /build/kairos.conf ::loader/entries/kairos.conf
     RUN mcopy -i /build/efi/efiboot.img /build/uki.efi ::EFI/kairos/kairos.EFI
     # systemd-boot as bootloader
     RUN mcopy -i /build/efi/efiboot.img /build/loader.conf ::loader/loader.conf
     # TODO: TARGETARCH should change the output name to BOOTAA64.EFI in arm64!
-    RUN mcopy -i /build/efi/efiboot.img /usr/lib/systemd/boot/efi/systemd-bootx64.efi ::EFI/BOOT/BOOTX64.EFI
+    RUN mcopy -i /build/efi/efiboot.img /build/systemd-bootx64.efi ::EFI/BOOT/BOOTX64.EFI
     RUN xorriso -as mkisofs -V 'UKI_ISO_INSTALL' -e efiboot.img -no-emul-boot -o /build/$ISO_NAME.iso /build/efi/
     SAVE ARTIFACT /build/$ISO_NAME.iso kairos.iso AS LOCAL build/$ISO_NAME.iso
 
diff --git a/framework-profile.yaml b/framework-profile.yaml
index 38345d4b90..20667b9132 100755
--- a/framework-profile.yaml
+++ b/framework-profile.yaml
@@ -173,9 +173,9 @@ repositories:
     priority: 2
     urls:
       - "quay.io/kairos/packages"
-    reference: 20230925160905-repository.yaml
+    reference: 20230925211559-repository.yaml
   - !!merge <<: *kairos
     arch: arm64
     urls:
       - "quay.io/kairos/packages-arm64"
-    reference: 20230925160137-repository.yaml
+    reference: 20230925212810-repository.yaml
diff --git a/tests/keys/DB.crt b/tests/keys/DB.crt
new file mode 100644
index 0000000000..213756bb1e
--- /dev/null
+++ b/tests/keys/DB.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDCTCCAfGgAwIBAgIUQ8Ef+QHp6mLYXXvX8/9YsKJDINYwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJS2Fpcm9zIERCMB4XDTIzMDkyNTE5NDg1NFoXDTMzMDky
+MjE5NDg1NFowFDESMBAGA1UEAwwJS2Fpcm9zIERCMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEA7yiYejq/rA33hFx4D2pg8pbCfZFpA2r1CGgJpaOw0emY
+m9pe6PmHhfT+mifXUao3mC9hjtB+cD/LQNlu6gR4x6UMs3c6+i+y1PMldsO/F2vS
+0mNz759BEawiO4x0bopr+oPJSvpkP5UUjYvJ8Cd5q5ON4rBEeCT9d8E9nG9uH3XQ
+oQPAvzo9ehhnzAAmHS35i2hSl6rUMgwp6S24CKcGbwl1pNvoU528W0xr1hYOazba
+/+rZQtuGqscUYUAbOLE1hOp/UWGms/m0ezTBsVkQ1RyQn6cWGrKVpTzaaN+1e5ai
+xYyXc9/QzY5Rqd4qisTmwYBsHdeVhXp3ihJkWnTzrwIDAQABo1MwUTAdBgNVHQ4E
+FgQU1McSdX5TgJ/FcIjI+SNwm6ss4MwwHwYDVR0jBBgwFoAU1McSdX5TgJ/FcIjI
++SNwm6ss4MwwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAzO5C
+E5BjEhwq050bxqqVDYGYXXaLHQsTBDeJGSnJnggODz4o5aKCiBjOAvNeT46maHAe
+g7jJ4eNw5Beiqu2LQoTFQC/eCFs6frYRBNCewPMezmT+i+YqZvc/RZfgTY+64SRx
+AHvfJuelU3pAS2gWAeg7gQZa0KTJG0ZWnULwy+pAcN2yckz5NOZ7Hl2PPTCUGyhz
+uIgoZp1ds4xd6LmGssuMZB6phyhAdvhokrYesJT9BT8tCGgiqjUZWSpG8gJBoJXC
+2KHn5iE70B4V/LICBa20PucH7rDgaJTJaKOJ5hp51S6dCUAt3prgPsD0sx+42LvN
+OLolFoaI8pH5yJOehQ==
+-----END CERTIFICATE-----
diff --git a/tests/keys/DB.der b/tests/keys/DB.der
new file mode 100644
index 0000000000..14468da23b
Binary files /dev/null and b/tests/keys/DB.der differ
diff --git a/tests/keys/DB.key b/tests/keys/DB.key
new file mode 100644
index 0000000000..71e796021f
--- /dev/null
+++ b/tests/keys/DB.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDvKJh6Or+sDfeE
+XHgPamDylsJ9kWkDavUIaAmlo7DR6Zib2l7o+YeF9P6aJ9dRqjeYL2GO0H5wP8tA
+2W7qBHjHpQyzdzr6L7LU8yV2w78Xa9LSY3Pvn0ERrCI7jHRuimv6g8lK+mQ/lRSN
+i8nwJ3mrk43isER4JP13wT2cb24fddChA8C/Oj16GGfMACYdLfmLaFKXqtQyDCnp
+LbgIpwZvCXWk2+hTnbxbTGvWFg5rNtr/6tlC24aqxxRhQBs4sTWE6n9RYaaz+bR7
+NMGxWRDVHJCfpxYaspWlPNpo37V7lqLFjJdz39DNjlGp3iqKxObBgGwd15WFeneK
+EmRadPOvAgMBAAECggEAAcwXzT9YxmW6ePOq8U622MvaPVBU7jIlEkGZ5PVEdGdh
+frZW5UBOzOpo6WaoPxRc45djj8uwT46jK+MWasrKz5FFdanNNykZmnETVH+nFXl5
+dZxKuD/FoOjevvzQuS3wHstTvW0BSNsJcwDcbSIWz3vF4rC5av+4Kei5Wk4aEUFx
+Ll/mwtDNbkXPRK1xXWg8Z69BwPIxIo9CESNkwRAQZr/1btBUXaMpHjmF8c76vj8z
+ayD9gsDLGNYnU11cVbdlREi0J5CIVyPbBFuOoU27U9scTBJfrRBCCRLe19N6B0cQ
+LEoLCdaG4CJz3kGX2ErBRWBu2w7qHZd3rD0JdE9KfQKBgQD3vHlT34+MFVG/4+z2
+8kfThHA/EfseK7KDy5FUGMomFXVlR5+6UbWmWcbjN9wl/iB+FfkYYSbX+gS0gYuq
+hwlecIIM+sbPly0xjVvTXf8iihzaZsRx+fCfctHi087ZvbhCHXgYHRSBZ1u0dKoA
+y4rnpeWP0I9ZGBvNznah2baCrQKBgQD3It+Z+7Pr1O1cBdqBHRJtzO1z1s2Opj5L
+NICjHXCEcU1GzR1rGc20FXXaDcMbgisRob1w92ESrxHRsypUlboKtMfcf0/HbckN
+FZLDxkxZENBUql9DenT69m4hEFn3KKOqi2D/RVjYBZrU+joWkv3tXcXiBjB+srgw
+xeU1+j+3SwKBgQDoWPKKAZFGVvB3QrQK4C0RapND8/9LyrwA9Dn3X9Coa1PRi515
+SA1QWb85eDiXwYKD/uPDQ8sEoU8sZJuzcjcNRgQTXFh+dlFCuku3L9+Ma3CoPd5c
+74gIY84KKZFFkrRv/eeW5h9HRsMxuoF/gWdj36owefEYJI5fNhb5sZGFeQKBgHxr
+ICtDnuchwYXMpJ7P5hFFVF43TDF+3Gm8Ou7jyVvENuVoKmFbEkaRb02iFBHrTIeJ
+5/fRcxuW69+o1azT3F+7d8s4hQ+f49IkhEjvskw8vMWDKIauRep62iLnOoPF/+/C
+T8j0PrAy0ipa95eZ1SEFTrRl7VA75aMYXjb4j89VAoGAK+7UBmtTOLTVNUxNFXIP
+66Ue0ZX+FOLollJYx42QvXmoqXayOb2H5EjZIIW3narom5Ox454zlWbty4Luncqr
+bhfKBLhPqeoOw05h6Z+s9lfr++7rR6ZC8Q+r3m8W2MiEAVDxPIucwB1FPoy2zFG2
+jOLVMOsPlJ9FcRQKWupurdo=
+-----END PRIVATE KEY-----
diff --git a/tests/keys/KEK.crt b/tests/keys/KEK.crt
new file mode 100644
index 0000000000..6cad9ab994
--- /dev/null
+++ b/tests/keys/KEK.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDCzCCAfOgAwIBAgIUFElXQYJNL9OmNok3nLKNWzDExuUwDQYJKoZIhvcNAQEL
+BQAwFTETMBEGA1UEAwwKS2Fpcm9zIEtFSzAeFw0yMzA5MjUxOTQ4NDVaFw0zMzA5
+MjIxOTQ4NDVaMBUxEzARBgNVBAMMCkthaXJvcyBLRUswggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCapyZdRd6TFgnrJJtYYUAgfCfFSzpRQLorYgqUfaY1
+UnNxlE1ngcBs1GHRQAO7jdYPvL3QiIY+qKoDGJ12/UKs6SpfNHLQtHQ2NrQrVDXF
+gt+ttauhsa+T0ll46qDc3H6x9s1jUhGIFZgkmQ+aXj5YFHwjDtoxw5vtJw/p77rj
+e4bEs58Fr0ovrlDm2en2kpiVvXSQdWxy1pLBt1QahfZf4jqgQJ13A+oURx7pgyoM
+ayvtVjG4lLtkkPm5L5JXImGG03XkjOehckKoQR88oAmhzzDat96i+18dMd3HR2gk
+V4/hXQnPPtCffHBV5r26kqe4KojCx9riz3yEylvMMtE5AgMBAAGjUzBRMB0GA1Ud
+DgQWBBQ8+vEr6ovmH40ZA5FJiT+zYLBitDAfBgNVHSMEGDAWgBQ8+vEr6ovmH40Z
+A5FJiT+zYLBitDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAw
+sjmqYzHnQF06SlICMh06obnXSkzf06whvkhl+mWUMBKVtMFR6D3sHs7pznNhMkpY
+Fa9j6hY44fjU+6tkQaMccz/KOMDKpJlPmILKuixraYgCV7HcoBmpKE32xwCzEId3
+NZ38JDxRFmijIDtdCUspHxeMn+PpHDhkvBdEK60+bA7BZis9b2qDoiAo6NpxjdVL
+kMBVzdGgqGcN6SPNujgy78/N/vndxGRxyN2fscmnvf0qzs1OP696AyTDQ9VZ/4fP
+Q/kmLfL9JNu8d4cx1wdgV/20FtMnHhr1Q7f1/Gqr5S2zt3L9WLwnTDOrLd3UZ9wl
+wtpRye1107RaagwlTnvh
+-----END CERTIFICATE-----
diff --git a/tests/keys/KEK.der b/tests/keys/KEK.der
new file mode 100644
index 0000000000..1a01f4e356
Binary files /dev/null and b/tests/keys/KEK.der differ
diff --git a/tests/keys/KEK.key b/tests/keys/KEK.key
new file mode 100644
index 0000000000..7cc3981cd1
--- /dev/null
+++ b/tests/keys/KEK.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCapyZdRd6TFgnr
+JJtYYUAgfCfFSzpRQLorYgqUfaY1UnNxlE1ngcBs1GHRQAO7jdYPvL3QiIY+qKoD
+GJ12/UKs6SpfNHLQtHQ2NrQrVDXFgt+ttauhsa+T0ll46qDc3H6x9s1jUhGIFZgk
+mQ+aXj5YFHwjDtoxw5vtJw/p77rje4bEs58Fr0ovrlDm2en2kpiVvXSQdWxy1pLB
+t1QahfZf4jqgQJ13A+oURx7pgyoMayvtVjG4lLtkkPm5L5JXImGG03XkjOehckKo
+QR88oAmhzzDat96i+18dMd3HR2gkV4/hXQnPPtCffHBV5r26kqe4KojCx9riz3yE
+ylvMMtE5AgMBAAECggEAJCuz7VzKEdy1tSl6q9ETDoX7R0mw+hAJetwTXWeF2DLQ
+jWACOpM+TjXeKvKt7M/foQ6j1oIX48/O86puKcZSMd7W6i16LRYHmCZzPS8U5H0X
+k6lJ2yeTyR8Jjh5SQVXQzA7NOs2XDB0A2I5z98bTDga8gfaXUcxOS8k3D5/iNhHw
+oBWjk9MSkxXPDS67mFOZGeia+CcG/k3r/GXrakBj8Iq183X0GH53VJr+y6DLXJax
+tHdg0mio57HFvG7LvzODy25Ymr/r8RFIuSqrCEjgeQQt/oERqVToZDFB0pELgSK/
+A1JuPvPWT2CXPymXHl9uBJvNQS1eaoI+wKZ0ui7BgQKBgQDZpo6fdMR88Z9RDLgk
+E6PfVNxq4KHIVtSErpGYKVx56CIVrhOu9Jk66kJq7eQma6UCUZd6qHMx9CG/ligZ
+yk4u51kDM2btqRdtsnXbKiqONcoorn6E8UZHSJxDBrRSAUIruaJC+zxwACVtwasz
+4Pc5HNvqFGqpMi7ujs8rP1/hZwKBgQC15v3sKv54KZwOxEGxdabRE/T/hQmiasG/
+34qdNV/DRDLxIpyBPbKR/EjJyNsFzzySLG2oeDCUY7JX1B9iZ24RgT8OmTka0nSW
+yi4RhH99hzLglDCHe55Zrr6oDK9xwhxWKIHU98hNVCKGDptd5HQ140sdZTwQsJ26
+RYbbj/j0XwKBgQCQjEpqYj1gkYPyaxUceKK73vsoTBmGGQy5NcriGI4fNGj2pw7R
+ggcGFrCXnXiJf7IuEQweXSNsSKvlNo9ZWX+FLQZz1r6EFmnF4+Db9mwe2GBzljfW
+iPrYusN0zE4TrFxK99Vo0Lw50g8JjrbqFH18Q8tV8ctIpVh//P5fxY4i/wKBgDhk
+2shDNA1Q6R7y3WMFFKixRT2Ko0gFTPgNd83xZDUHibuUfWzcEeaMjoxwhuawLxkq
+SPz39ierGPl9vBUn98nZhhEik7+rC5ZMLCgmKdhi9/UEPF9khd1L/bPf6uybv2k+
+ubGq+CBxOxrQoH5le1nRk9ITNqH9/4hmUb70TbyFAoGAC0w4pJM8R3kaFqKdDVo8
+bD3buojiE0ORPeLdnhe5yc9XaLsM6Ti3MPCeiQ3gZRCuvOlsy4noDnATUXYusNfa
+u7WLPO56ne5ewAWWmtywQ/D8IZHWHkNM1n8yHWCZXyZgF7sh1CXsIXOam7F9Syzm
+8uZGoFciL4vV9F5x3CBk70M=
+-----END PRIVATE KEY-----
diff --git a/tests/keys/PK.crt b/tests/keys/PK.crt
new file mode 100644
index 0000000000..a37ee5222c
--- /dev/null
+++ b/tests/keys/PK.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDCTCCAfGgAwIBAgIUeKRpRkHvYxAffzrfw90J8MAlTDIwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJS2Fpcm9zIFBLMB4XDTIzMDkyNTE5NDgyOFoXDTMzMDky
+MjE5NDgyOFowFDESMBAGA1UEAwwJS2Fpcm9zIFBLMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAqfXx/rkk1TPZTWisQFnhRr5T8t6I7i9zK3DO+URrsg6V
+7+5ztM8udc1RUg1VndkZRNMKazgVqH7ZfKHkxUdQc4Xq+EKscywJirtcjsMKVAUt
+IEt9M/NeQN+CIEsSgOyEqJZGazcVPpL8Q7x4xcZ4SewJyobS5u+txY9Ei/EA40ih
+AxycYmhoUHLLwjtO9O1UKf/6HW3KgkMYpAualrJjd70g0WsV0lFGUCG4rpSEN6Dn
+p17zF1y5USCCstgxp3KSMuBFlBFzFChjy6w8v0LUlFADYj6Z83oPOD/2x+UeJui8
+Hxcrgu3VnXVmLoQaggml1EqbW7cu8S3YxlbAH5pQrwIDAQABo1MwUTAdBgNVHQ4E
+FgQUHzloQNy/RNHN71Ihn0YaxwhdcrgwHwYDVR0jBBgwFoAUHzloQNy/RNHN71Ih
+n0YaxwhdcrgwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAASMw
+sw9kOeNNhcA4o5MnIG6uqH/4jIMG8UjcqyuNKtH/2eLs/xNCSDIJG0VVuY2y3kzw
+GLZmphdxvtvWW6c9A9+mdM/JBi3AeGyIGk2hfFVoFcV/7VuGgphAJcTKY6KXgj7e
+F6hjatCCUUYiRkiPL50X5wJQ/COAOe7/5BzeAZhbxNQ9z6IG4StdS31uSE7Vl2Nn
+G+V1Gkqmc/6Z3Nkd2iGPiLIiqkDn8Xcincn/f0ybgnOdVljtXlzJm0pN4FrVkdPa
+en/HLiMCjKTSWl1wXF3GUZkmCITryJ4O6SWtsuWTqmvohb2QAMqdnybFW7hjzGoG
+A0UKl8yqRzdGBa0mHg==
+-----END CERTIFICATE-----
diff --git a/tests/keys/PK.der b/tests/keys/PK.der
new file mode 100644
index 0000000000..97b65b5c14
Binary files /dev/null and b/tests/keys/PK.der differ
diff --git a/tests/keys/PK.key b/tests/keys/PK.key
new file mode 100644
index 0000000000..6f28f9e91f
--- /dev/null
+++ b/tests/keys/PK.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCp9fH+uSTVM9lN
+aKxAWeFGvlPy3ojuL3MrcM75RGuyDpXv7nO0zy51zVFSDVWd2RlE0wprOBWoftl8
+oeTFR1Bzher4QqxzLAmKu1yOwwpUBS0gS30z815A34IgSxKA7ISolkZrNxU+kvxD
+vHjFxnhJ7AnKhtLm763Fj0SL8QDjSKEDHJxiaGhQcsvCO0707VQp//odbcqCQxik
+C5qWsmN3vSDRaxXSUUZQIbiulIQ3oOenXvMXXLlRIIKy2DGncpIy4EWUEXMUKGPL
+rDy/QtSUUANiPpnzeg84P/bH5R4m6LwfFyuC7dWddWYuhBqCCaXUSptbty7xLdjG
+VsAfmlCvAgMBAAECggEABfVOzgC8l1LRf+K3AyyDdsDuXXnKsBruvSufveJVqjDT
+tc0UtlZ7CPsxKiC4iyeUuLJzT43wSG9l/XYJeJcG7X3Y3mor9H+rN/dYh9Kzln11
+9wdedMdH2xtayvoGxIlGH0jhYBnWv1JU0KUXUMuj5OeG8lgmpZzqaR4cJ5HD17Ph
+3e4kMdtSdNVvV4UxTp7oiX9KYrNueAnqh09O2Hq23+6LV2yB5gs+wBlzpXECLma/
+UmNJOzFpLIi1HHIDgfdwTS0JnP4lGPEV+R/VHdHfy9W9WB8jyyONPewCtaUMqgxY
+W7kZCrjRmpMVzQwA/60SIaFZpdSQjEDNIMssl4bozQKBgQDtTQX6LyT/RoOKbv5I
+n6Uqi5XFU+k3SnDHN/8sTSwK7r4xC4n+2MjR0YS2tDYgaAvqvnG3dCRP0/NYluSG
+0Ih2g2t1ct+feWbvd/a6On8f2UoNGC0X4xoLmNOe/ToqcAFTW7TJ6l6oQ5fGq+QV
+UczwkkKToYmjFjgY5GMCUTbGRQKBgQC3Wn7p9V1WadQMPGRu0LegTCV4QZlkiLqw
+OE9Ezg8GgnyJ0ny3FmBPIPAMS/h6Rex83fBzds0uDLSkRSpTprqcbLr6lFL3Mf7N
+uPXxUHOFvc4P7sHK57jVYlV8bu+OQC3XLaIkjguMIVoZZR57q1rCN3KwZ8FPXyCb
+GgVqRTlUYwKBgQDTSAPtaHJpc3AFHqP7J2FYiyWTpw17tCTLy9i/qgpvxXfDlUGN
+jZjn78NZJQUYP2t025HGRHtcNBtzog3g1uTZmFNiJCBlDiOPTWF5GEI9qirbk836
+ebKj5rNs2IwkYstbW8iRCsKy0FPfiQYv0UBGZgMvDOHOOidCSn64/nRlfQKBgDYB
+EpaIbYhxPUKpWw+ErEErjHHCKJMC7rHOtBJY+vX44wOZGqC2l4FW+z0z9yjUhZY1
+rIfluwNQPLiRoqjm19oQ8HWz0Ef80sb3LoF4J76BrDrnIO9JlxhKkVFIP4jPgHD7
+gOFxcRdCD46hSPw1+VJxEHfC554gL7NfU678WqlvAoGAMeeVuDlCbqxehBMdbtMA
+Z74LhilPklqgvF36p3l3PIqO4427Rg49m5KxiBttoofq3nYFikrYPnVY1mYFnhSl
+hwZG/eXLpRaYb/yDGdzHxzsQFYjxD3InLSfvd67fRG/T5+R8M5bDs+IZCFlGFvG/
+fA0uGH0fKEPUy7Ijex9cXag=
+-----END PRIVATE KEY-----
diff --git a/tests/keys/README.md b/tests/keys/README.md
new file mode 100644
index 0000000000..440a256a7d
--- /dev/null
+++ b/tests/keys/README.md
@@ -0,0 +1,8 @@
+This are TEST keys, used for development purposes.
+
+You can install this keys on a VM EFI and test secureboot.
+
+They are pregenerated so you can iterate building Kairos UKI EFI and use the same signature without generating keys
+all the time.
+
+They should never be installed anywhere different than a VM.
\ No newline at end of file