diff --git a/build-tools/sign-secure-boot_debian b/build-tools/sign-secure-boot_debian
index a6a1d4d2..3a701594 100755
--- a/build-tools/sign-secure-boot_debian
+++ b/build-tools/sign-secure-boot_debian
@@ -35,6 +35,11 @@ if [ -z "${SIGNING_USER}" ]; then
     exit 1
 fi
 
+if [ -z "${SIGNING_KEY_NAME}" ]; then
+    SIGNING_KEY_NAME='default'
+    echo "Warning: SIGNING_KEY_NAME no set in your environment, using '${SIGNING_KEY_NAME}'"
+fi
+
 # Get shim deb version number.
 SHIM_DEB=$(ls ${MY_WORKSPACE}/std/shim/shim-unsigned_*_amd64.deb)
 SHIM_DEB=${SHIM_DEB##*/}
@@ -89,7 +94,7 @@ scp ${SSH_OPTION_NOCHECKING} shimx64.efi ${SIGNING_USER}@${SIGNING_SERVER}:${UPL
     || { echo "Fail to copy shimx64.efi to signing server!"; exit 1; }
 # Sign shimx64.efi
 ssh ${SSH_OPTION_NOCHECKING} ${SIGNING_USER}@${SIGNING_SERVER} \
-    sudo /opt/signing/sign-debian.sh -i ${UPLOAD_PATH}/shimx64.efi -t shim \
+    sudo /opt/signing/sign-debian.sh -i ${UPLOAD_PATH}/shimx64.efi -t shim -k ${SIGNING_KEY_NAME} \
     || { echo "Fail to sign shimx64.efi!"; exit 1; }
 # Copy back signed shimx64.efi which is renamed as bootx64.efi
 sudo scp ${SSH_OPTION_NOCHECKING} ${SIGNING_USER}@${SIGNING_SERVER}:${UPLOAD_PATH}/bootx64.efi ./ \
@@ -100,7 +105,7 @@ scp ${SSH_OPTION_NOCHECKING} mmx64.efi ${SIGNING_USER}@${SIGNING_SERVER}:${UPLOA
     || { echo "Fail to copy mmx64.efi to signing server!"; exit 1; }
 # Sign mmx64.efi
 ssh ${SSH_OPTION_NOCHECKING} ${SIGNING_USER}@${SIGNING_SERVER} \
-    sudo /opt/signing/sign-debian.sh -i ${UPLOAD_PATH}/mmx64.efi -t shimtool \
+    sudo /opt/signing/sign-debian.sh -i ${UPLOAD_PATH}/mmx64.efi -t shimtool -k ${SIGNING_KEY_NAME} \
     || { echo "Fail to sign mmx64.efi!"; exit 1; }
 # Copy back signed mmx64.efi (renamed to grubx64.efi by server and need rename it back)
 sudo scp ${SSH_OPTION_NOCHECKING} ${SIGNING_USER}@${SIGNING_SERVER}:${UPLOAD_PATH}/mmx64.efi.signed ./mmx64.efi \
@@ -133,7 +138,7 @@ scp ${SSH_OPTION_NOCHECKING} grubx64.efi ${SIGNING_USER}@${SIGNING_SERVER}:${UPL
     || { echo "Fail to copy grubx64.efi to signing server!"; exit 1; }
 # Sign grubx64.efi
 ssh ${SSH_OPTION_NOCHECKING} ${SIGNING_USER}@${SIGNING_SERVER} \
-    sudo /opt/signing/sign-debian.sh -i ${UPLOAD_PATH}/grubx64.efi -t grub \
+    sudo /opt/signing/sign-debian.sh -i ${UPLOAD_PATH}/grubx64.efi -t grub -k ${SIGNING_KEY_NAME} \
     || { echo "Fail to sign grubx64.efi!"; exit 1; }
 # Copy back signed grubx64.efi
 sudo scp ${SSH_OPTION_NOCHECKING} ${SIGNING_USER}@${SIGNING_SERVER}:${UPLOAD_PATH}/grubx64.efi . \
@@ -190,7 +195,9 @@ done
 sed -i "s/2SPACE/  /g" ${YAML_FILE}
 
 # Replace the signing server in the base-bullseye.yaml with the input of this script.
-sed -i -e "s/INPUT_SIGNING_SERVER/${SIGNING_SERVER}/g" -e "s/INPUT_SIGNING_USER/${SIGNING_USER}/g" ${YAML_FILE}
+sed -i -e "s/INPUT_SIGNING_SERVER/${SIGNING_SERVER}/g" \
+       -e "s/INPUT_SIGNING_KEY_NAME/${SIGNING_KEY_NAME}/g" \
+       -e "s/INPUT_SIGNING_USER/${SIGNING_USER}/g" ${YAML_FILE}
 
 echo "***Finish preparing gpg signing***"
 
diff --git a/build-tools/sign_initramfs-sign-script b/build-tools/sign_initramfs-sign-script
index 611bbadc..f529a952 100644
--- a/build-tools/sign_initramfs-sign-script
+++ b/build-tools/sign_initramfs-sign-script
@@ -20,6 +20,7 @@
   echo "***Start initramfs-sign-script***"
   SIGNING_SERVER=INPUT_SIGNING_SERVER
   SIGNING_USER=INPUT_SIGNING_USER
+  SIGNING_KEY_NAME=INPUT_SIGNING_KEY_NAME
   INITRAMFS_PATH=/localdisk/deploy/
   INITRAMFS_INIT=$(ls ${INITRAMFS_PATH}/starlingx-initramfs-ostree-image-intel-x86-64-*.rootfs.cpio.gz)
   [ -z ${INITRAMFS_INIT} ] && { echo "No initramfs file!"; exit 1; }
@@ -35,7 +36,7 @@
   scp ${SSH_OPTION_NOCHECKING} ${INITRAMFS_PATH}/${INITRAMFS_FILE} ${SIGNING_USER}@${SIGNING_SERVER}:${UPLOAD_PATH} \
       || { echo "Fail to copy initramfs file to signing server!"; exit 1; }
   ssh ${SSH_OPTION_NOCHECKING} ${SIGNING_USER}@${SIGNING_SERVER} \
-      sudo /opt/signing/sign-debian.sh -i ${UPLOAD_PATH}/${INITRAMFS_FILE} -t grub-gpg \
+      sudo /opt/signing/sign-debian.sh -i ${UPLOAD_PATH}/${INITRAMFS_FILE} -t grub-gpg -k ${SIGNING_KEY_NAME} \
       || { echo "Fail to sign initramfs file!"; exit 1; }
   scp ${SSH_OPTION_NOCHECKING} ${SIGNING_USER}@${SIGNING_SERVER}:${UPLOAD_PATH}/${INITRAMFS_FILE}.sig ${INITRAMFS_PATH} \
       || { echo "Fail to copy back initramfs sig file!"; exit 1; }
@@ -45,7 +46,7 @@
   scp ${SSH_OPTION_NOCHECKING} ${INITRD_MINI_PATH}/${INITRD_MINI_FILE} ${SIGNING_USER}@${SIGNING_SERVER}:${UPLOAD_PATH} \
       || { echo "Fail to copy mini initrd file to signing server!"; exit 1; }
   ssh ${SSH_OPTION_NOCHECKING} ${SIGNING_USER}@${SIGNING_SERVER} \
-      sudo /opt/signing/sign-debian.sh -i ${UPLOAD_PATH}/${INITRD_MINI_FILE} -t grub-gpg \
+      sudo /opt/signing/sign-debian.sh -i ${UPLOAD_PATH}/${INITRD_MINI_FILE} -t grub-gpg -k ${SIGNING_KEY_NAME} \
       || { echo "Fail to sign mini initrd file!"; exit 1; }
   scp ${SSH_OPTION_NOCHECKING} ${SIGNING_USER}@${SIGNING_SERVER}:${UPLOAD_PATH}/${INITRD_MINI_FILE}.sig ${INITRD_MINI_PATH} \
       || {  echo "Fail to copy back mini initrd sig file!"; exit 1; }
diff --git a/build-tools/sign_rootfs-post-scripts b/build-tools/sign_rootfs-post-scripts
index 0590cde5..7361a076 100644
--- a/build-tools/sign_rootfs-post-scripts
+++ b/build-tools/sign_rootfs-post-scripts
@@ -21,6 +21,7 @@
   echo "***Start signing part of rootfs-post-scripts***"
   SIGNING_SERVER=INPUT_SIGNING_SERVER
   SIGNING_USER=INPUT_SIGNING_USER
+  SIGNING_KEY_NAME=INPUT_SIGNING_KEY_NAME
   LOCKD_FILE=LockDown.efi
   LOCKD_PATH=${IMAGE_ROOTFS}/boot/efi/EFI/BOOT/
   LOCKD_INIT=${IMAGE_ROOTFS}/usr/lib/efitools/x86_64-linux-gnu/LockDown.efi
@@ -39,7 +40,7 @@
   scp ${SSH_OPTION_NOCHECKING} ${LOCKD_INIT} ${SIGNING_USER}@${SIGNING_SERVER}:${UPLOAD_PATH} \
       || { echo "Fail to copy LockDown.efi to signing server!"; exit 1; }
   ssh ${SSH_OPTION_NOCHECKING} ${SIGNING_USER}@${SIGNING_SERVER} \
-      sudo /opt/signing/sign-debian.sh -i ${UPLOAD_PATH}/${LOCKD_FILE} -t grub-gpg \
+      sudo /opt/signing/sign-debian.sh -i ${UPLOAD_PATH}/${LOCKD_FILE} -t grub-gpg -k ${SIGNING_KEY_NAME}  \
       || { echo "Fail to sign LockDown.efi!"; exit 1; }
   scp ${SSH_OPTION_NOCHECKING} ${SIGNING_USER}@${SIGNING_SERVER}:${UPLOAD_PATH}/${LOCKD_FILE}.sig ${LOCKD_PATH} \
       || { echo "Fail to copy back LockDown.efi sig file!"; exit 1; }
@@ -47,7 +48,7 @@
   scp ${SSH_OPTION_NOCHECKING} ${KERNEL_RT_PATH}/${KERNEL_RT_FILE} ${SIGNING_USER}@${SIGNING_SERVER}:${UPLOAD_PATH} \
       || { echo "Fail to copy kernel-rt image to signing server!"; exit 1; }
   ssh ${SSH_OPTION_NOCHECKING} ${SIGNING_USER}@${SIGNING_SERVER} \
-      sudo /opt/signing/sign-debian.sh -i ${UPLOAD_PATH}/${KERNEL_RT_FILE} -t grub-gpg \
+      sudo /opt/signing/sign-debian.sh -i ${UPLOAD_PATH}/${KERNEL_RT_FILE} -t grub-gpg -k ${SIGNING_KEY_NAME}  \
       || { echo "Fail to sign kernel-rt image!"; exit 1; }
   scp ${SSH_OPTION_NOCHECKING} ${SIGNING_USER}@${SIGNING_SERVER}:${UPLOAD_PATH}/${KERNEL_RT_FILE}.sig ${KERNEL_RT_PATH} \
       || { echo "Fail to copy back kernel-rt image sig file!"; exit 1; }
@@ -55,7 +56,7 @@
   scp ${SSH_OPTION_NOCHECKING} ${KERNEL_PATH}/${KERNEL_FILE} ${SIGNING_USER}@${SIGNING_SERVER}:${UPLOAD_PATH} \
       || { echo "Fail to copy kernel-std image to signing server!"; exit 1; }
   ssh ${SSH_OPTION_NOCHECKING} ${SIGNING_USER}@${SIGNING_SERVER} \
-      sudo /opt/signing/sign-debian.sh -i ${UPLOAD_PATH}/${KERNEL_FILE} -t grub-gpg \
+      sudo /opt/signing/sign-debian.sh -i ${UPLOAD_PATH}/${KERNEL_FILE} -t grub-gpg -k ${SIGNING_KEY_NAME}  \
       || { echo "Fail to sign kernel-std image!"; exit 1; }
   scp ${SSH_OPTION_NOCHECKING} ${SIGNING_USER}@${SIGNING_SERVER}:${UPLOAD_PATH}/${KERNEL_FILE}.sig ${KERNEL_PATH} \
       || { echo "Fail to copy back kernel-std image sig file"; exit 1; }