diff --git a/config/peerpods/podvm/lib.sh b/config/peerpods/podvm/lib.sh
index d8022cb1..901d10e6 100644
--- a/config/peerpods/podvm/lib.sh
+++ b/config/peerpods/podvm/lib.sh
@@ -247,6 +247,22 @@ to edit policy.conf"
             error_exit "Error: HKD is not present."
         else
             echo "$HOST_KEY_CERTS" >>"${podvm_dir}/files/HKD.crt"
+            if [[ "$SE_VERIFY" == "true" ]]; then
+               curl -o "${podvm_dir}/files/ibm-z-host-key-signing-gen2.crt" "https://www.ibm.com/support/resourcelink/api/content/public/ibm-z-host-key-signing-gen2.crt"
+               if [[ $? -ne 0 ]]; then
+                       error_exit "Error: Failed to download ibm-z-host-key-signing-gen2.crt."
+               fi
+
+               curl -o "${podvm_dir}/files/DigiCertCA.crt" "https://www.ibm.com/support/resourcelink/api/content/public/DigiCertCA.crt"
+               if [[ $? -ne 0 ]]; then
+                       error_exit "Error: Failed to download DigiCertCA.crt."
+               fi
+
+               curl -o "${podvm_dir}/files/ibm-z-host-key-gen2.crl" "https://www.ibm.com/support/resourcelink/api/content/public/ibm-z-host-key-gen2.crl"
+               if [[ $? -ne 0 ]]; then
+                       error_exit "Error: Failed to download ibm-z-host-key-gen2.crl."
+               fi
+           fi
         fi
     fi
 
diff --git a/config/peerpods/podvm/libvirt-podvm-image-cm.yaml b/config/peerpods/podvm/libvirt-podvm-image-cm.yaml
index fe794a45..35d71397 100644
--- a/config/peerpods/podvm/libvirt-podvm-image-cm.yaml
+++ b/config/peerpods/podvm/libvirt-podvm-image-cm.yaml
@@ -25,6 +25,12 @@ data:
 
   # To Enable SE for IBM Z
   SE_BOOT: "true"
+  
+  # To enable SE verification on IBM Z
+  SE_VERIFY: "true"
 
   # For Pre-built PodVM images.
   PODVM_IMAGE_URI: "" # eg: oci::quay.io/openshift_sandboxed_containers/libvirt-podvm-image:latest::/image/podvm.qcow2
+
+  # Name of PodVM qcow2 to be built.
+  IMAGE_NAME: "podvm-image"