diff --git a/config/includes.chroot/etc/ciss/hashes/.keep b/config/includes.chroot/etc/ciss/hashes/.keep
new file mode 100644
index 0000000..c365f36
--- /dev/null
+++ b/config/includes.chroot/etc/ciss/hashes/.keep
@@ -0,0 +1,10 @@
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-11-23; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
diff --git a/config/includes.chroot/etc/ciss/signatures/.keep b/config/includes.chroot/etc/ciss/signatures/.keep
new file mode 100644
index 0000000..c365f36
--- /dev/null
+++ b/config/includes.chroot/etc/ciss/signatures/.keep
@@ -0,0 +1,10 @@
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-11-23; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
diff --git a/config/includes.chroot/etc/initramfs-tools/hooks/9999_ciss_debian_live_builder.sh b/config/includes.chroot/etc/initramfs-tools/hooks/9999_ciss_debian_live_builder.sh
index f795b91..aab2978 100644
--- a/config/includes.chroot/etc/initramfs-tools/hooks/9999_ciss_debian_live_builder.sh
+++ b/config/includes.chroot/etc/initramfs-tools/hooks/9999_ciss_debian_live_builder.sh
@@ -28,7 +28,9 @@ esac
 
 
 ### Ensure directory structure in initramfs ------------------------------------------------------------------------------------
+install -d -m 0755  "${DESTDIR}/etc/ciss/hashes"
 install -d -m 0755  "${DESTDIR}/etc/ciss/keys"
+install -d -m 0755  "${DESTDIR}/etc/ciss/signatures"
 install -d -m 0755  "${DESTDIR}/etc/initramfs-tools/conf.d"
 install -d -m 0755  "${DESTDIR}/etc/initramfs-tools/scripts/init-premount"
 install -d -m 0755  "${DESTDIR}/usr/bin"
@@ -56,7 +58,7 @@ for dir in bin usr/bin; do
 done
 
 
-### Install GPG signing keys ---------------------------------------------------------------------------------------------------
+### Install GPG keys -----------------------------------------------------------------------------------------------------------
 src_dir="/etc/ciss/keys"
 dst_dir="${DESTDIR}/etc/ciss/keys"
 key=""
@@ -77,6 +79,51 @@ if [ -d "${src_dir}" ]; then
 
 fi
 
+
+### Install GPG signatures -----------------------------------------------------------------------------------------------------
+src_dir="/etc/ciss/signatures"
+dst_dir="${DESTDIR}/etc/ciss/signatures"
+sig=""
+
+if [ -d "${src_dir}" ]; then
+
+  install -d -m 0755 "${dst_dir}"
+
+  for sig in "${src_dir}"/*.sig; do
+
+    [ -e "${sig}" ] || continue
+
+    install -m 0444 "${sig}" "${dst_dir}/"
+
+    printf '\e[92mSuccessfully executed: [install -m 0444 %s %s]\n\e[0m' "${sig}" "${dst_dir}"
+
+  done
+
+fi
+
+
+### Install SHA hashes ---------------------------------------------------------------------------------------------------------
+src_dir="/etc/ciss/hashes"
+dst_dir="${DESTDIR}/etc/ciss/hashes"
+hash=""
+
+if [ -d "${src_dir}" ]; then
+
+  install -d -m 0755 "${dst_dir}"
+
+  for hash in "${src_dir}"/*sha*sum.txt; do
+
+    [ -e "${hash}" ] || continue
+
+    install -m 0444 "${hash}" "${dst_dir}/"
+
+    printf '\e[92mSuccessfully executed: [install -m 0444 %s %s]\n\e[0m' "${hash}" "${dst_dir}"
+
+  done
+
+fi
+
+
 ### Install Dropbear configuration ---------------------------------------------------------------------------------------------
 install -m 0444 /etc/dropbear/initramfs/dropbear.conf "${DESTDIR}/etc/dropbear/dropbear.conf"
 printf "\e[92mSuccessfully executed: [install -m 0444 /etc/dropbear/initramfs/dropbear.conf %s/etc/dropbear/dropbear.conf] \n\e[0m" "${DESTDIR}"
@@ -95,6 +142,10 @@ printf "\e[92mSuccessfully executed: [install -m 0444 /etc/initramfs-tools/files
 install -m 0444 /etc/banner "${DESTDIR}/etc/dropbear/banner"
 printf "\e[92mSuccessfully executed: [install -m 0444 /etc/dropbear/initramfs/banner %s/etc/dropbear/banner] \n\e[0m" "${DESTDIR}"
 
+### Install Dropbear Banner ----------------------------------------------------------------------------------------------------
+install -m 0444 /etc/banner "${DESTDIR}/etc/dropbear/banner"
+printf "\e[92mSuccessfully executed: [install -m 0444 /etc/dropbear/initramfs/banner %s/etc/dropbear/banner] \n\e[0m" "${DESTDIR}"
+
 ### EOS
 
 printf "\e[92mSuccessfully executed: [/etc/initramfs-tools/hooks/9999_ciss_debian_live_builder.sh] \n\e[0m"
diff --git a/config/includes.chroot/usr/lib/live/boot/0022-ciss-overlay-tmpfs b/config/includes.chroot/usr/lib/live/boot/0022-ciss-overlay-tmpfs
index c3dbdd6..c2d711d 100644
--- a/config/includes.chroot/usr/lib/live/boot/0022-ciss-overlay-tmpfs
+++ b/config/includes.chroot/usr/lib/live/boot/0022-ciss-overlay-tmpfs
@@ -23,7 +23,7 @@ set -eu
 
 sleep 3
 
-printf "\e[95m[INFO] Starting: [/usr/lib/live/boot/0022-ciss-overlay-tmpfs.sh] ... \n\e[0m"
+printf "\e[95m[INFO] Starting            : [/usr/lib/live/boot/0022-ciss-overlay-tmpfs.sh] \n\e[0m"
 
 ### Declare variables ----------------------------------------------------------------------------------------------------------
 OVERLAY_BASE="/run/live/overlay"
diff --git a/config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash b/config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash
index b20d20a..aff03e9 100644
--- a/config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash
+++ b/config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash
@@ -21,7 +21,7 @@ _SAVED_SET_OPTS="$(set +o)"
 
 set -eu
 
-printf "\e[95m[INFO] Starting: [/usr/lib/live/boot/0024-ciss-crypt-squash] ... \n\e[0m"
+printf "\e[95m[INFO] Starting            : [/usr/lib/live/boot/0024-ciss-crypt-squash] \n\e[0m"
 
 #######################################
 # Ask for a passphrase on /dev/console, mask input with '*'.
diff --git a/config/includes.chroot/usr/lib/live/boot/0026-ciss-early-sysctl b/config/includes.chroot/usr/lib/live/boot/0026-ciss-early-sysctl
index 44b48f9..eab9bb0 100644
--- a/config/includes.chroot/usr/lib/live/boot/0026-ciss-early-sysctl
+++ b/config/includes.chroot/usr/lib/live/boot/0026-ciss-early-sysctl
@@ -21,7 +21,7 @@ _SAVED_SET_OPTS="$(set +o)"
 
 set -eu
 
-printf "\e[95m[INFO] Starting: [/usr/lib/live/boot/0026-ciss-early-sysctl.sh] ... \n\e[0m"
+printf "\e[95m[INFO] Starting            : [/usr/lib/live/boot/0026-ciss-early-sysctl.sh] \n\e[0m"
 
 echo 2 > /proc/sys/kernel/yama/ptrace_scope 2>/dev/null || true
 echo 1 > /proc/sys/kernel/unprivileged_bpf_disabled 2>/dev/null || true
diff --git a/config/includes.chroot/usr/lib/live/boot/0030-ciss-verify-checksums b/config/includes.chroot/usr/lib/live/boot/0030-ciss-verify-checksums
index d21b6ca..8a0ab92 100644
--- a/config/includes.chroot/usr/lib/live/boot/0030-ciss-verify-checksums
+++ b/config/includes.chroot/usr/lib/live/boot/0030-ciss-verify-checksums
@@ -29,7 +29,7 @@
 #   0 : Successful verification
 #######################################
 Verify_checksums() {
-  printf "\e[95m[INFO] Starting: [/usr/lib/live/boot/0030-ciss-verify-checksums] ... \n\e[0m"
+  printf "\e[95m[INFO] Starting            : [/usr/lib/live/boot/0030-ciss-verify-checksums] \n\e[0m"
 
   ### Declare variables --------------------------------------------------------------------------------------------------------
 
@@ -48,6 +48,7 @@ Verify_checksums() {
   #######################################
   log_in() { printf '\e[95m[INFO]  %s \n\e[0m' "$*"; }
 
+
   #######################################
   # Helper for colored text output on stdout.
   # Globals:
@@ -153,7 +154,7 @@ Verify_checksums() {
     CDLB_CMD="/usr/bin/sha512sum"
     CDLB_SHA="sha512"
 
-    for _CAND in /scripts/live-bottom/0030-ciss-verify-checksums /usr/lib/live/boot/0030-ciss-verify-checksums; do
+    for _CAND in /scripts/live-bottom/0030-ciss-verify-checksums /usr/lib/live/boot/0030-ciss-verify-checksums ; do
 
       [ -e "${_CAND}" ] && { CDLB_SCRIPT_SELF="${_CAND}"; break; }
 
@@ -162,7 +163,7 @@ Verify_checksums() {
     CDLB_SCRIPT_FILE="${CDLB_SCRIPT_SELF##*/}"
     CDLB_SCRIPT_PATH="${CDLB_SCRIPT_SELF%/*}"
     CDLB_SCRIPT_FULL="${CDLB_SCRIPT_PATH%/}/${CDLB_SCRIPT_FILE}"
-    CDLB_HASHFILE="${CDLB_SCRIPT_FILE}.${CDLB_SHA}sum.txt"
+    CDLB_HASHFILE="/etc/ciss/hashes/${CDLB_SCRIPT_FILE}.${CDLB_SHA}sum.txt"
     CDLB_SIG_FILE="${CDLB_HASHFILE}.sig"
 
     _STATUS="$(/usr/bin/gpgv --no-default-keyring --keyring "${_KEYFILE}" --status-fd 1 --verify "${CDLB_SIG_FILE}" "${CDLB_SCRIPT_FULL}" 2>/dev/null)"
diff --git a/config/includes.chroot/usr/lib/live/boot/0042-ciss-post-decrypt-attest b/config/includes.chroot/usr/lib/live/boot/0042-ciss-post-decrypt-attest
index 4161639..d07dbba 100644
--- a/config/includes.chroot/usr/lib/live/boot/0042-ciss-post-decrypt-attest
+++ b/config/includes.chroot/usr/lib/live/boot/0042-ciss-post-decrypt-attest
@@ -21,7 +21,7 @@ _SAVED_SET_OPTS="$(set +o)"
 
 set -eu
 
-printf "\e[95m[INFO] Starting: [/usr/lib/live/boot/0042-ciss-post-decrypt-attest] ... \n\e[0m"
+printf "\e[95m[INFO] Starting            : [/usr/lib/live/boot/0042-ciss-post-decrypt-attest] \n\e[0m"
 
 ### Declare variables ----------------------------------------------------------------------------------------------------------
 
diff --git a/config/includes.chroot/usr/lib/live/boot/9990-main.sh b/config/includes.chroot/usr/lib/live/boot/9990-main.sh
index c7dcacf..55c1568 100644
--- a/config/includes.chroot/usr/lib/live/boot/9990-main.sh
+++ b/config/includes.chroot/usr/lib/live/boot/9990-main.sh
@@ -20,11 +20,11 @@
 
 # set -e
 
-printf "\e[95m[INFO] Sourcing: [/usr/lib/live/boot/9990-main.sh] ... \n\e[0m"
+printf "\e[95m[INFO] Sourcing            : [/usr/lib/live/boot/9990-main.sh] \n\e[0m"
 
 Live ()
 {
-  printf "\e[95m[INFO] Starting: [/usr/lib/live/boot/9990-main.sh] ... \n\e[0m"
+  printf "\e[95m[INFO] Starting            : [/usr/lib/live/boot/9990-main.sh] \n\e[0m"
 
   if [ -x /scripts/local-top/cryptroot ]
   then
@@ -56,12 +56,12 @@ Live ()
   # Needed here too because some things (*cough* udev *cough*)
   # change the timeout
 
-  printf "\e[93m[DEBUG] live(): Before do_netmount() pp. \e[0m\n" >&2
+  printf "\e[93m[DEBUG] live(): Before do_netmount() pp. \e[0m\n"
   if [ -n "${NETBOOT}" ] || [ -n "${FETCH}" ] || [ -n "${HTTPFS}" ] || [ -n "${FTPFS}" ]
   then
     if do_netmount
     then
-      printf "\e[93m[DEBUG] live(): [livefs_root=%s] \e[0m\n" "${mountpoint?}" >&2
+      printf "\e[93m[DEBUG] live(): [livefs_root=%s] \e[0m\n" "${mountpoint?}"
       livefs_root="${mountpoint?}"
     else
       panic "Unable to find a live file system on the network"
@@ -69,15 +69,15 @@ Live ()
   else
     if [ -n "${ISCSI_PORTAL}" ]
     then
-      printf "\e[93m[DEBUG] live(): [do_iscsi && livefs_root=%s] \e[0m\n" "${mountpoint?}" >&2
+      printf "\e[93m[DEBUG] live(): [do_iscsi && livefs_root=%s] \e[0m\n" "${mountpoint?}"
       do_iscsi && livefs_root="${mountpoint}"
     elif [ -n "${PLAIN_ROOT}" ] && [ -n "${ROOT}" ]
     then
       # Do a local boot from hd
-      printf "\e[93m[DEBUG] live(): Do a local boot from hd [livefs_root=%s] \e[0m\n" "${ROOT?}" >&2
+      printf "\e[93m[DEBUG] live(): Do a local boot from hd [livefs_root=%s] \e[0m\n" "${ROOT?}"
       livefs_root=${ROOT}
     else
-      printf "\e[93m[DEBUG] live(): [Setup_Memdisk] \e[0m\n" >&2
+      printf "\e[93m[DEBUG] live(): [Setup_Memdisk] \e[0m\n"
       Setup_Memdisk
 
       # If the live media location is given via command line and access to it
@@ -130,7 +130,7 @@ Live ()
     panic "Unable to find a medium containing a live file system"
   fi
 
-  printf "\e[93m[DEBUG] live(): Before [Verify_checksums %s] \e[0m\n" "${livefs_root}" >&2
+  printf "\e[93m[DEBUG] live(): Before [Verify_checksums %s] \e[0m\n" "${livefs_root}"
   Verify_checksums "${livefs_root}"
 
   # shellcheck disable=SC2244
@@ -166,16 +166,16 @@ Live ()
     fi
   fi
 
-  printf "\e[93m[DBG] Live(): before overlay, live_dest=%s \e[0m\n" "${live_dest:-<none>}" >&2
-  printf "\e[93m[DBG] Live(): MODULETORAMFILE=%s PLAIN_ROOT=%s \e[0m\n" "${MODULETORAMFILE}" "${PLAIN_ROOT}" >&2
+  printf "\e[93m[DBG] Live(): before overlay, live_dest=%s \e[0m\n" "${live_dest:-<none>}"
+  printf "\e[93m[DBG] Live(): MODULETORAMFILE=%s PLAIN_ROOT=%s \e[0m\n" "${MODULETORAMFILE}" "${PLAIN_ROOT}"
   if [ -n "${MODULETORAMFILE}" ] || [ -n "${PLAIN_ROOT}" ]
   then
-    printf "\e[93m[DBG] Live(): setup_unionfs livefs_root=%s rootmnt=%s \e[0m\n" "${livefs_root}" "${rootmnt?}" >&2
+    printf "\e[93m[DBG] Live(): setup_unionfs livefs_root=%s rootmnt=%s \e[0m\n" "${livefs_root}" "${rootmnt?}"
     setup_unionfs "${livefs_root}" "${rootmnt?}"
   else
     mac="$(get_mac)"
     mac="$(echo "${mac}" | sed 's/-//g')"
-    printf "\e[93m[DBG] Live(): mount_images_in_directory livefs_root=%s rootmnt=%s mac=%s \e[0m\n" "${livefs_root}" "${rootmnt}" "${mac}" >&2
+    printf "\e[93m[DBG] Live(): mount_images_in_directory livefs_root=%s rootmnt=%s mac=%s \e[0m\n" "${livefs_root}" "${rootmnt}" "${mac}"
     mount_images_in_directory "${livefs_root}" "${rootmnt}" "${mac}"
   fi
 
diff --git a/config/includes.chroot/usr/lib/live/boot/9990-overlay.sh b/config/includes.chroot/usr/lib/live/boot/9990-overlay.sh
index 5c87b93..70c2c31 100644
--- a/config/includes.chroot/usr/lib/live/boot/9990-overlay.sh
+++ b/config/includes.chroot/usr/lib/live/boot/9990-overlay.sh
@@ -20,11 +20,11 @@
 
 #set -e
 
-printf "\e[95m[INFO] Sourcing: [/usr/lib/live/boot/9990-overlay.sh] ... \n\e[0m"
+printf "\e[95m[INFO] Sourcing            : [/usr/lib/live/boot/9990-overlay.sh] \n\e[0m"
 
 setup_unionfs ()
 {
-  printf "\e[95m[INFO] Starting: [/usr/lib/live/boot/9990-overlay.sh] ... \n\e[0m"
+  printf "\e[95m[INFO] Starting            : [/usr/lib/live/boot/9990-overlay.sh] \n\e[0m"
 
   image_directory="${1}"
   rootmnt="${2}"
diff --git a/lib/lib_ciss_upgrades_boot.sh b/lib/lib_ciss_upgrades_boot.sh
index f2a9e09..d9f8287 100644
--- a/lib/lib_ciss_upgrades_boot.sh
+++ b/lib/lib_ciss_upgrades_boot.sh
@@ -58,6 +58,11 @@ ciss_upgrades_boot() {
 
   done
 
+  mv "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/live/boot/0030-ciss-verify-checksums.sha512sum.txt" \
+    "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/etc/ciss/hashes/0030-ciss-verify-checksums.sha512sum.txt"
+  mv "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/live/boot/0030-ciss-verify-checksums.sha512sum.txt.sig" \
+    "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/etc/ciss/signatures/0030-ciss-verify-checksums.sha512sum.txt.sig"
+
   printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ %s successfully applied. \e[0m\n" "${BASH_SOURCE[0]}"
 
   return 0