diff --git a/tools/update-pieeprom.sh b/tools/update-pieeprom.sh
index 2730fa9..5aaad13 100755
--- a/tools/update-pieeprom.sh
+++ b/tools/update-pieeprom.sh
@@ -94,6 +94,9 @@ update_eeprom() {
            rpi-eeprom-digest \
               -i "${config}" -o "${TMP_CONFIG_SIG}" \
               -H "${HSM_WRAPPER}" || die "Failed to sign EEPROM config using HSM"
+           rpi-eeprom-digest \
+              -i "${config}" -v "${TMP_CONFIG_SIG}" \
+              -k "$public_pem_file" || die "Failed to verify EEPROM config signed by HSM"
         else
            rpi-eeprom-digest \
               -i "${config}" -o "${TMP_CONFIG_SIG}" \