diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml
index 368de073922..281571f4dfc 100644
--- a/.github/workflows/reusable-build.yml
+++ b/.github/workflows/reusable-build.yml
@@ -407,6 +407,20 @@ jobs:
           COSIGN_EXPERIMENTAL: false
           COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
 
+      - name: Sign container image
+        if: github.event_name != 'pull_request' && contains(inputs.image_flavors, 'hwe')
+        shell: bash
+        run: |
+          image_name="${{ env.IMAGE_NAME }}"
+          asus_name="${image_name/hwe/asus}"
+          surface_name="${image_name/hwe/surface}"
+          cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${asus_name}@${TAGS}
+          cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${surface_name}@${TAGS}
+        env:
+          TAGS: ${{ steps.push.outputs.outputs && fromJSON(steps.push.outputs.outputs).digest }}
+          COSIGN_EXPERIMENTAL: false
+          COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
+
       - name: Generate file containing outputs
         if: github.event_name != 'pull_request'
         env: