diff --git a/script/_common b/script/_common
index ae2e13f8263a..25c73a634fd9 100755
--- a/script/_common
+++ b/script/_common
@@ -41,6 +41,10 @@ function docker_build() {
     export DEPENDABOT_USER_GID=1000
   fi
 
+  # Only check Docker Content Trust for the updater-core image
+  # shellcheck disable=SC2034 # Used implicitly in docker build
+  DOCKER_CONTENT_TRUST=1
+
   # shellcheck disable=SC2086  # as $DOCKER_BUILD_ARGS relies on word-splitting
   docker build \
     $DOCKER_BUILD_ARGS \
@@ -53,6 +57,9 @@ function docker_build() {
     -f Dockerfile.updater-core \
     .
 
+  # We don't sign the updater image with Notary, so disable Docker Content Trust for remaining builds
+  unset DOCKER_CONTENT_TRUST
+
   export UPDATER_IMAGE_NAME="$UPDATER_IMAGE$TAG"
 
   # shellcheck disable=SC2086  # as $DOCKER_BUILD_ARGS relies on word-splitting