diff --git a/test/assets/common_versions.sh.template b/test/assets/common_versions.sh.template
index c2a0dc7a70..f978282955 100644
--- a/test/assets/common_versions.sh.template
+++ b/test/assets/common_versions.sh.template
@@ -68,6 +68,47 @@ get_vrel_from_rpm() {{
     echo ""
 }}
 
+get_redhat_bootc_image_url() {{
+    local -r registry="$1"
+    local -r release_version="$2"
+    local image_url=""
+
+    # get arch
+    local arch_oci=""
+    if [[ "${{UNAME_M}}" =~ ^x86.*4$ ]]; then
+        arch_oci="amd64"
+    elif [[ "${{UNAME_M}}" =~ ^aarch.*4$ ]]; then
+        arch_oci="arm64"
+    fi
+
+    sha_id=$(skopeo inspect --raw "docker://${{registry}}/openshift4/microshift-bootc-rhel9:v${{release_version}}" | \
+        jq -r ".manifests[] | select(.platform.architecture==\"${{arch_oci}}\") | .digest" 2>/dev/null)
+    if [[ "${{sha_id}}" =~ ^sha256:[0-9a-f]{{64}}$ ]]; then
+        image_url="${{registry}}/openshift4/microshift-bootc-rhel9@${{sha_id}}"
+    fi
+    echo "${{image_url}}"
+}}
+
+get_lrel_release_image_url() {{
+    local -r release_type="$1"
+    local -r release_version="$2"
+    local image_url=""
+
+    if [[ "${{release_type}}" == "ec" ]]; then
+        image_url="$(curl -s "https://mirror.openshift.com/pub/openshift-v4/${{UNAME_M}}/microshift/ocp-dev-preview/${{release_version}}/el9/bootc-pullspec.txt")"
+    elif [[ "${{release_type}}" == "rc" ]]; then
+        image_url="$(curl -s "https://mirror.openshift.com/pub/openshift-v4/${{UNAME_M}}/microshift/ocp/${{release_version}}/el9/bootc-pullspec.txt")"
+    elif [[ "${{release_type}}" == "zstream" ]]; then
+        for registry in "registry.redhat.io" "registry.stage.redhat.io"; do
+            image_url="$(get_redhat_bootc_image_url "${{registry}}" "${{release_version}}")"
+            if [ -n "${{image_url}}" ]; then
+                break
+            fi
+        done
+    fi
+    echo "${{image_url}}"
+}}
+
 # The current release minor version (e.g. '17' for '4.17') affects
 # the definition of previous and fake next versions.
 export MINOR_VERSION={minor_version}
@@ -155,12 +196,16 @@ export BREW_RC_RELEASE_VERSION
 export BREW_EC_RELEASE_VERSION
 export BREW_NIGHTLY_RELEASE_VERSION
 
-# Set the release type to ec, rc or zstream
-LATEST_RELEASE_TYPE="{LATEST_RELEASE_TYPE}"
-export LATEST_RELEASE_TYPE
+# Latest Release info
+LATEST_RELEASE_TYPE="ec" # ec, rc or zstream
+BREW_LATEST_RELEASE_VERSION="${{BREW_EC_RELEASE_VERSION}}" # BREW_EC_RELEASE_VERSION, BREW_RC_RELEASE_VERSION or BREW_Y0_RELEASE_VERSION
+LATEST_RELEASE_VERSION="$(echo "${{BREW_LATEST_RELEASE_VERSION}}" | sed -E 's/(.*)-.*/\1/' | sed -E 's/(.*)~(.*)/\1-\2/')" # example: 4.19.7 or 4.20.0-rc.3
+LATEST_RELEASE_IMAGE_URL="$(get_lrel_release_image_url "${{LATEST_RELEASE_TYPE}}" "${{LATEST_RELEASE_VERSION}}")"
 
-BREW_LREL_RELEASE_VERSION="${{BREW_EC_RELEASE_VERSION}}"
-export BREW_LREL_RELEASE_VERSION
+export LATEST_RELEASE_TYPE
+export BREW_LATEST_RELEASE_VERSION
+export LATEST_RELEASE_VERSION
+export LATEST_RELEASE_IMAGE_URL
 
 # Branch and commit for the openshift-tests-private repository
 OPENSHIFT_TESTS_PRIVATE_REPO_BRANCH="release-4.${{MINOR_VERSION}}"
diff --git a/test/bin/common_versions.sh b/test/bin/common_versions.sh
index e14ef5a829..2561b7d963 100644
--- a/test/bin/common_versions.sh
+++ b/test/bin/common_versions.sh
@@ -68,6 +68,47 @@ get_vrel_from_rpm() {
     echo ""
 }
 
+get_redhat_bootc_image_url() {
+    local -r registry="$1"
+    local -r release_version="$2"
+    local image_url=""
+
+    # get arch
+    local arch_oci=""
+    if [[ "${UNAME_M}" =~ ^x86.*4$ ]]; then
+        arch_oci="amd64"
+    elif [[ "${UNAME_M}" =~ ^aarch.*4$ ]]; then
+        arch_oci="arm64"
+    fi
+
+    sha_id=$(skopeo inspect --raw "docker://${registry}/openshift4/microshift-bootc-rhel9:v${release_version}" | \
+        jq -r ".manifests[] | select(.platform.architecture==\"${arch_oci}\") | .digest" 2>/dev/null)
+    if [[ "${sha_id}" =~ ^sha256:[0-9a-f]{64}$ ]]; then
+        image_url="${registry}/openshift4/microshift-bootc-rhel9@${sha_id}"
+    fi
+    echo "${image_url}"
+}
+
+get_lrel_release_image_url() {
+    local -r release_type="$1"
+    local -r release_version="$2"
+    local image_url=""
+
+    if [[ "${release_type}" == "ec" ]]; then
+        image_url="$(curl -s "https://mirror.openshift.com/pub/openshift-v4/${UNAME_M}/microshift/ocp-dev-preview/${release_version}/el9/bootc-pullspec.txt")"
+    elif [[ "${release_type}" == "rc" ]]; then
+        image_url="$(curl -s "https://mirror.openshift.com/pub/openshift-v4/${UNAME_M}/microshift/ocp/${release_version}/el9/bootc-pullspec.txt")"
+    elif [[ "${release_type}" == "zstream" ]]; then
+        for registry in "registry.redhat.io" "registry.stage.redhat.io"; do
+            image_url="$(get_redhat_bootc_image_url "${registry}" "${release_version}")"
+            if [ -n "${image_url}" ]; then
+                break
+            fi
+        done
+    fi
+    echo "${image_url}"
+}
+
 # The current release minor version (e.g. '17' for '4.17') affects
 # the definition of previous and fake next versions.
 export MINOR_VERSION=21
@@ -122,7 +163,7 @@ export RHOCP_MINOR_Y_BETA
 
 # The 'rhocp_minor_y' variable should be the previous minor version number, if
 # the previous release is available through the 'rhocp' stream, otherwise empty.
-RHOCP_MINOR_Y1="20"
+RHOCP_MINOR_Y1=20
 # The beta repository, containing dependencies, should point to the
 # OpenShift mirror URL. The mirror for previous release should always
 # be available.
@@ -155,12 +196,16 @@ export BREW_RC_RELEASE_VERSION
 export BREW_EC_RELEASE_VERSION
 export BREW_NIGHTLY_RELEASE_VERSION
 
-# Set the release type to ec, rc or zstream
-LATEST_RELEASE_TYPE="ec"
-export LATEST_RELEASE_TYPE
+# Latest Release info
+LATEST_RELEASE_TYPE="ec" # ec, rc or zstream
+BREW_LATEST_RELEASE_VERSION="${BREW_EC_RELEASE_VERSION}" # BREW_EC_RELEASE_VERSION, BREW_RC_RELEASE_VERSION or BREW_Y0_RELEASE_VERSION
+LATEST_RELEASE_VERSION="$(echo "${BREW_LATEST_RELEASE_VERSION}" | sed -E 's/(.*)-.*/\1/' | sed -E 's/(.*)~(.*)/\1-\2/')" # example: 4.19.7 or 4.20.0-rc.3
+LATEST_RELEASE_IMAGE_URL="$(get_lrel_release_image_url "${LATEST_RELEASE_TYPE}" "${LATEST_RELEASE_VERSION}")"
 
-BREW_LREL_RELEASE_VERSION="${BREW_EC_RELEASE_VERSION}"
-export BREW_LREL_RELEASE_VERSION
+export LATEST_RELEASE_TYPE
+export BREW_LATEST_RELEASE_VERSION
+export LATEST_RELEASE_VERSION
+export LATEST_RELEASE_IMAGE_URL
 
 # Branch and commit for the openshift-tests-private repository
 OPENSHIFT_TESTS_PRIVATE_REPO_BRANCH="release-4.${MINOR_VERSION}"
diff --git a/test/image-blueprints/layer2-presubmit/group1/rhel96-lrel-optionals-tuned.toml b/test/image-blueprints/layer2-presubmit/group1/rhel96-lrel-optionals-tuned.toml
index 1ed32e9db6..ff976082e7 100644
--- a/test/image-blueprints/layer2-presubmit/group1/rhel96-lrel-optionals-tuned.toml
+++ b/test/image-blueprints/layer2-presubmit/group1/rhel96-lrel-optionals-tuned.toml
@@ -1,4 +1,4 @@
-{{- if and (env.Getenv "BREW_LREL_RELEASE_VERSION" "") (env.Getenv "BREW_Y1_RELEASE_VERSION" "") -}}
+{{- if and (env.Getenv "BREW_LATEST_RELEASE_VERSION" "") (env.Getenv "BREW_Y1_RELEASE_VERSION" "") -}}
 {{- /*
 
   We wrap this template in a test so that the body of the output is
@@ -9,7 +9,7 @@
 */ -}}
 
 name = "rhel-9.6-microshift-brew-tuned-4.{{ .Env.MINOR_VERSION}}-{{ .Env.LATEST_RELEASE_TYPE}}"
-description = "A RHEL 9.6 image with already built and released RPMs like EC, RC, or Z-stream release: {{ .Env.BREW_LREL_RELEASE_VERSION }}"
+description = "A RHEL 9.6 image with already built and released RPMs like EC, RC, or Z-stream release: {{ .Env.BREW_LATEST_RELEASE_VERSION }}"
 version = "0.0.1"
 modules = []
 groups = []
@@ -22,20 +22,20 @@ distro = "rhel-96"
 {{ range (env.Getenv "MICROSHIFT_MANDATORY_RPMS" | strings.Split " ") }}
 [[packages]]
 name = "{{ . }}"
-version = "{{ env.Getenv "BREW_LREL_RELEASE_VERSION" }}"
+version = "{{ env.Getenv "BREW_LATEST_RELEASE_VERSION" }}"
 {{ end }}
 
 {{ range (env.Getenv "MICROSHIFT_OPTIONAL_RPMS" | strings.Split " ") }}
 [[packages]]
 name = "{{ . }}"
-version = "{{ env.Getenv "BREW_LREL_RELEASE_VERSION" }}"
+version = "{{ env.Getenv "BREW_LATEST_RELEASE_VERSION" }}"
 {{ end }}
 
 {{- if and (env.Getenv "UNAME_M" "") (eq "x86_64" .Env.UNAME_M) }}
 {{ range (env.Getenv "MICROSHIFT_X86_64_RPMS" | strings.Split " ") }}
 [[packages]]
 name = "{{ . }}"
-version = "{{ env.Getenv "BREW_LREL_RELEASE_VERSION" }}"
+version = "{{ env.Getenv "BREW_LATEST_RELEASE_VERSION" }}"
 {{ end }}
 {{- end }}
 
diff --git a/test/scenarios-bootc/releases/el96-lrel@konflux-images-standard1.sh b/test/scenarios-bootc/releases/el96-lrel@konflux-images-standard1.sh
new file mode 100644
index 0000000000..0421892338
--- /dev/null
+++ b/test/scenarios-bootc/releases/el96-lrel@konflux-images-standard1.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+# Sourced from scenario.sh and uses functions defined there.
+
+# Enable container signature verification for published MicroShift images.
+# These are ec / rc / zstream, thus guaranteed to be signed.
+# shellcheck disable=SC2034  # used elsewhere
+IMAGE_SIGSTORE_ENABLED=true
+
+scenario_create_vms() {
+    if [ -z "${LATEST_RELEASE_IMAGE_URL}" ] || [[ "${LATEST_RELEASE_IMAGE_URL}" == "" ]] ; then
+        echo "ERROR: Scenario requires a valid LATEST_RELEASE_IMAGE_URL, but got '${LATEST_RELEASE_IMAGE_URL}'"
+        exit 1
+    fi
+    prepare_kickstart host1 kickstart-bootc.ks.template "${LATEST_RELEASE_IMAGE_URL}"
+    launch_vm --boot_blueprint rhel96-bootc
+
+    # Open the firewall ports. Other scenarios get this behavior by embedding
+    # settings in the blueprint, but we cannot open firewall ports in published
+    # images. We need to do this step before running the RF suite so that suite
+    # can assume it can reach all of the same ports as for any other test.
+    configure_vm_firewall host1
+}
+
+scenario_remove_vms() {
+    remove_vm host1
+}
+
+scenario_run_tests() {
+    run_tests host1 \
+        --variable "EXPECTED_OS_VERSION:9.6" \
+        --variable "IMAGE_SIGSTORE_ENABLED:True" \
+        suites/standard1/ suites/selinux/validate-selinux-policy.robot
+}
diff --git a/test/scenarios-bootc/releases/el96-lrel@konflux-images-standard2.sh b/test/scenarios-bootc/releases/el96-lrel@konflux-images-standard2.sh
new file mode 100644
index 0000000000..4b8f3fc341
--- /dev/null
+++ b/test/scenarios-bootc/releases/el96-lrel@konflux-images-standard2.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+# Sourced from scenario.sh and uses functions defined there.
+
+# Enable container signature verification for published MicroShift images.
+# These are ec / rc / z-stream, thus guaranteed to be signed.
+# shellcheck disable=SC2034  # used elsewhere
+IMAGE_SIGSTORE_ENABLED=true
+
+scenario_create_vms() {
+    if [ -z "${LATEST_RELEASE_IMAGE_URL}" ] || [[ "${LATEST_RELEASE_IMAGE_URL}" == "" ]] ; then
+        echo "ERROR: Scenario requires a valid LATEST_RELEASE_IMAGE_URL, but got '${LATEST_RELEASE_IMAGE_URL}'"
+        exit 1
+    fi
+    prepare_kickstart host1 kickstart-bootc.ks.template "${LATEST_RELEASE_IMAGE_URL}"
+    launch_vm --boot_blueprint rhel96-bootc
+
+    # Open the firewall ports. Other scenarios get this behavior by embedding
+    # settings in the blueprint, but we cannot open firewall ports in published
+    # images. We need to do this step before running the RF suite so that suite
+    # can assume it can reach all of the same ports as for any other test.
+    configure_vm_firewall host1
+}
+
+scenario_remove_vms() {
+    remove_vm host1
+}
+
+scenario_run_tests() {
+    run_tests host1 \
+        --variable "IMAGE_SIGSTORE_ENABLED:True" \
+        suites/standard2/
+}
diff --git a/test/scenarios/releases/el96@rpm-install-upgrade.sh b/test/scenarios/releases/el96@rpm-install-upgrade.sh
index d9b8506c86..2e0cc928fb 100644
--- a/test/scenarios/releases/el96@rpm-install-upgrade.sh
+++ b/test/scenarios/releases/el96@rpm-install-upgrade.sh
@@ -109,7 +109,7 @@ scenario_run_tests() {
     run_tests host1 \
         --exitonfailure \
         --variable "SOURCE_REPO_URL:${repo_url}" \
-        --variable "TARGET_VERSION:${BREW_LREL_RELEASE_VERSION}" \
+        --variable "TARGET_VERSION:${BREW_LATEST_RELEASE_VERSION}" \
         --variable "PREVIOUS_MINOR_VERSION:${PREVIOUS_MINOR_VERSION}" \
         suites/rpm/install.robot \
         suites/rpm/remove.robot \
diff --git a/test/scenarios/releases/el96@rpm-standard1.sh b/test/scenarios/releases/el96@rpm-standard1.sh
index eb7e86fdee..d82d25efc9 100644
--- a/test/scenarios/releases/el96@rpm-standard1.sh
+++ b/test/scenarios/releases/el96@rpm-standard1.sh
@@ -77,7 +77,7 @@ scenario_run_tests() {
     run_tests host1 \
         --exitonfailure \
         --variable "SOURCE_REPO_URL:${repo_url}" \
-        --variable "TARGET_VERSION:${BREW_LREL_RELEASE_VERSION}" \
+        --variable "TARGET_VERSION:${BREW_LATEST_RELEASE_VERSION}" \
         --variable "EXPECTED_OS_VERSION:9.6" \
         suites/rpm/install.robot \
         suites/standard1/ suites/selinux/validate-selinux-policy.robot
diff --git a/test/scenarios/releases/el96@rpm-standard2.sh b/test/scenarios/releases/el96@rpm-standard2.sh
index 7f4a3af16b..0aeaac0ad8 100644
--- a/test/scenarios/releases/el96@rpm-standard2.sh
+++ b/test/scenarios/releases/el96@rpm-standard2.sh
@@ -78,7 +78,7 @@ scenario_run_tests() {
     run_tests host1 \
         --exitonfailure \
         --variable "SOURCE_REPO_URL:${repo_url}" \
-        --variable "TARGET_VERSION:${BREW_LREL_RELEASE_VERSION}" \
+        --variable "TARGET_VERSION:${BREW_LATEST_RELEASE_VERSION}" \
         --variable "EXPECTED_OS_VERSION:9.6" \
         suites/rpm/install.robot \
         suites/standard2/