diff --git a/share/sysbuild/CMakeLists.txt b/share/sysbuild/CMakeLists.txt
index 289fba0cade..8b1042b4807 100644
--- a/share/sysbuild/CMakeLists.txt
+++ b/share/sysbuild/CMakeLists.txt
@@ -30,6 +30,31 @@ set(IMAGES)
 get_filename_component(APP_DIR  ${APP_DIR} ABSOLUTE)
 get_filename_component(app_name ${APP_DIR} NAME)
 
+# Propagate bootloader and signing settings from this system to the MCUboot and
+# application image build systems.
+if(SB_CONFIG_BOOTLOADER_MCUBOOT)
+  set(${app_name}_CONFIG_BOOTLOADER_MCUBOOT y CACHE STRING
+      "MCUBOOT is enabled as bootloader" FORCE
+  )
+  set(${app_name}_CONFIG_MCUBOOT_SIGNATURE_KEY_FILE
+      \"${SB_CONFIG_BOOT_SIGNATURE_KEY_FILE}\" CACHE STRING
+      "Signature key file for signing" FORCE
+  )
+
+  # Set corresponding values in mcuboot
+  set(mcuboot_CONFIG_BOOT_SIGNATURE_TYPE_${SB_CONFIG_SIGNATURE_TYPE} y CACHE STRING
+      "MCUBOOT signature type" FORCE
+  )
+  set(mcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE
+      \"${SB_CONFIG_BOOT_SIGNATURE_KEY_FILE}\" CACHE STRING
+      "Signature key file for signing" FORCE
+  )
+else()
+  set(${app_name}_CONFIG_BOOTLOADER_MCUBOOT n CACHE STRING
+      "MCUBOOT is disabled as bootloader" FORCE
+  )
+endif()
+
 # This adds the primary application to the build.
 ExternalZephyrProject_Add(
   APPLICATION ${app_name}
diff --git a/share/sysbuild/bootloader/Kconfig b/share/sysbuild/bootloader/Kconfig
index 6c70a6e9594..833e9e76469 100644
--- a/share/sysbuild/bootloader/Kconfig
+++ b/share/sysbuild/bootloader/Kconfig
@@ -27,3 +27,41 @@ config BOOTLOADER_MCUBOOT
 	  Include MCUboot (Zephyr port) as the bootloader to use
 
 endchoice
+
+if BOOTLOADER_MCUBOOT
+
+config SIGNATURE_TYPE
+	string
+	default NONE if BOOT_SIGNATURE_TYPE_NONE
+	default RSA  if BOOT_SIGNATURE_TYPE_RSA
+	default ECDSA_P256 if BOOT_SIGNATURE_TYPE_ECDSA_P256
+	default ED25519 if BOOT_SIGNATURE_TYPE_ED25519
+
+choice
+	prompt "Signature type"
+	default BOOT_SIGNATURE_TYPE_RSA
+
+config BOOT_SIGNATURE_TYPE_NONE
+	bool "No signature; use only hash check"
+
+config BOOT_SIGNATURE_TYPE_RSA
+	bool "RSA signatures"
+
+config BOOT_SIGNATURE_TYPE_ECDSA_P256
+	bool "Elliptic curve digital signatures with curve P-256"
+
+config BOOT_SIGNATURE_TYPE_ED25519
+	bool "Edwards curve digital signatures using ed25519"
+
+endchoice
+
+config BOOT_SIGNATURE_KEY_FILE
+	string "PEM key file"
+	default "$(ZEPHYR_MCUBOOT_MODULE_DIR)/root-ec-p256.pem" if BOOT_SIGNATURE_TYPE_ECDSA_P256
+	default "$(ZEPHYR_MCUBOOT_MODULE_DIR)/root-ed25519.pem" if BOOT_SIGNATURE_TYPE_ED25519
+	default "$(ZEPHYR_MCUBOOT_MODULE_DIR)/root-rsa-2048.pem" if BOOT_SIGNATURE_TYPE_RSA
+	default ""
+	help
+	  Absolute path to key file to use with MCUBoot.
+
+endif