diff --git a/supervisor/resolution/checks/core_trust.py b/supervisor/resolution/checks/core_trust.py
index f1a99acf9..9f636f2fe 100644
--- a/supervisor/resolution/checks/core_trust.py
+++ b/supervisor/resolution/checks/core_trust.py
@@ -56,4 +56,4 @@ class CheckCoreTrust(CheckBase):
     @property
     def states(self) -> list[CoreState]:
         """Return a list of valid states when this check can run."""
-        return [CoreState.RUNNING]
+        return [CoreState.RUNNING, CoreState.STARTUP]
diff --git a/supervisor/resolution/checks/plugin_trust.py b/supervisor/resolution/checks/plugin_trust.py
index a660a2fd2..1588db0d7 100644
--- a/supervisor/resolution/checks/plugin_trust.py
+++ b/supervisor/resolution/checks/plugin_trust.py
@@ -62,4 +62,4 @@ class CheckPluginTrust(CheckBase):
     @property
     def states(self) -> list[CoreState]:
         """Return a list of valid states when this check can run."""
-        return [CoreState.RUNNING]
+        return [CoreState.RUNNING, CoreState.STARTUP]
diff --git a/supervisor/security.py b/supervisor/security.py
index 5fcda97d0..0f0f1522a 100644
--- a/supervisor/security.py
+++ b/supervisor/security.py
@@ -72,8 +72,6 @@ class Security(FileConfiguration, CoreSysAttributes):
 
     async def verify_own_content(self, checksum: str) -> None:
         """Verify content from HA org."""
-        return
-        # pylint: disable=unreachable
         return await self.verify_content("notary@home-assistant.io", checksum)
 
     async def verify_secret(self, pwned_hash: str) -> None:
diff --git a/tests/test_security.py b/tests/test_security.py
index 0211a35d4..7297dd695 100644
--- a/tests/test_security.py
+++ b/tests/test_security.py
@@ -15,6 +15,13 @@ async def test_content_trust(coresys: CoreSys):
         assert cas_validate.called
         cas_validate.assert_called_once_with("test@mail.com", "ffffffffffffff")
 
+        with patch("supervisor.security.cas_validate", AsyncMock()) as cas_validate:
+            await coresys.security.verify_own_content("ffffffffffffff")
+            assert cas_validate.called
+            cas_validate.assert_called_once_with(
+                "notary@home-assistant.io", "ffffffffffffff"
+            )
+
 
 async def test_disabled_content_trust(coresys: CoreSys):
     """Test Content-Trust."""
@@ -24,6 +31,10 @@ async def test_disabled_content_trust(coresys: CoreSys):
         await coresys.security.verify_content("test@mail.com", "ffffffffffffff")
         assert not cas_validate.called
 
+    with patch("supervisor.security.cas_validate", AsyncMock()) as cas_validate:
+        await coresys.security.verify_own_content("ffffffffffffff")
+        assert not cas_validate.called
+
 
 async def test_force_content_trust(coresys: CoreSys):
     """Force Content-Trust tests."""