diff --git a/quality/BUILD.bazel b/quality/BUILD.bazel
index ced3e05c7b1e0..21688a9bceb3f 100644
--- a/quality/BUILD.bazel
+++ b/quality/BUILD.bazel
@@ -173,19 +173,21 @@ RUST_TARGETS = [
     "//sw/host/hsmtool:hsmlib",
     "//sw/host/hsmtool:hsmlib_test",
     "//sw/host/hsmtool/acorn:acorn",
-    "//sw/host/ot_certs:ot_certs",
-    "//sw/host/ot_certs:ot_certs_test",
     "//sw/host/opentitanlib:opentitanlib",
     "//sw/host/opentitanlib:opentitanlib_test",
     "//sw/host/opentitansession:opentitansession",
     "//sw/host/opentitantool:opentitantool",
+    "//sw/host/ot_certs:ot_certs",
+    "//sw/host/ot_certs:ot_certs_test",
     "//sw/host/tests/chip/gpio:gpio",
     "//sw/host/tests/chip/power_virus:power_virus",
+    "//sw/host/tests/chip/spi_device:spi_passthru",
+    "//sw/host/tests/ownership:transfer_lib",
+    "//sw/host/tests/ownership:transfer_test",
     "//sw/host/tests/rom/e2e_bootstrap_disabled:e2e_bootstrap_disabled",
     "//sw/host/tests/rom/e2e_bootstrap_entry:e2e_bootstrap_entry",
     "//sw/host/tests/rom/e2e_chip_specific_startup:e2e_chip_specific_startup",
     "//sw/host/tests/rom/sw_strap_value:sw_strap_value",
-    "//sw/host/tests/chip/spi_device:spi_passthru",
     "//sw/host/tests/xmodem:lrzsz_test",
     "//sw/host/tests/xmodem:xmodem",
     "//sw/host/sphincsplus:sphincsplus",
diff --git a/sw/device/silicon_creator/lib/ownership/keys/dummy/BUILD b/sw/device/silicon_creator/lib/ownership/keys/dummy/BUILD
new file mode 100644
index 0000000000000..c143892271503
--- /dev/null
+++ b/sw/device/silicon_creator/lib/ownership/keys/dummy/BUILD
@@ -0,0 +1,30 @@
+# Copyright lowRISC contributors (OpenTitan project).
+# Licensed under the Apache License, Version 2.0, see LICENSE for details.
+# SPDX-License-Identifier: Apache-2.0
+
+package(default_visibility = ["//visibility:public"])
+
+filegroup(
+    name = "owner_key",
+    srcs = ["owner_ecdsa_p256.der"],
+)
+
+filegroup(
+    name = "activate_key",
+    srcs = ["activate_ecdsa_p256.der"],
+)
+
+filegroup(
+    name = "unlock_key",
+    srcs = ["unlock_ecdsa_p256.der"],
+)
+
+filegroup(
+    name = "app_prod",
+    srcs = ["app_prod_rsa_3072_exp_f4.der"],
+)
+
+filegroup(
+    name = "app_prod_pub",
+    srcs = ["app_prod_rsa_3072_exp_f4.pub.der"],
+)
diff --git a/sw/device/silicon_creator/lib/ownership/keys/dummy/activate_ecdsa_p256.der b/sw/device/silicon_creator/lib/ownership/keys/dummy/activate_ecdsa_p256.der
new file mode 100644
index 0000000000000..c0b4b4bd7472f
Binary files /dev/null and b/sw/device/silicon_creator/lib/ownership/keys/dummy/activate_ecdsa_p256.der differ
diff --git a/sw/device/silicon_creator/lib/ownership/keys/dummy/activate_ecdsa_p256.pub.der b/sw/device/silicon_creator/lib/ownership/keys/dummy/activate_ecdsa_p256.pub.der
new file mode 100644
index 0000000000000..02b30b3a5fa1e
Binary files /dev/null and b/sw/device/silicon_creator/lib/ownership/keys/dummy/activate_ecdsa_p256.pub.der differ
diff --git a/sw/device/silicon_creator/lib/ownership/keys/dummy/app_prod_rsa_3072_exp_f4.der b/sw/device/silicon_creator/lib/ownership/keys/dummy/app_prod_rsa_3072_exp_f4.der
new file mode 100644
index 0000000000000..a41d54d309f0f
Binary files /dev/null and b/sw/device/silicon_creator/lib/ownership/keys/dummy/app_prod_rsa_3072_exp_f4.der differ
diff --git a/sw/device/silicon_creator/lib/ownership/keys/dummy/app_prod_rsa_3072_exp_f4.pub.der b/sw/device/silicon_creator/lib/ownership/keys/dummy/app_prod_rsa_3072_exp_f4.pub.der
new file mode 100644
index 0000000000000..cfea71681c78e
Binary files /dev/null and b/sw/device/silicon_creator/lib/ownership/keys/dummy/app_prod_rsa_3072_exp_f4.pub.der differ
diff --git a/sw/device/silicon_creator/lib/ownership/keys/dummy/owner_ecdsa_p256.der b/sw/device/silicon_creator/lib/ownership/keys/dummy/owner_ecdsa_p256.der
new file mode 100644
index 0000000000000..8134d7740a927
Binary files /dev/null and b/sw/device/silicon_creator/lib/ownership/keys/dummy/owner_ecdsa_p256.der differ
diff --git a/sw/device/silicon_creator/lib/ownership/keys/dummy/owner_ecdsa_p256.pub.der b/sw/device/silicon_creator/lib/ownership/keys/dummy/owner_ecdsa_p256.pub.der
new file mode 100644
index 0000000000000..a199a167415e8
Binary files /dev/null and b/sw/device/silicon_creator/lib/ownership/keys/dummy/owner_ecdsa_p256.pub.der differ
diff --git a/sw/device/silicon_creator/lib/ownership/keys/dummy/unlock_ecdsa_p256.der b/sw/device/silicon_creator/lib/ownership/keys/dummy/unlock_ecdsa_p256.der
new file mode 100644
index 0000000000000..a52254cb97137
Binary files /dev/null and b/sw/device/silicon_creator/lib/ownership/keys/dummy/unlock_ecdsa_p256.der differ
diff --git a/sw/device/silicon_creator/lib/ownership/keys/dummy/unlock_ecdsa_p256.pub.der b/sw/device/silicon_creator/lib/ownership/keys/dummy/unlock_ecdsa_p256.pub.der
new file mode 100644
index 0000000000000..ad32bd0f6f790
Binary files /dev/null and b/sw/device/silicon_creator/lib/ownership/keys/dummy/unlock_ecdsa_p256.pub.der differ
diff --git a/sw/device/silicon_creator/rom_ext/e2e/ownership/BUILD b/sw/device/silicon_creator/rom_ext/e2e/ownership/BUILD
new file mode 100644
index 0000000000000..700054bac1a84
--- /dev/null
+++ b/sw/device/silicon_creator/rom_ext/e2e/ownership/BUILD
@@ -0,0 +1,51 @@
+# Copyright lowRISC contributors (OpenTitan project).
+# Licensed under the Apache License, Version 2.0, see LICENSE for details.
+# SPDX-License-Identifier: Apache-2.0
+
+load(
+    "//rules/opentitan:defs.bzl",
+    "fpga_params",
+    "opentitan_test",
+)
+
+package(default_visibility = ["//visibility:public"])
+
+opentitan_test(
+    name = "ownership_transfer_test",
+    srcs = ["//sw/device/silicon_creator/rom_ext/e2e/verified_boot:boot_test"],
+    exec_env = {
+        "//hw/top_earlgrey:fpga_hyper310_rom_ext": None,
+    },
+    fpga = fpga_params(
+        # This test doesn't change OTP, but it modifies the ownership INFO
+        # pages, so we need to clear the bitstream after the test, which is
+        # what the `changes_otp` parameter actually does.
+        changes_otp = True,
+        data = [
+            "//sw/device/silicon_creator/lib/ownership/keys/dummy:activate_key",
+            "//sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_pub",
+            "//sw/device/silicon_creator/lib/ownership/keys/dummy:owner_key",
+            "//sw/device/silicon_creator/lib/ownership/keys/dummy:unlock_key",
+            "//sw/device/silicon_creator/lib/ownership/keys/fake:unlock_key",
+        ],
+        test_cmd = """
+            --clear-bitstream
+            --bootstrap={firmware}
+            --unlock-key=$(location //sw/device/silicon_creator/lib/ownership/keys/fake:unlock_key)
+            --next-owner-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:owner_key)
+            --next-unlock-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:unlock_key)
+            --next-activate-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:activate_key)
+            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_pub)
+        """,
+        test_harness = "//sw/host/tests/ownership:transfer_test",
+    ),
+    rsa_key = {
+        "//sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod": "app_prod",
+    },
+    deps = [
+        "//sw/device/lib/base:status",
+        "//sw/device/lib/testing/test_framework:ottf_main",
+        "//sw/device/silicon_creator/lib:boot_log",
+        "//sw/device/silicon_creator/lib/drivers:retention_sram",
+    ],
+)
diff --git a/sw/device/silicon_creator/rom_ext/e2e/rescue/BUILD b/sw/device/silicon_creator/rom_ext/e2e/rescue/BUILD
index fb6e242cd7327..f254a8885a9c7 100644
--- a/sw/device/silicon_creator/rom_ext/e2e/rescue/BUILD
+++ b/sw/device/silicon_creator/rom_ext/e2e/rescue/BUILD
@@ -95,7 +95,7 @@ opentitan_test(
             --exec="fpga load-bitstream {bitstream}"
             --exec="bootstrap --clear-uart=true {firmware}"
             # Set next slot via the rescue protocol
-            --exec="rescue boot-svc set-next-bl0-slot --next=SlotB"
+            --exec="rescue boot-svc set-next-bl0-slot --next=SlotB --get-response=false"
             # Check for firmware execution in slot B
             --exec="console --non-interactive --exit-success='bl0_slot = __BB\r\n' --exit-failure='{exit_failure}'"
             # Reset and observe return to slot A.
diff --git a/sw/device/silicon_creator/rom_ext/e2e/verified_boot/BUILD b/sw/device/silicon_creator/rom_ext/e2e/verified_boot/BUILD
index 0616c75df464a..2a091cf71abb3 100644
--- a/sw/device/silicon_creator/rom_ext/e2e/verified_boot/BUILD
+++ b/sw/device/silicon_creator/rom_ext/e2e/verified_boot/BUILD
@@ -1,6 +1,7 @@
 # Copyright lowRISC contributors (OpenTitan project).
 # Licensed under the Apache License, Version 2.0, see LICENSE for details.
 # SPDX-License-Identifier: Apache-2.0
+
 load(
     "//rules/opentitan:defs.bzl",
     "DEFAULT_TEST_FAILURE_MSG",
diff --git a/sw/host/opentitanlib/BUILD b/sw/host/opentitanlib/BUILD
index 847fa1f34bcbc..8583e428df238 100644
--- a/sw/host/opentitanlib/BUILD
+++ b/sw/host/opentitanlib/BUILD
@@ -83,6 +83,7 @@ rust_library(
         "src/chip/boot_svc.rs",
         "src/chip/helper.rs",
         "src/chip/mod.rs",
+        "src/chip/rom_error.rs",
         "src/console/mod.rs",
         "src/console/spi.rs",
         "src/crypto/ecdsa.rs",
@@ -259,6 +260,7 @@ rust_library(
         "//third_party/openocd:jtag_cmsis_dap_adapter_cfg",
         "//util/openocd/target:lowrisc-earlgrey.cfg",
         "//util/openocd/target:lowrisc-earlgrey-lc.cfg",
+        "//sw/host/opentitanlib/bindgen:rom_error_enum",
     ],
     crate_features = [
         "include_hyperdebug_firmware",
@@ -275,6 +277,7 @@ rust_library(
         "i2c_target": "$(location :i2c_target)",
         "mem": "$(location :mem)",
         "pinmux_config": "$(location :pinmux_config)",
+        "rom_error_enum": "$(location //sw/host/opentitanlib/bindgen:rom_error_enum)",
         "spi_passthru": "$(location :spi_passthru)",
         "ottf": "$(location :ottf)",
         "hyperdebug_firmware": "$(location @hyperdebug_firmware//:hyperdebug/ec.bin)",
diff --git a/sw/host/opentitanlib/bindgen/BUILD b/sw/host/opentitanlib/bindgen/BUILD
index 199074cfc12a9..dab3e013f2bf5 100644
--- a/sw/host/opentitanlib/bindgen/BUILD
+++ b/sw/host/opentitanlib/bindgen/BUILD
@@ -2,8 +2,8 @@
 # Licensed under the Apache License, Version 2.0, see LICENSE for details.
 # SPDX-License-Identifier: Apache-2.0
 
-load("@rules_rust//bindgen:defs.bzl", "rust_bindgen_library")
-load("@rules_rust//rust:defs.bzl", "rust_library")
+load("@rules_rust//rust:defs.bzl", "rust_library", "rust_test")
+load("@rules_rust//bindgen:defs.bzl", "rust_bindgen", "rust_bindgen_library")
 
 package(default_visibility = ["//visibility:public"])
 
@@ -187,6 +187,43 @@ rust_bindgen_library(
     ],
 )
 
+# We generate the bindgen source for rom_error_t so we can post-process it
+# with the :rom_error_enum rule and build a full enum from all known
+# rom_error_t values.
+rust_bindgen(
+    name = "rom_error",
+    bindgen_flags = [
+        "--allowlist-type=rom_error_t",
+    ],
+    cc_lib = "//sw/device/silicon_creator/lib:error",
+    header = "//sw/device/silicon_creator/lib:error.h",
+)
+
+# Generate a rust source file that contains the enum definition.  This
+# will get textual-included into opentitanlib's `chip::rom_error` module.
+genrule(
+    name = "rom_error_enum",
+    srcs = [":rom_error"],
+    outs = ["rom_error_enum.rs"],
+    cmd = """
+cat >$@ <<HEADER
+with_unknown! {
+    pub enum RomError: u32 [default = Self::Unknown] {
+HEADER
+
+# The sed expression creates enumerators with idiomatic Rust names that
+# refer to the bindgen'ed constants.
+cat $(location :rom_error) \\
+    | grep const \\
+    | sed -E 's/^pub const (rom_error_kError([^:]+)).*$$/        \\2 = bindgen::rom_error::\\1,/g' >>$@
+
+cat >>$@ <<FOOTER
+    }
+}
+FOOTER
+    """,
+)
+
 rust_bindgen_library(
     name = "sram_program",
     bindgen_flags = [
@@ -248,7 +285,10 @@ rust_bindgen_library(
 
 rust_library(
     name = "bindgen",
-    srcs = ["lib.rs"],
+    srcs = [
+        "lib.rs",
+        ":rom_error",
+    ],
     deps = [
         ":alert",
         ":dif",
diff --git a/sw/host/opentitanlib/bindgen/lib.rs b/sw/host/opentitanlib/bindgen/lib.rs
index 1f86312b8817f..a90b6f0ad8563 100644
--- a/sw/host/opentitanlib/bindgen/lib.rs
+++ b/sw/host/opentitanlib/bindgen/lib.rs
@@ -10,3 +10,8 @@ pub use multibits;
 pub use sram_program;
 pub use status;
 pub use test_status;
+
+#[allow(non_snake_case)]
+#[allow(non_upper_case_globals)]
+#[allow(non_camel_case_types)]
+pub mod rom_error;
diff --git a/sw/host/opentitanlib/bindgen/rom_error.rs b/sw/host/opentitanlib/bindgen/rom_error.rs
new file mode 100644
index 0000000000000..7faf2c755206c
--- /dev/null
+++ b/sw/host/opentitanlib/bindgen/rom_error.rs
@@ -0,0 +1,7 @@
+// Copyright lowRISC contributors (OpenTitan project).
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+// Note: The real `rom_error.rs` source file is automatically generated by
+// the rom_error rule in the BUILD file.  This file exists to prevent rustfmt
+// from complaining that the source file doesn't exist.
diff --git a/sw/host/opentitanlib/src/chip/boot_svc.rs b/sw/host/opentitanlib/src/chip/boot_svc.rs
index e65e598792b9c..dacc74755161a 100644
--- a/sw/host/opentitanlib/src/chip/boot_svc.rs
+++ b/sw/host/opentitanlib/src/chip/boot_svc.rs
@@ -12,6 +12,7 @@ use std::io::{Read, Write};
 
 use super::ChipDataError;
 use crate::chip::boolean::HardenedBool;
+use crate::chip::rom_error::RomError;
 use crate::crypto::ecdsa::{EcdsaPrivateKey, EcdsaPublicKey, EcdsaRawPublicKey, EcdsaRawSignature};
 use crate::with_unknown;
 
@@ -86,7 +87,8 @@ pub struct MinBl0SecVerResponse {
     /// The current minimum BL0 version.
     pub ver: u32,
     /// The status response to the request.
-    pub status: u32,
+    #[annotate(format = hex)]
+    pub status: RomError,
 }
 
 /// Request to set the next (one-time) owner stage boot slot.
@@ -102,7 +104,8 @@ pub struct NextBl0SlotRequest {
 #[derive(Debug, Default, Serialize, Annotate)]
 pub struct NextBl0SlotResponse {
     /// The status response to the request.
-    pub status: u32,
+    #[annotate(format = hex)]
+    pub status: RomError,
     /// The current primary slot.
     pub primary_bl0_slot: BootSlot,
 }
@@ -129,7 +132,8 @@ pub struct OwnershipUnlockRequest {
 #[derive(Debug, Default, Serialize, Annotate)]
 pub struct OwnershipUnlockResponse {
     /// The status response to the request.
-    pub status: u32,
+    #[annotate(format = hex)]
+    pub status: RomError,
 }
 
 /// Request to activate ownership of the chip.
@@ -154,7 +158,8 @@ pub struct OwnershipActivateRequest {
 #[derive(Debug, Default, Serialize, Annotate)]
 pub struct OwnershipActivateResponse {
     /// The status response to the request.
-    pub status: u32,
+    #[annotate(format = hex)]
+    pub status: RomError,
 }
 
 #[derive(Debug, Serialize, Annotate)]
@@ -373,7 +378,7 @@ impl TryFrom<&[u8]> for MinBl0SecVerResponse {
         let mut reader = std::io::Cursor::new(buf);
         Ok(MinBl0SecVerResponse {
             ver: reader.read_u32::<LittleEndian>()?,
-            status: reader.read_u32::<LittleEndian>()?,
+            status: RomError(reader.read_u32::<LittleEndian>()?),
         })
     }
 }
@@ -381,7 +386,7 @@ impl MinBl0SecVerResponse {
     pub const SIZE: usize = 8;
     pub fn write(&self, dest: &mut impl Write) -> Result<()> {
         dest.write_u32::<LittleEndian>(self.ver)?;
-        dest.write_u32::<LittleEndian>(self.status)?;
+        dest.write_u32::<LittleEndian>(u32::from(self.status))?;
         Ok(())
     }
 }
@@ -410,7 +415,7 @@ impl TryFrom<&[u8]> for NextBl0SlotResponse {
     fn try_from(buf: &[u8]) -> std::result::Result<Self, Self::Error> {
         let mut reader = std::io::Cursor::new(buf);
         Ok(NextBl0SlotResponse {
-            status: reader.read_u32::<LittleEndian>()?,
+            status: RomError(reader.read_u32::<LittleEndian>()?),
             primary_bl0_slot: BootSlot(reader.read_u32::<LittleEndian>()?),
         })
     }
@@ -418,8 +423,7 @@ impl TryFrom<&[u8]> for NextBl0SlotResponse {
 impl NextBl0SlotResponse {
     pub const SIZE: usize = 4;
     pub fn write(&self, dest: &mut impl Write) -> Result<()> {
-        dest.write_u32::<LittleEndian>(self.status)?;
-        dest.write_u32::<LittleEndian>(u32::from(self.primary_bl0_slot))?;
+        dest.write_u32::<LittleEndian>(u32::from(self.status))?;
         Ok(())
     }
 }
@@ -472,14 +476,14 @@ impl TryFrom<&[u8]> for OwnershipUnlockResponse {
     fn try_from(buf: &[u8]) -> std::result::Result<Self, Self::Error> {
         let mut reader = std::io::Cursor::new(buf);
         Ok(OwnershipUnlockResponse {
-            status: reader.read_u32::<LittleEndian>()?,
+            status: RomError(reader.read_u32::<LittleEndian>()?),
         })
     }
 }
 impl OwnershipUnlockResponse {
     pub const SIZE: usize = 4;
     pub fn write(&self, dest: &mut impl Write) -> Result<()> {
-        dest.write_u32::<LittleEndian>(self.status)?;
+        dest.write_u32::<LittleEndian>(u32::from(self.status))?;
         Ok(())
     }
 }
@@ -527,14 +531,14 @@ impl TryFrom<&[u8]> for OwnershipActivateResponse {
     fn try_from(buf: &[u8]) -> std::result::Result<Self, Self::Error> {
         let mut reader = std::io::Cursor::new(buf);
         Ok(OwnershipActivateResponse {
-            status: reader.read_u32::<LittleEndian>()?,
+            status: RomError(reader.read_u32::<LittleEndian>()?),
         })
     }
 }
 impl OwnershipActivateResponse {
     pub const SIZE: usize = 4;
     pub fn write(&self, dest: &mut impl Write) -> Result<()> {
-        dest.write_u32::<LittleEndian>(self.status)?;
+        dest.write_u32::<LittleEndian>(u32::from(self.status))?;
         Ok(())
     }
 }
diff --git a/sw/host/opentitanlib/src/chip/helper.rs b/sw/host/opentitanlib/src/chip/helper.rs
index 0c43dc1e41e67..cf4e3717272a9 100644
--- a/sw/host/opentitanlib/src/chip/helper.rs
+++ b/sw/host/opentitanlib/src/chip/helper.rs
@@ -11,7 +11,7 @@ use std::fs::File;
 use std::io::Read;
 use std::path::PathBuf;
 
-#[derive(Debug, Args)]
+#[derive(Debug, Default, Args)]
 pub struct OwnershipUnlockParams {
     #[arg(long, value_enum, help = "Requested unlock mode")]
     pub mode: Option<UnlockMode>,
@@ -63,7 +63,7 @@ impl OwnershipUnlockParams {
     }
 }
 
-#[derive(Debug, Args)]
+#[derive(Debug, Default, Args)]
 pub struct OwnershipActivateParams {
     #[arg(long, value_parser = u64::from_str, help="Current ROM_EXT nonce")]
     pub nonce: Option<u64>,
diff --git a/sw/host/opentitanlib/src/chip/mod.rs b/sw/host/opentitanlib/src/chip/mod.rs
index 4e11b910d8570..5f8e59a34e132 100644
--- a/sw/host/opentitanlib/src/chip/mod.rs
+++ b/sw/host/opentitanlib/src/chip/mod.rs
@@ -10,6 +10,7 @@ pub mod boolean;
 pub mod boot_log;
 pub mod boot_svc;
 pub mod helper;
+pub mod rom_error;
 
 #[derive(Debug, Error)]
 pub enum ChipDataError {
diff --git a/sw/host/opentitanlib/src/chip/rom_error.rs b/sw/host/opentitanlib/src/chip/rom_error.rs
new file mode 100644
index 0000000000000..1fbdc327bc25e
--- /dev/null
+++ b/sw/host/opentitanlib/src/chip/rom_error.rs
@@ -0,0 +1,7 @@
+// Copyright lowRISC contributors (OpenTitan project).
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+use crate::with_unknown;
+
+include!(env!("rom_error_enum"));
diff --git a/sw/host/opentitanlib/src/crypto/ecdsa.rs b/sw/host/opentitanlib/src/crypto/ecdsa.rs
index 08558428db616..358c9e66dbbbd 100644
--- a/sw/host/opentitanlib/src/crypto/ecdsa.rs
+++ b/sw/host/opentitanlib/src/crypto/ecdsa.rs
@@ -226,6 +226,13 @@ impl TryFrom<&EcdsaPublicKey> for EcdsaRawPublicKey {
     }
 }
 
+impl TryFrom<EcdsaPublicKey> for EcdsaRawPublicKey {
+    type Error = Error;
+    fn try_from(v: EcdsaPublicKey) -> Result<Self, Self::Error> {
+        EcdsaRawPublicKey::try_from(&v)
+    }
+}
+
 impl FromStr for EcdsaRawPublicKey {
     type Err = Error;
     fn from_str(s: &str) -> Result<Self, Self::Err> {
diff --git a/sw/host/opentitanlib/src/crypto/rsa.rs b/sw/host/opentitanlib/src/crypto/rsa.rs
index 41509cd177b8b..d1ae75df9f202 100644
--- a/sw/host/opentitanlib/src/crypto/rsa.rs
+++ b/sw/host/opentitanlib/src/crypto/rsa.rs
@@ -273,6 +273,13 @@ impl TryFrom<&RsaPublicKey> for RsaRawPublicKey {
     }
 }
 
+impl TryFrom<RsaPublicKey> for RsaRawPublicKey {
+    type Error = Error;
+    fn try_from(v: RsaPublicKey) -> Result<Self, Self::Error> {
+        RsaRawPublicKey::try_from(&v)
+    }
+}
+
 impl FromStr for RsaRawPublicKey {
     type Err = Error;
     fn from_str(s: &str) -> Result<Self, Self::Err> {
diff --git a/sw/host/opentitanlib/src/ownership/misc.rs b/sw/host/opentitanlib/src/ownership/misc.rs
index 57c06f2ba3bcc..a67e77dbaea1c 100644
--- a/sw/host/opentitanlib/src/ownership/misc.rs
+++ b/sw/host/opentitanlib/src/ownership/misc.rs
@@ -72,6 +72,7 @@ impl TlvHeader {
 
 /// Low-level key material (ie: bit representation).
 #[derive(Debug, Serialize, Deserialize)]
+#[allow(clippy::len_without_is_empty)]
 pub enum KeyMaterial {
     Unknown(Vec<u8>),
     Ecdsa(#[serde(deserialize_with = "string_or_struct")] EcdsaRawPublicKey),
diff --git a/sw/host/opentitanlib/src/ownership/mod.rs b/sw/host/opentitanlib/src/ownership/mod.rs
index 41fc3030ddc5b..9c9840db15bd5 100644
--- a/sw/host/opentitanlib/src/ownership/mod.rs
+++ b/sw/host/opentitanlib/src/ownership/mod.rs
@@ -12,6 +12,6 @@ mod rescue;
 pub use application_key::{ApplicationKeyDomain, OwnerApplicationKey};
 pub use flash::{FlashFlags, OwnerFlashConfig, OwnerFlashRegion};
 pub use flash_info::{OwnerFlashInfoConfig, OwnerInfoPage};
-pub use misc::{OwnershipKeyAlg, TlvHeader, TlvTag};
-pub use owner::{OwnerBlock, SramExecMode};
+pub use misc::{KeyMaterial, OwnershipKeyAlg, TlvHeader, TlvTag};
+pub use owner::{OwnerBlock, OwnerConfigItem, SramExecMode};
 pub use rescue::{OwnerRescueConfig, RescueType};
diff --git a/sw/host/opentitanlib/src/rescue/serial.rs b/sw/host/opentitanlib/src/rescue/serial.rs
index 18f2141d92694..d04678545bde6 100644
--- a/sw/host/opentitanlib/src/rescue/serial.rs
+++ b/sw/host/opentitanlib/src/rescue/serial.rs
@@ -47,10 +47,12 @@ impl RescueSerial {
         }
     }
 
-    pub fn enter(&self, transport: &TransportWrapper) -> Result<()> {
+    pub fn enter(&self, transport: &TransportWrapper, reset_target: bool) -> Result<()> {
         log::info!("Setting serial break to trigger rescue mode.");
         self.uart.set_break(true)?;
-        transport.reset_target(self.reset_delay, /*clear_uart*=*/ true)?;
+        if reset_target {
+            transport.reset_target(self.reset_delay, /*clear_uart=*/ true)?;
+        }
         UartConsole::wait_for(&*self.uart, r"rescue:.*\r\n", self.enter_delay)?;
         log::info!("Rescue triggered. clearing serial break.");
         self.uart.set_break(false)?;
diff --git a/sw/host/opentitanlib/src/rescue/xmodem.rs b/sw/host/opentitanlib/src/rescue/xmodem.rs
index 696313572af1b..ba415a3a50d86 100644
--- a/sw/host/opentitanlib/src/rescue/xmodem.rs
+++ b/sw/host/opentitanlib/src/rescue/xmodem.rs
@@ -97,7 +97,10 @@ impl Xmodem {
                     }
                 }
                 _ => {
-                    log::info!("Unknown byte received while waiting for XMODEM start: {ch:#x?}");
+                    let p = ch as char;
+                    log::info!(
+                        "Unknown byte received while waiting for XMODEM start: {p:?} ({ch:#x?})"
+                    );
                 }
             }
         }
diff --git a/sw/host/opentitantool/src/command/rescue.rs b/sw/host/opentitantool/src/command/rescue.rs
index 0d3ab43c4ade2..4883029bb0b69 100644
--- a/sw/host/opentitantool/src/command/rescue.rs
+++ b/sw/host/opentitantool/src/command/rescue.rs
@@ -46,6 +46,13 @@ pub struct Firmware {
         help = "Wait after upload (no automatic reboot)"
     )]
     wait: bool,
+    #[arg(
+        long,
+        default_value_t = true,
+        action = clap::ArgAction::Set,
+        help = "Reset the target to enter rescue mode"
+    )]
+    reset_target: bool,
     #[arg(value_name = "FILE")]
     filename: PathBuf,
 }
@@ -77,7 +84,7 @@ impl CommandDispatch for Firmware {
         let uart = self.params.create(transport)?;
         let mut prev_baudrate = 0u32;
         let rescue = RescueSerial::new(Rc::clone(&uart));
-        rescue.enter(transport)?;
+        rescue.enter(transport, self.reset_target)?;
         if let Some(rate) = self.rate {
             prev_baudrate = uart.get_baudrate()?;
             rescue.set_baud(rate)?;
@@ -101,6 +108,13 @@ impl CommandDispatch for Firmware {
 pub struct GetBootLog {
     #[command(flatten)]
     params: UartParams,
+    #[arg(
+        long,
+        default_value_t = true,
+        action = clap::ArgAction::Set,
+        help = "Reset the target to enter rescue mode"
+    )]
+    reset_target: bool,
     #[arg(long, short, default_value = "false")]
     raw: bool,
 }
@@ -113,7 +127,7 @@ impl CommandDispatch for GetBootLog {
     ) -> Result<Option<Box<dyn Annotate>>> {
         let uart = self.params.create(transport)?;
         let rescue = RescueSerial::new(uart);
-        rescue.enter(transport)?;
+        rescue.enter(transport, self.reset_target)?;
         if self.raw {
             let data = rescue.get_boot_log_raw()?;
             Ok(Some(Box::new(RawBytes(data))))
@@ -128,6 +142,13 @@ impl CommandDispatch for GetBootLog {
 pub struct GetBootSvc {
     #[command(flatten)]
     params: UartParams,
+    #[arg(
+        long,
+        default_value_t = true,
+        action = clap::ArgAction::Set,
+        help = "Reset the target to enter rescue mode"
+    )]
+    reset_target: bool,
     #[arg(long, short, default_value = "false")]
     raw: bool,
 }
@@ -140,7 +161,7 @@ impl CommandDispatch for GetBootSvc {
     ) -> Result<Option<Box<dyn Annotate>>> {
         let uart = self.params.create(transport)?;
         let rescue = RescueSerial::new(uart);
-        rescue.enter(transport)?;
+        rescue.enter(transport, self.reset_target)?;
         if self.raw {
             let data = rescue.get_boot_svc_raw()?;
             Ok(Some(Box::new(RawBytes(data))))
@@ -169,6 +190,20 @@ pub struct SetNextBl0Slot {
         help = "Set the one-time next boot slot"
     )]
     next: BootSlot,
+    #[arg(
+        long,
+        default_value_t = true,
+        action = clap::ArgAction::Set,
+        help = "Reset the target to enter rescue mode"
+    )]
+    reset_target: bool,
+    #[arg(
+        long,
+        default_value_t = true,
+        action = clap::ArgAction::Set,
+        help = "Get the response from the target"
+    )]
+    get_response: bool,
 }
 
 impl CommandDispatch for SetNextBl0Slot {
@@ -179,9 +214,16 @@ impl CommandDispatch for SetNextBl0Slot {
     ) -> Result<Option<Box<dyn Annotate>>> {
         let uart = self.params.create(transport)?;
         let rescue = RescueSerial::new(uart);
-        rescue.enter(transport)?;
+        rescue.enter(transport, self.reset_target)?;
         rescue.set_next_bl0_slot(self.primary, self.next)?;
-        Ok(None)
+        if self.get_response {
+            rescue.enter(transport, false)?;
+            let response = rescue.get_boot_svc()?;
+            rescue.reboot()?;
+            Ok(Some(Box::new(response)))
+        } else {
+            Ok(None)
+        }
     }
 }
 
@@ -189,6 +231,20 @@ impl CommandDispatch for SetNextBl0Slot {
 pub struct OwnershipUnlock {
     #[command(flatten)]
     params: UartParams,
+    #[arg(
+        long,
+        default_value_t = true,
+        action = clap::ArgAction::Set,
+        help = "Reset the target to enter rescue mode"
+    )]
+    reset_target: bool,
+    #[arg(
+        long,
+        default_value_t = true,
+        action = clap::ArgAction::Set,
+        help = "Get the response from the target"
+    )]
+    get_response: bool,
     #[command(flatten)]
     unlock: OwnershipUnlockParams,
     #[arg(short, long, help = "A file containing a binary unlock request")]
@@ -207,9 +263,16 @@ impl CommandDispatch for OwnershipUnlock {
 
         let uart = self.params.create(transport)?;
         let rescue = RescueSerial::new(uart);
-        rescue.enter(transport)?;
+        rescue.enter(transport, self.reset_target)?;
         rescue.ownership_unlock(unlock)?;
-        Ok(None)
+        if self.get_response {
+            rescue.enter(transport, false)?;
+            let response = rescue.get_boot_svc()?;
+            rescue.reboot()?;
+            Ok(Some(Box::new(response)))
+        } else {
+            Ok(None)
+        }
     }
 }
 
@@ -217,6 +280,20 @@ impl CommandDispatch for OwnershipUnlock {
 pub struct OwnershipActivate {
     #[command(flatten)]
     params: UartParams,
+    #[arg(
+        long,
+        default_value_t = true,
+        action = clap::ArgAction::Set,
+        help = "Reset the target to enter rescue mode"
+    )]
+    reset_target: bool,
+    #[arg(
+        long,
+        default_value_t = true,
+        action = clap::ArgAction::Set,
+        help = "Get the response from the target"
+    )]
+    get_response: bool,
     #[command(flatten)]
     activate: OwnershipActivateParams,
     #[arg(short, long, help = "A file containing a binary activate request")]
@@ -235,9 +312,16 @@ impl CommandDispatch for OwnershipActivate {
 
         let uart = self.params.create(transport)?;
         let rescue = RescueSerial::new(uart);
-        rescue.enter(transport)?;
+        rescue.enter(transport, self.reset_target)?;
         rescue.ownership_activate(activate)?;
-        Ok(None)
+        if self.get_response {
+            rescue.enter(transport, false)?;
+            let response = rescue.get_boot_svc()?;
+            rescue.reboot()?;
+            Ok(Some(Box::new(response)))
+        } else {
+            Ok(None)
+        }
     }
 }
 
@@ -245,6 +329,13 @@ impl CommandDispatch for OwnershipActivate {
 pub struct SetOwnerConfig {
     #[command(flatten)]
     params: UartParams,
+    #[arg(
+        long,
+        default_value_t = true,
+        action = clap::ArgAction::Set,
+        help = "Reset the target to enter rescue mode"
+    )]
+    reset_target: bool,
     #[arg(help = "A signed owner configuration block")]
     input: PathBuf,
 }
@@ -258,14 +349,14 @@ impl CommandDispatch for SetOwnerConfig {
         let data = std::fs::read(&self.input)?;
         let uart = self.params.create(transport)?;
         let rescue = RescueSerial::new(uart);
-        rescue.enter(transport)?;
+        rescue.enter(transport, self.reset_target)?;
         rescue.set_owner_config(&data)?;
         Ok(None)
     }
 }
 
 #[derive(Debug, Subcommand, CommandDispatch)]
-pub enum BootSvc {
+pub enum BootSvcCommand {
     Get(GetBootSvc),
     SetNextBl0Slot(SetNextBl0Slot),
     OwnershipUnlock(OwnershipUnlock),
@@ -275,7 +366,7 @@ pub enum BootSvc {
 #[derive(Debug, Subcommand, CommandDispatch)]
 pub enum RescueCommand {
     #[command(subcommand)]
-    BootSvc(BootSvc),
+    BootSvc(BootSvcCommand),
     GetBootLog(GetBootLog),
     Firmware(Firmware),
     SetOwnerConfig(SetOwnerConfig),
diff --git a/sw/host/tests/ownership/BUILD b/sw/host/tests/ownership/BUILD
new file mode 100644
index 0000000000000..a67277d607e43
--- /dev/null
+++ b/sw/host/tests/ownership/BUILD
@@ -0,0 +1,33 @@
+# Copyright lowRISC contributors (OpenTitan project).
+# Licensed under the Apache License, Version 2.0, see LICENSE for details.
+# SPDX-License-Identifier: Apache-2.0
+
+load("@rules_rust//rust:defs.bzl", "rust_binary", "rust_library")
+load("//rules:ujson.bzl", "ujson_rust")
+
+package(default_visibility = ["//visibility:public"])
+
+rust_library(
+    name = "transfer_lib",
+    srcs = ["transfer_lib.rs"],
+    deps = [
+        "//sw/host/opentitanlib",
+        "@crate_index//:anyhow",
+        "@crate_index//:log",
+    ],
+)
+
+rust_binary(
+    name = "transfer_test",
+    srcs = [
+        "transfer_test.rs",
+    ],
+    deps = [
+        ":transfer_lib",
+        "//sw/host/opentitanlib",
+        "@crate_index//:anyhow",
+        "@crate_index//:clap",
+        "@crate_index//:humantime",
+        "@crate_index//:log",
+    ],
+)
diff --git a/sw/host/tests/ownership/transfer_lib.rs b/sw/host/tests/ownership/transfer_lib.rs
new file mode 100644
index 0000000000000..914993800fc1b
--- /dev/null
+++ b/sw/host/tests/ownership/transfer_lib.rs
@@ -0,0 +1,121 @@
+// Copyright lowRISC contributors (OpenTitan project).
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+#![allow(clippy::bool_assert_comparison)]
+use anyhow::{anyhow, Result};
+use opentitanlib::app::TransportWrapper;
+use opentitanlib::chip::boot_log::BootLog;
+use opentitanlib::chip::boot_svc::{Message, UnlockMode};
+use opentitanlib::chip::helper::{OwnershipActivateParams, OwnershipUnlockParams};
+use opentitanlib::chip::rom_error::RomError;
+use opentitanlib::crypto::ecdsa::EcdsaPrivateKey;
+use opentitanlib::crypto::rsa::RsaPublicKey;
+use opentitanlib::ownership::{
+    ApplicationKeyDomain, KeyMaterial, OwnerApplicationKey, OwnerBlock, OwnerConfigItem,
+    OwnershipKeyAlg,
+};
+use opentitanlib::rescue::serial::RescueSerial;
+
+use std::path::Path;
+
+/// Gets the BootLog.
+pub fn get_boot_log(transport: &TransportWrapper, rescue: &RescueSerial) -> Result<BootLog> {
+    rescue.enter(transport, /*reset=*/ true)?;
+    rescue.get_boot_log()
+}
+
+/// Prepares an UnlockOwnership command, sends it to the chip and gets the response.
+pub fn ownership_unlock(
+    transport: &TransportWrapper,
+    rescue: &RescueSerial,
+    mode: UnlockMode,
+    nonce: u64,
+    unlock_key: &Path,
+    next_owner: Option<&Path>,
+) -> Result<()> {
+    let unlock = OwnershipUnlockParams {
+        mode: Some(mode),
+        nonce: Some(nonce),
+        next_owner: next_owner.map(|p| p.into()),
+        sign: Some(unlock_key.into()),
+        ..Default::default()
+    }
+    .apply_to(Option::<&mut std::fs::File>::None)?;
+
+    rescue.enter(transport, /*reset=*/ true)?;
+    rescue.ownership_unlock(unlock)?;
+    rescue.enter(transport, /*reset=*/ false)?;
+    let result = rescue.get_boot_svc()?;
+    match &result.message {
+        Message::OwnershipUnlockResponse(r) if r.status == RomError::Ok => Ok(()),
+        _ => Err(anyhow!("Unexpected response: {result:x?}")),
+    }
+}
+
+/// Prepares an UnlockOwnership command (with UnlockMode::Any), sends it to the chip and gets the response.
+pub fn ownership_unlock_any(
+    transport: &TransportWrapper,
+    rescue: &RescueSerial,
+    nonce: u64,
+    unlock_key: &Path,
+) -> Result<()> {
+    ownership_unlock(transport, rescue, UnlockMode::Any, nonce, unlock_key, None)
+}
+
+/// Prepares an OwnershipActivate command, sends it to the chip and gets the response.
+pub fn ownership_activate(
+    transport: &TransportWrapper,
+    rescue: &RescueSerial,
+    nonce: u64,
+    activate_key: &Path,
+) -> Result<()> {
+    let activate = OwnershipActivateParams {
+        nonce: Some(nonce),
+        sign: Some(activate_key.into()),
+        ..Default::default()
+    }
+    .apply_to(Option::<&mut std::fs::File>::None)?;
+
+    rescue.enter(transport, /*reset=*/ true)?;
+    rescue.ownership_activate(activate)?;
+    rescue.enter(transport, /*reset=*/ false)?;
+    let result = rescue.get_boot_svc()?;
+    match &result.message {
+        Message::OwnershipActivateResponse(r) if r.status == RomError::Ok => Ok(()),
+        _ => Err(anyhow!("Unexpected response: {result:x?}")),
+    }
+}
+
+/// Prepares an OwnerBlock and sends it to the chip.
+pub fn create_owner(
+    transport: &TransportWrapper,
+    rescue: &RescueSerial,
+    owner_key: &Path,
+    activate_key: &Path,
+    unlock_key: &Path,
+    app_key: &Path,
+) -> Result<()> {
+    let owner_key = EcdsaPrivateKey::load(owner_key)?;
+    let activate_key = EcdsaPrivateKey::load(activate_key)?;
+    let unlock_key = EcdsaPrivateKey::load(unlock_key)?;
+    let app_key = RsaPublicKey::from_pkcs1_der_file(app_key)?;
+    let mut owner = OwnerBlock {
+        owner_key: KeyMaterial::Ecdsa(owner_key.public_key().try_into()?),
+        activate_key: KeyMaterial::Ecdsa(activate_key.public_key().try_into()?),
+        unlock_key: KeyMaterial::Ecdsa(unlock_key.public_key().try_into()?),
+        data: vec![OwnerConfigItem::ApplicationKey(OwnerApplicationKey {
+            key_alg: OwnershipKeyAlg::Rsa,
+            key_domain: ApplicationKeyDomain::Prod,
+            key: KeyMaterial::Rsa(app_key.try_into()?),
+            ..Default::default()
+        })],
+        ..Default::default()
+    };
+    owner.sign(&owner_key)?;
+    let mut owner_config = Vec::new();
+    owner.write(&mut owner_config)?;
+    rescue.enter(transport, /*reset=*/ true)?;
+    rescue.set_owner_config(&owner_config)?;
+    Ok(())
+}
diff --git a/sw/host/tests/ownership/transfer_test.rs b/sw/host/tests/ownership/transfer_test.rs
new file mode 100644
index 0000000000000..3b7ec5ee10a2b
--- /dev/null
+++ b/sw/host/tests/ownership/transfer_test.rs
@@ -0,0 +1,84 @@
+// Copyright lowRISC contributors (OpenTitan project).
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+#![allow(clippy::bool_assert_comparison)]
+use anyhow::Result;
+use clap::Parser;
+use std::path::PathBuf;
+use std::rc::Rc;
+use std::time::Duration;
+
+use opentitanlib::rescue::serial::RescueSerial;
+use opentitanlib::test_utils::init::InitializeTest;
+use opentitanlib::uart::console::UartConsole;
+
+#[derive(Debug, Parser)]
+struct Opts {
+    #[command(flatten)]
+    init: InitializeTest,
+
+    /// Console receive timeout.
+    #[arg(long, value_parser = humantime::parse_duration, default_value = "10s")]
+    timeout: Duration,
+    #[arg(long, help = "Unlock private key (ECDSA P256)")]
+    unlock_key: PathBuf,
+    #[arg(long, help = "Next Owner private key (ECDSA P256)")]
+    next_owner_key: PathBuf,
+    #[arg(long, help = "Next Owner activate private key (ECDSA P256)")]
+    next_activate_key: PathBuf,
+    #[arg(long, help = "Next Owner unlock private key (ECDSA P256)")]
+    next_unlock_key: PathBuf,
+    #[arg(long, help = "Next Owner's application public key (RSA3K)")]
+    next_application_key: PathBuf,
+}
+
+fn main() -> Result<()> {
+    let opts = Opts::parse();
+    opts.init.init_logging();
+
+    let transport = opts.init.init_target()?;
+    let uart = transport.uart("console")?;
+    let rescue = RescueSerial::new(Rc::clone(&uart));
+
+    let data = transfer_lib::get_boot_log(&transport, &rescue)?;
+    transfer_lib::ownership_unlock_any(&transport, &rescue, data.rom_ext_nonce, &opts.unlock_key)?;
+
+    transfer_lib::create_owner(
+        &transport,
+        &rescue,
+        &opts.next_owner_key,
+        &opts.next_activate_key,
+        &opts.next_unlock_key,
+        &opts.next_application_key,
+    )?;
+
+    // At this point, the device should be unlocked and should have accepted the owner
+    // configuration.  Owner code should run and report the state as `UANY`.
+    transport.reset_target(Duration::from_millis(50), /*clear_uart=*/ true)?;
+    let capture = UartConsole::wait_for(
+        &*uart,
+        r"(?msR)ownership_state = UANY$.*ownership_transfers = (\d+)$.*PASS!$",
+        opts.timeout,
+    )?;
+    let transfers0 = capture[1].parse::<u32>()?;
+
+    let data = transfer_lib::get_boot_log(&transport, &rescue)?;
+    transfer_lib::ownership_activate(
+        &transport,
+        &rescue,
+        data.rom_ext_nonce,
+        &opts.next_activate_key,
+    )?;
+
+    // After the activate command, the device should report the ownership state as `OWND`.
+    transport.reset_target(Duration::from_millis(50), /*clear_uart=*/ true)?;
+    let capture = UartConsole::wait_for(
+        &*uart,
+        r"(?msR)ownership_state = OWND$.*ownership_transfers = (\d+)$.*PASS!$",
+        opts.timeout,
+    )?;
+    let transfers1 = capture[1].parse::<u32>()?;
+    assert_eq!(transfers0 + 1, transfers1);
+    Ok(())
+}