diff --git a/e2e/compose-env.yaml b/e2e/compose-env.yaml
index 703b718cd..1d25623c2 100644
--- a/e2e/compose-env.yaml
+++ b/e2e/compose-env.yaml
@@ -9,19 +9,3 @@ services:
       command: ['--insecure-registry=registry:5000', '--experimental']
       environment:
         - DOCKER_TLS_CERTDIR=
-
-  notary-server:
-      build:
-        context: ./testdata
-        dockerfile: Dockerfile.notary-server
-      ports:
-        - 4443:4443
-      command: ['notary-server', '-config=/fixtures/notary-config.json']
-
-  evil-notary-server:
-      build:
-        context: ./testdata
-        dockerfile: Dockerfile.evil-notary-server
-      ports:
-        - 4444:4443
-      command: ['notary-server', '-config=/fixtures/notary-config.json']
diff --git a/e2e/container/create_test.go b/e2e/container/create_test.go
index daf8e092f..7a4bf67ae 100644
--- a/e2e/container/create_test.go
+++ b/e2e/container/create_test.go
@@ -1,107 +1,12 @@
 package container
 
 import (
-	"fmt"
 	"testing"
 
 	"github.com/docker/cli/e2e/internal/fixtures"
-	"github.com/docker/cli/internal/test/environment"
 	"gotest.tools/v3/icmd"
-	"gotest.tools/v3/skip"
 )
 
-func TestCreateWithContentTrust(t *testing.T) {
-	skip.If(t, environment.RemoteDaemon())
-
-	dir := fixtures.SetupConfigFile(t)
-	defer dir.Remove()
-	image := fixtures.CreateMaskedTrustedRemoteImage(t, registryPrefix, "trust-create", "latest")
-
-	defer func() {
-		icmd.RunCommand("docker", "image", "rm", image).Assert(t, icmd.Success)
-	}()
-
-	result := icmd.RunCmd(
-		icmd.Command("docker", "create", image),
-		fixtures.WithConfig(dir.Path()),
-		fixtures.WithTrust,
-		fixtures.WithNotary,
-	)
-	result.Assert(t, icmd.Expected{
-		Err: fmt.Sprintf("Tagging %s@sha", image[:len(image)-7]),
-	})
-}
-
-func TestTrustedCreateFromUnreachableTrustServer(t *testing.T) {
-	dir := fixtures.SetupConfigFile(t)
-	defer dir.Remove()
-	image := fixtures.CreateMaskedTrustedRemoteImage(t, registryPrefix, "trust-create", "latest")
-
-	result := icmd.RunCmd(
-		icmd.Command("docker", "create", image),
-		fixtures.WithConfig(dir.Path()),
-		fixtures.WithTrust,
-		fixtures.WithNotaryServer("https://notary.invalid"),
-	)
-	result.Assert(t, icmd.Expected{
-		ExitCode: 1,
-		Err:      "error contacting notary server",
-	})
-}
-
-func TestTrustedCreateFromBadTrustServer(t *testing.T) {
-	evilImageName := "registry:5000/evil-alpine:latest"
-	dir := fixtures.SetupConfigFile(t)
-	defer dir.Remove()
-
-	// tag the image and upload it to the private registry
-	icmd.RunCmd(icmd.Command("docker", "tag", fixtures.AlpineImage, evilImageName),
-		fixtures.WithConfig(dir.Path()),
-	).Assert(t, icmd.Success)
-	icmd.RunCmd(icmd.Command("docker", "image", "push", evilImageName),
-		fixtures.WithConfig(dir.Path()),
-		fixtures.WithPassphrase("root_password", "repo_password"),
-		fixtures.WithTrust,
-		fixtures.WithNotary,
-	).Assert(t, icmd.Success)
-	icmd.RunCmd(icmd.Command("docker", "image", "rm", evilImageName)).Assert(t, icmd.Success)
-
-	// try create
-	icmd.RunCmd(icmd.Command("docker", "create", evilImageName),
-		fixtures.WithConfig(dir.Path()),
-		fixtures.WithTrust,
-		fixtures.WithNotary,
-	).Assert(t, icmd.Success)
-	icmd.RunCmd(icmd.Command("docker", "image", "rm", evilImageName)).Assert(t, icmd.Success)
-
-	// init a client with the evil-server and a new trust dir
-	evilNotaryDir := fixtures.SetupConfigWithNotaryURL(t, "evil-test", fixtures.EvilNotaryURL)
-	defer evilNotaryDir.Remove()
-
-	// tag the same image and upload it to the private registry but signed with evil notary server
-	icmd.RunCmd(icmd.Command("docker", "tag", fixtures.AlpineImage, evilImageName),
-		fixtures.WithConfig(evilNotaryDir.Path()),
-	).Assert(t, icmd.Success)
-	icmd.RunCmd(icmd.Command("docker", "image", "push", evilImageName),
-		fixtures.WithConfig(evilNotaryDir.Path()),
-		fixtures.WithPassphrase("root_password", "repo_password"),
-		fixtures.WithTrust,
-		fixtures.WithNotaryServer(fixtures.EvilNotaryURL),
-	).Assert(t, icmd.Success)
-	icmd.RunCmd(icmd.Command("docker", "image", "rm", evilImageName)).Assert(t, icmd.Success)
-
-	// try creating with the original client from the evil notary server. This should failed
-	// because the new root is invalid
-	icmd.RunCmd(icmd.Command("docker", "create", evilImageName),
-		fixtures.WithConfig(dir.Path()),
-		fixtures.WithTrust,
-		fixtures.WithNotaryServer(fixtures.EvilNotaryURL),
-	).Assert(t, icmd.Expected{
-		ExitCode: 1,
-		Err:      "could not rotate trust to a new trusted root",
-	})
-}
-
 func TestCreateWithEmptySourceVolume(t *testing.T) {
 	icmd.RunCmd(icmd.Command("docker", "create", "-v", ":/volume", fixtures.AlpineImage)).
 		Assert(t, icmd.Expected{
diff --git a/e2e/container/run_test.go b/e2e/container/run_test.go
index 5e469abff..d52230e23 100644
--- a/e2e/container/run_test.go
+++ b/e2e/container/run_test.go
@@ -2,7 +2,6 @@ package container
 
 import (
 	"bytes"
-	"fmt"
 	"io"
 	"math/rand"
 	"os/exec"
@@ -90,104 +89,6 @@ func TestRunInvalidEntrypointWithAutoremove(t *testing.T) {
 	}
 }
 
-func TestRunWithContentTrust(t *testing.T) {
-	skip.If(t, environment.RemoteDaemon())
-
-	dir := fixtures.SetupConfigFile(t)
-	defer dir.Remove()
-	image := fixtures.CreateMaskedTrustedRemoteImage(t, registryPrefix, "trust-run", "latest")
-
-	defer func() {
-		icmd.RunCommand("docker", "image", "rm", image).Assert(t, icmd.Success)
-	}()
-
-	result := icmd.RunCmd(
-		icmd.Command("docker", "run", image),
-		fixtures.WithConfig(dir.Path()),
-		fixtures.WithTrust,
-		fixtures.WithNotary,
-	)
-	result.Assert(t, icmd.Expected{
-		Err: fmt.Sprintf("Tagging %s@sha", image[:len(image)-7]),
-	})
-}
-
-func TestUntrustedRun(t *testing.T) {
-	dir := fixtures.SetupConfigFile(t)
-	defer dir.Remove()
-	image := registryPrefix + "/alpine:untrusted"
-	// tag the image and upload it to the private registry
-	icmd.RunCommand("docker", "tag", fixtures.AlpineImage, image).Assert(t, icmd.Success)
-	defer func() {
-		icmd.RunCommand("docker", "image", "rm", image).Assert(t, icmd.Success)
-	}()
-
-	// try trusted run on untrusted tag
-	result := icmd.RunCmd(
-		icmd.Command("docker", "run", image),
-		fixtures.WithConfig(dir.Path()),
-		fixtures.WithTrust,
-		fixtures.WithNotary,
-	)
-	result.Assert(t, icmd.Expected{
-		ExitCode: 125,
-		Err:      "does not have trust data for",
-	})
-}
-
-func TestTrustedRunFromBadTrustServer(t *testing.T) {
-	evilImageName := registryPrefix + "/evil-alpine:latest"
-	dir := fixtures.SetupConfigFile(t)
-	defer dir.Remove()
-
-	// tag the image and upload it to the private registry
-	icmd.RunCmd(icmd.Command("docker", "tag", fixtures.AlpineImage, evilImageName),
-		fixtures.WithConfig(dir.Path()),
-	).Assert(t, icmd.Success)
-	icmd.RunCmd(icmd.Command("docker", "image", "push", evilImageName),
-		fixtures.WithConfig(dir.Path()),
-		fixtures.WithPassphrase("root_password", "repo_password"),
-		fixtures.WithTrust,
-		fixtures.WithNotary,
-	).Assert(t, icmd.Success)
-	icmd.RunCmd(icmd.Command("docker", "image", "rm", evilImageName)).Assert(t, icmd.Success)
-
-	// try run
-	icmd.RunCmd(icmd.Command("docker", "run", evilImageName),
-		fixtures.WithConfig(dir.Path()),
-		fixtures.WithTrust,
-		fixtures.WithNotary,
-	).Assert(t, icmd.Success)
-	icmd.RunCmd(icmd.Command("docker", "image", "rm", evilImageName)).Assert(t, icmd.Success)
-
-	// init a client with the evil-server and a new trust dir
-	evilNotaryDir := fixtures.SetupConfigWithNotaryURL(t, "evil-test", fixtures.EvilNotaryURL)
-	defer evilNotaryDir.Remove()
-
-	// tag the same image and upload it to the private registry but signed with evil notary server
-	icmd.RunCmd(icmd.Command("docker", "tag", fixtures.AlpineImage, evilImageName),
-		fixtures.WithConfig(evilNotaryDir.Path()),
-	).Assert(t, icmd.Success)
-	icmd.RunCmd(icmd.Command("docker", "image", "push", evilImageName),
-		fixtures.WithConfig(evilNotaryDir.Path()),
-		fixtures.WithPassphrase("root_password", "repo_password"),
-		fixtures.WithTrust,
-		fixtures.WithNotaryServer(fixtures.EvilNotaryURL),
-	).Assert(t, icmd.Success)
-	icmd.RunCmd(icmd.Command("docker", "image", "rm", evilImageName)).Assert(t, icmd.Success)
-
-	// try running with the original client from the evil notary server. This should failed
-	// because the new root is invalid
-	icmd.RunCmd(icmd.Command("docker", "run", evilImageName),
-		fixtures.WithConfig(dir.Path()),
-		fixtures.WithTrust,
-		fixtures.WithNotaryServer(fixtures.EvilNotaryURL),
-	).Assert(t, icmd.Expected{
-		ExitCode: 125,
-		Err:      "could not rotate trust to a new trusted root",
-	})
-}
-
 // TODO: create this with registry API instead of engine API
 func createRemoteImage(t *testing.T) string {
 	t.Helper()
diff --git a/e2e/global/cli_test.go b/e2e/global/cli_test.go
index 036a96519..aea0ce841 100644
--- a/e2e/global/cli_test.go
+++ b/e2e/global/cli_test.go
@@ -89,7 +89,6 @@ func TestPromptExitCode(t *testing.T) {
 
 	defaultCmdOpts := []icmd.CmdOp{
 		fixtures.WithConfig(dir.Path()),
-		fixtures.WithNotary,
 	}
 
 	testCases := []struct {
@@ -131,13 +130,6 @@ func TestPromptExitCode(t *testing.T) {
 				return icmd.Command("docker", "system", "prune")
 			},
 		},
-		{
-			name: "revoke trust",
-			run: func(t *testing.T) icmd.Cmd {
-				t.Helper()
-				return icmd.Command("docker", "trust", "revoke", "example/trust-demo")
-			},
-		},
 		{
 			name: "plugin install",
 			run: func(t *testing.T) icmd.Cmd {
diff --git a/e2e/image/pull_test.go b/e2e/image/pull_test.go
index c739e7e5e..383257bd6 100644
--- a/e2e/image/pull_test.go
+++ b/e2e/image/pull_test.go
@@ -4,81 +4,16 @@ import (
 	"testing"
 
 	"github.com/docker/cli/e2e/internal/fixtures"
-	"github.com/docker/cli/internal/test/environment"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
-	"gotest.tools/v3/golden"
 	"gotest.tools/v3/icmd"
-	"gotest.tools/v3/skip"
 )
 
 const registryPrefix = "registry:5000"
 
-func TestPullWithContentTrust(t *testing.T) {
-	skip.If(t, environment.RemoteDaemon())
-
-	// Digests in golden files are linux/amd64 specific.
-	// TODO: Fix this test and make it work on all platforms.
-	environment.SkipIfNotPlatform(t, "linux/amd64")
-
-	dir := fixtures.SetupConfigFile(t)
-	defer dir.Remove()
-	image := fixtures.CreateMaskedTrustedRemoteImage(t, registryPrefix, "trust-pull", "latest")
-	defer func() {
-		icmd.RunCommand("docker", "image", "rm", image).Assert(t, icmd.Success)
-	}()
-
-	result := icmd.RunCmd(icmd.Command("docker", "pull", image),
-		fixtures.WithConfig(dir.Path()),
-		fixtures.WithTrust,
-		fixtures.WithNotary,
-	)
-	result.Assert(t, icmd.Success)
-	golden.Assert(t, result.Stderr(), "pull-with-content-trust-err.golden")
-	golden.Assert(t, result.Stdout(), "pull-with-content-trust.golden")
-}
-
 func TestPullQuiet(t *testing.T) {
 	result := icmd.RunCommand("docker", "pull", "--quiet", fixtures.AlpineImage)
 	result.Assert(t, icmd.Success)
-	assert.Check(t, is.Equal(result.Stdout(), "registry:5000/alpine:frozen\n"))
+	assert.Check(t, is.Equal(result.Stdout(), registryPrefix+"/alpine:frozen\n"))
 	assert.Check(t, is.Equal(result.Stderr(), ""))
 }
-
-func TestPullWithContentTrustUsesCacheWhenNotaryUnavailable(t *testing.T) {
-	skip.If(t, environment.RemoteDaemon())
-
-	dir := fixtures.SetupConfigFile(t)
-	defer dir.Remove()
-	image := fixtures.CreateMaskedTrustedRemoteImage(t, registryPrefix, "trust-pull-unreachable", "latest")
-	defer func() {
-		icmd.RunCommand("docker", "image", "rm", image).Assert(t, icmd.Success)
-	}()
-	result := icmd.RunCmd(icmd.Command("docker", "pull", image),
-		fixtures.WithConfig(dir.Path()),
-		fixtures.WithTrust,
-		fixtures.WithNotaryServer("https://invalidnotaryserver"),
-	)
-	result.Assert(t, icmd.Expected{
-		ExitCode: 1,
-		Err:      "error contacting notary server",
-	})
-
-	// Do valid trusted pull to warm cache
-	result = icmd.RunCmd(icmd.Command("docker", "pull", image),
-		fixtures.WithConfig(dir.Path()),
-		fixtures.WithTrust,
-		fixtures.WithNotary,
-	)
-	result.Assert(t, icmd.Success)
-	result = icmd.RunCommand("docker", "rmi", image)
-	result.Assert(t, icmd.Success)
-
-	// Try pull again with invalid notary server, should use cache
-	result = icmd.RunCmd(icmd.Command("docker", "pull", image),
-		fixtures.WithConfig(dir.Path()),
-		fixtures.WithTrust,
-		fixtures.WithNotaryServer("https://invalidnotaryserver"),
-	)
-	result.Assert(t, icmd.Success)
-}
diff --git a/e2e/image/push_test.go b/e2e/image/push_test.go
index 3ee86c535..b1f27da52 100644
--- a/e2e/image/push_test.go
+++ b/e2e/image/push_test.go
@@ -1,85 +1,11 @@
 package image
 
 import (
-	"fmt"
-	"os"
-	"strings"
 	"testing"
 
-	"github.com/docker/cli/e2e/internal/fixtures"
-	"github.com/docker/cli/internal/test/environment"
-	"github.com/docker/cli/internal/test/output"
-	"gotest.tools/v3/assert"
-	"gotest.tools/v3/fs"
-	"gotest.tools/v3/golden"
 	"gotest.tools/v3/icmd"
-	"gotest.tools/v3/skip"
 )
 
-const (
-	notary = "/usr/local/bin/notary"
-
-	pubkey1  = "./testdata/notary/delgkey1.crt"
-	privkey1 = "./testdata/notary/delgkey1.key"
-	pubkey2  = "./testdata/notary/delgkey2.crt"
-	privkey2 = "./testdata/notary/delgkey2.key"
-	pubkey3  = "./testdata/notary/delgkey3.crt"
-	privkey3 = "./testdata/notary/delgkey3.key"
-	pubkey4  = "./testdata/notary/delgkey4.crt"
-	privkey4 = "./testdata/notary/delgkey4.key"
-)
-
-func TestPushAllTags(t *testing.T) {
-	skip.If(t, environment.RemoteDaemon())
-
-	// Compared digests are linux/amd64 specific.
-	// TODO: Fix this test and make it work on all platforms.
-	environment.SkipIfNotPlatform(t, "linux/amd64")
-
-	_ = createImage(t, "push-all-tags", "latest", "v1", "v1.0", "v1.0.1")
-	result := icmd.RunCmd(icmd.Command("docker", "push", "--all-tags", registryPrefix+"/push-all-tags"))
-
-	result.Assert(t, icmd.Success)
-	golden.Assert(t, result.Stderr(), "push-with-content-trust-err.golden")
-	output.Assert(t, result.Stdout(), map[int]func(string) error{
-		0:  output.Equals("The push refers to repository [registry:5000/push-all-tags]"),
-		1:  output.Equals("7cd52847ad77: Preparing"),
-		3:  output.Equals("latest: digest: sha256:e2e16842c9b54d985bf1ef9242a313f36b856181f188de21313820e177002501 size: 528"),
-		6:  output.Equals("v1: digest: sha256:e2e16842c9b54d985bf1ef9242a313f36b856181f188de21313820e177002501 size: 528"),
-		9:  output.Equals("v1.0: digest: sha256:e2e16842c9b54d985bf1ef9242a313f36b856181f188de21313820e177002501 size: 528"),
-		12: output.Equals("v1.0.1: digest: sha256:e2e16842c9b54d985bf1ef9242a313f36b856181f188de21313820e177002501 size: 528"),
-	})
-}
-
-func TestPushWithContentTrust(t *testing.T) {
-	skip.If(t, environment.RemoteDaemon())
-
-	// Compared digests are linux/amd64 specific.
-	// TODO: Fix this test and make it work on all platforms.
-	environment.SkipIfNotPlatform(t, "linux/amd64")
-
-	dir := fixtures.SetupConfigFile(t)
-	defer dir.Remove()
-	image := createImage(t, "trust-push", "latest")
-
-	result := icmd.RunCmd(icmd.Command("docker", "push", image),
-		fixtures.WithConfig(dir.Path()),
-		fixtures.WithTrust,
-		fixtures.WithNotary,
-		fixtures.WithPassphrase("foo", "bar"),
-	)
-	result.Assert(t, icmd.Success)
-	golden.Assert(t, result.Stderr(), "push-with-content-trust-err.golden")
-	output.Assert(t, result.Stdout(), map[int]func(string) error{
-		0: output.Equals("The push refers to repository [registry:5000/trust-push]"),
-		1: output.Equals("7cd52847ad77: Preparing"),
-		3: output.Equals("latest: digest: sha256:e2e16842c9b54d985bf1ef9242a313f36b856181f188de21313820e177002501 size: 528"),
-		4: output.Equals("Signing and pushing trust metadata"),
-		5: output.Equals(`Finished initializing "registry:5000/trust-push"`),
-		6: output.Equals("Successfully signed registry:5000/trust-push:latest"),
-	})
-}
-
 func TestPushQuietErrors(t *testing.T) {
 	result := icmd.RunCmd(icmd.Command("docker", "push", "--quiet", "nosuchimage"))
 	result.Assert(t, icmd.Expected{
@@ -87,351 +13,3 @@ func TestPushQuietErrors(t *testing.T) {
 		Err:      "An image does not exist locally with the tag: nosuchimage",
 	})
 }
-
-func TestPushWithContentTrustUnreachableServer(t *testing.T) {
-	skip.If(t, environment.RemoteDaemon())
-
-	dir := fixtures.SetupConfigFile(t)
-	defer dir.Remove()
-	image := createImage(t, "trust-push-unreachable", "latest")
-
-	result := icmd.RunCmd(icmd.Command("docker", "push", image),
-		fixtures.WithConfig(dir.Path()),
-		fixtures.WithTrust,
-		fixtures.WithNotaryServer("https://invalidnotaryserver"),
-	)
-	result.Assert(t, icmd.Expected{
-		ExitCode: 1,
-		Err:      "error contacting notary server",
-	})
-}
-
-func TestPushWithContentTrustExistingTag(t *testing.T) {
-	skip.If(t, environment.RemoteDaemon())
-
-	dir := fixtures.SetupConfigFile(t)
-	defer dir.Remove()
-	image := createImage(t, "trust-push-existing", "latest")
-
-	result := icmd.RunCmd(icmd.Command("docker", "push", image))
-	result.Assert(t, icmd.Success)
-
-	result = icmd.RunCmd(icmd.Command("docker", "push", image),
-		fixtures.WithConfig(dir.Path()),
-		fixtures.WithTrust,
-		fixtures.WithNotary,
-		fixtures.WithPassphrase("foo", "bar"),
-	)
-	result.Assert(t, icmd.Expected{
-		Out: "Signing and pushing trust metadata",
-	})
-
-	// Re-push
-	result = icmd.RunCmd(icmd.Command("docker", "push", image),
-		fixtures.WithConfig(dir.Path()),
-		fixtures.WithTrust,
-		fixtures.WithNotary,
-		fixtures.WithPassphrase("foo", "bar"),
-	)
-	result.Assert(t, icmd.Expected{
-		Out: "Signing and pushing trust metadata",
-	})
-}
-
-func TestPushWithContentTrustReleasesDelegationOnly(t *testing.T) {
-	skip.If(t, environment.RemoteDaemon())
-
-	role := "targets/releases"
-
-	dir := fixtures.SetupConfigFile(t)
-	defer dir.Remove()
-	copyPrivateKey(t, dir.Join("trust", "private"), privkey1)
-	notaryDir := setupNotaryConfig(t, dir)
-	defer notaryDir.Remove()
-	homeDir := fs.NewDir(t, "push_test_home")
-	defer notaryDir.Remove()
-
-	baseRef := fmt.Sprintf("%s/%s", registryPrefix, "trust-push-releases-delegation")
-	targetRef := fmt.Sprintf("%s:%s", baseRef, "latest")
-
-	// Init repository
-	notaryInit(t, notaryDir, homeDir, baseRef)
-	// Add delegation key (public key)
-	notaryAddDelegation(t, notaryDir, homeDir, baseRef, role, pubkey1)
-	// Publish it
-	notaryPublish(t, notaryDir, homeDir, baseRef)
-	// Import private key
-	notaryImportPrivateKey(t, notaryDir, homeDir, baseRef, role, privkey1)
-
-	// Tag & push with content trust
-	icmd.RunCommand("docker", "pull", fixtures.AlpineImage).Assert(t, icmd.Success)
-	icmd.RunCommand("docker", "tag", fixtures.AlpineImage, targetRef).Assert(t, icmd.Success)
-	result := icmd.RunCmd(icmd.Command("docker", "push", targetRef),
-		fixtures.WithConfig(dir.Path()),
-		fixtures.WithTrust,
-		fixtures.WithNotary,
-		fixtures.WithPassphrase("foo", "foo"),
-	)
-	result.Assert(t, icmd.Expected{
-		Out: "Signing and pushing trust metadata",
-	})
-
-	targetsInRole := notaryListTargetsInRole(t, notaryDir, homeDir, baseRef, role)
-	assert.Assert(t, targetsInRole["latest"] == role, "%v", targetsInRole)
-	targetsInRole = notaryListTargetsInRole(t, notaryDir, homeDir, baseRef, "targets")
-	assert.Assert(t, targetsInRole["latest"] != "targets", "%v", targetsInRole)
-
-	result = icmd.RunCmd(icmd.Command("docker", "pull", targetRef),
-		fixtures.WithConfig(dir.Path()),
-		fixtures.WithTrust,
-		fixtures.WithNotary,
-	)
-	result.Assert(t, icmd.Success)
-}
-
-func TestPushWithContentTrustSignsAllFirstLevelRolesWeHaveKeysFor(t *testing.T) {
-	skip.If(t, environment.RemoteDaemon())
-
-	dir := fixtures.SetupConfigFile(t)
-	defer dir.Remove()
-	copyPrivateKey(t, dir.Join("trust", "private"), privkey1)
-	copyPrivateKey(t, dir.Join("trust", "private"), privkey2)
-	copyPrivateKey(t, dir.Join("trust", "private"), privkey3)
-	notaryDir := setupNotaryConfig(t, dir)
-	defer notaryDir.Remove()
-	homeDir := fs.NewDir(t, "push_test_home")
-	defer notaryDir.Remove()
-
-	baseRef := fmt.Sprintf("%s/%s", registryPrefix, "trust-push-releases-first-roles")
-	targetRef := fmt.Sprintf("%s:%s", baseRef, "latest")
-
-	// Init repository
-	notaryInit(t, notaryDir, homeDir, baseRef)
-	// Add delegation key (public key)
-	notaryAddDelegation(t, notaryDir, homeDir, baseRef, "targets/role1", pubkey1)
-	notaryAddDelegation(t, notaryDir, homeDir, baseRef, "targets/role2", pubkey2)
-	notaryAddDelegation(t, notaryDir, homeDir, baseRef, "targets/role3", pubkey3)
-	notaryAddDelegation(t, notaryDir, homeDir, baseRef, "targets/role1/subrole", pubkey3)
-	// Import private key
-	notaryImportPrivateKey(t, notaryDir, homeDir, baseRef, "targets/role1", privkey1)
-	notaryImportPrivateKey(t, notaryDir, homeDir, baseRef, "targets/role2", privkey2)
-	notaryImportPrivateKey(t, notaryDir, homeDir, baseRef, "targets/role1/subrole", privkey3)
-	// Publish it
-	notaryPublish(t, notaryDir, homeDir, baseRef)
-
-	// Tag & push with content trust
-	icmd.RunCommand("docker", "pull", fixtures.AlpineImage).Assert(t, icmd.Success)
-	icmd.RunCommand("docker", "tag", fixtures.AlpineImage, targetRef).Assert(t, icmd.Success)
-	result := icmd.RunCmd(icmd.Command("docker", "push", targetRef),
-		fixtures.WithConfig(dir.Path()),
-		fixtures.WithTrust,
-		fixtures.WithNotary,
-		fixtures.WithPassphrase("foo", "foo"),
-	)
-	result.Assert(t, icmd.Expected{
-		Out: "Signing and pushing trust metadata",
-	})
-
-	// check to make sure that the target has been added to targets/role1 and targets/role2, and
-	// not targets (because there are delegations) or targets/role3 (due to missing key) or
-	// targets/role1/subrole (due to it being a second level delegation)
-	targetsInRole := notaryListTargetsInRole(t, notaryDir, homeDir, baseRef, "targets/role1")
-	assert.Assert(t, targetsInRole["latest"] == "targets/role1", "%v", targetsInRole)
-	targetsInRole = notaryListTargetsInRole(t, notaryDir, homeDir, baseRef, "targets/role2")
-	assert.Assert(t, targetsInRole["latest"] == "targets/role2", "%v", targetsInRole)
-	targetsInRole = notaryListTargetsInRole(t, notaryDir, homeDir, baseRef, "targets")
-	assert.Assert(t, targetsInRole["latest"] != "targets", "%v", targetsInRole)
-
-	assert.NilError(t, os.RemoveAll(dir.Join("trust")))
-	// Try to pull, should fail because non of these are the release role
-	// FIXME(vdemeester) should be unit test
-	result = icmd.RunCmd(icmd.Command("docker", "pull", targetRef),
-		fixtures.WithConfig(dir.Path()),
-		fixtures.WithTrust,
-		fixtures.WithNotary,
-	)
-	result.Assert(t, icmd.Expected{
-		ExitCode: 1,
-	})
-}
-
-func TestPushWithContentTrustSignsForRolesWithKeysAndValidPaths(t *testing.T) {
-	skip.If(t, environment.RemoteDaemon())
-
-	dir := fixtures.SetupConfigFile(t)
-	defer dir.Remove()
-	copyPrivateKey(t, dir.Join("trust", "private"), privkey1)
-	copyPrivateKey(t, dir.Join("trust", "private"), privkey2)
-	copyPrivateKey(t, dir.Join("trust", "private"), privkey3)
-	copyPrivateKey(t, dir.Join("trust", "private"), privkey4)
-	notaryDir := setupNotaryConfig(t, dir)
-	defer notaryDir.Remove()
-	homeDir := fs.NewDir(t, "push_test_home")
-	defer notaryDir.Remove()
-
-	baseRef := fmt.Sprintf("%s/%s", registryPrefix, "trust-push-releases-keys-valid-paths")
-	targetRef := fmt.Sprintf("%s:%s", baseRef, "latest")
-
-	// Init repository
-	notaryInit(t, notaryDir, homeDir, baseRef)
-	// Add delegation key (public key)
-	notaryAddDelegation(t, notaryDir, homeDir, baseRef, "targets/role1", pubkey1, "l", "z")
-	notaryAddDelegation(t, notaryDir, homeDir, baseRef, "targets/role2", pubkey2, "x", "y")
-	notaryAddDelegation(t, notaryDir, homeDir, baseRef, "targets/role3", pubkey3, "latest")
-	notaryAddDelegation(t, notaryDir, homeDir, baseRef, "targets/role4", pubkey4, "latest")
-	// Import private keys (except 3rd key)
-	notaryImportPrivateKey(t, notaryDir, homeDir, baseRef, "targets/role1", privkey1)
-	notaryImportPrivateKey(t, notaryDir, homeDir, baseRef, "targets/role2", privkey2)
-	notaryImportPrivateKey(t, notaryDir, homeDir, baseRef, "targets/role4", privkey4)
-	// Publish it
-	notaryPublish(t, notaryDir, homeDir, baseRef)
-
-	// Tag & push with content trust
-	icmd.RunCommand("docker", "pull", fixtures.AlpineImage).Assert(t, icmd.Success)
-	icmd.RunCommand("docker", "tag", fixtures.AlpineImage, targetRef).Assert(t, icmd.Success)
-	result := icmd.RunCmd(icmd.Command("docker", "push", targetRef),
-		fixtures.WithConfig(dir.Path()),
-		fixtures.WithTrust,
-		fixtures.WithNotary,
-		fixtures.WithPassphrase("foo", "foo"),
-	)
-	result.Assert(t, icmd.Expected{
-		Out: "Signing and pushing trust metadata",
-	})
-
-	// check to make sure that the target has been added to targets/role1 and targets/role4, and
-	// not targets (because there are delegations) or targets/role2 (due to path restrictions) or
-	// targets/role3 (due to missing key)
-	targetsInRole := notaryListTargetsInRole(t, notaryDir, homeDir, baseRef, "targets/role1")
-	assert.Assert(t, targetsInRole["latest"] == "targets/role1", "%v", targetsInRole)
-	targetsInRole = notaryListTargetsInRole(t, notaryDir, homeDir, baseRef, "targets/role4")
-	assert.Assert(t, targetsInRole["latest"] == "targets/role4", "%v", targetsInRole)
-	targetsInRole = notaryListTargetsInRole(t, notaryDir, homeDir, baseRef, "targets")
-	assert.Assert(t, targetsInRole["latest"] != "targets", "%v", targetsInRole)
-
-	assert.NilError(t, os.RemoveAll(dir.Join("trust")))
-	// Try to pull, should fail because non of these are the release role
-	// FIXME(vdemeester) should be unit test
-	result = icmd.RunCmd(icmd.Command("docker", "pull", targetRef),
-		fixtures.WithConfig(dir.Path()),
-		fixtures.WithTrust,
-		fixtures.WithNotary,
-	)
-	result.Assert(t, icmd.Expected{
-		ExitCode: 1,
-	})
-}
-
-func createImage(t *testing.T, repo string, tags ...string) string {
-	t.Helper()
-	icmd.RunCommand("docker", "pull", fixtures.AlpineImage).Assert(t, icmd.Success)
-
-	for _, tag := range tags {
-		image := fmt.Sprintf("%s/%s:%s", registryPrefix, repo, tag)
-		icmd.RunCommand("docker", "tag", fixtures.AlpineImage, image).Assert(t, icmd.Success)
-	}
-	return fmt.Sprintf("%s/%s:%s", registryPrefix, repo, tags[0])
-}
-
-//nolint:unparam
-func withNotaryPassphrase(pwd string) func(*icmd.Cmd) {
-	return func(c *icmd.Cmd) {
-		c.Env = append(c.Env, []string{
-			"NOTARY_ROOT_PASSPHRASE=" + pwd,
-			"NOTARY_TARGETS_PASSPHRASE=" + pwd,
-			"NOTARY_SNAPSHOT_PASSPHRASE=" + pwd,
-			"NOTARY_DELEGATION_PASSPHRASE=" + pwd,
-		}...)
-	}
-}
-
-func notaryImportPrivateKey(t *testing.T, notaryDir, homeDir *fs.Dir, baseRef, role, privkey string) {
-	t.Helper()
-	icmd.RunCmd(
-		icmd.Command(notary, "-c", notaryDir.Join("client-config.json"), "key", "import", privkey, "-g", baseRef, "-r", role),
-		withNotaryPassphrase("foo"),
-		fixtures.WithHome(homeDir.Path()),
-	).Assert(t, icmd.Success)
-}
-
-func notaryPublish(t *testing.T, notaryDir, homeDir *fs.Dir, baseRef string) {
-	t.Helper()
-	icmd.RunCmd(
-		icmd.Command(notary, "-c", notaryDir.Join("client-config.json"), "publish", baseRef),
-		withNotaryPassphrase("foo"),
-		fixtures.WithHome(homeDir.Path()),
-	).Assert(t, icmd.Success)
-}
-
-func notaryAddDelegation(t *testing.T, notaryDir, homeDir *fs.Dir, baseRef, role, pubkey string, paths ...string) {
-	t.Helper()
-	pathsArg := "--all-paths"
-	if len(paths) > 0 {
-		pathsArg = "--paths=" + strings.Join(paths, ",")
-	}
-	icmd.RunCmd(
-		icmd.Command(notary, "-c", notaryDir.Join("client-config.json"), "delegation", "add", baseRef, role, pubkey, pathsArg),
-		withNotaryPassphrase("foo"),
-		fixtures.WithHome(homeDir.Path()),
-	).Assert(t, icmd.Success)
-}
-
-func notaryInit(t *testing.T, notaryDir, homeDir *fs.Dir, baseRef string) {
-	t.Helper()
-	icmd.RunCmd(
-		icmd.Command(notary, "-c", notaryDir.Join("client-config.json"), "init", baseRef),
-		withNotaryPassphrase("foo"),
-		fixtures.WithHome(homeDir.Path()),
-	).Assert(t, icmd.Success)
-}
-
-func notaryListTargetsInRole(t *testing.T, notaryDir, homeDir *fs.Dir, baseRef, role string) map[string]string {
-	t.Helper()
-	result := icmd.RunCmd(
-		icmd.Command(notary, "-c", notaryDir.Join("client-config.json"), "list", baseRef, "-r", role),
-		fixtures.WithHome(homeDir.Path()),
-	)
-	out := result.Combined()
-
-	// should look something like:
-	//    NAME                                 DIGEST                                SIZE (BYTES)    ROLE
-	// ------------------------------------------------------------------------------------------------------
-	//   latest   24a36bbc059b1345b7e8be0df20f1b23caa3602e85d42fff7ecd9d0bd255de56   1377           targets
-
-	targets := make(map[string]string)
-
-	// no target
-	lines := strings.Split(strings.TrimSpace(out), "\n")
-	if len(lines) == 1 && strings.Contains(out, "No targets present in this repository.") {
-		return targets
-	}
-
-	// otherwise, there is at least one target
-	assert.Assert(t, len(lines) >= 3, "output is %s", out)
-
-	for _, line := range lines[2:] {
-		tokens := strings.Fields(line)
-		assert.Assert(t, len(tokens) == 4)
-		targets[tokens[0]] = tokens[3]
-	}
-
-	return targets
-}
-
-func setupNotaryConfig(t *testing.T, dockerConfigDir fs.Dir) *fs.Dir {
-	t.Helper()
-	return fs.NewDir(t, "notary_test", fs.WithMode(0o700),
-		fs.WithFile("client-config.json", fmt.Sprintf(`
-{
-	"trust_dir": "%s",
-	"remote_server": {
-		"url": "%s"
-	}
-}`, dockerConfigDir.Join("trust"), fixtures.NotaryURL)),
-	)
-}
-
-func copyPrivateKey(t *testing.T, dir, source string) {
-	t.Helper()
-	icmd.RunCommand("/bin/cp", source, dir).Assert(t, icmd.Success)
-}
diff --git a/e2e/image/testdata/notary/delgkey1.crt b/e2e/image/testdata/notary/delgkey1.crt
deleted file mode 100644
index 2218f23c8..000000000
--- a/e2e/image/testdata/notary/delgkey1.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDhTCCAm2gAwIBAgIJAP2EcMN2UXPcMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMQ8wDQYD
-VQQKEwZEb2NrZXIxEzARBgNVBAMTCmRlbGVnYXRpb24wHhcNMTYwOTI4MTc0ODQ4
-WhcNMjYwNjI4MTc0ODQ4WjBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTAT
-BgNVBAcTDFNhbkZyYW5jaXNjbzEPMA0GA1UEChMGRG9ja2VyMRMwEQYDVQQDEwpk
-ZWxlZ2F0aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgewhaYs
-Ke5s2AM7xxKrT4A6n7hW17qSnBjonCcPcwTFmYqIOdxWjYITgJuHrTwB4ZhBqWS7
-tTsUUu6hWLMeB7Uo5/GEQAAZspKkT9G/rNKF9lbWK9PPhGGkeR01c/Q932m92Hsn
-fCQ0Pp/OzD3nVTh0v9HKk+PObNMOCcqG87eYs4ylPRxs0RrE/rP+bEGssKQSbeCZ
-wazDnO+kiatVgKQZ2CK23iFdRE1z2rzqVDeaFWdvBqrRdWnkOZClhlLgEQ5nK2yV
-B6tSqOiI3MmHyHzIkGOQJp2/s7Pe0ckEkzsjTsJW8oKHlBBl6pRxHIKzNN4VFbeB
-vvYvrogrDrC/owIDAQABo1QwUjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF
-oDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUFoHfukRa6qGk1ncON64Z
-ASKlZdkwDQYJKoZIhvcNAQELBQADggEBAEq9Adpd03CPmpbRtTAJGAkjjLFr60sV
-2r+/l/m9R31ZCN9ymM9nxToQ8zfMdeAh/nnPcErziil2gDVqXueCNDkRj09tmDIE
-Q1Oc92uyNZNgcECow77cKZCTZSTku+qsJrYaykH5vSnia8ltcKj8inJedIcpBR+p
-608HEQvF0Eg5eaLPJwH48BCb0Gqdri1dJgrNnqptz7MDr8M+u7tHVulbAd3YxLlq
-JH1W2bkVUx6esbn/MUE5HL5iTuOYREEINvBSmLdmmFkampmCnCB/bDEyJeL9bAkt
-ZPIi0UNSnqFKLSP1Vf8AGLXt6iO7+1OGvtsDXEEYdXVOMsSXZtUuT7A=
------END CERTIFICATE-----
diff --git a/e2e/image/testdata/notary/delgkey1.key b/e2e/image/testdata/notary/delgkey1.key
deleted file mode 100644
index cb37efc94..000000000
--- a/e2e/image/testdata/notary/delgkey1.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAvgewhaYsKe5s2AM7xxKrT4A6n7hW17qSnBjonCcPcwTFmYqI
-OdxWjYITgJuHrTwB4ZhBqWS7tTsUUu6hWLMeB7Uo5/GEQAAZspKkT9G/rNKF9lbW
-K9PPhGGkeR01c/Q932m92HsnfCQ0Pp/OzD3nVTh0v9HKk+PObNMOCcqG87eYs4yl
-PRxs0RrE/rP+bEGssKQSbeCZwazDnO+kiatVgKQZ2CK23iFdRE1z2rzqVDeaFWdv
-BqrRdWnkOZClhlLgEQ5nK2yVB6tSqOiI3MmHyHzIkGOQJp2/s7Pe0ckEkzsjTsJW
-8oKHlBBl6pRxHIKzNN4VFbeBvvYvrogrDrC/owIDAQABAoIBAB/o8KZwsgfUhqh7
-WoViSCwQb0e0z7hoFwhpUl4uXPTGf1v6HEgDDPG0PwwgkdbwNaypQZVtWevj4NTQ
-R326jjdjH1xbfQa2PZpz722L3jDqJR6plEtFxRoIv3KrCffPsrgabIu2mnnJJpDB
-ixtW5cq0sT4ov2i4H0i85CWWwbSY/G/MHsvCuK9PhoCj9uToVqrf1KrAESE5q4fh
-mPSYUL99KVnj7SZkUz+79rc8sLLPVks3szZACMlm1n05ZTj/d6Nd2ZZUO45DllIj
-1XJghfWmnChrB/P/KYXgQ3Y9BofIAw1ra2y3wOZeqRFNsbmojcGldfdtN/iQzhEj
-uk4ThokCgYEA9FTmv36N8qSPWuqX/KzkixDQ8WrDGohcB54kK98Wx4ijXx3i38SY
-tFjO8YUS9GVo1+UgmRjZbzVX7xeum6+TdBBwOjNOxEQ4tzwiQBWDdGpli8BccdJ2
-OOIVxSslWhiUWfpYloXVetrR88iHbT882g795pbonDaJdXSLnij4UW8CgYEAxxrr
-QFpsmOEZvI/yPSOGdG7A1RIsCeH+cEOf4cKghs7+aCtAHlIweztNOrqirl3oKI1r
-I0zQl46WsaW8S/y99v9lmmnZbWwqLa4vIu0NWs0zaZdzKZw3xljMhgp4Ge69hHa2
-utCtAxcX+7q/yLlHoTiYwKdxX54iLkheCB8csw0CgYEAleEG820kkjXUIodJ2JwO
-Tihwo8dEC6CeI6YktizRgnEVFqH0rCOjMO5Rc+KX8AfNOrK5PnD54LguSuKSH7qi
-j04OKgWTSd43lF90+y63RtCFnibQDpp2HwrBJAQFk7EEP/XMJfnPLN/SbuMSADgM
-kg8kPTFRW5Iw3DYz9z9WpE0CgYAkn6/8Q2XMbUOFqti9JEa8Lg8sYk5VdwuNbPMA
-3QMYKQUk9ieyLB4c3Nik3+XCuyVUKEc31A5egmz3umu7cn8i6vGuiJ/k/8t2YZ7s
-Bry5Ihu95Yzab5DW3Eiqs0xKQN79ebS9AluAwQO5Wy2h52rknfuDHIm/M+BHsSoS
-xl5KFQKBgQCokCsYuX1z2GojHw369/R2aX3ovCGuHqy4k7fWxUrpHTHvth2+qNPr
-84qLJ9rLWoZE5sUiZ5YdwCgW877EdfkT+v4aaBX79ixso5VdqgJ/PdnoNntah/Vq
-njQiW1skn6/P5V/eyimN2n0VsyBr/zMDEtYTRP/Tb1zi/njFLQkZEA==
------END RSA PRIVATE KEY-----
diff --git a/e2e/image/testdata/notary/delgkey2.crt b/e2e/image/testdata/notary/delgkey2.crt
deleted file mode 100644
index bec084790..000000000
--- a/e2e/image/testdata/notary/delgkey2.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDhTCCAm2gAwIBAgIJAIq8naKlYAQfMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMQ8wDQYD
-VQQKEwZEb2NrZXIxEzARBgNVBAMTCmRlbGVnYXRpb24wHhcNMTYwOTI4MTc0ODQ4
-WhcNMjYwNjI4MTc0ODQ4WjBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTAT
-BgNVBAcTDFNhbkZyYW5jaXNjbzEPMA0GA1UEChMGRG9ja2VyMRMwEQYDVQQDEwpk
-ZWxlZ2F0aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyY2EWYTW
-5VHipw08t675upmD6a+akiuZ1z+XpuOxZCgjZ0aHfoOe8wGKg3Ohz7UCBdD5Mob/
-L/qvRlsCaqPHGZKIyyX1HDO4mpuQQFBhYxt+ZAO3AaawEUOw2rwwMDEjLnDDTSZM
-z8jxCMvsJjBDqgb8g3z+AmjducQ/OH6llldgHIBY8ioRbROCL2PGgqywWq2fThav
-c70YMxtKviBGDNCouYeQ8JMK/PuLwPNDXNQAagFHVARXiUv/ILHk7ImYnSGJUcuk
-JTUGN2MBnpY0eakg7i+4za8sjjqOdn+2I6aVzlGJDSiRP72nkg/cE4BqMl9FrMwK
-9iS8xa9yMDLUvwIDAQABo1QwUjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF
-oDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUvQzzFmh3Sv3HcdExY3wx
-/1u6JLAwDQYJKoZIhvcNAQELBQADggEBAJcmDme2Xj/HPUPwaN/EyCmjhY73EiHO
-x6Pm16tscg5JGn5A+u3CZ1DmxUYl8Hp6MaW/sWzdtL0oKJg76pynadCWh5EacFR8
-u+2GV/IcN9mSX6JQzvrqbjSqo5/FehqBD+W5h3euwwApWA3STAadYeyEfmdOA3SQ
-W1vzrA1y7i8qgTqeJ7UX1sEAXlIhBK2zPYaMB+en+ZOiPyNxJYj6IDdGdD2paC9L
-6H9wKC+GAUTSdCWp89HP7ETSXEGr94AXkrwU+qNsiN+OyK8ke0EMngEPh5IQoplw
-/7zEZCth3oKxvR1/4S5LmTVaHI2ZlbU4q9bnY72G4tw8YQr2gcBGo4w=
------END CERTIFICATE-----
diff --git a/e2e/image/testdata/notary/delgkey2.key b/e2e/image/testdata/notary/delgkey2.key
deleted file mode 100644
index 5ccabe908..000000000
--- a/e2e/image/testdata/notary/delgkey2.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAyY2EWYTW5VHipw08t675upmD6a+akiuZ1z+XpuOxZCgjZ0aH
-foOe8wGKg3Ohz7UCBdD5Mob/L/qvRlsCaqPHGZKIyyX1HDO4mpuQQFBhYxt+ZAO3
-AaawEUOw2rwwMDEjLnDDTSZMz8jxCMvsJjBDqgb8g3z+AmjducQ/OH6llldgHIBY
-8ioRbROCL2PGgqywWq2fThavc70YMxtKviBGDNCouYeQ8JMK/PuLwPNDXNQAagFH
-VARXiUv/ILHk7ImYnSGJUcukJTUGN2MBnpY0eakg7i+4za8sjjqOdn+2I6aVzlGJ
-DSiRP72nkg/cE4BqMl9FrMwK9iS8xa9yMDLUvwIDAQABAoIBAHmffvzx7ydESWwa
-zcfdu26BkptiTvjjfJrqEd4wSewxWGPKqJqMXE8xX99A2KTZClZuKuH1mmnecQQY
-iRXGrK9ewFMuHYGeKEiLlPlqR8ohXhyGLVm+t0JDwaXMp5t9G0i73O5iLTm5fNGd
-FGxa9YnVW20Q8MqNczbVGH1D1zInhxzzOyFzBd4bBBJ8PdrUdyLpd7+RxY2ghnbT
-p9ZANR2vk5zmDLJgZx72n/u+miJWuhY6p0v3Vq4z/HHgdhf+K6vpDdzTcYlA0rO4
-c/c+RKED3ZadGUD5QoLsmEN0e3FVSMPN1kt4ZRTqWfH8f2X4mLz33aBryTjktP6+
-1rX6ThECgYEA74wc1Tq23B5R0/GaMm1AK3Ko2zzTD8wK7NSCElh2dls02B+GzrEB
-aE3A2GMQSuzb+EA0zkipwANBaqs3ZemH5G1pu4hstQsXCMd4jAJn0TmTXlplXBCf
-PSc8ZUU6XcJENRr9Q7O9/TGlgahX+z0ndxYx/CMCsSu7XsMg4IZsbAcCgYEA12Vb
-wKOVG15GGp7pMshr+2rQfVimARUP4gf3JnQmenktI4PfdnMW3a4L3DEHfLhIerwT
-6lRp/NpxSADmuT4h1UO1l2lc+gmTVPw0Vbl6VwHpgS5Kfu4ZyM6n3S66f/dE4nu7
-hQF9yZz7vn5Agghak4p6a1wC1gdMzR1tvxFzk4kCgYByBMTskWfcWeok8Yitm+bB
-R3Ar+kWT7VD97SCETusD5uG+RTNLSmEbHnc+B9kHcLo67YS0800pAeOvPBPARGnU
-RmffRU5I1iB+o0MzkSmNItSMQoagTaEd4IEUyuC/I+qHRHNsOC+kRm86ycAm67LP
-MhdUpe1wGxqyPjp15EXTHQKBgDKzFu+3EWfJvvKRKQ7dAh3BvKVkcl6a2Iw5l8Ej
-YdM+JpPPfI/i8yTmzL/dgoem0Nii4IUtrWzo9fUe0TAVId2S/HFRSaNJEbbVTnRH
-HjbQqmfPv5U08jjD+9siHp/0UfCFc1QRT8xe+RqTmReCY9+KntoaZEiAm2FEZgqt
-TukRAoGAf7QqbTP5/UH1KSkX89F5qy/6GS3pw6TLj9Ufm/l/NO8Um8gag6YhEKWR
-7HpkpCqjfWj8Av8ESR9cqddPGrbdqXFm9z7dCjlAd5T3Q3h/h+v+JzLQWbsI6WOb
-SsOSWNyE006ZZdIiFwO6GfxpLI24sVtYKgyob6Q71oxSqfnrnT0=
------END RSA PRIVATE KEY-----
diff --git a/e2e/image/testdata/notary/delgkey3.crt b/e2e/image/testdata/notary/delgkey3.crt
deleted file mode 100644
index f434b45fc..000000000
--- a/e2e/image/testdata/notary/delgkey3.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDhTCCAm2gAwIBAgIJAKHt/jxiWqMtMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMQ8wDQYD
-VQQKEwZEb2NrZXIxEzARBgNVBAMTCmRlbGVnYXRpb24wHhcNMTYwOTI4MTc0ODQ5
-WhcNMjYwNjI4MTc0ODQ5WjBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTAT
-BgNVBAcTDFNhbkZyYW5jaXNjbzEPMA0GA1UEChMGRG9ja2VyMRMwEQYDVQQDEwpk
-ZWxlZ2F0aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfbJk2Dk
-C9FJVjV2+Q2CQrJphG3vFc1Qlu9jgVA5RhGmF9jJzetsclsV/95nBhinIGcSmPQA
-l318G7Bz/cG/6O2n5+hj+S1+YOvQweReZj3d4kCeS86SOyLNTpMD9gsF0S8nR1RN
-h0jD4t1vxAVeGD1o61U8/k0O5eDoeOfOSWZagKk5PhyrMZgNip4IrG46umCkFlrw
-zMMcgQdwTQXywPqkr/LmYpqT1WpMlzHYTQEY8rKorIJQbPtHVYdr4UxYnNmk6fbU
-biEP1DQlwjBWcFTsDLqXKP/K+e3O0/e/hMB0y7Tj9fZ7Viw0t5IKXZPsxMhwknUT
-9vmPzIJO6NiniwIDAQABo1QwUjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF
-oDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUdTXRP1EzxQ+UDZSoheVo
-Mobud1cwDQYJKoZIhvcNAQELBQADggEBADV9asTWWdbmpkeRuKyi0xGho39ONK88
-xxkFlco766BVgemo/rGQj3oPuw6M6SzHFoJ6JUPjmLiAQDIGEU/2/b6LcOuLjP+4
-YejCcDTY3lSW/HMNoAmzr2foo/LngNGfe/qhVFUqV7GjFT9+XzFFBfIZ1cQiL2ed
-kc8rgQxFPwWXFCSwaENWeFnMDugkd+7xanoAHq8GsJpg5fTruDTmJkUqC2RNiMLn
-WM7QaqW7+lmUnMnc1IBoz0hFhgoiadWM/1RQxx51zTVw6Au1koIm4ZXu5a+/WyC8
-K1+HyUbc0AVaDaRBpRSOR9aHRwLGh6WQ4aUZQNyJroc999qfYrDEEV8=
------END CERTIFICATE-----
diff --git a/e2e/image/testdata/notary/delgkey3.key b/e2e/image/testdata/notary/delgkey3.key
deleted file mode 100644
index a61d18cc3..000000000
--- a/e2e/image/testdata/notary/delgkey3.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAqfbJk2DkC9FJVjV2+Q2CQrJphG3vFc1Qlu9jgVA5RhGmF9jJ
-zetsclsV/95nBhinIGcSmPQAl318G7Bz/cG/6O2n5+hj+S1+YOvQweReZj3d4kCe
-S86SOyLNTpMD9gsF0S8nR1RNh0jD4t1vxAVeGD1o61U8/k0O5eDoeOfOSWZagKk5
-PhyrMZgNip4IrG46umCkFlrwzMMcgQdwTQXywPqkr/LmYpqT1WpMlzHYTQEY8rKo
-rIJQbPtHVYdr4UxYnNmk6fbUbiEP1DQlwjBWcFTsDLqXKP/K+e3O0/e/hMB0y7Tj
-9fZ7Viw0t5IKXZPsxMhwknUT9vmPzIJO6NiniwIDAQABAoIBAQCAr/ed3A2umO7T
-FDYZik3nXBiiiW4t7r+nGGgZ3/kNgY1lnuHlROxehXLZwbX1mrLnyML/BjhwezV9
-7ZNVPd6laVPpNj6DyxtWHRZ5yARlm1Al39E7CpQTrF0QsiWcpGnqIa62xjDRTpnq
-askV/Q5qggyvqmE9FnFCQpEiAjlhvp7F0kVHVJm9s3MK3zSyR0UTZ3cpYus2Jr2z
-OotHgAMHq5Hgb3dvxOeE2xRMeYAVDujbkNzXm2SddAtiRdLhWDh7JIr3zXhp0HyN
-4rLOyhlgz00oIGeDt/C0q3fRmghr3iZOG+7m2sUx0FD1Ru1dI9v2A+jYmIVNW6+x
-YJk5PzxJAoGBANDj7AGdcHSci/LDBPoTTUiz3uucAd27/IJma/iy8mdbVfOAb0Fy
-PRSPvoozlpZyOxg2J4eH/o4QxQR4lVKtnLKZLNHK2tg3LarwyBX1LiI3vVlB+DT1
-AmV8i5bJAckDhqFeEH5qdWZFi03oZsSXWEqX5iMYCrdK5lTZggcrFZeHAoGBANBL
-fkk3knAdcVfTYpmHx18GBi2AsCWTd20KD49YBdbVy0Y2Jaa1EJAmGWpTUKdYx40R
-H5CuGgcAviXQz3bugdTU1I3tAclBtpJNU7JkhuE+Epz0CM/6WERJrE0YxcGQA5ui
-6fOguFyiXD1/85jrDBOKy74aoS7lYz9r/a6eqmjdAoGBAJpm/nmrIAZx+Ff2ouUe
-A1Ar9Ch/Zjm5zEmu3zwzOU4AiyWz14iuoktifNq2iyalRNz+mnVpplToPFizsNwu
-C9dPtXtU0DJlhtIFrD/evLz6KnGhe4/ZUm4lgyBvb2xfuNHqL5Lhqelwmil6EQxb
-Oh3Y7XkfOjyFln89TwlxZUJdAoGAJRMa4kta7EvBTeGZLjyltvsqhFTghX+vBSCC
-ToBbYbbiHJgssXSPAylU4sD7nR3HPwuqM6VZip+OOMrm8oNXZpuPTce+xqTEq1vK
-JvmPrG3RAFDLdMFZjqYSXhKnuGE60yv3Ol8EEbDwfB3XLQPBPYU56Jdy0xcPSE2f
-dMJXEJ0CgYEAisZw0nXw6lFeYecu642EGuU0wv1O9i21p7eho9QwOcsoTl4Q9l+M
-M8iBv+qTHO+D19l4JbkGvy2H2diKoYduUFACcuiFYs8fjrT+4Z6DyOQAQGAf6Ylw
-BFbU15k6KbA9v4mZDfd1tY9x62L/XO55ZxYG+J+q0e26tEThgD8cEog=
------END RSA PRIVATE KEY-----
diff --git a/e2e/image/testdata/notary/delgkey4.crt b/e2e/image/testdata/notary/delgkey4.crt
deleted file mode 100644
index c8cbe46bd..000000000
--- a/e2e/image/testdata/notary/delgkey4.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDhTCCAm2gAwIBAgIJANae++ZkUEWMMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMQ8wDQYD
-VQQKEwZEb2NrZXIxEzARBgNVBAMTCmRlbGVnYXRpb24wHhcNMTYwOTI4MTc0ODQ5
-WhcNMjYwNjI4MTc0ODQ5WjBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTAT
-BgNVBAcTDFNhbkZyYW5jaXNjbzEPMA0GA1UEChMGRG9ja2VyMRMwEQYDVQQDEwpk
-ZWxlZ2F0aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqULAjgba
-Y2I10WfqdmYnPfEqEe6iMDbzcgECb2xKafXcI4ltkQj1iO4zBTs0Ft9EzXFc5ZBh
-pTjZrL6vrIa0y/CH2BiIHBJ0wRHx/40HXp4DSj3HZpVOlEMI3npRfBGNIBllUaRN
-PWG7zL7DcKMIepBfPXyjBsxzH3yNiISq0W5hSiy+ImhSo3aipJUHHcp9Z9NgvpNC
-3QvnxsGKRnECmDRDlxkq+FQu9Iqs/HWFYWgyfcsw+YTrWZq3qVnnqUouHO//c9PG
-Ry3sZSDU97MwvkjvWys1e01Xvd3AbHx08YAsxih58i/OBKe81eD9NuZDP2KrjTxI
-5xkXKhj6DV2NnQIDAQABo1QwUjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF
-oDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUDt95hiqbQvi0KcvZGAUu
-VisnztQwDQYJKoZIhvcNAQELBQADggEBAGi7qHai7MWbfeu6SlXhzIP3AIMa8TMi
-lp/+mvPUFPswIVqYJ71MAN8uA7CTH3z50a2vYupGeOEtZqVJeRf+xgOEpwycncxp
-Qz6wc6TWPVIoT5q1Hqxw1RD2MyKL+Y+QBDYwFxFkthpDMlX48I9frcqoJUWFxBF2
-lnRr/cE7BbPE3sMbXV3wGPlH7+eUf+CgzXJo2HB6THzagyEgNrDiz/0rCQa1ipFd
-mNU3D/U6BFGmJNxhvSOtXX9escg8yjr05YwwzokHS2K4jE0ZuJPBd50C/Rvo3Mf4
-0h7/2Q95e7d42zPe9WYPu2F8KTWsf4r+6ddhKrKhYzXIcTAfHIOiO+U=
------END CERTIFICATE-----
diff --git a/e2e/image/testdata/notary/delgkey4.key b/e2e/image/testdata/notary/delgkey4.key
deleted file mode 100644
index f473cc495..000000000
--- a/e2e/image/testdata/notary/delgkey4.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAqULAjgbaY2I10WfqdmYnPfEqEe6iMDbzcgECb2xKafXcI4lt
-kQj1iO4zBTs0Ft9EzXFc5ZBhpTjZrL6vrIa0y/CH2BiIHBJ0wRHx/40HXp4DSj3H
-ZpVOlEMI3npRfBGNIBllUaRNPWG7zL7DcKMIepBfPXyjBsxzH3yNiISq0W5hSiy+
-ImhSo3aipJUHHcp9Z9NgvpNC3QvnxsGKRnECmDRDlxkq+FQu9Iqs/HWFYWgyfcsw
-+YTrWZq3qVnnqUouHO//c9PGRy3sZSDU97MwvkjvWys1e01Xvd3AbHx08YAsxih5
-8i/OBKe81eD9NuZDP2KrjTxI5xkXKhj6DV2NnQIDAQABAoIBAGK0ZKnuYSiXux60
-5MvK4pOCsa/nY3mOcgVHhW4IzpRgJdIrcFOlz9ncXrBsSAIWjX7o3u2Ydvjs4DOW
-t8d6frB3QiDInYcRVDjLCD6otWV97Bk9Ua0G4N4hAWkMF7ysV4oihS1JDSoAdo39
-qOdki6s9yeyHZGKwk2oHLlowU5TxQMBA8DHmxqBII1HTm+8xRz45bcEqRXydYSUn
-P1JuSU9jFqdylxU+Nrq6ehslMQ3y7qNWQyiLGxu6EmR+vgrzSU0s3iAOqCHthaOS
-VBBXPL3DNEYUS+0QGnGrACuJhanOMBfdiO6Orelx6ZzWZm38PNGv0yBt0WCM+8/A
-TtQNGkECgYEA1LqR6AH9XikUQ0+rM4526BgVuYqtjw21h4Lj9alaA+YTQntBBJOv
-iAcUpnJiV4T8jzAMLeqpK8R/rbxRnK5S9jOV2gr+puk4L6tH46cgahBUESDigDp8
-6vK8ur6ubBcXNPh3AT6rsPj+Ph2EU3raqiYdouvCdga/OCYZb+jr6UkCgYEAy7Cr
-l8WssI/8/ORcQ4MFJFNyfz/Y2beNXyLd1PX0H+wRSiGcKzeUuTHNtzFFpMbrK/nx
-ZOPCT2ROdHsBHzp1L+WquCb0fyMVSiYiXBU+VCFDbUU5tBr3ycTc7VwuFPENOiha
-IdlWgew/aW110FQHIaqe9g+htRe+mXe++faZtbUCgYB/MSJmNzJX53XvHSZ/CBJ+
-iVAMBSfq3caJRLCqRNzGcf1YBbwFUYxlZ95n+wJj0+byckcF+UW3HqE8rtmZNf3y
-qTtTCLnj8JQgpGeybU4LPMIXD7N9+fqQvBwuCC7gABpnGJyHCQK9KNNTLnDdPRqb
-G3ki3ZYC3dvdZaJV8E2FyQKBgQCMa5Mf4kqWvezueo+QizZ0QILibqWUEhIH0AWV
-1qkhiKCytlDvCjYhJdBnxjP40Jk3i+t6XfmKud/MNTAk0ywOhQoYQeKz8v+uSnPN
-f2ekn/nXzq1lGGJSWsDjcXTjQvqXaVIZm7cjgjaE+80IfaUc9H75qvUT3vaq3f5u
-XC7DMQKBgQDMAzCCpWlEPbZoFMl6F49+7jG0/TiqM/WRUSQnNtufPMbrR9Je4QM1
-L1UCANCPaHFOncKYer15NfIV1ctt5MZKImevDsUaQO8CUlO+dzd5H8KvHw9E29gA
-B22v8k3jIjsYeRL+UJ/sBnWHgxdAe/NEM+TdlP2oP9D1gTifutPqAg==
------END RSA PRIVATE KEY-----
diff --git a/e2e/image/testdata/notary/gen.sh b/e2e/image/testdata/notary/gen.sh
deleted file mode 100755
index 8d6381cec..000000000
--- a/e2e/image/testdata/notary/gen.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-for selfsigned in delgkey1 delgkey2 delgkey3 delgkey4; do
-        subj='/C=US/ST=CA/L=SanFrancisco/O=Docker/CN=delegation'
-
-        openssl genrsa -out "${selfsigned}.key" 2048
-        openssl req -new -key "${selfsigned}.key" -out "${selfsigned}.csr" -sha256 -subj "${subj}"
-        cat > "${selfsigned}.cnf" <<EOL
-[selfsigned]
-basicConstraints = critical,CA:FALSE
-keyUsage = critical, digitalSignature, keyEncipherment
-extendedKeyUsage=codeSigning
-subjectKeyIdentifier=hash
-EOL
-
-        openssl x509 -req -days 3560 -in "${selfsigned}.csr" -signkey "${selfsigned}.key" -sha256 \
-                -out "${selfsigned}.crt" -extfile "${selfsigned}.cnf" -extensions selfsigned
-
-        rm "${selfsigned}.cnf" "${selfsigned}.csr"
-done
diff --git a/e2e/image/testdata/notary/localhost.cert b/e2e/image/testdata/notary/localhost.cert
deleted file mode 100644
index d1233a1b0..000000000
--- a/e2e/image/testdata/notary/localhost.cert
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDCTCCAfOgAwIBAgIQTOoFF+ypXwgdXnXHuCTvYDALBgkqhkiG9w0BAQswJjER
-MA8GA1UEChMIUXVpY2tUTFMxETAPBgNVBAMTCFF1aWNrVExTMB4XDTE1MDcxNzE5
-NDg1M1oXDTE4MDcwMTE5NDg1M1owJzERMA8GA1UEChMIUXVpY2tUTFMxEjAQBgNV
-BAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDO
-qvTBAi0ApXLfe90ApJkdkRGwF838Qzt1UFSxomu5fHRV6l3FjX5XCVHiFQ4w3ROh
-dMOu9NahfGLJv9VvWU2MV3YoY9Y7lIXpKwnK1v064wuls4nPh13BUWKQKofcY/e2
-qaSPd6/qmSRc/kJUvOI9jZMSX6ZRPu9K4PCqm2CivlbLq9UYuo1AbRGfuqHRvTxg
-mQG7WQCzGSvSjuSg5qX3TEh0HckTczJG9ODULNRWNE7ld0W4sfv4VF8R7Uc/G7LO
-8QwLCZ9TIl3gYMPCrhUL3Q6z9Jnn1SQS4mhDnPi6ugRYO1X8k3jjdxV9C2sXwUvN
-OZI1rLEWl9TJNA7ZXtMCAwEAAaM2MDQwDgYDVR0PAQH/BAQDAgCgMAwGA1UdEwEB
-/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MAsGCSqGSIb3DQEBCwOCAQEAH6iq
-kM2+UMukGDLEQKHHiauioWJlHDlLXv76bJiNfjSz94B/2XOQMb9PT04//tnGUyPK
-K8Dx7RoxSodU6T5VRiz/A36mLOvt2t3bcL/1nHf9sAOHcexGtnCbQbW91V7RKfIL
-sjiLNFDkQ9VfVNY+ynQptZoyH1sy07+dplfkIiPzRs5WuVAnEGsX3r6BrhgUITzi
-g1B4kpmGZIohP4m6ZEBY5xuo/NQ0+GhjAENQMU38GpuoMyFS0i0dGcbx8weqnI/B
-Er/qa0+GE/rBnWY8TiRow8dzpneSFQnUZpJ4EwD9IoOIDHo7k2Nbz2P50HMiCXZf
-4RqzctVssRlrRVnO5w==
------END CERTIFICATE-----
diff --git a/e2e/image/testdata/notary/localhost.key b/e2e/image/testdata/notary/localhost.key
deleted file mode 100644
index d7778359a..000000000
--- a/e2e/image/testdata/notary/localhost.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAwM6q9MECLQClct973QCkmR2REbAXzfxDO3VQVLGia7l8dFXq
-XcWNflcJUeIVDjDdE6F0w6701qF8Ysm/1W9ZTYxXdihj1juUhekrCcrW/TrjC6Wz
-ic+HXcFRYpAqh9xj97appI93r+qZJFz+QlS84j2NkxJfplE+70rg8KqbYKK+Vsur
-1Ri6jUBtEZ+6odG9PGCZAbtZALMZK9KO5KDmpfdMSHQdyRNzMkb04NQs1FY0TuV3
-Rbix+/hUXxHtRz8bss7xDAsJn1MiXeBgw8KuFQvdDrP0mefVJBLiaEOc+Lq6BFg7
-VfyTeON3FX0LaxfBS805kjWssRaX1Mk0Dtle0wIDAQABAoIBAHbuhNHZROhRn70O
-Ui9vOBki/dt1ThnH5AkHQngb4t6kWjrAzILvW2p1cdBKr0ZDqftz+rzCbVD/5+Rg
-Iq8bsnB9g23lWEBMHD/GJsAxmRA3hNooamk11IBmwTcVSsbnkdq5mEdkICYphjHC
-Ey0DbEf6RBxWlx3WvAWLoNmTw6iFaOCH8IyLavPpe7kLbZc219oNUw2qjCnCXCZE
-/NuViADHJBPN8r7g1gmyclJmTumdUK6oHgXEMMPe43vhReGcgcReK9QZjnTcIXPM
-4oJOraw+BtoZXVvvIPnC+5ntoLFOzjIzM0kaveReZbdgffqF4zy2vRfCHhWssanc
-7a0xR4ECgYEA3Xuvcqy5Xw+v/jVCO0VZj++Z7apA78dY4tWsPx5/0DUTTziTlXkC
-ADduEbwX6HgZ/iLvA9j4C3Z4mO8qByby/6UoBU8NEe+PQt6fT7S+dKSP4uy5ZxVM
-i5opkEyrJsMbve9Jrlj4bk5CICsydrZ+SBFHnpNGjbduGQick5LORWECgYEA3trt
-gepteDGiUYmnnBgjbYtcD11RvpKC8Z/QwGnzN5vk4eBu8r7DkMcLN+SiHjAovlJo
-r5j3EbF8sla1zBf/yySdQZFqUGcwtw7MaAKCLdhQl5WsViNMIx6p2OJapu0dzbv2
-KTXrnoRCafcH92k0dUX1ahE9eyc8KX6VhbWwXLMCgYATGCCuEDoC+gVAMzM8jOQF
-xrBMjwr+IP+GvskUv/pg5tJ9V/FRR5dmkWDJ4p9lCUWkZTqZ6FCqHFKVTLkg2LjG
-VWS34HLOAwskxrCRXJG22KEW/TWWr31j46yFpjZzJwrzOvftMfpo+BI3V8IH/f+x
-EtxLzYKdoRy6x8VH67YgwQKBgHor2vjV45142FuK83AHa6SqOZXSuvWWrGJ6Ep7p
-doSN2jRaLXi2S9AaznOdy6JxFGUCGJHrcccpXgsGrjNtFLXxJKTFa1sYtwQkALsk
-ZOltJQF09D1krGC0driHntrUMvqOiKye+sS0DRS6cIuaCUAhUiELwoC5SaoV0zKy
-IDUxAoGAOK8Xq+3/sqe79vTpw25RXl+nkAmOAeKjqf3Kh6jbnBhr81rmefyKXB9a
-uj0b980tzUnliwA5cCOsyxfN2vASvMnJxFE721QZI04arlcPFHcFqCtmNnUYTcLp
-0hgn/yLZptcoxpy+eTBu3eNsxz1Bu/Tx/198+2Wr3MbtGpLNIcA=
------END RSA PRIVATE KEY-----
diff --git a/e2e/image/testdata/pull-with-content-trust-err.golden b/e2e/image/testdata/pull-with-content-trust-err.golden
deleted file mode 100644
index fb570178a..000000000
--- a/e2e/image/testdata/pull-with-content-trust-err.golden
+++ /dev/null
@@ -1 +0,0 @@
-Tagging registry:5000/trust-pull@sha256:e2e16842c9b54d985bf1ef9242a313f36b856181f188de21313820e177002501 as registry:5000/trust-pull:latest
diff --git a/e2e/image/testdata/pull-with-content-trust.golden b/e2e/image/testdata/pull-with-content-trust.golden
deleted file mode 100644
index 582a4e0cc..000000000
--- a/e2e/image/testdata/pull-with-content-trust.golden
+++ /dev/null
@@ -1,5 +0,0 @@
-Pull (1 of 1): registry:5000/trust-pull:latest@sha256:e2e16842c9b54d985bf1ef9242a313f36b856181f188de21313820e177002501
-registry:5000/trust-pull@sha256:e2e16842c9b54d985bf1ef9242a313f36b856181f188de21313820e177002501: Pulling from trust-pull
-Digest: sha256:e2e16842c9b54d985bf1ef9242a313f36b856181f188de21313820e177002501
-Status: Downloaded newer image for registry:5000/trust-pull@sha256:e2e16842c9b54d985bf1ef9242a313f36b856181f188de21313820e177002501
-registry:5000/trust-pull:latest
diff --git a/e2e/image/testdata/push-with-content-trust-err.golden b/e2e/image/testdata/push-with-content-trust-err.golden
deleted file mode 100644
index e69de29bb..000000000
diff --git a/e2e/internal/fixtures/fixtures.go b/e2e/internal/fixtures/fixtures.go
index 3c47f8d7f..256e14f17 100644
--- a/e2e/internal/fixtures/fixtures.go
+++ b/e2e/internal/fixtures/fixtures.go
@@ -1,7 +1,6 @@
 package fixtures
 
 import (
-	"fmt"
 	"os"
 	"testing"
 
@@ -11,42 +10,21 @@ import (
 )
 
 const (
-	// NotaryURL is the location of the notary server
-	NotaryURL = "https://notary-server:4443"
-	// EvilNotaryURL is the location of the evil notary server
-	EvilNotaryURL = "https://evil-notary-server:4444"
 	// AlpineImage is an image in the test registry
 	AlpineImage = "registry:5000/alpine:frozen"
-	// AlpineSha is the sha of the alpine image
-	AlpineSha = "e2e16842c9b54d985bf1ef9242a313f36b856181f188de21313820e177002501" // #nosec G101 -- ignoring: Potential hardcoded credentials (gosec)
 	// BusyboxImage is an image in the test registry
 	BusyboxImage = "registry:5000/busybox:frozen"
-	// BusyboxSha is the sha of the busybox image
-	BusyboxSha = "030fcb92e1487b18c974784dcc110a93147c9fc402188370fbfd17efabffc6af" // #nosec G101 -- ignoring: Potential hardcoded credentials (gosec)
 )
 
 // SetupConfigFile creates a config.json file for testing
 func SetupConfigFile(t *testing.T) fs.Dir {
 	t.Helper()
-	return SetupConfigWithNotaryURL(t, "trust_test", NotaryURL)
-}
-
-// SetupConfigWithNotaryURL creates a config.json file for testing in the given path
-// with the given notaryURL
-func SetupConfigWithNotaryURL(t *testing.T, path, notaryURL string) fs.Dir {
-	t.Helper()
-	dir := fs.NewDir(t, path, fs.WithMode(0o700), fs.WithFile("config.json", fmt.Sprintf(`
-	{
-		"auths": {
-			"registry:5000": {
-				"auth": "ZWlhaXM6cGFzc3dvcmQK"
-			},
-			"%s": {
-				"auth": "ZWlhaXM6cGFzc3dvcmQK"
-			}
+	dir := fs.NewDir(t, "trust_test", fs.WithMode(0o700), fs.WithFile("config.json", `{
+	"auths": {
+		"registry:5000": {
+			"auth": "ZWlhaXM6cGFzc3dvcmQK"
 		}
-	}
-	`, notaryURL)), fs.WithDir("trust", fs.WithDir("private")))
+	}}`), fs.WithDir("trust", fs.WithDir("private")))
 	return *dir
 }
 
@@ -57,26 +35,6 @@ func WithConfig(dir string) func(cmd *icmd.Cmd) {
 	}
 }
 
-// WithPassphrase sets environment variables for passphrases
-func WithPassphrase(rootPwd, repositoryPwd string) func(cmd *icmd.Cmd) {
-	return func(cmd *icmd.Cmd) {
-		addEnvs(cmd,
-			"DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE="+rootPwd,
-			"DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="+repositoryPwd,
-		)
-	}
-}
-
-// WithTrust sets DOCKER_CONTENT_TRUST to 1
-func WithTrust(cmd *icmd.Cmd) {
-	addEnvs(cmd, "DOCKER_CONTENT_TRUST=1")
-}
-
-// WithNotary sets the location of the notary server
-func WithNotary(cmd *icmd.Cmd) {
-	addEnvs(cmd, "DOCKER_CONTENT_TRUST_SERVER="+NotaryURL)
-}
-
 // WithHome sets the HOME environment variable
 func WithHome(path string) func(*icmd.Cmd) {
 	return func(cmd *icmd.Cmd) {
@@ -84,43 +42,6 @@ func WithHome(path string) func(*icmd.Cmd) {
 	}
 }
 
-// WithNotaryServer sets the location of the notary server
-func WithNotaryServer(notaryURL string) func(*icmd.Cmd) {
-	return func(cmd *icmd.Cmd) {
-		addEnvs(cmd, "DOCKER_CONTENT_TRUST_SERVER="+notaryURL)
-	}
-}
-
-// CreateMaskedTrustedRemoteImage creates a remote image that is signed with
-// content trust, then pushes a different untrusted image at the same tag.
-func CreateMaskedTrustedRemoteImage(t *testing.T, registryPrefix, repo, tag string) string {
-	t.Helper()
-	image := createTrustedRemoteImage(t, registryPrefix, repo, tag)
-	createNamedUnsignedImageFromBusyBox(t, image)
-	return image
-}
-
-func createTrustedRemoteImage(t *testing.T, registryPrefix, repo, tag string) string {
-	t.Helper()
-	image := fmt.Sprintf("%s/%s:%s", registryPrefix, repo, tag)
-	icmd.RunCommand("docker", "image", "pull", AlpineImage).Assert(t, icmd.Success)
-	icmd.RunCommand("docker", "image", "tag", AlpineImage, image).Assert(t, icmd.Success)
-	result := icmd.RunCmd(
-		icmd.Command("docker", "image", "push", image),
-		WithPassphrase("root_password", "repo_password"), WithTrust, WithNotary)
-	result.Assert(t, icmd.Success)
-	icmd.RunCommand("docker", "image", "rm", image).Assert(t, icmd.Success)
-	return image
-}
-
-func createNamedUnsignedImageFromBusyBox(t *testing.T, image string) {
-	t.Helper()
-	icmd.RunCommand("docker", "image", "pull", BusyboxImage).Assert(t, icmd.Success)
-	icmd.RunCommand("docker", "image", "tag", BusyboxImage, image).Assert(t, icmd.Success)
-	icmd.RunCommand("docker", "image", "push", image).Assert(t, icmd.Success)
-	icmd.RunCommand("docker", "image", "rm", image).Assert(t, icmd.Success)
-}
-
 // addEnvs adds environment variables to cmd, making sure to preserve the
 // current os.Environ(), which would otherwise be omitted (for non-empty .Env).
 func addEnvs(cmd *icmd.Cmd, envs ...string) {
diff --git a/e2e/plugin/plugin_test.go b/e2e/plugin/plugin_test.go
index bcf61392b..e1febb42a 100644
--- a/e2e/plugin/plugin_test.go
+++ b/e2e/plugin/plugin_test.go
@@ -31,7 +31,6 @@ func TestCreatePushPull(t *testing.T) {
 	icmd.RunCommand("docker", "plugin", "create", pluginName, pluginDir).Assert(t, icmd.Success)
 	result := icmd.RunCmd(icmd.Command("docker", "plugin", "push", pluginName),
 		fixtures.WithConfig(dir.Path()),
-		fixtures.WithPassphrase("foo", "bar"),
 	)
 	result.Assert(t, icmd.Expected{
 		Out: fmt.Sprintf("The push refers to repository [%s]", pluginName),
diff --git a/e2e/testdata/Dockerfile.evil-notary-server b/e2e/testdata/Dockerfile.evil-notary-server
deleted file mode 100644
index 97f234e84..000000000
--- a/e2e/testdata/Dockerfile.evil-notary-server
+++ /dev/null
@@ -1,7 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG NOTARY_VERSION=0.6.1
-
-FROM notary:server-${NOTARY_VERSION}
-
-COPY ./notary-evil/ /fixtures/
diff --git a/e2e/testdata/Dockerfile.gencerts b/e2e/testdata/Dockerfile.gencerts
deleted file mode 100644
index 3eba51c25..000000000
--- a/e2e/testdata/Dockerfile.gencerts
+++ /dev/null
@@ -1,20 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG GO_VERSION=1.25.3
-
-FROM golang:${GO_VERSION}-alpine AS generated
-ENV GOTOOLCHAIN=local
-RUN go install github.com/dmcgowan/quicktls@master
-WORKDIR /tmp/gencerts/notary
-RUN --mount=type=bind,source=e2e/testdata/notary,target=/tmp/gencerts/notary,rw <<EOT
-  set -eu
-  mkdir -p ../notary-evil /out
-  quicktls -exp 87600h -org=Docker -with-san notary-server notaryserver evil-notary-server evilnotaryserver localhost 127.0.0.1
-  cat ca.pem >> notary-server.cert
-  mv ca.pem root-ca.cert
-  cp notary-server.cert notary-server.key root-ca.cert ../notary-evil
-  cp -r /tmp/gencerts/notary* /out/
-EOT
-
-FROM scratch
-COPY --from=generated /out /
diff --git a/e2e/testdata/Dockerfile.notary-server b/e2e/testdata/Dockerfile.notary-server
deleted file mode 100644
index 846253e2f..000000000
--- a/e2e/testdata/Dockerfile.notary-server
+++ /dev/null
@@ -1,7 +0,0 @@
-# syntax=docker/dockerfile:1
-
-ARG NOTARY_VERSION=0.6.1
-
-FROM notary:server-${NOTARY_VERSION}
-
-COPY ./notary/ /fixtures/
diff --git a/e2e/testdata/notary-evil/notary-config.json b/e2e/testdata/notary-evil/notary-config.json
deleted file mode 100644
index f3345c080..000000000
--- a/e2e/testdata/notary-evil/notary-config.json
+++ /dev/null
@@ -1,19 +0,0 @@
-{
-    "server": {
-        "http_addr": "evil-notary-server:4444",
-        "tls_key_file": "./notary-server.key",
-        "tls_cert_file": "./notary-server.cert"
-    },
-    "trust_service": {
-        "type": "local",
-        "hostname": "",
-        "port": "",
-        "key_algorithm": "ed25519"
-    },
-    "logging": {
-        "level": "debug"
-    },
-    "storage": {
-        "backend": "memory"
-    }
-}
diff --git a/e2e/testdata/notary-evil/notary-server.cert b/e2e/testdata/notary-evil/notary-server.cert
deleted file mode 100644
index eee2b3463..000000000
--- a/e2e/testdata/notary-evil/notary-server.cert
+++ /dev/null
@@ -1,40 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDdzCCAl+gAwIBAgIQTujwx+1xxXeI5AbzAQ379TANBgkqhkiG9w0BAQsFADAi
-MQ8wDQYDVQQKEwZEb2NrZXIxDzANBgNVBAMTBkRvY2tlcjAeFw0yMzAzMjcxMTA5
-NTBaFw0zMzAzMjQxMTA5NTBaMCkxDzANBgNVBAoTBkRvY2tlcjEWMBQGA1UEAxMN
-bm90YXJ5LXNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPhZ
-pU7DRK/2nwbTu+kVYhU/XARDleVSiLrQ5RMR1Cz2xC4LWkOEVSj4aCBo85O66JAx
-p+WRVwoVEU2rdkK3k4983Xr34+7q5Hv4hmwlg6I7QLRRJapEgK5G5RB/9aQntolx
-h5E0KaoF4PJP25y4FHCUr4td4QyitaICsCpuOAN6XgmE9sM9TBf+AEjTSxwwvgEz
-DqHvyovl7pA+pQP2oTKBrf6KN8hHDOXmm9gd8ST9yKLrsYWhqExLLPnAD4lQEcKZ
-29g+iTd4eNoJUXctpuY+3IpqBcQSLq35mNKBP/FQco6g3q26/cB4zWGxTr3jGJqs
-ms8qdFLGZ2KiBCt+oDMCAwEAAaOBoTCBnjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0T
-AQH/BAIwADAfBgNVHSMEGDAWgBTxYMNqgy2wkgmPZL/+bTCTQo6ulTBdBgNVHREE
-VjBUgg1ub3Rhcnktc2VydmVyggxub3RhcnlzZXJ2ZXKCEmV2aWwtbm90YXJ5LXNl
-cnZlcoIQZXZpbG5vdGFyeXNlcnZlcoIJbG9jYWxob3N0hwR/AAABMA0GCSqGSIb3
-DQEBCwUAA4IBAQCDMjuZnNINFfqstFwhEEvAgWbjYW26ZQxhQffaqDlbMIQkWoXj
-8inld9bma9Mf5i/GAkUwFqCnEHD4LQ6vDgfAgL+pSOv9VI5SBEuk/gLqvIBUeIRu
-uHo1jWtll2Fr7eDLVdD4mPRPFC7V6mv6sFa9EN4tBN8eheQxHJvzwnnU7X28prfI
-/hWnwPWScVvttqBSsq1h2CUpVu2zGVToeCJ9xl4r/NyDtM5TyMgz7RLrer0p8NSu
-4Qp4ZXtxHDLduWcyMUHLGTprW05yjj9UVq89xfaCOqFSpx5i4oxotYm1PoOacHmN
-RMp9vaYMAmopoxIEYX6fDg5T3sQ5cidZJEvU
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIDEDCCAfigAwIBAgIQdxGVILXsVcogexr+Ia2MZDANBgkqhkiG9w0BAQsFADAi
-MQ8wDQYDVQQKEwZEb2NrZXIxDzANBgNVBAMTBkRvY2tlcjAeFw0yMzAzMjcxMTA5
-NTBaFw0zMzAzMjQxMTA5NTBaMCIxDzANBgNVBAoTBkRvY2tlcjEPMA0GA1UEAxMG
-RG9ja2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3sA/g7Srrkz
-uEf1Qa2jAw93EfEJvxU1ZmZ30aB7KLgHN2TznxAGYtNekAu88CV4H3PKS44BZOar
-wOo3KL4wQffLt7lmsRJG1KOfyiAmjmvidP5JSeRdTiBtj4CCVoi3EE6BZXPpZjst
-9OSOlld2bWWXHb2ZdoY3ZAhZ9rn3tVwyfoLKpuESp1WZSFHPIdcuoMmZPtqD0bSi
-5hc4gVFNLlZOAILvUkXxcHKUgLHZg0YEDQWsYjqh8EYp5LUK2tt4Mpz0HwAt9siE
-VxHGIsiEqG1ajmxZiS28nlRWc4JRlOdmy5x1TPzJTDy+49gxB4njp1nRUtUgzmaG
-QHhml35xHQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB
-/zAdBgNVHQ4EFgQU8WDDaoMtsJIJj2S//m0wk0KOrpUwDQYJKoZIhvcNAQELBQAD
-ggEBAKZJfQjjfqn0K/UlzmrGcRkhrLbJNUfCD6TvxD75MoGtEe+VUEjljm1JHSbj
-DrevDyTnak1W4o5/dcy0h6kI6lhHgObbcoAV5CxQ4+HHmeowA/fzedbnIdnHwtNg
-SUJEslqoJSiYiiFQLV/yWWfBCWpbIgpDrADU7x9Ccxt6INuxrxOQwf1LZnmVbYs0
-1Mb/O1UFnvW7MeVSR4Nb/4lw6lol+mrR1iF8tTQ+rk4sBdCxw2aU48x3Pjqm+XpV
-PIm9uRUr4tRDyQfmBZuxWTNJ9NSx5zVpLEPhDmyOW5wlSw+aKGscu9+RjBx/gXPk
-sK8jZi441ojEJ7OaggGPheO3mCU=
------END CERTIFICATE-----
diff --git a/e2e/testdata/notary-evil/notary-server.key b/e2e/testdata/notary-evil/notary-server.key
deleted file mode 100644
index 7f7562a9d..000000000
--- a/e2e/testdata/notary-evil/notary-server.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA+FmlTsNEr/afBtO76RViFT9cBEOV5VKIutDlExHULPbELgta
-Q4RVKPhoIGjzk7rokDGn5ZFXChURTat2QreTj3zdevfj7urke/iGbCWDojtAtFEl
-qkSArkblEH/1pCe2iXGHkTQpqgXg8k/bnLgUcJSvi13hDKK1ogKwKm44A3peCYT2
-wz1MF/4ASNNLHDC+ATMOoe/Ki+XukD6lA/ahMoGt/oo3yEcM5eab2B3xJP3Iouux
-haGoTEss+cAPiVARwpnb2D6JN3h42glRdy2m5j7cimoFxBIurfmY0oE/8VByjqDe
-rbr9wHjNYbFOveMYmqyazyp0UsZnYqIEK36gMwIDAQABAoIBAQDy7W2f763+mbTQ
-zshepQX+Vq3BlgLIAMWyR6fr0WLEYNVhXMV8ibNrkiD4ovCwLwJSGeBr1JFZUWZN
-nUze0gdLMg7LvDN/ftDk2yNSIhfy1xbhywaW2M8uqjZiv2genKIXK7A6PtYKdBmn
-rKnbUMzdmvNj1f7Ph1E4Gn0L5ChybJDJrq6wQjuTdZ6RmkGkbid0L+47Uv+6xBm9
-hgBPVXd8auQAYGmyXZwvfga5ZjfRMI4wvWkvjOAQcJtxxgOnLT1KDjYV+L70PWul
-bYoKX0sNkFEP9tOq2pD9XVBuTVQxcYeztv0Vz+kG66Ju1KKCAnUYFhRt055zZLfm
-WDYlWm0BAoGBAPvGW9LvzwCDE9QUcR46nG1ZihheJyGKwWVK+ZjYkUU9nLbrIpOD
-/jmihoHHhKBC6YOfHHY73LtZ22fgXEu6ivDzZtTxBErXbdRpEKktJebRK7gPkfsB
-PNQ8CRd/DxRC/JuVFR76OPsbZWhXCaeC7PRdyAtvU9toT1jIQf+a4OhBAoGBAPyE
-kxEoNO1KhWtgByUlsPzvq9PaTjwW/LpmEoo0FBUhYRPxYzVuYrE0BBflDR6JcMRR
-oE9CXYGjtVPB44gT7pHVP09f3Ugrxk7X+t8wy3PWUTaTprmmEGqF0TzfdH4oQz0Y
-v1khwuIu6rRlddGEiCKldXxn+gJy9E70yO4bm4tzAoGAL/XFIBVWVT6i1E9gjOWV
-Tq8zwxiMU7Ney7DQgvEeGxZ1d9Kqr3cBQnFXNfmPpgeY+92fSlZ04atoRA1VB4ft
-V6DGAeI3cxo+bavl5JQZGDLYJSOyJyJBOByHjtZBRRbNj8WCVHhNymeZlZqe2C30
-fUgwBx2Z172y/7KF/+680QECgYEA1GhUKQ9wDdYsiliZSgb9bJXSLH8qZeNULRrl
-J3mNFwUf2p2mvPAgdjxx4QOb2H716z1aIrGJZB4nzc9/LBzQBb2h5ouV4DpqMjH8
-5bbuvH6fi9ABY5Irpt7vVUwFeoU1ofPqKPh8LLQYWywpQddAiBwzyjTQGTVHCg9f
-4OI6Ib8CgYAptl24MGOc6BminKgsux+vNS9X1WwIADiHDyWBPHeQgLX8bYegswq9
-/6uGXJQgdFBhfLuoTBBN0ia/0QQhDezzrqnERddciuL2zxFxEETdpIuxm4lhieX7
-9LqnFcjxM4sLCg4SDSRX+nburiCnLDQiaBzhARooMJO48luTZUiWYQ==
------END RSA PRIVATE KEY-----
diff --git a/e2e/testdata/notary-evil/root-ca.cert b/e2e/testdata/notary-evil/root-ca.cert
deleted file mode 100644
index e7411c14b..000000000
--- a/e2e/testdata/notary-evil/root-ca.cert
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDEDCCAfigAwIBAgIQdxGVILXsVcogexr+Ia2MZDANBgkqhkiG9w0BAQsFADAi
-MQ8wDQYDVQQKEwZEb2NrZXIxDzANBgNVBAMTBkRvY2tlcjAeFw0yMzAzMjcxMTA5
-NTBaFw0zMzAzMjQxMTA5NTBaMCIxDzANBgNVBAoTBkRvY2tlcjEPMA0GA1UEAxMG
-RG9ja2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3sA/g7Srrkz
-uEf1Qa2jAw93EfEJvxU1ZmZ30aB7KLgHN2TznxAGYtNekAu88CV4H3PKS44BZOar
-wOo3KL4wQffLt7lmsRJG1KOfyiAmjmvidP5JSeRdTiBtj4CCVoi3EE6BZXPpZjst
-9OSOlld2bWWXHb2ZdoY3ZAhZ9rn3tVwyfoLKpuESp1WZSFHPIdcuoMmZPtqD0bSi
-5hc4gVFNLlZOAILvUkXxcHKUgLHZg0YEDQWsYjqh8EYp5LUK2tt4Mpz0HwAt9siE
-VxHGIsiEqG1ajmxZiS28nlRWc4JRlOdmy5x1TPzJTDy+49gxB4njp1nRUtUgzmaG
-QHhml35xHQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB
-/zAdBgNVHQ4EFgQU8WDDaoMtsJIJj2S//m0wk0KOrpUwDQYJKoZIhvcNAQELBQAD
-ggEBAKZJfQjjfqn0K/UlzmrGcRkhrLbJNUfCD6TvxD75MoGtEe+VUEjljm1JHSbj
-DrevDyTnak1W4o5/dcy0h6kI6lhHgObbcoAV5CxQ4+HHmeowA/fzedbnIdnHwtNg
-SUJEslqoJSiYiiFQLV/yWWfBCWpbIgpDrADU7x9Ccxt6INuxrxOQwf1LZnmVbYs0
-1Mb/O1UFnvW7MeVSR4Nb/4lw6lol+mrR1iF8tTQ+rk4sBdCxw2aU48x3Pjqm+XpV
-PIm9uRUr4tRDyQfmBZuxWTNJ9NSx5zVpLEPhDmyOW5wlSw+aKGscu9+RjBx/gXPk
-sK8jZi441ojEJ7OaggGPheO3mCU=
------END CERTIFICATE-----
diff --git a/e2e/testdata/notary/notary-config.json b/e2e/testdata/notary/notary-config.json
deleted file mode 100644
index a4aed592a..000000000
--- a/e2e/testdata/notary/notary-config.json
+++ /dev/null
@@ -1,19 +0,0 @@
-{
-    "server": {
-        "http_addr": "notary-server:4443",
-        "tls_key_file": "./notary-server.key",
-        "tls_cert_file": "./notary-server.cert"
-    },
-    "trust_service": {
-        "type": "local",
-        "hostname": "",
-        "port": "",
-        "key_algorithm": "ed25519"
-    },
-    "logging": {
-        "level": "debug"
-    },
-    "storage": {
-        "backend": "memory"
-    }
-}
diff --git a/e2e/testdata/notary/notary-server.cert b/e2e/testdata/notary/notary-server.cert
deleted file mode 100644
index eee2b3463..000000000
--- a/e2e/testdata/notary/notary-server.cert
+++ /dev/null
@@ -1,40 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDdzCCAl+gAwIBAgIQTujwx+1xxXeI5AbzAQ379TANBgkqhkiG9w0BAQsFADAi
-MQ8wDQYDVQQKEwZEb2NrZXIxDzANBgNVBAMTBkRvY2tlcjAeFw0yMzAzMjcxMTA5
-NTBaFw0zMzAzMjQxMTA5NTBaMCkxDzANBgNVBAoTBkRvY2tlcjEWMBQGA1UEAxMN
-bm90YXJ5LXNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPhZ
-pU7DRK/2nwbTu+kVYhU/XARDleVSiLrQ5RMR1Cz2xC4LWkOEVSj4aCBo85O66JAx
-p+WRVwoVEU2rdkK3k4983Xr34+7q5Hv4hmwlg6I7QLRRJapEgK5G5RB/9aQntolx
-h5E0KaoF4PJP25y4FHCUr4td4QyitaICsCpuOAN6XgmE9sM9TBf+AEjTSxwwvgEz
-DqHvyovl7pA+pQP2oTKBrf6KN8hHDOXmm9gd8ST9yKLrsYWhqExLLPnAD4lQEcKZ
-29g+iTd4eNoJUXctpuY+3IpqBcQSLq35mNKBP/FQco6g3q26/cB4zWGxTr3jGJqs
-ms8qdFLGZ2KiBCt+oDMCAwEAAaOBoTCBnjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0T
-AQH/BAIwADAfBgNVHSMEGDAWgBTxYMNqgy2wkgmPZL/+bTCTQo6ulTBdBgNVHREE
-VjBUgg1ub3Rhcnktc2VydmVyggxub3RhcnlzZXJ2ZXKCEmV2aWwtbm90YXJ5LXNl
-cnZlcoIQZXZpbG5vdGFyeXNlcnZlcoIJbG9jYWxob3N0hwR/AAABMA0GCSqGSIb3
-DQEBCwUAA4IBAQCDMjuZnNINFfqstFwhEEvAgWbjYW26ZQxhQffaqDlbMIQkWoXj
-8inld9bma9Mf5i/GAkUwFqCnEHD4LQ6vDgfAgL+pSOv9VI5SBEuk/gLqvIBUeIRu
-uHo1jWtll2Fr7eDLVdD4mPRPFC7V6mv6sFa9EN4tBN8eheQxHJvzwnnU7X28prfI
-/hWnwPWScVvttqBSsq1h2CUpVu2zGVToeCJ9xl4r/NyDtM5TyMgz7RLrer0p8NSu
-4Qp4ZXtxHDLduWcyMUHLGTprW05yjj9UVq89xfaCOqFSpx5i4oxotYm1PoOacHmN
-RMp9vaYMAmopoxIEYX6fDg5T3sQ5cidZJEvU
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIDEDCCAfigAwIBAgIQdxGVILXsVcogexr+Ia2MZDANBgkqhkiG9w0BAQsFADAi
-MQ8wDQYDVQQKEwZEb2NrZXIxDzANBgNVBAMTBkRvY2tlcjAeFw0yMzAzMjcxMTA5
-NTBaFw0zMzAzMjQxMTA5NTBaMCIxDzANBgNVBAoTBkRvY2tlcjEPMA0GA1UEAxMG
-RG9ja2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3sA/g7Srrkz
-uEf1Qa2jAw93EfEJvxU1ZmZ30aB7KLgHN2TznxAGYtNekAu88CV4H3PKS44BZOar
-wOo3KL4wQffLt7lmsRJG1KOfyiAmjmvidP5JSeRdTiBtj4CCVoi3EE6BZXPpZjst
-9OSOlld2bWWXHb2ZdoY3ZAhZ9rn3tVwyfoLKpuESp1WZSFHPIdcuoMmZPtqD0bSi
-5hc4gVFNLlZOAILvUkXxcHKUgLHZg0YEDQWsYjqh8EYp5LUK2tt4Mpz0HwAt9siE
-VxHGIsiEqG1ajmxZiS28nlRWc4JRlOdmy5x1TPzJTDy+49gxB4njp1nRUtUgzmaG
-QHhml35xHQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB
-/zAdBgNVHQ4EFgQU8WDDaoMtsJIJj2S//m0wk0KOrpUwDQYJKoZIhvcNAQELBQAD
-ggEBAKZJfQjjfqn0K/UlzmrGcRkhrLbJNUfCD6TvxD75MoGtEe+VUEjljm1JHSbj
-DrevDyTnak1W4o5/dcy0h6kI6lhHgObbcoAV5CxQ4+HHmeowA/fzedbnIdnHwtNg
-SUJEslqoJSiYiiFQLV/yWWfBCWpbIgpDrADU7x9Ccxt6INuxrxOQwf1LZnmVbYs0
-1Mb/O1UFnvW7MeVSR4Nb/4lw6lol+mrR1iF8tTQ+rk4sBdCxw2aU48x3Pjqm+XpV
-PIm9uRUr4tRDyQfmBZuxWTNJ9NSx5zVpLEPhDmyOW5wlSw+aKGscu9+RjBx/gXPk
-sK8jZi441ojEJ7OaggGPheO3mCU=
------END CERTIFICATE-----
diff --git a/e2e/testdata/notary/notary-server.key b/e2e/testdata/notary/notary-server.key
deleted file mode 100644
index 7f7562a9d..000000000
--- a/e2e/testdata/notary/notary-server.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA+FmlTsNEr/afBtO76RViFT9cBEOV5VKIutDlExHULPbELgta
-Q4RVKPhoIGjzk7rokDGn5ZFXChURTat2QreTj3zdevfj7urke/iGbCWDojtAtFEl
-qkSArkblEH/1pCe2iXGHkTQpqgXg8k/bnLgUcJSvi13hDKK1ogKwKm44A3peCYT2
-wz1MF/4ASNNLHDC+ATMOoe/Ki+XukD6lA/ahMoGt/oo3yEcM5eab2B3xJP3Iouux
-haGoTEss+cAPiVARwpnb2D6JN3h42glRdy2m5j7cimoFxBIurfmY0oE/8VByjqDe
-rbr9wHjNYbFOveMYmqyazyp0UsZnYqIEK36gMwIDAQABAoIBAQDy7W2f763+mbTQ
-zshepQX+Vq3BlgLIAMWyR6fr0WLEYNVhXMV8ibNrkiD4ovCwLwJSGeBr1JFZUWZN
-nUze0gdLMg7LvDN/ftDk2yNSIhfy1xbhywaW2M8uqjZiv2genKIXK7A6PtYKdBmn
-rKnbUMzdmvNj1f7Ph1E4Gn0L5ChybJDJrq6wQjuTdZ6RmkGkbid0L+47Uv+6xBm9
-hgBPVXd8auQAYGmyXZwvfga5ZjfRMI4wvWkvjOAQcJtxxgOnLT1KDjYV+L70PWul
-bYoKX0sNkFEP9tOq2pD9XVBuTVQxcYeztv0Vz+kG66Ju1KKCAnUYFhRt055zZLfm
-WDYlWm0BAoGBAPvGW9LvzwCDE9QUcR46nG1ZihheJyGKwWVK+ZjYkUU9nLbrIpOD
-/jmihoHHhKBC6YOfHHY73LtZ22fgXEu6ivDzZtTxBErXbdRpEKktJebRK7gPkfsB
-PNQ8CRd/DxRC/JuVFR76OPsbZWhXCaeC7PRdyAtvU9toT1jIQf+a4OhBAoGBAPyE
-kxEoNO1KhWtgByUlsPzvq9PaTjwW/LpmEoo0FBUhYRPxYzVuYrE0BBflDR6JcMRR
-oE9CXYGjtVPB44gT7pHVP09f3Ugrxk7X+t8wy3PWUTaTprmmEGqF0TzfdH4oQz0Y
-v1khwuIu6rRlddGEiCKldXxn+gJy9E70yO4bm4tzAoGAL/XFIBVWVT6i1E9gjOWV
-Tq8zwxiMU7Ney7DQgvEeGxZ1d9Kqr3cBQnFXNfmPpgeY+92fSlZ04atoRA1VB4ft
-V6DGAeI3cxo+bavl5JQZGDLYJSOyJyJBOByHjtZBRRbNj8WCVHhNymeZlZqe2C30
-fUgwBx2Z172y/7KF/+680QECgYEA1GhUKQ9wDdYsiliZSgb9bJXSLH8qZeNULRrl
-J3mNFwUf2p2mvPAgdjxx4QOb2H716z1aIrGJZB4nzc9/LBzQBb2h5ouV4DpqMjH8
-5bbuvH6fi9ABY5Irpt7vVUwFeoU1ofPqKPh8LLQYWywpQddAiBwzyjTQGTVHCg9f
-4OI6Ib8CgYAptl24MGOc6BminKgsux+vNS9X1WwIADiHDyWBPHeQgLX8bYegswq9
-/6uGXJQgdFBhfLuoTBBN0ia/0QQhDezzrqnERddciuL2zxFxEETdpIuxm4lhieX7
-9LqnFcjxM4sLCg4SDSRX+nburiCnLDQiaBzhARooMJO48luTZUiWYQ==
------END RSA PRIVATE KEY-----
diff --git a/e2e/testdata/notary/root-ca.cert b/e2e/testdata/notary/root-ca.cert
deleted file mode 100644
index e7411c14b..000000000
--- a/e2e/testdata/notary/root-ca.cert
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDEDCCAfigAwIBAgIQdxGVILXsVcogexr+Ia2MZDANBgkqhkiG9w0BAQsFADAi
-MQ8wDQYDVQQKEwZEb2NrZXIxDzANBgNVBAMTBkRvY2tlcjAeFw0yMzAzMjcxMTA5
-NTBaFw0zMzAzMjQxMTA5NTBaMCIxDzANBgNVBAoTBkRvY2tlcjEPMA0GA1UEAxMG
-RG9ja2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3sA/g7Srrkz
-uEf1Qa2jAw93EfEJvxU1ZmZ30aB7KLgHN2TznxAGYtNekAu88CV4H3PKS44BZOar
-wOo3KL4wQffLt7lmsRJG1KOfyiAmjmvidP5JSeRdTiBtj4CCVoi3EE6BZXPpZjst
-9OSOlld2bWWXHb2ZdoY3ZAhZ9rn3tVwyfoLKpuESp1WZSFHPIdcuoMmZPtqD0bSi
-5hc4gVFNLlZOAILvUkXxcHKUgLHZg0YEDQWsYjqh8EYp5LUK2tt4Mpz0HwAt9siE
-VxHGIsiEqG1ajmxZiS28nlRWc4JRlOdmy5x1TPzJTDy+49gxB4njp1nRUtUgzmaG
-QHhml35xHQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB
-/zAdBgNVHQ4EFgQU8WDDaoMtsJIJj2S//m0wk0KOrpUwDQYJKoZIhvcNAQELBQAD
-ggEBAKZJfQjjfqn0K/UlzmrGcRkhrLbJNUfCD6TvxD75MoGtEe+VUEjljm1JHSbj
-DrevDyTnak1W4o5/dcy0h6kI6lhHgObbcoAV5CxQ4+HHmeowA/fzedbnIdnHwtNg
-SUJEslqoJSiYiiFQLV/yWWfBCWpbIgpDrADU7x9Ccxt6INuxrxOQwf1LZnmVbYs0
-1Mb/O1UFnvW7MeVSR4Nb/4lw6lol+mrR1iF8tTQ+rk4sBdCxw2aU48x3Pjqm+XpV
-PIm9uRUr4tRDyQfmBZuxWTNJ9NSx5zVpLEPhDmyOW5wlSw+aKGscu9+RjBx/gXPk
-sK8jZi441ojEJ7OaggGPheO3mCU=
------END CERTIFICATE-----
diff --git a/e2e/trust/main_test.go b/e2e/trust/main_test.go
deleted file mode 100644
index 5881adcda..000000000
--- a/e2e/trust/main_test.go
+++ /dev/null
@@ -1,17 +0,0 @@
-package trust
-
-import (
-	"fmt"
-	"os"
-	"testing"
-
-	"github.com/docker/cli/internal/test/environment"
-)
-
-func TestMain(m *testing.M) {
-	if err := environment.Setup(); err != nil {
-		fmt.Println(err.Error())
-		os.Exit(3)
-	}
-	os.Exit(m.Run())
-}
diff --git a/e2e/trust/revoke_test.go b/e2e/trust/revoke_test.go
deleted file mode 100644
index 8ee5dc4ad..000000000
--- a/e2e/trust/revoke_test.go
+++ /dev/null
@@ -1,72 +0,0 @@
-package trust
-
-import (
-	"testing"
-
-	"github.com/docker/cli/e2e/internal/fixtures"
-	"github.com/docker/cli/internal/test/environment"
-	"gotest.tools/v3/assert"
-	is "gotest.tools/v3/assert/cmp"
-	"gotest.tools/v3/fs"
-	"gotest.tools/v3/icmd"
-	"gotest.tools/v3/skip"
-)
-
-const (
-	revokeImage = "registry:5000/revoke:v1"
-	revokeRepo  = "registry:5000/revokerepo"
-)
-
-func TestRevokeImage(t *testing.T) {
-	skip.If(t, environment.RemoteDaemon())
-
-	dir := fixtures.SetupConfigFile(t)
-	defer dir.Remove()
-	setupTrustedImagesForRevoke(t, dir)
-	result := icmd.RunCmd(
-		icmd.Command("docker", "trust", "revoke", revokeImage),
-		fixtures.WithPassphrase("root_password", "repo_password"),
-		fixtures.WithNotary, fixtures.WithConfig(dir.Path()))
-	result.Assert(t, icmd.Success)
-	assert.Check(t, is.Contains(result.Stdout(), "Successfully deleted signature for registry:5000/revoke:v1"))
-}
-
-func TestRevokeRepo(t *testing.T) {
-	skip.If(t, environment.RemoteDaemon())
-
-	dir := fixtures.SetupConfigFile(t)
-	defer dir.Remove()
-	setupTrustedImagesForRevokeRepo(t, dir)
-	result := icmd.RunCmd(
-		icmd.Command("docker", "trust", "revoke", revokeRepo, "-y"),
-		fixtures.WithPassphrase("root_password", "repo_password"),
-		fixtures.WithNotary, fixtures.WithConfig(dir.Path()))
-	result.Assert(t, icmd.Success)
-	assert.Check(t, is.Contains(result.Stdout(), "Successfully deleted signature for registry:5000/revoke"))
-}
-
-func setupTrustedImagesForRevoke(t *testing.T, dir fs.Dir) {
-	t.Helper()
-	icmd.RunCmd(icmd.Command("docker", "pull", fixtures.AlpineImage)).Assert(t, icmd.Success)
-	icmd.RunCommand("docker", "tag", fixtures.AlpineImage, revokeImage).Assert(t, icmd.Success)
-	icmd.RunCmd(
-		icmd.Command("docker", "-D", "trust", "sign", revokeImage),
-		fixtures.WithPassphrase("root_password", "repo_password"),
-		fixtures.WithConfig(dir.Path()), fixtures.WithNotary).Assert(t, icmd.Success)
-}
-
-func setupTrustedImagesForRevokeRepo(t *testing.T, dir fs.Dir) {
-	t.Helper()
-	icmd.RunCmd(icmd.Command("docker", "pull", fixtures.AlpineImage)).Assert(t, icmd.Success)
-	icmd.RunCommand("docker", "tag", fixtures.AlpineImage, revokeRepo+":v1").Assert(t, icmd.Success)
-	icmd.RunCmd(
-		icmd.Command("docker", "-D", "trust", "sign", revokeRepo+":v1"),
-		fixtures.WithPassphrase("root_password", "repo_password"),
-		fixtures.WithConfig(dir.Path()), fixtures.WithNotary).Assert(t, icmd.Success)
-	icmd.RunCmd(icmd.Command("docker", "pull", fixtures.BusyboxImage)).Assert(t, icmd.Success)
-	icmd.RunCommand("docker", "tag", fixtures.BusyboxImage, revokeRepo+":v2").Assert(t, icmd.Success)
-	icmd.RunCmd(
-		icmd.Command("docker", "-D", "trust", "sign", revokeRepo+":v2"),
-		fixtures.WithPassphrase("root_password", "repo_password"),
-		fixtures.WithConfig(dir.Path()), fixtures.WithNotary).Assert(t, icmd.Success)
-}
diff --git a/e2e/trust/sign_test.go b/e2e/trust/sign_test.go
deleted file mode 100644
index 44bb00782..000000000
--- a/e2e/trust/sign_test.go
+++ /dev/null
@@ -1,67 +0,0 @@
-package trust
-
-import (
-	"testing"
-
-	"github.com/docker/cli/e2e/internal/fixtures"
-	"github.com/docker/cli/internal/test/environment"
-	"gotest.tools/v3/assert"
-	is "gotest.tools/v3/assert/cmp"
-	"gotest.tools/v3/fs"
-	"gotest.tools/v3/icmd"
-	"gotest.tools/v3/skip"
-)
-
-const (
-	localImage = "registry:5000/signlocal:v1"
-	signImage  = "registry:5000/sign:v1"
-)
-
-func TestSignLocalImage(t *testing.T) {
-	skip.If(t, environment.RemoteDaemon())
-	// Digests in golden files are linux/amd64 specific.
-	// TODO: Fix this test and make it work on all platforms.
-	environment.SkipIfNotPlatform(t, "linux/amd64")
-
-	dir := fixtures.SetupConfigFile(t)
-	defer dir.Remove()
-	icmd.RunCmd(icmd.Command("docker", "pull", fixtures.AlpineImage)).Assert(t, icmd.Success)
-	icmd.RunCommand("docker", "tag", fixtures.AlpineImage, signImage).Assert(t, icmd.Success)
-	result := icmd.RunCmd(
-		icmd.Command("docker", "trust", "sign", signImage),
-		fixtures.WithPassphrase("root_password", "repo_password"),
-		fixtures.WithConfig(dir.Path()), fixtures.WithNotary)
-	result.Assert(t, icmd.Success)
-	assert.Check(t, is.Contains(result.Stdout(), "v1: digest: sha256:"+fixtures.AlpineSha))
-}
-
-func TestSignWithLocalFlag(t *testing.T) {
-	skip.If(t, environment.RemoteDaemon())
-	// Digests in golden files are linux/amd64 specific.
-	// TODO: Fix this test and make it work on all platforms.
-	environment.SkipIfNotPlatform(t, "linux/amd64")
-
-	dir := fixtures.SetupConfigFile(t)
-	defer dir.Remove()
-	setupTrustedImageForOverwrite(t, dir)
-	result := icmd.RunCmd(
-		icmd.Command("docker", "trust", "sign", "--local", localImage),
-		fixtures.WithPassphrase("root_password", "repo_password"),
-		fixtures.WithConfig(dir.Path()), fixtures.WithNotary)
-	result.Assert(t, icmd.Success)
-	assert.Check(t, is.Contains(result.Stdout(), "v1: digest: sha256:"+fixtures.BusyboxSha))
-}
-
-func setupTrustedImageForOverwrite(t *testing.T, dir fs.Dir) {
-	t.Helper()
-	icmd.RunCmd(icmd.Command("docker", "pull", fixtures.AlpineImage)).Assert(t, icmd.Success)
-	icmd.RunCommand("docker", "tag", fixtures.AlpineImage, localImage).Assert(t, icmd.Success)
-	result := icmd.RunCmd(
-		icmd.Command("docker", "-D", "trust", "sign", localImage),
-		fixtures.WithPassphrase("root_password", "repo_password"),
-		fixtures.WithConfig(dir.Path()), fixtures.WithNotary)
-	result.Assert(t, icmd.Success)
-	assert.Check(t, is.Contains(result.Stdout(), "v1: digest: sha256:"+fixtures.AlpineSha))
-	icmd.RunCmd(icmd.Command("docker", "pull", fixtures.BusyboxImage)).Assert(t, icmd.Success)
-	icmd.RunCommand("docker", "tag", fixtures.BusyboxImage, localImage).Assert(t, icmd.Success)
-}