diff --git a/components/bootloader_support/CMakeLists.txt b/components/bootloader_support/CMakeLists.txt
index c1f8eb6fdb83..44d54ff7950f 100644
--- a/components/bootloader_support/CMakeLists.txt
+++ b/components/bootloader_support/CMakeLists.txt
@@ -140,6 +140,7 @@ if(CONFIG_SECURE_SIGNED_APPS AND (CONFIG_SECURE_BOOT_V1_ENABLED OR CONFIG_SECURE
                 extract_public_key --keyfile "${secure_boot_signing_key}"
                 "${secure_boot_verification_key}"
                 DEPENDS ${secure_boot_signing_key}
+                BYPRODUCTS ${secure_boot_verification_key}
                 VERBATIM)
         else()
             # We expect to 'inherit' the verification key passed from main project.
@@ -169,6 +170,7 @@ if(CONFIG_SECURE_SIGNED_APPS AND (CONFIG_SECURE_BOOT_V1_ENABLED OR CONFIG_SECURE
                 "${secure_boot_verification_key}"
                 WORKING_DIRECTORY ${project_dir}
                 DEPENDS ${secure_boot_signing_key}
+                BYPRODUCTS ${secure_boot_verification_key}
                 VERBATIM)
         endif()
     endif()
@@ -177,9 +179,6 @@ if(CONFIG_SECURE_SIGNED_APPS AND (CONFIG_SECURE_BOOT_V1_ENABLED OR CONFIG_SECURE
     #
     target_add_binary_data(${COMPONENT_LIB} "${secure_boot_verification_key}" "BINARY"
         RENAME_TO signature_verification_key_bin)
-    set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
-        APPEND PROPERTY ADDITIONAL_CLEAN_FILES
-        "${secure_boot_verification_key}")
 endif()
 
 if(BOOTLOADER_BUILD)