diff --git a/image.c b/image.c
index a873a85..6f43405 100644
--- a/image.c
+++ b/image.c
@@ -17,6 +17,7 @@
  * USA.
  */
 
+#include <stdbool.h>
 #include <stdint.h>
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -342,24 +343,32 @@ int image_hash_sha256(struct image *image, uint8_t digest[])
 	return !rc;
 }
 
-int image_write_signed(struct image *image, const char *filename)
+int image_write(struct image *image, const char *filename)
 {
 	struct cert_table_header cert_table_header;
 	int fd, rc, len, padlen;
+	bool is_signed;
 	uint8_t pad[8];
 
-	cert_table_header.size = image->sigsize;
-	cert_table_header.revision = 0x0200; /* = revision 2 */
-	cert_table_header.type = 0x0002; /* PKCS signedData */
+	is_signed = image->sigbuf && image->sigsize;
 
-	len = sizeof(cert_table_header) + image->sigsize;
+	/* optionally update the image to contain signature data */
+	if (is_signed) {
+		cert_table_header.size = image->sigsize;
+		cert_table_header.revision = 0x0200; /* = revision 2 */
+		cert_table_header.type = 0x0002; /* PKCS signedData */
 
-	/* pad to sizeof(pad)-byte boundary */
-	padlen = align_up(len, sizeof(pad)) - len;
+		len = sizeof(cert_table_header) + image->sigsize;
 
-	/* update the image to contain signature data */
-	image->data_dir_sigtable->addr = image->size;
-	image->data_dir_sigtable->size = len + padlen;
+		/* pad to sizeof(pad)-byte boundary */
+		padlen = align_up(len, sizeof(pad)) - len;
+
+		image->data_dir_sigtable->addr = image->size;
+		image->data_dir_sigtable->size = len + padlen;
+	} else {
+		image->data_dir_sigtable->addr = 0;
+		image->data_dir_sigtable->size = 0;
+	}
 
 	fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0644);
 	if (fd < 0) {
@@ -370,6 +379,8 @@ int image_write_signed(struct image *image, const char *filename)
 	rc = write_all(fd, image->buf, image->size);
 	if (!rc)
 		goto out;
+	if (!is_signed)
+		goto out;
 
 	rc = write_all(fd, &cert_table_header, sizeof(cert_table_header));
 	if (!rc)
diff --git a/image.h b/image.h
index e3a2be6..4bbbf31 100644
--- a/image.h
+++ b/image.h
@@ -80,7 +80,7 @@ struct image *image_load(const char *filename);
 int image_pecoff_parse(struct image *image);
 int image_find_regions(struct image *image);
 int image_hash_sha256(struct image *image, uint8_t digest[]);
-int image_write_signed(struct image *image, const char *filename);
+int image_write(struct image *image, const char *filename);
 int image_write_detached(struct image *image, const char *filename);
 
 #endif /* IMAGE_H */
diff --git a/sbsign.c b/sbsign.c
index f0c6ec6..884772b 100644
--- a/sbsign.c
+++ b/sbsign.c
@@ -212,7 +212,7 @@ int main(int argc, char **argv)
 	if (ctx->detached)
 		image_write_detached(ctx->image, ctx->outfilename);
 	else
-		image_write_signed(ctx->image, ctx->outfilename);
+		image_write(ctx->image, ctx->outfilename);
 
 	talloc_free(ctx);