Trying to use zOSMF with portable software instances to retrieve common services as documented by Broadcom but after executing the download job IZUD01DL we get "Was the signature verified? No".

Checking and installing the certificate from "Mainframe Common Maintenance Procedures" and pointed to the signature using "signaturekeyring=" keyword but not even a message in the logs is pointing out what we have to do to get the signatures checked.

Checking the download directory in USS, there is no GIMPAF2.XML with signature data in the directory.

z/OSMF
Broadcom mainframe product package

Currently, Broadcom only supports the signing of Receive Order packages.  We do not have any plans to sign product packages in the near future

When starting the download of the package via z/OSMF and then the job IZUD01DL is started...
According to the manual, there should be a message:

GIM69270I SIGNATURE VALIDATION FOR FILE file-name WAS SUCCESSFUL. THE GIMZIP PACKAGE WAS SIGNED BY A CERTIFICATE WITH SUBJECT NAME subject-name, SERIAL NUMBER serial AND SHA256 FINGERPRINT fingerprint. THE SIGNING CERTIFICATE WAS ISSUED BY CN=Broadcom Mainframe Software Root CA