diff --git a/scripts/check-qemu-install b/scripts/check-qemu-install
index 53e1c74d..61880a23 100755
--- a/scripts/check-qemu-install
+++ b/scripts/check-qemu-install
@@ -754,6 +754,88 @@ try:
 
         verify_config()
 
+        # Shutdown VM
+        shutdownVM(c, log, 'Shutdown VM for non-TPM backed test')
+
+        # Clear swtpm
+        from glob import glob
+        for f in glob(f'{tpm_folder}/*'):
+            os.remove(f)
+
+        # Shutdown kills swtpm
+        tpm_process.join()
+        tpm_process.close()
+        tpm_process = None
+
+        # Booting back into VM
+        log.info('Booting system without TPM')
+        cmd = get_qemu_cmd(qemu_name, args.uefi, args.disk, raid=diskname_raid, tpm=False, vnc_enabled=args.vnc)
+        log.debug(f'Executing command: {cmd}')
+        c = pexpect.spawn(cmd, logfile=stl)
+
+        try:
+            c.expect('The highlighted entry will be executed automatically in', timeout=10)
+            c.sendline('')
+        except pexpect.TIMEOUT:
+            log.warning('Did not find GRUB countdown window, ignoring')
+
+        loginVM(c, log)
+
+        # New recovery key
+        test_recovery_key = ''.join(choices(string.ascii_uppercase + string.digits, k=32))
+
+        log.info('Encrypting config')
+        c.sendline('encryption enable')
+        c.expect('Are you sure you want to proceed\?.*')
+        c.sendline('y')
+        c.expect('Enter key: ')
+        c.sendline(test_recovery_key)
+        c.expect('Enter size of encrypted config partition.*', timeout=30)
+        c.sendline('32')
+        c.expect('Encrypted config volume has been enabled', timeout=tpm_timeout)
+        c.expect('Backup the key in a safe place!')
+        c.expect(f'Key: {test_recovery_key}')
+        c.expect(op_mode_prompt)
+
+        verify_mount()
+
+        shutdownVM(c, log, 'Shutdown VM for non-TPM config load')
+
+        # Booting back into VM
+        log.info('Booting system without TPM')
+        cmd = get_qemu_cmd(qemu_name, args.uefi, args.disk, raid=diskname_raid, tpm=False, vnc_enabled=args.vnc)
+        log.debug(f'Executing command: {cmd}')
+        c = pexpect.spawn(cmd, logfile=stl)
+
+        try:
+            c.expect('The highlighted entry will be executed automatically in', timeout=10)
+            c.sendline('')
+        except pexpect.TIMEOUT:
+            log.warning('Did not find GRUB countdown window, ignoring')
+
+        c.expect('.*Encrypted config volume has not been mounted', timeout=120)
+
+        loginVM(c, log)
+
+        # Test loading config with recovery key
+        c.sendline('encryption load')
+        c.expect('Enter key: ')
+        c.sendline(test_recovery_key)
+        c.expect('Encrypted config volume has been mounted', timeout=120)
+        c.expect(op_mode_prompt)
+
+        verify_mount()
+
+        log.info('Loading encrypted config.boot')
+        c.sendline('configure')
+        c.expect(cfg_mode_prompt)
+        c.sendline('load /config/config.boot')
+        c.expect(cfg_mode_prompt)
+        c.sendline('commit')
+        c.expect(cfg_mode_prompt)
+        c.sendline('exit')
+        c.expect(op_mode_prompt)
+
     elif args.raid:
         # Verify RAID subsystem - by deleting a disk and re-create the array
         # from scratch