diff --git a/src/integration/src/lib.rs b/src/integration/src/lib.rs
index 3d074171..2a1a5fea 100644
--- a/src/integration/src/lib.rs
+++ b/src/integration/src/lib.rs
@@ -38,6 +38,8 @@ pub const LOCAL_HOST: &str = "127.0.0.1";
 pub const PCR3: &str = "78fce75db17cd4e0a3fb8dad3ad128ca5e77edbb2b2c7f75329dccd99aa5f6ef4fc1f1a452e315b9e98f9e312e6921e6";
 /// QOS dist directory.
 pub const QOS_DIST_DIR: &str = "./mock/dist";
+/// Mock pcr3 pre-image.
+pub const PCR3_PRE_IMAGE_PATH: &str = "./mock/namespaces/pcr3-preimage.txt";
 
 const MSG: &str = "msg";
 
diff --git a/src/integration/tests/boot.rs b/src/integration/tests/boot.rs
index e5f0bd05..5f6dd556 100644
--- a/src/integration/tests/boot.rs
+++ b/src/integration/tests/boot.rs
@@ -7,7 +7,8 @@ use std::{
 
 use borsh::de::BorshDeserialize;
 use integration::{
-	LOCAL_HOST, PIVOT_OK2_PATH, PIVOT_OK2_SUCCESS_FILE, QOS_DIST_DIR,
+	LOCAL_HOST, PCR3_PRE_IMAGE_PATH, PIVOT_OK2_PATH, PIVOT_OK2_SUCCESS_FILE,
+	QOS_DIST_DIR,
 };
 use qos_core::protocol::{
 	services::{
@@ -81,7 +82,7 @@ async fn standard_boot_e2e() {
 			"--qos-release-dir",
 			QOS_DIST_DIR,
 			"--pcr3-preimage-path",
-			"./mock/namespaces/pcr3-preimage.txt",
+			PCR3_PRE_IMAGE_PATH,
 			"--manifest-path",
 			&cli_manifest_path,
 			"--pivot-args",
@@ -157,7 +158,7 @@ async fn standard_boot_e2e() {
 				"--manifest-approvals-dir",
 				&*boot_dir,
 				"--pcr3-preimage-path",
-				"./mock/namespaces/pcr3-preimage.txt",
+				PCR3_PRE_IMAGE_PATH,
 				"--pivot-hash-path",
 				PIVOT_HASH_PATH,
 				"--qos-release-dir",
@@ -361,7 +362,7 @@ async fn standard_boot_e2e() {
 				"--manifest-envelope-path",
 				&manifest_envelope_path,
 				"--pcr3-preimage-path",
-				"./mock/namespaces/pcr3-preimage.txt",
+				PCR3_PRE_IMAGE_PATH,
 				"--manifest-set-dir",
 				"./mock/keys/manifest-set",
 				"--alias",
diff --git a/src/integration/tests/genesis.rs b/src/integration/tests/genesis.rs
index 17b8d205..42fccfee 100644
--- a/src/integration/tests/genesis.rs
+++ b/src/integration/tests/genesis.rs
@@ -6,7 +6,7 @@ use std::{
 };
 
 use borsh::de::BorshDeserialize;
-use integration::{LOCAL_HOST, QOS_DIST_DIR};
+use integration::{LOCAL_HOST, PCR3_PRE_IMAGE_PATH, QOS_DIST_DIR};
 use qos_core::protocol::services::genesis::GenesisOutput;
 use qos_crypto::{sha_512, shamir::shares_reconstruct};
 use qos_nsm::nitro::unsafe_attestation_doc_from_der;
@@ -153,7 +153,7 @@ async fn genesis_e2e() {
 			"--qos-release-dir",
 			QOS_DIST_DIR,
 			"--pcr3-preimage-path",
-			"./mock/pcr3-preimage.txt",
+			PCR3_PRE_IMAGE_PATH,
 			"--dr-key-path",
 			DR_KEY_PUBLIC_PATH,
 			"--unsafe-skip-attestation"
diff --git a/src/integration/tests/key.rs b/src/integration/tests/key.rs
index 3769c83b..0568948f 100644
--- a/src/integration/tests/key.rs
+++ b/src/integration/tests/key.rs
@@ -1,6 +1,8 @@
 use std::{fs, process::Command};
 
-use integration::{LOCAL_HOST, PIVOT_LOOP_PATH, QOS_DIST_DIR};
+use integration::{
+	LOCAL_HOST, PCR3_PRE_IMAGE_PATH, PIVOT_LOOP_PATH, QOS_DIST_DIR,
+};
 use qos_crypto::sha_256;
 use qos_p256::{P256Pair, P256Public};
 use qos_test_primitives::{ChildWrapper, PathWrapper};
@@ -158,7 +160,7 @@ fn generate_manifest_envelope() {
 			"--restart-policy",
 			"always",
 			"--pcr3-preimage-path",
-			"./mock/namespaces/pcr3-preimage.txt",
+			PCR3_PRE_IMAGE_PATH,
 			"--pivot-hash-path",
 			PIVOT_HASH_PATH,
 			"--qos-release-dir",
@@ -196,7 +198,7 @@ fn generate_manifest_envelope() {
 				"--manifest-approvals-dir",
 				BOOT_DIR,
 				"--pcr3-preimage-path",
-				"./mock/namespaces/pcr3-preimage.txt",
+				PCR3_PRE_IMAGE_PATH,
 				"--pivot-hash-path",
 				PIVOT_HASH_PATH,
 				"--qos-release-dir",
@@ -293,7 +295,7 @@ fn boot_old_enclave(old_host_port: u16) -> (ChildWrapper, ChildWrapper) {
 			"--host-ip",
 			LOCAL_HOST,
 			"--pcr3-preimage-path",
-			"./mock/namespaces/pcr3-preimage.txt",
+			PCR3_PRE_IMAGE_PATH,
 			"--unsafe-skip-attestation",
 		])
 		.spawn()
@@ -343,7 +345,7 @@ fn boot_old_enclave(old_host_port: u16) -> (ChildWrapper, ChildWrapper) {
 				"--manifest-envelope-path",
 				MANIFEST_ENVELOPE_PATH,
 				"--pcr3-preimage-path",
-				"./mock/namespaces/pcr3-preimage.txt",
+				PCR3_PRE_IMAGE_PATH,
 				"--manifest-set-dir",
 				"./mock/keys/manifest-set",
 				"--alias",
diff --git a/src/qos_client/src/cli/services.rs b/src/qos_client/src/cli/services.rs
index 84d9dd91..0aa8ce49 100644
--- a/src/qos_client/src/cli/services.rs
+++ b/src/qos_client/src/cli/services.rs
@@ -1585,8 +1585,8 @@ pub(crate) fn dangerous_dev_boot<P: AsRef<Path>>(
 	let pivot = fs::read(&pivot_path).expect("Failed to read pivot binary.");
 
 	let mock_pcr = vec![0; 48];
-	// Create a manifest with manifest set of 1 - everything hardcoded expect
-	// pivot config
+	// Create a manifest with manifest set of 1
+	// everything below is hardcoded except pivot config
 	let manifest = Manifest {
 		namespace: Namespace {
 			name: DANGEROUS_DEV_BOOT_NAMESPACE.to_string(),
@@ -1608,7 +1608,7 @@ pub(crate) fn dangerous_dev_boot<P: AsRef<Path>>(
 			members: vec![member.clone()],
 		},
 		share_set: ShareSet {
-			threshold: 1,
+			threshold: 2,
 			// The only member is the quorum member
 			members: vec![member.clone()],
 		},
@@ -1670,15 +1670,18 @@ pub(crate) fn dangerous_dev_boot<P: AsRef<Path>>(
 		approval: approval.clone(),
 	};
 	let resp1 = request::post(uri, &req1).unwrap();
-	assert!(matches!(
-		resp1,
-		ProtocolMsg::ProvisionResponse { reconstructed: false }
-	));
+	assert!(
+		matches!(
+			resp1,
+			ProtocolMsg::ProvisionResponse { reconstructed: false }
+		),
+		"{resp1:?}"
+	);
 
 	// Post the second share; expected to reconstruct.
 	let req2 = ProtocolMsg::ProvisionRequest {
 		share: eph_pub
-			.encrypt(&shares[0])
+			.encrypt(&shares[1])
 			.expect("Failed to encrypt share to eph key."),
 		approval,
 	};