diff --git a/.github/workflows/portage-stable-packages-list b/.github/workflows/portage-stable-packages-list
index 755302b031..740aaa07f7 100644
--- a/.github/workflows/portage-stable-packages-list
+++ b/.github/workflows/portage-stable-packages-list
@@ -131,6 +131,7 @@ app-crypt/adcli
 app-crypt/argon2
 app-crypt/ccid
 app-crypt/gnupg
+app-crypt/gnupg-pkcs11-scd
 app-crypt/gpgme
 app-crypt/libb2
 app-crypt/libmd
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1-r56.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1-r57.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1-r56.ebuild
rename to sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1-r57.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1.ebuild
index 0d8be10a14..4fce648bdf 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1.ebuild
@@ -18,6 +18,7 @@ DEPEND="
 	app-admin/updateservicectl
 	app-arch/pbzip2
 	app-crypt/azure-keyvault-pkcs11
+	app-crypt/gnupg-pkcs11-scd
 	app-crypt/p11-kit
 	app-crypt/sbsigntools
 	app-emulation/open-vmdk
diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
index e92681392a..90ac85b2d9 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
@@ -32,6 +32,9 @@
 # The only available ebuild (from GURU) has ~amd64 and no keyword for arm64 yet.
 =app-crypt/clevis-19-r1 **
 
+# This package has not been stabilised yet.
+=app-crypt/gnupg-pkcs11-scd-0.11.0 ~amd64
+
 # Needed by arm64-native SDK.
 =app-emulation/open-vmdk-1.0 *
 
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/gnupg-pkcs11-scd/Manifest b/sdk_container/src/third_party/portage-stable/app-crypt/gnupg-pkcs11-scd/Manifest
new file mode 100644
index 0000000000..83aab75906
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/gnupg-pkcs11-scd/Manifest
@@ -0,0 +1 @@
+DIST gnupg-pkcs11-scd-0.11.0.tar.bz2 154497 BLAKE2B d5a0c84c6a31a3b8396b11cc2935995a2ed754e163f60bc81b142c59d37fe6f282c5d33222b85d50f95590e07da1187ba319e0dea23490e35ccc8c04346e93b5 SHA512 6f8da7e4166dc37aa98f424a470ea6f0678cfd5b02ac7b8e11516ea0a4bda0d84855b20fde166a5406047e8251b77f1544d7b362f72016bb5ee0a13ba040a40c
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/gnupg-pkcs11-scd/files/gnupg-pkcs11-scd-proxy.confd b/sdk_container/src/third_party/portage-stable/app-crypt/gnupg-pkcs11-scd/files/gnupg-pkcs11-scd-proxy.confd
new file mode 100644
index 0000000000..702cf615fa
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/gnupg-pkcs11-scd/files/gnupg-pkcs11-scd-proxy.confd
@@ -0,0 +1 @@
+SCD_CONFIG=/etc/gnupg-pkcs11-scd.conf
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/gnupg-pkcs11-scd/files/gnupg-pkcs11-scd-proxy.initd b/sdk_container/src/third_party/portage-stable/app-crypt/gnupg-pkcs11-scd/files/gnupg-pkcs11-scd-proxy.initd
new file mode 100644
index 0000000000..eb6b3cc62c
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/gnupg-pkcs11-scd/files/gnupg-pkcs11-scd-proxy.initd
@@ -0,0 +1,24 @@
+#!/sbin/openrc-run
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+description="gnupg-pkcs11-scd proxy."
+
+GNUPG_PKCS11_GROUP="${GNUPG_PKCS11_GROUP:-gnupg-pkcs11}"
+
+command="/usr/bin/gnupg-pkcs11-scd-proxy-server"
+command_args="--scd-config='${SCD_CONFIG}' --socket-group=${GNUPG_PKCS11_GROUP} ${EXTRA_OPTS}"
+pidfile=${PIDFILE:-/run/${SVCNAME}.pid}
+user=${USER:-gnupg-pkcs11-scd-proxy}
+group=${GROUP:-gnupg-pkcs11-scd-proxy}
+command_user="${user}:${group}"
+command_background="yes"
+
+depend() {
+	need localmount
+	after bootmisc
+}
+
+start_pre() {
+	checkpath -o ${user}:${GNUPG_PKCS11_GROUP} -m 0750 -d /run/gnupg-pkcs11-scd-proxy
+}
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/gnupg-pkcs11-scd/gnupg-pkcs11-scd-0.11.0.ebuild b/sdk_container/src/third_party/portage-stable/app-crypt/gnupg-pkcs11-scd/gnupg-pkcs11-scd-0.11.0.ebuild
new file mode 100644
index 0000000000..57940c3a99
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/gnupg-pkcs11-scd/gnupg-pkcs11-scd-0.11.0.ebuild
@@ -0,0 +1,60 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DESCRIPTION="PKCS#11 support for GnuPG"
+HOMEPAGE="https://sourceforge.net/projects/gnupg-pkcs11/"
+
+if [[ ${PV} == "9999" ]] ; then
+	EGIT_REPO_URI="https://github.com/alonbl/gnupg-pkcs11-scd.git"
+	inherit autotools git-r3
+else
+	SRC_URI="https://github.com/alonbl/${PN}/releases/download/${P}/${P}.tar.bz2"
+	KEYWORDS="~amd64 ~x86"
+fi
+
+LICENSE="BSD"
+SLOT="0"
+IUSE="proxy"
+
+DEPEND="
+	dev-libs/openssl:=
+	dev-libs/libassuan:=
+	dev-libs/libgcrypt:=
+	dev-libs/libgpg-error:=
+	dev-libs/pkcs11-helper:=
+"
+RDEPEND="
+	${DEPEND}
+	proxy? (
+		acct-group/gnupg-pkcs11
+		acct-group/gnupg-pkcs11-scd-proxy
+		acct-user/gnupg-pkcs11-scd-proxy
+	)
+"
+BDEPEND="virtual/pkgconfig"
+
+src_prepare() {
+	default
+
+	[[ ${PV} == 9999 ]] && eautoreconf
+}
+
+src_configure() {
+	local myeconfargs=(
+		$(use_enable proxy)
+		--with-proxy-socket=/run/gnupg-pkcs11-scd-proxy/cmd
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	default
+
+	if use proxy; then
+		newinitd "${FILESDIR}"/gnupg-pkcs11-scd-proxy.initd gnupg-pkcs11-scd-proxy
+		newconfd "${FILESDIR}"/gnupg-pkcs11-scd-proxy.confd gnupg-pkcs11-scd-proxy
+	fi
+}
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/gnupg-pkcs11-scd/gnupg-pkcs11-scd-9999.ebuild b/sdk_container/src/third_party/portage-stable/app-crypt/gnupg-pkcs11-scd/gnupg-pkcs11-scd-9999.ebuild
new file mode 100644
index 0000000000..57940c3a99
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/gnupg-pkcs11-scd/gnupg-pkcs11-scd-9999.ebuild
@@ -0,0 +1,60 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DESCRIPTION="PKCS#11 support for GnuPG"
+HOMEPAGE="https://sourceforge.net/projects/gnupg-pkcs11/"
+
+if [[ ${PV} == "9999" ]] ; then
+	EGIT_REPO_URI="https://github.com/alonbl/gnupg-pkcs11-scd.git"
+	inherit autotools git-r3
+else
+	SRC_URI="https://github.com/alonbl/${PN}/releases/download/${P}/${P}.tar.bz2"
+	KEYWORDS="~amd64 ~x86"
+fi
+
+LICENSE="BSD"
+SLOT="0"
+IUSE="proxy"
+
+DEPEND="
+	dev-libs/openssl:=
+	dev-libs/libassuan:=
+	dev-libs/libgcrypt:=
+	dev-libs/libgpg-error:=
+	dev-libs/pkcs11-helper:=
+"
+RDEPEND="
+	${DEPEND}
+	proxy? (
+		acct-group/gnupg-pkcs11
+		acct-group/gnupg-pkcs11-scd-proxy
+		acct-user/gnupg-pkcs11-scd-proxy
+	)
+"
+BDEPEND="virtual/pkgconfig"
+
+src_prepare() {
+	default
+
+	[[ ${PV} == 9999 ]] && eautoreconf
+}
+
+src_configure() {
+	local myeconfargs=(
+		$(use_enable proxy)
+		--with-proxy-socket=/run/gnupg-pkcs11-scd-proxy/cmd
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	default
+
+	if use proxy; then
+		newinitd "${FILESDIR}"/gnupg-pkcs11-scd-proxy.initd gnupg-pkcs11-scd-proxy
+		newconfd "${FILESDIR}"/gnupg-pkcs11-scd-proxy.confd gnupg-pkcs11-scd-proxy
+	fi
+}
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/gnupg-pkcs11-scd/metadata.xml b/sdk_container/src/third_party/portage-stable/app-crypt/gnupg-pkcs11-scd/metadata.xml
new file mode 100644
index 0000000000..228ca6738a
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/gnupg-pkcs11-scd/metadata.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<!-- maintainer-needed -->
+	<upstream>
+		<remote-id type="sourceforge">gnupg-pkcs11</remote-id>
+		<remote-id type="github">alonbl/gnupg-pkcs11-scd</remote-id>
+	</upstream>
+	<use>
+		<flag name="proxy">Build the gnupg-pkcs11-scd-prox</flag>
+	</use>
+</pkgmetadata>