diff --git a/proto/bootz.proto b/proto/bootz.proto
index 6f5603c..de6ca85 100644
--- a/proto/bootz.proto
+++ b/proto/bootz.proto
@@ -190,14 +190,29 @@ message GetBootstrapDataResponse {
   bytes serialized_bootstrap_data = 104;
 }
 
+// Fields required by the device to be able to
+// download and verify an image.
+// The format of this message is identical to the `boot-image` data 
+// model outlined in the sZTP RFC:
+// https://datatracker.ietf.org/doc/html/rfc8572#section-6.1
 message SoftwareImage {
+  // The name of the operating system software the device should be running.
   string name = 1;
+  // The version of the operating system software the device should be running.
   string version = 2;
   // An HTTP location from where the OS file can be downloaded.
   string url = 3;
   // Hash of the OS image. The device must verify that the hash of the
-  // downloaded OS image matches this.
+  // downloaded OS image matches this. The format of this field is a 
+  // `hex-string`, identified in RFC6991 as "A hexadecimal string with 
+  // octets represented as hex digits separated by colons.
+  // The canonical representation uses lowercase characters."
+  // e.g.: "d9:a5:d1:0b:09:fa:4e:96:f2:40:bf:6a:82:f5"
   string os_image_hash = 4;
+  // The identity of the hash algorithm used. These hash identiities are 
+  // defined in sZTP RFC 8572. There is currenty only one hash algorithm
+  // defined in this spec:
+  // `ietf-sztp-conveyed-info:sha-256` for the SHA 256 algorithm.
   string hash_algorithm = 5;
 }
 
diff --git a/server/entitymanager/entitymanager_test.go b/server/entitymanager/entitymanager_test.go
index 7f34a58..fd4bb07 100644
--- a/server/entitymanager/entitymanager_test.go
+++ b/server/entitymanager/entitymanager_test.go
@@ -65,8 +65,8 @@ func TestNew(t *testing.T) {
 			Name:          "Default Image",
 			Version:       "1.0",
 			Url:           "https://path/to/image",
-			OsImageHash:   "e9c0f8b575cbfcb42ab3b78ecc87efa3b011d9a5d10b09fa4e96f240bf6a82f5",
-			HashAlgorithm: "SHA256",
+			OsImageHash:   "e9:c0:f8:b5:75:cb:fc:b4:2a:b3:b7:8e:cc:87:ef:a3:b0:11:d9:a5:d1:0b:09:fa:4e:96:f2:40:bf:6a:82:f5",
+			HashAlgorithm: "ietf-sztp-conveyed-info:sha-256",
 		},
 		ControllerCards: []*epb.ControlCard{
 			{
@@ -232,9 +232,9 @@ func TestResolveChassis(t *testing.T) {
 			Serial:       "123",
 			BootMode:     bpb.BootMode_BOOT_MODE_INSECURE,
 			SoftwareImage: &bpb.SoftwareImage{
-				HashAlgorithm: "SHA256",
+				HashAlgorithm: "ietf-sztp-conveyed-info:sha-256",
 				Name:          "Default Image",
-				OsImageHash:   "e9c0f8b575cbfcb42ab3b78ecc87efa3b011d9a5d10b09fa4e96f240bf6a82f5",
+				OsImageHash:   "e9:c0:f8:b5:75:cb:fc:b4:2a:b3:b7:8e:cc:87:ef:a3:b0:11:d9:a5:d1:0b:09:fa:4e:96:f2:40:bf:6a:82:f5",
 				Url:           "https://path/to/image",
 				Version:       "1.0",
 			},
@@ -441,8 +441,8 @@ func TestGetBootstrapData(t *testing.T) {
 			Name:          "Default Image",
 			Version:       "1.0",
 			Url:           "https://path/to/image",
-			OsImageHash:   "ABCDEF",
-			HashAlgorithm: "SHA256",
+			OsImageHash:   "e9:c0:f8:b5:75:cb:fc:b4:2a:b3:b7:8e:cc:87:ef:a3:b0:11:d9:a5:d1:0b:09:fa:4e:96:f2:40:bf:6a:82:f5",
+			HashAlgorithm: "ietf-sztp-conveyed-info:sha-256",
 		},
 		ControllerCards: []*epb.ControlCard{
 			{
@@ -472,8 +472,8 @@ func TestGetBootstrapData(t *testing.T) {
 				Name:          "Default Image",
 				Version:       "1.0",
 				Url:           "https://path/to/image",
-				OsImageHash:   "ABCDEF",
-				HashAlgorithm: "SHA256",
+				OsImageHash:   "e9:c0:f8:b5:75:cb:fc:b4:2a:b3:b7:8e:cc:87:ef:a3:b0:11:d9:a5:d1:0b:09:fa:4e:96:f2:40:bf:6a:82:f5",
+				HashAlgorithm: "ietf-sztp-conveyed-info:sha-256",
 			},
 			BootloaderPasswordHash: "ABCD123",
 			BootConfig: &bpb.BootConfig{
@@ -492,8 +492,8 @@ func TestGetBootstrapData(t *testing.T) {
 				Name:          "Default Image",
 				Version:       "1.0",
 				Url:           "https://path/to/image",
-				OsImageHash:   "ABCDEF",
-				HashAlgorithm: "SHA256",
+				OsImageHash:   "e9:c0:f8:b5:75:cb:fc:b4:2a:b3:b7:8e:cc:87:ef:a3:b0:11:d9:a5:d1:0b:09:fa:4e:96:f2:40:bf:6a:82:f5",
+				HashAlgorithm: "ietf-sztp-conveyed-info:sha-256",
 			},
 			BootPasswordHash: "ABCD123",
 			ServerTrustCert:  encodedServerTrustCert,
diff --git a/testdata/inventory.prototxt b/testdata/inventory.prototxt
index 8316b45..ff95de5 100644
--- a/testdata/inventory.prototxt
+++ b/testdata/inventory.prototxt
@@ -25,8 +25,8 @@ chassis {
         name: "Default Image"
 		version: "1.0"
 		url: "https://path/to/image"
-		os_image_hash: "e9c0f8b575cbfcb42ab3b78ecc87efa3b011d9a5d10b09fa4e96f240bf6a82f5"
-		hash_algorithm: "SHA256"
+		os_image_hash: "e9:c0:f8:b5:75:cb:fc:b4:2a:b3:b7:8e:cc:87:ef:a3:b0:11:d9:a5:d1:0b:09:fa:4e:96:f2:40:bf:6a:82:f5"
+		hash_algorithm: "ietf-sztp-conveyed-info:sha-256"
     }
     boot_mode: BOOT_MODE_INSECURE
     config {
diff --git a/testdata/inventory_local.prototxt b/testdata/inventory_local.prototxt
index fb075b6..2aea2c8 100644
--- a/testdata/inventory_local.prototxt
+++ b/testdata/inventory_local.prototxt
@@ -21,8 +21,8 @@ chassis {
         name: "Default Image"
 		version: "1.0"
 		url: "https://path/to/image"
-		os_image_hash: "e9c0f8b575cbfcb42ab3b78ecc87efa3b011d9a5d10b09fa4e96f240bf6a82f5"
-		hash_algorithm: "SHA256"
+		os_image_hash: "e9:c0:f8:b5:75:cb:fc:b4:2a:b3:b7:8e:cc:87:ef:a3:b0:11:d9:a5:d1:0b:09:fa:4e:96:f2:40:bf:6a:82:f5"
+		hash_algorithm: "ietf-sztp-conveyed-info:sha-256"
     }
     boot_mode: BOOT_MODE_INSECURE
     config {