diff --git a/cli/mfg.c b/cli/mfg.c
index 878a68e1..314f54d8 100644
--- a/cli/mfg.c
+++ b/cli/mfg.c
@@ -955,6 +955,88 @@ static int state_set(int argc, char **argv)
 	return 0;
 }
 
+#define CMD_DESC_CONFIG_SHOW "show device security settings file content"
+
+static int config_show(int argc, char **argv)
+{
+	int ret;
+	struct switchtec_security_cfg_set settings = {};
+	struct switchtec_uds uds_data = {};
+
+	const char *desc = CMD_DESC_CONFIG_SHOW;
+
+	static struct {
+		struct switchtec_dev *dev;
+		FILE *setting_fimg;
+		char *setting_file;
+		FILE *uds_fimg;
+		char *uds_file;
+		int assume_yes;
+	} cfg = {};
+	const struct argconfig_options opts[] = {
+		DEVICE_OPTION_MFG_PCI,
+		{"setting_file", .cfg_type=CFG_FILE_R,
+			.value_addr=&cfg.setting_fimg,
+			.argument_type=required_positional,
+			.help="security setting file"},
+		{"uds_file", 'u', .cfg_type=CFG_FILE_R,
+			.value_addr=&cfg.uds_fimg,
+			.argument_type=required_argument,
+			.help="UDS file"},
+		{NULL}
+	};
+
+	argconfig_parse(argc, argv, desc, opts, &cfg, sizeof(cfg));
+
+	ret = switchtec_read_sec_cfg_file(cfg.dev, cfg.setting_fimg,
+					  &settings);
+	fclose(cfg.setting_fimg);
+	if (ret == -EBADF) {
+		fprintf(stderr, "Invalid secure setting file: %s!\n",
+			cfg.setting_file);
+		return -3;
+	} else if (ret == -ENODEV) {
+		fprintf(stderr, "The security setting file is for a different generation of Switchtec device!\n");
+		return -5;
+	} else if (ret == -EINVAL) {
+		fprintf(stderr, "Invalid SPI Clock Rate value specified in the security setting file!\n");
+		return -6;
+	} else if (ret) {
+		switchtec_perror("mfg config-set");
+	}
+
+	if (cfg.uds_fimg) {
+		if (settings.attn_set.attestation_mode !=
+		    SWITCHTEC_ATTESTATION_MODE_DICE) {
+			fprintf(stderr, "INFO: Attestation is not supported or not enabled. The given UDS file is ignored.\n");
+		} else if (settings.attn_set.uds_selfgen) {
+			fprintf(stderr, "INFO: Device uses self-generated UDS. The given UDS file is ignored.\n");
+		} else {
+			ret = switchtec_read_uds_file(cfg.uds_fimg, &uds_data);
+			if (ret) {
+				fprintf(stderr, "Error reading UDS file %s\n",
+					cfg.uds_file);
+				return -6;
+			}
+			memcpy(settings.attn_set.uds_data, uds_data.uds,
+			       SWITCHTEC_UDS_LEN);
+			settings.attn_set.uds_valid = true;
+		}
+	} else {
+		if ((settings.attn_set.attestation_mode ==
+		     SWITCHTEC_ATTESTATION_MODE_DICE) &&
+		    !settings.attn_set.uds_selfgen) {
+			fprintf(stderr, "ERROR: UDS file is required for the current configuration!\n");
+			return -7;
+		}
+	}
+
+	printf("Security settings from file: \n");
+	print_security_cfg_set(&settings);
+
+	return 0;
+}
+
 #define CMD_DESC_CONFIG_SET "set device security settings (BL1 and Main Firmware only)"
 
 static int config_set(int argc, char **argv)
@@ -1528,6 +1610,7 @@ static const struct cmd commands[] = {
 	CMD(boot_resume, CMD_DESC_BOOT_RESUME),
 	CMD(state_set, CMD_DESC_STATE_SET),
 	CMD(config_set, CMD_DESC_CONFIG_SET),
+	CMD(config_show, CMD_DESC_CONFIG_SHOW),
 	CMD(kmsk_entry_add, CMD_DESC_KMSK_ENTRY_ADD),
 	CMD(debug_unlock_token, CMD_DESC_DEBUG_TOKEN),
 	CMD(debug_unlock, CMD_DESC_DEBUG_UNLOCK),