diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native.inc b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native.inc
new file mode 100644
index 000000000..8d437c2b7
--- /dev/null
+++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native.inc
@@ -0,0 +1,50 @@
+# Copyright (C) 2017 Digi International
+SUMMARY = "NXP Code signing Tool for the High Assurance Boot library"
+DESCRIPTION = "Provides software code signing support designed for use with \
+i.MX processors that integrate the HAB library in the internal boot ROM."
+HOMEPAGE = "https://www.nxp.com/webapp/Download?colCode=IMX_CST_TOOL"
+LICENSE = "CLOSED"
+
+DEPENDS = "openssl-native"
+
+SRC_URI = " \
+    file://cst-${PV}.tar.gz \
+    file://0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch \
+    file://0002-hab4_pki_tree.sh-automate-script.patch \
+    file://0003-openssl_helper-use-dev-urandom-as-seed-source.patch \
+    file://0004-hab4_pki_tree.sh-usa-a-random-password-for-the-defau.patch \
+    file://Makefile \
+"
+
+# Usually local files (with file:// protocol) are not checked for
+# premirrors. But in this case we want to be able to download the 'cst'
+# package from a premirror in case it's not already in the DL_DIR, so prepend
+# a premirror for the 'file://' protocol.
+python() {
+    source_mirror_url = d.getVar('SOURCE_MIRROR_URL', True)
+    if source_mirror_url:
+        premirrors = d.getVar('PREMIRRORS', True)
+        d.setVar('PREMIRRORS', "file://cst.* %s \\n %s" % (source_mirror_url, premirrors))
+}
+
+S = "${WORKDIR}/cst-${PV}"
+
+inherit native
+
+do_configure() {
+	cp -f ${WORKDIR}/Makefile .
+}
+
+do_compile() {
+	oe_runmake clean && oe_runmake
+}
+
+do_install() {
+	install -d ${D}${bindir}
+	install -m 0755 linux64/cst ${D}${bindir}/cst
+	install -m 0755 $(find linux64 -type f -name srktool) ${D}${bindir}/srktool
+	install -m 0755 keys/hab4_pki_tree.sh ${D}${bindir}/trustfence-gen-pki.sh
+	install -m 0755 ca/openssl.cnf ${D}${bindir}/openssl.cnf
+	install -m 0755 ca/v3_ca.cnf ${D}${bindir}/v3_ca.cnf
+	install -m 0755 ca/v3_usr.cnf ${D}${bindir}/v3_usr.cnf
+}
diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_2.3.2.bb b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_2.3.2.bb
index 77194dbcf..b3ec2f2de 100644
--- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_2.3.2.bb
+++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_2.3.2.bb
@@ -1,49 +1,3 @@
-SUMMARY = "NXP Code signing Tool for the High Assurance Boot library"
-DESCRIPTION = "Provides software code signing support designed for use with \
-i.MX processors that integrate the HAB library in the internal boot ROM."
-HOMEPAGE = "https://www.nxp.com/webapp/Download?colCode=IMX_CST_TOOL"
-LICENSE = "CLOSED"
+# Copyright (C) 2017 Digi International
 
-DEPENDS = "openssl-native"
-
-SRC_URI = " \
-    ${@base_conditional('TRUSTFENCE_SIGN', '1', 'file://cst-${PV}.tar.gz', '', d)} \
-    file://0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch \
-    file://0002-hab4_pki_tree.sh-automate-script.patch \
-    file://0003-openssl_helper-use-dev-urandom-as-seed-source.patch \
-    file://0004-hab4_pki_tree.sh-usa-a-random-password-for-the-defau.patch \
-    file://Makefile \
-"
-
-# Usually local files (with file:// protocol) are not checked for
-# premirrors. But in this case we want to be able to download the 'cst'
-# package from a premirror in case it's not already in the DL_DIR, so prepend
-# a premirror for the 'file://' protocol.
-python() {
-    source_mirror_url = d.getVar('SOURCE_MIRROR_URL', True)
-    if source_mirror_url:
-        premirrors = d.getVar('PREMIRRORS', True)
-        d.setVar('PREMIRRORS', "file://cst.* %s \\n %s" % (source_mirror_url, premirrors))
-}
-
-S = "${WORKDIR}/cst-${PV}"
-
-inherit native
-
-do_configure() {
-	cp -f ${WORKDIR}/Makefile .
-}
-
-do_compile() {
-	oe_runmake clean && oe_runmake
-}
-
-do_install() {
-	install -d ${D}${bindir}
-	install -m 0755 linux64/cst ${D}${bindir}/cst
-	install -m 0755 linux64/srktool ${D}${bindir}/srktool
-	install -m 0755 keys/hab4_pki_tree.sh ${D}${bindir}/trustfence-gen-pki.sh
-	install -m 0755 ca/openssl.cnf ${D}${bindir}/openssl.cnf
-	install -m 0755 ca/v3_ca.cnf ${D}${bindir}/v3_ca.cnf
-	install -m 0755 ca/v3_usr.cnf ${D}${bindir}/v3_usr.cnf
-}
+require trustfence-cst-native.inc
diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_2.3.3.bb b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_2.3.3.bb
new file mode 100644
index 000000000..dc6e8bbd5
--- /dev/null
+++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-native_2.3.3.bb
@@ -0,0 +1,5 @@
+# Copyright (C) 2017 Digi International
+
+require trustfence-cst-native.inc
+
+INSANE_SKIP_${PN} += "already-stripped"
diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch
similarity index 100%
rename from meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch
rename to meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch
diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/0002-hab4_pki_tree.sh-automate-script.patch b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0002-hab4_pki_tree.sh-automate-script.patch
similarity index 100%
rename from meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/0002-hab4_pki_tree.sh-automate-script.patch
rename to meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0002-hab4_pki_tree.sh-automate-script.patch
diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/0003-openssl_helper-use-dev-urandom-as-seed-source.patch b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0003-openssl_helper-use-dev-urandom-as-seed-source.patch
similarity index 100%
rename from meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/0003-openssl_helper-use-dev-urandom-as-seed-source.patch
rename to meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0003-openssl_helper-use-dev-urandom-as-seed-source.patch
diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/0004-hab4_pki_tree.sh-usa-a-random-password-for-the-defau.patch b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0004-hab4_pki_tree.sh-usa-a-random-password-for-the-defau.patch
similarity index 100%
rename from meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/0004-hab4_pki_tree.sh-usa-a-random-password-for-the-defau.patch
rename to meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0004-hab4_pki_tree.sh-usa-a-random-password-for-the-defau.patch
diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/Makefile b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/Makefile
similarity index 100%
rename from meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-2.3.2/Makefile
rename to meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/Makefile