diff --git a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools.inc b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools.inc
index be2dbda46..4870c03fa 100644
--- a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools.inc
+++ b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools.inc
@@ -27,25 +27,28 @@ do_configure[noexec] = "1"
 do_compile[noexec] = "1"
 
 do_install() {
-	install -d ${D}${bindir}/csf_templates
-	if [ "${TRUSTFENCE_SIGN_MODE}" = "AHAB" ]; then
-		install -m 0755 sign_ahab ${D}${bindir}/csf_templates/
-		install -m 0755 encrypt_ahab ${D}${bindir}/csf_templates/
-	elif [ "${TRUSTFENCE_SIGN_MODE}" = "HAB" ]; then
-		install -m 0755 sign_hab ${D}${bindir}/csf_templates/
-		install -m 0755 encrypt_hab ${D}${bindir}/csf_templates/
-	else
-		bberror "Unkown TRUSTFENCE_SIGN_MODE value"
-		exit 1
-	fi
-	install -m 0755 trustfence-sign-artifact.sh ${D}${bindir}/
-	install -m 0755 git/scripts/csf_templates/* ${D}${bindir}/csf_templates
+	if [ "${DEY_SOC_VENDOR}" = "NXP" ]; then
+		install -d ${D}${bindir}/csf_templates
+		if [ "${TRUSTFENCE_SIGN_MODE}" = "AHAB" ]; then
+			install -m 0755 sign_ahab ${D}${bindir}/csf_templates/
+			install -m 0755 encrypt_ahab ${D}${bindir}/csf_templates/
+		elif [ "${TRUSTFENCE_SIGN_MODE}" = "HAB" ]; then
+			install -m 0755 sign_hab ${D}${bindir}/csf_templates/
+			install -m 0755 encrypt_hab ${D}${bindir}/csf_templates/
+		else
+			bberror "Unkown TRUSTFENCE_SIGN_MODE value"
+			exit 1
+		fi
 
-	# Select U-Boot sign script depending on U-Boot including an SPL image
-	if [ -n "${SPL_BINARY}" ]; then
-		install -m 0755 git/scripts/sign_spl_fit.sh ${D}${bindir}/trustfence-sign-uboot.sh
-	else
-		install -m 0755 git/scripts/sign.sh ${D}${bindir}/trustfence-sign-uboot.sh
+		install -m 0755 git/scripts/csf_templates/* ${D}${bindir}/csf_templates
+		install -m 0755 trustfence-sign-artifact.sh ${D}${bindir}/
+
+		# Select U-Boot sign script depending on U-Boot including an SPL image
+		if [ -n "${SPL_BINARY}" ]; then
+			install -m 0755 git/scripts/sign_spl_fit.sh ${D}${bindir}/trustfence-sign-uboot.sh
+		else
+			install -m 0755 git/scripts/sign.sh ${D}${bindir}/trustfence-sign-uboot.sh
+		fi
 	fi
 }
 
diff --git a/meta-digi-dey/classes/trustfence.bbclass b/meta-digi-dey/classes/trustfence.bbclass
index 0e430cf94..df8f0d68b 100644
--- a/meta-digi-dey/classes/trustfence.bbclass
+++ b/meta-digi-dey/classes/trustfence.bbclass
@@ -22,7 +22,9 @@ TRUSTFENCE_CONSOLE_DISABLE ?= "0"
 TRUSTFENCE_SIGN ?= "1"
 TRUSTFENCE_SIGN_KEYS_PATH ?= "default"
 TRUSTFENCE_DEK_PATH ?= "default"
+TRUSTFENCE_DEK_PATH:ccmp1 ?= "0"
 TRUSTFENCE_ENCRYPT_ENVIRONMENT ?= "1"
+TRUSTFENCE_ENCRYPT_ENVIRONMENT:ccmp1 ?= "0"
 TRUSTFENCE_SRK_REVOKE_MASK ?= "0x0"
 
 # Partition encryption configuration
@@ -52,8 +54,9 @@ python () {
     if (d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") == "default"):
         d.setVar("TRUSTFENCE_SIGN_KEYS_PATH", d.getVar("TOPDIR") + "/trustfence");
 
-    if (d.getVar("TRUSTFENCE_DEK_PATH") == "default"):
-        d.setVar("TRUSTFENCE_DEK_PATH", d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") + "/dek.bin");
+    if (d.getVar("DEY_SOC_VENDOR") == "NXP"):
+        if (d.getVar("TRUSTFENCE_DEK_PATH") == "default"):
+            d.setVar("TRUSTFENCE_DEK_PATH", d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") + "/dek.bin");
 
     if (d.getVar("TRUSTFENCE_SIGN") == "1"):
         d.appendVar("UBOOT_TF_CONF", "CONFIG_SIGN_IMAGE=y CONFIG_AUTH_ARTIFACTS=y ")
@@ -65,12 +68,14 @@ python () {
             d.appendVar("UBOOT_TF_CONF", "CONFIG_UNLOCK_SRK_REVOKE=y ")
         if d.getVar("TRUSTFENCE_KEY_INDEX"):
             d.appendVar("UBOOT_TF_CONF", "CONFIG_KEY_INDEX=%s " % d.getVar("TRUSTFENCE_KEY_INDEX"))
-        if (d.getVar("TRUSTFENCE_DEK_PATH") not in [None, "0"]):
-            d.appendVar("UBOOT_TF_CONF", 'CONFIG_DEK_PATH="%s" ' % d.getVar("TRUSTFENCE_DEK_PATH"))
-        if d.getVar("TRUSTFENCE_SIGN_MODE"):
-            d.appendVar("UBOOT_TF_CONF", 'CONFIG_SIGN_MODE="%s" ' % d.getVar("TRUSTFENCE_SIGN_MODE"))
+        if (d.getVar("DEY_SOC_VENDOR") == "NXP"):
+            if (d.getVar("TRUSTFENCE_DEK_PATH") not in [None, "0"]):
+                d.appendVar("UBOOT_TF_CONF", 'CONFIG_DEK_PATH="%s" ' % d.getVar("TRUSTFENCE_DEK_PATH"))
+            if d.getVar("TRUSTFENCE_SIGN_MODE"):
+                d.appendVar("UBOOT_TF_CONF", 'CONFIG_SIGN_MODE="%s" ' % d.getVar("TRUSTFENCE_SIGN_MODE"))
     if (d.getVar("TRUSTFENCE_ENCRYPT_ENVIRONMENT") == "1"):
-        d.appendVar("UBOOT_TF_CONF", "CONFIG_ENV_AES=y CONFIG_ENV_AES_CAAM_KEY=y ")
+        if (d.getVar("DEY_SOC_VENDOR") == "NXP"):
+            d.appendVar("UBOOT_TF_CONF", "CONFIG_ENV_AES=y CONFIG_ENV_AES_CAAM_KEY=y ")
 
     # Provide sane default values for SWUPDATE class in case Trustfence is enabled
     if (d.getVar("TRUSTFENCE_SIGN") == "1"):
@@ -87,12 +92,13 @@ python () {
         key_index_1 = key_index + 1
 
         # Set the private key template, it will be expanded later in 'swu' recipes once keys are generated.
-        if (d.getVar("TRUSTFENCE_SIGN_MODE", "") == "AHAB"):
-            d.setVar("SWUPDATE_PRIVATE_KEY_TEMPLATE", keys_path + "/keys/SRK" + str(key_index_1) + "*key.pem")
-            d.setVar("CONFIG_SIGN_MODE", "AHAB")
-        else:
-            d.setVar("SWUPDATE_PRIVATE_KEY_TEMPLATE", keys_path + "/keys/IMG" + str(key_index_1) + "*key.pem")
-            d.setVar("CONFIG_SIGN_MODE", "HAB")
+        if (d.getVar("DEY_SOC_VENDOR") == "NXP"):
+            if (d.getVar("TRUSTFENCE_SIGN_MODE", "") == "AHAB"):
+                d.setVar("SWUPDATE_PRIVATE_KEY_TEMPLATE", keys_path + "/keys/SRK" + str(key_index_1) + "*key.pem")
+                d.setVar("CONFIG_SIGN_MODE", "AHAB")
+            else:
+                d.setVar("SWUPDATE_PRIVATE_KEY_TEMPLATE", keys_path + "/keys/IMG" + str(key_index_1) + "*key.pem")
+                d.setVar("CONFIG_SIGN_MODE", "HAB")
 
         # Set the key password.
         d.setVar("SWUPDATE_PASSWORD_FILE", keys_path + "/keys/key_pass.txt")
diff --git a/meta-digi-dey/recipes-core/recovery/recovery-initramfs.bb b/meta-digi-dey/recipes-core/recovery/recovery-initramfs.bb
index 7c1a27bcd..e06f09f8c 100644
--- a/meta-digi-dey/recipes-core/recovery/recovery-initramfs.bb
+++ b/meta-digi-dey/recipes-core/recovery/recovery-initramfs.bb
@@ -47,13 +47,15 @@ do_install() {
 		KEY_INDEX_1=$(expr ${KEY_INDEX} + 1)
 
 		# Find the certificate to use.
-		if [ "${TRUSTFENCE_SIGN_MODE}" = "HAB" ]; then
-			CERT_IMG="$(echo ${TRUSTFENCE_SIGN_KEYS_PATH}/crts/IMG${KEY_INDEX_1}*crt.pem)"
-		elif [ "${TRUSTFENCE_SIGN_MODE}" = "AHAB" ]; then
-			CERT_IMG="$(echo ${TRUSTFENCE_SIGN_KEYS_PATH}/crts/SRK${KEY_INDEX_1}*_ca_crt.pem)"
-		else
-			bberror "Unkown TRUSTFENCE_SIGN_MODE value"
-			exit 1
+		if [ "${DEY_SOC_VENDOR}" = "NXP" ]; then
+			if [ "${TRUSTFENCE_SIGN_MODE}" = "HAB" ]; then
+				CERT_IMG="$(echo ${TRUSTFENCE_SIGN_KEYS_PATH}/crts/IMG${KEY_INDEX_1}*crt.pem)"
+			elif [ "${TRUSTFENCE_SIGN_MODE}" = "AHAB" ]; then
+				CERT_IMG="$(echo ${TRUSTFENCE_SIGN_KEYS_PATH}/crts/SRK${KEY_INDEX_1}*_ca_crt.pem)"
+			else
+				bberror "Unkown TRUSTFENCE_SIGN_MODE value"
+				exit 1
+			fi
 		fi
 
 		# Extract the public key from the certificate.