diff --git a/meta-digi-arm/recipes-core/packagegroup/nativesdk-packagegroup-sdk-host.bbappend b/meta-digi-arm/recipes-core/packagegroup/nativesdk-packagegroup-sdk-host.bbappend
new file mode 100644
index 000000000..febf7cc7a
--- /dev/null
+++ b/meta-digi-arm/recipes-core/packagegroup/nativesdk-packagegroup-sdk-host.bbappend
@@ -0,0 +1,5 @@
+# Copyright (C) 2016 Digi International.
+
+RDEPENDS_${PN} += " \
+    nativesdk-trustfence-sign-tools \
+"
diff --git a/meta-digi-arm/scripts/templates/encrypt_uimage b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/encrypt_uimage
similarity index 100%
rename from meta-digi-arm/scripts/templates/encrypt_uimage
rename to meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/encrypt_uimage
diff --git a/meta-digi-arm/scripts/templates/sign_uimage b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/sign_uimage
similarity index 100%
rename from meta-digi-arm/scripts/templates/sign_uimage
rename to meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/sign_uimage
diff --git a/meta-digi-arm/scripts/trustfence-sign-uimage.sh b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh
similarity index 98%
rename from meta-digi-arm/scripts/trustfence-sign-uimage.sh
rename to meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh
index c7832afc3..380cebaea 100755
--- a/meta-digi-arm/scripts/trustfence-sign-uimage.sh
+++ b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools/trustfence-sign-kernel.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 #===============================================================================
 #
 #  trustfence_sign_uimage.sh
@@ -144,7 +144,7 @@ if [ "${ENCRYPT}" = "true" ]; then
 	    -e "s,%r2_uimage_offset%,${r2_uimage_offset},g"		    \
 	    -e "s,%r2_ram_start%,${r2_ram_start},g"			    \
 	    -e "s,%r2_size%,${r2_size},g"				    \
-	"${SCRIPT_BASEDIR}/templates/encrypt_uimage" > csf_descriptor
+	"${SCRIPT_BASEDIR}/csf_templates/encrypt_uimage" > csf_descriptor
 else
 	sed -e "s,%ram_start%,${CONFIG_UIMAGE_LOADADDR},g" \
 	    -e "s,%srk_table%,${SRK_TABLE},g"		   \
@@ -154,7 +154,7 @@ else
 	    -e "s,%cert_img%,${CERT_IMG},g"		   \
 	    -e "s,%uimage_path%,${TARGET},g"		   \
 	    -e "s,%key_index%,${CONFIG_KEY_INDEX},g"	   \
-	"${SCRIPT_BASEDIR}/templates/sign_uimage" > csf_descriptor
+	"${SCRIPT_BASEDIR}/csf_templates/sign_uimage" > csf_descriptor
 fi
 
 # Generate SRK tables
diff --git a/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools_1.0.bb b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools_1.0.bb
new file mode 100644
index 000000000..98f8a7a01
--- /dev/null
+++ b/meta-digi-arm/recipes-digi/trustfence/trustfence-sign-tools_1.0.bb
@@ -0,0 +1,35 @@
+SUMMARY = "TrustFence signing and encryption scripts"
+LICENSE = "GPL-2.0"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
+
+SRCBRANCH = "v2015.04/master"
+SRCBRANCH_ccimx6ul = "v2015.04/master"
+SRCREV = "${AUTOREV}"
+
+S = "${WORKDIR}"
+
+# Select internal or Github U-Boot repo
+UBOOT_GIT_URI = "${@base_conditional('DIGI_INTERNAL_GIT', '1' , '${DIGI_GIT}u-boot-denx.git', '${DIGI_GITHUB_GIT}/u-boot.git', d)}"
+
+SRC_URI = " \
+    ${UBOOT_GIT_URI};branch=${SRCBRANCH} \
+    file://trustfence-sign-kernel.sh;name=kernel-script \
+    file://sign_uimage;name=kernel-sign \
+    file://encrypt_uimage;name=kernel-encrypt \
+"
+
+do_configure[noexec] = "1"
+do_compile[noexec] = "1"
+
+do_install() {
+	install -d ${D}${bindir}/csf_templates
+	install -m 0755 trustfence-sign-kernel.sh ${D}${bindir}/
+	install -m 0755 sign_uimage ${D}${bindir}/csf_templates/
+	install -m 0755 encrypt_uimage ${D}${bindir}/csf_templates/
+	install -m 0755 git/scripts/sign.sh ${D}${bindir}/trustfence-sign-uboot.sh
+	install -m 0755 git/scripts/csf_templates/sign_uboot ${D}${bindir}/csf_templates
+	install -m 0755 git/scripts/csf_templates/encrypt_uboot ${D}${bindir}/csf_templates
+}
+
+FILES_${PN} = "${bindir}"
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc
index da30d219e..ec9ebbcb8 100644
--- a/meta-digi-arm/recipes-kernel/linux/linux-dey.inc
+++ b/meta-digi-arm/recipes-kernel/linux/linux-dey.inc
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d7810fab7487fb0aad327b76f1be7cd7"
 
 DEPENDS += "lzop-native bc-native"
 DEPENDS += "${@base_conditional('TRUSTFENCE_SIGN', '1', 'trustfence-cst-native', '', d)}"
+DEPENDS += "${@base_conditional('TRUSTFENCE_SIGN', '1', 'trustfence-sign-tools-native', '', d)}"
 
 inherit kernel fsl-kernel-localversion
 
@@ -38,7 +39,7 @@ do_deploy_append() {
 		export CONFIG_UIMAGE_LOADADDR="${UBOOT_CONFIG_LOADADDR}"
 		[ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"
 		[ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}"
-		"${THISDIR}/../../scripts/trustfence-sign-uimage.sh" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}.bin" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}-signed.bin"
+		"${STAGING_BINDIR_NATIVE}/trustfence-sign-kernel.sh" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}.bin" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}-signed.bin"
 		mv "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}-signed.bin" "${DEPLOYDIR}/${KERNEL_IMAGE_BASE_NAME}.bin"
 	fi
 	(cd ${DEPLOYDIR} && ln -sf ${KERNEL_IMAGE_BASE_NAME}.bin ${KERNEL_IMAGE_SYMLINK_NAME})