diff --git a/meta-digi-arm/classes/image_types_digi.bbclass b/meta-digi-arm/classes/image_types_digi.bbclass
index ca0c6f60a..5cabc03cd 100644
--- a/meta-digi-arm/classes/image_types_digi.bbclass
+++ b/meta-digi-arm/classes/image_types_digi.bbclass
@@ -200,21 +200,13 @@ trustence_sign_cpio() {
 	# Image generation code for image type 'cpio.gz.u-boot.tf'
 	# (signed/encrypted ramdisk)
 	#
-	if [ "${TRUSTFENCE_SIGN}" = "1" ]; then
+	if [ "${TRUSTFENCE_SIGN_ARTIFACTS}" = "1" ]; then
 		# Set environment variables for trustfence configuration
 		export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}"
 		[ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"
 		[ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}"
-
 		# Sign/encrypt the ramdisk
-		if [ "${DEY_SOC_VENDOR}" = "NXP" ]; then
-			trustfence-sign-artifact.sh -p "${DIGI_SOM}" -i "${1}" "${1}.tf"
-		elif [ "${DEY_SOC_VENDOR}" = "STM" ]; then
-			# TODO: sign the ramdisk for ST platforms
-
-			# (fall-back) Copy the image with no changes
-			cp "${1}" "${1}.tf"
-		fi
+		trustfence-sign-artifact.sh -p "${DIGI_SOM}" -i "${1}" "${1}.tf"
 	else
 		# Copy the image with no changes
 		cp "${1}" "${1}.tf"
@@ -228,22 +220,18 @@ IMAGE_TYPES += "cpio.gz.u-boot.tf"
 #
 # Sign read-only rootfs
 #
-do_image_squashfs[postfuncs] += "${@oe.utils.conditional('TRUSTFENCE_SIGN', '1', 'rootfs_sign', '', d)}"
-
+do_image_squashfs[postfuncs] += "${@oe.utils.vartrue('TRUSTFENCE_SIGN_ARTIFACTS', 'rootfs_sign', '', d)}"
 rootfs_sign() {
 	# Set environment variables for trustfence configuration
 	export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}"
 	[ -n "${CONFIG_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"
 
-	if [ "${DEY_SOC_VENDOR}" = "NXP" ]; then
-		ROOTFS_IMAGE="${IMGDEPLOYDIR}/${IMAGE_NAME}.rootfs.squashfs"
-		TMP_ROOTFS_IMAGE_SIGNED="$(mktemp ${ROOTFS_IMAGE}-signed.XXXXXX)"
-		# Sign rootfs read-only image
-		trustfence-sign-artifact.sh -p "${DIGI_SOM}" -r "${ROOTFS_IMAGE}" "${TMP_ROOTFS_IMAGE_SIGNED}"
-		mv "${TMP_ROOTFS_IMAGE_SIGNED}" "${ROOTFS_IMAGE}"
-	fi
+	ROOTFS_IMAGE="${IMGDEPLOYDIR}/${IMAGE_NAME}.rootfs.squashfs"
+	TMP_ROOTFS_IMAGE_SIGNED="$(mktemp ${ROOTFS_IMAGE}-signed.XXXXXX)"
+	# Sign rootfs read-only image
+	trustfence-sign-artifact.sh -p "${DIGI_SOM}" -r "${ROOTFS_IMAGE}" "${TMP_ROOTFS_IMAGE_SIGNED}"
+	mv "${TMP_ROOTFS_IMAGE_SIGNED}" "${ROOTFS_IMAGE}"
 }
-
 rootfs_sign[dirs] = "${DEPLOY_DIR_IMAGE}"
 
 do_image_squashfs[vardeps] += "TRUSTFENCE_SIGN_KEYS_PATH TRUSTFENCE_KEY_INDEX"
diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey.inc b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey.inc
index 894da6074..81c1418ba 100644
--- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey.inc
+++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey.inc
@@ -95,8 +95,8 @@ build_uboot_scripts() {
 	mkimage -T script -n bootscript -C none -d ${TMP_BOOTSCR} ${DEPLOYDIR}/boot.scr
 	rm -f ${TMP_BOOTSCR}
 
-	# Sign the scripts (TODO signing of artifacts for STM-based platforms)
-	if [ "${TRUSTFENCE_SIGN}" = "1" ] && [ "${DEY_SOC_VENDOR}" != "STM" ]; then
+	# Sign the boot script
+	if [ "${TRUSTFENCE_SIGN_ARTIFACTS}" = "1" ]; then
 		export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}"
 		[ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"
 		[ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}"
diff --git a/meta-digi-arm/recipes-kernel/linux/linux-trustfence.inc b/meta-digi-arm/recipes-kernel/linux/linux-trustfence.inc
index 690e2cdf2..6d2b06ee3 100644
--- a/meta-digi-arm/recipes-kernel/linux/linux-trustfence.inc
+++ b/meta-digi-arm/recipes-kernel/linux/linux-trustfence.inc
@@ -1,13 +1,9 @@
-# Copyright (C) 2022 Digi International
+# Copyright (C) 2022-2023 Digi International
 
-DEPENDS += "${@oe.utils.conditional('TRUSTFENCE_SIGN', '1', 'trustfence-sign-tools-native', '', d)}"
-
-do_deploy[postfuncs] += "${@oe.utils.conditional('TRUSTFENCE_SIGN', '1', 'trustfence_sign', '', d)}"
+DEPENDS += "${@oe.utils.vartrue('TRUSTFENCE_SIGN_ARTIFACTS', 'trustfence-sign-tools-native', '', d)}"
 
+do_deploy[postfuncs] += "${@oe.utils.vartrue('TRUSTFENCE_SIGN_ARTIFACTS', 'trustfence_sign', '', d)}"
 trustfence_sign() {
-	# TODO: signing of artifacts for STM-based platforms
-	[ "${DEY_SOC_VENDOR}" = "STM" ] && return
-
 	# Set environment variables for trustfence configuration
 	export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}"
 	[ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"
diff --git a/meta-digi-dey/classes/trustfence.bbclass b/meta-digi-dey/classes/trustfence.bbclass
index 35597ecd8..19f86bd2f 100644
--- a/meta-digi-dey/classes/trustfence.bbclass
+++ b/meta-digi-dey/classes/trustfence.bbclass
@@ -34,6 +34,15 @@ TRUSTFENCE_ENCRYPT_ROOTFS ?= "${@bb.utils.contains("IMAGE_FEATURES", "read-only-
 # Read-only rootfs
 TRUSTFENCE_READ_ONLY_ROOTFS ?= "${@bb.utils.contains("IMAGE_FEATURES", "read-only-rootfs", "1", "0", d)}"
 
+#
+# NOTHING TO CUSTOMIZE BELOW THIS LINE
+#
+
+# TrustFence sign artifacts is not supported on all platforms
+TRUSTFENCE_SIGN_ARTIFACTS = "1"
+TRUSTFENCE_SIGN_ARTIFACTS:ccmp1 = "0"
+TRUSTFENCE_SIGN_ARTIFACTS:ccimx93 = "0"
+
 IMAGE_FEATURES += "dey-trustfence"
 
 # Function to generate a PKI tree (with lock dir protection)
@@ -155,6 +164,8 @@ python () {
             d.setVar("TRUSTFENCE_PASSWORD_FILE", d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") + "/keys/key_pass.txt")
 
         d.appendVar("UBOOT_TF_CONF", "CONFIG_SIGN_IMAGE=y ")
+        if (d.getVar("TRUSTFENCE_SIGN_ARTIFACTS") == "1"):
+            d.appendVar("UBOOT_TF_CONF", "CONFIG_AUTH_ARTIFACTS=y ")
         if (d.getVar("TRUSTFENCE_READ_ONLY_ROOTFS") == "1"):
             d.appendVar("UBOOT_TF_CONF", "CONFIG_AUTHENTICATE_SQUASHFS_ROOTFS=y ")
         if d.getVar("TRUSTFENCE_SIGN_KEYS_PATH"):
@@ -164,11 +175,14 @@ python () {
         if d.getVar("TRUSTFENCE_KEY_INDEX"):
             d.appendVar("UBOOT_TF_CONF", "CONFIG_KEY_INDEX=%s " % d.getVar("TRUSTFENCE_KEY_INDEX"))
         if (d.getVar("DEY_SOC_VENDOR") == "NXP"):
-            d.appendVar("UBOOT_TF_CONF", "CONFIG_AUTH_ARTIFACTS=y ")
             if (d.getVar("TRUSTFENCE_DEK_PATH") not in [None, "0"]):
                 d.appendVar("UBOOT_TF_CONF", 'CONFIG_DEK_PATH="%s" ' % d.getVar("TRUSTFENCE_DEK_PATH"))
             if d.getVar("TRUSTFENCE_SIGN_MODE"):
                 d.appendVar("UBOOT_TF_CONF", 'CONFIG_SIGN_MODE="%s" ' % d.getVar("TRUSTFENCE_SIGN_MODE"))
+    else:
+        # Disable signing artifacts if TRUSTFENCE_SIGN != 1
+        d.setVar("TRUSTFENCE_SIGN_ARTIFACTS", "0")
+
     if (d.getVar("TRUSTFENCE_ENCRYPT_ENVIRONMENT") == "1"):
         if (d.getVar("DEY_SOC_VENDOR") == "NXP"):
             d.appendVar("UBOOT_TF_CONF", "CONFIG_ENV_AES=y CONFIG_ENV_AES_CAAM_KEY=y ")