diff --git a/meta-digi-arm/classes/image_types_digi.bbclass b/meta-digi-arm/classes/image_types_digi.bbclass
index 6989cbe2a..e5d4bc81a 100644
--- a/meta-digi-arm/classes/image_types_digi.bbclass
+++ b/meta-digi-arm/classes/image_types_digi.bbclass
@@ -207,7 +207,14 @@ trustence_sign_cpio() {
 		[ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}"
 
 		# Sign/encrypt the ramdisk
-		trustfence-sign-artifact.sh -p "${DIGI_SOM}" -i "${1}" "${1}.tf"
+		if [ "${DEY_SOC_VENDOR}" = "NXP" ]; then
+			trustfence-sign-artifact.sh -p "${DIGI_SOM}" -i "${1}" "${1}.tf"
+		elif [ "${DEY_SOC_VENDOR}" = "STM" ]; then
+			# TODO: sign the ramdisk for ST platforms
+
+			# (fall-back) Copy the image with no changes
+			cp "${1}" "${1}.tf"
+		fi
 	else
 		# Copy the image with no changes
 		cp "${1}" "${1}.tf"
diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey.inc b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey.inc
index e5b9d36f2..6970a6a3a 100644
--- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey.inc
+++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-dey.inc
@@ -99,8 +99,8 @@ build_uboot_scripts() {
 	# Alternate boot script for dualboot
 	mkimage -T script -n "Alternate bootscript" -C none -d ${WORKDIR}/altboot.txt ${DEPLOYDIR}/altboot.scr
 
-	# Sign the scripts
-	if [ "${TRUSTFENCE_SIGN}" = "1" ]; then
+	# Sign the scripts (TODO signing of artifacts for STM-based platforms)
+	if [ [ "${TRUSTFENCE_SIGN}" = "1" ] && [ "${DEY_SOC_VENDOR}" != "STM" ] ]; then
 		export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}"
 		[ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"
 		[ -n "${TRUSTFENCE_DEK_PATH}" ] && [ "${TRUSTFENCE_DEK_PATH}" != "0" ] && export CONFIG_DEK_PATH="${TRUSTFENCE_DEK_PATH}"
diff --git a/meta-digi-arm/recipes-kernel/linux/linux-trustfence.inc b/meta-digi-arm/recipes-kernel/linux/linux-trustfence.inc
index 0d4551eef..690e2cdf2 100644
--- a/meta-digi-arm/recipes-kernel/linux/linux-trustfence.inc
+++ b/meta-digi-arm/recipes-kernel/linux/linux-trustfence.inc
@@ -5,6 +5,9 @@ DEPENDS += "${@oe.utils.conditional('TRUSTFENCE_SIGN', '1', 'trustfence-sign-too
 do_deploy[postfuncs] += "${@oe.utils.conditional('TRUSTFENCE_SIGN', '1', 'trustfence_sign', '', d)}"
 
 trustfence_sign() {
+	# TODO: signing of artifacts for STM-based platforms
+	[ "${DEY_SOC_VENDOR}" = "STM" ] && return
+
 	# Set environment variables for trustfence configuration
 	export CONFIG_SIGN_KEYS_PATH="${TRUSTFENCE_SIGN_KEYS_PATH}"
 	[ -n "${TRUSTFENCE_KEY_INDEX}" ] && export CONFIG_KEY_INDEX="${TRUSTFENCE_KEY_INDEX}"
diff --git a/meta-digi-dey/classes/trustfence.bbclass b/meta-digi-dey/classes/trustfence.bbclass
index b7b7c6a9d..b1a06c9ec 100644
--- a/meta-digi-dey/classes/trustfence.bbclass
+++ b/meta-digi-dey/classes/trustfence.bbclass
@@ -70,7 +70,7 @@ python () {
                 d.setVar("FIP_SIGN_KEY", d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") + "/keys/privateKey0%s.pem" % d.getVar("TRUSTFENCE_KEY_INDEX"));
             d.setVar("TRUSTFENCE_PASSWORD_FILE", d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") + "/keys/key_pass.txt")
 
-        d.appendVar("UBOOT_TF_CONF", "CONFIG_SIGN_IMAGE=y CONFIG_AUTH_ARTIFACTS=y ")
+        d.appendVar("UBOOT_TF_CONF", "CONFIG_SIGN_IMAGE=y ")
         if (d.getVar("TRUSTFENCE_READ_ONLY_ROOTFS") == "1"):
             d.appendVar("UBOOT_TF_CONF", "CONFIG_AUTHENTICATE_SQUASHFS_ROOTFS=y ")
         if d.getVar("TRUSTFENCE_SIGN_KEYS_PATH"):
@@ -80,6 +80,7 @@ python () {
         if d.getVar("TRUSTFENCE_KEY_INDEX"):
             d.appendVar("UBOOT_TF_CONF", "CONFIG_KEY_INDEX=%s " % d.getVar("TRUSTFENCE_KEY_INDEX"))
         if (d.getVar("DEY_SOC_VENDOR") == "NXP"):
+            d.appendVar("UBOOT_TF_CONF", "CONFIG_AUTH_ARTIFACTS=y ")
             if (d.getVar("TRUSTFENCE_DEK_PATH") not in [None, "0"]):
                 d.appendVar("UBOOT_TF_CONF", 'CONFIG_DEK_PATH="%s" ' % d.getVar("TRUSTFENCE_DEK_PATH"))
             if d.getVar("TRUSTFENCE_SIGN_MODE"):