diff --git a/Makefile b/Makefile
index 7681c0f49a..6319e0ee30 100644
--- a/Makefile
+++ b/Makefile
@@ -429,7 +429,7 @@ nvm-image: $(PRIVATE_KEY) whnvmtool
 	@echo "NVM images generated: $(WH_NVM_BIN) and $(WH_NVM_HEX)"
 endif
 
-test-app/image_v1_signed.bin: $(BOOT_IMG)
+test-app/image_v1_signed.bin: $(BOOT_IMG) keytools_check
 	@echo "\t[SIGN] $(BOOT_IMG)"
 	@echo "\tSECONDARY_SIGN_OPTIONS=$(SECONDARY_SIGN_OPTIONS)"
 	@echo "\tSECONDARY_PRIVATE_KEY=$(SECONDARY_PRIVATE_KEY)"
diff --git a/hal/stm32h5.c b/hal/stm32h5.c
index 064e7a99e7..9345895c7b 100644
--- a/hal/stm32h5.c
+++ b/hal/stm32h5.c
@@ -34,10 +34,14 @@
 #include "otp_keystore.h"
 #endif
 
+#if defined(WOLFCRYPT_TZ_PSA)
 #if defined(WOLFBOOT_HASH_SHA256)
 #include <wolfssl/wolfcrypt/sha256.h>
-#elif defined(WOLFBOOT_HASH_SHA384) || defined(WOLFBOOT_HASH_SHA3_384)
+#elif defined(WOLFBOOT_HASH_SHA384)
 #include <wolfssl/wolfcrypt/sha512.h>
+#elif defined(WOLFBOOT_HASH_SHA3_384)
+#include <wolfssl/wolfcrypt/sha3.h>
+#endif
 #endif
 
 #define PLL_SRC_HSE 1
@@ -177,12 +181,16 @@ __attribute__((weak)) int stm32h5_obkeys_read_uds(uint8_t *out, size_t out_len)
 }
 #endif
 
+#if defined(WOLFCRYPT_TZ_PSA)
 static int uds_from_uid(uint8_t *out, size_t out_len)
 {
     uint8_t uid[12];
 #if defined(WOLFBOOT_HASH_SHA256)
     uint8_t digest[SHA256_DIGEST_SIZE];
     wc_Sha256 hash;
+#elif defined(WOLFBOOT_HASH_SHA3_384)
+    uint8_t digest[SHA3_384_DIGEST_SIZE];
+    wc_Sha3 hash;
 #else
     uint8_t digest[SHA384_DIGEST_SIZE];
     wc_Sha384 hash;
@@ -207,6 +215,11 @@ static int uds_from_uid(uint8_t *out, size_t out_len)
     wc_Sha256Update(&hash, uid, sizeof(uid));
     wc_Sha256Final(&hash, digest);
     copy_len = sizeof(digest);
+#elif defined(WOLFBOOT_HASH_SHA3_384)
+    wc_InitSha3_384(&hash, NULL, INVALID_DEVID);
+    wc_Sha3_384_Update(&hash, uid, sizeof(uid));
+    wc_Sha3_384_Final(&hash, digest);
+    copy_len = sizeof(digest);
 #else
     wc_InitSha384(&hash);
     wc_Sha384Update(&hash, uid, sizeof(uid));
@@ -270,6 +283,7 @@ int hal_uds_derive_key(uint8_t *out, size_t out_len)
     return -1;
 #endif
 }
+#endif /* WOLFCRYPT_TZ_PSA */
 
 int hal_attestation_get_lifecycle(uint32_t *lifecycle)
 {
diff --git a/hal/stm32l5.c b/hal/stm32l5.c
index 0a126faf64..ef01d34eae 100644
--- a/hal/stm32l5.c
+++ b/hal/stm32l5.c
@@ -24,6 +24,7 @@
 #include <image.h>
 #include <string.h>
 
+#if defined(WOLFCRYPT_TZ_PSA)
 #if defined(WOLFBOOT_HASH_SHA256)
 #include <wolfssl/wolfcrypt/sha256.h>
 #elif defined(WOLFBOOT_HASH_SHA384)
@@ -31,6 +32,7 @@
 #elif defined(WOLFBOOT_HASH_SHA3_384)
 #include <wolfssl/wolfcrypt/sha3.h>
 #endif
+#endif
 
 #include "hal.h"
 #include "hal/stm32l5.h"
@@ -117,6 +119,7 @@ int RAMFUNCTION hal_flash_write(uint32_t address, const uint8_t *data, int len)
 #define STM32L5_UID1 (*(volatile uint32_t *)(STM32L5_UID_BASE + 0x4))
 #define STM32L5_UID2 (*(volatile uint32_t *)(STM32L5_UID_BASE + 0x8))
 
+#if defined(WOLFCRYPT_TZ_PSA)
 static int uds_from_uid(uint8_t *out, size_t out_len)
 {
     uint8_t uid[12];
@@ -185,6 +188,7 @@ int hal_uds_derive_key(uint8_t *out, size_t out_len)
     return -1;
 #endif
 }
+#endif /* WOLFCRYPT_TZ_PSA */
 
 int hal_attestation_get_lifecycle(uint32_t *lifecycle)
 {