diff --git a/meta-arm/classes/tfm_sign_image.bbclass b/meta-arm/classes/tfm_sign_image.bbclass
index 44ef3318..3b662e66 100644
--- a/meta-arm/classes/tfm_sign_image.bbclass
+++ b/meta-arm/classes/tfm_sign_image.bbclass
@@ -40,7 +40,6 @@ export OPENSSL_MODULES = "${STAGING_LIBDIR_NATIVE}/ossl-modules"
 TFM_IMAGE_SIGN_ARGS ?= "\
     -v ${RE_LAYOUT_WRAPPER_VERSION} \
     --layout "${TFM_IMAGE_SIGN_DIR}/${host_binary_layout}" \
-    -k  "${RECIPE_SYSROOT_NATIVE}/${TFM_SIGN_PRIVATE_KEY}" \
     --public-key-format full \
     --align 1 \
     --pad \
@@ -63,12 +62,15 @@ TFM_IMAGE_SIGN_ARGS ?= "\
 # $1 ... path of binary to sign
 # $2 ... load address of the given binary
 # $3 ... signed binary size
+# $4 ... signing private key's path
 #
 # Note: The signed binary is copied to ${TFM_IMAGE_SIGN_DIR}
 #
 sign_host_image() {
     host_binary_filename="$(basename -s .bin "${1}")"
     host_binary_layout="${host_binary_filename}_ns"
+    # If no key was passed then use the ${RECIPE_SYSROOT_NATIVE}/${TFM_SIGN_PRIVATE_KEY}
+    signing_key_path="${4:-${RECIPE_SYSROOT_NATIVE}/${TFM_SIGN_PRIVATE_KEY}}"
 
     cat << EOF > ${TFM_IMAGE_SIGN_DIR}/${host_binary_layout}
 enum image_attributes {
@@ -81,6 +83,7 @@ EOF
 
     ${PYTHON} "${STAGING_LIBDIR_NATIVE}/tfm-scripts/wrapper/wrapper.py" \
             ${TFM_IMAGE_SIGN_ARGS} \
+            -k  "${signing_key_path}" \
             "${1}" \
             "${host_binary_signed}"
 }