diff --git a/stage1/x86_fsp.mk b/stage1/x86_fsp.mk
index ea48facb9..bfe1f88e0 100644
--- a/stage1/x86_fsp.mk
+++ b/stage1/x86_fsp.mk
@@ -34,21 +34,15 @@ wolfboot_raw.bin: ../wolfboot.elf
 wolfboot_raw.o: wolfboot_raw.bin
 	$(OBJCOPY) -I binary -O elf32-i386 -B i386 --rename-section .data=.wolfboot $^ $@
 
-sig_fsp_m.o: fsp_m.o $(SIGN_KEY) ../$(FSP_M_BIN)
-	$(SIGN_TOOL) $(SIGN_OPTIONS) ../$(FSP_M_BIN) $(SIGN_KEY) 1
-	@dd if=$(X86FSP_PATH)/fsp_m_v1_signed.bin of=$(X86FSP_PATH)/fsp_m_signature.bin bs=256 count=1
-	$(OBJCOPY) -I binary -O elf32-i386 -B i386 --rename-section .data=.sig_fsp_m $(X86FSP_PATH)/fsp_m_signature.bin sig_fsp_m.o
-	@rm -f $(X86FSP_PATH)/fsp_m_v1_signed.bin $(X86FSP_PATH)/fsp_m_signature.bin
-
 sig_fsp_s.o: fsp_s.o $(SIGN_KEY) ../$(FSP_S_BIN)
 	$(SIGN_TOOL) $(SIGN_OPTIONS) ../$(FSP_S_BIN) $(SIGN_KEY) 1
-	@dd if=$(X86FSP_PATH)/fsp_s_v1_signed.bin of=$(X86FSP_PATH)/fsp_s_signature.bin bs=256 count=1
+	@dd if=$(X86FSP_PATH)/fsp_s_v1_signed.bin of=$(X86FSP_PATH)/fsp_s_signature.bin bs=$(IMAGE_HEADER_SIZE) count=1
 	$(OBJCOPY) -I binary -O elf32-i386 -B i386 --rename-section .data=.sig_fsp_s $(X86FSP_PATH)/fsp_s_signature.bin sig_fsp_s.o
 	@rm -f $(X86FSP_PATH)/fsp_s_v1_signed.bin $(X86FSP_PATH)/fsp_s_signature.bin
 
 sig_wolfboot_raw.o: wolfboot_raw.bin $(SIGN_KEY)
 	$(SIGN_TOOL) $(SIGN_OPTIONS) wolfboot_raw.bin $(SIGN_KEY) 1
-	@dd if=wolfboot_raw_v1_signed.bin of=wolfboot_raw_signature.bin bs=256 count=1
+	@dd if=wolfboot_raw_v1_signed.bin of=wolfboot_raw_signature.bin bs=$(IMAGE_HEADER_SIZE) count=1
 	$(OBJCOPY) -I binary -O elf32-i386 -B i386 --rename-section .data=.sig_wolfboot_raw wolfboot_raw_signature.bin sig_wolfboot_raw.o
 
 
diff --git a/tools/keytools/sign.c b/tools/keytools/sign.c
index db65a7756..a104209e9 100644
--- a/tools/keytools/sign.c
+++ b/tools/keytools/sign.c
@@ -686,6 +686,13 @@ static uint8_t *load_key(uint8_t **key_buffer, uint32_t *key_buffer_sz,
         goto failure;
     }
 
+    if (CMD.header_sz < IMAGE_HEADER_SIZE) {
+        printf("image header size overridden by config value (%u bytes)\n", IMAGE_HEADER_SIZE);
+        CMD.header_sz = IMAGE_HEADER_SIZE;
+    } else {
+        printf("image header size calculated at runtime (%u bytes)\n", IMAGE_HEADER_SIZE);
+    }
+
 #ifdef DEBUG_SIGNTOOL
     printf("Pubkey %d\n", *pubkey_sz);
     WOLFSSL_BUFFER(*pubkey, *pubkey_sz);
@@ -1799,6 +1806,7 @@ int main(int argc, char** argv)
             ret = base_diff(CMD.delta_base_file, pubkey, pubkey_sz, 16);
     }
 
+
     if (kbuf)
         free(kbuf);
     if (CMD.sign == SIGN_ED25519) {