diff --git a/CMakeLists.txt b/CMakeLists.txt
index ac48a37c..e6a77a76 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -128,8 +128,6 @@ add_option(
 add_option("DEBUG_UART" "Enable trace debugging over a UART (default: disabled)" "no" "yes;no")
 add_option("BUILD_TEST_APPS" "Build the wolfBoot image and test apps (default: disabled)" "no" "yes;no")
 add_option("BUILD_IMAGE" "Build the wolfBoot image (default: disabled)" "no" "yes;no")
-add_option("PYTHON_KEYTOOLS" "Use wolfCrypt-py for key generation and signing (default: disabled)"
-           "no" "yes;no")
 add_option(
     "PULL_LINKER_DEFINES"
     "Pull partition addresses from the linker script instead of defining fixed addresses in target.h (default: disabled)"
@@ -633,15 +631,9 @@ target_compile_definitions(wolfboothal PRIVATE ${WOLFBOOT_DEFS})
 target_include_directories(wolfboothal PRIVATE ${WOLFBOOT_ROOT} include)
 target_compile_options(wolfboothal PRIVATE ${WOLFBOOT_COMPILE_OPTIONS} ${EXTRA_COMPILE_OPTIONS})
 
-if(PYTHON_KEYTOOLS)
-    message(STATUS "Using Python Keytools")
-    set(SIGN_TOOL ${WOLFBOOT_ROOT}/tools/keytools/sign.py)
-    set(KEYGEN_TOOL ${WOLFBOOT_ROOT}/tools/keytools/keygen.py)
-else()
-    message(STATUS "Using C Keytools")
-    set(SIGN_TOOL ${CMAKE_CURRENT_BINARY_DIR}/sign)
-    set(KEYGEN_TOOL ${CMAKE_CURRENT_BINARY_DIR}/keygen)
-endif()
+message(STATUS "Using C Keytools")
+set(SIGN_TOOL ${CMAKE_CURRENT_BINARY_DIR}/sign)
+set(KEYGEN_TOOL ${CMAKE_CURRENT_BINARY_DIR}/keygen)
 
 list(APPEND WOLFBOOT_INCLUDE_DIRS ${WOLFBOOT_ROOT} ${WOLFBOOT_ROOT}/include)
 
@@ -711,76 +703,75 @@ target_include_directories(target BEFORE INTERFACE ${CMAKE_CURRENT_BINARY_DIR})
 
 set(KEYSTORE ${CMAKE_CURRENT_BINARY_DIR}/keystore.c)
 
-if(NOT PYTHON_KEYTOOLS)
-    list(
-        APPEND
-        KEYTOOL_SOURCES
-        src/delta.c
-        lib/wolfssl/wolfcrypt/src/asn.c
-        lib/wolfssl/wolfcrypt/src/aes.c
-        lib/wolfssl/wolfcrypt/src/ecc.c
-        lib/wolfssl/wolfcrypt/src/coding.c
-        lib/wolfssl/wolfcrypt/src/chacha.c
-        lib/wolfssl/wolfcrypt/src/ed25519.c
-        lib/wolfssl/wolfcrypt/src/ed448.c
-        lib/wolfssl/wolfcrypt/src/fe_operations.c
-        lib/wolfssl/wolfcrypt/src/ge_operations.c
-        lib/wolfssl/wolfcrypt/src/fe_448.c
-        lib/wolfssl/wolfcrypt/src/ge_448.c
-        lib/wolfssl/wolfcrypt/src/hash.c
-        lib/wolfssl/wolfcrypt/src/logging.c
-        lib/wolfssl/wolfcrypt/src/memory.c
-        lib/wolfssl/wolfcrypt/src/random.c
-        lib/wolfssl/wolfcrypt/src/rsa.c
-        lib/wolfssl/wolfcrypt/src/sp_int.c
-        lib/wolfssl/wolfcrypt/src/sp_c32.c
-        lib/wolfssl/wolfcrypt/src/sp_c64.c
-        lib/wolfssl/wolfcrypt/src/sha3.c
-        lib/wolfssl/wolfcrypt/src/sha256.c
-        lib/wolfssl/wolfcrypt/src/sha512.c
-        lib/wolfssl/wolfcrypt/src/tfm.c
-        lib/wolfssl/wolfcrypt/src/wc_port.c
-        lib/wolfssl/wolfcrypt/src/wolfmath.c)
+list(
+    APPEND
+    KEYTOOL_SOURCES
+    src/delta.c
+    lib/wolfssl/wolfcrypt/src/asn.c
+    lib/wolfssl/wolfcrypt/src/aes.c
+    lib/wolfssl/wolfcrypt/src/ecc.c
+    lib/wolfssl/wolfcrypt/src/coding.c
+    lib/wolfssl/wolfcrypt/src/chacha.c
+    lib/wolfssl/wolfcrypt/src/ed25519.c
+    lib/wolfssl/wolfcrypt/src/ed448.c
+    lib/wolfssl/wolfcrypt/src/fe_operations.c
+    lib/wolfssl/wolfcrypt/src/ge_operations.c
+    lib/wolfssl/wolfcrypt/src/fe_448.c
+    lib/wolfssl/wolfcrypt/src/ge_448.c
+    lib/wolfssl/wolfcrypt/src/hash.c
+    lib/wolfssl/wolfcrypt/src/logging.c
+    lib/wolfssl/wolfcrypt/src/memory.c
+    lib/wolfssl/wolfcrypt/src/random.c
+    lib/wolfssl/wolfcrypt/src/rsa.c
+    lib/wolfssl/wolfcrypt/src/sp_int.c
+    lib/wolfssl/wolfcrypt/src/sp_c32.c
+    lib/wolfssl/wolfcrypt/src/sp_c64.c
+    lib/wolfssl/wolfcrypt/src/sha3.c
+    lib/wolfssl/wolfcrypt/src/sha256.c
+    lib/wolfssl/wolfcrypt/src/sha512.c
+    lib/wolfssl/wolfcrypt/src/tfm.c
+    lib/wolfssl/wolfcrypt/src/wc_port.c
+    lib/wolfssl/wolfcrypt/src/wolfmath.c
+    lib/wolfssl/wolfcrypt/src/dilithium.c
+    lib/wolfssl/wolfcrypt/src/wc_lms.c
+    lib/wolfssl/wolfcrypt/src/wc_lms_impl.c
+    lib/wolfssl/wolfcrypt/src/wc_xmss.c
+    lib/wolfssl/wolfcrypt/src/wc_xmss_impl.c
+)
 
-    list(
-        APPEND
-        KEYTOOL_FLAGS
-        -Wall
-        -Wextra
-        -Werror
-        -Itools/keytools
-        -DWOLFSSL_USER_SETTINGS
-        -Ilib/wolfssl/
-        -Iinclude
-        -I${CMAKE_CURRENT_BINARY_DIR}
-        -DWOLFBOOT_KEYTOOLS
-        -O2
-        -DIMAGE_HEADER_SIZE=${IMAGE_HEADER_SIZE}
-        -DDELTA_UPDATES)
+list(
+    APPEND
+    KEYTOOL_FLAGS
+    -Wall
+    -Wextra
+    -Werror
+    -Itools/keytools
+    -DWOLFSSL_USER_SETTINGS
+    -Ilib/wolfssl/
+    -Iinclude
+    -I${CMAKE_CURRENT_BINARY_DIR}
+    -O2
+    -DIMAGE_HEADER_SIZE=${IMAGE_HEADER_SIZE}
+    -DDELTA_UPDATES)
 
-    add_custom_command(
-        OUTPUT ${SIGN_TOOL}
-        COMMAND gcc -o ${CMAKE_CURRENT_BINARY_DIR}/sign tools/keytools/sign.c ${KEYTOOL_SOURCES}
-                ${KEYTOOL_FLAGS}
-        WORKING_DIRECTORY ${WOLFBOOT_ROOT}
-        COMMENT "Building signing tool")
+add_custom_command(
+    OUTPUT ${SIGN_TOOL}
+    COMMAND gcc -o ${CMAKE_CURRENT_BINARY_DIR}/sign tools/keytools/sign.c ${KEYTOOL_SOURCES}
+            ${KEYTOOL_FLAGS}
+    WORKING_DIRECTORY ${WOLFBOOT_ROOT}
+    COMMENT "Building signing tool")
 
-    add_custom_command(
-        OUTPUT ${KEYGEN_TOOL}
-        COMMAND gcc -o ${CMAKE_CURRENT_BINARY_DIR}/keygen tools/keytools/keygen.c ${KEYTOOL_SOURCES}
-                ${KEYTOOL_FLAGS}
-        WORKING_DIRECTORY ${WOLFBOOT_ROOT}
-        COMMENT "Building keygen tool")
+add_custom_command(
+    OUTPUT ${KEYGEN_TOOL}
+    COMMAND gcc -o ${CMAKE_CURRENT_BINARY_DIR}/keygen tools/keytools/keygen.c ${KEYTOOL_SOURCES}
+            ${KEYTOOL_FLAGS}
+    WORKING_DIRECTORY ${WOLFBOOT_ROOT}
+    COMMENT "Building keygen tool")
 
-    add_custom_target(keytools ALL DEPENDS ${SIGN_TOOL} ${KEYGEN_TOOL})
-endif()
+add_custom_target(keytools ALL DEPENDS ${SIGN_TOOL} ${KEYGEN_TOOL})
 
 if(NOT SIGN STREQUAL "NONE")
-    if(PYTHON_KEYTOOLS)
-        add_custom_target(keystore DEPENDS ${KEYSTORE})
-    else()
-        add_custom_target(keystore DEPENDS ${SIGN_TOOL} ${KEYGEN_TOOL} ${KEYSTORE})
-    endif()
+    add_custom_target(keystore DEPENDS ${SIGN_TOOL} ${KEYGEN_TOOL} ${KEYSTORE})
 
     # generate keystore if it does not already exist
     if(NOT EXISTS ${KEYSTORE})
@@ -791,12 +782,10 @@ if(NOT SIGN STREQUAL "NONE")
             WORKING_DIRECTORY ${WOLFBOOT_ROOT}
             COMMENT "Generating keystore.c and signing private key")
 
-        if(NOT PYTHON_KEYTOOLS)
-            add_custom_command(
-                OUTPUT ${KEYSTORE} ${WOLFBOOT_SIGNING_PRIVATE_KEY}
-                DEPENDS ${KEYGEN_TOOL}
-                APPEND)
-        endif()
+        add_custom_command(
+            OUTPUT ${KEYSTORE} ${WOLFBOOT_SIGNING_PRIVATE_KEY}
+            DEPENDS ${KEYGEN_TOOL}
+            APPEND)
     endif()
 
     add_library(public_key)
diff --git a/test-app/CMakeLists.txt b/test-app/CMakeLists.txt
index 97e9e27c..7bc50532 100644
--- a/test-app/CMakeLists.txt
+++ b/test-app/CMakeLists.txt
@@ -120,7 +120,7 @@ if(BUILD_TEST_APPS)
     target_compile_definitions(image PRIVATE TARGET_${WOLFBOOT_TARGET}
                                                 ${TEST_APP_COMPILE_DEFINITIONS} ${WOLFBOOT_DEFS})
 
-    target_compile_options(image PRIVATE -Wall -Wstack-usage=1024 -ffreestanding -Wno-unused
+    target_compile_options(image PRIVATE -Wall -Wstack-usage=1024 -ffreestanding -Wno-unused -nostartfiles -fomit-frame-pointer
                                             -nostartfiles)
 
     if(WOLFBOOT_TARGET STREQUAL "sim")
diff --git a/tools/keytools/user_settings.h b/tools/keytools/user_settings.h
index b057df67..10e47823 100644
--- a/tools/keytools/user_settings.h
+++ b/tools/keytools/user_settings.h
@@ -29,9 +29,7 @@
 #include <stdint.h>
 
 /* System */
-#ifndef WOLFBOOT_KEYTOOLS
-    #define WOLFBOOT_KEYTOOLS
-#endif
+#define WOLFBOOT_KEYTOOLS
 #define SINGLE_THREADED
 #define WOLFCRYPT_ONLY