diff --git a/rules/signing.bzl b/rules/signing.bzl
index fc4201ef0da092..752f82061d2459 100644
--- a/rules/signing.bzl
+++ b/rules/signing.bzl
@@ -188,8 +188,24 @@ def _presigning_artifacts(ctx, opentitantool, src, manifest, ecdsa_key, rsa_key,
 
     spx_args = []
     if spx_key:
-        spx_args.append("--spx-key={}".format(spx_key.file.path))
-        inputs.append(spx_key.file)
+        # Check if the provider is KeyInfo or KeySetInfo
+        info = getattr(spx_key, "info", None)
+        selected_spx_key = getattr(spx_key, "file", None)
+        if info:
+            # Provider is KeyInfo; get the key file.
+            if info.private_key:
+                selected_spx_key = spx_key.info.private_key
+            elif info.pub_key:
+                selected_spx_key = spx_key.info.pub_key
+            else:
+                fail("Expected a SPHINCS+ key with a private_key or pub_key attributes.")
+        elif selected_spx_key:
+            # Provider is KeySetInfo; we already have the key file.
+            pass
+        else:
+            fail("Expected either KeyInfo or KeySetInfo; got neither")
+        spx_args.append("--spx-key={}".format(selected_spx_key.path))
+        inputs.append(selected_spx_key)
     ctx.actions.run(
         outputs = [pre],
         inputs = inputs,
diff --git a/sw/device/silicon_creator/lib/ownership/keys/fake/BUILD b/sw/device/silicon_creator/lib/ownership/keys/fake/BUILD
index 02060a68d6b9b4..08f1c0f35bca6a 100644
--- a/sw/device/silicon_creator/lib/ownership/keys/fake/BUILD
+++ b/sw/device/silicon_creator/lib/ownership/keys/fake/BUILD
@@ -2,7 +2,7 @@
 # Licensed under the Apache License, Version 2.0, see LICENSE for details.
 # SPDX-License-Identifier: Apache-2.0
 
-load("//rules/opentitan:keyutils.bzl", "key_ecdsa")
+load("//rules/opentitan:keyutils.bzl", "key_ecdsa", "key_sphincs_plus")
 
 package(default_visibility = ["//visibility:public"])
 
@@ -12,7 +12,9 @@ cc_library(
     hdrs = [
         "activate_ecdsa_p256.h",
         "app_dev_ecdsa_p256.h",
+        "app_dev_spx.h",
         "app_prod_ecdsa_p256.h",
+        "app_prod_spx.h",
         "app_test_ecdsa_p256.h",
         "owner_ecdsa_p256.h",
         "unlock_ecdsa_p256.h",
@@ -87,6 +89,15 @@ key_ecdsa(
     type = "ProdKey",
 )
 
+key_sphincs_plus(
+    name = "app_prod_spx",
+    config = "Sha2128s",
+    method = "local",
+    private_key = "app_prod_spx.pem",
+    pub_key = "app_prod_spx.pub.pem",
+    type = "ProdKey",
+)
+
 key_ecdsa(
     name = "app_dev_ecdsa",
     config = "EcdsaP256",
@@ -96,6 +107,17 @@ key_ecdsa(
     type = "DevKey",
 )
 
+key_sphincs_plus(
+    name = "app_dev_spx",
+    # TODO(cfrantz): Change this to Prehash after putting
+    # the prehash infrastructure in place.
+    config = "Sha2128s",
+    method = "local",
+    private_key = "app_dev_spx.pem",
+    pub_key = "app_dev_spx.pub.pem",
+    type = "DevKey",
+)
+
 key_ecdsa(
     name = "app_test_ecdsa",
     config = "EcdsaP256",
diff --git a/sw/device/silicon_creator/lib/ownership/keys/fake/app_dev_spx.h b/sw/device/silicon_creator/lib/ownership/keys/fake/app_dev_spx.h
new file mode 100644
index 00000000000000..5d4c8eb0a584c7
--- /dev/null
+++ b/sw/device/silicon_creator/lib/ownership/keys/fake/app_dev_spx.h
@@ -0,0 +1,22 @@
+// Copyright lowRISC contributors (OpenTitan project).
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+#ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_DEV_SPX_H_
+#define OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_DEV_SPX_H_
+
+#define APP_DEV_SPX \
+  {                 \
+    .data = {       \
+      2635496609,   \
+      3094453936,   \
+      1095047114,   \
+      875270085,    \
+      1206311292,   \
+      2547787469,   \
+      354526470,    \
+      195185787     \
+    }               \
+  }
+
+#endif  // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_DEV_SPX_H_
diff --git a/sw/device/silicon_creator/lib/ownership/keys/fake/app_dev_spx.pem b/sw/device/silicon_creator/lib/ownership/keys/fake/app_dev_spx.pem
new file mode 100644
index 00000000000000..c25a0de1f5c730
--- /dev/null
+++ b/sw/device/silicon_creator/lib/ownership/keys/fake/app_dev_spx.pem
@@ -0,0 +1,4 @@
+-----BEGIN RAW:SPHINCS+_SHA2_128s_simple PRIVATE KEY-----
+u7uaeZ+G20io4GS4Jov0um6HEHEFjHuQDuYn6l6eLwqhfBadsJ5xuMoXRUHFjys0
+fNnmR80m3JcGpSEVe0yiCw==
+-----END RAW:SPHINCS+_SHA2_128s_simple PRIVATE KEY-----
diff --git a/sw/device/silicon_creator/lib/ownership/keys/fake/app_dev_spx.pub.pem b/sw/device/silicon_creator/lib/ownership/keys/fake/app_dev_spx.pub.pem
new file mode 100644
index 00000000000000..b913e35b7633e9
--- /dev/null
+++ b/sw/device/silicon_creator/lib/ownership/keys/fake/app_dev_spx.pub.pem
@@ -0,0 +1,3 @@
+-----BEGIN RAW:SPHINCS+_SHA2_128s_simple PUBLIC KEY-----
+oXwWnbCecbjKF0VBxY8rNHzZ5kfNJtyXBqUhFXtMogs=
+-----END RAW:SPHINCS+_SHA2_128s_simple PUBLIC KEY-----
diff --git a/sw/device/silicon_creator/lib/ownership/keys/fake/app_prod_spx.h b/sw/device/silicon_creator/lib/ownership/keys/fake/app_prod_spx.h
new file mode 100644
index 00000000000000..e13cc771c05bb8
--- /dev/null
+++ b/sw/device/silicon_creator/lib/ownership/keys/fake/app_prod_spx.h
@@ -0,0 +1,22 @@
+// Copyright lowRISC contributors (OpenTitan project).
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+#ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_PROD_SPX_H_
+#define OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_PROD_SPX_H_
+
+#define APP_PROD_SPX \
+  {                  \
+    .data = {        \
+      342329895,     \
+      2013107991,    \
+      2297648695,    \
+      3306667688,    \
+      2064727507,    \
+      1555686114,    \
+      1109351432,    \
+      3336892138     \
+    }                \
+  }
+
+#endif  // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_PROD_SPX_H_
diff --git a/sw/device/silicon_creator/lib/ownership/keys/fake/app_prod_spx.pem b/sw/device/silicon_creator/lib/ownership/keys/fake/app_prod_spx.pem
new file mode 100644
index 00000000000000..40929863c5daca
--- /dev/null
+++ b/sw/device/silicon_creator/lib/ownership/keys/fake/app_prod_spx.pem
@@ -0,0 +1,4 @@
+-----BEGIN RAW:SPHINCS+_SHA2_128s_simple PRIVATE KEY-----
+1s9ET2uLFvVqk3uY41Pnco52JCezKO/cd8pveYWf4hYnimcUF5f9dzdW84iovhfF
+0z0Re+LiuVwIXB9C6u7kxg==
+-----END RAW:SPHINCS+_SHA2_128s_simple PRIVATE KEY-----
diff --git a/sw/device/silicon_creator/lib/ownership/keys/fake/app_prod_spx.pub.pem b/sw/device/silicon_creator/lib/ownership/keys/fake/app_prod_spx.pub.pem
new file mode 100644
index 00000000000000..82159307861650
--- /dev/null
+++ b/sw/device/silicon_creator/lib/ownership/keys/fake/app_prod_spx.pub.pem
@@ -0,0 +1,3 @@
+-----BEGIN RAW:SPHINCS+_SHA2_128s_simple PUBLIC KEY-----
+J4pnFBeX/Xc3VvOIqL4XxdM9EXvi4rlcCFwfQuru5MY=
+-----END RAW:SPHINCS+_SHA2_128s_simple PUBLIC KEY-----