BLp:
"<CCES Root Directory>\signtool.exe"-add-sbh-hash-224 or 256 sign -type BLp -prikey "path of auth_key.bin file" -infile "path of input loader stream file to be signed" -outfile "give path, where you want to create BLp Secure Boot Stream ldr"
BLx:
"<CCES Root Directory>\adi_signtool.exe" -add-sbh-hash-224 or 256 sign -type BLx -prikey "path of auth_key.bin file" -enckey "path of encrypt_key.bin file" -infile "path of input loader stream file to be signed" -outfile "give path, where you want to create BLx Secure Boot Stream ldr"
BLw:
"<CCES Root Directory>\adi_signtool.exe" -add-sbh-hash-224 or 256 sign -type BLw -prikey "path of auth_key.bin file" -enckey "path of encrypt_key.bin file" -wrapkey "path of wrapper_key.bin" -infile "path of input loader stream file to be signed" -outfile "give path, where you want to create BLw Secure Boot Stream ldr"
Use -proc switch if you are creating secure loader stream other than ADSP-SC594 because it considers ADSP-SC594 as default.
The ADSP-2159x/SC59x processor families support both the 224-bit and 256-bit ECDSA algorithm for integrity and authenticity protection. By default, the processors use the 224-bit ECDSA algorithm. For 256-bit ECDSA, set the -attribute 0x80000003=256 while signing the loader stream.