diff --git a/Makefile b/Makefile
index bd52c0b..249a486 100644
--- a/Makefile
+++ b/Makefile
@@ -1009,7 +1009,7 @@
 
 .PHONY: ${CRTTOOL}
 ${CRTTOOL}:
-	${Q}${MAKE} PLAT=${PLAT} USE_TBBR_DEFS=${USE_TBBR_DEFS} --no-print-directory -C ${CRTTOOLPATH}
+	${Q}${MAKE} PLAT=${PLAT} USE_TBBR_DEFS=${USE_TBBR_DEFS} COT=${COT} --no-print-directory -C ${CRTTOOLPATH}
 	@${ECHO_BLANK_LINE}
 	@echo "Built $@ successfully"
 	@${ECHO_BLANK_LINE}
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index fc45455..f4e8cbe 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -128,6 +128,9 @@
    ``plat_secondary_cold_boot_setup()`` platform porting interfaces do not need
    to be implemented in this case.
 
+-  ``COT``: When Trusted Boot is enabled, selects the desired chain of trust.
+   Defaults to ``tbbr``.
+
 -  ``CRASH_REPORTING``: A non-zero value enables a console dump of processor
    register state when an unexpected exception occurs during execution of
    BL31. This option defaults to the value of ``DEBUG`` - i.e. by default
diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk
index 53832c5..a211f66 100644
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2016-2019, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2016-2020, ARM Limited and Contributors. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@@ -201,6 +201,9 @@
 # Build option to choose whether Trusted Firmware uses library at ROM
 USE_ROMLIB			:= 0
 
+# Chain of trust.
+COT				:= tbbr
+
 # Use tbbr_oid.h instead of platform_oid.h
 USE_TBBR_DEFS			:= 1
 
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index 9d4f05e..c8b7ab4 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@@ -254,7 +254,13 @@
     AUTH_SOURCES	:=	drivers/auth/auth_mod.c				\
 				drivers/auth/crypto_mod.c			\
 				drivers/auth/img_parser_mod.c			\
-				drivers/auth/tbbr/tbbr_cot.c			\
+
+    # Include the selected chain of trust sources.
+    ifeq (${COT},tbbr)
+        AUTH_SOURCES	+=	drivers/auth/tbbr/tbbr_cot.c
+    else
+        $(error Unknown chain of trust ${COT})
+    endif
 
     BL1_SOURCES		+=	${AUTH_SOURCES}					\
 				bl1/tbbr/tbbr_img_desc.c			\