diff --git a/docs/porting-guide.md b/docs/porting-guide.md
index c7b9e89..047e225 100644
--- a/docs/porting-guide.md
+++ b/docs/porting-guide.md
@@ -299,6 +299,12 @@
     Firmware Update (FWU) certificate identifier, used by NS_BL1U to load the
     FWU content certificate.
 
+*   **#define : PLAT_CRYPTOCELL_BASE**
+
+    This defines the base address of ARM® TrustZone® CryptoCell and must be
+    defined if CryptoCell crypto driver is used for Trusted Board Boot. For
+    capable ARM platforms, this driver is used if `ARM_CRYPTOCELL_INTEG` is
+    set.
 
 If the AP Firmware Updater Configuration image, BL2U is used, the following
 must also be defined:
diff --git a/docs/user-guide.md b/docs/user-guide.md
index 29691c5..ea2874d 100644
--- a/docs/user-guide.md
+++ b/docs/user-guide.md
@@ -623,6 +623,11 @@
     with version 1 of the translation tables library instead of version 2. It is
     set to 0 by default, which selects version 2.
 
+*   `ARM_CRYPTOCELL_INTEG` : bool option to enable Trusted Firmware to invoke
+    ARM® TrustZone® CryptoCell functionality for Trusted Board Boot on capable
+    ARM platforms. If this option is specified, then the path to the CryptoCell
+    SBROM library must be specified via `CCSBROM_LIB_PATH` flag.
+
 For a better understanding of these options, the ARM development platform memory
 map is explained in the [Firmware Design].
 
diff --git a/include/plat/arm/common/arm_def.h b/include/plat/arm/common/arm_def.h
index ea30954..5dae30e 100644
--- a/include/plat/arm/common/arm_def.h
+++ b/include/plat/arm/common/arm_def.h
@@ -83,6 +83,18 @@
 #define ARM_AP_TZC_DRAM1_END		(ARM_AP_TZC_DRAM1_BASE +	\
 					 ARM_AP_TZC_DRAM1_SIZE - 1)
 
+/* Define the Access permissions for Secure peripherals to NS_DRAM */
+#if ARM_CRYPTOCELL_INTEG
+/*
+ * Allow Secure peripheral to read NS DRAM when integrated with CryptoCell.
+ * This is required by CryptoCell to authenticate BL33 which is loaded
+ * into the Non Secure DDR.
+ */
+#define ARM_TZC_NS_DRAM_S_ACCESS	TZC_REGION_S_RD
+#else
+#define ARM_TZC_NS_DRAM_S_ACCESS	TZC_REGION_S_NONE
+#endif
+
 
 #define ARM_NS_DRAM1_BASE		ARM_DRAM1_BASE
 #define ARM_NS_DRAM1_SIZE		(ARM_DRAM1_SIZE -		\
diff --git a/plat/arm/board/juno/include/platform_def.h b/plat/arm/board/juno/include/platform_def.h
index 68c38ee..ea128b6 100644
--- a/plat/arm/board/juno/include/platform_def.h
+++ b/plat/arm/board/juno/include/platform_def.h
@@ -26,6 +26,9 @@
 #define PLATFORM_CORE_COUNT		(JUNO_CLUSTER0_CORE_COUNT + \
 					JUNO_CLUSTER1_CORE_COUNT)
 
+/* Cryptocell HW Base address */
+#define PLAT_CRYPTOCELL_BASE		0x60050000
+
 /*
  * Other platform porting definitions are provided by included headers
  */
diff --git a/plat/arm/common/aarch64/arm_helpers.S b/plat/arm/common/aarch64/arm_helpers.S
index 86565f5..b53e60d 100644
--- a/plat/arm/common/aarch64/arm_helpers.S
+++ b/plat/arm/common/aarch64/arm_helpers.S
@@ -115,3 +115,51 @@
 	ret
 endfunc arm_disable_spe
 #endif
+
+/*
+ * Need to use coherent stack when ARM Cryptocell is used to autheticate images
+ * since Cryptocell uses DMA to transfer data and it is not coherent with the
+ * AP CPU.
+ */
+#if ARM_CRYPTOCELL_INTEG
+#if defined(IMAGE_BL1) || defined(IMAGE_BL2)
+	.globl	plat_get_my_stack
+	.globl	plat_set_my_stack
+	.local	platform_coherent_stacks
+
+	/* -------------------------------------------------------
+	 * uintptr_t plat_get_my_stack ()
+	 *
+	 * For cold-boot BL images, only the primary CPU needs a
+	 * stack. This function returns the stack pointer for a
+	 * stack allocated in coherent memory.
+	 * -------------------------------------------------------
+	 */
+func plat_get_my_stack
+	get_up_stack platform_coherent_stacks, PLATFORM_STACK_SIZE
+	ret
+endfunc plat_get_my_stack
+
+	/* -------------------------------------------------------
+	 * void plat_set_my_stack ()
+	 *
+	 * For cold-boot BL images, only the primary CPU needs a
+	 * stack. This function sets the stack pointer to a stack
+	 * allocated in coherent memory.
+	 * -------------------------------------------------------
+	 */
+func plat_set_my_stack
+	get_up_stack platform_coherent_stacks, PLATFORM_STACK_SIZE
+	mov sp, x0
+	ret
+endfunc plat_set_my_stack
+
+	/* ----------------------------------------------------
+	 * Single cpu stack in coherent memory.
+	 * ----------------------------------------------------
+	 */
+declare_stack platform_coherent_stacks, tzfw_coherent_mem, \
+		PLATFORM_STACK_SIZE, 1, CACHE_WRITEBACK_GRANULE
+
+#endif	/* defined(IMAGE_BL1) || defined(IMAGE_BL2) */
+#endif	/* ARM_CRYPTOCELL_INTEG */
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index 5cc1a0a..e0b7af4 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -94,6 +94,11 @@
 # Use generic OID definition (tbbr_oid.h)
 USE_TBBR_DEFS			:=	1
 
+# Disable ARM Cryptocell by default
+ARM_CRYPTOCELL_INTEG		:=	0
+$(eval $(call assert_boolean,ARM_CRYPTOCELL_INTEG))
+$(eval $(call add_define,ARM_CRYPTOCELL_INTEG))
+
 PLAT_INCLUDES		+=	-Iinclude/common/tbbr				\
 				-Iinclude/plat/arm/common
 
@@ -181,7 +186,11 @@
     TF_MBEDTLS_KEY_ALG	:=	${KEY_ALG}
 
     # We expect to locate the *.mk files under the directories specified below
+ifeq (${ARM_CRYPTOCELL_INTEG},0)
     CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
+else
+    CRYPTO_LIB_MK := drivers/auth/cryptocell/cryptocell_crypto.mk
+endif
     IMG_PARSER_LIB_MK := drivers/auth/mbedtls/mbedtls_x509.mk
 
     $(info Including ${CRYPTO_LIB_MK})
diff --git a/plat/arm/common/arm_tzc400.c b/plat/arm/common/arm_tzc400.c
index c09814e..1d61c57 100644
--- a/plat/arm/common/arm_tzc400.c
+++ b/plat/arm/common/arm_tzc400.c
@@ -34,6 +34,7 @@
 	tzc400_disable_filters();
 
 #ifndef EL3_PAYLOAD_BASE
+
 	/* Region 0 set to no access by default */
 	tzc400_configure_region0(TZC_REGION_S_NONE, 0);
 
@@ -47,13 +48,13 @@
 	 * Apply the same configuration to given filters in the TZC. */
 	tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 2,
 			ARM_NS_DRAM1_BASE, ARM_NS_DRAM1_END,
-			TZC_REGION_S_NONE,
+			ARM_TZC_NS_DRAM_S_ACCESS,
 			PLAT_ARM_TZC_NS_DEV_ACCESS);
 
 	/* Region 3 set to cover Non-Secure access to 2nd DRAM address range */
 	tzc400_configure_region(PLAT_ARM_TZC_FILTERS, 3,
 			ARM_DRAM2_BASE, ARM_DRAM2_END,
-			TZC_REGION_S_NONE,
+			ARM_TZC_NS_DRAM_S_ACCESS,
 			PLAT_ARM_TZC_NS_DEV_ACCESS);
 #else
 	/* Allow secure access only to DRAM for EL3 payloads. */
diff --git a/plat/arm/common/arm_tzc_dmc500.c b/plat/arm/common/arm_tzc_dmc500.c
index f6dc95b..21ca4e8 100644
--- a/plat/arm/common/arm_tzc_dmc500.c
+++ b/plat/arm/common/arm_tzc_dmc500.c
@@ -41,14 +41,14 @@
 	tzc_dmc500_configure_region(2,
 		ARM_NS_DRAM1_BASE,
 		ARM_NS_DRAM1_END,
-		TZC_REGION_S_NONE,
+		ARM_TZC_NS_DRAM_S_ACCESS,
 		PLAT_ARM_TZC_NS_DEV_ACCESS);
 
 	/* Region 3 set to cover Non-Secure access to 2nd DRAM address range */
 	tzc_dmc500_configure_region(3,
 		ARM_DRAM2_BASE,
 		ARM_DRAM2_END,
-		TZC_REGION_S_NONE,
+		ARM_TZC_NS_DRAM_S_ACCESS,
 		PLAT_ARM_TZC_NS_DEV_ACCESS);
 #else
 	/* Allow secure access only to DRAM for EL3 payloads */