diff --git a/drivers/auth/tbbr/tbbr_cot.c b/drivers/auth/tbbr/tbbr_cot.c
index 01d6fb5..6ad0059 100644
--- a/drivers/auth/tbbr/tbbr_cot.c
+++ b/drivers/auth/tbbr/tbbr_cot.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -27,6 +27,8 @@
  * established, we can reuse some of the buffers on different stages
  */
 static unsigned char tb_fw_hash_buf[HASH_DER_LEN];
+static unsigned char tb_fw_config_hash_buf[HASH_DER_LEN];
+static unsigned char hw_config_hash_buf[HASH_DER_LEN];
 static unsigned char scp_fw_hash_buf[HASH_DER_LEN];
 static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
 static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
@@ -70,6 +72,10 @@
 
 static auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC(
 		AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID);
+static auth_param_type_desc_t tb_fw_config_hash = AUTH_PARAM_TYPE_DESC(
+		AUTH_PARAM_HASH, TRUSTED_BOOT_FW_CONFIG_HASH_OID);
+static auth_param_type_desc_t hw_config_hash = AUTH_PARAM_TYPE_DESC(
+		AUTH_PARAM_HASH, HW_CONFIG_HASH_OID);
 static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC(
 		AUTH_PARAM_HASH, SCP_FW_HASH_OID);
 static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
@@ -125,6 +131,20 @@
 					.ptr = (void *)tb_fw_hash_buf,
 					.len = (unsigned int)HASH_DER_LEN
 				}
+			},
+			[1] = {
+				.type_desc = &tb_fw_config_hash,
+				.data = {
+					.ptr = (void *)tb_fw_config_hash_buf,
+					.len = (unsigned int)HASH_DER_LEN
+				}
+			},
+			[2] = {
+				.type_desc = &hw_config_hash,
+				.data = {
+					.ptr = (void *)hw_config_hash_buf,
+					.len = (unsigned int)HASH_DER_LEN
+				}
 			}
 		}
 	},
@@ -142,6 +162,36 @@
 			}
 		}
 	},
+	/* HW Config */
+	[HW_CONFIG_ID] = {
+		.img_id = HW_CONFIG_ID,
+		.img_type = IMG_RAW,
+		.parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID],
+		.img_auth_methods = {
+			[0] = {
+				.type = AUTH_METHOD_HASH,
+				.param.hash = {
+					.data = &raw_data,
+					.hash = &hw_config_hash,
+				}
+			}
+		}
+	},
+	/* TB FW Config */
+	[TB_FW_CONFIG_ID] = {
+		.img_id = TB_FW_CONFIG_ID,
+		.img_type = IMG_RAW,
+		.parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID],
+		.img_auth_methods = {
+			[0] = {
+				.type = AUTH_METHOD_HASH,
+				.param.hash = {
+					.data = &raw_data,
+					.hash = &tb_fw_config_hash,
+				}
+			}
+		}
+	},
 	/*
 	 * Trusted key certificate
 	 */
diff --git a/include/common/tbbr/tbbr_img_def.h b/include/common/tbbr/tbbr_img_def.h
index 3e68b64..5a40581 100644
--- a/include/common/tbbr/tbbr_img_def.h
+++ b/include/common/tbbr/tbbr_img_def.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -60,4 +60,10 @@
 /* Secure Payload BL32_EXTRA2 (Trusted OS Extra2) */
 #define BL32_EXTRA2_IMAGE_ID		22
 
+/* HW_CONFIG (e.g. Kernel DT) */
+#define HW_CONFIG_ID		23
+
+/* TB_FW_CONFIG */
+#define TB_FW_CONFIG_ID		24
+
 #endif /* __TBBR_IMG_DEF_H__ */