diff --git a/Makefile b/Makefile
index bc5604be2..160cd44cc 100644
--- a/Makefile
+++ b/Makefile
@@ -121,6 +121,10 @@ else ifeq (${BRANCH_PROTECTION},3)
 	# Extend the signing to include leaf functions
 	BP_OPTION := pac-ret+leaf
 	ENABLE_PAUTH := 1
+else ifeq (${BRANCH_PROTECTION},4)
+	# Turn on branch target identification mechanism
+	BP_OPTION := bti
+	ENABLE_BTI := 1
 else
         $(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION})
 endif
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index f207886fb..81903e140 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -88,6 +88,7 @@ Common build options
 -  1: Enables all types of branch protection features
 -  2: Return address signing to its standard level
 -  3: Extend the signing to include leaf functions
+-  4: Turn on branch target identification mechanism
 
    The table below summarizes ``BRANCH_PROTECTION`` values, GCC compilation options
    and resulting PAuth/BTI features.
@@ -103,6 +104,8 @@ Common build options
    +-------+--------------+-------+-----+
    |   3   | pac-ret+leaf |   Y   |  N  |
    +-------+--------------+-------+-----+
+   |   4   |     bti      |   N   |  Y  |
+   +-------+--------------+-------+-----+
 
    This option defaults to 0 and this is an experimental feature.
    Note that Pointer Authentication is enabled for Non-secure world