diff --git a/fdts/tc0.dts b/fdts/tc0.dts
index 15c14cabd..763c813cf 100644
--- a/fdts/tc0.dts
+++ b/fdts/tc0.dts
@@ -106,7 +106,7 @@
 
 	memory@80000000 {
 		device_type = "memory";
-		reg = <0x0 0x80000000 0x0 0x80000000>;
+		reg = <0x0 0x80000000 0x0 0x7d000000>;
 	};
 
 	psci {
diff --git a/include/plat/arm/common/arm_def.h b/include/plat/arm/common/arm_def.h
index c01864306..00746c6da 100644
--- a/include/plat/arm/common/arm_def.h
+++ b/include/plat/arm/common/arm_def.h
@@ -497,9 +497,9 @@
 # elif defined(SPD_spmd)
 #  define TSP_SEC_MEM_BASE		(ARM_AP_TZC_DRAM1_BASE + ULL(0x200000))
 #  define TSP_SEC_MEM_SIZE		(ARM_AP_TZC_DRAM1_SIZE - ULL(0x200000))
-#  define BL32_BASE			PLAT_ARM_TRUSTED_DRAM_BASE
-#  define BL32_LIMIT			(PLAT_ARM_TRUSTED_DRAM_BASE	\
-						+ (UL(1) << 21))
+#  define BL32_BASE			PLAT_ARM_SPMC_BASE
+#  define BL32_LIMIT			(PLAT_ARM_SPMC_BASE +		\
+						 PLAT_ARM_SPMC_SIZE)
 # elif ARM_BL31_IN_DRAM
 #  define TSP_SEC_MEM_BASE		(ARM_AP_TZC_DRAM1_BASE +	\
 						PLAT_ARM_MAX_BL31_SIZE)
diff --git a/plat/arm/board/fvp/include/platform_def.h b/plat/arm/board/fvp/include/platform_def.h
index 50f638924..8defcf837 100644
--- a/plat/arm/board/fvp/include/platform_def.h
+++ b/plat/arm/board/fvp/include/platform_def.h
@@ -43,6 +43,15 @@
 #define PLAT_ARM_TRUSTED_DRAM_BASE	UL(0x06000000)
 #define PLAT_ARM_TRUSTED_DRAM_SIZE	UL(0x02000000)	/* 32 MB */
 
+/*
+ * Max size of SPMC is 2MB for fvp. With SPMD enabled this value corresponds to
+ * max size of BL32 image.
+ */
+#if defined(SPD_spmd)
+#define PLAT_ARM_SPMC_BASE		PLAT_ARM_TRUSTED_DRAM_BASE
+#define PLAT_ARM_SPMC_SIZE		UL(0x200000)  /* 2 MB */
+#endif
+
 /* virtual address used by dynamic mem_protect for chunk_base */
 #define PLAT_ARM_MEM_PROTEC_VA_FRAME	UL(0xc0000000)
 
diff --git a/plat/arm/board/tc0/fdts/tc0_fw_config.dts b/plat/arm/board/tc0/fdts/tc0_fw_config.dts
index 381ce1fcb..4b6abd4d1 100644
--- a/plat/arm/board/tc0/fdts/tc0_fw_config.dts
+++ b/plat/arm/board/tc0/fdts/tc0_fw_config.dts
@@ -14,10 +14,16 @@
 
 		tb_fw-config {
 			load-address = <0x0 0x4001300>;
-			max-size = <0x200>;
+			max-size = <0x400>;
 			id = <TB_FW_CONFIG_ID>;
 		};
 
+		tos_fw-config {
+			load-address = <0x0 0x04001700>;
+			max-size = <0x1000>;
+			id = <TOS_FW_CONFIG_ID>;
+		};
+
 		hw-config {
 			load-address = <0x0 0x83000000>;
 			max-size = <0x01000000>;
diff --git a/plat/arm/board/tc0/fdts/tc0_spmc_manifest.dts b/plat/arm/board/tc0/fdts/tc0_spmc_manifest.dts
new file mode 100644
index 000000000..b6c543ade
--- /dev/null
+++ b/plat/arm/board/tc0/fdts/tc0_spmc_manifest.dts
@@ -0,0 +1,93 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+/dts-v1/;
+
+/ {
+	compatible = "arm,ffa-core-manifest-1.0";
+	#address-cells = <2>;
+	#size-cells = <1>;
+
+	attribute {
+		spmc_id = <0x8000>;
+		maj_ver = <0x1>;
+		min_ver = <0x0>;
+		exec_state = <0x0>;
+		load_address = <0x0 0xfd000000>;
+		entrypoint = <0x0 0xfd000000>;
+		binary_size = <0x80000>;
+	};
+
+	chosen {
+		linux,initrd-start = <0>;
+		linux,initrd-end = <0>;
+	};
+
+	hypervisor {
+		compatible = "hafnium,hafnium";
+		vm1 {
+			is_ffa_partition;
+			debug_name = "cactus-primary";
+			load_address = <0xfe000000>;
+		};
+		vm2 {
+			is_ffa_partition;
+			debug_name = "cactus-secondary";
+			load_address = <0xfe100000>;
+			vcpu_count = <4>;
+			mem_size = <1048576>;
+		};
+		vm3 {
+			is_ffa_partition;
+			debug_name = "cactus-tertiary";
+			load_address = <0xfe200000>;
+			vcpu_count = <4>;
+			mem_size = <1048576>;
+		};
+	};
+
+	cpus {
+		#address-cells = <0x2>;
+		#size-cells = <0x0>;
+
+		CPU0:cpu@0 {
+			device_type = "cpu";
+			compatible = "arm,armv8";
+			reg = <0x0 0x0>;
+			enable-method = "psci";
+		};
+
+		/*
+		 * SPM(Hafnium) requires secondary cpu nodes are declared in
+		 * descending order
+		 */
+		CPU3:cpu@300 {
+			device_type = "cpu";
+			compatible = "arm,armv8";
+			reg = <0x0 0x300>;
+			enable-method = "psci";
+		};
+
+		CPU2:cpu@200 {
+			device_type = "cpu";
+			compatible = "arm,armv8";
+			reg = <0x0 0x200>;
+			enable-method = "psci";
+		};
+
+		CPU1:cpu@100 {
+			device_type = "cpu";
+			compatible = "arm,armv8";
+			reg = <0x0 0x100>;
+			enable-method = "psci";
+		};
+	};
+
+	/* 32MB of TC0_TZC_DRAM1_BASE */
+	memory@fd000000 {
+		device_type = "memory";
+		reg = <0x0 0xfd000000 0x2000000>;
+	};
+};
diff --git a/plat/arm/board/tc0/fdts/tc0_tb_fw_config.dts b/plat/arm/board/tc0/fdts/tc0_tb_fw_config.dts
index 2fd25d9b4..3df94bf92 100644
--- a/plat/arm/board/tc0/fdts/tc0_tb_fw_config.dts
+++ b/plat/arm/board/tc0/fdts/tc0_tb_fw_config.dts
@@ -24,4 +24,24 @@
 		mbedtls_heap_addr = <0x0 0x0>;
 		mbedtls_heap_size = <0x0>;
 	};
+
+	secure-partitions {
+		compatible = "arm,sp";
+		cactus-primary {
+			uuid = <0xb4b5671e 0x4a904fe1 0xb81ffb13 0xdae1dacb>;
+			load-address = <0xfe000000>;
+			owner = "SiP";
+		};
+
+		cactus-secondary {
+			uuid = <0xd1582309 0xf02347b9 0x827c4464 0xf5578fc8>;
+			load-address = <0xfe100000>;
+			owner = "Plat";
+		};
+
+		cactus-tertiary {
+			uuid = <0x79b55c73 0x1d8c44b9 0x859361e1 0x770ad8d2>;
+			load-address = <0xfe200000>;
+		};
+	};
 };
diff --git a/plat/arm/board/tc0/include/platform_def.h b/plat/arm/board/tc0/include/platform_def.h
index 075c4037b..72a035f0a 100644
--- a/plat/arm/board/tc0/include/platform_def.h
+++ b/plat/arm/board/tc0/include/platform_def.h
@@ -21,6 +21,49 @@
 
 #define PLAT_ARM_TRUSTED_SRAM_SIZE	0x00080000	/* 512 KB */
 
+/*
+ * The top 16MB of ARM_DRAM1 is configured as secure access only using the TZC,
+ * its base is ARM_AP_TZC_DRAM1_BASE.
+ *
+ * Reserve 32MB below ARM_AP_TZC_DRAM1_BASE for:
+ *   - BL32_BASE when SPD_spmd is enabled
+ *   - Region to load Trusted OS
+ */
+#define TC0_TZC_DRAM1_BASE		(ARM_AP_TZC_DRAM1_BASE -	\
+					 TC0_TZC_DRAM1_SIZE)
+#define TC0_TZC_DRAM1_SIZE		UL(0x02000000)	/* 32 MB */
+#define TC0_TZC_DRAM1_END		(TC0_TZC_DRAM1_BASE +		\
+					 TC0_TZC_DRAM1_SIZE - 1)
+
+#define TC0_NS_DRAM1_BASE		ARM_DRAM1_BASE
+#define TC0_NS_DRAM1_SIZE		(ARM_DRAM1_SIZE -		\
+					 ARM_TZC_DRAM1_SIZE -		\
+					 TC0_TZC_DRAM1_SIZE)
+#define TC0_NS_DRAM1_END		(TC0_NS_DRAM1_BASE +		\
+					 TC0_NS_DRAM1_SIZE - 1)
+
+/*
+ * Mappings for TC0 DRAM1 (non-secure) and TC0 TZC DRAM1 (secure)
+ */
+#define TC0_MAP_NS_DRAM1		MAP_REGION_FLAT(		\
+						TC0_NS_DRAM1_BASE,	\
+						TC0_NS_DRAM1_SIZE,	\
+						MT_MEMORY | MT_RW | MT_NS)
+
+
+#define TC0_MAP_TZC_DRAM1		MAP_REGION_FLAT(		\
+						TC0_TZC_DRAM1_BASE,	\
+						TC0_TZC_DRAM1_SIZE,	\
+						MT_MEMORY | MT_RW | MT_SECURE)
+/*
+ * Max size of SPMC is 2MB for tc0. With SPMD enabled this value corresponds to
+ * max size of BL32 image.
+ */
+#if defined(SPD_spmd)
+#define PLAT_ARM_SPMC_BASE		TC0_TZC_DRAM1_BASE
+#define PLAT_ARM_SPMC_SIZE		UL(0x200000)  /* 2 MB */
+#endif
+
 /*
  * PLAT_ARM_MMAP_ENTRIES depends on the number of entries in the
  * plat_arm_mmap array defined for each BL stage.
@@ -71,7 +114,7 @@
 #if TRUSTED_BOARD_BOOT
 # define PLAT_ARM_MAX_BL2_SIZE		0x1E000
 #else
-# define PLAT_ARM_MAX_BL2_SIZE		0x11000
+# define PLAT_ARM_MAX_BL2_SIZE		0x14000
 #endif
 
 /*
@@ -206,4 +249,18 @@
 #define PLAT_ARM_TZC_NS_DEV_ACCESS	\
 		(TZC_REGION_ACCESS_RDWR(TZC_NSAID_DEFAULT))
 
+/*
+ * The first region below, TC0_TZC_DRAM1_BASE (0xfd000000) to
+ * ARM_SCP_TZC_DRAM1_END (0xffffffff) will mark the last 48 MB of DRAM as
+ * secure. The second region gives non secure access to rest of DRAM.
+ */
+#define TC0_TZC_REGIONS_DEF						\
+	{TC0_TZC_DRAM1_BASE, ARM_SCP_TZC_DRAM1_END,			\
+		TZC_REGION_S_RDWR, PLAT_ARM_TZC_NS_DEV_ACCESS},		\
+	{TC0_NS_DRAM1_BASE, TC0_NS_DRAM1_END, ARM_TZC_NS_DRAM_S_ACCESS, \
+		PLAT_ARM_TZC_NS_DEV_ACCESS}
+
+/* virtual address used by dynamic mem_protect for chunk_base */
+#define PLAT_ARM_MEM_PROTEC_VA_FRAME	UL(0xc0000000)
+
 #endif /* PLATFORM_DEF_H */
diff --git a/plat/arm/board/tc0/platform.mk b/plat/arm/board/tc0/platform.mk
index 05d691ee2..5d2cc38c4 100644
--- a/plat/arm/board/tc0/platform.mk
+++ b/plat/arm/board/tc0/platform.mk
@@ -85,6 +85,14 @@ $(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config,${FW_CONFIG}))
 # Add the TB_FW_CONFIG to FIP and specify the same to certtool
 $(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config,${TB_FW_CONFIG}))
 
+ifeq (${SPD},spmd)
+FDT_SOURCES		+=	${TC0_BASE}/fdts/${PLAT}_spmc_manifest.dts
+TC0_TOS_FW_CONFIG	:=	${BUILD_PLAT}/fdts/${PLAT}_spmc_manifest.dtb
+
+# Add the TOS_FW_CONFIG to FIP and specify the same to certtool
+$(eval $(call TOOL_ADD_PAYLOAD,${TC0_TOS_FW_CONFIG},--tos-fw-config,${TC0_TOS_FW_CONFIG}))
+endif
+
 #Device tree
 TC0_HW_CONFIG_DTS	:=	fdts/tc0.dts
 TC0_HW_CONFIG		:=	${BUILD_PLAT}/fdts/${PLAT}.dtb
@@ -98,6 +106,8 @@ override CTX_INCLUDE_AARCH32_REGS	:= 0
 
 override CTX_INCLUDE_PAUTH_REGS	:= 1
 
+override ENABLE_SPE_FOR_LOWER_ELS	:= 0
+
 include plat/arm/common/arm_common.mk
 include plat/arm/css/common/css_common.mk
 include plat/arm/soc/common/soc_css.mk
diff --git a/plat/arm/board/tc0/tc0_plat.c b/plat/arm/board/tc0/tc0_plat.c
index 05461928d..e12ad56d8 100644
--- a/plat/arm/board/tc0/tc0_plat.c
+++ b/plat/arm/board/tc0/tc0_plat.c
@@ -38,7 +38,10 @@ const mmap_region_t plat_arm_mmap[] = {
 	ARM_MAP_SHARED_RAM,
 	TC0_FLASH0_RO,
 	TC0_MAP_DEVICE,
-	ARM_MAP_NS_DRAM1,
+	TC0_MAP_NS_DRAM1,
+#if defined(SPD_spmd)
+	TC0_MAP_TZC_DRAM1,
+#endif
 #if ARM_BL31_IN_DRAM
 	ARM_MAP_BL31_SEC_DRAM,
 #endif
diff --git a/plat/arm/board/tc0/tc0_security.c b/plat/arm/board/tc0/tc0_security.c
index 5f1cb1159..f54376203 100644
--- a/plat/arm/board/tc0/tc0_security.c
+++ b/plat/arm/board/tc0/tc0_security.c
@@ -8,7 +8,7 @@
 #include <platform_def.h>
 
 static const arm_tzc_regions_info_t tzc_regions[] = {
-	ARM_TZC_REGIONS_DEF,
+	TC0_TZC_REGIONS_DEF,
 	{}
 };