diff --git a/bl31/bl31.mk b/bl31/bl31.mk
index 77779548fca54520c04d890d55809f83c46ebe20..019a19ec9ab6d5557236e33350b695cfe265d6e1 100644
--- a/bl31/bl31.mk
+++ b/bl31/bl31.mk
@@ -8,6 +8,9 @@
 # Include SPM Makefile
 ################################################################################
 ifeq (${ENABLE_SPM},1)
+ifeq (${EL3_EXCEPTION_HANDLING},0)
+  $(error EL3_EXCEPTION_HANDLING must be 1 for SPM support)
+endif
 $(info Including SPM makefile)
 include services/std_svc/spm/spm.mk
 endif
diff --git a/docs/secure-partition-manager-design.rst b/docs/secure-partition-manager-design.rst
index fec7c00c71a0199da80afa862c1b611141a74287..73406b202440632d34c7e9ae721c0283ac917bda 100644
--- a/docs/secure-partition-manager-design.rst
+++ b/docs/secure-partition-manager-design.rst
@@ -125,8 +125,9 @@ Interface). This will be referred to as the *Standalone MM Secure Partition* in
 the rest of this document.
 
 To enable SPM support in TF-A, the source code must be compiled with the build
-flag ``ENABLE_SPM=1``. On Arm platforms the build option ``ARM_BL31_IN_DRAM``
-must be set to 1. Also, the location of the binary that contains the BL32 image
+flag ``ENABLE_SPM=1``, along with ``EL3_EXCEPTION_HANDLING=1``. On Arm
+platforms the build option ``ARM_BL31_IN_DRAM`` must be set to 1. Also, the
+location of the binary that contains the BL32 image
 (``BL32=path/to/image.bin``) must be specified.
 
 First, build the Standalone MM Secure Partition. To build it, refer to the
diff --git a/plat/arm/board/fvp/include/platform_def.h b/plat/arm/board/fvp/include/platform_def.h
index 4fd4aef85b68b7697161b7115ad98cd3d2fc8750..58b68abf91cbdb58fde2914b2b1b8de0edccabc8 100644
--- a/plat/arm/board/fvp/include/platform_def.h
+++ b/plat/arm/board/fvp/include/platform_def.h
@@ -268,4 +268,6 @@
 #define PLAT_ARM_SP_IMAGE_STACK_BASE	(ARM_SP_IMAGE_NS_BUF_BASE +	\
 					 ARM_SP_IMAGE_NS_BUF_SIZE)
 
+#define PLAT_SP_PRI			PLAT_RAS_PRI
+
 #endif /* PLATFORM_DEF_H */
diff --git a/plat/arm/common/aarch64/arm_ehf.c b/plat/arm/common/aarch64/arm_ehf.c
index 665871b4add1146850614b8f3beb99e99411c18b..f313851852013b6949eb4859e4921135f266dea1 100644
--- a/plat/arm/common/aarch64/arm_ehf.c
+++ b/plat/arm/common/aarch64/arm_ehf.c
@@ -23,6 +23,9 @@ ehf_pri_desc_t arm_exceptions[] = {
 	/* Normal priority SDEI */
 	EHF_PRI_DESC(ARM_PRI_BITS, PLAT_SDEI_NORMAL_PRI),
 #endif
+#if ENABLE_SPM
+	EHF_PRI_DESC(ARM_PRI_BITS, PLAT_SP_PRI),
+#endif
 };
 
 /* Plug in ARM exceptions to Exception Handling Framework. */
diff --git a/plat/arm/css/sgi/include/sgi_base_platform_def.h b/plat/arm/css/sgi/include/sgi_base_platform_def.h
index 90eb3360b7b73616792d1e291962a335ff182ebd..1395373ceb83ef17e9891368b5ccb93a6a459afb 100644
--- a/plat/arm/css/sgi/include/sgi_base_platform_def.h
+++ b/plat/arm/css/sgi/include/sgi_base_platform_def.h
@@ -142,6 +142,8 @@
 					SOC_CSS_DEVICE_SIZE,	\
 					MT_DEVICE | MT_RW | MT_SECURE | MT_USER)
 
+#define PLAT_SP_PRI				PLAT_RAS_PRI
+
 #if RAS_EXTENSION
 /* Allocate 128KB for CPER buffers */
 #define PLAT_SP_BUF_BASE			ULL(0x20000)
diff --git a/services/std_svc/spm/spm_main.c b/services/std_svc/spm/spm_main.c
index 585707dc90910003996c4fb5d95649ad17623b81..880e86e49603c23666ddafcb1b07ab7035c85826 100644
--- a/services/std_svc/spm/spm_main.c
+++ b/services/std_svc/spm/spm_main.c
@@ -9,6 +9,7 @@
 #include <bl31.h>
 #include <context_mgmt.h>
 #include <debug.h>
+#include <ehf.h>
 #include <errno.h>
 #include <mm_svc.h>
 #include <platform.h>
@@ -233,6 +234,19 @@ static uint64_t mm_communicate(uint32_t smc_fid, uint64_t mm_cookie,
 		VERBOSE("MM_COMMUNICATE: comm_size_address is not 0 as recommended.\n");
 	}
 
+	/*
+	 * The current secure partition design mandates
+	 * - at any point, only a single core can be
+	 *   executing in the secure partiton.
+	 * - a core cannot be preempted by an interrupt
+	 *   while executing in secure partition.
+	 * Raise the running priority of the core to the
+	 * interrupt level configured for secure partition
+	 * so as to block any interrupt from preempting this
+	 * core.
+	 */
+	ehf_activate_priority(PLAT_SP_PRI);
+
 	/* Save the Normal world context */
 	cm_el1_sysregs_context_save(NON_SECURE);
 
@@ -243,6 +257,12 @@ static uint64_t mm_communicate(uint32_t smc_fid, uint64_t mm_cookie,
 	cm_el1_sysregs_context_restore(NON_SECURE);
 	cm_set_next_eret_context(NON_SECURE);
 
+	/*
+	 * Exited from secure partition. This core can take
+	 * interrupts now.
+	 */
+	ehf_deactivate_priority(PLAT_SP_PRI);
+
 	SMC_RET1(handle, rc);
 }