diff --git a/include/tools_share/tbbr_oid.h b/include/tools_share/tbbr_oid.h
index c789f790f75c3d613cd1494382e98d3d5860ac27..52b43ab3e3a6764ee2e8bc8428f37eddb3894cc3 100644
--- a/include/tools_share/tbbr_oid.h
+++ b/include/tools_share/tbbr_oid.h
@@ -160,4 +160,7 @@
 #define SP_PKG7_HASH_OID			"1.3.6.1.4.1.4128.2100.1307"
 #define SP_PKG8_HASH_OID			"1.3.6.1.4.1.4128.2100.1308"
 
+#ifdef PLAT_DEF_OID
+#include <platform_oid.h>
+#endif
 #endif /* TBBR_OID_H */
diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile
index c3c8bcf5e94534667d52d40551ffeb80de5fca36..77d2007d51b4bf966c6ac876397606ff603e9c46 100644
--- a/tools/cert_create/Makefile
+++ b/tools/cert_create/Makefile
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@@ -16,6 +16,12 @@ MAKE_HELPERS_DIRECTORY := ../../make_helpers/
 include ${MAKE_HELPERS_DIRECTORY}build_macros.mk
 include ${MAKE_HELPERS_DIRECTORY}build_env.mk
 
+ifneq (${PLAT},none)
+TF_PLATFORM_ROOT	:=	../../plat/
+include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk
+PLAT_CERT_CREATE_HELPER_MK := ${PLAT_DIR}/cert_create_tbbr.mk
+endif
+
 # Common source files.
 OBJECTS := src/cert.o \
            src/cmd_opt.o \
@@ -33,6 +39,10 @@ else
   $(error Unknown chain of trust ${COT})
 endif
 
+ifneq (,$(wildcard ${PLAT_CERT_CREATE_HELPER_MK}))
+include ${PLAT_CERT_CREATE_HELPER_MK}
+endif
+
 HOSTCCFLAGS := -Wall -std=c99
 
 ifeq (${DEBUG},1)
@@ -51,7 +61,7 @@ HOSTCCFLAGS += ${DEFINES}
 
 # Make soft links and include from local directory otherwise wrong headers
 # could get pulled in from firmware tree.
-INC_DIR := -I ./include -I ${PLAT_INCLUDE} -I ${OPENSSL_DIR}/include
+INC_DIR += -I ./include -I ${PLAT_INCLUDE} -I ${OPENSSL_DIR}/include
 LIB_DIR := -L ${OPENSSL_DIR}/lib
 LIB := -lssl -lcrypto
 
diff --git a/tools/cert_create/include/cert.h b/tools/cert_create/include/cert.h
index daf27a78a73eb6b2fc9fb49a2e41d763c21e2e53..e63b4740aea2bd1f876b3b7709c2e1e2b2af3cad 100644
--- a/tools/cert_create/include/cert.h
+++ b/tools/cert_create/include/cert.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -57,11 +57,20 @@ int cert_new(
 
 /* Macro to register the certificates used in the CoT */
 #define REGISTER_COT(_certs) \
-	cert_t *certs = &_certs[0]; \
-	const unsigned int num_certs = sizeof(_certs)/sizeof(_certs[0])
+	cert_t *def_certs = &_certs[0]; \
+	const unsigned int num_def_certs = sizeof(_certs)/sizeof(_certs[0])
+
+/* Macro to register the platform defined certificates used in the CoT */
+#define PLAT_REGISTER_COT(_pdef_certs) \
+	cert_t *pdef_certs = &_pdef_certs[0]; \
+	const unsigned int num_pdef_certs = sizeof(_pdef_certs)/sizeof(_pdef_certs[0])
 
 /* Exported variables */
-extern cert_t *certs;
-extern const unsigned int num_certs;
+extern cert_t *def_certs;
+extern const unsigned int num_def_certs;
+extern cert_t *pdef_certs;
+extern const unsigned int num_pdef_certs;
 
+extern cert_t *certs;
+extern unsigned int num_certs;
 #endif /* CERT_H */
diff --git a/tools/cert_create/include/ext.h b/tools/cert_create/include/ext.h
index 9c0b5c38a5283207ffbb6da152576af64101a729..e900a6dc4afec679b06fdcf93baf1df74e5263e5 100644
--- a/tools/cert_create/include/ext.h
+++ b/tools/cert_create/include/ext.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -75,11 +75,20 @@ X509_EXTENSION *ext_new_key(int nid, int crit, EVP_PKEY *k);
 
 /* Macro to register the extensions used in the CoT */
 #define REGISTER_EXTENSIONS(_ext) \
-	ext_t *extensions = &_ext[0]; \
-	const unsigned int num_extensions = sizeof(_ext)/sizeof(_ext[0])
+	ext_t *def_extensions = &_ext[0]; \
+	const unsigned int num_def_extensions = sizeof(_ext)/sizeof(_ext[0])
+
+/* Macro to register the platform defined extensions used in the CoT */
+#define PLAT_REGISTER_EXTENSIONS(_pdef_ext) \
+	ext_t *pdef_extensions = &_pdef_ext[0]; \
+	const unsigned int num_pdef_extensions = sizeof(_pdef_ext)/sizeof(_pdef_ext[0])
 
 /* Exported variables */
-extern ext_t *extensions;
-extern const unsigned int num_extensions;
+extern ext_t *def_extensions;
+extern const unsigned int num_def_extensions;
+extern ext_t *pdef_extensions;
+extern const unsigned int num_pdef_extensions;
 
+extern ext_t *extensions;
+extern unsigned int num_extensions;
 #endif /* EXT_H */
diff --git a/tools/cert_create/include/key.h b/tools/cert_create/include/key.h
index d96d9839a2a05315591a49ccc062330c7faa429a..128e7f7b42d5d89032845f509454013eb3410d17 100644
--- a/tools/cert_create/include/key.h
+++ b/tools/cert_create/include/key.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -73,11 +73,20 @@ int key_store(key_t *key);
 
 /* Macro to register the keys used in the CoT */
 #define REGISTER_KEYS(_keys) \
-	key_t *keys = &_keys[0]; \
-	const unsigned int num_keys = sizeof(_keys)/sizeof(_keys[0])
+	key_t *def_keys = &_keys[0]; \
+	const unsigned int num_def_keys = sizeof(_keys)/sizeof(_keys[0])
+
+/* Macro to register the platform defined keys used in the CoT */
+#define PLAT_REGISTER_KEYS(_pdef_keys) \
+	key_t *pdef_keys = &_pdef_keys[0]; \
+	const unsigned int num_pdef_keys = sizeof(_pdef_keys)/sizeof(_pdef_keys[0])
 
 /* Exported variables */
-extern key_t *keys;
-extern const unsigned int num_keys;
+extern key_t *def_keys;
+extern const unsigned int num_def_keys;
+extern key_t *pdef_keys;
+extern const unsigned int num_pdef_keys;
 
+extern key_t *keys;
+extern unsigned int num_keys;
 #endif /* KEY_H */
diff --git a/tools/cert_create/src/cert.c b/tools/cert_create/src/cert.c
index 153f5557df276b4921ad6a800c20ab96a105b2f7..4b35d735aa782e70dead05c7e24f2862ce3138b7 100644
--- a/tools/cert_create/src/cert.c
+++ b/tools/cert_create/src/cert.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -24,6 +24,9 @@
 #define SERIAL_RAND_BITS	64
 #define RSA_SALT_LEN		32
 
+cert_t *certs;
+unsigned int num_certs;
+
 int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
 {
 	BIGNUM *btmp;
@@ -220,6 +223,28 @@ int cert_init(void)
 	cert_t *cert;
 	unsigned int i;
 
+	certs = malloc((num_def_certs * sizeof(def_certs[0]))
+#ifdef PDEF_CERTS
+		       + (num_pdef_certs * sizeof(pdef_certs[0]))
+#endif
+		       );
+	if (certs == NULL) {
+		ERROR("%s:%d Failed to allocate memory.\n", __func__, __LINE__);
+		return 1;
+	}
+
+	memcpy(&certs[0], &def_certs[0],
+	       (num_def_certs * sizeof(def_certs[0])));
+
+#ifdef PDEF_CERTS
+	memcpy(&certs[num_def_certs], &pdef_certs[0],
+	       (num_pdef_certs * sizeof(pdef_certs[0])));
+
+	num_certs = num_def_certs + num_pdef_certs;
+#else
+	num_certs = num_def_certs;
+#endif
+
 	for (i = 0; i < num_certs; i++) {
 		cert = &certs[i];
 		cmd_opt.long_opt.name = cert->opt;
diff --git a/tools/cert_create/src/ext.c b/tools/cert_create/src/ext.c
index 65dd3e583dba71e164d802bf3b0b83473dbc4a15..28821238fc536d17889f4586884d89161ae5fc6d 100644
--- a/tools/cert_create/src/ext.c
+++ b/tools/cert_create/src/ext.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -13,8 +13,12 @@
 #include <openssl/x509v3.h>
 
 #include "cmd_opt.h"
+#include "debug.h"
 #include "ext.h"
 
+ext_t *extensions;
+unsigned int num_extensions;
+
 DECLARE_ASN1_ITEM(ASN1_INTEGER)
 DECLARE_ASN1_ITEM(X509_ALGOR)
 DECLARE_ASN1_ITEM(ASN1_OCTET_STRING)
@@ -51,6 +55,26 @@ int ext_init(void)
 	int nid, ret;
 	unsigned int i;
 
+	extensions = malloc((num_def_extensions * sizeof(def_extensions[0]))
+#ifdef PDEF_EXTS
+			    + (num_pdef_extensions * sizeof(pdef_extensions[0]))
+#endif
+			    );
+	if (extensions == NULL) {
+		ERROR("%s:%d Failed to allocate memory.\n", __func__, __LINE__);
+		return 1;
+	}
+
+	memcpy(&extensions[0], &def_extensions[0],
+	       (num_def_extensions * sizeof(def_extensions[0])));
+#ifdef PDEF_EXTS
+	memcpy(&extensions[num_def_extensions], &pdef_extensions[0],
+		(num_pdef_extensions * sizeof(pdef_extensions[0])));
+	num_extensions = num_def_extensions + num_pdef_extensions;
+#else
+	num_extensions = num_def_extensions;
+#endif
+
 	for (i = 0; i < num_extensions; i++) {
 		ext = &extensions[i];
 		/* Register command line option */
diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c
index fcc9d53162de8bb8eea12a066c2ffcb9032acc09..64359756ff7d0709bc5d162e6b66948ba2336dfd 100644
--- a/tools/cert_create/src/key.c
+++ b/tools/cert_create/src/key.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -21,6 +21,9 @@
 
 #define MAX_FILENAME_LEN		1024
 
+key_t *keys;
+unsigned int num_keys;
+
 /*
  * Create a new key container
  */
@@ -182,6 +185,28 @@ int key_init(void)
 	key_t *key;
 	unsigned int i;
 
+	keys = malloc((num_def_keys * sizeof(def_keys[0]))
+#ifdef PDEF_KEYS
+		      + (num_pdef_keys * sizeof(pdef_keys[0]))
+#endif
+		      );
+
+	if (keys == NULL) {
+		ERROR("%s:%d Failed to allocate memory.\n", __func__, __LINE__);
+		return 1;
+	}
+
+	memcpy(&keys[0], &def_keys[0], (num_def_keys * sizeof(def_keys[0])));
+#ifdef PDEF_KEYS
+	memcpy(&keys[num_def_keys], &pdef_keys[0],
+		(num_pdef_keys * sizeof(pdef_keys[0])));
+
+	num_keys = num_def_keys + num_pdef_keys;
+#else
+	num_keys = num_def_keys;
+#endif
+		   ;
+
 	for (i = 0; i < num_keys; i++) {
 		key = &keys[i];
 		if (key->opt != NULL) {
diff --git a/tools/nxp/cert_create_helper/cert_create_tbbr.mk b/tools/nxp/cert_create_helper/cert_create_tbbr.mk
new file mode 100644
index 0000000000000000000000000000000000000000..e3b2e9178f745ead3159053f71b79f115c0c386d
--- /dev/null
+++ b/tools/nxp/cert_create_helper/cert_create_tbbr.mk
@@ -0,0 +1,31 @@
+#
+# Copyright 2021 NXP
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+# Compile time defines used by NXP platforms
+
+PLAT_DEF_OID := yes
+
+ifeq (${PLAT_DEF_OID},yes)
+
+$(eval $(call add_define, PLAT_DEF_OID))
+$(eval $(call add_define, PDEF_KEYS))
+$(eval $(call add_define, PDEF_CERTS))
+$(eval $(call add_define, PDEF_EXTS))
+
+
+INC_DIR += -I../../plat/nxp/common/fip_handler/common/
+
+PDEF_CERT_TOOL_PATH		:=	../nxp/cert_create_helper
+PLAT_INCLUDE			+=	-I${PDEF_CERT_TOOL_PATH}/include
+
+PLAT_OBJECTS			+=	${PDEF_CERT_TOOL_PATH}/src/pdef_tbb_cert.o \
+					${PDEF_CERT_TOOL_PATH}/src/pdef_tbb_ext.o \
+					${PDEF_CERT_TOOL_PATH}/src/pdef_tbb_key.o
+
+$(shell rm ${PLAT_OBJECTS})
+
+OBJECTS				+= ${PLAT_OBJECTS}
+endif
diff --git a/tools/nxp/cert_create_helper/include/pdef_tbb_cert.h b/tools/nxp/cert_create_helper/include/pdef_tbb_cert.h
new file mode 100644
index 0000000000000000000000000000000000000000..f18561979b1182fde31037c140ad1e09dc0a2689
--- /dev/null
+++ b/tools/nxp/cert_create_helper/include/pdef_tbb_cert.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright 2021 NXP
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef PDEF_TBB_CERT_H
+#define PDEF_TBB_CERT_H
+
+#include <tbbr/tbb_cert.h>
+
+/*
+ * Enumerate the certificates that are used to establish the chain of trust
+ */
+enum {
+	DDR_FW_KEY_CERT = FWU_CERT + 1,
+	DDR_UDIMM_FW_CONTENT_CERT,
+	DDR_RDIMM_FW_CONTENT_CERT
+};
+
+#endif /* PDEF_TBB_CERT_H */
diff --git a/tools/nxp/cert_create_helper/include/pdef_tbb_ext.h b/tools/nxp/cert_create_helper/include/pdef_tbb_ext.h
new file mode 100644
index 0000000000000000000000000000000000000000..5fb349cf70bd2f61f3777684179b3825e109a3d4
--- /dev/null
+++ b/tools/nxp/cert_create_helper/include/pdef_tbb_ext.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2021 NXP
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef PDEF_TBB_EXT_H
+#define PDEF_TBB_EXT_H
+
+#include <tbbr/tbb_ext.h>
+
+/* Plat Defined TBBR extensions */
+enum {
+	DDR_FW_CONTENT_CERT_PK_EXT = FWU_HASH_EXT + 1,
+	DDR_IMEM_UDIMM_1D_HASH_EXT,
+	DDR_IMEM_UDIMM_2D_HASH_EXT,
+	DDR_DMEM_UDIMM_1D_HASH_EXT,
+	DDR_DMEM_UDIMM_2D_HASH_EXT,
+	DDR_IMEM_RDIMM_1D_HASH_EXT,
+	DDR_IMEM_RDIMM_2D_HASH_EXT,
+	DDR_DMEM_RDIMM_1D_HASH_EXT,
+	DDR_DMEM_RDIMM_2D_HASH_EXT
+};
+
+#endif /* PDEF_TBB_EXT_H */
diff --git a/tools/nxp/cert_create_helper/include/pdef_tbb_key.h b/tools/nxp/cert_create_helper/include/pdef_tbb_key.h
new file mode 100644
index 0000000000000000000000000000000000000000..b26b651535d677cb84aee0b17a78518f82f66d48
--- /dev/null
+++ b/tools/nxp/cert_create_helper/include/pdef_tbb_key.h
@@ -0,0 +1,18 @@
+/*
+ * Copyright 2021 NXP
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef PDEF_TBB_KEY_H
+#define PDEF_TBB_KEY_H
+
+#include <tbbr/tbb_key.h>
+
+/*
+ * Enumerate the pltform defined keys that are used to establish the chain of trust
+ */
+enum {
+	DDR_FW_CONTENT_KEY = NON_TRUSTED_FW_CONTENT_CERT_KEY + 1,
+};
+#endif /* PDEF_TBB_KEY_H */
diff --git a/tools/nxp/cert_create_helper/src/pdef_tbb_cert.c b/tools/nxp/cert_create_helper/src/pdef_tbb_cert.c
new file mode 100644
index 0000000000000000000000000000000000000000..40bd9282b73fb37c65370e2ec5df087c96b734a7
--- /dev/null
+++ b/tools/nxp/cert_create_helper/src/pdef_tbb_cert.c
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2021 NXP
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <pdef_tbb_cert.h>
+#include <pdef_tbb_ext.h>
+#include <pdef_tbb_key.h>
+
+static cert_t pdef_tbb_certs[] = {
+	[DDR_FW_KEY_CERT - DDR_FW_KEY_CERT] = {
+		.id = DDR_FW_KEY_CERT,
+		.opt = "ddr-fw-key-cert",
+		.help_msg = "DDR Firmware Key Certificate (output file)",
+		.fn = NULL,
+		.cn = "DDR Firmware Key Certificate",
+		.key = TRUSTED_WORLD_KEY,
+		.issuer = DDR_FW_KEY_CERT,
+		.ext = {
+			TRUSTED_FW_NVCOUNTER_EXT,
+			DDR_FW_CONTENT_CERT_PK_EXT,
+		},
+		.num_ext = 2
+	},
+	[DDR_UDIMM_FW_CONTENT_CERT - DDR_FW_KEY_CERT] = {
+		.id = DDR_UDIMM_FW_CONTENT_CERT,
+		.opt = "ddr-udimm-fw-cert",
+		.help_msg = "DDR UDIMM Firmware Content Certificate (output file)",
+		.fn = NULL,
+		.cn = "DDR UDIMM Firmware Content Certificate",
+		.key = DDR_FW_CONTENT_KEY,
+		.issuer = DDR_UDIMM_FW_CONTENT_CERT,
+		.ext = {
+			TRUSTED_FW_NVCOUNTER_EXT,
+			DDR_IMEM_UDIMM_1D_HASH_EXT,
+			DDR_IMEM_UDIMM_2D_HASH_EXT,
+			DDR_DMEM_UDIMM_1D_HASH_EXT,
+			DDR_DMEM_UDIMM_2D_HASH_EXT,
+		},
+		.num_ext = 5
+	},
+	[DDR_RDIMM_FW_CONTENT_CERT - DDR_FW_KEY_CERT] = {
+		.id = DDR_RDIMM_FW_CONTENT_CERT,
+		.opt = "ddr-rdimm-fw-cert",
+		.help_msg = "DDR RDIMM Firmware Content Certificate (output file)",
+		.fn = NULL,
+		.cn = "DDR RDIMM Firmware Content Certificate",
+		.key = DDR_FW_CONTENT_KEY,
+		.issuer = DDR_RDIMM_FW_CONTENT_CERT,
+		.ext = {
+			TRUSTED_FW_NVCOUNTER_EXT,
+			DDR_IMEM_RDIMM_1D_HASH_EXT,
+			DDR_IMEM_RDIMM_2D_HASH_EXT,
+			DDR_DMEM_RDIMM_1D_HASH_EXT,
+			DDR_DMEM_RDIMM_2D_HASH_EXT,
+		},
+		.num_ext = 5
+	}
+};
+
+PLAT_REGISTER_COT(pdef_tbb_certs);
diff --git a/tools/nxp/cert_create_helper/src/pdef_tbb_ext.c b/tools/nxp/cert_create_helper/src/pdef_tbb_ext.c
new file mode 100644
index 0000000000000000000000000000000000000000..f6da6ddde5132aac4e5a76bea26147d1f90f8720
--- /dev/null
+++ b/tools/nxp/cert_create_helper/src/pdef_tbb_ext.c
@@ -0,0 +1,108 @@
+/*
+ * Copyright 2021 NXP
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+
+#if USE_TBBR_DEFS
+#include <tbbr_oid.h>
+#else
+#include <platform_oid.h>
+#endif
+
+#include "ext.h"
+#include "tbbr/tbb_ext.h"
+#include "tbbr/tbb_key.h"
+
+#include <pdef_tbb_ext.h>
+#include <pdef_tbb_key.h>
+
+static ext_t pdef_tbb_ext[] = {
+	[DDR_FW_CONTENT_CERT_PK_EXT - DDR_FW_CONTENT_CERT_PK_EXT] = {
+		.oid = DDR_FW_CONTENT_CERT_PK_OID,
+		.sn = "DDR FirmwareContentCertPK",
+		.ln = "DDR Firmware content certificate public key",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_PKEY,
+		.attr.key = DDR_FW_CONTENT_KEY
+	},
+	[DDR_IMEM_UDIMM_1D_HASH_EXT - DDR_FW_CONTENT_CERT_PK_EXT] = {
+		.oid = DDR_IMEM_UDIMM_1D_HASH_OID,
+		.opt = "ddr-immem-udimm-1d",
+		.help_msg = "DDR Firmware IMEM UDIMM 1D image file",
+		.sn = "DDR UDIMM IMEM 1D FirmwareHash",
+		.ln = "DDR UDIMM IMEM 1D Firmware hash (SHA256)",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH
+	},
+	[DDR_IMEM_UDIMM_2D_HASH_EXT - DDR_FW_CONTENT_CERT_PK_EXT] = {
+		.oid = DDR_IMEM_UDIMM_2D_HASH_OID,
+		.opt = "ddr-immem-udimm-2d",
+		.help_msg = "DDR Firmware IMEM UDIMM 2D image file",
+		.sn = "DDR UDIMM IMEM 2D FirmwareHash",
+		.ln = "DDR UDIMM IMEM 2D Firmware hash (SHA256)",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH
+	},
+	[DDR_DMEM_UDIMM_1D_HASH_EXT - DDR_FW_CONTENT_CERT_PK_EXT] = {
+		.oid = DDR_DMEM_UDIMM_1D_HASH_OID,
+		.opt = "ddr-dmmem-udimm-1d",
+		.help_msg = "DDR Firmware DMEM UDIMM 1D image file",
+		.sn = "DDR UDIMM DMEM 1D FirmwareHash",
+		.ln = "DDR UDIMM DMEM 1D Firmware hash (SHA256)",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH
+	},
+	[DDR_DMEM_UDIMM_2D_HASH_EXT - DDR_FW_CONTENT_CERT_PK_EXT] = {
+		.oid = DDR_DMEM_UDIMM_2D_HASH_OID,
+		.opt = "ddr-dmmem-udimm-2d",
+		.help_msg = "DDR Firmware DMEM UDIMM 2D image file",
+		.sn = "DDR UDIMM DMEM 2D FirmwareHash",
+		.ln = "DDR UDIMM DMEM 2D Firmware hash (SHA256)",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH
+	},
+	[DDR_IMEM_RDIMM_1D_HASH_EXT - DDR_FW_CONTENT_CERT_PK_EXT] = {
+		.oid = DDR_IMEM_RDIMM_1D_HASH_OID,
+		.opt = "ddr-immem-rdimm-1d",
+		.help_msg = "DDR Firmware IMEM RDIMM 1D image file",
+		.sn = "DDR RDIMM IMEM 1D FirmwareHash",
+		.ln = "DDR RDIMM IMEM 1D Firmware hash (SHA256)",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH
+	},
+	[DDR_IMEM_RDIMM_2D_HASH_EXT - DDR_FW_CONTENT_CERT_PK_EXT] = {
+		.oid = DDR_IMEM_RDIMM_2D_HASH_OID,
+		.opt = "ddr-immem-rdimm-2d",
+		.help_msg = "DDR Firmware IMEM RDIMM 2D image file",
+		.sn = "DDR RDIMM IMEM 2D FirmwareHash",
+		.ln = "DDR RDIMM IMEM 2D Firmware hash (SHA256)",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH
+	},
+	[DDR_DMEM_RDIMM_1D_HASH_EXT - DDR_FW_CONTENT_CERT_PK_EXT] = {
+		.oid = DDR_DMEM_RDIMM_1D_HASH_OID,
+		.opt = "ddr-dmmem-rdimm-1d",
+		.help_msg = "DDR Firmware DMEM RDIMM 1D image file",
+		.sn = "DDR RDIMM DMEM 1D FirmwareHash",
+		.ln = "DDR RDIMM DMEM 1D Firmware hash (SHA256)",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH
+	},
+	[DDR_DMEM_RDIMM_2D_HASH_EXT - DDR_FW_CONTENT_CERT_PK_EXT] = {
+		.oid = DDR_DMEM_RDIMM_2D_HASH_OID,
+		.opt = "ddr-dmmem-rdimm-2d",
+		.help_msg = "DDR Firmware DMEM RDIMM 2D image file",
+		.sn = "DDR RDIMM DMEM 2D FirmwareHash",
+		.ln = "DDR RDIMM DMEM 2D Firmware hash (SHA256)",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH
+	}
+};
+
+PLAT_REGISTER_EXTENSIONS(pdef_tbb_ext);
diff --git a/tools/nxp/cert_create_helper/src/pdef_tbb_key.c b/tools/nxp/cert_create_helper/src/pdef_tbb_key.c
new file mode 100644
index 0000000000000000000000000000000000000000..cf2ebda3e307ba7af4c1fc041295e6a23e29db8d
--- /dev/null
+++ b/tools/nxp/cert_create_helper/src/pdef_tbb_key.c
@@ -0,0 +1,18 @@
+/*
+ * Copyright 2021 NXP
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <pdef_tbb_key.h>
+
+static key_t pdef_tbb_keys[] = {
+	[DDR_FW_CONTENT_KEY - DDR_FW_CONTENT_KEY] = {
+		.id = DDR_FW_CONTENT_KEY,
+		.opt = "ddr-fw-key",
+		.help_msg = "DDR Firmware Content Certificate key (input/output file)",
+		.desc = "DDR Firmware Content Certificate key"
+	}
+};
+
+PLAT_REGISTER_KEYS(pdef_tbb_keys);