diff --git a/drivers/auth/mbedtls/mbedtls_common.c b/drivers/auth/mbedtls/mbedtls_common.c
index c71f81ea04e785d62c27479058ecae23af6c48e0..aad49a7152ef58789eadb25371a9ee24240cf416 100644
--- a/drivers/auth/mbedtls/mbedtls_common.c
+++ b/drivers/auth/mbedtls/mbedtls_common.c
@@ -12,9 +12,9 @@
 /*
  * mbed TLS heap
  */
-#if (TBBR_KEY_ALG_ID == TBBR_ECDSA)
+#if (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA)
 #define MBEDTLS_HEAP_SIZE		(14*1024)
-#elif (TBBR_KEY_ALG_ID == TBBR_RSA)
+#elif (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA)
 #define MBEDTLS_HEAP_SIZE		(8*1024)
 #endif
 static unsigned char heap[MBEDTLS_HEAP_SIZE];
diff --git a/drivers/auth/mbedtls/mbedtls_crypto.mk b/drivers/auth/mbedtls/mbedtls_crypto.mk
index 578fc106e70e400205992121bbeef2669e31fbed..cb81d4d6741cf1be452b303ae30fdb4a6fbf7afe 100644
--- a/drivers/auth/mbedtls/mbedtls_crypto.mk
+++ b/drivers/auth/mbedtls/mbedtls_crypto.mk
@@ -6,10 +6,20 @@
 
 include drivers/auth/mbedtls/mbedtls_common.mk
 
-# The platform may define the variable 'MBEDTLS_KEY_ALG' to select the key
+# The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key
 # algorithm to use. Default algorithm is RSA.
-ifeq (${MBEDTLS_KEY_ALG},)
-    MBEDTLS_KEY_ALG		:=	rsa
+ifeq (${TF_MBEDTLS_KEY_ALG},)
+    TF_MBEDTLS_KEY_ALG		:=	rsa
+endif
+
+# If MBEDTLS_KEY_ALG build flag is defined use it to set TF_MBEDTLS_KEY_ALG for
+# backward compatibility
+ifdef MBEDTLS_KEY_ALG
+    ifeq (${ERROR_DEPRECATED},1)
+        $(error "MBEDTLS_KEY_ALG is deprecated. Please use the new build flag TF_MBEDTLS_KEY_ALG")
+    endif
+    $(warning "MBEDTLS_KEY_ALG is deprecated. Please use the new build flag TF_MBEDTLS_KEY_ALG")
+    TF_MBEDTLS_KEY_ALG	:= ${MBEDTLS_KEY_ALG}
 endif
 
 MBEDTLS_CRYPTO_SOURCES		:=	drivers/auth/mbedtls/mbedtls_crypto.c	\
@@ -25,24 +35,24 @@ MBEDTLS_CRYPTO_SOURCES		:=	drivers/auth/mbedtls/mbedtls_crypto.c	\
 					)
 
 # Key algorithm specific files
-ifeq (${MBEDTLS_KEY_ALG},ecdsa)
+ifeq (${TF_MBEDTLS_KEY_ALG},ecdsa)
     MBEDTLS_CRYPTO_SOURCES	+=	$(addprefix ${MBEDTLS_DIR}/library/,	\
     					ecdsa.c					\
     					ecp_curves.c				\
     					ecp.c					\
     					)
-    TBBR_KEY_ALG_ID		:=	TBBR_ECDSA
-else ifeq (${MBEDTLS_KEY_ALG},rsa)
+    TF_MBEDTLS_KEY_ALG_ID	:=	TF_MBEDTLS_ECDSA
+else ifeq (${TF_MBEDTLS_KEY_ALG},rsa)
     MBEDTLS_CRYPTO_SOURCES	+=	$(addprefix ${MBEDTLS_DIR}/library/,	\
     					rsa.c					\
     					)
-    TBBR_KEY_ALG_ID		:=	TBBR_RSA
+    TF_MBEDTLS_KEY_ALG_ID	:=	TF_MBEDTLS_RSA
 else
-    $(error "MBEDTLS_KEY_ALG=${MBEDTLS_KEY_ALG} not supported on mbed TLS")
+    $(error "TF_MBEDTLS_KEY_ALG=${TF_MBEDTLS_KEY_ALG} not supported on mbed TLS")
 endif
 
 # Needs to be set to drive mbed TLS configuration correctly
-$(eval $(call add_define,TBBR_KEY_ALG_ID))
+$(eval $(call add_define,TF_MBEDTLS_KEY_ALG_ID))
 
 BL1_SOURCES			+=	${MBEDTLS_CRYPTO_SOURCES}
 BL2_SOURCES			+=	${MBEDTLS_CRYPTO_SOURCES}
diff --git a/include/drivers/auth/mbedtls/mbedtls_config.h b/include/drivers/auth/mbedtls/mbedtls_config.h
index edb294aba25edfde41bcf9fb101222bf12bda265..7d8d17c357b1fd90faf76c10bc80e0e1abac0650 100644
--- a/include/drivers/auth/mbedtls/mbedtls_config.h
+++ b/include/drivers/auth/mbedtls/mbedtls_config.h
@@ -9,8 +9,8 @@
 /*
  * Key algorithms currently supported on mbed TLS libraries
  */
-#define TBBR_RSA	1
-#define TBBR_ECDSA	2
+#define TF_MBEDTLS_RSA		1
+#define TF_MBEDTLS_ECDSA	2
 
 /*
  * Configuration file to build mbed TLS with the required features for
@@ -45,11 +45,11 @@
 
 #define MBEDTLS_PLATFORM_C
 
-#if (TBBR_KEY_ALG_ID == TBBR_ECDSA)
+#if (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA)
 #define MBEDTLS_ECDSA_C
 #define MBEDTLS_ECP_C
 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#elif (TBBR_KEY_ALG_ID == TBBR_RSA)
+#elif (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA)
 #define MBEDTLS_RSA_C
 #endif
 
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index d51c123d734aa827b8c3b0de8fe9b32a8ba8c731..58fc94ec661f00c9117f15e90d7f34ae6b9cb17f 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -171,7 +171,7 @@ ifneq (${TRUSTED_BOARD_BOOT},0)
 
     $(eval $(call FWU_FIP_ADD_IMG,NS_BL2U,--fwu))
 
-    MBEDTLS_KEY_ALG	:=	${KEY_ALG}
+    TF_MBEDTLS_KEY_ALG	:=	${KEY_ALG}
 
     # We expect to locate the *.mk files under the directories specified below
     CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk