diff --git a/drivers/measured_boot/rse/dice_prot_env.c b/drivers/measured_boot/rse/dice_prot_env.c
index da98afe18..dad30b2c7 100644
--- a/drivers/measured_boot/rse/dice_prot_env.c
+++ b/drivers/measured_boot/rse/dice_prot_env.c
@@ -115,7 +115,7 @@ int dpe_measure_and_record(struct dpe_metadata *metadata,
 				 metadata->allow_new_context_to_derive,
 				 metadata->create_certificate,
 				 &dice_inputs,
-				 0, /* target_locality */
+				 metadata->target_locality,
 				 false, /* return_certificate */
 				 true, /* allow_new_context_to_export */
 				 false, /* export_cdi */
diff --git a/include/drivers/measured_boot/rse/dice_prot_env.h b/include/drivers/measured_boot/rse/dice_prot_env.h
index e4531987a..e5aef516c 100644
--- a/include/drivers/measured_boot/rse/dice_prot_env.h
+++ b/include/drivers/measured_boot/rse/dice_prot_env.h
@@ -27,6 +27,7 @@ struct dpe_metadata {
 	bool allow_new_context_to_derive;
 	bool retain_parent_context;
 	bool create_certificate;
+	int target_locality;
 	void *pk_oid;
 };
 
diff --git a/plat/arm/board/tc/tc_bl1_dpe.c b/plat/arm/board/tc/tc_bl1_dpe.c
index 3a39c66e3..de5702a71 100644
--- a/plat/arm/board/tc/tc_bl1_dpe.c
+++ b/plat/arm/board/tc/tc_bl1_dpe.c
@@ -29,6 +29,7 @@ struct dpe_metadata tc_dpe_metadata[] = {
 		.allow_new_context_to_derive = false,
 		.retain_parent_context = true,
 		.create_certificate = false,
+		.target_locality = LOCALITY_NONE, /* won't derive don't care */
 		.pk_oid = ZERO_OID },
 	{
 		.id = TB_FW_CONFIG_ID,
@@ -38,6 +39,7 @@ struct dpe_metadata tc_dpe_metadata[] = {
 		.allow_new_context_to_derive = false,
 		.retain_parent_context = true,
 		.create_certificate = false,
+		.target_locality = LOCALITY_NONE, /* won't derive don't care */
 		.pk_oid = ZERO_OID },
 	{
 		.id = BL2_IMAGE_ID,
@@ -46,6 +48,7 @@ struct dpe_metadata tc_dpe_metadata[] = {
 		.sw_type = MBOOT_BL2_IMAGE_STRING,
 		.allow_new_context_to_derive = true,
 		.retain_parent_context = true, /* To handle restart */
+		.target_locality = LOCALITY_AP_S,
 		.create_certificate = false,
 		.pk_oid = ZERO_OID },
 	{
diff --git a/plat/arm/board/tc/tc_bl2_dpe.c b/plat/arm/board/tc/tc_bl2_dpe.c
index 02aca43d9..c56612b42 100644
--- a/plat/arm/board/tc/tc_bl2_dpe.c
+++ b/plat/arm/board/tc/tc_bl2_dpe.c
@@ -39,6 +39,7 @@ struct dpe_metadata tc_dpe_metadata[] = {
 		.allow_new_context_to_derive = false,
 		.retain_parent_context = true,
 		.create_certificate = false,
+		.target_locality = LOCALITY_NONE, /* won't derive don't care */
 		.pk_oid = BL31_IMAGE_KEY_OID },
 	{
 		.id = BL32_IMAGE_ID,
@@ -48,6 +49,7 @@ struct dpe_metadata tc_dpe_metadata[] = {
 		.allow_new_context_to_derive = false,
 		.retain_parent_context = true,
 		.create_certificate = false,
+		.target_locality = LOCALITY_NONE, /* won't derive don't care */
 		.pk_oid = BL32_IMAGE_KEY_OID },
 	{
 		.id = BL33_IMAGE_ID,
@@ -57,6 +59,7 @@ struct dpe_metadata tc_dpe_metadata[] = {
 		.allow_new_context_to_derive = true,
 		.retain_parent_context = true,
 		.create_certificate = false,
+		.target_locality = LOCALITY_AP_NS,
 		.pk_oid = BL33_IMAGE_KEY_OID },
 
 	{
@@ -67,6 +70,7 @@ struct dpe_metadata tc_dpe_metadata[] = {
 		.allow_new_context_to_derive = false,
 		.retain_parent_context = true,
 		.create_certificate = false,
+		.target_locality = LOCALITY_NONE, /* won't derive don't care */
 		.pk_oid = HW_CONFIG_KEY_OID },
 	{
 		.id = NT_FW_CONFIG_ID,
@@ -76,6 +80,7 @@ struct dpe_metadata tc_dpe_metadata[] = {
 		.allow_new_context_to_derive = false,
 		.retain_parent_context = true,
 		.create_certificate = false,
+		.target_locality = LOCALITY_NONE, /* won't derive don't care */
 		.pk_oid = NT_FW_CONFIG_KEY_OID },
 	{
 		.id = SCP_BL2_IMAGE_ID,
@@ -85,6 +90,7 @@ struct dpe_metadata tc_dpe_metadata[] = {
 		.allow_new_context_to_derive = false,
 		.retain_parent_context = true,
 		.create_certificate = false,
+		.target_locality = LOCALITY_NONE, /* won't derive don't care */
 		.pk_oid = SCP_BL2_IMAGE_KEY_OID },
 	{
 		.id = SOC_FW_CONFIG_ID,
@@ -94,6 +100,7 @@ struct dpe_metadata tc_dpe_metadata[] = {
 		.allow_new_context_to_derive = false,
 		.retain_parent_context = true,
 		.create_certificate = false,
+		.target_locality = LOCALITY_NONE, /* won't derive don't care */
 		.pk_oid = SOC_FW_CONFIG_KEY_OID },
 	{
 		.id = TOS_FW_CONFIG_ID,
@@ -103,6 +110,7 @@ struct dpe_metadata tc_dpe_metadata[] = {
 		.allow_new_context_to_derive = false,
 		.retain_parent_context = true,
 		.create_certificate = false,
+		.target_locality = LOCALITY_NONE, /* won't derive don't care */
 		.pk_oid = TOS_FW_CONFIG_KEY_OID },
 #if defined(SPD_spmd)
 	{
@@ -113,6 +121,7 @@ struct dpe_metadata tc_dpe_metadata[] = {
 		.allow_new_context_to_derive = false,
 		.retain_parent_context = true,
 		.create_certificate = true, /* With Trusty only one SP is loaded */
+		.target_locality = LOCALITY_NONE, /* won't derive don't care */
 		.pk_oid = NULL },
 	{
 		.id = SP_PKG2_ID,
@@ -122,6 +131,7 @@ struct dpe_metadata tc_dpe_metadata[] = {
 		.allow_new_context_to_derive = false,
 		.retain_parent_context = true,
 		.create_certificate = false,
+		.target_locality = LOCALITY_NONE, /* won't derive don't care */
 		.pk_oid = NULL },
 	{
 		.id = SP_PKG3_ID,
@@ -131,6 +141,7 @@ struct dpe_metadata tc_dpe_metadata[] = {
 		.allow_new_context_to_derive = false,
 		.retain_parent_context = true,
 		.create_certificate = false,
+		.target_locality = LOCALITY_NONE, /* won't derive don't care */
 		.pk_oid = NULL },
 	{
 		.id = SP_PKG4_ID,
@@ -140,6 +151,7 @@ struct dpe_metadata tc_dpe_metadata[] = {
 		.allow_new_context_to_derive = false,
 		.retain_parent_context = true,
 		.create_certificate = false,
+		.target_locality = LOCALITY_NONE, /* won't derive don't care */
 		.pk_oid = NULL },
 	{
 		.id = SP_PKG5_ID,
@@ -149,6 +161,7 @@ struct dpe_metadata tc_dpe_metadata[] = {
 		.allow_new_context_to_derive = false,
 		.retain_parent_context = true,
 		.create_certificate = false,
+		.target_locality = LOCALITY_NONE, /* won't derive don't care */
 		.pk_oid = NULL },
 	{
 		.id = SP_PKG6_ID,
@@ -158,6 +171,7 @@ struct dpe_metadata tc_dpe_metadata[] = {
 		.allow_new_context_to_derive = false,
 		.retain_parent_context = true,
 		.create_certificate = false,
+		.target_locality = LOCALITY_NONE, /* won't derive don't care */
 		.pk_oid = NULL },
 	{
 		.id = SP_PKG7_ID,
@@ -167,6 +181,7 @@ struct dpe_metadata tc_dpe_metadata[] = {
 		.allow_new_context_to_derive = false,
 		.retain_parent_context = true,
 		.create_certificate = false,
+		.target_locality = LOCALITY_NONE, /* won't derive don't care */
 		.pk_oid = NULL },
 	{
 		.id = SP_PKG8_ID,
@@ -176,6 +191,7 @@ struct dpe_metadata tc_dpe_metadata[] = {
 		.allow_new_context_to_derive = false,
 		.retain_parent_context = true,
 		.create_certificate = false,
+		.target_locality = LOCALITY_NONE, /* won't derive don't care */
 		.pk_oid = NULL },
 
 #endif
diff --git a/plat/arm/board/tc/tc_dpe.h b/plat/arm/board/tc/tc_dpe.h
index d5f4f6be7..3e1af5a81 100644
--- a/plat/arm/board/tc/tc_dpe.h
+++ b/plat/arm/board/tc/tc_dpe.h
@@ -36,4 +36,18 @@
 /* Common definition */
 #define DPE_CERT_ID_SAME_AS_PARENT	0xFFFFFFFF
 
+/*
+ * Target Locality:
+ *    The goal is to specify that a certain component is expected to run and
+ *    thereby send DPE commands from a given security domain. RSE is capable of
+ *    of distinguishing the client's locality based on the MHU channel used for
+ *    communication.
+ *    Defines here must match with RSE side:
+ */
+#define LOCALITY_NONE		-1
+/* #define LOCALITY_RSE_S	0 */  /* Not applicable on AP side */
+/* #define LOCALITY_RSE_NS	1 */  /* Not applicable on AP side */
+#define LOCALITY_AP_S		 2
+#define LOCALITY_AP_NS		 3
+
 #endif /* TC_DPE_H */