diff --git a/include/common/tbbr/cot_def.h b/include/common/tbbr/cot_def.h
index 1d28772c9..bf23917bb 100644
--- a/include/common/tbbr/cot_def.h
+++ b/include/common/tbbr/cot_def.h
@@ -32,7 +32,12 @@
  * buffers must be big enough to hold either. As RSA keys are bigger than ECDSA
  * ones for all key sizes we support, they impose the minimum size of these
  * buffers.
+ *
+ * If the platform employs its own mbedTLS configuration, it is the platform's
+ * responsibility to define TF_MBEDTLS_USE_RSA or TF_MBEDTLS_USE_ECDSA to
+ * establish the appropriate PK_DER_LEN size.
  */
+#ifdef MBEDTLS_CONFIG_FILE
 #if TF_MBEDTLS_USE_RSA
 #if TF_MBEDTLS_KEY_SIZE == 1024
 #define PK_DER_LEN                      162
@@ -45,7 +50,7 @@
 #else
 #error "Invalid value for TF_MBEDTLS_KEY_SIZE"
 #endif
-#else /* Only using ECDSA keys. */
+#elif TF_MBEDTLS_USE_ECDSA
 #if TF_MBEDTLS_KEY_SIZE == 384
 #define PK_DER_LEN                      120
 #elif TF_MBEDTLS_KEY_SIZE == 256
@@ -53,7 +58,9 @@
 #else
 #error "Invalid value for TF_MBEDTLS_KEY_SIZE"
 #endif
-#endif
+#else
+#error "Invalid value of algorithm"
+#endif /* TF_MBEDTLS_USE_RSA */
 
 #if TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA256
 #define HASH_DER_LEN                    51
@@ -64,5 +71,6 @@
 #else
 #error "Invalid value for TF_MBEDTLS_HASH_ALG_ID"
 #endif
+#endif /* MBEDTLS_CONFIG_FILE */
 
 #endif /* COT_DEF_H */