diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index 8491a72dd1..0da0599738 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -8,6 +8,14 @@
 #define __FSL_SECURE_BOOT_H
 
 #ifdef CONFIG_SECURE_BOOT
+
+#ifndef CONFIG_FIT_SIGNATURE
+#define CONFIG_CHAIN_OF_TRUST
+#endif
+
+#endif
+
+#ifdef CONFIG_CHAIN_OF_TRUST
 #define CONFIG_CMD_ESBC_VALIDATE
 #define CONFIG_CMD_BLOB
 #define CONFIG_FSL_SEC_MON
@@ -40,8 +48,6 @@
 #define CONFIG_ESBC_ADDR_64BIT
 #endif
 
-#ifndef CONFIG_FIT_SIGNATURE
-
 #define CONFIG_EXTRA_ENV \
 	"setenv fdt_high 0xcfffffff;"	\
 	"setenv initrd_high 0xcfffffff;"	\
@@ -50,8 +56,6 @@
 /* The address needs to be modified according to NOR memory map */
 #define CONFIG_BOOTSCRIPT_HDR_ADDR	0x600a0000
 
-#include <config_fsl_secboot.h>
-#endif
-#endif
-
+#include <config_fsl_chain_trust.h>
+#endif /* #ifdef CONFIG_CHAIN_OF_TRUST */
 #endif
diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h
index 7d217a63fd..41058d11ad 100644
--- a/arch/powerpc/include/asm/fsl_secure_boot.h
+++ b/arch/powerpc/include/asm/fsl_secure_boot.h
@@ -9,19 +9,11 @@
 #include <asm/config_mpc85xx.h>
 
 #ifdef CONFIG_SECURE_BOOT
-#define CONFIG_CMD_ESBC_VALIDATE
-#define CONFIG_CMD_BLOB
-#define CONFIG_FSL_SEC_MON
-#define CONFIG_SHA_PROG_HW_ACCEL
-#define CONFIG_DM
-#define CONFIG_RSA
-#define CONFIG_RSA_FREESCALE_EXP
-#ifndef CONFIG_FSL_CAAM
-#define CONFIG_FSL_CAAM
-#endif
+
+#ifndef CONFIG_FIT_SIGNATURE
+#define CONFIG_CHAIN_OF_TRUST
 #endif
 
-#ifdef CONFIG_SECURE_BOOT
 #if defined(CONFIG_FSL_CORENET)
 #define CONFIG_SYS_PBI_FLASH_BASE		0xc0000000
 #elif defined(CONFIG_BSC9132QDS)
@@ -76,8 +68,25 @@
  */
 #define CONFIG_FSL_ISBC_KEY_EXT
 #endif
+#endif /* #ifdef CONFIG_SECURE_BOOT */
+
+#ifdef CONFIG_CHAIN_OF_TRUST
+
+#define CONFIG_CMD_ESBC_VALIDATE
+#define CONFIG_CMD_BLOB
+#define CONFIG_FSL_SEC_MON
+#define CONFIG_SHA_PROG_HW_ACCEL
+#define CONFIG_RSA
+#define CONFIG_RSA_FREESCALE_EXP
+
+#ifndef CONFIG_DM
+#define CONFIG_DM
+#endif
+
+#ifndef CONFIG_FSL_CAAM
+#define CONFIG_FSL_CAAM
+#endif
 
-#ifndef CONFIG_FIT_SIGNATURE
 /* If Boot Script is not on NOR and is required to be copied on RAM */
 #ifdef CONFIG_BOOTSCRIPT_COPY_RAM
 #define CONFIG_BS_HDR_ADDR_RAM		0x00010000
@@ -105,10 +114,8 @@
 #define CONFIG_BOOTSCRIPT_HDR_ADDR	0xee020000
 #endif
 
-#endif
+#endif /* #ifdef CONFIG_BOOTSCRIPT_COPY_RAM */
 
-#include <config_fsl_secboot.h>
-#endif
-
-#endif
+#include <config_fsl_chain_trust.h>
+#endif /* #ifdef CONFIG_CHAIN_OF_TRUST */
 #endif
diff --git a/include/config_fsl_secboot.h b/include/config_fsl_chain_trust.h
similarity index 76%
rename from include/config_fsl_secboot.h
rename to include/config_fsl_chain_trust.h
index fc6788a7a6..45dda56bc3 100644
--- a/include/config_fsl_secboot.h
+++ b/include/config_fsl_chain_trust.h
@@ -4,15 +4,27 @@
  * SPDX-License-Identifier:	GPL-2.0+
  */
 
-#ifndef __CONFIG_FSL_SECBOOT_H
-#define __CONFIG_FSL_SECBOOT_H
+#ifndef __CONFIG_FSL_CHAIN_TRUST_H
+#define __CONFIG_FSL_CHAIN_TRUST_H
 
+/* For secure boot, since ENVIRONMENT in flash/external memories is
+ * not verified, undef CONFIG_ENV_xxx and set default env
+ * (CONFIG_ENV_IS_NOWHERE)
+ */
 #ifdef CONFIG_SECURE_BOOT
 
-#ifndef CONFIG_CMD_ESBC_VALIDATE
-#define CONFIG_CMD_ESBC_VALIDATE
+#undef CONFIG_ENV_IS_IN_EEPROM
+#undef CONFIG_ENV_IS_IN_NAND
+#undef CONFIG_ENV_IS_IN_MMC
+#undef CONFIG_ENV_IS_IN_SPI_FLASH
+#undef CONFIG_ENV_IS_IN_FLASH
+
+#define CONFIG_ENV_IS_NOWHERE
+
 #endif
 
+#ifdef CONFIG_CHAIN_OF_TRUST
+
 #ifndef CONFIG_EXTRA_ENV
 #define CONFIG_EXTRA_ENV	""
 #endif
@@ -71,18 +83,7 @@
 #endif /* CONFIG_RAMBOOT_NAND */
 #endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
 
-#if defined(CONFIG_RAMBOOT_SPIFLASH)
-#undef CONFIG_ENV_IS_IN_SPI_FLASH
-#elif defined(CONFIG_RAMBOOT_NAND)
-#undef CONFIG_ENV_IS_IN_NAND
-#elif defined(CONFIG_RAMBOOT_SDCARD)
-#undef CONFIG_ENV_IS_IN_MMC
 #endif
-#else /*CONFIG_SYS_RAMBOOT*/
-#undef CONFIG_ENV_IS_IN_FLASH
-#endif
-
-#define CONFIG_ENV_IS_NOWHERE
 
 #ifndef CONFIG_BS_COPY_ENV
 #define CONFIG_BS_COPY_ENV
@@ -92,25 +93,9 @@
 #define CONFIG_BS_COPY_CMD
 #endif
 
-#define CONFIG_SECBOOT_CMD	CONFIG_BS_COPY_ENV \
+#define CONFIG_CHAIN_BOOT_CMD	CONFIG_BS_COPY_ENV \
 				CONFIG_BS_COPY_CMD \
 				CONFIG_SECBOOT
-/*
- * We don't want boot delay for secure boot flow
- * before autoboot starts
- */
-#undef CONFIG_BOOTDELAY
-#define CONFIG_BOOTDELAY	0
-#undef CONFIG_BOOTCOMMAND
-#define CONFIG_BOOTCOMMAND		CONFIG_SECBOOT_CMD
-
-/*
- * CONFIG_ZERO_BOOTDELAY_CHECK should not be defined for
- * secure boot flow as defining this would enable a user to
- * reach uboot prompt by pressing some key before start of
- * autoboot
- */
-#undef CONFIG_ZERO_BOOTDELAY_CHECK
 
 #endif
 #endif