diff --git a/cmd/Kconfig b/cmd/Kconfig
index 400133f8de..960080d6d4 100644
--- a/cmd/Kconfig
+++ b/cmd/Kconfig
@@ -2022,6 +2022,14 @@ config HASH_VERIFY
 	help
 	  Add -v option to verify data against a hash.
 
+config CMD_SCP03
+	bool "scp03 - SCP03 enable and rotate/provision operations"
+	depends on SCP03
+	help
+	  This command provides access to a Trusted Application
+	  running in a TEE to request Secure Channel Protocol 03
+	  (SCP03) enablement and/or rotation of its SCP03 keys.
+
 config CMD_TPM_V1
 	bool
 
diff --git a/cmd/Makefile b/cmd/Makefile
index 176bf925fd..a7017e8452 100644
--- a/cmd/Makefile
+++ b/cmd/Makefile
@@ -193,6 +193,9 @@ obj-$(CONFIG_CMD_BLOB) += blob.o
 # Android Verified Boot 2.0
 obj-$(CONFIG_CMD_AVB) += avb.o
 
+# Foundries.IO SCP03
+obj-$(CONFIG_CMD_SCP03) += scp03.o
+
 obj-$(CONFIG_ARM) += arm/
 obj-$(CONFIG_RISCV) += riscv/
 obj-$(CONFIG_SANDBOX) += sandbox/
diff --git a/cmd/scp03.c b/cmd/scp03.c
new file mode 100644
index 0000000000..655e0bba08
--- /dev/null
+++ b/cmd/scp03.c
@@ -0,0 +1,52 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * (C) Copyright 2021, Foundries.IO
+ *
+ */
+
+#include <common.h>
+#include <command.h>
+#include <env.h>
+#include <scp03.h>
+
+int do_scp03_enable(struct cmd_tbl *cmdtp, int flag, int argc,
+		    char *const argv[])
+{
+	if (argc != 1)
+		return CMD_RET_USAGE;
+
+	if (tee_enable_scp03()) {
+		printf("TEE failed to enable SCP03\n");
+		return CMD_RET_FAILURE;
+	}
+
+	printf("SCP03 is enabled\n");
+
+	return CMD_RET_SUCCESS;
+}
+
+int do_scp03_provision(struct cmd_tbl *cmdtp, int flag, int argc,
+		       char *const argv[])
+{
+	if (argc != 1)
+		return CMD_RET_USAGE;
+
+	if (tee_provision_scp03()) {
+		printf("TEE failed to provision SCP03 keys\n");
+		return CMD_RET_FAILURE;
+	}
+
+	printf("SCP03 is provisioned\n");
+
+	return CMD_RET_SUCCESS;
+}
+
+static char text[] =
+	"provides a command to enable SCP03 and provision the SCP03 keys\n"
+	" enable    - enable SCP03 on the TEE\n"
+	" provision - provision SCP03 on the TEE\n";
+
+U_BOOT_CMD_WITH_SUBCMDS(scp03, "Secure Channel Protocol 03 control", text,
+	U_BOOT_SUBCMD_MKENT(enable, 1, 1, do_scp03_enable),
+	U_BOOT_SUBCMD_MKENT(provision, 1, 1, do_scp03_provision));
+