diff --git a/core/Makefile b/core/Makefile
index 4959e0e5f..c91355329 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -997,6 +997,7 @@ $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verit
 $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_key=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VERITY_SIGNING_KEY)" >> $(1))
 $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_signer_cmd=$(notdir $(VERITY_SIGNER))" >> $(1))
 $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY_FEC),$(hide) echo "verity_fec=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY_FEC)" >> $(1))
+$(if $(filter eng, $(TARGET_BUILD_VARIANT)),$(hide) echo "verity_disable=true" >> $(1))
 $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SYSTEM_VERITY_PARTITION),$(hide) echo "system_verity_block_device=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SYSTEM_VERITY_PARTITION)" >> $(1))
 $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VENDOR_VERITY_PARTITION),$(hide) echo "vendor_verity_block_device=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VENDOR_VERITY_PARTITION)" >> $(1))
 $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VBOOT),$(hide) echo "vboot=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VBOOT)" >> $(1))
diff --git a/core/tasks/tools/build_custom_image.mk b/core/tasks/tools/build_custom_image.mk
index 370934b79..7c38546b6 100644
--- a/core/tasks/tools/build_custom_image.mk
+++ b/core/tasks/tools/build_custom_image.mk
@@ -135,6 +135,7 @@ $(my_built_custom_image): $(INTERNAL_USERIMAGES_DEPS) $(my_built_modules) $(my_i
 	    echo "verity_block_device=$(PRIVATE_VERITY_BLOCK_DEVICE)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt)
 	$(if $(PRIVATE_SUPPORT_VERITY_FEC),\
 	  $(hide) echo "verity_fec=$(PRIVATE_SUPPORT_VERITY_FEC)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt)
+	$(if $(filter eng, $(TARGET_BUILD_VARIANT)),$(hide) echo "verity_disable=true" >> $(PRIVATE_INTERMEDIATES)/image_info.txt)
 	$(hide) echo "avb_avbtool=$(PRIVATE_AVB_AVBTOOL)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt
 	$(if $(PRIVATE_AVB_KEY_PATH),\
 	  $(hide) echo "avb_key_path=$(PRIVATE_AVB_KEY_PATH)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt;\
diff --git a/target/product/verity.mk b/target/product/verity.mk
index 0badb9feb..d9541597f 100644
--- a/target/product/verity.mk
+++ b/target/product/verity.mk
@@ -14,20 +14,16 @@
 # limitations under the License.
 #
 
-# Provides dependencies necessary for verified boot (only for user and
-# userdebug builds)
+# Provides dependencies necessary for verified boot.
 
-user_variant := $(filter user userdebug,$(TARGET_BUILD_VARIANT))
-ifneq (,$(user_variant))
-    PRODUCT_SUPPORTS_BOOT_SIGNER := true
-    PRODUCT_SUPPORTS_VERITY := true
-    PRODUCT_SUPPORTS_VERITY_FEC := true
+PRODUCT_SUPPORTS_BOOT_SIGNER := true
+PRODUCT_SUPPORTS_VERITY := true
+PRODUCT_SUPPORTS_VERITY_FEC := true
 
-    # The dev key is used to sign boot and recovery images, and the verity
-    # metadata table. Actual product deliverables will be re-signed by hand.
-    # We expect this file to exist with the suffixes ".x509.pem" and ".pk8".
-    PRODUCT_VERITY_SIGNING_KEY := build/target/product/security/verity
+# The dev key is used to sign boot and recovery images, and the verity
+# metadata table. Actual product deliverables will be re-signed by hand.
+# We expect this file to exist with the suffixes ".x509.pem" and ".pk8".
+PRODUCT_VERITY_SIGNING_KEY := build/target/product/security/verity
 
-    PRODUCT_PACKAGES += \
-            verity_key
-endif
+PRODUCT_PACKAGES += \
+        verity_key
diff --git a/tools/releasetools/build_image.py b/tools/releasetools/build_image.py
index 94626d793..816cf4ef2 100755
--- a/tools/releasetools/build_image.py
+++ b/tools/releasetools/build_image.py
@@ -225,12 +225,15 @@ def BuildVerityTree(sparse_image_path, verity_image_path, prop_dict):
   return True
 
 def BuildVerityMetadata(image_size, verity_metadata_path, root_hash, salt,
-                        block_device, signer_path, key, signer_args):
+                        block_device, signer_path, key, signer_args,
+                        verity_disable):
   cmd = ["system/extras/verity/build_verity_metadata.py", "build",
          str(image_size), verity_metadata_path, root_hash, salt, block_device,
          signer_path, key]
   if signer_args:
     cmd.append("--signer_args=\"%s\"" % (' '.join(signer_args),))
+  if verity_disable:
+    cmd.append("--verity_disable")
   output, exit_code = RunCommand(cmd)
   if exit_code != 0:
     print "Could not build verity metadata! Error: %s" % output
@@ -334,8 +337,10 @@ def MakeVerityEnabledImage(out_file, fec_supported, prop_dict):
   # build the metadata blocks
   root_hash = prop_dict["verity_root_hash"]
   salt = prop_dict["verity_salt"]
+  verity_disable = "verity_disable" in prop_dict
   if not BuildVerityMetadata(image_size, verity_metadata_path, root_hash, salt,
-                             block_dev, signer_path, signer_key, signer_args):
+                             block_dev, signer_path, signer_key, signer_args,
+                             verity_disable):
     shutil.rmtree(tempdir_name, ignore_errors=True)
     return False
 
@@ -644,6 +649,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point):
       "verity_key",
       "verity_signer_cmd",
       "verity_fec",
+      "verity_disable",
       "avb_enable",
       "avb_avbtool",
       "avb_salt",