diff --git a/bin/cros_make_image_bootable b/bin/cros_make_image_bootable
index 01c41fab52..84b329fb84 100755
--- a/bin/cros_make_image_bootable
+++ b/bin/cros_make_image_bootable
@@ -19,10 +19,6 @@ fi
 set -e
 . "$(dirname "$0")/../chromeos-common.sh"  # for partoffset and partsize
 
-if [ ${#} -ne 2 ]; then
-  die "Usage: $0 /path/to/image/dir image_name"
-fi
-
 BOOT_DESC_FILE="${1}/boot.desc"
 IMAGE="${1}/${2}"
 
@@ -93,10 +89,16 @@ DEFINE_string statefulfs_mountpoint "/tmp/statefulfs" \
 DEFINE_string espfs_mountpoint "/tmp/espfs" \
   "Path where the espfs can be safely mounted"
 
+DEFINE_boolean use_dev_keys ${FLAGS_FALSE} \
+  "Use developer keys for signing. (Default: false)"
+
+# Parse command-line flags present after positional args, if any. This needs
+# to happen before we parse boot.desc (otherwise the flags would be lost)
+FLAGS "${@}" || exit 1
+
 # Parse the boot.desc
 eval set -- "${BOOT_DESC}"
 FLAGS "${@}" || exit 1
-eval set -- "${FLAGS_ARGV}"
 
 # Only now can we die on error.  shflags functions leak non-zero error codes,
 # so will die prematurely if 'set -e' is specified before now.
@@ -115,6 +117,7 @@ mount_gpt_cleanup() {
 
 make_image_bootable() {
   local image="$1"
+  local use_dev_keys=
 
   cros_root=/dev/sd%D%P
   if [[ "${FLAGS_arch}" = "arm" ]]; then
@@ -136,6 +139,10 @@ make_image_bootable() {
   root_dev=$(mount | grep -- "on ${FLAGS_rootfs_mountpoint} type" |
              cut -f1 -d' ' | tail -1)
 
+  if [ ${FLAGS_use_dev_keys} -eq ${FLAGS_TRUE} ]; then
+    use_dev_keys="--use_dev_keys"
+  fi
+
   # Builds the kernel partition image.  The temporary files are kept around
   # so that we can perform a load_kernel_test later on the final image.
   ${SCRIPTS_DIR}/build_kernel_image.sh \
@@ -152,7 +159,8 @@ make_image_bootable() {
     --verity_max_ios=${FLAGS_verity_max_ios} \
     --verity_error_behavior=${FLAGS_verity_error_behavior} \
     --root=${cros_root} \
-    --keys_dir="${FLAGS_keys_dir}"
+    --keys_dir="${FLAGS_keys_dir}" \
+    ${use_dev_keys}
 
   local rootfs_hash_size=$(stat -c '%s' ${FLAGS_rootfs_hash})
   info "Appending rootfs.hash (${rootfs_hash_size} bytes) to the root fs"
diff --git a/build_image b/build_image
index 4bb7532aa8..066f20bc76 100755
--- a/build_image
+++ b/build_image
@@ -45,6 +45,8 @@ DEFINE_string to "" \
 DEFINE_boolean factory_install ${FLAGS_FALSE} \
   "Build a smaller image to overlay the factory install shim on; this argument \
 is also required in image_to_usb."
+DEFINE_boolean dev_install ${FLAGS_FALSE} \
+  "Build a smaller image to overlay the dev recovery install shim on"
 DEFINE_string arm_extra_bootargs "" \
   "Additional command line options to pass to the ARM kernel."
 DEFINE_integer rootfs_partition_size 1024 \
@@ -100,6 +102,24 @@ bigger than partition (${FLAGS_rootfs_partition_size} MB)."
   exit 1
 fi
 
+# Verify user didn't specify incompatible flags for dev install shim
+if [ ${FLAGS_factory_install} -eq ${FLAGS_TRUE} ] &&
+   [ ${FLAGS_dev_install} -eq ${FLAGS_TRUE} ] ; then
+  error "Incompatible flags: --factory_install and --dev_install cannot be \
+both set to True. Please specify one or none."
+  exit 1
+fi
+
+# Disable --withdev flag when --dev_install is set to True. Otherwise, the
+# dev image produced will be based on dev install shim, rather than a pristine
+# image
+if [ ${FLAGS_withdev} -eq ${FLAGS_TRUE} ] &&
+   [ ${FLAGS_dev_install} -eq ${FLAGS_TRUE} ] ; then
+  info "Incompatible flags: --withdev and --dev_install cannot be both set to \
+True. Reset --withdev to False."
+  FLAGS_withdev=${FLAGS_FALSE}
+fi
+
 EMERGE_BOARD_CMD="emerge-${FLAGS_board}"
 if [ "${FLAGS_fast}" -eq "${FLAGS_TRUE}" ]; then
   echo "Using alternate emerge"
@@ -125,6 +145,11 @@ if [ "${FLAGS_withdev}" -eq "${FLAGS_TRUE}" ]; then
   DEVELOPER_IMAGE_NAME=chromiumos_image.bin
 fi
 
+# Rename pristine image for dev install shim
+if [ "${FLAGS_dev_install}" -eq "${FLAGS_TRUE}" ]; then
+  PRISTINE_IMAGE_NAME=dev_install_shim.bin
+fi
+
 PRISTINE_IMG="${OUTPUT_DIR}/${PRISTINE_IMAGE_NAME}"
 DEVELOPER_IMG="${OUTPUT_DIR}/${DEVELOPER_IMAGE_NAME}"
 
@@ -167,7 +192,8 @@ fi
 
 # Reduce the size of factory install shim.
 # TODO: Build a separated ebuild for the factory install shim to reduce size.
-if [[ ${FLAGS_factory_install} -eq ${FLAGS_TRUE} ]] ; then
+if [ ${FLAGS_factory_install} -eq ${FLAGS_TRUE} ] ||
+   [ ${FLAGS_dev_install} -eq ${FLAGS_TRUE} ] ; then
   INSTALL_MASK="${INSTALL_MASK} ${FACTORY_INSTALL_MASK}"
 fi
 
@@ -368,9 +394,10 @@ update_dev_packages() {
   fi
 
   # Check that the image has been correctly created.  Only do it if not
-  # building a factory install image, as the INSTALL_MASK for it will
-  # make test_image fail.
-  if [[ ${FLAGS_factory_install} -eq ${FLAGS_FALSE} ]] ; then
+  # building a factory install image and not a dev install shim, as the
+  # INSTALL_MASK for it will make test_image fail.
+  if [ ${FLAGS_factory_install} -eq ${FLAGS_FALSE} ] &&
+     [ ${FLAGS_dev_install} -eq ${FLAGS_FALSE} ] ; then
     "${SCRIPTS_DIR}/test_image" \
       --root="${ROOT_FS_DIR}" \
       --target="${ARCH}"
@@ -428,7 +455,9 @@ create_base_image() {
 
   # Create root file system disk image to fit on a 1GB memory stick.
   # 1 GB in hard-drive-manufacturer-speak is 10^9, not 2^30.  950MB < 10^9 bytes.
-  if [[ ${FLAGS_factory_install} -eq ${FLAGS_TRUE} ]] ; then
+  # Minimize rootfs size for dev install shim and factory installer
+  if [ ${FLAGS_factory_install} -eq ${FLAGS_TRUE} ] ||
+     [ ${FLAGS_dev_install} -eq ${FLAGS_TRUE} ] ; then
     ROOT_SIZE_BYTES=$((1024 * 1024 * 300))
   else
     ROOT_SIZE_BYTES=$((1024 * 1024 * ${FLAGS_rootfs_size}))
@@ -565,8 +594,9 @@ create_base_image() {
     --install \
     ${enable_rootfs_verification}
 
-  # Don't test the factory install shim.
-  if [[ ${FLAGS_factory_install} -eq ${FLAGS_FALSE} ]] ; then
+  # Don't test the factory install shim or the dev install shim
+  if [ ${FLAGS_factory_install} -eq ${FLAGS_FALSE} ] &&
+     [ ${FLAGS_dev_install} -eq ${FLAGS_FALSE} ]; then
     # Check that the image has been correctly created.
     "${SCRIPTS_DIR}/test_image" \
       --root="${ROOT_FS_DIR}" \
@@ -635,14 +665,28 @@ if [[ -f ${PRISTINE_IMG} ]] ; then
 else
   create_base_image ${PRISTINE_IMAGE_NAME}
 fi
+
+USE_DEV_KEYS=
+if [ "${FLAGS_dev_install}" -eq "${FLAGS_TRUE}" ]; then
+  USE_DEV_KEYS="--use_dev_keys"
+fi
+
+# Place flags before positional args
 ${SCRIPTS_DIR}/bin/cros_make_image_bootable "${OUTPUT_DIR}" \
-                                            "${PRISTINE_IMAGE_NAME}"
+                                            "${PRISTINE_IMAGE_NAME}" \
+                                            ${USE_DEV_KEYS}
 
 # FIXME: only signing things for x86 right now.
 if [[ "${ARCH}" = "x86" ]]; then
+  BOOT_FLAG=
+  if [ "${FLAGS_dev_install}" -eq "${FLAGS_TRUE}" ] ; then
+    BOOT_FLAG="-b 1"  # BOOT_FLAG_DEVELOPER value defined in load_kernel_fw.h
+    info "--dev_install set, pass BOOT_FLAG_DEVELOPER flag to load_kernel_test"
+  fi
+
   # Verify the final image.
   load_kernel_test "${OUTPUT_DIR}/${PRISTINE_IMAGE_NAME}" \
-    "${DEVKEYSDIR}/recovery_key.vbpubk"
+    "${DEVKEYSDIR}/recovery_key.vbpubk" ${BOOT_FLAG}
 fi
 
 # Create a developer image based on the chromium os base image.
diff --git a/build_kernel_image.sh b/build_kernel_image.sh
index 03b9558820..bb0253af08 100755
--- a/build_kernel_image.sh
+++ b/build_kernel_image.sh
@@ -25,6 +25,8 @@ DEFINE_boolean keep_work ${FLAGS_FALSE} \
   "Keep temporary files (*.keyblock, *.vbpubk). (Default: false)"
 DEFINE_string keys_dir "${SRC_ROOT}/platform/vboot_reference/tests/testkeys" \
   "Directory with the RSA signing keys. (Defaults to test keys)"
+DEFINE_boolean use_dev_keys ${FLAGS_FALSE} \
+  "Use developer keys for signing. (Default: false)"
 # Note, to enable verified boot, the caller would manually pass:
 # --boot_args='dm="... /dev/sd%D%P /dev/sd%D%P ..." \
 # --root=/dev/dm-0
@@ -134,11 +136,20 @@ EOF
 
   # We sign the image with the recovery_key, because this is what goes onto the
   # USB key. We can only boot from the USB drive in recovery mode.
+  # For dev install shim, we need to use the installer keyblock instead of
+  # the recovery keyblock because of the difference in flags.
+  if [ ${FLAGS_use_dev_keys} -eq ${FLAGS_TRUE} ]; then
+    USB_KEYBLOCK=installer_kernel.keyblock
+    info "DEBUG: use dev install signing key"
+  else
+    USB_KEYBLOCK=recovery_kernel.keyblock
+    info "DEBUG: use recovery signing key"
+  fi
 
   # Create and sign the kernel blob
   vbutil_kernel \
     --pack "${FLAGS_to}" \
-    --keyblock "${FLAGS_keys_dir}/recovery_kernel.keyblock" \
+    --keyblock "${FLAGS_keys_dir}/${USB_KEYBLOCK}" \
     --signprivate "${FLAGS_keys_dir}/recovery_kernel_data_key.vbprivk" \
     --version 1 \
     --config "${FLAGS_working_dir}/config.txt" \