diff --git a/build_image b/build_image
index a1356b03f0..a9e6bcdaf8 100755
--- a/build_image
+++ b/build_image
@@ -41,10 +41,10 @@ DEFINE_string disk_layout "" \
   "The disk layout type to use for this image."
 DEFINE_string group "${DEFAULT_GROUP}" \
   "The update group."
-DEFINE_boolean generate_update "${FLAGS_FALSE}" \
-  "Generate update payload. (prod only)"
 DEFINE_boolean extract_update "${FLAGS_TRUE}" \
-  "Extract the /usr partition for generating updates."
+  "Extract the /usr partition for generating updates. Only valid for the prod image."
+DEFINE_boolean generate_update "${FLAGS_TRUE}" \
+  "Generate update payload for testing. The update is signed with a dev key. The kernel is signed with a dev key (unofficial builds) or not at all (official builds). Only valid for the prod image. Implies --extract_update."
 DEFINE_string developer_data "" \
   "Insert a custom cloudinit file into the image."
 DEFINE_string devcontainer_binhost "${DEFAULT_DEVCONTAINER_BINHOST}" \
@@ -139,6 +139,11 @@ fi
 # Create the output directory and temporary mount points.
 mkdir -p "${BUILD_DIR}"
 
+# --generate_update implies --extract_update.
+if [[ ${FLAGS_generate_update} -eq ${FLAGS_TRUE} ]]; then
+  FLAGS_extract_update=${FLAGS_TRUE}
+fi
+
 DISK_LAYOUT="${FLAGS_disk_layout:-base}"
 CONTAINER_LAYOUT="${FLAGS_disk_layout:-container}"
 
@@ -169,11 +174,12 @@ fi
 if [[ "${PROD_IMAGE}" -eq 1 ]]; then
   IMAGE_BUILD_TYPE="prod"
   create_prod_image ${FLATCAR_PRODUCTION_IMAGE_NAME} ${DISK_LAYOUT} ${FLAGS_group} ${FLAGS_base_pkg} ${FLAGS_base_sysexts}
-  if [[ ${FLAGS_generate_update} -eq ${FLAGS_TRUE} ]]; then
-    generate_update "${FLATCAR_PRODUCTION_IMAGE_NAME}" ${DISK_LAYOUT}
-  elif [[ ${FLAGS_extract_update} -eq ${FLAGS_TRUE} ]]; then
+  if [[ ${FLAGS_extract_update} -eq ${FLAGS_TRUE} ]]; then
     extract_update "${FLATCAR_PRODUCTION_IMAGE_NAME}" "${DISK_LAYOUT}"
   fi
+  if [[ ${FLAGS_generate_update} -eq ${FLAGS_TRUE} ]]; then
+    generate_update "${FLATCAR_PRODUCTION_IMAGE_NAME}" "${DISK_LAYOUT}"
+  fi
   if [[ "${PROD_TAR}" -eq 1 ]]; then
     create_prod_tar ${FLATCAR_PRODUCTION_IMAGE_NAME}
   fi
@@ -182,9 +188,7 @@ if [[ "${SYSEXT}" -eq 1 ]]; then
   create_prod_sysexts "${FLATCAR_PRODUCTION_IMAGE_NAME}"
 fi
 
-if [[ ${FLAGS_generate_update} -eq ${FLAGS_TRUE} ]] || \
-   [[ ${FLAGS_extract_update} -eq ${FLAGS_TRUE} ]]
-then
+if [[ ${FLAGS_extract_update} -eq ${FLAGS_TRUE} ]]; then
   zip_update_tools
 fi
 
diff --git a/build_library/build_image_util.sh b/build_library/build_image_util.sh
index a29470dc82..87f74bc7b4 100755
--- a/build_library/build_image_util.sh
+++ b/build_library/build_image_util.sh
@@ -61,23 +61,32 @@ delete_prompt() {
 extract_update() {
   local image_name="$1"
   local disk_layout="$2"
-  local update_path="${BUILD_DIR}/${image_name%_image.bin}_update.bin"
+  local update="${BUILD_DIR}/${image_name%_image.bin}_update.bin"
 
   "${BUILD_LIBRARY_DIR}/disk_util" --disk_layout="${disk_layout}" \
-    extract "${BUILD_DIR}/${image_name}" "USR-A" "${update_path}"
+    extract "${BUILD_DIR}/${image_name}" "USR-A" "${update}"
 
   # Compress image
-  files_to_evaluate+=( "${update_path}" )
+  files_to_evaluate+=( "${update}" )
   compress_disk_images files_to_evaluate
+}
 
-  # For production as well as dev builds we generate a dev-key-signed update
-  # payload for running tests (the signature won't be accepted by production systems).
-  local update_test="${BUILD_DIR}/flatcar_test_update.gz"
+generate_update() {
+  local image_name="$1"
+  local disk_layout="$2"
+  local image_kernel="${BUILD_DIR}/${image_name%.bin}.vmlinuz"
+  local update="${BUILD_DIR}/${image_name%_image.bin}_update.bin"
+  local devkey="/usr/share/update_engine/update-payload-key.key.pem"
+
+  # Extract the partition if it isn't extracted already.
+  [[ -s ${update} ]] || extract_update "${image_name}" "${disk_layout}"
+
+  echo "Generating update payload, signed with a dev key"
   delta_generator \
-      -private_key "/usr/share/update_engine/update-payload-key.key.pem" \
-      -new_image "${update_path}" \
-      -new_kernel "${BUILD_DIR}/${image_name%.bin}.vmlinuz" \
-      -out_file "${update_test}"
+      -private_key "${devkey}" \
+      -new_image "${update}" \
+      -new_kernel "${image_kernel}" \
+      -out_file "${BUILD_DIR}/flatcar_test_update.gz"
 }
 
 zip_update_tools() {
@@ -86,34 +95,11 @@ zip_update_tools() {
 
   info "Generating update tools zip"
   # Make sure some vars this script needs are exported
-  export REPO_MANIFESTS_DIR SCRIPTS_DIR
+  local -x REPO_MANIFESTS_DIR SCRIPTS_DIR
   "${BUILD_LIBRARY_DIR}/generate_au_zip.py" \
     --arch "$(get_sdk_arch)" --output-dir "${BUILD_DIR}" --zip-name "${update_zip}"
 }
 
-generate_update() {
-  local image_name="$1"
-  local disk_layout="$2"
-  local image_kernel="${BUILD_DIR}/${image_name%.bin}.vmlinuz"
-  local update_prefix="${image_name%_image.bin}_update"
-  local update="${BUILD_DIR}/${update_prefix}"
-  local devkey="/usr/share/update_engine/update-payload-key.key.pem"
-
-  echo "Generating update payload, signed with a dev key"
-  "${BUILD_LIBRARY_DIR}/disk_util" --disk_layout="${disk_layout}" \
-    extract "${BUILD_DIR}/${image_name}" "USR-A" "${update}.bin"
-  delta_generator \
-      -private_key "${devkey}" \
-      -new_image "${update}.bin" \
-      -new_kernel "${image_kernel}" \
-      -out_file "${update}.gz"
-
-  # Compress image
-  declare -a files_to_evaluate
-  files_to_evaluate+=( "${update}.bin" )
-  compress_disk_images files_to_evaluate
-}
-
 # ldconfig cannot generate caches for non-native arches.
 # Use qemu & the native ldconfig to work around that.
 # http://code.google.com/p/chromium/issues/detail?id=378377