diff --git a/core/Makefile b/core/Makefile
index c6c9ebf60b..d180ef5f80 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -2013,6 +2013,14 @@ $(INSTALLED_VBMETAIMAGE_TARGET): $(AVBTOOL) $(INSTALLED_BOOTIMAGE_TARGET) $(INST
 vbmetaimage-nodeps:
 	$(build-vbmetaimage-target)
 
+else ifeq (true,$(BOARD_BUILD_DISABLED_VBMETAIMAGE))
+BUILT_DISABLED_VBMETAIMAGE := $(PRODUCT_OUT)/vbmeta.img
+
+INSTALLED_VBMETAIMAGE_TARGET := $(BUILT_DISABLED_VBMETAIMAGE)
+$(INSTALLED_VBMETAIMAGE_TARGET): $(AVBTOOL)
+	$(hide) $(AVBTOOL) make_vbmeta_image \
+	  --flag 2 --padding_size 4096 --output $@
+
 endif # BOARD_AVB_ENABLE
 
 # -----------------------------------------------------------------
diff --git a/target/product/treble_common.mk b/target/product/treble_common.mk
index f31e9acd3e..a16829b4a7 100644
--- a/target/product/treble_common.mk
+++ b/target/product/treble_common.mk
@@ -216,3 +216,13 @@ PRODUCT_PACKAGES += \
 #   Android O.
 PRODUCT_PACKAGES += \
     netutils-wrapper-1.0
+
+# Android Verified Boot (AVB):
+#   Builds a special vbmeta.img that disables AVB verification.
+#   Otherwise, AVB will prevent the device from booting the generic system.img.
+#   Also checks that BOARD_AVB_ENABLE is not set, to prevent adding verity
+#   metadata into system.img.
+ifeq ($(BOARD_AVB_ENABLE),true)
+$(error BOARD_AVB_ENABLE cannot be set for Treble GSI)
+endif
+BOARD_BUILD_DISABLED_VBMETAIMAGE := true