diff --git a/Makefile.inc b/Makefile.inc
index 9d220b1c13..f98a61b25e 100644
--- a/Makefile.inc
+++ b/Makefile.inc
@@ -60,7 +60,7 @@ subdirs-y += site-local
 
 #######################################################################
 # Add source classes and their build options
-classes-y := ramstage romstage bootblock smm smmstub cpu_microcode rmodules
+classes-y := ramstage romstage bootblock smm smmstub cpu_microcode rmodules verstage
 
 #######################################################################
 # Helper functions for ramstage postprocess
@@ -101,6 +101,8 @@ ramstage-postprocess=$(foreach d,$(sort $(dir $(1))), \
 	$(eval $(d)ramstage.o: $(call files-in-dir,$(d),$(1)); $$(LINK) -o $$@ -r $$^ ) \
 	$(eval ramstage-objs:=$(d)ramstage.o $(filter-out $(call files-in-dir,$(d),$(1)),$(ramstage-objs))))
 
+verstage-c-ccopts:=-D__PRE_RAM__ -D__VER_STAGE__
+verstage-S-ccopts:=-D__PRE_RAM__ -D__VER_STAGE__
 romstage-c-ccopts:=-D__PRE_RAM__
 romstage-S-ccopts:=-D__PRE_RAM__
 ifeq ($(CONFIG_TRACE),y)
@@ -131,6 +133,7 @@ endif
 
 ramstage-c-deps:=$$(OPTION_TABLE_H)
 romstage-c-deps:=$$(OPTION_TABLE_H)
+verstage-c-deps:=$$(OPTION_TABLE_H)
 bootblock-c-deps:=$$(OPTION_TABLE_H)
 
 #######################################################################
@@ -309,6 +312,10 @@ $(obj)/%.romstage.o $(abspath $(obj))/%.romstage.o: $(obj)/%.c $(obj)/config.h $
 	@printf "    CC         $(subst $(obj)/,,$(@))\n"
 	$(CC_romstage) -MMD $(CFLAGS_romstage) $(romstage-c-ccopts) -c -o $@ $<
 
+$(obj)/%.verstage.o $(abspath $(obj))/%.verstage.o: $(obj)/%.c $(obj)/config.h $(OPTION_TABLE_H)
+	@printf "    CC         $(subst $(obj)/,,$(@))\n"
+	$(CC_verstage) -MMD $(CFLAGS_verstage) $(verstage-c-ccopts) -c -o $@ $<
+
 $(obj)/%.bootblock.o $(abspath $(obj))/%.bootblock.o: $(obj)/%.c $(obj)/config.h $(OPTION_TABLE_H)
 	@printf "    CC         $(subst $(obj)/,,$(@))\n"
 	$(CC_bootblock) -MMD $(CFLAGS_bootblock) $(bootblock-c-ccopts) -c -o $@ $<
diff --git a/src/arch/arm/Kconfig b/src/arch/arm/Kconfig
index da2a9f5167..bab486cbea 100644
--- a/src/arch/arm/Kconfig
+++ b/src/arch/arm/Kconfig
@@ -5,6 +5,10 @@ config ARCH_BOOTBLOCK_ARM
 	default n
 	select ARCH_ARM
 
+config ARCH_VERSTAGE_ARM
+  bool
+  default n
+
 config ARCH_ROMSTAGE_ARM
 	bool
 	default n
diff --git a/src/arch/arm/Makefile.inc b/src/arch/arm/Makefile.inc
index 9f2f591df3..dd4b203e09 100644
--- a/src/arch/arm/Makefile.inc
+++ b/src/arch/arm/Makefile.inc
@@ -55,12 +55,14 @@ bootblock-y += memset.S
 bootblock-y += memcpy.S
 bootblock-y += memmove.S
 
-$(objcbfs)/bootblock.debug: $(src)/arch/arm/bootblock.ld $(obj)/ldoptions $$(bootblock-objs) $(obj)/config.h
+$(objcbfs)/bootblock.debug: $(src)/arch/arm/bootblock.ld $(obj)/ldoptions $$(bootblock-objs) $$(VERSTAGE_LIB) $(obj)/config.h
 	@printf "    LINK       $(subst $(obj)/,,$(@))\n"
 ifeq ($(CONFIG_COMPILER_LLVM_CLANG),y)
 	$(LD_bootblock) -nostdlib -m armelf_linux_eabi --gc-sections -static -o $@ -L$(obj) $< -T $(src)/arch/arm/bootblock.ld
 else
-	$(CC_bootblock) $(CFLAGS_bootblock) -nostdlib -Wl,--gc-sections -static -o $@ -L$(obj) -T $(src)/arch/arm/bootblock.ld -Wl,--start-group $(bootblock-objs) -Wl,--end-group
+	# This is based on the assumption that bootblock and verstage are compatible
+	# from the linker's perspective.
+	$(CC_bootblock) $(CFLAGS_bootblock) -nostdlib -Wl,--gc-sections -static -o $@ -L$(obj) -T $(src)/arch/arm/bootblock.ld -Wl,--start-group $(bootblock-objs) $(VERSTAGE_LIB) -Wl,--end-group
 endif
 
 endif
diff --git a/src/arch/arm/armv7/Kconfig b/src/arch/arm/armv7/Kconfig
index 4f4d28d609..180ea4db39 100644
--- a/src/arch/arm/armv7/Kconfig
+++ b/src/arch/arm/armv7/Kconfig
@@ -1,6 +1,9 @@
 config ARCH_BOOTBLOCK_ARM_V7
 	def_bool n
 	select ARCH_BOOTBLOCK_ARM
+config ARCH_VERSTAGE_ARM_V7
+	def_bool n
+	select ARCH_VERSTAGE_ARM
 config ARCH_ROMSTAGE_ARM_V7
 	def_bool n
 	select ARCH_ROMSTAGE_ARM
diff --git a/src/soc/nvidia/tegra124/Kconfig b/src/soc/nvidia/tegra124/Kconfig
index 67fc498150..7fc04757e5 100644
--- a/src/soc/nvidia/tegra124/Kconfig
+++ b/src/soc/nvidia/tegra124/Kconfig
@@ -8,6 +8,7 @@ config SOC_NVIDIA_TEGRA124
 	select DYNAMIC_CBMEM
 	select ARM_BOOTBLOCK_CUSTOM
 	select ARCH_BOOTBLOCK_ARM_V4
+	select ARCH_VERSTAGE_ARM_V7
 	select ARCH_ROMSTAGE_ARM_V7
 	select ARCH_RAMSTAGE_ARM_V7
 	select ARM_LPAE
diff --git a/src/soc/nvidia/tegra124/Makefile.inc b/src/soc/nvidia/tegra124/Makefile.inc
index 99c29010d1..80f7894500 100644
--- a/src/soc/nvidia/tegra124/Makefile.inc
+++ b/src/soc/nvidia/tegra124/Makefile.inc
@@ -22,6 +22,8 @@ ifeq ($(CONFIG_BOOTBLOCK_CONSOLE),y)
 bootblock-$(CONFIG_CONSOLE_SERIAL_UART) += uart.c
 endif
 
+verstage-y += verstage.c
+
 romstage-y += cbfs.c
 romstage-y += cbmem.c
 romstage-y += clock.c
diff --git a/src/soc/nvidia/tegra124/bootblock.c b/src/soc/nvidia/tegra124/bootblock.c
index b33eef11ce..4b58d5032e 100644
--- a/src/soc/nvidia/tegra124/bootblock.c
+++ b/src/soc/nvidia/tegra124/bootblock.c
@@ -24,10 +24,13 @@
 #include <console/console.h>
 #include <soc/clock.h>
 #include <soc/nvidia/tegra/apbmisc.h>
-
 #include "pinmux.h"
 #include "power.h"
 
+#if CONFIG_VBOOT2_VERIFY_FIRMWARE
+#include "verstage.h"
+#endif
+
 void main(void)
 {
 	void *entry;
@@ -73,7 +76,11 @@ void main(void)
 	power_enable_cpu_rail();
 	power_ungate_cpu();
 
+#if CONFIG_VBOOT2_VERIFY_FIRMWARE
+	entry = (void *)verstage_vboot_main;
+#else
 	entry = cbfs_load_stage(CBFS_DEFAULT_MEDIA, "fallback/romstage");
+#endif
 
 	if (entry)
 		clock_cpu0_config_and_reset(entry);
diff --git a/src/soc/nvidia/tegra124/verstage.c b/src/soc/nvidia/tegra124/verstage.c
new file mode 100644
index 0000000000..234a89d0b2
--- /dev/null
+++ b/src/soc/nvidia/tegra124/verstage.c
@@ -0,0 +1,9 @@
+#include "verstage.h"
+
+/**
+ * Stage entry point
+ */
+void vboot_main(void)
+{
+	for(;;);
+}
diff --git a/src/soc/nvidia/tegra124/verstage.h b/src/soc/nvidia/tegra124/verstage.h
new file mode 100644
index 0000000000..a0bac347c6
--- /dev/null
+++ b/src/soc/nvidia/tegra124/verstage.h
@@ -0,0 +1,2 @@
+void vboot_main(void);
+void verstage_vboot_main(void);
diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig
index f2076b3ad7..b9cd436e15 100644
--- a/src/vendorcode/google/chromeos/Kconfig
+++ b/src/vendorcode/google/chromeos/Kconfig
@@ -82,6 +82,14 @@ config VBOOT_VERIFY_FIRMWARE
 	  Enabling VBOOT_VERIFY_FIRMWARE will use vboot to verify the ramstage
 	  and boot loader.
 
+config VBOOT2_VERIFY_FIRMWARE
+  bool "Firmware Verification with vboot2"
+  default n
+  depends on CHROMEOS
+  help
+	  Enabling VBOOT2_VERIFY_FIRMWARE will use vboot2 to verify the romstage
+	  and boot loader.
+
 config EC_SOFTWARE_SYNC
 	bool "Enable EC software sync"
 	default n
diff --git a/src/vendorcode/google/chromeos/Makefile.inc b/src/vendorcode/google/chromeos/Makefile.inc
index 5902dc1ed2..3f70453c0e 100644
--- a/src/vendorcode/google/chromeos/Makefile.inc
+++ b/src/vendorcode/google/chromeos/Makefile.inc
@@ -104,3 +104,12 @@ $(VB_LIB):
 		fwlib
 
 endif
+
+ifeq ($(CONFIG_VBOOT2_VERIFY_FIRMWARE),y)
+VERSTAGE_LIB = $(obj)/vendorcode/google/chromeos/verstage.a
+$(VERSTAGE_LIB): $$(verstage-objs)
+	@printf "    AR         $(subst $(obj)/,,$(@))\n"
+	$(AR_verstage) rc $@.tmp $(verstage-objs)
+	@printf "    OBJCOPY    $(subst $(obj)/,,$(@))\n"
+	$(OBJCOPY_verstage) --prefix-symbols=verstage_ $@.tmp $@
+endif
\ No newline at end of file
diff --git a/toolchain.inc b/toolchain.inc
index cae389cd72..3c59ab537c 100644
--- a/toolchain.inc
+++ b/toolchain.inc
@@ -25,7 +25,7 @@ ARCH_TO_TOOLCHAIN_X86_32 := x86_32
 ARCH_TO_TOOLCHAIN_ARM    := arm
 ARCH_TO_TOOLCHAIN_ARM64  := arm64
 
-COREBOOT_STANDARD_STAGES := bootblock romstage ramstage
+COREBOOT_STANDARD_STAGES := bootblock verstage romstage ramstage
 
 ARCHDIR-i386      := x86
 ARCHDIR-arm       := arm