diff --git a/BoardConfig.mk b/BoardConfig.mk
index 6972630362eadf13c84eb89136ef623f2ed25fff..e6581043cc6593506b71b4d98c9781199b46315d 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -103,24 +103,32 @@ AB_OTA_PARTITIONS += \
     vbmeta_vendor \
 
 # AVB
+BOARD_AVB_ENABLE := true
+
+ifndef KEYS_DIR
+    $(warning Enabling flag 3 for disabled VBMeta)
+    BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --flags 3
+endif
+
+BOARD_AVB_ALGORITHM := SHA256_RSA4096
+ifneq (,$(wildcard $(KEYS_DIR)/avb_murena_rsa4096.pem))
+    BOARD_AVB_KEY_PATH := $(KEYS_DIR)/avb_murena_rsa4096.pem
+else
+    BOARD_AVB_KEY_PATH := external/avb/test/data/testkey_rsa4096.pem
+endif
+
 BOARD_AVB_VBMETA_SYSTEM := system system_ext
-BOARD_AVB_VBMETA_SYSTEM_KEY_PATH := external/avb/test/data/testkey_rsa4096.pem
-BOARD_AVB_VBMETA_SYSTEM_ALGORITHM := SHA256_RSA4096
+BOARD_AVB_VBMETA_SYSTEM_KEY_PATH := $(BOARD_AVB_KEY_PATH)
+BOARD_AVB_VBMETA_SYSTEM_ALGORITHM := $(BOARD_AVB_ALGORITHM)
 BOARD_AVB_VBMETA_SYSTEM_ROLLBACK_INDEX := $(PLATFORM_SECURITY_PATCH_TIMESTAMP)
 BOARD_AVB_VBMETA_SYSTEM_ROLLBACK_INDEX_LOCATION := 1
 
 BOARD_AVB_VBMETA_VENDOR := odm vendor
-BOARD_AVB_VBMETA_VENDOR_KEY_PATH := external/avb/test/data/testkey_rsa4096.pem
-BOARD_AVB_VBMETA_VENDOR_ALGORITHM := SHA256_RSA4096
+BOARD_AVB_VBMETA_VENDOR_KEY_PATH := $(BOARD_AVB_KEY_PATH)
+BOARD_AVB_VBMETA_VENDOR_ALGORITHM := $(BOARD_AVB_ALGORITHM)
 BOARD_AVB_VBMETA_VENDOR_ROLLBACK_INDEX := $(PLATFORM_SECURITY_PATCH_TIMESTAMP)
 BOARD_AVB_VBMETA_VENDOR_ROLLBACK_INDEX_LOCATION := 2
 
-# Enable AVB 2.0
-BOARD_AVB_ENABLE := true
-
-# Build the image with verity pre-disabled - https://android.googlesource.com/platform/external/avb/+/58305521295e51cb52a74d8d8bbaed738cf0767a
-BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --flags 3
-
 #####
 
 # ANT+