diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000000000000000000000000000000000000..a2711862ab7ddce63a9d530434b84d538e5bb89e
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,7 @@
+stages:
+  - update-from-upstream
+
+include:
+  - project: 'e/templates'
+    ref: master
+    file: '/gitlab-ci/.gitlab-ci-import-updates-from-upstream.yml'
\ No newline at end of file
diff --git a/init/property_service.cpp b/init/property_service.cpp
index 5a8fc541827930c8315ce880f9389214c0ec4fcd..db5f5893abf2f57ae3ad762b9c3cb05325bd660d 100644
--- a/init/property_service.cpp
+++ b/init/property_service.cpp
@@ -1251,6 +1251,13 @@ static void ProcessBootconfig() {
     });
 }
 
+static void SetSafetyNetProps() {
+    InitPropertySet("ro.boot.flash.locked", "1");
+    InitPropertySet("ro.boot.verifiedbootstate", "green");
+    InitPropertySet("ro.boot.veritymode", "enforcing");
+    InitPropertySet("ro.boot.vbmeta.device_state", "locked");
+}
+
 void PropertyInit() {
     selinux_callback cb;
     cb.func_audit = PropertyAuditCallback;
@@ -1265,6 +1272,12 @@ void PropertyInit() {
         LOG(FATAL) << "Failed to load serialized property info file";
     }
 
+    // Report a valid verified boot chain to make Google SafetyNet integrity
+    // checks pass. This needs to be done before parsing the kernel cmdline as
+    // these properties are read-only and will be set to invalid values with
+    // androidboot cmdline arguments.
+    SetSafetyNetProps();
+
     // If arguments are passed both on the command line and in DT,
     // properties set in DT always have priority over the command-line ones.
     ProcessKernelDt();