diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk
index 38880f4..1220cec 100644
--- a/BoardConfigCommon.mk
+++ b/BoardConfigCommon.mk
@@ -205,6 +205,7 @@ TARGET_USERIMAGES_USE_EXT4 := true
 TARGET_USERIMAGES_USE_F2FS := true
 
 # Release tools
+TARGET_RECOVERY_UPDATER_LIBS := librecovery_updater_samsung
 TARGET_RELEASETOOLS_EXTENSIONS := $(VENDOR_PATH)
 
 # SELinux
diff --git a/msm8976.mk b/msm8976.mk
index b901bd0..d617aff 100644
--- a/msm8976.mk
+++ b/msm8976.mk
@@ -254,6 +254,10 @@ PRODUCT_PACKAGES += \
     init.qcom.usb.rc \
     ueventd.qcom.rc
 
+# Recovery
+PRODUCT_PACKAGES += \
+    librecovery_updater_samsung
+
 # RenderScript HAL
 PRODUCT_PACKAGES += \
     android.hardware.renderscript@1.0-impl
diff --git a/recovery/Android.mk b/recovery/Android.mk
new file mode 100644
index 0000000..23c0330
--- /dev/null
+++ b/recovery/Android.mk
@@ -0,0 +1,8 @@
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+LOCAL_C_INCLUDES := bootable/recovery
+LOCAL_SRC_FILES := recovery_updater.cpp
+LOCAL_MODULE := librecovery_updater_samsung
+LOCAL_MODULE_TAGS := eng
+include $(BUILD_STATIC_LIBRARY)
diff --git a/recovery/recovery_updater.cpp b/recovery/recovery_updater.cpp
new file mode 100644
index 0000000..97c61a5
--- /dev/null
+++ b/recovery/recovery_updater.cpp
@@ -0,0 +1,190 @@
+/*
+ * Copyright (C) 2015, The CyanogenMod Project
+ * Copyright (C) 2017, The LineageOS Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "edify/expr.h"
+#include "updater/install.h"
+
+#define MAX(a, b) (((a) > (b)) ? (a) : (b))
+
+#define ALPHABET_LEN 256
+#define KB 1024
+
+#define TZ_PART_PATH "/dev/block/bootdevice/by-name/tz"
+#define TZ_VER_STR "QC_IMAGE_VERSION_STRING="
+#define TZ_VER_STR_LEN 24
+#define TZ_VER_BUF_LEN 255
+#define TZ_SZ 4096 * KB    /* MMAP 4096K of TZ, TZ partition is 4096K */
+
+/* Boyer-Moore string search implementation from Wikipedia */
+
+/* Return longest suffix length of suffix ending at str[p] */
+static int max_suffix_len(const char *str, size_t str_len, size_t p) {
+    uint32_t i;
+
+    for (i = 0; (str[p - i] == str[str_len - 1 - i]) && (i < p); ) {
+        i++;
+    }
+
+    return i;
+}
+
+/* Generate table of distance between last character of pat and rightmost
+ * occurrence of character c in pat
+ */
+static void bm_make_delta1(int *delta1, const char *pat, size_t pat_len) {
+    uint32_t i;
+    for (i = 0; i < ALPHABET_LEN; i++) {
+        delta1[i] = pat_len;
+    }
+    for (i = 0; i < pat_len - 1; i++) {
+        uint8_t idx = (uint8_t) pat[i];
+        delta1[idx] = pat_len - 1 - i;
+    }
+}
+
+/* Generate table of next possible full match from mismatch at pat[p] */
+static void bm_make_delta2(int *delta2, const char *pat, size_t pat_len) {
+    int p;
+    uint32_t last_prefix = pat_len - 1;
+
+    for (p = pat_len - 1; p >= 0; p--) {
+        /* Compare whether pat[p-pat_len] is suffix of pat */
+        if (strncmp(pat + p, pat, pat_len - p) == 0) {
+            last_prefix = p + 1;
+        }
+        delta2[p] = last_prefix + (pat_len - 1 - p);
+    }
+
+    for (p = 0; p < (int) pat_len - 1; p++) {
+        /* Get longest suffix of pattern ending on character pat[p] */
+        int suf_len = max_suffix_len(pat, pat_len, p);
+        if (pat[p - suf_len] != pat[pat_len - 1 - suf_len]) {
+            delta2[pat_len - 1 - suf_len] = pat_len - 1 - p + suf_len;
+        }
+    }
+}
+
+static char * bm_search(const char *str, size_t str_len, const char *pat,
+        size_t pat_len) {
+    int delta1[ALPHABET_LEN];
+    int delta2[pat_len];
+    int i;
+
+    bm_make_delta1(delta1, pat, pat_len);
+    bm_make_delta2(delta2, pat, pat_len);
+
+    if (pat_len == 0) {
+        return (char *) str;
+    }
+
+    i = pat_len - 1;
+    while (i < (int) str_len) {
+        int j = pat_len - 1;
+        while (j >= 0 && (str[i] == pat[j])) {
+            i--;
+            j--;
+        }
+        if (j < 0) {
+            return (char *) (str + i + 1);
+        }
+        i += MAX(delta1[(uint8_t) str[i]], delta2[j]);
+    }
+
+    return NULL;
+}
+
+static int get_tz_version(char *ver_str, size_t len) {
+    int ret = 0;
+    int fd;
+    char *tz_data = NULL;
+    char *offset = NULL;
+
+    fd = open(TZ_PART_PATH, O_RDONLY);
+    if (fd < 0) {
+        ret = errno;
+        goto err_ret;
+    }
+
+    tz_data = (char *) mmap(NULL, TZ_SZ, PROT_READ, MAP_PRIVATE, fd, 0);
+    if (tz_data == (char *)-1) {
+        ret = errno;
+        goto err_fd_close;
+    }
+
+    /* Do Boyer-Moore search across TZ data */
+    offset = bm_search(tz_data, TZ_SZ, TZ_VER_STR, TZ_VER_STR_LEN);
+    if (offset != NULL) {
+        strncpy(ver_str, offset + TZ_VER_STR_LEN, len);
+    } else {
+        ret = -ENOENT;
+    }
+
+    munmap(tz_data, TZ_SZ);
+err_fd_close:
+    close(fd);
+err_ret:
+    return ret;
+}
+
+/* verify_trustzone("TZ_VERSION", "TZ_VERSION", ...) */
+Value * VerifyTrustZoneFn(const char *name, State *state, int argc, Expr *argv[]) {
+    char current_tz_version[TZ_VER_BUF_LEN];
+    int i, ret;
+
+    ret = get_tz_version(current_tz_version, TZ_VER_BUF_LEN);
+    if (ret) {
+        return ErrorAbort(state, kFreadFailure, "%s() failed to read current TZ version: %d",
+                name, ret);
+    }
+
+    char** tz_version = ReadVarArgs(state, argc, argv);
+    if (tz_version == NULL) {
+        return ErrorAbort(state, kArgsParsingFailure, "%s() error parsing arguments", name);
+    }
+
+    ret = 0;
+    for (i = 0; i < argc; i++) {
+        uiPrintf(state, "Comparing TZ version %s to %s",
+                tz_version[i], current_tz_version);
+        if (strncmp(tz_version[i], current_tz_version, strlen(tz_version[i])) == 0) {
+            ret = 1;
+            break;
+        }
+    }
+
+    for (i = 0; i < argc; i++) {
+        free(tz_version[i]);
+    }
+    free(tz_version);
+
+    return StringValue(strdup(ret ? "1" : "0"));
+}
+
+void Register_librecovery_updater_samsung() {
+    RegisterFunction("samsung.verify_trustzone", VerifyTrustZoneFn);
+}
diff --git a/releasetools.py b/releasetools.py
index 3f63251..92a8d9d 100644
--- a/releasetools.py
+++ b/releasetools.py
@@ -24,9 +24,9 @@ def IncrementalOTA_Assertions(info):
 
 def AddBootloaderAssertion(info, input_zip):
   android_info = input_zip.read("OTA/android-info.txt")
-  m = re.search(r"require\s+version-bootloader\s*=\s*(\S+)", android_info)
+  m = re.search(r'require\s+version-trustzone\s*=\s*(\S+)', android_info)
   if m:
-    bootloaders = m.group(1).split("|")
-    if "*" not in bootloaders:
-      info.script.AssertSomeBootloader(*bootloaders)
-    info.metadata["pre-bootloader"] = m.group(1)
+    versions = m.group(1).split('|')
+    if len(versions) and '*' not in versions:
+      cmd = 'assert(samsung.verify_trustzone(' + ','.join(['"%s"' % tz for tz in versions]) + ') == "1");'
+      info.script.AppendExtra(cmd)