diff --git a/drivers/usb/gadget/f_fastboot.c b/drivers/usb/gadget/f_fastboot.c
index 640dc45a63..3f300d0e56 100644
--- a/drivers/usb/gadget/f_fastboot.c
+++ b/drivers/usb/gadget/f_fastboot.c
@@ -83,7 +83,7 @@ extern void trusty_os_init(void);
 #include "fastboot_lock_unlock.h"
 #endif
 
-#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_DUAL_BOOTLOADER)
+#ifdef CONFIG_IMX_TRUSTY_OS
 #include "u-boot/sha256.h"
 #endif
 
@@ -2125,12 +2125,21 @@ int trusty_setbootparameter(struct andr_img_hdr *hdr, AvbABFlowResult avb_result
 	keymaster_verified_boot_t vbstatus;
 	FbLockState lock_status = fastboot_get_lock_stat();
 
-	uint8_t permanent_attributes_hash[AVB_SHA256_DIGEST_SIZE];
+	uint8_t boot_key_hash[AVB_SHA256_DIGEST_SIZE];
 #ifdef CONFIG_AVB_ATX
-	if (fsl_read_permanent_attributes_hash(&fsl_avb_atx_ops, permanent_attributes_hash)) {
+	if (fsl_read_permanent_attributes_hash(&fsl_avb_atx_ops, boot_key_hash)) {
 		printf("ERROR - failed to read permanent attributes hash for keymaster\n");
-		memset(permanent_attributes_hash, 0, AVB_SHA256_DIGEST_SIZE);
+		memset(boot_key_hash, 0, AVB_SHA256_DIGEST_SIZE);
 	}
+#else
+	uint8_t public_key_buf[AVB_MAX_BUFFER_LENGTH];
+	if (trusty_read_vbmeta_public_key(public_key_buf,
+						AVB_MAX_BUFFER_LENGTH) != 0) {
+		printf("ERROR - failed to read public key for keymaster\n");
+		memset(boot_key_hash, 0, AVB_SHA256_DIGEST_SIZE);
+	} else
+		sha256_csum_wd((unsigned char *)public_key_buf, AVB_SHA256_DIGEST_SIZE,
+				(unsigned char *)boot_key_hash, CHUNKSZ_SHA256);
 #endif
 
 	bool lock = (lock_status == FASTBOOT_LOCK)? true: false;
@@ -2147,11 +2156,11 @@ int trusty_setbootparameter(struct andr_img_hdr *hdr, AvbABFlowResult avb_result
 	}
 
 	trusty_set_boot_params(os_ver_km, os_lvl_km, vbstatus, lock,
-			       permanent_attributes_hash, AVB_SHA256_DIGEST_SIZE,
+			       boot_key_hash, AVB_SHA256_DIGEST_SIZE,
 			       vbh, AVB_SHA256_DIGEST_SIZE);
 #else
 	trusty_set_boot_params(os_ver_km, os_lvl_km, vbstatus, lock,
-			       permanent_attributes_hash, AVB_SHA256_DIGEST_SIZE,
+			       boot_key_hash, AVB_SHA256_DIGEST_SIZE,
 			       NULL, 0);
 #endif
 
diff --git a/lib/trusty/ql-tipc/avb.c b/lib/trusty/ql-tipc/avb.c
index b8dab40a4a..95b26fd2f8 100644
--- a/lib/trusty/ql-tipc/avb.c
+++ b/lib/trusty/ql-tipc/avb.c
@@ -230,7 +230,7 @@ int trusty_read_vbmeta_public_key(uint8_t *publickey, uint32_t size)
         return rc;
     }
     /* ensure caller passed size matches size returned by Trusty */
-    if (size != resp_size) {
+    if (size < resp_size) {
         return TRUSTY_ERR_INVALID_ARGS;
     }
     trusty_memcpy(publickey, resp_buf, resp_size);
diff --git a/lib/trusty/ql-tipc/keymaster.c b/lib/trusty/ql-tipc/keymaster.c
index 21e0e6cf4b..eaa43e3874 100644
--- a/lib/trusty/ql-tipc/keymaster.c
+++ b/lib/trusty/ql-tipc/keymaster.c
@@ -290,6 +290,9 @@ int km_tipc_init(struct trusty_ipc_dev *dev)
         return TRUSTY_ERR_GENERIC;
     }
 
+    /* mark as initialized */
+    initialized = true;
+
     return TRUSTY_ERR_NONE;
 }