diff --git a/trusty/trusty-base.mk b/trusty/trusty-base.mk
index 06097091d..7b4aa2633 100644
--- a/trusty/trusty-base.mk
+++ b/trusty/trusty-base.mk
@@ -22,8 +22,21 @@
 # For gatekeeper, we include the generic -service and -impl to use legacy
 # HAL loading of gatekeeper.trusty.
 
+# Allow the KeyMint HAL service implementation to be selected at build time.  This needs to be
+# done in sync with the TA implementation included in Trusty.  Possible values are:
+#
+# - Rust implementation:   export TRUSTY_KEYMINT_IMPL=rust
+# - C++ implementation:    (any other value of TRUSTY_KEYMINT_IMPL)
+
+ifeq ($(TRUSTY_KEYMINT_IMPL),rust)
+    LOCAL_KEYMINT_PRODUCT_PACKAGE := android.hardware.security.keymint-service.rust.trusty
+else
+    # Default to the C++ implementation
+    LOCAL_KEYMINT_PRODUCT_PACKAGE := android.hardware.security.keymint-service.trusty
+endif
+
 PRODUCT_PACKAGES += \
-	android.hardware.security.keymint-service.trusty \
+	$(LOCAL_KEYMINT_PRODUCT_PACKAGE) \
 	android.hardware.gatekeeper@1.0-service.trusty \
 	trusty_apploader \
 	RemoteProvisioner