diff --git a/payloads/libpayload/Config.in b/payloads/libpayload/Config.in
index 6dce181782..a0889c89e8 100644
--- a/payloads/libpayload/Config.in
+++ b/payloads/libpayload/Config.in
@@ -62,6 +62,13 @@ config DEVELOPER
 	  Prompt for developer options. These options are only interesting for
 	  libpayload developers.
 
+config REMOTEGDB
+	bool "Remote GDB stub"
+	default n
+	depends on GPL
+	help
+	  Enable Remote GDB debugging support.
+
 config CHROMEOS
 	bool "ChromeOS specific features"
 	default n
diff --git a/payloads/libpayload/Makefile.inc b/payloads/libpayload/Makefile.inc
index 16446b5dbf..b97a03e846 100644
--- a/payloads/libpayload/Makefile.inc
+++ b/payloads/libpayload/Makefile.inc
@@ -44,11 +44,12 @@ classes-$(CONFIG_LP_CURSES) += libcurses
 classes-$(CONFIG_LP_PDCURSES) += libmenu libform libpanel
 classes-$(CONFIG_LP_CBFS) += libcbfs
 classes-$(CONFIG_LP_LZMA) += liblzma
+classes-$(CONFIG_LP_REMOTEGDB) += libgdb
 libraries := $(classes-y)
 classes-y += head.o
 
 subdirs-y := arch/$(ARCHDIR-y)
-subdirs-y += crypto libc drivers libpci
+subdirs-y += crypto libc drivers libpci gdb
 subdirs-$(CONFIG_LP_CURSES) += curses
 subdirs-$(CONFIG_LP_CBFS) += libcbfs
 subdirs-$(CONFIG_LP_LZMA) += liblzma
diff --git a/payloads/libpayload/arch/arm/Makefile.inc b/payloads/libpayload/arch/arm/Makefile.inc
index 41bf7348c4..6c8667adc6 100644
--- a/payloads/libpayload/arch/arm/Makefile.inc
+++ b/payloads/libpayload/arch/arm/Makefile.inc
@@ -42,6 +42,8 @@ libc-y += selfboot.c
 # Will fall back to default_memXXX() in libc/memory.c if GPL not allowed.
 libc-$(CONFIG_LP_GPL) += memcpy.S memset.S memmove.S
 
+libgdb-y += gdb.c
+
 libcbfs-$(CONFIG_LP_CBFS) += dummy_media.c
 
 # Add other classes here when you put assembly files into them!
diff --git a/payloads/libpayload/arch/arm/gdb.c b/payloads/libpayload/arch/arm/gdb.c
new file mode 100644
index 0000000000..faf9eb48f2
--- /dev/null
+++ b/payloads/libpayload/arch/arm/gdb.c
@@ -0,0 +1,114 @@
+/*
+ * Copyright 2014 Google Inc.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but without any warranty; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <exception.h>
+#include <gdb.h>
+#include <libpayload.h>
+
+struct gdb_regs
+{
+	u32 r[16];
+	struct fp_reg
+	{
+		u8 byte[12];
+	} __attribute__((packed)) f[8];
+	u32 fps;
+	u32 cpsr;
+} __attribute__((packed));
+
+static const u8 type_to_signal[] = {
+	[EXC_UNDEF]  = GDB_SIGILL,
+	[EXC_SWI]    = GDB_SIGTRAP,
+	[EXC_PABORT] = GDB_SIGSEGV,
+	[EXC_DABORT] = GDB_SIGSEGV,
+};
+
+/* Scratch value to write reentrant exception states to. We never read it. */
+static struct exception_state sentinel_exception_state;
+
+static int gdb_exception_hook(u32 type)
+{
+	/*
+	 * If we were not resumed we are in deep trouble here. GDB probably told
+	 * us to do something stupid and caused a reentrant exception. All we
+	 * can do is just blindly send an error code and keep going. Eventually
+	 * GDB will tell us to resume and we return right back to the original
+	 * exception state ("jumping over" all the nested ones).
+	 */
+	if (gdb_state.connected && !gdb_state.resumed) {
+		static const char error_code[] = "E22";	/* EINVAL? */
+		static const struct gdb_message tmp_reply = {
+			.buf = (u8 *)error_code,
+			.used = sizeof(error_code),
+			.size = sizeof(error_code),
+		};
+		gdb_send_reply(&tmp_reply);
+		gdb_command_loop(gdb_state.signal); /* preserve old signal */
+	} else {
+		if (type >= ARRAY_SIZE(type_to_signal) || !type_to_signal[type])
+			return 0;
+		exception_state_ptr = &sentinel_exception_state;
+		gdb_command_loop(type_to_signal[type]);
+	}
+
+	exception_state_ptr = &exception_state;
+	return 1;
+}
+
+void gdb_arch_init(void)
+{
+	exception_install_hook(&gdb_exception_hook);
+}
+
+void gdb_arch_enter(void)
+{
+	u32 *sp;
+
+	asm volatile ("mov %0, %%sp" : "=r"(sp) );
+
+	/* Avoid reentrant exceptions, just call the hook if in one already. */
+	if (sp >= exception_stack && sp <= exception_stack_end)
+		gdb_exception_hook(EXC_SWI);
+	else
+		asm volatile ("svc #0");
+}
+
+int gdb_arch_set_single_step(int on)
+{
+	/* GDB seems to only need this on x86, ARM works fine without it. */
+	return -1;
+}
+
+void gdb_arch_encode_regs(struct gdb_message *message)
+{
+	gdb_message_encode_bytes(message, exception_state.regs,
+				 sizeof(exception_state.regs));
+	gdb_message_encode_zero_bytes(message,
+		offsetof(struct gdb_regs, cpsr) - offsetof(struct gdb_regs, f));
+	gdb_message_encode_bytes(message, &exception_state.cpsr,
+				 sizeof(exception_state.cpsr));
+}
+
+void gdb_arch_decode_regs(int offset, struct gdb_message *message)
+{
+	const int cpsr_hex_offset = offsetof(struct gdb_regs, cpsr) * 2;
+	gdb_message_decode_bytes(message, offset,
+			exception_state.regs, sizeof(exception_state.regs));
+	gdb_message_decode_bytes(message, offset + cpsr_hex_offset,
+			&exception_state.cpsr, sizeof(exception_state.cpsr));
+}
diff --git a/payloads/libpayload/arch/x86/Makefile.inc b/payloads/libpayload/arch/x86/Makefile.inc
index 503901dff2..87b3e9e842 100644
--- a/payloads/libpayload/arch/x86/Makefile.inc
+++ b/payloads/libpayload/arch/x86/Makefile.inc
@@ -37,6 +37,7 @@ libc-y += exception_asm.S exception.c
 # Will fall back to default_memXXX() in libc/memory.c if GPL not allowed.
 libc-$(CONFIG_LP_GPL) += string.c
 
+libgdb-y += gdb.c
 
 libcbfs-$(CONFIG_LP_CBFS) += rom_media.c
 
diff --git a/payloads/libpayload/arch/x86/gdb.c b/payloads/libpayload/arch/x86/gdb.c
new file mode 100644
index 0000000000..99db78f29b
--- /dev/null
+++ b/payloads/libpayload/arch/x86/gdb.c
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2014 Google Inc.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but without any warranty; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <exception.h>
+#include <gdb.h>
+#include <libpayload.h>
+
+static const u8 type_to_signal[] = {
+	[EXC_DE]  = GDB_SIGFPE,
+	[EXC_DB]  = GDB_SIGTRAP,
+	[EXC_NMI] = GDB_SIGKILL,
+	[EXC_BP]  = GDB_SIGTRAP,
+	[EXC_OF]  = GDB_SIGFPE,
+	[EXC_BR]  = GDB_SIGSEGV,
+	[EXC_UD]  = GDB_SIGILL,
+	[EXC_NM]  = GDB_SIGEMT,
+	[EXC_DF]  = GDB_SIGKILL,
+	[EXC_TS]  = GDB_SIGSEGV,
+	[EXC_NP]  = GDB_SIGSEGV,
+	[EXC_SS]  = GDB_SIGBUS,
+	[EXC_GP]  = GDB_SIGSEGV,
+	[EXC_PF]  = GDB_SIGSEGV,
+	[EXC_MF]  = GDB_SIGEMT,
+	[EXC_AC]  = GDB_SIGBUS,
+	[EXC_MC]  = GDB_SIGKILL,
+	[EXC_XF]  = GDB_SIGFPE,
+	[EXC_SX]  = GDB_SIGFPE,
+};
+
+static int gdb_exception_hook(u32 type)
+{
+	if (type >= ARRAY_SIZE(type_to_signal) || !type_to_signal[type])
+		return 0;
+	gdb_command_loop(type_to_signal[type]);
+	return 1;
+}
+
+void gdb_arch_init(void)
+{
+	exception_install_hook(&gdb_exception_hook);
+}
+
+void gdb_arch_enter(void)
+{
+	u32 *esp;
+
+	asm volatile ("mov %%esp, %0" : "=r"(esp) );
+
+	/* Avoid reentrant exceptions, just call the hook if in one already. */
+	if (esp >= exception_stack && esp <= exception_stack_end)
+		gdb_exception_hook(EXC_BP);
+	else
+		asm volatile ("int3");
+}
+
+int gdb_arch_set_single_step(int on)
+{
+	const u32 tf_bit = 1 << 8;
+
+	if (on)
+		exception_state->regs.eflags |= tf_bit;
+	else
+		exception_state->regs.eflags &= ~tf_bit;
+
+	return 0;
+}
+
+void gdb_arch_encode_regs(struct gdb_message *message)
+{
+	gdb_message_encode_bytes(message, &exception_state->regs,
+				 sizeof(exception_state->regs));
+}
+
+void gdb_arch_decode_regs(int offset, struct gdb_message *message)
+{
+	gdb_message_decode_bytes(message, offset, &exception_state->regs,
+				 sizeof(exception_state->regs));
+}
diff --git a/payloads/libpayload/gdb/Makefile.inc b/payloads/libpayload/gdb/Makefile.inc
new file mode 100644
index 0000000000..cacd0d02f3
--- /dev/null
+++ b/payloads/libpayload/gdb/Makefile.inc
@@ -0,0 +1,20 @@
+##
+## Copyright 2014 Google Inc.
+##
+## This program is free software; you can redistribute it and/or
+## modify it under the terms of the GNU General Public License as
+## published by the Free Software Foundation; either version 2 of
+## the License, or (at your option) any later version.
+##
+## This program is distributed in the hope that it will be useful,
+## but without any warranty; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+## GNU General Public License for more details.
+##
+## You should have received a copy of the GNU General Public License
+## along with this program; if not, write to the Free Software
+## Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+libgdb-y += commands.c
+libgdb-y += stub.c
+libgdb-y += transport.c
diff --git a/payloads/libpayload/gdb/commands.c b/payloads/libpayload/gdb/commands.c
new file mode 100644
index 0000000000..5137dfd9f5
--- /dev/null
+++ b/payloads/libpayload/gdb/commands.c
@@ -0,0 +1,101 @@
+/*
+ * Copyright 2014 Google Inc.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but without any warranty; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <arch/cache.h>
+#include <gdb.h>
+#include <libpayload.h>
+
+static void gdb_get_last_signal(struct gdb_message *command,
+				int offset, struct gdb_message *reply)
+{
+	gdb_message_add_string(reply, "S");
+	gdb_message_encode_bytes(reply, &gdb_state.signal, 1);
+}
+
+static void gdb_read_general_registers(struct gdb_message *command,
+				       int offset, struct gdb_message *reply)
+{
+	gdb_arch_encode_regs(reply);
+}
+
+static void gdb_write_general_registers(struct gdb_message *command,
+					int offset, struct gdb_message *reply)
+{
+	gdb_arch_decode_regs(offset, command);
+	gdb_message_add_string(reply, "OK");
+}
+
+static void gdb_read_memory(struct gdb_message *command,
+			    int offset, struct gdb_message *reply)
+{
+	int tok = gdb_message_tokenize(command, &offset);
+	uintptr_t addr = gdb_message_decode_int(command, tok, offset - 1 - tok);
+	size_t length = gdb_message_decode_int(command, offset,
+					       command->used - offset);
+
+	gdb_message_encode_bytes(reply, (void *)addr, length);
+}
+
+static void gdb_write_memory(struct gdb_message *command,
+			     int offset, struct gdb_message *reply)
+{
+	int tok = gdb_message_tokenize(command, &offset);
+	uintptr_t addr = gdb_message_decode_int(command, tok, offset - 1 - tok);
+	tok = gdb_message_tokenize(command, &offset);
+	size_t length = gdb_message_decode_int(command, tok, offset - 1 - tok);
+
+	die_if(length * 2 != command->used - offset, "Invalid length field in "
+	       "GDB command: %.*s", command->used, command->buf);
+
+	gdb_message_decode_bytes(command, offset, (void *)addr, length);
+	cache_sync_instructions();
+	gdb_message_add_string(reply, "OK");
+}
+
+static void gdb_continue(struct gdb_message *command,
+			 int offset, struct gdb_message *reply)
+{
+	/* Disable single step if it's still on. */
+	gdb_arch_set_single_step(0);
+
+	/* No need to support the extension that passes in new EIP/PC. */
+	if (command->used > offset)
+		gdb_message_add_string(reply, "E00");
+	else
+		gdb_state.resumed = 1;
+}
+
+static void gdb_single_step(struct gdb_message *command,
+			    int offset, struct gdb_message *reply)
+{
+	if (command->used > offset || gdb_arch_set_single_step(1))
+		gdb_message_add_string(reply, "E00");
+	else
+		gdb_state.resumed = 1;
+}
+
+struct gdb_command gdb_commands[] = {
+	{ "?", &gdb_get_last_signal },
+	{ "g", &gdb_read_general_registers },
+	{ "G", &gdb_write_general_registers },
+	{ "m", &gdb_read_memory },
+	{ "M", &gdb_write_memory },
+	{ "c", &gdb_continue },
+	{ "s", &gdb_single_step }
+};
+const int gdb_command_count = ARRAY_SIZE(gdb_commands);
diff --git a/payloads/libpayload/gdb/stub.c b/payloads/libpayload/gdb/stub.c
new file mode 100644
index 0000000000..73afa70c47
--- /dev/null
+++ b/payloads/libpayload/gdb/stub.c
@@ -0,0 +1,124 @@
+/*
+ * Copyright 2014 Google Inc.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but without any warranty; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <gdb.h>
+#include <libpayload.h>
+
+struct gdb_state gdb_state;
+
+static u8 reply_buf[2048];
+static u8 command_buf[2048];
+
+static struct gdb_message command = {
+	.buf = command_buf,
+	.used = 0,
+	.size = sizeof(command_buf),
+};
+static struct gdb_message reply = {
+	.buf = reply_buf,
+	.used = 0,
+	.size = sizeof(reply_buf),
+};
+
+void gdb_command_loop(u8 signal)
+{
+	if (gdb_state.resumed) {
+		/* We were just running. Send a stop reply. */
+		reply.used = 0;
+		gdb_message_add_string(&reply, "S");
+		gdb_message_encode_bytes(&reply, &signal, 1);
+		gdb_send_reply(&reply);
+
+	}
+	gdb_state.signal = signal;
+	gdb_state.resumed = 0;
+	gdb_state.connected = 1;
+
+	while (1) {
+		int i;
+
+		gdb_get_command(&command);
+
+		reply.used = 0;
+		for (i = 0; i < gdb_command_count; i++) {
+			int clen = strlen(gdb_commands[i].str);
+			if (!strncmp(gdb_commands[i].str, (char *)command.buf,
+				     MIN(clen, command.used))) {
+				gdb_commands[i].handler(&command, clen, &reply);
+				break;
+			}
+		}
+
+		/* If we're resuming, we won't send a reply until we stop. */
+		if (gdb_state.resumed)
+			return;
+
+		gdb_send_reply(&reply);
+	}
+}
+
+static void gdb_output_write(const void *buffer, size_t count)
+{
+	if (!gdb_state.resumed) {
+		/* Must be a die_if() in GDB (or a bug), so bail out and die. */
+		gdb_exit(-1);
+		video_console_init();
+		puts("GDB died, redirecting its last words to the screen:\n");
+		console_write(buffer, count);
+	} else {
+		reply.used = 0;
+		reply.buf[reply.used++] = 'O';
+		gdb_message_encode_bytes(&reply, buffer, count);
+		gdb_send_reply(&reply);
+	}
+}
+
+static struct console_output_driver gdb_output_driver = {
+	.write = &gdb_output_write
+};
+
+static void gdb_init(void)
+{
+	printf("Ready for GDB connection.\n");
+	gdb_transport_init();
+	gdb_arch_init();
+	console_add_output_driver(&gdb_output_driver);
+}
+
+void gdb_enter(void)
+{
+	if (!gdb_state.connected)
+		gdb_init();
+	gdb_arch_enter();
+}
+
+void gdb_exit(s8 exit_status)
+{
+	if (!gdb_state.connected)
+		return;
+
+	reply.used = 0;
+	gdb_message_add_string(&reply, "W");
+	gdb_message_encode_bytes(&reply, &exit_status, 1);
+	gdb_send_reply(&reply);
+
+	console_remove_output_driver(&gdb_output_write);
+	gdb_transport_teardown();
+	gdb_state.connected = 0;
+	printf("Detached from GDB connection.\n");
+}
diff --git a/payloads/libpayload/gdb/transport.c b/payloads/libpayload/gdb/transport.c
new file mode 100644
index 0000000000..596ceb5c6d
--- /dev/null
+++ b/payloads/libpayload/gdb/transport.c
@@ -0,0 +1,235 @@
+/*
+ * Copyright 2014 Google Inc.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but without any warranty; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <gdb.h>
+#include <libpayload.h>
+
+static const int timeout_us = 100 * 1000;
+static const char output_overrun[] = "GDB output buffer overrun (try "
+				     "increasing reply.size)!\n";
+static const char input_underrun[] = "GDB input message truncated (bug or "
+				     "communication problem)?\n";
+
+/* Serial-specific glue code... add more transport layers here when desired. */
+
+static void gdb_raw_putchar(u8 c)
+{
+	serial_putchar(c);
+}
+
+static int gdb_raw_getchar(void)
+{
+	u64 start = timer_us(0);
+
+	while (!serial_havechar())
+		if (timer_us(start) > timeout_us)
+			return -1;
+
+	return serial_getchar();
+}
+
+void gdb_transport_init(void)
+{
+	console_remove_output_driver(serial_putchar);
+}
+
+void gdb_transport_teardown(void)
+{
+	serial_console_init();
+}
+
+/* Hex digit character <-> number conversion (illegal chars undefined!). */
+
+static s8 from_hex(unsigned char c)
+{
+	static const s8 values[] = {
+		-1, 10, 11, 12, 13, 14, 15, -1,
+		-1, -1, -1, -1, -1, -1, -1, -1,
+		 0,  1,  2,  3,  4,  5,  6,  7,
+		 8,  9, -1, -1, -1, -1, -1, -1,
+	};
+
+	return values[c & 0x1f];
+}
+
+static char to_hex(u8 v)
+{
+	static const char digits[] = "0123456789abcdef";
+
+	return digits[v & 0xf];
+}
+
+/* Message encode/decode functions */
+
+void gdb_message_encode_bytes(struct gdb_message *message, const void *data,
+			      int length)
+{
+	const u8 *bytes = data;
+	die_if(message->used + length * 2 > message->size, output_overrun);
+	while (length--) {
+		message->buf[message->used++] = to_hex(*bytes >> 4);
+		message->buf[message->used++] = to_hex(*bytes & 0xf);
+		bytes++;
+	}
+}
+
+void gdb_message_decode_bytes(const struct gdb_message *message, int offset,
+			      void *data, int length)
+{
+	u8 *bytes = data;
+	die_if(offset + 2 * length > message->used, "Decode overrun in GDB "
+		"message: %.*s", message->used, message->buf);
+	while (length--) {
+		*bytes = from_hex(message->buf[offset++]) << 4;
+		*bytes += from_hex(message->buf[offset++]);
+		bytes++;
+	}
+}
+
+void gdb_message_encode_zero_bytes(struct gdb_message *message, int length)
+{
+	die_if(message->used + length * 2 > message->size, output_overrun);
+	memset(message->buf + message->used, '0', length * 2);
+	message->used += length * 2;
+}
+
+void gdb_message_add_string(struct gdb_message *message, const char *string)
+{
+	message->used += strlcpy((char *)message->buf + message->used,
+			     string, message->size - message->used);
+
+	/* Check >= instead of > to account for strlcpy's trailing '\0'. */
+	die_if(message->used >= message->size, output_overrun);
+}
+
+void gdb_message_encode_int(struct gdb_message *message, uintptr_t val)
+{
+	int length = sizeof(uintptr_t) * 2 - __builtin_clz(val) / 4;
+	die_if(message->used + length > message->size, output_overrun);
+	while (length--)
+		message->buf[message->used++] =
+			to_hex((val >> length * 4) & 0xf);
+}
+
+uintptr_t gdb_message_decode_int(const struct gdb_message *message, int offset,
+				 int length)
+{
+	uintptr_t val = 0;
+
+	die_if(length > sizeof(uintptr_t) * 2, "GDB decoding invalid number: "
+	       "%.*s", message->used, message->buf);
+
+	while (length--) {
+		val <<= 4;
+		val |= from_hex(message->buf[offset++]);
+	}
+
+	return val;
+}
+
+/* Like strtok/strsep: writes back offset argument, returns original offset. */
+int gdb_message_tokenize(const struct gdb_message *message, int *offset)
+{
+	int token = *offset;
+	while (!strchr(",;:", message->buf[(*offset)++]))
+		die_if(*offset >= message->used, "Undelimited token in GDB "
+				"message at offset %d: %.*s",
+				token, message->used, message->buf);
+	return token;
+}
+
+/* High-level send/receive functions. */
+
+void gdb_get_command(struct gdb_message *command)
+{
+	enum command_state {
+		STATE_WAITING,
+		STATE_COMMAND,
+		STATE_CHECKSUM0,
+		STATE_CHECKSUM1,
+	};
+
+	u8 checksum = 0;
+	u8 running_checksum = 0;
+	enum command_state state = STATE_WAITING;
+
+	while (1) {
+		int c = gdb_raw_getchar();
+		if (c < 0) {
+			/*
+			 * Timeout waiting for a byte. Reset the
+			 * state machine.
+			 */
+			state = STATE_WAITING;
+			continue;
+		}
+
+		switch (state) {
+		case STATE_WAITING:
+			if (c == '$') {
+				running_checksum = 0;
+				command->used = 0;
+				state = STATE_COMMAND;
+			}
+			break;
+		case STATE_COMMAND:
+			if (c == '#') {
+				state = STATE_CHECKSUM0;
+				break;
+			}
+			die_if(command->used >= command->size, "GDB input buf"
+			       "fer overrun (try increasing command.size)!\n");
+			command->buf[command->used++] = c;
+			running_checksum += c;
+			break;
+		case STATE_CHECKSUM0:
+			checksum = from_hex(c) << 4;
+			state = STATE_CHECKSUM1;
+			break;
+		case STATE_CHECKSUM1:
+			checksum += from_hex(c);
+			if (running_checksum == checksum) {
+				gdb_raw_putchar('+');
+				return;
+			} else {
+				state = STATE_WAITING;
+				gdb_raw_putchar('-');
+			}
+			break;
+		}
+	}
+}
+
+void gdb_send_reply(const struct gdb_message *reply)
+{
+	int i;
+	int retries = 1 * 1000 * 1000 / timeout_us;
+	u8 checksum = 0;
+
+	for (i = 0; i < reply->used; i++)
+		checksum += reply->buf[i];
+
+	do {
+		gdb_raw_putchar('$');
+		for (i = 0; i < reply->used; i++)
+			gdb_raw_putchar(reply->buf[i]);
+		gdb_raw_putchar('#');
+		gdb_raw_putchar(to_hex(checksum >> 4));
+		gdb_raw_putchar(to_hex(checksum & 0xf));
+	} while (gdb_raw_getchar() != '+' && retries--);
+}
diff --git a/payloads/libpayload/include/gdb.h b/payloads/libpayload/include/gdb.h
new file mode 100644
index 0000000000..283ca045ec
--- /dev/null
+++ b/payloads/libpayload/include/gdb.h
@@ -0,0 +1,241 @@
+/*
+ * Copyright 2014 Google Inc.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but without any warranty; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef _GDB_H_
+#define _GDB_H_
+
+#include <stdint.h>
+
+struct gdb_message
+{
+	u8 *buf;
+	int used;
+	const int size;
+};
+
+struct gdb_state
+{
+	u8 signal;
+	u8 resumed	: 1;
+	u8 connected	: 1;
+};
+extern struct gdb_state gdb_state;
+
+typedef void (*gdb_command_handler)(struct gdb_message *command,
+				    int offset, struct gdb_message *reply);
+struct gdb_command
+{
+	const char *str;
+	gdb_command_handler handler;
+};
+extern struct gdb_command gdb_commands[];
+extern const int gdb_command_count;
+
+/* arch/gdb.c */
+
+void gdb_arch_init(void);
+void gdb_arch_enter(void);
+
+int gdb_arch_set_single_step(int on);
+
+void gdb_arch_encode_regs(struct gdb_message *message);
+void gdb_arch_decode_regs(int offset, struct gdb_message *message);
+
+/* gdb/transport.c */
+
+void gdb_transport_init(void);
+void gdb_transport_teardown(void);
+
+void gdb_message_encode_bytes(struct gdb_message *message, const void *data,
+			      int length);
+void gdb_message_decode_bytes(const struct gdb_message *message, int offset,
+			      void *data, int length);
+void gdb_message_encode_zero_bytes(struct gdb_message *message, int length);
+
+void gdb_message_add_string(struct gdb_message *message, const char *string);
+
+void gdb_message_encode_int(struct gdb_message *message, uintptr_t val);
+uintptr_t gdb_message_decode_int(const struct gdb_message *message, int offset,
+				 int length);
+
+int gdb_message_tokenize(const struct gdb_message *message, int *offset);
+
+void gdb_get_command(struct gdb_message *command);
+void gdb_send_reply(const struct gdb_message *reply);
+
+/* gdb/stub.c */
+
+void gdb_command_loop(uint8_t signal);
+
+enum {
+	GDB_SIG0 = 0, /* Signal 0 */
+	GDB_SIGHUP = 1, /* Hangup */
+	GDB_SIGINT = 2, /* Interrupt */
+	GDB_SIGQUIT = 3, /* Quit */
+	GDB_SIGILL = 4, /* Illegal instruction */
+	GDB_SIGTRAP = 5, /* Trace/breakpoint trap */
+	GDB_SIGABRT = 6, /* Aborted */
+	GDB_SIGEMT = 7, /* Emulation trap */
+	GDB_SIGFPE = 8, /* Arithmetic exception */
+	GDB_SIGKILL = 9, /* Killed */
+	GDB_SIGBUS = 10, /* Bus error */
+	GDB_SIGSEGV = 11, /* Segmentation fault */
+	GDB_SIGSYS = 12, /* Bad system call */
+	GDB_SIGPIPE = 13, /* Broken pipe */
+	GDB_SIGALRM = 14, /* Alarm clock */
+	GDB_SIGTERM = 15, /* Terminated */
+	GDB_SIGURG = 16, /* Urgent I/O condition */
+	GDB_SIGSTOP = 17, /* Stopped (signal) */
+	GDB_SIGTSTP = 18, /* Stopped (user) */
+	GDB_SIGCONT = 19, /* Continued */
+	GDB_SIGCHLD = 20, /* Child status changed */
+	GDB_SIGTTIN = 21, /* Stopped (ttyinput) */
+	GDB_SIGTTOU = 22, /* Stopped (ttyoutput) */
+	GDB_SIGIO = 23, /* I/O possible */
+	GDB_SIGXCPU = 24, /* CPU time limit exceeded */
+	GDB_SIGXFSZ = 25, /* File size limit exceeded */
+	GDB_SIGVTALRM = 26, /* Virtual timer expired */
+	GDB_SIGPROF = 27, /* Profiling timer expired */
+	GDB_SIGWINCH = 28, /* Window size changed */
+	GDB_SIGLOST = 29, /* Resource lost */
+	GDB_SIGUSR1 = 30, /* User defined signal1 */
+	GDB_SUGUSR2 = 31, /* User defined signal2 */
+	GDB_SIGPWR = 32, /* Powerfail/restart */
+	GDB_SIGPOLL = 33, /* Pollable event occurred */
+	GDB_SIGWIND = 34, /* SIGWIND */
+	GDB_SIGPHONE = 35, /* SIGPHONE */
+	GDB_SIGWAITING = 36, /* Process's LWPs are blocked */
+	GDB_SIGLWP = 37, /* Signal LWP */
+	GDB_SIGDANGER = 38, /* Swap space dangerously low */
+	GDB_SIGGRANT = 39, /* Monitor mode granted */
+	GDB_SIGRETRACT = 40, /* Need to relinquish monitor mode */
+	GDB_SIGMSG = 41, /* Monitor mode data available */
+	GDB_SIGSOUND = 42, /* Sound completed */
+	GDB_SIGSAK = 43, /* Secure attention */
+	GDB_SIGPRIO = 44, /* SIGPRIO */
+
+	GDB_SIG33 = 45, /* Real-timeevent 33 */
+	GDB_SIG34 = 46, /* Real-timeevent 34 */
+	GDB_SIG35 = 47, /* Real-timeevent 35 */
+	GDB_SIG36 = 48, /* Real-timeevent 36 */
+	GDB_SIG37 = 49, /* Real-timeevent 37 */
+	GDB_SIG38 = 50, /* Real-timeevent 38 */
+	GDB_SIG39 = 51, /* Real-timeevent 39 */
+	GDB_SIG40 = 52, /* Real-timeevent 40 */
+	GDB_SIG41 = 53, /* Real-timeevent 41 */
+	GDB_SIG42 = 54, /* Real-timeevent 42 */
+	GDB_SIG43 = 55, /* Real-timeevent 43 */
+	GDB_SIG44 = 56, /* Real-timeevent 44 */
+	GDB_SIG45 = 57, /* Real-timeevent 45 */
+	GDB_SIG46 = 58, /* Real-timeevent 46 */
+	GDB_SIG47 = 59, /* Real-timeevent 47 */
+	GDB_SIG48 = 60, /* Real-timeevent 48 */
+	GDB_SIG49 = 61, /* Real-timeevent 49 */
+	GDB_SIG50 = 62, /* Real-timeevent 50 */
+	GDB_SIG51 = 63, /* Real-timeevent 51 */
+	GDB_SIG52 = 64, /* Real-timeevent 52 */
+	GDB_SIG53 = 65, /* Real-timeevent 53 */
+	GDB_SIG54 = 66, /* Real-timeevent 54 */
+	GDB_SIG55 = 67, /* Real-timeevent 55 */
+	GDB_SIG56 = 68, /* Real-timeevent 56 */
+	GDB_SIG57 = 69, /* Real-timeevent 57 */
+	GDB_SIG58 = 70, /* Real-timeevent 58 */
+	GDB_SIG59 = 71, /* Real-timeevent 59 */
+	GDB_SIG60 = 72, /* Real-timeevent 60 */
+	GDB_SIG61 = 73, /* Real-timeevent 61 */
+	GDB_SIG62 = 74, /* Real-timeevent 62 */
+	GDB_SIG63 = 75, /* Real-timeevent 63 */
+	GDB_SIGCANCEL = 76, /* LWP internal signal */
+	GDB_SIG32 = 77, /* Real-timeevent 32 */
+	GDB_SIG64 = 78, /* Real-timeevent 64 */
+	GDB_SIG65 = 79, /* Real-timeevent 65 */
+	GDB_SIG66 = 80, /* Real-timeevent 66 */
+	GDB_SIG67 = 81, /* Real-timeevent 67 */
+	GDB_SIG68 = 82, /* Real-timeevent 68 */
+	GDB_SIG69 = 83, /* Real-timeevent 69 */
+	GDB_SIG70 = 84, /* Real-timeevent 70 */
+	GDB_SIG71 = 85, /* Real-timeevent 71 */
+	GDB_SIG72 = 86, /* Real-timeevent 72 */
+	GDB_SIG73 = 87, /* Real-timeevent 73 */
+	GDB_SIG74 = 88, /* Real-timeevent 74 */
+	GDB_SIG75 = 89, /* Real-timeevent 75 */
+	GDB_SIG76 = 90, /* Real-timeevent 76 */
+	GDB_SIG77 = 91, /* Real-timeevent 77 */
+	GDB_SIG78 = 92, /* Real-timeevent 78 */
+	GDB_SIG79 = 93, /* Real-timeevent 79 */
+	GDB_SIG80 = 94, /* Real-timeevent 80 */
+	GDB_SIG81 = 95, /* Real-timeevent 81 */
+	GDB_SIG82 = 96, /* Real-timeevent 82 */
+	GDB_SIG83 = 97, /* Real-timeevent 83 */
+	GDB_SIG84 = 98, /* Real-timeevent 84 */
+	GDB_SIG85 = 99, /* Real-timeevent 85 */
+	GDB_SIG86 = 100, /* Real-timeevent 86 */
+	GDB_SIG87 = 101, /* Real-timeevent 87 */
+	GDB_SIG88 = 102, /* Real-timeevent 88 */
+	GDB_SIG89 = 103, /* Real-timeevent 89 */
+	GDB_SIG90 = 104, /* Real-timeevent 90 */
+	GDB_SIG91 = 105, /* Real-timeevent 91 */
+	GDB_SIG92 = 106, /* Real-timeevent 92 */
+	GDB_SIG93 = 107, /* Real-timeevent 93 */
+	GDB_SIG94 = 108, /* Real-timeevent 94 */
+	GDB_SIG95 = 109, /* Real-timeevent 95 */
+	GDB_SIG96 = 110, /* Real-timeevent 96 */
+	GDB_SIG97 = 111, /* Real-timeevent 97 */
+	GDB_SIG98 = 112, /* Real-timeevent 98 */
+	GDB_SIG99 = 113, /* Real-timeevent 99 */
+	GDB_SIG100 = 114, /* Real-timeevent 100 */
+	GDB_SIG101 = 115, /* Real-timeevent 101 */
+	GDB_SIG102 = 116, /* Real-timeevent 102 */
+	GDB_SIG103 = 117, /* Real-timeevent 103 */
+	GDB_SIG104 = 118, /* Real-timeevent 104 */
+	GDB_SIG105 = 119, /* Real-timeevent 105 */
+	GDB_SIG106 = 120, /* Real-timeevent 106 */
+	GDB_SIG107 = 121, /* Real-timeevent 107 */
+	GDB_SIG108 = 122, /* Real-timeevent 108 */
+	GDB_SIG109 = 123, /* Real-timeevent 109 */
+	GDB_SIG110 = 124, /* Real-timeevent 110 */
+	GDB_SIG111 = 125, /* Real-timeevent 111 */
+	GDB_SIG112 = 126, /* Real-timeevent 112 */
+	GDB_SIG113 = 127, /* Real-timeevent 113 */
+	GDB_SIG114 = 128, /* Real-timeevent 114 */
+	GDB_SIG115 = 129, /* Real-timeevent 115 */
+	GDB_SIG116 = 130, /* Real-timeevent 116 */
+	GDB_SIG117 = 131, /* Real-timeevent 117 */
+	GDB_SIG118 = 132, /* Real-timeevent 118 */
+	GDB_SIG119 = 133, /* Real-timeevent 119 */
+	GDB_SIG120 = 134, /* Real-timeevent 120 */
+	GDB_SIG121 = 135, /* Real-timeevent 121 */
+	GDB_SIG122 = 136, /* Real-timeevent 122 */
+	GDB_SIG123 = 137, /* Real-timeevent 123 */
+	GDB_SIG124 = 138, /* Real-timeevent 124 */
+	GDB_SIG125 = 139, /* Real-timeevent 125 */
+	GDB_SIG126 = 140, /* Real-timeevent 126 */
+	GDB_SIG127 = 141, /* Real-timeevent 127 */
+	GDB_SIGINFO = 142, /* Information request */
+	GDB_UNKNOWN1 = 43, /* Unknownsignal */
+	GDB_DEFAULT = 144, /* error:defaultsignal */
+	/* Machexceptions */
+	GDB_EXC_BAD_ACCESS = 145, /* Could not access memory */
+	GDB_EXC_BAD_INSTRCTION = 146, /* Illegal instruction/operand */
+	GDB_EXC_ARITHMETIC = 147, /* Arithmetic exception */
+	GDB_EXC_EMULATION = 148, /* Emulation instruction */
+	GDB_EXC_SOFTWARE = 149, /* Software generated exception */
+	GDB_EXC_BREAKPOINT = 150, /* Breakpoint */
+};
+
+#endif	/* _GDB_H_ */
diff --git a/payloads/libpayload/include/libpayload.h b/payloads/libpayload/include/libpayload.h
index 40a85cfd62..21b9da7a03 100644
--- a/payloads/libpayload/include/libpayload.h
+++ b/payloads/libpayload/include/libpayload.h
@@ -446,4 +446,9 @@ int getline(char *buffer, int len);
 /* Defined in arch/${ARCH}/selfboot.c */
 void selfboot(void *entry);
 
+/* Enter remote GDB mode. Will initialize connection if not already up. */
+void gdb_enter(void);
+/* Disconnect existing GDB connection if one exists. */
+void gdb_exit(s8 exit_status);
+
 #endif
diff --git a/payloads/libpayload/include/stdlib.h b/payloads/libpayload/include/stdlib.h
index 91d854ec67..04acec54e1 100644
--- a/payloads/libpayload/include/stdlib.h
+++ b/payloads/libpayload/include/stdlib.h
@@ -202,6 +202,10 @@ void srand(unsigned int seed);
 void halt(void) __attribute__ ((noreturn));
 void exit(int status) __attribute__ ((noreturn));
 #define abort() halt()    /**< Alias for the halt() function */
+#ifdef CONFIG_LP_REMOTEGDB
+/* Override abort()/halt() to trap into GDB if it is enabled. */
+#define halt() do { gdb_enter(); halt(); } while (0)
+#endif
 
 /** @} */