diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml
index b6a29db2e..d79b440ae 100644
--- a/.github/workflows/code-quality.yml
+++ b/.github/workflows/code-quality.yml
@@ -58,6 +58,8 @@ jobs:
       
       - name: Clippy (efi+gpu)
         run: cargo clippy --locked --features efi,gpu -- -D warnings
+        env:
+          KRUN_INIT_BINARY_PATH: ${{ github.workspace }}/init/init
 
   code-quality-examples:
     name: ${{ matrix.name }}
diff --git a/Makefile b/Makefile
index 4af236b01..bc5aaf726 100644
--- a/Makefile
+++ b/Makefile
@@ -5,18 +5,6 @@ LIBRARY_HEADER_INPUT = include/libkrun_input.h
 ABI_VERSION=1
 FULL_VERSION=1.17.3
 
-INIT_SRC = init/init.c
-KBS_INIT_SRC =	init/tee/kbs/kbs.h		\
-		init/tee/kbs/kbs_util.c		\
-		init/tee/kbs/kbs_types.c	\
-		init/tee/kbs/kbs_curl.c		\
-		init/tee/kbs/kbs_crypto.c	\
-
-SNP_INIT_SRC =	init/tee/snp_attest.c		\
-		init/tee/snp_attest.h		\
-		$(KBS_INIT_SRC)			\
-
-TDX_INIT_SRC = $(KBS_INIT_SRC)
 AWS_NITRO_INIT_SRC = \
 		init/aws-nitro/include/*        	  	\
         init/aws-nitro/main.c				\
@@ -30,28 +18,15 @@ AWS_NITRO_INIT_SRC = \
 		init/aws-nitro/device/net_tap_afvsock.c	\
 		init/aws-nitro/device/signal.c		\
 
-KBS_LD_FLAGS =	-lcurl -lidn2 -lssl -lcrypto -lzstd -lz -lbrotlidec-static \
-		-lbrotlicommon-static
-
 AWS_NITRO_INIT_LD_FLAGS = -larchive -lnsm
 
-BUILD_INIT = 1
-INIT_DEFS =
 ifeq ($(SEV),1)
     VARIANT = -sev
     FEATURE_FLAGS := --features amd-sev
-    INIT_DEFS += -DSEV=1
-    INIT_DEFS += $(KBS_LD_FLAGS)
-    INIT_SRC += $(SNP_INIT_SRC)
-	BUILD_INIT = 0
 endif
 ifeq ($(TDX),1)
     VARIANT = -tdx
     FEATURE_FLAGS := --features tdx
-    INIT_DEFS += -DTDX=1
-    INIT_DEFS += $(KBS_LD_FLAGS)
-    INIT_SRC += $(KBS_INIT_SRC)
-    BUILD_INIT = 0
 endif
 ifeq ($(VIRGL_RESOURCE_MAP2),1)
 	FEATURE_FLAGS += --features virgl_resource_map2
@@ -65,7 +40,6 @@ endif
 ifeq ($(EFI),1)
     VARIANT = -efi
     FEATURE_FLAGS := --features efi # EFI Implies blk and net
-    BUILD_INIT = 0
 endif
 ifeq ($(GPU),1)
     FEATURE_FLAGS += --features gpu
@@ -79,11 +53,6 @@ endif
 ifeq ($(AWS_NITRO),1)
 	VARIANT = -awsnitro
 	FEATURE_FLAGS := --features aws-nitro,net
-	BUILD_INIT = 0
-endif
-
-ifeq ($(TIMESYNC),1)
-    INIT_DEFS += -D__TIMESYNC__
 endif
 
 OS = $(shell uname -s)
@@ -133,11 +102,8 @@ else
     SYSROOT_TARGET =
 endif
 
-ifeq ($(BUILD_INIT),1)
-INIT_BINARY = init/init
-$(INIT_BINARY): $(INIT_SRC) $(SYSROOT_TARGET)
-	$(CC_LINUX) -O2 -static -Wall $(INIT_DEFS) -o $@ $(INIT_SRC) $(INIT_DEFS)
-endif
+# Make the variable available to Rust build scripts.
+export CC_LINUX
 
 AWS_NITRO_INIT_BINARY= init/aws-nitro/init
 $(AWS_NITRO_INIT_BINARY): $(AWS_NITRO_INIT_SRC)
@@ -175,7 +141,7 @@ clean-sysroot:
 	rm -rf $(ROOTFS_DIR)
 
 
-$(LIBRARY_RELEASE_$(OS)): $(INIT_BINARY)
+$(LIBRARY_RELEASE_$(OS)): $(SYSROOT_TARGET)
 	cargo build --release $(FEATURE_FLAGS)
 ifeq ($(SEV),1)
 	mv target/release/libkrun.so target/release/$(KRUN_BASE_$(OS))
@@ -194,7 +160,7 @@ endif
 endif
 	cp target/release/$(KRUN_BASE_$(OS)) $(LIBRARY_RELEASE_$(OS))
 
-$(LIBRARY_DEBUG_$(OS)): $(INIT_BINARY)
+$(LIBRARY_DEBUG_$(OS)): $(SYSROOT_TARGET)
 	cargo build $(FEATURE_FLAGS)
 ifeq ($(SEV),1)
 	mv target/debug/libkrun.so target/debug/$(KRUN_BASE_$(OS))
@@ -226,7 +192,6 @@ install: libkrun.pc
 	cd $(DESTDIR)$(PREFIX)/$(LIBDIR_$(OS))/ ; ln -sf $(KRUN_BINARY_$(OS)) $(KRUN_SONAME_$(OS)) ; ln -sf $(KRUN_SONAME_$(OS)) $(KRUN_BASE_$(OS))
 
 clean:
-	rm -f $(INIT_BINARY)
 	cargo clean
 	rm -rf test-prefix
 	cd tests; cargo clean
diff --git a/src/devices/build.rs b/src/devices/build.rs
index 1f9d16132..813d76f41 100644
--- a/src/devices/build.rs
+++ b/src/devices/build.rs
@@ -1,10 +1,54 @@
+use std::ffi::OsStr;
+use std::path::PathBuf;
+use std::process::Command;
+
+fn build_default_init() -> PathBuf {
+    let manifest_dir = PathBuf::from(std::env::var_os("CARGO_MANIFEST_DIR").unwrap());
+    let libkrun_root = manifest_dir.join("../..");
+    let init_src = libkrun_root.join("init/init.c");
+    let init_bin = libkrun_root.join("init/init");
+
+    println!("cargo:rerun-if-env-changed=CC_LINUX");
+    println!("cargo:rerun-if-env-changed=CC");
+    println!("cargo:rerun-if-env-changed=TIMESYNC");
+    println!("cargo:rerun-if-changed={}", init_src.display());
+    println!(
+        "cargo:rerun-if-changed={}",
+        libkrun_root.join("init/jsmn.h").display()
+    );
+
+    let mut init_cc_flags = vec!["-O2", "-static", "-Wall"];
+    if std::env::var_os("TIMESYNC").as_deref() == Some(OsStr::new("1")) {
+        init_cc_flags.push("-D__TIMESYNC__");
+    }
+
+    let cc_value = std::env::var("CC_LINUX")
+        .or_else(|_| std::env::var("CC"))
+        .unwrap_or_else(|_| "cc".to_string());
+    let mut cc_parts = cc_value.split_ascii_whitespace();
+    let cc = cc_parts.next().expect("CC_LINUX/CC must not be empty");
+    let status = Command::new(cc)
+        .args(cc_parts)
+        .args(&init_cc_flags)
+        .arg("-o")
+        .arg(&init_bin)
+        .arg(&init_src)
+        .status()
+        .unwrap_or_else(|e| panic!("failed to execute {cc}: {e}"));
+
+    if !status.success() {
+        panic!("failed to compile init/init.c: {status}");
+    }
+    init_bin
+}
+
 fn main() {
-    let init_binary_path = std::env::var("KRUN_INIT_BINARY_PATH").unwrap_or_else(|_| {
-        format!(
-            "{}/../../init/init",
-            std::env::var("CARGO_MANIFEST_DIR").unwrap()
-        )
-    });
-    println!("cargo:rustc-env=KRUN_INIT_BINARY_PATH={init_binary_path}");
+    let init_binary_path = std::env::var_os("KRUN_INIT_BINARY_PATH")
+        .map(PathBuf::from)
+        .unwrap_or_else(build_default_init);
+    println!(
+        "cargo:rustc-env=KRUN_INIT_BINARY_PATH={}",
+        init_binary_path.display()
+    );
     println!("cargo:rerun-if-env-changed=KRUN_INIT_BINARY_PATH");
 }