diff --git a/test/unittest/BUILD.gn b/test/unittest/BUILD.gn
index c1e76fbbe1b93089901f8d9b70b2cdc49f470a12..81d0222eefec4b5dd4ea69bcde086a865deeae15 100644
--- a/test/unittest/BUILD.gn
+++ b/test/unittest/BUILD.gn
@@ -188,7 +188,10 @@ ohos_rust_unittest("rust_key_enable_unittest") {
 ohos_unittest("enable_verity_ioctl_unittest") {
   module_out_path = "security/code_signature"
   resource_config_file = "resources/ohos_test.xml"
-  sources = [ "enable_verity_test.cpp" ]
+  sources = [
+    "enable_verity_test.cpp",
+    "utils/src/xpm_common.cpp",
+  ]
 
   include_dirs = [ "utils/include" ]
   configs = [
diff --git a/test/unittest/enable_verity_test.cpp b/test/unittest/enable_verity_test.cpp
index 1054705ad0b243bf21153adaf039dcb657fe4d06..edfcb583b2e85473bcc5b57286fd323edeff3385 100644
--- a/test/unittest/enable_verity_test.cpp
+++ b/test/unittest/enable_verity_test.cpp
@@ -16,13 +16,13 @@
 #include <asm/unistd.h>
 #include <cstdint>
 #include <cstdlib>
-#include <fstream>
 #include <gtest/gtest.h>
 #include <fcntl.h>
 #include <iostream>
 #include <cstdio>
 #include <cstring>
 #include <string>
+#include <sys/mman.h>
 #include <sys/types.h>
 #include <sys/ioctl.h>
 #include <linux/fs.h>
@@ -34,6 +34,7 @@
 #include "directory_ex.h"
 #include "enable_key_utils.h"
 #include "log.h"
+#include "xpm_common.h"
 
 using namespace testing::ext;
 
@@ -59,6 +60,12 @@ const std::string FAKE_STRING = "AAAAA";
 const std::string TEST_SUBJECT = "OpenHarmony Application Release";
 const std::string TEST_ISSUER = "OpenHarmony Application CA";
 
+const std::string DROP_CACHE_PROC_PATH = "/proc/sys/vm/drop_caches";
+const std::string DROP_ALL_CACHE_LEVEL = "3";
+
+
+static bool g_isXpmOn;
+
 class EnableVerityTest : public testing::Test {
 public:
     EnableVerityTest() {};
@@ -66,8 +73,15 @@ public:
     static void SetUpTestCase()
     {
         EXPECT_EQ(EnableTestKey(TEST_SUBJECT.c_str(), TEST_ISSUER.c_str()), 0);
+        g_isXpmOn = AllocXpmRegion();
+        SaveStringToFile(SELINUX_MODE_PATH, PERMISSIVE_MODE);
+        SaveStringToFile(XPM_DEBUG_FS_MODE_PATH, ENFORCE_MODE);
+    };
+    static void TearDownTestCase()
+    {
+        SaveStringToFile(XPM_DEBUG_FS_MODE_PATH, PERMISSIVE_MODE);
+        SaveStringToFile(SELINUX_MODE_PATH, ENFORCE_MODE);
     };
-    static void TearDownTestCase() {};
     void SetUp() {};
     void TearDown() {};
 };
@@ -123,7 +137,7 @@ static void CopyData(const std::string &srcPath, FILE *fout)
     EXPECT_EQ(ReadDataFromFile(srcPath, data), true);
     if (data.GetSize() > 0) {
         int32_t ret = fwrite(data.GetBuffer(), 1, data.GetSize(), fout);
-        EXPECT_EQ(ret, data.GetSize());
+        EXPECT_EQ(static_cast<uint32_t>(ret), data.GetSize());
     }
 }
 
@@ -173,17 +187,10 @@ static bool ExpandFile(const std::string &srcPath, const std::string &expandData
     return true;
 }
 
-static void DropAllCaches()
-{
-    std::fstream fout;
-    fout.open("/proc/sys/vm/drop_caches", std::ios::out);
-    fout << "3";
-    fout.close();
-}
-
 static void CheckEnableSuccess(const std::string &filePath)
 {
-    DropAllCaches();
+    // drop all caches
+    SaveStringToFile(DROP_CACHE_PROC_PATH, DROP_ALL_CACHE_LEVEL);
     FILE *fout = fopen(filePath.c_str(), "wb");
     EXPECT_EQ(fout, nullptr);
 
@@ -193,7 +200,8 @@ static void CheckEnableSuccess(const std::string &filePath)
 
 static inline size_t GetRoundUp(size_t fileSize)
 {
-    return ceil((double)fileSize / HASH_PAGE_SIZE) * HASH_PAGE_SIZE;
+    return ceil(static_cast<double>(fileSize) / HASH_PAGE_SIZE)
+        * HASH_PAGE_SIZE;
 }
 
 static bool TamperFileTail(const std::string &filePath)
@@ -482,6 +490,129 @@ HWTEST_F(EnableVerityTest, EnableVerityTest_0007, TestSize.Level0)
 
     EnableExpandedTamperFile(filePath, TamperFileTail);
 }
+
+/**
+ * @tc.name: CodeSignUtilsTest_0008
+ * @tc.desc: mmap signed data in xpm region success
+ * @tc.type: Func
+ * @tc.require:
+ */
+HWTEST_F(EnableVerityTest, EnableVerityTest_0008, TestSize.Level0)
+{
+    if (!g_isXpmOn) {
+        return;
+    }
+    std::string filePath = TEST_DEFAULT_FILE;
+    struct code_sign_enable_arg arg = {};
+    ByteBuffer signature;
+    FillCommonArgs(filePath, true, &arg, signature);
+    FillOptional(filePath, &arg);
+    std::string expandFilePath = MakeExpandTreeFile(filePath, &arg);
+    EXPECT_EQ(EnableVerityOnOneFile(expandFilePath, &arg), 0);
+
+    int fd = open(expandFilePath.c_str(), O_RDONLY);
+    // mmap with MAP_XPM flag, success
+    void *addr = mmap(NULL, PAGE_SIZE, PROT_READ, MAP_PRIVATE | MAP_XPM,
+        fd, 0);
+    EXPECT_NE(MAP_FAILED, addr);
+
+    // release resource
+    munmap(addr, PAGE_SIZE);
+    close(fd);
+    CleanFile(expandFilePath);
+}
+
+/**
+ * @tc.name: CodeSignUtilsTest_0009
+ * @tc.desc: mmap unsigned data in xpm region failed
+ * @tc.type: Func
+ * @tc.require:
+ */
+HWTEST_F(EnableVerityTest, EnableVerityTest_0009, TestSize.Level0)
+{
+    if (!g_isXpmOn) {
+        return;
+    }
+    std::string filePath = TEST_DEFAULT_FILE;
+    struct code_sign_enable_arg arg = {};
+    ByteBuffer signature;
+    FillCommonArgs(filePath, true, &arg, signature);
+    FillOptional(filePath, &arg);
+    std::string expandFilePath = MakeExpandTreeFile(filePath, &arg);
+    EXPECT_EQ(EnableVerityOnOneFile(expandFilePath, &arg), 0);
+
+    int fd = open(expandFilePath.c_str(), O_RDONLY);
+    // mmap with MAP_XPM flag, over verity range
+    void *addr = mmap(NULL, PAGE_SIZE, PROT_READ, MAP_PRIVATE | MAP_XPM,
+        fd, arg.tree_offset & PAGE_MASK);
+    EXPECT_EQ(MAP_FAILED, addr);
+
+    close(fd);
+    CleanFile(expandFilePath);
+}
+
+/**
+ * @tc.name: CodeSignUtilsTest_0010
+ * @tc.desc: mmap signed data as executable success
+ * @tc.type: Func
+ * @tc.require:
+ */
+HWTEST_F(EnableVerityTest, EnableVerityTest_0010, TestSize.Level0)
+{
+    if (!g_isXpmOn) {
+        return;
+    }
+    std::string filePath = TEST_FILES_DIR + "elf/elf";
+    struct code_sign_enable_arg arg = {};
+    ByteBuffer signature;
+    FillCommonArgs(filePath, true, &arg, signature);
+    FillOptional(filePath, &arg);
+    std::string expandFilePath = MakeExpandTreeFile(filePath, &arg);
+    EXPECT_EQ(EnableVerityOnOneFile(expandFilePath, &arg), 0);
+
+    int fd = open(expandFilePath.c_str(), O_RDONLY);
+    // readelf from elf
+    // [19] .text             PROGBITS        000063ec 0053ec 002168 00  AX  0   0  4
+    int codeOffset = 0x53ec;
+    // mmap success at enforce mode
+    void *addr = mmap(NULL, PAGE_SIZE, PROT_READ | PROT_EXEC, MAP_PRIVATE,
+        fd, codeOffset & PAGE_MASK);
+    EXPECT_NE(MAP_FAILED, addr);
+
+    // release resource
+    munmap(addr, PAGE_SIZE);
+
+    close(fd);
+    CleanFile(expandFilePath);
+}
+
+/**
+ * @tc.name: CodeSignUtilsTest_00011
+ * @tc.desc: mmap unsigned data as executable failed
+ * @tc.type: Func
+ * @tc.require
+ */
+HWTEST_F(EnableVerityTest, EnableVerityTest_0011, TestSize.Level0)
+{
+    if (!g_isXpmOn) {
+        return;
+    }
+    std::string filePath = TEST_FILES_DIR + "elf/elf";
+    struct code_sign_enable_arg arg = {};
+    ByteBuffer signature;
+    FillCommonArgs(filePath, true, &arg, signature);
+    FillOptional(filePath, &arg);
+    std::string expandFilePath = MakeExpandTreeFile(filePath, &arg);
+    EXPECT_EQ(EnableVerityOnOneFile(expandFilePath, &arg), 0);
+
+    int fd = open(expandFilePath.c_str(), O_RDONLY);
+    void *addr = mmap(NULL, PAGE_SIZE, PROT_READ | PROT_EXEC, MAP_PRIVATE,
+        fd, arg.tree_offset & PAGE_MASK);
+    EXPECT_EQ(MAP_FAILED, addr);
+
+    close(fd);
+    CleanFile(expandFilePath);
+}
 }  // namespace CodeSign
 }  // namespace Security
 }  // namespace OHOS
diff --git a/test/unittest/resources/demo_verity/elf/elf b/test/unittest/resources/demo_verity/elf/elf
new file mode 100644
index 0000000000000000000000000000000000000000..3626a71fc72c2a1021bfa41420b817942adf6071
Binary files /dev/null and b/test/unittest/resources/demo_verity/elf/elf differ
diff --git a/test/unittest/resources/demo_verity/elf/elf.hash b/test/unittest/resources/demo_verity/elf/elf.hash
new file mode 100644
index 0000000000000000000000000000000000000000..9e61cce761326e8587cc02320ddc81e816940add
--- /dev/null
+++ b/test/unittest/resources/demo_verity/elf/elf.hash
@@ -0,0 +1 @@
+a�9��xl���W�T�gP�6���D�H�3k�
\ No newline at end of file
diff --git a/test/unittest/resources/demo_verity/elf/elf.tree b/test/unittest/resources/demo_verity/elf/elf.tree
new file mode 100644
index 0000000000000000000000000000000000000000..bf13dcf7c7559c16b285c692ffd869a8d06c93b2
Binary files /dev/null and b/test/unittest/resources/demo_verity/elf/elf.tree differ
diff --git a/test/unittest/resources/demo_verity/elf/elf_expand_tree b/test/unittest/resources/demo_verity/elf/elf_expand_tree
new file mode 100644
index 0000000000000000000000000000000000000000..b79bc545a40715d2fdc83b75a2cb9253ec8e913f
Binary files /dev/null and b/test/unittest/resources/demo_verity/elf/elf_expand_tree differ
diff --git a/test/unittest/resources/demo_verity/elf/elf_inside_tree.sig b/test/unittest/resources/demo_verity/elf/elf_inside_tree.sig
new file mode 100644
index 0000000000000000000000000000000000000000..0f7ca1e5b530454e8a6111be56ea405a8014538b
Binary files /dev/null and b/test/unittest/resources/demo_verity/elf/elf_inside_tree.sig differ
diff --git a/test/unittest/resources/demo_verity/elf/elf_no_tree.sig b/test/unittest/resources/demo_verity/elf/elf_no_tree.sig
new file mode 100644
index 0000000000000000000000000000000000000000..a47b17b93f8fde3d2c269b2bdfd54797c7b155f6
Binary files /dev/null and b/test/unittest/resources/demo_verity/elf/elf_no_tree.sig differ
diff --git a/test/unittest/resources/ohos_test.xml b/test/unittest/resources/ohos_test.xml
index 63199ad5b0db3b7d2e0ae5d338ad139eaeb1efff..dadfb2318c1bc6c67da543728803531822a6462d 100644
--- a/test/unittest/resources/ohos_test.xml
+++ b/test/unittest/resources/ohos_test.xml
@@ -127,6 +127,7 @@
             <option name="shell" value="mkdir -p /data/test/tmp/file_4M"/>
             <option name="shell" value="mkdir -p /data/test/tmp/file_4M_less"/>
             <option name="shell" value="mkdir -p /data/test/tmp/file_4M_greater"/>
+            <option name="shell" value="mkdir -p /data/test/tmp/elf"/>
             <option name="push" value="demo_verity/file_4K/file_4K -> /data/test/tmp/file_4K" src="res"/>
             <option name="push" value="demo_verity/file_4K/file_4K.tree -> /data/test/tmp/file_4K" src="res"/>
             <option name="push" value="demo_verity/file_4K/file_4K.hash -> /data/test/tmp/file_4K" src="res"/>
@@ -157,6 +158,11 @@
             <option name="push" value="demo_verity/file_4M_greater/file_4M_greater.hash -> /data/test/tmp/file_4M_greater" src="res"/>
             <option name="push" value="demo_verity/file_4M_greater/file_4M_greater_no_tree.sig -> /data/test/tmp/file_4M_greater" src="res"/>
             <option name="push" value="demo_verity/file_4M_greater/file_4M_greater_inside_tree.sig -> /data/test/tmp/file_4M_greater" src="res"/>
+            <option name="push" value="demo_verity/elf/elf -> /data/test/tmp/elf" src="res"/>
+            <option name="push" value="demo_verity/elf/elf.tree -> /data/test/tmp/elf" src="res"/>
+            <option name="push" value="demo_verity/elf/elf.hash -> /data/test/tmp/elf" src="res"/>
+            <option name="push" value="demo_verity/elf/elf_no_tree.sig -> /data/test/tmp/elf" src="res"/>
+            <option name="push" value="demo_verity/elf/elf_inside_tree.sig -> /data/test/tmp/elf" src="res"/>
         </preparer>
         <cleaner>
             <option name="shell" value="rm -rf /data/test/tmp"/>
diff --git a/test/unittest/utils/include/xpm_common.h b/test/unittest/utils/include/xpm_common.h
new file mode 100644
index 0000000000000000000000000000000000000000..23be215bcb7514dce22ea0495440e6aeee0d1642
--- /dev/null
+++ b/test/unittest/utils/include/xpm_common.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef XPM_COMMON_TEST_H
+#define XPM_COMMON_TEST_H
+
+#include <fstream>
+#include <iostream>
+#include <string>
+#include <unistd.h>
+#include <sys/ioctl.h>
+
+namespace OHOS {
+namespace Security {
+namespace CodeSign {
+constexpr unsigned long MAP_XPM = 0x40;
+const unsigned long PAGE_SIZE = (sysconf(_SC_PAGESIZE));
+const unsigned long PAGE_MASK = ~(PAGE_SIZE - 1);
+
+const std::string XPM_DEBUG_FS_MODE_PATH = "/sys/kernel/debug/xpm/xpm_mode";
+const std::string SELINUX_MODE_PATH = "/sys/fs/selinux/enforce";
+const std::string PERMISSIVE_MODE = "0";
+const std::string ENFORCE_MODE = "1";
+
+inline void SaveStringToFile(const std::string &filePath,
+    const std::string &value)
+{
+    std::fstream fout;
+    fout.open(filePath, std::ios::out);
+    fout << value;
+    fout.close();
+}
+
+bool AllocXpmRegion();
+} // namespace CodeSign
+} // namespace Security
+} // namespace OHOS
+
+#endif
\ No newline at end of file
diff --git a/test/unittest/utils/src/xpm_common.cpp b/test/unittest/utils/src/xpm_common.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..7c0aa7044daa95583ffb70d72d8283003e0ad7c8
--- /dev/null
+++ b/test/unittest/utils/src/xpm_common.cpp
@@ -0,0 +1,141 @@
+/*
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "xpm_common.h"
+#include <cerrno>
+#include <cstdio>
+#include <cstdlib>
+#include <cstring>
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include "log.h"
+#include "securec.h"
+
+namespace OHOS {
+namespace Security {
+namespace CodeSign {
+struct XpmRegionInfo {
+    uint64_t base;
+    uint64_t length;
+};
+
+struct XpmRegionArea {
+    uint64_t start;
+    uint64_t end;
+};
+
+const std::string XPM_DEV_PATH = "/dev/xpm";
+const std::string XPM_PROC_PREFIX_PATH = "/proc/";
+const std::string XPM_PROC_SUFFIX_PATH = "/xpm_region";
+
+constexpr unsigned long XPM_PROC_LENGTH = 50;
+constexpr unsigned long XPM_REGION_LEN = 0x8000000;
+constexpr unsigned long SET_XPM_REGION = _IOW('x', 0x01, struct XpmRegionInfo);
+
+static int SetXpmRegion(void)
+{
+    struct XpmRegionInfo info = { 0, XPM_REGION_LEN };
+
+    int fd = open(XPM_DEV_PATH.c_str(), O_RDWR);
+    if (fd < 0) {
+        LOG_ERROR(LABEL, "open xpm dev file failed(%{public}s)", strerror(errno));
+        return -1;
+    }
+
+    int ret = ioctl(fd, SET_XPM_REGION, &info);
+    if (ret < 0) {
+        LOG_ERROR(LABEL, "xpm set region failed(%{public}s)", strerror(errno));
+        return -1;
+    }
+
+    close(fd);
+    return 0;
+}
+
+static int GetXpmRegion(struct XpmRegionArea *area)
+{
+    if (area == nullptr) {
+        LOG_ERROR(LABEL, "input area is NULL");
+        return -1;
+    }
+
+    pid_t pid = getpid();
+    std::string path = XPM_PROC_PREFIX_PATH + std::to_string(pid) + XPM_PROC_SUFFIX_PATH;
+    int fd = open(path.c_str(), O_RDWR);
+    if (fd < 0) {
+        LOG_ERROR(LABEL, "open xpm proc file failed(%{public}s)", strerror(errno));
+        return -1;
+    }
+
+    char xpm_region[XPM_PROC_LENGTH] = {0};
+    int ret = read(fd, xpm_region, sizeof(xpm_region));
+    if (ret < 0) {
+        LOG_ERROR(LABEL, "read xpm proc file failed(%{public}s)", strerror(errno));
+        return -1;
+    }
+
+    ret = sscanf_s(xpm_region, "%llx-%llx", &area->start, &area->end);
+    if (ret < 0) {
+        LOG_ERROR(LABEL, "sscanf xpm region string failed(%{public}s)", strerror(errno));
+        return -1;
+    }
+
+    close(fd);
+    return 0;
+}
+
+static int InitXpmRegion(struct XpmRegionArea *area)
+{
+    if (area == nullptr) {
+        LOG_ERROR(LABEL, "input area is NULL");
+        return -1;
+    }
+
+    int ret = SetXpmRegion();
+    if (ret != 0) {
+        LOG_ERROR(LABEL, "set xpm region failed");
+        return ret;
+    }
+
+    ret = GetXpmRegion(area);
+    if (ret != 0) {
+        LOG_ERROR(LABEL, "get xpm region failed");
+        return ret;
+    }
+
+    return 0;
+}
+
+bool AllocXpmRegion()
+{
+    struct XpmRegionArea area = {0};
+
+    if (InitXpmRegion(&area)) {
+        return false;
+    }
+    if (!area.start) {
+        return false;
+    }
+    if (!area.end) {
+        return false;
+    }
+
+    return true;
+}
+} // namespace CodeSign
+} // namespace Security
+} // namespace OHOS
\ No newline at end of file
diff --git a/utils/src/code_sign_block.cpp b/utils/src/code_sign_block.cpp
index 9e19d53a9e0d6d02aa61423bd768f60ad944c286..d5eb31cb1534222054e1bac9e4c91dcfa9c21f61 100644
--- a/utils/src/code_sign_block.cpp
+++ b/utils/src/code_sign_block.cpp
@@ -183,7 +183,7 @@ int32_t CodeSignBlock::GetCodeSignBlockBuffer(const std::string &path, ReadBuffe
     int32_t ret = Verify::ParseHapSignatureInfo(path, signatureInfo_);
     if (ret != Verify::VERIFY_SUCCESS) {
         LOG_ERROR(LABEL, "find code sign block buffer failed. errno = %{public}d ", ret);
-        return CS_CODE_SIGN_NOT_EXISTS;
+        return CS_ERR_FILE_INVALID;
     }
 
     for (const auto &value : signatureInfo_.optionBlocks) {
@@ -212,7 +212,7 @@ int32_t CodeSignBlock::GetCodeSignBlockBuffer(const std::string &path, ReadBuffe
     } while (length < blobSize);
 
     if ((signBlockBuffer == nullptr) || !signBlockSize) {
-        return CS_ERR_NO_SIGNATURE;
+        return CS_CODE_SIGN_NOT_EXISTS;
     }
 
     signBuffer = signBlockBuffer;