diff --git a/bundle.json b/bundle.json
index bfd4ac43a08f181612c3de6b792f6edcccc8578e..e899a9e07e081130dfb8fa5abea2e9ec57161b96 100644
--- a/bundle.json
+++ b/bundle.json
@@ -17,7 +17,8 @@
       "//base/security/code_signature/hisysevent.yaml"
     ],
     "features": [
-      "code_signature_support_oh_code_sign"
+      "code_signature_support_oh_code_sign",
+      "code_signature_enable_xpm_mode"
     ],
     "adapted_system_type": [ "standard" ],
     "rom": "1024KB",
diff --git a/code_signature.gni b/code_signature.gni
index 9c25ee457a6312d3f669f14ecc0670df92a71c37..de5e268ae4c521b996e29494b63f6a2c640ff0af 100644
--- a/code_signature.gni
+++ b/code_signature.gni
@@ -21,4 +21,5 @@ third_party_securec_dir = "//third_party/bounds_checking_function"
 declare_args() {
   code_signature_support_openharmony_ca = true
   code_signature_support_oh_code_sign = false
+  code_signature_enable_xpm_mode = false
 }
diff --git a/services/key_enable/BUILD.gn b/services/key_enable/BUILD.gn
index 581e4eb80797e88196bebde49843d8838c067d29..5f9c91e4c9fbc74143a6524597e0cebee76e86b3 100644
--- a/services/key_enable/BUILD.gn
+++ b/services/key_enable/BUILD.gn
@@ -82,7 +82,11 @@ ohos_prebuilt_etc("trusted_cert_path_test") {
 }
 
 ohos_prebuilt_etc("key_enable.cfg") {
-  source = "key_enable.cfg"
+  if (code_signature_enable_xpm_mode) {
+    source = "cfg/key_enable.enable_xpm.cfg"
+  } else {
+    source = "cfg/key_enable.disable_xpm.cfg"
+  }
   relative_install_dir = "init"
   subsystem_name = "security"
   part_name = "code_signature"
diff --git a/services/key_enable/key_enable.cfg b/services/key_enable/cfg/key_enable.disable_xpm.cfg
similarity index 96%
rename from services/key_enable/key_enable.cfg
rename to services/key_enable/cfg/key_enable.disable_xpm.cfg
index 3827f73c75f5121cb77a68dc33a1964e49dd364b..c0b1b2ca9beddb3bfb3f1b2fdf0c07d823c60cc2 100644
--- a/services/key_enable/key_enable.cfg
+++ b/services/key_enable/cfg/key_enable.disable_xpm.cfg
@@ -1,28 +1,28 @@
-{
-    "jobs" : [{
-            "name" : "post-fs-data",
-            "cmds" : [
-                "write /proc/sys/fs/verity/require_signatures 1",
-                "mkdir /data/service/el0/profiles 0655 installs installs",
-                "mkdir /data/service/el0/profiles/developer 0655 installs installs",
-                "mkdir /data/service/el0/profiles/debug 0655 installs installs"
-            ]
-        }, {
-            "name" : "init",
-            "cmds" : [
-                "start key_enable"
-            ]
-        }
-    ],
-    "services" : [{
-            "name" : "key_enable",
-            "path" : ["/system/bin/key_enable"],
-            "importance" : -20,
-            "uid" : "root",
-            "gid" : ["root"],
-            "secon" : "u:r:key_enable:s0",
-            "start-mode": "condition",
-            "once": 1
-        }
-    ]
+{
+    "jobs" : [{
+            "name" : "post-fs-data",
+            "cmds" : [
+                "write /proc/sys/fs/verity/require_signatures 1",
+                "mkdir /data/service/el0/profiles 0655 installs installs",
+                "mkdir /data/service/el0/profiles/developer 0655 installs installs",
+                "mkdir /data/service/el0/profiles/debug 0655 installs installs"
+            ]
+        }, {
+            "name" : "init",
+            "cmds" : [
+                "start key_enable"
+            ]
+        }
+    ],
+    "services" : [{
+            "name" : "key_enable",
+            "path" : ["/system/bin/key_enable"],
+            "importance" : -20,
+            "uid" : "root",
+            "gid" : ["root"],
+            "secon" : "u:r:key_enable:s0",
+            "start-mode": "condition",
+            "once": 1
+        }
+    ]
 }
\ No newline at end of file
diff --git a/services/key_enable/cfg/key_enable.enable_xpm.cfg b/services/key_enable/cfg/key_enable.enable_xpm.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..6b6a6dc515fbb3c93af5caed0a0a60d1f7996ce4
--- /dev/null
+++ b/services/key_enable/cfg/key_enable.enable_xpm.cfg
@@ -0,0 +1,33 @@
+{
+    "jobs" : [{
+            "name" : "post-fs-data",
+            "cmds" : [
+                "write /proc/sys/fs/verity/require_signatures 1",
+                "mkdir /data/service/el0/profiles 0655 installs installs",
+                "mkdir /data/service/el0/profiles/developer 0655 installs installs",
+                "mkdir /data/service/el0/profiles/debug 0655 installs installs"
+            ]
+        }, {
+            "name" : "init",
+            "cmds" : [
+                "start key_enable"
+            ]
+        }, {
+            "name" : "pre-init",
+            "cmds" : [
+                "write /proc/sys/kernel/xpm/xpm_mode 1",
+            ]
+        }
+    ],
+    "services" : [{
+            "name" : "key_enable",
+            "path" : ["/system/bin/key_enable"],
+            "importance" : -20,
+            "uid" : "root",
+            "gid" : ["root"],
+            "secon" : "u:r:key_enable:s0",
+            "start-mode": "condition",
+            "once": 1
+        }
+    ]
+}
\ No newline at end of file