diff --git a/xpm/core/xpm_hck.c b/xpm/core/xpm_hck.c
index faf88030cb0767be13d2a072d92d1097e29c1495..315640a814dbd1bc840d35827681095839c9f836 100644
--- a/xpm/core/xpm_hck.c
+++ b/xpm/core/xpm_hck.c
@@ -11,6 +11,7 @@
 #include <linux/dcache.h>
 #include <linux/sched/mm.h>
 #include <linux/hck/lite_hck_xpm.h>
+#include <linux/fsverity.h>
 #include "avc.h"
 #include "objsec.h"
 #include "xpm_hck.h"
@@ -73,6 +74,15 @@ static int xpm_check_code_segment(bool is_exec, struct vm_area_struct *vma,
 	vm_addr_start = vma->vm_pgoff << PAGE_SHIFT;
 	vm_addr_end = vm_addr_start + (vma->vm_end - vma->vm_start);
 
+#ifdef CONFIG_SECURITY_CODE_SIGN
+	if (exec_file_signature_is_fs_verity(info)) {
+		const struct inode *inode = (const struct inode *)info->inode;
+		if (fsverity_get_verified_data_size(inode) < vm_addr_end) {
+			goto out;
+		}
+	}
+#endif
+
 	for (i = 0; i < info->code_segment_count; i++) {
 		seg_addr_start = ALIGN_DOWN(segments[i].file_offset, PAGE_SIZE);
 		seg_addr_end = PAGE_ALIGN(segments[i].file_offset +
@@ -81,7 +91,7 @@ static int xpm_check_code_segment(bool is_exec, struct vm_area_struct *vma,
 			(vm_addr_end <= seg_addr_end))
 			return 0;
 	}
-
+out:
 	return xpm_avc_has_perm(SECCLASS_XPM, XPM__EXEC_NO_SIGN);
 }