diff --git a/fsverity_init/Android.bp b/fsverity_init/Android.bp
index 07eaf6a2..d9bff3b2 100644
--- a/fsverity_init/Android.bp
+++ b/fsverity_init/Android.bp
@@ -13,6 +13,7 @@ cc_binary {
         "fsverity_init.cpp",
     ],
     static_libs: [
+        "aconfig_fsverity_init_c_lib",
         "libc++fs",
         "libmini_keyctl_static",
     ],
@@ -23,3 +24,14 @@ cc_binary {
     ],
     cflags: ["-Werror", "-Wall", "-Wextra"],
 }
+
+aconfig_declarations {
+    name: "aconfig_fsverity_init",
+    package: "android.security.flag",
+    srcs: ["flags.aconfig"],
+}
+
+cc_aconfig_library {
+    name: "aconfig_fsverity_init_c_lib",
+    aconfig_declarations: "aconfig_fsverity_init",
+}
diff --git a/fsverity_init/flags.aconfig b/fsverity_init/flags.aconfig
new file mode 100644
index 00000000..20640d7e
--- /dev/null
+++ b/fsverity_init/flags.aconfig
@@ -0,0 +1,9 @@
+package: "android.security.flag"
+
+flag {
+    name: "deprecate_fsverity_init"
+    namespace: "hardware_backed_security"
+    description: "Feature flag for deprecate fsverity_init"
+    bug: "290064770"
+    is_fixed_read_only: true
+}
diff --git a/fsverity_init/fsverity_init.cpp b/fsverity_init/fsverity_init.cpp
index 797118d4..717beebc 100644
--- a/fsverity_init/fsverity_init.cpp
+++ b/fsverity_init/fsverity_init.cpp
@@ -43,6 +43,7 @@
 #include <android-base/file.h>
 #include <android-base/logging.h>
 #include <android-base/strings.h>
+#include <android_security_flag.h>
 #include <log/log.h>
 #include <mini_keyctl_utils.h>
 
@@ -79,6 +80,13 @@ void LoadKeyFromVerifiedPartitions(key_serial_t keyring_id) {
 }
 
 int main(int argc, const char** argv) {
+    if (android::security::flag::deprecate_fsverity_init()) {
+        // Don't load keys to the built-in fs-verity keyring in kernel. This will make existing
+        // files not readable. We expect to only enable the flag when there are no such files or
+        // when failure is ok (e.g. with a fallback).
+        return 0;
+    }
+
     if (argc < 2) {
         LOG(ERROR) << "Not enough arguments";
         return -1;