diff --git a/builddefs/common_features.mk b/builddefs/common_features.mk
index a21f530610f..0e0e36cb6af 100644
--- a/builddefs/common_features.mk
+++ b/builddefs/common_features.mk
@@ -876,6 +876,7 @@ ifeq ($(strip $(XAP_ENABLE)), yes)
     endif
 
     OPT_DEFS += -DXAP_ENABLE
+    OPT_DEFS += -DBOOTLOADER_JUMP_SUPPORTED
     DYNAMIC_KEYMAP_ENABLE := yes
     SECURE_ENABLE := yes
     EMBED_INFO_JSON := yes
diff --git a/lib/python/qmk/cli/xap/xap.py b/lib/python/qmk/cli/xap/xap.py
index 8375fa50331..0ae425d93cd 100644
--- a/lib/python/qmk/cli/xap/xap.py
+++ b/lib/python/qmk/cli/xap/xap.py
@@ -70,12 +70,30 @@ class XAPShell(cmd.Cmd):
         # TODO: request stuff?
         print(self.device.info()['xap'])
 
+    def do_status(self, arg):
+        """Prints out the current device state
+        """
+        status = self.device.status()
+        print('Secure:%s' % status.get('lock', '???'))
+
     def do_unlock(self, arg):
         """Initiate secure unlock
         """
         self.device.unlock()
         print('Unlock Requested...')
 
+    def do_lock(self, arg):
+        """Disable secure routes
+        """
+        self.device.lock()
+
+    def do_reset(self, arg):
+        """Jump to bootloader if unlocked
+        """
+        if not self.device.reset():
+            print("Reboot to bootloader failed")
+        return True
+
     def do_listen(self, arg):
         """Log out XAP broadcast messages
         """
@@ -89,9 +107,7 @@ class XAPShell(cmd.Cmd):
 
                     cli.log.info('  Secure[%s]', secure_status)
                 else:
-                    data_str = ' '.join(['{:02X}'.format(b) for b in data])
-
-                    cli.log.info('  Broadcast: type[%02x] data:[%s]', event, data_str)
+                    cli.log.info('  Broadcast: type[%02x] data:[%s]', event, data.hex())
 
         except KeyboardInterrupt:
             cli.log.info('Stopping...')
diff --git a/lib/python/qmk/cli/xap/xap_client.py b/lib/python/qmk/cli/xap/xap_client.py
index a7e47645e6f..826a79c91f6 100644
--- a/lib/python/qmk/cli/xap/xap_client.py
+++ b/lib/python/qmk/cli/xap/xap_client.py
@@ -148,9 +148,23 @@ class XAPDevice:
         data['xap'] = self.version()['xap']
         return data
 
+    def status(self):
+        lock = int.from_bytes(self.transaction(b'\x00\x03') or bytes(0), 'little')
+
+        data = {}
+        data['lock'] = XAPSecureStatus(lock).name
+        return data
+
     def unlock(self):
         self.transaction(b'\x00\x04')
 
+    def lock(self):
+        self.transaction(b'\x00\x05')
+
+    def reset(self):
+        status = int.from_bytes(self.transaction(b'\x01\x07') or bytes(0), 'little')
+        return status == 1
+
 
 class XAPClient:
     @staticmethod
diff --git a/quantum/xap/xap_handlers.c b/quantum/xap/xap_handlers.c
index 8ae9bcedf51..1d99cff875a 100644
--- a/quantum/xap/xap_handlers.c
+++ b/quantum/xap/xap_handlers.c
@@ -83,11 +83,6 @@ bool xap_respond_secure_lock(xap_token_t token, const void *data, size_t length)
     return xap_respond_data(token, NULL, 0);
 }
 
-// TODO: how to set this if "custom" is just an empty stub
-#ifndef BOOTLOADER_JUMP_SUPPORTED
-#    define BOOTLOADER_JUMP_SUPPORTED
-#endif
-
 #ifdef BOOTLOADER_JUMP_SUPPORTED
 bool xap_respond_request_bootloader_jump(xap_token_t token, const void *data, size_t length) {
     uint8_t ret = secure_is_unlocked();