diff --git a/WALinuxAgent.spec b/WALinuxAgent.spec
index 0169ed3..57b86f2 100644
--- a/WALinuxAgent.spec
+++ b/WALinuxAgent.spec
@@ -4,7 +4,7 @@
 
 Name:           WALinuxAgent
 Version:        2.7.0.6
-Release:        8%{?dist}
+Release:        9%{?dist}
 Summary:        The Microsoft Azure Linux Agent
 
 License:        ASL 2.0
@@ -159,6 +159,11 @@ rm -rf %{_unitdir}/waagent.service.d/
 %endif
 
 %changelog
+* Wed Feb 08 2023 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-9
+- wla-redhat-Adjust-tpm2_createprimary-key-attributes-to-m.patch [bz#2167322]
+- Resolves: bz#2167322
+  (Adjust TPM primary key creation parameters to match Azure)
+
 * Mon Feb 06 2023 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-8
 - wla-redhat-Explicitly-list-udev-rule-requirements-in-the.patch [bz#2165042]
 - Resolves: bz#2165042
diff --git a/tpm2-luks-import.sh b/tpm2-luks-import.sh
index 29f7cd4..dc1ff0f 100755
--- a/tpm2-luks-import.sh
+++ b/tpm2-luks-import.sh
@@ -35,9 +35,9 @@ fi
     # Import sealed object
     tpm2_flushcontext -t
     if [ ! -f "unique.dat" ]; then
-        tpm2_createprimary -Q -C o -g sha256 -G rsa -c primary.ctx
+        tpm2_createprimary -Q -C o -a 'restricted|decrypt|fixedtpm|fixedparent|sensitivedataorigin|userwithauth|noda' -g sha256 -G rsa -c primary.ctx
     else
-        tpm2_createprimary -Q -C o -g sha256 -G rsa -u unique.dat -c primary.ctx
+        tpm2_createprimary -Q -C o -a 'restricted|decrypt|fixedtpm|fixedparent|sensitivedataorigin|userwithauth|noda' -g sha256 -G rsa -u unique.dat -c primary.ctx
     fi
     tpm2_flushcontext -t
     tpm2_import -Q -C primary.ctx -u parent.pub -i parent.prv -r parent_imported.prv -s parent.seed