diff --git a/0005-luks-define-max-entropy-bits-for-pwmake.patch b/0005-luks-define-max-entropy-bits-for-pwmake.patch
new file mode 100644
index 0000000..be1e3dc
--- /dev/null
+++ b/0005-luks-define-max-entropy-bits-for-pwmake.patch
@@ -0,0 +1,42 @@
+--- clevis-18.ori/src/clevis.1.adoc	2021-04-15 13:00:19.965065700 +0200
++++ clevis-18/src/clevis.1.adoc	2022-12-16 11:25:48.407264932 +0100
+@@ -101,7 +101,7 @@
+ 
+ This command performs four steps:
+ 
+-1. Creates a new key with the same entropy as the LUKS master key.
++1. Creates a new key with the same entropy as the LUKS master key -- maximum entropy bits is 256.
+ 2. Encrypts the new key with Clevis.
+ 3. Stores the Clevis JWE in the LUKS header.
+ 4. Enables the new key for use with LUKS.
+--- clevis-18.ori/src/luks/clevis-luks-common-functions.in	2022-12-16 11:23:23.982459214 +0100
++++ clevis-18/src/luks/clevis-luks-common-functions.in	2022-12-16 14:39:32.694114153 +0100
+@@ -852,6 +852,7 @@
+     [ -z "${DEV}" ] && return 1
+ 
+     local dump filter bits
++    local MAX_ENTROPY_BITS=256  # Maximum allowed by pwmake.
+     dump=$(cryptsetup luksDump "${DEV}")
+     if cryptsetup isLuks --type luks1 "${DEV}"; then
+         filter="$(echo "${dump}" | sed -rn 's|MK bits:[ \t]*([0-9]+)|\1|p')"
+@@ -863,6 +864,9 @@
+     fi
+ 
+     bits="$(echo -n "${filter}" | sort -n | tail -n 1)"
++    if [ "${bits}" -gt "${MAX_ENTROPY_BITS}" ]; then
++        bits="${MAX_ENTROPY_BITS}"
++    fi
+     pwmake "${bits}"
+ }
+ 
+--- clevis-18.ori/src/luks/clevis-luks-bind.1.adoc	2022-12-16 11:23:23.982459214 +0100
++++ clevis-18/src/luks/clevis-luks-bind.1.adoc	2022-12-16 14:41:33.502788100 +0100
+@@ -20,7 +20,7 @@
+ 
+ This command performs four steps:
+ 
+-1. Creates a new key with the same entropy as the LUKS master key.
++1. Creates a new key with the same entropy as the LUKS master key -- maximum entropy bits is 256.
+ 2. Encrypts the new key with Clevis.
+ 3. Stores the Clevis JWE in the LUKS header.
+ 4. Enables the new key for use with LUKS.
diff --git a/0006-luks-ignore-empty-and-comment-lines-in-crypttab.patch b/0006-luks-ignore-empty-and-comment-lines-in-crypttab.patch
new file mode 100644
index 0000000..1b5294a
--- /dev/null
+++ b/0006-luks-ignore-empty-and-comment-lines-in-crypttab.patch
@@ -0,0 +1,16 @@
+--- clevis-18.ori/src/luks/clevis-luks-common-functions.in	2022-12-16 11:23:23.982459214 +0100
++++ clevis-18/src/luks/clevis-luks-common-functions.in	2022-12-16 11:35:54.206644525 +0100
+@@ -399,7 +399,12 @@
+     clevis_devices=
+ 
+     # Build list of devices to unlock.
+-    while read -r _ crypt_device _; do
++    while read -r _volname_ crypt_device _; do
++        # skip empty lines and lines which begin with the '#' char, per
++        # crypttab(5)
++        case $_volname_ in
++            ''|\#*) continue ;;
++        esac
+         if ! dev=$(clevis_map_device "${crypt_device}") \
+                    || [ -z "${dev}" ]; then
+             # Unable to get the device - maybe it's not available, e.g. a
diff --git a/0007-luks-fix-typo-when-adding-a-pending-device.patch b/0007-luks-fix-typo-when-adding-a-pending-device.patch
new file mode 100644
index 0000000..f3bb30d
--- /dev/null
+++ b/0007-luks-fix-typo-when-adding-a-pending-device.patch
@@ -0,0 +1,11 @@
+--- clevis-18.0006/src/luks/clevis-luks-common-functions.in	2022-12-16 11:51:32.856881018 +0100
++++ clevis-18/src/luks/clevis-luks-common-functions.in	2022-12-16 11:53:09.717421379 +0100
+@@ -410,7 +410,7 @@
+             # Unable to get the device - maybe it's not available, e.g. a
+             # device on a volume group that has not been activated yet.
+             # Add it to the list anyway, since it's a pending device.
+-            clevis_devices="${clevis_devices} ${dev}"
++            clevis_devices="${clevis_devices} ${crypt_device}"
+             continue
+         fi
+ 
diff --git a/0008-notify-error-url-on-server-connect-fail.patch b/0008-notify-error-url-on-server-connect-fail.patch
new file mode 100644
index 0000000..7327d16
--- /dev/null
+++ b/0008-notify-error-url-on-server-connect-fail.patch
@@ -0,0 +1,16 @@
+--- clevis-18.0007/src/pins/tang/clevis-decrypt-tang	2021-04-15 13:00:19.969067600 +0200
++++ clevis-18/src/pins/tang/clevis-decrypt-tang	2022-12-16 11:55:59.187366809 +0100
+@@ -99,10 +99,10 @@
+ 
+ xfr="$(jose jwk exc -i '{"alg":"ECMR"}' -l- -r- <<< "$clt$eph")"
+ 
+-url="$url/rec/$kid"
++rec_url="$url/rec/$kid"
+ ct="Content-Type: application/jwk+json"
+-if ! rep="$(curl -sfg -X POST -H "$ct" --data-binary @- "$url" <<< "$xfr")"; then
+-    echo "Error communicating with the server!" >&2
++if ! rep="$(curl -sfg -X POST -H "$ct" --data-binary @- "$rec_url" <<< "$xfr")"; then
++    echo "Error communicating with server $url!" >&2
+     exit 1
+ fi
+ 
diff --git a/0009-improve-boot-performance-by-removing-key-check.patch b/0009-improve-boot-performance-by-removing-key-check.patch
new file mode 100644
index 0000000..7db4f16
--- /dev/null
+++ b/0009-improve-boot-performance-by-removing-key-check.patch
@@ -0,0 +1,39 @@
+--- clevis-18.0008/src/luks/clevis-luks-common-functions.in	2022-12-16 11:59:17.972475773 +0100
++++ clevis-18/src/luks/clevis-luks-common-functions.in	2022-12-16 12:05:07.214424096 +0100
+@@ -319,6 +319,7 @@
+ clevis_luks_unlock_device_by_slot() {
+     local DEV="${1}"
+     local SLT="${2}"
++    local SKIP_CHECK="${3}"
+ 
+     [ -z "${DEV}" ] && return 1
+     [ -z "${SLT}" ] && return 1
+@@ -334,7 +335,9 @@
+         return 1
+     fi
+ 
+-    clevis_luks_check_valid_key_or_keyfile "${DEV}" "${passphrase}" || return 1
++    if [ -z "${SKIP_CHECK}" ]; then
++        clevis_luks_check_valid_key_or_keyfile "${DEV}" "${passphrase}" || return 1
++    fi
+     printf '%s' "${passphrase}"
+ }
+ 
+@@ -342,6 +345,8 @@
+ # parameter and returns the decoded passphrase.
+ clevis_luks_unlock_device() {
+     local DEV="${1}"
++    local SKIP_CHECK="YES"
++
+     [ -z "${DEV}" ] && return 1
+ 
+     local used_slots
+@@ -352,7 +357,7 @@
+ 
+     local slt pt
+     for slt in ${used_slots}; do
+-        if ! pt=$(clevis_luks_unlock_device_by_slot "${DEV}" "${slt}") \
++        if ! pt=$(clevis_luks_unlock_device_by_slot "${DEV}" "${slt}" "${SKIP_CHECK}") \
+                   || [ -z "${pt}" ]; then
+              continue
+         fi
diff --git a/0010-fix-typo-in-error-messages.patch b/0010-fix-typo-in-error-messages.patch
new file mode 100644
index 0000000..e012c99
--- /dev/null
+++ b/0010-fix-typo-in-error-messages.patch
@@ -0,0 +1,17 @@
+--- clevis-18.0009/src/pins/tpm2/clevis-decrypt-tpm2	2021-04-15 13:00:19.969067600 +0200
++++ clevis-18/src/pins/tpm2/clevis-decrypt-tpm2	2022-12-16 12:22:51.788363059 +0100
+@@ -99,12 +99,12 @@
+ fi
+ 
+ if ! jwk_pub="$(jose fmt -j- -Og clevis -g tpm2 -g jwk_pub -Su- <<< "$jhd")"; then
+-    echo "JWE missing required 'key' header parameter!" >&2
++    echo "JWE missing required 'jwk_pub' header parameter!" >&2
+     exit 1
+ fi
+ 
+ if ! jwk_priv="$(jose fmt -j- -Og clevis -g tpm2 -g jwk_priv -Su- <<< "$jhd")"; then
+-    echo "JWE missing required 'key' header parameter!" >&2
++    echo "JWE missing required 'jwk_priv' header parameter!" >&2
+     exit 1
+ fi
+ 
diff --git a/0011-avoid-invalid-message-for-clevis-command.patch b/0011-avoid-invalid-message-for-clevis-command.patch
new file mode 100644
index 0000000..9389d84
--- /dev/null
+++ b/0011-avoid-invalid-message-for-clevis-command.patch
@@ -0,0 +1,25 @@
+--- clevis-18.0010/src/clevis	2021-04-15 13:00:19.965065700 +0200
++++ clevis-18/src/clevis	2022-12-16 12:29:15.122501596 +0100
+@@ -27,6 +27,8 @@
+ }
+ 
+ cmd=clevis
++input_commands="$cmd $@"
++
+ while [ $# -gt 0 ]; do
+     [[ "$1" =~ ^- ]] && break
+     cmd="$cmd-$1"
+@@ -36,8 +38,11 @@
+ done
+ 
+ exec >&2
+-echo
+-echo "Command '$cmd' is invalid"
++if [ "$cmd" != "clevis" ];
++then
++    echo
++    echo "Command '$input_commands' is invalid"
++fi
+ echo
+ echo "Usage: clevis COMMAND [OPTIONS]"
+ echo
diff --git a/0012-luks-edit-remove-unnecessary-2-dev-null.patch b/0012-luks-edit-remove-unnecessary-2-dev-null.patch
new file mode 100644
index 0000000..94e3503
--- /dev/null
+++ b/0012-luks-edit-remove-unnecessary-2-dev-null.patch
@@ -0,0 +1,11 @@
+--- clevis-18.0011/src/luks/clevis-luks-edit	2021-04-15 13:00:19.965065700 +0200
++++ clevis-18/src/luks/clevis-luks-edit	2022-12-16 12:32:42.350657681 +0100
+@@ -173,7 +173,7 @@
+ 
+ echo "Updating binding..."
+ if ! clevis_luks_do_bind "${DEV}" "${SLT}" "" "${pin}" "${new_cfg}" \
+-                         "-y" "overwrite" 2>/dev/null; then
++                         "-y" "overwrite"; then
+     echo "Unable to update binding in ${DEV}:${SLT}. Operation cancelled." >&2
+     exit 1
+ fi
diff --git a/clevis.spec b/clevis.spec
index dd71dec..d3b1b7f 100644
--- a/clevis.spec
+++ b/clevis.spec
@@ -12,6 +12,14 @@ Patch0001: 0001-sss-use-BN_set_word-x-0-instead-of-BN_zero.patch
 Patch0002: 0002-systemd-account-for-unlocking-failures-in-clevis-luk.patch
 Patch0003: 0003-feat-rename-the-test-pin-to-null-pin.patch
 Patch0004: 0004-clevis-external-token-id.patch
+Patch0005: 0005-luks-define-max-entropy-bits-for-pwmake.patch
+Patch0006: 0006-luks-ignore-empty-and-comment-lines-in-crypttab.patch
+Patch0007: 0007-luks-fix-typo-when-adding-a-pending-device.patch
+Patch0008: 0008-notify-error-url-on-server-connect-fail.patch
+Patch0009: 0009-improve-boot-performance-by-removing-key-check.patch
+Patch0010: 0010-fix-typo-in-error-messages.patch
+Patch0011: 0011-avoid-invalid-message-for-clevis-command.patch
+Patch0012: 0012-luks-edit-remove-unnecessary-2-dev-null.patch
 
 BuildRequires:  git-core
 BuildRequires:  gcc