diff --git a/clevis-tpm2-tools-5.patch b/clevis-tpm2-tools-5.patch
new file mode 100644
index 0000000..604ea53
--- /dev/null
+++ b/clevis-tpm2-tools-5.patch
@@ -0,0 +1,118 @@
+From ef76951e4486dadf41ca8085e09849466a0c7fd3 Mon Sep 17 00:00:00 2001
+From: Jonas Witschel <diabonas@gmx.de>
+Date: Wed, 11 Nov 2020 12:43:18 +0100
+Subject: [PATCH] pins/tpm2: add support for tpm2-tools 5.X
+
+tpm2-tools 5.0 consolidates all tools into a single busybox-style binary, so
+the preferred way to invoke the commands would be e.g. "tpm2 createprimary"
+instead of "tpm2_createprimary". However, compatibility symlinks tpm2_* -> tpm2
+are installed by default, so we keep the old syntax for tpm2-tools 5.0 to avoid
+creating another special case, since the option syntax has not changed (it
+should be stable since version 4).
+
+tpm2-tools 3.X is deprecated, but unfortunately still packaged by a few Linux
+distributions, so keep supporting it for now at least.
+---
+ src/pins/tpm2/clevis-decrypt-tpm2 | 12 ++++++------
+ src/pins/tpm2/clevis-encrypt-tpm2 | 16 ++++++++--------
+ 2 files changed, 14 insertions(+), 14 deletions(-)
+
+diff --git a/src/pins/tpm2/clevis-decrypt-tpm2 b/src/pins/tpm2/clevis-decrypt-tpm2
+index 83bf8f0..6226cb7 100755
+--- a/src/pins/tpm2/clevis-decrypt-tpm2
++++ b/src/pins/tpm2/clevis-decrypt-tpm2
+@@ -49,8 +49,8 @@ TPM2TOOLS_INFO="$(tpm2_createprimary -v)"
+ 
+ match='version="(.)\.'
+ [[ $TPM2TOOLS_INFO =~ $match ]] && TPM2TOOLS_VERSION="${BASH_REMATCH[1]}"
+-if [[ $TPM2TOOLS_VERSION != 3 ]] && [[ $TPM2TOOLS_VERSION != 4 ]]; then
+-    echo "The tpm2 pin requires tpm2-tools version 3 or 4" >&2
++if [[ $TPM2TOOLS_VERSION -lt 3 ]] || [[ $TPM2TOOLS_VERSION -gt 5 ]]; then
++    echo "The tpm2 pin requires a tpm2-tools version between 3 and 5" >&2
+     exit 1
+ fi
+ 
+@@ -135,7 +135,7 @@ fi
+ 
+ case "$TPM2TOOLS_VERSION" in
+     3) tpm2_createprimary -Q -H "$auth" -g "$hash" -G "$key" -C "$TMP"/primary.context || fail=$?;;
+-    4) tpm2_createprimary -Q -C "$auth" -g "$hash" -G "$key" -c "$TMP"/primary.context || fail=$?;;
++    4|5) tpm2_createprimary -Q -C "$auth" -g "$hash" -G "$key" -c "$TMP"/primary.context || fail=$?;;
+     *) fail=1;;
+ esac
+ if [ -n "$fail" ]; then
+@@ -146,8 +146,8 @@ fi
+ case "$TPM2TOOLS_VERSION" in
+     3) tpm2_load -Q -c "$TMP"/primary.context -u "$TMP"/jwk.pub -r "$TMP"/jwk.priv \
+                  -C "$TMP"/load.context || fail=$?;;
+-    4) tpm2_load -Q -C "$TMP"/primary.context -u "$TMP"/jwk.pub -r "$TMP"/jwk.priv \
+-                 -c "$TMP"/load.context || fail=$?;;
++    4|5) tpm2_load -Q -C "$TMP"/primary.context -u "$TMP"/jwk.pub -r "$TMP"/jwk.priv \
++                   -c "$TMP"/load.context || fail=$?;;
+     *) fail=1;;
+ esac
+ if [ -n "$fail" ]; then
+@@ -157,7 +157,7 @@ fi
+ 
+ case "$TPM2TOOLS_VERSION" in
+     3) jwk="$(tpm2_unseal -c "$TMP"/load.context ${pcr_spec:+-L $pcr_spec})" || fail=$?;;
+-    4) jwk="$(tpm2_unseal -c "$TMP"/load.context ${pcr_spec:+-p pcr:$pcr_spec})" || fail=$?;;
++    4|5) jwk="$(tpm2_unseal -c "$TMP"/load.context ${pcr_spec:+-p pcr:$pcr_spec})" || fail=$?;;
+     *) fail=1;;
+ esac
+ if [ -n "$fail" ]; then
+diff --git a/src/pins/tpm2/clevis-encrypt-tpm2 b/src/pins/tpm2/clevis-encrypt-tpm2
+index 16d35c4..69a1126 100755
+--- a/src/pins/tpm2/clevis-encrypt-tpm2
++++ b/src/pins/tpm2/clevis-encrypt-tpm2
+@@ -71,8 +71,8 @@ TPM2TOOLS_INFO="$(tpm2_createprimary -v)"
+ 
+ match='version="(.)\.'
+ [[ $TPM2TOOLS_INFO =~ $match ]] && TPM2TOOLS_VERSION="${BASH_REMATCH[1]}"
+-if [[ $TPM2TOOLS_VERSION != 3 ]] && [[ $TPM2TOOLS_VERSION != 4 ]]; then
+-    echo "The tpm2 pin requires tpm2-tools version 3 or 4" >&2
++if [[ $TPM2TOOLS_VERSION -lt 3 ]] || [[ $TPM2TOOLS_VERSION -gt 5 ]]; then
++    echo "The tpm2 pin requires a tpm2-tools version between 3 and 5" >&2
+     exit 1
+ fi
+ 
+@@ -153,7 +153,7 @@ trap 'on_exit' EXIT
+ 
+ case "$TPM2TOOLS_VERSION" in
+     3) tpm2_createprimary -Q -H "$auth" -g "$hash" -G "$key" -C "$TMP"/primary.context || fail=$?;;
+-    4) tpm2_createprimary -Q -C "$auth" -g "$hash" -G "$key" -c "$TMP"/primary.context || fail=$?;;
++    4|5) tpm2_createprimary -Q -C "$auth" -g "$hash" -G "$key" -c "$TMP"/primary.context || fail=$?;;
+     *) fail=1;;
+ esac
+ if [ -n "$fail" ]; then
+@@ -166,7 +166,7 @@ if [ -n "$pcr_ids" ]; then
+     if [ -z "$pcr_digest" ]; then
+         case "$TPM2TOOLS_VERSION" in
+             3) tpm2_pcrlist -Q -L "$pcr_bank":"$pcr_ids" -o "$TMP"/pcr.digest || fail=$?;;
+-            4) tpm2_pcrread -Q "$pcr_bank":"$pcr_ids" -o "$TMP"/pcr.digest || fail=$?;;
++            4|5) tpm2_pcrread -Q "$pcr_bank":"$pcr_ids" -o "$TMP"/pcr.digest || fail=$?;;
+             *) fail=1;;
+         esac
+         if [ -n "$fail" ]; then
+@@ -183,8 +183,8 @@ if [ -n "$pcr_ids" ]; then
+     case "$TPM2TOOLS_VERSION" in
+         3) tpm2_createpolicy -Q -g "$hash" -P -L "$pcr_bank":"$pcr_ids" \
+                              -F "$TMP"/pcr.digest -f "$TMP"/pcr.policy || fail=$?;;
+-        4) tpm2_createpolicy -Q -g "$hash" --policy-pcr -l "$pcr_bank":"$pcr_ids" \
+-                             -f "$TMP"/pcr.digest -L "$TMP"/pcr.policy || fail=$?;;
++        4|5) tpm2_createpolicy -Q -g "$hash" --policy-pcr -l "$pcr_bank":"$pcr_ids" \
++                               -f "$TMP"/pcr.digest -L "$TMP"/pcr.policy || fail=$?;;
+         *) fail=1;;
+     esac
+     if [ -n "$fail" ]; then
+@@ -200,8 +200,8 @@ fi
+ case "$TPM2TOOLS_VERSION" in
+     3) tpm2_create -Q -g "$hash" -G "$alg_create_key" -c "$TMP"/primary.context -u "$TMP"/jwk.pub \
+                    -r "$TMP"/jwk.priv -A "$obj_attr" "${policy_options[@]}" -I- <<< "$jwk" || fail=$?;;
+-    4) tpm2_create -Q -g "$hash" -C "$TMP"/primary.context -u "$TMP"/jwk.pub \
+-                   -r "$TMP"/jwk.priv -a "$obj_attr" "${policy_options[@]}" -i- <<< "$jwk" || fail=$?;;
++    4|5) tpm2_create -Q -g "$hash" -C "$TMP"/primary.context -u "$TMP"/jwk.pub \
++                     -r "$TMP"/jwk.priv -a "$obj_attr" "${policy_options[@]}" -i- <<< "$jwk" || fail=$?;;
+     *) fail=1;;
+ esac
+ if [ -n "$fail" ]; then
diff --git a/clevis.spec b/clevis.spec
index 31a687e..cc2dc48 100644
--- a/clevis.spec
+++ b/clevis.spec
@@ -1,13 +1,14 @@
 Name:           clevis
 Version:        15
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Automated decryption framework
 
 License:        GPLv3+
 URL:            https://github.com/latchset/%{name}
 Source0:        https://github.com/latchset/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.xz
+Patch0:         clevis-tpm2-tools-5.patch
 
-BuildRequires:  git
+BuildRequires:  git-core
 BuildRequires:  gcc
 BuildRequires:  meson
 BuildRequires:  asciidoc
@@ -20,7 +21,7 @@ BuildRequires:  audit-libs-devel
 BuildRequires:  libudisks2-devel
 BuildRequires:  openssl-devel
 
-BuildRequires:  tpm2-tools >= 3.0.0
+BuildRequires:  tpm2-tools >= 4.0.0
 BuildRequires:  desktop-file-utils
 BuildRequires:  pkgconfig
 BuildRequires:  systemd
@@ -33,7 +34,7 @@ BuildRequires:  openssl
 BuildRequires:  diffutils
 BuildRequires:  jq
 
-Requires:       tpm2-tools >= 3.0.0
+Requires:       tpm2-tools >= 4.0.0
 Requires:       coreutils
 Requires:       jose >= 8
 Requires:       curl
@@ -189,6 +190,9 @@ exit 0
 %attr(4755, root, root) %{_libexecdir}/%{name}-luks-udisks2
 
 %changelog
+* Mon Nov 23 08:14:40 GMT 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 15-3
+- Upstream patch for tpm-tools 5.0 support
+
 * Thu Oct 29 2020 Sergio Correia <scorreia@redhat.com> - 15-2
 - Add jq to dependencies