diff --git a/SOURCES/0003-Use-sha256-as-default-hashing-algorithm.patch b/SOURCES/0003-Use-sha256-as-default-hashing-algorithm.patch
new file mode 100644
index 0000000..e0d4c76
--- /dev/null
+++ b/SOURCES/0003-Use-sha256-as-default-hashing-algorithm.patch
@@ -0,0 +1,58 @@
+# HG changeset patch
+# User Lukasz Hawrylko <lukasz.hawrylko@intel.com>
+# Date 1631717614 -7200
+#      Wed Sep 15 16:53:34 2021 +0200
+# Node ID 5bf5c12411d3a4a7e0a552203b40bfe59d5c7789
+# Parent  4cdcf97e4723647b6fac761565c0be13f7e31009
+Use sha256 as default hashing algorithm in lcp2_mlehash and tb_polgen
+
+Signed-off-by: Lukasz Hawrylko <lukasz.hawrylko@intel.com>
+
+diff -r 4cdcf97e4723 -r 5bf5c12411d3 docs/man/tb_polgen.8
+--- a/docs/man/tb_polgen.8	Thu Aug 26 14:12:44 2021 +0200
++++ b/docs/man/tb_polgen.8	Wed Sep 15 16:53:34 2021 +0200
+@@ -21,6 +21,9 @@
+ \fR[\fB\-\-ctrl \fIpolicy-control-value\fR]
+ The default value 1 is to extend policy into PCR 17.
+ .TP
++\fR[\fB\-\-alg \fIsha1 \fR|\fI sha256 \fR|\fI sha384 \fR|\fI sha512\fR]
++Policy hashing algorithm.
++.TP
+ \fIpolicy-file\fR
+ .RE
+ .TP
+diff -r 4cdcf97e4723 -r 5bf5c12411d3 lcptools-v2/mlehash.c
+--- a/lcptools-v2/mlehash.c	Thu Aug 26 14:12:44 2021 +0200
++++ b/lcptools-v2/mlehash.c	Wed Sep 15 16:53:34 2021 +0200
+@@ -70,8 +70,8 @@
+ 
+ 
+ bool        verbose = false;
+-char        alg_name[32] = "sha1";
+-uint16_t    alg_type = TPM_ALG_SHA1;
++char        alg_name[32] = "sha256";
++uint16_t    alg_type = TPM_ALG_SHA256;
+ 
+ static struct option long_opts[] =
+ {
+diff -r 4cdcf97e4723 -r 5bf5c12411d3 tb_polgen/param.c
+--- a/tb_polgen/param.c	Thu Aug 26 14:12:44 2021 +0200
++++ b/tb_polgen/param.c	Wed Sep 15 16:53:34 2021 +0200
+@@ -51,7 +51,7 @@
+ 
+ static const char *help[] = {
+     "tb_polgen --create --type        nonfatal|continue|halt\n",
+-    "                   [--alg        sha1 (default)|sha256|sha384|sha512]\n",
++    "                   [--alg        sha1|sha256 (default)|sha384|sha512]\n",
+     "                   [--ctrl       <policy control value>]\n",
+     "                   [--verbose]\n",
+     "                   <policy file name>\n",
+@@ -330,7 +330,7 @@
+     params->cmd = POLGEN_CMD_NONE;
+     params->mod_num = -1;
+     params->pcr = -1;
+-    params->hash_alg = TB_HALG_SHA1;
++    params->hash_alg = TB_HALG_SHA256;
+     params->policy_type = -1;
+     params->policy_control = TB_POLCTL_EXTEND_PCR17;
+     params->hash_type = -1;
diff --git a/SPECS/tboot.spec b/SPECS/tboot.spec
index aa67255..efaff33 100644
--- a/SPECS/tboot.spec
+++ b/SPECS/tboot.spec
@@ -1,7 +1,7 @@
 Summary:        Performs a verified launch using Intel TXT
 Name:           tboot
 Version:        1.10.2
-Release:        5%{?dist}
+Release:        6%{?dist}
 Epoch:          1
 
 License:        BSD
@@ -10,6 +10,7 @@ Source0:        http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.
 
 Patch0:         0001-Add-Wno-error-deprecated-declarations-to-Config.mk.patch
 Patch1:         0002-lcputils.c-remove-call-to-EVP_PKEY_set_alias_type.patch
+Patch2:         0003-Use-sha256-as-default-hashing-algorithm.patch
 
 BuildRequires:  make
 BuildRequires:  gcc
@@ -58,6 +59,10 @@ make debug=y DISTDIR=$RPM_BUILD_ROOT install
 /boot/tboot-syms
 
 %changelog
+* Thu Sep 30 2021 Tony Camuso <tcamuso@redhat.com> - 1:1.10.2-6
+- Use sha256 as default hashing algorithm
+  Resolves: rhbz#1935448
+
 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.10.2-5
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688