diff --git a/kernel/kernel-modules/tpmdd/centos/build_srpm.data b/kernel/kernel-modules/tpmdd/centos/build_srpm.data
index a3a69c84e..b2e6158f8 100644
--- a/kernel/kernel-modules/tpmdd/centos/build_srpm.data
+++ b/kernel/kernel-modules/tpmdd/centos/build_srpm.data
@@ -2,4 +2,4 @@ COPY_LIST=" \
   $PKG_BASE/files/* \
   $PKG_BASE/patches/* \
   $STX_BASE/downloads/tpm-kmod-e6aef069.tar.gz"
-TIS_PATCH_VER=5
+TIS_PATCH_VER=6
diff --git a/kernel/kernel-modules/tpmdd/centos/tpm-kmod.spec b/kernel/kernel-modules/tpmdd/centos/tpm-kmod.spec
index a6d725fad..b0f34d71f 100644
--- a/kernel/kernel-modules/tpmdd/centos/tpm-kmod.spec
+++ b/kernel/kernel-modules/tpmdd/centos/tpm-kmod.spec
@@ -35,6 +35,7 @@ Patch04: UPSTREAM-0002-tpm-reduce-tpm-polling-delay-in-tpm_tis_core.patch
 Patch05: UPSTREAM-0003-tpm-use-tpm_msleep-value-as-max-delay.patch
 Patch06: UPSTREAM-0004-tpm-wait-for-stat-to-specify-variable-polling-time.patch
 Patch07: UPSTREAM-0005-tpm-ignore-burstcount-to-improve-send-performance.patch
+Patch08: UPSTREAM-0006-tpm-use-struct-tpm_chip.patch
 
 %define kversion %(rpm -q kernel%{?bt_ext}-devel | sort --version-sort | tail -1 | sed 's/kernel%{?bt_ext}-devel-//')
 
diff --git a/kernel/kernel-modules/tpmdd/patches/UPSTREAM-0006-tpm-use-struct-tpm_chip.patch b/kernel/kernel-modules/tpmdd/patches/UPSTREAM-0006-tpm-use-struct-tpm_chip.patch
new file mode 100644
index 000000000..42f885dea
--- /dev/null
+++ b/kernel/kernel-modules/tpmdd/patches/UPSTREAM-0006-tpm-use-struct-tpm_chip.patch
@@ -0,0 +1,327 @@
+From 5b60e1a889246a5a0d131e74ceaf240fc0637c9f Mon Sep 17 00:00:00 2001
+From: Shuicheng Lin <shuicheng.lin@intel.com>
+Date: Sat, 29 Dec 2018 02:51:39 +0800
+Subject: [PATCH] pick upstream patch to fix build failure with CentOS 7.6
+ 3.10.0-957.1.3 kernel
+
+[commit aad887f6641145fec2a801da2ce4ed36cf99c6a5 from Upstream linux-tpmdd repo]
+
+"
+From aad887f6641145fec2a801da2ce4ed36cf99c6a5 Mon Sep 17 00:00:00 2001
+From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Date: Sun, 5 Nov 2017 13:16:26 +0200
+Subject: [PATCH] tpm: use struct tpm_chip for tpm_chip_find_get()
+
+Device number (the character device index) is not a stable identifier
+for a TPM chip. That is the reason why every call site passes
+TPM_ANY_NUM to tpm_chip_find_get().
+
+This commit changes the API in a way that instead a struct tpm_chip
+instance is given and NULL means the default chip. In addition, this
+commit refines the documentation to be up to date with the
+implementation.
+
+Suggested-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> (@chip_num -> @chip part)
+Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Reviewed-by: Jason Gunthorpe <jgg@ziepe.ca>
+Tested-by: PrasannaKumar Muralidharan <prasannatsmkumar@gmail.com>
+"
+
+Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
+---
+ tpm-chip.c      |  15 +++----
+ tpm-interface.c | 133 +++++++++++++++++++++++++++++---------------------------
+ tpm.h           |   2 +-
+ 3 files changed, 76 insertions(+), 74 deletions(-)
+
+diff --git a/tpm-chip.c b/tpm-chip.c
+index a321bd5..84710e0 100644
+--- a/tpm-chip.c
++++ b/tpm-chip.c
+@@ -80,21 +80,21 @@ void tpm_put_ops(struct tpm_chip *chip)
+ EXPORT_SYMBOL_GPL(tpm_put_ops);
+
+ /**
+- * tpm_chip_find_get() - return tpm_chip for a given chip number
+- * @chip_num: id to find
++ * tpm_chip_find_get() - find and reserve a TPM chip
++ * @chip:      a &struct tpm_chip instance, %NULL for the default chip
+  *
+  * The return'd chip has been tpm_try_get_ops'd and must be released via
+  * tpm_put_ops
+  */
+-struct tpm_chip *tpm_chip_find_get(int chip_num)
++struct tpm_chip *tpm_chip_find_get(struct tpm_chip *chip)
+ {
+-	struct tpm_chip *chip, *res = NULL;
++	struct tpm_chip *res = NULL;
++	int chip_num = 0;
+ 	int chip_prev;
+
+ 	mutex_lock(&idr_lock);
+
+-	if (chip_num == TPM_ANY_NUM) {
+-		chip_num = 0;
++	if (!chip) {
+ 		do {
+ 			chip_prev = chip_num;
+ 			chip = idr_get_next(&dev_nums_idr, &chip_num);
+@@ -104,8 +104,7 @@ struct tpm_chip *tpm_chip_find_get(int chip_num)
+ 			}
+ 		} while (chip_prev != chip_num);
+ 	} else {
+-		chip = idr_find(&dev_nums_idr, chip_num);
+-		if (chip && !tpm_try_get_ops(chip))
++		if (!tpm_try_get_ops(chip))
+ 			res = chip;
+ 	}
+
+diff --git a/tpm-interface.c b/tpm-interface.c
+index 69041ec..036c6b6 100644
+--- a/tpm-interface.c
++++ b/tpm-interface.c
+@@ -787,19 +787,18 @@ int tpm_pcr_read_dev(struct tpm_chip *chip, int pcr_idx, u8 *res_buf)
+ }
+
+ /**
+- * tpm_is_tpm2 - is the chip a TPM2 chip?
+- * @chip_num:	tpm idx # or ANY
++ * tpm_is_tpm2 - do we a have a TPM2 chip?
++ * @chip:      a &struct tpm_chip instance, %NULL for the default chip
+  *
+  * Returns < 0 on error, and 1 or 0 on success depending whether the chip
+  * is a TPM2 chip.
+  */
+-int tpm_is_tpm2(u32 chip_num)
++int tpm_is_tpm2(struct tpm_chip *chip)
+ {
+-	struct tpm_chip *chip;
+ 	int rc;
+
+-	chip = tpm_chip_find_get(chip_num);
+-	if (chip == NULL)
++	chip = tpm_chip_find_get(chip);
++	if (!chip)
+ 		return -ENODEV;
+
+ 	rc = (chip->flags & TPM_CHIP_FLAG_TPM2) != 0;
+@@ -811,23 +810,18 @@ int tpm_is_tpm2(u32 chip_num)
+ EXPORT_SYMBOL_GPL(tpm_is_tpm2);
+
+ /**
+- * tpm_pcr_read - read a pcr value
+- * @chip_num:	tpm idx # or ANY
+- * @pcr_idx:	pcr idx to retrieve
+- * @res_buf:	TPM_PCR value
+- *		size of res_buf is 20 bytes (or NULL if you don't care)
+- *
+- * The TPM driver should be built-in, but for whatever reason it
+- * isn't, protect against the chip disappearing, by incrementing
+- * the module usage count.
++ * tpm_pcr_read - read a PCR value from SHA1 bank
++ * @chip:      a &struct tpm_chip instance, %NULL for the default chip
++ * @pcr_idx:   the PCR to be retrieved
++ * @res_buf:   the value of the PCR
++ * Return: same as with tpm_transmit_cmd()
+  */
+-int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf)
++int tpm_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf)
+ {
+-	struct tpm_chip *chip;
+ 	int rc;
+
+-	chip = tpm_chip_find_get(chip_num);
+-	if (chip == NULL)
++	chip = tpm_chip_find_get(chip);
++	if (!chip)
+ 		return -ENODEV;
+ 	if (chip->flags & TPM_CHIP_FLAG_TPM2)
+ 		rc = tpm2_pcr_read(chip, pcr_idx, res_buf);
+@@ -848,26 +842,27 @@ static const struct tpm_input_header pcrextend_header = {
+ };
+
+ /**
+- * tpm_pcr_extend - extend pcr value with hash
+- * @chip_num:	tpm idx # or AN&
+- * @pcr_idx:	pcr idx to extend
+- * @hash:	hash value used to extend pcr value
++ * tpm_pcr_extend - extend a PCR value in SHA1 bank.
++ * @chip:      a &struct tpm_chip instance, %NULL for the default chip
++ * @pcr_idx:   the PCR to be retrieved
++ * @hash:      the hash value used to extend the PCR value
+  *
+- * The TPM driver should be built-in, but for whatever reason it
+- * isn't, protect against the chip disappearing, by incrementing
+- * the module usage count.
++ * Note: with TPM 2.0 extends also those banks with a known digest size to the
++ * cryto subsystem in order to prevent malicious use of those PCR banks. In the
++ * future we should dynamically determine digest sizes.
++ *
++ * Return: same as with tpm_transmit_cmd()
+  */
+-int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash)
++int tpm_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash)
+ {
+ 	struct tpm_cmd_t cmd;
+ 	int rc;
+-	struct tpm_chip *chip;
+ 	struct tpm2_digest digest_list[ARRAY_SIZE(chip->active_banks)];
+ 	u32 count = 0;
+ 	int i;
+
+-	chip = tpm_chip_find_get(chip_num);
+-	if (chip == NULL)
++	chip = tpm_chip_find_get(chip);
++	if (!chip)
+ 		return -ENODEV;
+
+ 	if (chip->flags & TPM_CHIP_FLAG_TPM2) {
+@@ -984,17 +979,24 @@ out:
+ 	return rc;
+ }
+
+-int tpm_send(u32 chip_num, void *cmd, size_t buflen)
++/**
++ * tpm_send - send a TPM command
++ * @chip:      a &struct tpm_chip instance, %NULL for the default chip
++ * @cmd:       a TPM command buffer
++ * @buflen:    the length of the TPM command buffer
++ *
++ * Return: same as with tpm_transmit_cmd()
++ */
++int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen)
+ {
+-	struct tpm_chip *chip;
+ 	int rc;
+
+-	chip = tpm_chip_find_get(chip_num);
+-	if (chip == NULL)
++	chip = tpm_chip_find_get(chip);
++	if (!chip)
+ 		return -ENODEV;
+
+ 	rc = tpm_transmit_cmd(chip, NULL, cmd, buflen, 0, 0,
+-			      "attempting tpm_cmd");
++			      "attempting to a send a command");
+ 	tpm_put_ops(chip);
+ 	return rc;
+ }
+@@ -1164,16 +1166,15 @@ static const struct tpm_input_header tpm_getrandom_header = {
+ };
+
+ /**
+- * tpm_get_random() - Get random bytes from the tpm's RNG
+- * @chip_num: A specific chip number for the request or TPM_ANY_NUM
+- * @out: destination buffer for the random bytes
+- * @max: the max number of bytes to write to @out
++ * tpm_get_random() - get random bytes from the TPM's RNG
++ * @chip:      a &struct tpm_chip instance, %NULL for the default chip
++ * @out:       destination buffer for the random bytes
++ * @max:       the max number of bytes to write to @out
+  *
+- * Returns < 0 on error and the number of bytes read on success
++ * Return: same as with tpm_transmit_cmd()
+  */
+-int tpm_get_random(u32 chip_num, u8 *out, size_t max)
++int tpm_get_random(struct tpm_chip *chip, u8 *out, size_t max)
+ {
+-	struct tpm_chip *chip;
+ 	struct tpm_cmd_t tpm_cmd;
+ 	u32 recd, num_bytes = min_t(u32, max, TPM_MAX_RNG_DATA), rlength;
+ 	int err, total = 0, retries = 5;
+@@ -1182,8 +1183,8 @@ int tpm_get_random(u32 chip_num, u8 *out, size_t max)
+ 	if (!out || !num_bytes || max > TPM_MAX_RNG_DATA)
+ 		return -EINVAL;
+
+-	chip = tpm_chip_find_get(chip_num);
+-	if (chip == NULL)
++	chip = tpm_chip_find_get(chip);
++	if (!chip)
+ 		return -ENODEV;
+
+ 	if (chip->flags & TPM_CHIP_FLAG_TPM2) {
+@@ -1225,22 +1226,23 @@ int tpm_get_random(u32 chip_num, u8 *out, size_t max)
+ EXPORT_SYMBOL_GPL(tpm_get_random);
+
+ /**
+- * tpm_seal_trusted() - seal a trusted key
+- * @chip_num: A specific chip number for the request or TPM_ANY_NUM
+- * @options: authentication values and other options
+- * @payload: the key data in clear and encrypted form
++ * tpm_seal_trusted() - seal a trusted key payload
++ * @chip:      a &struct tpm_chip instance, %NULL for the default chip
++ * @options:   authentication values and other options
++ * @payload:   the key data in clear and encrypted form
++ *
++ * Note: only TPM 2.0 chip are supported. TPM 1.x implementation is located in
++ * the keyring subsystem.
+  *
+- * Returns < 0 on error and 0 on success. At the moment, only TPM 2.0 chips
+- * are supported.
++ * Return: same as with tpm_transmit_cmd()
+  */
+-int tpm_seal_trusted(u32 chip_num, struct trusted_key_payload *payload,
++int tpm_seal_trusted(struct tpm_chip *chip, struct trusted_key_payload *payload,
+ 		     struct trusted_key_options *options)
+ {
+-	struct tpm_chip *chip;
+ 	int rc;
+
+-	chip = tpm_chip_find_get(chip_num);
+-	if (chip == NULL || !(chip->flags & TPM_CHIP_FLAG_TPM2))
++	chip = tpm_chip_find_get(chip);
++	if (!chip || !(chip->flags & TPM_CHIP_FLAG_TPM2))
+ 		return -ENODEV;
+
+ 	rc = tpm2_seal_trusted(chip, payload, options);
+@@ -1251,22 +1253,23 @@ int tpm_seal_trusted(u32 chip_num, struct trusted_key_payload *payload,
+ EXPORT_SYMBOL_GPL(tpm_seal_trusted);
+
+ /**
+- * tpm_unseal_trusted() - unseal a trusted key
+- * @chip_num: A specific chip number for the request or TPM_ANY_NUM
+- * @options: authentication values and other options
+- * @payload: the key data in clear and encrypted form
++ * @chip:      a &struct tpm_chip instance, %NULL for the default chip
++ * @options:   authentication values and other options
++ * @payload:   the key data in clear and encrypted form
++ *
++ * Note: only TPM 2.0 chip are supported. TPM 1.x implementation is located in
++ * the keyring subsystem.
+  *
+- * Returns < 0 on error and 0 on success. At the moment, only TPM 2.0 chips
+- * are supported.
++ * Return: same as with tpm_transmit_cmd()
+  */
+-int tpm_unseal_trusted(u32 chip_num, struct trusted_key_payload *payload,
+-		       struct trusted_key_options *options)
++int tpm_unseal_trusted(struct tpm_chip *chip,
++                      struct trusted_key_payload *payload,
++                      struct trusted_key_options *options)
+ {
+-	struct tpm_chip *chip;
+ 	int rc;
+
+-	chip = tpm_chip_find_get(chip_num);
+-	if (chip == NULL || !(chip->flags & TPM_CHIP_FLAG_TPM2))
++	chip = tpm_chip_find_get(chip);
++	if (!chip || !(chip->flags & TPM_CHIP_FLAG_TPM2))
+ 		return -ENODEV;
+
+ 	rc = tpm2_unseal_trusted(chip, payload, options);
+diff --git a/tpm.h b/tpm.h
+index e2c9f06..6d847a2 100644
+--- a/tpm.h
++++ b/tpm.h
+@@ -557,7 +557,7 @@ static inline void tpm_msleep(unsigned int delay_msec)
+ 		         delay_msec * 1000);
+ };
+
+-struct tpm_chip *tpm_chip_find_get(int chip_num);
++struct tpm_chip *tpm_chip_find_get(struct tpm_chip *chip);
+ __must_check int tpm_try_get_ops(struct tpm_chip *chip);
+ void tpm_put_ops(struct tpm_chip *chip);
+
+--
+2.7.4
+