diff --git a/security/tboot/centos/build_srpm.data b/security/tboot/centos/build_srpm.data
index 70b4b5dcb..8aeb55368 100644
--- a/security/tboot/centos/build_srpm.data
+++ b/security/tboot/centos/build_srpm.data
@@ -1 +1 @@
-TIS_PATCH_VER=2
+TIS_PATCH_VER=1
diff --git a/security/tboot/centos/meta_patches/0001-tboot-Update-package-versioning-for-TIS-format.patch b/security/tboot/centos/meta_patches/0001-tboot-Update-package-versioning-for-TIS-format.patch
index 7e51ef7f3..4abd3cc5f 100644
--- a/security/tboot/centos/meta_patches/0001-tboot-Update-package-versioning-for-TIS-format.patch
+++ b/security/tboot/centos/meta_patches/0001-tboot-Update-package-versioning-for-TIS-format.patch
@@ -15,8 +15,8 @@ index 2f6f0a8..c2d5eb7 100644
  Summary:        Performs a verified launch using Intel TXT
  Name:           tboot
  Version:        1.9.6
--Release:        2%{?dist}
-+Release:        2.e17%{?_tis_dist}.%{tis_patch_ver}
+-Release:        3%{?dist}
++Release:        3.e17%{?_tis_dist}.%{tis_patch_ver}
  Epoch:          1
  
  Group:          System Environment/Base
@@ -26,7 +26,7 @@ index 2f6f0a8..c2d5eb7 100644
 +
  BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
  
- Patch01:	0001-MANPATH-should-not-be-used-as-install-dir.patch
+ Patch01: ../patches/0001-Fix-a-logical-error-in-function-bool-evtlog_append.patch
 -- 
 2.7.4
 
diff --git a/security/tboot/centos/meta_patches/0002-TiS-tboot.patch b/security/tboot/centos/meta_patches/0002-TiS-tboot.patch
index fdf2df5c3..4c0593abf 100644
--- a/security/tboot/centos/meta_patches/0002-TiS-tboot.patch
+++ b/security/tboot/centos/meta_patches/0002-TiS-tboot.patch
@@ -4,37 +4,26 @@ Date: Wed, 6 Dec 2017 08:47:12 -0500
 Subject: [PATCH 1/1] TiS tboot
 
 ---
- SPECS/tboot.spec | 11 +++++++++--
- 1 file changed, 9 insertions(+), 2 deletions(-)
+ SPECS/tboot.spec | 2 ++
+ 1 file changed, 2 insertions(+)
 
 diff --git a/SPECS/tboot.spec b/SPECS/tboot.spec
 index c2d5eb7..f04dd17 100644
 --- a/SPECS/tboot.spec
 +++ b/SPECS/tboot.spec
-@@ -12,9 +12,10 @@ Source0:        http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.
- BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
- 
- Patch01:	0001-MANPATH-should-not-be-used-as-install-dir.patch
-+Patch999:       1000-tboot-for-tis.patch
+@@ -27,6 +27,7 @@ Patch13: ../patches/0013-Add-centos7-instructions-for-Use-in-EFI-boot-mode.patch
+ Patch14: ../patches/0014-Ensure-tboot-log-is-available-even-when-measured-lau.patch
+ Patch15: ../patches/0015-Add-support-for-appending-to-a-TPM2-TCG-style-event-.patch
+ Patch16: ../patches/0016-Add-an-option-in-tboot-to-force-SINIT-to-use-the-leg.patch
++Patch999: ../patches/1000-tboot-for-tis.patch
  
  BuildRequires:  trousers-devel
--BuildRequires:  openssl-devel
-+BuildRequires:  openssl-devel git
- ExclusiveArch:  x86_64
- 
- %description
-@@ -24,7 +25,13 @@ and verified launch of an OS kernel/VMM.
- 
- %prep
- %setup -q
--%patch01 -p1 -b .0001
-+
-+git init
-+git config user.email "example@example.com"
-+git config user.name "RHEL example"
-+git add .
-+git commit -a -q -m "baseline."
-+git am %{patches}
+ BuildRequires:  openssl-devel
+@@ -56,6 +57,7 @@ and verified launch of an OS kernel/VMM.
+ %patch14 -p1 -b .0014
+ %patch15 -p1 -b .0015
+ %patch16 -p1 -b .0016
++%patch999 -p1
  
  %build
  CFLAGS="$RPM_OPT_FLAGS"; export CFLAGS
diff --git a/security/tboot/centos/meta_patches/0003-security-set-immutable-attribute.patch b/security/tboot/centos/meta_patches/0003-security-set-immutable-attribute.patch
index b9be1ae8e..1036e50f7 100644
--- a/security/tboot/centos/meta_patches/0003-security-set-immutable-attribute.patch
+++ b/security/tboot/centos/meta_patches/0003-security-set-immutable-attribute.patch
@@ -11,7 +11,7 @@ diff --git a/SPECS/tboot.spec b/SPECS/tboot.spec
 index f04dd17..1673095 100644
 --- a/SPECS/tboot.spec
 +++ b/SPECS/tboot.spec
-@@ -49,6 +49,13 @@ if [ -e "/sys/firmware/efi" ]; then
+@@ -75,6 +75,13 @@ if [ -e "/sys/firmware/efi" ]; then
  	exit 0;
  fi
  
@@ -25,7 +25,7 @@ index f04dd17..1673095 100644
  %install
  rm -rf $RPM_BUILD_ROOT
  make debug=y DISTDIR=$RPM_BUILD_ROOT install
-@@ -56,6 +63,11 @@ make debug=y DISTDIR=$RPM_BUILD_ROOT install
+@@ -82,6 +89,11 @@ make debug=y DISTDIR=$RPM_BUILD_ROOT install
  %clean
  rm -rf $RPM_BUILD_ROOT
  
@@ -37,7 +37,7 @@ index f04dd17..1673095 100644
  %files
  %defattr(-,root,root,-)
  %doc README COPYING docs/* lcptools/lcptools2.txt lcptools/Linux_LCP_Tools_User_Manual.pdf
-@@ -92,8 +104,8 @@ rm -rf $RPM_BUILD_ROOT
+@@ -118,8 +130,8 @@ rm -rf $RPM_BUILD_ROOT
  %{_mandir}/man8/lcp_writepol.8.gz
  %{_mandir}/man8/tb_polgen.8.gz
  %{_mandir}/man8/txt-stat.8.gz
@@ -47,7 +47,7 @@ index f04dd17..1673095 100644
 +%attr(0400,root,root) /boot/tboot-syms
  
  %changelog
- * Thu Jan 25 2018 Tony Camuso <tcamuso@redhat.com> - 1:1.9.6-2
+ * Mon Jul 16 2018 Tony Camuso <tcamuso@redhat.com> - 1:1.9.6-3
 -- 
 2.7.4
 
diff --git a/security/tboot/centos/patches/1000-tboot-for-tis.patch b/security/tboot/centos/patches/1000-tboot-for-tis.patch
index ddb8b0f8c..a12d40b08 100644
--- a/security/tboot/centos/patches/1000-tboot-for-tis.patch
+++ b/security/tboot/centos/patches/1000-tboot-for-tis.patch
@@ -94,15 +94,15 @@ diff --git a/tboot/common/policy.c b/tboot/common/policy.c
 index 9678b7c..5a16d81 100644
 --- a/tboot/common/policy.c
 +++ b/tboot/common/policy.c
-@@ -349,6 +349,7 @@ tb_error_t set_policy(void)
+@@ -353,6 +353,7 @@ tb_error_t set_policy(void)
       * type is LCP_POLTYPE_LIST (since we could have been give a policy data
       * file even though the policy was not a LIST */
      printk(TBOOT_INFO"reading Launch Control Policy from TPM NV...\n");
 +
-     if ( read_policy_from_tpm(g_tpm->lcp_own_index,
+     if ( read_policy_from_tpm(tpm->lcp_own_index,
               _policy_index_buf, &policy_index_size) ) {
          printk(TBOOT_DETA"\t:%lu bytes read\n", policy_index_size);
-@@ -408,6 +409,7 @@ bool hash_policy(tb_hash_t *hash, uint16_t hash_alg)
+@@ -412,6 +413,7 @@ bool hash_policy(tb_hash_t *hash, uint16_t hash_alg)
  
  /* generate hash by hashing cmdline and module image */
  static bool hash_module(hash_list_t *hl,
@@ -110,7 +110,7 @@ index 9678b7c..5a16d81 100644
                          const char* cmdline, void *base,
                          size_t size)
  {
-@@ -416,6 +418,7 @@ static bool hash_module(hash_list_t *hl,
+@@ -423,6 +425,7 @@ static bool hash_module(hash_list_t *hl,
          return false;
      }
  
@@ -118,29 +118,29 @@ index 9678b7c..5a16d81 100644
      /* final hash is SHA-1( SHA-1(cmdline) | SHA-1(image) ) */
      /* where cmdline is first stripped of leading spaces, file name, then */
      /* any spaces until the next non-space char */
-@@ -430,16 +433,17 @@ static bool hash_module(hash_list_t *hl,
-     switch (g_tpm->extpol) {
+@@ -437,16 +440,17 @@ static bool hash_module(hash_list_t *hl,
+     switch (tpm->extpol) {
      case TB_EXTPOL_FIXED: 
          hl->count = 1;
--        hl->entries[0].alg = g_tpm->cur_alg;
-+        // hl->entries[0].alg = g_tpm->cur_alg;
+-        hl->entries[0].alg = tpm->cur_alg;
++        // hl->entries[0].alg = tpm->cur_alg;
 +        hl->entries[0].alg = cur_alg;
  
          if ( !hash_buffer((const unsigned char *)cmdline, strlen(cmdline),
--                    &hl->entries[0].hash, g_tpm->cur_alg) )
+-                    &hl->entries[0].hash, tpm->cur_alg) )
 +                    &hl->entries[0].hash, cur_alg) )
              return false;
          /* hash image and extend into cmdline hash */
          tb_hash_t img_hash;
--        if ( !hash_buffer(base, size, &img_hash, g_tpm->cur_alg) )
+-        if ( !hash_buffer(base, size, &img_hash, tpm->cur_alg) )
 +        if ( !hash_buffer(base, size, &img_hash, cur_alg) )
              return false;
--        if ( !extend_hash(&hl->entries[0].hash, &img_hash, g_tpm->cur_alg) )
+-        if ( !extend_hash(&hl->entries[0].hash, &img_hash, tpm->cur_alg) )
 +        if ( !extend_hash(&hl->entries[0].hash, &img_hash, cur_alg) )
              return false;
  
          break;
-@@ -635,7 +639,7 @@ static tb_error_t verify_module(module_t *module, tb_policy_entry_t *pol_entry,
+@@ -643,7 +647,7 @@ static tb_error_t verify_module(module_t *module, tb_policy_entry_t *pol_entry,
      }
  
      hash_list_t hl;
@@ -149,7 +149,7 @@ index 9678b7c..5a16d81 100644
          printk(TBOOT_ERR"\t hash cannot be generated.\n");
          return TB_ERR_MODULE_VERIFICATION_FAILED;
      }
-@@ -659,6 +663,8 @@ static tb_error_t verify_module(module_t *module, tb_policy_entry_t *pol_entry,
+@@ -667,6 +671,8 @@ static tb_error_t verify_module(module_t *module, tb_policy_entry_t *pol_entry,
      if ( pol_entry != NULL &&
           !is_hash_in_policy_entry(pol_entry, &hl.entries[0].hash, hash_alg) ) {
          printk(TBOOT_ERR"\t verification failed\n");
@@ -171,7 +171,7 @@ index b9b67c9..b7c5d62 100644
                  index, offset, ret);
          ti->error = ret;
          return false;
-@@ -2505,8 +2505,9 @@ static bool tpm20_init(struct tpm_if *ti)
+@@ -2504,8 +2504,9 @@ static bool tpm20_init(struct tpm_if *ti)
      get_tboot_extpol();
      if (info_list->capabilities.tpm_nv_index_set == 0){
          /* init NV index */
diff --git a/security/tboot/centos/srpm_path b/security/tboot/centos/srpm_path
index c36bb4899..97d222fd6 100644
--- a/security/tboot/centos/srpm_path
+++ b/security/tboot/centos/srpm_path
@@ -1 +1 @@
-mirror:Source/tboot-1.9.6-2.el7.src.rpm
+mirror:Source/tboot-1.9.6-3.el7.src.rpm