diff --git a/tpm2.0-tools-fix-hardening.patch b/tpm2.0-tools-fix-hardening.patch
new file mode 100644
index 0000000..c140801
--- /dev/null
+++ b/tpm2.0-tools-fix-hardening.patch
@@ -0,0 +1,14 @@
+--- tpm2.0-tools-2.0.0/configure.ac.fix	2017-06-02 09:15:49.118425187 +0200
++++ tpm2.0-tools-2.0.0/configure.ac	2017-06-02 09:15:59.698416673 +0200
+@@ -100,11 +100,9 @@
+ 
+   add_hardened_c_flag([-Wformat])
+   add_hardened_c_flag([-Wformat-security])
+-  add_hardened_c_flag([-Wstack-protector])
+   add_hardened_c_flag([-fstack-protector-all])
+ 
+   add_hardened_define_flag([-D_FORTIFY_SOURCE=2])
+-  add_hardened_define_flag([-U_FORTIFY_SOURCE])
+ 
+   add_hardened_c_flag([-fPIC])
+   add_hardened_ld_flag([[-shared]])
diff --git a/tpm2.0-tools.changes b/tpm2.0-tools.changes
index b955d8f..5695dff 100644
--- a/tpm2.0-tools.changes
+++ b/tpm2.0-tools.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Jun  2 07:16:45 UTC 2017 - meissner@suse.com
+
+- tpm2.0-tools-fix-hardening.patch: do not disable fortify,
+  do not use -Wstack-protector as it warns also for non-utilized
+  functions and then -Werror fails.
+
 -------------------------------------------------------------------
 Wed May 10 11:52:40 UTC 2017 - matthias.gerstner@suse.com
 
diff --git a/tpm2.0-tools.spec b/tpm2.0-tools.spec
index cf9c7bd..f903423 100644
--- a/tpm2.0-tools.spec
+++ b/tpm2.0-tools.spec
@@ -24,6 +24,7 @@ License:        BSD-3-Clause
 Group:          Productivity/Security
 Url:            https://github.com/01org/tpm2.0-tools
 Source0:        https://github.com/01org/tpm2.0-tools/archive/%{version}.zip
+Patch0:         tpm2.0-tools-fix-hardening.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  gcc-c++
@@ -44,6 +45,7 @@ associated interfaces.
 
 %prep
 %setup -q
+%patch0 -p1
 
 %build
 bash ./bootstrap