diff --git a/patches/cryptroot.patch b/patches/cryptroot.patch
index c7f7480..887beb9 100644
--- a/patches/cryptroot.patch
+++ b/patches/cryptroot.patch
@@ -1,8 +1,6 @@
-diff --git a/cryptroot.orig b/cryptroot
-index 8604084..e704949 100755
---- a/cryptroot.orig
-+++ b/cryptroot
-@@ -155,7 +155,7 @@ setup_mapping() {
+--- patched/cryptroot.orig	2023-03-31 12:42:39.752554806 +0200
++++ patched/cryptroot	2023-03-31 12:42:39.756554722 +0200
+@@ -150,7 +150,7 @@ setup_mapping() {
  
      local count=0 maxtries="${CRYPTTAB_OPTION_tries:-3}" fstype vg rv
      while [ $maxtries -le 0 ] || [ $count -lt $maxtries ]; do
diff --git a/patches/cryptsetup_functions.patch b/patches/cryptsetup_functions.patch
index 06f07b2..ad7e7d0 100644
--- a/patches/cryptsetup_functions.patch
+++ b/patches/cryptsetup_functions.patch
@@ -1,8 +1,6 @@
-diff --git a/cryptsetup_functions b/cryptsetup_functions
-index 339f0fd..a949c6a 100644
---- a/cryptsetup_functions
-+++ b/cryptsetup_functions
-@@ -84,7 +84,8 @@ crypttab_parse_options() {
+--- patched/cryptsetup_functions.orig	2023-03-31 12:42:39.752554806 +0200
++++ patched/cryptsetup_functions	2023-03-31 12:42:39.756554722 +0200
+@@ -86,7 +86,8 @@ crypttab_parse_options() {
               CRYPTTAB_OPTION_same_cpu_crypt \
               CRYPTTAB_OPTION_submit_from_crypt_cpus \
               CRYPTTAB_OPTION_no_read_workqueue \
@@ -12,7 +10,7 @@ index 339f0fd..a949c6a 100644
      # use $_CRYPTTAB_OPTIONS not $CRYPTTAB_OPTIONS as options values may
      # contain '\054' which is decoded to ',' in the latter
      for x in $_CRYPTTAB_OPTIONS; do
-@@ -160,6 +161,7 @@ crypttab_validate_option() {
+@@ -162,6 +163,7 @@ crypttab_validate_option() {
          submit-from-crypt-cpus) OPTION="submit_from_crypt_cpus";;
          no-read-workqueue) OPTION="no_read_workqueue";;
          no-write-workqueue) OPTION="no_write_workqueue";;
@@ -20,7 +18,7 @@ index 339f0fd..a949c6a 100644
      esac
  
      case "$o" in
-@@ -224,6 +226,9 @@ crypttab_validate_option() {
+@@ -226,6 +228,9 @@ crypttab_validate_option() {
                  return 1
              fi
          ;;
@@ -30,7 +28,7 @@ index 339f0fd..a949c6a 100644
          # and now the flags
          verify) ;;
          loud) ;;
-@@ -358,6 +363,8 @@ unlock_mapping() {
+@@ -363,6 +368,8 @@ unlock_mapping() {
          unset -v CRYPTTAB_OPTION_keyslot
      fi
  
@@ -39,7 +37,7 @@ index 339f0fd..a949c6a 100644
      /sbin/cryptsetup -T1 \
          ${CRYPTTAB_OPTION_header:+--header="$CRYPTTAB_OPTION_header"} \
          ${CRYPTTAB_OPTION_cipher:+--cipher="$CRYPTTAB_OPTION_cipher"} \
-@@ -380,6 +387,10 @@ unlock_mapping() {
+@@ -385,6 +392,10 @@ unlock_mapping() {
          ${CRYPTTAB_OPTION_no_write_workqueue:+--perf-no_write_workqueue} \
          --type="$CRYPTTAB_TYPE" --key-file="$keyfile" \
          open -- "$CRYPTTAB_SOURCE" "$CRYPTTAB_NAME"
diff --git a/scripts/systemd_cryptsetup_hook b/scripts/systemd_cryptsetup_hook
index 169dda9..31e4217 100755
--- a/scripts/systemd_cryptsetup_hook
+++ b/scripts/systemd_cryptsetup_hook
@@ -20,6 +20,7 @@ esac
 # Begin real processing
 
 copy_exec /lib/systemd/systemd-cryptsetup /lib/systemd
+copy_exec /lib/x86_64-linux-gnu/cryptsetup/libcryptsetup-token-systemd-tpm2.so /lib/x86_64-linux-gnu/cryptsetup/libcryptsetup-token-systemd-tpm2.so
 for i in /lib/x86_64-linux-gnu/libtss2*
 do
 	copy_exec ${i} /lib/x86_64-linux-gnu