diff --git a/man/man3/TPMLIB_SetProfile.pod b/man/man3/TPMLIB_SetProfile.pod
index 72eb9e43..a33eb3d9 100644
--- a/man/man3/TPMLIB_SetProfile.pod
+++ b/man/man3/TPMLIB_SetProfile.pod
@@ -219,6 +219,14 @@ algorithms
 
 =back
 
+=item B<no-sha1-hmac-verification>: (since v0.10)
+
+=over 2
+
+=item * Prevents verification of an HMAC using SHA1
+
+=back
+
 =item B<fips-host>: (since v0.10)
 
 =over 2
diff --git a/src/tpm2/CryptUtil.c b/src/tpm2/CryptUtil.c
index 9f59c7ea..5fe51b7e 100644
--- a/src/tpm2/CryptUtil.c
+++ b/src/tpm2/CryptUtil.c
@@ -123,6 +123,12 @@ static TPM_RC CryptHMACVerifySignature(
        && ((keyScheme->scheme != signature->sigAlg)
 	   || (keyScheme->details.hmac.hashAlg != signature->signature.any.hashAlg)))
 	return TPM_RC_SIGNATURE;
+
+    if (signature->signature.any.hashAlg == TPM_ALG_SHA1 &&			// libtpms added begin
+        RuntimeProfileRequiresAttributeFlags(&g_RuntimeProfile,
+					     RUNTIME_ATTRIBUTE_NO_SHA1_HMAC_VERIFICATION))
+	return TPM_RC_HASH;							// libtpms added end
+
     test.sigAlg                 = signature->sigAlg;
     test.signature.hmac.hashAlg = signature->signature.hmac.hashAlg;
 
diff --git a/src/tpm2/RuntimeAttributes.c b/src/tpm2/RuntimeAttributes.c
index bf9b1397..f775d022 100644
--- a/src/tpm2/RuntimeAttributes.c
+++ b/src/tpm2/RuntimeAttributes.c
@@ -65,6 +65,8 @@ static const struct {
 	      7),
     ATTRIBUTE("no-sha1-hmac-creation", RUNTIME_ATTRIBUTE_NO_SHA1_HMAC_CREATION,
 	      7),
+    ATTRIBUTE("no-sha1-hmac-verification", RUNTIME_ATTRIBUTE_NO_SHA1_HMAC_VERIFICATION,
+	      7),
     ATTRIBUTE("fips-host", RUNTIME_ATTRIBUTE_NO_UNPADDED_ENCRYPTION |
 			   RUNTIME_ATTRIBUTE_NO_SHA1_SIGNING |
 			   RUNTIME_ATTRIBUTE_NO_SHA1_VERIFICATION,
diff --git a/src/tpm2/RuntimeAttributes_fp.h b/src/tpm2/RuntimeAttributes_fp.h
index 891bbb47..76406797 100644
--- a/src/tpm2/RuntimeAttributes_fp.h
+++ b/src/tpm2/RuntimeAttributes_fp.h
@@ -42,12 +42,13 @@
 #ifndef RUNTIME_ATTRIBUTES_H
 #define RUNTIME_ATTRIBUTES_H
 
-#define NUM_ENTRIES_ATTRIBUTE_PROPERTIES          5
+#define NUM_ENTRIES_ATTRIBUTE_PROPERTIES          6
 
 #define RUNTIME_ATTRIBUTE_NO_UNPADDED_ENCRYPTION  (1 << 0)
 #define RUNTIME_ATTRIBUTE_NO_SHA1_SIGNING         (1 << 1)
 #define RUNTIME_ATTRIBUTE_NO_SHA1_VERIFICATION    (1 << 2)
 #define RUNTIME_ATTRIBUTE_NO_SHA1_HMAC_CREATION   (1 << 3)
+#define RUNTIME_ATTRIBUTE_NO_SHA1_HMAC_VERIFICATION (1 << 4)
 
 struct RuntimeAttributes {
     /* */