diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/Manifest b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/Manifest
new file mode 100644
index 0000000000..f9743f2103
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/Manifest
@@ -0,0 +1,3 @@
+DIST tpm2-tools-5.2.tar.gz 1072078 BLAKE2B 27d035e0f44029db57477a1fd10e1cee9b470ad54411297985cb7f33ba7bbb7a94ac392815e32287d69abf928dce0c361703542b812ae88b208ddca645bb3be2 SHA512 9fb5dc298717a8a57c89d286e3590370a096c81b14d2d8d4eb5fca140d66148a8e24727ee04fb02057bbfcc3ede50e93ba0ef22396888c9df48bf6f42a5d6e6b
+DIST tpm2-tools-5.4.tar.gz 1241132 BLAKE2B 21406ec61de19db49f1dd1ff9648e1b0a9ae2647df2ce290acca40c2fc54464e3c8a744afdbc9314ca731869ac974a7863e2bea3c70df844a972501a5b7973f2 SHA512 8d7802b85bd26b6efa0ed6be73b917b907bb7b424ff7d07e46e5574dfdd9d46ea2d7727904ebaba4651c8d1249cd52a7dc6dff8e9635666c8d97ca7c337a0396
+DIST tpm2-tools-5.5.tar.gz 1241390 BLAKE2B 2225f9e0835988351f84ed06f914616e25fd65bacaa93b51d0bb04185314efb9a6f60eb3539b250f54b2c2ba590f1b76594df3e625e45c8d37e38d13371bea26 SHA512 24f72a3e9840d531d900e96771a863baae1c71a76fcad0fda8020dff06acd8e3b65b86401ace21f034766403caf9ae97ce710ff6013bb7ed25657a6ecf325470
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.1.1-no-efivar-automagic.patch b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.1.1-no-efivar-automagic.patch
new file mode 100644
index 0000000000..25f3ef43fe
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.1.1-no-efivar-automagic.patch
@@ -0,0 +1,34 @@
+https://bugs.gentoo.org/812047
+
+From 0cea7f0f78f1a9e8dca789eb5f2ece052e026bed Mon Sep 17 00:00:00 2001
+From: Christopher Byrne <salah.coronya@gmail.com>
+Date: Tue, 7 Sep 2021 20:22:27 -0500
+Subject: [PATCH] configure.ac: Fix automagic depency on libefivar
+
+Signed-off-by: Christopher Byrne <salah.coronya@gmail.com>
+---
+ configure.ac | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index f1c17116..bdb4abda 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -62,8 +62,12 @@ PKG_CHECK_MODULES([CRYPTO], [libcrypto >= 1.1.0])
+ PKG_CHECK_MODULES([CURL], [libcurl])
+ 
+ # pretty print of devicepath if efivar library is present
+-PKG_CHECK_MODULES([EFIVAR], [efivar],,[true])
+-AC_CHECK_HEADERS([efivar/efivar.h])
++AC_ARG_WITH([efivar], AS_HELP_STRING([--without-efivar], [Build without efivar library (default: test)]))
++
++AS_IF([test "x$with_efivar" != "xno"], [
++	PKG_CHECK_MODULES([EFIVAR], [efivar])
++	AC_CHECK_HEADERS([efivar/efivar.h])
++])
+ 
+ # backwards compat with older pkg-config
+ # - pull in AC_DEFUN from pkg.m4
+-- 
+2.32.0
+
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.2-testparms-fix-condition-for-negative-test.patch b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.2-testparms-fix-condition-for-negative-test.patch
new file mode 100644
index 0000000000..e1094647bd
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.2-testparms-fix-condition-for-negative-test.patch
@@ -0,0 +1,33 @@
+From 3d80fad66694ad14a58dd89204a25e9248c4ab0c Mon Sep 17 00:00:00 2001
+From: Jonas Witschel <git@diabonas.de>
+Date: Wed, 29 Sep 2021 17:08:07 +0200
+Subject: [PATCH] testparms: fix condition for negative test
+
+Commit e858dec76686bb4c42e74e0984b433231e530f93 ("testparms: ensure curve not
+supported before negative test") is supposed to ensure that the negative test
+is run only if ecc521 is *not* supported, but instead it runs the negative test
+if ecc521 is *available*. This worked anyway for libtpms < 0.9.0 because camellia
+was not supported, but since libtpms 0.9.0 added support for this algorithm, the
+test suite fails now with swtpm.
+
+Signed-off-by: Jonas Witschel <git@diabonas.de>
+---
+ test/integration/tests/testparms.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/integration/tests/testparms.sh b/test/integration/tests/testparms.sh
+index 8c3548e5..a587a60a 100644
+--- a/test/integration/tests/testparms.sh
++++ b/test/integration/tests/testparms.sh
+@@ -63,7 +63,7 @@ else
+ fi
+ 
+ # Attempt to specify a suite that is not supported (error from TPM)
+-if tpm2 getcap ecc-curves | grep -q TPM2_ECC_NIST_P521; then
++if ! tpm2 getcap ecc-curves | grep -q TPM2_ECC_NIST_P521; then
+     if tpm2 testparms "ecc521:ecdsa:camellia" &>/dev/null; then
+         echo "tpm2 testparms succeeded while it shouldn't or TPM failed"
+         exit 1
+-- 
+2.32.0
+
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/metadata.xml b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/metadata.xml
new file mode 100644
index 0000000000..655f63bb3d
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/metadata.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person" proxied="yes">
+		<email>salah.coronya@gmail.com</email>
+		<name>Christopher Byrne</name>
+	</maintainer>
+	<maintainer type="project" proxied="proxy">
+		<email>proxy-maint@gentoo.org</email>
+		<name>Proxy Maintainers</name>
+	</maintainer>
+	<use>
+		<flag name="fapi">Enable feature API tools</flag>
+	</use>
+	<upstream>
+		<remote-id type="github">tpm2-software/tpm2-tools</remote-id>
+	</upstream>
+</pkgmetadata>
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.2-r1.ebuild b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.2-r1.ebuild
new file mode 100644
index 0000000000..b51e5b4b83
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.2-r1.ebuild
@@ -0,0 +1,76 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{9..11} )
+inherit autotools bash-completion-r1 flag-o-matic python-any-r1
+
+DESCRIPTION="Tools for the TPM 2.0 TSS"
+HOMEPAGE="https://github.com/tpm2-software/tpm2-tools"
+SRC_URI="https://github.com/tpm2-software/tpm2-tools/releases/download/${PV}/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="amd64 arm arm64 ppc64 x86"
+IUSE="+fapi test"
+
+RESTRICT="!test? ( test )"
+
+RDEPEND=">=app-crypt/tpm2-tss-3.0.1:=[fapi?]
+	dev-libs/openssl:=
+	net-misc/curl
+	sys-libs/efivar:="
+DEPEND="${RDEPEND}
+	test? (
+		app-crypt/swtpm
+		app-crypt/tpm2-abrmd
+		dev-util/cmocka
+	)"
+BDEPEND="virtual/pkgconfig
+	sys-devel/autoconf-archive
+	test? (
+		app-editors/vim-core
+		dev-tcltk/expect
+		$(python_gen_any_dep 'dev-python/pyyaml[${PYTHON_USEDEP}]')
+	)
+	${PYTHON_DEPS}"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-5.1.1-no-efivar-automagic.patch"
+	"${FILESDIR}/${PN}-5.2-testparms-fix-condition-for-negative-test.patch"
+)
+
+python_check_deps() {
+	python_has_version "dev-python/pyyaml[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+	use test && python-any-r1_pkg_setup
+}
+
+src_prepare() {
+	default
+	sed -i \
+	"s/m4_esyscmd_s(\[git describe --tags --always --dirty\])/${PV}/" \
+		"configure.ac" || die
+	"./scripts/utils/man_to_bashcompletion.sh" || die
+	eautoreconf
+}
+
+src_configure() {
+	# tests fail with LTO enabbled. See bug 865275 and 865277
+	filter-lto
+	econf \
+		$(use_enable fapi) \
+		$(use_enable test unit) \
+		--with-bashcompdir=$(get_bashcompdir) \
+		--enable-hardening
+}
+
+src_install() {
+	default
+	mv "${ED}"/$(get_bashcompdir)/tpm2{_completion.bash,} || die
+	local utils=( "${ED}"/usr/bin/tpm2_* )
+	bashcomp_alias tpm2 "${utils[@]##*/}"
+}
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.4.ebuild b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.4.ebuild
new file mode 100644
index 0000000000..c6a8bf53ee
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.4.ebuild
@@ -0,0 +1,62 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{9..11} )
+inherit bash-completion-r1 flag-o-matic python-any-r1
+
+DESCRIPTION="Tools for the TPM 2.0 TSS"
+HOMEPAGE="https://github.com/tpm2-software/tpm2-tools"
+SRC_URI="https://github.com/tpm2-software/tpm2-tools/releases/download/${PV}/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="amd64 arm arm64 ppc64 x86"
+IUSE="+fapi test"
+
+RESTRICT="!test? ( test )"
+
+RDEPEND=">=app-crypt/tpm2-tss-3.0.1:=[fapi?]
+	dev-libs/openssl:=
+	net-misc/curl
+	sys-libs/efivar:="
+DEPEND="${RDEPEND}
+	test? (
+		app-crypt/swtpm
+		app-crypt/tpm2-abrmd
+		dev-util/cmocka
+	)"
+BDEPEND="virtual/pkgconfig
+	sys-devel/autoconf-archive
+	test? (
+		app-editors/vim-core
+		dev-tcltk/expect
+		$(python_gen_any_dep 'dev-python/pyyaml[${PYTHON_USEDEP}]')
+	)
+	${PYTHON_DEPS}"
+
+python_check_deps() {
+	python_has_version "dev-python/pyyaml[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+        use test && python-any-r1_pkg_setup
+}
+
+src_configure() {
+	# tests fail with LTO enabbled. See bug 865275 and 865277
+	filter-lto
+	econf \
+		$(use_enable fapi) \
+		$(use_enable test unit) \
+		--with-bashcompdir=$(get_bashcompdir) \
+		--enable-hardening
+}
+
+src_install() {
+	default
+	mv "${ED}"/$(get_bashcompdir)/tpm2{_completion.bash,} || die
+	local utils=( "${ED}"/usr/bin/tpm2_* )
+	bashcomp_alias tpm2 "${utils[@]##*/}"
+}
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.5.ebuild b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.5.ebuild
new file mode 100644
index 0000000000..98c2668e4d
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.5.ebuild
@@ -0,0 +1,66 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{9..11} )
+inherit bash-completion-r1 flag-o-matic python-any-r1
+
+DESCRIPTION="Tools for the TPM 2.0 TSS"
+HOMEPAGE="https://github.com/tpm2-software/tpm2-tools"
+SRC_URI="https://github.com/tpm2-software/tpm2-tools/releases/download/${PV}/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="amd64 arm arm64 ppc64 x86"
+IUSE="+fapi test"
+
+RESTRICT="!test? ( test )"
+
+RDEPEND=">=app-crypt/tpm2-tss-3.0.1:=[fapi?]
+	dev-libs/openssl:=
+	net-misc/curl
+	sys-libs/efivar:="
+DEPEND="${RDEPEND}
+	test? (
+		app-crypt/swtpm
+		app-crypt/tpm2-abrmd
+		dev-util/cmocka
+	)"
+BDEPEND="virtual/pkgconfig
+	sys-devel/autoconf-archive
+	test? (
+		app-editors/vim-core
+		dev-tcltk/expect
+		$(python_gen_any_dep 'dev-python/pyyaml[${PYTHON_USEDEP}]')
+	)
+	${PYTHON_DEPS}"
+
+python_check_deps() {
+	python_has_version "dev-python/pyyaml[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+	use test && python-any-r1_pkg_setup
+}
+
+src_configure() {
+	# tests fail with LTO enabbled. See bug 865275 and 865277
+	filter-lto
+	econf \
+		$(use_enable fapi) \
+		$(use_enable test unit) \
+		--with-bashcompdir=$(get_bashcompdir) \
+		--enable-hardening
+}
+
+src_install() {
+	default
+	mv "${ED}"/$(get_bashcompdir)/tpm2{_completion.bash,} || die
+	local utils=( "${ED}"/usr/bin/tpm2_* )
+	utils=("${utils[@]##*/}")
+	# these utiltites don't have bash completions
+	local nobashcomp=( tpm2_encodeobject tpm2_getpolicydigest tpm2_sessionconfig )
+	mapfile -d $'\0' -t utils < <(printf '%s\0' "${utils[@]}" | grep -Ezvw "${nobashcomp[@]/#/-e}")
+	bashcomp_alias tpm2 "${utils[@]}"
+}