diff --git a/man/integritytab.xml b/man/integritytab.xml
index 196ae2fc97..8b2aea70f7 100644
--- a/man/integritytab.xml
+++ b/man/integritytab.xml
@@ -56,7 +56,7 @@
     <para>The third field if present contains an absolute filename path to a key file or a <literal>-</literal>
     to specify none.  When the filename is present, the "integrity-algorithm" defaults to <literal>hmac-sha256</literal>
     with the key length derived from the number of bytes in the key file.  At this time the only supported integrity algorithms
-    when using key file are hmac-sha256 and hmac-sha512.  The maximum size of the key file is 4096 bytes.
+    when using key file are hmac-sha256, hmac-sha512, phmac-sha256, and hmac-sha512.  The maximum size of the key file is 4096 bytes.
     </para>
 
      <para>The fourth field, if present, is a comma-delimited list of options or a <literal>-</literal> to specify none. The following options are
@@ -125,7 +125,7 @@
       </varlistentry>
 
       <varlistentry>
-        <term><option>integrity-algorithm=[crc32c|crc32|xxhash64|sha1|sha256|hmac-sha256|hmac-sha512]</option></term>
+        <term><option>integrity-algorithm=[crc32c|crc32|xxhash64|sha1|sha256|hmac-sha256|hmac-sha512|phmac-sha256|phmac-sha512]</option></term>
 
         <listitem><para>
         The algorithm used for integrity checking.  The default is crc32c. Must match option used during format.
diff --git a/src/integritysetup/integrity-util.c b/src/integritysetup/integrity-util.c
index 94ff62bf76..7e52f5c0dc 100644
--- a/src/integritysetup/integrity-util.c
+++ b/src/integritysetup/integrity-util.c
@@ -11,7 +11,7 @@
 #include "time-util.h"
 
 static int supported_integrity_algorithm(char *user_supplied) {
-        if (!STR_IN_SET(user_supplied, "crc32", "crc32c", "xxhash64", "sha1", "sha256", "hmac-sha256", "hmac-sha512"))
+        if (!STR_IN_SET(user_supplied, "crc32", "crc32c", "xxhash64", "sha1", "sha256", "hmac-sha256", "hmac-sha512", "phmac-sha256", "phmac-sha512"))
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Unsupported integrity algorithm (%s)", user_supplied);
         return 0;
 }
diff --git a/src/integritysetup/integrity-util.h b/src/integritysetup/integrity-util.h
index 4347a0ac7e..5cc7e42de9 100644
--- a/src/integritysetup/integrity-util.h
+++ b/src/integritysetup/integrity-util.h
@@ -13,4 +13,6 @@ int parse_integrity_options(
 
 #define DM_HMAC_256 "hmac(sha256)"
 #define DM_HMAC_512 "hmac(sha512)"
+#define DM_PHMAC_256 "phmac(sha256)"
+#define DM_PHMAC_512 "phmac(sha512)"
 #define DM_MAX_KEY_SIZE 4096            /* Maximum size of key allowed for dm-integrity */
diff --git a/src/integritysetup/integritysetup.c b/src/integritysetup/integritysetup.c
index c55535febb..6bb3958fc6 100644
--- a/src/integritysetup/integritysetup.c
+++ b/src/integritysetup/integritysetup.c
@@ -79,6 +79,10 @@ static const char *integrity_algorithm_select(const void *key_file_buf) {
                         return DM_HMAC_256;
                 if (streq("hmac-sha512", arg_integrity_algorithm))
                         return DM_HMAC_512;
+                if (streq("phmac-sha256", arg_integrity_algorithm))
+                        return DM_PHMAC_256;
+                if (streq("phmac-sha512", arg_integrity_algorithm))
+                        return DM_PHMAC_512;
                 return arg_integrity_algorithm;
         } else if (key_file_buf)
                 return DM_HMAC_256;