diff --git a/backport-0001-Fix-aesmd-service-permission-in-linksgx.sh.-736.patch b/backport-0001-Fix-aesmd-service-permission-in-linksgx.sh.-736.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a9b250065626a3754a9850d4ae764809a56f14e5
--- /dev/null
+++ b/backport-0001-Fix-aesmd-service-permission-in-linksgx.sh.-736.patch
@@ -0,0 +1,45 @@
+From 71211efb54e007c2f848db16e9ed7649dbce9c15 Mon Sep 17 00:00:00 2001
+From: Guorui Yu <yuguorui@pku.edu.cn>
+Date: Wed, 5 Jan 2022 15:52:19 +0800
+Subject: [PATCH] Fix aesmd service permission in linksgx.sh. (#736)
+
+This commit ensures that no matter what the order of package installation is,
+aesmd can have access to the sgx_provision device file.
+
+Signed-off-by: yuguorui <yuguorui@pku.edu.cn>
+---
+ .../common/sgx-aesm-service/linksgx.sh         | 18 +++++++++++++++---
+ 1 file changed, 15 insertions(+), 3 deletions(-)
+
+diff --git a/linux/installer/common/sgx-aesm-service/linksgx.sh b/linux/installer/common/sgx-aesm-service/linksgx.sh
+index 79eb9e79..5fd7282c 100755
+--- a/linux/installer/common/sgx-aesm-service/linksgx.sh
++++ b/linux/installer/common/sgx-aesm-service/linksgx.sh
+@@ -35,9 +35,21 @@ if test $(id -u) -ne 0; then
+     exit 1
+ fi
+ 
+-/usr/bin/getent group sgx_prv &> /dev/null
+-if [ $? == "0" ]; then
+-    /usr/sbin/usermod -aG sgx_prv aesmd &> /dev/null
++if [ -c /dev/sgx_provision -o -c /dev/sgx/provision ]; then
++    getent group sgx_prv &> /dev/null
++    if [ "$?" != "0" ]; then
++        # Add sgx_prv for dcap driver, which ensures that no matter what 
++        # the order of package installation, aesmd can have access to 
++        # the sgx_provision device file.
++        groupadd sgx_prv
++
++        if ! which udevadm &> /dev/null; then
++            exit 0
++        fi
++        udevadm control --reload || :
++        udevadm trigger || :
++    fi
++    usermod -aG sgx_prv aesmd &> /dev/null
+ fi
+ 
+ echo
+-- 
+2.37.3.windows.1
+
diff --git a/linux-sgx.spec b/linux-sgx.spec
index 98b2027014c4721a3a0d7730ea809233001e32d2..9bc47c2237431f2888710b22f05a9c7b2b4c9db2 100644
--- a/linux-sgx.spec
+++ b/linux-sgx.spec
@@ -1,6 +1,6 @@
 Name:           linux-sgx
 Version:        2.15.1
-Release:        8
+Release:        9
 Summary:        Intel(R) Software Guard Extensions for Linux* OS
 ExclusiveArch:	x86_64
 License:        BSD-3-Clause
@@ -31,6 +31,8 @@ Patch9:         backport-CVE-2022-2097-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-N
 Patch10:        DCAP-disabling-the-rpatch-option.patch
 Patch11:        add-strip-compilation-option-for-pck-id-retrieval-tool.patch
 
+Patch6000:      backport-0001-Fix-aesmd-service-permission-in-linksgx.sh.-736.patch
+
 BuildRequires:  gcc-c++ protobuf-devel libtool ocaml-ocamlbuild openssl openssl-devel cmake python curl-devel createrepo_c git nasm
 
 Requires:       glibc 
@@ -1032,6 +1034,9 @@ fi
 %files -n libsgx-headers -f %{LINUX_INSTALLER_RPM_DIR}/libsgx-headers/build/list-libsgx-headers
 
 %changelog
+* Fri Jan 6 2023 mengwenhua <mengwenhua@xfusion.com> - 2.15.1-9
+- Fix aesmd service permission in linksgx.sh.
+
 * Sat Sep 24 2022 wangyu <wangyu283@huawei.com> - 2.15.1-8
 - The postun script should distinguish uninstall and upgrade scenarios