diff --git a/tests/api-test-2.c b/tests/api-test-2.c
index 363e8219..bbe82b67 100644
--- a/tests/api-test-2.c
+++ b/tests/api-test-2.c
@@ -1239,7 +1239,7 @@ static void ResizeDeviceLuks2(void)
 	else
 		OK_(crypt_resize(cd, CDEVICE_1, 44));
 	// reinstate the volume key in keyring
-	OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, CRYPT_ACTIVATE_KEYRING_KEY));
+	OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
 	OK_(crypt_resize(cd, CDEVICE_1, 43));
 	if (!t_device_size(DMDIR CDEVICE_1, &r_size))
 		EQ_(43, r_size >> SECTOR_SHIFT);
@@ -2453,20 +2453,20 @@ static void Luks2Requirements(void)
 	FAIL_((r = crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, 0)), "Unmet requirements detected");
 	EQ_(r, -ETXTBSY);
 	OK_(crypt_activate_by_passphrase(cd, NULL, 0, "aaa", 3, 0));
-	OK_(crypt_activate_by_passphrase(cd, NULL, 0, "aaa", 3, CRYPT_ACTIVATE_KEYRING_KEY));
+	OK_(crypt_activate_by_passphrase(cd, NULL, 0, "aaa", 3, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
 	EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
 
 	/* crypt_activate_by_keyfile (restricted for activation only) */
 	FAIL_((r = crypt_activate_by_keyfile(cd, CDEVICE_1, 0, KEYFILE1, 0, 0)), "Unmet requirements detected");
 	EQ_(r, -ETXTBSY);
 	OK_(crypt_activate_by_keyfile(cd, NULL, 0, KEYFILE1, 0, 0));
-	OK_(crypt_activate_by_keyfile(cd, NULL, 0, KEYFILE1, 0, CRYPT_ACTIVATE_KEYRING_KEY));
+	OK_(crypt_activate_by_keyfile(cd, NULL, 0, KEYFILE1, 0, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
 
 	/* crypt_activate_by_volume_key (restricted for activation only) */
 	FAIL_((r = crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)), "Unmet requirements detected");
 	EQ_(r, -ETXTBSY);
 	OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
-	OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, CRYPT_ACTIVATE_KEYRING_KEY));
+	OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
 
 #ifdef KERNEL_KEYRING
 	kid = add_key("user", KEY_DESC_TEST0, "aaa", 3, KEY_SPEC_THREAD_KEYRING);
@@ -2479,7 +2479,7 @@ static void Luks2Requirements(void)
 	FAIL_((r = crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST0, 0, 0)), "Unmet requirements detected");
 	EQ_(r, -ETXTBSY);
 	OK_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 0, 0));
-	OK_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 0, CRYPT_ACTIVATE_KEYRING_KEY));
+	OK_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 0, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
 #endif
 
 	/* crypt_volume_key_verify (unrestricted) */
@@ -2566,7 +2566,7 @@ static void Luks2Requirements(void)
 	FAIL_((r = crypt_activate_by_token(cd, CDEVICE_1, 1, NULL, 0)), ""); // supposed to be silent
 	EQ_(r, -ETXTBSY);
 	OK_(crypt_activate_by_token(cd, NULL, 1, NULL, 0));
-	OK_(crypt_activate_by_token(cd, NULL, 1, NULL, CRYPT_ACTIVATE_KEYRING_KEY));
+	OK_(crypt_activate_by_token(cd, NULL, 1, NULL, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
 #endif
 	OK_(get_luks2_offsets(1, 8192, 0, 0, NULL, &r_payload_offset));
 	OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 2));
@@ -2635,7 +2635,7 @@ static void Luks2Requirements(void)
 
 	OK_(crypt_init_by_name(&cd, CDEVICE_1));
 	/* load VK in keyring */
-	OK_(crypt_activate_by_passphrase(cd, NULL, 0, "aaa", 3, CRYPT_ACTIVATE_KEYRING_KEY));
+	OK_(crypt_activate_by_passphrase(cd, NULL, 0, "aaa", 3, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
 	/* crypt_resize (restricted) */
 	FAIL_((r = crypt_resize(cd, CDEVICE_1, 1)), "Unmet requirements detected");
 	EQ_(r, -ETXTBSY);
diff --git a/tests/compat-test2 b/tests/compat-test2
index 2c133ffd..43d1e3da 100755
--- a/tests/compat-test2
+++ b/tests/compat-test2
@@ -23,8 +23,6 @@ PWD1="93R4P4pIqAH8"
 PWD2="mymJeD8ivEhE"
 PWD3="ocMakf3fAcQO"
 PWDW="rUkL4RUryBom"
-CHKS_DMCRYPT=vk_in_dmcrypt.chk
-CHKS_KEYRING=vk_in_keyring.chk
 TEST_KEYRING_NAME="compattest2_keyring"
 TEST_TOKEN0="compattest2_desc0"
 TEST_TOKEN1="compattest2_desc1"
@@ -47,7 +45,7 @@ function remove_mapping()
 	[ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove $DEV_NAME2
 	[ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME
 	losetup -d $LOOPDEV >/dev/null 2>&1
-	rm -f $ORIG_IMG $IMG $IMG10 $KEY1 $KEY2 $KEY5 $KEYE $HEADER_IMG $CHKS_DMCRYPT $CHKS_KEYRING $HEADER_KEYU >/dev/null 2>&1
+	rm -f $ORIG_IMG $IMG $IMG10 $KEY1 $KEY2 $KEY5 $KEYE $HEADER_IMG $HEADER_KEYU >/dev/null 2>&1
 
 	# unlink whole test keyring
 	[ -n "$TEST_KEYRING" ] && keyctl unlink $TEST_KEYRING "@u" >/dev/null
@@ -157,10 +155,13 @@ function dm_crypt_keyring_support()
 
 	VER_MAJ=$(echo $VER_STR | cut -f 1 -d.)
 	VER_MIN=$(echo $VER_STR | cut -f 2 -d.)
+	VER_PTC=$(echo $VER_STR | cut -f 3 -d.)
 
 	[ $VER_MAJ -gt 1 ] && return 0
 	[ $VER_MAJ -lt 1 ] && return 1
-	[ $VER_MIN -ge 15 ]
+	[ $VER_MIN -gt 18 ] && return 0
+	[ $VER_MIN -eq 18 -a $VER_PTC -ge 1 ] && return 0
+	return 1
 }
 
 function test_and_prepare_keyring() {
@@ -619,43 +620,29 @@ $CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" || fail
 $CRYPTSETUP -q convert --type luks1 $LOOPDEV || fail
 
-# FIXME: perhaps better to test in keyring-test script
 if dm_crypt_keyring_support; then
 	prepare "[32] LUKS2 key in keyring" wipe
-	dd if=/dev/zero of=$HEADER_IMG bs=1M count=4 >/dev/null 2>&1
-	which sha1sum > /dev/null 2>&1 || skip "sha1sum is missing"
 	echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG || fail
 	# check keyring support detection works as expected
 	rmmod dm-crypt > /dev/null 2>&1 || true
 	echo $PWD1 | $CRYPTSETUP open $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail
 	$CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "keyring" || fail
-	dd if=/dev/urandom of=/dev/mapper/$DEV_NAME bs=4k count=2500 oflag=direct > /dev/null 2>&1 || fail
-	sha1sum /dev/mapper/$DEV_NAME > $CHKS_KEYRING
+
 	$CRYPTSETUP close $DEV_NAME || fail
 	echo $PWD1 | $CRYPTSETUP open  $LOOPDEV --disable-keyring --header $HEADER_IMG $DEV_NAME || fail
 	$CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "dm-crypt" || fail
-	sha1sum /dev/mapper/$DEV_NAME > $CHKS_DMCRYPT
-	diff $CHKS_DMCRYPT $CHKS_KEYRING || fail
 	$CRYPTSETUP close $DEV_NAME || fail
 
 	echo $PWD1 | $CRYPTSETUP open $LOOPDEV --disable-keyring --header $HEADER_IMG $DEV_NAME || fail
-	dd if=/dev/urandom of=/dev/mapper/$DEV_NAME bs=4k count=2500 oflag=direct > /dev/null 2>&1 || fail
-	sha1sum /dev/mapper/$DEV_NAME > $CHKS_DMCRYPT
 	$CRYPTSETUP luksSuspend $DEV_NAME || fail
 	echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail
 	$CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "keyring" || fail
-	sha1sum /dev/mapper/$DEV_NAME > $CHKS_KEYRING
-	diff $CHKS_DMCRYPT $CHKS_KEYRING || fail
 	$CRYPTSETUP close $DEV_NAME || fail
 
 	echo $PWD1 | $CRYPTSETUP open $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail
-	dd if=/dev/urandom of=/dev/mapper/$DEV_NAME bs=4k count=2500 oflag=direct > /dev/null 2>&1 || fail
-	sha1sum /dev/mapper/$DEV_NAME > $CHKS_KEYRING
 	$CRYPTSETUP luksSuspend $DEV_NAME || fail
 	echo $PWD1 | $CRYPTSETUP luksResume --disable-keyring $DEV_NAME --header $HEADER_IMG || fail
 	$CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "dm-crypt" || fail
-	sha1sum /dev/mapper/$DEV_NAME > $CHKS_DMCRYPT
-	diff $CHKS_DMCRYPT $CHKS_KEYRING || fail
 	$CRYPTSETUP close $DEV_NAME || fail
 fi
 
diff --git a/tests/keyring-compat-test b/tests/keyring-compat-test
index ee046660..4b3a5c67 100755
--- a/tests/keyring-compat-test
+++ b/tests/keyring-compat-test
@@ -67,6 +67,8 @@ function dm_crypt_keyring_support()
 	VER_MAJ=$(echo $VER_STR | cut -f 1 -d.)
 	VER_MIN=$(echo $VER_STR | cut -f 2 -d.)
 
+	# run the test with dm-crypt v1.15.0+ on purpose
+	# the fix is in dm-crypt v1.18.1+
 	[ $VER_MAJ -gt 1 ] && return 0
 	[ $VER_MAJ -lt 1 ] && return 1
 	[ $VER_MIN -ge 15 ]
diff --git a/tests/test_utils.c b/tests/test_utils.c
index f8f6f9d4..a1e1441a 100644
--- a/tests/test_utils.c
+++ b/tests/test_utils.c
@@ -286,15 +286,15 @@ int _system(const char *command, int warn)
 	return r;
 }
 
-static int t_dm_satisfies_version(unsigned target_maj, unsigned target_min,
-				 unsigned actual_maj, unsigned actual_min)
+static int t_dm_satisfies_version(unsigned target_maj, unsigned target_min, unsigned target_patch,
+				 unsigned actual_maj, unsigned actual_min, unsigned actual_patch)
 {
 	if (actual_maj > target_maj)
 		return 1;
-
-	if (actual_maj == target_maj && actual_min >= target_min)
+	if (actual_maj == target_maj && actual_min > target_min)
+		return 1;
+	if (actual_maj == target_maj && actual_min == target_min && actual_patch >= target_patch)
 		return 1;
-
 	return 0;
 }
 
@@ -309,30 +309,30 @@ static void t_dm_set_crypt_compat(const char *dm_version, unsigned crypt_maj,
 		dm_patch = 0;
 	}
 
-	if (t_dm_satisfies_version(1, 2, crypt_maj, crypt_min))
+	if (t_dm_satisfies_version(1, 2, 0, crypt_maj, crypt_min, 0))
 		t_dm_crypt_flags |= T_DM_KEY_WIPE_SUPPORTED;
 
-	if (t_dm_satisfies_version(1, 10, crypt_maj, crypt_min))
+	if (t_dm_satisfies_version(1, 10, 0, crypt_maj, crypt_min, 0))
 		t_dm_crypt_flags |= T_DM_LMK_SUPPORTED;
 
-	if (t_dm_satisfies_version(4, 20, dm_maj, dm_min))
+	if (t_dm_satisfies_version(4, 20, 0, dm_maj, dm_min, 0))
 		t_dm_crypt_flags |= T_DM_SECURE_SUPPORTED;
 
-	if (t_dm_satisfies_version(1, 8, crypt_maj, crypt_min))
+	if (t_dm_satisfies_version(1, 8, 0, crypt_maj, crypt_min, 0))
 		t_dm_crypt_flags |= T_DM_PLAIN64_SUPPORTED;
 
-	if (t_dm_satisfies_version(1, 11, crypt_maj, crypt_min))
+	if (t_dm_satisfies_version(1, 11, 0, crypt_maj, crypt_min, 0))
 		t_dm_crypt_flags |= T_DM_DISCARDS_SUPPORTED;
 
-	if (t_dm_satisfies_version(1, 13, crypt_maj, crypt_min))
+	if (t_dm_satisfies_version(1, 13, 0, crypt_maj, crypt_min, 0))
 		t_dm_crypt_flags |= T_DM_TCW_SUPPORTED;
 
-	if (t_dm_satisfies_version(1, 14, crypt_maj, crypt_min)) {
+	if (t_dm_satisfies_version(1, 14, 0, crypt_maj, crypt_min, 0)) {
 		t_dm_crypt_flags |= T_DM_SAME_CPU_CRYPT_SUPPORTED;
 		t_dm_crypt_flags |= T_DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED;
 	}
 
-	if (t_dm_satisfies_version(1, 15, crypt_maj, crypt_min))
+	if (t_dm_satisfies_version(1, 18, 1, crypt_maj, crypt_min, crypt_patch))
 		t_dm_crypt_flags |= T_DM_KERNEL_KEYRING_SUPPORTED;
 }
 
@@ -349,7 +349,7 @@ static void t_dm_set_verity_compat(const char *dm_version, unsigned verity_maj,
 	 * (but some dm-verity targets 1.2 don't support it)
 	 * FEC is added in 1.3 as well.
 	 */
-	if (t_dm_satisfies_version(1, 3, verity_maj, verity_min)) {
+	if (t_dm_satisfies_version(1, 3, 0, verity_maj, verity_min, 0)) {
 		t_dm_crypt_flags |= T_DM_VERITY_ON_CORRUPTION_SUPPORTED;
 		t_dm_crypt_flags |= T_DM_VERITY_FEC_SUPPORTED;
 	}