diff --git a/security-framework/Cargo.toml b/security-framework/Cargo.toml
index db880f53..19c441f6 100644
--- a/security-framework/Cargo.toml
+++ b/security-framework/Cargo.toml
@@ -18,7 +18,7 @@ rust-version = "1.60"
 security-framework-sys = { version = "2.10.0", default-features = false, path = "../security-framework-sys" }
 core-foundation = "0.9.3"
 core-foundation-sys = "0.8.3"
-bitflags = "1.3.2"
+bitflags = "2"
 libc = "0.2.139"
 log = { version = "0.4.17", optional = true }
 num-bigint = { version = "0.4.3", optional = true }
diff --git a/security-framework/src/authorization.rs b/security-framework/src/authorization.rs
index 923be0be..762addb6 100644
--- a/security-framework/src/authorization.rs
+++ b/security-framework/src/authorization.rs
@@ -44,6 +44,7 @@ macro_rules! cstring_or_err {
 
 bitflags::bitflags! {
     /// The flags used to specify authorization options.
+    #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
     pub struct Flags: sys::AuthorizationFlags {
         /// An empty flag set that you use as a placeholder when you don't want
         /// any of the other flags.
diff --git a/security-framework/src/os/macos/code_signing.rs b/security-framework/src/os/macos/code_signing.rs
index 6bfc4749..b42917c1 100644
--- a/security-framework/src/os/macos/code_signing.rs
+++ b/security-framework/src/os/macos/code_signing.rs
@@ -31,6 +31,7 @@ bitflags::bitflags! {
 
     /// Values that can be used in the flags parameter to most code signing
     /// functions.
+    #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
     pub struct Flags: u32 {
         /// Use the default behaviour.
         const NONE = 0;
diff --git a/security-framework/src/passwords_options.rs b/security-framework/src/passwords_options.rs
index 55baf069..7d85d01c 100644
--- a/security-framework/src/passwords_options.rs
+++ b/security-framework/src/passwords_options.rs
@@ -17,6 +17,7 @@ pub struct PasswordOptions {
 
 bitflags::bitflags! {
     /// The option flags used to configure the evaluation of a `SecAccessControl`.
+    #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
     pub struct AccessControlOptions: CFOptionFlags {
         /** Constraint to access an item with either biometry or passcode. */
         const USER_PRESENCE = kSecAccessControlUserPresence;
diff --git a/security-framework/src/policy.rs b/security-framework/src/policy.rs
index 35c9ac7d..1669194d 100644
--- a/security-framework/src/policy.rs
+++ b/security-framework/src/policy.rs
@@ -33,6 +33,7 @@ impl fmt::Debug for SecPolicy {
 #[cfg(any(feature = "OSX_10_9", target_os = "ios", target_os = "tvos", target_os = "watchos"))]
 bitflags::bitflags! {
     /// The flags used to specify revocation policy options.
+    #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
     pub struct RevocationPolicy: CFOptionFlags {
         /// Perform revocation checking using OCSP (Online Certificate Status Protocol).
         const OCSP_METHOD = kSecRevocationOCSPMethod;
diff --git a/security-framework/src/trust.rs b/security-framework/src/trust.rs
index a8789462..781c23cd 100644
--- a/security-framework/src/trust.rs
+++ b/security-framework/src/trust.rs
@@ -67,6 +67,7 @@ unsafe impl Send for SecTrust {}
 #[cfg(target_os = "macos")]
 bitflags::bitflags! {
     /// The option flags used to configure the evaluation of a `SecTrust`.
+    #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
     pub struct TrustOptions: SecTrustOptionFlags {
         /// Allow expired certificates (except for the root certificate).
         const ALLOW_EXPIRED = kSecTrustOptionAllowExpired;