diff --git a/SOURCES/redhatsecureboot301.cer b/SOURCES/redhatsecureboot301.cer
new file mode 100644
index 0000000000000000000000000000000000000000..4ff8b79e6736e566dbf39603e0887a53345aa4e4
Binary files /dev/null and b/SOURCES/redhatsecureboot301.cer differ
diff --git a/SOURCES/redhatsecureboot502.cer b/SOURCES/redhatsecureboot502.cer
new file mode 100644
index 0000000000000000000000000000000000000000..be0b5e211ccf8ad7ba74c88841c921cfdbad5a70
Binary files /dev/null and b/SOURCES/redhatsecureboot502.cer differ
diff --git a/SOURCES/redhatsecureboot601.cer b/SOURCES/redhatsecureboot601.cer
new file mode 100644
index 0000000000000000000000000000000000000000..c92b96b4e0d360b90333361ea61f565f196ea20e
Binary files /dev/null and b/SOURCES/redhatsecureboot601.cer differ
diff --git a/SOURCES/redhatsecurebootca3.cer b/SOURCES/redhatsecurebootca3.cer
new file mode 100644
index 0000000000000000000000000000000000000000..b2354007b9668258683b99a68fa5bdd3067c31b1
Binary files /dev/null and b/SOURCES/redhatsecurebootca3.cer differ
diff --git a/SOURCES/redhatsecurebootca5.cer b/SOURCES/redhatsecurebootca5.cer
new file mode 100644
index 0000000000000000000000000000000000000000..dfb0284954861282d1a0ce16c8c5cdc71c27659f
Binary files /dev/null and b/SOURCES/redhatsecurebootca5.cer differ
diff --git a/SOURCES/rocky-grub2.cer b/SOURCES/rocky-grub2.cer
new file mode 100644
index 0000000000000000000000000000000000000000..d59b444a9a3150a958b9f29001c052d4bf52ce63
--- /dev/null
+++ b/SOURCES/rocky-grub2.cer
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFIDCCBAigAwIBAgIBEDANBgkqhkiG9w0BAQsFADCB1DELMAkGA1UEBhMCVVMx
+ETAPBgNVBAgMCERlbGF3YXJlMQ4wDAYDVQQHDAVEb3ZlcjEtMCsGA1UECgwkUm9j
+a3kgRW50ZXJwcmlzZSBTb2Z0d2FyZSBGb3VuZGF0aW9uMSEwHwYDVQQLDBhSZWxl
+YXNlIGVuZ2luZWVyaW5nIHRlYW0xKDAmBgNVBAMMH1JvY2t5IExpbnV4IFNlY3Vy
+ZSBCb290IFJvb3QgQ0ExJjAkBgkqhkiG9w0BCQEWF3NlY3VyaXR5QHJvY2t5bGlu
+dXgub3JnMB4XDTIzMDQxMjE4NTEzNVoXDTI0MDQxMTE4NTEzNVowgdcxCzAJBgNV
+BAYTAlVTMREwDwYDVQQIDAhEZWxhd2FyZTEOMAwGA1UEBwwFRG92ZXIxLTArBgNV
+BAoMJFJvY2t5IEVudGVycHJpc2UgU29mdHdhcmUgRm91bmRhdGlvbjEhMB8GA1UE
+CwwYUmVsZWFzZSBlbmdpbmVlcmluZyB0ZWFtMSswKQYDVQQDDCJSb2NreSBMaW51
+eCBHcnViMiBTaWduaW5nIENlcnQgMTAxMSYwJAYJKoZIhvcNAQkBFhdzZWN1cml0
+eUByb2NreWxpbnV4Lm9yZzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGB
+AKEKwTtr/yXELMOB+o+6K7zN39wXDCyxHxIDLD2ykcdVkUAhfC2Du32dLl+R8A0D
+7x8EL1dpI6R2/zswS02LVmq+x3M9OdGfWSHm7UjBPcTe2p0BrGEYpjdMnwt56Eod
+x5hnxrYuNJS+bHaSzBvNzYYRlrSFX81MbUioIZR8GpNnQafZ4+jdjt1lunO7r3TS
+pAAjt1ufoPJKV0dbzdBLtS4ZbM1E3pvSfJWDq7zaT4mMzE4OmroxmA2J0kObhSgP
+7ZMwal6L9jqdO/HEYrFAn1tRI2SPpA4vHzykdUo5L+buFdvmv1kZN5klK9waR9Dt
+b4jeXNnKCxR1nj+yCvdgVfpswPaG7bx/oc5tUqjMwop4gRjcRCXdzbqjtXKL0enk
+KVpOd+SlqUPs++CSIhsq0TgzoUhlqDpXLvshm923iunQUgIpvqy9aadYIuykdG8G
+HjxKUATyQXp6PWkfcchw9ziB7y71QFqExCOM11XUPyofS1/7tDrwWiEjzTUJq03n
+BQIDAQABo3gwdjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAWBgNVHSUB
+Af8EDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUJ2TmruR7d3s5uJRoef2ecK9mVsEw
+HwYDVR0jBBgwFoAUTCxr19ZO6BWByrjphmYfZeIWb8QwDQYJKoZIhvcNAQELBQAD
+ggEBABon0rPo9bhkNeiIrbTECZs9Pb99EIUZvZV0uL2XKEoFRTmX1fSslR+24ZUp
+CLrf+q/VSL8OxrYorG0TrsbjeWp94ywicDS+3ro0z9hne3cKF+DYDRLJRS/ls0uo
+n/DK3UTBHa6uWO0akv9CSrWWVveiPX/Yf0SnUWpLFX8yPof8Jm2ggFrIpV9gy1ao
+j/AKG1b+MrUvmHc9pyNGlXlqtoHQq/cEv5yBv6Ntn5I3ve5IP3/YapqcLSa9Vide
+jkwEcKJHuew+825TCbNGTS04WMKxqYni3vZK/0sDhfa7Avlfg160CmmCGVBMnMU/
+v3/fdSLoITZrdgNRoZAexkAdVDM=
+-----END CERTIFICATE-----
diff --git a/SOURCES/rocky-root-ca.cer b/SOURCES/rocky-root-ca.cer
new file mode 100644
index 0000000000000000000000000000000000000000..ccf14de6827caa25d615043dcef46f5506a93243
--- /dev/null
+++ b/SOURCES/rocky-root-ca.cer
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIElTCCA32gAwIBAgIUEGxXHO6vKSTAqoXlqrSFQpqx2IYwDQYJKoZIhvcNAQEL
+BQAwgdQxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhEZWxhd2FyZTEOMAwGA1UEBwwF
+RG92ZXIxLTArBgNVBAoMJFJvY2t5IEVudGVycHJpc2UgU29mdHdhcmUgRm91bmRh
+dGlvbjEhMB8GA1UECwwYUmVsZWFzZSBlbmdpbmVlcmluZyB0ZWFtMSgwJgYDVQQD
+DB9Sb2NreSBMaW51eCBTZWN1cmUgQm9vdCBSb290IENBMSYwJAYJKoZIhvcNAQkB
+FhdzZWN1cml0eUByb2NreWxpbnV4Lm9yZzAeFw0yMTA2MjAxNTA1MDFaFw0zMTA2
+MTgxNTA1MDFaMIHUMQswCQYDVQQGEwJVUzERMA8GA1UECAwIRGVsYXdhcmUxDjAM
+BgNVBAcMBURvdmVyMS0wKwYDVQQKDCRSb2NreSBFbnRlcnByaXNlIFNvZnR3YXJl
+IEZvdW5kYXRpb24xITAfBgNVBAsMGFJlbGVhc2UgZW5naW5lZXJpbmcgdGVhbTEo
+MCYGA1UEAwwfUm9ja3kgTGludXggU2VjdXJlIEJvb3QgUm9vdCBDQTEmMCQGCSqG
+SIb3DQEJARYXc2VjdXJpdHlAcm9ja3lsaW51eC5vcmcwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDjxGsPWwj921H84Ek56ahTmx7wV67aLAUzX28tpHae
+22NAhnemIEs1xXXK3FxLpfjqGuHCR/rTwu/+UoOUFkKQsPITK6pzIuigQhs1AqgD
+3xBJvaA9lDVORCV4CESZwCNYY8xWSKBAi8vroP38kyJG30M2aQHwHbF/YjGgUL5W
+93g+LiKEb96KgcFJsZR++3zY90ogHjeekQXoX7+qTs1nycyeXReQf/10ZMSp4xsD
+A9I1oocq5OV0uMNWgnEMs+PMOKNRu1i5l742lZ5kMiXVpJSdATRez2g5nlZ0ctQi
+GzRGRBTCFBeIwxas6pr5hfEA+9kOoODP0T0sJNJZlKSlAgMBAAGjXTBbMB0GA1Ud
+DgQWBBRMLGvX1k7oFYHKuOmGZh9l4hZvxDAfBgNVHSMEGDAWgBRMLGvX1k7oFYHK
+uOmGZh9l4hZvxDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBhjANBgkqhkiG9w0B
+AQsFAAOCAQEAT7JzkK0TB/sfZgVljSF+qUjTkvwuFASb/0h9dNaJEq/ru1GRQ5rf
+K/6MU5xKhpYKe9R4sre/xmFf2Qy2QNTxsh4UdBDaQj+llUsi5Oz7qWrJFMXrAvkE
+CPhvUe1IndbAFB4AQtXLLKWonjCMc4zJsNB1glK47vJLhxigCa6TEWHtYo2My55Z
+BbJBaGfWW/0XbvSHWbu91xQHyup7RRrx/vVrCHhQqymi1EE1lrp2iddTXkYBVU8M
+RCp+fXhJhSsIKbXM5fT0eB9kMuCd46KfDabTfyn4ibvifRllVD9C5alLLjGYmioZ
+Drftw/lKymO4Q8OTe7skUBoVSFTDmioHMw==
+-----END CERTIFICATE-----
diff --git a/SPECS/grub2.spec b/SPECS/grub2.spec
index 019465c8eca2e95dfc585fcb993619f4387affb6..ec803eedbfbdfbe9d796b53801e55f5d7632d688 100644
--- a/SPECS/grub2.spec
+++ b/SPECS/grub2.spec
@@ -7,7 +7,7 @@
 Name:                 grub2
 Epoch:                1
 Version:              2.02
-Release:              142%{?dist}.3.rocky.0.2
+Release:              148%{?dist}.rocky.0.3
 Summary:              Bootloader with support for Linux, Multiboot and more
 Group:                System Environment/Base
 License:              GPLv3+
@@ -24,11 +24,10 @@ Source6:              gitignore
 Source8:              strtoull_test.c
 Source9:              20-grub.install
 Source12:             99-grub-mkconfig.install
-Source18:             redhatsecureboot701.cer
 Source19:             sbat.csv.in
 
-Source90000:          rocky-root-ca.der
-Source90001:          rocky-signing.der
+Source90000:          rocky-root-ca.cer
+Source90001:          rocky-grub2.cer
 
 
 %include %{SOURCE1}
@@ -45,7 +44,7 @@ Source90001:          rocky-signing.der
 %ifarch ppc64le
 %define old_sb_cer	%{SOURCE90000}
 %define sb_cer		%{SOURCE90001}
-%define sb_key		redhatsecureboot702
+%define sb_key		rockylinuxsecurebootkey
 %endif
 
 # generate with do-rebase
@@ -509,30 +508,39 @@ fi
 %endif
 
 %changelog
-* Tue Feb 21 2023 Release Engineering <releng@rockylinux.org> - 2.02-142.rocky.0.2
+* Tue May 16 2023 Release Engineering <releng@rockylinux.org> - 2.02-148.rocky.0.3
 - Removing redhat old cert sources entries (Sherif Nagy)
 - Preserving rhel8 sbat entry based on shim-review feedback ticket no. 194
 - Adding prod cert
-- Porting to 8.7
+- Porting to 8.8
 - Cleaning up grup.macro extra signing certs and updating rocky test CA and CERT
 - Cleaning up grup.macro extra signing certs
 - Adding Rocky testing CA, CERT and sbat files
 
-* Mon Feb 06 2023 Robbie Harwood <rharwood@redhat.com> - 2.02-142.el8_7.3
-- Sync with 8.8 (actually 2.02-148)
+* Mon Feb 06 2023 Robbie Harwood <rharwood@redhat.com> - 2.02-148
+- ppc64le: cas5, take 3
 - Resolves: #2139508
 
-* Thu Jan 19 2023 Robbie Harwood <rharwood@redhat.com> - 2.02-142.el8_7.2
-- Sync with 8.8 (actually 2.02-147)
-- Resolves: #2162411
+* Tue Jan 10 2023 Robbie Harwood <rharwood@redhat.com> - 2.02-147
+- Enable TDX measurement to RTMR register
+- Resolves: #1981485
+
+* Wed Dec 14 2022 Robbie Harwood <rharwood@redhat.com> - 2.02-146
+- ppc64le: fix lpar cas5
+- Resolves: #2139508
 
-* Thu Nov 08 2022 Robbie Harwood <rharwood@redhat.com> - 2.02-142.el8_7.1
-- Sync with 8.8 (actually 2.02-145)
+* Tue Nov 08 2022 Robbie Harwood <rharwood@redhat.com> - 1:2.02-145
+- Font CVE fixes
 - Resolves: CVE-2022-2601
 
-* Thu Sep 08 2022 Robbie Harwood <rharwood@redhat.com> - 2.02-142
-- Drop the arena size changes
-- Resolves: #2118896
+* Tue Oct 18 2022 Robbie Harwood <rharwood@redhat.com> - 2.02-144
+- blscfg: don't assume newline at end of cfg
+- Resolves: #2121132
+
+* Wed Oct 12 2022 Robbie Harwood <rharwood@redhat.com> - 2.02-143
+- x86-efi: Fix an incorrect array size in kernel allocation
+- Also merge with 8.7
+- Resolves: #2031288
 
 * Thu Aug 25 2022 Robbie Harwood <rharwood@redhat.com> - 2.02-141
 - Implement vec5 for cas negotiation