diff --git a/.gitignore b/.gitignore
index b11fc3dabdda2112156742457ed9ba79c80763c9..f0727943354b7bbde8c1a926425f09c131c41ea7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,9 +1,3 @@
 SOURCES/grub-2.02.tar.xz
 SOURCES/theme.tar.bz2
 SOURCES/unifont-5.1.20080820.pcf.gz
-/grub-2.02.tar.xz
-/theme.tar.bz2
-/unifont-5.1.20080820.pcf.gz
-SOURCES/grub-2.02.tar.xz
-SOURCES/theme.tar.bz2
-SOURCES/unifont-5.1.20080820.pcf.gz
diff --git a/.grub2.metadata b/.grub2.metadata
index aaedde48267bda10cac63093995d625784d08cc6..3bb3b94bc028347dd803a54974ce2e5b7b7fcb91 100644
--- a/.grub2.metadata
+++ b/.grub2.metadata
@@ -1,3 +1,3 @@
-cc6eb0a42b5c8df2f671cc128ff725afb3ff1f8832a196022e433cf0d3b75decfca2316d0aa5fabea75747d55e88f3d021dd93508563f8ca80fd7b9e7fe1f088 SOURCES/grub-2.02.tar.xz
-0f6f914d5f801509403094b28b8cfe5169cb56ae9bdd808ae21a6780a8236b434161a068351508dd78729c25ee2fed066c124c1eef9e15102750b409b4576a5c SOURCES/theme.tar.bz2
-8939e2bc82ca97b60e6678f3ff079a2be7ba9b702f2e8ee289e853af5823695f7baafbf14b674fc5e41071f2a6de4f2dadd56bf8b4653849dd756d59622f1649 SOURCES/unifont-5.1.20080820.pcf.gz
+3d7eb6eaab28b88cb969ba9ab24af959f4d1b178 SOURCES/grub-2.02.tar.xz
+cf0b7763c528902da7e8b05cfa248f20c8825ce5 SOURCES/theme.tar.bz2
+87f8600ba24e521b5d20bdf6c4b71af8ae861e3a SOURCES/unifont-5.1.20080820.pcf.gz
diff --git a/SOURCES/grub.patches b/SOURCES/grub.patches
index 3bb7067f5b3115a6d1ef67874ba8e71badb6611f..3eacbac02cfe7db6bfba604f9fa74f740783fcd9 100644
--- a/SOURCES/grub.patches
+++ b/SOURCES/grub.patches
@@ -573,6 +573,3 @@ Patch0572: 0572-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
 Patch0573: 0573-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
 Patch0574: 0574-Enable-TDX-measurement-to-RTMR-register.patch
 Patch0575: 0575-Enable-shared-processor-mode-in-vector-5.patch
-Patch0576: 0576-efi-http-change-uint32_t-to-uintn_t-for-grub_efi_htt.patch
-Patch0577: 0577-ieee1275-Converting-plain-numbers-to-constants-in-Ve.patch
-Patch0578: 0578-ieee1275-extended-support-in-options-vector5.patch
diff --git a/SOURCES/sbat.csv.in b/SOURCES/sbat.csv.in
index 800d63b56ca110bb6037ee62fc131cb01245e9d8..d6d67f3dd7bb727d0b043e4963b63687654e8561 100755
--- a/SOURCES/sbat.csv.in
+++ b/SOURCES/sbat.csv.in
@@ -1,4 +1,4 @@
 sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
-grub,3,Free Software Foundation,grub,2.02,https://www.gnu.org/software/grub/
-grub.rhel8,2,Red Hat Enterprise Linux 8,grub2,@@VERSION_RELEASE@@,mail:secalert@redhat.com
-grub.rocky8,2,Rocky Linux 8,grub2,@@VERSION_RELEASE@@,mail:security@rockylinux.org
+grub,3,Free Software Foundation,grub,@@VERSION@@,https//www.gnu.org/software/grub/
+grub.rh,2,Red Hat,grub2,@@VERSION_RELEASE@@,mailto:secalert@redhat.com
+grub.rocky,2,Rocky Linux,grub2,@@VERSION_RELEASE@@,mail:security@rockylinux.org
diff --git a/SPECS/grub2.spec b/SPECS/grub2.spec
index 4f4a3eccafa85dbf5aed57ab9b81d1118f066efe..12ca02592154ebc710e7930f956024f4703f841c 100644
--- a/SPECS/grub2.spec
+++ b/SPECS/grub2.spec
@@ -7,7 +7,7 @@
 Name:                 grub2
 Epoch:                1
 Version:              2.02
-Release:              150%{?dist}.rocky.0.1
+Release:              148%{?dist}.rocky.0.1
 Summary:              Bootloader with support for Linux, Multiboot and more
 Group:                System Environment/Base
 License:              GPLv3+
@@ -24,27 +24,27 @@ Source6:              gitignore
 Source8:              strtoull_test.c
 Source9:              20-grub.install
 Source12:             99-grub-mkconfig.install
+Source14:             rockybootsigningcert.cer
+Source16:             rockybootsigningcert.cer
 Source19:             sbat.csv.in
-
-Source90000:          rocky-root-ca.cer
-Source90001:          rocky-grub2.cer
+BuildRequires: system-sb-certs
 
 
 %include %{SOURCE1}
 
 %if 0%{with_efi_arch}
-%define old_sb_ca	%{SOURCE90000}
-%define old_sb_cer	%{SOURCE90001}
-%define old_sb_key	rockylinuxsecurebootkey
-%define sb_ca		%{SOURCE90000}
-%define sb_cer		%{SOURCE90001}
-%define sb_key		rockylinuxsecurebootkey
+%define old_sb_ca	%{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer
+%define old_sb_cer	%{_datadir}/pki/sb-certs/secureboot-grub2-%{_arch}.cer
+%define old_sb_key	rockybootsigningcert
+%define sb_ca		%{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer
+%define sb_cer		%{_datadir}/pki/sb-certs/secureboot-grub2-%{_arch}.cer
+%define sb_key		rockybootsigningcert
 %endif
 
 %ifarch ppc64le
-%define old_sb_cer	%{SOURCE90000}
-%define sb_cer		%{SOURCE90001}
-%define sb_key		rockylinuxsecurebootkey
+%define old_sb_cer	%{_datadir}/pki/sb-certs/secureboot-grub2-%{_arch}.cer
+%define sb_cer		%{_datadir}/pki/sb-certs/secureboot-grub2-%{_arch}.cer
+%define sb_key		rockybootsigningcert
 %endif
 
 # generate with do-rebase
@@ -165,7 +165,7 @@ mkdir grub-%{grubefiarch}-%{tarversion}
 grep -A100000 '# stuff "make" creates' .gitignore > grub-%{grubefiarch}-%{tarversion}/.gitignore
 cp %{SOURCE4} grub-%{grubefiarch}-%{tarversion}/unifont.pcf.gz
 sed -e "s,@@VERSION@@,%{version},g" -e "s,@@VERSION_RELEASE@@,%{version}-%{release},g" \
-    %{SOURCE19} > grub-%{grubefiarch}-%{tarversion}/sbat.csv
+    -e '/,Red Hat,/ s,\.rocky\.[0-9]\.[0-9],,g' %{SOURCE19} > grub-%{grubefiarch}-%{tarversion}/sbat.csv
 git add grub-%{grubefiarch}-%{tarversion}
 %endif
 %if 0%{with_alt_efi_arch}
@@ -184,10 +184,10 @@ git commit -m "After making subdirs"
 
 %build
 %if 0%{with_efi_arch}
-%{expand:%do_primary_efi_build %%{grubefiarch} %%{grubefiname} %%{grubeficdname} %%{_target_platform} %%{efi_target_cflags} %%{efi_host_cflags} %{SOURCE90000} %{SOURCE90001} rockybootsigningcert}
+%{expand:%do_primary_efi_build %%{grubefiarch} %%{grubefiname} %%{grubeficdname} %%{_target_platform} %%{efi_target_cflags} %%{efi_host_cflags} %{sb_ca} %{sb_cer} %{sb_key}}
 %endif
 %if 0%{with_alt_efi_arch}
-%{expand:%do_alt_efi_build %%{grubaltefiarch} %%{grubaltefiname} %%{grubalteficdname} %%{_alt_target_platform} %%{alt_efi_target_cflags} %%{alt_efi_host_cflags} %{SOURCE90000} %{SOURCE90001} rockybootsigningcert}
+%{expand:%do_alt_efi_build %%{grubaltefiarch} %%{grubaltefiname} %%{grubalteficdname} %%{_alt_target_platform} %%{alt_efi_target_cflags} %%{alt_efi_host_cflags} %{sb_ca} %{sb_cer} %{sb_key}}
 %endif
 %if 0%{with_legacy_arch}
 %{expand:%do_legacy_build %%{grublegacyarch}}
@@ -508,22 +508,13 @@ fi
 %endif
 
 %changelog
-* Mon Jun 19 2023 Release Engineering <releng@rockylinux.org> - 2.02.rocky.0.1
+* Fri Nov 17 2023 Release Engineering <releng@rockylinux.org> - 2.02-148.rocky.0.1
 - Removing redhat old cert sources entries (Sherif Nagy)
 - Preserving rhel8 sbat entry based on shim-review feedback ticket no. 194
-- Adding prod cert
 - Porting to 8.9
 - Cleaning up grup.macro extra signing certs and updating rocky test CA and CERT
 - Cleaning up grup.macro extra signing certs
-- Adding Rocky testing CA, CERT and sbat files
-
-* Fri Jun 16 2023 Nicolas Frayer <nfrayer@redhat.com> - 2.02-150
-- kern/ieee1275/init: sync vec5 patchset with upstream
-- Resolves: #2172111
-
-* Wed Jun 14 2023 Nicolas Frayer <nfrayer@redhat.com> - 2.02-149
-- efi/http: change uint32_t to uintn_t for grub_efi_http_message_t
-- Resolves: #2178388
+- Use rocky-sb-certs for secure boot signing
 
 * Mon Feb 06 2023 Robbie Harwood <rharwood@redhat.com> - 2.02-148
 - ppc64le: cas5, take 3