diff --git a/.grub2.checksum b/.grub2.checksum
index 37febd36dfe22b4e07dffdb592cb28639088140f..31ba3ffee31a741e30a35411bb5185fff1fd636e 100644
--- a/.grub2.checksum
+++ b/.grub2.checksum
@@ -1 +1 @@
-f8f13ebd0564656ed6cee3cbe152952e083325c8b9201b5e87f6abad1c2fc3b3
+8d7f5f4b18a7c50b2a4258333f144052f33f9a0502e1da1efd21f497f94074e3
diff --git a/SOURCES/sbat.csv.in b/SOURCES/sbat.csv.in
index 800d63b56ca110bb6037ee62fc131cb01245e9d8..d6d67f3dd7bb727d0b043e4963b63687654e8561 100755
--- a/SOURCES/sbat.csv.in
+++ b/SOURCES/sbat.csv.in
@@ -1,4 +1,4 @@
 sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
-grub,3,Free Software Foundation,grub,2.02,https://www.gnu.org/software/grub/
-grub.rhel8,2,Red Hat Enterprise Linux 8,grub2,@@VERSION_RELEASE@@,mail:secalert@redhat.com
-grub.rocky8,2,Rocky Linux 8,grub2,@@VERSION_RELEASE@@,mail:security@rockylinux.org
+grub,3,Free Software Foundation,grub,@@VERSION@@,https//www.gnu.org/software/grub/
+grub.rh,2,Red Hat,grub2,@@VERSION_RELEASE@@,mailto:secalert@redhat.com
+grub.rocky,2,Rocky Linux,grub2,@@VERSION_RELEASE@@,mail:security@rockylinux.org
diff --git a/SPECS/grub2.spec b/SPECS/grub2.spec
index a1b649fa9e488ec590a799bab28b2bedb180e758..ad2ed7e5629c55e134bdd59b6dbeb2cccc3c7e73 100644
--- a/SPECS/grub2.spec
+++ b/SPECS/grub2.spec
@@ -7,7 +7,7 @@
 Name:                 grub2
 Epoch:                1
 Version:              2.02
-Release:              148%{?dist}.1.rocky.0.3
+Release:              150%{?dist}.rocky.0.1
 Summary:              Bootloader with support for Linux, Multiboot and more
 Group:                System Environment/Base
 License:              GPLv3+
@@ -24,27 +24,27 @@ Source6:              gitignore
 Source8:              strtoull_test.c
 Source9:              20-grub.install
 Source12:             99-grub-mkconfig.install
+Source14:             rockybootsigningcert.cer
+Source16:             rockybootsigningcert.cer
 Source19:             sbat.csv.in
-
-Source90000:          rocky-root-ca.cer
-Source90001:          rocky-grub2.cer
+BuildRequires: rocky-sb-certs
 
 
 %include %{SOURCE1}
 
 %if 0%{with_efi_arch}
-%define old_sb_ca	%{SOURCE90000}
-%define old_sb_cer	%{SOURCE90001}
-%define old_sb_key	rockylinuxsecurebootkey
-%define sb_ca		%{SOURCE90000}
-%define sb_cer		%{SOURCE90001}
-%define sb_key		rockylinuxsecurebootkey
+%define old_sb_ca	%{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer
+%define old_sb_cer	%{_datadir}/pki/sb-certs/secureboot-grub2-%{_arch}.cer
+%define old_sb_key	rockybootsigningcert
+%define sb_ca		%{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer
+%define sb_cer		%{_datadir}/pki/sb-certs/secureboot-grub2-%{_arch}.cer
+%define sb_key		rockybootsigningcert
 %endif
 
 %ifarch ppc64le
-%define old_sb_cer	%{SOURCE90000}
-%define sb_cer		%{SOURCE90001}
-%define sb_key		rockylinuxsecurebootkey
+%define old_sb_cer	%{_datadir}/pki/sb-certs/secureboot-grub2-%{_arch}.cer
+%define sb_cer		%{_datadir}/pki/sb-certs/secureboot-grub2-%{_arch}.cer
+%define sb_key		rockybootsigningcert
 %endif
 
 # generate with do-rebase
@@ -165,7 +165,7 @@ mkdir grub-%{grubefiarch}-%{tarversion}
 grep -A100000 '# stuff "make" creates' .gitignore > grub-%{grubefiarch}-%{tarversion}/.gitignore
 cp %{SOURCE4} grub-%{grubefiarch}-%{tarversion}/unifont.pcf.gz
 sed -e "s,@@VERSION@@,%{version},g" -e "s,@@VERSION_RELEASE@@,%{version}-%{release},g" \
-    %{SOURCE19} > grub-%{grubefiarch}-%{tarversion}/sbat.csv
+    -e '/,Red Hat,/ s,\.rocky\.[0-9]\.[0-9],,g' %{SOURCE19} > grub-%{grubefiarch}-%{tarversion}/sbat.csv
 git add grub-%{grubefiarch}-%{tarversion}
 %endif
 %if 0%{with_alt_efi_arch}
@@ -184,10 +184,10 @@ git commit -m "After making subdirs"
 
 %build
 %if 0%{with_efi_arch}
-%{expand:%do_primary_efi_build %%{grubefiarch} %%{grubefiname} %%{grubeficdname} %%{_target_platform} %%{efi_target_cflags} %%{efi_host_cflags} %{SOURCE90000} %{SOURCE90001} rockybootsigningcert}
+%{expand:%do_primary_efi_build %%{grubefiarch} %%{grubefiname} %%{grubeficdname} %%{_target_platform} %%{efi_target_cflags} %%{efi_host_cflags} %{sb_ca} %{sb_cer} %{sb_key}}
 %endif
 %if 0%{with_alt_efi_arch}
-%{expand:%do_alt_efi_build %%{grubaltefiarch} %%{grubaltefiname} %%{grubalteficdname} %%{_alt_target_platform} %%{alt_efi_target_cflags} %%{alt_efi_host_cflags} %{SOURCE90000} %{SOURCE90001} rockybootsigningcert}
+%{expand:%do_alt_efi_build %%{grubaltefiarch} %%{grubaltefiname} %%{grubalteficdname} %%{_alt_target_platform} %%{alt_efi_target_cflags} %%{alt_efi_host_cflags} %{sb_ca} %{sb_cer} %{sb_key}}
 %endif
 %if 0%{with_legacy_arch}
 %{expand:%do_legacy_build %%{grublegacyarch}}
@@ -508,18 +508,21 @@ fi
 %endif
 
 %changelog
-* Tue Aug 08 2023 Release Engineering <releng@rockylinux.org> - 2.02-148.rocky.0.3
+* Wed Nov 15 2023 Release Engineering <releng@rockylinux.org> - 2.02-150.rocky.0.1
 - Removing redhat old cert sources entries (Sherif Nagy)
 - Preserving rhel8 sbat entry based on shim-review feedback ticket no. 194
-- Adding prod cert
-- Porting to 8.8
+- Porting to 8.9
 - Cleaning up grup.macro extra signing certs and updating rocky test CA and CERT
 - Cleaning up grup.macro extra signing certs
-- Adding Rocky testing CA, CERT and sbat files
+- Use rocky-sb-certs for secure boot signing
+
+* Fri Jun 16 2023 Nicolas Frayer <nfrayer@redhat.com> - 2.02-150
+- kern/ieee1275/init: sync vec5 patchset with upstream
+- Resolves: #2172111
 
-* Fri Jun 16 2023 Nicolas Frayer <nfrayer@redhat.com> - 2.02-148.el8_8.1
-- Sync with 8.9 (actually 2.02-150)
-- Resolves: #2207972
+* Wed Jun 14 2023 Nicolas Frayer <nfrayer@redhat.com> - 2.02-149
+- efi/http: change uint32_t to uintn_t for grub_efi_http_message_t
+- Resolves: #2178388
 
 * Mon Feb 06 2023 Robbie Harwood <rharwood@redhat.com> - 2.02-148
 - ppc64le: cas5, take 3