diff --git a/SOURCES/almalinuxsecurebootca0.cer b/SOURCES/almalinuxsecurebootca0.cer
new file mode 100644
index 0000000..6a4e99b
Binary files /dev/null and b/SOURCES/almalinuxsecurebootca0.cer differ
diff --git a/SOURCES/redhatsecureboot301.cer b/SOURCES/redhatsecureboot301.cer
deleted file mode 100644
index 4ff8b79..0000000
Binary files a/SOURCES/redhatsecureboot301.cer and /dev/null differ
diff --git a/SOURCES/redhatsecureboot303.cer b/SOURCES/redhatsecureboot303.cer
deleted file mode 100644
index 2c0087d..0000000
Binary files a/SOURCES/redhatsecureboot303.cer and /dev/null differ
diff --git a/SOURCES/redhatsecureboot502.cer b/SOURCES/redhatsecureboot502.cer
deleted file mode 100644
index be0b5e2..0000000
Binary files a/SOURCES/redhatsecureboot502.cer and /dev/null differ
diff --git a/SOURCES/redhatsecureboot601.cer b/SOURCES/redhatsecureboot601.cer
deleted file mode 100644
index c92b96b..0000000
Binary files a/SOURCES/redhatsecureboot601.cer and /dev/null differ
diff --git a/SOURCES/redhatsecurebootca3.cer b/SOURCES/redhatsecurebootca3.cer
deleted file mode 100644
index b235400..0000000
Binary files a/SOURCES/redhatsecurebootca3.cer and /dev/null differ
diff --git a/SOURCES/redhatsecurebootca5.cer b/SOURCES/redhatsecurebootca5.cer
deleted file mode 100644
index dfb0284..0000000
Binary files a/SOURCES/redhatsecurebootca5.cer and /dev/null differ
diff --git a/SOURCES/sbat.csv.in b/SOURCES/sbat.csv.in
index 24545c0..f2094a3 100755
--- a/SOURCES/sbat.csv.in
+++ b/SOURCES/sbat.csv.in
@@ -1,3 +1,4 @@
 sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
 grub,1,Free Software Foundation,grub,2.02,https://www.gnu.org/software/grub/
-grub.rhel8,1,Red Hat Enterprise Linux 8,grub2,@@VERSION@@,mail:secalert@redhat.com
\ No newline at end of file
+grub.rhel8,1,Red Hat Enterprise Linux 8,grub2,@@RHEL_VERSION@@,mail:secalert@redhat.com
+grub.almalinux8,1,AlmaLinux 8,grub2,@@VERSION@@,mail:security@almalinux.org
diff --git a/SPECS/grub2.spec b/SPECS/grub2.spec
index 063db0f..3ff77f9 100644
--- a/SPECS/grub2.spec
+++ b/SPECS/grub2.spec
@@ -7,7 +7,7 @@
 Name:		grub2
 Epoch:		1
 Version:	2.02
-Release:	120%{?dist}
+Release:	120%{?dist}.alma
 Summary:	Bootloader with support for Linux, Multiboot and more
 Group:		System Environment/Base
 License:	GPLv3+
@@ -24,31 +24,29 @@ Source6:	gitignore
 Source8:	strtoull_test.c
 Source9:	20-grub.install
 Source12:	99-grub-mkconfig.install
-Source13:	redhatsecurebootca3.cer
-Source14:	redhatsecureboot301.cer
-Source15:	redhatsecurebootca5.cer
-Source16:	redhatsecureboot502.cer
-Source17:	redhatsecureboot303.cer
-Source18:	redhatsecureboot601.cer
+Source13:	almalinuxsecurebootca0.cer
 Source19:	sbat.csv.in
 
 %include %{SOURCE1}
 
 %if 0%{with_efi_arch}
 %define old_sb_ca	%{SOURCE13}
-%define old_sb_cer	%{SOURCE14}
-%define old_sb_key	redhatsecureboot301
-%define sb_ca		%{SOURCE15}
-%define sb_cer		%{SOURCE16}
-%define sb_key		redhatsecureboot502
+%define old_sb_cer	%{SOURCE13}
+%define old_sb_key	almalinuxsecurebootca0
+%define sb_ca		%{SOURCE13}
+%define sb_cer		%{SOURCE13}
+%define sb_key		almalinuxsecurebootca0
 %endif
 
 %ifarch ppc64le
-%define old_sb_cer	%{SOURCE17}
-%define sb_cer		%{SOURCE18}
-%define sb_key		redhatsecureboot602
+%define old_sb_cer	%{SOURCE13}
+%define sb_cer		%{SOURCE13}
+%define sb_key		almalinuxsecurebootca0
 %endif
 
+# AlmaLinux: keep upstream EVR for RHEL SBAT entry
+%define rhel_evr $(echo %{evr} | sed 's/\.alma.*//')
+
 # generate with do-rebase
 %include %{SOURCE2}
 
@@ -166,7 +164,7 @@ This subpackage provides tools for support of all platforms.
 mkdir grub-%{grubefiarch}-%{tarversion}
 grep -A100000 '# stuff "make" creates' .gitignore > grub-%{grubefiarch}-%{tarversion}/.gitignore
 cp %{SOURCE4} grub-%{grubefiarch}-%{tarversion}/unifont.pcf.gz
-sed -e "s,@@VERSION@@,%{evr},g" %{SOURCE19} \
+sed -e "s,@@VERSION@@,%{evr},g" -e "s,@@RHEL_VERSION@@,%{rhel_evr},g" %{SOURCE19} \
 	> grub-%{grubefiarch}-%{tarversion}/sbat.csv
 git add grub-%{grubefiarch}-%{tarversion}
 %endif
@@ -510,6 +508,9 @@ fi
 %endif
 
 %changelog
+* Tue Apr 05 2022 Andrew Lukoshko <alukoshko@almalinux.org> - 2.06-120.alma
+- Use AlmaLinux cert and SBAT
+
 * Fri Feb 28 2022 Robbie Harwood <rharwood@redhat.com> - 2.06-120
 - Bump signing
 - Resolves: #2032294