diff --git a/SOURCES/20-grub.install b/SOURCES/20-grub.install
index 67d6895..a3f1b18 100755
--- a/SOURCES/20-grub.install
+++ b/SOURCES/20-grub.install
@@ -6,7 +6,6 @@ fi
 
 [[ -f /etc/default/grub ]] && . /etc/default/grub
 [[ -f /etc/os-release ]] && . /etc/os-release
-[[ -f /etc/sysconfig/kernel ]] && . /etc/sysconfig/kernel
 
 COMMAND="$1"
 KERNEL_VERSION="$2"
@@ -42,14 +41,8 @@ mkbls() {
         fi
     fi
 
-    if [[ $kernelver =~ uek ]]; then
-        local ver_stanza="$kernelver with Unbreakable Enterprise Kernel"
-    else
-        local ver_stanza="$kernelver"
-    fi
-
     cat <<EOF
-title ${NAME} (${ver_stanza}) ${VERSION}${debugname}
+title ${NAME} (${kernelver}) ${VERSION}${debugname}
 version ${kernelver}${debugid}
 linux /vmlinuz-${kernelver}
 initrd /initramfs-${kernelver}.img
@@ -111,7 +104,6 @@ case "$COMMAND" in
                 done
             fi
 
-            KERNEL_NAME="$(rpm -q --queryformat %{NAME} $(rpm -qf $KERNEL_IMAGE))"
             eval "$(grub2-get-kernel-settings)" || true
             [[ -d "$BLS_DIR" ]] || mkdir -m 0700 -p "$BLS_DIR"
             BLS_ID="${MACHINE_ID}-${KERNEL_VERSION}"
@@ -137,7 +129,11 @@ case "$COMMAND" in
                 sed -i -e "s,^initrd.*,initrd ${BOOTPREFIX}${INITRD},g" "${BLS_TARGET}"
             fi
 
-            if [[ "$KERNEL_VERSION" == *\+* ]] && [ "x$GRUB_DEFAULT_TO_DEBUG" != "xtrue" ]; then
+            if ( [[ "$KERNEL_VERSION" != *${GRUB_DEFAULT_KERNEL_TYPE}* ]] && \
+                     [ "x$GRUB_NON_STANDARD_KERNEL" == "xtrue" ] ) || \
+                   ( echo "$KERNEL_VERSION" | grep -E -q "64k|auto|rt|uki" && \
+                     [ "x$GRUB_NON_STANDARD_KERNEL" != "xtrue" ] ) || \
+                   ( [[ "$KERNEL_VERSION" == *debug* ]] && [ "x$GRUB_DEFAULT_TO_DEBUG" != "xtrue" ] ); then
                 GRUB_UPDATE_DEFAULT_KERNEL=false
             fi
 
@@ -156,7 +152,7 @@ case "$COMMAND" in
                     NEWDEFAULT="${BLS_DEBUG_ID}"
                 fi
             fi
-            if [ -n "$NEWDEFAULT" ] && [ "$DEFAULTKERNEL" = "$KERNEL_NAME" ]; then
+            if [ -n "$NEWDEFAULT" ]; then
                 grub2-editenv - set "saved_entry=${NEWDEFAULT}"
             fi
 
diff --git a/SOURCES/bug18504756-use-different-title-for-UEK.patch b/SOURCES/bug18504756-use-different-title-for-UEK.patch
deleted file mode 100644
index d4fd43d..0000000
--- a/SOURCES/bug18504756-use-different-title-for-UEK.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From fd04ca689f52d8bbef13413b4d285c9ba4d0f038 Mon Sep 17 00:00:00 2001
-From: build team <natalya.naumova@oracle.com>
-Date: Tue, 18 Dec 2018 13:22:12 -0800
-Subject: [PATCH 1/1] Use different menuentries for UEK kernel
-
----
- util/grub.d/10_linux.in | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
-index b54d277..fe8b20f 100644
---- a/util/grub.d/10_linux.in
-+++ b/util/grub.d/10_linux.in
-@@ -173,7 +173,12 @@ EOF
-   fi
- 
-   if [ x$type != xsimple ] ; then
--      title=$(mktitle "$type" "$version")
-+      if echo "$version" | grep -q uek; then
-+          kernel_type_text="with Unbreakable Enterprise Kernel"
-+      else
-+          kernel_type_text="with Linux"
-+      fi
-+      title=$(mktitle "$type" "$version $kernel_type_text")
-       if [ x"$title" = x"$GRUB_ACTUAL_DEFAULT" ] || [ x"Previous Linux versions>$title" = x"$GRUB_ACTUAL_DEFAULT" ]; then
- 	  replacement_title="$(echo "Advanced options for ${OS}" | sed 's,>,>>,g')>$(echo "$title" | sed 's,>,>>,g')"
- 	  quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)"
--- 
-1.8.3.1
-
diff --git a/SOURCES/bug26388226-update-redhat-references.patch b/SOURCES/bug26388226-update-redhat-references.patch
deleted file mode 100644
index 8e90b0b..0000000
--- a/SOURCES/bug26388226-update-redhat-references.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From aba9976ce324fdf845b04b326f7426566a676335 Mon Sep 17 00:00:00 2001
-From: "livy.ge" <livy.ge@oracle.com>
-Date: Wed, 5 Jul 2017 03:53:48 -0700
-Subject: [PATCH] update bug url
-
----
- util/grub-set-password.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/util/grub-set-password.in b/util/grub-set-password.in
-index 6553eaa..03731d5 100644
---- a/util/grub-set-password.in
-+++ b/util/grub-set-password.in
-@@ -21,7 +21,7 @@ located by default at ${grubdir}.
-   -v, --version                  print the version information and exit
-   -o, --output_path <DIRECTORY>  put user.cfg in a user-selected directory
- 
--Report bugs at https://bugzilla.redhat.com.
-+Report bugs at https://github.com/oracle/oracle-linux .
- EOF
- }
- 
--- 
-2.43.5
-
diff --git a/SOURCES/grub.macros b/SOURCES/grub.macros
index ff4fe67..966c079 100755
--- a/SOURCES/grub.macros
+++ b/SOURCES/grub.macros
@@ -216,7 +216,7 @@
 
 %ifarch x86_64
 %global with_efi_common 1
-%global with_legacy_modules 1
+%global with_legacy_modules 0
 %global with_legacy_common 0
 %else
 %global with_efi_common 0
@@ -274,11 +274,6 @@ Requires:	%{name}-common = %{evr}					\
 Requires:	%{name}-tools-minimal >= %{evr}				\
 Requires:	%{name}-tools = %{evr}					\
 Provides:	%{name}-efi = %{evr}					\
-Provides:	oracle(grub2-sig-key) = 202204				\
-%{expand:%%ifarch x86_64						\
-Conflicts:	shim-x64 <= 15.3-1.0.5.el9				\
-Conflicts:	shim-ia32 <= 15.3-1.0.5.el9				\
-%%endif}								\
 %{?legacy_provides:Provides:	%{name} = %{evr}}			\
 %{-o:Obsoletes:	%{name}-efi < %{evr}}					\
 									\
@@ -377,7 +372,7 @@ install -m 644 %{1}.conf ${RPM_BUILD_ROOT}/etc/dnf/protected.d/ \
 rm -f %{1}.conf							\
 %{nil}
 
-%global grub_modules  " all_video boot blscfg btrfs		\\\
+%global grub_modules  " all_video boot blscfg			\\\
 			cat configfile cryptodisk		\\\
 			echo ext2 f2fs fat font			\\\
 			gcry_rijndael gcry_rsa gcry_serpent	\\\
@@ -392,7 +387,7 @@ rm -f %{1}.conf							\
 			search_label serial sleep syslinuxcfg	\\\
 			test tftp version video xfs zstd "	\
 
-%ifarch x86_64 aarch64 %{arm}
+%ifarch x86_64 aarch64 %{arm} riscv64
 %define efi_mkimage()						\
 %{4}./grub-mkimage -O %{1} -o %{2}.orig				\\\
 	-p /EFI/%{efi_vendor} -d grub-core			\\\
diff --git a/SOURCES/grub.patches b/SOURCES/grub.patches
index b95479e..c0ee4f6 100644
--- a/SOURCES/grub.patches
+++ b/SOURCES/grub.patches
@@ -352,5 +352,3 @@ Patch0351: 0351-arm64-Use-proper-memory-type-for-kernel-allocation.patch
 Patch0352: 0352-cmd-search-Fix-a-possible-NULL-ptr-dereference.patch
 Patch0353: 0353-net-Fix-OOB-write-in-grub_net_search_config_file.patch
 Patch0354: 0354-misc-Implement-grub_strlcpy.patch
-Patch1000: bug18504756-use-different-title-for-UEK.patch
-Patch1001: bug26388226-update-redhat-references.patch
\ No newline at end of file
diff --git a/SOURCES/sbat.csv.in b/SOURCES/sbat.csv.in
index 139cfad..b338b5f 100755
--- a/SOURCES/sbat.csv.in
+++ b/SOURCES/sbat.csv.in
@@ -1,4 +1,3 @@
 sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
 grub,3,Free Software Foundation,grub,@@VERSION@@,https//www.gnu.org/software/grub/
 grub.rh,2,Red Hat,grub2,@@VERSION_RELEASE@@,mailto:secalert@redhat.com
-grub.ol9,3,Oracle Linux,grub2,@@VERSION@@,mail:secalert_us@oracle.com
diff --git a/SPECS/grub2.spec b/SPECS/grub2.spec
index bae70ef..a7183f6 100644
--- a/SPECS/grub2.spec
+++ b/SPECS/grub2.spec
@@ -16,7 +16,7 @@
 Name:		grub2
 Epoch:		1
 Version:	2.06
-Release:	94.0.1%{?dist}
+Release:	94%{?dist}
 Summary:	Bootloader with support for Linux, Multiboot and more
 License:	GPLv3+
 URL:		http://www.gnu.org/software/grub/
@@ -38,21 +38,21 @@ Source12:	sbat.csv.in
 %include %{SOURCE1}
 
 %ifarch x86_64 aarch64 ppc64le
-%define sb_ca		%{SOURCE14}
-%define sb_cer		%{SOURCE14}
+%define sb_ca		%{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer
+%define sb_cer		%{_datadir}/pki/sb-certs/secureboot-grub2-%{_arch}.cer
 %endif
 
 %if 0%{?centos}
 
 %ifarch x86_64 aarch64 ppc64le
-%define sb_key		OracleSecureBootgrubsigningkey2
+%define sb_key		centossecureboot202
 %endif
 %else
 %ifarch x86_64 aarch64
-%define sb_key		OracleSecureBootgrubsigningkey2
+%define sb_key		redhatsecureboot502
 %endif
 %ifarch ppc64le
-%define sb_key		OracleSecureBootgrubsigningkey2
+%define sb_key		redhatsecureboot702
 %endif
 
 %endif
@@ -547,35 +547,6 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
 %endif
 
 %changelog
-* Mon Mar 17 2025 Alex Burmashev <alexander.burmashev@oracle.com> - 2.06-94.0.1
-- Rework the scripts to cover both in-place upgrade and update scenarios [Orabug: 36768566]
-- Restore correct order of processing config files [Orabug: 36758359]
-- Support setting custom kernels as default kernels [Orabug: 36043978]
-- Bump SBAT metadata for grub to 3 [Orabug: 34872719]
-- Fix CVE-2022-3775 [Orabug: 34871953]
-- Enable signing for aarch64 EFI
-- Fix signing certificate names
-- Enable back btrfs grub module for EFI pre-built image [Orabug: 34360986]
-- Replaced bugzilla.oracle.com references [Orabug: 34202300]
-- Update provided certificate version to 202204 [JIRA: OLDIS-16371]
-- Various coverity fixes [JIRA: OLDIS-16371]
-- bump SBAT generation
-- Update bug url [Orabug: 34202300]
-- Revert provided certificate version back to 202102 [JIRA: OLDIS-16371]
-- Update signing certificate [JIRA: OLDIS-16371]
-- fix SBAT data [JIRA: OLDIS-16371]
-- Update requires [JIRA: OLDIS-16371]
-- Rebuild for SecureBoot signatures [Orabug: 33801813]
-- Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033]
-- Update Oracle SBAT data [Orabug: 32670033]
-- Use new signing certificate [Orabug: 32670033]
-- honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497]
-- set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597]
-- Update upstream references [Orabug: 26388226]
-- Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955]
-- Put "with" in menuentry instead of "using" [Orabug: 18504756]
-- Use different titles for UEK and RHCK kernels [Orabug: 18504756]
-
 * Thu Feb 20 2025 Nicolas Frayer <nfrayer@redhat.com> 2.06-94
  - CVE fixes
  - Resolves: CVE-2025-0624