diff --git a/SOURCES/almalinuxdup1.x509 b/SOURCES/almalinuxdup1.x509
new file mode 100644
index 0000000..2972014
Binary files /dev/null and b/SOURCES/almalinuxdup1.x509 differ
diff --git a/SOURCES/almalinuxkpatch1.x509 b/SOURCES/almalinuxkpatch1.x509
new file mode 100644
index 0000000..1292610
Binary files /dev/null and b/SOURCES/almalinuxkpatch1.x509 differ
diff --git a/SOURCES/clsecureboot001.cer b/SOURCES/clsecureboot001.cer
new file mode 100644
index 0000000..ca9ce5d
Binary files /dev/null and b/SOURCES/clsecureboot001.cer differ
diff --git a/SOURCES/x509.genkey b/SOURCES/x509.genkey
index b1bbe38..4c34491 100644
--- a/SOURCES/x509.genkey
+++ b/SOURCES/x509.genkey
@@ -5,9 +5,9 @@ prompt = no
 x509_extensions = myexts
 
 [ req_distinguished_name ]
-O = Red Hat
-CN = Red Hat Enterprise Linux kernel signing key
-emailAddress = secalert@redhat.com
+O = AlmaLinux
+CN = AlmaLinux kernel signing key
+emailAddress = security@almalinux.org
 
 [ myexts ]
 basicConstraints=critical,CA:FALSE
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index 9a0a8b4..05b4948 100644
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@@ -452,44 +452,36 @@ Source9: x509.genkey
 
 %if %{?released_kernel}
 
-Source10: redhatsecurebootca5.cer
-Source11: redhatsecurebootca3.cer
-Source12: redhatsecureboot501.cer
-Source13: redhatsecureboot301.cer
-Source14: secureboot_s390.cer
-Source15: secureboot_ppc.cer
+Source10: clsecureboot001.cer
 
-%define secureboot_ca_0 %{SOURCE11}
+%define secureboot_ca_0 %{SOURCE10}
 %define secureboot_ca_1 %{SOURCE10}
 %ifarch x86_64 aarch64
-%define secureboot_key_0 %{SOURCE13}
-%define pesign_name_0 redhatsecureboot301
-%define secureboot_key_1 %{SOURCE12}
-%define pesign_name_1 redhatsecureboot501
+%define secureboot_key_0 %{SOURCE10}
+%define pesign_name_0 clsecureboot001
+%define secureboot_key_1 %{SOURCE10}
+%define pesign_name_1 clsecureboot001
 %endif
 %ifarch s390x
-%define secureboot_key_0 %{SOURCE14}
-%define pesign_name_0 redhatsecureboot302
+%define secureboot_key_0 %{SOURCE10}
+%define pesign_name_0 clsecureboot001
 %endif
 %ifarch ppc64le
-%define secureboot_key_0 %{SOURCE15}
-%define pesign_name_0 redhatsecureboot303
+%define secureboot_key_0 %{SOURCE10}
+%define pesign_name_0 clsecureboot001
 %endif
 
 # released_kernel
 %else
 
-Source11: redhatsecurebootca4.cer
-Source12: redhatsecurebootca2.cer
-Source13: redhatsecureboot401.cer
-Source14: redhatsecureboot003.cer
+Source10: clsecureboot001.cer
 
-%define secureboot_ca_0 %{SOURCE12}
-%define secureboot_ca_1 %{SOURCE11}
-%define secureboot_key_0 %{SOURCE14}
-%define pesign_name_0 redhatsecureboot003
-%define secureboot_key_1 %{SOURCE13}
-%define pesign_name_1 redhatsecureboot401
+%define secureboot_ca_0 %{SOURCE10}
+%define secureboot_ca_1 %{SOURCE10}
+%define secureboot_key_0 %{SOURCE10}
+%define pesign_name_0 clsecureboot001
+%define secureboot_key_1 %{SOURCE10}
+%define pesign_name_1 clsecureboot001
 
 # released_kernel
 %endif
@@ -521,8 +513,8 @@ Source43: generate_bls_conf.sh
 
 Source44: mod-internal.list
 
-Source100: rheldup3.x509
-Source101: rhelkpatch1.x509
+Source100: almalinuxdup1.x509
+Source101: almalinuxkpatch1.x509
 
 %if %{with_kabichk}
 Source200: check-kabi
@@ -560,8 +552,8 @@ Patch999999: linux-kernel-test.patch
 BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root
 
 %description
-This is the package which provides the Linux %{name} for Red Hat Enterprise
-Linux. It is based on upstream Linux at version %{version} and maintains kABI
+This is the package which provides the Linux %{name} for AlmaLinux.
+It is based on upstream Linux at version %{version} and maintains kABI
 compatibility of a set of approved symbols, however it is heavily modified with
 backports and fixes pulled from newer upstream Linux %{name} releases. This means
 this is not a %{version} kernel anymore: it includes several components which come
@@ -569,7 +561,7 @@ from newer upstream linux versions, while maintaining a well tested and stable
 core. Some of the components/backports that may be pulled in are: changes like
 updates to the core kernel (eg.: scheduler, cgroups, memory management, security
 fixes and features), updates to block layer, supported filesystems, major driver
-updates for supported hardware in Red Hat Enterprise Linux, enhancements for
+updates for supported hardware in AlmaLinux, enhancements for
 enterprise customers, etc.
 
 #
@@ -811,14 +803,14 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio
 %endif
 
 %package -n %{name}-abi-stablelists
-Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists
+Summary: The AlmaLinux kernel ABI symbol stablelists
 Group: System Environment/Kernel
 AutoReqProv: no
 Obsoletes: %{name}-abi-whitelists < %{rpmversion}-%{pkg_release}
 Provides: %{name}-abi-whitelists
 %description -n %{name}-abi-stablelists
-The kABI package contains information pertaining to the Red Hat Enterprise
-Linux kernel ABI, including lists of kernel symbols that are needed by
+The kABI package contains information pertaining to the AlmaLinux
+kernel ABI, including lists of kernel symbols that are needed by
 external Linux kernel modules, and a yum plugin to aid enforcement.
 
 %if %{with_kabidw_base}
@@ -827,8 +819,8 @@ Summary: The baseline dataset for kABI verification using DWARF data
 Group: System Environment/Kernel
 AutoReqProv: no
 %description kernel-kabidw-base-internal
-The package contains data describing the current ABI of the Red Hat Enterprise
-Linux kernel, suitable for the kabi-dw tool.
+The package contains data describing the current ABI of the AlmaLinux
+kernel, suitable for the kabi-dw tool.
 %endif
 
 #
@@ -900,7 +892,7 @@ Requires: %{name}%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
 AutoReq: no\
 AutoProv: yes\
 %description %{?1:%{1}-}modules-internal\
-This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\
+This package provides kernel modules for the %{?2:%{2} }kernel package for AlmaLinux internal usage.\
 %{nil}
 
 #
@@ -1747,7 +1739,7 @@ BuildKernel() {
     # build a BLS config for this kernel
     %{SOURCE43} "$KernelVer" "$RPM_BUILD_ROOT" "%{?variant}"
 
-    # Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
+    # AlmaLinux UEFI Secure Boot CA cert, which can be used to authenticate the kernel
     mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
     %ifarch x86_64 aarch64
         install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca-20200609.cer