diff --git a/SOURCES/sbat.almalinux.csv b/SOURCES/sbat.almalinux.csv
new file mode 100644
index 0000000..d64c2cf
--- /dev/null
+++ b/SOURCES/sbat.almalinux.csv
@@ -0,0 +1 @@
+shim.almalinux,2,AlmaLinux,shim,15.6,security@almalinux.org
diff --git a/SOURCES/vendor_db.esl b/SOURCES/vendor_db.esl
new file mode 100644
index 0000000..146fd75
Binary files /dev/null and b/SOURCES/vendor_db.esl differ
diff --git a/SPECS/shim-unsigned-x64.spec b/SPECS/shim-unsigned-x64.spec
index 6064d69..caf9cfa 100644
--- a/SPECS/shim-unsigned-x64.spec
+++ b/SPECS/shim-unsigned-x64.spec
@@ -1,7 +1,7 @@
 %global pesign_vre 0.106-1
 %global openssl_vre 1.0.2j
 
-%global efidir %(eval echo $(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/'))
+%global efidir almalinux
 %global shimrootdir %{_datadir}/shim/
 %global shimversiondir %{shimrootdir}/%{version}-%{release}
 %global efiarch x64
@@ -20,17 +20,17 @@
 
 Name:		shim-unsigned-%{efiarch}
 Version:	15.6
-Release:	1.el9
+Release:	1.el9.alma.1
 Summary:	First-stage UEFI bootloader
 ExclusiveArch:	x86_64
 License:	BSD
 URL:		https://github.com/rhboot/shim
 Source0:	https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2
-Source1:	redhatsecurebootca5.cer
+Source1:	vendor_db.esl
 %if 0%{?dbxfile}
 Source2:	%{dbxfile}
 %endif
-Source3:	sbat.redhat.csv
+Source3:	sbat.almalinux.csv
 Source4:	shim.patches
 
 Source100:	shim-find-debuginfo.sh
@@ -109,7 +109,7 @@ MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
 MAKEFLAGS+="ENABLE_SHIM_HASH=true "
 MAKEFLAGS+="%{_smp_mflags}"
 if [ -f "%{SOURCE1}" ]; then
-	MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1}"
+	MAKEFLAGS="$MAKEFLAGS VENDOR_DB_FILE=%{SOURCE1}"
 fi
 %if 0%{?dbxfile}
 if [ -f "%{SOURCE2}" ]; then
@@ -129,7 +129,7 @@ MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} "
 MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
 MAKEFLAGS+="ENABLE_SHIM_HASH=true "
 if [ -f "%{SOURCE1}" ]; then
-	MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1}"
+	MAKEFLAGS="$MAKEFLAGS VENDOR_DB_FILE=%{SOURCE1}"
 fi
 %if 0%{?dbxfile}
 if [ -f "%{SOURCE2}" ]; then
@@ -158,6 +158,9 @@ cd ..
 %files debugsource -f build-%{efiarch}/debugsource.list
 
 %changelog
+* Thu Mar 09 2023 Eduard Abdullin <eabdullin@almalinux.org> - 15.6-1.el9.alma.1
+- Use AlmaLinux vendor cert and SBAT entry
+
 * Wed Jun 01 2022 Peter Jones <pjones@redhat.com> - 15.6-1.el9
 - Update to shim-15.6
   Resolves: CVE-2022-28737