diff --git a/.shim.metadata b/.shim.metadata
index 24b7aab..473aeab 100644
--- a/.shim.metadata
+++ b/.shim.metadata
@@ -1,3 +1,3 @@
 8ab193ad7addd71e4a820081f36d47e5ef727d28 SOURCES/shimaa64.efi
-d3178fb0a2d662e2457e4a5cd13d1224e2aac1c2 SOURCES/shimia32.efi
-9fb692b46fc70fd07a9acbbabc8e1c50d0e9a481 SOURCES/shimx64.efi
+ea800341a41765d0a06611220063d3aef8453dab SOURCES/shimia32.efi
+9f0ee5b4f212db7d228c8f985d4f15410c4922ed SOURCES/shimx64.efi
diff --git a/SOURCES/BOOTAA64.CSV b/SOURCES/BOOTAA64.CSV
index 2dad06e..3ef9ab9 100644
Binary files a/SOURCES/BOOTAA64.CSV and b/SOURCES/BOOTAA64.CSV differ
diff --git a/SOURCES/BOOTIA32.CSV b/SOURCES/BOOTIA32.CSV
index 4e658b2..a45da43 100644
Binary files a/SOURCES/BOOTIA32.CSV and b/SOURCES/BOOTIA32.CSV differ
diff --git a/SOURCES/BOOTX64.CSV b/SOURCES/BOOTX64.CSV
index 7692a93..38a9ef0 100644
Binary files a/SOURCES/BOOTX64.CSV and b/SOURCES/BOOTX64.CSV differ
diff --git a/SOURCES/clsecureboot001.cer b/SOURCES/clsecureboot001.cer
new file mode 100644
index 0000000..ca9ce5d
Binary files /dev/null and b/SOURCES/clsecureboot001.cer differ
diff --git a/SOURCES/redhatsecureboot501.cer b/SOURCES/redhatsecureboot501.cer
deleted file mode 100644
index dfa7afb..0000000
Binary files a/SOURCES/redhatsecureboot501.cer and /dev/null differ
diff --git a/SOURCES/redhatsecurebootca5.cer b/SOURCES/redhatsecurebootca5.cer
deleted file mode 100644
index dfb0284..0000000
Binary files a/SOURCES/redhatsecurebootca5.cer and /dev/null differ
diff --git a/SOURCES/shim.rpmmacros b/SOURCES/shim.rpmmacros
index f477f25..9f43046 100644
--- a/SOURCES/shim.rpmmacros
+++ b/SOURCES/shim.rpmmacros
@@ -13,9 +13,9 @@
 %global shimefix64 %{expand:%{SOURCE22}}
 #%%global shimefiarm %%{expand:%%{SOURCE23}
 
-%global shimveraa64 15-7.el8_1
-%global shimveria32 15.4-4.el8_1
-%global shimverx64 15.4-4.el8_1
+%global shimveraa64 15-6.el8
+%global shimveria32 15.4-4.el8.alma
+%global shimverx64 15.4-4.el8.alma
 #%%global shimverarm 15-1.el8
 
 %global shimdiraa64 %{_datadir}/shim/%{shimveraa64}/aa64
@@ -48,6 +48,7 @@ Requires: mokutil >= 1:0.3.0-1						\
 Requires: efi-filesystem						\
 Provides: shim-signed-%{-a*} = %{version}-%{release}			\
 Requires: dbxtool >= 0.6-3						\
+Requires: %{efi_esp_dir}/grub%{-a*}.efi					\
 %{expand:%%if 0%%{-p*}							\
 Provides: shim = %{version}-%{release}					\
 Provides: shim-signed = %{version}-%{release}				\
diff --git a/SPECS/shim.spec b/SPECS/shim.spec
index e73f31f..cc236ad 100644
--- a/SPECS/shim.spec
+++ b/SPECS/shim.spec
@@ -1,3 +1,8 @@
+%global dist %{?dist}.alma
+%global efi_vendor almalinux
+%global efidir almalinux
+%global efi_esp_dir /boot/efi/EFI/%{efidir}
+
 Name:		shim
 Version:	15.4
 Release:	2%{?dist}
@@ -14,8 +19,8 @@ ExcludeArch:	%{ix86}
 ExcludeArch:	%{arm}
 
 Source0:	shim.rpmmacros
-Source1:	redhatsecureboot501.cer
-Source2:	redhatsecurebootca5.cer
+Source1:	clsecureboot001.cer
+# Source2:	alnsecurebootca.cer
 
 # keep these two lists of sources synched up arch-wise.  That is 0 and 10
 # match, 1 and 11 match, ...
@@ -101,27 +106,20 @@ install -m 0700 %{shimefi} $RPM_BUILD_ROOT%{efi_esp_dir}/shim.efi
 %endif
 
 %changelog
-* Tue Apr 06 2021 Peter Jones <pjones@redhat.com> - 15.4-2
-- Fix build-deps on our shim-unsigned-* packages.
-  Related: CVE-2020-14372 (and others)
+* Wed Apr 21 2021 Andrew Lukoshko <alukoshko@almalinux.org> - 15.4-2.alma
+- Update to upstream 15.4 version
+- Add support for Secure Boot
 
-* Mon Apr 05 2021 Peter Jones <pjones@redhat.com> - 15.4-1
-- Update to shim 15.4
-  - Support for revocations via the ".sbat" section and SBAT EFI variable
-  - A new unit test framework and a bunch of unit tests
-  - No external gnu-efi dependency
-  - Better CI
-  Resolves: CVE-2020-14372
-  Resolves: CVE-2020-25632
-  Resolves: CVE-2020-25647
-  Resolves: CVE-2020-27749
-  Resolves: CVE-2020-27779
-  Resolves: CVE-2021-20225
-  Resolves: CVE-2021-20233
+* Mon Mar 15 2021 Andrei Lukoshko <alukoshko@almalinux.org> - 15-16.alma.1
+- AlmaLinux changes
+
+* Mon Sep 21 2020 Javier Martinez Canillas <javierm@redhat.com> - 15-16
+- Fix an incorrect allocation size
+  Resolves: rhbz#1877253
 
 * Fri Jul 31 2020 Peter Jones <pjones@redhat.com> - 15-15
 - Update once again for new signed shim builds.
-  Resolves: rhbz#1862231
+  Resolves: rhbz#1861977
 
 * Tue Jul 28 2020 Peter Jones <pjones@redhat.com> - 15-14
 - Get rid of our %%dist hack for now.
@@ -136,7 +134,9 @@ install -m 0700 %{shimefi} $RPM_BUILD_ROOT%{efi_esp_dir}/shim.efi
 
 * Thu Jun 11 2020 Javier Martinez Canillas <javierm@redhat.com> - 15-12
 - Fix firmware update bug in aarch64 caused by shim ignoring arguments
+  Resolves: rhbz#1830871
 - Fix a shim crash when attempting to netboot
+  Resolves: rhbz#1795654
 
 * Fri Jun 07 2019 Javier Martinez Canillas <javierm@redhat.com> - 15-11
 - Update the shim-unsigned-aarch64 version number