diff --git a/build_library/grub_install.sh b/build_library/grub_install.sh
index 57b08b677c..936ca93045 100755
--- a/build_library/grub_install.sh
+++ b/build_library/grub_install.sh
@@ -58,7 +58,7 @@ case "${FLAGS_target}" in
         CORE_NAME="core.img"
         ;;
     x86_64-efi)
-	CORE_MODULES+=( serial efi_gop efinet pgp http tftp )
+        CORE_MODULES+=( serial efi_gop efinet pgp http tftp )
         CORE_NAME="core.efi"
         ;;
     x86_64-xen)
@@ -192,19 +192,25 @@ case "${FLAGS_target}" in
     x86_64-efi)
         info "Installing default x86_64 UEFI bootloader."
         sudo mkdir -p "${ESP_DIR}/EFI/boot"
-	# Use the test keys for signing unofficial builds
-	if [[ ${COREOS_OFFICIAL:-0} -ne 1 ]]; then
-            sudo sbsign --key /usr/share/sb_keys/DB.key \
-                    --cert /usr/share/sb_keys/DB.crt \
+        # Use the test keys for signing unofficial builds
+        if [[ ${COREOS_OFFICIAL:-0} -ne 1 ]]; then
+            sudo sbsign --key /usr/share/sb_keys/shim.rsa \
+                    --cert /usr/share/sb_keys/shim.pem \
                     "${ESP_DIR}/${GRUB_DIR}/${CORE_NAME}"
             sudo cp "${ESP_DIR}/${GRUB_DIR}/${CORE_NAME}.signed" \
                 "${ESP_DIR}/EFI/boot/grubx64.efi"
-            sudo cp "/usr/lib/shim/mmx64.efi" \
+            sudo sbsign --key /usr/share/sb_keys/shim.rsa \
+                    --cert /usr/share/sb_keys/shim.pem \
+                    "/usr/lib/shim/mmx64.efi"
+            sudo cp "/usr/lib/shim/mmx64.efi.signed" \
                 "${ESP_DIR}/EFI/boot/mmx64.efi"
-            sudo cp "/usr/lib/shim/fbx64.efi" \
+            sudo sbsign --key /usr/share/sb_keys/shim.rsa \
+                    --cert /usr/share/sb_keys/shim.pem \
+                    "/usr/lib/shim/fbx64.efi"
+            sudo cp "/usr/lib/shim/fbx64.efi.signed" \
                 "${ESP_DIR}/EFI/boot/fbx64.efi"
-            sudo sbsign --key /usr/share/sb_keys/DB.key \
-                 --cert /usr/share/sb_keys/DB.crt \
+            sudo sbsign --key /usr/share/sb_keys/shim.rsa \
+                 --cert /usr/share/sb_keys/shim.pem \
                  --output "${ESP_DIR}/EFI/boot/bootx64.efi" \
                  "/usr/lib/shim/shim.efi"
         else
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/coreos-sb-keys-0.0.2.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/coreos-sb-keys-0.0.2.ebuild
index 242f9b1245..cc8a4ffefe 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/coreos-sb-keys-0.0.2.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/coreos-sb-keys-0.0.2.ebuild
@@ -3,7 +3,7 @@
 
 EAPI=7
 
-DESCRIPTION="CoreOS Secure Boot keys"
+DESCRIPTION="Flatcar Secure Boot keys"
 HOMEPAGE=""
 SRC_URI=""
 LICENSE="BSD"
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-9999.ebuild
index 254e1000db..2ee87857e1 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-9999.ebuild
@@ -47,13 +47,15 @@ src_compile() {
 	# instead of amd64, and aarch64 instead of arm64.
 	insinto /usr/share/sb_keys
 	newins "${FILESDIR}/shim.der" shim.der
+	newins "${FILESDIR}/shim.rsa" shim.rsa
+	newins "${FILESDIR}/shim.pem" shim.pem
 	if use amd64; then
 		emake_args+=( ARCH=x86_64 )
 	elif use arm64; then
 		emake_args+=( ARCH=aarch64 )
 	fi
   emake_args+=( ENABLE_SBSIGN=1 )
-  emake_args+=( VENDOR_CERT_FILE="${SYSROOT}/usr/share/sb_keys/DB.der" )
+  emake_args+=( VENDOR_CERT_FILE="${SYSROOT}/usr/share/sb_keys/shim.der" )
 	emake "${emake_args[@]}" || die
 }