diff --git a/.github/workflows/portage-stable-packages-list b/.github/workflows/portage-stable-packages-list
index 296ba03eac..89e859662e 100644
--- a/.github/workflows/portage-stable-packages-list
+++ b/.github/workflows/portage-stable-packages-list
@@ -624,7 +624,7 @@ sys-devel/gnuconfig
 sys-devel/m4
 sys-devel/patch
 
-sys-firmware/edk2-ovmf-bin
+sys-firmware/edk2-bin
 sys-firmware/intel-microcode
 sys-firmware/ipxe
 sys-firmware/seabios-bin
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1-r50.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1-r51.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1-r50.ebuild
rename to sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1-r51.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1.ebuild
index e36aeb5b0e..2d1778bc5c 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1.ebuild
@@ -43,7 +43,7 @@ DEPEND="
 	sys-apps/seismograph
 	sys-boot/grub
 	amd64? ( sys-boot/shim )
-	sys-firmware/edk2-ovmf-bin
+	sys-firmware/edk2-bin
 	sys-fs/btrfs-progs
 	sys-fs/cryptsetup
 	dev-perl/Parse-Yapp
diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
index f438fb831c..049fd4ce65 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
@@ -135,6 +135,11 @@ dev-util/catalyst ~amd64 ~arm64
 # Keep versions on both arches in sync.
 =sys-devel/binutils-config-5.5.2 ~arm64
 =sys-devel/gettext-0.22.5 ~arm64
+
+# Needed in SDK for Secure Boot on arm64.
+=sys-firmware/edk2-bin-202408 ~amd64 ~arm64
+
+# Keep versions on both arches in sync.
 =sys-fs/btrfs-progs-6.10.1 ~arm64
 =sys-fs/quota-4.09-r1 ~arm64
 =sys-libs/cracklib-2.10.2 ~arm64
diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.use
index 27049b2d91..062e03cbe6 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.use
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.use
@@ -29,5 +29,8 @@ sys-libs/zlib static-libs
 virtual/jpeg static-libs
 x11-libs/pixman static-libs
 
+# Get latest EDK2 firmware for Secure Boot on arm64.
+app-emulation/qemu -pin-upstream-blobs
+
 # Enable gssapi for SDK
 net-dns/bind-tools           gssapi
diff --git a/sdk_container/src/third_party/portage-stable/sys-firmware/edk2-ovmf-bin/Manifest b/sdk_container/src/third_party/portage-stable/sys-firmware/edk2-ovmf-bin/Manifest
deleted file mode 100644
index 3acdd51ad6..0000000000
--- a/sdk_container/src/third_party/portage-stable/sys-firmware/edk2-ovmf-bin/Manifest
+++ /dev/null
@@ -1 +0,0 @@
-DIST edk2-ovmf-202202-1.xpak 2672386 BLAKE2B 75c15d4379610ab2af85b78166e350d52f4f1bc1fff5b2eb693ad0d7b1f6648e65d8ae3e2c5467f93f1557ad3b4fa664ab2d76ff10794667de22c2ea8cca6b2d SHA512 06783b89c96bada0fd025ff39eaee501a027abcb03c0bdcf3ff497d52be22927ab03013d90f145ee94a8662cfffe4f8c154dcd06db1bb1acef8a85ae43de14a3
diff --git a/sdk_container/src/third_party/portage-stable/sys-firmware/edk2-ovmf-bin/edk2-ovmf-bin-202202.ebuild b/sdk_container/src/third_party/portage-stable/sys-firmware/edk2-ovmf-bin/edk2-ovmf-bin-202202.ebuild
deleted file mode 100644
index 2a1a7048cb..0000000000
--- a/sdk_container/src/third_party/portage-stable/sys-firmware/edk2-ovmf-bin/edk2-ovmf-bin-202202.ebuild
+++ /dev/null
@@ -1,71 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit readme.gentoo-r1 secureboot
-
-BINPKG="${P/-bin/}-1"
-
-DESCRIPTION="UEFI firmware for 64-bit x86 virtual machines"
-HOMEPAGE="https://github.com/tianocore/edk2"
-SRC_URI="https://dev.gentoo.org/~ajak/distfiles/${BINPKG}.xpak"
-S="${WORKDIR}"
-
-# TODO: the binary 202105 package currently lacks the preseeded
-#       OVMF_VARS.secboot.fd file (that we typically get from fedora)
-
-LICENSE="BSD-2 MIT"
-SLOT="0"
-KEYWORDS="amd64 arm64 ~loong ~ppc ppc64 ~riscv x86"
-
-RDEPEND="!sys-firmware/edk2-ovmf"
-
-DISABLE_AUTOFORMATTING=true
-DOC_CONTENTS="This package contains the tianocore edk2 UEFI firmware for 64-bit x86
-virtual machines. The firmware is located under
-	/usr/share/edk2-ovmf/OVMF_CODE.fd
-	/usr/share/edk2-ovmf/OVMF_VARS.fd
-	/usr/share/edk2-ovmf/OVMF_CODE.secboot.fd
-
-If USE=binary is enabled, we also install an OVMF variables file (coming from
-fedora) that contains secureboot default keys
-
-	/usr/share/edk2-ovmf/OVMF_VARS.secboot.fd
-
-If you have compiled this package by hand, you need to either populate all
-necessary EFI variables by hand by booting
-	/usr/share/edk2-ovmf/UefiShell.(iso|img)
-or creating OVMF_VARS.secboot.fd by hand:
-	https://github.com/puiterwijk/qemu-ovmf-secureboot
-
-The firmware does not support csm (due to no free csm implementation
-available). If you need a firmware with csm support you have to download
-one for yourself. Firmware blobs are commonly labeled
-	OVMF{,_CODE,_VARS}-with-csm.fd
-
-In order to use the firmware you can run qemu the following way
-
-	$ qemu-system-x86_64 \
-		-drive file=/usr/share/edk2-ovmf/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on \
-		..."
-
-src_unpack() {
-	tar -xf - < <(xz -c -d --single-stream "${DISTDIR}/${BINPKG}.xpak") || die "unpacking binpkg failed"
-}
-
-src_install() {
-	mv "usr/share/doc/${P/-bin/}" "usr/share/doc/${PF}" || die
-
-	# Don't want to try to install the readme from the source package
-	rm "usr/share/doc/${PF}/README.gentoo.bz2"
-	mv usr "${ED}" || die
-
-	secureboot_auto_sign --in-place
-
-	readme.gentoo_create_doc
-}
-
-pkg_postinst() {
-	readme.gentoo_print_elog
-}
diff --git a/sdk_container/src/third_party/portage-stable/sys-firmware/edk2-ovmf-bin/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-firmware/edk2-ovmf-bin/metadata.xml
deleted file mode 100644
index 674a9e5d13..0000000000
--- a/sdk_container/src/third_party/portage-stable/sys-firmware/edk2-ovmf-bin/metadata.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
-	<maintainer type="project">
-		<email>virtualization@gentoo.org</email>
-		<name>Gentoo Virtualization Project</name>
-	</maintainer>
-	<upstream>
-		<remote-id type="cpe">cpe:/a:tianocore:edk2</remote-id>
-	</upstream>
-</pkgmetadata>