diff --git a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim-signed/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim-signed/Manifest
new file mode 100644
index 0000000000..01961010c9
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim-signed/Manifest
@@ -0,0 +1,2 @@
+DIST shimaa64-15.8.efi.signed 995206 BLAKE2B fc858188d800dd785a6b989f154ddb3bb07748b8ee91ec3ffbabddf7452bb12eecfb788d9df97d1d900395c0825a4336f8b428bafa978d31995c0f671b7d1726 SHA512 d7875c906b715819b8d1b2a3a79adce64e4b37cfd7d8164cdf76fbb73a8e0b8264b01c403f8d71869f7a78bb5f840e81061f41d75d85cb49c58d3bee5e65004c
+DIST shimx64-15.8.efi.signed 948418 BLAKE2B 7c92989ec63111799cc0f481cef47108e58f96dc3b53116e1cee1e24cc940d3e5470a0aa6c057d86339f435eddc22272281c08e46db0856ada6db69d7cd32c64 SHA512 ff6e4f4add5c9d3914118e53e2669b7f63168c41be95b07c5a8308c64bf1a1d4ff133bb0dde602f0a0c7ef035e4847eac14969c3d9ff3a99c9011c2d8dd20014
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim-signed/metadata.xml b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim-signed/metadata.xml
new file mode 100644
index 0000000000..408e4b227d
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim-signed/metadata.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<upstream>
+		<remote-id type="cpe">cpe:/a:redhat:shim</remote-id>
+		<remote-id type="github">rhboot/shim</remote-id>
+	</upstream>
+</pkgmetadata>
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim-signed/shim-signed-15.8.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim-signed/shim-signed-15.8.ebuild
new file mode 100644
index 0000000000..113f9d1c9c
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim-signed/shim-signed-15.8.ebuild
@@ -0,0 +1,25 @@
+# Copyright (c) 2024 The Flatcar Maintainers.
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+declare -A ARCHES
+ARCHES[amd64]="x64"
+ARCHES[arm64]="aa64"
+
+DESCRIPTION="Signed UEFI Shim loader"
+HOMEPAGE="https://github.com/rhboot/shim"
+S="${WORKDIR}"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="amd64 arm64"
+
+for arch in ${KEYWORDS}; do
+	SRC_URI+="${arch}? ( https://mirror.release.flatcar-linux.net/coreos/shim${ARCHES[$arch]}-${PV}.efi.signed ) "
+done
+
+src_install() {
+	insinto /usr/lib/shim
+	newins "${DISTDIR}/shim${ARCHES[$ARCH]}-${PV}.efi.signed" "shim${ARCHES[$ARCH]}.efi.signed"
+}
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/metadata.xml b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/metadata.xml
index 097975e3ad..408e4b227d 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/metadata.xml
+++ b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/metadata.xml
@@ -1,4 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
+	<upstream>
+		<remote-id type="cpe">cpe:/a:redhat:shim</remote-id>
+		<remote-id type="github">rhboot/shim</remote-id>
+	</upstream>
 </pkgmetadata>