diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/coreos-sb-keys-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/coreos-sb-keys-0.0.1.ebuild
index 9ff15fdf5d..00e8978a6c 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/coreos-sb-keys-0.0.1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/coreos-sb-keys-0.0.1.ebuild
@@ -21,4 +21,5 @@ src_install() {
 	newins "${FILESDIR}/KEK.crt" KEK.crt
 	newins "${FILESDIR}/DB.key" DB.key
 	newins "${FILESDIR}/DB.crt" DB.crt
+	newins "${FILESDIR}/DB.crt" DB.der
 }
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/DB.der b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/DB.der
new file mode 100644
index 0000000000..2ec1eaf3c3
Binary files /dev/null and b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/DB.der differ
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/DB.pem b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/DB.pem
new file mode 100644
index 0000000000..e621892143
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/DB.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBTCCAe2gAwIBAgIJALVWTDRRd7EnMA0GCSqGSIb3DQEBCwUAMBkxFzAVBgNV
+BAMMDkNvcmVPUyB0ZXN0IERCMB4XDTE1MDQxMzE4MzM0NloXDTE1MDUxMzE4MzM0
+NlowGTEXMBUGA1UEAwwOQ29yZU9TIHRlc3QgREIwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQCwQoQNxPH1ei+RNEcxmdn8cCNc/tYXuLObAUHtTp9AqCYr
+BkZiFZ25RmujfmJDdK4fPN81tpNC0aKKr71UYgcj13noHmOgR9Rv3rRxwBib3n7S
+K4RjnpW6V2aRDYNo0BH25lk/5M8IE6SX0SIuG1vCFavAj5s0dg5ycPHkDj1Ypbmv
+Q6froIdCVX3fSNXSgPY812Eb36yNyZFybetQupfVRsl0auCUNh3anNLPCFre1oZf
+lkx+U3BFXDZ0k8Fjq+fzvKxu4ef9XpZmXieow5YCwemCRItl+ftBeWD/OjXoNXBR
+sij3QNi/CxrO59DiklpGolPaCVA0oJYWL5XkWI/dAgMBAAGjUDBOMB0GA1UdDgQW
+BBRmPA/wBsfGI3EH2/X5W/SuwY1NOzAfBgNVHSMEGDAWgBRmPA/wBsfGI3EH2/X5
+W/SuwY1NOzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCW9TbpGhGv
+ZPPlb0X05wXYnzKUUq6U3IlxGVghwjLeE6/IIQvWn+sl7l9PNainzPATx1jZ7YSR
+HTCXhtfbnM9WICOV/h4Vztt7Z2m65gDa+/5679VpQfrqG5oV7FhucmPiMNbiy92Y
+F5SjB/HmRaSfimew3RmnOVUeUySW7Nw7tA5ka/nG0U9hXd296z7ghJlZQj1qTYtr
+1Y2yv4QSiRWNZcJSOq79tdGbAJqkqibo775UH6sj/UfHMoDQTvAenF8H/4F80r+6
+X2pgnX96ihshJ2MAXQnhbLLmPtXn/pV122xis/177yrefavHFTp14KPbnU1K3jeW
+hoLJhYcZKXdz
+-----END CERTIFICATE-----
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-9999.ebuild
index 6c29fa7e6f..85d73be186 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-9999.ebuild
@@ -21,6 +21,7 @@ LICENSE="BSD"
 SLOT="0"
 IUSE=""
 
+BDEPEND="coreos-base/coreos-sb-keys"
 RDEPEND=""
 # TODO: Would be ideal to depend on sys-boot/gnu-efi package, but
 # currently the shim insists on using the bundled copy. This will need
@@ -50,7 +51,7 @@ src_compile() {
 		emake_args+=( ARCH=aarch64 )
 	fi
   emake_args+= ( ENABLE_SBSIGN=1 )
-  emake_args+=( VENDOR_CERT_FILE="/usr/share/sb_keys/shim.der" )
+  emake_args+=( VENDOR_CERT_FILE="/usr/share/sb_keys/DB.der" )
 	emake "${emake_args[@]}" || die
 }