diff --git a/0063-Add-friendly-grub2-password-config-tool-985962.patch b/0063-Add-friendly-grub2-password-config-tool-985962.patch
index 0bb4b8739f00aec105630992d89c69acdf85d6f1..f7cbd0a352ecc51fb5b4c4c6e365323c6b636651 100644
--- a/0063-Add-friendly-grub2-password-config-tool-985962.patch
+++ b/0063-Add-friendly-grub2-password-config-tool-985962.patch
@@ -158,7 +158,7 @@ index 000000000..dd76f00fc
 +$0 prompts the user to set a password on the grub bootloader. The password
 +is written to a file named user.cfg.
 +
-+Report bugs at https://bugs.cclinux.org.
++Report bugs at https://bugzilla.redhat.com.
 +EOF
 +}
 +
diff --git a/0069-Clean-up-grub-setpassword-documentation-1290799.patch b/0069-Clean-up-grub-setpassword-documentation-1290799.patch
index 8cd8c738ae3a4bb761ffa1880ebc42de503d69e6..65460befff66a43d0673e7ae11445f6ecdbd59ea 100644
--- a/0069-Clean-up-grub-setpassword-documentation-1290799.patch
+++ b/0069-Clean-up-grub-setpassword-documentation-1290799.patch
@@ -51,5 +51,5 @@ index fb9d3a3b6..c8c0fa419 100644
 +  -v, --version                  print the version information and exit
 +  -o, --output_path <DIRECTORY>  put user.cfg in a user-selected directory
  
- Report bugs at https://bugs.cclinux.org.
+ Report bugs at https://bugzilla.redhat.com.
  EOF
diff --git a/circle-boot-ca-cert.der b/circle-boot-ca-cert.der
deleted file mode 100644
index 7dd70ff1fdb34fc6317486b72d86f6a0dc995d98..0000000000000000000000000000000000000000
Binary files a/circle-boot-ca-cert.der and /dev/null differ
diff --git a/circle-boot-signing-cert.der b/circle-boot-signing-cert.der
deleted file mode 100644
index 576ac380e35b1a3bcf639ec50626e3a19a996e5e..0000000000000000000000000000000000000000
Binary files a/circle-boot-signing-cert.der and /dev/null differ
diff --git a/grub.macros b/grub.macros
index c54a44aac2f7899ea8f87f490cec50a32b9b23a7..cc84169cf7c464cefd8d48dcc0719bf54cee9ab8 100644
--- a/grub.macros
+++ b/grub.macros
@@ -409,8 +409,10 @@ done								\
 	-p /EFI/BOOT -d grub-core				\\\
 	--sbat %{4}./sbat.csv					\\\
 	${GRUB_MODULES}						\
-%{expand:%%{pesign -s -i %%{2}.orig -o %%{2} -a %%{5} -c %%{6} -n %%{7}}}	\
-%{expand:%%{pesign -s -i %%{3}.orig -o %%{3} -a %%{5} -c %%{6} -n %%{7}}}	\
+%{expand:%%{pesign -s -i %%{2}.orig -o %%{2}.one -a %%{5} -c %%{6} -n %%{7}}}	\
+%{expand:%%{pesign -s -i %%{3}.orig -o %%{3}.one -a %%{5} -c %%{6} -n %%{7}}}	\
+%{expand:%%{pesign -s -i %%{2}.one -o %%{2} -a %%{8} -c %%{9} -n %%{10}}}	\
+%{expand:%%{pesign -s -i %%{3}.one -o %%{3} -a %%{8} -c %%{9} -n %%{10}}}	\
 %{nil}
 %else
 %define efi_mkimage()						\
diff --git a/grub2.spec b/grub2.spec
index 73d65f1be127060e952a21b7c5ee5ab4a6a7a45c..e75bdabb720cb7295d48d29018087bea4e923d38 100644
--- a/grub2.spec
+++ b/grub2.spec
@@ -12,7 +12,7 @@
 Name:		grub2
 Epoch:		1
 Version:	2.02
-Release:	148%{anolis_release}%{?dist}.1
+Release:	150%{anolis_release}%{?dist}
 Summary:	Bootloader with support for Linux, Multiboot and more
 Group:		System Environment/Base
 License:	GPLv3+
@@ -29,8 +29,12 @@ Source6:	gitignore
 Source8:	strtoull_test.c
 Source9:	20-grub.install
 Source12:	99-grub-mkconfig.install
-Source13:	circle-boot-ca-cert.der
-Source14:	circle-boot-signing-cert.der
+Source13:	redhatsecurebootca3.cer
+Source14:	redhatsecureboot301.cer
+Source15:	redhatsecurebootca5.cer
+Source16:	redhatsecureboot502.cer
+Source17:	redhatsecureboot601.cer
+Source18:	redhatsecureboot701.cer
 Source19:	sbat.csv.in
 
 %include %{SOURCE1}
@@ -38,16 +42,16 @@ Source19:	sbat.csv.in
 %if 0%{with_efi_arch}
 %define old_sb_ca	%{SOURCE13}
 %define old_sb_cer	%{SOURCE14}
-%define old_sb_key	circlebootsigningcert
-%define sb_ca		%{SOURCE13}
-%define sb_cer		%{SOURCE14}
-%define sb_key		circlebootsigningcert
+%define old_sb_key	redhatsecureboot301
+%define sb_ca		%{SOURCE15}
+%define sb_cer		%{SOURCE16}
+%define sb_key		redhatsecureboot502
 %endif
 
 %ifarch ppc64le
-%define old_sb_cer	%{SOURCE13}
-%define sb_cer		%{SOURCE14}
-%define sb_key		circlebootsigningcert
+%define old_sb_cer	%{SOURCE17}
+%define sb_cer		%{SOURCE18}
+%define sb_key		redhatsecureboot702
 %endif
 
 # generate with do-rebase
@@ -519,7 +523,7 @@ fi
 %endif
 
 %changelog
-* Wed Jul 05 2023 Bo Ren <rb01097748@alibaba-inc.com> - 2.02-148.0.1.1
+* Mon Dec 18 2023 Bo Ren <rb01097748@alibaba-inc.com> - 2.02-150.0.1
 - Build pc-modules package on x86_64 (geliwei@openanolis.org)
 - Add loongarch64 base support (zhangwenlong@loongson.cn)(chenguoqi@loongson.cn)
 - Fix a bug in bls_make_list, blscfg. (zhonglingh@linux.alibaba.com)
@@ -528,9 +532,13 @@ fi
 - LoongArch64 support fdt and phy-addr BIOS(yangqiming@loongson.cn)
 - Remove dtb dir with correct argument (Liwei Ge)
 
-* Fri Jun 16 2023 Nicolas Frayer <nfrayer@redhat.com> - 2.02-148.el8_8.1
-- Sync with 8.9 (actually 2.02-150)
-- Resolves: #2207972
+* Fri Jun 16 2023 Nicolas Frayer <nfrayer@redhat.com> - 2.02-150
+- kern/ieee1275/init: sync vec5 patchset with upstream
+- Resolves: #2172111
+
+* Wed Jun 14 2023 Nicolas Frayer <nfrayer@redhat.com> - 2.02-149
+- efi/http: change uint32_t to uintn_t for grub_efi_http_message_t
+- Resolves: #2178388
 
 * Mon Feb 06 2023 Robbie Harwood <rharwood@redhat.com> - 2.02-148
 - ppc64le: cas5, take 3
diff --git a/redhatsecureboot301.cer b/redhatsecureboot301.cer
new file mode 100644
index 0000000000000000000000000000000000000000..4ff8b79e6736e566dbf39603e0887a53345aa4e4
Binary files /dev/null and b/redhatsecureboot301.cer differ
diff --git a/redhatsecureboot502.cer b/redhatsecureboot502.cer
new file mode 100644
index 0000000000000000000000000000000000000000..be0b5e211ccf8ad7ba74c88841c921cfdbad5a70
Binary files /dev/null and b/redhatsecureboot502.cer differ
diff --git a/redhatsecureboot601.cer b/redhatsecureboot601.cer
new file mode 100644
index 0000000000000000000000000000000000000000..c92b96b4e0d360b90333361ea61f565f196ea20e
Binary files /dev/null and b/redhatsecureboot601.cer differ
diff --git a/redhatsecureboot701.cer b/redhatsecureboot701.cer
new file mode 100644
index 0000000000000000000000000000000000000000..25e3743e47c3c1f06da0124a1d99e99e4920f6e7
Binary files /dev/null and b/redhatsecureboot701.cer differ
diff --git a/redhatsecurebootca3.cer b/redhatsecurebootca3.cer
new file mode 100644
index 0000000000000000000000000000000000000000..b2354007b9668258683b99a68fa5bdd3067c31b1
Binary files /dev/null and b/redhatsecurebootca3.cer differ
diff --git a/redhatsecurebootca5.cer b/redhatsecurebootca5.cer
new file mode 100644
index 0000000000000000000000000000000000000000..dfb0284954861282d1a0ce16c8c5cdc71c27659f
Binary files /dev/null and b/redhatsecurebootca5.cer differ
diff --git a/sbat.csv.in b/sbat.csv.in
index 59a00611beb925b5ce305df8db67bfe50d06d026..b338b5f58cb646e4d1892e941b4ba8c667d8a2c0 100755
--- a/sbat.csv.in
+++ b/sbat.csv.in
@@ -1,4 +1,3 @@
 sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
-grub,1,Free Software Foundation,grub,2.02,https://www.gnu.org/software/grub/
-grub.rhel8,1,Red Hat Enterprise Linux 8,grub2,@@VERSION@@,mail:secalert@redhat.com
-grub.circle8,1,Circle Linux 8,grub2,@@VERSION@@,mail:security@cclinux.org
+grub,3,Free Software Foundation,grub,@@VERSION@@,https//www.gnu.org/software/grub/
+grub.rh,2,Red Hat,grub2,@@VERSION_RELEASE@@,mailto:secalert@redhat.com