diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..414e76c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+SOURCES/shimaa64.efi
+SOURCES/shimx64.efi
diff --git a/.shim-signed.metadata b/.shim-signed.metadata
new file mode 100644
index 0000000..0310970
--- /dev/null
+++ b/.shim-signed.metadata
@@ -0,0 +1,2 @@
+e802f589adbf4ad580c420395197fb724f7f915a SOURCES/shimaa64.efi
+1ed0450060202cea44d69a503da1b33004a963dc SOURCES/shimx64.efi
diff --git a/README.md b/README.md
deleted file mode 100644
index 0e7897f..0000000
--- a/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-The master branch has no content
- 
-Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6
- 
-If you find this file in a distro specific branch, it means that no content has been checked in yet
diff --git a/SOURCES/BOOT.CSV b/SOURCES/BOOT.CSV
new file mode 100644
index 0000000..fd5fb6d
Binary files /dev/null and b/SOURCES/BOOT.CSV differ
diff --git a/SOURCES/secureboot.cer b/SOURCES/secureboot.cer
new file mode 100644
index 0000000..4ff8b79
Binary files /dev/null and b/SOURCES/secureboot.cer differ
diff --git a/SOURCES/securebootca.cer b/SOURCES/securebootca.cer
new file mode 100644
index 0000000..b235400
Binary files /dev/null and b/SOURCES/securebootca.cer differ
diff --git a/SPECS/shim-signed.spec b/SPECS/shim-signed.spec
new file mode 100644
index 0000000..6806c5a
--- /dev/null
+++ b/SPECS/shim-signed.spec
@@ -0,0 +1,236 @@
+Name:           shim-signed
+Version:        0.7
+Release:        12%{?dist}
+Summary:        First-stage UEFI bootloader
+Provides:	shim = %{version}-%{release}
+%define unsigned_release 10%{?dist}
+ExclusiveArch: aarch64
+
+License:        BSD
+URL:            http://www.codon.org.uk/~mjg59/shim/
+Source0:	BOOT.CSV
+Source1:	shimx64.efi
+Source2:	shimaa64.efi
+Source3:	secureboot.cer
+Source4:	securebootca.cer
+%ifarch x86_64
+%global efiarch X64
+%global shimsrc %{SOURCE1}
+%endif
+%ifarch aarch64
+%global efiarch AA64
+%global shimsrc %{SOURCE2}
+%endif
+
+BuildRequires: shim-unsigned = %{version}-%{unsigned_release}
+BuildRequires: pesign >= 0.106-5%{dist}
+
+# Shim uses OpenSSL, but cannot use the system copy as the UEFI ABI is not
+# compatible with SysV (there's no red zone under UEFI) and there isn't a
+# POSIX-style C library.
+# BuildRequires: OpenSSL
+Provides: bundled(openssl) = 0.9.8zb
+
+# Shim is only required on platforms implementing the UEFI secure boot
+# protocol. The only one of those we currently wish to support is 64-bit x86.
+# Adding further platforms will require adding appropriate relocation code.
+ExclusiveArch: x86_64 aarch64
+
+%global debug_package %{nil}
+
+# Figure out the right file path to use
+%if 0%{?rhel}
+%global efidir redhat
+%endif
+%if 0%{?fedora}
+%global efidir fedora
+%endif
+
+%define ca_signed_arches x86_64
+%define rh_signed_arches x86_64 aarch64
+
+%description
+Initial UEFI bootloader that handles chaining to a trusted full bootloader
+under secure boot environments. This package contains the version signed by
+the UEFI signing service.
+
+%package -n shim
+Summary: First-stage UEFI bootloader
+Requires: shim-unsigned = %{version}-%{unsigned_release}
+Requires: mokutil = %{version}-%{unsigned_release}
+Provides: shim-signed = %{version}-%{release}
+Obsoletes: shim-signed < %{version}-%{release}
+
+%description -n shim
+Initial UEFI bootloader that handles chaining to a trusted full bootloader
+under secure boot environments. This package contains the version signed by
+the UEFI signing service.
+
+%prep
+cd %{_builddir}
+rm -rf shim-signed-%{version}
+mkdir shim-signed-%{version}
+
+%build
+%define vendor_token_str %{expand:%%{nil}%%{?vendor_token_name:-t "%{vendor_token_name}"}}
+%define vendor_cert_str %{expand:%%{!?vendor_cert_nickname:-c "Red Hat Test Certificate"}%%{?vendor_cert_nickname:-c "%%{vendor_cert_nickname}"}}
+
+cd shim-signed-%{version}
+%ifarch %{ca_signed_arches}
+pesign -i %{shimsrc} -h -P > shim.hash
+if ! cmp shim.hash %{_datadir}/shim/shim.hash ; then
+	echo Invalid signature\! > /dev/stderr
+	exit 1
+fi
+cp %{shimsrc} shim.efi
+%endif
+%ifarch %{rh_signed_arches}
+%pesign -s -i %{_datadir}/shim/shim.efi -a %{SOURCE4} -c %{SOURCE3} -n redhatsecureboot301 -o shim-%{efidir}.efi
+%endif
+%ifarch %{rh_signed_arches}
+%ifnarch %{ca_signed_arches}
+cp shim-%{efidir}.efi shim.efi
+%endif
+%endif
+
+%pesign -s -i %{_datadir}/shim/MokManager.efi -o MokManager.efi -a %{SOURCE4} -c %{SOURCE3} -n redhatsecureboot301
+%pesign -s -i %{_datadir}/shim/fallback.efi -o fallback.efi -a %{SOURCE4} -c %{SOURCE3} -n redhatsecureboot301
+
+%install
+rm -rf $RPM_BUILD_ROOT
+cd shim-signed-%{version}
+install -D -d -m 0755 $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/
+install -m 0644 shim.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shim.efi
+install -m 0644 shim-%{efidir}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shim-%{efidir}.efi
+install -m 0644 MokManager.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/MokManager.efi
+install -m 0644 %{SOURCE0} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/BOOT.CSV
+
+install -D -d -m 0755 $RPM_BUILD_ROOT/boot/efi/EFI/BOOT/
+install -m 0644 shim.efi $RPM_BUILD_ROOT/boot/efi/EFI/BOOT/BOOT%{efiarch}.EFI
+install -m 0644 fallback.efi $RPM_BUILD_ROOT/boot/efi/EFI/BOOT/fallback.efi
+
+%files -n shim
+/boot/efi/EFI/%{efidir}/shim.efi
+/boot/efi/EFI/%{efidir}/shim-%{efidir}.efi
+/boot/efi/EFI/%{efidir}/MokManager.efi
+/boot/efi/EFI/%{efidir}/BOOT.CSV
+/boot/efi/EFI/BOOT/BOOT%{efiarch}.EFI
+/boot/efi/EFI/BOOT/fallback.efi
+
+%changelog
+* Wed Feb 25 2015 Peter Jones <pjones@redhat.com> - 0.7-12
+- Fix some minor build bugs on Aarch64
+  Related: rhbz#1190191
+
+* Tue Feb 24 2015 Peter Jones <pjones@redhat.com> - 0.7-11
+- Fix section loading on Aarch64
+  Related: rhbz#1190191
+
+* Wed Dec 17 2014 Peter Jones <pjones@redhat.com> - 0.7-10
+- Rebuild for Aarch64 to get \EFI\BOOT\BOOTAA64.EFI named right.
+  (I managed to fix the inputs but not the outputs in -9.)
+  Related: rhbz#1100048
+
+* Wed Dec 17 2014 Peter Jones <pjones@redhat.com> - 0.7-9
+- Rebuild for Aarch64 to get \EFI\BOOT\BOOTAA64.EFI named right.
+  Related: rhbz#1100048
+
+* Tue Oct 21 2014 Peter Jones <pjones@redhat.com> - 0.7-8
+- Build for aarch64 as well 
+  Related: rhbz#1100048
+- out-of-bounds memory read flaw in DHCPv6 packet processing
+  Resolves: CVE-2014-3675
+- heap-based buffer overflow flaw in IPv6 address parsing
+  Resolves: CVE-2014-3676
+- memory corruption flaw when processing Machine Owner Keys (MOKs)
+  Resolves: CVE-2014-3677
+
+* Tue Sep 23 2014 Peter Jones <pjones@redhat.com> - 0.7-7
+- Make sure we use the right keys on Aarch64.
+  (It's only a demo at this stage.)
+  Related: rhbz#1100048
+
+* Tue Sep 23 2014 Peter Jones <pjones@redhat.com> - 0.7-6
+- Add ARM Aarch64.
+  Related: rhbz#1100048
+
+* Thu Feb 27 2014 Peter Jones <pjones@redhat.com> - 0.7-5.2
+- Get the right signatures on shim-redhat.efi
+  Related: rhbz#1064449
+
+* Thu Feb 27 2014 Peter Jones <pjones@redhat.com> - 0.7-5.1
+- Update for signed shim for RHEL 7
+  Resolves: rhbz#1064449
+
+* Thu Nov 21 2013 Peter Jones <pjones@redhat.com> - 0.7-5
+- Fix shim-unsigned deps.
+  Related: rhbz#1032583
+
+* Thu Nov 21 2013 Peter Jones <pjones@redhat.com> - 0.7-4
+- Make dhcp4 work better.
+  Related: rhbz#1032583
+
+* Thu Nov 14 2013 Peter Jones <pjones@redhat.com> - 0.7-3
+- Make lockdown include UEFI and other KEK/DB entries.
+  Related: rhbz#1030492
+
+* Fri Nov 08 2013 Peter Jones <pjones@redhat.com> - 0.7-2
+- Handle SetupMode better in lockdown as well
+  Related: rhbz#996863
+
+* Wed Nov 06 2013 Peter Jones <pjones@redhat.com> - 0.7-1
+- Don't treat SetupMode variable's presence as meaning we're in SetupMode.
+  Related: rhbz#996863
+
+* Wed Nov 06 2013 Peter Jones <pjones@redhat.com> - 0.6-3
+- Use the correct CA and signer certificates.
+  Related: rhbz#996863
+
+* Thu Oct 31 2013 Peter Jones <pjones@redhat.com> - 0.6-1
+- Update to 0.6-1
+  Resolves: rhbz#1008379
+
+* Wed Aug 07 2013 Peter Jones <pjones@redhat.com> - 0.4-3.2
+- Depend on newer pesign.
+  Related: rhbz#989442
+
+* Tue Aug 06 2013 Peter Jones <pjones@redhat.com> - 0.4-3.1
+- Rebuild with newer pesign
+  Related: rhbz#989442
+
+* Tue Aug 06 2013 Peter Jones <pjones@redhat.com> - 0.4-3
+- Update for RHEL signing with early test keys.
+  Related: rhbz#989442
+
+* Thu Jun 20 2013 Peter Jones <pjones@redhat.com> - 0.4-1
+- Provide a fallback for uninitialized Boot#### and BootOrder
+  Resolves: rhbz#963359
+- Move all signing from shim-unsigned to here
+- properly compare our generated hash from shim-unsigned with the hash of
+  the signed binary (as opposed to doing it manually)
+
+* Fri May 31 2013 Peter Jones <pjones@redhat.com> - 0.2-4.4
+- Re-sign to get alignments that match the new specification.
+  Resolves: rhbz#963361
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2-4.3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Wed Jan 02 2013 Peter Jones <pjones@redhat.com> - 0.2-3.3
+- Add obsoletes and provides for earlier shim-signed packages, to cover
+  the package update cases where previous versions were installed.
+  Related: rhbz#888026
+
+* Mon Dec 17 2012 Peter Jones <pjones@redhat.com> - 0.2-3.2
+- Make the shim-unsigned dep be on the subpackage.
+
+* Sun Dec 16 2012 Peter Jones <pjones@redhat.com> - 0.2-3.1
+- Rebuild to provide "shim" package directly instead of just as a Provides:
+
+* Sat Dec 15 2012 Peter Jones <pjones@redhat.com> - 0.2-3
+- Also provide shim-fedora.efi, signed only by the fedora signer.
+- Fix the fedora signature on the result to actually be correct.
+- Update for shim-unsigned 0.2-3
+
+* Mon Dec 03 2012 Peter Jones <pjones@redhat.com> - 0.2-2
+- Initial build