diff --git a/grub-2.00-who-trusts-you-and-who-do-you-trust.patch b/grub-2.00-who-trusts-you-and-who-do-you-trust.patch
new file mode 100644
index 0000000..6a0b922
--- /dev/null
+++ b/grub-2.00-who-trusts-you-and-who-do-you-trust.patch
@@ -0,0 +1,217 @@
+From 44cee23d139fe8faaca2622cc09041b1d684265b Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Tue, 5 Jun 2012 09:23:25 -0400
+Subject: [PATCH] Support secure boot.
+
+If SecureBoot is enabled, treat all authentications as failure, and also
+use shim's verify routine to verify the kernel before loading.
+---
+ grub-core/loader/i386/linux.c |   26 +++++++++++++
+ grub-core/normal/auth.c       |   85 +++++++++++++++++++++++++++++++++++++++++
+ grub-core/normal/main.c       |    4 +-
+ grub-core/normal/menu_entry.c |    5 ++-
+ include/grub/auth.h           |    3 ++
+ 5 files changed, 121 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
+index 6e8238e..090484c 100644
+--- a/grub-core/loader/i386/linux.c
++++ b/grub-core/loader/i386/linux.c
+@@ -34,6 +34,7 @@
+ #include <grub/i386/relocator.h>
+ #include <grub/i18n.h>
+ #include <grub/lib/cmdline.h>
++#include <grub/auth.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -681,6 +682,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
+   int relocatable;
+   grub_uint64_t preffered_address = GRUB_LINUX_BZIMAGE_ADDR;
+ 
++  void *buffer;
++  grub_err_t verified;
++
+   grub_dl_ref (my_mod);
+ 
+   if (argc == 0)
+@@ -693,6 +697,28 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
+   if (! file)
+     goto fail;
+ 
++  buffer = grub_malloc(grub_file_size(file));
++  if (!buffer)
++    return grub_errno;
++
++  if (grub_file_read (file, buffer, grub_file_size(file)))
++    {
++      if (!grub_errno)
++	grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
++		    argv[0]);
++      goto fail;
++    }
++
++  verified = grub_auth_verify_signature(buffer, grub_file_size(file));
++  grub_free(buffer);
++  if (verified != GRUB_ERR_NONE)
++    {
++      grub_errno = verified;
++      goto fail;
++    }
++
++  grub_free(buffer);
++  grub_file_seek(file, 0);
+   if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh))
+     {
+       if (!grub_errno)
+diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c
+index c6bd96e..3e83ee8 100644
+--- a/grub-core/normal/auth.c
++++ b/grub-core/normal/auth.c
+@@ -24,6 +24,8 @@
+ #include <grub/normal.h>
+ #include <grub/time.h>
+ #include <grub/i18n.h>
++#include <grub/efi/api.h>
++#include <grub/efi/efi.h>
+ 
+ struct grub_auth_user
+ {
+@@ -198,6 +200,89 @@ grub_username_get (char buf[], unsigned buf_size)
+ }
+ 
+ grub_err_t
++grub_auth_secure_boot (void)
++{
++#ifdef GRUB_MACHINE_EFI
++  grub_size_t datasize = 0;
++  grub_uint8_t *data;
++  grub_efi_guid_t guid = GRUB_EFI_GLOBAL_VARIABLE_GUID;
++  unsigned int x;
++
++  data = grub_efi_get_variable ("SecureBoots", &guid, &datasize);
++  if (!data)
++    return GRUB_ERR_NONE;
++
++  for (x = 0; x < datasize; x++)
++    if (data[x] == 1)
++      return GRUB_ACCESS_DENIED;
++#endif
++
++  return GRUB_ERR_NONE;
++}
++
++int
++grub_is_secure_boot (void)
++{
++  return grub_auth_secure_boot() == GRUB_ACCESS_DENIED;
++}
++
++#define SHIM_LOCK_GUID \
++  { 0x605dab50, 0xe046, 0x4300, {0xab,0xb6,0x3d,0xd8,0x10,0xdd,0x8b,0x23} }
++
++typedef grub_efi_status_t (*EFI_SHIM_LOCK_VERIFY)(void *buffer, grub_efi_uint32_t size);
++
++typedef struct _SHIM_LOCK {
++    EFI_SHIM_LOCK_VERIFY Verify;
++} SHIM_LOCK;
++
++grub_err_t
++grub_auth_verify_signature (void *buffer, grub_uint32_t size)
++{
++#ifdef GRUB_MACHINE_EFI
++  grub_efi_guid_t shim_guid = SHIM_LOCK_GUID;
++  SHIM_LOCK *shim = NULL;
++  grub_efi_handle_t *handles, shim_handle = NULL;
++  grub_efi_uintn_t num_handles, i;
++  grub_efi_status_t status;
++
++  if (!grub_is_secure_boot())
++    return GRUB_ERR_NONE;
++
++  handles = grub_efi_locate_handle (GRUB_EFI_BY_PROTOCOL, &shim_guid, NULL,
++				    &num_handles);
++  if (!handles || num_handles == 0)
++no_verify:
++    return grub_error (GRUB_ACCESS_DENIED, "Could not find signature verification routine");
++
++  for (i = 0; i < num_handles; i++)
++    {
++      shim_handle = handles[i];
++      shim = grub_efi_open_protocol (shim_handle, &shim_guid,
++				     GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
++      if (shim)
++	break;
++    }
++
++  if (!shim)
++    {
++      grub_free(handles);
++      goto no_verify;
++    }
++
++  status = shim->Verify(buffer, size);
++
++  grub_free(handles);
++
++  if (status == GRUB_EFI_SUCCESS)
++    return GRUB_ERR_NONE;
++
++  return grub_error (GRUB_ACCESS_DENIED, "Signature verification failed");
++#else
++  return GRUB_ERR_NONE;
++#endif
++}
++
++grub_err_t
+ grub_auth_check_authentication (const char *userlist)
+ {
+   char login[1024];
+diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
+index 193d7d3..1e321a4 100644
+--- a/grub-core/normal/main.c
++++ b/grub-core/normal/main.c
+@@ -455,7 +455,9 @@ grub_cmdline_run (int nested)
+ {
+   grub_err_t err = GRUB_ERR_NONE;
+ 
+-  err = grub_auth_check_authentication (NULL);
++  err = grub_auth_secure_boot ();
++  if (err == GRUB_ERR_NONE)
++    err = grub_auth_check_authentication (NULL);
+ 
+   if (err)
+     {
+diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c
+index 7fc890d..4e7a08c 100644
+--- a/grub-core/normal/menu_entry.c
++++ b/grub-core/normal/menu_entry.c
+@@ -1287,7 +1287,10 @@ grub_menu_entry_run (grub_menu_entry_t entry)
+   unsigned i;
+   grub_term_output_t term;
+ 
+-  err = grub_auth_check_authentication (NULL);
++
++  err = grub_auth_secure_boot ();
++  if (err == GRUB_ERR_NONE)
++    err = grub_auth_check_authentication (NULL);
+ 
+   if (err)
+     {
+diff --git a/include/grub/auth.h b/include/grub/auth.h
+index 7473344..b933fa1 100644
+--- a/include/grub/auth.h
++++ b/include/grub/auth.h
+@@ -32,6 +32,9 @@ grub_err_t grub_auth_unregister_authentication (const char *user);
+ 
+ grub_err_t grub_auth_authenticate (const char *user);
+ grub_err_t grub_auth_deauthenticate (const char *user);
++grub_err_t grub_auth_secure_boot (void);
++int grub_is_secure_boot (void);
++grub_err_t grub_auth_verify_signature (void *buffer, grub_uint32_t size);
+ grub_err_t grub_auth_check_authentication (const char *userlist);
+ 
+ #endif /* ! GRUB_AUTH_HEADER */
+-- 
+1.7.10.2
+
diff --git a/grub2.spec b/grub2.spec
index 7b52b18..21d5516 100644
--- a/grub2.spec
+++ b/grub2.spec
@@ -33,13 +33,13 @@
 
 %endif
 
-%global tarversion 2.00~rc1
+%global tarversion 2.00
 %undefine _missing_build_ids_terminate_build
 
 Name:           grub2
 Epoch:          1
-Version:        2.0
-Release:        0.37.rc1%{?dist}
+Version:        2.00
+Release:        1%{?dist}
 Summary:        Bootloader with support for Linux, Multiboot and more
 
 Group:          System Environment/Base
@@ -55,6 +55,7 @@ Patch5:		grub-1.99-ppc-terminfo.patch
 Patch10:	grub-2.00-add-fw_path-search.patch
 Patch11:	grub-2.00-Add-fwsetup.patch
 Patch13:	grub-2.00-Dont-set-boot-on-ppc.patch
+Patch19:	grub-2.00-who-trusts-you-and-who-do-you-trust.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
diff --git a/sources b/sources
index 0fefdba..e02ad33 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
 8c28087c5fcb3188f1244b390efffdbe  unifont-5.1.20080820.pcf.gz
 5e5c7bae1211f558e3c0a3011fef8609  theme.tar.bz2
-5e4e66785eef00384aedc29770e86f3d  grub-2.00~beta6.tar.xz
+a1043102fbc7bcedbf53e7ee3d17ab91  grub-2.00.tar.xz