diff --git a/efi/image_rules_defs.go b/efi/image_rules_defs.go
index ea517d25..77845088 100644
--- a/efi/image_rules_defs.go
+++ b/efi/image_rules_defs.go
@@ -53,6 +53,28 @@ func makeMicrosoftUEFICASecureBootNamespaceRules() *secureBootNamespaceRules {
 			// pubkey alg
 			x509.RSA,
 		),
+		// TODO(chrisccoulson): add tests for this when we find something that it's
+		// been used to sign and we have a signing certificate in the wild that we
+		// can add to embeds_test.go in order to create a mock shim with it
+		withAuthority(
+			// CN=Microsoft UEFI CA 2023,O=Microsoft Corporation,C=US
+			[]byte{
+				0x30, 0x4e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
+				0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x1e, 0x30, 0x1c, 0x06,
+				0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72,
+				0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70,
+				0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30,
+				0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x16, 0x4d, 0x69,
+				0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x55, 0x45,
+				0x46, 0x49, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x32, 0x33,
+			},
+			[]byte{
+				0x81, 0xaa, 0x6b, 0x32, 0x44, 0xc9, 0x35, 0xbc, 0xe0, 0xd6,
+				0x62, 0x8a, 0xf3, 0x98, 0x27, 0x42, 0x1e, 0x32, 0x49, 0x7d,
+			},
+			// pubkey alg
+			x509.RSA,
+		),
 		withSelfSignedSignerOnlyForTesting(
 			// O = Snake Oil
 			[]byte{