Rename "previous" revocations to "automatic"

When the term previous was introduced for revocations to be
automatically applied there was a hope that everytime a new
revocation was built into shim, the previous revocation could
be applied automatically. Further experience has shown the
real world to be more complex than that. The automatic payload
will realistically contain a set of revocations governed by
both the cadence at which a distro's customer base updates
as well as the severity of the issue being revoked.

This is not a functional change.

Signed-off-by: Jan Setje-Eilers <Jan.SetjeEilers@oracle.com>

6 files changed, 52 insertions, 52 deletions

diff --git a/include/sbat.h b/include/sbat.h
index 20009ada..4be0cbb1 100644
--- a/include/sbat.h
+++ b/include/sbat.h
@@ -33,10 +33,10 @@
 #define SSP_POLICY L"SSPPolicy"
 #define SSP_POLICY8 "SSPPolicy"
 
-#define POLICY_LATEST	1
-#define POLICY_PREVIOUS	2
-#define POLICY_RESET	3
-#define POLICY_NOTREAD	255
+#define POLICY_LATEST		1
+#define POLICY_AUTOMATIC	2
+#define POLICY_RESET		3
+#define POLICY_NOTREAD		255
 
 extern UINTN _sbat, _esbat;
 
diff --git a/include/sbat_var_defs.h b/include/sbat_var_defs.h
index 8e643a4e..bd54cf5d 100644
--- a/include/sbat_var_defs.h
+++ b/include/sbat_var_defs.h
@@ -13,9 +13,9 @@
 	SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_ORIGINAL_DATE "\n"
 
 #if defined(ENABLE_SHIM_DEVEL)
-#define SBAT_VAR_PREVIOUS_DATE "2021030218"
-#define SBAT_VAR_PREVIOUS \
-	SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n"
+#define SBAT_VAR_AUTOMATIC_DATE "2021030218"
+#define SBAT_VAR_AUTOMATIC \
+	SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_AUTOMATIC_DATE "\n"
 
 #define SBAT_VAR_LATEST_DATE "2022050100"
 #define SBAT_VAR_LATEST_REVOCATIONS "component,2\nothercomponent,2\n"
@@ -25,12 +25,12 @@
 #else /* !ENABLE_SHIM_DEVEL */
 /*
  * At this point we do not want shim to automatically apply a
- * previous revocation unless it is delivered by a separately
- * installed signed revocations binary.
+ * revocation unless it is delivered by a separately installed
+ * signed revocations binary.
  */
-#define SBAT_VAR_PREVIOUS_DATE "2021030218"
-#define SBAT_VAR_PREVIOUS \
-	SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n"
+#define SBAT_VAR_AUTOMATIC_DATE "2021030218"
+#define SBAT_VAR_AUTOMATIC \
+	SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_AUTOMATIC_DATE "\n"
 
 /*
  * Revocations for January 2024 shim CVEs
diff --git a/sbat.c b/sbat.c
index b9f228b4..06956122 100644
--- a/sbat.c
+++ b/sbat.c
@@ -8,7 +8,7 @@
 #include "ssp_var_defs.h"
 
 extern struct {
-	UINT32 previous_offset;
+	UINT32 automatic_offset;
 	UINT32 latest_offset;
 } sbat_var_payload_header;
 
@@ -466,7 +466,7 @@ clear_sbat_policy()
 }
 
 EFI_STATUS
-set_sbat_uefi_variable(char *sbat_var_previous, char *sbat_var_latest)
+set_sbat_uefi_variable(char *sbat_var_automatic, char *sbat_var_latest)
 {
 	EFI_STATUS efi_status = EFI_SUCCESS;
 	UINT32 attributes = 0;
@@ -490,9 +490,9 @@ set_sbat_uefi_variable(char *sbat_var_previous, char *sbat_var_latest)
 	}
 
 	if (EFI_ERROR(efi_status)) {
-		dprint("Default sbat policy: previous\n");
+		dprint("Default sbat policy: automatic\n");
 		if (secure_mode()) {
-			sbat_var_candidate = sbat_var_previous;
+			sbat_var_candidate = sbat_var_automatic;
 		} else {
 			reset_sbat = true;
 			sbat_var_candidate = SBAT_VAR_ORIGINAL;
@@ -503,14 +503,14 @@ set_sbat_uefi_variable(char *sbat_var_previous, char *sbat_var_latest)
 			dprint("Custom sbat policy: latest\n");
 			sbat_var_candidate = sbat_var_latest;
 			break;
-		case POLICY_PREVIOUS:
-			dprint("Custom sbat policy: previous\n");
-			sbat_var_candidate = sbat_var_previous;
+		case POLICY_AUTOMATIC:
+			dprint("Custom sbat policy: automatic\n");
+			sbat_var_candidate = sbat_var_automatic;
 			break;
 		case POLICY_RESET:
 			if (secure_mode()) {
 				console_print(L"Cannot reset SBAT policy: Secure Boot is enabled.\n");
-				sbat_var_candidate = sbat_var_previous;
+				sbat_var_candidate = sbat_var_automatic;
 			} else {
 				dprint(L"Custom SBAT policy: reset OK\n");
 				reset_sbat = true;
@@ -521,7 +521,7 @@ set_sbat_uefi_variable(char *sbat_var_previous, char *sbat_var_latest)
 			console_error(L"SBAT policy state %llu is invalid",
 				      EFI_INVALID_PARAMETER);
 			if (secure_mode()) {
-				sbat_var_candidate = sbat_var_previous;
+				sbat_var_candidate = sbat_var_automatic;
 			} else {
 				reset_sbat = true;
 				sbat_var_candidate = SBAT_VAR_ORIGINAL;
@@ -617,15 +617,15 @@ set_sbat_uefi_variable(char *sbat_var_previous, char *sbat_var_latest)
 EFI_STATUS
 set_sbat_uefi_variable_internal(void)
 {
-	char *sbat_var_previous;
+	char *sbat_var_automatic;
 	char *sbat_var_latest;
 
-	sbat_var_previous = (char *)&sbat_var_payload_header +
-			    sbat_var_payload_header.previous_offset;
+	sbat_var_automatic = (char *)&sbat_var_payload_header +
+			    sbat_var_payload_header.automatic_offset;
 	sbat_var_latest = (char *)&sbat_var_payload_header +
 			  sbat_var_payload_header.latest_offset;
 
-	return set_sbat_uefi_variable(sbat_var_previous, sbat_var_latest);
+	return set_sbat_uefi_variable(sbat_var_automatic, sbat_var_latest);
 }
 
 static void
@@ -663,7 +663,7 @@ clear_ssp_uefi_variables(void)
 }
 
 EFI_STATUS
-set_ssp_uefi_variable(uint8_t *ssp_ver_previous, uint8_t *ssp_sig_previous,
+set_ssp_uefi_variable(uint8_t *ssp_ver_automatic, uint8_t *ssp_sig_automatic,
 		uint8_t *ssp_ver_latest, uint8_t *ssp_sig_latest)
 {
 	EFI_STATUS efi_status = EFI_SUCCESS;
@@ -694,9 +694,9 @@ set_ssp_uefi_variable(uint8_t *ssp_ver_previous, uint8_t *ssp_sig_previous,
 	}
 
 	if (EFI_ERROR(efi_status)) {
-		dprint("Default SSP policy: previous\n");
-		ssp_ver = ssp_ver_previous;
-		ssp_sig = ssp_sig_previous;
+		dprint("Default SSP policy: automatic\n");
+		ssp_ver = ssp_ver_automatic;
+		ssp_sig = ssp_sig_automatic;
 	} else {
 		switch (ssp_policy) {
 			case POLICY_LATEST:
@@ -704,16 +704,16 @@ set_ssp_uefi_variable(uint8_t *ssp_ver_previous, uint8_t *ssp_sig_previous,
 				ssp_ver = ssp_ver_latest;
 				ssp_sig = ssp_sig_latest;
 				break;
-			case POLICY_PREVIOUS:
-				dprint("Custom SSP policy: previous\n");
-				ssp_ver = ssp_ver_previous;
-				ssp_sig = ssp_sig_previous;
+			case POLICY_AUTOMATIC:
+				dprint("Custom SSP policy: automatic\n");
+				ssp_ver = ssp_ver_automatic;
+				ssp_sig = ssp_sig_automatic;
 				break;
 			case POLICY_RESET:
 				if (secure_mode()) {
 					console_print(L"Cannot reset SSP policy: Secure Boot is enabled.\n");
-					ssp_ver = ssp_ver_previous;
-					ssp_sig = ssp_sig_previous;
+					ssp_ver = ssp_ver_automatic;
+					ssp_sig = ssp_sig_automatic;
 				} else {
 					dprint(L"Custom SSP policy: reset OK\n");
 					reset_ssp = true;
@@ -722,8 +722,8 @@ set_ssp_uefi_variable(uint8_t *ssp_ver_previous, uint8_t *ssp_sig_previous,
 			default:
 				console_error(L"SSP policy state %llu is invalid",
 					      EFI_INVALID_PARAMETER);
-				ssp_ver = ssp_ver_previous;
-				ssp_sig = ssp_sig_previous;
+				ssp_ver = ssp_ver_automatic;
+				ssp_sig = ssp_sig_automatic;
 				break;
 		}
 	}
diff --git a/sbat_var.S b/sbat_var.S
index 7854ade3..ed82a46c 100644
--- a/sbat_var.S
+++ b/sbat_var.S
@@ -9,12 +9,12 @@
 	.type   sbat_var_payload_header, %object
 	.size   sbat_var_payload_header, .Lsbat_var_payload_header_end - sbat_var_payload_header
 sbat_var_payload_header:
-	.4byte  .Lsbat_var_previous - sbat_var_payload_header
+	.4byte  .Lsbat_var_automatic - sbat_var_payload_header
 	.4byte  .Lsbat_var_latest - sbat_var_payload_header
 .Lsbat_var_payload_header_end:
 	.balign	1, 0
-.Lsbat_var_previous:
-	.ascii SBAT_VAR_PREVIOUS
+.Lsbat_var_automatic:
+	.ascii SBAT_VAR_AUTOMATIC
 	.byte	0
 	.balign	1, 0
 .Lsbat_var_latest:
diff --git a/shim.c b/shim.c
index d800f675..3854fbde 100644
--- a/shim.c
+++ b/shim.c
@@ -1430,10 +1430,10 @@ load_revocations_file(EFI_HANDLE image_handle, CHAR16 *PathName)
 	int datasize = 0;
 	void *data = NULL;
 	unsigned int i;
-	char *sbat_var_previous = NULL;
+	char *sbat_var_automatic = NULL;
 	char *sbat_var_latest = NULL;
-	uint8_t *ssps_previous = NULL;
-	uint8_t *sspv_previous = NULL;
+	uint8_t *ssps_automatic = NULL;
+	uint8_t *sspv_automatic = NULL;
 	uint8_t *ssps_latest = NULL;
 	uint8_t *sspv_latest = NULL;
 
@@ -1452,13 +1452,13 @@ load_revocations_file(EFI_HANDLE image_handle, CHAR16 *PathName)
 	Section = context.FirstSection;
 	for (i = 0; i < context.NumberOfSections; i++, Section++) {
 		dprint(L"checking section \"%c%c%c%c%c%c%c%c\"\n", (char *)Section->Name);
-		check_section(".sbatp\0\0", (void **)&sbat_var_previous, Section,
+		check_section(".sbata\0\0", (void **)&sbat_var_automatic, Section,
 				data, datasize, sizeof(SBAT_VAR_ORIGINAL));
 		check_section(".sbatl\0\0", (void **)&sbat_var_latest, Section,
 				data, datasize, sizeof(SBAT_VAR_ORIGINAL));
-		check_section(".sspvp\0\0", (void **)&sspv_previous, Section,
+		check_section(".sspva\0\0", (void **)&sspv_automatic, Section,
 				data, datasize, SSPVER_SIZE);
-		check_section(".sspsp\0\0", (void **)&ssps_previous, Section,
+		check_section(".sspsa\0\0", (void **)&ssps_automatic, Section,
 				data, datasize, SSPSIG_SIZE);
 		check_section(".sspvl\0\0", (void **)&sspv_latest, Section,
 				data, datasize, SSPVER_SIZE);
@@ -1466,17 +1466,17 @@ load_revocations_file(EFI_HANDLE image_handle, CHAR16 *PathName)
 				data, datasize, SSPSIG_SIZE);
 	}
 
-	if (sbat_var_latest && sbat_var_previous) {
+	if (sbat_var_latest && sbat_var_automatic) {
 		dprint(L"attempting to update SBAT_LEVEL\n");
-		efi_status = set_sbat_uefi_variable(sbat_var_previous,
+		efi_status = set_sbat_uefi_variable(sbat_var_automatic,
 				sbat_var_latest);
 	} else {
 		dprint(L"no data for SBAT_LEVEL\n");
 	}
 
-	if ((sspv_previous && ssps_previous) || (sspv_latest && ssps_latest)) {
+	if ((sspv_automatic && ssps_automatic) || (sspv_latest && ssps_latest)) {
 		dprint(L"attempting to update SkuSiPolicy\n");
-		efi_status = set_ssp_uefi_variable(sspv_previous, ssps_previous,
+		efi_status = set_ssp_uefi_variable(sspv_automatic, ssps_automatic,
 				sspv_latest, ssps_latest);
 
 	} else {
diff --git a/test-sbat.c b/test-sbat.c
index 980a8f86..b37efcdd 100644
--- a/test-sbat.c
+++ b/test-sbat.c
@@ -1131,9 +1131,9 @@ test_sbat_var_asciz(void)
 	char buf[1024] = "";
 	UINT32 attrs = 0;
 	UINTN size = sizeof(buf);
-	char expected[] = SBAT_VAR_PREVIOUS;
+	char expected[] = SBAT_VAR_AUTOMATIC;
 
-	status = set_sbat_uefi_variable(SBAT_VAR_PREVIOUS, SBAT_VAR_PREVIOUS);
+	status = set_sbat_uefi_variable(SBAT_VAR_AUTOMATIC, SBAT_VAR_AUTOMATIC);
 	if (status != EFI_SUCCESS)
 		return -1;