Rename "previous" revocations to "automatic"

When the term previous was introduced for revocations to be
automatically applied there was a hope that everytime a new
revocation was built into shim, the previous revocation could
be applied automatically. Further experience has shown the
real world to be more complex than that. The automatic payload
will realistically contain a set of revocations governed by
both the cadence at which a distro's customer base updates
as well as the severity of the issue being revoked.

In order to not break compatibility with existing scripts,
the term "previous" will continue to be accepted.

This is not a functional change.

Signed-off-by: Jan Setje-Eilers <[email protected]>

Author: jsetje

man/mokutil.1

@@ -77,7 +77,7 @@ mokutil \- utility to manipulate machine owner keys
 .br
 \fBmokutil\fR [--list-sbat-revocations]
 .br
-\fBmokutil\fR [--set-sbat-policy (\fIlatest\fR | \fIprevious\fR | \fIdelete\fR)]
+\fBmokutil\fR [--set-sbat-policy (\fIlatest\fR | \fIautomatic\fR | \fIdelete\fR)]
 .br
 \fBmokutil\fR [--timeout \fI-1,0..0x7fff\fR]
 .br
@@ -189,14 +189,14 @@ List the keys in the secure boot blacklist signature store (dbx)
 \fB--list-sbat-revocations\fR
 List the entries in the Secure Boot Advanced Targeting store (SBAT)
 .TP
-\fB--set-sbat-policy (\fIlatest\fR | \fIprevious\fR)\fR
+\fB--set-sbat-policy (\fIlatest\fR | \fIautomatic\fR)\fR
 Set the SbatPolicy UEFI Variable to have shim apply either the latest
-or the previous SBAT revocations.  If UEFI Secure Boot is disabled, then
+or the automatic SBAT revocations.  If UEFI Secure Boot is disabled, then
 shim will automatically delete SBAT revocations
 .TP
-\fB--set-ssp-policy (\fIlatest\fR | \fIprevious\fR | \fIdelete\fR)\fR
+\fB--set-ssp-policy (\fIlatest\fR | \fIautomatic\fR | \fIdelete\fR)\fR
 Set the SspPolicy UEFI Variable to have shim apply either the latest
-or the previous Windows SkuSiPolicy to manage bootmgr revocations. Since
+or the automatic Windows SkuSiPolicy to manage bootmgr revocations. Since
 these are non-native revocations, shim will not automatically delete
 them. If this is needed, spp-policy can be set to delete when Secure
 Boot is disabled. The delete policy is non-persistent.

src/mokutil.c

@@ -139,10 +139,10 @@ print_help ()
 			"\tPrevent fallback from automatically rebooting\n");
 	printf ("  --trust-mok\t\t\t\tTrust MOK keys within the kernel keyring\n");
 	printf ("  --untrust-mok\t\t\t\tDo not trust MOK keys\n");
-	printf ("  --set-sbat-policy <latest/previous>"
-			"\tApply Lates or Previous SBAT revocations\n");
-	printf ("  --set-ssp-policy <latest/previous/delete>\n"
-			"\t\t\t\t\tApply Latest, Previous, or delete SkuSiPolicy\n");
+	printf ("  --set-sbat-policy <latest/automatic>"
+			"\tApply Latest or Automatic SBAT revocations\n");
+	printf ("  --set-ssp-policy <latest/automatic/delete>\n"
+			"\t\t\t\t\tApply Latest, Automatic, or delete SkuSiPolicy\n");
 	printf ("  --pk\t\t\t\t\tList the keys in PK\n");
 	printf ("  --kek\t\t\t\t\tList the keys in KEK\n");
 	printf ("  --db\t\t\t\t\tList the keys in db\n");
@@ -1956,7 +1956,8 @@ main (int argc, char *argv[])
 				command |= SET_SBAT;
 				if (strcmp (optarg, "latest") == 0)
 					policy = 1;
-				else if (strcmp (optarg, "previous") == 0)
+				else if ((strcmp (optarg, "previous") == 0) ||
+					 (strcmp (optarg, "automatic") == 0))
 					policy = 2;
 				else if (strcmp (optarg, "delete") == 0)
 					policy = 3;
@@ -1966,7 +1967,8 @@ main (int argc, char *argv[])
 				command |= SET_SSP;
 				if (strcmp (optarg, "latest") == 0)
 					policy = 1;
-				else if (strcmp (optarg, "previous") == 0)
+				else if ((strcmp (optarg, "previous") == 0) ||
+					 (strcmp (optarg, "automatic") == 0))
 					policy = 2;
 				else if (strcmp (optarg, "delete") == 0)
 					policy = 3;